From 300bbf11f22251421e9add29e2b9bf28e2f10065 Mon Sep 17 00:00:00 2001 From: Venu Date: Fri, 9 Aug 2024 16:29:48 +0530 Subject: [PATCH 01/17] Update AWS, Azure and GCP Mods --- .../getting_started/aws/aws_mods/demo.tfvars | 39 +- .../aws/aws_mods/mod_install.tf | 1332 ++++++++++++----- .../getting_started/aws/aws_mods/outputs.tf | 7 - .../getting_started/aws/aws_mods/providers.tf | 7 +- .../getting_started/aws/aws_mods/variables.tf | 79 +- .../azure/azure_mods/demo.tfvars | 22 + .../azure/azure_mods/mod_install.tf | 369 +++-- .../azure/azure_mods/outputs.tf | 7 - .../azure/azure_mods/providers.tf | 7 +- .../azure/azure_mods/variables.tf | 15 +- .../getting_started/gcp/gcp_mods/demo.tfvars | 20 + .../gcp/gcp_mods/mod_install.tf | 283 ++-- .../getting_started/gcp/gcp_mods/ouputs.tf | 7 - .../getting_started/gcp/gcp_mods/provider.tf | 12 - .../getting_started/gcp/gcp_mods/providers.tf | 11 + .../getting_started/gcp/gcp_mods/variables.tf | 12 +- 16 files changed, 1582 insertions(+), 647 deletions(-) delete mode 100644 baselines/getting_started/aws/aws_mods/outputs.tf create mode 100644 baselines/getting_started/azure/azure_mods/demo.tfvars delete mode 100644 baselines/getting_started/azure/azure_mods/outputs.tf create mode 100644 baselines/getting_started/gcp/gcp_mods/demo.tfvars delete mode 100644 baselines/getting_started/gcp/gcp_mods/ouputs.tf delete mode 100644 baselines/getting_started/gcp/gcp_mods/provider.tf create mode 100644 baselines/getting_started/gcp/gcp_mods/providers.tf diff --git a/baselines/getting_started/aws/aws_mods/demo.tfvars b/baselines/getting_started/aws/aws_mods/demo.tfvars index d34cad7cc..c4f9c051d 100644 --- a/baselines/getting_started/aws/aws_mods/demo.tfvars +++ b/baselines/getting_started/aws/aws_mods/demo.tfvars @@ -1,19 +1,22 @@ mod_list = [ - "aws", - "aws-cisv1", - "aws-cloudtrail", - "aws-cloudwatch", - "aws-config", - "aws-ec2", - "aws-events", - "aws-iam", - "aws-kms", - "aws-lambda", - "aws-logs", - "aws-s3", - "aws-sns", - "aws-vpc-core", - "aws-vpc-connect", - "aws-vpc-internet", - "aws-vpc-security" -] \ No newline at end of file + "aws", + "aws-cisv3-0", + "aws-cloudtrail", + "aws-cloudwatch", + "aws-config", + "aws-ec2", + "aws-efs", + "aws-events", + "aws-iam", + "aws-kms", + "aws-lambda", + "aws-logs", + "aws-rds", + "aws-s3", + "aws-securityhub", + "aws-sns", + "aws-vpc-connect", + "aws-vpc-core", + "aws-vpc-internet", + "aws-vpc-security" +] diff --git a/baselines/getting_started/aws/aws_mods/mod_install.tf b/baselines/getting_started/aws/aws_mods/mod_install.tf index 3c9654b5d..4b545069a 100644 --- a/baselines/getting_started/aws/aws_mods/mod_install.tf +++ b/baselines/getting_started/aws/aws_mods/mod_install.tf @@ -1,133 +1,203 @@ -# https://turbot.com/v5/mods/turbot/aws +# https://hub.guardrails.turbot.com/mods/aws/mods/aws resource "turbot_mod" "aws" { parent = "tmod:@turbot/turbot#/" org = "turbot" mod = "aws" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-acm +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-acm resource "turbot_mod" "aws-acm" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-cisv1] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-acm" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-acm") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-amplify +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-amplify resource "turbot_mod" "aws-amplify" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-waf] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-amplify" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-amplify") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-apigateway +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-apigateway resource "turbot_mod" "aws-apigateway" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-cisv1] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-apigateway" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-apigateway") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-appflow +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-appconfig +resource "turbot_mod" "aws-appconfig" { + parent = "tmod:@turbot/turbot#/" + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] + org = "turbot" + mod = "aws-appconfig" + version = ">=5.0.0" + count = contains(var.mod_list, "aws-appconfig") ? 1 : 0 +} + +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-appfabric +resource "turbot_mod" "aws-appfabric" { + parent = "tmod:@turbot/turbot#/" + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] + org = "turbot" + mod = "aws-appfabric" + version = ">=5.0.0" + count = contains(var.mod_list, "aws-appfabric") ? 1 : 0 +} + +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-appflow resource "turbot_mod" "aws-appflow" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-waf] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-appflow" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-appflow") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-appmesh +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-appmesh resource "turbot_mod" "aws-appmesh" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-waf] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-appmesh" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-appmesh") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-appstream +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-appstream resource "turbot_mod" "aws-appstream" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-waf] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-appstream" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-appstream") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-appsync +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-appsync resource "turbot_mod" "aws-appsync" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-waf] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-appsync" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-appsync") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-artifact +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-artifact resource "turbot_mod" "aws-artifact" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-waf] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-artifact" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-artifact") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-athena +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-athena resource "turbot_mod" "aws-athena" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-cisv1] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-athena" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-athena") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-backup +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-auditmanager +resource "turbot_mod" "aws-auditmanager" { + parent = "tmod:@turbot/turbot#/" + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] + org = "turbot" + mod = "aws-auditmanager" + version = ">=5.0.0" + count = contains(var.mod_list, "aws-auditmanager") ? 1 : 0 +} + +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-backup resource "turbot_mod" "aws-backup" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-cisv1] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-backup" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-backup") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-batch +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-batch resource "turbot_mod" "aws-batch" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-cisv1] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-batch" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-batch") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-chime +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-bedrock +resource "turbot_mod" "aws-bedrock" { + parent = "tmod:@turbot/turbot#/" + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] + org = "turbot" + mod = "aws-bedrock" + version = ">=5.0.0" + count = contains(var.mod_list, "aws-bedrock") ? 1 : 0 +} + +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-billing +resource "turbot_mod" "aws-billing" { + parent = "tmod:@turbot/turbot#/" + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] + org = "turbot" + mod = "aws-billing" + version = ">=5.0.0" + count = contains(var.mod_list, "aws-billing") ? 1 : 0 +} + +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-braket +resource "turbot_mod" "aws-braket" { + parent = "tmod:@turbot/turbot#/" + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] + org = "turbot" + mod = "aws-braket" + version = ">=5.0.0" + count = contains(var.mod_list, "aws-braket") ? 1 : 0 +} + +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-chatbot +resource "turbot_mod" "aws-chatbot" { + parent = "tmod:@turbot/turbot#/" + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] + org = "turbot" + mod = "aws-chatbot" + version = ">=5.0.0" + count = contains(var.mod_list, "aws-chatbot") ? 1 : 0 +} + +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-chime resource "turbot_mod" "aws-chime" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-cisv1] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-chime" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-chime") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-cisv1 +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-cisv1 resource "turbot_mod" "aws-cisv1" { parent = "tmod:@turbot/turbot#/" depends_on = [ @@ -145,960 +215,1522 @@ resource "turbot_mod" "aws-cisv1" { ] org = "turbot" mod = "aws-cisv1" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-cisv1") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-cloud9 +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-cisv1-4 +resource "turbot_mod" "aws-cisv1-4" { + parent = "tmod:@turbot/turbot#/" + depends_on = [ + turbot_mod.aws, + turbot_mod.aws-cloudtrail, + turbot_mod.aws-cloudwatch, + turbot_mod.aws-config, + turbot_mod.aws-ec2, + turbot_mod.aws-iam, + turbot_mod.aws-kms, + turbot_mod.aws-logs, + turbot_mod.aws-rds, + turbot_mod.aws-s3, + turbot_mod.aws-sns, + turbot_mod.aws-vpc-core, + turbot_mod.aws-vpc-security + ] + org = "turbot" + mod = "aws-cisv1-4" + version = ">=5.0.0" + count = contains(var.mod_list, "aws-cisv1-4") ? 1 : 0 +} + +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-cisv2-0 +resource "turbot_mod" "aws-cisv2-0" { + parent = "tmod:@turbot/turbot#/" + depends_on = [ + turbot_mod.aws, + turbot_mod.aws-cloudtrail, + turbot_mod.aws-cloudwatch, + turbot_mod.aws-config, + turbot_mod.aws-ec2, + turbot_mod.aws-efs, + turbot_mod.aws-iam, + turbot_mod.aws-kms, + turbot_mod.aws-logs, + turbot_mod.aws-rds, + turbot_mod.aws-s3, + turbot_mod.aws-securityhub, + turbot_mod.aws-sns, + turbot_mod.aws-vpc-core, + turbot_mod.aws-vpc-security + ] + org = "turbot" + mod = "aws-cisv2-0" + version = ">=5.0.0" + count = contains(var.mod_list, "aws-cisv2-0") ? 1 : 0 +} + +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-cisv3-0 +resource "turbot_mod" "aws-cisv3-0" { + parent = "tmod:@turbot/turbot#/" + depends_on = [ + turbot_mod.aws, + turbot_mod.aws-cloudtrail, + turbot_mod.aws-cloudwatch, + turbot_mod.aws-config, + turbot_mod.aws-ec2, + turbot_mod.aws-efs, + turbot_mod.aws-iam, + turbot_mod.aws-kms, + turbot_mod.aws-logs, + turbot_mod.aws-rds, + turbot_mod.aws-s3, + turbot_mod.aws-securityhub, + turbot_mod.aws-sns, + turbot_mod.aws-vpc-core, + turbot_mod.aws-vpc-security + ] + org = "turbot" + mod = "aws-cisv3-0" + version = ">=5.0.0" + count = contains(var.mod_list, "aws-cisv3-0") ? 1 : 0 +} + +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-cleanrooms +resource "turbot_mod" "aws-cleanrooms" { + parent = "tmod:@turbot/turbot#/" + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] + org = "turbot" + mod = "aws-cleanrooms" + version = ">=5.0.0" + count = contains(var.mod_list, "aws-cleanrooms") ? 1 : 0 +} + +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-cloud9 resource "turbot_mod" "aws-cloud9" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-waf] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-cloud9" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-cloud9") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-cloudformation +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-clouddirectory +resource "turbot_mod" "aws-clouddirectory" { + parent = "tmod:@turbot/turbot#/" + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] + org = "turbot" + mod = "aws-clouddirectory" + version = ">=5.0.0" + count = contains(var.mod_list, "aws-clouddirectory") ? 1 : 0 +} + +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-cloudformation resource "turbot_mod" "aws-cloudformation" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-cisv1] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-cloudformation" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-cloudformation") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-cloudfront +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-cloudfront resource "turbot_mod" "aws-cloudfront" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-cisv1] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-cloudfront" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-cloudfront") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-cloudhsm +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-cloudhsm resource "turbot_mod" "aws-cloudhsm" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-waf] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-cloudhsm" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-cloudhsm") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-cloudsearch +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-cloudmap +resource "turbot_mod" "aws-cloudmap" { + parent = "tmod:@turbot/turbot#/" + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] + org = "turbot" + mod = "aws-cloudmap" + version = ">=5.0.0" + count = contains(var.mod_list, "aws-cloudmap") ? 1 : 0 +} + +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-cloudsearch resource "turbot_mod" "aws-cloudsearch" { parent = "tmod:@turbot/turbot#/" depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-cisv1] org = "turbot" mod = "aws-cloudsearch" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-cloudsearch") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-cloudtrail +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-cloudshell +resource "turbot_mod" "aws-cloudshell" { + parent = "tmod:@turbot/turbot#/" + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] + org = "turbot" + mod = "aws-cloudshell" + version = ">=5.0.0" + count = contains(var.mod_list, "aws-cloudshell") ? 1 : 0 +} + +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-cloudtrail resource "turbot_mod" "aws-cloudtrail" { parent = "tmod:@turbot/turbot#/" depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-cloudtrail" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-cloudtrail") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-cloudwatch +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-cloudwatch resource "turbot_mod" "aws-cloudwatch" { parent = "tmod:@turbot/turbot#/" depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-cloudwatch" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-cloudwatch") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-codebuild +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-codebuild resource "turbot_mod" "aws-codebuild" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-cisv1] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-codebuild" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-codebuild") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-codecommit +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-codecommit resource "turbot_mod" "aws-codecommit" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-cisv1] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-codecommit" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-codecommit") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-codedeploy +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-codedeploy resource "turbot_mod" "aws-codedeploy" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-cisv1] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-codedeploy" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-codedeploy") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-codepipeline +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-codepipeline resource "turbot_mod" "aws-codepipeline" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-cisv1] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-codepipeline" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-codepipeline") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-codestar +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-codestar resource "turbot_mod" "aws-codestar" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-cisv1] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-codestar" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-codestar") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-comprehend +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-codewhisperer +resource "turbot_mod" "aws-codewhisperer" { + parent = "tmod:@turbot/turbot#/" + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] + org = "turbot" + mod = "aws-codewhisperer" + version = ">=5.0.0" + count = contains(var.mod_list, "aws-codewhisperer") ? 1 : 0 +} + +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-cognito +resource "turbot_mod" "aws-cognito" { + parent = "tmod:@turbot/turbot#/" + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] + org = "turbot" + mod = "aws-cognito" + version = ">=5.0.0" + count = contains(var.mod_list, "aws-cognito") ? 1 : 0 +} + +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-comprehend resource "turbot_mod" "aws-comprehend" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-waf] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-comprehend" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-comprehend") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-config +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-computeoptimizer +resource "turbot_mod" "aws-computeoptimizer" { + parent = "tmod:@turbot/turbot#/" + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] + org = "turbot" + mod = "aws-computeoptimizer" + version = ">=5.0.0" + count = contains(var.mod_list, "aws-computeoptimizer") ? 1 : 0 +} + +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-config resource "turbot_mod" "aws-config" { parent = "tmod:@turbot/turbot#/" depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-config" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-config") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-datapipeline +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-connect +resource "turbot_mod" "aws-connect" { + parent = "tmod:@turbot/turbot#/" + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] + org = "turbot" + mod = "aws-connect" + version = ">=5.0.0" + count = contains(var.mod_list, "aws-connect") ? 1 : 0 +} + +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-datapipeline resource "turbot_mod" "aws-datapipeline" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-waf] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-datapipeline" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-datapipeline") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-dax +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-datasync +resource "turbot_mod" "aws-datasync" { + parent = "tmod:@turbot/turbot#/" + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] + org = "turbot" + mod = "aws-datasync" + version = ">=5.0.0" + count = contains(var.mod_list, "aws-datasync") ? 1 : 0 +} + +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-dax resource "turbot_mod" "aws-dax" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-waf] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-dax" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-dax") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-directoryservice +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-devicefarm +resource "turbot_mod" "aws-devicefarm" { + parent = "tmod:@turbot/turbot#/" + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] + org = "turbot" + mod = "aws-devicefarm" + version = ">=5.0.0" + count = contains(var.mod_list, "aws-devicefarm") ? 1 : 0 +} + +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-directconnect +resource "turbot_mod" "aws-directconnect" { + parent = "tmod:@turbot/turbot#/" + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] + org = "turbot" + mod = "aws-directconnect" + version = ">=5.0.0" + count = contains(var.mod_list, "aws-directconnect") ? 1 : 0 +} + +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-directoryservice resource "turbot_mod" "aws-directoryservice" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-waf] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-directoryservice" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-directoryservice") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-dms +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-dms resource "turbot_mod" "aws-dms" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-waf] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-kms] org = "turbot" mod = "aws-dms" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-dms") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-docdb +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-docdb resource "turbot_mod" "aws-docdb" { parent = "tmod:@turbot/turbot#/" depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-rds] org = "turbot" mod = "aws-docdb" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-docdb") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-dynamodb +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-dynamodb resource "turbot_mod" "aws-dynamodb" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-cisv1] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-dynamodb" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-dynamodb") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-ec2 +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-ec2 resource "turbot_mod" "aws-ec2" { parent = "tmod:@turbot/turbot#/" depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-kms] org = "turbot" mod = "aws-ec2" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-ec2") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-ecr +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-ec2imagebuilder +resource "turbot_mod" "aws-ec2imagebuilder" { + parent = "tmod:@turbot/turbot#/" + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] + org = "turbot" + mod = "aws-ec2imagebuilder" + version = ">=5.0.0" + count = contains(var.mod_list, "aws-ec2imagebuilder") ? 1 : 0 +} + +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-ecr resource "turbot_mod" "aws-ecr" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-cisv1] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-ecr" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-ecr") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-ecs +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-ecs resource "turbot_mod" "aws-ecs" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-cisv1] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-ecs" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-ecs") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-efs +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-efs resource "turbot_mod" "aws-efs" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-cisv1] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-efs" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-efs") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-eks + +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-eks resource "turbot_mod" "aws-eks" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-cisv1] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-eks" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-eks") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-elasticache +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-elasticache resource "turbot_mod" "aws-elasticache" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-cisv1] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-elasticache" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-elasticache") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-elasticbeanstalk +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-elasticbeanstalk resource "turbot_mod" "aws-elasticbeanstalk" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-waf] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-elasticbeanstalk" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-elasticbeanstalk") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-elasticsearch +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-elasticinference +resource "turbot_mod" "aws-elasticinference" { + parent = "tmod:@turbot/turbot#/" + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] + org = "turbot" + mod = "aws-elasticinference" + version = ">=5.0.0" + count = contains(var.mod_list, "aws-elasticinference") ? 1 : 0 +} + +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-elasticsearch resource "turbot_mod" "aws-elasticsearch" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-cisv1] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-elasticsearch" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-elasticsearch") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-elastictranscoder +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-elastictranscoder resource "turbot_mod" "aws-elastictranscoder" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-waf] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-elastictranscoder" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-elastictranscoder") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-emr +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-emr resource "turbot_mod" "aws-emr" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-waf] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-emr" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-emr") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-events +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-eventbridgepipes +resource "turbot_mod" "aws-eventbridgepipes" { + parent = "tmod:@turbot/turbot#/" + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] + org = "turbot" + mod = "aws-eventbridgepipes" + version = ">=5.0.0" + count = contains(var.mod_list, "aws-eventbridgepipes") ? 1 : 0 +} + +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-eventbridgescheduler +resource "turbot_mod" "aws-eventbridgescheduler" { + parent = "tmod:@turbot/turbot#/" + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] + org = "turbot" + mod = "aws-eventbridgescheduler" + version = ">=5.0.0" + count = contains(var.mod_list, "aws-eventbridgescheduler") ? 1 : 0 +} + +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-events resource "turbot_mod" "aws-events" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-cisv1] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-events" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-events") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-fsx +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-fms +resource "turbot_mod" "aws-fms" { + parent = "tmod:@turbot/turbot#/" + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] + org = "turbot" + mod = "aws-fms" + version = ">=5.0.0" + count = contains(var.mod_list, "aws-fms") ? 1 : 0 +} + +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-fsx resource "turbot_mod" "aws-fsx" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-waf] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-fsx" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-fsx") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-gamelift +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-gamelift resource "turbot_mod" "aws-gamelift" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-cisv1] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-gamelift" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-gamelift") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-glacier +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-glacier resource "turbot_mod" "aws-glacier" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-cisv1] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-glacier" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-glacier") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-glue +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-globalaccelerator +resource "turbot_mod" "aws-globalaccelerator" { + parent = "tmod:@turbot/turbot#/" + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] + org = "turbot" + mod = "aws-globalaccelerator" + version = ">=5.0.0" + count = contains(var.mod_list, "aws-globalaccelerator") ? 1 : 0 +} + +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-glue resource "turbot_mod" "aws-glue" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-cisv1] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-glue" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-glue") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-greengrass +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-gluedatabrew +resource "turbot_mod" "aws-gluedatabrew" { + parent = "tmod:@turbot/turbot#/" + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] + org = "turbot" + mod = "aws-gluedatabrew" + version = ">=5.0.0" + count = contains(var.mod_list, "aws-gluedatabrew") ? 1 : 0 +} + +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-greengrass resource "turbot_mod" "aws-greengrass" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-cisv1] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-greengrass" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-greengrass") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-guardduty +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-guardduty resource "turbot_mod" "aws-guardduty" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-waf] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-guardduty" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-guardduty") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-health +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-health resource "turbot_mod" "aws-health" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-waf] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-health" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-health") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-iam +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-hipaa +resource "turbot_mod" "aws-hipaa" { + parent = "tmod:@turbot/turbot#/" + depends_on = [turbot_mod.aws, + turbot_mod.aws-acm, + turbot_mod.aws-apigateway, + turbot_mod.aws-backup, + turbot_mod.aws-cloudfront, + turbot_mod.aws-cloudtrail, + turbot_mod.aws-cloudwatch, + turbot_mod.aws-codebuild, + turbot_mod.aws-dax, + turbot_mod.aws-dms, + turbot_mod.aws-dynamodb, + turbot_mod.aws-ec2, + turbot_mod.aws-efs, + turbot_mod.aws-eks, + turbot_mod.aws-elasticache, + turbot_mod.aws-elasticsearch, + turbot_mod.aws-emr, + turbot_mod.aws-fsx, + turbot_mod.aws-guardduty, + turbot_mod.aws-iam, + turbot_mod.aws-kms, + turbot_mod.aws-lambda, + turbot_mod.aws-logs, + turbot_mod.aws-rds, + turbot_mod.aws-redshift, + turbot_mod.aws-s3, + turbot_mod.aws-sagemaker, + turbot_mod.aws-secretsmanager, + turbot_mod.aws-sns, + turbot_mod.aws-ssm, + turbot_mod.aws-vpc-connect, + turbot_mod.aws-vpc-core, + turbot_mod.aws-vpc-internet, + turbot_mod.aws-vpc-security, + turbot_mod.aws-waf + ] + org = "turbot" + mod = "aws-hipaa" + version = ">=5.0.0" + count = contains(var.mod_list, "aws-hipaa") ? 1 : 0 +} + +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-iam resource "turbot_mod" "aws-iam" { parent = "tmod:@turbot/turbot#/" depends_on = [turbot_mod.aws] org = "turbot" mod = "aws-iam" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-iam") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-inspector +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-inspector resource "turbot_mod" "aws-inspector" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-cisv1] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-inspector" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-inspector") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-iot +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-iot resource "turbot_mod" "aws-iot" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-waf] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-iot" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-iot") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-iot1click +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-iot1click resource "turbot_mod" "aws-iot1click" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-waf] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-iot1click" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-iot1click") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-iotanalytics +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-iotanalytics resource "turbot_mod" "aws-iotanalytics" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-waf] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-iotanalytics" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-iotanalytics") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-iotevents +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-iotevents resource "turbot_mod" "aws-iotevents" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-waf] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-iotevents" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-iotevents") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-iotsitewise +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-iotsitewise resource "turbot_mod" "aws-iotsitewise" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-waf] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-iotsitewise" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-iotsitewise") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-iotthingsgraph +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-iotthingsgraph resource "turbot_mod" "aws-iotthingsgraph" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-waf] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-iotthingsgraph" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-iotthingsgraph") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-kinesis +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-kendra +resource "turbot_mod" "aws-kendra" { + parent = "tmod:@turbot/turbot#/" + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] + org = "turbot" + mod = "aws-kendra" + version = ">=5.0.0" + count = contains(var.mod_list, "aws-kendra") ? 1 : 0 +} + +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-kinesis resource "turbot_mod" "aws-kinesis" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-waf] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-kinesis" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-kinesis") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-kms +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-kms resource "turbot_mod" "aws-kms" { parent = "tmod:@turbot/turbot#/" depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-kms" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-kms") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-lambda +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-lakeformation +resource "turbot_mod" "aws-lakeformation" { + parent = "tmod:@turbot/turbot#/" + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] + org = "turbot" + mod = "aws-lakeformation" + version = ">=5.0.0" + count = contains(var.mod_list, "aws-lakeformation") ? 1 : 0 +} + +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-lambda resource "turbot_mod" "aws-lambda" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-cisv1] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-lambda" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-lambda") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-lex +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-lex resource "turbot_mod" "aws-lex" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-cisv1] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-lex" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-lex") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-lightsail +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-lightsail resource "turbot_mod" "aws-lightsail" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-cisv1] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-lightsail" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-lightsail") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-logs +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-location +resource "turbot_mod" "aws-location" { + parent = "tmod:@turbot/turbot#/" + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] + org = "turbot" + mod = "aws-location" + version = ">=5.0.0" + count = contains(var.mod_list, "aws-location") ? 1 : 0 +} + +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-logs resource "turbot_mod" "aws-logs" { parent = "tmod:@turbot/turbot#/" depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-logs" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-logs") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-machinelearning +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-machinelearning resource "turbot_mod" "aws-machinelearning" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-waf] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-machinelearning" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-machinelearning") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-macie +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-macie resource "turbot_mod" "aws-macie" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-waf] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-macie" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-macie") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-mediaconnect +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-mediaconnect resource "turbot_mod" "aws-mediaconnect" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-waf] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-mediaconnect" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-mediaconnect") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-mediaconvert +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-mediaconvert resource "turbot_mod" "aws-mediaconvert" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-waf] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-mediaconvert" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-mediaconvert") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-medialive +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-medialive resource "turbot_mod" "aws-medialive" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-waf] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-medialive" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-medialive") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-mediapackage +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-mediapackage resource "turbot_mod" "aws-mediapackage" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-waf] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-mediapackage" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-mediapackage") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-mediastore +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-mediastore resource "turbot_mod" "aws-mediastore" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-waf] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-mediastore" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-mediastore") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-mediatailor +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-mediatailor resource "turbot_mod" "aws-mediatailor" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-waf] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-mediatailor" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-mediatailor") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-mq +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-mq resource "turbot_mod" "aws-mq" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-waf] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-mq" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-mq") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-msk +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-msk resource "turbot_mod" "aws-msk" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-waf] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-msk" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-msk") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-neptune +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-mwaa +resource "turbot_mod" "aws-mwaa" { + parent = "tmod:@turbot/turbot#/" + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] + org = "turbot" + mod = "aws-mwaa" + version = ">=5.0.0" + count = contains(var.mod_list, "aws-mwaa") ? 1 : 0 +} + +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-neptune resource "turbot_mod" "aws-neptune" { parent = "tmod:@turbot/turbot#/" depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-rds] org = "turbot" mod = "aws-neptune" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-neptune") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-outposts +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-nist-800-53 +resource "turbot_mod" "aws-nist-800-53" { + parent = "tmod:@turbot/turbot#/" + depends_on = [turbot_mod.aws, + turbot_mod.aws-acm, + turbot_mod.aws-apigateway, + turbot_mod.aws-cloudtrail, + turbot_mod.aws-cloudwatch, + turbot_mod.aws-codebuild, + turbot_mod.aws-dms, + turbot_mod.aws-dynamodb, + turbot_mod.aws-ec2, + turbot_mod.aws-ecs, + turbot_mod.aws-efs, + turbot_mod.aws-elasticache, + turbot_mod.aws-elasticsearch, + turbot_mod.aws-emr, + turbot_mod.aws-guardduty, + turbot_mod.aws-iam, + turbot_mod.aws-kms, + turbot_mod.aws-lambda, + turbot_mod.aws-logs, + turbot_mod.aws-rds, + turbot_mod.aws-redshift, + turbot_mod.aws-s3, + turbot_mod.aws-sagemaker, + turbot_mod.aws-secretsmanager, + turbot_mod.aws-securityhub, + turbot_mod.aws-sns, + turbot_mod.aws-ssm, + turbot_mod.aws-vpc-connect, + turbot_mod.aws-vpc-core, + turbot_mod.aws-vpc-internet, + turbot_mod.aws-vpc-security, + turbot_mod.aws-waf + ] + org = "turbot" + mod = "aws-nist-800-53" + version = ">=5.0.0" + count = contains(var.mod_list, "aws-nist-800-53") ? 1 : 0 +} + +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-omics +resource "turbot_mod" "aws-omics" { + parent = "tmod:@turbot/turbot#/" + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] + org = "turbot" + mod = "aws-omics" + version = ">=5.0.0" + count = contains(var.mod_list, "aws-omics") ? 1 : 0 +} + +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-opensearch +resource "turbot_mod" "aws-opensearch" { + parent = "tmod:@turbot/turbot#/" + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] + org = "turbot" + mod = "aws-opensearch" + version = ">=5.0.0" + count = contains(var.mod_list, "aws-opensearch") ? 1 : 0 +} + +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-organizations +resource "turbot_mod" "aws-organizations" { + parent = "tmod:@turbot/turbot#/" + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] + org = "turbot" + mod = "aws-organizations" + version = ">=5.0.0" + count = contains(var.mod_list, "aws-organizations") ? 1 : 0 +} + +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-outposts resource "turbot_mod" "aws-outposts" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-rds] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-outposts" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-outposts") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-qldb +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-pciv3-2-1 +resource "turbot_mod" "aws-pciv3-2-1" { + parent = "tmod:@turbot/turbot#/" + depends_on = [turbot_mod.aws, + turbot_mod.aws-cloudtrail, + turbot_mod.aws-codebuild, + turbot_mod.aws-dms, + turbot_mod.aws-ec2, + turbot_mod.aws-elasticsearch, + turbot_mod.aws-guardduty, + turbot_mod.aws-iam, + turbot_mod.aws-kms, + turbot_mod.aws-lambda, + turbot_mod.aws-rds, + turbot_mod.aws-redshift, + turbot_mod.aws-s3, + turbot_mod.aws-sagemaker, + turbot_mod.aws-ssm, + turbot_mod.aws-vpc-core, + turbot_mod.aws-vpc-internet, + turbot_mod.aws-vpc-security + ] + org = "turbot" + mod = "aws-pciv3-2-1" + version = ">=5.0.0" + count = contains(var.mod_list, "aws-pciv3-2-1") ? 1 : 0 +} + +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-polly +resource "turbot_mod" "aws-polly" { + parent = "tmod:@turbot/turbot#/" + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] + org = "turbot" + mod = "aws-polly" + version = ">=5.0.0" + count = contains(var.mod_list, "aws-polly") ? 1 : 0 +} + +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-qldb resource "turbot_mod" "aws-qldb" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-waf] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-qldb" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-qldb") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-quicksight +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-quicksight resource "turbot_mod" "aws-quicksight" { parent = "tmod:@turbot/turbot#/" depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-quicksight" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-quicksight") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-ram +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-ram resource "turbot_mod" "aws-ram" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-cisv1] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-ram" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-ram") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-rds +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-rds resource "turbot_mod" "aws-rds" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-cisv1] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-rds" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-rds") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-redshift +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-redshift resource "turbot_mod" "aws-redshift" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-ec2] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-redshift" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-redshift") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-resourcegroups +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-redshiftserverless +resource "turbot_mod" "aws-redshiftserverless" { + parent = "tmod:@turbot/turbot#/" + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] + org = "turbot" + mod = "aws-redshiftserverless" + version = ">=5.0.0" + count = contains(var.mod_list, "aws-redshiftserverless") ? 1 : 0 +} + +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-rekognition +resource "turbot_mod" "aws-rekognition" { + parent = "tmod:@turbot/turbot#/" + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] + org = "turbot" + mod = "aws-rekognition" + version = ">=5.0.0" + count = contains(var.mod_list, "aws-rekognition") ? 1 : 0 +} + +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-resourcegroups resource "turbot_mod" "aws-resourcegroups" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-ec2] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-resourcegroups" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-resourcegroups") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-robomaker +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-robomaker resource "turbot_mod" "aws-robomaker" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-waf] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-robomaker" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-robomaker") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-route53 +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-route53 resource "turbot_mod" "aws-route53" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-cisv1] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-route53" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-route53") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-route53domains +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-route53domains resource "turbot_mod" "aws-route53domains" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-cisv1] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-route53domains" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-route53domains") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-route53resolver +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-route53recoverycontrolconfig +resource "turbot_mod" "aws-route53recoverycontrolconfig" { + parent = "tmod:@turbot/turbot#/" + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] + org = "turbot" + mod = "aws-route53recoverycontrolconfig" + version = ">=5.0.0" + count = contains(var.mod_list, "aws-route53recoverycontrolconfig") ? 1 : 0 +} + +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-route53recoveryreadiness +resource "turbot_mod" "aws-route53recoveryreadiness" { + parent = "tmod:@turbot/turbot#/" + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] + org = "turbot" + mod = "aws-route53recoveryreadiness" + version = ">=5.0.0" + count = contains(var.mod_list, "aws-route53recoveryreadiness") ? 1 : 0 +} + +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-route53resolver resource "turbot_mod" "aws-route53resolver" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-cisv1] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-route53resolver" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-route53resolver") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-s3 +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-s3 resource "turbot_mod" "aws-s3" { parent = "tmod:@turbot/turbot#/" depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-kms] org = "turbot" mod = "aws-s3" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-s3") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-sagemaker +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-s3multiregionaccesspoint +resource "turbot_mod" "aws-s3multiregionaccesspoint" { + parent = "tmod:@turbot/turbot#/" + depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-s3] + org = "turbot" + mod = "aws-s3multiregionaccesspoint" + version = ">=5.0.0" + count = contains(var.mod_list, "aws-s3multiregionaccesspoint") ? 1 : 0 +} + +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-sagemaker resource "turbot_mod" "aws-sagemaker" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-cisv1] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-sagemaker" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-sagemaker") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-secretsmanager +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-savingsplans +resource "turbot_mod" "aws-savingsplans" { + parent = "tmod:@turbot/turbot#/" + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] + org = "turbot" + mod = "aws-savingsplans" + version = ">=5.0.0" + count = contains(var.mod_list, "aws-savingsplans") ? 1 : 0 +} + +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-scheduler +resource "turbot_mod" "aws-scheduler" { + parent = "tmod:@turbot/turbot#/" + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] + org = "turbot" + mod = "aws-scheduler" + version = ">=5.0.0" + count = contains(var.mod_list, "aws-scheduler") ? 1 : 0 +} + +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-secretsmanager resource "turbot_mod" "aws-secretsmanager" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-cisv1] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-secretsmanager" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-secretsmanager") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-securityhub +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-securityhub resource "turbot_mod" "aws-securityhub" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-waf] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-securityhub" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-securityhub") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-serverlessapplicationrepository +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-serverlessapplicationrepository resource "turbot_mod" "aws-serverlessapplicationrepository" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-waf] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-serverlessapplicationrepository" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-serverlessapplicationrepository") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-servermigration +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-servermigration resource "turbot_mod" "aws-servermigration" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-waf] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-servermigration" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-servermigration") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-servicecatalog +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-servicecatalog resource "turbot_mod" "aws-servicecatalog" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-cisv1] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-servicecatalog" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-servicecatalog") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-ses +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-servicequotas +resource "turbot_mod" "aws-servicequotas" { + parent = "tmod:@turbot/turbot#/" + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] + org = "turbot" + mod = "aws-servicequotas" + version = ">=5.0.0" + count = contains(var.mod_list, "aws-servicequotas") ? 1 : 0 +} + +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-ses resource "turbot_mod" "aws-ses" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-waf] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-ses" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-ses") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-shield +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-shield resource "turbot_mod" "aws-shield" { parent = "tmod:@turbot/turbot#/" depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-shield" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-shield") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-simpledb +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-signer +resource "turbot_mod" "aws-signer" { + parent = "tmod:@turbot/turbot#/" + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] + org = "turbot" + mod = "aws-signer" + version = ">=5.0.0" + count = contains(var.mod_list, "aws-signer") ? 1 : 0 +} + +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-simpledb resource "turbot_mod" "aws-simpledb" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-waf] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-simpledb" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-simpledb") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-snowball +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-snowball resource "turbot_mod" "aws-snowball" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-waf] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-snowball" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-snowball") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-sns +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-sns resource "turbot_mod" "aws-sns" { parent = "tmod:@turbot/turbot#/" depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-sns" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-sns") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-sqs +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-sqs resource "turbot_mod" "aws-sqs" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-cisv1] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-sqs" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-sqs") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-ssm +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-ssm resource "turbot_mod" "aws-ssm" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-cisv1] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-ssm" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-ssm") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-stepfunctions +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-stepfunctions resource "turbot_mod" "aws-stepfunctions" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-cisv1] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-stepfunctions" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-stepfunctions") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-storagegateway +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-storagegateway resource "turbot_mod" "aws-storagegateway" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-cisv1] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-storagegateway" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-storagegateway") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-swf +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-swf resource "turbot_mod" "aws-swf" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-waf] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-swf" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-swf") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-textract +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-tagging +resource "turbot_mod" "aws-tagging" { + parent = "tmod:@turbot/turbot#/" + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] + org = "turbot" + mod = "aws-tagging" + version = ">=5.0.0" + count = contains(var.mod_list, "aws-tagging") ? 1 : 0 +} + +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-textract resource "turbot_mod" "aws-textract" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-waf] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-textract" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-textract") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-transcribe +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-transcribe resource "turbot_mod" "aws-transcribe" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-waf] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-transcribe" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-transcribe") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-transfer +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-transfer resource "turbot_mod" "aws-transfer" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-waf] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-transfer" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-transfer") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-trustedadvisor +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-translate +resource "turbot_mod" "aws-translate" { + parent = "tmod:@turbot/turbot#/" + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] + org = "turbot" + mod = "aws-translate" + version = ">=5.0.0" + count = contains(var.mod_list, "aws-translate") ? 1 : 0 +} + +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-trustedadvisor resource "turbot_mod" "aws-trustedadvisor" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-waf] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-trustedadvisor" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-trustedadvisor") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-vpc-connect +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-vpc-connect resource "turbot_mod" "aws-vpc-connect" { parent = "tmod:@turbot/turbot#/" depends_on = [ @@ -1110,11 +1742,11 @@ resource "turbot_mod" "aws-vpc-connect" { ] org = "turbot" mod = "aws-vpc-connect" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-vpc-connect") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-vpc-core +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-vpc-core resource "turbot_mod" "aws-vpc-core" { parent = "tmod:@turbot/turbot#/" depends_on = [ @@ -1125,11 +1757,11 @@ resource "turbot_mod" "aws-vpc-core" { ] org = "turbot" mod = "aws-vpc-core" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-vpc-core") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-vpc-internet +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-vpc-internet resource "turbot_mod" "aws-vpc-internet" { parent = "tmod:@turbot/turbot#/" depends_on = [ @@ -1141,11 +1773,11 @@ resource "turbot_mod" "aws-vpc-internet" { ] org = "turbot" mod = "aws-vpc-internet" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-vpc-internet") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-vpc-security +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-vpc-security resource "turbot_mod" "aws-vpc-security" { parent = "tmod:@turbot/turbot#/" depends_on = [ @@ -1157,66 +1789,86 @@ resource "turbot_mod" "aws-vpc-security" { ] org = "turbot" mod = "aws-vpc-security" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-vpc-security") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-waf +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-vpclattice +resource "turbot_mod" "aws-vpclattice" { + parent = "tmod:@turbot/turbot#/" + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] + org = "turbot" + mod = "aws-vpclattice" + version = ">=5.0.0" + count = contains(var.mod_list, "aws-vpclattice") ? 1 : 0 +} + +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-waf resource "turbot_mod" "aws-waf" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-cisv1] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-waf" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-waf") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-wafregional +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-wafregional resource "turbot_mod" "aws-wafregional" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-waf] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-wafregional" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-wafregional") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-wellarchitected +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-wellarchitected resource "turbot_mod" "aws-wellarchitected" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-waf] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-wellarchitected" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-wellarchitected") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-workspaces -resource "turbot_mod" "aws-workspaces" { +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-wellarchitected-framework +resource "turbot_mod" "aws-wellarchitected-framework" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-waf] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-wellarchitected] org = "turbot" - mod = "aws-workspaces" - version = ">=5.0.0-beta.1" - count = contains(var.mod_list, "aws-workspaces") ? 1 : 0 + mod = "aws-wellarchitected-framework" + version = ">=5.0.0" + count = contains(var.mod_list, "aws-wellarchitected-framework") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-workdocs +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-workdocs resource "turbot_mod" "aws-workdocs" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-waf] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-workdocs" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-workdocs") ? 1 : 0 } -# https://turbot.com/v5/mods/turbot/aws-xray +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-workspaces +resource "turbot_mod" "aws-workspaces" { + parent = "tmod:@turbot/turbot#/" + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] + org = "turbot" + mod = "aws-workspaces" + version = ">=5.0.0" + count = contains(var.mod_list, "aws-workspaces") ? 1 : 0 +} + +# https://hub.guardrails.turbot.com/mods/aws/mods/aws-xray resource "turbot_mod" "aws-xray" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.aws, turbot_mod.aws-iam, turbot_mod.aws-waf] + depends_on = [turbot_mod.aws, turbot_mod.aws-iam] org = "turbot" mod = "aws-xray" - version = ">=5.0.0-beta.1" + version = ">=5.0.0" count = contains(var.mod_list, "aws-xray") ? 1 : 0 } diff --git a/baselines/getting_started/aws/aws_mods/outputs.tf b/baselines/getting_started/aws/aws_mods/outputs.tf deleted file mode 100644 index 276afe05a..000000000 --- a/baselines/getting_started/aws/aws_mods/outputs.tf +++ /dev/null @@ -1,7 +0,0 @@ -output "mod_list" { - value = var.mod_list -} - -output "turbot_profile" { - value = var.turbot_profile -} \ No newline at end of file diff --git a/baselines/getting_started/aws/aws_mods/providers.tf b/baselines/getting_started/aws/aws_mods/providers.tf index 715fb0f92..3ede1821a 100644 --- a/baselines/getting_started/aws/aws_mods/providers.tf +++ b/baselines/getting_started/aws/aws_mods/providers.tf @@ -1,12 +1,11 @@ terraform { required_providers { turbot = { - source = "turbot/turbot" + source = "turbot/turbot" + version = ">= 1.11.0" } } - required_version = ">= 0.13" } provider "turbot" { - profile = var.turbot_profile -} \ No newline at end of file +} diff --git a/baselines/getting_started/aws/aws_mods/variables.tf b/baselines/getting_started/aws/aws_mods/variables.tf index 90607f168..97f4fab8a 100644 --- a/baselines/getting_started/aws/aws_mods/variables.tf +++ b/baselines/getting_started/aws/aws_mods/variables.tf @@ -1,40 +1,40 @@ variable "mod_list" { - description = < Date: Mon, 12 Aug 2024 14:11:56 +0530 Subject: [PATCH 02/17] Install minimum mods for cis --- baselines/getting_started/azure/azure_mods/demo.tfvars | 8 +++----- baselines/getting_started/gcp/gcp_mods/demo.tfvars | 6 +----- 2 files changed, 4 insertions(+), 10 deletions(-) diff --git a/baselines/getting_started/azure/azure_mods/demo.tfvars b/baselines/getting_started/azure/azure_mods/demo.tfvars index 27b9c658d..873f0425d 100644 --- a/baselines/getting_started/azure/azure_mods/demo.tfvars +++ b/baselines/getting_started/azure/azure_mods/demo.tfvars @@ -1,13 +1,10 @@ mod_list = [ "azure", "azure-activedirectory", - "azure-aks", - "azure-applicationgateway", - "azure-applicationinsights", + "azure-appservice", "azure-cisv2-0", "azure-compute", - "azure-dns", - "azure-firewall", + "azure-cosmosdb", "azure-iam", "azure-keyvault", "azure-loadbalancer", @@ -17,6 +14,7 @@ mod_list = [ "azure-networkwatcher", "azure-postgresql", "azure-provider", + "azure-securitycenter", "azure-sql", "azure-storage" ] diff --git a/baselines/getting_started/gcp/gcp_mods/demo.tfvars b/baselines/getting_started/gcp/gcp_mods/demo.tfvars index 2d578fc6b..b2dd0fd39 100644 --- a/baselines/getting_started/gcp/gcp_mods/demo.tfvars +++ b/baselines/getting_started/gcp/gcp_mods/demo.tfvars @@ -1,15 +1,11 @@ mod_list = [ "gcp", - "gcp-appengine", - "gcp-bigquery", - "gcp-bigtable", - "gcp-build", "gcp-cisv2-0", "gcp-computeengine", + "gcp-dns", "gcp-functions", "gcp-iam", "gcp-kms", - "gcp-kubernetesengine", "gcp-logging", "gcp-monitoring", "gcp-network", From b67a96c637209574f22c71f2834061f1f9739964 Mon Sep 17 00:00:00 2001 From: Venu Date: Mon, 12 Aug 2024 16:16:17 +0530 Subject: [PATCH 03/17] Add service enable policies --- .../aws/aws_service_enable/README.md | 134 +++++++++++++++ .../aws/aws_service_enable/default.tfvars | 19 +++ .../aws/aws_service_enable/main.tf | 14 ++ .../aws/aws_service_enable/providers.tf | 11 ++ .../aws/aws_service_enable/variables.tf | 161 ++++++++++++++++++ .../azure/azure_service_enable/README.md | 134 +++++++++++++++ .../azure/azure_service_enable/default.tfvars | 103 +++++++++++ .../azure/azure_service_enable/main.tf | 23 +++ .../azure/azure_service_enable/providers.tf | 11 ++ .../azure/azure_service_enable/variables.tf | 120 +++++++++++++ .../gcp/gcp_service_enable/README.md | 22 +++ .../gcp/gcp_service_enable/default.tfvars | 45 +++++ .../gcp/gcp_service_enable/main.tf | 22 +++ .../gcp/gcp_service_enable/providers.tf | 11 ++ .../gcp/gcp_service_enable/variables.tf | 114 +++++++++++++ 15 files changed, 944 insertions(+) create mode 100644 baselines/getting_started/aws/aws_service_enable/README.md create mode 100644 baselines/getting_started/aws/aws_service_enable/default.tfvars create mode 100644 baselines/getting_started/aws/aws_service_enable/main.tf create mode 100644 baselines/getting_started/aws/aws_service_enable/providers.tf create mode 100644 baselines/getting_started/aws/aws_service_enable/variables.tf create mode 100644 baselines/getting_started/azure/azure_service_enable/README.md create mode 100644 baselines/getting_started/azure/azure_service_enable/default.tfvars create mode 100644 baselines/getting_started/azure/azure_service_enable/main.tf create mode 100644 baselines/getting_started/azure/azure_service_enable/providers.tf create mode 100644 baselines/getting_started/azure/azure_service_enable/variables.tf create mode 100644 baselines/getting_started/gcp/gcp_service_enable/README.md create mode 100644 baselines/getting_started/gcp/gcp_service_enable/default.tfvars create mode 100644 baselines/getting_started/gcp/gcp_service_enable/main.tf create mode 100644 baselines/getting_started/gcp/gcp_service_enable/providers.tf create mode 100644 baselines/getting_started/gcp/gcp_service_enable/variables.tf diff --git a/baselines/getting_started/aws/aws_service_enable/README.md b/baselines/getting_started/aws/aws_service_enable/README.md new file mode 100644 index 000000000..14c196e2d --- /dev/null +++ b/baselines/getting_started/aws/aws_service_enable/README.md @@ -0,0 +1,134 @@ +# Baseline - AWS Baseline Policies + +AWS Baseline Policies focuses on base minimum set of example policies & services to start with. + +## Overview + +Baseline policies are initial set of policies recommended to start with while using Turbot. These policies mostly focuses on enabling services, frequently used policies to run in check mode & enabling security features such as various encryption standards. Baseline TF scripts allows you to toggle the value to apply or ignore. See the below sections for more information. + +Some of these policies overlap with other set of baselines. Hence Turbot provided set of baseline TF files are executed in separate [Smart Folder](https://turbot.com/v5/docs/getting-started/smart_folder). The advantage of setting up of each baseline in their own Smart Folder prevents conflicting with the policy settings created by other baseline scripts. + +This baseline will not attach to a resource by default. This needs to be done manually using the Turbot UI. + +## Requirements + +- Terraform v0.13 or greater installed +- Valid Turbot configuration credentials + +For further information on configuring Turbot credentials can be found [here](https://turbot.com/v5/docs/reference/cli/installation#setup-your-turbot-credentials). + +## Applying baseline + +The baseline is defined by a set of files which together define the configuration of the baseline. + +### Initialize baseline + +If not previously run, Initialize Terraform to get all necessary providers for the baseline. + +1. Navigate to the folder containing the baseline configuration. +2. Run the command: + + ```shell + terraform init + ``` +### Profile name as input + +The baseline example set requires you to provide `turbot_profile` name as input. This is to help in case you are having more profiles than only `default`. In case it's default, specify name as default. + +```shell +var.turbot_profile + Enter profile matching your turbot cli credentials. + Enter a value: +``` + +### Deploying demo example + +1. Navigate to the folder of the baseline +2. Initialize Terraform +3. Apply the baseline using the demo input variable file [demo.tfvars](demo.tfvars) + +On the terminal this will look like: + +```shell +cd +terraform init +terraform apply --var-file demo.tfvars +``` +**Note** +- Most of the variables in demo.tfvars are marked as `false`, as they are not part of required initial policies. This can be made `true` based on need. + +- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default varialble file. + +### Input variable files + +Input variable files allow for the user to configure configuration definitions for multiple environments in different files. + +This baseline comes with an example input variable file called [demo.tfvars](demo.tfvars). + +It will be used to define which parts of the baseline to apply and which to ignore. + +The variables that can be overwritten by the input variable files i.e. [demo.tfvars](demo.tfvars) are defined in the [variables.tf](variables.tf) file. + +Further details found in official [Terraform documentation](https://www.terraform.io/docs/language/values/variables.html). + +### Apply baseline using input variable files + +If seeking to apply the baseline using an input variable file such as [demo.tfvars](demo.tfvars). + +1. Navigate to the folder containing the baseline configuration. +2. Run the command: + + ```shell + terraform apply --var-file=demo.tfvars + ``` +### Apply baseline without input variable file + +The baseline can be applied without an input variable file. + +1. By this time Terraform initialization is done as mentioned above. +3. Prefer to check the outcome by running the Terraform plan +3. Apply the Terraform +4. Run the command: + +```shell +cd +terraform plan +terraform apply +``` + +`This may prompt the user applying the baseline to enter values for variables that do not have default values.` + +### Destroy baseline without input variable file + +If seeking to apply the baseline without using an input variable file. + +1. Navigate to the folder containing the baseline configuration. +2. Run the command: + + ```shell + terraform destroy + ``` + +### Destroy using input variable files + +If seeking to destoy the baseline configuration using an input variable file such as [demo.tfvars](demo.tfvars). + +1. Navigate to the folder containing the baseline configuration. +2. Run the command: + + ```shell + terraform destroy --var-file=demo.tfvars + ``` + +## Commenting strategy + +All Turbot policies used by the baselines will have a link to the official Turbot Mods documentation. + +Opening the links will give you further details about: + +- The purpose of the policy +- Policy URI name +- Parent information +- Category information +- Target information +- All valid values diff --git a/baselines/getting_started/aws/aws_service_enable/default.tfvars b/baselines/getting_started/aws/aws_service_enable/default.tfvars new file mode 100644 index 000000000..cbbe6ca18 --- /dev/null +++ b/baselines/getting_started/aws/aws_service_enable/default.tfvars @@ -0,0 +1,19 @@ +# List of services to set as Enabled + +enabled_policy_map = { + aws-cloudtrail = "cloudTrailEnabled" + aws-cloudwatch = "cloudWatchEnabled" + aws-config = "configEnabled" + aws-ec2 = "ec2Enabled" + aws-efs = "efsEnabled" + aws-events = "eventsEnabled" + aws-iam = "iamEnabled" + aws-kms = "kmsEnabled" + aws-lambda = "lambdaEnabled" + aws-logs = "logsEnabled" + aws-rds = "rdsEnabled" + aws-s3 = "s3Enabled" + aws-securityhub = "securityHubEnabled" + aws-sns = "snsEnabled" + aws-vpc-core = "vpcServiceEnabled" +} diff --git a/baselines/getting_started/aws/aws_service_enable/main.tf b/baselines/getting_started/aws/aws_service_enable/main.tf new file mode 100644 index 000000000..646dc73d1 --- /dev/null +++ b/baselines/getting_started/aws/aws_service_enable/main.tf @@ -0,0 +1,14 @@ +# Create Baselines Policy Pack +resource "turbot_policy_pack" "aws_enabled_baseline_pack" { + parent = "tmod:@turbot/turbot#/" + title = "AWS Enabled Baseline Policies" +} + +# Enable all AWS Services +# Loop through var.service_status and set enable policies +resource "turbot_policy_setting" "aws_enable" { + for_each = var.enabled_policy_map + resource = turbot_policy_pack.aws_enabled_baseline_pack.id + type = "tmod:@turbot/${each.key}#/policy/types/${each.value}" + value = "Enabled" +} diff --git a/baselines/getting_started/aws/aws_service_enable/providers.tf b/baselines/getting_started/aws/aws_service_enable/providers.tf new file mode 100644 index 000000000..7db28916c --- /dev/null +++ b/baselines/getting_started/aws/aws_service_enable/providers.tf @@ -0,0 +1,11 @@ +terraform { + required_providers { + turbot = { + source = "turbot/turbot" + } + } + required_version = ">= 0.13" +} + +provider "turbot" { +} diff --git a/baselines/getting_started/aws/aws_service_enable/variables.tf b/baselines/getting_started/aws/aws_service_enable/variables.tf new file mode 100644 index 000000000..869f46c7c --- /dev/null +++ b/baselines/getting_started/aws/aws_service_enable/variables.tf @@ -0,0 +1,161 @@ +variable "enabled_policy_map" { + description = "Enter the list of services that you would like to Enable" + type = map(string) + default = { + aws-acm = "acmEnabled" + aws-amplify = "amplifyEnabled" + aws-apigateway = "apiGatewayEnabled" + aws-appconfig = "appConfigEnabled" + aws-appfabric = "appFabricEnabled" + aws-appflow = "appFlowEnabled" + aws-appmesh = "appMeshEnabled" + aws-appstream = "appStreamEnabled" + aws-appsync = "appSyncEnabled" + aws-artifact = "artifactEnabled" + aws-athena = "athenaEnabled" + aws-auditmanager = "auditManagerEnabled" + aws-backup = "backupEnabled" + aws-batch = "batchEnabled" + aws-bedrock = "bedrockEnabled" + aws-billing = "billingEnabled" + aws-braket = "braketEnabled" + aws-chatbot = "chatbotEnabled" + aws-chime = "chimeEnabled" + aws-cleanrooms = "cleanRoomsEnabled" + aws-cloud9 = "cloud9Enabled" + aws-clouddirectory = "cloudDirectoryEnabled" + aws-cloudformation = "cloudFormationEnabled" + aws-cloudfront = "cloudFrontEnabled" + aws-cloudhsm = "cloudHsmEnabled" + aws-cloudmap = "cloudMapEnabled" + aws-cloudsearch = "cloudSearchEnabled" + aws-cloudshell = "cloudShellEnabled" + aws-cloudtrail = "cloudTrailEnabled" + aws-cloudwatch = "cloudWatchEnabled" + aws-codebuild = "codeBuildEnabled" + aws-codecommit = "codeCommitEnabled" + aws-codedeploy = "codeDeployEnabled" + aws-codepipeline = "codePipelineEnabled" + aws-codestar = "codeStarEnabled" + aws-codewhisperer = "codeWhispererEnabled" + aws-cognito = "cognitoEnabled" + aws-comprehend = "comprehendEnabled" + aws-computeoptimizer = "computeOptimizerEnabled" + aws-config = "configEnabled" + aws-connect = "connectEnabled" + aws-datapipeline = "dataPipelineEnabled" + aws-datasync = "datasyncEnabled" + aws-dax = "daxEnabled" + aws-devicefarm = "deviceFarmEnabled" + aws-directconnect = "directConnectEnabled" + aws-directoryservice = "directoryServiceEnabled" + aws-dms = "dmsEnabled" + aws-dynamodb = "dynamodbEnabled" + aws-ec2 = "ec2Enabled" + aws-ec2imagebuilder = "ec2ImageBuilderEnabled" + aws-ecr = "ecrEnabled" + aws-ecs = "ecsEnabled" + aws-efs = "efsEnabled" + aws-eks = "eksEnabled" + aws-elasticache = "elastiCacheEnabled" + aws-elasticbeanstalk = "elasticBeanstalkEnabled" + aws-elasticinference = "elasticInferenceEnabled" + aws-elasticsearch = "esEnabled" + aws-elastictranscoder = "elasticTranscoderEnabled" + aws-emr = "emrEnabled" + aws-eventbridgepipes = "eventBridgePipesEnabled" + aws-eventbridgescheduler = "eventBridgeSchedulerEnabled" + aws-events = "eventsEnabled" + aws-fms = "fmsEnabled" + aws-fsx = "fsxEnabled" + aws-gamelift = "gameLiftEnabled" + aws-glacier = "glacierEnabled" + aws-globalaccelerator = "globalAcceleratorEnabled" + aws-glue = "glueEnabled" + aws-gluedatabrew = "glueDataBrewEnabled" + aws-greengrass = "greengrassEnabled" + aws-guardduty = "guardDutyEnabled" + aws-health = "healthEnabled" + aws-iam = "iamEnabled" + aws-inspector = "inspectorEnabled" + aws-iot = "iotEnabled" + aws-iot1click = "iot1ClickEnabled" + aws-iotanalytics = "iotAnalyticsEnabled" + aws-iotevents = "iotEventsEnabled" + aws-iotsitewise = "iotSiteWiseEnabled" + aws-iotthingsgraph = "iotThingsGraphEnabled" + aws-kendra = "kendraEnabled" + aws-kinesis = "kinesisEnabled" + aws-kms = "kmsEnabled" + aws-lakeformation = "lakeFormationEnabled" + aws-lambda = "lambdaEnabled" + aws-lex = "lexEnabled" + aws-lightsail = "lightsailEnabled" + aws-location = "locationEnabled" + aws-logs = "logsEnabled" + aws-machinelearning = "machineLearningEnabled" + aws-macie = "macieEnabled" + aws-mediaconnect = "mediaConnectEnabled" + aws-mediaconvert = "mediaConvertEnabled" + aws-medialive = "mediaLiveEnabled" + aws-mediapackage = "mediaPackageEnabled" + aws-mediastore = "mediaStoreEnabled" + aws-mediatailor = "mediaTailorEnabled" + aws-mq = "mqEnabled" + aws-msk = "mskEnabled" + aws-mwaa = "mwaaEnabled" + aws-omics = "omicsEnabled" + aws-opensearch = "openSearchEnabled" + aws-outposts = "outpostsEnabled" + aws-polly = "pollyEnabled" + aws-qldb = "qldbEnabled" + aws-quicksight = "quickSightEnabled" + aws-ram = "ramEnabled" + aws-rds = "rdsEnabled" + aws-redshift = "redshiftEnabled" + aws-redshiftserverless = "redshiftServerlessEnabled" + aws-rekognition = "rekognitionEnabled" + aws-resourcegroups = "resourceGroupsEnabled" + aws-robomaker = "roboMakerEnabled" + aws-route53 = "route53Enabled" + aws-route53domains = "route53DomainsEnabled" + aws-route53recoverycontrolconfig = "route53RecoveryControlConfigEnabled" + aws-route53recoveryreadiness = "route53RecoveryReadinessEnabled" + aws-route53resolver = "route53ResolverEnabled" + aws-s3 = "s3Enabled" + aws-sagemaker = "sageMakerEnabled" + aws-savingsplans = "savingsPlansEnabled" + aws-scheduler = "schedulerEnabled" + aws-secretsmanager = "secretsManagerEnabled" + aws-securityhub = "securityHubEnabled" + aws-serverlessapplicationrepository = "serverlessApplicationRepositoryEnabled" + aws-servermigration = "serverMigrationServiceEnabled" + aws-servicecatalog = "serviceCatalogEnabled" + aws-servicequotas = "serviceQuotasEnabled" + aws-ses = "sesEnabled" + aws-shield = "shieldEnabled" + aws-signer = "signerEnabled" + aws-simpledb = "simpleDbEnabled" + aws-snowball = "snowballEnabled" + aws-sns = "snsEnabled" + aws-sqs = "sqsEnabled" + aws-ssm = "ssmEnabled" + aws-stepfunctions = "stepFunctionsEnabled" + aws-storagegateway = "storageGatewayEnabled" + aws-swf = "swfEnabled" + aws-tagging = "taggingEnabled" + aws-textract = "textractEnabled" + aws-transcribe = "transcribeEnabled" + aws-transfer = "transferEnabled" + aws-translate = "translateEnabled" + aws-trustedadvisor = "trustedAdvisorEnabled" + aws-vpc-core = "vpcServiceEnabled" + aws-vpclattice = "vpcLatticeEnabled" + aws-waf = "wafEnabled" + aws-wafregional = "wafRegionalEnabled" + aws-wellarchitected = "wellarchitectedEnabled" + aws-workdocs = "workDocsEnabled" + aws-workspaces = "workSpacesEnabled" + aws-xray = "xrayEnabled" + } +} diff --git a/baselines/getting_started/azure/azure_service_enable/README.md b/baselines/getting_started/azure/azure_service_enable/README.md new file mode 100644 index 000000000..14c196e2d --- /dev/null +++ b/baselines/getting_started/azure/azure_service_enable/README.md @@ -0,0 +1,134 @@ +# Baseline - AWS Baseline Policies + +AWS Baseline Policies focuses on base minimum set of example policies & services to start with. + +## Overview + +Baseline policies are initial set of policies recommended to start with while using Turbot. These policies mostly focuses on enabling services, frequently used policies to run in check mode & enabling security features such as various encryption standards. Baseline TF scripts allows you to toggle the value to apply or ignore. See the below sections for more information. + +Some of these policies overlap with other set of baselines. Hence Turbot provided set of baseline TF files are executed in separate [Smart Folder](https://turbot.com/v5/docs/getting-started/smart_folder). The advantage of setting up of each baseline in their own Smart Folder prevents conflicting with the policy settings created by other baseline scripts. + +This baseline will not attach to a resource by default. This needs to be done manually using the Turbot UI. + +## Requirements + +- Terraform v0.13 or greater installed +- Valid Turbot configuration credentials + +For further information on configuring Turbot credentials can be found [here](https://turbot.com/v5/docs/reference/cli/installation#setup-your-turbot-credentials). + +## Applying baseline + +The baseline is defined by a set of files which together define the configuration of the baseline. + +### Initialize baseline + +If not previously run, Initialize Terraform to get all necessary providers for the baseline. + +1. Navigate to the folder containing the baseline configuration. +2. Run the command: + + ```shell + terraform init + ``` +### Profile name as input + +The baseline example set requires you to provide `turbot_profile` name as input. This is to help in case you are having more profiles than only `default`. In case it's default, specify name as default. + +```shell +var.turbot_profile + Enter profile matching your turbot cli credentials. + Enter a value: +``` + +### Deploying demo example + +1. Navigate to the folder of the baseline +2. Initialize Terraform +3. Apply the baseline using the demo input variable file [demo.tfvars](demo.tfvars) + +On the terminal this will look like: + +```shell +cd +terraform init +terraform apply --var-file demo.tfvars +``` +**Note** +- Most of the variables in demo.tfvars are marked as `false`, as they are not part of required initial policies. This can be made `true` based on need. + +- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default varialble file. + +### Input variable files + +Input variable files allow for the user to configure configuration definitions for multiple environments in different files. + +This baseline comes with an example input variable file called [demo.tfvars](demo.tfvars). + +It will be used to define which parts of the baseline to apply and which to ignore. + +The variables that can be overwritten by the input variable files i.e. [demo.tfvars](demo.tfvars) are defined in the [variables.tf](variables.tf) file. + +Further details found in official [Terraform documentation](https://www.terraform.io/docs/language/values/variables.html). + +### Apply baseline using input variable files + +If seeking to apply the baseline using an input variable file such as [demo.tfvars](demo.tfvars). + +1. Navigate to the folder containing the baseline configuration. +2. Run the command: + + ```shell + terraform apply --var-file=demo.tfvars + ``` +### Apply baseline without input variable file + +The baseline can be applied without an input variable file. + +1. By this time Terraform initialization is done as mentioned above. +3. Prefer to check the outcome by running the Terraform plan +3. Apply the Terraform +4. Run the command: + +```shell +cd +terraform plan +terraform apply +``` + +`This may prompt the user applying the baseline to enter values for variables that do not have default values.` + +### Destroy baseline without input variable file + +If seeking to apply the baseline without using an input variable file. + +1. Navigate to the folder containing the baseline configuration. +2. Run the command: + + ```shell + terraform destroy + ``` + +### Destroy using input variable files + +If seeking to destoy the baseline configuration using an input variable file such as [demo.tfvars](demo.tfvars). + +1. Navigate to the folder containing the baseline configuration. +2. Run the command: + + ```shell + terraform destroy --var-file=demo.tfvars + ``` + +## Commenting strategy + +All Turbot policies used by the baselines will have a link to the official Turbot Mods documentation. + +Opening the links will give you further details about: + +- The purpose of the policy +- Policy URI name +- Parent information +- Category information +- Target information +- All valid values diff --git a/baselines/getting_started/azure/azure_service_enable/default.tfvars b/baselines/getting_started/azure/azure_service_enable/default.tfvars new file mode 100644 index 000000000..5295942cb --- /dev/null +++ b/baselines/getting_started/azure/azure_service_enable/default.tfvars @@ -0,0 +1,103 @@ +# Enter the list of providers that you would like to "Skip", "Check: Not Registered", "Check: Registered", "Enforce: Not Registered" or "Enforce: Registered". +# Service names must match the "policy_map" below. + +provider_status = { + # ApiManagement = "Enforce: Registered" + # Automation = "Enforce: Registered" + # Billing = "Enforce: Registered" + Compute = "Enforce: Registered" + # ContainerService = "Enforce: Registered" + # CostManagement = "Enforce: Registered" + DBforMySQL = "Enforce: Registered" + DBforPostgreSQL = "Enforce: Registered" + # DataFactory = "Enforce: Registered" + # DataLakeAnalytics = "Enforce: Registered" + # Databricks = "Enforce: Registered" + # DocumentDB = "Enforce: Registered" + # DomainRegistration = "Enforce: Registered" + # HDInsight = "Enforce: Registered" + # Insights = "Enforce: Registered" + KeyVault = "Enforce: Registered" + Network = "Enforce: Registered" + # OperationalInsights = "Enforce: Registered" + # RecoveryServices = "Enforce: Registered" + # Relay = "Enforce: Registered" + # Resources = "Enforce: Registered" + # Search = "Enforce: Registered" + Security = "Enforce: Registered" + # ServiceBus = "Enforce: Registered" + # SignalRService = "Enforce: Registered" + Sql = "Enforce: Registered" + # SqlVirtualMachine = "Enforce: Registered" + Storage = "Enforce: Registered" + # Synapse = "Enforce: Registered" + # Web = "Enforce: Registered" +} + +provider_registration_map = { + # ApiManagement = "apiManagementRegistered" + # Automation = "automationRegistered" + # Billing = "billingRegistered" + Compute = "computeRegistered" + # ContainerService = "containerServiceRegistered" + # CostManagement = "costManagementRegistered" + DBforMySQL = "dbforMySqlRegistered" + DBforPostgreSQL = "dbForPostgreSqlRegistered" + # DataFactory = "dataFactoryRegistered" + # DataLakeAnalytics = "dataLakeAnalyticsRegistered" + # Databricks = "databricksRegistered" + # DocumentDB = "documentDbRegistered" + # DomainRegistration = "domainRegistrationRegistered" + # HDInsight = "hdInsightRegistered" + # Insights = "insightsRegistered" + KeyVault = "keyVaultRegistered" + Network = "networkRegistered" + # OperationalInsights = "operationalInsightsRegistered" + # RecoveryServices = "recoveryServicesRegistered" + # Relay = "relayRegistered" + # Resources = "resourcesRegistered" + # Search = "searchRegistered" + Security = "securityRegistered" + # ServiceBus = "serviceBusRegistered" + # SignalRService = "signalRServiceRegistered" + Sql = "sqlRegistered" + # SqlVirtualMachine = "sqlVirtualMachineRegistered" + Storage = "storageRegistered" + # Synapse = "synapseRegistered" + # Web = "webRegistered" +} + +enabled_policy_map = { + azure-aks = "aksEnabled" + # azure-apimanagement = "apiManagementEnabled" + # azure-applicationgateway = "applicationGatewayServiceEnabled" + # azure-applicationinsights = "applicationInsightsEnabled" + azure-appservice = "appServiceEnabled" + # azure-automation = "automationEnabled" + azure-compute = "computeEnabled" + azure-cosmosdb = "cosmosDbEnabled" + # azure-databricks = "databricksEnabled" + # azure-datafactory = "dataFactoryEnabled" + # azure-dns = "dnsEnabled" + # azure-firewall = "firewallServiceEnabled" + # azure-frontdoorservice = "frontDoorServiceEnabled" + azure-iam = "iamEnabled" + azure-keyvault = "keyVaultEnabled" + azure-loadbalancer = "loadBalancerServiceEnabled" + # azure-loganalytics = "logAnalyticsEnabled" + azure-monitor = "monitorEnabled" + azure-mysql = "mySqlEnabled" + azure-network = "networkEnabled" + azure-networkwatcher = "networkWatcherServiceEnabled" + azure-postgresql = "postgreSqlEnabled" + # azure-recoveryservice = "recoveryServiceEnabled" + # azure-relay = "relayEnabled" + # azure-searchmanagement = "searchManagementEnabled" + # azure-securitycenter = "securityCenterServiceEnabled" + # azure-servicebus = "serviceBusEnabled" + # azure-signalr = "signalRServiceEnabled" + azure-sql = "sqlEnabled" + # azure-sqlvirtualmachine = "sqlVirtualMachineServiceEnabled" + azure-storage = "storageEnabled" + # azure-synapseanalytics = "synapseAnalyticsEnabled" +} diff --git a/baselines/getting_started/azure/azure_service_enable/main.tf b/baselines/getting_started/azure/azure_service_enable/main.tf new file mode 100644 index 000000000..78dd4b7e0 --- /dev/null +++ b/baselines/getting_started/azure/azure_service_enable/main.tf @@ -0,0 +1,23 @@ +# Create Smart Folder +resource "turbot_policy_pack" "azure_enabled_baseline_pack" { + parent = "tmod:@turbot/turbot#/" + title = "Azure Enabled Baseline Policies" +} + +# Enable Provider +resource "turbot_policy_setting" "provider_registration_enable" { + count = length(var.provider_status) + resource = turbot_policy_pack.azure_enabled_baseline_pack.id + type = "tmod:@turbot/azure-provider#/policy/types/${lookup(var.provider_registration_map, "${element(keys(var.provider_status), count.index)}")}" + value = lookup(var.provider_status, "${element(keys(var.provider_status), count.index)}") +} + +# Enable Service +# Loop through var.service_status and set enable policies +resource "turbot_policy_setting" "azure_enable" { + for_each = var.enabled_policy_map + resource = turbot_policy_pack.azure_enabled_baseline_pack.id + type = "tmod:@turbot/${each.key}#/policy/types/${each.value}" + value = "Enabled" +} + diff --git a/baselines/getting_started/azure/azure_service_enable/providers.tf b/baselines/getting_started/azure/azure_service_enable/providers.tf new file mode 100644 index 000000000..7db28916c --- /dev/null +++ b/baselines/getting_started/azure/azure_service_enable/providers.tf @@ -0,0 +1,11 @@ +terraform { + required_providers { + turbot = { + source = "turbot/turbot" + } + } + required_version = ">= 0.13" +} + +provider "turbot" { +} diff --git a/baselines/getting_started/azure/azure_service_enable/variables.tf b/baselines/getting_started/azure/azure_service_enable/variables.tf new file mode 100644 index 000000000..7c39f5a12 --- /dev/null +++ b/baselines/getting_started/azure/azure_service_enable/variables.tf @@ -0,0 +1,120 @@ +variable "enabled_policy_map" { + description = "Enter the list of services that you would like to Enable" + type = map(string) + default = { + azure-aks = "aksEnabled" + azure-apimanagement = "apiManagementEnabled" + azure-applicationgateway = "applicationGatewayServiceEnabled" + azure-applicationinsights = "applicationInsightsEnabled" + azure-appservice = "appServiceEnabled" + azure-automation = "automationEnabled" + azure-compute = "computeEnabled" + azure-cosmosdb = "cosmosDbEnabled" + azure-databricks = "databricksEnabled" + azure-datafactory = "dataFactoryEnabled" + azure-dns = "dnsEnabled" + azure-firewall = "firewallServiceEnabled" + azure-frontdoorservice = "frontDoorServiceEnabled" + azure-iam = "iamEnabled" + azure-keyvault = "keyVaultEnabled" + azure-loadbalancer = "loadBalancerServiceEnabled" + azure-loganalytics = "logAnalyticsEnabled" + azure-monitor = "monitorEnabled" + azure-mysql = "mySqlEnabled" + azure-network = "networkEnabled" + azure-networkwatcher = "networkWatcherServiceEnabled" + azure-postgresql = "postgreSqlEnabled" + azure-recoveryservice = "recoveryServiceEnabled" + azure-relay = "relayEnabled" + azure-searchmanagement = "searchManagementEnabled" + azure-securitycenter = "securityCenterServiceEnabled" + azure-servicebus = "serviceBusEnabled" + azure-signalr = "signalRServiceEnabled" + azure-sql = "sqlEnabled" + azure-sqlvirtualmachine = "sqlVirtualMachineServiceEnabled" + azure-storage = "storageEnabled" + azure-synapseanalytics = "synapseAnalyticsEnabled" + } +} + +variable "provider_status" { + description = <<-EOF + Choose the subset of providers that should be configured. + Possible values for each service are: + - "Skip" + - "Check: Not Registered" + - "Check: Registered" + - "Enforce: Not Registered" + - "Enforce: Registered" + EOF + type = map(string) + default = { + ApiManagement = "Enforce: Registered" + Automation = "Enforce: Registered" + Billing = "Enforce: Registered" + Compute = "Enforce: Registered" + ContainerService = "Enforce: Registered" + CostManagement = "Enforce: Registered" + DBforMySQL = "Enforce: Registered" + DBforPostgreSQL = "Enforce: Registered" + DataFactory = "Enforce: Registered" + DataLakeAnalytics = "Enforce: Registered" + Databricks = "Enforce: Registered" + DocumentDB = "Enforce: Registered" + DomainRegistration = "Enforce: Registered" + HDInsight = "Enforce: Registered" + Insights = "Enforce: Registered" + KeyVault = "Enforce: Registered" + Network = "Enforce: Registered" + OperationalInsights = "Enforce: Registered" + RecoveryServices = "Enforce: Registered" + Relay = "Enforce: Registered" + Resources = "Enforce: Registered" + Search = "Enforce: Registered" + Security = "Enforce: Registered" + ServiceBus = "Enforce: Registered" + SignalRService = "Enforce: Registered" + Sql = "Enforce: Registered" + SqlVirtualMachine = "Enforce: Registered" + Storage = "Enforce: Registered" + Synapse = "Enforce: Registered" + Web = "Enforce: Registered" + } +} + +variable "provider_registration_map" { + description = "A map of all the registered policies currently exposed by Turbot" + type = map(string) + default = { + ApiManagement = "apiManagementRegistered" + Automation = "automationRegistered" + Billing = "billingRegistered" + Compute = "computeRegistered" + ContainerService = "containerServiceRegistered" + CostManagement = "costManagementRegistered" + DBforMySQL = "dbforMySqlRegistered" + DBforPostgreSQL = "dbForPostgreSqlRegistered" + DataFactory = "dataFactoryRegistered" + DataLakeAnalytics = "dataLakeAnalyticsRegistered" + Databricks = "databricksRegistered" + DocumentDB = "documentDbRegistered" + DomainRegistration = "domainRegistrationRegistered" + HDInsight = "hdInsightRegistered" + Insights = "insightsRegistered" + KeyVault = "keyVaultRegistered" + Network = "networkRegistered" + OperationalInsights = "operationalInsightsRegistered" + RecoveryServices = "recoveryServicesRegistered" + Relay = "relayRegistered" + Resources = "resourcesRegistered" + Search = "searchRegistered" + Security = "securityRegistered" + ServiceBus = "serviceBusRegistered" + SignalRService = "signalRServiceRegistered" + Sql = "sqlRegistered" + SqlVirtualMachine = "sqlVirtualMachineRegistered" + Storage = "storageRegistered" + Synapse = "synapseRegistered" + Web = "webRegistered" + } +} diff --git a/baselines/getting_started/gcp/gcp_service_enable/README.md b/baselines/getting_started/gcp/gcp_service_enable/README.md new file mode 100644 index 000000000..e6d24d034 --- /dev/null +++ b/baselines/getting_started/gcp/gcp_service_enable/README.md @@ -0,0 +1,22 @@ +# GCP Services Baseline + +Turbot GCP Services baseline provides a Terraform configuration to enable or disable GCP services in Turbot. + +- Service names must match the services listed under the `policy_map`. + +## Prerequisites + +To run the GCP Services baseline, you must have: + + - [Terraform](https://www.terraform.io) Version 12 + - [Turbot Terraform Provider](https://github.com/turbotio/terraform-provider-turbot) + - [Credentials](https://turbot.com/v5/docs/reference/cli/installation#setup-your-turbot-credentials) Configured to connect to your Turbot workspace and AWS account + +## Running the Baseline + +To run the GCP Services baseline: + + - Go to the GCP services baseline directory in the repository with `cd gcp_services` + - Update `target_resource` in `default.tfvars` + - Run `terraform plan -var-file=default.tfvars` to review the changes to be applied + - Run `terraform apply -var-file=default.tfvars` to apply the changes diff --git a/baselines/getting_started/gcp/gcp_service_enable/default.tfvars b/baselines/getting_started/gcp/gcp_service_enable/default.tfvars new file mode 100644 index 000000000..cd0943f1b --- /dev/null +++ b/baselines/getting_started/gcp/gcp_service_enable/default.tfvars @@ -0,0 +1,45 @@ + +# This is list of services that you would like to Enable or Disable, Service names must match the policy_map +service_status = { + gcp-computeengine = "Enabled" + gcp-dns = "Enabled" + gcp-functions = "Enabled" + gcp-iam = "Enabled" + gcp-kms = "Enabled" + gcp-logging = "Enabled" + gcp-monitoring = "Enabled" + gcp-network = "Enabled" + gcp-pubsub = "Enabled" + gcp-sql = "Enabled" + gcp-storage = "Enabled" +} + +# This is a map of Turbot policy types to service names. It is advised not to modify the below list. +enabled_policy_map = { + gcp-computeengine = "computeEngineEnabled" + gcp-dns = "dnsEnabled" + gcp-functions = "functionsEnabled" + gcp-iam = "iamEnabled" + gcp-kms = "kmsEnabled" + gcp-logging = "loggingEnabled" + gcp-monitoring = "monitoringEnabled" + gcp-network = "networkServiceEnabled" + gcp-pubsub = "pubsubEnabled" + gcp-sql = "sqlEnabled" + gcp-storage = "storageEnabled" +} + +# This is a map of service API enabled policy types to service names. It is advised not to modify the below list. +api_policy_map = { + gcp-computeengine = "computeEngineApiEnabled" + gcp-dns = "dnsApiEnabled" + gcp-functions = "functionsApiEnabled" + gcp-iam = "iamApiEnabled" + gcp-kms = "kmsApiEnabled" + gcp-logging = "loggingApiEnabled" + gcp-monitoring = "monitoringApiEnabled" + gcp-network = "networkServiceApiEnabled" + gcp-pubsub = "pubsubApiEnabled" + gcp-sql = "sqlApiEnabled" + gcp-storage = "storageApiEnabled" +} diff --git a/baselines/getting_started/gcp/gcp_service_enable/main.tf b/baselines/getting_started/gcp/gcp_service_enable/main.tf new file mode 100644 index 000000000..a537dfb7f --- /dev/null +++ b/baselines/getting_started/gcp/gcp_service_enable/main.tf @@ -0,0 +1,22 @@ +# Create Smart Folder +resource "turbot_policy_pack" "gcp_enabled_baseline_pack" { + parent = "tmod:@turbot/turbot#/" + title = "GCP Enabled Baseline Policies" +} + +# Enable Service +# Loop through var.service_status and set enable policies +resource "turbot_policy_setting" "gcp_enable" { + for_each = var.enabled_policy_map + resource = turbot_policy_pack.gcp_enabled_baseline_pack.id + type = "tmod:@turbot/${each.key}#/policy/types/${each.value}" + value = "Enabled" +} + +resource "turbot_policy_setting" "gcp_api_enable" { + count = length(var.service_status) + resource = turbot_policy_pack.gcp_enabled_baseline_pack.id + type = "tmod:@turbot/${element(keys(var.service_status), count.index)}#/policy/types/${lookup(var.api_policy_map, "${element(keys(var.service_status), count.index)}")}" + value = "Enforce: ${lookup(var.service_status, "${element(keys(var.service_status), count.index)}")}" +} + diff --git a/baselines/getting_started/gcp/gcp_service_enable/providers.tf b/baselines/getting_started/gcp/gcp_service_enable/providers.tf new file mode 100644 index 000000000..7db28916c --- /dev/null +++ b/baselines/getting_started/gcp/gcp_service_enable/providers.tf @@ -0,0 +1,11 @@ +terraform { + required_providers { + turbot = { + source = "turbot/turbot" + } + } + required_version = ">= 0.13" +} + +provider "turbot" { +} diff --git a/baselines/getting_started/gcp/gcp_service_enable/variables.tf b/baselines/getting_started/gcp/gcp_service_enable/variables.tf new file mode 100644 index 000000000..9d1012fb3 --- /dev/null +++ b/baselines/getting_started/gcp/gcp_service_enable/variables.tf @@ -0,0 +1,114 @@ +variable "service_status" { + description = "Enter the list of services that you would like to Enable or Disable, Service names must match the policy_map:" + type = map(any) + default = { + gcp-appengine = "Enabled" + gcp-bigquery = "Enabled" + gcp-bigquerydatatransfer = "Enabled" + gcp-bigtable = "Enabled" + gcp-build = "Enabled" + gcp-run = "Enabled" + gcp-composer = "Enabled" + gcp-computeengine = "Enabled" + gcp-datacatalog = "Enabled" + gcp-datapipeline = "Enabled" + gcp-dataflow = "Enabled" + gcp-dataproc = "Enabled" + gcp-dns = "Enabled" + gcp-firebase = "Enabled" + gcp-functions = "Enabled" + gcp-iam = "Enabled" + gcp-kms = "Enabled" + gcp-kubernetesengine = "Enabled" + gcp-logging = "Enabled" + gcp-memorystore = "Enabled" + gcp-monitoring = "Enabled" + gcp-network = "Enabled" + gcp-notebooks = "Enabled" + gcp-pubsub = "Enabled" + gcp-scheduler = "Enabled" + gcp-secretmanager = "Enabled" + gcp-spanner = "Enabled" + gcp-sql = "Enabled" + gcp-storage = "Enabled" + } +} + +variable "enabled_policy_map" { + description = "This is a map of Turbot policy types to service names. You probably should not modify this." + type = map(any) + default = { + gcp-appengine = "appEngineEnabled" + gcp-bigquery = "bigQueryEnabled" + gcp-bigquerydatatransfer = "bigQueryDataTransferEnabled" + gcp-bigtable = "bigtableEnabled" + gcp-build = "buildServiceEnabled" + gcp-run = "runEnabled" + gcp-composer = "composerEnabled" + gcp-computeengine = "computeEngineEnabled" + gcp-datacatalog = "dataCatalogEnabled" + gcp-datapipeline = "datapipelineEnabled" + gcp-dataflow = "dataflowEnabled" + gcp-dataproc = "dataprocEnabled" + gcp-dns = "dnsEnabled" + gcp-firebase = "firebaseEnabled" + gcp-functions = "functionsEnabled" + gcp-iam = "iamEnabled" + gcp-kms = "kmsEnabled" + gcp-kubernetesengine = "kubernetesEngineEnabled" + gcp-logging = "loggingEnabled" + gcp-memorystore = "memorystoreEnabled" + gcp-monitoring = "monitoringEnabled" + gcp-network = "networkServiceEnabled" + gcp-notebooks = "notebooksEnabled" + gcp-pubsub = "pubsubEnabled" + gcp-scheduler = "schedulerEnabled" + gcp-secretmanager = "secretManagerEnabled" + gcp-spanner = "spannerEnabled" + gcp-sql = "sqlEnabled" + gcp-storage = "storageEnabled" + ##gcp-orgpolicy = "" ## Note: OrgPolicy does not have an Enabled + } +} + +variable "api_policy_map" { + description = "This is a map of service API enabled policy types to service names. It is advised not to modify the below list." + type = map(any) + default = { + gcp-appengine = "appEngineApiEnabled" + gcp-bigquery = "bigQueryApiEnabled" + gcp-bigquerydatatransfer = "bigQueryDataTransferApiEnabled" + gcp-bigtable = "bigtableApiEnabled" + gcp-build = "buildServiceApiEnabled" + gcp-run = "runApiEnabled" + gcp-composer = "composerApiEnabled" + gcp-computeengine = "computeEngineApiEnabled" + gcp-datacatalog = "dataCatalogApiEnabled" + gcp-datapipeline = "datapipelineApiEnabled" + gcp-dataflow = "dataflowApiEnabled" + gcp-dataproc = "dataprocApiEnabled" + gcp-dns = "dnsApiEnabled" + gcp-firebase = "firebaseApiEnabled" + gcp-functions = "functionsApiEnabled" + gcp-iam = "iamApiEnabled" + gcp-kms = "kmsApiEnabled" + gcp-kubernetesengine = "kubernetesEngineApiEnabled" + gcp-logging = "loggingApiEnabled" + gcp-memorystore = "memorystoreApiEnabled" + gcp-monitoring = "monitoringApiEnabled" + gcp-network = "networkServiceApiEnabled" + gcp-notebooks = "notebooksApiEnabled" + gcp-pubsub = "pubsubApiEnabled" + gcp-scheduler = "schedulerApiEnabled" + gcp-secretmanager = "secretManagerApiEnabled" + gcp-spanner = "spannerApiEnabled" + gcp-sql = "sqlApiEnabled" + gcp-storage = "storageApiEnabled" + ##gcp-orgpolicy = "" ## Note: OrgPolicy does not have an API Enabled + } +} + + + + + From d673b4ade28d55f2ab69dac980868b251e4ed5b7 Mon Sep 17 00:00:00 2001 From: Venu Date: Tue, 13 Aug 2024 17:28:58 +0530 Subject: [PATCH 04/17] rearrange --- baselines/aws/aws_mods/README.md | 138 ++++++++++++++++++ .../aws/aws_mods/demo.tfvars | 0 .../aws/aws_mods/mod_install.tf | 0 .../aws/aws_mods/providers.tf | 0 .../aws/aws_mods/variables.tf | 0 .../aws_service_enable}/README.md | 0 .../aws/aws_service_enable/default.tfvars | 1 - .../aws/aws_service_enable/main.tf | 5 + .../aws_service_enable}/providers.tf | 0 .../aws/aws_service_enable/variables.tf | 0 .../azure/azure_mods/README.md | 0 .../azure/azure_mods/demo.tfvars | 0 .../azure/azure_mods/mod_install.tf | 0 .../azure_mods}/providers.tf | 0 .../azure/azure_mods/variables.tf | 0 .../azure_service_enable}/README.md | 0 .../azure/azure_service_enable/default.tfvars | 0 .../azure/azure_service_enable/main.tf | 4 + .../azure_service_enable}/providers.tf | 4 +- .../azure/azure_service_enable/variables.tf | 0 .../gcp/gcp_mods/README.md | 0 .../gcp/gcp_mods/demo.tfvars | 0 .../gcp/gcp_mods/mod_install.tf | 0 .../gcp_mods}/providers.tf | 4 +- .../gcp/gcp_mods/variables.tf | 0 .../README.md | 0 .../gcp/gcp_service_enable/default.tfvars | 0 .../gcp/gcp_service_enable/main.tf | 4 + .../gcp/gcp_service_enable/providers.tf | 4 +- .../gcp/gcp_service_enable/variables.tf | 0 baselines/getting_started/README.md | 4 - .../getting_started/aws/aws_mods/README.md | 115 --------------- .../getting_started/turbot/cis_mod/outputs.tf | 3 - .../turbot/cis_mod/provider.tf | 12 -- .../turbot/cis_mod/variables.tf | 4 - .../turbot/smart_retention/README.md | 22 --- .../turbot/smart_retention/default.tfvars | 5 - .../turbot/smart_retention/main.tf | 43 ------ .../turbot/smart_retention/variables.tf | 25 ---- .../turbot/turbot_profiles/main.tf | 23 --- .../turbot/turbot_profiles/turbot_profiles.tf | 29 ---- .../turbot/turbot_profiles/versions.tf | 8 - .../turbot => guardrails}/cis_mod/README.md | 0 .../cis_mod/mod_install.tf | 0 baselines/guardrails/cis_mod/providers.tf | 11 ++ .../example_folder_hierarchy/README.md | 0 .../example_folder_hierarchy/default.tfvars | 0 .../example_folder_hierarchy/main.tf | 0 .../example_folder_hierarchy/variables.tf | 0 baselines/guardrails/folder_hierarchy/main.tf | 33 +++++ .../guardrails/folder_hierarchy/providers.tf | 11 ++ baselines/guardrails/local_directory/main.tf | 81 ++++++++++ .../guardrails/local_directory/providers.tf | 11 ++ .../turbot_profiles/demo.tfvars | 5 +- baselines/guardrails/turbot_profiles/main.tf | 50 +++++++ .../guardrails/turbot_profiles/providers.tf | 11 ++ .../guardrails/workspace_settings/main.tf | 77 ++++++++++ .../workspace_settings/providers.tf | 11 ++ .../aws/aws_account_import/README.md | 0 .../aws/aws_account_import/default.tfvars | 0 .../aws/aws_account_import/main.tf | 0 .../turbot_service_readonly.cf.yaml | 0 .../turbot_service_superuser.cf.yaml | 0 .../aws/aws_account_import/variables.tf | 0 .../aws/aws_baseline}/README.md | 0 .../aws/aws_baseline/aws_service_enable.tf | 0 .../aws/aws_baseline/demo.tfvars | 0 .../aws_baseline/ec2_attribute_policies.tf | 0 .../aws/aws_baseline/enable_cis.tf | 0 .../aws/aws_baseline/outputs.tf | 0 .../aws/aws_baseline/providers.tf | 0 .../aws/aws_baseline/real_time_events.tf | 0 .../aws/aws_baseline/regions.tf | 0 .../aws/aws_baseline/smart_folder.tf | 0 .../aws/aws_baseline/variables.tf | 0 .../aws/aws_baseline/vpc_policies.tf | 0 .../aws/aws_check_cost_controls/README.md | 0 .../aws/aws_check_cost_controls/aws_active.tf | 0 .../aws/aws_check_cost_controls/demo.tfvars | 0 .../aws/aws_check_cost_controls/locals.tf | 0 .../aws/aws_check_cost_controls/outputs.tf | 0 .../aws/aws_check_cost_controls/providers.tf | 0 .../aws/aws_check_cost_controls/schedules.tf | 0 .../aws_check_cost_controls/smart_folder.tf | 0 .../aws/aws_check_cost_controls/variables.tf | 0 .../aws/aws_check_encryption/README.md | 0 .../aws_check_encryption/backup_policies.tf | 0 .../cloudtrail_policies.tf | 0 .../aws/aws_check_encryption/demo.tfvars | 0 .../aws_check_encryption/dynamodb_policies.tf | 0 .../aws/aws_check_encryption/ec2_policies.tf | 0 .../aws/aws_check_encryption/efs_policies.tf | 0 .../elasticsearch_policies.tf | 0 .../aws_check_encryption/kinesis_policies.tf | 0 .../aws/aws_check_encryption/kms_policies.tf | 0 .../aws_check_encryption/lambda_policies.tf | 0 .../aws/aws_check_encryption/logs_policies.tf | 0 .../aws/aws_check_encryption/outputs.tf | 0 .../aws/aws_check_encryption/providers.tf | 0 .../aws/aws_check_encryption/rds_policies.tf | 0 .../aws_check_encryption/redshift_policies.tf | 0 .../aws/aws_check_encryption/s3_policies.tf | 0 .../secretmanager_policies.tf | 0 .../aws/aws_check_encryption/smart_folder.tf | 0 .../aws/aws_check_encryption/sns_policies.tf | 0 .../aws/aws_check_encryption/sqs_policies.tf | 0 .../aws/aws_check_encryption/ssm_policies.tf | 0 .../aws/aws_check_encryption/variables.tf | 0 .../aws/aws_check_iam/README.md | 0 .../aws/aws_check_iam/access_key_rotation.tf | 0 .../aws_check_iam/account_password_policy.tf | 0 .../aws/aws_check_iam/demo.tfvars | 0 .../aws_check_iam/deny_star_policy_stmt.tf | 0 .../group_inline_star_policy_stmt.tf | 0 .../aws_check_iam/group_policy_attachment.tf | 0 .../aws/aws_check_iam/output.tf | 0 .../aws/aws_check_iam/provider.tf | 0 .../role_inline_star_policy_stmt.tf | 0 .../aws_check_iam/role_policy_attachment.tf | 0 .../aws/aws_check_iam/role_trust_policy.tf | 0 .../aws/aws_check_iam/smart_folder.tf | 0 .../user_inline_star_policy_stmt.tf | 0 .../aws/aws_check_iam/user_mfakey_usage.tf | 0 .../aws_check_iam/user_policy_attachment.tf | 0 .../aws/aws_check_iam/variable.tf | 0 .../aws/aws_check_logging/README.md | 0 .../aws_check_logging/cloudtrail_policies.tf | 0 .../aws/aws_check_logging/config_policies.tf | 0 .../aws/aws_check_logging/demo.tfvars | 0 .../loadbalancer_policies.tf | 0 .../aws/aws_check_logging/output.tf | 0 .../aws/aws_check_logging/provider.tf | 0 .../aws_check_logging/redshift_policies.tf | 0 .../aws/aws_check_logging/s3_policies.tf | 0 .../aws/aws_check_logging/smart_folder.tf | 0 .../aws/aws_check_logging/variable.tf | 0 .../aws/aws_check_logging/vpc_policies.tf | 0 .../aws/aws_check_public_access/README.md | 0 .../apigateway_policies.tf | 0 .../aws/aws_check_public_access/demo.tfvars | 0 .../ec2_loadbalancers_policies.tf | 0 .../aws_check_public_access/ec2_policies.tf | 0 .../lambda_policies.tf | 0 .../aws/aws_check_public_access/output.tf | 0 .../aws/aws_check_public_access/provider.tf | 0 .../aws_check_public_access/rds_policies.tf | 0 .../route53_policies.tf | 0 .../aws_check_public_access/s3_policies.tf | 0 .../aws_check_public_access/smart_folder.tf | 0 .../aws_check_public_access/sns_policies.tf | 0 .../aws_check_public_access/sqs_policies.tf | 0 .../trusted_account_template.tf | 0 .../aws/aws_check_public_access/variable.tf | 0 .../vpc_core_policies.tf | 0 .../vpc_internet_policies.tf | 0 .../vpc_security_policies.tf | 0 .../aws/aws_check_regions/README.md | 0 .../approved_regions_policies.tf | 0 .../aws/aws_check_regions/demo.tfvars | 0 .../aws/aws_check_regions/locals.tf | 0 .../aws/aws_check_regions/outputs.tf | 0 .../aws/aws_check_regions/providers.tf | 0 .../aws/aws_check_regions/smart_folder.tf | 0 .../aws/aws_check_regions/variables.tf | 0 .../aws/aws_check_s3/README.md | 0 .../aws/aws_check_s3/demo.tfvars | 0 .../aws/aws_check_s3/outputs.tf | 0 .../aws/aws_check_s3/providers.tf | 0 .../s3_access_logging_policies.tf | 0 .../aws/aws_check_s3/s3_active_policies.tf | 0 .../aws/aws_check_s3/s3_approved_policies.tf | 0 .../aws/aws_check_s3/s3_enable_policies.tf | 0 .../aws_check_s3/s3_encryption_policies.tf | 0 .../aws_check_s3/s3_permission_policies.tf | 0 .../aws_check_s3/s3_public_access_policies.tf | 0 .../aws/aws_check_s3/s3_tag_policies.tf | 0 .../s3_trusted_access_policies.tf | 0 .../aws_check_s3/s3_versioning_policies.tf | 0 .../aws/aws_check_s3/smart_folder.tf | 0 .../aws/aws_check_s3/variables.tf | 0 .../aws/aws_check_stack/README.md | 0 .../aws_account_iam_stack_policies.tf | 0 .../aws/aws_check_stack/outputs.tf | 0 .../aws/aws_check_stack/providers.tf | 0 .../aws/aws_check_stack/smart_folder.tf | 0 .../tf_includes/sourcestack_policies.tf | 0 .../aws/aws_check_stack/variables.tf | 0 .../aws/aws_check_tagging/README.md | 0 .../aws/aws_check_tagging/aws_tagging.tf | 0 .../aws/aws_check_tagging/demo.tfvars | 0 .../aws/aws_check_tagging/locals.tf | 0 .../aws/aws_check_tagging/outputs.tf | 0 .../aws/aws_check_tagging/providers.tf | 0 .../aws/aws_check_tagging/smart_folder.tf | 0 .../aws/aws_check_tagging/variables.tf | 0 .../aws/aws_disable_cmdb/README.md | 0 .../aws/aws_disable_cmdb/aws_cmdb.tf | 0 .../aws/aws_disable_cmdb/main.tf | 0 .../aws/aws_disable_cmdb/versions.tf | 0 .../aws/aws_permission/README.md | 0 .../aws/aws_permission/default.tfvars | 0 .../aws/aws_permission/main.tf | 0 .../aws/aws_permission/variables.tf | 0 .../azure/azure-cis-v1-section5.2/README.md | 0 .../azure-cis-v1-section5.2/default.tfvars | 0 .../azure/azure-cis-v1-section5.2/main.tf | 0 .../azure-cis-v1-section5.2/variables.tf | 0 .../azure/azure-cis-v1/README.md | 0 .../azure/azure-cis-v1/default.tfvars | 0 .../azure/azure-cis-v1/main.tf | 0 .../azure/azure-cis-v1/variables.tf | 0 .../azure_active_directory_import/README.md | 0 .../default.tfvars | 0 .../azure_active_directory_import/main.tf | 0 .../variables.tf | 0 .../azure/azure_baseline/README.md | 0 .../azure_baseline/azure_provider_enable.tf | 0 .../azure_baseline/azure_service_enable.tf | 0 .../azure/azure_baseline/demo.tfvars | 0 .../azure/azure_baseline/enable_cis.tf | 0 .../azure/azure_baseline/event_polling.tf | 0 .../azure/azure_baseline/outputs.tf | 0 .../azure/azure_baseline/providers.tf | 0 .../azure/azure_baseline/smart_folder.tf | 0 .../azure/azure_baseline/variables.tf | 0 .../azure/azure_check_cost_controls/README.md | 0 .../active_policies.tf | 0 .../azure_check_cost_controls/demo.tfvars | 0 .../azure/azure_check_cost_controls/locals.tf | 0 .../azure_check_cost_controls/outputs.tf | 0 .../azure_check_cost_controls/providers.tf | 0 .../schedules_policies.tf | 0 .../azure_check_cost_controls/smartfolder.tf | 0 .../storage_tier_policies.tf | 0 .../azure_check_cost_controls/variables.tf | 0 .../azure/azure_check_encryption/README.md | 0 .../appservice_policies.tf | 0 .../compute_policies.tf | 0 .../azure/azure_check_encryption/demo.tfvars | 0 .../azure_check_encryption/mysql_policies.tf | 0 .../azure/azure_check_encryption/outputs.tf | 0 .../postgresql_policies.tf | 0 .../azure/azure_check_encryption/providers.tf | 0 .../azure_check_encryption/smart_folder.tf | 0 .../azure_check_encryption/sql_policies.tf | 0 .../storage_policies.tf | 0 .../azure/azure_check_encryption/variables.tf | 0 .../azure/azure_check_logging/README.md | 0 .../db_threat_protection_policies.tf | 0 .../azure/azure_check_logging/outputs.tf | 0 .../postgresql_logging_policies.tf | 0 .../azure/azure_check_logging/providers.tf | 0 .../azure/azure_check_logging/smartfolder.tf | 0 .../sql_logging_policies.tf | 0 .../storage_logging_policies.tf | 0 .../azure/azure_check_logging/variables.tf | 0 .../azure/azure_check_public_access/README.md | 0 .../applicationgateway_policies.tf | 0 .../network_policies.tf | 0 .../azure_check_public_access/outputs.tf | 0 .../azure_check_public_access/providers.tf | 0 .../azure_check_public_access/smart_folder.tf | 0 .../storage_policies.tf | 0 .../azure_check_public_access/variables.tf | 0 .../azure/azure_check_regions/README.md | 0 .../approved_regions_policies.tf | 0 .../azure/azure_check_regions/demo.tfvars | 0 .../azure/azure_check_regions/locals.tf | 0 .../azure/azure_check_regions/outputs.tf | 0 .../azure/azure_check_regions/providers.tf | 0 .../azure/azure_check_regions/smart_folder.tf | 0 .../azure/azure_check_regions/vaiables.tf | 0 .../azure/azure_check_stack/README.md | 0 .../azure/azure_check_stack/outputs.tf | 0 .../azure/azure_check_stack/providers.tf | 0 .../azure/azure_check_stack/smartfolder.tf | 0 .../sub_monitor_stack_policies.tf | 0 .../tf_includes/sourcestack_policies.tf | 0 .../azure/azure_check_stack/variables.tf | 0 .../azure/azure_check_tagging/README.md | 0 .../azure/azure_check_tagging/demo.tfvars | 0 .../azure/azure_check_tagging/locals.tf | 0 .../azure/azure_check_tagging/outputs.tf | 0 .../azure/azure_check_tagging/providers.tf | 0 .../azure/azure_check_tagging/smartfolder.tf | 0 .../azure_check_tagging/tagging_policies.tf | 0 .../azure/azure_check_tagging/variables.tf | 0 .../azure/azure_eventing/README.md | 0 .../azure/azure_eventing/default.tfvars | 0 .../azure/azure_eventing/main.tf | 0 .../azure/azure_eventing/variables.tf | 0 .../azure_management_group_import/README.md | 0 .../default.tfvars | 0 .../azure_management_group_import/main.tf | 0 .../variables.tf | 0 .../azure_provider_registration/README.md | 0 .../default.tfvars | 0 .../azure/azure_provider_registration/main.tf | 0 .../azure_provider_registration/variables.tf | 0 .../azure/azure_services/README.md | 0 .../azure/azure_services/default.tfvars | 0 .../azure/azure_services/main.tf | 0 .../azure/azure_services/variables.tf | 0 .../azure_sub_create_then_import/README.md | 0 .../default.tfvars | 0 .../azure_sub_create_then_import/main.tf | 0 .../azure_sub_create_then_import/outputs.tf | 0 .../azure_sub_create_then_import/variables.tf | 0 .../azure_sub_create_then_import_ro/README.md | 0 .../default.tfvars | 0 .../azure_sub_create_then_import_ro/main.tf | 0 .../outputs.tf | 0 .../variables.tf | 0 .../azure/azure_sub_import/README.md | 0 .../azure/azure_sub_import/default.tfvars | 0 .../azure/azure_sub_import/main.tf | 0 .../azure/azure_sub_import/outputs.tf | 0 .../azure/azure_sub_import/variables.tf | 0 .../azure/azure_tenant_import/README.md | 0 .../azure/azure_tenant_import/default.tfvars | 0 .../azure/azure_tenant_import/main.tf | 0 .../azure/azure_tenant_import/variables.tf | 0 .../gcp/gcp_baseline/README.md | 0 .../gcp/gcp_baseline/demo.tfvars | 0 .../gcp/gcp_baseline/enable_cis_policies.tf | 0 .../gcp/gcp_baseline/enable_policies.tf | 0 .../gcp/gcp_baseline/event_poller_policies.tf | 0 .../gcp/gcp_baseline/locals.tf | 0 .../gcp/gcp_baseline/outputs.tf | 0 .../gcp/gcp_baseline/providers.tf | 0 .../gcp/gcp_baseline/regions.tf | 0 .../gcp/gcp_baseline/smart_folder.tf | 0 .../gcp/gcp_baseline/variables.tf | 0 .../gcp/gcp_check_cost_controls/README.md | 0 .../active_policies.tf | 0 .../compute_engine_active_policies.tf | 0 .../compute_engine_schedule_policies.tf | 0 .../gcp/gcp_check_cost_controls/demo.tfvars | 0 .../gcp/gcp_check_cost_controls/locals.tf | 0 .../network_approved_policies.tf | 0 .../gcp/gcp_check_cost_controls/outputs.tf | 0 .../gcp/gcp_check_cost_controls/providers.tf | 0 .../gcp_check_cost_controls/smart_folder.tf | 0 .../gcp/gcp_check_cost_controls/variables.tf | 0 .../gcp/gcp_check_encryption/README.md | 0 .../bigquery_encryption_policies.tf | 0 .../compute_engine_encryption_policies.tf | 0 .../dataflow_encryption_policies.tf | 0 .../dataproc_encryption_policies.tf | 0 .../kubernetes_engine_encryption_policies.tf | 0 .../gcp/gcp_check_encryption/outputs.tf | 0 .../gcp/gcp_check_encryption/providers.tf | 0 .../pub_sub_encryption_policies.tf | 0 .../gcp/gcp_check_encryption/smartfolder.tf | 0 .../storage_encryption_policies.tf | 0 .../gcp/gcp_check_encryption/variables.tf | 0 .../gcp/gcp_check_iam/README.md | 0 .../gcp/gcp_check_iam/demo.tfvars | 0 .../gcp/gcp_check_iam/outputs.tf | 0 .../gcp/gcp_check_iam/providers.tf | 0 .../service_account_key_active_policies.tf | 0 ...ervice_account_key_approved_policies.tf.tf | 0 .../service_account_trust_access_policies.tf | 0 .../gcp/gcp_check_iam/smart_folder.tf | 0 .../gcp/gcp_check_iam/variables.tf | 0 .../gcp/gcp_check_labeling/README.md | 0 .../gcp/gcp_check_labeling/demo.tfvars | 0 .../gcp_check_labeling/labeling_policies.tf | 0 .../gcp/gcp_check_labeling/locals.tf | 0 .../gcp/gcp_check_labeling/outputs.tf | 0 .../gcp/gcp_check_labeling/providers.tf | 0 .../gcp/gcp_check_labeling/smartfolder.tf | 0 .../gcp/gcp_check_labeling/vaiables.tf | 0 .../gcp/gcp_check_logging/README.md | 0 .../kubernetes_engine_policies.tf | 0 .../network_logging_policies.tf | 0 .../gcp/gcp_check_logging/outputs.tf | 0 .../gcp/gcp_check_logging/providers.tf | 0 .../gcp/gcp_check_logging/smartfolder.tf | 0 .../gcp/gcp_check_logging/sql_policies.tf | 0 .../gcp/gcp_check_logging/variables.tf | 0 .../gcp/gcp_check_public_access/README.md | 0 .../compute_engine_policies.tf | 0 .../gcp/gcp_check_public_access/locals.tf | 0 .../network_policies.tf | 0 .../gcp/gcp_check_public_access/outputs.tf | 0 .../gcp/gcp_check_public_access/providers.tf | 0 .../gcp_check_public_access/smartfolder.tf | 0 .../trusted_access_policies.tf | 0 .../gcp/gcp_check_public_access/variables.tf | 0 .../gcp/gcp_check_regions/README.md | 0 .../approved_regions_policies.tf | 0 .../gcp/gcp_check_regions/demo.tfvars | 0 .../gcp/gcp_check_regions/locals.tf | 0 .../gcp/gcp_check_regions/outputs.tf | 0 .../gcp/gcp_check_regions/providers.tf | 0 .../gcp/gcp_check_regions/smartfolder.tf | 0 .../gcp/gcp_check_regions/variables.tf | 0 .../gcp/gcp_check_stack/README.md | 0 .../gcp/gcp_check_stack/outputs.tf | 0 .../gcp_check_stack/project_stack_policies.tf | 0 .../gcp/gcp_check_stack/providers.tf | 0 .../gcp/gcp_check_stack/smartfolder.tf | 0 .../tf_includes/sourcestack_policies.tf | 0 .../gcp/gcp_check_stack/variables.tf | 0 .../gcp/gcp_permission/README.md | 0 .../gcp/gcp_permission/default.tfvars | 0 .../gcp/gcp_permission/main.tf | 0 .../gcp/gcp_permission/variables.tf | 0 .../gcp/gcp_project_import/README.md | 0 .../gcp/gcp_project_import/default.tfvars | 0 .../gcp/gcp_project_import/main.tf | 0 .../gcp/gcp_project_import/variables.tf | 0 .../gcp/gcp_services}/README.md | 0 .../gcp/gcp_services/default.tfvars | 0 .../gcp/gcp_services/main.tf | 0 .../gcp/gcp_services/variables.tf | 0 .../gcp/gcp_setup/README.md | 0 .../gcp/gcp_setup/default.tfvars | 0 .../gcp/gcp_setup/main.tf | 0 .../gcp/gcp_setup/variables.tf | 0 baselines/turbot/local_directory/README.md | 22 --- .../turbot/local_directory/default.tfvars | 6 - baselines/turbot/local_directory/main.tf | 67 --------- baselines/turbot/local_directory/variables.tf | 17 --- baselines/turbot/test/main.tf | 38 ----- 426 files changed, 455 insertions(+), 453 deletions(-) create mode 100644 baselines/aws/aws_mods/README.md rename baselines/{getting_started => }/aws/aws_mods/demo.tfvars (100%) rename baselines/{getting_started => }/aws/aws_mods/mod_install.tf (100%) rename baselines/{getting_started => }/aws/aws_mods/providers.tf (100%) rename baselines/{getting_started => }/aws/aws_mods/variables.tf (100%) rename baselines/{getting_started/aws/aws_baseline => aws/aws_service_enable}/README.md (100%) rename baselines/{getting_started => }/aws/aws_service_enable/default.tfvars (96%) rename baselines/{getting_started => }/aws/aws_service_enable/main.tf (73%) rename baselines/{getting_started/azure/azure_mods => aws/aws_service_enable}/providers.tf (100%) rename baselines/{getting_started => }/aws/aws_service_enable/variables.tf (100%) rename baselines/{getting_started => }/azure/azure_mods/README.md (100%) rename baselines/{getting_started => }/azure/azure_mods/demo.tfvars (100%) rename baselines/{getting_started => }/azure/azure_mods/mod_install.tf (100%) rename baselines/{getting_started/gcp/gcp_mods => azure/azure_mods}/providers.tf (100%) rename baselines/{getting_started => }/azure/azure_mods/variables.tf (100%) rename baselines/{getting_started/aws/aws_service_enable => azure/azure_service_enable}/README.md (100%) rename baselines/{getting_started => }/azure/azure_service_enable/default.tfvars (100%) rename baselines/{getting_started => }/azure/azure_service_enable/main.tf (83%) rename baselines/{getting_started/aws/aws_service_enable => azure/azure_service_enable}/providers.tf (57%) rename baselines/{getting_started => }/azure/azure_service_enable/variables.tf (100%) rename baselines/{getting_started => }/gcp/gcp_mods/README.md (100%) rename baselines/{getting_started => }/gcp/gcp_mods/demo.tfvars (100%) rename baselines/{getting_started => }/gcp/gcp_mods/mod_install.tf (100%) rename baselines/{getting_started/azure/azure_service_enable => gcp/gcp_mods}/providers.tf (57%) rename baselines/{getting_started => }/gcp/gcp_mods/variables.tf (100%) rename baselines/gcp/{gcp_services => gcp_service_enable}/README.md (100%) rename baselines/{getting_started => }/gcp/gcp_service_enable/default.tfvars (100%) rename baselines/{getting_started => }/gcp/gcp_service_enable/main.tf (84%) rename baselines/{getting_started => }/gcp/gcp_service_enable/providers.tf (57%) rename baselines/{getting_started => }/gcp/gcp_service_enable/variables.tf (100%) delete mode 100644 baselines/getting_started/README.md delete mode 100644 baselines/getting_started/aws/aws_mods/README.md delete mode 100644 baselines/getting_started/turbot/cis_mod/outputs.tf delete mode 100644 baselines/getting_started/turbot/cis_mod/provider.tf delete mode 100644 baselines/getting_started/turbot/cis_mod/variables.tf delete mode 100644 baselines/getting_started/turbot/smart_retention/README.md delete mode 100644 baselines/getting_started/turbot/smart_retention/default.tfvars delete mode 100644 baselines/getting_started/turbot/smart_retention/main.tf delete mode 100644 baselines/getting_started/turbot/smart_retention/variables.tf delete mode 100644 baselines/getting_started/turbot/turbot_profiles/main.tf delete mode 100644 baselines/getting_started/turbot/turbot_profiles/turbot_profiles.tf delete mode 100644 baselines/getting_started/turbot/turbot_profiles/versions.tf rename baselines/{getting_started/turbot => guardrails}/cis_mod/README.md (100%) rename baselines/{getting_started/turbot => guardrails}/cis_mod/mod_install.tf (100%) create mode 100644 baselines/guardrails/cis_mod/providers.tf rename baselines/{turbot => guardrails}/example_folder_hierarchy/README.md (100%) rename baselines/{turbot => guardrails}/example_folder_hierarchy/default.tfvars (100%) rename baselines/{turbot => guardrails}/example_folder_hierarchy/main.tf (100%) rename baselines/{turbot => guardrails}/example_folder_hierarchy/variables.tf (100%) create mode 100644 baselines/guardrails/folder_hierarchy/main.tf create mode 100644 baselines/guardrails/folder_hierarchy/providers.tf create mode 100644 baselines/guardrails/local_directory/main.tf create mode 100644 baselines/guardrails/local_directory/providers.tf rename baselines/{getting_started/turbot => guardrails}/turbot_profiles/demo.tfvars (88%) create mode 100644 baselines/guardrails/turbot_profiles/main.tf create mode 100644 baselines/guardrails/turbot_profiles/providers.tf create mode 100644 baselines/guardrails/workspace_settings/main.tf create mode 100644 baselines/guardrails/workspace_settings/providers.tf rename baselines/{ => todo_policy_packs}/aws/aws_account_import/README.md (100%) rename baselines/{ => todo_policy_packs}/aws/aws_account_import/default.tfvars (100%) rename baselines/{ => todo_policy_packs}/aws/aws_account_import/main.tf (100%) rename baselines/{ => todo_policy_packs}/aws/aws_account_import/turbot_service_readonly.cf.yaml (100%) rename baselines/{ => todo_policy_packs}/aws/aws_account_import/turbot_service_superuser.cf.yaml (100%) rename baselines/{ => todo_policy_packs}/aws/aws_account_import/variables.tf (100%) rename baselines/{getting_started/azure/azure_service_enable => todo_policy_packs/aws/aws_baseline}/README.md (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_baseline/aws_service_enable.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_baseline/demo.tfvars (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_baseline/ec2_attribute_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_baseline/enable_cis.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_baseline/outputs.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_baseline/providers.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_baseline/real_time_events.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_baseline/regions.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_baseline/smart_folder.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_baseline/variables.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_baseline/vpc_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_cost_controls/README.md (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_cost_controls/aws_active.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_cost_controls/demo.tfvars (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_cost_controls/locals.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_cost_controls/outputs.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_cost_controls/providers.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_cost_controls/schedules.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_cost_controls/smart_folder.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_cost_controls/variables.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_encryption/README.md (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_encryption/backup_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_encryption/cloudtrail_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_encryption/demo.tfvars (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_encryption/dynamodb_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_encryption/ec2_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_encryption/efs_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_encryption/elasticsearch_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_encryption/kinesis_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_encryption/kms_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_encryption/lambda_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_encryption/logs_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_encryption/outputs.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_encryption/providers.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_encryption/rds_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_encryption/redshift_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_encryption/s3_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_encryption/secretmanager_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_encryption/smart_folder.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_encryption/sns_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_encryption/sqs_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_encryption/ssm_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_encryption/variables.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_iam/README.md (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_iam/access_key_rotation.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_iam/account_password_policy.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_iam/demo.tfvars (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_iam/deny_star_policy_stmt.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_iam/group_inline_star_policy_stmt.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_iam/group_policy_attachment.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_iam/output.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_iam/provider.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_iam/role_inline_star_policy_stmt.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_iam/role_policy_attachment.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_iam/role_trust_policy.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_iam/smart_folder.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_iam/user_inline_star_policy_stmt.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_iam/user_mfakey_usage.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_iam/user_policy_attachment.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_iam/variable.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_logging/README.md (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_logging/cloudtrail_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_logging/config_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_logging/demo.tfvars (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_logging/loadbalancer_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_logging/output.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_logging/provider.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_logging/redshift_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_logging/s3_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_logging/smart_folder.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_logging/variable.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_logging/vpc_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_public_access/README.md (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_public_access/apigateway_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_public_access/demo.tfvars (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_public_access/ec2_loadbalancers_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_public_access/ec2_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_public_access/lambda_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_public_access/output.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_public_access/provider.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_public_access/rds_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_public_access/route53_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_public_access/s3_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_public_access/smart_folder.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_public_access/sns_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_public_access/sqs_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_public_access/trusted_account_template.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_public_access/variable.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_public_access/vpc_core_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_public_access/vpc_internet_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_public_access/vpc_security_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_regions/README.md (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_regions/approved_regions_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_regions/demo.tfvars (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_regions/locals.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_regions/outputs.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_regions/providers.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_regions/smart_folder.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_regions/variables.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_s3/README.md (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_s3/demo.tfvars (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_s3/outputs.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_s3/providers.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_s3/s3_access_logging_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_s3/s3_active_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_s3/s3_approved_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_s3/s3_enable_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_s3/s3_encryption_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_s3/s3_permission_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_s3/s3_public_access_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_s3/s3_tag_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_s3/s3_trusted_access_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_s3/s3_versioning_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_s3/smart_folder.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_s3/variables.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_stack/README.md (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_stack/aws_account_iam_stack_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_stack/outputs.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_stack/providers.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_stack/smart_folder.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_stack/tf_includes/sourcestack_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_stack/variables.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_tagging/README.md (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_tagging/aws_tagging.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_tagging/demo.tfvars (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_tagging/locals.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_tagging/outputs.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_tagging/providers.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_tagging/smart_folder.tf (100%) rename baselines/{getting_started => todo_policy_packs}/aws/aws_check_tagging/variables.tf (100%) rename baselines/{ => todo_policy_packs}/aws/aws_disable_cmdb/README.md (100%) rename baselines/{ => todo_policy_packs}/aws/aws_disable_cmdb/aws_cmdb.tf (100%) rename baselines/{ => todo_policy_packs}/aws/aws_disable_cmdb/main.tf (100%) rename baselines/{ => todo_policy_packs}/aws/aws_disable_cmdb/versions.tf (100%) rename baselines/{ => todo_policy_packs}/aws/aws_permission/README.md (100%) rename baselines/{ => todo_policy_packs}/aws/aws_permission/default.tfvars (100%) rename baselines/{ => todo_policy_packs}/aws/aws_permission/main.tf (100%) rename baselines/{ => todo_policy_packs}/aws/aws_permission/variables.tf (100%) rename baselines/{ => todo_policy_packs}/azure/azure-cis-v1-section5.2/README.md (100%) rename baselines/{ => todo_policy_packs}/azure/azure-cis-v1-section5.2/default.tfvars (100%) rename baselines/{ => todo_policy_packs}/azure/azure-cis-v1-section5.2/main.tf (100%) rename baselines/{ => todo_policy_packs}/azure/azure-cis-v1-section5.2/variables.tf (100%) rename baselines/{ => todo_policy_packs}/azure/azure-cis-v1/README.md (100%) rename baselines/{ => todo_policy_packs}/azure/azure-cis-v1/default.tfvars (100%) rename baselines/{ => todo_policy_packs}/azure/azure-cis-v1/main.tf (100%) rename baselines/{ => todo_policy_packs}/azure/azure-cis-v1/variables.tf (100%) rename baselines/{ => todo_policy_packs}/azure/azure_active_directory_import/README.md (100%) rename baselines/{ => todo_policy_packs}/azure/azure_active_directory_import/default.tfvars (100%) rename baselines/{ => todo_policy_packs}/azure/azure_active_directory_import/main.tf (100%) rename baselines/{ => todo_policy_packs}/azure/azure_active_directory_import/variables.tf (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_baseline/README.md (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_baseline/azure_provider_enable.tf (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_baseline/azure_service_enable.tf (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_baseline/demo.tfvars (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_baseline/enable_cis.tf (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_baseline/event_polling.tf (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_baseline/outputs.tf (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_baseline/providers.tf (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_baseline/smart_folder.tf (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_baseline/variables.tf (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_cost_controls/README.md (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_cost_controls/active_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_cost_controls/demo.tfvars (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_cost_controls/locals.tf (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_cost_controls/outputs.tf (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_cost_controls/providers.tf (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_cost_controls/schedules_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_cost_controls/smartfolder.tf (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_cost_controls/storage_tier_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_cost_controls/variables.tf (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_encryption/README.md (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_encryption/appservice_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_encryption/compute_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_encryption/demo.tfvars (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_encryption/mysql_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_encryption/outputs.tf (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_encryption/postgresql_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_encryption/providers.tf (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_encryption/smart_folder.tf (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_encryption/sql_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_encryption/storage_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_encryption/variables.tf (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_logging/README.md (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_logging/db_threat_protection_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_logging/outputs.tf (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_logging/postgresql_logging_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_logging/providers.tf (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_logging/smartfolder.tf (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_logging/sql_logging_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_logging/storage_logging_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_logging/variables.tf (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_public_access/README.md (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_public_access/applicationgateway_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_public_access/network_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_public_access/outputs.tf (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_public_access/providers.tf (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_public_access/smart_folder.tf (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_public_access/storage_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_public_access/variables.tf (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_regions/README.md (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_regions/approved_regions_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_regions/demo.tfvars (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_regions/locals.tf (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_regions/outputs.tf (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_regions/providers.tf (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_regions/smart_folder.tf (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_regions/vaiables.tf (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_stack/README.md (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_stack/outputs.tf (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_stack/providers.tf (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_stack/smartfolder.tf (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_stack/sub_monitor_stack_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_stack/tf_includes/sourcestack_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_stack/variables.tf (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_tagging/README.md (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_tagging/demo.tfvars (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_tagging/locals.tf (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_tagging/outputs.tf (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_tagging/providers.tf (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_tagging/smartfolder.tf (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_tagging/tagging_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/azure/azure_check_tagging/variables.tf (100%) rename baselines/{ => todo_policy_packs}/azure/azure_eventing/README.md (100%) rename baselines/{ => todo_policy_packs}/azure/azure_eventing/default.tfvars (100%) rename baselines/{ => todo_policy_packs}/azure/azure_eventing/main.tf (100%) rename baselines/{ => todo_policy_packs}/azure/azure_eventing/variables.tf (100%) rename baselines/{ => todo_policy_packs}/azure/azure_management_group_import/README.md (100%) rename baselines/{ => todo_policy_packs}/azure/azure_management_group_import/default.tfvars (100%) rename baselines/{ => todo_policy_packs}/azure/azure_management_group_import/main.tf (100%) rename baselines/{ => todo_policy_packs}/azure/azure_management_group_import/variables.tf (100%) rename baselines/{ => todo_policy_packs}/azure/azure_provider_registration/README.md (100%) rename baselines/{ => todo_policy_packs}/azure/azure_provider_registration/default.tfvars (100%) rename baselines/{ => todo_policy_packs}/azure/azure_provider_registration/main.tf (100%) rename baselines/{ => todo_policy_packs}/azure/azure_provider_registration/variables.tf (100%) rename baselines/{ => todo_policy_packs}/azure/azure_services/README.md (100%) rename baselines/{ => todo_policy_packs}/azure/azure_services/default.tfvars (100%) rename baselines/{ => todo_policy_packs}/azure/azure_services/main.tf (100%) rename baselines/{ => todo_policy_packs}/azure/azure_services/variables.tf (100%) rename baselines/{ => todo_policy_packs}/azure/azure_sub_create_then_import/README.md (100%) rename baselines/{ => todo_policy_packs}/azure/azure_sub_create_then_import/default.tfvars (100%) rename baselines/{ => todo_policy_packs}/azure/azure_sub_create_then_import/main.tf (100%) rename baselines/{ => todo_policy_packs}/azure/azure_sub_create_then_import/outputs.tf (100%) rename baselines/{ => todo_policy_packs}/azure/azure_sub_create_then_import/variables.tf (100%) rename baselines/{ => todo_policy_packs}/azure/azure_sub_create_then_import_ro/README.md (100%) rename baselines/{ => todo_policy_packs}/azure/azure_sub_create_then_import_ro/default.tfvars (100%) rename baselines/{ => todo_policy_packs}/azure/azure_sub_create_then_import_ro/main.tf (100%) rename baselines/{ => todo_policy_packs}/azure/azure_sub_create_then_import_ro/outputs.tf (100%) rename baselines/{ => todo_policy_packs}/azure/azure_sub_create_then_import_ro/variables.tf (100%) rename baselines/{ => todo_policy_packs}/azure/azure_sub_import/README.md (100%) rename baselines/{ => todo_policy_packs}/azure/azure_sub_import/default.tfvars (100%) rename baselines/{ => todo_policy_packs}/azure/azure_sub_import/main.tf (100%) rename baselines/{ => todo_policy_packs}/azure/azure_sub_import/outputs.tf (100%) rename baselines/{ => todo_policy_packs}/azure/azure_sub_import/variables.tf (100%) rename baselines/{ => todo_policy_packs}/azure/azure_tenant_import/README.md (100%) rename baselines/{ => todo_policy_packs}/azure/azure_tenant_import/default.tfvars (100%) rename baselines/{ => todo_policy_packs}/azure/azure_tenant_import/main.tf (100%) rename baselines/{ => todo_policy_packs}/azure/azure_tenant_import/variables.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_baseline/README.md (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_baseline/demo.tfvars (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_baseline/enable_cis_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_baseline/enable_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_baseline/event_poller_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_baseline/locals.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_baseline/outputs.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_baseline/providers.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_baseline/regions.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_baseline/smart_folder.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_baseline/variables.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_cost_controls/README.md (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_cost_controls/active_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_cost_controls/compute_engine_active_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_cost_controls/compute_engine_schedule_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_cost_controls/demo.tfvars (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_cost_controls/locals.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_cost_controls/network_approved_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_cost_controls/outputs.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_cost_controls/providers.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_cost_controls/smart_folder.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_cost_controls/variables.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_encryption/README.md (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_encryption/bigquery_encryption_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_encryption/compute_engine_encryption_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_encryption/dataflow_encryption_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_encryption/dataproc_encryption_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_encryption/kubernetes_engine_encryption_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_encryption/outputs.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_encryption/providers.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_encryption/pub_sub_encryption_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_encryption/smartfolder.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_encryption/storage_encryption_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_encryption/variables.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_iam/README.md (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_iam/demo.tfvars (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_iam/outputs.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_iam/providers.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_iam/service_account_key_active_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_iam/service_account_key_approved_policies.tf.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_iam/service_account_trust_access_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_iam/smart_folder.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_iam/variables.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_labeling/README.md (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_labeling/demo.tfvars (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_labeling/labeling_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_labeling/locals.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_labeling/outputs.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_labeling/providers.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_labeling/smartfolder.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_labeling/vaiables.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_logging/README.md (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_logging/kubernetes_engine_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_logging/network_logging_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_logging/outputs.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_logging/providers.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_logging/smartfolder.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_logging/sql_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_logging/variables.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_public_access/README.md (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_public_access/compute_engine_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_public_access/locals.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_public_access/network_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_public_access/outputs.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_public_access/providers.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_public_access/smartfolder.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_public_access/trusted_access_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_public_access/variables.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_regions/README.md (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_regions/approved_regions_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_regions/demo.tfvars (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_regions/locals.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_regions/outputs.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_regions/providers.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_regions/smartfolder.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_regions/variables.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_stack/README.md (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_stack/outputs.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_stack/project_stack_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_stack/providers.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_stack/smartfolder.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_stack/tf_includes/sourcestack_policies.tf (100%) rename baselines/{getting_started => todo_policy_packs}/gcp/gcp_check_stack/variables.tf (100%) rename baselines/{ => todo_policy_packs}/gcp/gcp_permission/README.md (100%) rename baselines/{ => todo_policy_packs}/gcp/gcp_permission/default.tfvars (100%) rename baselines/{ => todo_policy_packs}/gcp/gcp_permission/main.tf (100%) rename baselines/{ => todo_policy_packs}/gcp/gcp_permission/variables.tf (100%) rename baselines/{ => todo_policy_packs}/gcp/gcp_project_import/README.md (100%) rename baselines/{ => todo_policy_packs}/gcp/gcp_project_import/default.tfvars (100%) rename baselines/{ => todo_policy_packs}/gcp/gcp_project_import/main.tf (100%) rename baselines/{ => todo_policy_packs}/gcp/gcp_project_import/variables.tf (100%) rename baselines/{getting_started/gcp/gcp_service_enable => todo_policy_packs/gcp/gcp_services}/README.md (100%) rename baselines/{ => todo_policy_packs}/gcp/gcp_services/default.tfvars (100%) rename baselines/{ => todo_policy_packs}/gcp/gcp_services/main.tf (100%) rename baselines/{ => todo_policy_packs}/gcp/gcp_services/variables.tf (100%) rename baselines/{ => todo_policy_packs}/gcp/gcp_setup/README.md (100%) rename baselines/{ => todo_policy_packs}/gcp/gcp_setup/default.tfvars (100%) rename baselines/{ => todo_policy_packs}/gcp/gcp_setup/main.tf (100%) rename baselines/{ => todo_policy_packs}/gcp/gcp_setup/variables.tf (100%) delete mode 100644 baselines/turbot/local_directory/README.md delete mode 100644 baselines/turbot/local_directory/default.tfvars delete mode 100644 baselines/turbot/local_directory/main.tf delete mode 100644 baselines/turbot/local_directory/variables.tf delete mode 100644 baselines/turbot/test/main.tf diff --git a/baselines/aws/aws_mods/README.md b/baselines/aws/aws_mods/README.md new file mode 100644 index 000000000..e144d8c10 --- /dev/null +++ b/baselines/aws/aws_mods/README.md @@ -0,0 +1,138 @@ +--- +categories: ["aws", "infrastructure"] +primary_category: "infrastructure" +--- + +# AWS Mods Installation + +Turbot provides numerous AWS mods, covering a wide range of AWS resources with thousands of policies and controls. By default, mods are installed with the top Turbot resource as the parent, meaning administrators must have Turbot/Owner permissions at the Turbot resource level to install, uninstall, or update mods in the environment. + +More information can be found [here](https://turbot.com/guardrails/docs/mods). + +## Documentation + +- **[Review Mods Documentation →](https://turbot.com/guardrails/docs/mods)** + +## Getting Started + +### Requirements + +- [Terraform](https://developer.hashicorp.com/terraform/install) + +### Credentials + +To install AWS mods using Terraform: + +- Ensure you have `Turbot/Owner` permissions (or higher) in Guardrails. +- [Create access keys](https://turbot.com/guardrails/docs/guides/iam/access-keys#generate-a-new-guardrails-api-access-key) in Guardrails. + +Then set your credentials: + +```sh +export TURBOT_WORKSPACE=myworkspace.acme.com +export TURBOT_ACCESS_KEY=acce6ac5-access-key-here +export TURBOT_SECRET_KEY=a8af61ec-secret-key-here +``` + +Please see [Turbot Guardrails Provider authentication](https://registry.terraform.io/providers/turbot/turbot/latest/docs#authentication) for additional authentication methods. + +## Usage + +### Initialize Terraform + +1. Navigate to the `aws_mods` folder. +2. Run the command: + + ```sh + terraform init + ``` + + + +### Deploying Demo Example + +1. Navigate to the `aws_mods` folder. +2. Initialize Terraform. +3. Apply the installation using the demo input variable file [demo.tfvars](demo.tfvars). + +On the terminal, this will look like: + +```sh +cd +terraform init +terraform apply --var-file=demo.tfvars +``` + +### Input Variable Files + +Input variable files allow users to configure settings for multiple environments in different files. + +This script comes with an example input variable file called [demo.tfvars](demo.tfvars). + +The variables that can be overridden by the input variable files (e.g., [demo.tfvars](demo.tfvars)) are defined in the [variables.tf](variables.tf) file. + +For more details, see the official [Terraform documentation](https://www.terraform.io/docs/language/values/variables.html). + +### Apply Installation Using Input Variable Files + +If you want to apply the installation using an input variable file, such as [demo.tfvars](demo.tfvars): + +1. Navigate to the folder containing the installation configuration. +2. Run the command: + + ```sh + terraform apply --var-file=demo.tfvars + ``` + +### Apply Installation Without Input Variable File + +The installation can also be applied without an input variable file. + +1. Ensure Terraform initialization is done as mentioned above. +2. Optionally, check the outcome by running `terraform plan`. +3. Apply the Terraform configuration: + + ```sh + cd + terraform plan + terraform apply + ``` + +### Destroy Installation Without Input Variable File + +To destroy the installation without using an input variable file: + +1. Navigate to the folder containing the installation configuration. +2. Run the command: + + ```sh + terraform destroy + ``` + +### Destroy Using Input Variable Files + +If you want to destroy the installation configuration using an input variable file, such as [demo.tfvars](demo.tfvars): + +1. Navigate to the folder containing the installation configuration. +2. Run the command: + + ```sh + terraform destroy --var-file=demo.tfvars + ``` + +## Commenting Strategy + +All Turbot policies used in the installation include links to the official Turbot Mods documentation. + +These links provide further details about: + +- The purpose of the policy +- Policy URI name +- Parent information +- Category information +- Target information +- All valid values + +--- + +This updated README follows the standards and format from the provided example, ensuring consistency and clarity across your documentation. diff --git a/baselines/getting_started/aws/aws_mods/demo.tfvars b/baselines/aws/aws_mods/demo.tfvars similarity index 100% rename from baselines/getting_started/aws/aws_mods/demo.tfvars rename to baselines/aws/aws_mods/demo.tfvars diff --git a/baselines/getting_started/aws/aws_mods/mod_install.tf b/baselines/aws/aws_mods/mod_install.tf similarity index 100% rename from baselines/getting_started/aws/aws_mods/mod_install.tf rename to baselines/aws/aws_mods/mod_install.tf diff --git a/baselines/getting_started/aws/aws_mods/providers.tf b/baselines/aws/aws_mods/providers.tf similarity index 100% rename from baselines/getting_started/aws/aws_mods/providers.tf rename to baselines/aws/aws_mods/providers.tf diff --git a/baselines/getting_started/aws/aws_mods/variables.tf b/baselines/aws/aws_mods/variables.tf similarity index 100% rename from baselines/getting_started/aws/aws_mods/variables.tf rename to baselines/aws/aws_mods/variables.tf diff --git a/baselines/getting_started/aws/aws_baseline/README.md b/baselines/aws/aws_service_enable/README.md similarity index 100% rename from baselines/getting_started/aws/aws_baseline/README.md rename to baselines/aws/aws_service_enable/README.md diff --git a/baselines/getting_started/aws/aws_service_enable/default.tfvars b/baselines/aws/aws_service_enable/default.tfvars similarity index 96% rename from baselines/getting_started/aws/aws_service_enable/default.tfvars rename to baselines/aws/aws_service_enable/default.tfvars index cbbe6ca18..cb73c7031 100644 --- a/baselines/getting_started/aws/aws_service_enable/default.tfvars +++ b/baselines/aws/aws_service_enable/default.tfvars @@ -1,5 +1,4 @@ # List of services to set as Enabled - enabled_policy_map = { aws-cloudtrail = "cloudTrailEnabled" aws-cloudwatch = "cloudWatchEnabled" diff --git a/baselines/getting_started/aws/aws_service_enable/main.tf b/baselines/aws/aws_service_enable/main.tf similarity index 73% rename from baselines/getting_started/aws/aws_service_enable/main.tf rename to baselines/aws/aws_service_enable/main.tf index 646dc73d1..42a0e7eaa 100644 --- a/baselines/getting_started/aws/aws_service_enable/main.tf +++ b/baselines/aws/aws_service_enable/main.tf @@ -12,3 +12,8 @@ resource "turbot_policy_setting" "aws_enable" { type = "tmod:@turbot/${each.key}#/policy/types/${each.value}" value = "Enabled" } + +resource "turbot_policy_pack_attachment" "aws_enable_attachment" { + resource = "workspace_base_folder" + policy_pack = turbot_policy_pack.aws_enabled_baseline_pack.id +} diff --git a/baselines/getting_started/azure/azure_mods/providers.tf b/baselines/aws/aws_service_enable/providers.tf similarity index 100% rename from baselines/getting_started/azure/azure_mods/providers.tf rename to baselines/aws/aws_service_enable/providers.tf diff --git a/baselines/getting_started/aws/aws_service_enable/variables.tf b/baselines/aws/aws_service_enable/variables.tf similarity index 100% rename from baselines/getting_started/aws/aws_service_enable/variables.tf rename to baselines/aws/aws_service_enable/variables.tf diff --git a/baselines/getting_started/azure/azure_mods/README.md b/baselines/azure/azure_mods/README.md similarity index 100% rename from baselines/getting_started/azure/azure_mods/README.md rename to baselines/azure/azure_mods/README.md diff --git a/baselines/getting_started/azure/azure_mods/demo.tfvars b/baselines/azure/azure_mods/demo.tfvars similarity index 100% rename from baselines/getting_started/azure/azure_mods/demo.tfvars rename to baselines/azure/azure_mods/demo.tfvars diff --git a/baselines/getting_started/azure/azure_mods/mod_install.tf b/baselines/azure/azure_mods/mod_install.tf similarity index 100% rename from baselines/getting_started/azure/azure_mods/mod_install.tf rename to baselines/azure/azure_mods/mod_install.tf diff --git a/baselines/getting_started/gcp/gcp_mods/providers.tf b/baselines/azure/azure_mods/providers.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_mods/providers.tf rename to baselines/azure/azure_mods/providers.tf diff --git a/baselines/getting_started/azure/azure_mods/variables.tf b/baselines/azure/azure_mods/variables.tf similarity index 100% rename from baselines/getting_started/azure/azure_mods/variables.tf rename to baselines/azure/azure_mods/variables.tf diff --git a/baselines/getting_started/aws/aws_service_enable/README.md b/baselines/azure/azure_service_enable/README.md similarity index 100% rename from baselines/getting_started/aws/aws_service_enable/README.md rename to baselines/azure/azure_service_enable/README.md diff --git a/baselines/getting_started/azure/azure_service_enable/default.tfvars b/baselines/azure/azure_service_enable/default.tfvars similarity index 100% rename from baselines/getting_started/azure/azure_service_enable/default.tfvars rename to baselines/azure/azure_service_enable/default.tfvars diff --git a/baselines/getting_started/azure/azure_service_enable/main.tf b/baselines/azure/azure_service_enable/main.tf similarity index 83% rename from baselines/getting_started/azure/azure_service_enable/main.tf rename to baselines/azure/azure_service_enable/main.tf index 78dd4b7e0..91c68500d 100644 --- a/baselines/getting_started/azure/azure_service_enable/main.tf +++ b/baselines/azure/azure_service_enable/main.tf @@ -21,3 +21,7 @@ resource "turbot_policy_setting" "azure_enable" { value = "Enabled" } +resource "turbot_policy_pack_attachment" "azure_enable_attachment" { + resource = "workspace_base_folder" + policy_pack = turbot_policy_pack.azure_enabled_baseline_pack.id +} diff --git a/baselines/getting_started/aws/aws_service_enable/providers.tf b/baselines/azure/azure_service_enable/providers.tf similarity index 57% rename from baselines/getting_started/aws/aws_service_enable/providers.tf rename to baselines/azure/azure_service_enable/providers.tf index 7db28916c..3ede1821a 100644 --- a/baselines/getting_started/aws/aws_service_enable/providers.tf +++ b/baselines/azure/azure_service_enable/providers.tf @@ -1,10 +1,10 @@ terraform { required_providers { turbot = { - source = "turbot/turbot" + source = "turbot/turbot" + version = ">= 1.11.0" } } - required_version = ">= 0.13" } provider "turbot" { diff --git a/baselines/getting_started/azure/azure_service_enable/variables.tf b/baselines/azure/azure_service_enable/variables.tf similarity index 100% rename from baselines/getting_started/azure/azure_service_enable/variables.tf rename to baselines/azure/azure_service_enable/variables.tf diff --git a/baselines/getting_started/gcp/gcp_mods/README.md b/baselines/gcp/gcp_mods/README.md similarity index 100% rename from baselines/getting_started/gcp/gcp_mods/README.md rename to baselines/gcp/gcp_mods/README.md diff --git a/baselines/getting_started/gcp/gcp_mods/demo.tfvars b/baselines/gcp/gcp_mods/demo.tfvars similarity index 100% rename from baselines/getting_started/gcp/gcp_mods/demo.tfvars rename to baselines/gcp/gcp_mods/demo.tfvars diff --git a/baselines/getting_started/gcp/gcp_mods/mod_install.tf b/baselines/gcp/gcp_mods/mod_install.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_mods/mod_install.tf rename to baselines/gcp/gcp_mods/mod_install.tf diff --git a/baselines/getting_started/azure/azure_service_enable/providers.tf b/baselines/gcp/gcp_mods/providers.tf similarity index 57% rename from baselines/getting_started/azure/azure_service_enable/providers.tf rename to baselines/gcp/gcp_mods/providers.tf index 7db28916c..3ede1821a 100644 --- a/baselines/getting_started/azure/azure_service_enable/providers.tf +++ b/baselines/gcp/gcp_mods/providers.tf @@ -1,10 +1,10 @@ terraform { required_providers { turbot = { - source = "turbot/turbot" + source = "turbot/turbot" + version = ">= 1.11.0" } } - required_version = ">= 0.13" } provider "turbot" { diff --git a/baselines/getting_started/gcp/gcp_mods/variables.tf b/baselines/gcp/gcp_mods/variables.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_mods/variables.tf rename to baselines/gcp/gcp_mods/variables.tf diff --git a/baselines/gcp/gcp_services/README.md b/baselines/gcp/gcp_service_enable/README.md similarity index 100% rename from baselines/gcp/gcp_services/README.md rename to baselines/gcp/gcp_service_enable/README.md diff --git a/baselines/getting_started/gcp/gcp_service_enable/default.tfvars b/baselines/gcp/gcp_service_enable/default.tfvars similarity index 100% rename from baselines/getting_started/gcp/gcp_service_enable/default.tfvars rename to baselines/gcp/gcp_service_enable/default.tfvars diff --git a/baselines/getting_started/gcp/gcp_service_enable/main.tf b/baselines/gcp/gcp_service_enable/main.tf similarity index 84% rename from baselines/getting_started/gcp/gcp_service_enable/main.tf rename to baselines/gcp/gcp_service_enable/main.tf index a537dfb7f..2e8d5d1e8 100644 --- a/baselines/getting_started/gcp/gcp_service_enable/main.tf +++ b/baselines/gcp/gcp_service_enable/main.tf @@ -20,3 +20,7 @@ resource "turbot_policy_setting" "gcp_api_enable" { value = "Enforce: ${lookup(var.service_status, "${element(keys(var.service_status), count.index)}")}" } +resource "turbot_policy_pack_attachment" "gcp_enable_attachment" { + resource = "workspace_base_folder" + policy_pack = turbot_policy_pack.gcp_enabled_baseline_pack.id +} diff --git a/baselines/getting_started/gcp/gcp_service_enable/providers.tf b/baselines/gcp/gcp_service_enable/providers.tf similarity index 57% rename from baselines/getting_started/gcp/gcp_service_enable/providers.tf rename to baselines/gcp/gcp_service_enable/providers.tf index 7db28916c..3ede1821a 100644 --- a/baselines/getting_started/gcp/gcp_service_enable/providers.tf +++ b/baselines/gcp/gcp_service_enable/providers.tf @@ -1,10 +1,10 @@ terraform { required_providers { turbot = { - source = "turbot/turbot" + source = "turbot/turbot" + version = ">= 1.11.0" } } - required_version = ">= 0.13" } provider "turbot" { diff --git a/baselines/getting_started/gcp/gcp_service_enable/variables.tf b/baselines/gcp/gcp_service_enable/variables.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_service_enable/variables.tf rename to baselines/gcp/gcp_service_enable/variables.tf diff --git a/baselines/getting_started/README.md b/baselines/getting_started/README.md deleted file mode 100644 index 313e57ad8..000000000 --- a/baselines/getting_started/README.md +++ /dev/null @@ -1,4 +0,0 @@ -# Getting started section - -This section gives a list of baselines which are suggested policies working together to achieve a larger objective. -The larger objective of the getting started section is for baselines for a freshly created workspace. diff --git a/baselines/getting_started/aws/aws_mods/README.md b/baselines/getting_started/aws/aws_mods/README.md deleted file mode 100644 index a9ea3e5a4..000000000 --- a/baselines/getting_started/aws/aws_mods/README.md +++ /dev/null @@ -1,115 +0,0 @@ -# AWS - Mods install - -Turbot provides dozens of AWS mods, covering hundreds of AWS resources, with thousands of policies and controls. By definition, mods are installed with the top Turbot resource as the parent. This means that administrators must be at the Turbot resource level with Turbot/Owner permissions to make modifications, installing, uninstalling, or updating, to mods in the environment. - -More information can be found [here](https://turbot.com/v5/docs/mods) - -## Requirements - -- Terraform v0.13 or greater installed -- Valid Turbot configuration credentials - -For further information on configuring Turbot credentials can be found [here](https://turbot.com/v5/docs/reference/cli/installation#setup-your-turbot-credentials). - -### Initialize - -1. Navigate to the aws_mods folder. -2. Run the command: - - ```shell - terraform init - ``` - -### Profile name as input - -This set requires you to provide `turbot_profile` name as input. This is to help in case you are having more profiles than only `default`. In case it's default, specify name as default. - -```shell -var.turbot_profile - Enter profile matching your turbot cli credentials. - Enter a value: -``` - -### Deploying demo example - -1. Navigate to the aws_mods folder. -2. Initialize Terraform -3. Apply the installation using the demo input variable file [demo.tfvars](demo.tfvars) - -On the terminal this will look like: - -```shell -cd -terraform init -terraform apply --var-file demo.tfvars -``` - -### Input variable files - -Input variable files allow for the user to configure configuration definitions for multiple environments in different files. - -This script comes with an example input variable file called [demo.tfvars](demo.tfvars). - -The variables that can be overwritten by the input variable files i.e. [demo.tfvars](demo.tfvars) are defined in the [variables.tf](variables.tf) file. - -Further details found in official [Terraform documentation](https://www.terraform.io/docs/language/values/variables.html). - -### Apply installation using input variable files - -If seeking to apply the installation using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the installation configuration. -2. Run the command: - - ```shell - terraform apply --var-file=demo.tfvars - ``` -### Apply installation without input variable file - -The installation can be applied without an input variable file. - -1. By this time Terraform initialization is done as mentioned above. -3. Prefer to check the outcome by running the Terraform plan -3. Apply the Terraform -4. Run the command: - -```shell -cd -terraform plan -terraform apply -``` - -### Destroy installation without input variable file - -If seeking to apply the installation without using an input variable file. - -1. Navigate to the folder containing the installation configuration. -2. Run the command: - - ```shell - terraform destroy - ``` - -### Destroy using input variable files - -If seeking to destoy the installation configuration using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the installation configuration. -2. Run the command: - - ```shell - terraform destroy --var-file=demo.tfvars - ``` - -## Commenting strategy - -All Turbot policies used by the installation will have a link to the official Turbot Mods documentation. - -Opening the links will give you further details about: - -- The purpose of the policy -- Policy URI name -- Parent information -- Category information -- Target information -- All valid values diff --git a/baselines/getting_started/turbot/cis_mod/outputs.tf b/baselines/getting_started/turbot/cis_mod/outputs.tf deleted file mode 100644 index 35dbdb780..000000000 --- a/baselines/getting_started/turbot/cis_mod/outputs.tf +++ /dev/null @@ -1,3 +0,0 @@ -output "turbot_profile" { - value = var.turbot_profile -} \ No newline at end of file diff --git a/baselines/getting_started/turbot/cis_mod/provider.tf b/baselines/getting_started/turbot/cis_mod/provider.tf deleted file mode 100644 index 715fb0f92..000000000 --- a/baselines/getting_started/turbot/cis_mod/provider.tf +++ /dev/null @@ -1,12 +0,0 @@ -terraform { - required_providers { - turbot = { - source = "turbot/turbot" - } - } - required_version = ">= 0.13" -} - -provider "turbot" { - profile = var.turbot_profile -} \ No newline at end of file diff --git a/baselines/getting_started/turbot/cis_mod/variables.tf b/baselines/getting_started/turbot/cis_mod/variables.tf deleted file mode 100644 index c2f147861..000000000 --- a/baselines/getting_started/turbot/cis_mod/variables.tf +++ /dev/null @@ -1,4 +0,0 @@ -variable "turbot_profile" { - type = string - description = "Turbot profile for the workspace where this terraform code will be executed" -} \ No newline at end of file diff --git a/baselines/getting_started/turbot/smart_retention/README.md b/baselines/getting_started/turbot/smart_retention/README.md deleted file mode 100644 index 4d050381a..000000000 --- a/baselines/getting_started/turbot/smart_retention/README.md +++ /dev/null @@ -1,22 +0,0 @@ -# Smart Retention Baseline - -Stale data from processes and deleted resources can accumulate over time. Turbot Enterprise 5.23.0 introduced Smart Retention that will clean up this unwanted data. Please refer to [Turbot > Workspace > Retention](https://turbot.com/v5/mods/turbot/turbot/inspect#/policy/types/retention) for more information. - -## Pre-requisites - -To run the local directory baseline, you must have: - -- [Terraform](https://www.terraform.io) Version 12 -- [Turbot Terraform Provider](https://github.com/turbotio/terraform-provider-turbot) -- [Credentials](https://turbot.com/v5/docs/reference/cli/installation#setup-your-turbot-credentials) configured to connect to your Turbot workspace - -## Running the Baseline - -To execute the baseline you must run terraform and specify the local directory name you wish to create and list of users you want to grant Turbot/Owner and Turbot/Admin role. - -To run the mod install baseline: - -- Go to the AWS permissions directory with `cd local_directory` -- Update `default.tfvars` with appropriate values -- Run `terraform plan -var-file=default.tfvars` to review the plan for aws permissions -- Run `terraform apply -var-file=default.tfvars` to apply the changes diff --git a/baselines/getting_started/turbot/smart_retention/default.tfvars b/baselines/getting_started/turbot/smart_retention/default.tfvars deleted file mode 100644 index 6a737d7fc..000000000 --- a/baselines/getting_started/turbot/smart_retention/default.tfvars +++ /dev/null @@ -1,5 +0,0 @@ -min_retention = 14 -max_retention = 365 -debug_logs = 14 -enforce_smart_retention = true -purge_limit = 30 diff --git a/baselines/getting_started/turbot/smart_retention/main.tf b/baselines/getting_started/turbot/smart_retention/main.tf deleted file mode 100644 index b49673bdd..000000000 --- a/baselines/getting_started/turbot/smart_retention/main.tf +++ /dev/null @@ -1,43 +0,0 @@ -// https://turbot.com/v5/mods/turbot/turbot/inspect#/policy/types/retention -resource "turbot_policy_setting" "turbot_smart_retention" { - resource = "tmod:@turbot/turbot#/" - type = "tmod:@turbot/turbot#/policy/types/retention" - value = "Enforce: Enable purging via Smart Retention" - //Skip - //Check: Preview purging via Smart Retention - //Enforce: Enable purging via Smart Retention -} - -resource "turbot_policy_setting" "sr_debug_log_retention" { - resource = "tmod:@turbot/turbot#/" - type = "tmod:@turbot/turbot#/policy/types/debugLogRetention" - value = var.debug_logs - //Minimum value: 1 - //Default: 14 -} - -resource "turbot_policy_setting" "sr_max_retention" { - resource = "tmod:@turbot/turbot#/" - type = "tmod:@turbot/turbot#/policy/types/maximumRetention" - value = var.max_retention - // minimum: 1, - // default: 365, -} - -// https://turbot.com/v5/mods/turbot/turbot/inspect#/policy/types/minimumRetention -resource "turbot_policy_setting" "sr_min_retention" { - resource = "tmod:@turbot/turbot#/" - type = "tmod:@turbot/turbot#/policy/types/minimumRetention" - value = var.min_retention - // minimum: 1, - // default: 7, -} - -// https://turbot.com/v5/mods/turbot/turbot/inspect#/policy/types/resourcePurgeLimit -resource "turbot_policy_setting" "sr_purge_limit" { - resource = "tmod:@turbot/turbot#/" - type = "tmod:@turbot/turbot#/policy/types/resourcePurgeLimit" - value = var.purge_limit - // minimum: 1 - // default: 30 -} diff --git a/baselines/getting_started/turbot/smart_retention/variables.tf b/baselines/getting_started/turbot/smart_retention/variables.tf deleted file mode 100644 index 57b1b3f37..000000000 --- a/baselines/getting_started/turbot/smart_retention/variables.tf +++ /dev/null @@ -1,25 +0,0 @@ -variable "enforce_smart_retention" { - description = "Enter the name for the local directory to be created:" - type = bool - default = true -} - -variable "min_retention" { - type = number - default = 14 -} - -variable "max_retention" { - type = number - default = 365 -} - -variable "purge_limit" { - type = number - default = 30 -} - -variable "debug_logs" { - type = number - default = 14 -} diff --git a/baselines/getting_started/turbot/turbot_profiles/main.tf b/baselines/getting_started/turbot/turbot_profiles/main.tf deleted file mode 100644 index 47376f929..000000000 --- a/baselines/getting_started/turbot/turbot_profiles/main.tf +++ /dev/null @@ -1,23 +0,0 @@ -# Adding additional Profiles to the Turbot.com Directory -# This baseline is specifically to create profiles in an exisiting turbot.com -# Will grant the Turbot/Owner role to each profile at the Turbot root level -# Will activate each Turbot/Owner grant to each profile - -variable "turbot_profile" { - description = "Enter profile matching your turbot cli credentials." -} - -provider "turbot" { - profile = var.turbot_profile -} - -## Vars to Map resources to tag -variable "directory_id" { - description = "Directory ID where profiles are created" - type = string -} - -variable "user_profile" { - description = "Map of the list of turbot.com profileIds. Update in terraform.tfvars" - type = map -} diff --git a/baselines/getting_started/turbot/turbot_profiles/turbot_profiles.tf b/baselines/getting_started/turbot/turbot_profiles/turbot_profiles.tf deleted file mode 100644 index e7d903b7b..000000000 --- a/baselines/getting_started/turbot/turbot_profiles/turbot_profiles.tf +++ /dev/null @@ -1,29 +0,0 @@ -# Creates profiles in an exisiting turbot.com defined in terraform.tfvars -# Will grant the Turbot/Owner role to each profile at the Turbot root level -# Will activate each Turbot/Owner grant to each profile - -resource "turbot_profile" "create_profile" { - for_each = var.user_profile - parent = var.directory_id - email = each.value.email - title = each.value.name - display_name = each.value.name - given_name = element(split(" ", each.value.name), 0) - family_name = element(split(" ", each.value.name), 1) - status = "Active" - profile_id = each.key -} - -resource "turbot_grant" "profile_grant_turbot_owner" { - for_each = var.user_profile - resource = "tmod:@turbot/turbot#/" - type = "tmod:@turbot/turbot-iam#/permission/types/turbot" - level = "tmod:@turbot/turbot-iam#/permission/levels/owner" - identity = turbot_profile.create_profile[each.key].id -} - -resource "turbot_grant_activation" "activate_turbot_owner_grant" { - for_each = var.user_profile - resource = "tmod:@turbot/turbot#/" - grant = turbot_grant.profile_grant_turbot_owner[each.key].id -} diff --git a/baselines/getting_started/turbot/turbot_profiles/versions.tf b/baselines/getting_started/turbot/turbot_profiles/versions.tf deleted file mode 100644 index 24d2520c8..000000000 --- a/baselines/getting_started/turbot/turbot_profiles/versions.tf +++ /dev/null @@ -1,8 +0,0 @@ -terraform { - required_providers { - turbot = { - source = "turbot/turbot" - } - } - required_version = ">= 0.13" -} diff --git a/baselines/getting_started/turbot/cis_mod/README.md b/baselines/guardrails/cis_mod/README.md similarity index 100% rename from baselines/getting_started/turbot/cis_mod/README.md rename to baselines/guardrails/cis_mod/README.md diff --git a/baselines/getting_started/turbot/cis_mod/mod_install.tf b/baselines/guardrails/cis_mod/mod_install.tf similarity index 100% rename from baselines/getting_started/turbot/cis_mod/mod_install.tf rename to baselines/guardrails/cis_mod/mod_install.tf diff --git a/baselines/guardrails/cis_mod/providers.tf b/baselines/guardrails/cis_mod/providers.tf new file mode 100644 index 000000000..3ede1821a --- /dev/null +++ b/baselines/guardrails/cis_mod/providers.tf @@ -0,0 +1,11 @@ +terraform { + required_providers { + turbot = { + source = "turbot/turbot" + version = ">= 1.11.0" + } + } +} + +provider "turbot" { +} diff --git a/baselines/turbot/example_folder_hierarchy/README.md b/baselines/guardrails/example_folder_hierarchy/README.md similarity index 100% rename from baselines/turbot/example_folder_hierarchy/README.md rename to baselines/guardrails/example_folder_hierarchy/README.md diff --git a/baselines/turbot/example_folder_hierarchy/default.tfvars b/baselines/guardrails/example_folder_hierarchy/default.tfvars similarity index 100% rename from baselines/turbot/example_folder_hierarchy/default.tfvars rename to baselines/guardrails/example_folder_hierarchy/default.tfvars diff --git a/baselines/turbot/example_folder_hierarchy/main.tf b/baselines/guardrails/example_folder_hierarchy/main.tf similarity index 100% rename from baselines/turbot/example_folder_hierarchy/main.tf rename to baselines/guardrails/example_folder_hierarchy/main.tf diff --git a/baselines/turbot/example_folder_hierarchy/variables.tf b/baselines/guardrails/example_folder_hierarchy/variables.tf similarity index 100% rename from baselines/turbot/example_folder_hierarchy/variables.tf rename to baselines/guardrails/example_folder_hierarchy/variables.tf diff --git a/baselines/guardrails/folder_hierarchy/main.tf b/baselines/guardrails/folder_hierarchy/main.tf new file mode 100644 index 000000000..263f2af15 --- /dev/null +++ b/baselines/guardrails/folder_hierarchy/main.tf @@ -0,0 +1,33 @@ +data "turbot_policy_value" "example" { + type = "tmod:@turbot/turbot#/policy/types/workspaceUrl" + resource = "tmod:@turbot/turbot#/" +} + +# Base folder (Turbot > workspacename) +resource "turbot_folder" "workspace_base_folder" { + parent = "tmod:@turbot/turbot#/" + title = element(split(".", element(split("/", data.turbot_policy_value.example.value), 2)), 0) + description = "Base folder for the workspace" + akas = ["workspace_base_folder"] +} + +# AWS Base folder (Turbot > workspacename > AWS) +resource "turbot_folder" "aws_base_folder" { + parent = turbot_folder.workspace_base_folder.id + title = "AWS" + description = "Base folder for AWS Resources" +} + +# Azure Base folder (Turbot > workspacename > Azure) +resource "turbot_folder" "azure_base_folder" { + parent = turbot_folder.workspace_base_folder.id + title = "Azure" + description = "Base folder for Azure Resources" +} + +# GCP Base folder (Turbot > workspacename > GCP) +resource "turbot_folder" "gcp_base_folder" { + parent = turbot_folder.workspace_base_folder.id + title = "GCP" + description = "Base folder for GCP Resources" +} diff --git a/baselines/guardrails/folder_hierarchy/providers.tf b/baselines/guardrails/folder_hierarchy/providers.tf new file mode 100644 index 000000000..3ede1821a --- /dev/null +++ b/baselines/guardrails/folder_hierarchy/providers.tf @@ -0,0 +1,11 @@ +terraform { + required_providers { + turbot = { + source = "turbot/turbot" + version = ">= 1.11.0" + } + } +} + +provider "turbot" { +} diff --git a/baselines/guardrails/local_directory/main.tf b/baselines/guardrails/local_directory/main.tf new file mode 100644 index 000000000..473945a2b --- /dev/null +++ b/baselines/guardrails/local_directory/main.tf @@ -0,0 +1,81 @@ +# Turbot Local Directory Creation +resource "turbot_local_directory" "local_dir" { + profile_id_template = "turbot.local.{{profile.email}}" + title = "Turbot Support Team Login" + parent = "tmod:@turbot/turbot#/" + description = "Turbot Support Team Login" +} + +# User Creation +resource "turbot_local_directory_user" "support_user" { + title = "Guardrails Support" + email = "support@turbot.com" + display_name = "Guardrails Support" + given_name = "Guardrails" + family_name = "Support" + parent = turbot_local_directory.local_dir.id +} + +# Profile Creation +resource "turbot_profile" "support_user_profile" { + title = "Guardrails Support" + email = "support@turbot.com" + status = "Active" + given_name = "Guardrails" + family_name = "Support" + display_name = "Guardrails Support" + parent = turbot_local_directory.local_dir.id + profile_id = "turbot.local.support@turbot.com" +} + +# Grant Creation +resource "turbot_grant" "support_user_grant_turbot_operator" { + depends_on = [turbot_profile.support_user_profile] + resource = "tmod:@turbot/turbot#/" + type = "tmod:@turbot/turbot-iam#/permission/types/turbot" + level = "tmod:@turbot/turbot-iam#/permission/levels/operator" + identity = turbot_profile.support_user_profile.id +} + +# Grant Activation +resource "turbot_grant_activation" "support_user_owner_activation" { + resource = "tmod:@turbot/turbot#/" + grant = turbot_grant.support_user_grant_turbot_operator.id +} + +# User Creation +resource "turbot_local_directory_user" "guardrails_admin" { + title = "Guardrails Admin" + email = "admin@turbot.com" + display_name = "Guardrails Admin" + given_name = "Guardrails" + family_name = "Admin" + parent = turbot_local_directory.local_dir.id +} + +# Profile Creation +resource "turbot_profile" "guardrails_admin_profile" { + title = "Guardrails Admin" + email = "admin@turbot.com" + status = "Active" + given_name = "Guardrails" + family_name = "Admin" + display_name = "Guardrails Admin" + parent = turbot_local_directory.local_dir.id + profile_id = "turbot.local.admin@turbot.com" +} + +# Grant Creation +resource "turbot_grant" "guardrails_admin_grant_turbot_owner" { + depends_on = [turbot_profile.guardrails_admin_profile] + resource = "tmod:@turbot/turbot#/" + type = "tmod:@turbot/turbot-iam#/permission/types/turbot" + level = "tmod:@turbot/turbot-iam#/permission/levels/owner" + identity = turbot_profile.guardrails_admin_profile.id +} + +# Grant Activation +resource "turbot_grant_activation" "guardrails_admin_owner_activation" { + resource = "tmod:@turbot/turbot#/" + grant = turbot_grant.guardrails_admin_grant_turbot_owner.id +} diff --git a/baselines/guardrails/local_directory/providers.tf b/baselines/guardrails/local_directory/providers.tf new file mode 100644 index 000000000..3ede1821a --- /dev/null +++ b/baselines/guardrails/local_directory/providers.tf @@ -0,0 +1,11 @@ +terraform { + required_providers { + turbot = { + source = "turbot/turbot" + version = ">= 1.11.0" + } + } +} + +provider "turbot" { +} diff --git a/baselines/getting_started/turbot/turbot_profiles/demo.tfvars b/baselines/guardrails/turbot_profiles/demo.tfvars similarity index 88% rename from baselines/getting_started/turbot/turbot_profiles/demo.tfvars rename to baselines/guardrails/turbot_profiles/demo.tfvars index 06d05d9b3..c7bfeb782 100644 --- a/baselines/getting_started/turbot/turbot_profiles/demo.tfvars +++ b/baselines/guardrails/turbot_profiles/demo.tfvars @@ -1,7 +1,6 @@ # Exisiting directory id which profiles are being created in # e.g. "123456789012345" -directory_id = "123456789012345" # replace with the Directory Id you are using - +# directory_id = "123456789012345" # replace with the Directory Id you are using # Update this profile list to add in profiles into the directory # For a turbot.com directory, the profileId would be the turbot.com username @@ -12,4 +11,4 @@ user_profile = { "profileId1" = { name = "First Last", email = "email@email.com" }, "profileId2" = { name = "First Last", email = "email@email.com" }, "profileId3" = { name = "First Last", email = "email@email.com" } -} \ No newline at end of file +} diff --git a/baselines/guardrails/turbot_profiles/main.tf b/baselines/guardrails/turbot_profiles/main.tf new file mode 100644 index 000000000..e7c5328e4 --- /dev/null +++ b/baselines/guardrails/turbot_profiles/main.tf @@ -0,0 +1,50 @@ +# Adding additional Profiles to the Turbot.com Directory +# This baseline is specifically to create profiles in an existing turbot.com +# Will grant the Turbot/Owner role to each profile at the Turbot root level +# Will activate each Turbot/Owner grant to each profile +###################### +# Directory Creation # +###################### + +resource "turbot_turbot_directory" "turbot_dir" { + parent = "tmod:@turbot/turbot#/" + title = "Turbot SAML" + description = "Allow login through turbot directory to turbot workspaces." + profile_id_template = "turbot.directory.{{profile.$source.name}}" + server = "turbot.com" +} + +variable "user_profile" { + description = "Map of the list of turbot.com profileIds. Update in terraform.tfvars" + type = map(any) +} + +# Creates profiles in an exisiting turbot.com defined in terraform.tfvars +# Will grant the Turbot/Owner role to each profile at the Turbot root level +# Will activate each Turbot/Owner grant to each profile +resource "turbot_profile" "create_profile" { + for_each = var.user_profile + parent = turbot_turbot_directory.turbot_dir.id + email = each.value.email + title = each.value.name + display_name = each.value.name + given_name = element(split(" ", each.value.name), 0) + family_name = element(split(" ", each.value.name), 1) + status = "Active" + profile_id = "turbot.directory.${each.key}" +} + +resource "turbot_grant" "profile_grant_turbot_owner" { + for_each = var.user_profile + resource = "tmod:@turbot/turbot#/" + type = "tmod:@turbot/turbot-iam#/permission/types/turbot" + level = "tmod:@turbot/turbot-iam#/permission/levels/owner" + identity = turbot_profile.create_profile[each.key].id +} + +resource "turbot_grant_activation" "activate_turbot_owner_grant" { + for_each = var.user_profile + resource = "tmod:@turbot/turbot#/" + grant = turbot_grant.profile_grant_turbot_owner[each.key].id +} + diff --git a/baselines/guardrails/turbot_profiles/providers.tf b/baselines/guardrails/turbot_profiles/providers.tf new file mode 100644 index 000000000..3ede1821a --- /dev/null +++ b/baselines/guardrails/turbot_profiles/providers.tf @@ -0,0 +1,11 @@ +terraform { + required_providers { + turbot = { + source = "turbot/turbot" + version = ">= 1.11.0" + } + } +} + +provider "turbot" { +} diff --git a/baselines/guardrails/workspace_settings/main.tf b/baselines/guardrails/workspace_settings/main.tf new file mode 100644 index 000000000..a33e2a0a2 --- /dev/null +++ b/baselines/guardrails/workspace_settings/main.tf @@ -0,0 +1,77 @@ +# https://hub.guardrails.turbot.com/mods/turbot/policies/turbot/quickActionsEnabled +resource "turbot_policy_setting" "turbot_quick_actions_enabled" { + resource = "tmod:@turbot/turbot#/" + type = "tmod:@turbot/turbot#/policy/types/quickActionsEnabled" + value = "Enabled" + # Enabled + # Disabled +} + +# https://hub.guardrails.turbot.com/mods/turbot/policies/turbot/retention +resource "turbot_policy_setting" "turbot_retention" { + resource = "tmod:@turbot/turbot#/" + type = "tmod:@turbot/turbot#/policy/types/retention" + value = "Enforce: Enable purging via Smart Retention" + # Skip + # Check: Preview purging via Smart Retention + # Enforce: Enable purging via Smart Retention +} + +# https://hub.guardrails.turbot.com/mods/turbot/policies/turbot/maximumRetention +resource "turbot_policy_setting" "turbot_maximum_retention" { + resource = "tmod:@turbot/turbot#/" + type = "tmod:@turbot/turbot#/policy/types/maximumRetention" + value = 90 + # Minimum: 1 + # Default: 365 +} + +# https://hub.guardrails.turbot.com/mods/turbot/policies/turbot/resourcePurgeLimit +resource "turbot_policy_setting" "turbot_resource_purge_limit" { + resource = "tmod:@turbot/turbot#/" + type = "tmod:@turbot/turbot#/policy/types/resourcePurgeLimit" + value = 500 + # Minimum: 1 + # Default: 30 +} + +# https://hub.guardrails.turbot.com/mods/turbot/policies/turbot/stackTerraformVersion +resource "turbot_policy_setting" "turbot_stack_terraform_version" { + resource = "tmod:@turbot/turbot#/" + type = "tmod:@turbot/turbot#/policy/types/stackTerraformVersion" + value = "0.15.*" +} + +# https://hub.guardrails.turbot.com/mods/turbot/policies/turbot-iam/turbotConsoleSessionTimeoutMins +resource "turbot_policy_setting" "turbot_iam_turbot_console_session_timeout_mins" { + resource = "tmod:@turbot/turbot#/" + type = "tmod:@turbot/turbot-iam#/policy/types/turbotConsoleSessionTimeoutMins" + value = 540 +} + +# https://hub.guardrails.turbot.com/mods/turbot/policies/turbot/modAutoUpdate +resource "turbot_policy_setting" "turbot_mod_auto_update" { + resource = "tmod:@turbot/turbot#/" + type = "tmod:@turbot/turbot#/policy/types/modAutoUpdate" + value = "Enforce within Mod Change Window" +} + +# https://hub.guardrails.turbot.com/mods/turbot/policies/turbot/modChangeWindowSchedule +resource "turbot_policy_setting" "turbot_mod_change_window_schedule" { + resource = "tmod:@turbot/turbot#/" + type = "tmod:@turbot/turbot#/policy/types/modChangeWindowSchedule" + value = <<-EOT + - name: Weekly + description: 'Weekly, Saturday 09:00 AM to Saturday 09:00 PM UTC' + cron: '0 9 * * SAT' + duration: 12 + EOT +} + +# https://hub.guardrails.turbot.com/mods/turbot/policies/turbot/notifications +# # Turbot > Notifications +# resource "turbot_policy_setting" "turbot_notifications" { +# resource = "tmod:@turbot/turbot#/" +# type = "tmod:@turbot/turbot#/policy/types/notifications" +# value = "Enabled" +# } diff --git a/baselines/guardrails/workspace_settings/providers.tf b/baselines/guardrails/workspace_settings/providers.tf new file mode 100644 index 000000000..3ede1821a --- /dev/null +++ b/baselines/guardrails/workspace_settings/providers.tf @@ -0,0 +1,11 @@ +terraform { + required_providers { + turbot = { + source = "turbot/turbot" + version = ">= 1.11.0" + } + } +} + +provider "turbot" { +} diff --git a/baselines/aws/aws_account_import/README.md b/baselines/todo_policy_packs/aws/aws_account_import/README.md similarity index 100% rename from baselines/aws/aws_account_import/README.md rename to baselines/todo_policy_packs/aws/aws_account_import/README.md diff --git a/baselines/aws/aws_account_import/default.tfvars b/baselines/todo_policy_packs/aws/aws_account_import/default.tfvars similarity index 100% rename from baselines/aws/aws_account_import/default.tfvars rename to baselines/todo_policy_packs/aws/aws_account_import/default.tfvars diff --git a/baselines/aws/aws_account_import/main.tf b/baselines/todo_policy_packs/aws/aws_account_import/main.tf similarity index 100% rename from baselines/aws/aws_account_import/main.tf rename to baselines/todo_policy_packs/aws/aws_account_import/main.tf diff --git a/baselines/aws/aws_account_import/turbot_service_readonly.cf.yaml b/baselines/todo_policy_packs/aws/aws_account_import/turbot_service_readonly.cf.yaml similarity index 100% rename from baselines/aws/aws_account_import/turbot_service_readonly.cf.yaml rename to baselines/todo_policy_packs/aws/aws_account_import/turbot_service_readonly.cf.yaml diff --git a/baselines/aws/aws_account_import/turbot_service_superuser.cf.yaml b/baselines/todo_policy_packs/aws/aws_account_import/turbot_service_superuser.cf.yaml similarity index 100% rename from baselines/aws/aws_account_import/turbot_service_superuser.cf.yaml rename to baselines/todo_policy_packs/aws/aws_account_import/turbot_service_superuser.cf.yaml diff --git a/baselines/aws/aws_account_import/variables.tf b/baselines/todo_policy_packs/aws/aws_account_import/variables.tf similarity index 100% rename from baselines/aws/aws_account_import/variables.tf rename to baselines/todo_policy_packs/aws/aws_account_import/variables.tf diff --git a/baselines/getting_started/azure/azure_service_enable/README.md b/baselines/todo_policy_packs/aws/aws_baseline/README.md similarity index 100% rename from baselines/getting_started/azure/azure_service_enable/README.md rename to baselines/todo_policy_packs/aws/aws_baseline/README.md diff --git a/baselines/getting_started/aws/aws_baseline/aws_service_enable.tf b/baselines/todo_policy_packs/aws/aws_baseline/aws_service_enable.tf similarity index 100% rename from baselines/getting_started/aws/aws_baseline/aws_service_enable.tf rename to baselines/todo_policy_packs/aws/aws_baseline/aws_service_enable.tf diff --git a/baselines/getting_started/aws/aws_baseline/demo.tfvars b/baselines/todo_policy_packs/aws/aws_baseline/demo.tfvars similarity index 100% rename from baselines/getting_started/aws/aws_baseline/demo.tfvars rename to baselines/todo_policy_packs/aws/aws_baseline/demo.tfvars diff --git a/baselines/getting_started/aws/aws_baseline/ec2_attribute_policies.tf b/baselines/todo_policy_packs/aws/aws_baseline/ec2_attribute_policies.tf similarity index 100% rename from baselines/getting_started/aws/aws_baseline/ec2_attribute_policies.tf rename to baselines/todo_policy_packs/aws/aws_baseline/ec2_attribute_policies.tf diff --git a/baselines/getting_started/aws/aws_baseline/enable_cis.tf b/baselines/todo_policy_packs/aws/aws_baseline/enable_cis.tf similarity index 100% rename from baselines/getting_started/aws/aws_baseline/enable_cis.tf rename to baselines/todo_policy_packs/aws/aws_baseline/enable_cis.tf diff --git a/baselines/getting_started/aws/aws_baseline/outputs.tf b/baselines/todo_policy_packs/aws/aws_baseline/outputs.tf similarity index 100% rename from baselines/getting_started/aws/aws_baseline/outputs.tf rename to baselines/todo_policy_packs/aws/aws_baseline/outputs.tf diff --git a/baselines/getting_started/aws/aws_baseline/providers.tf b/baselines/todo_policy_packs/aws/aws_baseline/providers.tf similarity index 100% rename from baselines/getting_started/aws/aws_baseline/providers.tf rename to baselines/todo_policy_packs/aws/aws_baseline/providers.tf diff --git a/baselines/getting_started/aws/aws_baseline/real_time_events.tf b/baselines/todo_policy_packs/aws/aws_baseline/real_time_events.tf similarity index 100% rename from baselines/getting_started/aws/aws_baseline/real_time_events.tf rename to baselines/todo_policy_packs/aws/aws_baseline/real_time_events.tf diff --git a/baselines/getting_started/aws/aws_baseline/regions.tf b/baselines/todo_policy_packs/aws/aws_baseline/regions.tf similarity index 100% rename from baselines/getting_started/aws/aws_baseline/regions.tf rename to baselines/todo_policy_packs/aws/aws_baseline/regions.tf diff --git a/baselines/getting_started/aws/aws_baseline/smart_folder.tf b/baselines/todo_policy_packs/aws/aws_baseline/smart_folder.tf similarity index 100% rename from baselines/getting_started/aws/aws_baseline/smart_folder.tf rename to baselines/todo_policy_packs/aws/aws_baseline/smart_folder.tf diff --git a/baselines/getting_started/aws/aws_baseline/variables.tf b/baselines/todo_policy_packs/aws/aws_baseline/variables.tf similarity index 100% rename from baselines/getting_started/aws/aws_baseline/variables.tf rename to baselines/todo_policy_packs/aws/aws_baseline/variables.tf diff --git a/baselines/getting_started/aws/aws_baseline/vpc_policies.tf b/baselines/todo_policy_packs/aws/aws_baseline/vpc_policies.tf similarity index 100% rename from baselines/getting_started/aws/aws_baseline/vpc_policies.tf rename to baselines/todo_policy_packs/aws/aws_baseline/vpc_policies.tf diff --git a/baselines/getting_started/aws/aws_check_cost_controls/README.md b/baselines/todo_policy_packs/aws/aws_check_cost_controls/README.md similarity index 100% rename from baselines/getting_started/aws/aws_check_cost_controls/README.md rename to baselines/todo_policy_packs/aws/aws_check_cost_controls/README.md diff --git a/baselines/getting_started/aws/aws_check_cost_controls/aws_active.tf b/baselines/todo_policy_packs/aws/aws_check_cost_controls/aws_active.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_cost_controls/aws_active.tf rename to baselines/todo_policy_packs/aws/aws_check_cost_controls/aws_active.tf diff --git a/baselines/getting_started/aws/aws_check_cost_controls/demo.tfvars b/baselines/todo_policy_packs/aws/aws_check_cost_controls/demo.tfvars similarity index 100% rename from baselines/getting_started/aws/aws_check_cost_controls/demo.tfvars rename to baselines/todo_policy_packs/aws/aws_check_cost_controls/demo.tfvars diff --git a/baselines/getting_started/aws/aws_check_cost_controls/locals.tf b/baselines/todo_policy_packs/aws/aws_check_cost_controls/locals.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_cost_controls/locals.tf rename to baselines/todo_policy_packs/aws/aws_check_cost_controls/locals.tf diff --git a/baselines/getting_started/aws/aws_check_cost_controls/outputs.tf b/baselines/todo_policy_packs/aws/aws_check_cost_controls/outputs.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_cost_controls/outputs.tf rename to baselines/todo_policy_packs/aws/aws_check_cost_controls/outputs.tf diff --git a/baselines/getting_started/aws/aws_check_cost_controls/providers.tf b/baselines/todo_policy_packs/aws/aws_check_cost_controls/providers.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_cost_controls/providers.tf rename to baselines/todo_policy_packs/aws/aws_check_cost_controls/providers.tf diff --git a/baselines/getting_started/aws/aws_check_cost_controls/schedules.tf b/baselines/todo_policy_packs/aws/aws_check_cost_controls/schedules.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_cost_controls/schedules.tf rename to baselines/todo_policy_packs/aws/aws_check_cost_controls/schedules.tf diff --git a/baselines/getting_started/aws/aws_check_cost_controls/smart_folder.tf b/baselines/todo_policy_packs/aws/aws_check_cost_controls/smart_folder.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_cost_controls/smart_folder.tf rename to baselines/todo_policy_packs/aws/aws_check_cost_controls/smart_folder.tf diff --git a/baselines/getting_started/aws/aws_check_cost_controls/variables.tf b/baselines/todo_policy_packs/aws/aws_check_cost_controls/variables.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_cost_controls/variables.tf rename to baselines/todo_policy_packs/aws/aws_check_cost_controls/variables.tf diff --git a/baselines/getting_started/aws/aws_check_encryption/README.md b/baselines/todo_policy_packs/aws/aws_check_encryption/README.md similarity index 100% rename from baselines/getting_started/aws/aws_check_encryption/README.md rename to baselines/todo_policy_packs/aws/aws_check_encryption/README.md diff --git a/baselines/getting_started/aws/aws_check_encryption/backup_policies.tf b/baselines/todo_policy_packs/aws/aws_check_encryption/backup_policies.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_encryption/backup_policies.tf rename to baselines/todo_policy_packs/aws/aws_check_encryption/backup_policies.tf diff --git a/baselines/getting_started/aws/aws_check_encryption/cloudtrail_policies.tf b/baselines/todo_policy_packs/aws/aws_check_encryption/cloudtrail_policies.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_encryption/cloudtrail_policies.tf rename to baselines/todo_policy_packs/aws/aws_check_encryption/cloudtrail_policies.tf diff --git a/baselines/getting_started/aws/aws_check_encryption/demo.tfvars b/baselines/todo_policy_packs/aws/aws_check_encryption/demo.tfvars similarity index 100% rename from baselines/getting_started/aws/aws_check_encryption/demo.tfvars rename to baselines/todo_policy_packs/aws/aws_check_encryption/demo.tfvars diff --git a/baselines/getting_started/aws/aws_check_encryption/dynamodb_policies.tf b/baselines/todo_policy_packs/aws/aws_check_encryption/dynamodb_policies.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_encryption/dynamodb_policies.tf rename to baselines/todo_policy_packs/aws/aws_check_encryption/dynamodb_policies.tf diff --git a/baselines/getting_started/aws/aws_check_encryption/ec2_policies.tf b/baselines/todo_policy_packs/aws/aws_check_encryption/ec2_policies.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_encryption/ec2_policies.tf rename to baselines/todo_policy_packs/aws/aws_check_encryption/ec2_policies.tf diff --git a/baselines/getting_started/aws/aws_check_encryption/efs_policies.tf b/baselines/todo_policy_packs/aws/aws_check_encryption/efs_policies.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_encryption/efs_policies.tf rename to baselines/todo_policy_packs/aws/aws_check_encryption/efs_policies.tf diff --git a/baselines/getting_started/aws/aws_check_encryption/elasticsearch_policies.tf b/baselines/todo_policy_packs/aws/aws_check_encryption/elasticsearch_policies.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_encryption/elasticsearch_policies.tf rename to baselines/todo_policy_packs/aws/aws_check_encryption/elasticsearch_policies.tf diff --git a/baselines/getting_started/aws/aws_check_encryption/kinesis_policies.tf b/baselines/todo_policy_packs/aws/aws_check_encryption/kinesis_policies.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_encryption/kinesis_policies.tf rename to baselines/todo_policy_packs/aws/aws_check_encryption/kinesis_policies.tf diff --git a/baselines/getting_started/aws/aws_check_encryption/kms_policies.tf b/baselines/todo_policy_packs/aws/aws_check_encryption/kms_policies.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_encryption/kms_policies.tf rename to baselines/todo_policy_packs/aws/aws_check_encryption/kms_policies.tf diff --git a/baselines/getting_started/aws/aws_check_encryption/lambda_policies.tf b/baselines/todo_policy_packs/aws/aws_check_encryption/lambda_policies.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_encryption/lambda_policies.tf rename to baselines/todo_policy_packs/aws/aws_check_encryption/lambda_policies.tf diff --git a/baselines/getting_started/aws/aws_check_encryption/logs_policies.tf b/baselines/todo_policy_packs/aws/aws_check_encryption/logs_policies.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_encryption/logs_policies.tf rename to baselines/todo_policy_packs/aws/aws_check_encryption/logs_policies.tf diff --git a/baselines/getting_started/aws/aws_check_encryption/outputs.tf b/baselines/todo_policy_packs/aws/aws_check_encryption/outputs.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_encryption/outputs.tf rename to baselines/todo_policy_packs/aws/aws_check_encryption/outputs.tf diff --git a/baselines/getting_started/aws/aws_check_encryption/providers.tf b/baselines/todo_policy_packs/aws/aws_check_encryption/providers.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_encryption/providers.tf rename to baselines/todo_policy_packs/aws/aws_check_encryption/providers.tf diff --git a/baselines/getting_started/aws/aws_check_encryption/rds_policies.tf b/baselines/todo_policy_packs/aws/aws_check_encryption/rds_policies.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_encryption/rds_policies.tf rename to baselines/todo_policy_packs/aws/aws_check_encryption/rds_policies.tf diff --git a/baselines/getting_started/aws/aws_check_encryption/redshift_policies.tf b/baselines/todo_policy_packs/aws/aws_check_encryption/redshift_policies.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_encryption/redshift_policies.tf rename to baselines/todo_policy_packs/aws/aws_check_encryption/redshift_policies.tf diff --git a/baselines/getting_started/aws/aws_check_encryption/s3_policies.tf b/baselines/todo_policy_packs/aws/aws_check_encryption/s3_policies.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_encryption/s3_policies.tf rename to baselines/todo_policy_packs/aws/aws_check_encryption/s3_policies.tf diff --git a/baselines/getting_started/aws/aws_check_encryption/secretmanager_policies.tf b/baselines/todo_policy_packs/aws/aws_check_encryption/secretmanager_policies.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_encryption/secretmanager_policies.tf rename to baselines/todo_policy_packs/aws/aws_check_encryption/secretmanager_policies.tf diff --git a/baselines/getting_started/aws/aws_check_encryption/smart_folder.tf b/baselines/todo_policy_packs/aws/aws_check_encryption/smart_folder.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_encryption/smart_folder.tf rename to baselines/todo_policy_packs/aws/aws_check_encryption/smart_folder.tf diff --git a/baselines/getting_started/aws/aws_check_encryption/sns_policies.tf b/baselines/todo_policy_packs/aws/aws_check_encryption/sns_policies.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_encryption/sns_policies.tf rename to baselines/todo_policy_packs/aws/aws_check_encryption/sns_policies.tf diff --git a/baselines/getting_started/aws/aws_check_encryption/sqs_policies.tf b/baselines/todo_policy_packs/aws/aws_check_encryption/sqs_policies.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_encryption/sqs_policies.tf rename to baselines/todo_policy_packs/aws/aws_check_encryption/sqs_policies.tf diff --git a/baselines/getting_started/aws/aws_check_encryption/ssm_policies.tf b/baselines/todo_policy_packs/aws/aws_check_encryption/ssm_policies.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_encryption/ssm_policies.tf rename to baselines/todo_policy_packs/aws/aws_check_encryption/ssm_policies.tf diff --git a/baselines/getting_started/aws/aws_check_encryption/variables.tf b/baselines/todo_policy_packs/aws/aws_check_encryption/variables.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_encryption/variables.tf rename to baselines/todo_policy_packs/aws/aws_check_encryption/variables.tf diff --git a/baselines/getting_started/aws/aws_check_iam/README.md b/baselines/todo_policy_packs/aws/aws_check_iam/README.md similarity index 100% rename from baselines/getting_started/aws/aws_check_iam/README.md rename to baselines/todo_policy_packs/aws/aws_check_iam/README.md diff --git a/baselines/getting_started/aws/aws_check_iam/access_key_rotation.tf b/baselines/todo_policy_packs/aws/aws_check_iam/access_key_rotation.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_iam/access_key_rotation.tf rename to baselines/todo_policy_packs/aws/aws_check_iam/access_key_rotation.tf diff --git a/baselines/getting_started/aws/aws_check_iam/account_password_policy.tf b/baselines/todo_policy_packs/aws/aws_check_iam/account_password_policy.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_iam/account_password_policy.tf rename to baselines/todo_policy_packs/aws/aws_check_iam/account_password_policy.tf diff --git a/baselines/getting_started/aws/aws_check_iam/demo.tfvars b/baselines/todo_policy_packs/aws/aws_check_iam/demo.tfvars similarity index 100% rename from baselines/getting_started/aws/aws_check_iam/demo.tfvars rename to baselines/todo_policy_packs/aws/aws_check_iam/demo.tfvars diff --git a/baselines/getting_started/aws/aws_check_iam/deny_star_policy_stmt.tf b/baselines/todo_policy_packs/aws/aws_check_iam/deny_star_policy_stmt.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_iam/deny_star_policy_stmt.tf rename to baselines/todo_policy_packs/aws/aws_check_iam/deny_star_policy_stmt.tf diff --git a/baselines/getting_started/aws/aws_check_iam/group_inline_star_policy_stmt.tf b/baselines/todo_policy_packs/aws/aws_check_iam/group_inline_star_policy_stmt.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_iam/group_inline_star_policy_stmt.tf rename to baselines/todo_policy_packs/aws/aws_check_iam/group_inline_star_policy_stmt.tf diff --git a/baselines/getting_started/aws/aws_check_iam/group_policy_attachment.tf b/baselines/todo_policy_packs/aws/aws_check_iam/group_policy_attachment.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_iam/group_policy_attachment.tf rename to baselines/todo_policy_packs/aws/aws_check_iam/group_policy_attachment.tf diff --git a/baselines/getting_started/aws/aws_check_iam/output.tf b/baselines/todo_policy_packs/aws/aws_check_iam/output.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_iam/output.tf rename to baselines/todo_policy_packs/aws/aws_check_iam/output.tf diff --git a/baselines/getting_started/aws/aws_check_iam/provider.tf b/baselines/todo_policy_packs/aws/aws_check_iam/provider.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_iam/provider.tf rename to baselines/todo_policy_packs/aws/aws_check_iam/provider.tf diff --git a/baselines/getting_started/aws/aws_check_iam/role_inline_star_policy_stmt.tf b/baselines/todo_policy_packs/aws/aws_check_iam/role_inline_star_policy_stmt.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_iam/role_inline_star_policy_stmt.tf rename to baselines/todo_policy_packs/aws/aws_check_iam/role_inline_star_policy_stmt.tf diff --git a/baselines/getting_started/aws/aws_check_iam/role_policy_attachment.tf b/baselines/todo_policy_packs/aws/aws_check_iam/role_policy_attachment.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_iam/role_policy_attachment.tf rename to baselines/todo_policy_packs/aws/aws_check_iam/role_policy_attachment.tf diff --git a/baselines/getting_started/aws/aws_check_iam/role_trust_policy.tf b/baselines/todo_policy_packs/aws/aws_check_iam/role_trust_policy.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_iam/role_trust_policy.tf rename to baselines/todo_policy_packs/aws/aws_check_iam/role_trust_policy.tf diff --git a/baselines/getting_started/aws/aws_check_iam/smart_folder.tf b/baselines/todo_policy_packs/aws/aws_check_iam/smart_folder.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_iam/smart_folder.tf rename to baselines/todo_policy_packs/aws/aws_check_iam/smart_folder.tf diff --git a/baselines/getting_started/aws/aws_check_iam/user_inline_star_policy_stmt.tf b/baselines/todo_policy_packs/aws/aws_check_iam/user_inline_star_policy_stmt.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_iam/user_inline_star_policy_stmt.tf rename to baselines/todo_policy_packs/aws/aws_check_iam/user_inline_star_policy_stmt.tf diff --git a/baselines/getting_started/aws/aws_check_iam/user_mfakey_usage.tf b/baselines/todo_policy_packs/aws/aws_check_iam/user_mfakey_usage.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_iam/user_mfakey_usage.tf rename to baselines/todo_policy_packs/aws/aws_check_iam/user_mfakey_usage.tf diff --git a/baselines/getting_started/aws/aws_check_iam/user_policy_attachment.tf b/baselines/todo_policy_packs/aws/aws_check_iam/user_policy_attachment.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_iam/user_policy_attachment.tf rename to baselines/todo_policy_packs/aws/aws_check_iam/user_policy_attachment.tf diff --git a/baselines/getting_started/aws/aws_check_iam/variable.tf b/baselines/todo_policy_packs/aws/aws_check_iam/variable.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_iam/variable.tf rename to baselines/todo_policy_packs/aws/aws_check_iam/variable.tf diff --git a/baselines/getting_started/aws/aws_check_logging/README.md b/baselines/todo_policy_packs/aws/aws_check_logging/README.md similarity index 100% rename from baselines/getting_started/aws/aws_check_logging/README.md rename to baselines/todo_policy_packs/aws/aws_check_logging/README.md diff --git a/baselines/getting_started/aws/aws_check_logging/cloudtrail_policies.tf b/baselines/todo_policy_packs/aws/aws_check_logging/cloudtrail_policies.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_logging/cloudtrail_policies.tf rename to baselines/todo_policy_packs/aws/aws_check_logging/cloudtrail_policies.tf diff --git a/baselines/getting_started/aws/aws_check_logging/config_policies.tf b/baselines/todo_policy_packs/aws/aws_check_logging/config_policies.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_logging/config_policies.tf rename to baselines/todo_policy_packs/aws/aws_check_logging/config_policies.tf diff --git a/baselines/getting_started/aws/aws_check_logging/demo.tfvars b/baselines/todo_policy_packs/aws/aws_check_logging/demo.tfvars similarity index 100% rename from baselines/getting_started/aws/aws_check_logging/demo.tfvars rename to baselines/todo_policy_packs/aws/aws_check_logging/demo.tfvars diff --git a/baselines/getting_started/aws/aws_check_logging/loadbalancer_policies.tf b/baselines/todo_policy_packs/aws/aws_check_logging/loadbalancer_policies.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_logging/loadbalancer_policies.tf rename to baselines/todo_policy_packs/aws/aws_check_logging/loadbalancer_policies.tf diff --git a/baselines/getting_started/aws/aws_check_logging/output.tf b/baselines/todo_policy_packs/aws/aws_check_logging/output.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_logging/output.tf rename to baselines/todo_policy_packs/aws/aws_check_logging/output.tf diff --git a/baselines/getting_started/aws/aws_check_logging/provider.tf b/baselines/todo_policy_packs/aws/aws_check_logging/provider.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_logging/provider.tf rename to baselines/todo_policy_packs/aws/aws_check_logging/provider.tf diff --git a/baselines/getting_started/aws/aws_check_logging/redshift_policies.tf b/baselines/todo_policy_packs/aws/aws_check_logging/redshift_policies.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_logging/redshift_policies.tf rename to baselines/todo_policy_packs/aws/aws_check_logging/redshift_policies.tf diff --git a/baselines/getting_started/aws/aws_check_logging/s3_policies.tf b/baselines/todo_policy_packs/aws/aws_check_logging/s3_policies.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_logging/s3_policies.tf rename to baselines/todo_policy_packs/aws/aws_check_logging/s3_policies.tf diff --git a/baselines/getting_started/aws/aws_check_logging/smart_folder.tf b/baselines/todo_policy_packs/aws/aws_check_logging/smart_folder.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_logging/smart_folder.tf rename to baselines/todo_policy_packs/aws/aws_check_logging/smart_folder.tf diff --git a/baselines/getting_started/aws/aws_check_logging/variable.tf b/baselines/todo_policy_packs/aws/aws_check_logging/variable.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_logging/variable.tf rename to baselines/todo_policy_packs/aws/aws_check_logging/variable.tf diff --git a/baselines/getting_started/aws/aws_check_logging/vpc_policies.tf b/baselines/todo_policy_packs/aws/aws_check_logging/vpc_policies.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_logging/vpc_policies.tf rename to baselines/todo_policy_packs/aws/aws_check_logging/vpc_policies.tf diff --git a/baselines/getting_started/aws/aws_check_public_access/README.md b/baselines/todo_policy_packs/aws/aws_check_public_access/README.md similarity index 100% rename from baselines/getting_started/aws/aws_check_public_access/README.md rename to baselines/todo_policy_packs/aws/aws_check_public_access/README.md diff --git a/baselines/getting_started/aws/aws_check_public_access/apigateway_policies.tf b/baselines/todo_policy_packs/aws/aws_check_public_access/apigateway_policies.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_public_access/apigateway_policies.tf rename to baselines/todo_policy_packs/aws/aws_check_public_access/apigateway_policies.tf diff --git a/baselines/getting_started/aws/aws_check_public_access/demo.tfvars b/baselines/todo_policy_packs/aws/aws_check_public_access/demo.tfvars similarity index 100% rename from baselines/getting_started/aws/aws_check_public_access/demo.tfvars rename to baselines/todo_policy_packs/aws/aws_check_public_access/demo.tfvars diff --git a/baselines/getting_started/aws/aws_check_public_access/ec2_loadbalancers_policies.tf b/baselines/todo_policy_packs/aws/aws_check_public_access/ec2_loadbalancers_policies.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_public_access/ec2_loadbalancers_policies.tf rename to baselines/todo_policy_packs/aws/aws_check_public_access/ec2_loadbalancers_policies.tf diff --git a/baselines/getting_started/aws/aws_check_public_access/ec2_policies.tf b/baselines/todo_policy_packs/aws/aws_check_public_access/ec2_policies.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_public_access/ec2_policies.tf rename to baselines/todo_policy_packs/aws/aws_check_public_access/ec2_policies.tf diff --git a/baselines/getting_started/aws/aws_check_public_access/lambda_policies.tf b/baselines/todo_policy_packs/aws/aws_check_public_access/lambda_policies.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_public_access/lambda_policies.tf rename to baselines/todo_policy_packs/aws/aws_check_public_access/lambda_policies.tf diff --git a/baselines/getting_started/aws/aws_check_public_access/output.tf b/baselines/todo_policy_packs/aws/aws_check_public_access/output.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_public_access/output.tf rename to baselines/todo_policy_packs/aws/aws_check_public_access/output.tf diff --git a/baselines/getting_started/aws/aws_check_public_access/provider.tf b/baselines/todo_policy_packs/aws/aws_check_public_access/provider.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_public_access/provider.tf rename to baselines/todo_policy_packs/aws/aws_check_public_access/provider.tf diff --git a/baselines/getting_started/aws/aws_check_public_access/rds_policies.tf b/baselines/todo_policy_packs/aws/aws_check_public_access/rds_policies.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_public_access/rds_policies.tf rename to baselines/todo_policy_packs/aws/aws_check_public_access/rds_policies.tf diff --git a/baselines/getting_started/aws/aws_check_public_access/route53_policies.tf b/baselines/todo_policy_packs/aws/aws_check_public_access/route53_policies.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_public_access/route53_policies.tf rename to baselines/todo_policy_packs/aws/aws_check_public_access/route53_policies.tf diff --git a/baselines/getting_started/aws/aws_check_public_access/s3_policies.tf b/baselines/todo_policy_packs/aws/aws_check_public_access/s3_policies.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_public_access/s3_policies.tf rename to baselines/todo_policy_packs/aws/aws_check_public_access/s3_policies.tf diff --git a/baselines/getting_started/aws/aws_check_public_access/smart_folder.tf b/baselines/todo_policy_packs/aws/aws_check_public_access/smart_folder.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_public_access/smart_folder.tf rename to baselines/todo_policy_packs/aws/aws_check_public_access/smart_folder.tf diff --git a/baselines/getting_started/aws/aws_check_public_access/sns_policies.tf b/baselines/todo_policy_packs/aws/aws_check_public_access/sns_policies.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_public_access/sns_policies.tf rename to baselines/todo_policy_packs/aws/aws_check_public_access/sns_policies.tf diff --git a/baselines/getting_started/aws/aws_check_public_access/sqs_policies.tf b/baselines/todo_policy_packs/aws/aws_check_public_access/sqs_policies.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_public_access/sqs_policies.tf rename to baselines/todo_policy_packs/aws/aws_check_public_access/sqs_policies.tf diff --git a/baselines/getting_started/aws/aws_check_public_access/trusted_account_template.tf b/baselines/todo_policy_packs/aws/aws_check_public_access/trusted_account_template.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_public_access/trusted_account_template.tf rename to baselines/todo_policy_packs/aws/aws_check_public_access/trusted_account_template.tf diff --git a/baselines/getting_started/aws/aws_check_public_access/variable.tf b/baselines/todo_policy_packs/aws/aws_check_public_access/variable.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_public_access/variable.tf rename to baselines/todo_policy_packs/aws/aws_check_public_access/variable.tf diff --git a/baselines/getting_started/aws/aws_check_public_access/vpc_core_policies.tf b/baselines/todo_policy_packs/aws/aws_check_public_access/vpc_core_policies.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_public_access/vpc_core_policies.tf rename to baselines/todo_policy_packs/aws/aws_check_public_access/vpc_core_policies.tf diff --git a/baselines/getting_started/aws/aws_check_public_access/vpc_internet_policies.tf b/baselines/todo_policy_packs/aws/aws_check_public_access/vpc_internet_policies.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_public_access/vpc_internet_policies.tf rename to baselines/todo_policy_packs/aws/aws_check_public_access/vpc_internet_policies.tf diff --git a/baselines/getting_started/aws/aws_check_public_access/vpc_security_policies.tf b/baselines/todo_policy_packs/aws/aws_check_public_access/vpc_security_policies.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_public_access/vpc_security_policies.tf rename to baselines/todo_policy_packs/aws/aws_check_public_access/vpc_security_policies.tf diff --git a/baselines/getting_started/aws/aws_check_regions/README.md b/baselines/todo_policy_packs/aws/aws_check_regions/README.md similarity index 100% rename from baselines/getting_started/aws/aws_check_regions/README.md rename to baselines/todo_policy_packs/aws/aws_check_regions/README.md diff --git a/baselines/getting_started/aws/aws_check_regions/approved_regions_policies.tf b/baselines/todo_policy_packs/aws/aws_check_regions/approved_regions_policies.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_regions/approved_regions_policies.tf rename to baselines/todo_policy_packs/aws/aws_check_regions/approved_regions_policies.tf diff --git a/baselines/getting_started/aws/aws_check_regions/demo.tfvars b/baselines/todo_policy_packs/aws/aws_check_regions/demo.tfvars similarity index 100% rename from baselines/getting_started/aws/aws_check_regions/demo.tfvars rename to baselines/todo_policy_packs/aws/aws_check_regions/demo.tfvars diff --git a/baselines/getting_started/aws/aws_check_regions/locals.tf b/baselines/todo_policy_packs/aws/aws_check_regions/locals.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_regions/locals.tf rename to baselines/todo_policy_packs/aws/aws_check_regions/locals.tf diff --git a/baselines/getting_started/aws/aws_check_regions/outputs.tf b/baselines/todo_policy_packs/aws/aws_check_regions/outputs.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_regions/outputs.tf rename to baselines/todo_policy_packs/aws/aws_check_regions/outputs.tf diff --git a/baselines/getting_started/aws/aws_check_regions/providers.tf b/baselines/todo_policy_packs/aws/aws_check_regions/providers.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_regions/providers.tf rename to baselines/todo_policy_packs/aws/aws_check_regions/providers.tf diff --git a/baselines/getting_started/aws/aws_check_regions/smart_folder.tf b/baselines/todo_policy_packs/aws/aws_check_regions/smart_folder.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_regions/smart_folder.tf rename to baselines/todo_policy_packs/aws/aws_check_regions/smart_folder.tf diff --git a/baselines/getting_started/aws/aws_check_regions/variables.tf b/baselines/todo_policy_packs/aws/aws_check_regions/variables.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_regions/variables.tf rename to baselines/todo_policy_packs/aws/aws_check_regions/variables.tf diff --git a/baselines/getting_started/aws/aws_check_s3/README.md b/baselines/todo_policy_packs/aws/aws_check_s3/README.md similarity index 100% rename from baselines/getting_started/aws/aws_check_s3/README.md rename to baselines/todo_policy_packs/aws/aws_check_s3/README.md diff --git a/baselines/getting_started/aws/aws_check_s3/demo.tfvars b/baselines/todo_policy_packs/aws/aws_check_s3/demo.tfvars similarity index 100% rename from baselines/getting_started/aws/aws_check_s3/demo.tfvars rename to baselines/todo_policy_packs/aws/aws_check_s3/demo.tfvars diff --git a/baselines/getting_started/aws/aws_check_s3/outputs.tf b/baselines/todo_policy_packs/aws/aws_check_s3/outputs.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_s3/outputs.tf rename to baselines/todo_policy_packs/aws/aws_check_s3/outputs.tf diff --git a/baselines/getting_started/aws/aws_check_s3/providers.tf b/baselines/todo_policy_packs/aws/aws_check_s3/providers.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_s3/providers.tf rename to baselines/todo_policy_packs/aws/aws_check_s3/providers.tf diff --git a/baselines/getting_started/aws/aws_check_s3/s3_access_logging_policies.tf b/baselines/todo_policy_packs/aws/aws_check_s3/s3_access_logging_policies.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_s3/s3_access_logging_policies.tf rename to baselines/todo_policy_packs/aws/aws_check_s3/s3_access_logging_policies.tf diff --git a/baselines/getting_started/aws/aws_check_s3/s3_active_policies.tf b/baselines/todo_policy_packs/aws/aws_check_s3/s3_active_policies.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_s3/s3_active_policies.tf rename to baselines/todo_policy_packs/aws/aws_check_s3/s3_active_policies.tf diff --git a/baselines/getting_started/aws/aws_check_s3/s3_approved_policies.tf b/baselines/todo_policy_packs/aws/aws_check_s3/s3_approved_policies.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_s3/s3_approved_policies.tf rename to baselines/todo_policy_packs/aws/aws_check_s3/s3_approved_policies.tf diff --git a/baselines/getting_started/aws/aws_check_s3/s3_enable_policies.tf b/baselines/todo_policy_packs/aws/aws_check_s3/s3_enable_policies.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_s3/s3_enable_policies.tf rename to baselines/todo_policy_packs/aws/aws_check_s3/s3_enable_policies.tf diff --git a/baselines/getting_started/aws/aws_check_s3/s3_encryption_policies.tf b/baselines/todo_policy_packs/aws/aws_check_s3/s3_encryption_policies.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_s3/s3_encryption_policies.tf rename to baselines/todo_policy_packs/aws/aws_check_s3/s3_encryption_policies.tf diff --git a/baselines/getting_started/aws/aws_check_s3/s3_permission_policies.tf b/baselines/todo_policy_packs/aws/aws_check_s3/s3_permission_policies.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_s3/s3_permission_policies.tf rename to baselines/todo_policy_packs/aws/aws_check_s3/s3_permission_policies.tf diff --git a/baselines/getting_started/aws/aws_check_s3/s3_public_access_policies.tf b/baselines/todo_policy_packs/aws/aws_check_s3/s3_public_access_policies.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_s3/s3_public_access_policies.tf rename to baselines/todo_policy_packs/aws/aws_check_s3/s3_public_access_policies.tf diff --git a/baselines/getting_started/aws/aws_check_s3/s3_tag_policies.tf b/baselines/todo_policy_packs/aws/aws_check_s3/s3_tag_policies.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_s3/s3_tag_policies.tf rename to baselines/todo_policy_packs/aws/aws_check_s3/s3_tag_policies.tf diff --git a/baselines/getting_started/aws/aws_check_s3/s3_trusted_access_policies.tf b/baselines/todo_policy_packs/aws/aws_check_s3/s3_trusted_access_policies.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_s3/s3_trusted_access_policies.tf rename to baselines/todo_policy_packs/aws/aws_check_s3/s3_trusted_access_policies.tf diff --git a/baselines/getting_started/aws/aws_check_s3/s3_versioning_policies.tf b/baselines/todo_policy_packs/aws/aws_check_s3/s3_versioning_policies.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_s3/s3_versioning_policies.tf rename to baselines/todo_policy_packs/aws/aws_check_s3/s3_versioning_policies.tf diff --git a/baselines/getting_started/aws/aws_check_s3/smart_folder.tf b/baselines/todo_policy_packs/aws/aws_check_s3/smart_folder.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_s3/smart_folder.tf rename to baselines/todo_policy_packs/aws/aws_check_s3/smart_folder.tf diff --git a/baselines/getting_started/aws/aws_check_s3/variables.tf b/baselines/todo_policy_packs/aws/aws_check_s3/variables.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_s3/variables.tf rename to baselines/todo_policy_packs/aws/aws_check_s3/variables.tf diff --git a/baselines/getting_started/aws/aws_check_stack/README.md b/baselines/todo_policy_packs/aws/aws_check_stack/README.md similarity index 100% rename from baselines/getting_started/aws/aws_check_stack/README.md rename to baselines/todo_policy_packs/aws/aws_check_stack/README.md diff --git a/baselines/getting_started/aws/aws_check_stack/aws_account_iam_stack_policies.tf b/baselines/todo_policy_packs/aws/aws_check_stack/aws_account_iam_stack_policies.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_stack/aws_account_iam_stack_policies.tf rename to baselines/todo_policy_packs/aws/aws_check_stack/aws_account_iam_stack_policies.tf diff --git a/baselines/getting_started/aws/aws_check_stack/outputs.tf b/baselines/todo_policy_packs/aws/aws_check_stack/outputs.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_stack/outputs.tf rename to baselines/todo_policy_packs/aws/aws_check_stack/outputs.tf diff --git a/baselines/getting_started/aws/aws_check_stack/providers.tf b/baselines/todo_policy_packs/aws/aws_check_stack/providers.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_stack/providers.tf rename to baselines/todo_policy_packs/aws/aws_check_stack/providers.tf diff --git a/baselines/getting_started/aws/aws_check_stack/smart_folder.tf b/baselines/todo_policy_packs/aws/aws_check_stack/smart_folder.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_stack/smart_folder.tf rename to baselines/todo_policy_packs/aws/aws_check_stack/smart_folder.tf diff --git a/baselines/getting_started/aws/aws_check_stack/tf_includes/sourcestack_policies.tf b/baselines/todo_policy_packs/aws/aws_check_stack/tf_includes/sourcestack_policies.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_stack/tf_includes/sourcestack_policies.tf rename to baselines/todo_policy_packs/aws/aws_check_stack/tf_includes/sourcestack_policies.tf diff --git a/baselines/getting_started/aws/aws_check_stack/variables.tf b/baselines/todo_policy_packs/aws/aws_check_stack/variables.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_stack/variables.tf rename to baselines/todo_policy_packs/aws/aws_check_stack/variables.tf diff --git a/baselines/getting_started/aws/aws_check_tagging/README.md b/baselines/todo_policy_packs/aws/aws_check_tagging/README.md similarity index 100% rename from baselines/getting_started/aws/aws_check_tagging/README.md rename to baselines/todo_policy_packs/aws/aws_check_tagging/README.md diff --git a/baselines/getting_started/aws/aws_check_tagging/aws_tagging.tf b/baselines/todo_policy_packs/aws/aws_check_tagging/aws_tagging.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_tagging/aws_tagging.tf rename to baselines/todo_policy_packs/aws/aws_check_tagging/aws_tagging.tf diff --git a/baselines/getting_started/aws/aws_check_tagging/demo.tfvars b/baselines/todo_policy_packs/aws/aws_check_tagging/demo.tfvars similarity index 100% rename from baselines/getting_started/aws/aws_check_tagging/demo.tfvars rename to baselines/todo_policy_packs/aws/aws_check_tagging/demo.tfvars diff --git a/baselines/getting_started/aws/aws_check_tagging/locals.tf b/baselines/todo_policy_packs/aws/aws_check_tagging/locals.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_tagging/locals.tf rename to baselines/todo_policy_packs/aws/aws_check_tagging/locals.tf diff --git a/baselines/getting_started/aws/aws_check_tagging/outputs.tf b/baselines/todo_policy_packs/aws/aws_check_tagging/outputs.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_tagging/outputs.tf rename to baselines/todo_policy_packs/aws/aws_check_tagging/outputs.tf diff --git a/baselines/getting_started/aws/aws_check_tagging/providers.tf b/baselines/todo_policy_packs/aws/aws_check_tagging/providers.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_tagging/providers.tf rename to baselines/todo_policy_packs/aws/aws_check_tagging/providers.tf diff --git a/baselines/getting_started/aws/aws_check_tagging/smart_folder.tf b/baselines/todo_policy_packs/aws/aws_check_tagging/smart_folder.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_tagging/smart_folder.tf rename to baselines/todo_policy_packs/aws/aws_check_tagging/smart_folder.tf diff --git a/baselines/getting_started/aws/aws_check_tagging/variables.tf b/baselines/todo_policy_packs/aws/aws_check_tagging/variables.tf similarity index 100% rename from baselines/getting_started/aws/aws_check_tagging/variables.tf rename to baselines/todo_policy_packs/aws/aws_check_tagging/variables.tf diff --git a/baselines/aws/aws_disable_cmdb/README.md b/baselines/todo_policy_packs/aws/aws_disable_cmdb/README.md similarity index 100% rename from baselines/aws/aws_disable_cmdb/README.md rename to baselines/todo_policy_packs/aws/aws_disable_cmdb/README.md diff --git a/baselines/aws/aws_disable_cmdb/aws_cmdb.tf b/baselines/todo_policy_packs/aws/aws_disable_cmdb/aws_cmdb.tf similarity index 100% rename from baselines/aws/aws_disable_cmdb/aws_cmdb.tf rename to baselines/todo_policy_packs/aws/aws_disable_cmdb/aws_cmdb.tf diff --git a/baselines/aws/aws_disable_cmdb/main.tf b/baselines/todo_policy_packs/aws/aws_disable_cmdb/main.tf similarity index 100% rename from baselines/aws/aws_disable_cmdb/main.tf rename to baselines/todo_policy_packs/aws/aws_disable_cmdb/main.tf diff --git a/baselines/aws/aws_disable_cmdb/versions.tf b/baselines/todo_policy_packs/aws/aws_disable_cmdb/versions.tf similarity index 100% rename from baselines/aws/aws_disable_cmdb/versions.tf rename to baselines/todo_policy_packs/aws/aws_disable_cmdb/versions.tf diff --git a/baselines/aws/aws_permission/README.md b/baselines/todo_policy_packs/aws/aws_permission/README.md similarity index 100% rename from baselines/aws/aws_permission/README.md rename to baselines/todo_policy_packs/aws/aws_permission/README.md diff --git a/baselines/aws/aws_permission/default.tfvars b/baselines/todo_policy_packs/aws/aws_permission/default.tfvars similarity index 100% rename from baselines/aws/aws_permission/default.tfvars rename to baselines/todo_policy_packs/aws/aws_permission/default.tfvars diff --git a/baselines/aws/aws_permission/main.tf b/baselines/todo_policy_packs/aws/aws_permission/main.tf similarity index 100% rename from baselines/aws/aws_permission/main.tf rename to baselines/todo_policy_packs/aws/aws_permission/main.tf diff --git a/baselines/aws/aws_permission/variables.tf b/baselines/todo_policy_packs/aws/aws_permission/variables.tf similarity index 100% rename from baselines/aws/aws_permission/variables.tf rename to baselines/todo_policy_packs/aws/aws_permission/variables.tf diff --git a/baselines/azure/azure-cis-v1-section5.2/README.md b/baselines/todo_policy_packs/azure/azure-cis-v1-section5.2/README.md similarity index 100% rename from baselines/azure/azure-cis-v1-section5.2/README.md rename to baselines/todo_policy_packs/azure/azure-cis-v1-section5.2/README.md diff --git a/baselines/azure/azure-cis-v1-section5.2/default.tfvars b/baselines/todo_policy_packs/azure/azure-cis-v1-section5.2/default.tfvars similarity index 100% rename from baselines/azure/azure-cis-v1-section5.2/default.tfvars rename to baselines/todo_policy_packs/azure/azure-cis-v1-section5.2/default.tfvars diff --git a/baselines/azure/azure-cis-v1-section5.2/main.tf b/baselines/todo_policy_packs/azure/azure-cis-v1-section5.2/main.tf similarity index 100% rename from baselines/azure/azure-cis-v1-section5.2/main.tf rename to baselines/todo_policy_packs/azure/azure-cis-v1-section5.2/main.tf diff --git a/baselines/azure/azure-cis-v1-section5.2/variables.tf b/baselines/todo_policy_packs/azure/azure-cis-v1-section5.2/variables.tf similarity index 100% rename from baselines/azure/azure-cis-v1-section5.2/variables.tf rename to baselines/todo_policy_packs/azure/azure-cis-v1-section5.2/variables.tf diff --git a/baselines/azure/azure-cis-v1/README.md b/baselines/todo_policy_packs/azure/azure-cis-v1/README.md similarity index 100% rename from baselines/azure/azure-cis-v1/README.md rename to baselines/todo_policy_packs/azure/azure-cis-v1/README.md diff --git a/baselines/azure/azure-cis-v1/default.tfvars b/baselines/todo_policy_packs/azure/azure-cis-v1/default.tfvars similarity index 100% rename from baselines/azure/azure-cis-v1/default.tfvars rename to baselines/todo_policy_packs/azure/azure-cis-v1/default.tfvars diff --git a/baselines/azure/azure-cis-v1/main.tf b/baselines/todo_policy_packs/azure/azure-cis-v1/main.tf similarity index 100% rename from baselines/azure/azure-cis-v1/main.tf rename to baselines/todo_policy_packs/azure/azure-cis-v1/main.tf diff --git a/baselines/azure/azure-cis-v1/variables.tf b/baselines/todo_policy_packs/azure/azure-cis-v1/variables.tf similarity index 100% rename from baselines/azure/azure-cis-v1/variables.tf rename to baselines/todo_policy_packs/azure/azure-cis-v1/variables.tf diff --git a/baselines/azure/azure_active_directory_import/README.md b/baselines/todo_policy_packs/azure/azure_active_directory_import/README.md similarity index 100% rename from baselines/azure/azure_active_directory_import/README.md rename to baselines/todo_policy_packs/azure/azure_active_directory_import/README.md diff --git a/baselines/azure/azure_active_directory_import/default.tfvars b/baselines/todo_policy_packs/azure/azure_active_directory_import/default.tfvars similarity index 100% rename from baselines/azure/azure_active_directory_import/default.tfvars rename to baselines/todo_policy_packs/azure/azure_active_directory_import/default.tfvars diff --git a/baselines/azure/azure_active_directory_import/main.tf b/baselines/todo_policy_packs/azure/azure_active_directory_import/main.tf similarity index 100% rename from baselines/azure/azure_active_directory_import/main.tf rename to baselines/todo_policy_packs/azure/azure_active_directory_import/main.tf diff --git a/baselines/azure/azure_active_directory_import/variables.tf b/baselines/todo_policy_packs/azure/azure_active_directory_import/variables.tf similarity index 100% rename from baselines/azure/azure_active_directory_import/variables.tf rename to baselines/todo_policy_packs/azure/azure_active_directory_import/variables.tf diff --git a/baselines/getting_started/azure/azure_baseline/README.md b/baselines/todo_policy_packs/azure/azure_baseline/README.md similarity index 100% rename from baselines/getting_started/azure/azure_baseline/README.md rename to baselines/todo_policy_packs/azure/azure_baseline/README.md diff --git a/baselines/getting_started/azure/azure_baseline/azure_provider_enable.tf b/baselines/todo_policy_packs/azure/azure_baseline/azure_provider_enable.tf similarity index 100% rename from baselines/getting_started/azure/azure_baseline/azure_provider_enable.tf rename to baselines/todo_policy_packs/azure/azure_baseline/azure_provider_enable.tf diff --git a/baselines/getting_started/azure/azure_baseline/azure_service_enable.tf b/baselines/todo_policy_packs/azure/azure_baseline/azure_service_enable.tf similarity index 100% rename from baselines/getting_started/azure/azure_baseline/azure_service_enable.tf rename to baselines/todo_policy_packs/azure/azure_baseline/azure_service_enable.tf diff --git a/baselines/getting_started/azure/azure_baseline/demo.tfvars b/baselines/todo_policy_packs/azure/azure_baseline/demo.tfvars similarity index 100% rename from baselines/getting_started/azure/azure_baseline/demo.tfvars rename to baselines/todo_policy_packs/azure/azure_baseline/demo.tfvars diff --git a/baselines/getting_started/azure/azure_baseline/enable_cis.tf b/baselines/todo_policy_packs/azure/azure_baseline/enable_cis.tf similarity index 100% rename from baselines/getting_started/azure/azure_baseline/enable_cis.tf rename to baselines/todo_policy_packs/azure/azure_baseline/enable_cis.tf diff --git a/baselines/getting_started/azure/azure_baseline/event_polling.tf b/baselines/todo_policy_packs/azure/azure_baseline/event_polling.tf similarity index 100% rename from baselines/getting_started/azure/azure_baseline/event_polling.tf rename to baselines/todo_policy_packs/azure/azure_baseline/event_polling.tf diff --git a/baselines/getting_started/azure/azure_baseline/outputs.tf b/baselines/todo_policy_packs/azure/azure_baseline/outputs.tf similarity index 100% rename from baselines/getting_started/azure/azure_baseline/outputs.tf rename to baselines/todo_policy_packs/azure/azure_baseline/outputs.tf diff --git a/baselines/getting_started/azure/azure_baseline/providers.tf b/baselines/todo_policy_packs/azure/azure_baseline/providers.tf similarity index 100% rename from baselines/getting_started/azure/azure_baseline/providers.tf rename to baselines/todo_policy_packs/azure/azure_baseline/providers.tf diff --git a/baselines/getting_started/azure/azure_baseline/smart_folder.tf b/baselines/todo_policy_packs/azure/azure_baseline/smart_folder.tf similarity index 100% rename from baselines/getting_started/azure/azure_baseline/smart_folder.tf rename to baselines/todo_policy_packs/azure/azure_baseline/smart_folder.tf diff --git a/baselines/getting_started/azure/azure_baseline/variables.tf b/baselines/todo_policy_packs/azure/azure_baseline/variables.tf similarity index 100% rename from baselines/getting_started/azure/azure_baseline/variables.tf rename to baselines/todo_policy_packs/azure/azure_baseline/variables.tf diff --git a/baselines/getting_started/azure/azure_check_cost_controls/README.md b/baselines/todo_policy_packs/azure/azure_check_cost_controls/README.md similarity index 100% rename from baselines/getting_started/azure/azure_check_cost_controls/README.md rename to baselines/todo_policy_packs/azure/azure_check_cost_controls/README.md diff --git a/baselines/getting_started/azure/azure_check_cost_controls/active_policies.tf b/baselines/todo_policy_packs/azure/azure_check_cost_controls/active_policies.tf similarity index 100% rename from baselines/getting_started/azure/azure_check_cost_controls/active_policies.tf rename to baselines/todo_policy_packs/azure/azure_check_cost_controls/active_policies.tf diff --git a/baselines/getting_started/azure/azure_check_cost_controls/demo.tfvars b/baselines/todo_policy_packs/azure/azure_check_cost_controls/demo.tfvars similarity index 100% rename from baselines/getting_started/azure/azure_check_cost_controls/demo.tfvars rename to baselines/todo_policy_packs/azure/azure_check_cost_controls/demo.tfvars diff --git a/baselines/getting_started/azure/azure_check_cost_controls/locals.tf b/baselines/todo_policy_packs/azure/azure_check_cost_controls/locals.tf similarity index 100% rename from baselines/getting_started/azure/azure_check_cost_controls/locals.tf rename to baselines/todo_policy_packs/azure/azure_check_cost_controls/locals.tf diff --git a/baselines/getting_started/azure/azure_check_cost_controls/outputs.tf b/baselines/todo_policy_packs/azure/azure_check_cost_controls/outputs.tf similarity index 100% rename from baselines/getting_started/azure/azure_check_cost_controls/outputs.tf rename to baselines/todo_policy_packs/azure/azure_check_cost_controls/outputs.tf diff --git a/baselines/getting_started/azure/azure_check_cost_controls/providers.tf b/baselines/todo_policy_packs/azure/azure_check_cost_controls/providers.tf similarity index 100% rename from baselines/getting_started/azure/azure_check_cost_controls/providers.tf rename to baselines/todo_policy_packs/azure/azure_check_cost_controls/providers.tf diff --git a/baselines/getting_started/azure/azure_check_cost_controls/schedules_policies.tf b/baselines/todo_policy_packs/azure/azure_check_cost_controls/schedules_policies.tf similarity index 100% rename from baselines/getting_started/azure/azure_check_cost_controls/schedules_policies.tf rename to baselines/todo_policy_packs/azure/azure_check_cost_controls/schedules_policies.tf diff --git a/baselines/getting_started/azure/azure_check_cost_controls/smartfolder.tf b/baselines/todo_policy_packs/azure/azure_check_cost_controls/smartfolder.tf similarity index 100% rename from baselines/getting_started/azure/azure_check_cost_controls/smartfolder.tf rename to baselines/todo_policy_packs/azure/azure_check_cost_controls/smartfolder.tf diff --git a/baselines/getting_started/azure/azure_check_cost_controls/storage_tier_policies.tf b/baselines/todo_policy_packs/azure/azure_check_cost_controls/storage_tier_policies.tf similarity index 100% rename from baselines/getting_started/azure/azure_check_cost_controls/storage_tier_policies.tf rename to baselines/todo_policy_packs/azure/azure_check_cost_controls/storage_tier_policies.tf diff --git a/baselines/getting_started/azure/azure_check_cost_controls/variables.tf b/baselines/todo_policy_packs/azure/azure_check_cost_controls/variables.tf similarity index 100% rename from baselines/getting_started/azure/azure_check_cost_controls/variables.tf rename to baselines/todo_policy_packs/azure/azure_check_cost_controls/variables.tf diff --git a/baselines/getting_started/azure/azure_check_encryption/README.md b/baselines/todo_policy_packs/azure/azure_check_encryption/README.md similarity index 100% rename from baselines/getting_started/azure/azure_check_encryption/README.md rename to baselines/todo_policy_packs/azure/azure_check_encryption/README.md diff --git a/baselines/getting_started/azure/azure_check_encryption/appservice_policies.tf b/baselines/todo_policy_packs/azure/azure_check_encryption/appservice_policies.tf similarity index 100% rename from baselines/getting_started/azure/azure_check_encryption/appservice_policies.tf rename to baselines/todo_policy_packs/azure/azure_check_encryption/appservice_policies.tf diff --git a/baselines/getting_started/azure/azure_check_encryption/compute_policies.tf b/baselines/todo_policy_packs/azure/azure_check_encryption/compute_policies.tf similarity index 100% rename from baselines/getting_started/azure/azure_check_encryption/compute_policies.tf rename to baselines/todo_policy_packs/azure/azure_check_encryption/compute_policies.tf diff --git a/baselines/getting_started/azure/azure_check_encryption/demo.tfvars b/baselines/todo_policy_packs/azure/azure_check_encryption/demo.tfvars similarity index 100% rename from baselines/getting_started/azure/azure_check_encryption/demo.tfvars rename to baselines/todo_policy_packs/azure/azure_check_encryption/demo.tfvars diff --git a/baselines/getting_started/azure/azure_check_encryption/mysql_policies.tf b/baselines/todo_policy_packs/azure/azure_check_encryption/mysql_policies.tf similarity index 100% rename from baselines/getting_started/azure/azure_check_encryption/mysql_policies.tf rename to baselines/todo_policy_packs/azure/azure_check_encryption/mysql_policies.tf diff --git a/baselines/getting_started/azure/azure_check_encryption/outputs.tf b/baselines/todo_policy_packs/azure/azure_check_encryption/outputs.tf similarity index 100% rename from baselines/getting_started/azure/azure_check_encryption/outputs.tf rename to baselines/todo_policy_packs/azure/azure_check_encryption/outputs.tf diff --git a/baselines/getting_started/azure/azure_check_encryption/postgresql_policies.tf b/baselines/todo_policy_packs/azure/azure_check_encryption/postgresql_policies.tf similarity index 100% rename from baselines/getting_started/azure/azure_check_encryption/postgresql_policies.tf rename to baselines/todo_policy_packs/azure/azure_check_encryption/postgresql_policies.tf diff --git a/baselines/getting_started/azure/azure_check_encryption/providers.tf b/baselines/todo_policy_packs/azure/azure_check_encryption/providers.tf similarity index 100% rename from baselines/getting_started/azure/azure_check_encryption/providers.tf rename to baselines/todo_policy_packs/azure/azure_check_encryption/providers.tf diff --git a/baselines/getting_started/azure/azure_check_encryption/smart_folder.tf b/baselines/todo_policy_packs/azure/azure_check_encryption/smart_folder.tf similarity index 100% rename from baselines/getting_started/azure/azure_check_encryption/smart_folder.tf rename to baselines/todo_policy_packs/azure/azure_check_encryption/smart_folder.tf diff --git a/baselines/getting_started/azure/azure_check_encryption/sql_policies.tf b/baselines/todo_policy_packs/azure/azure_check_encryption/sql_policies.tf similarity index 100% rename from baselines/getting_started/azure/azure_check_encryption/sql_policies.tf rename to baselines/todo_policy_packs/azure/azure_check_encryption/sql_policies.tf diff --git a/baselines/getting_started/azure/azure_check_encryption/storage_policies.tf b/baselines/todo_policy_packs/azure/azure_check_encryption/storage_policies.tf similarity index 100% rename from baselines/getting_started/azure/azure_check_encryption/storage_policies.tf rename to baselines/todo_policy_packs/azure/azure_check_encryption/storage_policies.tf diff --git a/baselines/getting_started/azure/azure_check_encryption/variables.tf b/baselines/todo_policy_packs/azure/azure_check_encryption/variables.tf similarity index 100% rename from baselines/getting_started/azure/azure_check_encryption/variables.tf rename to baselines/todo_policy_packs/azure/azure_check_encryption/variables.tf diff --git a/baselines/getting_started/azure/azure_check_logging/README.md b/baselines/todo_policy_packs/azure/azure_check_logging/README.md similarity index 100% rename from baselines/getting_started/azure/azure_check_logging/README.md rename to baselines/todo_policy_packs/azure/azure_check_logging/README.md diff --git a/baselines/getting_started/azure/azure_check_logging/db_threat_protection_policies.tf b/baselines/todo_policy_packs/azure/azure_check_logging/db_threat_protection_policies.tf similarity index 100% rename from baselines/getting_started/azure/azure_check_logging/db_threat_protection_policies.tf rename to baselines/todo_policy_packs/azure/azure_check_logging/db_threat_protection_policies.tf diff --git a/baselines/getting_started/azure/azure_check_logging/outputs.tf b/baselines/todo_policy_packs/azure/azure_check_logging/outputs.tf similarity index 100% rename from baselines/getting_started/azure/azure_check_logging/outputs.tf rename to baselines/todo_policy_packs/azure/azure_check_logging/outputs.tf diff --git a/baselines/getting_started/azure/azure_check_logging/postgresql_logging_policies.tf b/baselines/todo_policy_packs/azure/azure_check_logging/postgresql_logging_policies.tf similarity index 100% rename from baselines/getting_started/azure/azure_check_logging/postgresql_logging_policies.tf rename to baselines/todo_policy_packs/azure/azure_check_logging/postgresql_logging_policies.tf diff --git a/baselines/getting_started/azure/azure_check_logging/providers.tf b/baselines/todo_policy_packs/azure/azure_check_logging/providers.tf similarity index 100% rename from baselines/getting_started/azure/azure_check_logging/providers.tf rename to baselines/todo_policy_packs/azure/azure_check_logging/providers.tf diff --git a/baselines/getting_started/azure/azure_check_logging/smartfolder.tf b/baselines/todo_policy_packs/azure/azure_check_logging/smartfolder.tf similarity index 100% rename from baselines/getting_started/azure/azure_check_logging/smartfolder.tf rename to baselines/todo_policy_packs/azure/azure_check_logging/smartfolder.tf diff --git a/baselines/getting_started/azure/azure_check_logging/sql_logging_policies.tf b/baselines/todo_policy_packs/azure/azure_check_logging/sql_logging_policies.tf similarity index 100% rename from baselines/getting_started/azure/azure_check_logging/sql_logging_policies.tf rename to baselines/todo_policy_packs/azure/azure_check_logging/sql_logging_policies.tf diff --git a/baselines/getting_started/azure/azure_check_logging/storage_logging_policies.tf b/baselines/todo_policy_packs/azure/azure_check_logging/storage_logging_policies.tf similarity index 100% rename from baselines/getting_started/azure/azure_check_logging/storage_logging_policies.tf rename to baselines/todo_policy_packs/azure/azure_check_logging/storage_logging_policies.tf diff --git a/baselines/getting_started/azure/azure_check_logging/variables.tf b/baselines/todo_policy_packs/azure/azure_check_logging/variables.tf similarity index 100% rename from baselines/getting_started/azure/azure_check_logging/variables.tf rename to baselines/todo_policy_packs/azure/azure_check_logging/variables.tf diff --git a/baselines/getting_started/azure/azure_check_public_access/README.md b/baselines/todo_policy_packs/azure/azure_check_public_access/README.md similarity index 100% rename from baselines/getting_started/azure/azure_check_public_access/README.md rename to baselines/todo_policy_packs/azure/azure_check_public_access/README.md diff --git a/baselines/getting_started/azure/azure_check_public_access/applicationgateway_policies.tf b/baselines/todo_policy_packs/azure/azure_check_public_access/applicationgateway_policies.tf similarity index 100% rename from baselines/getting_started/azure/azure_check_public_access/applicationgateway_policies.tf rename to baselines/todo_policy_packs/azure/azure_check_public_access/applicationgateway_policies.tf diff --git a/baselines/getting_started/azure/azure_check_public_access/network_policies.tf b/baselines/todo_policy_packs/azure/azure_check_public_access/network_policies.tf similarity index 100% rename from baselines/getting_started/azure/azure_check_public_access/network_policies.tf rename to baselines/todo_policy_packs/azure/azure_check_public_access/network_policies.tf diff --git a/baselines/getting_started/azure/azure_check_public_access/outputs.tf b/baselines/todo_policy_packs/azure/azure_check_public_access/outputs.tf similarity index 100% rename from baselines/getting_started/azure/azure_check_public_access/outputs.tf rename to baselines/todo_policy_packs/azure/azure_check_public_access/outputs.tf diff --git a/baselines/getting_started/azure/azure_check_public_access/providers.tf b/baselines/todo_policy_packs/azure/azure_check_public_access/providers.tf similarity index 100% rename from baselines/getting_started/azure/azure_check_public_access/providers.tf rename to baselines/todo_policy_packs/azure/azure_check_public_access/providers.tf diff --git a/baselines/getting_started/azure/azure_check_public_access/smart_folder.tf b/baselines/todo_policy_packs/azure/azure_check_public_access/smart_folder.tf similarity index 100% rename from baselines/getting_started/azure/azure_check_public_access/smart_folder.tf rename to baselines/todo_policy_packs/azure/azure_check_public_access/smart_folder.tf diff --git a/baselines/getting_started/azure/azure_check_public_access/storage_policies.tf b/baselines/todo_policy_packs/azure/azure_check_public_access/storage_policies.tf similarity index 100% rename from baselines/getting_started/azure/azure_check_public_access/storage_policies.tf rename to baselines/todo_policy_packs/azure/azure_check_public_access/storage_policies.tf diff --git a/baselines/getting_started/azure/azure_check_public_access/variables.tf b/baselines/todo_policy_packs/azure/azure_check_public_access/variables.tf similarity index 100% rename from baselines/getting_started/azure/azure_check_public_access/variables.tf rename to baselines/todo_policy_packs/azure/azure_check_public_access/variables.tf diff --git a/baselines/getting_started/azure/azure_check_regions/README.md b/baselines/todo_policy_packs/azure/azure_check_regions/README.md similarity index 100% rename from baselines/getting_started/azure/azure_check_regions/README.md rename to baselines/todo_policy_packs/azure/azure_check_regions/README.md diff --git a/baselines/getting_started/azure/azure_check_regions/approved_regions_policies.tf b/baselines/todo_policy_packs/azure/azure_check_regions/approved_regions_policies.tf similarity index 100% rename from baselines/getting_started/azure/azure_check_regions/approved_regions_policies.tf rename to baselines/todo_policy_packs/azure/azure_check_regions/approved_regions_policies.tf diff --git a/baselines/getting_started/azure/azure_check_regions/demo.tfvars b/baselines/todo_policy_packs/azure/azure_check_regions/demo.tfvars similarity index 100% rename from baselines/getting_started/azure/azure_check_regions/demo.tfvars rename to baselines/todo_policy_packs/azure/azure_check_regions/demo.tfvars diff --git a/baselines/getting_started/azure/azure_check_regions/locals.tf b/baselines/todo_policy_packs/azure/azure_check_regions/locals.tf similarity index 100% rename from baselines/getting_started/azure/azure_check_regions/locals.tf rename to baselines/todo_policy_packs/azure/azure_check_regions/locals.tf diff --git a/baselines/getting_started/azure/azure_check_regions/outputs.tf b/baselines/todo_policy_packs/azure/azure_check_regions/outputs.tf similarity index 100% rename from baselines/getting_started/azure/azure_check_regions/outputs.tf rename to baselines/todo_policy_packs/azure/azure_check_regions/outputs.tf diff --git a/baselines/getting_started/azure/azure_check_regions/providers.tf b/baselines/todo_policy_packs/azure/azure_check_regions/providers.tf similarity index 100% rename from baselines/getting_started/azure/azure_check_regions/providers.tf rename to baselines/todo_policy_packs/azure/azure_check_regions/providers.tf diff --git a/baselines/getting_started/azure/azure_check_regions/smart_folder.tf b/baselines/todo_policy_packs/azure/azure_check_regions/smart_folder.tf similarity index 100% rename from baselines/getting_started/azure/azure_check_regions/smart_folder.tf rename to baselines/todo_policy_packs/azure/azure_check_regions/smart_folder.tf diff --git a/baselines/getting_started/azure/azure_check_regions/vaiables.tf b/baselines/todo_policy_packs/azure/azure_check_regions/vaiables.tf similarity index 100% rename from baselines/getting_started/azure/azure_check_regions/vaiables.tf rename to baselines/todo_policy_packs/azure/azure_check_regions/vaiables.tf diff --git a/baselines/getting_started/azure/azure_check_stack/README.md b/baselines/todo_policy_packs/azure/azure_check_stack/README.md similarity index 100% rename from baselines/getting_started/azure/azure_check_stack/README.md rename to baselines/todo_policy_packs/azure/azure_check_stack/README.md diff --git a/baselines/getting_started/azure/azure_check_stack/outputs.tf b/baselines/todo_policy_packs/azure/azure_check_stack/outputs.tf similarity index 100% rename from baselines/getting_started/azure/azure_check_stack/outputs.tf rename to baselines/todo_policy_packs/azure/azure_check_stack/outputs.tf diff --git a/baselines/getting_started/azure/azure_check_stack/providers.tf b/baselines/todo_policy_packs/azure/azure_check_stack/providers.tf similarity index 100% rename from baselines/getting_started/azure/azure_check_stack/providers.tf rename to baselines/todo_policy_packs/azure/azure_check_stack/providers.tf diff --git a/baselines/getting_started/azure/azure_check_stack/smartfolder.tf b/baselines/todo_policy_packs/azure/azure_check_stack/smartfolder.tf similarity index 100% rename from baselines/getting_started/azure/azure_check_stack/smartfolder.tf rename to baselines/todo_policy_packs/azure/azure_check_stack/smartfolder.tf diff --git a/baselines/getting_started/azure/azure_check_stack/sub_monitor_stack_policies.tf b/baselines/todo_policy_packs/azure/azure_check_stack/sub_monitor_stack_policies.tf similarity index 100% rename from baselines/getting_started/azure/azure_check_stack/sub_monitor_stack_policies.tf rename to baselines/todo_policy_packs/azure/azure_check_stack/sub_monitor_stack_policies.tf diff --git a/baselines/getting_started/azure/azure_check_stack/tf_includes/sourcestack_policies.tf b/baselines/todo_policy_packs/azure/azure_check_stack/tf_includes/sourcestack_policies.tf similarity index 100% rename from baselines/getting_started/azure/azure_check_stack/tf_includes/sourcestack_policies.tf rename to baselines/todo_policy_packs/azure/azure_check_stack/tf_includes/sourcestack_policies.tf diff --git a/baselines/getting_started/azure/azure_check_stack/variables.tf b/baselines/todo_policy_packs/azure/azure_check_stack/variables.tf similarity index 100% rename from baselines/getting_started/azure/azure_check_stack/variables.tf rename to baselines/todo_policy_packs/azure/azure_check_stack/variables.tf diff --git a/baselines/getting_started/azure/azure_check_tagging/README.md b/baselines/todo_policy_packs/azure/azure_check_tagging/README.md similarity index 100% rename from baselines/getting_started/azure/azure_check_tagging/README.md rename to baselines/todo_policy_packs/azure/azure_check_tagging/README.md diff --git a/baselines/getting_started/azure/azure_check_tagging/demo.tfvars b/baselines/todo_policy_packs/azure/azure_check_tagging/demo.tfvars similarity index 100% rename from baselines/getting_started/azure/azure_check_tagging/demo.tfvars rename to baselines/todo_policy_packs/azure/azure_check_tagging/demo.tfvars diff --git a/baselines/getting_started/azure/azure_check_tagging/locals.tf b/baselines/todo_policy_packs/azure/azure_check_tagging/locals.tf similarity index 100% rename from baselines/getting_started/azure/azure_check_tagging/locals.tf rename to baselines/todo_policy_packs/azure/azure_check_tagging/locals.tf diff --git a/baselines/getting_started/azure/azure_check_tagging/outputs.tf b/baselines/todo_policy_packs/azure/azure_check_tagging/outputs.tf similarity index 100% rename from baselines/getting_started/azure/azure_check_tagging/outputs.tf rename to baselines/todo_policy_packs/azure/azure_check_tagging/outputs.tf diff --git a/baselines/getting_started/azure/azure_check_tagging/providers.tf b/baselines/todo_policy_packs/azure/azure_check_tagging/providers.tf similarity index 100% rename from baselines/getting_started/azure/azure_check_tagging/providers.tf rename to baselines/todo_policy_packs/azure/azure_check_tagging/providers.tf diff --git a/baselines/getting_started/azure/azure_check_tagging/smartfolder.tf b/baselines/todo_policy_packs/azure/azure_check_tagging/smartfolder.tf similarity index 100% rename from baselines/getting_started/azure/azure_check_tagging/smartfolder.tf rename to baselines/todo_policy_packs/azure/azure_check_tagging/smartfolder.tf diff --git a/baselines/getting_started/azure/azure_check_tagging/tagging_policies.tf b/baselines/todo_policy_packs/azure/azure_check_tagging/tagging_policies.tf similarity index 100% rename from baselines/getting_started/azure/azure_check_tagging/tagging_policies.tf rename to baselines/todo_policy_packs/azure/azure_check_tagging/tagging_policies.tf diff --git a/baselines/getting_started/azure/azure_check_tagging/variables.tf b/baselines/todo_policy_packs/azure/azure_check_tagging/variables.tf similarity index 100% rename from baselines/getting_started/azure/azure_check_tagging/variables.tf rename to baselines/todo_policy_packs/azure/azure_check_tagging/variables.tf diff --git a/baselines/azure/azure_eventing/README.md b/baselines/todo_policy_packs/azure/azure_eventing/README.md similarity index 100% rename from baselines/azure/azure_eventing/README.md rename to baselines/todo_policy_packs/azure/azure_eventing/README.md diff --git a/baselines/azure/azure_eventing/default.tfvars b/baselines/todo_policy_packs/azure/azure_eventing/default.tfvars similarity index 100% rename from baselines/azure/azure_eventing/default.tfvars rename to baselines/todo_policy_packs/azure/azure_eventing/default.tfvars diff --git a/baselines/azure/azure_eventing/main.tf b/baselines/todo_policy_packs/azure/azure_eventing/main.tf similarity index 100% rename from baselines/azure/azure_eventing/main.tf rename to baselines/todo_policy_packs/azure/azure_eventing/main.tf diff --git a/baselines/azure/azure_eventing/variables.tf b/baselines/todo_policy_packs/azure/azure_eventing/variables.tf similarity index 100% rename from baselines/azure/azure_eventing/variables.tf rename to baselines/todo_policy_packs/azure/azure_eventing/variables.tf diff --git a/baselines/azure/azure_management_group_import/README.md b/baselines/todo_policy_packs/azure/azure_management_group_import/README.md similarity index 100% rename from baselines/azure/azure_management_group_import/README.md rename to baselines/todo_policy_packs/azure/azure_management_group_import/README.md diff --git a/baselines/azure/azure_management_group_import/default.tfvars b/baselines/todo_policy_packs/azure/azure_management_group_import/default.tfvars similarity index 100% rename from baselines/azure/azure_management_group_import/default.tfvars rename to baselines/todo_policy_packs/azure/azure_management_group_import/default.tfvars diff --git a/baselines/azure/azure_management_group_import/main.tf b/baselines/todo_policy_packs/azure/azure_management_group_import/main.tf similarity index 100% rename from baselines/azure/azure_management_group_import/main.tf rename to baselines/todo_policy_packs/azure/azure_management_group_import/main.tf diff --git a/baselines/azure/azure_management_group_import/variables.tf b/baselines/todo_policy_packs/azure/azure_management_group_import/variables.tf similarity index 100% rename from baselines/azure/azure_management_group_import/variables.tf rename to baselines/todo_policy_packs/azure/azure_management_group_import/variables.tf diff --git a/baselines/azure/azure_provider_registration/README.md b/baselines/todo_policy_packs/azure/azure_provider_registration/README.md similarity index 100% rename from baselines/azure/azure_provider_registration/README.md rename to baselines/todo_policy_packs/azure/azure_provider_registration/README.md diff --git a/baselines/azure/azure_provider_registration/default.tfvars b/baselines/todo_policy_packs/azure/azure_provider_registration/default.tfvars similarity index 100% rename from baselines/azure/azure_provider_registration/default.tfvars rename to baselines/todo_policy_packs/azure/azure_provider_registration/default.tfvars diff --git a/baselines/azure/azure_provider_registration/main.tf b/baselines/todo_policy_packs/azure/azure_provider_registration/main.tf similarity index 100% rename from baselines/azure/azure_provider_registration/main.tf rename to baselines/todo_policy_packs/azure/azure_provider_registration/main.tf diff --git a/baselines/azure/azure_provider_registration/variables.tf b/baselines/todo_policy_packs/azure/azure_provider_registration/variables.tf similarity index 100% rename from baselines/azure/azure_provider_registration/variables.tf rename to baselines/todo_policy_packs/azure/azure_provider_registration/variables.tf diff --git a/baselines/azure/azure_services/README.md b/baselines/todo_policy_packs/azure/azure_services/README.md similarity index 100% rename from baselines/azure/azure_services/README.md rename to baselines/todo_policy_packs/azure/azure_services/README.md diff --git a/baselines/azure/azure_services/default.tfvars b/baselines/todo_policy_packs/azure/azure_services/default.tfvars similarity index 100% rename from baselines/azure/azure_services/default.tfvars rename to baselines/todo_policy_packs/azure/azure_services/default.tfvars diff --git a/baselines/azure/azure_services/main.tf b/baselines/todo_policy_packs/azure/azure_services/main.tf similarity index 100% rename from baselines/azure/azure_services/main.tf rename to baselines/todo_policy_packs/azure/azure_services/main.tf diff --git a/baselines/azure/azure_services/variables.tf b/baselines/todo_policy_packs/azure/azure_services/variables.tf similarity index 100% rename from baselines/azure/azure_services/variables.tf rename to baselines/todo_policy_packs/azure/azure_services/variables.tf diff --git a/baselines/azure/azure_sub_create_then_import/README.md b/baselines/todo_policy_packs/azure/azure_sub_create_then_import/README.md similarity index 100% rename from baselines/azure/azure_sub_create_then_import/README.md rename to baselines/todo_policy_packs/azure/azure_sub_create_then_import/README.md diff --git a/baselines/azure/azure_sub_create_then_import/default.tfvars b/baselines/todo_policy_packs/azure/azure_sub_create_then_import/default.tfvars similarity index 100% rename from baselines/azure/azure_sub_create_then_import/default.tfvars rename to baselines/todo_policy_packs/azure/azure_sub_create_then_import/default.tfvars diff --git a/baselines/azure/azure_sub_create_then_import/main.tf b/baselines/todo_policy_packs/azure/azure_sub_create_then_import/main.tf similarity index 100% rename from baselines/azure/azure_sub_create_then_import/main.tf rename to baselines/todo_policy_packs/azure/azure_sub_create_then_import/main.tf diff --git a/baselines/azure/azure_sub_create_then_import/outputs.tf b/baselines/todo_policy_packs/azure/azure_sub_create_then_import/outputs.tf similarity index 100% rename from baselines/azure/azure_sub_create_then_import/outputs.tf rename to baselines/todo_policy_packs/azure/azure_sub_create_then_import/outputs.tf diff --git a/baselines/azure/azure_sub_create_then_import/variables.tf b/baselines/todo_policy_packs/azure/azure_sub_create_then_import/variables.tf similarity index 100% rename from baselines/azure/azure_sub_create_then_import/variables.tf rename to baselines/todo_policy_packs/azure/azure_sub_create_then_import/variables.tf diff --git a/baselines/azure/azure_sub_create_then_import_ro/README.md b/baselines/todo_policy_packs/azure/azure_sub_create_then_import_ro/README.md similarity index 100% rename from baselines/azure/azure_sub_create_then_import_ro/README.md rename to baselines/todo_policy_packs/azure/azure_sub_create_then_import_ro/README.md diff --git a/baselines/azure/azure_sub_create_then_import_ro/default.tfvars b/baselines/todo_policy_packs/azure/azure_sub_create_then_import_ro/default.tfvars similarity index 100% rename from baselines/azure/azure_sub_create_then_import_ro/default.tfvars rename to baselines/todo_policy_packs/azure/azure_sub_create_then_import_ro/default.tfvars diff --git a/baselines/azure/azure_sub_create_then_import_ro/main.tf b/baselines/todo_policy_packs/azure/azure_sub_create_then_import_ro/main.tf similarity index 100% rename from baselines/azure/azure_sub_create_then_import_ro/main.tf rename to baselines/todo_policy_packs/azure/azure_sub_create_then_import_ro/main.tf diff --git a/baselines/azure/azure_sub_create_then_import_ro/outputs.tf b/baselines/todo_policy_packs/azure/azure_sub_create_then_import_ro/outputs.tf similarity index 100% rename from baselines/azure/azure_sub_create_then_import_ro/outputs.tf rename to baselines/todo_policy_packs/azure/azure_sub_create_then_import_ro/outputs.tf diff --git a/baselines/azure/azure_sub_create_then_import_ro/variables.tf b/baselines/todo_policy_packs/azure/azure_sub_create_then_import_ro/variables.tf similarity index 100% rename from baselines/azure/azure_sub_create_then_import_ro/variables.tf rename to baselines/todo_policy_packs/azure/azure_sub_create_then_import_ro/variables.tf diff --git a/baselines/azure/azure_sub_import/README.md b/baselines/todo_policy_packs/azure/azure_sub_import/README.md similarity index 100% rename from baselines/azure/azure_sub_import/README.md rename to baselines/todo_policy_packs/azure/azure_sub_import/README.md diff --git a/baselines/azure/azure_sub_import/default.tfvars b/baselines/todo_policy_packs/azure/azure_sub_import/default.tfvars similarity index 100% rename from baselines/azure/azure_sub_import/default.tfvars rename to baselines/todo_policy_packs/azure/azure_sub_import/default.tfvars diff --git a/baselines/azure/azure_sub_import/main.tf b/baselines/todo_policy_packs/azure/azure_sub_import/main.tf similarity index 100% rename from baselines/azure/azure_sub_import/main.tf rename to baselines/todo_policy_packs/azure/azure_sub_import/main.tf diff --git a/baselines/azure/azure_sub_import/outputs.tf b/baselines/todo_policy_packs/azure/azure_sub_import/outputs.tf similarity index 100% rename from baselines/azure/azure_sub_import/outputs.tf rename to baselines/todo_policy_packs/azure/azure_sub_import/outputs.tf diff --git a/baselines/azure/azure_sub_import/variables.tf b/baselines/todo_policy_packs/azure/azure_sub_import/variables.tf similarity index 100% rename from baselines/azure/azure_sub_import/variables.tf rename to baselines/todo_policy_packs/azure/azure_sub_import/variables.tf diff --git a/baselines/azure/azure_tenant_import/README.md b/baselines/todo_policy_packs/azure/azure_tenant_import/README.md similarity index 100% rename from baselines/azure/azure_tenant_import/README.md rename to baselines/todo_policy_packs/azure/azure_tenant_import/README.md diff --git a/baselines/azure/azure_tenant_import/default.tfvars b/baselines/todo_policy_packs/azure/azure_tenant_import/default.tfvars similarity index 100% rename from baselines/azure/azure_tenant_import/default.tfvars rename to baselines/todo_policy_packs/azure/azure_tenant_import/default.tfvars diff --git a/baselines/azure/azure_tenant_import/main.tf b/baselines/todo_policy_packs/azure/azure_tenant_import/main.tf similarity index 100% rename from baselines/azure/azure_tenant_import/main.tf rename to baselines/todo_policy_packs/azure/azure_tenant_import/main.tf diff --git a/baselines/azure/azure_tenant_import/variables.tf b/baselines/todo_policy_packs/azure/azure_tenant_import/variables.tf similarity index 100% rename from baselines/azure/azure_tenant_import/variables.tf rename to baselines/todo_policy_packs/azure/azure_tenant_import/variables.tf diff --git a/baselines/getting_started/gcp/gcp_baseline/README.md b/baselines/todo_policy_packs/gcp/gcp_baseline/README.md similarity index 100% rename from baselines/getting_started/gcp/gcp_baseline/README.md rename to baselines/todo_policy_packs/gcp/gcp_baseline/README.md diff --git a/baselines/getting_started/gcp/gcp_baseline/demo.tfvars b/baselines/todo_policy_packs/gcp/gcp_baseline/demo.tfvars similarity index 100% rename from baselines/getting_started/gcp/gcp_baseline/demo.tfvars rename to baselines/todo_policy_packs/gcp/gcp_baseline/demo.tfvars diff --git a/baselines/getting_started/gcp/gcp_baseline/enable_cis_policies.tf b/baselines/todo_policy_packs/gcp/gcp_baseline/enable_cis_policies.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_baseline/enable_cis_policies.tf rename to baselines/todo_policy_packs/gcp/gcp_baseline/enable_cis_policies.tf diff --git a/baselines/getting_started/gcp/gcp_baseline/enable_policies.tf b/baselines/todo_policy_packs/gcp/gcp_baseline/enable_policies.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_baseline/enable_policies.tf rename to baselines/todo_policy_packs/gcp/gcp_baseline/enable_policies.tf diff --git a/baselines/getting_started/gcp/gcp_baseline/event_poller_policies.tf b/baselines/todo_policy_packs/gcp/gcp_baseline/event_poller_policies.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_baseline/event_poller_policies.tf rename to baselines/todo_policy_packs/gcp/gcp_baseline/event_poller_policies.tf diff --git a/baselines/getting_started/gcp/gcp_baseline/locals.tf b/baselines/todo_policy_packs/gcp/gcp_baseline/locals.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_baseline/locals.tf rename to baselines/todo_policy_packs/gcp/gcp_baseline/locals.tf diff --git a/baselines/getting_started/gcp/gcp_baseline/outputs.tf b/baselines/todo_policy_packs/gcp/gcp_baseline/outputs.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_baseline/outputs.tf rename to baselines/todo_policy_packs/gcp/gcp_baseline/outputs.tf diff --git a/baselines/getting_started/gcp/gcp_baseline/providers.tf b/baselines/todo_policy_packs/gcp/gcp_baseline/providers.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_baseline/providers.tf rename to baselines/todo_policy_packs/gcp/gcp_baseline/providers.tf diff --git a/baselines/getting_started/gcp/gcp_baseline/regions.tf b/baselines/todo_policy_packs/gcp/gcp_baseline/regions.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_baseline/regions.tf rename to baselines/todo_policy_packs/gcp/gcp_baseline/regions.tf diff --git a/baselines/getting_started/gcp/gcp_baseline/smart_folder.tf b/baselines/todo_policy_packs/gcp/gcp_baseline/smart_folder.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_baseline/smart_folder.tf rename to baselines/todo_policy_packs/gcp/gcp_baseline/smart_folder.tf diff --git a/baselines/getting_started/gcp/gcp_baseline/variables.tf b/baselines/todo_policy_packs/gcp/gcp_baseline/variables.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_baseline/variables.tf rename to baselines/todo_policy_packs/gcp/gcp_baseline/variables.tf diff --git a/baselines/getting_started/gcp/gcp_check_cost_controls/README.md b/baselines/todo_policy_packs/gcp/gcp_check_cost_controls/README.md similarity index 100% rename from baselines/getting_started/gcp/gcp_check_cost_controls/README.md rename to baselines/todo_policy_packs/gcp/gcp_check_cost_controls/README.md diff --git a/baselines/getting_started/gcp/gcp_check_cost_controls/active_policies.tf b/baselines/todo_policy_packs/gcp/gcp_check_cost_controls/active_policies.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_cost_controls/active_policies.tf rename to baselines/todo_policy_packs/gcp/gcp_check_cost_controls/active_policies.tf diff --git a/baselines/getting_started/gcp/gcp_check_cost_controls/compute_engine_active_policies.tf b/baselines/todo_policy_packs/gcp/gcp_check_cost_controls/compute_engine_active_policies.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_cost_controls/compute_engine_active_policies.tf rename to baselines/todo_policy_packs/gcp/gcp_check_cost_controls/compute_engine_active_policies.tf diff --git a/baselines/getting_started/gcp/gcp_check_cost_controls/compute_engine_schedule_policies.tf b/baselines/todo_policy_packs/gcp/gcp_check_cost_controls/compute_engine_schedule_policies.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_cost_controls/compute_engine_schedule_policies.tf rename to baselines/todo_policy_packs/gcp/gcp_check_cost_controls/compute_engine_schedule_policies.tf diff --git a/baselines/getting_started/gcp/gcp_check_cost_controls/demo.tfvars b/baselines/todo_policy_packs/gcp/gcp_check_cost_controls/demo.tfvars similarity index 100% rename from baselines/getting_started/gcp/gcp_check_cost_controls/demo.tfvars rename to baselines/todo_policy_packs/gcp/gcp_check_cost_controls/demo.tfvars diff --git a/baselines/getting_started/gcp/gcp_check_cost_controls/locals.tf b/baselines/todo_policy_packs/gcp/gcp_check_cost_controls/locals.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_cost_controls/locals.tf rename to baselines/todo_policy_packs/gcp/gcp_check_cost_controls/locals.tf diff --git a/baselines/getting_started/gcp/gcp_check_cost_controls/network_approved_policies.tf b/baselines/todo_policy_packs/gcp/gcp_check_cost_controls/network_approved_policies.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_cost_controls/network_approved_policies.tf rename to baselines/todo_policy_packs/gcp/gcp_check_cost_controls/network_approved_policies.tf diff --git a/baselines/getting_started/gcp/gcp_check_cost_controls/outputs.tf b/baselines/todo_policy_packs/gcp/gcp_check_cost_controls/outputs.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_cost_controls/outputs.tf rename to baselines/todo_policy_packs/gcp/gcp_check_cost_controls/outputs.tf diff --git a/baselines/getting_started/gcp/gcp_check_cost_controls/providers.tf b/baselines/todo_policy_packs/gcp/gcp_check_cost_controls/providers.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_cost_controls/providers.tf rename to baselines/todo_policy_packs/gcp/gcp_check_cost_controls/providers.tf diff --git a/baselines/getting_started/gcp/gcp_check_cost_controls/smart_folder.tf b/baselines/todo_policy_packs/gcp/gcp_check_cost_controls/smart_folder.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_cost_controls/smart_folder.tf rename to baselines/todo_policy_packs/gcp/gcp_check_cost_controls/smart_folder.tf diff --git a/baselines/getting_started/gcp/gcp_check_cost_controls/variables.tf b/baselines/todo_policy_packs/gcp/gcp_check_cost_controls/variables.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_cost_controls/variables.tf rename to baselines/todo_policy_packs/gcp/gcp_check_cost_controls/variables.tf diff --git a/baselines/getting_started/gcp/gcp_check_encryption/README.md b/baselines/todo_policy_packs/gcp/gcp_check_encryption/README.md similarity index 100% rename from baselines/getting_started/gcp/gcp_check_encryption/README.md rename to baselines/todo_policy_packs/gcp/gcp_check_encryption/README.md diff --git a/baselines/getting_started/gcp/gcp_check_encryption/bigquery_encryption_policies.tf b/baselines/todo_policy_packs/gcp/gcp_check_encryption/bigquery_encryption_policies.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_encryption/bigquery_encryption_policies.tf rename to baselines/todo_policy_packs/gcp/gcp_check_encryption/bigquery_encryption_policies.tf diff --git a/baselines/getting_started/gcp/gcp_check_encryption/compute_engine_encryption_policies.tf b/baselines/todo_policy_packs/gcp/gcp_check_encryption/compute_engine_encryption_policies.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_encryption/compute_engine_encryption_policies.tf rename to baselines/todo_policy_packs/gcp/gcp_check_encryption/compute_engine_encryption_policies.tf diff --git a/baselines/getting_started/gcp/gcp_check_encryption/dataflow_encryption_policies.tf b/baselines/todo_policy_packs/gcp/gcp_check_encryption/dataflow_encryption_policies.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_encryption/dataflow_encryption_policies.tf rename to baselines/todo_policy_packs/gcp/gcp_check_encryption/dataflow_encryption_policies.tf diff --git a/baselines/getting_started/gcp/gcp_check_encryption/dataproc_encryption_policies.tf b/baselines/todo_policy_packs/gcp/gcp_check_encryption/dataproc_encryption_policies.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_encryption/dataproc_encryption_policies.tf rename to baselines/todo_policy_packs/gcp/gcp_check_encryption/dataproc_encryption_policies.tf diff --git a/baselines/getting_started/gcp/gcp_check_encryption/kubernetes_engine_encryption_policies.tf b/baselines/todo_policy_packs/gcp/gcp_check_encryption/kubernetes_engine_encryption_policies.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_encryption/kubernetes_engine_encryption_policies.tf rename to baselines/todo_policy_packs/gcp/gcp_check_encryption/kubernetes_engine_encryption_policies.tf diff --git a/baselines/getting_started/gcp/gcp_check_encryption/outputs.tf b/baselines/todo_policy_packs/gcp/gcp_check_encryption/outputs.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_encryption/outputs.tf rename to baselines/todo_policy_packs/gcp/gcp_check_encryption/outputs.tf diff --git a/baselines/getting_started/gcp/gcp_check_encryption/providers.tf b/baselines/todo_policy_packs/gcp/gcp_check_encryption/providers.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_encryption/providers.tf rename to baselines/todo_policy_packs/gcp/gcp_check_encryption/providers.tf diff --git a/baselines/getting_started/gcp/gcp_check_encryption/pub_sub_encryption_policies.tf b/baselines/todo_policy_packs/gcp/gcp_check_encryption/pub_sub_encryption_policies.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_encryption/pub_sub_encryption_policies.tf rename to baselines/todo_policy_packs/gcp/gcp_check_encryption/pub_sub_encryption_policies.tf diff --git a/baselines/getting_started/gcp/gcp_check_encryption/smartfolder.tf b/baselines/todo_policy_packs/gcp/gcp_check_encryption/smartfolder.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_encryption/smartfolder.tf rename to baselines/todo_policy_packs/gcp/gcp_check_encryption/smartfolder.tf diff --git a/baselines/getting_started/gcp/gcp_check_encryption/storage_encryption_policies.tf b/baselines/todo_policy_packs/gcp/gcp_check_encryption/storage_encryption_policies.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_encryption/storage_encryption_policies.tf rename to baselines/todo_policy_packs/gcp/gcp_check_encryption/storage_encryption_policies.tf diff --git a/baselines/getting_started/gcp/gcp_check_encryption/variables.tf b/baselines/todo_policy_packs/gcp/gcp_check_encryption/variables.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_encryption/variables.tf rename to baselines/todo_policy_packs/gcp/gcp_check_encryption/variables.tf diff --git a/baselines/getting_started/gcp/gcp_check_iam/README.md b/baselines/todo_policy_packs/gcp/gcp_check_iam/README.md similarity index 100% rename from baselines/getting_started/gcp/gcp_check_iam/README.md rename to baselines/todo_policy_packs/gcp/gcp_check_iam/README.md diff --git a/baselines/getting_started/gcp/gcp_check_iam/demo.tfvars b/baselines/todo_policy_packs/gcp/gcp_check_iam/demo.tfvars similarity index 100% rename from baselines/getting_started/gcp/gcp_check_iam/demo.tfvars rename to baselines/todo_policy_packs/gcp/gcp_check_iam/demo.tfvars diff --git a/baselines/getting_started/gcp/gcp_check_iam/outputs.tf b/baselines/todo_policy_packs/gcp/gcp_check_iam/outputs.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_iam/outputs.tf rename to baselines/todo_policy_packs/gcp/gcp_check_iam/outputs.tf diff --git a/baselines/getting_started/gcp/gcp_check_iam/providers.tf b/baselines/todo_policy_packs/gcp/gcp_check_iam/providers.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_iam/providers.tf rename to baselines/todo_policy_packs/gcp/gcp_check_iam/providers.tf diff --git a/baselines/getting_started/gcp/gcp_check_iam/service_account_key_active_policies.tf b/baselines/todo_policy_packs/gcp/gcp_check_iam/service_account_key_active_policies.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_iam/service_account_key_active_policies.tf rename to baselines/todo_policy_packs/gcp/gcp_check_iam/service_account_key_active_policies.tf diff --git a/baselines/getting_started/gcp/gcp_check_iam/service_account_key_approved_policies.tf.tf b/baselines/todo_policy_packs/gcp/gcp_check_iam/service_account_key_approved_policies.tf.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_iam/service_account_key_approved_policies.tf.tf rename to baselines/todo_policy_packs/gcp/gcp_check_iam/service_account_key_approved_policies.tf.tf diff --git a/baselines/getting_started/gcp/gcp_check_iam/service_account_trust_access_policies.tf b/baselines/todo_policy_packs/gcp/gcp_check_iam/service_account_trust_access_policies.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_iam/service_account_trust_access_policies.tf rename to baselines/todo_policy_packs/gcp/gcp_check_iam/service_account_trust_access_policies.tf diff --git a/baselines/getting_started/gcp/gcp_check_iam/smart_folder.tf b/baselines/todo_policy_packs/gcp/gcp_check_iam/smart_folder.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_iam/smart_folder.tf rename to baselines/todo_policy_packs/gcp/gcp_check_iam/smart_folder.tf diff --git a/baselines/getting_started/gcp/gcp_check_iam/variables.tf b/baselines/todo_policy_packs/gcp/gcp_check_iam/variables.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_iam/variables.tf rename to baselines/todo_policy_packs/gcp/gcp_check_iam/variables.tf diff --git a/baselines/getting_started/gcp/gcp_check_labeling/README.md b/baselines/todo_policy_packs/gcp/gcp_check_labeling/README.md similarity index 100% rename from baselines/getting_started/gcp/gcp_check_labeling/README.md rename to baselines/todo_policy_packs/gcp/gcp_check_labeling/README.md diff --git a/baselines/getting_started/gcp/gcp_check_labeling/demo.tfvars b/baselines/todo_policy_packs/gcp/gcp_check_labeling/demo.tfvars similarity index 100% rename from baselines/getting_started/gcp/gcp_check_labeling/demo.tfvars rename to baselines/todo_policy_packs/gcp/gcp_check_labeling/demo.tfvars diff --git a/baselines/getting_started/gcp/gcp_check_labeling/labeling_policies.tf b/baselines/todo_policy_packs/gcp/gcp_check_labeling/labeling_policies.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_labeling/labeling_policies.tf rename to baselines/todo_policy_packs/gcp/gcp_check_labeling/labeling_policies.tf diff --git a/baselines/getting_started/gcp/gcp_check_labeling/locals.tf b/baselines/todo_policy_packs/gcp/gcp_check_labeling/locals.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_labeling/locals.tf rename to baselines/todo_policy_packs/gcp/gcp_check_labeling/locals.tf diff --git a/baselines/getting_started/gcp/gcp_check_labeling/outputs.tf b/baselines/todo_policy_packs/gcp/gcp_check_labeling/outputs.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_labeling/outputs.tf rename to baselines/todo_policy_packs/gcp/gcp_check_labeling/outputs.tf diff --git a/baselines/getting_started/gcp/gcp_check_labeling/providers.tf b/baselines/todo_policy_packs/gcp/gcp_check_labeling/providers.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_labeling/providers.tf rename to baselines/todo_policy_packs/gcp/gcp_check_labeling/providers.tf diff --git a/baselines/getting_started/gcp/gcp_check_labeling/smartfolder.tf b/baselines/todo_policy_packs/gcp/gcp_check_labeling/smartfolder.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_labeling/smartfolder.tf rename to baselines/todo_policy_packs/gcp/gcp_check_labeling/smartfolder.tf diff --git a/baselines/getting_started/gcp/gcp_check_labeling/vaiables.tf b/baselines/todo_policy_packs/gcp/gcp_check_labeling/vaiables.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_labeling/vaiables.tf rename to baselines/todo_policy_packs/gcp/gcp_check_labeling/vaiables.tf diff --git a/baselines/getting_started/gcp/gcp_check_logging/README.md b/baselines/todo_policy_packs/gcp/gcp_check_logging/README.md similarity index 100% rename from baselines/getting_started/gcp/gcp_check_logging/README.md rename to baselines/todo_policy_packs/gcp/gcp_check_logging/README.md diff --git a/baselines/getting_started/gcp/gcp_check_logging/kubernetes_engine_policies.tf b/baselines/todo_policy_packs/gcp/gcp_check_logging/kubernetes_engine_policies.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_logging/kubernetes_engine_policies.tf rename to baselines/todo_policy_packs/gcp/gcp_check_logging/kubernetes_engine_policies.tf diff --git a/baselines/getting_started/gcp/gcp_check_logging/network_logging_policies.tf b/baselines/todo_policy_packs/gcp/gcp_check_logging/network_logging_policies.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_logging/network_logging_policies.tf rename to baselines/todo_policy_packs/gcp/gcp_check_logging/network_logging_policies.tf diff --git a/baselines/getting_started/gcp/gcp_check_logging/outputs.tf b/baselines/todo_policy_packs/gcp/gcp_check_logging/outputs.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_logging/outputs.tf rename to baselines/todo_policy_packs/gcp/gcp_check_logging/outputs.tf diff --git a/baselines/getting_started/gcp/gcp_check_logging/providers.tf b/baselines/todo_policy_packs/gcp/gcp_check_logging/providers.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_logging/providers.tf rename to baselines/todo_policy_packs/gcp/gcp_check_logging/providers.tf diff --git a/baselines/getting_started/gcp/gcp_check_logging/smartfolder.tf b/baselines/todo_policy_packs/gcp/gcp_check_logging/smartfolder.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_logging/smartfolder.tf rename to baselines/todo_policy_packs/gcp/gcp_check_logging/smartfolder.tf diff --git a/baselines/getting_started/gcp/gcp_check_logging/sql_policies.tf b/baselines/todo_policy_packs/gcp/gcp_check_logging/sql_policies.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_logging/sql_policies.tf rename to baselines/todo_policy_packs/gcp/gcp_check_logging/sql_policies.tf diff --git a/baselines/getting_started/gcp/gcp_check_logging/variables.tf b/baselines/todo_policy_packs/gcp/gcp_check_logging/variables.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_logging/variables.tf rename to baselines/todo_policy_packs/gcp/gcp_check_logging/variables.tf diff --git a/baselines/getting_started/gcp/gcp_check_public_access/README.md b/baselines/todo_policy_packs/gcp/gcp_check_public_access/README.md similarity index 100% rename from baselines/getting_started/gcp/gcp_check_public_access/README.md rename to baselines/todo_policy_packs/gcp/gcp_check_public_access/README.md diff --git a/baselines/getting_started/gcp/gcp_check_public_access/compute_engine_policies.tf b/baselines/todo_policy_packs/gcp/gcp_check_public_access/compute_engine_policies.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_public_access/compute_engine_policies.tf rename to baselines/todo_policy_packs/gcp/gcp_check_public_access/compute_engine_policies.tf diff --git a/baselines/getting_started/gcp/gcp_check_public_access/locals.tf b/baselines/todo_policy_packs/gcp/gcp_check_public_access/locals.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_public_access/locals.tf rename to baselines/todo_policy_packs/gcp/gcp_check_public_access/locals.tf diff --git a/baselines/getting_started/gcp/gcp_check_public_access/network_policies.tf b/baselines/todo_policy_packs/gcp/gcp_check_public_access/network_policies.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_public_access/network_policies.tf rename to baselines/todo_policy_packs/gcp/gcp_check_public_access/network_policies.tf diff --git a/baselines/getting_started/gcp/gcp_check_public_access/outputs.tf b/baselines/todo_policy_packs/gcp/gcp_check_public_access/outputs.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_public_access/outputs.tf rename to baselines/todo_policy_packs/gcp/gcp_check_public_access/outputs.tf diff --git a/baselines/getting_started/gcp/gcp_check_public_access/providers.tf b/baselines/todo_policy_packs/gcp/gcp_check_public_access/providers.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_public_access/providers.tf rename to baselines/todo_policy_packs/gcp/gcp_check_public_access/providers.tf diff --git a/baselines/getting_started/gcp/gcp_check_public_access/smartfolder.tf b/baselines/todo_policy_packs/gcp/gcp_check_public_access/smartfolder.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_public_access/smartfolder.tf rename to baselines/todo_policy_packs/gcp/gcp_check_public_access/smartfolder.tf diff --git a/baselines/getting_started/gcp/gcp_check_public_access/trusted_access_policies.tf b/baselines/todo_policy_packs/gcp/gcp_check_public_access/trusted_access_policies.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_public_access/trusted_access_policies.tf rename to baselines/todo_policy_packs/gcp/gcp_check_public_access/trusted_access_policies.tf diff --git a/baselines/getting_started/gcp/gcp_check_public_access/variables.tf b/baselines/todo_policy_packs/gcp/gcp_check_public_access/variables.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_public_access/variables.tf rename to baselines/todo_policy_packs/gcp/gcp_check_public_access/variables.tf diff --git a/baselines/getting_started/gcp/gcp_check_regions/README.md b/baselines/todo_policy_packs/gcp/gcp_check_regions/README.md similarity index 100% rename from baselines/getting_started/gcp/gcp_check_regions/README.md rename to baselines/todo_policy_packs/gcp/gcp_check_regions/README.md diff --git a/baselines/getting_started/gcp/gcp_check_regions/approved_regions_policies.tf b/baselines/todo_policy_packs/gcp/gcp_check_regions/approved_regions_policies.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_regions/approved_regions_policies.tf rename to baselines/todo_policy_packs/gcp/gcp_check_regions/approved_regions_policies.tf diff --git a/baselines/getting_started/gcp/gcp_check_regions/demo.tfvars b/baselines/todo_policy_packs/gcp/gcp_check_regions/demo.tfvars similarity index 100% rename from baselines/getting_started/gcp/gcp_check_regions/demo.tfvars rename to baselines/todo_policy_packs/gcp/gcp_check_regions/demo.tfvars diff --git a/baselines/getting_started/gcp/gcp_check_regions/locals.tf b/baselines/todo_policy_packs/gcp/gcp_check_regions/locals.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_regions/locals.tf rename to baselines/todo_policy_packs/gcp/gcp_check_regions/locals.tf diff --git a/baselines/getting_started/gcp/gcp_check_regions/outputs.tf b/baselines/todo_policy_packs/gcp/gcp_check_regions/outputs.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_regions/outputs.tf rename to baselines/todo_policy_packs/gcp/gcp_check_regions/outputs.tf diff --git a/baselines/getting_started/gcp/gcp_check_regions/providers.tf b/baselines/todo_policy_packs/gcp/gcp_check_regions/providers.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_regions/providers.tf rename to baselines/todo_policy_packs/gcp/gcp_check_regions/providers.tf diff --git a/baselines/getting_started/gcp/gcp_check_regions/smartfolder.tf b/baselines/todo_policy_packs/gcp/gcp_check_regions/smartfolder.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_regions/smartfolder.tf rename to baselines/todo_policy_packs/gcp/gcp_check_regions/smartfolder.tf diff --git a/baselines/getting_started/gcp/gcp_check_regions/variables.tf b/baselines/todo_policy_packs/gcp/gcp_check_regions/variables.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_regions/variables.tf rename to baselines/todo_policy_packs/gcp/gcp_check_regions/variables.tf diff --git a/baselines/getting_started/gcp/gcp_check_stack/README.md b/baselines/todo_policy_packs/gcp/gcp_check_stack/README.md similarity index 100% rename from baselines/getting_started/gcp/gcp_check_stack/README.md rename to baselines/todo_policy_packs/gcp/gcp_check_stack/README.md diff --git a/baselines/getting_started/gcp/gcp_check_stack/outputs.tf b/baselines/todo_policy_packs/gcp/gcp_check_stack/outputs.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_stack/outputs.tf rename to baselines/todo_policy_packs/gcp/gcp_check_stack/outputs.tf diff --git a/baselines/getting_started/gcp/gcp_check_stack/project_stack_policies.tf b/baselines/todo_policy_packs/gcp/gcp_check_stack/project_stack_policies.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_stack/project_stack_policies.tf rename to baselines/todo_policy_packs/gcp/gcp_check_stack/project_stack_policies.tf diff --git a/baselines/getting_started/gcp/gcp_check_stack/providers.tf b/baselines/todo_policy_packs/gcp/gcp_check_stack/providers.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_stack/providers.tf rename to baselines/todo_policy_packs/gcp/gcp_check_stack/providers.tf diff --git a/baselines/getting_started/gcp/gcp_check_stack/smartfolder.tf b/baselines/todo_policy_packs/gcp/gcp_check_stack/smartfolder.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_stack/smartfolder.tf rename to baselines/todo_policy_packs/gcp/gcp_check_stack/smartfolder.tf diff --git a/baselines/getting_started/gcp/gcp_check_stack/tf_includes/sourcestack_policies.tf b/baselines/todo_policy_packs/gcp/gcp_check_stack/tf_includes/sourcestack_policies.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_stack/tf_includes/sourcestack_policies.tf rename to baselines/todo_policy_packs/gcp/gcp_check_stack/tf_includes/sourcestack_policies.tf diff --git a/baselines/getting_started/gcp/gcp_check_stack/variables.tf b/baselines/todo_policy_packs/gcp/gcp_check_stack/variables.tf similarity index 100% rename from baselines/getting_started/gcp/gcp_check_stack/variables.tf rename to baselines/todo_policy_packs/gcp/gcp_check_stack/variables.tf diff --git a/baselines/gcp/gcp_permission/README.md b/baselines/todo_policy_packs/gcp/gcp_permission/README.md similarity index 100% rename from baselines/gcp/gcp_permission/README.md rename to baselines/todo_policy_packs/gcp/gcp_permission/README.md diff --git a/baselines/gcp/gcp_permission/default.tfvars b/baselines/todo_policy_packs/gcp/gcp_permission/default.tfvars similarity index 100% rename from baselines/gcp/gcp_permission/default.tfvars rename to baselines/todo_policy_packs/gcp/gcp_permission/default.tfvars diff --git a/baselines/gcp/gcp_permission/main.tf b/baselines/todo_policy_packs/gcp/gcp_permission/main.tf similarity index 100% rename from baselines/gcp/gcp_permission/main.tf rename to baselines/todo_policy_packs/gcp/gcp_permission/main.tf diff --git a/baselines/gcp/gcp_permission/variables.tf b/baselines/todo_policy_packs/gcp/gcp_permission/variables.tf similarity index 100% rename from baselines/gcp/gcp_permission/variables.tf rename to baselines/todo_policy_packs/gcp/gcp_permission/variables.tf diff --git a/baselines/gcp/gcp_project_import/README.md b/baselines/todo_policy_packs/gcp/gcp_project_import/README.md similarity index 100% rename from baselines/gcp/gcp_project_import/README.md rename to baselines/todo_policy_packs/gcp/gcp_project_import/README.md diff --git a/baselines/gcp/gcp_project_import/default.tfvars b/baselines/todo_policy_packs/gcp/gcp_project_import/default.tfvars similarity index 100% rename from baselines/gcp/gcp_project_import/default.tfvars rename to baselines/todo_policy_packs/gcp/gcp_project_import/default.tfvars diff --git a/baselines/gcp/gcp_project_import/main.tf b/baselines/todo_policy_packs/gcp/gcp_project_import/main.tf similarity index 100% rename from baselines/gcp/gcp_project_import/main.tf rename to baselines/todo_policy_packs/gcp/gcp_project_import/main.tf diff --git a/baselines/gcp/gcp_project_import/variables.tf b/baselines/todo_policy_packs/gcp/gcp_project_import/variables.tf similarity index 100% rename from baselines/gcp/gcp_project_import/variables.tf rename to baselines/todo_policy_packs/gcp/gcp_project_import/variables.tf diff --git a/baselines/getting_started/gcp/gcp_service_enable/README.md b/baselines/todo_policy_packs/gcp/gcp_services/README.md similarity index 100% rename from baselines/getting_started/gcp/gcp_service_enable/README.md rename to baselines/todo_policy_packs/gcp/gcp_services/README.md diff --git a/baselines/gcp/gcp_services/default.tfvars b/baselines/todo_policy_packs/gcp/gcp_services/default.tfvars similarity index 100% rename from baselines/gcp/gcp_services/default.tfvars rename to baselines/todo_policy_packs/gcp/gcp_services/default.tfvars diff --git a/baselines/gcp/gcp_services/main.tf b/baselines/todo_policy_packs/gcp/gcp_services/main.tf similarity index 100% rename from baselines/gcp/gcp_services/main.tf rename to baselines/todo_policy_packs/gcp/gcp_services/main.tf diff --git a/baselines/gcp/gcp_services/variables.tf b/baselines/todo_policy_packs/gcp/gcp_services/variables.tf similarity index 100% rename from baselines/gcp/gcp_services/variables.tf rename to baselines/todo_policy_packs/gcp/gcp_services/variables.tf diff --git a/baselines/gcp/gcp_setup/README.md b/baselines/todo_policy_packs/gcp/gcp_setup/README.md similarity index 100% rename from baselines/gcp/gcp_setup/README.md rename to baselines/todo_policy_packs/gcp/gcp_setup/README.md diff --git a/baselines/gcp/gcp_setup/default.tfvars b/baselines/todo_policy_packs/gcp/gcp_setup/default.tfvars similarity index 100% rename from baselines/gcp/gcp_setup/default.tfvars rename to baselines/todo_policy_packs/gcp/gcp_setup/default.tfvars diff --git a/baselines/gcp/gcp_setup/main.tf b/baselines/todo_policy_packs/gcp/gcp_setup/main.tf similarity index 100% rename from baselines/gcp/gcp_setup/main.tf rename to baselines/todo_policy_packs/gcp/gcp_setup/main.tf diff --git a/baselines/gcp/gcp_setup/variables.tf b/baselines/todo_policy_packs/gcp/gcp_setup/variables.tf similarity index 100% rename from baselines/gcp/gcp_setup/variables.tf rename to baselines/todo_policy_packs/gcp/gcp_setup/variables.tf diff --git a/baselines/turbot/local_directory/README.md b/baselines/turbot/local_directory/README.md deleted file mode 100644 index 3061b0e92..000000000 --- a/baselines/turbot/local_directory/README.md +++ /dev/null @@ -1,22 +0,0 @@ -# Local Directory Baseline - -The Turbot local directory baseline provides a terraform configuration that allows creation of a local directory and grant Turbot/Owner and Turbot/Admin to users based on the required configurations. - -## Pre-requisites - -To run the local directory baseline, you must have: - -- [Terraform](https://www.terraform.io) Version 12 -- [Turbot Terraform Provider](https://github.com/turbotio/terraform-provider-turbot) -- [Credentials](https://turbot.com/v5/docs/reference/cli/installation#setup-your-turbot-credentials) configured to connect to your Turbot workspace - -## Running the Baseline - -To execute the baseline you must run terraform and specify the local directory name you wish to create and list of users you want to grant Turbot/Owner and Turbot/Admin role. - -To run the mod install baseline: - -- Go to the AWS permissions directory with `cd local_directory` -- Update `default.tfvars` with appropriate values -- Run `terraform plan -var-file=default.tfvars` to review the plan for aws permissions -- Run `terraform apply -var-file=default.tfvars` to apply the changes diff --git a/baselines/turbot/local_directory/default.tfvars b/baselines/turbot/local_directory/default.tfvars deleted file mode 100644 index 25eedae60..000000000 --- a/baselines/turbot/local_directory/default.tfvars +++ /dev/null @@ -1,6 +0,0 @@ -local_directory_name = "Test Local Directory" - -user_details = { - "user1@test.com" = "User One" - "user2@test.com" = "User Two" -} diff --git a/baselines/turbot/local_directory/main.tf b/baselines/turbot/local_directory/main.tf deleted file mode 100644 index ecb0e268f..000000000 --- a/baselines/turbot/local_directory/main.tf +++ /dev/null @@ -1,67 +0,0 @@ -########## Local Directory Creation ########## -resource "turbot_local_directory" "test_dir" { - parent = "tmod:@turbot/turbot#/" - title = var.local_directory_name - description = var.local_directory_name - profile_id_template = "{{profile.email}}" -} - - -########## User Creation ########## -resource "turbot_local_directory_user" "create_user" { - count = length(var.user_details) - title = var.user_details[keys(var.user_details)[count.index]] - email = lower(keys(var.user_details)[count.index]) - display_name = var.user_details[keys(var.user_details)[count.index]] - parent = turbot_local_directory.test_dir.id -} - -########## User Profile Creation ########## -resource "turbot_profile" "create_user_profile" { - count = length(var.user_details) - title = turbot_local_directory_user.create_user[count.index].title - email = lower(keys(var.user_details)[count.index]) - status = "Active" - given_name = split(" ", var.user_details[keys(var.user_details)[count.index]])[0] - family_name = split(" ", var.user_details[keys(var.user_details)[count.index]])[1] - display_name = var.user_details[keys(var.user_details)[count.index]] - parent = turbot_local_directory.test_dir.id - profile_id = keys(var.user_details)[count.index] -} - -########## Grant Creation ########## - -# Create Turbot/Admin grant -resource "turbot_grant" "grant_admin" { - count = length(var.user_details) - resource = "tmod:@turbot/turbot#/" - type = "tmod:@turbot/turbot-iam#/permission/types/turbot" - level = "tmod:@turbot/turbot-iam#/permission/levels/admin" - identity = turbot_profile.create_user_profile[count.index].id -} - -# Create Turbot/Owner grant -resource "turbot_grant" "grant_owner" { - count = length(var.user_details) - resource = "tmod:@turbot/turbot#/" - type = "tmod:@turbot/turbot-iam#/permission/types/turbot" - level = "tmod:@turbot/turbot-iam#/permission/levels/owner" - identity = turbot_profile.create_user_profile[count.index].id -} - -########## Grant Activation ########## - -# Activate Turbot/Admin grant -resource "turbot_grant_activation" "activate_admin_grant" { - count = length(var.user_details) - resource = var.grant_scope_id - grant = turbot_grant.grant_admin[count.index].id -} - -# Activate Turbot/Owner grant -resource "turbot_grant_activation" "activate_owner_grant" { - count = length(var.user_details) - resource = var.grant_scope_id - grant = turbot_grant.grant_owner[count.index].id -} - diff --git a/baselines/turbot/local_directory/variables.tf b/baselines/turbot/local_directory/variables.tf deleted file mode 100644 index 8ffec2404..000000000 --- a/baselines/turbot/local_directory/variables.tf +++ /dev/null @@ -1,17 +0,0 @@ -variable "local_directory_name" { - description = "Enter the name for the local directory to be created:" - type = string -} - -variable "user_details" { - description = "Enter the user details (``=``):" - type = map(string) -} - -# It is the turbot id of turbot folder or resource. -# The Admin and Owner grants will be activated at this level -# "tmod:@turbot/turbot#/" is the aka of Turbot level -variable "grant_scope_id" { - type = string - default = "tmod:@turbot/turbot#/" -} diff --git a/baselines/turbot/test/main.tf b/baselines/turbot/test/main.tf deleted file mode 100644 index 64b47aecc..000000000 --- a/baselines/turbot/test/main.tf +++ /dev/null @@ -1,38 +0,0 @@ -## Create Smart Folder -provider "turbot" { - profile = "demo" -} - -resource "turbot_smart_folder" "folder_test" { - parent = "tmod:@turbot/turbot#/" - title = "AAA SF test" - description = "Test" -} - -# Smart Folder Attachments -resource "turbot_smart_folder_attachment" "attachment_test" { - # PUNISHER - # resource = "188739281797066" # Actual resource - # resource = "188716601440372" # punisher-aaa - # resource = "187486019045335" # folder expediators - # DEMO - # resource = "185847359853835" # dboeke key pair - # resource = "165045201235611" # AWS for Dave - resource = "165043304546839" # Folder Dave - smart_folder = turbot_smart_folder.folder_test.id -} - -# Check only guardrail -# AWS > ec2 > AMI > Approved -resource "turbot_policy_setting" "policy_test_1" { - resource = turbot_smart_folder.folder_test.id - type = "tmod:@turbot/aws-ec2#/policy/types/keyPairActive" - value = "Check: Active" -} - -# resource "turbot_policy_setting" "policy_test_2" { -# resource = turbot_smart_folder.folder_test.id -# type = "tmod:@turbot/aws-ec2#/policy/types/keyPairActiveLastModified" -# value = "Force active if last modified <= 365 days" -# } - From 93fb83f262ebe8fcaa8d69e7352199902827e127 Mon Sep 17 00:00:00 2001 From: Venu Date: Tue, 13 Aug 2024 17:30:49 +0530 Subject: [PATCH 05/17] remove consoletimeout policy --- baselines/guardrails/workspace_settings/main.tf | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/baselines/guardrails/workspace_settings/main.tf b/baselines/guardrails/workspace_settings/main.tf index a33e2a0a2..b499ace29 100644 --- a/baselines/guardrails/workspace_settings/main.tf +++ b/baselines/guardrails/workspace_settings/main.tf @@ -42,13 +42,6 @@ resource "turbot_policy_setting" "turbot_stack_terraform_version" { value = "0.15.*" } -# https://hub.guardrails.turbot.com/mods/turbot/policies/turbot-iam/turbotConsoleSessionTimeoutMins -resource "turbot_policy_setting" "turbot_iam_turbot_console_session_timeout_mins" { - resource = "tmod:@turbot/turbot#/" - type = "tmod:@turbot/turbot-iam#/policy/types/turbotConsoleSessionTimeoutMins" - value = 540 -} - # https://hub.guardrails.turbot.com/mods/turbot/policies/turbot/modAutoUpdate resource "turbot_policy_setting" "turbot_mod_auto_update" { resource = "tmod:@turbot/turbot#/" @@ -67,11 +60,3 @@ resource "turbot_policy_setting" "turbot_mod_change_window_schedule" { duration: 12 EOT } - -# https://hub.guardrails.turbot.com/mods/turbot/policies/turbot/notifications -# # Turbot > Notifications -# resource "turbot_policy_setting" "turbot_notifications" { -# resource = "tmod:@turbot/turbot#/" -# type = "tmod:@turbot/turbot#/policy/types/notifications" -# value = "Enabled" -# } From b33a6e90d435e52863eb53ba0f2126657f222e34 Mon Sep 17 00:00:00 2001 From: Venu Date: Tue, 13 Aug 2024 17:33:37 +0530 Subject: [PATCH 06/17] remove example folder --- .../example_folder_hierarchy/README.md | 32 ------- .../example_folder_hierarchy/default.tfvars | 41 --------- .../example_folder_hierarchy/main.tf | 49 ---------- .../example_folder_hierarchy/variables.tf | 89 ------------------- 4 files changed, 211 deletions(-) delete mode 100644 baselines/guardrails/example_folder_hierarchy/README.md delete mode 100644 baselines/guardrails/example_folder_hierarchy/default.tfvars delete mode 100644 baselines/guardrails/example_folder_hierarchy/main.tf delete mode 100644 baselines/guardrails/example_folder_hierarchy/variables.tf diff --git a/baselines/guardrails/example_folder_hierarchy/README.md b/baselines/guardrails/example_folder_hierarchy/README.md deleted file mode 100644 index d05d753a6..000000000 --- a/baselines/guardrails/example_folder_hierarchy/README.md +++ /dev/null @@ -1,32 +0,0 @@ -# Example Folder Hierarchy - -This Terraform package demonstrates an example folder hierarchy that might exist in a real environment. - -A total of seven folders are created: - -* ACME - * Prod - * Prod IT - * Prod Apps - * Dev - * Dev IT - * Dev Apps - -## Pre-requisites - -To run the example folder hierarchy, you must have: - -- [Terraform](https://www.terraform.io) Version 12 -- [Turbot Terraform Provider](https://github.com/turbotio/terraform-provider-turbot) -- [Credentials](https://turbot.com/v5/docs/reference/cli/installation#setup-your-turbot-credentials) configured to connect to your Turbot workspace - -## Running the Baseline - -To execute the baseline, simply navigate to the example_folder_hierarchy folder using your command line tool of choice, and execute! - -To run the mod install baseline: - -- Go to the directory using the command line tool of choice `cd example_folder_hierarchy`. -- Update `default.tfvars` with appropriate values. If you are simply looking to test, these values can be left default. -- Run `terraform plan -var-file=default.tfvars` to review the plan for aws permissions. -- Run `terraform apply -var-file=default.tfvars` to apply the changes. diff --git a/baselines/guardrails/example_folder_hierarchy/default.tfvars b/baselines/guardrails/example_folder_hierarchy/default.tfvars deleted file mode 100644 index 6d0b8ff6d..000000000 --- a/baselines/guardrails/example_folder_hierarchy/default.tfvars +++ /dev/null @@ -1,41 +0,0 @@ -# Optional - top_folder_title default value: "ACME" -# top_folder_title = "Custom Smart Folder Title" - -# Optional - top_folder_description default value: "Top level folder for ACME" -# top_folder_description = "Custom Smart Folder Title" - -# Optional - top_dev_title default value: "Dev" -# top_dev_title = "Custom Smart Folder Title" - -# Optional - top_dev_description default value: "Description for top level Dev folder" -# top_dev_description = "Custom Smart Folder Title" - -# Optional - top_prod_title default value: "Prod" -# top_prod_title = "Custom Smart Folder Title" - -# Optional - top_prod_description default value: "Top level folder for Prod environment" -# top_prod_description = "Custom Smart Folder Title" - -# Optional - dev_it_title default value: "Dev IT" -# dev_it_title = "Custom Smart Folder Title" - -# Optional - dev_it_description default value: "Dev IT folder" -# dev_it_description = "Custom Smart Folder Title" - -# Optional - dev_apps_title default value: "Dev Apps" -# dev_apps_title = "Custom Smart Folder Title" - -# Optional - dev_apps_description default value: "Dev Apps folder" -# dev_apps_description = "Custom Smart Folder Title" - -# Optional - prod_it_title default value: "Prod IT" -# prod_it_title = "Custom Smart Folder Title" - -# Optional - prod_it_description default value: "Prod IT folder" -# prod_it_description = "Custom Smart Folder Title" - -# Optional - prod_apps_title default value: "Prod Apps" -# prod_apps_title = "Custom Smart Folder Title" - -# Optional - prod_apps_description default value: "Prod Apps folder" -# prod_apps_description = "Custom Smart Folder Title" \ No newline at end of file diff --git a/baselines/guardrails/example_folder_hierarchy/main.tf b/baselines/guardrails/example_folder_hierarchy/main.tf deleted file mode 100644 index 730e86d5f..000000000 --- a/baselines/guardrails/example_folder_hierarchy/main.tf +++ /dev/null @@ -1,49 +0,0 @@ -# Initalize the Turbot provider -provider turbot {} - -# Top level folder -resource "turbot_folder" "acme" { - parent = "tmod:@turbot/turbot#" - title = var.top_folder_title - description = var.top_folder_description -} - -# Top level Dev folder, acme folder is parent -resource "turbot_folder" "top_dev" { - parent = turbot_folder.acme.id - title = var.top_dev_title - description = var.top_dev_folder_description -} - -# Top level Prod folder, acme folder is parent -resource "turbot_folder" "top_prod" { - parent = turbot_folder.acme.id - title = var.top_prod_title - description = var.top_prod_folder_description -} - -# Example business units within Dev. Each business unit gets it's own folder. -resource "turbot_folder" "dev_it" { - parent = turbot_folder.top_dev.id - title = var.dev_it_title - description = var.dev_it_description -} - -resource "turbot_folder" "dev_apps" { - parent = turbot_folder.top_dev.id - title = var.dev_apps_title - description = var.dev_apps_description -} - -# Example business units within Prod. Each business unit gets it's own folder. -resource "turbot_folder" "prod_it" { - parent = turbot_folder.top_prod.id - title = var.prod_it_title - description = var.prod_it_description -} - -resource "turbot_folder" "prod_apps" { - parent = turbot_folder.top_prod.id - title = var.prod_apps_title - description = var.prod_apps_description -} \ No newline at end of file diff --git a/baselines/guardrails/example_folder_hierarchy/variables.tf b/baselines/guardrails/example_folder_hierarchy/variables.tf deleted file mode 100644 index e79e12dca..000000000 --- a/baselines/guardrails/example_folder_hierarchy/variables.tf +++ /dev/null @@ -1,89 +0,0 @@ -variable "top_folder" { - description = "Parent resource for the top level folder, ACME" - type = string - default = "tmod:@turbot/turbot#/" -} - -variable "top_folder_title" { - description = "Title of top level folder." - type = string - default = "ACME" -} - -variable "top_folder_description" { - description = "Description of the top level folder" - type = string - default = "Top level folder for ACME" -} - -variable "top_dev_title" { - description = "Title for top level Dev folder" - type = string - default = "Dev" -} - -variable "top_dev_folder_description" { - description = "Description for top level Dev folder" - type = string - default = "Top level folder for Dev environment" -} - -variable "top_prod_title" { - description = "Title for the top level Prod folder" - type = string - default = "Prod" -} - -variable "top_prod_folder_description" { - description = "Description for the top level Prod folder" - type = string - default = "Top level folder for Prod environment" -} - -variable "dev_it_title" { - description = "Title for Dev IT folder" - type = string - default = "Dev IT" -} - -variable "dev_it_description" { - description = "Description for Dev IT folder" - type = string - default = "Dev IT folder" -} - -variable "dev_apps_title" { - description = "Description for Dev Apps folder" - type = string - default = "Dev Apps" -} - -variable "dev_apps_description" { - description = "Description for Dev Apps folder" - type = string - default = "Dev Apps folder" -} - -variable "prod_it_title" { - description = "Title for Prod IT folder" - type = string - default = "Prod IT" -} - -variable "prod_it_description" { - description = "Description for Prod IT folder" - type = string - default = "Prod IT folder" -} - -variable "prod_apps_title" { - description = "Description for Prod Apps folder" - type = string - default = "Prod Apps" -} - -variable "prod_apps_description" { - description = "Description for Prod Apps folder" - type = string - default = "Prod Apps folder" -} \ No newline at end of file From 3610b910dc0c2f31175394072e756b95825321b7 Mon Sep 17 00:00:00 2001 From: Venu Date: Wed, 14 Aug 2024 12:16:15 +0530 Subject: [PATCH 07/17] rename folders --- baselines/CHANGELOG.md | 49 ------------------- .../README.md | 0 .../default.tfvars | 0 .../main.tf | 0 .../providers.tf | 0 .../variables.tf | 0 .../README.md | 0 .../default.tfvars | 0 .../main.tf | 0 .../providers.tf | 0 .../variables.tf | 0 .../README.md | 0 .../default.tfvars | 0 .../main.tf | 0 .../providers.tf | 0 .../variables.tf | 0 baselines/guardrails/folder_hierarchy/main.tf | 11 ++--- .../guardrails/folder_hierarchy/variables.tf | 4 ++ .../{cis_mod => guardrails_mods}/README.md | 0 .../mod_install.tf | 0 .../{cis_mod => guardrails_mods}/providers.tf | 0 baselines/guardrails/turbot_profiles/main.tf | 5 -- .../guardrails/turbot_profiles/variables.tf | 4 ++ 23 files changed, 11 insertions(+), 62 deletions(-) delete mode 100644 baselines/CHANGELOG.md rename baselines/aws/{aws_service_enable => aws_service_enabled}/README.md (100%) rename baselines/aws/{aws_service_enable => aws_service_enabled}/default.tfvars (100%) rename baselines/aws/{aws_service_enable => aws_service_enabled}/main.tf (100%) rename baselines/aws/{aws_service_enable => aws_service_enabled}/providers.tf (100%) rename baselines/aws/{aws_service_enable => aws_service_enabled}/variables.tf (100%) rename baselines/azure/{azure_service_enable => azure_service_enabled}/README.md (100%) rename baselines/azure/{azure_service_enable => azure_service_enabled}/default.tfvars (100%) rename baselines/azure/{azure_service_enable => azure_service_enabled}/main.tf (100%) rename baselines/azure/{azure_service_enable => azure_service_enabled}/providers.tf (100%) rename baselines/azure/{azure_service_enable => azure_service_enabled}/variables.tf (100%) rename baselines/gcp/{gcp_service_enable => gcp_service_enabled}/README.md (100%) rename baselines/gcp/{gcp_service_enable => gcp_service_enabled}/default.tfvars (100%) rename baselines/gcp/{gcp_service_enable => gcp_service_enabled}/main.tf (100%) rename baselines/gcp/{gcp_service_enable => gcp_service_enabled}/providers.tf (100%) rename baselines/gcp/{gcp_service_enable => gcp_service_enabled}/variables.tf (100%) create mode 100644 baselines/guardrails/folder_hierarchy/variables.tf rename baselines/guardrails/{cis_mod => guardrails_mods}/README.md (100%) rename baselines/guardrails/{cis_mod => guardrails_mods}/mod_install.tf (100%) rename baselines/guardrails/{cis_mod => guardrails_mods}/providers.tf (100%) create mode 100644 baselines/guardrails/turbot_profiles/variables.tf diff --git a/baselines/CHANGELOG.md b/baselines/CHANGELOG.md deleted file mode 100644 index 13a36bde8..000000000 --- a/baselines/CHANGELOG.md +++ /dev/null @@ -1,49 +0,0 @@ -# CHANGELOG FOR BASELINES - -## v0.2.0 (November 25, 2019) - -### FEATURES: - -- New Baseline: azure_sub_import -- New Baseline: aws_permission -- New Baseline: gcp_permission - -### ENHANCEMENTS: - -- Supports Terraform version 12. -- Supports Turbot provider version 1.0.0-beta.8 and above -- Supports Turbot smart folders -- Updated mod list -- Updated terraform syntax and style conventions -- Updated README files - -### TECHNICAL - -- New implemented file structure. -- Inclusion of .tfvars files consisting values for each baseline defaults - -### BREAKING CHANGES - -- resource/turbot_policy_setting - rename policy_type to type -- resource/turbot_policy_value - rename policy_type to type -- renamed credentials environment variables TURBOT_ACCESS_KEY and TURBOT_SECRET_KEY -- resource/turbot_policy_setting - change default precedence to REQUIRED - - -## v0.1.0 (October 30, 2019) - -Baselines v0.1.0 work on and follow the syntax of Terraform version 11. - -Supports Turbot provider version 1.0.0-beta.5 or below. - -### FEATURES: - -- New Baseline: s3_baseline -- New Baseline: mod_install -- New Baseline: aws_setup -- New Baseline: aws_account_import -- New Baseline: aws_services -- New Baseline: azure_setup -- New Baseline: azure_provider_registration -- New Baseline: gcp_setup -- New Baseline: gcp_services \ No newline at end of file diff --git a/baselines/aws/aws_service_enable/README.md b/baselines/aws/aws_service_enabled/README.md similarity index 100% rename from baselines/aws/aws_service_enable/README.md rename to baselines/aws/aws_service_enabled/README.md diff --git a/baselines/aws/aws_service_enable/default.tfvars b/baselines/aws/aws_service_enabled/default.tfvars similarity index 100% rename from baselines/aws/aws_service_enable/default.tfvars rename to baselines/aws/aws_service_enabled/default.tfvars diff --git a/baselines/aws/aws_service_enable/main.tf b/baselines/aws/aws_service_enabled/main.tf similarity index 100% rename from baselines/aws/aws_service_enable/main.tf rename to baselines/aws/aws_service_enabled/main.tf diff --git a/baselines/aws/aws_service_enable/providers.tf b/baselines/aws/aws_service_enabled/providers.tf similarity index 100% rename from baselines/aws/aws_service_enable/providers.tf rename to baselines/aws/aws_service_enabled/providers.tf diff --git a/baselines/aws/aws_service_enable/variables.tf b/baselines/aws/aws_service_enabled/variables.tf similarity index 100% rename from baselines/aws/aws_service_enable/variables.tf rename to baselines/aws/aws_service_enabled/variables.tf diff --git a/baselines/azure/azure_service_enable/README.md b/baselines/azure/azure_service_enabled/README.md similarity index 100% rename from baselines/azure/azure_service_enable/README.md rename to baselines/azure/azure_service_enabled/README.md diff --git a/baselines/azure/azure_service_enable/default.tfvars b/baselines/azure/azure_service_enabled/default.tfvars similarity index 100% rename from baselines/azure/azure_service_enable/default.tfvars rename to baselines/azure/azure_service_enabled/default.tfvars diff --git a/baselines/azure/azure_service_enable/main.tf b/baselines/azure/azure_service_enabled/main.tf similarity index 100% rename from baselines/azure/azure_service_enable/main.tf rename to baselines/azure/azure_service_enabled/main.tf diff --git a/baselines/azure/azure_service_enable/providers.tf b/baselines/azure/azure_service_enabled/providers.tf similarity index 100% rename from baselines/azure/azure_service_enable/providers.tf rename to baselines/azure/azure_service_enabled/providers.tf diff --git a/baselines/azure/azure_service_enable/variables.tf b/baselines/azure/azure_service_enabled/variables.tf similarity index 100% rename from baselines/azure/azure_service_enable/variables.tf rename to baselines/azure/azure_service_enabled/variables.tf diff --git a/baselines/gcp/gcp_service_enable/README.md b/baselines/gcp/gcp_service_enabled/README.md similarity index 100% rename from baselines/gcp/gcp_service_enable/README.md rename to baselines/gcp/gcp_service_enabled/README.md diff --git a/baselines/gcp/gcp_service_enable/default.tfvars b/baselines/gcp/gcp_service_enabled/default.tfvars similarity index 100% rename from baselines/gcp/gcp_service_enable/default.tfvars rename to baselines/gcp/gcp_service_enabled/default.tfvars diff --git a/baselines/gcp/gcp_service_enable/main.tf b/baselines/gcp/gcp_service_enabled/main.tf similarity index 100% rename from baselines/gcp/gcp_service_enable/main.tf rename to baselines/gcp/gcp_service_enabled/main.tf diff --git a/baselines/gcp/gcp_service_enable/providers.tf b/baselines/gcp/gcp_service_enabled/providers.tf similarity index 100% rename from baselines/gcp/gcp_service_enable/providers.tf rename to baselines/gcp/gcp_service_enabled/providers.tf diff --git a/baselines/gcp/gcp_service_enable/variables.tf b/baselines/gcp/gcp_service_enabled/variables.tf similarity index 100% rename from baselines/gcp/gcp_service_enable/variables.tf rename to baselines/gcp/gcp_service_enabled/variables.tf diff --git a/baselines/guardrails/folder_hierarchy/main.tf b/baselines/guardrails/folder_hierarchy/main.tf index 263f2af15..2ee613503 100644 --- a/baselines/guardrails/folder_hierarchy/main.tf +++ b/baselines/guardrails/folder_hierarchy/main.tf @@ -1,14 +1,9 @@ -data "turbot_policy_value" "example" { - type = "tmod:@turbot/turbot#/policy/types/workspaceUrl" - resource = "tmod:@turbot/turbot#/" -} - # Base folder (Turbot > workspacename) resource "turbot_folder" "workspace_base_folder" { parent = "tmod:@turbot/turbot#/" - title = element(split(".", element(split("/", data.turbot_policy_value.example.value), 2)), 0) - description = "Base folder for the workspace" - akas = ["workspace_base_folder"] + title = var.base_folder_name + description = "Base folder for the Workspace" + akas = ["base_folder"] } # AWS Base folder (Turbot > workspacename > AWS) diff --git a/baselines/guardrails/folder_hierarchy/variables.tf b/baselines/guardrails/folder_hierarchy/variables.tf new file mode 100644 index 000000000..8c40a35fa --- /dev/null +++ b/baselines/guardrails/folder_hierarchy/variables.tf @@ -0,0 +1,4 @@ +variable "base_folder_name" { + description = "The name of the Base folder `Turbot > BaseFolder`. The base for the rest of the folder hierarchy where the accounts will be imported." + type = string +} diff --git a/baselines/guardrails/cis_mod/README.md b/baselines/guardrails/guardrails_mods/README.md similarity index 100% rename from baselines/guardrails/cis_mod/README.md rename to baselines/guardrails/guardrails_mods/README.md diff --git a/baselines/guardrails/cis_mod/mod_install.tf b/baselines/guardrails/guardrails_mods/mod_install.tf similarity index 100% rename from baselines/guardrails/cis_mod/mod_install.tf rename to baselines/guardrails/guardrails_mods/mod_install.tf diff --git a/baselines/guardrails/cis_mod/providers.tf b/baselines/guardrails/guardrails_mods/providers.tf similarity index 100% rename from baselines/guardrails/cis_mod/providers.tf rename to baselines/guardrails/guardrails_mods/providers.tf diff --git a/baselines/guardrails/turbot_profiles/main.tf b/baselines/guardrails/turbot_profiles/main.tf index e7c5328e4..8ec70946c 100644 --- a/baselines/guardrails/turbot_profiles/main.tf +++ b/baselines/guardrails/turbot_profiles/main.tf @@ -14,11 +14,6 @@ resource "turbot_turbot_directory" "turbot_dir" { server = "turbot.com" } -variable "user_profile" { - description = "Map of the list of turbot.com profileIds. Update in terraform.tfvars" - type = map(any) -} - # Creates profiles in an exisiting turbot.com defined in terraform.tfvars # Will grant the Turbot/Owner role to each profile at the Turbot root level # Will activate each Turbot/Owner grant to each profile diff --git a/baselines/guardrails/turbot_profiles/variables.tf b/baselines/guardrails/turbot_profiles/variables.tf new file mode 100644 index 000000000..79c2fff72 --- /dev/null +++ b/baselines/guardrails/turbot_profiles/variables.tf @@ -0,0 +1,4 @@ +variable "user_profile" { + description = "Map of the list of turbot.com profileIds. Update in terraform.tfvars" + type = map(any) +} From abaaa83cd2499c4bfc09a6928ee9bb503291f0b5 Mon Sep 17 00:00:00 2001 From: Venu Date: Wed, 14 Aug 2024 17:43:22 +0530 Subject: [PATCH 08/17] update README --- baselines/README.md | 143 ++++++------------ .../aws_mods/{demo.tfvars => default.tfvars} | 0 baselines/aws/aws_service_enabled/main.tf | 5 +- .../{demo.tfvars => default.tfvars} | 0 baselines/azure/azure_service_enabled/main.tf | 5 +- .../gcp_mods/{demo.tfvars => default.tfvars} | 0 baselines/gcp/gcp_service_enabled/main.tf | 5 +- .../{demo.tfvars => default.tfvars} | 0 8 files changed, 55 insertions(+), 103 deletions(-) rename baselines/aws/aws_mods/{demo.tfvars => default.tfvars} (100%) rename baselines/azure/azure_mods/{demo.tfvars => default.tfvars} (100%) rename baselines/gcp/gcp_mods/{demo.tfvars => default.tfvars} (100%) rename baselines/guardrails/turbot_profiles/{demo.tfvars => default.tfvars} (100%) diff --git a/baselines/README.md b/baselines/README.md index 64ffdfd52..0d48a1f4b 100644 --- a/baselines/README.md +++ b/baselines/README.md @@ -4,120 +4,63 @@ Turbot Guardrails Baselines provide best-practice configurations and examples fo ## Current Baselines -| Baseline | Path | Description | -| --------------------------- | ------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------- | -| Local Directory | [local_directory](./turbot/local_directory) | Create local directory and users in your workspace | -| AWS Setup | [aws_setup](./aws/aws_setup) | Common quickstart setup for AWS - prepare your environment to import an AWS account | -| AWS Account Import | [aws_account_import](./aws/aws_account_import) | Import an AWS Account into Guardrails | -| AWS Services | [aws_services](./aws/aws_services) | Enable/Disable AWS Services in Guardrails | -| GCP Setup | [gcp_setup](./gcp/gcp_setup) | Common quickstart setup for GCP - prepare your environment to import GCP Projects | -| GCP Services | [gcp_services](./gcp/gcp_services) | Enable/Disable GCP Services in Guardrails & also enforce api enabled policy based on service Enable/Disable | -| Azure Subscription Import | [azure_sub_import](./azure/azure_sub_import) | Import an Azure subscription into Guardrails | -| Azure Subscription Readonly | [azure_sub_import_ro](./azure/azure_sub_create_then_import_ro) | Import an Azure subscription into Guardrails with event handler and readonly mode | -| Azure Services | [azure_services](./azure/azure_services) | Enable/Disable Azure Services in Guardrails | -| Azure Provider Registration | [azure_provider_registration](./azure/azure_provider_registration) | Set the policy for Azure provider registration | - -## Prerequisites - -To run Turbot Guardrails baselines, you must install: +| Baseline | Path | Description | +|-----------------------|--------------------------------------------------------|----------------------------------------------------------------------------------| +| AWS Mods | [aws_mods](./aws/aws_mods) | A common list of AWS mods to install | +| AWS Service Enabled | [aws_service_enabled](./aws/aws_service_enabled) | Enable or disable AWS services in Guardrails | +| Azure Mods | [azure_mods](./azure/azure_mods) | A common list of Azure mods to install | +| Azure Service Enabled | [azure_service_enabled](./azure/azure_service_enabled) | Enable or disable Azure services in Guardrails; register or deregister Azure providers | +| GCP Mods | [gcp_mods](./gcp/gcp_mods) | A common list of Google Cloud Platform (GCP) mods to install | +| GCP Service Enabled | [gcp_service_enabled](./gcp/gcp_service_enabled) | Enable or disable GCP services in Guardrails; enable or disable GCP Service APIs | +| Folder Hierarchy | [folder_hierarchy](./guardrails/folder_hierarchy) | Create a folder hierarchy in your workspace | +| Guardrails Mods | [guardrails_mods](./guardrails/guardrails_mods) | A common list of Guardrails mods to install | +| Local Directory | [local_directory](./guardrails/local_directory) | Create a local directory and users in your workspace | +| Turbot Directory | [turbot_directory](./guardrails/turbot_profiles) | Create Turbot directory and profiles in your workspace | +| Workspace Settings | [workspace_settings](./guardrails/workspace_settings) | Apply a common set of policies for better management of your workspace | + +## Getting Started + +### Requirements - [Terraform](https://developer.hashicorp.com/terraform/install) -- [Turbot Guardrails Terraform Provider](https://turbot.com/guardrails/docs/reference/terraform) -Additionally, You must set your `config.tf` or environment variables to connect to your Turbot Guardrails workspace, as detail in the Turbot Guardrails Terraform Provider [Installation Instructions](https://turbot.com/guardrails/docs/reference/terraform/setup) +### Credentials -## Running a Baseline +To create a policy pack through Terraform: -To run a baseline: +- Ensure you have `Turbot/Admin` permissions (or higher) in Guardrails +- [Create access keys](https://turbot.com/guardrails/docs/guides/iam/access-keys#generate-a-new-guardrails-api-access-key) in Guardrails -1. Install and configure the [prerequisites](#prerequisites) -1. At the command line, go to the directory for the baseline, for example: `cd mod_install` -1. Run `terraform init` to initialize terraform in the directory -1. Edit any variables in the .tf file that you wish to change, or override with [environment variables](https://www.terraform.io/docs/commands/environment-variables.html) or [variable files](https://www.terraform.io/docs/configuration/variables.html#variable-definitions-tfvars-files) -1. Run `terraform plan -var-file=".tfvars"` and inspect the changes -1. Run `terraform apply -var-file=".tfvars"` to apply the configuration +And then set your credentials: -## Contributing +```sh +export TURBOT_WORKSPACE=myworkspace.acme.com +export TURBOT_ACCESS_KEY=acce6ac5-access-key-here +export TURBOT_SECRET_KEY=a8af61ec-secret-key-here +``` -### Structure +Please see [Turbot Guardrails Provider authentication](https://registry.terraform.io/providers/turbot/turbot/latest/docs#authentication) for additional authentication methods. -Baselines are implemented as independently deployable terraform configurations in a sub-directory of this repository. +## Usage -Commonly changed parameters are implemented using variables. All variables have default values, but they may not be the settings that you want, you may change them as required. +### Install Baseline -The baseline mods contain an individual `README.md` file and follows a specified file structure containing the parameters and configurations. Each baseline mod contains: +Clone: -- `Variables.tf` containing the variable definitions +```sh +git clone https://github.com/turbot/guardrails-samples.git +cd guardrails-samples/baselines/aws/aws_mods +``` -- `main.tf` containing the terraform resources that creates the objects +Run the Terraform to create the policy pack in your workspace: -- `outputs.tf` containing the return values defined. The file should be optionally created when there is an output block included in the configuration +```sh +terraform init +terraform plan +``` -- `default.tfvars` containing the defaults for the variables +Then apply the changes: +```sh +terraform apply ``` -Baseline -. -├── README.md -├── main.tf -├── variables.tf -├── outputs.tf -└── default.tfvar -``` - -### Style Guide - -Our baselines adopts styling conventions provided by [Terraform](https://www.terraform.io/docs/configuration/style.html) like: - -- Align the equal to signs for arguments appearing on consecutive lines with values. -- Variables should use snake case: `this_is_an_example` -- Use empty lines to separate logical groups of arguments within a block. - -To maintain consistency between files and modules, we recommend adopting the below added styling conventions: - -- For each baseline, include the variable definitions in the variables.tf file, the resources in main.tf file, and the output in outputs.tf file. -- For `turbot_policy_setting` and `turbot_policy_value` resources , include the policy type hierarchy in a comment before the resource. For example: - - ```terraform - # AWS > Account > Turbot IAM Role > External ID - resource "turbot_policy_setting" "turbotIamRoleExternalId" { - resource = turbot_resource.account_resource.id - type = "tmod:@turbot/aws#/policy/types/turbotIamRoleExternalId" - value = var.turbot_external_id - } - ``` - -- Use a single hash for comments that refer only to a single resource, immediately before the resource, for example: - - ```terraform - # 1.4 Ensure access keys are rotated every 90 days or less (Scored) - # AWS > IAM > Access Key > Active > Age - # Setting value to "Force inactive if age > 90" days to meet remediation - resource "turbot_policy_setting" "AWS_IAM_AccessKey_Active_Age" { - resource = var.target_resource - type = "tmod:@turbot/aws-iam#/policy/types/accessKeyActiveAge" - value = "Force inactive if age > 90 days" - } - ``` - -- Use 4 hashes for comments that describe a group of resources, or general behavior: - - ```terraform - #### Set the credentials (Role, external id) for the account via Guardrails policies - ``` - -- All variables should have a description, and as a result should not require individual comments -- Most variables should have a reasonable default -- Where baselines apply policies, they generally should use a variable for the target resource - - - it should be called target_resource - - it should default to "tmod:@turbot/turbot#/" - - it should have a comment that states that it may be changes or overridden - - ```terraform - variable "target_resource" { - type = "string" - description = "Enter the target resource id or aka" - default = "tmod:@turbot/turbot#/" # You may change/override this value to the id of target folder or resource - } - ``` diff --git a/baselines/aws/aws_mods/demo.tfvars b/baselines/aws/aws_mods/default.tfvars similarity index 100% rename from baselines/aws/aws_mods/demo.tfvars rename to baselines/aws/aws_mods/default.tfvars diff --git a/baselines/aws/aws_service_enabled/main.tf b/baselines/aws/aws_service_enabled/main.tf index 42a0e7eaa..f49d92a8f 100644 --- a/baselines/aws/aws_service_enabled/main.tf +++ b/baselines/aws/aws_service_enabled/main.tf @@ -13,7 +13,10 @@ resource "turbot_policy_setting" "aws_enable" { value = "Enabled" } +# Here the "resource" is the AKA of the [Base Folder](../../guardrails/folder_hierarchy/) to which you want to attached the Policy Pack. +# The base folder is created as part of script from [Base Folder](../../guardrails/folder_hierarchy/) +# The resource should be created first. resource "turbot_policy_pack_attachment" "aws_enable_attachment" { - resource = "workspace_base_folder" + resource = "base_folder" policy_pack = turbot_policy_pack.aws_enabled_baseline_pack.id } diff --git a/baselines/azure/azure_mods/demo.tfvars b/baselines/azure/azure_mods/default.tfvars similarity index 100% rename from baselines/azure/azure_mods/demo.tfvars rename to baselines/azure/azure_mods/default.tfvars diff --git a/baselines/azure/azure_service_enabled/main.tf b/baselines/azure/azure_service_enabled/main.tf index 91c68500d..42fea1b98 100644 --- a/baselines/azure/azure_service_enabled/main.tf +++ b/baselines/azure/azure_service_enabled/main.tf @@ -21,7 +21,10 @@ resource "turbot_policy_setting" "azure_enable" { value = "Enabled" } +# Here the "resource" is the AKA of the [Base Folder](../../guardrails/folder_hierarchy/) to which you want to attached the Policy Pack. +# The base folder is created as part of script from [Base Folder](../../guardrails/folder_hierarchy/) +# The resource should be created first. resource "turbot_policy_pack_attachment" "azure_enable_attachment" { - resource = "workspace_base_folder" + resource = "base_folder" policy_pack = turbot_policy_pack.azure_enabled_baseline_pack.id } diff --git a/baselines/gcp/gcp_mods/demo.tfvars b/baselines/gcp/gcp_mods/default.tfvars similarity index 100% rename from baselines/gcp/gcp_mods/demo.tfvars rename to baselines/gcp/gcp_mods/default.tfvars diff --git a/baselines/gcp/gcp_service_enabled/main.tf b/baselines/gcp/gcp_service_enabled/main.tf index 2e8d5d1e8..e4913d47d 100644 --- a/baselines/gcp/gcp_service_enabled/main.tf +++ b/baselines/gcp/gcp_service_enabled/main.tf @@ -20,7 +20,10 @@ resource "turbot_policy_setting" "gcp_api_enable" { value = "Enforce: ${lookup(var.service_status, "${element(keys(var.service_status), count.index)}")}" } +# Here the "resource" is the AKA of the [Base Folder](../../guardrails/folder_hierarchy/) to which you want to attached the Policy Pack. +# The base folder is created as part of script from [Base Folder](../../guardrails/folder_hierarchy/) +# The resource should be created first. resource "turbot_policy_pack_attachment" "gcp_enable_attachment" { - resource = "workspace_base_folder" + resource = "base_folder" policy_pack = turbot_policy_pack.gcp_enabled_baseline_pack.id } diff --git a/baselines/guardrails/turbot_profiles/demo.tfvars b/baselines/guardrails/turbot_profiles/default.tfvars similarity index 100% rename from baselines/guardrails/turbot_profiles/demo.tfvars rename to baselines/guardrails/turbot_profiles/default.tfvars From da70e8749d53543070cb2536cec9db6d29355747 Mon Sep 17 00:00:00 2001 From: Venu Date: Wed, 14 Aug 2024 18:45:15 +0530 Subject: [PATCH 09/17] Update README.md files --- baselines/aws/aws_mods/README.md | 29 ++-- baselines/aws/aws_service_enabled/README.md | 133 ++++++++---------- baselines/azure/azure_mods/README.md | 125 +++++++++++----- .../azure/azure_service_enabled/README.md | 133 ++++++++---------- baselines/gcp/gcp_mods/README.md | 125 +++++++++++----- baselines/gcp/gcp_service_enabled/README.md | 127 +++++++++++++++-- .../aws/aws_baseline/README.md | 2 +- .../aws/aws_check_cost_controls/README.md | 2 +- .../aws/aws_check_encryption/README.md | 2 +- .../aws/aws_check_public_access/README.md | 2 +- .../aws/aws_check_regions/README.md | 2 +- .../aws/aws_check_s3/README.md | 2 +- .../aws/aws_check_stack/README.md | 2 +- .../azure/azure_baseline/README.md | 2 +- .../azure/azure_check_encryption/README.md | 2 +- .../azure/azure_check_public_access/README.md | 2 +- .../azure/azure_check_regions/README.md | 2 +- .../azure/azure_check_tagging/README.md | 2 +- .../gcp/gcp_baseline/README.md | 2 +- .../gcp/gcp_check_encryption/README.md | 2 +- .../gcp/gcp_check_iam/README.md | 2 +- .../gcp/gcp_check_labeling/README.md | 2 +- .../gcp/gcp_check_logging/README.md | 2 +- .../gcp/gcp_check_public_access/README.md | 2 +- .../gcp/gcp_check_regions/README.md | 2 +- .../gcp/gcp_check_stack/README.md | 2 +- 26 files changed, 444 insertions(+), 268 deletions(-) diff --git a/baselines/aws/aws_mods/README.md b/baselines/aws/aws_mods/README.md index e144d8c10..ab5395654 100644 --- a/baselines/aws/aws_mods/README.md +++ b/baselines/aws/aws_mods/README.md @@ -1,8 +1,3 @@ ---- -categories: ["aws", "infrastructure"] -primary_category: "infrastructure" ---- - # AWS Mods Installation Turbot provides numerous AWS mods, covering a wide range of AWS resources with thousands of policies and controls. By default, mods are installed with the top Turbot resource as the parent, meaning administrators must have Turbot/Owner permissions at the Turbot resource level to install, uninstall, or update mods in the environment. @@ -47,41 +42,39 @@ Please see [Turbot Guardrails Provider authentication](https://registry.terrafor terraform init ``` - - -### Deploying Demo Example +### Deploying Default Example 1. Navigate to the `aws_mods` folder. 2. Initialize Terraform. -3. Apply the installation using the demo input variable file [demo.tfvars](demo.tfvars). +3. Apply the installation using the default input variable file [default.tfvars](default.tfvars). On the terminal, this will look like: ```sh cd terraform init -terraform apply --var-file=demo.tfvars +terraform apply --var-file=default.tfvars ``` ### Input Variable Files Input variable files allow users to configure settings for multiple environments in different files. -This script comes with an example input variable file called [demo.tfvars](demo.tfvars). +This script comes with an example input variable file called [default.tfvars](default.tfvars). -The variables that can be overridden by the input variable files (e.g., [demo.tfvars](demo.tfvars)) are defined in the [variables.tf](variables.tf) file. +The variables that can be overridden by the input variable files (e.g., [default.tfvars](default.tfvars)) are defined in the [variables.tf](variables.tf) file. For more details, see the official [Terraform documentation](https://www.terraform.io/docs/language/values/variables.html). ### Apply Installation Using Input Variable Files -If you want to apply the installation using an input variable file, such as [demo.tfvars](demo.tfvars): +If you want to apply the installation using an input variable file, such as [default.tfvars](default.tfvars): 1. Navigate to the folder containing the installation configuration. 2. Run the command: ```sh - terraform apply --var-file=demo.tfvars + terraform apply --var-file=default.tfvars ``` ### Apply Installation Without Input Variable File @@ -111,13 +104,13 @@ To destroy the installation without using an input variable file: ### Destroy Using Input Variable Files -If you want to destroy the installation configuration using an input variable file, such as [demo.tfvars](demo.tfvars): +If you want to destroy the installation configuration using an input variable file, such as [default.tfvars](default.tfvars): 1. Navigate to the folder containing the installation configuration. 2. Run the command: ```sh - terraform destroy --var-file=demo.tfvars + terraform destroy --var-file=default.tfvars ``` ## Commenting Strategy @@ -132,7 +125,3 @@ These links provide further details about: - Category information - Target information - All valid values - ---- - -This updated README follows the standards and format from the provided example, ensuring consistency and clarity across your documentation. diff --git a/baselines/aws/aws_service_enabled/README.md b/baselines/aws/aws_service_enabled/README.md index 14c196e2d..d2cb40e20 100644 --- a/baselines/aws/aws_service_enabled/README.md +++ b/baselines/aws/aws_service_enabled/README.md @@ -1,130 +1,117 @@ -# Baseline - AWS Baseline Policies +# AWS Service Enabled Policies -AWS Baseline Policies focuses on base minimum set of example policies & services to start with. +The AWS Baseline Policies provide a minimal set of example policies and services to get started with AWS in Turbot Guardrails. These policies focus on enabling essential services and APIs. -## Overview +## Getting Started -Baseline policies are initial set of policies recommended to start with while using Turbot. These policies mostly focuses on enabling services, frequently used policies to run in check mode & enabling security features such as various encryption standards. Baseline TF scripts allows you to toggle the value to apply or ignore. See the below sections for more information. +### Requirements -Some of these policies overlap with other set of baselines. Hence Turbot provided set of baseline TF files are executed in separate [Smart Folder](https://turbot.com/v5/docs/getting-started/smart_folder). The advantage of setting up of each baseline in their own Smart Folder prevents conflicting with the policy settings created by other baseline scripts. +- [Terraform](https://developer.hashicorp.com/terraform/install) -This baseline will not attach to a resource by default. This needs to be done manually using the Turbot UI. +### Credentials -## Requirements +To install AWS mods using Terraform: -- Terraform v0.13 or greater installed -- Valid Turbot configuration credentials +- Ensure you have `Turbot/Owner` permissions (or higher) in Guardrails. +- [Create access keys](https://turbot.com/guardrails/docs/guides/iam/access-keys#generate-a-new-guardrails-api-access-key) in Guardrails. -For further information on configuring Turbot credentials can be found [here](https://turbot.com/v5/docs/reference/cli/installation#setup-your-turbot-credentials). +Then set your credentials: -## Applying baseline +```sh +export TURBOT_WORKSPACE=myworkspace.acme.com +export TURBOT_ACCESS_KEY=acce6ac5-access-key-here +export TURBOT_SECRET_KEY=a8af61ec-secret-key-here +``` -The baseline is defined by a set of files which together define the configuration of the baseline. +Please see [Turbot Guardrails Provider authentication](https://registry.terraform.io/providers/turbot/turbot/latest/docs#authentication) for additional authentication methods. -### Initialize baseline +## Usage -If not previously run, Initialize Terraform to get all necessary providers for the baseline. +### Initialize Terraform -1. Navigate to the folder containing the baseline configuration. +1. Navigate to the `aws_service_enabled` folder. 2. Run the command: - ```shell + ```sh terraform init ``` -### Profile name as input - -The baseline example set requires you to provide `turbot_profile` name as input. This is to help in case you are having more profiles than only `default`. In case it's default, specify name as default. - -```shell -var.turbot_profile - Enter profile matching your turbot cli credentials. - Enter a value: -``` -### Deploying demo example +### Deploying Default Example -1. Navigate to the folder of the baseline -2. Initialize Terraform -3. Apply the baseline using the demo input variable file [demo.tfvars](demo.tfvars) +1. Navigate to the `aws_service_enabled` folder. +2. Initialize Terraform. +3. Apply the installation using the default input variable file [default.tfvars](default.tfvars). -On the terminal this will look like: +On the terminal, this will look like: -```shell -cd +```sh +cd terraform init -terraform apply --var-file demo.tfvars +terraform apply --var-file=default.tfvars ``` -**Note** -- Most of the variables in demo.tfvars are marked as `false`, as they are not part of required initial policies. This can be made `true` based on need. -- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default varialble file. +### Input Variable Files -### Input variable files +Input variable files allow users to configure settings for multiple environments in different files. -Input variable files allow for the user to configure configuration definitions for multiple environments in different files. +This script comes with an example input variable file called [default.tfvars](default.tfvars). -This baseline comes with an example input variable file called [demo.tfvars](demo.tfvars). +The variables that can be overridden by the input variable files (e.g., [default.tfvars](default.tfvars)) are defined in the [variables.tf](variables.tf) file. -It will be used to define which parts of the baseline to apply and which to ignore. +For more details, see the official [Terraform documentation](https://www.terraform.io/docs/language/values/variables.html). -The variables that can be overwritten by the input variable files i.e. [demo.tfvars](demo.tfvars) are defined in the [variables.tf](variables.tf) file. +### Apply Installation Using Input Variable Files -Further details found in official [Terraform documentation](https://www.terraform.io/docs/language/values/variables.html). +If you want to apply the installation using an input variable file, such as [default.tfvars](default.tfvars): -### Apply baseline using input variable files - -If seeking to apply the baseline using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the baseline configuration. +1. Navigate to the folder containing the installation configuration. 2. Run the command: - ```shell - terraform apply --var-file=demo.tfvars + ```sh + terraform apply --var-file=default.tfvars ``` -### Apply baseline without input variable file -The baseline can be applied without an input variable file. +### Apply Installation Without Input Variable File -1. By this time Terraform initialization is done as mentioned above. -3. Prefer to check the outcome by running the Terraform plan -3. Apply the Terraform -4. Run the command: +The installation can also be applied without an input variable file. -```shell -cd -terraform plan -terraform apply -``` +1. Ensure Terraform initialization is done as mentioned above. +2. Optionally, check the outcome by running `terraform plan`. +3. Apply the Terraform configuration: -`This may prompt the user applying the baseline to enter values for variables that do not have default values.` + ```sh + cd + terraform plan + terraform apply + ``` -### Destroy baseline without input variable file +### Destroy Installation Without Input Variable File -If seeking to apply the baseline without using an input variable file. +To destroy the installation without using an input variable file: -1. Navigate to the folder containing the baseline configuration. +1. Navigate to the folder containing the installation configuration. 2. Run the command: - ```shell + ```sh terraform destroy ``` -### Destroy using input variable files +### Destroy Using Input Variable Files -If seeking to destoy the baseline configuration using an input variable file such as [demo.tfvars](demo.tfvars). +If you want to destroy the installation configuration using an input variable file, such as [default.tfvars](default.tfvars): -1. Navigate to the folder containing the baseline configuration. +1. Navigate to the folder containing the installation configuration. 2. Run the command: - ```shell - terraform destroy --var-file=demo.tfvars + ```sh + terraform destroy --var-file=default.tfvars ``` -## Commenting strategy +## Commenting Strategy -All Turbot policies used by the baselines will have a link to the official Turbot Mods documentation. +All Turbot policies used in the installation include links to the official Turbot Mods documentation. -Opening the links will give you further details about: +These links provide further details about: - The purpose of the policy - Policy URI name diff --git a/baselines/azure/azure_mods/README.md b/baselines/azure/azure_mods/README.md index 13f716253..be7dcf526 100644 --- a/baselines/azure/azure_mods/README.md +++ b/baselines/azure/azure_mods/README.md @@ -1,70 +1,127 @@ -# Azure - Mods install +# Azure Mods Installation -Turbot provides dozens of Azure mods, covering hundreds of Azure resources, with thousands of policies and controls. By definition, mods are installed with the top Turbot resource as the parent. This means that administrators must be at the Turbot resource level with Turbot/Owner permissions to make modifications, installing, uninstalling, or updating, to mods in the environment. +Turbot provides numerous Azure mods, covering a wide range of Azure resources with thousands of policies and controls. By default, mods are installed with the top Turbot resource as the parent, meaning administrators must have Turbot/Owner permissions at the Turbot resource level to install, uninstall, or update mods in the environment. -More information can be found [here](https://turbot.com/v5/docs/mods) +More information can be found [here](https://turbot.com/guardrails/docs/mods). -## Requirements +## Documentation -- Terraform v0.13 or greater installed -- Valid Turbot configuration credentials +- **[Review Mods Documentation →](https://turbot.com/guardrails/docs/mods)** -For further information on configuring Turbot credentials can be found [here](https://turbot.com/v5/docs/reference/cli/installation#setup-your-turbot-credentials). +## Getting Started -### Initialize +### Requirements -1. Navigate to the azure_mods folder. +- [Terraform](https://developer.hashicorp.com/terraform/install) + +### Credentials + +To install Azure mods using Terraform: + +- Ensure you have `Turbot/Owner` permissions (or higher) in Guardrails. +- [Create access keys](https://turbot.com/guardrails/docs/guides/iam/access-keys#generate-a-new-guardrails-api-access-key) in Guardrails. + +Then set your credentials: + +```sh +export TURBOT_WORKSPACE=myworkspace.acme.com +export TURBOT_ACCESS_KEY=acce6ac5-access-key-here +export TURBOT_SECRET_KEY=a8af61ec-secret-key-here +``` + +Please see [Turbot Guardrails Provider authentication](https://registry.terraform.io/providers/turbot/turbot/latest/docs#authentication) for additional authentication methods. + +## Usage + +### Initialize Terraform + +1. Navigate to the `azure_mods` folder. 2. Run the command: - ```shell + ```sh terraform init ``` -### Profile name as input +### Deploying Default Example + +1. Navigate to the `azure_mods` folder. +2. Initialize Terraform. +3. Apply the installation using the default input variable file [default.tfvars](default.tfvars). -This set requires you to provide `turbot_profile` name as input. This is to help in case you are having more profiles than only `default`. In case it's default, specify name as default. +On the terminal, this will look like: -```shell -var.turbot_profile - Enter profile matching your turbot cli credentials. - Enter a value: +```sh +cd +terraform init +terraform apply --var-file=default.tfvars ``` -### Apply installation +### Input Variable Files -The installation can be applied without an input variable file. +Input variable files allow users to configure settings for multiple environments in different files. -1. By this time Terraform initialization is done as mentioned above. -3. Prefer to check the outcome by running the Terraform plan -3. Apply the Terraform -4. Run the command: +This script comes with an example input variable file called [default.tfvars](default.tfvars). -```shell -cd -terraform plan -terraform apply -``` +The variables that can be overridden by the input variable files (e.g., [default.tfvars](default.tfvars)) are defined in the [variables.tf](variables.tf) file. + +For more details, see the official [Terraform documentation](https://www.terraform.io/docs/language/values/variables.html). + +### Apply Installation Using Input Variable Files + +If you want to apply the installation using an input variable file, such as [default.tfvars](default.tfvars): -### Destroy installation +1. Navigate to the folder containing the installation configuration. +2. Run the command: + + ```sh + terraform apply --var-file=default.tfvars + ``` + +### Apply Installation Without Input Variable File + +The installation can also be applied without an input variable file. + +1. Ensure Terraform initialization is done as mentioned above. +2. Optionally, check the outcome by running `terraform plan`. +3. Apply the Terraform configuration: + + ```sh + cd + terraform plan + terraform apply + ``` -If seeking to apply the installation without using an input variable file. +### Destroy Installation Without Input Variable File + +To destroy the installation without using an input variable file: 1. Navigate to the folder containing the installation configuration. 2. Run the command: - ```shell + ```sh terraform destroy ``` -## Commenting strategy +### Destroy Using Input Variable Files + +If you want to destroy the installation configuration using an input variable file, such as [default.tfvars](default.tfvars): + +1. Navigate to the folder containing the installation configuration. +2. Run the command: + + ```sh + terraform destroy --var-file=default.tfvars + ``` + +## Commenting Strategy -All Turbot policies used by the installation will have a link to the official Turbot Mods documentation. +All Turbot policies used in the installation include links to the official Turbot Mods documentation. -Opening the links will give you further details about: +These links provide further details about: - The purpose of the policy - Policy URI name - Parent information - Category information - Target information -- All valid values \ No newline at end of file +- All valid values diff --git a/baselines/azure/azure_service_enabled/README.md b/baselines/azure/azure_service_enabled/README.md index 14c196e2d..9f5f5d1c6 100644 --- a/baselines/azure/azure_service_enabled/README.md +++ b/baselines/azure/azure_service_enabled/README.md @@ -1,130 +1,117 @@ -# Baseline - AWS Baseline Policies +# Azure Service Enabled Policies -AWS Baseline Policies focuses on base minimum set of example policies & services to start with. +The Azure Baseline Policies provide a minimal set of example policies and services to get started with Azure in Turbot Guardrails. These policies focus on enabling essential services and APIs. -## Overview +## Getting Started -Baseline policies are initial set of policies recommended to start with while using Turbot. These policies mostly focuses on enabling services, frequently used policies to run in check mode & enabling security features such as various encryption standards. Baseline TF scripts allows you to toggle the value to apply or ignore. See the below sections for more information. +### Requirements -Some of these policies overlap with other set of baselines. Hence Turbot provided set of baseline TF files are executed in separate [Smart Folder](https://turbot.com/v5/docs/getting-started/smart_folder). The advantage of setting up of each baseline in their own Smart Folder prevents conflicting with the policy settings created by other baseline scripts. +- [Terraform](https://developer.hashicorp.com/terraform/install) -This baseline will not attach to a resource by default. This needs to be done manually using the Turbot UI. +### Credentials -## Requirements +To install Azure mods using Terraform: -- Terraform v0.13 or greater installed -- Valid Turbot configuration credentials +- Ensure you have `Turbot/Owner` permissions (or higher) in Guardrails. +- [Create access keys](https://turbot.com/guardrails/docs/guides/iam/access-keys#generate-a-new-guardrails-api-access-key) in Guardrails. -For further information on configuring Turbot credentials can be found [here](https://turbot.com/v5/docs/reference/cli/installation#setup-your-turbot-credentials). +Then set your credentials: -## Applying baseline +```sh +export TURBOT_WORKSPACE=myworkspace.acme.com +export TURBOT_ACCESS_KEY=acce6ac5-access-key-here +export TURBOT_SECRET_KEY=a8af61ec-secret-key-here +``` -The baseline is defined by a set of files which together define the configuration of the baseline. +Please see [Turbot Guardrails Provider authentication](https://registry.terraform.io/providers/turbot/turbot/latest/docs#authentication) for additional authentication methods. -### Initialize baseline +## Usage -If not previously run, Initialize Terraform to get all necessary providers for the baseline. +### Initialize Terraform -1. Navigate to the folder containing the baseline configuration. +1. Navigate to the `azure_service_enabled` folder. 2. Run the command: - ```shell + ```sh terraform init ``` -### Profile name as input - -The baseline example set requires you to provide `turbot_profile` name as input. This is to help in case you are having more profiles than only `default`. In case it's default, specify name as default. - -```shell -var.turbot_profile - Enter profile matching your turbot cli credentials. - Enter a value: -``` -### Deploying demo example +### Deploying Default Example -1. Navigate to the folder of the baseline -2. Initialize Terraform -3. Apply the baseline using the demo input variable file [demo.tfvars](demo.tfvars) +1. Navigate to the `azure_service_enabled` folder. +2. Initialize Terraform. +3. Apply the installation using the default input variable file [default.tfvars](default.tfvars). -On the terminal this will look like: +On the terminal, this will look like: -```shell -cd +```sh +cd terraform init -terraform apply --var-file demo.tfvars +terraform apply --var-file=default.tfvars ``` -**Note** -- Most of the variables in demo.tfvars are marked as `false`, as they are not part of required initial policies. This can be made `true` based on need. -- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default varialble file. +### Input Variable Files -### Input variable files +Input variable files allow users to configure settings for multiple environments in different files. -Input variable files allow for the user to configure configuration definitions for multiple environments in different files. +This script comes with an example input variable file called [default.tfvars](default.tfvars). -This baseline comes with an example input variable file called [demo.tfvars](demo.tfvars). +The variables that can be overridden by the input variable files (e.g., [default.tfvars](default.tfvars)) are defined in the [variables.tf](variables.tf) file. -It will be used to define which parts of the baseline to apply and which to ignore. +For more details, see the official [Terraform documentation](https://www.terraform.io/docs/language/values/variables.html). -The variables that can be overwritten by the input variable files i.e. [demo.tfvars](demo.tfvars) are defined in the [variables.tf](variables.tf) file. +### Apply Installation Using Input Variable Files -Further details found in official [Terraform documentation](https://www.terraform.io/docs/language/values/variables.html). +If you want to apply the installation using an input variable file, such as [default.tfvars](default.tfvars): -### Apply baseline using input variable files - -If seeking to apply the baseline using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the baseline configuration. +1. Navigate to the folder containing the installation configuration. 2. Run the command: - ```shell - terraform apply --var-file=demo.tfvars + ```sh + terraform apply --var-file=default.tfvars ``` -### Apply baseline without input variable file -The baseline can be applied without an input variable file. +### Apply Installation Without Input Variable File -1. By this time Terraform initialization is done as mentioned above. -3. Prefer to check the outcome by running the Terraform plan -3. Apply the Terraform -4. Run the command: +The installation can also be applied without an input variable file. -```shell -cd -terraform plan -terraform apply -``` +1. Ensure Terraform initialization is done as mentioned above. +2. Optionally, check the outcome by running `terraform plan`. +3. Apply the Terraform configuration: -`This may prompt the user applying the baseline to enter values for variables that do not have default values.` + ```sh + cd + terraform plan + terraform apply + ``` -### Destroy baseline without input variable file +### Destroy Installation Without Input Variable File -If seeking to apply the baseline without using an input variable file. +To destroy the installation without using an input variable file: -1. Navigate to the folder containing the baseline configuration. +1. Navigate to the folder containing the installation configuration. 2. Run the command: - ```shell + ```sh terraform destroy ``` -### Destroy using input variable files +### Destroy Using Input Variable Files -If seeking to destoy the baseline configuration using an input variable file such as [demo.tfvars](demo.tfvars). +If you want to destroy the installation configuration using an input variable file, such as [default.tfvars](default.tfvars): -1. Navigate to the folder containing the baseline configuration. +1. Navigate to the folder containing the installation configuration. 2. Run the command: - ```shell - terraform destroy --var-file=demo.tfvars + ```sh + terraform destroy --var-file=default.tfvars ``` -## Commenting strategy +## Commenting Strategy -All Turbot policies used by the baselines will have a link to the official Turbot Mods documentation. +All Turbot policies used in the installation include links to the official Turbot Mods documentation. -Opening the links will give you further details about: +These links provide further details about: - The purpose of the policy - Policy URI name diff --git a/baselines/gcp/gcp_mods/README.md b/baselines/gcp/gcp_mods/README.md index 75c9317bc..38464fd8b 100644 --- a/baselines/gcp/gcp_mods/README.md +++ b/baselines/gcp/gcp_mods/README.md @@ -1,70 +1,127 @@ -# GCP - Mods install +# GCP Mods Installation -Turbot provides dozens of GCP mods, covering hundreds of GCP resources, with thousands of policies and controls. By definition, mods are installed with the top Turbot resource as the parent. This means that administrators must be at the Turbot resource level with Turbot/Owner permissions to make modifications, installing, uninstalling, or updating, to mods in the environment. +Turbot provides numerous GCP mods, covering a wide range of GCP resources with thousands of policies and controls. By default, mods are installed with the top Turbot resource as the parent, meaning administrators must have Turbot/Owner permissions at the Turbot resource level to install, uninstall, or update mods in the environment. -More information can be found [here](https://turbot.com/v5/docs/mods) +More information can be found [here](https://turbot.com/guardrails/docs/mods). -## Requirements +## Documentation -- Terraform v0.13 or greater installed -- Valid Turbot configuration credentials +- **[Review Mods Documentation →](https://turbot.com/guardrails/docs/mods)** -For further information on configuring Turbot credentials can be found [here](https://turbot.com/v5/docs/reference/cli/installation#setup-your-turbot-credentials). +## Getting Started -### Initialize +### Requirements -1. Navigate to the gcp_mods folder. +- [Terraform](https://developer.hashicorp.com/terraform/install) + +### Credentials + +To install GCP mods using Terraform: + +- Ensure you have `Turbot/Owner` permissions (or higher) in Guardrails. +- [Create access keys](https://turbot.com/guardrails/docs/guides/iam/access-keys#generate-a-new-guardrails-api-access-key) in Guardrails. + +Then set your credentials: + +```sh +export TURBOT_WORKSPACE=myworkspace.acme.com +export TURBOT_ACCESS_KEY=acce6ac5-access-key-here +export TURBOT_SECRET_KEY=a8af61ec-secret-key-here +``` + +Please see [Turbot Guardrails Provider authentication](https://registry.terraform.io/providers/turbot/turbot/latest/docs#authentication) for additional authentication methods. + +## Usage + +### Initialize Terraform + +1. Navigate to the `gcp_mods` folder. 2. Run the command: - ```shell + ```sh terraform init ``` -### Profile name as input +### Deploying Default Example + +1. Navigate to the `gcp_mods` folder. +2. Initialize Terraform. +3. Apply the installation using the default input variable file [default.tfvars](default.tfvars). -This set requires you to provide `turbot_profile` name as input. This is to help in case you are having more profiles than only `default`. In case it's default, specify name as default. +On the terminal, this will look like: -```shell -var.turbot_profile - Enter profile matching your turbot cli credentials. - Enter a value: +```sh +cd +terraform init +terraform apply --var-file=default.tfvars ``` -### Apply installation +### Input Variable Files -The installation can be applied without an input variable file. +Input variable files allow users to configure settings for multiple environments in different files. -1. By this time Terraform initialization is done as mentioned above. -3. Prefer to check the outcome by running the Terraform plan -3. Apply the Terraform -4. Run the command: +This script comes with an example input variable file called [default.tfvars](default.tfvars). -```shell -cd -terraform plan -terraform apply -``` +The variables that can be overridden by the input variable files (e.g., [default.tfvars](default.tfvars)) are defined in the [variables.tf](variables.tf) file. + +For more details, see the official [Terraform documentation](https://www.terraform.io/docs/language/values/variables.html). + +### Apply Installation Using Input Variable Files + +If you want to apply the installation using an input variable file, such as [default.tfvars](default.tfvars): -### Destroy installation +1. Navigate to the folder containing the installation configuration. +2. Run the command: + + ```sh + terraform apply --var-file=default.tfvars + ``` + +### Apply Installation Without Input Variable File + +The installation can also be applied without an input variable file. + +1. Ensure Terraform initialization is done as mentioned above. +2. Optionally, check the outcome by running `terraform plan`. +3. Apply the Terraform configuration: + + ```sh + cd + terraform plan + terraform apply + ``` -If seeking to apply the installation without using an input variable file. +### Destroy Installation Without Input Variable File + +To destroy the installation without using an input variable file: 1. Navigate to the folder containing the installation configuration. 2. Run the command: - ```shell + ```sh terraform destroy ``` -## Commenting strategy +### Destroy Using Input Variable Files + +If you want to destroy the installation configuration using an input variable file, such as [default.tfvars](default.tfvars): + +1. Navigate to the folder containing the installation configuration. +2. Run the command: + + ```sh + terraform destroy --var-file=default.tfvars + ``` + +## Commenting Strategy -All Turbot policies used by the installation will have a link to the official Turbot Mods documentation. +All Turbot policies used in the installation include links to the official Turbot Mods documentation. -Opening the links will give you further details about: +These links provide further details about: - The purpose of the policy - Policy URI name - Parent information - Category information - Target information -- All valid values \ No newline at end of file +- All valid values diff --git a/baselines/gcp/gcp_service_enabled/README.md b/baselines/gcp/gcp_service_enabled/README.md index e6d24d034..4c846154c 100644 --- a/baselines/gcp/gcp_service_enabled/README.md +++ b/baselines/gcp/gcp_service_enabled/README.md @@ -1,22 +1,121 @@ -# GCP Services Baseline +# GCP Service Enabled Policies -Turbot GCP Services baseline provides a Terraform configuration to enable or disable GCP services in Turbot. +The GCP Baseline Policies provide a minimal set of example policies and services to get started with Google Cloud Platform (GCP) in Turbot Guardrails. These policies focus on enabling essential services and APIs. -- Service names must match the services listed under the `policy_map`. +## Getting Started -## Prerequisites +### Requirements -To run the GCP Services baseline, you must have: +- [Terraform](https://developer.hashicorp.com/terraform/install) - - [Terraform](https://www.terraform.io) Version 12 - - [Turbot Terraform Provider](https://github.com/turbotio/terraform-provider-turbot) - - [Credentials](https://turbot.com/v5/docs/reference/cli/installation#setup-your-turbot-credentials) Configured to connect to your Turbot workspace and AWS account +### Credentials -## Running the Baseline +To install GCP mods using Terraform: -To run the GCP Services baseline: +- Ensure you have `Turbot/Owner` permissions (or higher) in Guardrails. +- [Create access keys](https://turbot.com/guardrails/docs/guides/iam/access-keys#generate-a-new-guardrails-api-access-key) in Guardrails. - - Go to the GCP services baseline directory in the repository with `cd gcp_services` - - Update `target_resource` in `default.tfvars` - - Run `terraform plan -var-file=default.tfvars` to review the changes to be applied - - Run `terraform apply -var-file=default.tfvars` to apply the changes +Then set your credentials: + +```sh +export TURBOT_WORKSPACE=myworkspace.acme.com +export TURBOT_ACCESS_KEY=acce6ac5-access-key-here +export TURBOT_SECRET_KEY=a8af61ec-secret-key-here +``` + +Please see [Turbot Guardrails Provider authentication](https://registry.terraform.io/providers/turbot/turbot/latest/docs#authentication) for additional authentication methods. + +## Usage + +### Initialize Terraform + +1. Navigate to the `gcp_service_enabled` folder. +2. Run the command: + + ```sh + terraform init + ``` + +### Deploying Default Example + +1. Navigate to the `gcp_service_enabled` folder. +2. Initialize Terraform. +3. Apply the installation using the default input variable file [default.tfvars](default.tfvars). + +On the terminal, this will look like: + +```sh +cd +terraform init +terraform apply --var-file=default.tfvars +``` + +### Input Variable Files + +Input variable files allow users to configure settings for multiple environments in different files. + +This script comes with an example input variable file called [default.tfvars](default.tfvars). + +The variables that can be overridden by the input variable files (e.g., [default.tfvars](default.tfvars)) are defined in the [variables.tf](variables.tf) file. + +For more details, see the official [Terraform documentation](https://www.terraform.io/docs/language/values/variables.html). + +### Apply Installation Using Input Variable Files + +If you want to apply the installation using an input variable file, such as [default.tfvars](default.tfvars): + +1. Navigate to the folder containing the installation configuration. +2. Run the command: + + ```sh + terraform apply --var-file=default.tfvars + ``` + +### Apply Installation Without Input Variable File + +The installation can also be applied without an input variable file. + +1. Ensure Terraform initialization is done as mentioned above. +2. Optionally, check the outcome by running `terraform plan`. +3. Apply the Terraform configuration: + + ```sh + cd + terraform plan + terraform apply + ``` + +### Destroy Installation Without Input Variable File + +To destroy the installation without using an input variable file: + +1. Navigate to the folder containing the installation configuration. +2. Run the command: + + ```sh + terraform destroy + ``` + +### Destroy Using Input Variable Files + +If you want to destroy the installation configuration using an input variable file, such as [default.tfvars](default.tfvars): + +1. Navigate to the folder containing the installation configuration. +2. Run the command: + + ```sh + terraform destroy --var-file=default.tfvars + ``` + +## Commenting Strategy + +All Turbot policies used in the installation include links to the official Turbot Mods documentation. + +These links provide further details about: + +- The purpose of the policy +- Policy URI name +- Parent information +- Category information +- Target information +- All valid values diff --git a/baselines/todo_policy_packs/aws/aws_baseline/README.md b/baselines/todo_policy_packs/aws/aws_baseline/README.md index 14c196e2d..f502d80d5 100644 --- a/baselines/todo_policy_packs/aws/aws_baseline/README.md +++ b/baselines/todo_policy_packs/aws/aws_baseline/README.md @@ -57,7 +57,7 @@ terraform apply --var-file demo.tfvars **Note** - Most of the variables in demo.tfvars are marked as `false`, as they are not part of required initial policies. This can be made `true` based on need. -- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default varialble file. +- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default variable file. ### Input variable files diff --git a/baselines/todo_policy_packs/aws/aws_check_cost_controls/README.md b/baselines/todo_policy_packs/aws/aws_check_cost_controls/README.md index 932741d4b..90adfb101 100644 --- a/baselines/todo_policy_packs/aws/aws_check_cost_controls/README.md +++ b/baselines/todo_policy_packs/aws/aws_check_cost_controls/README.md @@ -56,7 +56,7 @@ terraform apply --var-file demo.tfvars - Most of the variables in demo.tfvars are marked as `false`, as they are not part of required initial policies. This can be made `true` based on need. -- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default varialble file. +- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default variable file. ### Input variable files diff --git a/baselines/todo_policy_packs/aws/aws_check_encryption/README.md b/baselines/todo_policy_packs/aws/aws_check_encryption/README.md index cd95bcc47..437cdf31b 100644 --- a/baselines/todo_policy_packs/aws/aws_check_encryption/README.md +++ b/baselines/todo_policy_packs/aws/aws_check_encryption/README.md @@ -56,7 +56,7 @@ terraform apply --var-file demo.tfvars - Most of the variables in demo.tfvars are marked as `false`, as they are not part of required initial policies. This can be made `true` based on need. -- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default varialble file. +- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default variable file. ### Input variable files diff --git a/baselines/todo_policy_packs/aws/aws_check_public_access/README.md b/baselines/todo_policy_packs/aws/aws_check_public_access/README.md index ece47a261..508d0fed0 100644 --- a/baselines/todo_policy_packs/aws/aws_check_public_access/README.md +++ b/baselines/todo_policy_packs/aws/aws_check_public_access/README.md @@ -55,7 +55,7 @@ terraform apply --var-file demo.tfvars - Most of the variables in demo.tfvars are marked as `false`, as they are not part of required initial policies. This can be made `true` based on need. -- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default varialble file. +- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default variable file. ### Input variable files diff --git a/baselines/todo_policy_packs/aws/aws_check_regions/README.md b/baselines/todo_policy_packs/aws/aws_check_regions/README.md index 777c95e8a..e14dd2036 100644 --- a/baselines/todo_policy_packs/aws/aws_check_regions/README.md +++ b/baselines/todo_policy_packs/aws/aws_check_regions/README.md @@ -70,7 +70,7 @@ terraform apply --var-file demo.tfvars - Most of the variables in demo.tfvars are marked as `false`, as they are not part of required initial policies. This can be made `true` based on need. -- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default varialble file. +- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default variable file. ### Input variable files diff --git a/baselines/todo_policy_packs/aws/aws_check_s3/README.md b/baselines/todo_policy_packs/aws/aws_check_s3/README.md index 95d7c6e60..f67958acb 100644 --- a/baselines/todo_policy_packs/aws/aws_check_s3/README.md +++ b/baselines/todo_policy_packs/aws/aws_check_s3/README.md @@ -57,7 +57,7 @@ terraform apply --var-file demo.tfvars ``` **Note** - Most of the variables in demo.tfvars are marked as `false`, as they are not part of required initial policies. This can be made `true` based on need. -- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default varialble file. +- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default variable file. ### Input variable files diff --git a/baselines/todo_policy_packs/aws/aws_check_stack/README.md b/baselines/todo_policy_packs/aws/aws_check_stack/README.md index dc918d5ec..70f9ba4bd 100644 --- a/baselines/todo_policy_packs/aws/aws_check_stack/README.md +++ b/baselines/todo_policy_packs/aws/aws_check_stack/README.md @@ -60,7 +60,7 @@ terraform apply --var-file demo.tfvars ``` **Note** - Most of the variables in demo.tfvars are marked as `false`, as they are not part of required initial policies. This can be made `true` based on need. -- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default varialble file. +- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default variable file. ### Input variable files diff --git a/baselines/todo_policy_packs/azure/azure_baseline/README.md b/baselines/todo_policy_packs/azure/azure_baseline/README.md index cdf7df120..46eba75cc 100644 --- a/baselines/todo_policy_packs/azure/azure_baseline/README.md +++ b/baselines/todo_policy_packs/azure/azure_baseline/README.md @@ -75,7 +75,7 @@ terraform apply --var-file demo.tfvars **Note** - Most of the variables in demo.tfvars are marked as `false`, as they are not part of required initial policies. This can be made `true` based on need. -- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default varialble file. +- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default variable file. ### Input variable files diff --git a/baselines/todo_policy_packs/azure/azure_check_encryption/README.md b/baselines/todo_policy_packs/azure/azure_check_encryption/README.md index 826a4ee4f..d6d45698e 100644 --- a/baselines/todo_policy_packs/azure/azure_check_encryption/README.md +++ b/baselines/todo_policy_packs/azure/azure_check_encryption/README.md @@ -65,7 +65,7 @@ terraform apply --var-file demo.tfvars ``` **Note** - Most of the variables in demo.tfvars are marked as `false`, as they are not part of required initial policies. This can be made `true` based on need. -- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default varialble file. +- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default variable file. ### Input variable files diff --git a/baselines/todo_policy_packs/azure/azure_check_public_access/README.md b/baselines/todo_policy_packs/azure/azure_check_public_access/README.md index 9e2e502c4..dcc82c869 100644 --- a/baselines/todo_policy_packs/azure/azure_check_public_access/README.md +++ b/baselines/todo_policy_packs/azure/azure_check_public_access/README.md @@ -67,7 +67,7 @@ terraform apply --var-file demo.tfvars **Note** - Most of the variables in demo.tfvars are marked as `false`, as they are not part of required initial policies. This can be made `true` based on need. -- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default varialble file. +- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default variable file. ### Input variable files diff --git a/baselines/todo_policy_packs/azure/azure_check_regions/README.md b/baselines/todo_policy_packs/azure/azure_check_regions/README.md index 1b66d6993..270db75d0 100644 --- a/baselines/todo_policy_packs/azure/azure_check_regions/README.md +++ b/baselines/todo_policy_packs/azure/azure_check_regions/README.md @@ -110,7 +110,7 @@ terraform apply --var-file demo.tfvars **Note** - Most of the variables in demo.tfvars are marked as `false`, as they are not part of required initial policies. This can be made `true` based on need. -- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default varialble file. +- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default variable file. ### Input variable files diff --git a/baselines/todo_policy_packs/azure/azure_check_tagging/README.md b/baselines/todo_policy_packs/azure/azure_check_tagging/README.md index b51e72620..3da0938fe 100644 --- a/baselines/todo_policy_packs/azure/azure_check_tagging/README.md +++ b/baselines/todo_policy_packs/azure/azure_check_tagging/README.md @@ -61,7 +61,7 @@ terraform apply --var-file demo.tfvars **Note** - Most of the variables in demo.tfvars are marked as `false`, as they are not part of required initial policies. This can be made `true` based on need. -- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default varialble file. +- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default variable file. ### Input variable files diff --git a/baselines/todo_policy_packs/gcp/gcp_baseline/README.md b/baselines/todo_policy_packs/gcp/gcp_baseline/README.md index c118ceff4..702621d55 100644 --- a/baselines/todo_policy_packs/gcp/gcp_baseline/README.md +++ b/baselines/todo_policy_packs/gcp/gcp_baseline/README.md @@ -69,7 +69,7 @@ terraform apply --var-file demo.tfvars - Most of the variables in demo.tfvars are marked as `false`, as they are not part of required initial policies. This can be made `true` based on need. -- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default varialble file. +- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default variable file. ### Input variable files diff --git a/baselines/todo_policy_packs/gcp/gcp_check_encryption/README.md b/baselines/todo_policy_packs/gcp/gcp_check_encryption/README.md index 92e228790..b85855de8 100644 --- a/baselines/todo_policy_packs/gcp/gcp_check_encryption/README.md +++ b/baselines/todo_policy_packs/gcp/gcp_check_encryption/README.md @@ -63,7 +63,7 @@ terraform apply --var-file demo.tfvars **Note** - Most of the variables in demo.tfvars are marked as `false`, as they are not part of required initial policies. This can be made `true` based on need. -- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default varialble file. +- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default variable file. ### Input variable files diff --git a/baselines/todo_policy_packs/gcp/gcp_check_iam/README.md b/baselines/todo_policy_packs/gcp/gcp_check_iam/README.md index 5e2f843d5..0fd718372 100644 --- a/baselines/todo_policy_packs/gcp/gcp_check_iam/README.md +++ b/baselines/todo_policy_packs/gcp/gcp_check_iam/README.md @@ -57,7 +57,7 @@ terraform apply --var-file demo.tfvars **Note** - Most of the variables in demo.tfvars are marked as `false`, as they are not part of required initial policies. This can be made `true` based on need. -- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default varialble file. +- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default variable file. ### Input variable files diff --git a/baselines/todo_policy_packs/gcp/gcp_check_labeling/README.md b/baselines/todo_policy_packs/gcp/gcp_check_labeling/README.md index 49c475577..b5f2b3c37 100644 --- a/baselines/todo_policy_packs/gcp/gcp_check_labeling/README.md +++ b/baselines/todo_policy_packs/gcp/gcp_check_labeling/README.md @@ -62,7 +62,7 @@ terraform apply --var-file demo.tfvars **Note** - Most of the variables in demo.tfvars are marked as `false`, as they are not part of required initial policies. This can be made `true` based on need. -- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default varialble file. +- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default variable file. ### Input variable files diff --git a/baselines/todo_policy_packs/gcp/gcp_check_logging/README.md b/baselines/todo_policy_packs/gcp/gcp_check_logging/README.md index 74ec91763..867f11ca0 100644 --- a/baselines/todo_policy_packs/gcp/gcp_check_logging/README.md +++ b/baselines/todo_policy_packs/gcp/gcp_check_logging/README.md @@ -61,7 +61,7 @@ terraform apply --var-file demo.tfvars **Note** - Most of the variables in demo.tfvars are marked as `false`, as they are not part of required initial policies. This can be made `true` based on need. -- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default varialble file. +- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default variable file. ### Input variable files diff --git a/baselines/todo_policy_packs/gcp/gcp_check_public_access/README.md b/baselines/todo_policy_packs/gcp/gcp_check_public_access/README.md index 7e0a48937..ca913fd79 100644 --- a/baselines/todo_policy_packs/gcp/gcp_check_public_access/README.md +++ b/baselines/todo_policy_packs/gcp/gcp_check_public_access/README.md @@ -66,7 +66,7 @@ terraform apply --var-file demo.tfvars **Note** - Most of the variables in demo.tfvars are marked as `false`, as they are not part of required initial policies. This can be made `true` based on need. -- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default varialble file. +- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default variable file. ### Input variable files diff --git a/baselines/todo_policy_packs/gcp/gcp_check_regions/README.md b/baselines/todo_policy_packs/gcp/gcp_check_regions/README.md index aabbaa142..a16f6676f 100644 --- a/baselines/todo_policy_packs/gcp/gcp_check_regions/README.md +++ b/baselines/todo_policy_packs/gcp/gcp_check_regions/README.md @@ -110,7 +110,7 @@ terraform apply --var-file demo.tfvars **Note** - Most of the variables in demo.tfvars are marked as `false`, as they are not part of required initial policies. This can be made `true` based on need. -- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default varialble file. +- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default variable file. ### Input variable files diff --git a/baselines/todo_policy_packs/gcp/gcp_check_stack/README.md b/baselines/todo_policy_packs/gcp/gcp_check_stack/README.md index 3867278bd..fe0db39c4 100644 --- a/baselines/todo_policy_packs/gcp/gcp_check_stack/README.md +++ b/baselines/todo_policy_packs/gcp/gcp_check_stack/README.md @@ -60,7 +60,7 @@ terraform apply --var-file demo.tfvars ``` **Note** - Most of the variables in demo.tfvars are marked as `false`, as they are not part of required initial policies. This can be made `true` based on need. -- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default varialble file. +- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default variable file. ### Input variable files From 5689993caf73b0fc62b43e479fc08dbf8e8eb786 Mon Sep 17 00:00:00 2001 From: Venu Date: Mon, 19 Aug 2024 14:39:19 +0530 Subject: [PATCH 10/17] remove mappings, securityhub notifications, todo packs --- baselines/mappings/README.md | 10 - .../mappings/soc2/soc2-turbot-mapping.md | 41 --- .../notifications/security-hub/README.md | 236 ------------ .../security-hub/aws_elasticache.tf | 25 -- .../notifications/security-hub/aws_iam.tf | 191 ---------- .../notifications/security-hub/aws_lambda.tf | 65 ---- .../notifications/security-hub/aws_sns.tf | 19 - .../notifications/security-hub/aws_sqs.tf | 35 -- .../notifications/security-hub/aws_vpc.tf | 165 --------- .../create-watch-mutation-input.json | 7 - .../create-watch-mutation.graphql | 10 - .../security-hub/demo-disable-caching.tfvars | 3 - .../security-hub/demo-enable-caching.tfvars | 5 - .../notifications/security-hub/demo.tfvars | 1 - .../security-hub/deployment-package.zip | Bin 1841650 -> 0 bytes .../security-hub/lambda_function.py | 91 ----- .../notifications/security-hub/launch.py | 126 ------- .../notifications/security-hub/locals.tf | 11 - .../security-hub/logic/__init__.py | 3 - .../logic/account_record_collection.py | 58 --- .../notifications/security-hub/logic/cache.py | 67 ---- .../logic/raw_record_processor.py | 120 ------- .../security-hub/logic/record.py | 14 - .../security-hub/logic/security_hub.py | 299 --------------- .../security-hub/package-lambda.sh | 13 - .../notifications/security-hub/providers.tf | 21 -- .../security-hub/requirements.txt | 2 - .../security-hub/turbot_policies.tf | 91 ----- .../notifications/security-hub/variables.tf | 45 --- .../aws/aws_account_import/README.md | 28 -- .../aws/aws_account_import/default.tfvars | 14 - .../aws/aws_account_import/main.tf | 94 ----- .../turbot_service_readonly.cf.yaml | 53 --- .../turbot_service_superuser.cf.yaml | 49 --- .../aws/aws_account_import/variables.tf | 40 --- .../aws/aws_baseline/README.md | 134 ------- .../aws/aws_baseline/aws_service_enable.tf | 10 - .../aws/aws_baseline/demo.tfvars | 141 -------- .../aws_baseline/ec2_attribute_policies.tf | 8 - .../aws/aws_baseline/enable_cis.tf | 29 -- .../aws/aws_baseline/outputs.tf | 23 -- .../aws/aws_baseline/providers.tf | 12 - .../aws/aws_baseline/real_time_events.tf | 9 - .../aws/aws_baseline/regions.tf | 18 - .../aws/aws_baseline/smart_folder.tf | 5 - .../aws/aws_baseline/variables.tf | 176 --------- .../aws/aws_baseline/vpc_policies.tf | 18 - .../aws/aws_check_cost_controls/README.md | 133 ------- .../aws/aws_check_cost_controls/aws_active.tf | 50 --- .../aws/aws_check_cost_controls/demo.tfvars | 194 ---------- .../aws/aws_check_cost_controls/locals.tf | 339 ------------------ .../aws/aws_check_cost_controls/outputs.tf | 53 --- .../aws/aws_check_cost_controls/providers.tf | 12 - .../aws/aws_check_cost_controls/schedules.tf | 101 ------ .../aws_check_cost_controls/smart_folder.tf | 5 - .../aws/aws_check_cost_controls/variables.tf | 263 -------------- .../aws/aws_check_encryption/README.md | 133 ------- .../aws_check_encryption/backup_policies.tf | 20 -- .../cloudtrail_policies.tf | 10 - .../aws/aws_check_encryption/demo.tfvars | 32 -- .../aws_check_encryption/dynamodb_policies.tf | 10 - .../aws/aws_check_encryption/ec2_policies.tf | 70 ---- .../aws/aws_check_encryption/efs_policies.tf | 19 - .../elasticsearch_policies.tf | 19 - .../aws_check_encryption/kinesis_policies.tf | 32 -- .../aws/aws_check_encryption/kms_policies.tf | 9 - .../aws_check_encryption/lambda_policies.tf | 9 - .../aws/aws_check_encryption/logs_policies.tf | 9 - .../aws/aws_check_encryption/outputs.tf | 75 ---- .../aws/aws_check_encryption/providers.tf | 12 - .../aws/aws_check_encryption/rds_policies.tf | 37 -- .../aws_check_encryption/redshift_policies.tf | 10 - .../aws/aws_check_encryption/s3_policies.tf | 20 -- .../secretmanager_policies.tf | 10 - .../aws/aws_check_encryption/smart_folder.tf | 6 - .../aws/aws_check_encryption/sns_policies.tf | 9 - .../aws/aws_check_encryption/sqs_policies.tf | 10 - .../aws/aws_check_encryption/ssm_policies.tf | 10 - .../aws/aws_check_encryption/variables.tf | 117 ------ .../aws/aws_check_iam/README.md | 131 ------- .../aws/aws_check_iam/access_key_rotation.tf | 22 -- .../aws_check_iam/account_password_policy.tf | 73 ---- .../aws/aws_check_iam/demo.tfvars | 11 - .../aws_check_iam/deny_star_policy_stmt.tf | 50 --- .../group_inline_star_policy_stmt.tf | 23 -- .../aws_check_iam/group_policy_attachment.tf | 26 -- .../aws/aws_check_iam/output.tf | 130 ------- .../aws/aws_check_iam/provider.tf | 13 - .../role_inline_star_policy_stmt.tf | 23 -- .../aws_check_iam/role_policy_attachment.tf | 26 -- .../aws/aws_check_iam/role_trust_policy.tf | 58 --- .../aws/aws_check_iam/smart_folder.tf | 5 - .../user_inline_star_policy_stmt.tf | 23 -- .../aws/aws_check_iam/user_mfakey_usage.tf | 48 --- .../aws_check_iam/user_policy_attachment.tf | 26 -- .../aws/aws_check_iam/variable.tf | 198 ---------- .../aws/aws_check_logging/README.md | 137 ------- .../aws_check_logging/cloudtrail_policies.tf | 54 --- .../aws/aws_check_logging/config_policies.tf | 18 - .../aws/aws_check_logging/demo.tfvars | 10 - .../loadbalancer_policies.tf | 26 -- .../aws/aws_check_logging/output.tf | 61 ---- .../aws/aws_check_logging/provider.tf | 12 - .../aws_check_logging/redshift_policies.tf | 29 -- .../aws/aws_check_logging/s3_policies.tf | 9 - .../aws/aws_check_logging/smart_folder.tf | 6 - .../aws/aws_check_logging/variable.tf | 89 ----- .../aws/aws_check_logging/vpc_policies.tf | 17 - .../aws/aws_check_public_access/README.md | 132 ------- .../apigateway_policies.tf | 30 -- .../aws/aws_check_public_access/demo.tfvars | 22 -- .../ec2_loadbalancers_policies.tf | 101 ------ .../aws_check_public_access/ec2_policies.tf | 115 ------ .../lambda_policies.tf | 35 -- .../aws/aws_check_public_access/output.tf | 39 -- .../aws/aws_check_public_access/provider.tf | 12 - .../aws_check_public_access/rds_policies.tf | 78 ---- .../route53_policies.tf | 40 --- .../aws_check_public_access/s3_policies.tf | 51 --- .../aws_check_public_access/smart_folder.tf | 5 - .../aws_check_public_access/sns_policies.tf | 19 - .../aws_check_public_access/sqs_policies.tf | 18 - .../trusted_account_template.tf | 24 -- .../aws/aws_check_public_access/variable.tf | 83 ----- .../vpc_core_policies.tf | 34 -- .../vpc_internet_policies.tf | 36 -- .../vpc_security_policies.tf | 46 --- .../aws/aws_check_regions/README.md | 155 -------- .../approved_regions_policies.tf | 25 -- .../aws/aws_check_regions/demo.tfvars | 25 -- .../aws/aws_check_regions/locals.tf | 151 -------- .../aws/aws_check_regions/outputs.tf | 23 -- .../aws/aws_check_regions/providers.tf | 12 - .../aws/aws_check_regions/smart_folder.tf | 5 - .../aws/aws_check_regions/variables.tf | 224 ------------ .../aws/aws_check_s3/README.md | 134 ------- .../aws/aws_check_s3/demo.tfvars | 11 - .../aws/aws_check_s3/outputs.tf | 59 --- .../aws/aws_check_s3/providers.tf | 12 - .../s3_access_logging_policies.tf | 8 - .../aws/aws_check_s3/s3_active_policies.tf | 19 - .../aws/aws_check_s3/s3_approved_policies.tf | 34 -- .../aws/aws_check_s3/s3_enable_policies.tf | 17 - .../aws_check_s3/s3_encryption_policies.tf | 25 -- .../aws_check_s3/s3_permission_policies.tf | 54 --- .../aws_check_s3/s3_public_access_policies.tf | 52 --- .../aws/aws_check_s3/s3_tag_policies.tf | 58 --- .../s3_trusted_access_policies.tf | 38 -- .../aws_check_s3/s3_versioning_policies.tf | 49 --- .../aws/aws_check_s3/smart_folder.tf | 5 - .../aws/aws_check_s3/variables.tf | 90 ----- .../aws/aws_check_stack/README.md | 137 ------- .../aws_account_iam_stack_policies.tf | 40 --- .../aws/aws_check_stack/outputs.tf | 31 -- .../aws/aws_check_stack/providers.tf | 12 - .../aws/aws_check_stack/smart_folder.tf | 5 - .../tf_includes/sourcestack_policies.tf | 48 --- .../aws/aws_check_stack/variables.tf | 49 --- .../aws/aws_check_tagging/README.md | 124 ------- .../aws/aws_check_tagging/aws_tagging.tf | 81 ----- .../aws/aws_check_tagging/demo.tfvars | 9 - .../aws/aws_check_tagging/locals.tf | 268 -------------- .../aws/aws_check_tagging/outputs.tf | 19 - .../aws/aws_check_tagging/providers.tf | 12 - .../aws/aws_check_tagging/smart_folder.tf | 5 - .../aws/aws_check_tagging/variables.tf | 182 ---------- .../aws/aws_disable_cmdb/README.md | 23 -- .../aws/aws_disable_cmdb/aws_cmdb.tf | 7 - .../aws/aws_disable_cmdb/main.tf | 29 -- .../aws/aws_disable_cmdb/versions.tf | 8 - .../aws/aws_permission/README.md | 22 -- .../aws/aws_permission/default.tfvars | 7 - .../aws/aws_permission/main.tf | 40 --- .../aws/aws_permission/variables.tf | 16 - .../azure/azure-cis-v1-section5.2/README.md | 54 --- .../azure-cis-v1-section5.2/default.tfvars | 10 - .../azure/azure-cis-v1-section5.2/main.tf | 130 ------- .../azure-cis-v1-section5.2/variables.tf | 9 - .../azure/azure-cis-v1/README.md | 56 --- .../azure/azure-cis-v1/default.tfvars | 14 - .../azure/azure-cis-v1/main.tf | 17 - .../azure/azure-cis-v1/variables.tf | 130 ------- .../azure_active_directory_import/README.md | 61 ---- .../default.tfvars | 11 - .../azure_active_directory_import/main.tf | 51 --- .../variables.tf | 29 -- .../azure/azure_baseline/README.md | 152 -------- .../azure_baseline/azure_provider_enable.tf | 9 - .../azure_baseline/azure_service_enable.tf | 10 - .../azure/azure_baseline/demo.tfvars | 90 ----- .../azure/azure_baseline/enable_cis.tf | 31 -- .../azure/azure_baseline/event_polling.tf | 30 -- .../azure/azure_baseline/outputs.tf | 47 --- .../azure/azure_baseline/providers.tf | 12 - .../azure/azure_baseline/smart_folder.tf | 5 - .../azure/azure_baseline/variables.tf | 70 ---- .../azure/azure_check_cost_controls/README.md | 141 -------- .../active_policies.tf | 48 --- .../azure_check_cost_controls/demo.tfvars | 81 ----- .../azure/azure_check_cost_controls/locals.tf | 124 ------- .../azure_check_cost_controls/outputs.tf | 27 -- .../azure_check_cost_controls/providers.tf | 12 - .../schedules_policies.tf | 30 -- .../azure_check_cost_controls/smartfolder.tf | 5 - .../storage_tier_policies.tf | 7 - .../azure_check_cost_controls/variables.tf | 116 ------ .../azure/azure_check_encryption/README.md | 142 -------- .../appservice_policies.tf | 45 --- .../compute_policies.tf | 24 -- .../azure/azure_check_encryption/demo.tfvars | 1 - .../azure_check_encryption/mysql_policies.tf | 10 - .../azure/azure_check_encryption/outputs.tf | 52 --- .../postgresql_policies.tf | 10 - .../azure/azure_check_encryption/providers.tf | 12 - .../azure_check_encryption/smart_folder.tf | 5 - .../azure_check_encryption/sql_policies.tf | 10 - .../storage_policies.tf | 36 -- .../azure/azure_check_encryption/variables.tf | 72 ---- .../azure/azure_check_logging/README.md | 138 ------- .../db_threat_protection_policies.tf | 32 -- .../azure/azure_check_logging/outputs.tf | 76 ---- .../postgresql_logging_policies.tf | 53 --- .../azure/azure_check_logging/providers.tf | 12 - .../azure/azure_check_logging/smartfolder.tf | 5 - .../sql_logging_policies.tf | 35 -- .../storage_logging_policies.tf | 30 -- .../azure/azure_check_logging/variables.tf | 115 ------ .../azure/azure_check_public_access/README.md | 144 -------- .../applicationgateway_policies.tf | 23 -- .../network_policies.tf | 45 --- .../azure_check_public_access/outputs.tf | 39 -- .../azure_check_public_access/providers.tf | 12 - .../azure_check_public_access/smart_folder.tf | 5 - .../storage_policies.tf | 20 -- .../azure_check_public_access/variables.tf | 60 ---- .../azure/azure_check_regions/README.md | 187 ---------- .../approved_regions_policies.tf | 21 -- .../azure/azure_check_regions/demo.tfvars | 54 --- .../azure/azure_check_regions/locals.tf | 41 --- .../azure/azure_check_regions/outputs.tf | 23 -- .../azure/azure_check_regions/providers.tf | 12 - .../azure/azure_check_regions/smart_folder.tf | 6 - .../azure/azure_check_regions/vaiables.tf | 131 ------- .../azure/azure_check_stack/README.md | 137 ------- .../azure/azure_check_stack/outputs.tf | 27 -- .../azure/azure_check_stack/providers.tf | 12 - .../azure/azure_check_stack/smartfolder.tf | 5 - .../sub_monitor_stack_policies.tf | 33 -- .../tf_includes/sourcestack_policies.tf | 36 -- .../azure/azure_check_stack/variables.tf | 43 --- .../azure/azure_check_tagging/README.md | 138 ------- .../azure/azure_check_tagging/demo.tfvars | 56 --- .../azure/azure_check_tagging/locals.tf | 84 ----- .../azure/azure_check_tagging/outputs.tf | 19 - .../azure/azure_check_tagging/providers.tf | 12 - .../azure/azure_check_tagging/smartfolder.tf | 5 - .../azure_check_tagging/tagging_policies.tf | 73 ---- .../azure/azure_check_tagging/variables.tf | 92 ----- .../azure/azure_eventing/README.md | 60 ---- .../azure/azure_eventing/default.tfvars | 19 - .../azure/azure_eventing/main.tf | 42 --- .../azure/azure_eventing/variables.tf | 31 -- .../azure_management_group_import/README.md | 61 ---- .../default.tfvars | 11 - .../azure_management_group_import/main.tf | 52 --- .../variables.tf | 29 -- .../azure_provider_registration/README.md | 61 ---- .../default.tfvars | 24 -- .../azure/azure_provider_registration/main.tf | 17 - .../azure_provider_registration/variables.tf | 74 ---- .../azure/azure_services/README.md | 61 ---- .../azure/azure_services/default.tfvars | 21 -- .../azure/azure_services/main.tf | 17 - .../azure/azure_services/variables.tf | 86 ----- .../azure_sub_create_then_import/README.md | 65 ---- .../default.tfvars | 11 - .../azure_sub_create_then_import/main.tf | 72 ---- .../azure_sub_create_then_import/outputs.tf | 13 - .../azure_sub_create_then_import/variables.tf | 29 -- .../azure_sub_create_then_import_ro/README.md | 66 ---- .../default.tfvars | 11 - .../azure_sub_create_then_import_ro/main.tf | 117 ------ .../outputs.tf | 13 - .../variables.tf | 29 -- .../azure/azure_sub_import/README.md | 63 ---- .../azure/azure_sub_import/default.tfvars | 11 - .../azure/azure_sub_import/main.tf | 50 --- .../azure/azure_sub_import/outputs.tf | 13 - .../azure/azure_sub_import/variables.tf | 29 -- .../azure/azure_tenant_import/README.md | 60 ---- .../azure/azure_tenant_import/default.tfvars | 9 - .../azure/azure_tenant_import/main.tf | 49 --- .../azure/azure_tenant_import/variables.tf | 25 -- .../gcp/gcp_baseline/README.md | 154 -------- .../gcp/gcp_baseline/demo.tfvars | 17 - .../gcp/gcp_baseline/enable_cis_policies.tf | 17 - .../gcp/gcp_baseline/enable_policies.tf | 22 -- .../gcp/gcp_baseline/event_poller_policies.tf | 77 ---- .../gcp/gcp_baseline/locals.tf | 58 --- .../gcp/gcp_baseline/outputs.tf | 25 -- .../gcp/gcp_baseline/providers.tf | 12 - .../gcp/gcp_baseline/regions.tf | 52 --- .../gcp/gcp_baseline/smart_folder.tf | 6 - .../gcp/gcp_baseline/variables.tf | 37 -- .../gcp/gcp_check_cost_controls/README.md | 140 -------- .../active_policies.tf | 32 -- .../compute_engine_active_policies.tf | 19 - .../compute_engine_schedule_policies.tf | 32 -- .../gcp/gcp_check_cost_controls/demo.tfvars | 96 ----- .../gcp/gcp_check_cost_controls/locals.tf | 158 -------- .../network_approved_policies.tf | 27 -- .../gcp/gcp_check_cost_controls/outputs.tf | 31 -- .../gcp/gcp_check_cost_controls/providers.tf | 12 - .../gcp_check_cost_controls/smart_folder.tf | 5 - .../gcp/gcp_check_cost_controls/variables.tf | 142 -------- .../gcp/gcp_check_encryption/README.md | 140 -------- .../bigquery_encryption_policies.tf | 49 --- .../compute_engine_encryption_policies.tf | 49 --- .../dataflow_encryption_policies.tf | 25 -- .../dataproc_encryption_policies.tf | 25 -- .../kubernetes_engine_encryption_policies.tf | 50 --- .../gcp/gcp_check_encryption/outputs.tf | 67 ---- .../gcp/gcp_check_encryption/providers.tf | 12 - .../pub_sub_encryption_policies.tf | 24 -- .../gcp/gcp_check_encryption/smartfolder.tf | 5 - .../storage_encryption_policies.tf | 19 - .../gcp/gcp_check_encryption/variables.tf | 103 ------ .../gcp/gcp_check_iam/README.md | 134 ------- .../gcp/gcp_check_iam/demo.tfvars | 11 - .../gcp/gcp_check_iam/outputs.tf | 31 -- .../gcp/gcp_check_iam/providers.tf | 12 - .../service_account_key_active_policies.tf | 38 -- ...ervice_account_key_approved_policies.tf.tf | 24 -- .../service_account_trust_access_policies.tf | 28 -- .../gcp/gcp_check_iam/smart_folder.tf | 5 - .../gcp/gcp_check_iam/variables.tf | 43 --- .../gcp/gcp_check_labeling/README.md | 139 ------- .../gcp/gcp_check_labeling/demo.tfvars | 36 -- .../gcp_check_labeling/labeling_policies.tf | 59 --- .../gcp/gcp_check_labeling/locals.tf | 61 ---- .../gcp/gcp_check_labeling/outputs.tf | 19 - .../gcp/gcp_check_labeling/providers.tf | 12 - .../gcp/gcp_check_labeling/smartfolder.tf | 5 - .../gcp/gcp_check_labeling/vaiables.tf | 73 ---- .../gcp/gcp_check_logging/README.md | 138 ------- .../kubernetes_engine_policies.tf | 13 - .../network_logging_policies.tf | 62 ---- .../gcp/gcp_check_logging/outputs.tf | 31 -- .../gcp/gcp_check_logging/providers.tf | 12 - .../gcp/gcp_check_logging/smartfolder.tf | 5 - .../gcp/gcp_check_logging/sql_policies.tf | 13 - .../gcp/gcp_check_logging/variables.tf | 49 --- .../gcp/gcp_check_public_access/README.md | 143 -------- .../compute_engine_policies.tf | 39 -- .../gcp/gcp_check_public_access/locals.tf | 24 -- .../network_policies.tf | 29 -- .../gcp/gcp_check_public_access/outputs.tf | 38 -- .../gcp/gcp_check_public_access/providers.tf | 12 - .../gcp_check_public_access/smartfolder.tf | 5 - .../trusted_access_policies.tf | 27 -- .../gcp/gcp_check_public_access/variables.tf | 52 --- .../gcp/gcp_check_regions/README.md | 188 ---------- .../approved_regions_policies.tf | 50 --- .../gcp/gcp_check_regions/demo.tfvars | 73 ---- .../gcp/gcp_check_regions/locals.tf | 40 --- .../gcp/gcp_check_regions/outputs.tf | 19 - .../gcp/gcp_check_regions/providers.tf | 12 - .../gcp/gcp_check_regions/smartfolder.tf | 5 - .../gcp/gcp_check_regions/variables.tf | 80 ----- .../gcp/gcp_check_stack/README.md | 137 ------- .../gcp/gcp_check_stack/outputs.tf | 27 -- .../gcp_check_stack/project_stack_policies.tf | 32 -- .../gcp/gcp_check_stack/providers.tf | 12 - .../gcp/gcp_check_stack/smartfolder.tf | 5 - .../tf_includes/sourcestack_policies.tf | 21 -- .../gcp/gcp_check_stack/variables.tf | 42 --- .../gcp/gcp_permission/README.md | 22 -- .../gcp/gcp_permission/default.tfvars | 7 - .../gcp/gcp_permission/main.tf | 40 --- .../gcp/gcp_permission/variables.tf | 15 - .../gcp/gcp_project_import/README.md | 29 -- .../gcp/gcp_project_import/default.tfvars | 35 -- .../gcp/gcp_project_import/main.tf | 27 -- .../gcp/gcp_project_import/variables.tf | 20 -- .../gcp/gcp_services/README.md | 22 -- .../gcp/gcp_services/default.tfvars | 57 --- .../gcp/gcp_services/main.tf | 13 - .../gcp/gcp_services/variables.tf | 19 - .../todo_policy_packs/gcp/gcp_setup/README.md | 22 -- .../gcp/gcp_setup/default.tfvars | 3 - .../todo_policy_packs/gcp/gcp_setup/main.tf | 37 -- .../gcp/gcp_setup/variables.tf | 9 - 392 files changed, 19017 deletions(-) delete mode 100644 baselines/mappings/README.md delete mode 100644 baselines/mappings/soc2/soc2-turbot-mapping.md delete mode 100644 baselines/notifications/security-hub/README.md delete mode 100644 baselines/notifications/security-hub/aws_elasticache.tf delete mode 100644 baselines/notifications/security-hub/aws_iam.tf delete mode 100644 baselines/notifications/security-hub/aws_lambda.tf delete mode 100644 baselines/notifications/security-hub/aws_sns.tf delete mode 100644 baselines/notifications/security-hub/aws_sqs.tf delete mode 100644 baselines/notifications/security-hub/aws_vpc.tf delete mode 100644 baselines/notifications/security-hub/create-watch-mutation-input.json delete mode 100644 baselines/notifications/security-hub/create-watch-mutation.graphql delete mode 100644 baselines/notifications/security-hub/demo-disable-caching.tfvars delete mode 100644 baselines/notifications/security-hub/demo-enable-caching.tfvars delete mode 100644 baselines/notifications/security-hub/demo.tfvars delete mode 100644 baselines/notifications/security-hub/deployment-package.zip delete mode 100644 baselines/notifications/security-hub/lambda_function.py delete mode 100644 baselines/notifications/security-hub/launch.py delete mode 100644 baselines/notifications/security-hub/locals.tf delete mode 100644 baselines/notifications/security-hub/logic/__init__.py delete mode 100644 baselines/notifications/security-hub/logic/account_record_collection.py delete mode 100644 baselines/notifications/security-hub/logic/cache.py delete mode 100644 baselines/notifications/security-hub/logic/raw_record_processor.py delete mode 100644 baselines/notifications/security-hub/logic/record.py delete mode 100644 baselines/notifications/security-hub/logic/security_hub.py delete mode 100755 baselines/notifications/security-hub/package-lambda.sh delete mode 100644 baselines/notifications/security-hub/providers.tf delete mode 100644 baselines/notifications/security-hub/requirements.txt delete mode 100644 baselines/notifications/security-hub/turbot_policies.tf delete mode 100644 baselines/notifications/security-hub/variables.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_account_import/README.md delete mode 100644 baselines/todo_policy_packs/aws/aws_account_import/default.tfvars delete mode 100644 baselines/todo_policy_packs/aws/aws_account_import/main.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_account_import/turbot_service_readonly.cf.yaml delete mode 100644 baselines/todo_policy_packs/aws/aws_account_import/turbot_service_superuser.cf.yaml delete mode 100644 baselines/todo_policy_packs/aws/aws_account_import/variables.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_baseline/README.md delete mode 100644 baselines/todo_policy_packs/aws/aws_baseline/aws_service_enable.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_baseline/demo.tfvars delete mode 100644 baselines/todo_policy_packs/aws/aws_baseline/ec2_attribute_policies.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_baseline/enable_cis.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_baseline/outputs.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_baseline/providers.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_baseline/real_time_events.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_baseline/regions.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_baseline/smart_folder.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_baseline/variables.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_baseline/vpc_policies.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_cost_controls/README.md delete mode 100644 baselines/todo_policy_packs/aws/aws_check_cost_controls/aws_active.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_cost_controls/demo.tfvars delete mode 100644 baselines/todo_policy_packs/aws/aws_check_cost_controls/locals.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_cost_controls/outputs.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_cost_controls/providers.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_cost_controls/schedules.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_cost_controls/smart_folder.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_cost_controls/variables.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_encryption/README.md delete mode 100644 baselines/todo_policy_packs/aws/aws_check_encryption/backup_policies.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_encryption/cloudtrail_policies.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_encryption/demo.tfvars delete mode 100644 baselines/todo_policy_packs/aws/aws_check_encryption/dynamodb_policies.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_encryption/ec2_policies.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_encryption/efs_policies.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_encryption/elasticsearch_policies.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_encryption/kinesis_policies.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_encryption/kms_policies.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_encryption/lambda_policies.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_encryption/logs_policies.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_encryption/outputs.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_encryption/providers.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_encryption/rds_policies.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_encryption/redshift_policies.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_encryption/s3_policies.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_encryption/secretmanager_policies.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_encryption/smart_folder.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_encryption/sns_policies.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_encryption/sqs_policies.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_encryption/ssm_policies.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_encryption/variables.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_iam/README.md delete mode 100644 baselines/todo_policy_packs/aws/aws_check_iam/access_key_rotation.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_iam/account_password_policy.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_iam/demo.tfvars delete mode 100644 baselines/todo_policy_packs/aws/aws_check_iam/deny_star_policy_stmt.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_iam/group_inline_star_policy_stmt.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_iam/group_policy_attachment.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_iam/output.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_iam/provider.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_iam/role_inline_star_policy_stmt.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_iam/role_policy_attachment.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_iam/role_trust_policy.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_iam/smart_folder.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_iam/user_inline_star_policy_stmt.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_iam/user_mfakey_usage.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_iam/user_policy_attachment.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_iam/variable.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_logging/README.md delete mode 100644 baselines/todo_policy_packs/aws/aws_check_logging/cloudtrail_policies.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_logging/config_policies.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_logging/demo.tfvars delete mode 100644 baselines/todo_policy_packs/aws/aws_check_logging/loadbalancer_policies.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_logging/output.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_logging/provider.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_logging/redshift_policies.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_logging/s3_policies.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_logging/smart_folder.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_logging/variable.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_logging/vpc_policies.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_public_access/README.md delete mode 100644 baselines/todo_policy_packs/aws/aws_check_public_access/apigateway_policies.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_public_access/demo.tfvars delete mode 100644 baselines/todo_policy_packs/aws/aws_check_public_access/ec2_loadbalancers_policies.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_public_access/ec2_policies.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_public_access/lambda_policies.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_public_access/output.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_public_access/provider.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_public_access/rds_policies.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_public_access/route53_policies.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_public_access/s3_policies.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_public_access/smart_folder.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_public_access/sns_policies.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_public_access/sqs_policies.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_public_access/trusted_account_template.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_public_access/variable.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_public_access/vpc_core_policies.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_public_access/vpc_internet_policies.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_public_access/vpc_security_policies.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_regions/README.md delete mode 100644 baselines/todo_policy_packs/aws/aws_check_regions/approved_regions_policies.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_regions/demo.tfvars delete mode 100644 baselines/todo_policy_packs/aws/aws_check_regions/locals.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_regions/outputs.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_regions/providers.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_regions/smart_folder.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_regions/variables.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_s3/README.md delete mode 100644 baselines/todo_policy_packs/aws/aws_check_s3/demo.tfvars delete mode 100644 baselines/todo_policy_packs/aws/aws_check_s3/outputs.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_s3/providers.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_s3/s3_access_logging_policies.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_s3/s3_active_policies.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_s3/s3_approved_policies.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_s3/s3_enable_policies.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_s3/s3_encryption_policies.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_s3/s3_permission_policies.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_s3/s3_public_access_policies.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_s3/s3_tag_policies.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_s3/s3_trusted_access_policies.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_s3/s3_versioning_policies.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_s3/smart_folder.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_s3/variables.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_stack/README.md delete mode 100644 baselines/todo_policy_packs/aws/aws_check_stack/aws_account_iam_stack_policies.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_stack/outputs.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_stack/providers.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_stack/smart_folder.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_stack/tf_includes/sourcestack_policies.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_stack/variables.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_tagging/README.md delete mode 100644 baselines/todo_policy_packs/aws/aws_check_tagging/aws_tagging.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_tagging/demo.tfvars delete mode 100644 baselines/todo_policy_packs/aws/aws_check_tagging/locals.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_tagging/outputs.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_tagging/providers.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_tagging/smart_folder.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_check_tagging/variables.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_disable_cmdb/README.md delete mode 100644 baselines/todo_policy_packs/aws/aws_disable_cmdb/aws_cmdb.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_disable_cmdb/main.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_disable_cmdb/versions.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_permission/README.md delete mode 100644 baselines/todo_policy_packs/aws/aws_permission/default.tfvars delete mode 100644 baselines/todo_policy_packs/aws/aws_permission/main.tf delete mode 100644 baselines/todo_policy_packs/aws/aws_permission/variables.tf delete mode 100644 baselines/todo_policy_packs/azure/azure-cis-v1-section5.2/README.md delete mode 100644 baselines/todo_policy_packs/azure/azure-cis-v1-section5.2/default.tfvars delete mode 100644 baselines/todo_policy_packs/azure/azure-cis-v1-section5.2/main.tf delete mode 100644 baselines/todo_policy_packs/azure/azure-cis-v1-section5.2/variables.tf delete mode 100644 baselines/todo_policy_packs/azure/azure-cis-v1/README.md delete mode 100644 baselines/todo_policy_packs/azure/azure-cis-v1/default.tfvars delete mode 100644 baselines/todo_policy_packs/azure/azure-cis-v1/main.tf delete mode 100644 baselines/todo_policy_packs/azure/azure-cis-v1/variables.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_active_directory_import/README.md delete mode 100644 baselines/todo_policy_packs/azure/azure_active_directory_import/default.tfvars delete mode 100644 baselines/todo_policy_packs/azure/azure_active_directory_import/main.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_active_directory_import/variables.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_baseline/README.md delete mode 100644 baselines/todo_policy_packs/azure/azure_baseline/azure_provider_enable.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_baseline/azure_service_enable.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_baseline/demo.tfvars delete mode 100644 baselines/todo_policy_packs/azure/azure_baseline/enable_cis.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_baseline/event_polling.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_baseline/outputs.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_baseline/providers.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_baseline/smart_folder.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_baseline/variables.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_check_cost_controls/README.md delete mode 100644 baselines/todo_policy_packs/azure/azure_check_cost_controls/active_policies.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_check_cost_controls/demo.tfvars delete mode 100644 baselines/todo_policy_packs/azure/azure_check_cost_controls/locals.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_check_cost_controls/outputs.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_check_cost_controls/providers.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_check_cost_controls/schedules_policies.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_check_cost_controls/smartfolder.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_check_cost_controls/storage_tier_policies.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_check_cost_controls/variables.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_check_encryption/README.md delete mode 100644 baselines/todo_policy_packs/azure/azure_check_encryption/appservice_policies.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_check_encryption/compute_policies.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_check_encryption/demo.tfvars delete mode 100644 baselines/todo_policy_packs/azure/azure_check_encryption/mysql_policies.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_check_encryption/outputs.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_check_encryption/postgresql_policies.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_check_encryption/providers.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_check_encryption/smart_folder.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_check_encryption/sql_policies.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_check_encryption/storage_policies.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_check_encryption/variables.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_check_logging/README.md delete mode 100644 baselines/todo_policy_packs/azure/azure_check_logging/db_threat_protection_policies.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_check_logging/outputs.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_check_logging/postgresql_logging_policies.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_check_logging/providers.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_check_logging/smartfolder.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_check_logging/sql_logging_policies.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_check_logging/storage_logging_policies.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_check_logging/variables.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_check_public_access/README.md delete mode 100644 baselines/todo_policy_packs/azure/azure_check_public_access/applicationgateway_policies.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_check_public_access/network_policies.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_check_public_access/outputs.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_check_public_access/providers.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_check_public_access/smart_folder.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_check_public_access/storage_policies.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_check_public_access/variables.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_check_regions/README.md delete mode 100644 baselines/todo_policy_packs/azure/azure_check_regions/approved_regions_policies.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_check_regions/demo.tfvars delete mode 100644 baselines/todo_policy_packs/azure/azure_check_regions/locals.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_check_regions/outputs.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_check_regions/providers.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_check_regions/smart_folder.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_check_regions/vaiables.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_check_stack/README.md delete mode 100644 baselines/todo_policy_packs/azure/azure_check_stack/outputs.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_check_stack/providers.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_check_stack/smartfolder.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_check_stack/sub_monitor_stack_policies.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_check_stack/tf_includes/sourcestack_policies.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_check_stack/variables.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_check_tagging/README.md delete mode 100644 baselines/todo_policy_packs/azure/azure_check_tagging/demo.tfvars delete mode 100644 baselines/todo_policy_packs/azure/azure_check_tagging/locals.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_check_tagging/outputs.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_check_tagging/providers.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_check_tagging/smartfolder.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_check_tagging/tagging_policies.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_check_tagging/variables.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_eventing/README.md delete mode 100644 baselines/todo_policy_packs/azure/azure_eventing/default.tfvars delete mode 100644 baselines/todo_policy_packs/azure/azure_eventing/main.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_eventing/variables.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_management_group_import/README.md delete mode 100644 baselines/todo_policy_packs/azure/azure_management_group_import/default.tfvars delete mode 100644 baselines/todo_policy_packs/azure/azure_management_group_import/main.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_management_group_import/variables.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_provider_registration/README.md delete mode 100644 baselines/todo_policy_packs/azure/azure_provider_registration/default.tfvars delete mode 100644 baselines/todo_policy_packs/azure/azure_provider_registration/main.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_provider_registration/variables.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_services/README.md delete mode 100644 baselines/todo_policy_packs/azure/azure_services/default.tfvars delete mode 100644 baselines/todo_policy_packs/azure/azure_services/main.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_services/variables.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_sub_create_then_import/README.md delete mode 100644 baselines/todo_policy_packs/azure/azure_sub_create_then_import/default.tfvars delete mode 100644 baselines/todo_policy_packs/azure/azure_sub_create_then_import/main.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_sub_create_then_import/outputs.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_sub_create_then_import/variables.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_sub_create_then_import_ro/README.md delete mode 100644 baselines/todo_policy_packs/azure/azure_sub_create_then_import_ro/default.tfvars delete mode 100644 baselines/todo_policy_packs/azure/azure_sub_create_then_import_ro/main.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_sub_create_then_import_ro/outputs.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_sub_create_then_import_ro/variables.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_sub_import/README.md delete mode 100644 baselines/todo_policy_packs/azure/azure_sub_import/default.tfvars delete mode 100644 baselines/todo_policy_packs/azure/azure_sub_import/main.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_sub_import/outputs.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_sub_import/variables.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_tenant_import/README.md delete mode 100644 baselines/todo_policy_packs/azure/azure_tenant_import/default.tfvars delete mode 100644 baselines/todo_policy_packs/azure/azure_tenant_import/main.tf delete mode 100644 baselines/todo_policy_packs/azure/azure_tenant_import/variables.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_baseline/README.md delete mode 100644 baselines/todo_policy_packs/gcp/gcp_baseline/demo.tfvars delete mode 100644 baselines/todo_policy_packs/gcp/gcp_baseline/enable_cis_policies.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_baseline/enable_policies.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_baseline/event_poller_policies.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_baseline/locals.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_baseline/outputs.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_baseline/providers.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_baseline/regions.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_baseline/smart_folder.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_baseline/variables.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_cost_controls/README.md delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_cost_controls/active_policies.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_cost_controls/compute_engine_active_policies.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_cost_controls/compute_engine_schedule_policies.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_cost_controls/demo.tfvars delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_cost_controls/locals.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_cost_controls/network_approved_policies.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_cost_controls/outputs.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_cost_controls/providers.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_cost_controls/smart_folder.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_cost_controls/variables.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_encryption/README.md delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_encryption/bigquery_encryption_policies.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_encryption/compute_engine_encryption_policies.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_encryption/dataflow_encryption_policies.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_encryption/dataproc_encryption_policies.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_encryption/kubernetes_engine_encryption_policies.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_encryption/outputs.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_encryption/providers.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_encryption/pub_sub_encryption_policies.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_encryption/smartfolder.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_encryption/storage_encryption_policies.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_encryption/variables.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_iam/README.md delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_iam/demo.tfvars delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_iam/outputs.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_iam/providers.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_iam/service_account_key_active_policies.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_iam/service_account_key_approved_policies.tf.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_iam/service_account_trust_access_policies.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_iam/smart_folder.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_iam/variables.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_labeling/README.md delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_labeling/demo.tfvars delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_labeling/labeling_policies.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_labeling/locals.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_labeling/outputs.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_labeling/providers.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_labeling/smartfolder.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_labeling/vaiables.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_logging/README.md delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_logging/kubernetes_engine_policies.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_logging/network_logging_policies.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_logging/outputs.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_logging/providers.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_logging/smartfolder.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_logging/sql_policies.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_logging/variables.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_public_access/README.md delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_public_access/compute_engine_policies.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_public_access/locals.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_public_access/network_policies.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_public_access/outputs.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_public_access/providers.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_public_access/smartfolder.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_public_access/trusted_access_policies.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_public_access/variables.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_regions/README.md delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_regions/approved_regions_policies.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_regions/demo.tfvars delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_regions/locals.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_regions/outputs.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_regions/providers.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_regions/smartfolder.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_regions/variables.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_stack/README.md delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_stack/outputs.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_stack/project_stack_policies.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_stack/providers.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_stack/smartfolder.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_stack/tf_includes/sourcestack_policies.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_check_stack/variables.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_permission/README.md delete mode 100644 baselines/todo_policy_packs/gcp/gcp_permission/default.tfvars delete mode 100644 baselines/todo_policy_packs/gcp/gcp_permission/main.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_permission/variables.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_project_import/README.md delete mode 100755 baselines/todo_policy_packs/gcp/gcp_project_import/default.tfvars delete mode 100644 baselines/todo_policy_packs/gcp/gcp_project_import/main.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_project_import/variables.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_services/README.md delete mode 100644 baselines/todo_policy_packs/gcp/gcp_services/default.tfvars delete mode 100644 baselines/todo_policy_packs/gcp/gcp_services/main.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_services/variables.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_setup/README.md delete mode 100644 baselines/todo_policy_packs/gcp/gcp_setup/default.tfvars delete mode 100644 baselines/todo_policy_packs/gcp/gcp_setup/main.tf delete mode 100644 baselines/todo_policy_packs/gcp/gcp_setup/variables.tf diff --git a/baselines/mappings/README.md b/baselines/mappings/README.md deleted file mode 100644 index 8785d530e..000000000 --- a/baselines/mappings/README.md +++ /dev/null @@ -1,10 +0,0 @@ -# Mappings - -Turbot Control Mappings provide guidance of linking Turbot features to common control frameworks. Mappings are provided in markdown to collaborate through our TDK. Turbot has csv/xlsx versions as well. As our mappings grow, we will continue to add policy baselines and reports supporting them. Please feel free to contribute through the TDK or reach out to connect@turbot.com to collaborate. - -## Current Mappings - -| Mappings | Path | Description | -| --------------------------- | ------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------- | -| SOC2 | [SOC2](./soc2) | SOC2 Trust Criteria + COSO Principles | - diff --git a/baselines/mappings/soc2/soc2-turbot-mapping.md b/baselines/mappings/soc2/soc2-turbot-mapping.md deleted file mode 100644 index 62df04ec5..000000000 --- a/baselines/mappings/soc2/soc2-turbot-mapping.md +++ /dev/null @@ -1,41 +0,0 @@ -# SOC2 Mapping - -There are 33 primary SOC2 controls, while many are satisfied by organizational policies & procedures, 60% are technical controls which require ongoing evidence your organization is in adherence. Below is a full mapping to SOC2 Controls, COSO Principles, and Turbot Features - -## Current Mappings - -| Category | SOC2 TSC Ref. # | COSO Principle | Criteria Summary | Turbot Feature Mapping | Control Example | -|-|-|-|-|-|-| -| Control Environment | CC1.1 | COSO Principle 1 | The entity demonstrates a commitment to integrity and ethical values. | Non Technical Control - Internal Organizational Procedure | e.g. Code of Conduct Policy | -| Control Environment | CC1.2 | COSO Principle 2 | The board of directors demonstrates independence from management and exercises oversight of the development and performance of internal control. | Non Technical Control - Internal Organizational Procedure | e.g. Org Chart, Roles & Responsibilities | -| Control Environment | CC1.3 | COSO Principle 3 | Management establishes, with board oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives. | Non Technical Control - Internal Organizational Procedure | e.g. Org Chart, Roles & Responsibilities | -| Control Environment | CC1.4 | COSO Principle 4 | The entity demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives. | Non Technical Control - Internal Organizational Procedure | e.g. HR hire processes, job descriptions, background checks | -| Control Environment | CC1.5 | COSO Principle 5 | The entity holds individuals accountable for their internal control responsibilities in the pursuit of objectives. | Non Technical Control - Internal Organizational Procedure | e.g. security awareness training, performance evaluation | -| Communication & Information | CC2.1 | COSO Principle 13 | The entity obtains or generates and uses relevant, quality information to support the functioning of internal control. | [Turbot Cloud](https://turbot.com/v5) for continuous security monitoring | e.g. Turbot as a platform provides the mechanism for continuous governance, security, and compliance monitoring | -| Communication & Information | CC2.2 | COSO Principle 14 | The entity internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of internal control. | Non Technical Control - Internal Organizational Procedure | e.g. Acceptable Use Policy | -| Communication & Information | CC2.3 | COSO Principle 15 | The entity communicates with external parties regarding matters affecting the functioning of internal control. | Non Technical Control - [Turbot Privacy Policy](https://turbot.com/legal/privacy), [Turbot Master Subscription Agreement (MSA)](https://turbot.com/legal/msa) | e.g. Vendor agreements | -| Risk Assessment | CC3.1 | COSO Principle 6 | The entity specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives. | Non Technical Control - Internal Organizational Procedure | e.g. Risk assessment program, policies, register | -| Risk Assessment | CC3.2 | COSO Principle 7 | The entity identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed. | Non Technical Control - Internal Organizational Procedure | e.g. Risk assessment program, policies, register | -| Risk Assessment | CC3.3 | COSO Principle 8 | The entity considers the potential for fraud in assessing risks to the achievement of objectives. | Non Technical Control - Internal Organizational Procedure | e.g. Risk assessment program, policies, register | -| Risk Assessment | CC3.4 | COSO Principle 9 | The entity identifies and assesses changes that could significantly impact the system of internal control. | Non Technical Control - Internal Organizational Procedure | e.g. Risk assessment program, policies, register | -| Monitoring Activities | CC4.1 | COSO Principle 16 | The entity selects, develops, and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning. | [Turbot Stacks](https://turbot.com/v5/docs/concepts/guardrails/configured); [Turbot Active](https://turbot.com/v5/docs/concepts/guardrails/active); [Turbot Approved](https://turbot.com/v5/docs/concepts/guardrails/approved) Controls | e.g. Core infrastructure components managing customer data are deployed with Turbot Stacks for continuous configuration management, any configuration drift will be set back to desired state automatically. Other configurations are ensured through Turbot policies e.g. AWS > RDS > DB Instance > Active > Last Modified, AWS > RDS > DB Instance > Approved > Usage (checking on Status) | -| Monitoring Activities | CC4.2 | COSO Principle 17 | The entity evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate. | [Turbot Controls](https://turbot.com/v5/docs/concepts/controls) + [Turbot Notifications](https://turbot.com/v5/docs/concepts/notifications) | e.g. Turbot controls in check mode provide instant awareness when changes are OK or in ALARM. Turbot controls in enforce mode provide instant awareness + immediate remediation back to a compliant state. Notifications are visualized in the console, queried through the API or streamed out to various communication endpoints (e.g. Slack, Teams, JIRA, ServiceNow) | -| Control Activities | CC5.1 | COSO Principle 10 | The entity selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels. | Non Technical Control - Internal Organizational Procedure | e.g. Risk assessment program, policies, register | -| Control Activities | CC5.2 | COSO Principle 11 | The entity also selects and develops general control activities over technology to support the achievement of objectives. | [Turbot Policy](https://turbot.com/v5/docs/concepts/policies) + [Turbot Controls](https://turbot.com/v5/docs/concepts/controls) | e.g. policy settings provide the objectives, controls test/audit for compliance. AWS > ECR > Repository > Approved > Usage (image scanning use); results of Approved or Not approved usage based on condition | -| Control Activities | CC5.3 | COSO Principle 12 | The entity deploys control activities through policies that establish what is expected and in procedures that put policies into action. | [Turbot Policy](https://turbot.com/v5/docs/concepts/policies) + [Turbot Controls](https://turbot.com/v5/docs/concepts/controls) | e.g. policy settings provide the objectives, controls test/audit for compliance. | -| Logical & Physical Access Controls | CC6.1 | | The entity implements logical access security software, infrastructure, and architectures over protected information assets to protect them from security events to meet the entity's objectives. | [Turbot Permission Management](https://turbot.com/v5/docs/concepts/iam/permissions) + [RBAC time based grants](https://turbot.com/v5/docs/integrations/aws/permissions), Turbot IAM [Roles, Users, Groups, Policies] [Approved](https://turbot.com/v5/docs/concepts/guardrails/approved) | e.g. Turbot's Permission management features provide capabilities for managing authentication of users, as well as authorization to cloud services and resources. Turbot integrates with the company directory to associate time based, role based access controls (RBAC) to specific resources. Additional controls to expire profiles, access keys, passwords, policy attachments, etc provide over permissive access into critical environments. e.g. AWS > IAM > Access Key > Active (enforce 90 days expiration); AWS > IAM > Role > Policy Attachments > Approved (ensure no changes to permissions occur); AWS > IAM > User > Approved (ensure user has MFA associated). | -| Logical & Physical Access Controls | CC6.2 | | Prior to issuing system credentials and granting system access, the entity registers and authorizes new internal and external users whose access is administered by the entity. For those users whose access is administered by the entity, user system credentials are removed when user access is no longer authorized. | [Turbot Permission Management](https://turbot.com/v5/docs/concepts/iam/permissions) + [RBAC time based grants](https://turbot.com/v5/docs/integrations/aws/permissions)| e.g. expiration of granted permissions provides protection for time limited access, along with directory integration will sync to block profiles no longer available to access the system | -| Logical & Physical Access Controls | CC6.3 | | The entity authorizes, modifies, or removes access to data, software, functions, and other protected information assets based on roles, responsibilities, or the system design and changes, giving consideration to the concepts of least privilege and segregation of duties, to meet the entity’s objectives. | [Turbot Permission Management](https://turbot.com/v5/docs/concepts/iam/permissions) + [RBAC time based grants](https://turbot.com/v5/docs/integrations/aws/permissions), Turbot IAM [Roles, Users, Groups, Policies] [Approved](https://turbot.com/v5/docs/concepts/guardrails/approved) | e.g. activation of granted permissions provides the mechanism to pre-approve on time limited duration, coupled with time limited activation of those permissions provides a process to limit access in time of need and periodic review of permissions granted | -| Logical & Physical Access Controls | CC6.4 | | The entity restricts physical access to facilities and protected information assets (for example, data center facilities, backup media storage, and other sensitive locations) to authorized personnel to meet the entity’s objectives. | [Inherited Control from Cloud Provider](https://aws.amazon.com/compliance/soc-faqs/) | e.g. Physical Security controls are the responsibility of the Cloud Provider; inherited control | -| Logical & Physical Access Controls | CC6.5 | | The entity discontinues logical and physical protections over physical assets only after the ability to read or recover data and software from those assets has been diminished and is no longer required to meet the entity’s objectives. | [Turbot Active](https://turbot.com/v5/docs/concepts/guardrails/active) Controls | e.g. lifecycle policies can be set on data retention of volumes, snapshots, etc. AWS > EC2 > Snapshots > Active > Age (delete after x days) | -| Logical & Physical Access Controls | CC6.6 | | The entity implements logical access security measures to protect against threats from sources outside its system boundaries. | [Turbot Lockdown](https://turbot.com/v5/docs/integrations/aws/permissions#lockdown-and-boundary-policies) Policies + [Turbot Trusted Access](https://turbot.com/v5/docs/concepts/guardrails/trusted-access) Policies + Turbot Networking Policies | e.g. Turbot Lockdown policies provide preventative controls to block high risk or unapproved actions from occurring e.g. AWS > Turbot > Permissions > Lockdown > Region Boundary (block actions in unapproved regions), AWS > S3 > Permissions > Levels > ACL Administration (set to disable). Turbot Trusted Access Policies define whom and what you trust and enforce those limitations on your cloud resources e.g. {Provider} > {Service} > {Resource} > Policy > Trusted Access to Accounts, Orgs, Identity Providers, Services, etc. Additional controls for networking to prevent public routing, firewall rules exposing public ingress; AWS > VPC > Security Group > Ingress Rules > Approved (approve/reject criteria for ports, CIDRs, bitmask, etc.) | -| Logical & Physical Access Controls | CC6.7 | | The entity restricts the transmission, movement, and removal of information to authorized internal and external users and processes, and protects it during transmission, movement, or removal to meet the entity’s objectives. | [Turbot Encryption at Rest](https://turbot.com/v5/docs/concepts/guardrails/encryption-at-rest) and [Encryption in Transit](https://turbot.com/v5/docs/concepts/guardrails/encryption-in-transit) Policies | e.g. Turbot encryption policies can be set to ensure encryption in transit or at rest are configured; AWS > S3 > Bucket > Encryption In Transit (set to enable), AWS > S3 > Bucket > Encryption at Rest (set to at least SSE enabled) | -| Logical & Physical Access Controls | CC6.8 | | The entity implements controls to prevent or detect and act upon the introduction of unauthorized or malicious software to meet the entity’s objectives. | [Turbot Approved](https://turbot.com/v5/docs/concepts/guardrails/approved) | e.g. Checking for vulnerabilities on container images; AWS > ECR > Repository > Approved > Usage (imaging scanning use); results of Approved or Not approved usage based on condition | -| System Operations | CC7.1 | | To meet its objectives, the entity uses detection and monitoring procedures to identify (1) changes to configurations that result in the introduction of new vulnerabilities, and (2) susceptibilities to newly discovered vulnerabilities. | [Turbot Reporting](https://turbot.com/v5/docs/guides/console#reports-dashboard) | e.g. Turbot Reporting provides awareness of control alarms status, resource activity changes, etc | -| System Operations | CC7.2 | | The entity monitors system components and the operation of those components for anomalies that are indicative of malicious acts, natural disasters, and errors affecting the entity's ability to meet its objectives; anomalies are analyzed to determine whether they represent security events. | [Turbot Controls](https://turbot.com/v5/docs/concepts/controls) | e.g. controls test/audit for compliance providing an alarm status for whether the policy is being adhered to. Controls are reported for review, or Turbot is set to enforce immediately to close any known incidents | -| System Operations | CC7.3 | | The entity evaluates security events to determine whether they could or have resulted in a failure of the entity to meet its objectives (security incidents) and, if so, takes actions to prevent or address such failures. | [Turbot Policy](https://turbot.com/v5/docs/concepts/policies) + [Turbot Controls](https://turbot.com/v5/docs/concepts/controls) | e.g. periodic review of control health and activities provides feedback for ongoing improvement on policy settings | -| System Operations | CC7.4 | | The entity responds to identified security incidents by executing a defined incident response program to understand, contain, remediate, and communicate security incidents, as appropriate. | [Turbot Policy](https://turbot.com/v5/docs/concepts/policies) + [Turbot Controls](https://turbot.com/v5/docs/concepts/controls) | e.g. Turbot controls in check mode provide instant awareness when changes are OK or in ALARM. Turbot controls in enforce mode provide instant awareness + immediate remediation back to a compliant state. This will ensure issues are closed within SLA. | -| System Operations | CC7.5 | | The entity identifies, develops, and implements activities to recover from identified security incidents. | [Turbot Policy](https://turbot.com/v5/docs/concepts/policies) + [Turbot Controls](https://turbot.com/v5/docs/concepts/controls) | e.g. policies for HA, redundancy, backups can be set to ensure fault tolerance is in place. | -| Change Management | CC8.1 | | The entity authorizes, designs, develops or acquires, configures, documents, tests, approves, and implements changes to infrastructure, data, software, and procedures to meet its objectives. | [Turbot Notifications](https://turbot.com/v5/docs/concepts/notifications) | e.g. any changes in Turbot, AWS, Azure and GCP are captured in the audit trail. Versioning of Turbot configurations occurs through the company version control system | -| Risk Mitigation | CC9.1 | | The entity identifies, selects, and develops risk mitigation activities for risks arising from potential business disruptions. | Non Technical Control - Internal Organizational Procedure | e.g. Risk assessment program, policies, register; Business Continuity Plan | -| Risk Mitigation | CC9.2 | | The entity assesses and manages risks associated with vendors and business partners. | Non Technical Control - Internal Organizational Procedure | e.g. Vendor management policy | \ No newline at end of file diff --git a/baselines/notifications/security-hub/README.md b/baselines/notifications/security-hub/README.md deleted file mode 100644 index 3be519e6f..000000000 --- a/baselines/notifications/security-hub/README.md +++ /dev/null @@ -1,236 +0,0 @@ -# Turbot Firehouse to Security Hub - -Security Hub gives account owners and engineers a single point of contact to view their security and compliance posture. Architects and engineers without access to the Turbot console can use this integration to receive up-to-date information about Turbot controls for their account. - -## Required Reading -- [Firehose Guide](https://turbot.com/v5/docs/guides/firehose): Provides an overview of what kind of information Turbot can deliver overall. This integration is restricted to `control_updated` notifications. - -## Architecture -The next few sections describe the overall architecture and components of the Turbot+SecurityHub Integration. - -### Services Used - -- Turbot -- Turbot Firehose -- SNS -- SQS -- Lambda -- Elasticache Memcached -- Cloudwatch Logs -- VPC - -### Connectivity Requirements - -The Security Hub Lambda must be able to talk to the following services: -- AWS Security Hub Regional Endpoints -- Memcached (inside VPC) -- SNS -- SQS -- STS - -Customers are free to use a VPC with NAT/IGWs or transit gateways. Either approach that has internet access will -work. The provided Terraform will create a new VPC with NAT/IGWs. - - -### Client -> Server Relationships -- Firehose SNS Topic -> SQS -- SQS -> Security Hub Lambda -- Security Hub Lambda -> Memcached -- Security Hub Lambda -> Cloudwatch Logs -- Security Hub Lambda -> Security Hub API Endpoints -- Security Hub Lambda -> STS API Endpoints - - -### Data Flow for a Notification - -1. AWS Managed Account -- (events) -> Turbot (Controls are updated here) -2. Turbot -- (`control_udpated` notifications as defined by Watches) -> Turbot Firehose mod -3. Turbot Firehose mod --> Firehose SNS topic -4. Firehose SNS topic --> Security Hub Queue -5. Security Hub Queue --> Security Hub Lambda -6. Security Hub Lambda -- (data transform to ASFF formatting) --> Security Hub - -### Fatal Errors - -There are a number of circumstances where this integration will discard a notification. The below conditions are -considered as terminal errors. **Any finding that encounters one of the below problems will be discarded.** - -- *Access Denied* to the target account. Typically, this is when the integration cannot assume into the specified role. -- *Invalid Access* to the target account. If Security Hub is not enabled for this account, then findings cannot be - submitted. -- *Turbot Findings are not enabled*. This happens when Security Hub is enabled, but Turbot findings are not enabled. - This integration will not submit findings into the `default` product. - -## Limitations of this Integration - -- The Turbot firehose is an event-based stream of data. As events flow into Turbot, notifications flow out through the - Firehose. If Turbot doesn't receive an event, the Firehose will never emit a notification. The implication is that - very old alarms on unchanged resources will not appear in Security Hub. Controls resulting from updated resources or - new policy settings will appear in Security Hub. Customers wishing a snapshot view of all controls should investigate - a batch-processing approach using the Turbot GraphQL API. -- Turbot Firehose emits a `control_updated` notification only when a control changes state. If a resource is updated, - but the control still stays in alarm, then no control notification will be generated. - - `ok` to `alarm`: A `control_updated` notification will be generated. - - `alarm` to `alarm`: No notification will be generated. -- Security Hub is focused exclusively on security findings. It is not a CMDB. As such, the Turbot+SecurityHub - integration will only process `control_updated` notifications. All other notification types will be discarded. -- All Security Hub findings will expire after 90 days. This integration will not refresh those findings. -- Security Hub Insights are not addressed. -- This integration will not enable/disable Turbot findings in Security Hub. - -### Where to Deploy - -Any account can host the Security Hub integration if it meets the following requirements: -- Assume permissions into a role in each managed account to import and update findings. -- Access to the SQS queue feed by the Firehose SNS topic. - -*Enterprise customers*: It is most convenient to deploy this integration, and the Turbot Firehose in the Turbot Master account. -The `turbot_superuser` role that Turbot uses to manage an account can be reused for importing Security Hub findings. - -*SaaS customers*: Deploying this integration will have to be done in a separate account. Customers can choose between -creating a new Security Hub specific role or reusing the `turbot_superuser` role. Either approach is valid and depends -on each customer's individual situation. Deploying in the same account as the Firehose SNS is most convenient. - -### Role Configuration in Managed Accounts -A role must exist in each managed account with sufficient permissions to import and update findings in Security Hub. -The role must also allow `sts:AssumeRole` by the Security Hub integration lambda. This integration assumes a uniform role name for all managed accounts. The specified role is appended to the arn, like so: `arn:aws:iam::{account_id}:role/{role_id}`. - -Note: For customers with multiple Turbot environments hosted in separate accounts, it is possible, perhaps desirable, to send all Security Hub findings through a single integration point. Such a configuration is supported with the requirement that cross-account access be granted to the integration. Assuming the reuse of the `turbot_superuser` role, cross-account access is typically only granted to a single Turbot Master account. If this integration is servicing multiple Turbot Masters, the `turbot_superuser` role would require additional trust configuration. - -Below are the minimum permissions required to work with findings in Security Hub. - -```json -{ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "SecurityHub Submission Permissions", - "Effect": "Allow", - "Action": [ - "securityhub:UpdateFindings", - "securityhub:GetFindings", - "securityhub:BatchUpdateFindings", - "securityhub:BatchImportFindings" - ], - "Resource": "*" - }, - { - "Sid": "Assume Role", - "Effect": "Allow", - "Principal": { - "AWS": [ - "arn:aws:iam::{account_hosting_sechub_integration}:root" - ] - }, - "Action": "sts:AssumeRole", - "Condition": { - "StringEquals": { - "sts:ExternalId": "{somecleverexternalidgoeshere}" - } - } - } - ] -} -``` -External IDs are recommended but not required. Customers are free to make the Principal more specific. The above policy tries to strike a balance between usability and security, emphasizing ease of setup. - -## Installation - -The provided terraform assumes that no configuration of any kind has been done for Firehose or the SecurityHub -integration. It also assumes that no infrastructure of any kind has been deployed in the AWS account (ie, no VPC, no -subnets, etc) that will host the Turbot+SecurityHub integration. As such, customers with a configured Firehose and network infrastructure will need to adapt the Terraform to their environment. - -### Permissions Required for Integration Deployment -The user or role that deploys should have read/write permissions to the following AWS services: -- IAM - - Create User: Required for firehose configuration - - Create Role: Required for Security Hub Lambda configuration - - Create/Attach policy -- SNS -- SQS -- VPC -- Elasticache (memcached) -- Lambda -- Cloudwatch Logs - -The user that deploys should have read/write permissions to the target Turbot workspace: -- Turbot/Admin: Required to set the Firehose policies and create the watch. - -### Watches - -The default watch included in this integration looks for all `control_updated` notifications from AWS, Azure, GCP and Turbot. The -integration will filter out notifications for non-AWS platforms. For additional information about creating -Watches, see the [Turbot Notifications Guide](https://turbot.com/v5/docs/guides/firehose). - -If using multiple watches in a single workspace, ensure that each watch is performing as expected. Avoid duplication in watches where possible. - -From `create-watch-mutation-input.json`, we see the watch definition. - -```json -{ - "input": { - "resource": "tmod:@turbot/turbot#/", - "action": "tmod:@turbot/firehose-aws-sns#/action/types/router", - "filters": [ - "level:self,descendant notificationType:control_updated" - ] - } -} -``` - -### Deployment Instructions -The provided terraform utilizes AWS and Turbot credentials. Ensure that Python 3.7+, the AWS CLI and Turbot CLI tools are installed. The following steps were tested on a Linux workstation using Python 3.7 and 3.8. - -1. Configure your aws cli credentials -```shell -aws configure -``` - -2. Configure your Turbot API credentials according to the [directions](https://turbot.com/v5/docs/guides/iam/access-keys) -```shell -turbot configure --profile {profile} -``` - -3. Adapt the provided terraform to meet environmental needs. - -4. Initialize Terraform -```shell -terraform init -``` - -5. Create and populate a `.tfvars` file with the appropriate values. - -6. Generate a TF plan -```shell -terraform plan -var-file={environment}.tfvars -``` -Check the plan to ensure proper deployment. - -7. Deploy -```shell -terraform apply -var-file={environment}.tfvars -``` -The default TF will deploy the AWS resources then set the appropriate Turbot policies. - -8. Test the setup by altering controls in Turbot then checking in Security Hub for the findings to arrive. Be aware there will be some latency between when Turbot updates a control and when it shows up in Security Hub. In quiet environments, latency of 30 to 90 seconds is normal. High load on Turbot may introduce additional delay in delivery of Firehose notifications. - -### Deploying Updated Lambda code -Should you need to update the Lambda code but leave all other infrastructure intact, you can deploy a code update using the AWS CLI. From the [AWS Lambda Docs](https://docs.aws.amazon.com/lambda/latest/dg/python-package-update.html), use the following to update the Lambda code with whatever changes you've made. -```shell -package-lambda.sh -aws lambda update-function-code --function-name turbot-firehose-to-sec-hub-write-to-security-hub --zip-file fileb://deployment-package.zip -``` - - -### Decommission - -1. Destroy the TF setup -```shell -terraform destroy -var-file={environment}.tfvars -``` - -## Monitoring -Watch the Cloudwatch logs and Function Monitoring for the integration lambda `turbot-firehose-to-sec-hub-write-to-security-hub`. - -## Troubleshooting -Refer to the [Data Flow Path](#data-flow-for-a-notification) to track down which part of the path has broken down. diff --git a/baselines/notifications/security-hub/aws_elasticache.tf b/baselines/notifications/security-hub/aws_elasticache.tf deleted file mode 100644 index 69453cb92..000000000 --- a/baselines/notifications/security-hub/aws_elasticache.tf +++ /dev/null @@ -1,25 +0,0 @@ -resource "aws_elasticache_cluster" "latest_notification_cache" { - depends_on = [aws_vpc.main_vpc] - count = var.enabled_caching ? 1 : 0 - cluster_id = "turbot-firehose-to-sec-hub-latest-cache" - az_mode = "single-az" - engine = "memcached" - node_type = "cache.t3.micro" - num_cache_nodes = 1 - parameter_group_name = "default.memcached1.6" - port = 11211 - subnet_group_name = aws_elasticache_subnet_group.latest_notification_cache[0].name - security_group_ids = [aws_security_group.allow_memcached_to_lambda[0].id] - - tags = { - "Company" = "Turbot" - "Product" = "SecurityHubNotifier" - "Name" = "turbot-firehose-to-sec-hub-latest-cache" - } -} - -resource "aws_elasticache_subnet_group" "latest_notification_cache" { - count = var.enabled_caching ? 1 : 0 - name = "turbot-firehose-to-sec-hub-subnet-group" - subnet_ids = [aws_subnet.private[0].id] -} diff --git a/baselines/notifications/security-hub/aws_iam.tf b/baselines/notifications/security-hub/aws_iam.tf deleted file mode 100644 index 2978d69ed..000000000 --- a/baselines/notifications/security-hub/aws_iam.tf +++ /dev/null @@ -1,191 +0,0 @@ -data "aws_caller_identity" "current_identity" {} - -data "aws_iam_policy_document" "sns_topic_policy" { - statement { - actions = [ - "SNS:Subscribe", - "SNS:SetTopicAttributes", - "SNS:RemovePermission", - "SNS:Receive", - "SNS:Publish", - "SNS:ListSubscriptionsByTopic", - "SNS:GetTopicAttributes", - "SNS:DeleteTopic", - "SNS:AddPermission", - ] - - condition { - test = "StringEquals" - variable = "AWS:SourceOwner" - - values = [data.aws_caller_identity.current_identity.account_id] - } - - effect = "Allow" - - principals { - type = "AWS" - identifiers = ["*"] - } - - resources = [aws_sns_topic.turbot_firehose_user_sns_topic.arn] - } -} - -resource "aws_iam_user" "turbot_firehose_user" { - name = "turbot-firehose-to-sec-hub-user" - tags = { - "Company" = "Turbot" - "Product" = "SecurityHubNotifier" - } -} - -resource "aws_iam_user_policy" "turbot_firehose_user_sns_permission" { - name = "turbot-firehose-to-sec-hub-notification-topic-sns-permissions" - user = aws_iam_user.turbot_firehose_user.name - policy = <<-EOF - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "sns:Publish", - "sns:DeleteTopic", - "sns:CreateTopic", - "sns:SetTopicAttributes", - "sns:Subscribe", - "sns:ConfirmSubscription" - ], - "Resource": "${aws_sns_topic.turbot_firehose_user_sns_topic.arn}" - } - ] - } - EOF -} - -resource "aws_iam_role" "turbot_firehose_lamdba_role" { - name = "turbot-firehose-to-sec-hub-lamdba-role" - assume_role_policy = <<-EOF - { - "Version": "2012-10-17", - "Statement": [ - { - "Action": "sts:AssumeRole", - "Principal": { - "Service": "lambda.amazonaws.com" - }, - "Effect": "Allow" - } - ] - } - EOF - - tags = { - "Company" = "Turbot" - "Product" = "SecurityHubNotifier" - } -} - -resource "aws_iam_role_policy" "turbot_firehose_lamdba_role_ec2_permissions" { - name = "ec2-permissions" - role = aws_iam_role.turbot_firehose_lamdba_role.id - - policy = <<-EOF - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "ec2:CreateNetworkInterface", - "ec2:DescribeNetworkInterfaces", - "ec2:DeleteNetworkInterface", - "ec2:AssignPrivateIpAddresses", - "ec2:UnassignPrivateIpAddresses" - ], - "Resource": "*" - } - ] - } - EOF -} - -resource "aws_iam_role_policy" "turbot_firehose_lamdba_role_sqs_permissions" { - name = "sqs-permissions" - role = aws_iam_role.turbot_firehose_lamdba_role.id - - policy = <<-EOF - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:GetQueueAttributes" - ], - "Resource": "${aws_sqs_queue.turbot_firehose_notification_queue.arn}" - } - ] - } - EOF -} - -resource "aws_iam_role_policy" "turbot_firehose_lamdba_role_security_hub_permissions" { - name = "security-hub-permissions" - role = aws_iam_role.turbot_firehose_lamdba_role.id - - policy = <<-EOF - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "securityhub:GetFindings", - "securityhub:BatchUpdateFindings", - "securityhub:BatchImportFindings" - ], - "Resource": [ - "arn:aws:securityhub:${var.aws_region}:${local.account_id}:hub/default", - "arn:aws:securityhub:${var.aws_region}:${local.account_id}:product/${local.account_id}/default" - ] - } - ] - } - EOF -} - -resource "aws_iam_role_policy" "turbot_firehose_lamdba_role_cloudwatch_permissions" { - name = "cloudwatch-permissions" - role = aws_iam_role.turbot_firehose_lamdba_role.id - - policy = <<-EOF - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": "logs:CreateLogGroup", - "Resource": "arn:aws:logs:${var.aws_region}:${local.account_id}:*" - }, - { - "Effect": "Allow", - "Action": [ - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Resource": [ - "arn:aws:logs:${var.aws_region}:${local.account_id}:log-group:/aws/lambda/${local.function_name}:*" - ] - } - ] - } - EOF -} - -resource "aws_iam_access_key" "turbot_firehose_user_access_key" { - user = aws_iam_user.turbot_firehose_user.name -} diff --git a/baselines/notifications/security-hub/aws_lambda.tf b/baselines/notifications/security-hub/aws_lambda.tf deleted file mode 100644 index 31b44dd1d..000000000 --- a/baselines/notifications/security-hub/aws_lambda.tf +++ /dev/null @@ -1,65 +0,0 @@ -resource "null_resource" "create_package" { - count = var.rebuild ? 1 : 0 - # Get notified on all the actions taken by Turbot for the resources at Turbot Root level and its descendant, which have turbot.tag as `Environment:Development`. - provisioner "local-exec" { - command = "./package-lambda.sh" - } -} - -resource "aws_lambda_function" "lambda_function_for_cache" { - count = var.enabled_caching ? 1 : 0 - depends_on = [null_resource.create_package] - role = aws_iam_role.turbot_firehose_lamdba_role.arn - handler = "lambda_function.lambda_handler" - runtime = "python3.7" - filename = "deployment-package.zip" - function_name = "turbot-firehose-to-sec-hub-write-to-security-hub" - source_code_hash = base64sha256("deployment-package.zip") - description = "Transform notifications from Turbot to finding for SecurityHub" - - vpc_config { - # Every subnet should be able to reach an EFS mount target in the same Availability Zone. Cross-AZ mounts are not permitted. - subnet_ids = [aws_subnet.private[0].id] - security_group_ids = [ - aws_security_group.allow_memcached_to_lambda[0].id, - aws_security_group.permit_internet[0].id - ] - } - - environment { - variables = local.environment_variables - } - - tags = { - "Company" = "Turbot" - "Product" = "SecurityHubNotifier" - } -} - -resource "aws_lambda_function" "lambda_function_no_cache" { - count = var.enabled_caching ? 0 : 1 - depends_on = [null_resource.create_package] - role = aws_iam_role.turbot_firehose_lamdba_role.arn - handler = "lambda_function.lambda_handler" - runtime = "python3.7" - filename = "deployment-package.zip" - function_name = "turbot-firehose-to-sec-hub-write-to-security-hub" - source_code_hash = base64sha256("deployment-package.zip") - description = "Transform notifications from Turbot to finding for SecurityHub" - - environment { - variables = local.environment_variables - } - - tags = { - "Company" = "Turbot" - "Product" = "SecurityHubNotifier" - } -} - -resource "aws_lambda_event_source_mapping" "mapping" { - event_source_arn = aws_sqs_queue.turbot_firehose_notification_queue.arn - function_name = local.function_arn - maximum_batching_window_in_seconds = var.batch_window - batch_size = var.batch_size -} diff --git a/baselines/notifications/security-hub/aws_sns.tf b/baselines/notifications/security-hub/aws_sns.tf deleted file mode 100644 index d32cdab66..000000000 --- a/baselines/notifications/security-hub/aws_sns.tf +++ /dev/null @@ -1,19 +0,0 @@ -resource "aws_sns_topic" "turbot_firehose_user_sns_topic" { - name = "turbot-firehose-to-sec-hub-user-sns-topic" - display_name = "Turbot to Security Hub" - tags = { - "Company" = "Turbot" - "Product" = "SecurityHubNotifier" - } -} - -resource "aws_sns_topic_policy" "default" { - arn = aws_sns_topic.turbot_firehose_user_sns_topic.arn - policy = data.aws_iam_policy_document.sns_topic_policy.json -} - -resource "aws_sns_topic_subscription" "user_updates_sqs_target" { - topic_arn = aws_sns_topic.turbot_firehose_user_sns_topic.arn - protocol = "sqs" - endpoint = aws_sqs_queue.turbot_firehose_notification_queue.arn -} diff --git a/baselines/notifications/security-hub/aws_sqs.tf b/baselines/notifications/security-hub/aws_sqs.tf deleted file mode 100644 index e4e14cd50..000000000 --- a/baselines/notifications/security-hub/aws_sqs.tf +++ /dev/null @@ -1,35 +0,0 @@ -resource "aws_sqs_queue" "turbot_firehose_notification_queue" { - name = "turbot-firehose-to-sec-hub-notification-queue" - message_retention_seconds = 86400 - receive_wait_time_seconds = 20 - - tags = { - "Company" = "Turbot" - "Product" = "SecurityHubNotifier" - } -} - -resource "aws_sqs_queue_policy" "turbot_firehose_notification_queue_policy" { - queue_url = aws_sqs_queue.turbot_firehose_notification_queue.id - - policy = <<-POLICY - { - "Version": "2008-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Service": "sns.amazonaws.com" - }, - "Action": "sqs:SendMessage", - "Resource": "${aws_sqs_queue.turbot_firehose_notification_queue.arn}", - "Condition": { - "ArnEquals": { - "aws:SourceArn": "${aws_sns_topic.turbot_firehose_user_sns_topic.arn}" - } - } - } - ] - } - POLICY -} diff --git a/baselines/notifications/security-hub/aws_vpc.tf b/baselines/notifications/security-hub/aws_vpc.tf deleted file mode 100644 index a1a354687..000000000 --- a/baselines/notifications/security-hub/aws_vpc.tf +++ /dev/null @@ -1,165 +0,0 @@ -output "create_or_use" { - value = var.enabled_caching ? "Caching will be installed on a new VPC" : "No caching will be installed" -} - -resource "aws_vpc" "main_vpc" { - count = var.enabled_caching ? 1 : 0 - cidr_block = "192.0.0.0/26" - - tags = { - "Company" = "Turbot" - "Product" = "SecurityHubNotifier", - "Name" = "turbot-firehose-to-sec-hub-vpc" - } -} - -resource "aws_subnet" "public" { - count = var.enabled_caching ? 1 : 0 - vpc_id = aws_vpc.main_vpc[0].id - cidr_block = "192.0.0.16/28" - - tags = { - "Company" = "Turbot" - "Product" = "SecurityHubNotifier" - "Name" = "turbot-firehose-to-sec-hub-public-subnet" - } -} - -resource "aws_subnet" "private" { - count = var.enabled_caching ? 1 : 0 - vpc_id = aws_vpc.main_vpc[0].id - cidr_block = "192.0.0.0/28" - - tags = { - "Company" = "Turbot" - "Product" = "SecurityHubNotifier" - "Name" = "turbot-firehose-to-sec-hub-private-subnet" - } -} - -resource "aws_internet_gateway" "security_hub_traffic" { - count = var.enabled_caching ? 1 : 0 - vpc_id = aws_vpc.main_vpc[0].id - - tags = { - "Company" = "Turbot" - "Product" = "SecurityHubNotifier" - "Name" = "turbot-firehose-to-sec-hub-private-igw" - } -} - -resource "aws_nat_gateway" "security_hub_traffic" { - count = var.enabled_caching ? 1 : 0 - depends_on = [aws_internet_gateway.security_hub_traffic] - allocation_id = aws_eip.security_hub_traffic[0].id - subnet_id = aws_subnet.public[0].id - - tags = { - "Company" = "Turbot" - "Product" = "SecurityHubNotifier" - "Name" = "turbot-firehose-to-sec-hub-private-nat" - } -} - -resource "aws_eip" "security_hub_traffic" { - count = var.enabled_caching ? 1 : 0 - tags = { - "Company" = "Turbot" - "Product" = "SecurityHubNotifier" - "Name" = "turbot-firehose-to-sec-hub-communication-ip" - } -} - -resource "aws_route_table_association" "public" { - count = var.enabled_caching ? 1 : 0 - subnet_id = aws_subnet.public[0].id - route_table_id = aws_route_table.public[0].id -} - -resource "aws_route_table_association" "private" { - count = var.enabled_caching ? 1 : 0 - subnet_id = aws_subnet.private[0].id - route_table_id = aws_route_table.private[0].id -} - -resource "aws_route_table" "private" { - count = var.enabled_caching ? 1 : 0 - vpc_id = aws_vpc.main_vpc[0].id - - route { - cidr_block = "0.0.0.0/0" - nat_gateway_id = aws_nat_gateway.security_hub_traffic[0].id - } - - tags = { - "Company" = "Turbot" - "Product" = "SecurityHubNotifier" - "Name" = "turbot-firehose-to-sec-hub-private-route-table" - } -} - -resource "aws_route_table" "public" { - count = var.enabled_caching ? 1 : 0 - vpc_id = aws_vpc.main_vpc[0].id - - route { - cidr_block = "0.0.0.0/0" - gateway_id = aws_internet_gateway.security_hub_traffic[0].id - } - - tags = { - "Company" = "Turbot" - "Product" = "SecurityHubNotifier" - "Name" = "turbot-firehose-to-sec-hub-public-route-table" - } -} - -resource "aws_security_group" "allow_memcached_to_lambda" { - count = var.enabled_caching ? 1 : 0 - name = "turbot-firehose-to-sec-hub-allow-memcached" - description = "Allows communication to memcached from Lambda" - vpc_id = aws_vpc.main_vpc[0].id - - ingress { - description = "Communication to memcached" - from_port = 11211 - to_port = 11211 - protocol = "tcp" - cidr_blocks = [aws_vpc.main_vpc[0].cidr_block] - } - - egress { - description = "Communication from memcached" - from_port = 11211 - to_port = 11211 - protocol = "tcp" - cidr_blocks = [aws_vpc.main_vpc[0].cidr_block] - } - - tags = { - "Company" = "Turbot" - "Product" = "SecurityHubNotifier", - "Name" = "turbot-firehose-to-sec-hub-allow-memcached" - } -} - -resource "aws_security_group" "permit_internet" { - count = var.enabled_caching ? 1 : 0 - name = "turbot-firehose-to-sec-hub-permit-internet" - description = "Allows communication to the internet" - vpc_id = aws_vpc.main_vpc[0].id - - egress { - description = "Communication to internet" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] - } - - tags = { - "Company" = "Turbot" - "Product" = "SecurityHubNotifier", - "Name" = "turbot-firehose-to-sec-hub-permit-all" - } -} diff --git a/baselines/notifications/security-hub/create-watch-mutation-input.json b/baselines/notifications/security-hub/create-watch-mutation-input.json deleted file mode 100644 index ae1cfbf6c..000000000 --- a/baselines/notifications/security-hub/create-watch-mutation-input.json +++ /dev/null @@ -1,7 +0,0 @@ -{ - "input": { - "resource": "tmod:@turbot/turbot#/", - "action": "tmod:@turbot/firehose-aws-sns#/action/types/router", - "filters": ["level:self,descendant notificationType:control_updated"] - } -} diff --git a/baselines/notifications/security-hub/create-watch-mutation.graphql b/baselines/notifications/security-hub/create-watch-mutation.graphql deleted file mode 100644 index 4f662b83a..000000000 --- a/baselines/notifications/security-hub/create-watch-mutation.graphql +++ /dev/null @@ -1,10 +0,0 @@ -mutation CreateWatch($input: CreateWatchInput!) { - createWatch(input: $input) { - filters - handler - turbot { - id - resourceId - } - } -} diff --git a/baselines/notifications/security-hub/demo-disable-caching.tfvars b/baselines/notifications/security-hub/demo-disable-caching.tfvars deleted file mode 100644 index 5b8e61e6a..000000000 --- a/baselines/notifications/security-hub/demo-disable-caching.tfvars +++ /dev/null @@ -1,3 +0,0 @@ -aws_profile = "default" -aws_region = "us-east-1" -enabled_caching = false diff --git a/baselines/notifications/security-hub/demo-enable-caching.tfvars b/baselines/notifications/security-hub/demo-enable-caching.tfvars deleted file mode 100644 index 713889c30..000000000 --- a/baselines/notifications/security-hub/demo-enable-caching.tfvars +++ /dev/null @@ -1,5 +0,0 @@ -aws_profile = "default" -# TODO -# aws_region = "us-east-1" -aws_region = "eu-west-2" -rebuild = true diff --git a/baselines/notifications/security-hub/demo.tfvars b/baselines/notifications/security-hub/demo.tfvars deleted file mode 100644 index bb891daf4..000000000 --- a/baselines/notifications/security-hub/demo.tfvars +++ /dev/null @@ -1 +0,0 @@ -aws_region = "us-east-1" diff --git a/baselines/notifications/security-hub/deployment-package.zip b/baselines/notifications/security-hub/deployment-package.zip deleted file mode 100644 index 7db0afc8f99ac299fa8f863676508f5b658dccfe..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1841650 zcmagF1FR^)(k{Ae+qP}nwr$(C_pYN+r0bSyxf;R@8zE9RA)LfsY)mHRaK|H zR*(h;fdcr?Lztng^uJ&Jp9u#52f*3X#nr*Z-rmNUmW73m;omT^batV&v@^4(S5<)o z0G@_nF!+zSdO!mJf}8;Z0Q~Ps;h$ENe|jMPx7JIU=cOPZ001En008p;qE$vxSX53~ zl+MM&<^N_tS6SYEg8`-YRGG)oswBph*S0fb2*sK(4o7)}ktECm$`K{2!SAyh{cJ;4 zNT_A^_BMD3wzi131@Pv=+r!7>?c@A@f0BK!ImH`Ri#wS}vXSA~KY-j~lVaqU(^s{A=>__BKl})x1Dxn6_xrO^Iunf0BV{_~Tkp zv1Mr+9Ca3oe+CxP zi_on%vM#i+ZdL0Cf;ovNzQa9QC;k@4`8U3E+y^yWiOvPBGL8sjXyPovHBUq6Sjf(B9SRru3~3@0Mfw8Kx`~Wny<#X0=R}zzo%0`h)XF>7 z*=HP8MW{DsynLN{nyg|wf24=BF{84fMX5n4Gs@9P(0HbPG|XNp!*UX1BV6H$m8(d3 zibxtLi>nj6&VxnN3&t-JtudYfIiw8h&`}I!s&DiTRMPlBN<}3?Y0^Kr7a}3q5(sIJ z)X=K1zcwJ^XI+%3pw(=Q6&kr`1?&R2v&*b$3awlaFXV)?}~8?3)lZDgn91Jv7h165YG zB8&%(*A=KkqWNYS;N`XL6sxuzvh z(Hznx6-=8Ne_;1yh^#t&Y>yk73ojDg!KqlfC4f>CxK2YK2*FBx4^-d(+Ab>{O1YJi zEa7$Q<@s~;zWL11<-B8?NYwD>9Dn8fsSo0c2mv5cnOfJzMouXDe44!I~rXAR7vw}XS_OFi?X6Z3a=gj5XwSH~HjA7#e;`malR(i>!S6JUn0i z@DM)+iZw7|xLh0oFXz&I(h4B$#aLCqsW&25L8Z)&?1)JY_E8r0;r6QX`FJE|&E;3) z^L@97&BLp{KciSs=f+YWp^^kwW`?KUHz+f9qPm%aEbD{6@)??$-@|8UqC6WK57k0K zQ_`JXZ*A&epCtzk3*5fl0PN7e#3C041sUb*=U3#slLTix-HpvVYJmrBONI__cB9W9PZQO>#w5tNffmIt9U>;ls;H%2< zyMFFBb%~I#no@fI{?1edx;z~_)uuJeA2qLxbKk}1<>m7&l(ihm(fjnXX>vSV76NT! zr_Qk;`dqrQeE?>FvQC@BNRxcF&CgSfb^n7ep!*je1WmE#xHGz}_NYfcyG)DD>opvN zP!@23hIw7z`WF+j{{|IKczZlC&&g3CDws;(uct+Db|g^k9(X|abHO}At}*tG{!RfY zzIhhr)RnEaT?$Ohu!8SB85iVXcM-XZieP~eYbjsN-rj!GbVCujpTE>PO2DDWUDjfp zdy{v>BK+!hR&MuB%&k{viMC(Dvkz#mnY~>PLAB-d^&_0yb^rI?`z>N)|2>)g`|Jj& z_Q*2toeM^vb^=sATXqYQR}0Y?=nhSa1p?wA zT)9eqFdR1I%bJ-5bXs87aHQwAZDJbbE#nUwSSJ%N3|&I%gak@FeNoMypsBMT3$ZOL zgfW9cd+8awnva<+Dv2)CkSpbT*T)y5>e1K-DMIZOFwUGxN95Lmsb$?PSef*t5pi&c zKi#7Zd3()=Rmu`6Bi#NmvZ?9D2NpUA;6n;iUCk|ythh4r6JXVIT*Qhr$YS{nR=bv2 zXZKa#h6;VQ5Uk`_0Wwdi7rg@{_S*)$XRzjA*vK3<1dsb~g^q{}4p_8uG2P*lO^TapV2br=OdoH5oiw#MN(=}Oe!7@^w~AA7q>;5ce{L!EC1DwFjC zq|Moen)2^-am=n*g^4jt#v*EsDOw#iFJWM$B=HaZuEp9|`bJluM)5N%?A4V$IMPzp z0K+F!y(p1iS17AVo1Q2#9fgzs&;3^z4@4vr0|3CO{P!~NUuKe!S5p3O+m7{-jo;$x z*zxlVO?@4(=-bz3o!EF#nDO znZ=!i{rNTz62cgni#oxQ#UKFrOJlSRZ+hE}Cq8poyuuwHN@RxbK@G%T=&IIxV84Kh zMQoY1kK3@pVgtw@`SmQmO641s#?#@*R%261wQ?9^S7?0+V;1YN;D~#+&8`%x#l3uC zR~_*wltaP{qszNU7mvMNFf*WHEehiw-|PK$CutOO-k?!ZZwVk^uD0Sjtm@LEw(U;7 zOKPpEF&TDH2$HYT6LFKRNwr%+dTA85YnIK&`R>QGh066@bke439UCa^i*^|ktXp8L z`_wb*t$#)eI3>|RNbIIPH~&{pPd0)B{Qk&=2}mgcUqDBt<7s}eXMZmITuNc?<-`xV zkEPV_)?&COH=GfFkd5`Cw7 zk*U2LD=FW<0t|^agGNQ`k2sE3 zEB-`~AJI|iRbF|PEmE3i$k`SQ)XF%2T$>sY>*$**c*v`oD^1p%p;y4hiYB8!E3nb6 zULK$ehUiWLRzQK&2q>-dLgU6aZo{uU{l>sz-xzmegRYYJK$!B>EE)aBl*<|mSNCuj4TR0x!PVgU42P5L@6UcOY9^g+zkF1hqN{Rhg-#zm19HMKF8 zuGxBQY)(zrn0w6O71a;78xe3vAVaWN1>sN`B6TH&3BgVfpW)d6p#g&~m`ZGa{izWM z4fvxXv@z61zSOGg9DSZTi_&US#}80PhM?E`^X7Gyju0JMbu|;_xuTv|tQpUV%%Y4A zl`|OCRCL$H|LrGQ&$!((NY%g_gmx5E$q+CE%{-K&0XoN4IuZ?mPeV{h-vA#JEOenCgyHnaIC%SuzLEkuv3&X ztlneFfmAvq;IO7F2c^krI6-;oqUjTz`=!g^Gk5fLLhgW%Im02ofxn>;IAl9aa`|$Z zN7<=O5fJ{2OVXY{+F1b<0Nr&*(gIMV_h(1npN z{%XN(Pzs0n=zCHdFfjACu;hxZ z9gKOuQ*NJfhODv(JMe!opdmS0mzB6AQnz#Ja!L{;v`b|_4;0CC zPgHvESUMUQq+^VYcn@yc((-Z!%-PvE9{1)5n#?s>a8WsO2ANvrIC;f1<>6nnZjsBr z;K&UC>Mtcu)|W9n0i@Ijq1k$Fsh{X~*}(2my6KnJ@Wxchk8a9&lyx8|e}ppUF49rZSU3xY zq$MKHfSQA`mCRo1iC96i4$c-{4_Me-gt88k4wD*#F(ihX`gS>FHKD-b`(|Y+eaSFq zfjFx}+oY#r0#K%dYA5xrBf7-Wj76gZf3Q4r_*xkRAB+N4B(>MoZiVmP$*5yD?ug6X55JL(9QOq!g1Ql*!=f8d`7_VLyN| zA2>~=8-f3{1?$;Zn3oazza=mWz9L9CJlcdyLWn#-{fIk*K9fHt)$HRj*ND+GY?tES zeyYtHR^%`5K96XEQS+H5)^DykC-YaMq(GR#_x$?p=V)PR#GTD~w%kcNC%-V`mdZwb zLdAV>#sJ2g%d3^6{8U09i>7X}b2p*={_*5LomKOj^*H*R_bJ4pdu z*jbY|%Z-*O)0JR2y-B7o_!{My>`RDIGP*Eg!JL`FCh}sjHOSPkAd@G|-?=Dkw(tC^ zL>+DpB@qv06@nIRy@5iOiyW)ZTJ$Dorrel^kHN>(s=1bjd=kkPN5EjEsm;{Fx zR;xnZz_e4o`*R{XQeJN`gNNt;dv_E#V>Qk(H=Yyz1W zr!Yg*d>k}_PIP^4EV#2&sar#ahDTS>!g9mkLU@5O@|# z=@B|#q`j#x=<@boa912W9wM+W@3vX2XbP@mUyjifmJQi*wH_6nY*>S4w1kzzGY%xx zi@NG4pPx7y#+qyf4L-tywr;4=W3WjSTlE;mgN1kw&s?&@h`O>A<%Jet75uD2)3qy z%F8qWlH|k@riD%M{@SAuDvY0h+?gJ$=l=p&qe8aYNCAlP2Tc^LSv4@1Kh#Uo0kMh~ z_kyZB3wGN;Hz>%~=Jsmea$eiNHS8h;??RmQPum*qUP@_?_ao7s$!LPrVeOrjaR&B2 z9c$gQ-s?dCUs;k?&OjroXxjOD-u+m(6EqnvF<~9ccq(c*h>jMA3r4JIadW1*Rf%U@ z9&pn?v?tVY;yqNE6;`_%sgnFwN|Em$eB`)gt+JcCY(-qvpxdC{@V)9ME3Gf{@P zNxnThUE1Q=%SUD;AvZBORl1et@8k1wcJvfD2hQ=FVoTU+IHxCm8Xt$Ble4!Q%q4zv zpF|E1&--@s&3)5f9>*kXB%kZk3w{rJvSM1e29;j8 zCT*XL3Jp>SkuTMX`*m{788XRt%7^$v2QRt{@&cAiVT01F66a>9=!$TYM285vi5f>r zQi#-fbGwWK&|3;^JtCW*Pu+|Z-F+9?9l!Yb4~O6r>`AFaOazQ==rDjCgSfZMSm88bwP>B11!%K zhNfqPVEdQwoisw#zroZh>DyMMOJ(^GJ%Kuc;n4?*C|n_b-w3S*?z={mk5>$p?b(XS zP`kT5{1CfUQ!_z<=vtjqCVnpH#+VT5VqtWCk9P%jes+JqhKZO!mMXHTA@-~tc-PE6 zr`iP$xN?@HZ`$j#WE#B*Y=}aeExFet{Hm3>p`)RdkY8?tFiR>1AE8yT)T5dkWp7q~ zwNk!gkk5_-fFVFPWy)&}@mF?Itt%k4kaqMV6}Mta7&;UOjY9K8e!z?`nhP&Ks}9D2 zGZsLZ7yjh7G=RHOF)Qq=uI;`Lry%5dTjCglhK6}3Nf3)Wn_U};4Yyc;)iZ~QY zL$uBQ3WboYB98!v6eO{4m}tEqO9-X?iIHV)#c?pts!CkPSUBWR(A^o)Aa2R^D=z@2jx>40B~*=tGC*Wo`8m#0Ofn(a7dL`|-cJ8SrjX$X zbv7qA`eCIR_mVZUHbFY^P0BLaK5ZYSfu)5wB4ap*@YN&G&G^nq zTh+j7vKpYQ4F&v!PY!9+$F8Y^UMoaEnjQCS39Y(8qD=TQ{IMbY{8f_PV)|38kVFk9 zuMFBZuWQvw*KtOL$~J&D7Q@SI%xZE22N}(szTy=S_Eal?gMrBMiNd#}6B7!$G3Z~= zlgxi>Xy4zL_`rc(KCUxv2o9s%M^XwHou$b-1f>Xb`&DfkQH&h&Ae;YUrO5Mv7~Apg zV`p1`l1C{6qXWi=ItUf*fw&6HIy?{NW9`DGoPzN&&Bi6DIzBA?w#yz5(4S#u>vM*X5~F#hAl`Jx5$Gfs&4ze2p(V>TSOvh%qhiSE?=EZC z-o!&t((yL9BNTN{iA-s+PtU6ag_EJ-bY@ZZGaL`#>>bgPA!~V({zOx@D^|VRdQ6hPcZ@ z@(GtxTUzpvzIs7Xn*!H`6h7^G$su2E6&^v}MPH>2b>&_B9YLM~FEoNfB?ykB$BX29 z0xY=1P+K&W8l6WZjfAJrGiPVGhawF-)Z-Fef$)D#9ZYVIVq3P#@0mDJA?VM~=iAxq z!1Xgs186LFU!SL7Hm&R#E?TV4Zg$sqs7H`U!?}8Efq{D%X^Q|*{j$eP$+LF^>LEV+ zJ?ZkrDqSSVkSu3MV)NO3p?L46#?}L(M6wgpmzJe9aHQ6PQ6D;hcxgwW+Q5{Ri&dIQ z$kbM`&t6x>qEnQg+4Lm1-k&Vf*LLW7lHo#otMLE&0n6&ph&gQYVpc6Tx{v&&@Uap$LQKs-jB4(QO}8I{L?>+{{3ztTroF5#N{_h|fDmfQNP^6Hll!+~ z7i&EPYg-vk0>#>_0QX;h!I;mvfF>1}^F$)^GPNDqKko?fk8_&aldZA=B@%ej#?&wmY^Vd|` zwQuw|;jtRLhH70K)gmP%FVRzZjY2gWeVnj_5#iUco3xA9KW+T5+p?MW?Ix^Q(~d{05bsy=FxDGP*g*UHXN zC@Zpl@ebgSMj^g*ex?<};fb7nh-A22;(~fe7u_W!dx9oO)v%mm5_ia3Ic?Ao5aKq| zy~xY|;moF%YEt&DEOmaHOhJL_7)1r`if0z9u0_lurfp7{WNIoX+>ihcFxyj7mi>E2 z%dz4n-^(Mr8IkE;C=B(fMLET9_&U>BB_*Tb{DloI(^SlJ{Q8M5YeZ>x+Evp!*L>7x zgMNr^WX3bh$`aDR>VYS|lgq-GmXV3tqzi$mzGC7E zbJTe?VQS}Z#`Wbl80e6K1gaJY>}du|4BA_jq0Wxrl>p=uPY}ax1x@uPQW8~ddloRd zBVZg&yp1h))>3@fz(#cuK5D#qo_2B4JAv`;JV9?Vv0c+NbWT1WGxk8&Ezd2tt$bsi z_QE~U4xZPptv_-%=x-#p3A^LylHEIO*Hem}lpSkMc5ZgAV2;froCV-cETJ|3t@%t4 z_l6A8VkI!hiVEfEz(&F!k1QZ7beW zz^v|=-c@_8HrsJUdud6Tm_FF zP*W>xiEou(Ir{e~u`I@<->4yo(s+cvgXKERIz0qE+E2m+DI8t^3Yxy;D;m_Cl5h9M zJtB1WOGt-+j^9An^P79H%dGMP`21Xaz8)WY?%gZX%+ZcKJPFiMMyUVDDF;#E+e@q7 zckCTBs3;$&{G3rOYQnP2F%#HXPR78sC;Y#PQ5g9(Fjrqg=x(6YHdR4&@s&ueBzQyUz%uM8&Gb1V3l`9EoIg|B7LXF> zuq3@>mjDn;h@M{HPxW(!0uk$*w5FU@3#)m*$;xeKRnQC`K+e{lRfJRa0lI_r$<1Ms z#us~=_mOJiw-=Zm+N?0YEpE~>T!tRB_02JBEzvY2WdJ+AoF9Lb{vDrI?CHO`ln&0C zSZX$1|Hg?xj+s(d-SyzAv&I*uG@Mh{<6U=OU8nk6w36=f{OJde9^P;@p@QX|V&!MQ`#vN$uRgkR`*PRpwqG_gE{xW+=Ly!1J6bovY_}Q7or0r@(ALG) zd$F!yz&-Mnm0gP~sJ6Usaad5yjrZCyADnj<&$1?}wwKME5UsUNQ6DL#Jc$aA-cG<@ z?R@u^pUA1*7pUb%bGondWVw&EqkRRphw_zgO*(Ixd-aB}>#~72>co6K%8-k418SGk z&sdN7SYEcAIby%?#Q(+3PTH1$jnpldh;Sg3VKOq2p+084B*eN9m{Tq<1ADG6QSqqe zfURg;H=^3_RrN8Lai1$>#brk0S(_Plw_Z;wV?b6!c0p^;(7eBrRvS1B*ooKA>LccT zW~JA1ENBxTw*(Y++!V(H>dg?IdbsE+kV)(EV28JN#c#`6MXgyhZ&*JRAn7L&5?^pd z`0c_TM-J5`uN|OHyr;>9#q7NQ)GiN?*P7u}s`~2nf7SQ=Lvii(8(ui;?4iR=PSOin z3aMUeK6enj)pJaG7rzp9zQ6KLl{J;7&CW7opYr*gu~O;dOhRW%1~YoKNpvO-FEgd0j3pMs82RL~9JwKr1vBLC-agajiORTF3~ohMzw1^SLe3xy*c!cYT!yofy41 zJllhivz}r9NA!q(cAJr}--Cgctu#?{_GgM3hUUnTi!b5Q^l3q&cqxg)lcW8?w~TQA zw(1zw<}7)osvt-%5zTmg`fvde5ZxEow~t5NI+ryN5)PNtKfDOmeQV)hXcAp!O+lUH zYtZ|%AfvEh-y4wz4XAT`!wn14X^%I18D6fOnSV{Y$vqKyS+jkq@4?~5PIr6#uc9U@(t8;xq!ceL9h`yM z+z;2izf#d^SaJcevp6YJ_^T?jvSShC1kjm%)STf5(IMt9&O1L5S*}o93j!bSQToAJ z<}mAmmSLz2Ds2)A)6M z?-p-s>G<^OT1(lodQ|>GuDUaK!EL`hGNzn?5%29A3$DQge!hlkzMXY5cf91_EDg3f za5pM3JId`&o;DYzb*vlgg~!`YOUinoDb#uxOY_++ROr~*`vNZtV@Iy89Sbv^n`ITD zIoF|p@&M>BvO#p#-5F%|R3g2*sTlgUg6gV%dr_u9<|GHkS<{kJfh{3qKYg7)6ib@( zFsqElQXXv41v0xn`Ct#>kTo$s|KTCZ;=es6P##4M58^OqVsyz0TNUPflekG8kUE{; zsc1tAP^;#doq$Gg+5tKr!?(c79C`lkI!z*Etyo=|m%cPxV2;kT!-Zr{kiJQGNj<6^mUQm#z$eFh$>xbl6Lht0TDg1zFD0=z3EU>8zmC3 z0fp-&aHpCnnTE89^#F*~axGbD7c3}QKNFeh9-BdGE*@V-_57?x$9?;h9}$4*g=Cp6 z=Bb~>LF{%ZNHKymlHUVq5m;WJgr|cMM0_adDBSYN%1a2ABdNxF))@-J^KIF@OkNHz zmsbN0wD|}>{RO^M85Ki*`b?F^{LA-iyEs76lbZ%G<23{BZ< z77bmS4kWJoHVGCJ-#;neA(Z0=H}r zvlK?Ydh@lltKVtC?NAt(T~UVsaNM{Kxa`=zk49fYuj6>o<9{=M z@d#HB`~Y0VG~oN<`K9h-P7I1;^}Hj7>Ue^)+*9r~^WyA6Qxa7Zw2FyBxT@!=dg~%VH<>dGkRJ%*x3qKl?}R6{{CWwM0%nGl0wkkVO)jc!bZvKG&Xy6rx}(odd2 zc^ksG^-SUf$6Ug+WA60nVUoK+F~}~+_#I_Yf5zK!d6Usm0CC?yC3gZv>DN^=$g9ad zSHG8RfDm}w*h%w7?OB%&Ncs}QSFW||W<^etFl7D^a8<_~szSrJotJC@wsxnlh9iCe zBhAe!8zK4q>xNX4k0%(=kX}h{_1kozWpsr<(XljsH8sUJ8XTopzU`Yiz{8+L_xAev ze7t{t=8^M~?`8B1kulUFgR5VxuLlieKGh9Ob7HLxbUG4ihA^wXkD}-9R2^Nt@YB&~ z2SJF)Bh|UsyMM~Rnl;{@^D1RF|HL+A#Kj005V}o;ARd#D^w8|qn?dBMpt_;bfUXTV z^uc(pi1oy3fTzaFS{#9FJx{t8_Qk`XWjb5gZJsZdMx@N`&6qw1;j%F%Uk}-)-)PXh zZvEB!Zk!g{4kv2b9}icbFCedhe24#^fa%GMXE{Rz04SjY03iA=fKd_^mRAz_KP2w| zpNke%nd44H6G#HD><2%Cp8#i*JTyB%2o?Y#Ap!)p5M~HP7(;i@@b0bJPOUbYJ@i+x zgDK>Vl?_ad4R0^kdG@>hIUK*Et(W~#j~(@kDCNZ1{gJ;n< zwb(=vRSUv=g30ph>98AQgAen^)X<{1zE+=SsrPJTyK2Ei`S8c5Vz3%xz~HciE)%z` zTagnsm>(8m5H&0Vf{Ykm7{g9J%NdhIs_VZSZ?^EI9u3z4J=--h3RB&U;1GCGZi7_DNl;n#QLp13A=|;;aVa8)>gzhW zjsP==2;);Hc*bThVm(TwS+F=<6KuI_=vO^G<4Ap5VB|M!hw=r;dFr?$I3;&2$h_ifB8*anwu2k>n9c^se(jk<&01vor_ZADpsl z0SH>ar+#=W#j0wEcsz+sG;ZN3BW*M8&fF%nyJXLZtLn~CGH&EdezGh2+tgDy1p=gi z;m?p$N>RPk`*vOpWm1s!={stWMG)|*fK270XI)CUfvrtQcb-kLLJe)rNDDFtUc)m& zs<9dPJ7JdX#ON+O4v5^WH~lELmqbRmS178g(FFyn}rg4{ni3+y-_g69);~B4Oo4J$y7Nq)&UTyaAx0St@1wn!(7-!&d4cr z-06ml-oCu9ig&t?yx^$j=hvj$uIO`L-4b~_+~r=J%_hf7{fPbf$Yl2i{2uu+9c^Fo zuU~fF2V~%Q3LpPQZDpZX(9LUX-s&QrpB{+}^yy=f{|Qm=N0)?EYdbbCBcEGBsQ_*7 zZg5QAT1Yl?{L9m}7 zn73MKi}NgHu0{ZtosWakeaz^RtJSitCfYJ`YP07R+D<&h(@>Az*G2o|vS`n*h`>2n zIAzC2(qlV%bM5<4@nZfe2>JkOqgkiY6l;q89u2Xu>Gpo)82f#xW5*WST&zcF}wdstbS@_=n3*C$XkVuKs&2E3CI(8;+Fs zLsU5CW1IypKNmKCs2ywpFji8Mo-CTXb7Pin}n#t>orqd9@GI&{2R?th?H?2rDC}4q|)2ax4rW zNf__aT{t{~-%WBGW@UdQ@3J(OixY%aHX2|JErJJg5-Ou6rpj(0ZUFL_Flg(~9aoNg z^}Tn3dG-bFNZG;3XhcVaR;%UTaLqGe88h|B-@4*A1jYALwwkXgf6C)u&@wt-cDMt7 zOIhRaU#TDF`(NR{Q>KBuh&(z+UU087)4lcS?;LDQh@MI;Ps%Va{5zgYrzr^x)Z45d z&tm8RqC4>~Z2$HPidQ_?jGBs>&WG}bm38C|UVLuERtnk4KX>;E^LtnmI#2aJugN|VJCkBTaM+?S|xcO}e<5u9zsv_x(0psIu^nB*kfQsZr$@ zyM2jka&R#fqw5u4iH`OwuP-c2BP&~HnK20*KC1C|wk+&t;Jat!p8B0(Y*-YlYuNu9 zt2|yxHP+_~BS&eN)?G$AWdpFtCD}*VVFgn>OyBxHlXnH!M@M(fV44uFpGm?VP4kUp zfhbFIA7?9dHu(<1;<}{63@IMK;{|R%h(sD{ci~iaNvLgwmM0~7lAJW3!-o%V@ltn$ zp+%Egr4FmWByc=%-~L+Y{4rg;KF|}bKTc0A=%nCRw$W=#7~J3%x}fwvp zF7I_ukxd14fqT_R+Q%!&9eWMFew>^BxIk9-btfqL-eaL^rjMFqM?l~DMIYh+dTJSu z|Af4g_WVizmll8P=T_2-K4;)S@bsc)Z<4F~2{;ekcka%g1UF27>C-fYAGF%PdgCL} zxC?644mBV6RtJ@6ZUgbf7SF3Z~$x-m%LRx15|PrNHivcgmA9XnO{UN$pQ95vh-0Np#AUc3xv*pua0D*+1XlzNcS;I2Nn%c1fTL>VJe{_Z^f&hW>&nxS$-k=;>+eXv~e0L}b z@JBDb*fFcALe}UY@VN@QB!TuKarU1033C#{;I7E!#aE5SgFPh3m zKRfHw;6;fq>0#GhRz2nMY3ysZ=~M2)?Y<`c$gwDG>cJNUoG|CCd~7qdoWE2vv*s0s z0ps*H^h2!kI{hBPBvJ~Vgv6G6V6+1rWNbh=0g3!?u9xsP#eIw6#yubwKpm65r@EL@ z@F>VHd=hlR?dOAf7Ae48HD;9DR9;$6M!xmn%*$}#0fm+j-SGa?DC`Ei3sX{XQdtwH znL;y-DOoAla%>|kd?Q0^b1he5mRaopL5D}a=0A%D6VyjLyAO>*LmsUGOrVTPi#Vf+ zJ15UR&7|>11|*}?*_k(ibKirn;$fYZ@^R+T_jAbb4}x{|f8EmW-%C~@`3(e_E5&LH zZBi4QqJb3Bf6{+n^5=?9gP?hcmSp|0+^mXS7@_V{5!*haWy4Gna2-4AAab{CKwCmiRdr9h8{6TsR`NtMP=oD;D)^O=5#b| zkuW;hcRIg@J3U!|JSWmap6m}#qbWTXvG%4}81Zhy>rBH4-!lE7VXIM57KR_-7SkF3Hf5Pbuuk->S5luPjh9xhynV)WjU4 z_QjCjJmvvJfFR$cJFgYLqGo_N{2Az{(xjh*5=%0J7-J=2P;xwxg>=*GoLD)IqmMzz zpXYbj)o-h9at!ro>a~|(u zymqZ#;)xp5ZRLGj#>k`&-Rz5y-S8}>5K zGb60UE@~K71Bq^gj!SVb6E(o5+hueB+#A~*^zh~Gy%$a!Lzh;#>9m=yW{<;beBZkY zb5^ODAt&#k(4L#^k~Y2vkRf`)@1yGdyl^cYG()eiqqKpbt640?V>=yzWeMe&Xj&T3 zW)oGu%SKh^3i)k%Ha55Q~Oi4EGXo7%6uJp7}@a!hkP&q^obXDRq(tzg?IDohh_xI`Ds#)|&tirZU2T$} zdGq8`Lz0n&kLDNjQsw|fc(-|RaJq`3p2^^TP5?o~Wa6cX)SwzW1tZOgLFz5_qh6Xp zO9>@x_@;W|R4P?!f=aKbCW-*6X-5G>5q(8)u_)isX+|~&F979~m~>0757NY}c#u4N zO&P20Lp@w(9Y}x;;U=@U(}H7~OSH+Lgb|fF%|%741{1gB@mCPBnvUytK1BVgNu7ua z?7>UA8Wi5Gmld*mS^XM=X1p?=Me5;Ys~g6+%C`P)1iPQSMArRWWl12@0k#g-Z^`?; zq(=zusLSAFNp&;^{L-Cn#jG?*!z+a$0WEbZh88g%m~x^hLOcDuj`7u9SkdP3LI5E( zaXBN(5sX`-0*}RP)NKN&%uEuvp64e%9l`c?8|j-%EfKpur+z4iaIK8UGK^}SLwYYE zt?e>XL8DH&6;@RM;e{*0Iv!V=5>}SC^=`j7HaD-=auyu3o=*#VPDB>RS{Fij<%$mz zQ6%B$`U3G0sLZ^jUei{+jc4<7<Pggfuj(D{Y%hi3no*+Wb{JxeqNTCsQAu}_ zyWb{%8TpV8E7#5)u_I!|A8-xZ1)p&`IwoU2iHAg)f(9&E19ZQ??~sa{bbCJXzenoH zF04CSLQvSh(9620HfZId1mS|1y38}c(C|=CUVue?*+{yhrHSJj^^(ww?KRZn15N(SEQb=R9uCN59o#!L?=cB?x1fCXN6Sj< zVfZ(%CB=$MI-!AZ91tkQ3ixQ1VpJZRXl4C=7&~1wKbd22jk8&kF%ZbS$4A52u2|Zu z)hl~y6#9LH5d`|Q_;41ai-65!u;@0ns+TkbtUmwRjc!l!h$oxrG6?3dVdd}JqhD_0 z!|n#Ah6%}Z=qcOj@qD+ve{bEwfh)D2hZGE#)MVPf;A(>FWzGg68_MH?%DApd^)}2N zu#U8MgbedCjo8?_DQe0+4M+8G-N!C7Ws`KQ0E;+W^t_%K3xZlUUwuCbMjBz(F{3;D zfB{cZg1vTBjEK{4mjo^Q%A*qUsi2VNVN=Q&M;?h%d zFj6#>(~~m|3iOLiyAHBbQZ$m(V|4Wj;*w+3wBdB%W%9H1vrMdWO!J43<1=(~Pt?mW z z1Y2PQ{F}r-+W(}c;9+h@>t-@?nZ0p{%-;P zA;s{2kz=UT{&C!BPWaLG1(o^37O#<Vt#Yb8rY=(h#u;=eV7NIb`O$-Qo6=-Y-^dGfqA*70)V!|CpNALD(v zmovQ%w?>1;Et6mSQ2YP}dABZ$$Ori+rxqpl&1)j14hixaW|iizayDp^E73&bU=i}y1vJ>{aHq9!vgR<1VOjRAH5c- z-hzv5!K$XYJq`;KGN0)Y@#~U+PYe=e>ntQyWZ-K#REfZ~2iUnls|=C|5cI&ik!q!p z6-$h*X($Fy5HhyC(!DWcM6I}uTM{#TW9UTDD!DQR+qm>}hZ|N9@%Mc3HSjS!XM=;r8dYe&`in&SCCyqgTuj;J1B^iJE9 zN`bQCN+VobFmwDs5ABWI9l1S^0OayUo34a?oSF28T)MFTiJrNk4MlSCWNYjC6T=?_ z1<;MF>zmHcS5PtcG#TKN7Zd&c3zYSXyR&m}8o=5Oob$Jwq>GQ^$B5DA#|g%Vm!msF zz<4ZCoXzW<12Gry(llM@K?Pt3x(NODZf=M;xv`NhZ)`2%2X?>jNyFXWEuEu} zBTojuJwUsR3C2U}ofEU(z?fUaz`ePHW3a`3FVGB3AHd0z`2KD#+6kC=trr`PaonW= zb0BU^1f&mfmtyRnyTkDrDoSZ2SuR;gD) z7;*R9wSZ%pOuOP!0u^dhc;-3jS)t15D?Bm)zyx*7c{sGW7T1@{%cv~=2Xn^<3Rd4z z>z|{;>@SyLj}qYLJUF3dJ^pv8&^|n{3On-!2>hBbaHSg|Xx)2uOTT(6JK(TUb(ZgO zkG>pGWhvzHjE_7dTjwh;D!Zh*J&RXo&hMOfM3*aWvTxnafxw^@NfuW`+KThwi##Xl zuzuqn(P7+Q6l80hBgGh6&r}K}d9f+#L>%WtTsm>R8NCSfC6-VITGWVI>>gWuSz;v{ zsrLsvSkJoi^l>GF+%h^IAfXAYq3I{X4z zUi9iT&@sV8sM4YrYq89WW z<_{@U(_ae{BmnYZX@%xzB}Ovu^~`HH=6F{FBU@vYD~P#6LX%gY$OIiEE%%c^@uRMn zv4*jc+KgdvK6DO>^BNfTj1x-__CEV;>e>y*O1%_X2Q{)1#2EI&*x$!f(NF`Y+>ae= zIpo0F4Pdi@mJuJF=g%!52!a_RcRTFr2821F5-$|kp5bSB9;53YIR)gNY(~1Auwa$? z?SIT2EqB4&NiVq{bgLqfUDfK2IIX&(z?hgBfzNHKz+(MvUY(n)15`(|{VCX$x)_q;uhFH2iY z|8Gf7jnxyZ6uHaRm|TQpvT3Lk*a+JWq-Ge&N{Q4^WdYtl*#OJe!rmzmevuw|DMTs4 z&|+6|xNzMESqvAiX1;^jn%?s&-7D9r;>w}4rX{~{!y2cjgf(FE z%Mn0+%I9)J6kU~-g@mZqy8?e_Eq9=dlc$R|QQu6lITZqn)xhvVLwR)R9M0 zDE_=bj@sbVC2&B{kpXj#px3j&_tz7voP)tM#Eb7#l6*G=%OuTu;~aLi(&gU6N)gT} zP=A0H`x#OOLp@xbK0j{#(tOPWj~m4mhSln)X`ZF!8i|f%af&IU&(kN(-ukV;w|A<^}0!{Su;VWvJriZy8swoBh z47|w>7M6sLW3amLg#ON$j;TrW_(p^FB(~htep_=KoFR5O2M>|h6u_U}*dBtrthfz6 zZRw2%Twm;P2>inMRPCaP4ItEBKM0{U{o9p7Q-UC)X~ub}k+SLod}o>1sqTO*Q-ZGG zSSOWR5R>chL626S7~Lg5YYSU}NL?UhfF(~`0qweGjtE;0THnH%#RdabsXnf09KKuu z%<$GRI*Q{3iEq$bIQ3OEO5_2kiHl-l*h`w!R`K)}ikeM2E<_^j8 zpcQVq-Wbg3bg(CU5Z)frA` z*tUL;Hc@~puQrXL;?~W=TMwUPMEqmV^x${}S&pL3A%U99I*mngYu1s#nJEfU!d|h+ znVZyjCdu%D=gH73W;X*kQYe82d6OyFIv(~alMhG?vZ7DLL))NT+d8S2F`q;pvx736 z%o?7yPwtRdUAx54lxkP~3$xr&)3A&r5ErUjX7X`E&7>|t3rm&GPJUeCY4Et^-Qkcz zKxA)O=F_jgOd#;vB2nFd_NY$VRg%m40PFV%6ewT6Z$tWbZi??7crNwa1&tc@q+%(! zZE;AZsCJV94fgF0q+Xp|K650@s!yv#aOaU+{TLU#;_Rw>Jrk$XPG8=29JZ;{%;jP-{zi@ zc>L#RxR(=VcC}cv`ZE8G$Ib*aR=Z6S?(SRdbm)im=m5Wk7^8wxai3ot^(IRzp7oM% z%#J$ifnRSZFne^qp+XcupXMR8_GnpBUz&t6;q%n#s}_#M_@QOyI8|7|P`+(_rXtA1 zGi6>>6Hm}<>>JaYG;rQ^W(2`LN&39x^D|*GALD%K#dJ3=4bg4sXH(0=7o427-OZ_a zQDSz{J-3GX%1G{M3+4{xe>DfXoVvEx4Nx3I^Htikh)b2fROdhW8jsVPt2>h6vDEGh zz;k}i1{K_?_5A#SST)@rV1tCG>2y-kE<(LXmi?n;p@a8_ASrDLcE&9#qY4p-*=lAQ zDke56g)cKqG!y&5c^`90Xw7If&)MJB?|?n8gkXbYALD|{D=Y4nP7U+G!l?<@0YNMe z>w}nSRS=ShH~gDq`p5(v;Rgg?%x`ElE`oYY^nKEXfesgj5mZXX7s^^6OgqOlX zh#nr8oEaVlSfHItG9w@nqj)o|kai)~q6mQWAq)mmtCPJIl`1hCzw4IfI zPmz~3kuM#`QnPIkIKBdJ3Ur8-R&DcasZ?0TD6f>^eta1NmM1)qwtfvp69$49B7ap| zBtGJGe-GPo+F9CoXFYCW*XqWgYq(|V9)qIrTSr^QX67MS2JlE~i>F)c)ctY{uIrQ{kA~NGuY=k%U%`Xt*ACUE1Uo4?Ou2R{mhziiQSbGuUerYq<1!U|-uN1znn&9rOlq2u3;mFV|tN9z<7 zp7+Ylg9(;Z%G;!{gHzG3-EFsJsh&W(`%!T75bPz>p;mp>>IxA`ZEUTy>)L4Qk7#U;%p|9Bcc57zuyR_unxMNg|rW{F3 zG?ks;b@QHbV!wrf5YVb7rX#+-i(s9T$pXBqRSEt%IGr5M*5WhyUu6=a1 zjy2KZ_tSUU`kv4D$f}n*=R`-QyXHF%@SM zX~`?@D4nObsuXBa@8KMGNr#?V28?B9-!ulAl?- zCZO=Cy;EC-`?fRN0{0 z?hf9|Kku?C{Dy{LtL?6+%S!IU=T6i|nE7xy}qtREe+1%qZ5gYs@c3ea!eC z-KG_x5wJi@1bx|z34|D?j?A8|dktcq)z?XNo93Q##f>adwajpnR_&10*E1TmS@%ht zzCVg}%&)w@mO~$)Yk%FB9M5!U-oip!?!jJ0go$iscKW^fMcY zvNsR}IT|C+hm)#2V^lakw#U@G@UFb_A3(?@r~(?@3MzO(UY=6ew&0gEXVGYqFzyt= z`4`wfS6}|a+g7`tm@F7n6)8$lF9~*smM<`qu&O+!_ zi`od+eqS`#^*s#p9gaepoOD+NmS*#HD~oQz-Ijuq@a@ySzzjU z62XEZfv_eRsh5+u*f$6}ly!Gg-rOJIyiY!;I4oZ)^q#|?QY{n?k6!XHVBNLw#Va?v zaDFLmzcIAPATl|;3#;ff-&crV`<$B$$u^(u=Iy!GuMI42{Vo(tjvoDQ13%L_3z1?W zz}HvoiTSvhu9ST9QbQidVR$t0v=$UmlmV3jGp$lnST*mx7~bj7gF<8uB@jmQ zNCQo@V-=_NWL7!Ut*6RlL{)jbGePFhk7^gp#@6n{otgA1)!?6ePXuwrOEoZXo5gi; zDh?`}Jq#ETcLg(wiZa3Q14V`8z}x5UK=}o8)J*g%Y#qw_BgkiV*5e6;RCVN$m zlj^F1VIU;AMMo`<7lcW+xe-|#DAU^^`~)uiZ4+^`Id2CB6tz2nv1bSg^XV@!Hcqvp zwmu^&Vf#v2E?fY`%Q<~E=hmm_%6@-~A-nSdEl7&i#AF`Sr=KhMm9QMLy#!1*ni}ofHQp9E^z?cF|Oo+#qMLl@* z8<^S`rW>W6puwk0603`cMPB80AFo8RrSXzo9E>Nt;#X+D>L-+#(%T4G1HOCQQ?Sc9 z9qG6;FNPiXAr-53pStBf`yFPM?>p`Pdk-+3Cl!SW?uhCz$wkn|>Uqm z^N-Ss7xLTH7thC2R2SQJZ%QW;C!cL&*{GbP&=q*!=LX*Kpd-13O z_p+hv+B4!6Kzw^queR-g(p`vm_&zvU3I%L-0(IuBBhcvKDz+7kKeA2JK=TqoQP*I^ z8>yYvcI3|Yg|00)wC`@d>`fG6^c2#{+NpQKB+jA8+IJo0iU5Y2tqzd@vZvh7)m9hA z1C!>>)WVS88;sT2eunQ(4Z80$2~RgpsHx~n{a+Z;#MBf(+efh{GIyU{!X|~2@tnB^ zb^t35bSV4e@=NmruoZV?-vi+BOeq!=`7T%zy6F`~)4_>TuuBty(!3hZ(0w2h9a0{;(FD-3?)MeG8ZD|BB8vey&`m-dZE9*xSUovkUT7e=2CT`(r0 zwqZ${Ic?@(2~|-dz>%W;C{VO;)nZCEPde^W-0$OhX2YI{+QXJG>}z}XyP1uMOxY7@dO&fgjn=)jp@u6Xx)&a_s)Ha2)I_)CyA`F*F4*sCIdh^+A(7$&1 z2FK^uI*LbEuec28vpv=}Y3erTueiWz$G6rwm@=P$xXf=@um14*5R*uyBo_099Fc_6 z%pr@&BZ@pwscuNe!Nx?ul^3sW&n|)10wyL86{Cv{!xfKvp1=o_>Lk4RC!LTJc7PCI zAh%|5CvIBr;*QPNGVDu3F)mNg8LHYO6x6RDdKWXs7J!x!wd!o+xy!ur6!0KIr_9mHA52_-axarf5*YbGx_w>Q zXrr-YCM0tnW)tG1b*!a#-_IqNy4PZvTtQLKlh#m`nynz!0eF0NS~c%o4zaeDWd5#) zsh8P^h4y|8dJ2Qg)Un=xVJrwx#;-$$ET+GoCs;PFISN675T+691J;xg>2aC(bLdY4 zUIN~jiAy+z%X#}Ss?371SROzp!|$PY()b{b+U*5vO%uQ`>o{Nqer~}~ zU*V5;Keur1^FuYmkY~=^*6#!YU6rQLp!n$TQn5Y$L^seHVaD}TlLn$+3V}&s{k?jT zOVS}!E0}U~t)1j;jI+}0iwH}D&%tG7su>0Yh_(mr`IvG>tW1Ny$omP1CSIg( zqI*V{V4TsSf5<9pzt0eF^@A3e%_?`So#RiHZHz2u&VY;dzVLNB#j@qXWKyQ)F#Q;8!KiT@>S^@BXLn&CE7q^g zKU2k$<(V?3Dd~|uKt*elyq3i!f70V=J~&O(t`Fn;bBy%SSDo7R>!i=rG@s4-gzV%$E(wli0ia6T>`$p zhSnZVWOaVeOwZ(eeNq85OuMeA7K4}fcziFcO^}^*HLkL%O!KlW_L@OO$>L@7HJ61> z`ON^XV!uwRE+RQIx4;yY+6IQQa`EGRrj!W_Dxe7&4VN#h=}nN1?fgV}a}BXL%34d1 zzIWUVE%Y1I2yWd15V%BFp<@EEX~cHTD5T5EqtMmkKe9h-958=A7NlSE#&~`h?yD`> z#&fcH$Z7TA>;(6*?dP8t8?-<&-Z{eahv*vBxC<==8@2HZYpvJ;Zbu@ASDdq&TF78Y z^jpO{sN5D*rix7IiIG`_Ztocv7g9 z5NJ~z828p5@H-g$aMkiE?x`oSr3+=CIEpIn6ZBqFn=^puQASBye21xWH_9 zi}W9#MUin~V{Z~C$TT|jk-7^@Ddwlni=!15q#jw2zB4v5Un#G+Xa7Lg$V{-EIkj7q zLzOXP6^rLg_rTFdBed9yWO!$Ja5~D#>5x1cu3W{cGdlEdECjQhsr%oy>wBZeB=#9P z_Eal9fSiIZ9;)nRYRDuw8QR4FhH-Q!$Rt=zx~#=+LxVB@+>0_R=^AOIea&<)_rl%9hfqTqFp)hyIvU3@{hXHaaMt?|hO9)#5cgyg?Sm91hHRo;|RVJPl{)8$ctS*`&4B#sAP&7 zdr*}=f7N4ZyNJ>(Gq=h!13?yaRL#ko|3}eVj#8)rZR&H7e|hi$*yOZDaY>hCDfvF(cYhA@Zxyii>(y`p0ACq~sbCDOOTaER%F% z|6E(0zI7%%_|;x1jD)4!LK+Baun;};V+4h<(k4pqgs`Rr7(wCGdaH3vp6_aGP#=Ph zabOwPOoIN8Uc@rL?t1kViFaR8_-*|Tl}txZGTc6LS9i$lVd7(%P79Mh-I?JZVy zUvgW5rvNm%FwjmCHlIflw~s!%vX%SrG0i;wbSRlF%_!iW|d z6{Vl@sV1_BbTe%O0gVUT0Ejv%!R@`|mT}HpT2u`A3Y3A#B=>}@M8e87-F{B*i)JSn zTVxg0kO)*7=kABuK>2ID_^@nLcCC`#QG9Z|U7sHV%*5vFUsCJJK;E;BR}u~?k!qsL zVX?wJQ4o?&$K~y#%UUa8Sf<-*KLcAzxy)I50wIT(V?1ACv^yNLP~^jJ!&vn#p-MNJmZM zb|7)n8VFPWc;YyDUFiNZCPhoOUBvt^n8N38gZqnk_>Z8B{|$Zk7j7{$lMJwd{LsR4 zKC=34{><3;h{h3(T6#wDBI@SWM9au+Jn#%l%r{IAjaWl$3sUPh)-;7G>DtPd1CtcV z!2n280MSIwev%Bio}`>DR@I9RmzJ$7teZ}wrm#oXDB9jo?Ynr|CBB8g|H$~?As~Mf z{XZ|1|Ao<@VW4GT`L8ZF{{ph{&*A=~1qklH3ir?6AO9lmfA#*jw~v${{%fuS3=RN* z^RHt6lj+C52%W6dXLG>%msUwtT++P3(qvx?fsZepcnQRk&OXe!kxgMv%#Q=dVa2YiJucg4B`$tbi|4Y>w>VnAn>@FIsv&cHq~4MCQtIHBiI+S&_vpdKa779fn_Yp` zf}<*fqe6h}!w-h92YgR$P;);d?T2ImjpD6viZOdw)_OF8>jkKmOO~sq%v2)4$3y5pREBqNf`MHM zVRD|4s-Cv$fQ5Y{zI)S>zDf)__;Mr(U8|?2&9o-UsRJZj0jC(UfBgx}p+@IHD^lIp8>Tlf8T&up(73-J!euNJ$ZEgt?IEfs)&w zNkXt-E1qdulzSzfr~x(LH5o8P0f~G;&VyuTAN&a82Wsly)Pq?pUS4~n?0Oy(vzw>N zJ3%~bv30t|LxtZ{_SC)NNn%I~$-iXiMXx+ETzZKLB5(frxkgQWfn@U+B}V_3u1uJybEUJaTKG-R@w(Gwk7XKnIq$3-;n^KhHmBzIt(Bp!EHRlB_;Lbe9Gaox6#@O z9y5Df&fC{Xdn75pGUST-^Qn`4VdiqraxOon@iIiYR% z#Wl)zlZL0-qeYy-hKA_lkK(@i>_W?ZNhgs#Xoes_Lb*&S7jl{u6TKK}#glXCD(%{! zmbJxX5feo^2~XLZ zqm-AC@K`Voed%5(mkVqQoo_c^Z!34~N{F0~cGY^Vb|Fv<4m?0Mzm0wjQUZBLSuayr zPXKp*IfC*ZJRSWf%I$xIOJe@3Tlnud$$xPN|DWO{2{=E{|F@sizp;eP-Tv#`^j`sz z|04Cj=)?bnPu$m8t#?e_K7*cP&x*SZk@{2?Me;M?!L zLrvG*nk<7Xx{vK(+Tdk`r*FhM^wQN;|6=+PSw6v9Z&_$qZ&`J|Eot<6pW@)*jRMXv#7UI_Y0b^{rc^Rgvk>sLZl-;YO3c{9ZdU5V$bhnE}CqWzlyY@9H?m6S#=_P z`U(AV>V1Qp!I@QSNNo$baU!y{868&g>$dJ8H!l(3N+>Kkke36 zXpG8G<`+2afd~ZiX(-;XpsFytwLu6Tx0OB@q^8yVwNOaDA$`QZ|C@yz^xy8Rt83?O zsBdUytgHLKTnhiiu=wW({TE+QnKU&3z=s(Cz(3Y+|1rux;Jb!)?oMX5HZ)A^f0wg{ z|J|S%^n!B39&umoz77Y52(XPOl!c1`5y2f|6NyLOfr|{nNAxnIFn4do0075+hHda9 zw&N8~;a7hYV*N_^jDX=R!{V&FXm!?UJ{XKSAa&U)j$UxuD3sV-w7(#>xoRz2S9|;M zb$NNV0~f8|s_AX%_?i5Cn3?4J`L|Ek>ISB&-W@hZI4xSf8uA^5<4>I669De%Z_tQ- zWJP_-1NO>19;NsCWyLG4x4( za-tz>pYAXQ35E;}iKc^|?kjN?w7XlkI-{PuU16?&BHs`lDR$|YQa5BDP!I!m7zzns zWuvM=%n)=z-L!*TPcAJ|+RGw#4z{Ry3IwZ>Mo^af7*~)}_AE`Dm^3f;UGFZV7z@hB zL5Fm#$v>~_9$}ORl|g?3Gh?Y--U&lE8Js94+E)WCBi!LGOrZ8W>1MC=BmJ%k^E*)c zBi9fi==LlLyzqij>y6=cz@D_g87>G+I5Ytns2~c^`dw?2;dLaCS#M!JeaJ0|25Ssl z1wXUAcm{3vyR29~YxLJJfOk7qw=QvA=sGM(!Sb5m+cUOCmKDr!G~vu|i)O(fw)hHw z8{_Y-46rD8M_31bfT_juXpqP2Xpq;(o9nKUOu^^Y$6Vw-X`8cMw`T_}nm3kL1Fhhe zjtF|!q*gyxeV*yL`0LbPb%pA{_kQ37Licn9#ddWCxiTc#CI9lKViZol@aB7yLXWgDOhq^f7bAS&ra*$0HI(qj>nj*70K3y`o*TLp|)_LD*& zPU_PND7yq}lb9iXmq3*F^#pB0{2-PO{4fj1Hkg)z+8WHvzi_Y$?ToCk^fb>juqjSL zU2=Lt4Rt1WMR#T8qOEbQa{X%W+aB7Mp7mVyT>F6V2=AKQmYoG(1z!t=c&Gosct!}| z9XDB%4&WX3N%_JS_zCjfEcujOn`zJl@ecR``Va}=9pgPpy_J#M=7q}B)hQlj8~TL&P=2-q`QrS*{@@nS)$8f&W-oxlV{~LsShI~WXM?^I$PR4W zG0;t)3t7^JEIf)Km$hMGdjNkW?RIy9+Tku3DBT)od-yP+9}#;UUbFUM`d}=kRkR6s zZrA_qbvSR5+c*{getx$h2e-5-leV#@3J)&2byHi@U;05A-HwAF_>=HO+f_(K`gjUd>ACHTV`^eqkXK57UatxK`^2in^*ZeXR>my{Cx5?mg% zeIz<^3wsI^x(B{9bmx6dcY+hTrAT-nlzt#je^};zGT`5JAim(p6$O8og1Yep`5^AT zS%ZAg1%If5zW-+K3eklq_(K--Z42?`4e>=Dqyv+SMX5+wi|OA4Q7NWJ1T;cu#|=bA zXvYXtLTJZn#?_01z>eh4MP#Q6q643|K(n{!ImzQCyP66o`p(EvhxhIP=R12d0si(C zXG`!*>gBnsPV9-CJ9OLoJHqySCA2iE=(6Ef=Qy>slcF)7!buDslXbGo%T_HXH2wSm zrgTQ%B7IWV)8OVozP@>F;|@tjMSc7E5L7%ga}7xLX{fEWAo?*r$7j z&JZuzK2>*k>vj_<#h#AavMj2pyX%(z$bEGsJ?(&Z-k4Goe8!_z0Jay+vL0|ZklT@n zN5StU+T(*n1S)IHL% zL~YzP7}Obz9zoHNs5ybaJFT0GP#IaDV6;q(QzI?;%n#?yWl66;Ib0m za>&jA!^#}SE>`Scjyl|y(i9U24%jKRfEWNK{wX>C2?QtDtb0HVuoK|<27#zQ;{7pu zk~=~-*)GSg+k;zgVD4A|t9~>oZkSt=(I1drZ~i?AJRjuU60cS~y$M`^(>jPHCWLZR zA|>!+IUck;4_?71AcbHTqN>QnYftuhkIm5dl(T_UfNo*CV=%Q{ctJ>6L5kG94`goC zUUyzI)X{Emrtk)J*t=BQ@&cjbTN1FM7igBxQjTG%WA?rE;;E~-di4<3p-QcK z0@dwI{tu|!K9p6(Ktsx;4^ltKVm~$}95=^>CV4z)`AzzvXnrlw?ji9n(SdiANuWi0 z^nSzJBz)Mr;k`OQ+=F+kWUKbq5d`Y4@mZ+mOcjGHzJhw&3Uo zybv>7du@OmJCHkYeGjy5+c5frAN1Te{wH1VK3rZq;4@NjFGKo6Uf?}DUSvHC1(OCb zskVYWu|>JtzPy#Uu9`Rgs9i6^K=B7RLS~|%Fx_9jro6_yFjP|LW=acQ8j|(=UBdBh zQw0ikZU+1&bk{>QtosH-u(Xl*S|8_&QW;#Hzq}5lPhpC4l$U>^%E_CuPBsn7PEp$u zaVR4%l>uvcGHH@9X4;9|*{I5!6KOWqzA0Qmcr_c`GmKlj!O;%7%3JXHPLrgRQ#FU~ zB-LBJo18=S=#NGs;{rRh*yBuZa`BvV1%(}q89IAVcM>-0iC%hLnR6d;aK_C0`O$T= z8PaX^zt@F=6XqB1(kiu25aDb{r&6B^wwkE>#~w8D?6ybN0KNC-NMxcDQQSv2qQK zX&H}8si}l-q%`3{&6bX8oEuEXUIk*3&`eCnI!@frr?BXlEFtz|Or)0{OEHQV1q2Y) zz+M$U@Z zaAeHDDqjJGIC#%C%o6g~Rq9MJ(f2J7u$Sn}mU0`0y@;>cNK*&6LcI*EKlV;2pEow` zl^1AetLO1oEv{E55(}u0Wkjp@ZI#!`qi-QxkC;3N;VUA`k8{y7_fI{YkIGZ{^vZAj zap(*ZcCD3)Z*jcXLfMt-{N|@drYVa+QTuTZwo%s1GX(R3K@Ch9%;PM%Zz?0&qzGGC zq?-NKw8&8dV`yRa|7GA_0iO$kaz)s9XCOR^$}&CN+;*73qKoaNgLQ2!8|ERmC)4zu= zUY+aV`D<7T{a!&1?UW3>z32j87#UnZ5gR3++5^U-q$CwwjAyFK%^qKwrp<8!T7i8s zPa?JUS$pxYaJ|UF1FrMHqN=3qEoglO3n@z+U~UM=Yb(6w;}}cJwfDjcA5em(O!0Rl z2>SQRmQQ`3mcJ1!|HFLz4?f{0+>TAAf z6-=C2mhmXoiX~;GEgKV3JiWVh%RVF%mRRpR80v*>1uv;wLs%G|izmUQyuE~W6?Bjy- zC`=`}f;nSt*<6aVYC&c@Z+jFI~ zRP^T~7nr}Zta;oesn^!-Q1zkI5-QBRzLn0jEVgX&DYHZbg3x%f#-2WNy3wm}MlUU#CE7iSsc&^W6zN_t zeh|L63a?zYOid{NqJG9%?0M6-q|#;!aAq+A1ef45(94Isn} zAzTt2%l&uJHuw=JM5i_7Ft3q*d^$?JwbnawxL1U{OrgACAmoE#}fvPSti2V zR9me?ckNISrBz7{UwIHP%T}>Y_dJ+l2iz-D&3=aJV%(aoVt-p(MX160c^hz;3ooS^ zWf)on#`LJdq`~(jwrQkVM3KHgN*uVYNrH1d?Q8KW&@#*pv*xJB?nWQiU)Fqp9_=%# zrfFnii9qVh$rgfnm4p0;C?}LJc*8+lTou1$^C?-LGR+<}Es`BMSECnYyUcPK?7OH1 ztu!*2XoO4(GoJ~iJ@Ygm&xUWK?*_1DgOErDpv0sOL@Q2$L)NI8i{EQbywfF_x**7GRqmqNk0 zL{o~j?h}~D##+*9WW`!B=Rlwok$)KwTzBA5-`(-tzUr@NUG-tp?DnesV`NBy7`uok5*Xwgg@L3&>hMDw&A>Pee=(Z8bm zo88C6UXf{3I$_m0Aj1-^TXX6NvA+Tk(*rTl1GO!#s@*}_<4eklJQ|CD7ZuQg2WUrg{4LA+9pz*D&*M=rDLwWQ%=QW10+}5_(i!O+L)8kUvrk@H9$L3utv$h>ly0`% ztj=Q<9}wb&B3yM4i{8Vo{c7c#Q@PHiqwWdm!GnDlwwBgxX0ba_71WN<5|Ypy-=Xsu zHC5JKJ3fQ>AuSi_!(gZpz*<9{*3EqKFHUQDmq4c4w0KP7563)vd-U~-v@D%&D+c*< zZzP-9yMlG=45_Qcntl%?4Q%h<8d8|)pp2ZK-o-$KhNbVN_gJSmj_2`I8l2H zS*;^%&LAlF${GLfR45oS2Ow~_ARwI>>@uTDR5xtAF0p;329G9c$wss=RdQAXIg<1j35O%{}+hdpP zuCc~|gjnstOMhAfK(4Ay90!tNf(?x}A{E%Agm47picLp)|4jd~pLoAP;U*miHbPgy}yoyYjbd|SnM?!~RlFIQr&j&*T zo?>tu4)qhp-eW00oJ0H(G1$Ra@>btS(Rf^tybo-oO26YAV*p@@K5ak`@xa>6opacb zUaU_hQh8*gggUK-gPsBj26W@DRS_6U3a`j=(3y%JcEV7EHywO09{;vORH98(fi&RU z?QQ^Mkr9D<jK)D^yYrsFZ(f1!l<#3Cu~0g2P7 zt%&dt7zYxtQahAdb(nVd;LTtRlP<>5lK$pa15M;mCWqVm5k7=O5Ej89Y}Z-L!4DZO zlsxT-Sj0)}9zLRlJ;A&ak_g1&bQzU}F&mZ$O^h+Lbh{n`u)~VYjM{n@plTDpfm)C> zJ+EwtHpi)e2DjI)ap-R(0wNh`=*OI+{fI*b`q@0c75CTIG12rD?-V5;Vp922I@Do3 z{$Z+nD4__|y$5t}!~j(gSOs7}x`QMr!_B8~(`kj#666;Wy1kfq!8=4?-r1uOwaPTQ zu8{xCI&+k9U6idep%~`r`P@72KoMgQSstR z;OWD&x{zD-Ij9CLV(|-j3%S72zN@$rq@TXj2)=yEuN-V3As?piK%mRzbt?6xr~Azs z;+eR-klSHZh86-REtm{!Zl`{xp{24FF=OK0SE8BL<{>CD_uGDNHXaLtug84%rgAM^ zekFHf*~{!Svr|(<6R7OB)q}Jvjyx7vHTolm=_9)!n5qt<*qF{G8x&GBmXKm5^NwrD z4@x(R?w}XxeLvM7(a8}k2QGAZDWKpn8F9&hAFd1%3hw2N-q!NQ*hK?@q_G63N ziBQx-xy{ln&gsLxn5c?6@xRb0V+o5T7%BZ6*LR!*A`SFVW}=@s$W0xZlzu(~6#w$Z zmSThyD`iONp6l90`IL~&0GL503mK4=#odR0rQi2scnsssta|GLqvf3a*veZNYhf(f z|Kt;hUpXzX1x>Vz=&5(`a{@ZJU5Wd3_iHjWCC?K!+mOgz<3@)ydvSb-3_y~VPQ(JP z(_7|6-KMV$ulKA4yvkebk;sr%wORWNk|`m7&uKQg1W)7UYVU zmo<#ODGHc{zc>>#k_n)FjKUz1uvUm5Ep;C(dvC}s9cl@fOt*V3a3Y#sFUItF=rS_J z#k_aR>JLPWA7n*FCjws1EO%g^DBJ{VY+eV6>__7Z5lTUbdm3ummJAWP>NBu zpl>daOzI$Nr!=vUiRB(##88BT&;2Oj#WZHP+MSUdwaveQmr$GfyfzG|Ils^yD1VvW ztY+bv#E!H#VHi>U(eJ{>FhYMsbQ?5fufw-YBHlN`FOUOlgO04D@1)9z_F?KY@__d>)J=<#2Z%}7f_?<-p=I7uO_lNdX03P@ufrJcJ9Pmv$macEC z28o{em^{(9y*koYU2gBjvenDA3hG4p^4;w>jKjmDwhMa^2dbG0Lw&BHs79A+7=w@!&?R&3uD}sZIl(0H>P1O=Y{sp2d+rSuSqX`>xIS12!jH$hG$z@Fya>8OvVKiK=tK|#o4sg_#meI2!r>ywRujtSr z6Hsb=k`8S=v5xiY5X1KQjfCIL0i{wM@7uW#FfNsX@`lEn$@5H-n~S0XiGc*Dh|1lX zaV*l;BhL82;7c?qE0;jWlrts@y3k_?-5$`)gpbg#)n;mT<`;i-5C2G~kM^@j1`&P|l==Yt72*6rjT z4OEBx3UW(7W&Z(ii+z?PZMmi!@lGm&)l4zljdZd6P5(DCnq$jSnj2=YJh=DFv0m6P z+z3Wkp?vt>fg1C$FYW{1c-?hkE7K}tfMO%^PWkjA0Xf7$-tL^RC&RZgQ*2PdNKPA) z_Uf+rDB#S(TF-w%Ol&!aDS{Miu@>!+G9DloI;M;!-Qd}%;GDVp%Z&1DOgnTomqacT z&rA%&T>zS2w4LZw@D!uCg3BOMmc5Bd)+md`xxr|e5LO>M;@;~^Ysb4nI9xQg!)_Jb zuKz>@;CfaqONtkR;$~b{MIV~1`w?U|4TmHSU+%u7WXI56g?HA8z>h-*=z{~sh8-lHz zbCN3L7iDBS+NfA$9@-$f5n-zcA9LCXLCjNirZ3Y(eGzt!84>@QR5Znw)y6fWIFfo} z_h;v{ML~Wnqs2{25?y2~aO~G12(9=aUUs~w7bjBfx*rMPS6|{_Ilz}Ps~L^H(#R>C zd33yGGzkS9$3ny(BTMWD5t3G*aT*lbS2UIc+fG8a9@-Nx-m`}YF*=!|j~S>w zJt#Tq_JUmy5q$QO^snZtNV4;hWZP5crK`fV#Vv}%s%-9k&-9MYYQ07#Z4&sZTTU4g zf&OtfRDQfK3`D|$_<-O6I;hYzhdro&#C8i`7jrK&dT^=76`j~t>^aKLf`sj z3;H8bFmSELFaw)qKa@r_elf>%HVzPcObI!5_K>;#8PH`!2*qp_Sz?)2w%5A?<&=+0 zK|NhnlUUajEt7A9ki6vJLQBN?wZBVgx#|)PeO@Lr)>~o3lS&)8GeC2%Ytesyx~o&Z zifS2n2-~>M2aoSEt=CofqQyrxoPV_-DkGl2rggX}2NeRfAqUj)gJ#*cknPgz57HO; z=D{@iClC0^-0EEG?;8W>#gQ9?d$H|$<9QVv5FKUhpH;P}dhTYHY6q|VM)RFzaoOrE z_M*rddYp@cefq4(`zYI z@*lZJx*MYxkw=)(hyC2>{KTFoA`~>Qbu<3F5yw*|!^0Ke(_7M#_4TxY&F6OZl#uwC z(5{>hg^#EQt-Va}wVbvt;gyx!LAm?&gZjtDu&K@bWjkI7!9W+aWlJzisWU=&l2T{R za6tx)=?*JVb^FjTe8Wk(S~c#G-xUQl`cWsEag;nQTK>xVaS|R-Tdk9h80H`r*?;G!lMc9?jhF?D%7%B9 zkrf(P1EQtyF~0?}{7#QvQe;)Csjpms!B)GD+ItG-@Ux8s#gbXqZnywC<{GQAwqGwn zoI;GiqT+8?!_^U9mQh7$JapdY0`lV2cnYtkx`wUs=@6xqF9M^zSuTr4dya`r_f63lg zf7lFoKDwFc8c7Thqlo>D%kJD&SDK4VUNhtp@NcIzh_~JOaAQ(|PIkEijN$LenhvH! zDEI^v`uvVRK@|BYJ8sHz@w~J5&{6L{8yW*$(Ob|&5@YyDT#a%XAvafUO80gr;IM_& zf7$V1DJ8CzH$v*%<<4KytkT(sL!$w@s-y+Av{Tw-HXE(@oOy6Fe}t!BNV~fiXvLMn zFZcb@lN~2u2|cRWpjgk0JKChM1|q25b+ge(M99m1tzcnPy<@RTSahay0~ufrUJc=PahJxij>tym5qlCn8pM)bOb zy}QO4PI}O12j@!x7DT@wOv4{bpI2HUCUZzlZ)Sdv?$Hr+CMh) z$hU+wL@X=@hj+T}+leq6+^WKxyTt7* zYAAn+Yg&AGXt%B|dKP@qPdT8>`C_Z7hO zMseII1(KJw8dD(6vKITG2DNe0DS4uVP`gW;6j0shNv?*$KnX5=6zQj%b%mbMt{+Yg z74~U;m{<=3akaR@Xf9B*(`9@-zd#IXTPSXQ(Q0*V# zSj^b_rv-B$RH^JOZkM|!pnfy{=4EJqmfQb0=Z+fBigL0_-Q~Y97mF8CvWohiMvjLA{o>v;@ErX*4{)e%zkHT7r+7|$R5 ze15ZDitZS-_stAW?PdZXeWbso`irx~q++<5Q$PeLYJkekZ|P?>9WBXNV6moo{*xFb zFLVz-w?0e3!mpmhKR%Hq6@`80D)JA^KKQgkZ{KrFyKuurO%y-J{y3VZ$=rOGZb?*} zLRc# zSuDY$AHX7-=gfBEQhhKk)cVU|7gaK9Q@rj@?Vaa7%h$K^-^@~aZrj$od*Stmk6Z2= zFU$raXLBn`z?m^f-Q)6AlXn&*c+`6=sGd1_54zsyhrh39JTA;}NfNnQJOMSoQ1#z*VhQ}X{VEbY zf;V*}JgrR@=ton+e0&oq)4lTXEW>`#Rr)}QeU}d0!k1K0h}(G1__nx$eA{~94F zG+mW|O>j|J%}tl*_Mt&JQ&tTh{tgPYn!`Cfo|YkemLQC`J^5Ao`uNKL_PB|i%ZCRMRMIQSJDNDSeayz`)4 zHcmuQDU)Us+p)3Dw9;Vf_Vb0e*V&tn|SEBkR3QSvGTX*WIcf%z#G0uiDgSeIJs+%A){SRczEVay;n|}6nd&h*iLGqI8$`5 ze#&GL%Z$PsaAHF3Us5_D^FymYsG{G2OE8_cPoFyq;^nLKbDi)iK8>GB;oFN%cHO1W z7i%GeqdkbvN=ER_suJK1as+`|#7KT-L;O_8q2tc`y0Ka-P?#9T!IXUMJQi+`4QPrB zzTrU}6gPo0lX;`p&G!PCMOAnr9lT4BsTu6(KM6pa%3_KMw=gWK2-fp9dg8ROjfaLegxE&E+`9G0 zY`Bmre652uZ+&hY+=I3QPP69Cu;lY5OY~?(@$rH9r^(#SDqVZC7fqo+Tr3CWVp@aalA4QHm&Z^UFFb}bD z$R$>S_#$aQ!xhFeE zw^trYQ?KIWqEOLD4fm30h8T40{006=isD;Byub# zv1y&N&-9KJXvboVjOzr)&g)=X%pWPC=in8~eUr!HDB~x=(h!j>{p7Xo!EC-;%-d8`i zpaq-L^Ne?Xibr-3?SpBX=qlG;9g6xKQoc}@PPj6KZV=e@oMemZxtmno6N#r@E}-0> z{^eHcGGwD_uG+S2gGH6Vhe6>u6P=^?tn~Sb2icN~9jFIyPH{2bA3V?Q0uZzPA-gLb zIhv=b#bit{(F$O5(4%TLdJHEf?={ZvV04Gfy8p^S07H$YmQnLCve6Jurv{pUZlBq$;3OmF-7yE z+}9F1+X-ad5KIy@_X_OE!N`~nN%|~a@DC;Bhd1;r1eI$C%=KAd@FaXzfosB!@^Wq% zgZM%z8uthW!isJMkGVn_@?$6M9M(TJDMNm_vh9DP)-b*iDP;fDr2G$vyMNKG{BO{A zPzMJG`ak^ZxIiJC_+IIOFn;F0Ys#LmWM8hq=;OR61Jz1q8MkFY8jUwkAyB6 zpMZ{prl9VDPA^xUMJ33H=pV%yzwKw`Yx-P84l zUNUSS0Ni~wt6kTRiIE+VjgA4M7?B*8j*5wirHu7%dH|4DEB@2r2UjrNV|vAbwfL@^@_rvZi-c8}DAJ^@D6M zBG>Xwhi8$d+K%tWp|<=@qDnZ;f<8q&fbfhg>6DeBs5u(97R8&VOm`eQectM;IY(zyc zkA&taNL4dZ3kZNBkb~kwiLb;5H!)ynP-hXxmV5!Pkc89@G}WD8y9;7}&`)KnpGl(- zgl>c##r$%3M9Z_ffkPCEm+-Q7h5je|IQyCak1rjB8k$}!7t#csD4N-Cm8xTO>YZ{J zFfuheY8e)*<{D~J0JU9Y?l?s;ZTIswVz1Aj)$`T#C9;!4VlLo*Wd1DRsCSviy`;R@ zNGB^W!i_5i&CG9#-qobV5!)jgs84JA85q0h8QJTbo`Uz~)tCs{k1Rzb&aJ|qMz zKiNo>GD}i&b0M86I6+x7QEmykL{mImBfWLMA6bLkV)rJMk1KdFlfFinC~{3J@sNW) zGa;&B^qg!&V_CW`Jfc-XspuA%2}w_?Pul+NaD(#(KmTUYKeUlUHQa*jS@}5fM0d2g z1|P@4%&EwHnc0266Cl98V-s~NHhTNPBWqcrg}+XuwB2=TrF_FyXVMzoz08WY5)>SA zwO0YNtP-wNOYA8_dixxjEDIM-=)|$8>y{UOje=llHElD*B&ZEy72+O^;-k9(K$9FN z5wzN23}gvqqs)9U@x7C?!|n}b;M!=c%(D29RZ8$<>(ALR%Ia!Uo+$kM#CqoubNk?5ukwYB z9>1sB*f`=T`sj>XRbYZ?CAYF%j_g@$q1N6~9I3J6#dyZt8SP;LWoBH%@2XpQ89psO zu`dniE4G7-4z=1+ZK2F62}2ZDCqjlrms6u3RW;0Gq$CB{3K&6=Fy7PAo0GopN6e9f zah~vmwm_dFcpEFKo|?g@F`=ybr&_B1Ft;~&xo~dFAY$d#=9=@!-b`vRMP65YKZ^JP zlsx-Atc!|6fB6gWZ?5-WBer4xzfJr-P1eZXTF>$?UHHG2gZ%%K&>F}4*{>NU* zLbxX#zHP6mEO*QEn~&;ITnmz}GQEHT31~^NEgF{C1}xUMDvooEp45Kdul|8ZgN~ zJieOK)rL+fDK}eMX~8a%WY-EK zI2o~5ons>5dOo(&Y@A!$nK*|u>bJ`0_S8y}@sXlnmtRh(DBw=Y5 z8B#pJ-_mDu14{amIybP81uZXU7Yx>6ljm+5s+{e$}Gd46hAHq@+h-cHgoJ3z~t z!{xje}Taug#-qKNUbZ(g`#rS*?IiFZh!fOgQUixkwfQH}=Q!VXR`c~8*X8n$(tYwra_a!qQMre@ z3|C3bVd79vL{5dS$FYOIO~!LF{6mGG90goPbZ~ul(I{rBnU|D9p-A04@l(%o?WHeZGFdq?5_8^OkAmPU?lwnl&D z8ogqBWCHl$gRkz86CQkFCUD&?cmKpIhqkgHTSU+YlKN&)SFc#--QHKqG2`p~WK8>p zLb3{iw;(VuW>X5vA2j?_BsvWTBmlP8PALw|4J(!^EK{0IK)4mF&{6^kS6Eox?(^=D z<;r$*5r6J?>$U+9;+fR}Ts75xgPjo{f!TfIS;O5|HWc3$OCrZuA28$K(vr@OmLC!Qtk)_t5 z!~@h(?2Mx#t_)`xHa>^EasKDhn5*z*oYok}dQ6weuvdd&(JTJ>*tjj*-S~K4(wPL- zP$0d8tYPy^V^=uUW%%QwZPJO8he^chNNt*-=SY-Joe~upt`>!Ax!VGly2F4? z5QKtEd6`ynZc@v(Mcf8>>yGgotPN=b+WGG7;dvm&&bUgcCMk{LDt+bk)bHU`rEx1N zJt!@Qv3h;ch`zm)h`p4MA%{i^Lk&KN;9eU=%N0<`O-d_ZhoI}#{6olP*vkH%9tjmY zd)jI@q$gM=`ad3nI<5~1gPWDEXgoL1V|rzk$sR1}9Gy=l=+usV%oz#?!F z2&aTkiFF9yrH%kFm!&Ane&*aS_mN5hN5gIHYJGzX?{-ws`6LL zk=QNW|G8v5ku2$49e4UL128v8)V7_>X+jv41nUa~fCmfu2k_cFZ#k+&co+&5)oWsK z_BIJ-2KGqMuj^U;ziBri+F%%p0M3WtD0mpnei|Z_VU ze)a~%vZ|4~A_`%&2J>@(Xy8}p3ifRjIrU&+z{{CLetb%3*rizC)q0;bCyKfe=LS{K1Xlkw+1;^iyySV00{--2%G!T zt#-fEG`R9}?ayyt$I-1GH7#%7qEl4P!I@~^lo6WaVtp4YH$-6Qk0|t(+gOXNIgM#UnFQ>i2-4#)_CmNh~jwBUFTUT*OT0G&^4W&6mQ>v|H zDW=plr*NX-U}1SMbeI__9+Q2GQ0!X<4fypMy#WMb7EXTKb^@sX8q_q!7l|4t3o;IM z?G_wQW<#EC;7cK=p*z$vlGW+ZSZG@QLQR#gVQH!&ek9ky!=pvDJ6kXWVmcxc_4^WUPw8TyxL$nOX_xGx)(8H;z|$KlgLXNF5;#!<8Bia1 zs!^(_bG#0{iW$*D1B0@TuKX!=SE<+($pZQ|vOCUxVbbu#`D}{yGp@+L-^hnLoD z!Y{(cpXz5)zj{X2MC-#;_E%K1aw|x!wO_b-+Uz-deSFNVzh(#@(Z)H2!~SrH3LbRI z$ekwnNEuG>>OsQB`2z1CiFJ}U@k9uyuLn{bt*US5K(9!xat=C(c3=){Swih>r?&pm zh7~TVwR@0L+!SQZ1xO>O=TGij7=J68rG9EG(gBu+*(glV(4#v?s&kUjpF@w!3LauK zhkLO_SA>>V5vu>@W9HAAT*+B=hIFD5PGfF-^#=o>921S_CoSaacT-;@#6+WSOkAsw z$cw}OOpG=TEba%ljZq@@>-q^41ES@aRQ@99pL%<7Yg?n{%js|;ps9n~p+3$P0~`kP zO_8OU9vHY^?$$atjF;yi%eaMwbv_(;&UKo0?@?*uHqg+CHlubVo|n*B#FWA3I@lK3 zp6kQc)9;;=R-Z`*uC?7I38>VbG(Q*_UDN;Sl?5+e{VjPHS1U!A7y2LLy2Sr!~GP zK1(~nk}IdCKi%W;&2+1CGvM|XV^x4x)*!%eo85q~qPm51N}>lvzDi=92=14c_u>Ti zNi1ZRB$--?labe;Di;>ptSz~Q(JU_bHj0~InG97F(w<|;1@Fjuu%Z#~`D&hT$gl(9 z77wSBj^oLysROInU09KrEPZ|+t0*s1@@on2gI4Do>NO0MXh?*CP42}?=pobdz6+{I zuSSm53Sde1biH`^9tNvA1I$oCE#?Y6Q{5e*^@17P9RSv&-oy&Dfxb}GkXHm zYHO|@wPaIjn0>|DICNiKF3$~zId5$+Wn^J0yK?!f_u*t=C5H84V&!Pghj&4O8wz&~ zOiuW`3k^Z;L)g>#@#X#1IK^n>Pky`-uR#at|ZJui?l>UA&2 z!Es|w;haLO?fwSjEi8PFzah2>1YEL0!cBDCD0>7sK-I8wW&CMbfD`uU^U!kd0#?hi z4LmB~&_Q`i3@^juwi!*$I3)|GGXned5dC0f(l&3SgfqtfrtNnOm~{R{bpgS)Uuw`G z%JOYmYl;XJri34h?OBASR%I>itdtX(totiEPQF^B}Nt7$m(<#Cr18;;N2!x5t zXb9??SfM5R@D5ED$Y`igS>dh@@}yjO9xV!#LB{7VuXPL(1IRB(Xl_r5BzZ)L-|?i? z9~G=x2d&FM76qfAk(9Nt6mt$x^}kPMOJV-en5T9VOe@nV^xh!Fj9NW|o`^%n7}sgJ zn;pr(WRwS=H-@#jr$~g3f-;kr)M0oh>sy_zIAL0n*oD!^au}m+PqtX1Z?8Y84 z(fRWRfAL!D54~qZN7vy4K64J8Ve{NGY2?Cp6A8BuQi{arnp=uuqp-)tR4#E`d#-t? zIQ0-a^P6cKyPi#B*~$*+Ci0X8-e;$&a3hytrsE4V8pWo=^$F<4 zL{!O|t?SK*eUPHXTHoW&`9#gwQb7;swTnr*3;$4$IZd{{Z=+)i8KlcsZD&e-ykyhH zR2yN{34i}%U<^ZmY)3krB<;Ks*UIour9$vl1Iwn@JxRcShCd@c-u zq1+x_%pvN8J(Tccb2vFRd(YA%q?NK{6#;qXSIyoe_}c6f|MCjXmNsY%=xT1+Z!WsM z@KlaXK8X@8*O<91D^bQ+x_lr{yH(ItSIooqgxfwp)65Mm>*THEjDvEjFfnw3r~?K; zyi-rM(=;e2;e1%ZLxwB6mLaoRfNQ@aHl9Q^7k<(oEWA0X+g2Mwg>!aE!m<9^=T8lPK>l=2VWr$1Pb- z6lSw=8;Yum_x#O~SOvDqF;*|c+b*X9r11t41iR2msTbO?vI=6sk1a9fl*|JUwU>Wm zEl!>VkNQAf&b<|!ElNy8^|XuHdKdTq_~Fpy5e>$TDPdHQiy9N4gKblzNaLo}5CDpE zUdtb`&I+!@i%Xl2-;yo{j^zyNxW9WoON#O#ZT>i24S~bNni8*Nm|Sbir6VIPi-=9$ zDiLK&6j;|>m5x-mL4Y~+1Vv(osL}MsCdYIsT35-#1r|MNOhp)_oDPE#Ee*EFu*yCq zmh6o`Rnk9y2W8xo%o!b~<;`%nrhv}Lndq0TXcYF^HDTy}(acWIqjDB9ar=F`;K{`M zIo1hM91&9}xNAL5mR>#f}shA2(c% z`em>cj#Ke0EycgG^Aogcw)mx;{^(3&ObLHjl%Wr>YUTd8FrNa@5U@xj35i!eLJ+9x zz~eAOPXeBlc^?KbEV7ybu2l$ZByGA7M3se;J$*d;xL|$Qvunwu?J~qrM&r>nfv=Kr zDz_CiO6}odxF6hw?o0@z9+M~&=GX%aVBt7kxAE4;DD)^8F=V)+fjie7#us#51VC>< zSjMrGi;Mbw+>I$UPjto9BwRJi4Wp8yUx1uA3Sz~K1q|Ens9i9BgL#{{NZDuxn!%D& zUUYqfMBUNX!)%6ZF1BkNI|jO0m)x_{?dTqo;)<|9z_Pj4Gm4JstPLH@NrX$U3H=o= z4m6Dg)Fe8EbZ)0|OYfF6zcfbxsw-Iz#Kl3`(ZebA?@{t@vhjg2 zlhnY=TZ)Xc*=G4zi{s>kKEzK}KlIChgU7-{V@+HeakDDZ`Bq=K>_I*Qt0>>Fw2$BE zD>wcbm!RS2*6w&tNYrC-w2$98?LVgX-kp84EWVQwzTf8aH&V5KWj;pMj`nW0Hs9&n zze-71DXp2W@xgm7sX|{0>f7!YaS=}oU`i;iwvy&2#)8%*i!4qrTr$+fmvvp8k6Qmm z44^GHnamt3FNVq@8YUN>slLLOBWK+wtYvI0r%w7!0LHXXuvNA25LcdP2fgn+v|1H& zHZ*au5wbRw@pe_VP_!_Vn{$}7cLsQ$B(F>82^H7gOS=svP92^*2+HEYLV%x*wK=ku z92nJ^0RGP4Uz{et2riq1hE|lm%_lxK7hCE-DBJl_{%74Qg{S_7gK;$($l$ z-L{A=t7JBu9wKBhw9^6}o31Cb-q)Tu#0lc6hM@!h8B{D^bVMy!JiedW#p}+tN$fDC zr{5Vs+lB}vq8iuW>^C)jqZssxi6V)*yRjC`?-cRKTnp(U$6#O!23~u_Boe#L$F7n1xO$ql?ppzZ5BJ5 zWfI&uwTf{uW_n5w?kTN2*}Vm~M?XgQ>cU>=>0B77Wg@mNURQRKIVpROPhR3_I#_mz z;AsrGhj9&{R@?*n`}g1D$!bInEhgcvS+WiTF&S^|(Fs9-n&WN9pkGiH%h6$u=`<*c zp+jjTT*MZS`NSq)-I#(Z9t$~zG2BGO54kS|-Lo4nCo|v+NL-iN(L61zAl5@&NJlRT@)fo(6!BG8?a%+@ z1;ez7k66Al)Q`~r-i!^6Z0(H<^c>A>tpCCX{#MbpSz|%=TB>T6!!tIB20W)vg#tEP z1+|zX9GgZF#-B#Cawrgv%0I^x{(74vd01KHqbCZbQD}d(_;4|S_tK~P^yKnX^~1|c|Amsk(|@5P=xueCq-NPlj z>*G#2x+ulPXD)trW)g+KQv6Sl!@bS|ZE&i0DD=eYmD|1Mo-p=slyZ*PG4>zsdc)rP zjuPS-MiJ5~bot)g=V^$er--9_Qc(ZP?!iG&Rft^)1IfDIjxv_}{=UN2kpmNp5`vMO z<@_1740c8%xO)oEE4{!D?UJMNMxMSXtg91q&$68p*$Gusq*d2PMe;*M1O44xT;ec} zqbMnyxm`oX(;aLK zjT4tPqOk2(K@py=8dy@a^^LGjwgMZ}Ih5a;W%BQ?pbfW#+YNf62(OXOzibYV;K|Em zl_vwD+8eS&9qW>}WTxxb`FqM^oL^XyMd#EoL5k2kUCXGL)1XLD$+;4Mt8!;}xRF*s z!dgZ6HF#D*%Yh}atW*TD4~b43eNE@XgRPi+v!oUTCy8 z^w=6xW=;$O`-AeOt9N0EsmCmef&d(jztj0VCVB5;y z&OJ}GF+e#iO+{lR&)H-F@s~;Jm0m4PX?VjHg^%D3Q;xWWL*v|ek>In99oEHdjzxT1(@(6NVSoFJ=^hUWtrt3 zpAMMNJSounWRQLRQ{C{gBj1nh+apgR{jZLJf2sig&m?+XeJ3+Z!@qFL6Ke9`ZW-SD z+bvVTHPTC-)j`3b`xdT7v?Xt4eClESA_OQYSysxr*fSx{}Iqgy{iwU zWvw)djf>l?{Q^>!NY?{_@ezC(Hb!Xd-qPacbfmS6BG3b_y_LcsNYiLdRI!%{Rja&j zaD?dX8|kce0Gk$11eLt8m({fh@zKEtp2rjzf+Asm_~>y3XvKD?CP4+-tYZgcndfT! zW6wyd;y?oYVSCzw)Gd0D)FQlSWD0059@QAW(Zy>VI?{;2fa9(tGS?AULET>BB-k!i z>$kSgyRDbo%Oz!tyT>Q)AzkGw;%(!@oXoA_=pio27m)7LDSHU7u2<2QJB;`)Aj!!3 z7mmBhi)UD}df8Ca3$jQlAA7ogo77;`Mn1i`a_}A3;&AOv;Lo666w#thO|OrOX;JG1 z!bf(Li9L32Kk(>rip;fRmul{qt(rs{t(}QH9;`0K~5x z8gtN;g$eI!wphV%4FZ)N}k z*@0HvwW$UJ>1FB>rxe#GWY$^kQfdaJp^`IIY`Ft!CLo9~fEIBf{+mYPXKh|A#)Q;Q zDq~`drGV-oigVzfKdYvUZ5s)26Qx2gka2AjXEI53;MK+2AalzO1BXHKUMq_4=1vW5 ze?>J=StsUPh;e|(NLGyGISkQIn-XtgJy$nSaa=X$3ktQFlCvi60xF7l;s3f2&D+ig z_Q$lYN!FVbzY+3MXdC^2n9oG=r)8Sc#HYl}(v!SSkjZS8JTnnF@)lhi3MgSewt!m0 z^Os3oxHZHNgZ(3hrI$E!#c%RPd5W+vwpa+5=IPdnJ5*y+eXPt~YA@RVk~fgO0~$ox z8GYSCED*6*{c+-ajQ*49@V%yPwmtJQvwR*i8(0n;Z*asGeSdfptF~$3ZLRqTb{*i7 zl^xSqU!6}|t4)aO2{F|dk`aCU@#Vaj_ z?q?$%zF2}`vxN}rRUa+{0!^wN_ql(JwMbv{mlw8~RMKRr4a$hSU;#vVQmrh@SE`%v zmhybwk?H-_;A-5QlcrCR*TA1=u340aHLNVw#7{V<^?Adw3%QK4WRMi3FK zSB+d8k>}&DE}}*RFU(pJV;quJ4sKp)oKfLINzM>2+N>t89`;W_gLSKRf@8fo_ZsgT z{#Tx_^YJzQwR{a6T$WN!Ot(zCvN_0`*&8~|ERb7rzX|o%%J34ELoM z0N}XfpN9A*h;BuW?cCk;Xp{_anG5`;`b0q;H9D637CTx)D&w)3WL$k?Y4Q!(Sja#CNzKZPrF{2tT;(jjA(udOm|r` z4q@Q;%rn#p`o?K&X^}g|2>hdNi5EQ#%w6$B?e1)Q;P4^FAeJr}fpgcGyWEt^T>`Di z%-lpG>aDV7sW~DI%>EL>pbh*@0DnOlndsTOk7s`D4`*z$0fxOZwrtKtTH6{r;>bwP zjuHGIS(rn5_)U~{fEFCz2hq4qqU}nTZNkl76LipVyo%!hbrB>+z#0af4#Iw;i)QLJ z=R>_iTZ#lvs4h)E#fpbj)|5h6s<<`Af+15( z`7O3g@s$OQ6Zf{K+6;W0m9tAb_hrf2{e=jVjlEYHWfeQ;NfJelEK`Ef&%S24+0)vp z8;?Nuij+yo_4K-|q}ftSgw@-7O3(>HA7AV3J=xisz0v@uH6--|5c3%kt7g-yjPn^s z_ZgSYXsW)3abXjENj;8;UCD}p1*47+pQYdglOc#hQQ~W^S^NxQt@Dh1QV8yju+3!M zDkBU<;pCHUJttZdu`hM48V*mcFM}+$+Nd)sHMo!K$A22@0tS+}ru=Q^Ip229`5)N1 zm7cwYk-hHUyAS@Ib^ncy+sPH`2LSN#x75FXSSd)`%+aBLH%Q{mumB(;2?*T!0kPME ztS#6;l zw(o7Y>?7D?#anvL0lv^SKIV>^B>4`Sl~q3j#GGl9DHVoaQgIk9cqwr$(C zZQC~P*tTsBhXPr@=leI*_F&`NM%KH`A%20{8_ah zq!B>i(gx00zSI&bcp};rhuYy0`-+?>1H=>t|B7==LK)El@f^||`dfgx$9@}J&r4(~ zjfb6=k+7g#uxy|6BsDbvvF+ve8;%p@Oh_ojxdf|y2KWq5q3_L?LSyCZIVp--g*Nk$ zIoX4|@s$0kpuD7B3Mw2JZCE(DAdX2oxZau3t-rc?hxDDZc+vgn-aDSD-L-M^MnHd> zyxfhi&Oq^N)$&Yl$sgke=3=*shRBW@Awso|5j`Ygw*q%4?2s0mpKzg8w!)ZDq6I~) z$XqX8!wIHTFNal~SrLGy@S@wd(N40;(CCf-cvY-LvYZ~rTzQ6N`pod|b`Ui^+L}+{ z7&$|d1VUKm4eO5CHAx*Df9>DZI&w*>#O8miq;oqmJ)-_gI$ z0iz;P2p}N4e>@l8fAEt3kA?mJA@}{iyyh6yX~#`vl$AV__0*ia1w~01N^rwzVOjkN z`lNXHlEr3R&9+72s7yw|=WbVFV+rl?H--s_PJLjzK9E!oU_5`!)LWp9#sgGFlf7)J zbp=7LAfC?N(_F6^w;reB8qaRZz8g26w}v%*T%}d*%Z_XMFHOg@F)W7{$5og1 z%k@`17YduYlP6y-z%e=OrqkmcB1QyI6}|Q5`ev+TkWASIt2AqwhYq-Z@T zkpC27W0!)3h!}q4ebNMq)L+D81G5MG2ULWBT>i;X2m&H*;$x=}Sq#O*2yF9?{da)CY`=PQrS`Vu8NFG0#M*uU zF6Z5IWJ8Ax9F72WV~wi2{~>J-xecluLRbEUyK7$%P7MYdv_q5osg`Ju%im=DwW4rF z0Q#$sTfO1d1$LG-82N8D$4A7 z+TlTa3TGj!qcB;!Fk~ycEX7$*x<q zR%h38oi%}lHTTsj@m&w%$7)haLzV0>R%`}sUyjqP?1zZ>aAD#F1jf@&Y5yNk4kIT* z84VpvJ3I;LFrsQ;8O;m9Bcm(;XkSv%C2P}=C3#SwMNSrN!*>lnfYa}D?5(i7+ zugB8eD9NNFcU+EG@6qpGUGtZcCRZoatphH1pP)fM!v@+$DRa9H{W{fV^j(;UiAP}r zPik+X5yFk!F=4RHNr?>qr!7|uGL5==?0WdSiB&1#wTk-DdR0lux6Fx7`mnaqBkI?h zmTB&07v~b`Guo#>d+q%WVRH;zt5j6R4Y!v#mB|hGP!uoeki!XMvnz2)Y&IhGL7-hz zYJE(SW)KonZN5n0C1{F9>}6@8%KVdNc+V#0C~fg*^a7tZ>Wz+ZoSPbn_K-?i86-6q zi6j&S$kMYlsY{(9J=(pxqwM`xz1g?>8h3J`lwSX_2THm@@d+_Ptx(KI9GSKL_gz!U zjq>?^AVmOvbX6+2QPsu2J}Bv5V#Ld2$lTa}>55iTnr39<3fcflt`*!DC6*^S5j)Gj zb_l-z4gvHMbg=5Hk{e(~&;$6;VWg{WxfS58Bx>YQ?NtwUR`WIg^s*X=OmnDBa|xiE)R&SRd&?N@4&wA^-Fu{bK|N@euGbBy&)O-h)6rLvS<-4q-Q(5UHnR~h zl`Tz6Dsh~yVTezf)9D*~Pd5^-;=3yOVK&N{;lIqk%C1qBCpt zgNP071cNH#{dA&Ta#54kvrUdyH8yW6KsGW02v%U84rpdRr%=8X4!HQ8LiAkWUMklW zWP{r7hPW1utAiomRDS4?NZ&%1Ug3#io)pc`4wzAe&pRqv{mC^`VLuh_i^s-_B&;LQ zyPw}X*Y!TjnvDY}@FPGd@w&-K zAQ_d=jGob+@$vh2Oz=9jY0@ygzRXUX&-Snnt@Wpf0hMT~%LYx$Pw{A1XXVkA6i-@G=I zVkkQ4KD;&;V=OxJZeLo=u$Z#PF`v}jYhOP$n_@I7tKREcPO+S>Kx053xuFkd*-i>< zRD8f^z4UP*vBTJ5C~uj;<-%?yE^WGKpQZ=zV`z5j>lhelo_%J9csaTY*kZ#m8-AQt z*eOkit?Yf2rXoP?eWa$Mg6w%n;UiY}J+*Pr?E0R9>xYrrb5Y)LRk=2}e9AV@gDG3J zw(~K)3=r3Av8yA%se3y6 zsa1p(d$nt~ocR2Z?c1BqLG-towKq@2zuRrRIh=;04lV?!hN|vU0qia^Qjb~)v!o`N z!a5|l9ze6R&p8(D zL1{Fho5(;rgsb?JTqmxkl8LouZZcg5i0YQ4S~k!8drMt^T>3y^$KvYaB^C`ofkseJ zuSFo+Bb^3Jm+V=d7F^IZoWVf%8%eua5s)h#vC4*IPe^Xo?m8|i?^Cd{YuDcq*Uc+o zSFXC>jhMfJMR=_yWFu8^HVo8KY+g^n8L%a*WwQ5SSWR|ahc9~_6(J_8m%6Cud?Nz$;91!@LsO!H+;8O^X^##MbBr& z!1c3D^Li{|01H*8987? zDz*1oG)9k|`l>29;~=r( zhVkdWC0at*D82J4<6zNR__ot--DtJff}o(WJw{60jBGg)ejxGt5w%@5@$Sy~mVCv+ zEz}40y>I<(lIa<)t%u{K=Vqn<7(souu#yjN@de&N{TP zH{Io&y>23d0cwWk|3UJH=)9R8E~RIK@xep?D1qYzaWRnhR1hrBqvrP4v+l>(2xTQ7 zC4owE#1B4r5ieDp?ItzC7JR*nEHVZ&SWix%5iK9ly~~{d$}G;+E*;}8)20gy6n|VV!N1P!v0zZYmq+ zP;j?TLE@j21j4rbMOW7cjj9cE^UO-z76XR{wN>ERxHdqDE#DgmdKpwCnKAa#gzY{P z1!-?Az&<6s(Y%x9uvSnf*kNwRb*=D&bK?O;780qV&quHY9*=ARdOj%F=V!1=%??(B zYgxtx%eo0{tDVjT5@%$bh&Ti1rJ^{KmoJ4<&=1!$?VW+JtFD7GD-QS3ckQkbvbIB) zs{Ew^xMQtii!ITRcWAz#%sS~aF5e!JEg4yL$sO~Xk~_o)O}`Ay$R3?(4Ema{UimIU z8u(F$hD7NT+gv>RR+Y$e`NQ)O9>|8UoxgAow(xdMKCcgOP)b3aFO91Kaq-bfj;jv} zO1|XZL#pjCB)GfP{2oGs=L6h5kzWeIod5s|5tOozh}hZfh3PQG7^+1F;sqF_59T_a z4MW|_IhQI&?ElEBwsfcB2FKroZu3*Gq0bz-8Kepiw?dhqWcM9W+1AE#5!Y7raQ!x- zMBYbm0Kv;0_i%@~^!DF2`ZsRDI(jvYHDsYRnmp0*Eq6mXD01`?0=!og(BG*iUHFGJ zZeD3~*#+x8%Is?9f_HIKO}vXy7dNeNlp^k1O9=2=jsJ*KT4s7?iPLYKCya^Hg$@8U zrD)s?z0f(8gLV%BMotikkt1|#wx5g;7GAcy`jQkj(3GlkTlJG1yv*EiU*C{e{zO~+ zLLPX`4noZ*gQ$f);ve~oyM=wM-$@swOcpIxfKJ|AGJulo3~^Qvf6qGXpcvgbNpFyx zd>O)fg}^pgOE;EH-dqu)fHPad zN<$3Mqvkaawj$=3Q^-`Ybq&$5iYMVRK7fdyo?Z2zektmABXDQ7B@x1{b%^SN1}pC? z!m?ZAm?r?NRcI4usa?ld=xD~20?4Vr$rRWWzG4)c%8#SS?&$Z2h@l~7EIKU_79C=! zB_A`7KN?g1XnlesulOyR&~|BdbkFdpV%2B9H!g0yYuM1NF&k(dTY82Ye<+5~>}BaQ zSF0SjGuf@uod9TAfJRE>()|>mA6dt6p zLXRmB!)d9wjls3gSdCMv_uG%qjF1cZs-fh>ke-7Ac67)uzrO?a6ZKIX6b@w24v0B} z3>~NoGJ7BYk&!KGueVq>W0nvU-E(r4{5Sq6WOX;3PVVoyhDY7Xkso}{<%S+a(sOIP z>@yyIY5#{am29Wn%;55@lmU-8G3R3_eq0&&?}hPMl;3vBZ0x)f-c!6bPkQ zlw-0K>KbteKqHK8`i@@+y)=^T7;PVe|2B2rkun#W{sy^YTiDpJvS6-!7&Yk3ir}vF zU0~BQnw>=xEE4o3Z*#D!6a!9oFvE@|Oz&Doc zY=^-{itk;}`rT$UKoCMw$LC`)5rE@*h|k%7z}k!d8y1oiwQQaB{JF#k3BzeLGfsrX zI*PDqaq5mz8P*2U_?K8KB>UXvYFmv|8O$pDQKm8=I)>u=vAe46M*GKoyyNq3S__@8 z!}ok-IhmAi;2@29_7KLmy^&BwQJCDodMt`OIrb7+4g=$-Z?CV8tvZsUbEHh53??)r zbDHc&$i|YzB^zYTL30~}&yQ2GNE?JKNFp)P8j!0;rmINdgzj}NCKb|Q;E4FF6V@d5 zM^HsBA;{O|-BlD?>ab5eYW|QE*Av@I^n&OngYqOZVM;;eTcEb*3!IUpgy?XY`7{<& zJ}l{Ndt>+lSG_#*&y|GRx-8#z<*#)vEBWE&{M>RL^*=%ivIX+%NehwDc8K(UWxUTD zF9E-Ceb2>(GZZL;(VZHJF5>cAbNsYU7v=QP=O~CSP0moq+9cmxjU-;AzepN7}eqjlmaVn|Fwe9g(o<*MX>${DWOK|u2 zrv$P6KA6W8CEflsc^0dzJq;Nb6*n~*6(7B;>jlNMz6ZDWw>m$O;7=i29@w3my%r*nN@`CP}lvLcn$8qdQA#vqyos+*L1L*HhTk_g{K%9p748xe&%2V%9OT zoyZ0~GtwQA?)tpD_q{zdWamlW7w$nOre(x)bJcg2I=B*Us@GXv6{qV#E@k63 zZ>A|=*XOyH)*#%ikx6DXE^{JQsVJ6rjUkBA?DT-HB+R7T=-B8L+$eQbH!9lp3FKv% z1e1z1I1_pP`6SfE;fTT2>98>A5=^V;@B^fXN1k=2{2I!JMPJ%+;*SX3BI;e-EjM}? zxfWC6G+6{9wn=|01)jiRY9bk+P}&L+O9=1tB|HeNL0*%>t^XpGG)rZ!hE^q5U^WNw zC*tt4hl#~TJW1DQcyP@G#P7VRd3BzIWgKXtnr$tM>UjLgU`Ld0V`ZJVhm_>{jyV4a z5yUqgRu{sLh$HQIcRb9#y2-PntXbJ;T7lvH7`vYmkBx1urL;lRfNP0ynyeypq66-e zf$iJ_tPpG@;mBY5*wLT>1-;B+*i3yui3CctDE(ezx=6C}+x1C6ZOPu%9?lXEjIj#- zFo3BpBf_UT|I^E{(H1b00GvI4Wi)g{B+M*n@yQCSsy<=3VWKla{<+iGX0TLrqLh6M zIN^Z}`~e+AFrbGl`dtys3YwJ%FX=;gr7z1Hl(dp+2!di$iQkO3TEuNG=CLA7*8jzyG+>TOcJXRC zW|ww%iqb~XoF+G!;p@^UG6sTtryCP~nwzUFvdxw@n+>TLjkY zc%<%g;DlU1D_-`?W|40vyE-o)%v7%bk|O;p%bB%GZeS{6_O?6GuhFB@Hxl_p*k>Wf z{e6SCLeA+xcC!vZqPtV{w1|(yJ3ti&UDvMUrTG=j^^UIGbsWpjF)jACW~A5#k`!0g zLcwvr*_9cGqrj48)7@|Os^ELc5aKd>f9Q?;z8m}`cT1t}H?iC{(+|(|Nz4aMWY<4t z<&7m;YH(zO!GXY2_pmtUgym_eg`R&SHs=S&_?}BgQ68 z&$Io!^Si{2@S{5n0l#K{E&B@G|GMw)bfe)^%xV3*2A2V(>J#rkK#ZWclhg~V8bL*U zbV0#z;M*d)P5!MoJkxE2Lx!1s-igvfP)T{sG=LLzz@E(hS!)3Bm;-4p%ol$Wqv*X zCCCt9ts_1XHkONWQ#}^R9$Lm3J4}p5cAs=IngZDoslT55CMC- zNzD~S8hemA`n`+G*WYqPdU@MD z%#kYC8*eN1c z`f5H$z#~5(o6QU(BJJEL0yuI5B4fQu=J-m^clD#ge`~-2u8{>6sea(cGv2Wb{$m_x zSal8tZ_bSJG*bFB_ux~t-%Lb;^2YujJ(!L$$#({!Zww?%mP(x-;t6tW) zLxyey8mN7AKZIQg8#Wnysu>u+AuGB(1xFa!axs4!CpED#Gmx%>;|0?wd7kmNU9mXE z>lvn&GO?-Q1cjLwmgN|U0|dJ0XTL;b{&)^M+QH)=B+sn4L0G^|G-25OqtUc!re*f^QFC9Ku{owLTeKDaX~Z*Z~Np!Ai<@u9*kSQNzcU{ahJRM6yA#n%ys zIH$4aON#!M7Y+0?>?ZY#L>|OX+N(xBF*&gP6|UZM2bbEh2VDO#S?dt1Ygyv+?ZMZ# z4f?Rh@zLc}(C0}<_BJB~a(u4o6%}jEm88l%Rp+nKqYFSD@-uve30k_OxId# zKlk5+i#oDSP{$mMO@zC*Xi^d_i58oeh&>N-yo9BJ_ydfqu4hUU)20^e4a5k?FK#Lc zlprYE-wdGxt0i&);vZ*t1~8+}7yy4#ZjzNCgRc_lMk0Uli^hgrynq*}92Z_FqkJ{3 zT;$W^3v%tEN06P{ea=58;t87giV|hccD^1K4(CNxs%7oOa5B-2^&{c#1gK^Hl#1y=()GD8dS1ch|vW4+ctahE zs6s5&PBqbkEvnjQNXOZZtn8iax?zslxSHWD9rEuoG@ z<`6OE>1A5zX6{!p@pW@Lef*u09LXur8RJ=w!W_6lN@68EZ{W3Xh%!l?#ed1t&0EOC(`gjA`b zm}d`>qZwrkDDZ11k%^}$4nBQJGmIY?`a*#H088YEB&kf8syxH36;Ejh6Qn2z&7xf` z(5A57p{^FjBjMsA?K#Bf)&-RH4}#P=O6>w!tf$!yB^p!m@5>R}CI}Z2FZWA!9RegQ zJPb?>mUDYuU}6C1&GB@`Tfd*~MD7agHEGiLh&mjuq&FQiV}y7}#mP!9NqI*|d{c`| z8UE!7-CXs~wy@XGJ6Qe8tT%D|6wWF(Yu1sO62#E3hihv$xt@1{s7bU=X=v&HOBB!} z@E7shainFmS$Ch4&ffw57=muVDLShQY}O&-kr5x*NH1mN8%p1fIioAK?2(i99~iYF zCqVI9tL{0ReS{Zt|J2$S>?{EBf(Z@^;;I+r;y^&Vhk$~<4nhLfEh0xciY9BR;0W}E-9fE})+4-R%Wx4-2k8kQ&?5U&TStza-x4Zul$; z!~_tX3cN5Z3M9AxX8mYklR85D$%d*y+Q@?S6~i5HJLa$tAuoR#A#0nYe&(YOz4E4X zwP9W~Xmm+d#J)&=hO6pt9~Xl+*TPx48tTB%6!UheVo*Gj{iuP-S*Ifuwj6QJIroX+ z5Cui&Ajn*(AYstoaDi+1sJvOgf+0Xof3A+@bKh>Q9!>v(GplGl0wzL*tl z>VgA?Vs_~0kdj6;co0MFUZ;zh`^aX23I(Kx#GuT1QN{Qbb_yJFmi95f_^A(p3*bbh z(AN$9oK*y1&GiIedzS?#UM2gy1)q$xPZBN(AZ};Z^mbT(CZJEpXxVs(Ek}-(m$9^e z_JW`MEM;Lf35wTMBpjt`$%av=H5mO1FJd?)lLL{A!_CAc$rWS8g3_1zKXdYtNyJV1 zJbP^UuXc%|R>62w%H?l~3_xF(1o2`I zXk7JtJR_$LYlzPMw?$=vd`D(Zd2A9+jBXq5t%9)KEb>5o9So#4 zsCZktmb9pLX(5+q45NpGb{`LANhElIB)LeKOh;&M!D~$zrdOOqCl*0wlToZ0Ou`M7 z1*s=OSqj|Yj?>(LVFU>6XQoV20|Q{^8(7-y?Vf1Jztf6$0>_O%?2YB{!>v(6A3!Sm zjW1gt&d?;wC+_faEd*Kr7CMlaYop3m>cX2Nc1?VfkhOD5q;<*WNrl{`eSF*rovNmp{p6u!L7Sp|Vnm zP6x6d2rz!w8?mx-X9?sbgLXg{D;2#AV;$+utB=H2lRKlFhV&K9)vNaV++*!(oc;oZ zD;5XwU=F;w_dFK-f^wsKLae)JH0yI15*cOs)+kFSI7YeLz<^{zoD!4*HPg?$m}|@r zsqF{1<+lRS9JZnKosuy>?`p1+F!rwi`WSQf05ofzp$*Y>TCe&qM+S_GxyIDCYF%1( zHQI!ut%5=jk?I29-H}fS^M6qP}##$8PP%%HRI7X`5{7N}MM( zyI*)LoEUPa2&VBKaM-r!eDBl@F0nr{5SHit_(|ej9O3m1Vr34L=ZDZT)Ya3~-s$f1 zty)M&yWQ2aL^18~(yu-D>@!E?$FFF$UeOtMQ03&rgYHodNeG$#6R|{9x!w_ouJ-0K zUENiiG2IvqiG4TY#rHT-eoY-EP zx=Yl0)Zk~GtTCgzXJ%~bjaf<|YN1Gc)&vzrc_)4xu?wIaQE=p*xiLJXL+4Yua;X!ePO<`+GjM?Ofp3xjw?gxrL%0MhI(^G8fEiZ_O~EJQF(~ub7q0fyggWe~%jXSf5)<`z)U6 zU!jtSoNYoA-Q_MuNRBy;F)iwk3PPnAewDwi4cc4r7d$e1ed?%uup>-^D?F)@Er~IA zSv6oVIB@saQT-{V+zTbSk{nY`hb4v85w*QexH3OtgNDmw^3a^`8(2mJNf2)1#b|Hr zFX=KxX>H*W8K=co5BP+rixeyn_Gy`&5Ki3;O5J6v^bMqNs6;7O0Nc2wSWGTStg z6RJ!cQ(GG6KNIPq`NJsY!WV}=-mKUjabTfw;}t_9L%PS(WGj``q?-Ief9uS}grud%PtAu_5d*4Oc&6Bh(s_tp7U z5TscJzy-iFWR%==?^!SFB+y0;gvnAU4(PjY6WpvRJv1j4(-U7*^hpNyHZz(dG%59xnt`FYk&xWWH?ne2DpjAIrzQjxV)LP*n?VO`<2JDn}+%!doUvel4<$S8KKy z15u^MI08=uauhB~4lj|_rjHEG#-di0SRViUmpC*f9%Nt7e^F>yv_L=%{{c4SV)6f> zo5|6%vBnnj%w5-^RYM_BYP23t&9TOzV#Uq+o)UZ5_g<5wCKfxTCTm^4xT;|nvM4!D zWCJAAq+V}}j0}HGJQ49cM&^@!SzPpjM;7wK;B4&D{CX4%5cxp?*91F@L;F%X^0(S` zGfgWdUszQJF>^CDGu!dt%k|iGdmfC4zzOK>ozDAMxk872Lub4->%WnC4S8V^#4uPQ zbI~ktsVP*bw(8NHKVB}!xX-LGK3c9$zt5~O-mm;n^{Hl5omFvksWKdQgY)aktvfpQ z8ObY`QzgClp!_i2euR0dm{9iVWYpQ!Tc_J>{FeUWKlblx`wV(opQ!G_e>nXcMj3YG zGsCByS2s2J;qW8=WqwRf@>%}sRet(a_E%0Vw{{a1@GX6eDY*e|o&!V~s}if=m<8qp zu|HdTI^?Gm_#<6~1CRo_g5S@$I`lROQ_VF>vfdR^=3Gs|U&Q6kkK3 zvpr8ylFu{!D2SbXns|`U`xk8K>wgpWZc&bJ+$5iu@-@rv6N?-8PM|?2@I{{$_RdXr zr}R0cTIz_l5nEq0=bD^%Ox6}X!C~$Z$pc3tCp7sm=ZL3i{S4d84N9Xl=LoDB+hA63 ztYMxJni@6dm`%e!3DTS$nkqGSkHZB_L$+l7*_W!}5s-I!YK6r&s^@!9It?E2%Vy6yj_J!E=T16He7+<@o#Vo-f|5v5kgp~l!5?FMvA^2;16s(&iNmBf5!G&25E|MzfIG8P!S)qucWJA9(kM+(KSgbx36mEt7Fr=MincySXpTk0yPP9g zpJ*1}Tye|SS$S-3E##Tw@-!Y(H3HXcJ(D^L*vVDmX=TFo3A4?@wFxVIMl$K=-I(Cz zTq1TGNA3WjoHy_s6i^mobDRDc*51`~ zt-3h)1D{q^+c{7J!ZbK4j1yK$r^kW4oMo1!`yfqaE+{rLv!!*s#plH9tlRE(^UcW1 z73DbyPCmJ=di1uxo~mYPI|7*#|IvlTAv3Rz#0{HMc@w%1a_tLm`@QCFSmus`?ecZ(d|3Us z=eLEB#Ym#cI5}Mi}u8SSfl7=SKC!S=uqPDVVB0 z9v0a+(g+Dx5FytV1-p0dgYQz$r$TR3%n^f@Kk)i?ZB6KFGP^Yc=GcAIZ4lY5+kLj+ zU(#v|+%#fAyFC*~*|>7_%YrU~(@za| z9!RFZr~mqXE;&I?2zMPzZ7p>%7yCe|rvO0#eVnwmz&%K}H)HIyjc`&xyMVQ?FK^M4 z8*fO9XJ~(fsK$yO!B0j;4wgbMx#lvVZux>XbiJpG)a`%xwWDq0x1skDHf~X;k6p7%lp9=P6VZ)eJ zboJJqswa8AKFqZ-+Iw5UyJKU;Rh(zHcSTP7rQ$Zs<^h#8mxNgoT&Ii(mWyG(8ZP7y zia)$#9S8!`10s1;bQeegayu|)*rq_%nG`)Xcx?}So!isvfhDfczHA2irN}reag>#u zP!W1AAovQW zf6AzjZqPY=7xwY&;B(VAO0SA-h5OIhWJE}ke}KxLx-m4go?=%8yM4}|!_mAi5zmLy z^Xa^lsCD200T<1dOgFw68o+?SDNVQ9)xlhOh)(DMKnK`z&#J%I8uv;^=SC~{u~a@> zRpb<6F@r!T8g?tljpRnAeU?#b$7~&AGN6y<+#v>-YUB`9Eh*0e@Q9v3>;uIvd%emF`ye0gb;|~`q85N z1eH^IRTi4a?b$Y`cs!lJT)GBwiCjk@l1cst8WYy$8e#cFyK~j)*+Q+TrIjZ;Qunj~ zkXk%Q8eVSI*Ww~0ZODzGP--;E9UcMvV!YLm*t4}FRkDE2F093cEtp>hz@|#PE&!7& zWo9=>a(d=sFQEX>0DZE=_ha1uTQV=5EfJ0mE}D=6$soT_oWDsb%>OKiVWeL*=o1Ym zI~4kWN=*`||Eu$}T&mDi(H=tdw)JJ8wjJp$(iUn%I(%)tKy93E+F`wk-!VB+ z9Rk%tHL)~n%|IT7G6Dbi=D`C9w6=P86Si5;`nZ(`s4_9Q`sS{J`D}Q;-@ce{&di>V zK}LL@;==s)ONXB}_2A)AzVL|NLHP_314MJcOCe%I1qo>9aflevwb)WaIpjgTHorYh z-RkvP(UA#?reX#ze<@B8={3E8b(&GLb|VtrPxt3Y zO3r&uyIo99b$_PGf6!T&lD(_#3@0sE`GN)(-#SwG9R7%?mIqWu*;&9KxwOiV7vcbMZ^wiQvcJ?Z6A%s(_32y7Estf`;h~=LZ*~wl!|2`2;i_ z+zpS*D`c?Igx|r7eDujdfm*`MZ_K}hL4Lv?TQA~5EsWg&yjx`n+Imd-MWH${te4gY zsZ%{yq26IKk6DL_HxJBfoW%1$OPE7>i*8Vx(gt3o*_1MN36T?b)KS;P|4M zmSqs5?qk#%Uj3tQ%^ce~s`|fkieo|Ap%G{Cup5RHZ&Gxm1lS0&XiKD%$rcG9$3Y_t zuHZfVC+Cf$X3kpSKQK_s($W00xild!89P?h7`YySIe&|e@{ba_xbBK|DyRcxA&Yt^ z8bX^=**k%dz5;WnGH^XdFh#1Y!TcWX&wc%ERP-ZUh(H?EM$YL}e^|9ECu3Eom(55N z(>?;BFx-Ejr9R~r@wj*%T1oX@{3E##4qhPF#Mp>BK-sNOHLOV#&Sb0p)U~GEj%~)i zF-V&ybFoTMTms73Z5smKUZ`eW6pITodXKmsxUFpRRUnICAos;a(JGOOZ4!Wt79|cE z^VAt7Mqp&u>$2G4@)BevwU7~*>diI|mylr&H{aAD@ZIkM>Z->e3eZ%`2bb9r!^Uln zZy2&4L?{jk=O#Myfv}?-Mjl;)7B;RnS%H(MczVR(W+|ekl;eGkjE(r9H%fk%S(tz8%keC<9J0x9pkh%6h@2j?l5KvL$HHJ=^RJ%lg;Qb z2vfi07_2y^EIxVB^5T)s?s3Uw%cvU5QyQe#Sv7ZE$-E$*;FO1>VW43rymh8)?&sHO zQvR$F;=i=trH_0}#+V~9y}3(HWN?>aPhb!QXVAXf9rx`mkz6*2t>-cKzN!!tDr|ep zob244RkVnyG1&V6?C#fjlB$}mJ?i*=F3vxMN&*{BE-H}xm0{NznMaZtDV`>Y>2i>z z2P+nNgEXwA3;APX4$t!*^GFku_);olpy>Q8vfo5cFMBKY{q99s7TK_O+?19uqA26f z%-dtaGs0^vCT4KB5rN9Ut{IU9fo$7qVjVR`<~-JC7-+C|6)UJ1rP6t&j$+{ffFwC1 zg^sc|Cf5q(M$~udq0}VP+D1u-?mrJJWd|CDh zY)}7bMlw^*7jCqgXD?{V_UVf2s#>VwQK8}xQ&-#)7Mc*liAOL~6=|9}TnPkCSBB0o zqrnAA9(bb_GIWJGSz$&SQ4c9jcYdrzb`sP*o7ImKY3^^q}@nCrhG}2CT)r*CFjiC0S=q{L{a}@_3iZE(n!N1P&_a=KoF0rNnRk+6w$y7za zu#2rXrAk^TYqw2Xyi|4?_v1fEVYk+(@`8}_h zwa!L<&5!PE@j-8rKy(NU=?fV8ortFV9S~N+_&&SC`(liqBunHWorvC|7lBdoV)I4j zmgAyM@ z0&WMG_D_wpGX>F4i{1&0^fz9{?4zaad`1o40dF@&-DuWbzFerA|>unM- zV{ta951+u?KXLd0B?fD&<1$cv zwn=-90)<fcbnPFvd@41%SWp7-SA~%+?3b8en*vcKVm|&yr zfMEzLurBs_^u%3>Y5u+SvR4!8TXB`ZRPCPV;e(2oL_3X6$c4m|yS0`Nm7V0>zZR5} z@o*`|5Nt!8`1Q@qcNoVKlf!Jc+JKcv%|NbL zeqgBPVs^-W6yLW{eC8ULh%~9B0+E{waN#)ju5%Wt83+Un>xcB*imAtz(TD+Cb@DNU?w)neN) zRe$Xr&S2+FfA8iEz?&)xq{-|F1okPhX6&N-QJX+3e19oF;RKWeg%=tLu9bG!2Ow&+ECh15Tn7FviOlPtma&EHAQY0h#Zt{*V=r)^zKeMvmEN;D_ zioX{=y(VQHnxausw2_8~tZLE}7Ce1F30dg_KH_AJH}dfLE4q%+Bx%X&r=M%Zg7d<5 zIDt>R{Sf?1oOrr36RkTK#yyao<*sG)<)As(u1?3V&j^vCuEXI4n+|@fcv;5mUg0t% z$Jv)B`uFO~_E6LSq@XZJYzESniEI@Ylotc6)oz#j=RimA^WL{zPE6VKiRXiXj$DgM zT}tuBO&9xrqwJlU1nbsq-L!4nwr$(CZL`w0ZQDj=R@zpjZF}cB7iY(uG3SnNU5p{G8iDyy=$*O?}!K(ZYJ; zgQh*uFW=oeQ&Wr5WIzU`z3C)u*3#L%6eXAqp1R@4TW>oSq)#91Hh3t9!bt5bCFy6^ znp~kx_3Dgo-w81l&a}=fx<*{UR7kuBP%9{GiZQnI(zWFtf_+fA*?Of3lWinwJMqYk zm|uvkQGgwg`uPVM*`Yl}Bo&@6ikXmqeb=TD`>WFjo$b^CA;ZT$XhMcOt(Lk1&ABfJ zYpudQq8(=Z>-kCw=|TNX&)*Z_X-h4x=`e@x`0FlawWFn}sVl^p8m@dm^yG~?c=&!l z#U@V7A094%lio3#Yg->{1Y_E)*CP5@%Vpev1>VQ9p40+~0YMpVEWEo=e4J4elmjP! zZ1JcfL@Ktz!^rZ^*ENsK;1>7|=4lJ8ca_ARQcvg66T)2$Yh^*m4#RV|x&ug7t9xOW zaOX0rD{n70b5WXbDDQaPd?H(o1tMt#m*1+x&!>%169lnxBv`;Fz#9`&U|Xqyh4bK` z`0hcCoh(!-41JojvLrWx(ATCKYg-eLIf0m~5Z9^t0fqq?x7K99I`9}^7{bTSwR?pp zdobkixA6hXnN(@Z`mUsI3RRitLq%}Cv~>OWm|9NHST(vd62{P3)0ipL(C-f>a}haF zX~5k17e4>65#o0#B3*w0^|5F7rzJyL#n{CJFPYuiGu*pu8+F!1i->JCFVY4v$S>sJ zxr9y#1y5o9fZ?{AXos+>cP%9hN~gB7UcULb$pkkTPSf|U%TYHrCY0G=cbTSQQ_#`Z2y z9pHh?ImT|;!NiV;4GP&%>{@hZ>&!FSI@^%?GE#Bn!l5X6;W0@iKuN^5nz%i)9vX!1 z40&jdV{h#Wth=1%2N*|6W)Ur)#+4bpkchobkgI%nD8~XbjK5tOJIX_dGQYx9Oi0?(zfnq=})`q^6wVVM}U3L)zoeFYhZGSMR%fTDCLC6TK_IzifK;Y7V}IfOVjY;ZUU}CD{DIGnzi9>e z7gNkC!)axN6!XINR?3~_c(it8JNNFLE$*ZDC`LzQWRsbE)CYy4lv>E>rq8}L6Tn9IHhJd;M#x85y)Cxwt}y1A~N~Hwfg)dp)1b- z1FC-awTQ$(Ig$+z=ynoH_S6y~wVEP|=8)rj;ywr>_REW&TlQt(`7tx-sG;J7DGI7&#uNe9!>dP05U z^)kT`3@-fk@e0VWMk|z%3KNY~XX@V#VELPXFwgv2ay4qGH-*`W!Z{~x$aH#bpyar` z(&ax$%1RIl{T$7=C>`iKwzqt0w`!X)ZZ|gc16J_tfR`e8H`fB9Q}|;gkWTQN3VM_g z>x6i}4)f%ZR^-)-Zm`tSF1wjLUYUUJC(_jHM^SUY0?v^x=BuqM@ZkG5_N-kpAN&u` zy=U-jtNA_uR&QDvp%11%s7{=f27wlw zyd-7M0Vjqy=w18+&fIQ{nFYm`{(G2)EnVU_ z4_iyaz{2=ZQjGXi7!n9Pn=bY|G#D+ob)G}jKKl`oS^?Rk7I0a>tOg_L)89LFpq|;!={*<7%&D5 z2Tlw{1hsVIGV~aA#J+;?=X&g(#Y(CPea~GysT4JI3nfkXRR&-LAXyAvLN<(UMT+tm zq4uFSor%@+U+c<5XRGUu!(YZqDO9>o$qRVhuX@Izg%({@CbI0a{MYc;zSpk&oNm=- zf3Nw^R{S2jqC#(XMiTloKl~!~zrf8fHg903+cWBWPqTa{+Aw;wBQ7^O>t0Z|xO5P@uQ1@RS%EZ1V*n8kvteOnLU*gW`Rb*xF>84;u=;Zg`n$zbw_AmEFe*4ks@Y99- zVP8|`Vpe{3$+YgTFm<<@ddH(4!T8smU!J=cp99`U|%{_A1ERBcR_v z967*cQCX~$baEb=Um=Nw?fo@VnBSK!u`{ps#@7)CqrMkGxgs^A@^{MmSYM=u*Sbgd zd-J^!TlZfni%0x7bvFwiu#=9UsWI!|QDs~761iEY_B`5i&BqiX2(I9nDxlIvXN=dkN2*)iF2op%hFhT) zrv+Fv9q*dVt7d|{`Mn*kj|Ym#FQ1&=lS*~lsey^G$wEFcqN2w4cL@+h4<#cNFES&* z36GTyI!Msz&W3aj1`NodigGEi5J|?75X)%-qD6bCRTv;t=`lvS)2C47_Z|)E*QTP* z77m|2Q_8GEvci1lA_fjXYSe_DjBnuYJV@|@_aSAuPX1KmAFL^e5gCO6jSbI?%oG}Q z#vNV9z!e$1&8v>^V_?JZ--meacnrAhnqjby*xZ?2Yj)pRndsMDroV{Dy=%*a56Buh zflaNxRCVZT#nza|==bw~uOEzL-m+Q?n~-boAS48>O)a+s{nl?9L{jpz{kXkKJcCaK zyZw8{fctB%^sjoGmk^11-SNO>P0giirZ&_bidg_+>P<|N59Rn9gOPQ;@}$o!YQ-wv zpDrvOo0@LR=-S#~joe?J@=!05BtUe9(L*+t=fNaVgCu<$T&wRnore$Hx@XI)rcjwZ z26Ze+_XlPQBuU+tQd%1IuAXqdYu%Dlo-FvdsnrZ${F5B%Ik}k$17Amfz7C&CE?dcb z`{~~3+@9f@g2B~I(%p6&I-n3iQYAbM?M)n^sLUJ2^AdK|>U)bs^pLoiOVqO8{fNJQ zrE?Sma@(_|cZ;0wy!>PrZ_Y*h;V=Srr+T4fDFXXgl8Dw7pb2|k3pD~*iz2;|HAp5v zsxVArT!lhw+(?9xMpV+*gI3F{sphk&tKt0xdOy@qS+^r4Z68vmz_1a4v_t?%WR54|-yL|&yn_h;5 z_yt=v(bRYPBg-SVj-am*%Us6bKGehRG8DSd->6ngJRiQ_2~p{rxh~Dh3NKz&7HLN=_3c!An(ZaeRB_Y^~5{| z-D$8(2IX3;J?GN|$%Z@oL~&Oh_@#Pmffn|&NrrR}Aa{Tf#a<$a+Prv`4vGsvLdG)6 z^GpViEH`icH}z2!aKqbBrc&?wI@aVK6J7LNy9|n)CeL(!E)q3S$PIYU^_|Qz#EByl z-fIlIdQ=7w^6?7^NL-GG8R#JuWrMPUXh8l)X?ifR7l)M$^pC?> z<$e;0AR`Ete948AU(FpKtLtJ4nLY$-x2-1C$r58o0*%RGiSlSxTH1_0U|FSisbn+S zUXA6yJW)oA#uZ#^dw1}b;Qf2&4*S*~Jwl&ZludjQ$0K@J88HCo^~WjWQbeM(0&J#l zkw8MY4=L&poF-9O7cnR!Fd#JvhaIGf(C#IU!9#PdsBnxB51XkraNwZ0Mc?SNA)Ru4 zltO>|erg$|35&{?TY&Q@qb)@=jZa|Z^^>ZUvsU|nt4O0}E)AB_$D|tVXV$7nq4CTj zxA<+tlKqNHbAyF5vBAMZ_@E$RQ&?9BVZLoL2XPr5X3_YKNXnfwTiM6!MuD4M?(j-%>t?(#rk zMC+;EKOA!Pu>AGH*N=D?ITz7Vge*(uU%AkU2D&BRn*(^j$nq@$WSQKikDTu0X-aid z*W3@agx>$9`};`-=nEE_|DD))M?`S|;3XQse`VM?B{w5MZv+b6!0w{S2X&v-tB}=F zcgjhDGv@4K#ilw2fo%;Wm3$=s?M~{dU@&`l?X$w!y^&KtGZ@ z$>G5WXCjqVFG<%zk%dItbxSvoU8PHT?6@~vRP1jVKhcyj$Li4b%BD_LcI?zKoZ)$Q zwbbX*xpIZ~Bygev=42GKu)49|j6+G9e7h_L-#MPk{XD8FKkSmMi-D(r#$|Laci)19 zoLE*VxT3pZRll@D7OBtx^zqz`O&C))8R>o59&6v#DaGc6HapYCE)-(ei1W5>@8?e@ zyeaxrv7`BUX{DmA=EE5YYumKUStf+*!cyq9Yyf=M%v`sLQ+vWBpP-|iF@W0I;j?uU zuVx1+!GK&(b}%Y*JBls}nwyg98V=fOiU??C)w(68r`;Pn`9bfYML@sU+^1?rt43dt zQoklwZNj3Viz91enK(^jXB%51UV6mKtIEmT(PYLzs|dcw@|RbTc>~@T1#2&XVg@g) zqF-C%Y2%rvp*#h)$A9D{K7oPHb_ZnxuMw$=3nQBt6AJeM6+89Z*dw80^ys^=#cL`e z;*Z{_Mk|{_IpL#v)h6WyZxD=-Z!UrB^YP#J>);v6M5vw6Ma8Y`4ZY_!EQxO7iJgbP znte7RJI-ir*jwJ`1muUeaaL9KZmX6weJ@7pSN*Nr{@v ztiO`#iaw}gEcg83^0y;mtvnT0zR_a%O!jAkU`%@qg4<>{l6r+k&lx9>p@gn%w3sky z6%OO_dg7S-#XwI11~}O)NyTt0UmkH6c&NUpsJ>!`M)7Cg#4m&r1yHZAvXYK5^)^NW zaZ#)w%-?CMYx8Kl=D}Yz$6|;jTbUG1Vo+X5Gv{i?UZYO&VynE9;DCOi^}}R|Y?V7$ z?*#p28|Hy!#0`HvRgvK$5mw0B;28Ijvp3FCDB&qXHLE-BTCv~kc75M^-WDfV$hT9d zQsGjpOf0PACsbIb94JkvrH6dj3e%5hf{3z;OH;q{y>sd4IYMWKZzV2(2cC-b5draD z9A31sC{5te>Rx2c$S=O>GXctE#=t$((XG#Sc^zrNPHLM=vELf+?o{NEsaiZ?%uGAr z6$SP4Kt_CW==e0aB*pECI_pUZljpOp>(L?YF+bElqsZB|PTB3MMi(gYfz{i3SoQ2j%KDOYk&~CTcYE07 zwy($mRCHt!lGi%{pdAxDgkc5Yd#jc06|ORacNB12YIFRWygLg!tic(-6=dirDB5jR zNX~h1;PMPjEoaU@gsFb1r>Wc`$QQyn+a{z_+r zB(h1GHqkb>I-Pym80_ynU7f|oZJhbXAJ*rBQ|;}(JBDeKA;a$U8+)T71I{hoA(FEx z)E`?kbiX~NQK8Ltw3)U|@BL3rr+o*xb$IkEe?}{}wmIwbzb^non4KxQ{dCH+ejfIJ z&>R2%an}E(JN`cj;Qtm-4E=-mF#-r`;sJvscw+>{G5|3GC!jL}M52TlfXR&ZqsELB z7=+kM3-*(=3-l8-3$(M;6Et#ivx>Cy6tl95tu=J)w)FHAMUs%?=VPuTX`!HJ6z^*$ zVJ_3)$D@eXM8dCASMZD)B4g(-VIg0FGubwepZd2wXLb@aAl{#7jGZ5T)jxSnQ#)gO zlmCG>{+HMM4+XNVio89xC`#U%f9r~znv@)}u%c*{boc(kRV2jV zE7Z&05Z>AAo=ST2{QxQT`TW=H{g-V07yKPJ&waPv=h;(S5uhtBiX=zM8)HwfJq_g# z>c36~=jz{Y3Y83e1=OjEM4MaG+qJx_D9WQFy=R%FB(t-7-X883kZ%X3tKP<%9p4J@ zcUggGIRt2|tdaad2^GO}{9KH5_N0wt(L7?)(zTsQVmQC>kUxrU;k447jU!-x%@MxA z89_${$TBdxqFlMtO?61p7+Gg=9D`j;c<)Zimbc8Km5>sp){03@6mEEJ#kQJyDiR)& zPWvTX6?Te9%UT@nl|6-v9qXOInk7QXOTg`%!YaenlF#INF+CP0J7Y<*-9x10dpL>k zW}+mw*MeK~o7f--;YyfWqA;y<6fy0)NbJ&eNNxx62>QnTK3OS zg#X5(=8NT-7n*H48)6-r;%u9qY4_>T;n!0M^Y9cG_k>?D-qQN6u%u@7E$P0+by7S3 z^Th?M?RjCVgX!wd_DU#l%^8b)l%E&wkE?4Uz+YkVVw9N-AE0?tZyt6ak2lIO(YD#@ zYK*>3J8ED5Ey(6@@|2$cN3A(OK{o$nVCUlL@c+>2fA}TYs>s@Jh#`=Yt}%v_gyBWu z9L=MFi7???z>6U?v!1a~P=Qo9htn@cax7P_EOKVDI zBkc(tO!j)-A35&udBl^te7b($I&nxP_9bzz{JOe6b<;pkF$X8dc{9>nFA4!i8KZ{ooJKs4#6>I|<-E#PY1g=&8Izc-j2%@E z*ZDM#kbDQsFFD{NB3<5}(&re414PV6uULd?%RR}jvYI(7r9sGUQY{WS7!13pKFULy zl(?B_Pf?FnOUUtu`A~3iJ1`&LA}QNC(c_FofJ!ww|>|13Rk+&qtUhFZG>&2CCgA zC`%bRaw(}Dsn~aiHVx8cxP&3>;A@e5(RV*@33(|Q_&8Y?&-mLEDDy63_7hYwQj`|!06ERE_ZUn}; zbupmgN}I{5aKf*0N%%4i`U)CXiPn?>rwU(OrO!lEOj|H;f5!P-P91Q=B0!7DO0mJ& z17^?qAm$=g5jEsi$X{eAYYGV~MAlJ-cKL#hHY9XngcVO!F9nmDlb^>4*T0)rp`P|A zsAM}jS}co)=nf@E3A0TxXHiQIu4@a=EF{l~JeE557JgvISC3t1AIEvq{uSHZx-@#U zda)ZzZ~j8&j4lG-C>0dtA?)pZ!6Wb6IVp!Ncd{C&EKQAZBh+iuB~Ent)OozVce-x3 z@Oc7dr*>-4$LC`?#*`)R*>PlCHiH37Cq(=9f)XUL^3cngwt6ZPOKU5) z(DSMqx$&My58!o14%1V&#_s17>D%$$g(fcMY`CQHr@#IUs@LmHuh;d%IdJ|tTY3M1 zg)p&nc5!vFv~kuqbTa?njM-g(PS_ugM;mgPY?n*3b_+0gGO`ls`XJ!2p|H&R=#CYT zY&`_Z{Hk>mshkv0l94#}N z+#Lwr9xkghXxbe_t20pbf>rxOQzqh~^ahc`RJ+?E->*4vPA^#WrF^*+plQqgmk3qx zPn)KFTtm8~gXvDu*G)h;2cnX$x1W#4#TC!`hUZx?$C(SBI~nW8Qphv>#O<6X$VhD0 z4$oHx4s)tH8?faB(O!n!@cF#(qM|EOp_;sk{NtZl?FCj!s;X2(7DBLg{i-UnYJ^qN z)eH5FXDPx_Xk!$gXsB%x0ZLbra!Q>WD3+W=83Mlo*oDeJaYA4M0QEYaif@ z#xpuG@3!tA&{H2b?U*ASu@b>6hhAh|)di%RSU{>If~E8H%gxUG|ILl|T=P=&|D0_M zPyhfN|3ESSmm&Vo?WnKXl-jAWP~CLGb$M~9BIfc zFhrD(;Yd1nr0=HgX!A!v`*{`oM3L_a^$pH9@Uo$-SBU=dLP-g;gd#-uYUbi%l6?o} zu~4hV;^xC_$NGz}#M0jaIS%lWkmZTmrT3^vAu2vN9_PH^>g0w^h?ogixhBJqkcvx` zmF`!`AE)Z_i{zzl47EZ^bEz2V0$kOcN-XVN7nc1=f|$wKJOe#A^CC`jx=i<@B|lP~ zaI_pz)?BDMQR!)dBM-J{@eNi&*Hs)9=}KBo~f*V2YUv+W{@(#zG&yaZEynYO?ZNbfh$=b7+RFx+)q{T7ujJ$r1C~ zC&46O9UWpwNxXx+JNw&kB@sL}?|{<6*ORim+aa$X+Y_H@S5GV48}eJh=rJR9`;ZpR zxn(%X9t9LQkMr>X29|LQN3I96ekcrb!7IF!3-iu%3X`Oszvq>k4Z!ZhF<){vQ-8itzE^gLBVWCxdydT>?T0~*G`Zva zh~OkEyid|kT`@JK?%Y>uvw?9013^&1)h?yOjfq{<=sxyXRxnR-NyE2S+d{07RnfvEF zt0o@oe&->9{v1MP$k(lo&gF?66`k!7U3dgoz&KJ^ZOBj@=54I8AeAdp%>cWoPa1QC zyUi47P!%MV3~@;WXkrH?g8;3IGK|cQQT6wK!&4$`-Envsd37+yzYFI~+fVCiVDU<@ zE#qsS_ZF>l5d1%zr6t<^@;dahb9=pMpVD8NKE*>8Ck~trO4^yXQPNoj1;6D(+ zian)(c`EaKfAwhi$A4!Lr@nT8q`HK04LKkOU5N?5cC{R(YbWMo{Bmp(_RuquXt^kj z#vNSW;9U1=c5QaGyX5z6?A`GA`1tT59w;*IFVVXIZn`Oxv53)9RRKa9j`ntpQh=<~ zNPaX$=SZky9-Pi1zv!kc#30LoLnv`Mo5K*2rmYx-N=hZ4QPNB*|4@Nwf-O-&(J~x_ zaF|b)2tSiZ!1hK&T-LZwPIf~rsMyn4uK5Ee+(u^XFWp#RL4>X8f8H5G1u^o*!{iEG zuFOIuG1e=NXS|Byc_ly|;S33KRs?v5N=R_?CYiB)#L%hY4AJ0tMU@WUh?CavQGaom zU#ie|H=s9EPf}FU41m4&Yu~VC0?31pxu8ywIr(!C;LmB$hZLqtX0~s*$yKM{?4FBb z^b7_`1HlkWg0B3?nrbqDW@yPmi)6q9k3e1p{g^;f|14KDib!0u`UDiir&LkYn)V8U z$zYb~qbw^{VfO|H&$`!>&2hl?B+a)*CTpH~95xuEVIhH{l(pAU79~1)PsO-#WR;=B z3A-`>15~CM8jF{{o|CkSPTN*61ma4`JhEaU2&fTMmWUq0a#*rba&{1vYS=p3JESV) zU!94X#nDG8)y?V=I_f}0!>S~A+Csin8Ae|x?WGe8x~*Wp z6>P492O8stqTi$-*Y!ta$N~}C7DJp-FiW}d-e-MZO)9o%nZ5W_@qDwmV7yP8;eEvQ z4B8(R04^K#4@7!I^%)ujJ5Ti|ET?QW4se+~4jw)wz!fQkG2O=^9|rQk?K50?e1e!H zr}!&OnlWVk&NO)q7i&Ztl|gfegnDAN=KL!F=nEKG|Em{*E_s$-5HoeIOCgZz4QbH; z)E86D5cZR)dI;{Ku_o+Pr`)OZG;y*1Pv@Xa&;9XUER$XLCa6=`?}d=Ue0FvLgixM>M9D4oGK!&AwH%DFvVFk!exqZ)4^#|j7ym64DWpz469=H z_n=Jc?WSHWWH{`F=*Q_Tl9ch4i18>P5smp6)BZc5!Y-w$8%nOhDaz(i=UIw*{s2lX zMe5`{hhhY)%T_5X;He=|iUVE+mj@iE`Q14nl$`h3LT33WS{8YCA0eC}HpKqx2&Yne6VNLw?lw5+3+M%5S`mU^$J_~(nN9Thn}xF&|_W_)lZ zREXMTnTHKOtg+r2Ek#Az{zqs}>z?g)^S^+E&O&$ziY06Zg*OpYDj^66gqnHdCmJ8^ zklOq#-L{&`H@zY1VJ8jab`DqftYUk;)DEWy_|1SFaygVIpURYcW9E^r2<V1P>S;G;V+2)r-Isuf#a2x@11`NT=d4 zpe#r#T4TdmMIdz_Q{<4CHn8v(2xh2w_g9%QW#@o=(i0q|wvW82V*zPYA`dXHfVS^6 zc3RanU+?#yR=u88uOYq*IIuc!`Z+C6Y)ah35THy}wBQ60g89A77+36CSA${s=d zK5Zcby%R|=+_s0cP1z153P_rRT@fahNn#04q8VIm8Rqcw=6oR$!U=u;>`5Y{M}O zj5~+Xep+L6*EO4ufsZ6Jz&g!)QD;|MXV=FDO!4y7lcPw<0$W;bl`OM!f5MB2)z7k~ zopEMm2-gXi_#Fq|wm|m~7M?z=zn|d$dfH*DijFb;s1W%_gbRmmS+m}}(O%U(W{^KMS- zZp}vauZwpXH%|e$(o^TMpZb@Ykd}bqh_c*8#~3zDiyQw20oT~7 zxQSc??PYAllZ5&ODL&Bk?|S1fQ-mG7-ZGG2tj18y4RMdwb;7&GQw*8xupSdVLxhXL zY!+i*gBLyLpa5-TBt&ISCBq|Yrickir z3lP>8ZZl2}<*1YPd#z-E8IF$&Ads`boK_TLK6XM(r+;+o_stC@>wK^x2{^Z4wn@_p zJ!qJ&d^5xrsv6cey%iX{iVt~$*jVu(e*IPBV-0FRBv*5YkHD;rUk!-xLJoq0r~PIy zPhU!}mAhua`Q}6DAx2spZi2qvb{{_*{*JT?K%ms?839T&EV|lbAn|W==SGt{QvOxL zN4bLB9=ig8Gh@QABf;L@Aa8Wm+fH;XA%h7b`3<%KVkAQsvBx!^1UTf2VZ$>Xvz8%A zb5b|mAnb@%(x$enxIgm^H#1bvEd@+;>m&6*EnO#6gp0q+?7Y`p>)Z;4ZBMi|t31z3 zoL+BxnLZgd@D4~N*o$y|_+paSPbYIjvd@3xa{n&d6-IjEZ?0BgDiS7Az~+1V9*w8E z?->B1%>f&FxCt87Fp;+)dWnCu@QM>M&s)iClkyQ1k0^T7bVAD`wfy)xp#4{s{wjeP z)Pe*67=i}?;QR+F{r|wGp3W|&w*QN%nyb40&(#{lzAbJ%c@)`&MjGlbZ`jO18&j!< z^HoS4;szq_AZ*Em3kfo$Z28R+m&M!IbzLna!N&on%mczd!hw9Kpi5nW(-2=;XTQ?RBkTEx&C8`xDv)kUBT7w$PzK&0! zYGumgYK(mAcuOPZ@xF3R!@9<~%Oy+0OZp4-pKgzC*HX7qR>drWW#6cn`a$O?)Rzq4 zF1OT}#y#gMwlTSSq=)PJq-vN?&Z`Dxn~M%t0jp!rgdDT|i^=C^x4^XFzE@DTfoZI* z-^Km(4)fjN#%yETf#&oL&KEonX_%S~ROotzwrEr$X=j#&FSS-7lI;Va5+i7XXy)*q zRXLFg7h6$AaP!%Jr7i~g^}KvwJNLlU1-VtS1j&t1D@XbKyB|2xKW*%u1nWO63=REu zd)>|oRPyhy#2~9#`pSDee~XqYDe_;Dd!Lj^TC|7oRVdmq50-n9hpjo-iOctTcAC<0 zH&iAOS0xOvMo|-iq_-IL5J1z@aC8!TZX%EiSY_g0%T=j)cjC6xxh1-3?Cf2fO_Lqp zER$Y`X%sf^L6V*{XW4;*VJyheZHU7?vri$KkwekpCwmNNjzjRI@E3clD!Ca}4SZ<0z^b^g?|!0V*f%)s7?u#e!~EsOUb5I%694+?CESaLM2{aJoq%ADpU{ zBW|G|_QNvS&0z=dAg)6&?L4cyH$_yWGs(dbF~)aHVV1+uB7To&i+#QCVZjjFCz9) z?7mKV8_UC=CzO{VH064;*aW;BfDL})4doeuv{_aIuKK>M&!I|)jowX>di8Tl@9XuH z$i8hwKj>i`TQXl1@v%^PWeBXptneFEt()Dp`J+dQXvF7{K|c!LUTC4;nl16NyPNRF z8E;uqEr;R@3+FkokOReR3&oj{F{cvaaD9IFN0Ty3JhQa?p7MOR#HV4wyy#T5ZcV~x z*_94LNiGpmZX>s_FtHY^vS(2GQS^gF@_!OPL>#vgMAAvcEm2&bA$~{1NFd-9Ezb*p45U~Q&N7f zf$!ni*Q3U*?64!0M$ZqewKtF_5u>@TYg^%S1706M|KAYxx@%p<==x^p^9jeTh~|O@}59? zLpK1w`XOL>4uLxgFeI97N&J8+Ajn0=)4I12dA9F|e!cP}I2bDcPzm(Mh9?Jw8PY`^ zq~fy$4SEu3uv@X~2_;yCM9k2u*jbMRX@YkQcrpb-moHA~_A<9ahcWg&O)AWpt%7 znW~>gM(wYFIqStC6Pzdsr~vvn_20ya{aXl1`ntPrsnvui|hGti>Yw1KZH7ijD@tk z+~1|(7a*sd8I~gA5^lUau8r;#J!P~4vRdk9AcAJgGq&JsXa zN*Xgupz?=UZqv}zk5)>3NQq{b0G*&98I6S$>V8--?k1tUIo4%N>op#Ah#?hFt&;(V z827K`@0i>2AW-3y7`a3N5r8D3^%b6rwqXXh?1+ye!o1CzYYwW298lIE=ng7{Mqlk2 z_rP8Po6@kbz)4JRxbwe!1qk{+eDj_loZk+xs{}P-J7#!i4;9@3Bsi^q0&v-EgVEmO zuei6Qp(uX?TEfvi(-Bl>^jQbefro1Y4SNQ(_aR#Ekg7dv&Dh44Czt{1JiV*-uj_wY z-U+ZlHS%L)E^ll{K29pYs!(2CZ?aC>9r!NnRpK`dgMsv3m=2f4y> z__+w`kLg&_q|O1V=*CFcvGqsk{K?-2Tt=mt<%eH6k7j3MD?0jtAI?9u##i3En7h|; z-+#57_x0WmOljlyilCgg0YASnRC_P4m=dUlm)Qf>OO$OqxY8(wv$ZuoDbn*uwZw1`L|*_c7cmzi+f3Zre|2{ zWP9l9QGAR+kT|Rnf|?v(oiRQXg-_?gHCaV&Fia4lbzY7+CXu+`Eq=YF3xmeLvlGTu zjiHO@c}y5(vS#XwjW_~l5mB;o>t|H^ni9sv-p11Q!Fh1Yk)qR;LlT=vtD7sGD@G)% z74S%7d(5oW6CxcivFZJLuz7$5v-t9`AY|Cr!cSo11L$*?V>poDCeWOs1H>m7P|+pQ zB%5f-t6%V;?S#nG^&}$rh&< zzY@?yAT_e`H5Moe%0>0^KoK=QxF1U}k9mF%?%2-(E-T${YShpje>(MBoB z4LlJsnSf1Jj~TU$QbESkU_OEl6qpTe@)ZUU+l!&p<0nw($<7>~)*a#M4tSFG;H1xD z5(<@`GApw@`n zJ}yON%MOPXrIpuz+Jrqsfk=dy1qf23VhsfWU4j;h#xeq8fyz>=QOJp$dD|rMHR;k) zqS+gDI{;mR&J#ng-#wgKFOWLc+>KE4u(au}VTJGb<>h^v(|fBn?(cii{okcL++SZp z&iH{1fWo~%3Hc!A6r;k?Q<)|v5}9jQS`6A5Io!hF#8=^AH#^gto7i5QxJt9`NYCml zIuhN#1~15=BjE3i8q-}2u1HMKA3OcCxV<%YBH&CimLi*2>ZA&UR<*wzzt{M%efl_G z0xvH@cGX^r#aVo{Dw=5uWw>X~srGL_pc$eAJpp;(DP01o^mm~_+IH{j+}bNe34@1d zc*BENbR=$2B}nJ@Zu}G?32314ii`3oR28IGZB^eL?yZ`Pl!=$I8ro^Z>KC8w_*KnO z)B1=73DdEMImidw{CKeX-;U?F(q@jO<@;LXXS(2@6 zP*gJeKDT;br9Wex#goGHu?sN1f59Y=!cvTK43LY^U?NScqjWSQokQubtDl%N2_kWavRXIxx2OHhVoX@dXll$G)lxsC0Hv-T}}bGo1~OT z(fbzlzXBFdmm-wRZZB-P?e>K?c5Z>(F)VDeWPW!bK#R2#Y_qP?U^esMZ=}bg`lKmr zW^Vy3gbJD)^ny8VOERc{WD)?_f(i@)tb{o`6i6q=Q}YZQe_`NjBQq_v2(o9d@Vbrs z>M(W+Bul*;Ni9SdiEMD~Fp$X9Fs=gpp4+FGfFlUphWTV8ejiMhEYFb`v0T4z*|<9Y zT~qp{1#vmxzOfPSC^`k#VYHGHXmD741CJ3rh3#OtbgEsUjAB;E@nr=B*L?UOi))3agKwi-Ar>#lkipsiL}_GWZ|R|5_*dz$NoC{@|InQU6(;=il1uIsak% zGDc(Se~Z`V6HLp(l~r6fxmqvEB~6y_EeDBKt2u}*OFr|> z!xClawF#is^`bk|^r&;7o@Y)f(zb&I?Ri@S0t>_NfXJ`Bn~Fu&q!5v~x$~}jepbDn zw>RE{gJZ$^`cmnApN^X{pWH7)b^v(zL&-@yOBG|zepW_Ybw{}%C3DK#6xkOys9q}rU+5Oxy9pNEe0aDu_%UQ>$a5yXOk8UGXt;IwaiwRPgelMW%j5fu2y8R1t36;WZ--w`%0 zjCu}Qi>P5q!a!$`BhjPksO9%_!OokV@DH0>T33uEfk`XV%c!Yg&^d2IQ<&cJwvrww zETC6`uSEO2jO~$cKRzGT_FZpv^wl%;IY4_&NGAQ(TZh@h2w$CVN8?X^az(MEG?~vu zkFLsm6^w_{{Ft>L+(fn9u`B%JMbp*`X@w)X8;5MdE)}JJL3At4UNBm(!etBlnEwBNc^!m%HF>raq!w3 z2aQ^n4%Gd_X=o4R|J*xrteUn!*L~BN)&7zkf?ud&_MYe`m}(&j&pY$ELwG9+Q}ApW zm2}1t>fJSmUtl}6>?&-Qm6TtomoNH^o!`bK)8cXaO?AHDn9l`t<>c?YZu>i1v5yc# z^iaHGSzpN$Ft_W^r0NPlGT&U;LxhYzF(bvh`$3>5`;P9^s(N#?((+%K8+CZa0B2BH z+}53LFJ#WYr&?Td>&F}$27WKLZ(G_a3tZ0WcJKubw(@PDfA6wa6xxoUdxx)1pTJP+ zWoNBMQM}9wbMcep2-~V-MPojC-6I!un3;*GO;RaLOtfbr2Ma?+)kddnI1sBoM}av2 z)MlRH!w4@r5jXk$Lpq2YwJW>;>w!!zcBXv_iJCFPmwKR+n?;&H1q#K?viP2f*^P0#JTq^5Wbq24!>%o zh)wEgyzM_zT#bJU-?1HC{{S!8ituuP(KX~19fc`0tR)BP3rI0*=qQaL7gN(`TqO_mmbxcq0txZ*xT_7van{oN-T3C6EBAQH}B^@v|$t+VjNeOM%yEIod)woV*wpWot zr^8x-a|LP&&cDf^EGJW%z>#ViVizzO*1}$KbZV6*Xns9bH7HNeI3;Q#Zdo=ngYX_( zhh20sy!O{_FdNxd6NSVkv$2QA1rFli&c!@*-7Z-9PcT(J1uziTg z$MVkOf01Bsr-N9EH^yfhuT#+CEGIR|v2{e>_LFmwr*}KzkovtB>CRMeE4TBcvKB!y zub|kF9*?fM9)#zZyv5(&B?rLHl zeKKMDeWV_kfDuZt1w5Vg88_Rx81qP$1K?Han6+nWZmm=02!jgU7Zf^gRWzeGS_)! zt2)RunBnZkcD&u`1>I&}YuJVAF9f{K+(YRAI03?eyzw0GNENmw&JPRnxdPi(K-xzT zCJ58=WT+zZcSA^d%eo#vV8^PWw4Y|-lFMBH2$VB%w>6 z%n_*OFtraojP@hHmrii{oagSu=7U%9y%Lw1SG9UQvU~vG0d)#Qhd~_p6lxWPDVkmN zkP+P8X}}MP^6-V_;QYSu57-b zd{eP|oDT!c4p0i;pw%x06SYZxdI-x8LxH2QX4IJ1z-R1vDl@U$C!2LBsuGMjG#O4) z;KAs?crP>tWGY>as;RI-6RMt;rmYv^M6hOnFR+G01y3TGFk!SRP_!;Vz|*QF3&j}3 zk|C+g^?6DUJprI1LR{VXYP;3rE1wbh80q+hdqu@E@XvB&U<)ma6@}r225to=eSooh zU&%2UA}v1eE*Uup3zOj`WCQrfyre=<)Yz+RA1;VfR5@|}@44Y1liE`8fq#y`cHt8u zojw+y(oCdw)#8S#VJb+Ay&)90DxG z+w`V#0?;o*FZelzm;gO^jZOWRUaok+rySlBO(v5ANZkD+0ZwPOYGsTD9#OTI2acBP z>F@(wjFWbWiv$3(KYU}nE~NiWe%x(?%fzrK$UpmXarzd#;IV`k}8fa zfJ!0A26QO!YPC4!J^*oKe1r|X5tP>PyhWtbl~()Iz$VkSfH9y7Db+LVDAIe9oCNhX4Hef$P=#^BLoP{mQm&YK7AY5s;QFv znqY$4OV7Y}xT9?&s1QXkZ`yQG8iD2a)I9v2MGxW~tr|jb0-Xosj;oBhxGP+Wz!(9=S(^~G>zDg|?KbMi0{lRAcLlbLpXttXuY3(BfI{7S)z-Ocd@aW47Drt2bdi_iCd#@w|m3=+->JC zw1A&Go_OU!8goTo8oiJr{{l<~^A6aWAdons^|Z)1*w8-JVy=R5w>&;`RcN3kocbsn zTqQj*bDH4?(Wtnz%|V@}uF34Y&p{ogVjSB;EFAFegf!34triZk6Q|EwkXjy`mezLq zn`Q{Sk^ksuXkD2RV-)BPa}3zXy(f&TB5!feto#@4)d)SOdqbcP@u&j}N%1eA{RTVs zr&Q9M+E`7+EyEcL0vAHaL=lWaBEKm>;3F77gdx^Tm~Jz!CzjmH-f!;=ee=VA#^CBh zaDh9h000hj{yTNDjiuxNrTbCraMTvcy(pa4w4E0A!LF~5{&zYk;4rtNHR;B z7LtzODu6(oD6{*~!`0K3uIr}X2)r?YMxewbGU2N2OZ-Q|kE0w4>9ht=Ayhh9MKC3O_qF>b$JpFbimYv$_gk;`u(S8yWLkHy^7dC&HLpr; zh0HR34bN1sV>9n_cXIbvR_%2qztZ~btZ}pWB{)^?{;AM){l{VQ=(~HD*=lYXPyg)j zM*l}*GWn&vYEA{eu6xGrb%l3}PubrxKHc=1RI1_+=4A7?Z;@-q=ky7gZ~J40U!Od+ z8vJsca{OwXWmdZj&kip*J94Y_kNOD*U8^}SyrJ5|r^!sg_ttwe*X#8U$K=zCS@oRS zUIq93AEV>p59#F8i`-hT9-o501wVg}k3YsIByaZfH{_S~%ew+<^qTFP7=&bLDCPa>#Qac?-xINWtvyj1u6I+`n-0zdzuwFIq zHSalYYQu#OnA?2&H)%^mC3zn6343VGhL&u;Q}oi2Lq#!*Ya@vdC~oY+j1LUA=)>TL z8;xddx*tm1mU-G|f9OQ8NzHuG&rVjKFYs2aHen=U~^+vxZ4`3Yt zUtNbYjqqMyhb(JJ4|MM_dbCh)A;Deon|IOa{&aplXZ%y) zA+ddEqpK1s6q51OM|tX2g{f{~A9xzcRuzgVFNxsVX%!G=wCN+$I>5S87D3px$QhRJT#M#i`Sz5WB$I63tCGg^n&8o=o9Gg?Q~M%3h?k z*1UzhVQ#e!%|_Zq*cpQ8Bl1)Gz}fXsMS)g7LE|I(raqkkx>8!KY~-K5J*z2)Jib0r z5O-PGzz26~T~fz91(<28bpy~dEkGZejfYK1-{QoM2;GXE1!dA!WZq*}yGX#(s)Id| zt=j5Xu?u_PxMp4Ez>*hC%H_qhS>`SnxoIPV4_=xFg7b5IPT%6@L?~ zJXxr7?R}pqcFk(k=kR@jJ$*=ie{X+ZC91ptBb;~{cPZRwSIcq{&P%=Qf!Va3w$h0$ z@tBn>Jg-{HkhYB`b2DRp3TTgXo1zaw+C6ZmVUlNOE2N=wLyyk3VG~-lGq8SdpG&+^ znvSf3_CXMPkE}*Wbh3(Xh7b@-A9jHbPN#}xRepc|%Q;9MME(@wu zG=!|PY-JF|Ot-DWJ61eH)+@L_E~)Ay>|4Gs*!J0bizaZgV#NYn&9zVn#)?qY<~(QJ z;_AyHcWN?mB=yLc2=**mX$r2@r&Q z+y|&bTnRuHi4mWraK#w25}sx;@XGSew6nwSPEyqxlecHzDOhwKK8RhJqt5L`W1q9T z)>bcKDh_~|hrPxN^tBv7?95-5qMbPp45QP8HFyaNG(h4%yjF@XE6vU#+{nkqm%<Rt!^T;+2MTvgJ9-b`CvPhV{~j$CF4^^HA3OabX^m>(n} zIMVGO0?qaVTy3P1f4xB%U$Cvy!Wh|?q6e+iXB9-?fTE{_5JPSdD%-ifH?bF&Y@eJ7 zr7l=?48))7Ct`o;V#SOKz_fYZkP_k`7wmk82P=Vg6 z?Tr0W;kn(oJz~bwVj>b}{0}XH5m1o_X8Sq$@+o}iz54>}w8SBkow_)$1EbE{z7M_= zRgHyvZ`i4*>x@mEQ&;-kpnkHSs)CH4E@P2k&y645Tila5Xij3vNY+k{wj^B5L|ZW_ zsZ+qqYkO1cl57!N-DRY>TZsN#KsXD7oZ{arB&3mQe=ZZWft!sXzgqJrIxz(e>k{<6 zqsC@m_O!mH$1LO|quDl~YRNGqr#EI}HV~opsrJmy>ed4G(B=y$9uv0{Gbwy}!WkXs zaI$ab&VSd%BA5U7Woy95y(cMoc0uMrGMd8G!CzG*>AuLCrLd|3D>^&3x6SQm`kyr@ z2}Tl#WTBhTZLF}Zsx*-u)>|kSB-933B=C_BE0SnR_AIt;4{#IXQj?R`Eya^z5VWh1 znxGLs&R+xSak3-;{yXy22GMbv*^JS*tdHx-?@$23DQa+eW^K{m8$)Nml?XX?0b^EA zmb~`}j3$bhc`XRU@p$5&QBtoNw*f4j1D9%fj}jo7RtUOsbO7gR6}DK*8G?W8-f%6+ zp?xQjJETW@Hjn}8BPnP3TOWIsxG1!0CJ_x)R8I?_kKj^4yKYYD{QADU* zCO5*=L;dn1pYRD@mdPv}=4Aea&KI=lf)fuGQ38y4$VGrngVc~Rmkfia2qmWi>;;ik z9!cJh>BxvHccymZh*E&0%oHahl;Dt^h17z1$l!FrJu zkOXHZj*i`0%@YBQjzimena#|a;9>}n<=UTtMN;fC(d)W#B%yNUKgE2&l4hRl6?oWi zB(Vh58Q2IOFRDnchRH{%|NO&}G_eWvham@eHtd9We-zd#r&C(DYVz|oNcJ~hly*R# z{kARu+n7t+76W?V3v~bjt10uu(X-ksQ%})m#oOB>WtVq;2Q;;lb3s@ia zF(?;lb?;qM6>OY+IEpw^$HJv+AVDgm$+g{pR9Qmr8zxmzyU z7zZS)+Z%-b)Gen}o9%(tA86@-EK$(VVtb6cpen0zx9ayO)r&mwouq z+#H*?KJufGh;5kP{Av<`DCKNmP>9j{{egjKgIt`D(?Sl>!7RxGY-Cvin^r0SS^&#$ zP9dBI$OaIF;+hCq$;LT@81Qo%&gSuneg38s(23eTZdr-&oR6@MKS#Y$x;4x)9V6MS zRJ2i0X=!}R@XcPsHzLl7@ZPTWr-an5=?+)`D>Mbe&?P6j7iMsshW);@Mpb1;aWNe7 za{$r5h+B9m<%OKcUGNt|0l{s2&z^2x)IKS!TIG1 ztZ|X^bcMmgbSXzpbTrEi_Ec!g5po+l_LiOi)No?@`5*0ojaC~ zHIijc-|+7#2ORwrQU*Bm?32=84IUSIZ%ozIII5!6qzXXZBeD+)03pO#ISC=3P>es} z@|{o5>~%7&e?0I~G9QG^GvC(t&MC;#^j(?U1_%xp{C^ddd*p&htG2@(BcBj5@Ri3e%)@0L-s-T9NI$!9A=I zTZ>`LP9zszYcK!-u3-UavA)`;ud&oM_{u;FyjnUp$R6hwE1dqJHoWT)7lU$e#D6Cb z01Y6w09@Cb<9wHEq+Q&7d0K23^0Q_c91<+LRc3;%$2z81P>|DVZxh29yib_3m{mt zkYe-@QG~0KQWcA-D05R}1)%P>GuZtZ^4Fa+f}TwH4Eqjxr{KvE?+-b`4Tss84YO|j z%?@@g6_Hymb|uq>i%n!?M2Yr?goBuqE>9v%15ccYQYrCc!g@~? zr6HXh60s}~RwAZjRq*haT4x?}nwbKfAR%E~DmAX4l9BiW0#vdckSgIHvqDC5$GSur zI_+_-s>a@!?WJT|&&;SnjJ71TZt~@qMS74IHvdHTham=SqMV zgxx_EciJ%O)OJ!UY)dnLcEzTXnBo0%KvRYG)@%|fbg7{NF9!+Ax$oG7eK|Q#*8VEZUDBE%b2FEv4a;5EBycdjzXQwNNd&UMxR`1cOPE@N>g? z7Lx6f6@L*=>;i_)ls7!uWSl35A>xD0OrqaDqCanFHdXM$M1hibkm{|N&Kkxr0e6%2 zrJ}qG)pKv285n)U3U6hv#39^yLV^NVXRzGlQ$2`S1zCTspUALlFhd95U{C>gxTmb4=B-inm*~@*UUX9oL}$nBo*3 zWYa<0my@KR)UXhRPQ)q>Rkf6bv9{Z)Hv`gIA$<}_>zU9_RFUR*D~1#bdKeTHpFlj@ z%Q~P*qh?_F&K(<(6{-%hW}M`v$bg}a*|SQc+(0=MhNy8uGj+eSUkpS^x%%>jacP`p z$k+K?7pOO^p&{vQSooN2wdut=EnLG;fD5Wil)E%}EcD71-#-w>MaC2C@GixL%e8a7 z<{o)GD2d|@J+_12XG6ps-2_{x+q$rs;MA2QH6-t4Tw60-sF^$SNq@Vk=O8!9x~R+b zPR3jmtZU0w!cK!PunS^n!}xw^^JmaEm$*!nB?*~HCoNM?j~c|-B$`ZsZNncZ zl9oZxd#2z``yURGBowll4ja>ZcrY~sp61K?UO5@zK*PU8b9C-?$(|3{n}*UJ_Sdq8 zlED$r7EHqd$bHgfo(U%N2Uq{}#|7H%Cz`BA?WsE~=hJ!!_MEz|REvA-h>5*Z&zxZh zed>noccO7bDEw5b1-|Rdia$f8<5I@>v_=C|3-!#aDNB0=x*#g#{^PtF2v0_C0~KmamzgY9 zY6zU~)P-hgT9Lfm-!XVt`Q;)QC!C*@r<@Fe3M|!Tn@tPV62Karse7990GyN$^fu~F z5gr1daIAu~Uc}j=Vn4~b)@b@4<7V-9T}TY3dhbVT1D0D6-)crdkg30uW~WCN61;HBC%B$1l}YWEkW$0XU_nCfgAqiOQYtoz&i z_t<+)SsseA?EaDAbm{f|%FXvR2REZU0`eUNO+?{lxpq#Ll~)sPgI8KQkac&Q0z`S*BvLecaD45i<)#hL(0pC4}ylo!XolY*>`>QCE1i(ZXX|L z3vIY!)P)Y~uwqhe5}zQ@(zif-v&$a-Xbt!7fzIHchKaF1|+<1aenH%q-V;Krt~{?&Jp-lh2#YhFRqi+B)_by=yNuV}Jh zgH!ZMYw%QR!0}W1`1{ZLgc4SX}o z_>l4jn0p4NZks{(R%slNulzpEUMae)%^{PZs27wLE+7uoXEsgW9Chqh~`F$VQ~7pvL_$sS49}}&C5h1 zN?ci@Ss0Q2=KS$Bi3F3C?A@yEOU#ahyEQ{zdzj~!&imulCF4{$Flb`%ySit+=gD}w zr8b_Q66|Pq^!PKEVG|#{kZL|U1nqgc_N)9P)u+S8J&DUVOw0i&6}9hc`%wFX9agJ1 z#lCi>$u8rP)6!d6*{-L2)RnsY{&9qrLshbFTIZFbbcO;yxmSuN!LW##=4f}`tsFy0 z;U}=a990g9T`lu@h5DB=eB6{Z5cn6RX!`d~nMt8GTS?5U?YvS}^3o7m4@t}MPTf;M zJSz>a)sd_;eOfnlcl@ssc7p*J&KY(TX9VwnsZYtI3sxxJo)EaXkaW(zD_XbJ)!=Qa zN3UmdrwQP6-^O^ADJ2FVG==XfLKoM_?MMe1P2PG9COzWx--WXC8{CC)lF;?ld$71b&pczmCgRZ3}i_V6tz*n-&$ge&a5YLW8TYL1&uSo6Qc^J#_ zWvM}Ru2|PJde(ADsHk5>&H(Mm;~BHRjhnY~oZmLTA0iil6hLm6Wv8fFkc*x<`g zXK7Hs{Drx|yK(~5Z&qtu-4IOEkfcf%1^Xju-o9=dw&wnAMKJxYWVIjIt7n)un&?? z38P8^ba#3B&%t|uA#1}7$5mE`ye!%Ml+IC4ULUu{P?Xl@x?Rbt9je@4a3DcRN(lnb zQj8SHATqPr!nt3x3Ohd)(h$d{qaj1E@GRz7C{Fo;0RMV65Lr$T6Gh_ve1QGZBwr56 z^i+ABL4Bw?NCJaPP7*$J&y2}<^(gwD)CWrj`pzy^rul#jErv8euds!+Gu5rQMk;^8 zYD0i-gX#9oJmSid968bgwxpiIWW$50>67KC39rVnZ_Duq50#yS(V-EyWnjifPTM$&eF~|ZO@8^;F$NLs~$H&BZ zwEt3hIjIS*TR(^fa(EDE%7%Bl4psbVim&?fFu(@7`?^{em?V8_Xp&F$-VlR~iZg+1?O5VH?@%KsIYP=gia1?yIJR4Y_d~7g zV_vt4clgV#gC~!X3l!td%s*n+dY_$sx2^2$b($X0W_OM{Ia%fhn$y@Mr!avu2UyB= zuRWQ_?Fc!{*g1tghgJ?VUwB{gWN7)9m_(?eS>Wdf0wU(o1w!?SFGd{=3J+y)})H=C|^atNDPOlR{3U$Jr1RXH|LQYe(F1%=B^^si!K!A{ZsDB|)mD;u(j zU+b&@$^96P<%Xnv891p7)%#x^gkK^JCN2SwL+?R}@r05V+Fy$7js^2tEXgzm^*LAJ z6d9}sc(Hr+37827bgDc%C!f!%KXIeA8zjY|($s%I$f3f6C+9GMc#~44`&3x3cYL#6 znY}HRE0;4ur6eK8znQ`in_P2DCYnAHcue$8@|u;NW%m`%<>9<19E)EFV}A|Eh4=#| zy(ZL+bFu8%UhDSUHw70~IU$sO3_@$bTP^d=NO40*e{ba^NXU#+pAw^ywFHXcDk?4b z3}0v9a-?YSIQettb`SE*!RC(O@*CJ;t-S%TFi99iib#WzvnXk{PNTNjce{)6{zkY?^ z3e4Z}m@Ad8Z=(rF7s7lh@b?CtUSJ9H%zI$$93)0XT*$?W6ydy5nd?-TVnE4zD-#7_ zmJPF(I?M|AWbj}p?e^8@*(QD4%vff|g2pK=S1pnZ;jl{t%N!$oIi8pJRv+&MU(U0; zH%Dh!DYxwu1}V=@L}E}7x^Y9Y%7w=%n;7>5$`(lc zX_ET@>(U-9R&^$6NU)Bq53Zk6a1wOwjxy$zpvhr6S2Oua0pP9En%xgrWZ~qa^B5Cb|DX-kOpKe4ZuiN)Hp<%C1m5L z&$Pzbm&xx;h-CGGFuf^v+m}43%e<%`@fS^gUjxKKk%u#KoV;xZfi$9YFL8Z#iFNLr zRu!QZf|C^Ef#fKM`iq|5uehtI;+k2ac3_E_g)-@qULzinyi*8QdI_4`pZuYw0%;=d zMEtO&oj@=RqY%agOPZRkhKFA+IDq%;YRi3f8<+GBQ%-1OSR7@RGC2z$%Nv?`uJV#e zL%{umUgIpTOevQ&U52uh-lC6;qVgy-#V@(1Z3DJ%s8?;--qTQWa(hXBqpjc3{%lL` z=y*9aU7aw~$vu`>co8r9-1@#Pz0^~v^*fxj!+iCF4XVpmg*>FubIZe?07L>rX()?v ziMcTsx_)fmdf+KW+Gd!t&P_Amp3*L7X^_&SJkj&_U5H7ZwT1)Yg&>4TeSX>dd&&D- z`Y*eW>)*7?c;d8bMAM3Cwl@A8CpB+q(Aou_kkroQq0NSp7sbjASLBIBrr7x__%q^^ zF6I4I{4JHq=R|MBWGpz~xQANbULsH2IW)b(Vh}<&B6hmb$ z#}%Inn*yGRztJ|8mZCnm@(=1BiAT7A;Nr4O!?ZSq2wcVv2@Q^xT2QM^u%VcENt2s+ zdU+HaCSW$Rj9Bgpo@VK*->MiTR$0dDjiR0sDjP;Ug@0u@5(Yj+#^TPes~ar~JEu2| zFQ`b^Kx+8*z{syGpFKu$N<={e=43MZbt7o`+EZQiXJ(}%8W|LA;0N!tc)xK?CVX7^ zEt%9_JA=ijUr>f|pe6+@qNaPIzwcpMLoF=m zOI13BTQsun=`MqyX#NoDsq9ZZ5lXEwcjW4`CS(m->&=>zJ$JDh9>H#$L1O2zL7Y>{l2I5FnW8B`vnZHFGl^2n^M2-!EA8`-x|wRLwFfqN zhO!$v5H)I9C@{s_YzEHm^#(EnR}vlT@$7c)uK*V3ygIJ&Nic8;GH{`$CTx2!zzu>q zaI$hM?Cb_;2a_TN$#U>>H!*%ZzJH>j+Ba1s?(=cQZWaBs*pfYUIA4@x?4p?(Jp$sq z7ey)RD!Iky8bVHkl$zugfV^{dOr34AUej?f(;fHOKmMjL$X7yaV3?+BeWkKe1anLK z*YYPE8+NB$kN!|rr}oIWg`P35MG!DrEV%F?g}eol)~D#sSZih#S>?NwWS(cxfWy2p zacKr6z=bUvQ|8s-8>chE{Y1oLkvV4<@fds~lEa1kdBnTrQa-Mb6oM{&t`G}zTq+0q zvkjVqV4g%m4SN9)$Z@oL$A;7{oNEtl!Y)y(P9MGxFIDnH5!90nv1G&rxz>}0<$i9G zxh9V68-txM0i4yMwI$XeQ`gjv3nd9X`q7B@7$GL%Pto50bYE6O>WOLaJ2p+xOS6rd z;iDoj?Gku7(ARQ)IKE$FARjkCS)mUX8_n;uloL1xb!VLRLYAe+P4Pp4${ie_$3PpG zBKphMB12J<8Ztc7Cs$xI4$I&cMtF1n$7k?f&?Rcg!gmR}VFEdKO_HA8xV;wp0OI`} zFb8Lb=ou$Haz!yF=-02iM$-LUxM5(2r_%N zZbF4xQH5MC?6`GviPVsKC;FyrmQT_DVf7Ve1bPsbNCI)xUKk2ER7}9aH}@x8lALpt z%$Q8i-L{oZA2T==MGx8gjtH|b;p5XNp=sE>9o%1d+)IvRk<*z%lS!E`ji=mVbcfGE zl3SHbS;uyF`(=EP>h-d|2iEl5=g=vs2*N0qA%saW+RGUPr_@LYn*-89pG!<&~PqE>K}3Km2{#>OI3 zA7}bBZ@RC-U{95B$f7v7WDnAU25vPg-#rHx&^JPhCr3$~?cWdV0@mnsxnwDXv-Ovv_G+1%zDG<7b;H zl4FN;l+%oiE{L&QTkW*pUr{kS8{Gp627m)b%)vlZxrZ%aYF>ZPF)Ps<0pluCiqh4W zVr|%=#&L<@x+LDw$=$o|8_zvktl!v-hb67o*qu6eJofQ3JG`Ro8QjZ_Q=Ly(H*57D zr&p~tzCK1(-wiJGL+;g#Y!~Cku5UbN;iG$+4jh?J1wus^YwEE=UwFJ8aSG%%o-4E| zO_meNrKgKQiobY$+oXI!Kz9vUPYuW-#zTjpiBQR*!M={kkS*8Y9QWp#C6HwVWu5K{-!x z3dnBQ2?AGEG=9mU*xGKdUN5vE$!D$W6;1{^os<4_$)W!pJ<4=i7e(J$wh`@ISYH6N zM2ucnBwx5zXLhyU%=3mF|F?6#j1fA0ITVOdQh1&+0D<2&f>nkO5BIaHVBc#nvQJMd zKY7;aYjRAx5nw0tJvOEVMoKXIDgxSP}c4PiM-yvoI#y(7_GP7M2+^R3QBQakVsKe!& zQY-Acz$HCKlF6ua{30t1Hs@TG-S56cPE*-@$Nt2Cn}DcbAfs0WPHp>ewwFQo!W}H0 zFqNRdNAb|!lCDNVTvTy-45*gH4ZRjB%WRXDV;4^c$OU^O#h|!!x@LAGF0vWWJskFM6s^%zk*%?l{CP%3QQ>NKuURR`S2{AzU>oJ zu#N^*B2)MZM#YvdOsgw&gR;urA#`7u>4&R%r0n1rXwHNPP2V|mtvh%GQv-Qi1I~!Q zIn>0k2|^qx&zr`!wAqL_XM^@)zmfi-h>bV`HlhiFe+P==r)N zvw=j-5AXaLFTP+81o)H#XKVKg@!wzq&+;8l&E@sm>&~*;nYbq@TazE9Z0~ZIca-J0 zGu>Ma=#8^nlge%2lG3Z0(A;}BUNJ?e5M!0&IS`36!Y~QtSQX!alCb-z@4HmSps!)E_~B>AQ_r0up=P*1v#;&5h!<)s^FxudX3bC$3;#q^wE zN9l*v4k=<_ZMNq3Abc(Xa8({++!7in(O; z>xM{x7SEaEDT|__Og0KC!<$dM9Y?pB*X+s9-~ht@-P}iX{GVe~$&XB@EBVk});G~h zkp!Ia1e^nf+@*3+$QD!m786D46rzi$WW?q_zKA_&)xmCG!a!aLEx;&+J)<<|r5HS&Zg57mhQO z<_nznnDu(jC0Ujj?z`YXyf^Lf<2t)1HO3oNT90_0itBC> zb_F5{h@Qky-(;@TdfkXjJut?`(t<-a_$_XRbz>T1Qc_A?hPo9rHMO*KwRGNXT^T5= zHMKCW(3dOmmR9FG3iw4>wg{~0+73Km-S_Z#Tb>H-?&kL=pUKIelmEz=t|X4OHy()cPw?1oV4Lzutgf-->7Rg3+NJDTsZ$+ill>6IXQ_H%z8r+t#Z#=VRKn zA1hcFq47fb(w3{%W4jF|kMc45|H8YpS*T{Z|M;ZuKT5IW8zz|yxzq&)Jl~SA!8z*d z=)AKO)dZiWV1G*H zyY@u5^^q>gi0YOL!VHk*tCEh&`UF?}9&x(?M-jvKY_qhNq~M%XK~JHYtIYM2HF3dQaS|@~ zkd)0?<72i4Y%91Q$5!Sd{qa=IcB~`=KSut~7?Z3Ka{|Dl0IA?BZjNr;E{k_wkCTX- zety11tQ(ZGu%YkZo(LL0u8EvwzZhhJv=i6?!R{c+-f&s7t}HZ_4j6?&_LcoQVf!9% z&gZhuSG&*i)_|U72(X!foma1YOt?A9$bBa6V)@?PjD#2=#9=yg*hfC#!3#qLdt&S1 zX^jS3R+24ZNT>0g<}Cilg~fW4lm-4Hrij8qvH$_~&)0d-biV32VopE^64HR*a8IA^`?8<26k`5uvhBb5`Et4xROOggF zLo9-_(i#L6Im@a5(2eXvxu%k^UvopCYBY?ipKxVEZ0G&I>g^a@oHVz`O#aK)2 z{dA4R~PISmvpNbq#KS93IMMXItx2uJ^PdkJJ|r zP>V#D6m*9tKQVqsCY!+6Au)576eC={WG?|95XWpr@#}=M)`DVZ$WP!bPR5RTH`OI}jZbUNtv&kMS9G zR>ZC9aCWsmMttT*4g=>yKC-S~-&UlR(U`3t#vHf!sBi{IYRt(QR7&&QxFSFgHWtzM zh#mGC}d=3rYKTK=21H zpsQe#Cobi6SR+6gmr_)vm>)ML(c+sUf(+^4qv#ig=7p7us~2Gbh}FV)^buUKirX&k z+4@FJGPo=&8eC=frvVvL130j7Y(dwJu;Idvh`E;(a(U1g437ipTjHJ#H)RIg&9?7j z$lWjpW#9~417<-!1~$ENzBd6XWUbEtLr`DIcOg^)bi4cMC8M{B11L#W1<*vt3Q7aF zeTOOo5a59;Wc!_30Jlv$k#$12r-fPondJ7ZK{CF4uTbzfP|W}=K?%UtP$A`_p+iMV zT+_sBnFo`J#zB^bH|m0}^2YfT@_7U(oJTb^@=w*g)?mlxG(`|Nkj(%%VH4bfjd735 z+b9t}zW#>G&_PDa6XQZKEgDZ_qB_MLHfA%|Bc8@A04m6-Dfn-3Zmz=SJS8x@$QsGJ z)f)!{Is7#E{nVp;ERqk#Si`@G1H6%k_~Ym8^@8{iLe%|Q4R{m61%Kfm{`>;GY5#Sv zTvnREk#@nHfa!!`=f1iMhs-1mYCf^s0Mwdr;QRyiPETTM!KSi)^a-nuqlj^#vy`xY zyc$FD-jsS&OB6@oVFMWC^+%vUzNI*KL44v5)So!^-IN7vt#_k>61HEY6J5coQDB{K z;)y{Xby5_e!tfZfzB(^Z-O<>Z6nJ!aMXcN2<=VgnEof=W5$-q-I;8KXw>9L~kkOV~ z&eZ(QDKv$2cbbW^8=VOcOags{SEiUkB^gwj!%%H)y10RwX`mt)*qp#v!?e}L)p~>= zi@tdeJ*q0VDB$%?4VX0ft(Al*bi#cB)a%v6cqn`P#>%dQ3CV^?BAmF9zulDmLm!_v zJ#SR;D7CW8$PfMm{&u$qeX2BZ9MbOn@mE}E9LZyONZLa;;u>3+ zS?`@jXaNb`vD@%HM2GBfyC3v(xLUkWS)doxct2%8bVB+R4McSE_Rb#plN_ZAB%?`K z{s@MkJB$7}`vnYem6TV?Bp*78W|YCn%Hkt(kO|pD9a*IUg>e#u;c&Y&b=5DDPpJ#> zl^AhYI;NIRfEEg1SV7pJ2p6C=E-YE*tsF@BJ5Q)2t6d5u1iOIAe4GHlRK>zSubbe1(q~ zP2Qjss$2bnX%`$aS99_Rwd5He-d=+`~n(Ih-v@kYH7E28sq#dBwK|Mao2i%wL z9}E5pCh-CJF8LNR5Ou(GLDydfAE}3Y@L6!Ci&N18&J5 z&g5rv7UB8&uzMMG2bEDpqprN!vXoG5{^GqpB=3?wu5Zvv$gZF!?{*cbCMi&bZY9Ym zDbvRBdt&`y!V94i$UDHgcr6K$ljNSAa!E5Ry+WS10#%n!Li}RPhxEe5gFto6WdYX0 zC8c!#_NLmnG+V%csuB*@i^>u~tQ;n4g4)&o*fkhrg^+X#Y6E}tXA)=ySN34hZl!(@ zprwBc0)L->x;^o0s%Uqxeo&}@OG(>F@7-C4tD_EWSqQ&J=#znxl$x@z4UQi6{@tB` znSJi%+M-;JTB2o94E%_cQZCFd;D)KPw{bzj#sSx5g2Ka@^p1z%z z2=p`13Xxe%?ik22D|eUE+o|^+PRAbix+WCPyD!zwucO?I!>?-`Pp>y$Xy0#clr2ln zEPM3?|INRUKAsC!?l0G^UT&WaOb}ZB*Og-z1lF``w*q2;!z)A%Lj@in&lOd$DO%Ej z$16-vq1DLjxIKM^=y0(^6aK4Qsy+d=0+X0G+m0)8 z*Q|xkTw`v8pse0z7EEKs7-35me;Q=SEa7)limG6VK^BR*OsIm*WHq^|VUCH^3kGEp ziaYSS#ip!^c=|WE5`z&LF{Y9%g|tb{rJ&z5q7HHMS*F5_%W8JqyPi3A+MJCKKi_Tw z%^qDIPcpPUF3-#Uhq8BwvNZ~_b=Gt6TRr z_TSj;h_z;{h?pOY-_$%qqL)-Ad&|wvntHF_$LNX52B$1DXA$O0AEIpJuYVvpz&!1& zHR=0Fd@8@pr(KPQ3C1WT_FoRVLXMm|fZb*eUsVRq^Y=jo^93|JHZ0RP_6L$)rQn`7RbSQ-N&$0|*#av%@ zdwFOmM!DRZ&=&;`S0DKfBQt4H+x6@(qshP!DNhlEMuuC!YBpH6q#z5_4fs((smb+^ z5duFKA5LvSS1hkH0khBPv(N8e+Rzis4kZb?K)m%gW`pM^sR{)y^Ecup&7ktCCM%Z) zvx0JI_xkP{T)~@0APmxyBzjnZMk3@=2dNwO&e)WD~spHtosXWFh<$fQjTl;IK7|tQ! zC1JzQl37kU2KfuEn{Q*4Jy3$=S~EEf-Y2I(KTjE7C_>-C5pn5d3?N2QoI~DI z+pde(ch4*}J>lrx1vEs9%qhTNDG;#`MC->0>kc3SlPmm~E9eD=z>%6Em0Xa+@LQT& z90eW_W#pCI-%BmQ6G4L$4j6KAyv}g8G`S9ujr6RGp{NT5;eCZT&4#CnuaVQ9HCB7D z(rc7+$@#2vXiaklUJ1UzZ-@+}uNs*RGf&fUT4B#4&|10FNz%(Tp4ab;4uBL^&5v9c zLKP;9*eD6tp{bEh-@You>pGNDS+pAy%Az5UJbm{J7>ku+do;?~;BN#f`;xeRFa+6iL9Tbt3&1@G7jW9KN;`N-BnJz=?E9ZEr)2 z*mjPG7dBN3O_&V^+$cg?Q3En%a6F|gNjgo?+J7TQ|11mVrKEe!SGm{o;$t06 zO-2qDVe8&P=it)0zjmH>^6&lTbH4Rvey(m3eRy6e2<=n!0&%*C;Qw&uwzFj;E}a1| zz@`D(IA5kp*@cZWu>d(@fKAmuHQ85_E7oULUdq`MPI2-27_dCaFajYXM3?5mHD`RD4g?8CnyuvJq)oFz~3SyHhBVe zdP^t8`3FgCP@tc#(N`|+QBbF}JN^->6z3MKRKgeUnMVx0{M`d;a-s`##?D*la`|~i zCvp!`y=FmtRuLo1QDPn7?wS&hTB*`e>^22Mh(ur&LR zkScOHh!Lt)(IKU;Rupt3&(0|Efh{31vGPu}_d z!`k^5!f5h;y@X1B!@+uKqXuaCT~D*<$!Lzl~R&~ z@)G-r;g_c-_Z^77ZCH3_Yx-ciLuU8z(xONS=%7341s{gs&wh6c0iOjSO%ICb4-gMw zoB)rQ1Q0S`Gsl$Z14@ZR0Hqin0afJBQlQ`h5-;nlT*O6d4XlYW*8)ftZ-|aT+T(J< zh(#~haS2)|anxDQ4mq{p#kLx^5M9|n4ZyDD`UvD^i(7h~1+8{HEhyS_$^Sq@tyU8=+qPHPa^`E(ls=~)f z>NE<}XS<@q~AVOAY?} zY7=j(q*`Cg&`4$e2Xf<)v-+g3rxF6tlzbu+1oR7_<=OutSQx;6$l`uIAn|@7Gd%wX zhTis8W_pe$PIfMizh-U!7m_7J`G29wc61bxMCMzr$i%PnDCdO$(dw4)0<{D4{0~P& zvHQymicU59I7TbmptO0&ce>2uYTRxdIaURi-kjyvQt3JUd%Xl*&CU? z>Y9##zCQPTz8>}10Q>?&#A*ZVp2=UD2>km%iWq|Dq7(uZshc9|lh-VWtpxBK>~9h5uC48SV*Pk9U|hlJfuz=FHE5C>sVQS)kSeb5)8g)l{FEPd=K})~kPwJ~ zgdzzHyMgm%tQY1qorr0xGlvLmsd ze7heW&LnPJ9i>^MoGK{dPoP2k+JA>UQ9dHZQ<}%tr2@A?CS%lPGKNYq_wL2=t8IGw z!I)gDyi%4CZ>+dAe(&?bZ!!A3R?Vvg*4eF6D~%RK|Ad&YJL#k<_n%Wpj+w})V& zot6MGXSjKzdGzb1ieWRi4;teR{n+?3a*#E5x-@1p<5ZK;fhU|(e&R5*C=RBI$gRix za_9O)t~_(tp+|;D0Mc0(dD9<4qg-v59i(I0-^R}A4lm=qYVV2$crX&>XE}6{H44sT zrSiJS=cCLSH_I<+V(Ar$Km&5u@~6pXzia3`U0IRcmR6MrBrE{-eS~Ims+QF1QLu|#YbQ_rKh9~O69T2GIdQw zP8UwYRdA+v#fkL-gLH;yQ^fJ-S=2~_KyPG|V~%X&JxmJj$sc%+vC!8lKfwQd_Ae^~ z?PvX#Epxwpp8peDe^(1fXBPu&6I<8+izC2CRm*8p7-dDWp_*f+xOI*aG-ZJ>Ej*h^ z$PA+dMe-s=b`v4N*_@Z5;y`EA(%Hx@nT5~;s%t<`98C9(kmmvXX#&|V0G-2(RPUn0 zMRa4?l>XFv*KKB9jG0*l*w=5lhPRv72*VHCh#xwKelNavFcLEgL{xkuSbrC0s-;}3 z(&l`{cC&-FS*nA!b#hMg52^D89Ag_X+x{k8$$(`imTYUO!4yyVeY(;@&hg7Q4)q_q zoMeq-@ueBMz@Yp{(+>y+s~UIEjM%yV>gjaN8Lb_`B~Ww}4#*ENaO zGn)wxaa1?|43MCkp^VJ%`82!^YP^><+iz?5HFdgMJzH%}Ux4*0rrx;}d~rPb`^kNm zAQeZj9rdX2*otc1iSN0%ci2*Q$Km;dPJ?DwZLd84OxRJyKMdBOi|gJ-4XOp2f$np| z)0^-RPbdQry~I@GLQk>67bN4|UWs40QD&`fJ&?E|_ji6fU5H4>qUPq8a&? zKayVe2m4EPtY{YE>vhU)U>CfUC9@|tbE^P8-}r=$buIaYoT z(59mS0L~cqb)7-AKzW~U$rO!(c0(UQM7AK3Hc<$Al{(Y#d8)wT6~W+SV>R86OoO}u z^_c=d8($_#A~O)=u2Xdoef3^09QQq-g(E9C2Q?-J_t&N3l_QcYSQs@wVuh`}+GcbE z-IWD~-@?24TDAJ-XaHgTWyyV5oZ76`L`cW4-9_Lwj`9iA{~B;Jf1SRS?y{$6H^*y?t5kW#@u1w zB&p#)($^gO3Z{pu8Y+TaR6gFS?XNCUf7Si_P9D0o*CvOFnHF%(P6DCxFJh(^Gg&?Y z87CfxNK_n?r;r>hvIt;kI_2gx^J|F@5fm3=i0P;aBGXILjtNC@v09^V`FV&Yxa#4@ zDLI+oWzyJ5&+1%-DT?Lv{!A-vM1xK{(fAOKDrWnW z8XsmQ`T8b8-oEMN62IjX#Dx@$U-CkLA4!!+AW1>kp)S(ayly-f_o4#05W$5pGG(Bo zoGmI44=PhtW6j1oE*uj4eI=lJ^8Nc!+MfRArE{K_tDr;vu-=OC_!x+MML$mfR=&V1 zcSN{V+&*zvNYA1U6V95tdC^Z#4XlC|sEwo9EsmKAnZ>&<)Ca`=!ZopbEaNFP!7>zZ zO|TP~ZlpaHFT~=E1&)EYUf-Uc?94eOxiQTB+>oN93O3r(K1LN{weEG(y_^glYumaN zO^%&e9d{Bg`Gf8&h=Q_@Y3lRf)fZ*Vw_=2@`Z8dlmV)v^h_9B4(#KopC8WR+r zNBAoC-_1Rr&uYI5941rP9sL^?GC-S;ch#%jb`rQ%i#{=0DN^ zrPJ|P83au~y!brsILJa1x}i62!}{KYH98rXxO#}=;N9UDqsJ?K?@l%MZSQCS_o!6R5cb1~*Zkf@gd&nz0c2P~A>n)?XYRp;*`?}bhujYVjL#KsBz*p6aXqco&QQ%?Z zKfc>3-}E>Z>3k6MepU&2`j>o2dahWsl*)Y0P$k6 zz@%g!K&qWue1){Nn-TP(rL?=7VaeZro^n$C)|WxZz}7%n#s~i}1{M?V$#F*OgPY<+LGBAq#vsgf|-zRDg*#3d!oEVf-CMjp%gK>2c7ibM zGh91?ziw3-uIC7x0=(4A6&*x?Az90RV}11M#rf6Q?`ztdi&cf>?&ITVc(*E>^a$Vh z$gJ-k5of+P&mdSKm&GDkv1`S_%u{a2w*_0_KfRD| zp(=nc&}F;9FB)!`*RXcj*ILGFI!gR^I9~aZ`zEbO!Cu<-LsqT)I8=Alim-qqIg>@$ zEim-EqPmBrM7LrsKM3{|bIE>A?dhE^zmFcL=YJE+dK_+i)ylTYHObTJdQdHfM(dT6 z9DYKM`xEj*?^?9yApw`8?aS3@KU1jnCsiX#m0jzaFCevpQd$HHRUy~@%iyOHL4^R| zd{K0Nh{xI9U$kSzH$rCcTr5h*#>|2fypEX82fi{o{*kr|t>}Z@B%uE~*@DQr^Bjs} zBzO#rPc0fU3oafE=Ff_H=^;2^@Oiz@gRWcan0r)*xXuNpa%#CZ^tboknI38TJ{(!V ze$a8?ame~7qi-xc7D7`@0a`>>SHGzb!dunwbM;Z1CqpR{%S9>|ipb!|RFf9k%I|yP zVaZk`AwnoX?UyrtaR%J6q(Pb`YS4h2MIIXzK;MrOq8C2i-i4w|)Gw!ZmOKBoUK%%D z=XQ;@Ym4ocN3nTZKKDmrQ8}_KX%_1kQs6^dwEqAq7!79|U~^A!$d!VVi~9R)*(8&cQFJkkL@*bR(dH-ne@C&!5ZFlfp%E&bgUxJs6=4=p1InDqC+GB2CSW zwAG;F2n@Z&3Le%l?2?VA6??}BZw#P2wVgJ48DxI<$5%q@q5f_}TJOq4ZF|oXNfsRsA4=Mj7n|$_d`MfRARHk&RZ7w>6_Uu^Qav zK{R*XaTo4s7p)>T!J>8sZd-tUlU8DPh0r)R7f8Sg?JQ7>lt?^?>##yzlmLJ8`+U9( zV`7R(0I^sYLycZ1;}}y>J@tzqg_%56AW^$0U}9okvE1mu`Tg2)E)xL3S!k7@Oq$V$ z3OWt-b$}E{3DU}wL@HGoYPDtv6)UtEWWAuf3z8KIM$m!nOa#u=_FbUbB_H+(B>Yf0 zAbWNatL;-d?G~*)Zx(WtUnWkhNu;{$!4o<|4=hX ztUCZQ$TD>OfXV|Lo`r# zk`sM28cKcG&c^|0Aypk`l0CgS3?xUb=Sw?LWmLEbyFpwWY+9lAj%_wQ{J5rSkcecu zgDZ+s^k`ISyYJ2m5`*mh#I(1?;1wa<^rk`HQPBv=j8q5?1A{Mj7Ds(Rt&cW4IM4=8 z8QFZvgjW&z=0;2lG$%ZO6du}8`)^k=%)=pOKBpw-cz9E%q0sGFX9E}`)X<#4TBb@k zW_dY(+6A_r?vaAf^LOY*F@2ZPb-bn^<1ayS>?E>);0D4W)d^}2UEKv#Euf{5>lw+zacOUhv^_CpVdiG3=}J%6!mH3 z{uN$(?-3J@cTB1;17;~0z*kfnFd`xUiN{3xM62t%Tw?8_-qjsV{i%oxBFGO!b6^t;MmNz{ni#46j$ys6^51kmc4+?8R> zt_5S-cf;OS1bCcNt%L@m0#wQ+cg+PDi0Q8!X`gO*#=0Tf^n-T-0hR9Wk{+6{;fkpz37AsBJCiYrpGgVH1OsICM-o z&u9ebv=n@oJBz8cy1Z?CWp}fqni%DG5s!BjxqF~J-8b(%GpzVbT?+RYTE1%lb0nEuiY7FUW6 zsu}Lh(fWUVm$>nF_NVU{`4MIt4a4z<4`}*pZv;%VtCOlh;P|GjBWTm^#YG{>(!c=+ zJLkFtbQlr-8q6>7F*ok9P@x7u*T+sON!S*89DuJ)#l!SJ(gIq`k5v!Vr`G>rqS=|n zsSJ%ORh+7J+MTsmV@>^6VW80#U9oTc#~dH{^x$W=SgCKpQNT3%)40c(L1B4jWe-#hV?gUiA&6RfAuU}Y)>x`BZSdul+k4%Td{qPLV;s{RcousqeqjzTNIx@ z7|+0~gT?op4N*YpumTsHsZhQ{>T42C**bTZb0M867g+6Y-V85g$uYu$6}FJtUF@Xt zqv_}g>^Nd2&Ig5P%sqj{>|mUZ5#TKc@q*oF>^6c#ZX@!di$?yaa|jp;^lG zp!rvm;(UFuj1UdNVjny=3`>FtzFyF(Z~;J;6qap;{>We?s5aQ*!p|-q^t?TT1NRBO zh{*mAYbdsJd-XSu1a$6skuXC15wlB!rmzQ6<4$uJdo>?tn%fCP;nv zv{~twv+3zr+y6zg<)+I|U>$Z0D?)F}D{YMWI7?zg2$}Ag_uP~d!va+ZRZz9Utjtfx z7Nt{d=1RciR#g*Tb%X~=hb4T1hZZ6yFaF42#GYVn>Z;Oaxu=H#hIJM*k7e^kYf@ zm8~%4cAVt#*2qbX7u5A2oWt$Xw!xLr02L*;zPX{n_3)h_SgxvkNuAg)?KklgccQ_nhC4ec~gm<{5{S?3&PQc&->STb5?CBJsQ(96O zQ*~0L(dADzA7q-mNqsrmeE4$3o!;doi{d#V#ZTad3|X@8%A6$G(i?I`sW;r~;L2tL zEr&d46z)AIn>gG7jv}}C7YDj%geuvL*zNFe6TzFV3_*`ttdJ}nSFA^09?gx5uH?(O zT-lB_zn8+b8U1gOS97N1ZK>V5W!b+6w9nqMfE{HX08Ja<^#&wS)CYlXuB&Zs{~lgY z7>>R?bP%C>9Wbh@z6larDN}8n?cb>|j`jYp4j4QISS{gt03Jbvh$JwvPIdY_5$iLb z^~}OXk^UkSt|vQrA7vRUY(|9cOEs7qLfSQ}3<3C1JW2Bfc`QM3cuvm4NP|N{4FX(3gfqg5gQWIN1(FcxJGT zMYNtlF?`{b$rN{>Q-%t}CtEKCnfVOR_w8xyIC|<9fvV2qU)04Y(f^Zyz-CH;C(t%P zw_v2=Us90B+HX%*w8QqMZy58}y(E{_XzEGL9~p2_iYh=g0=du_Qrty^|J%uzfC!I@ zwAO$(AECPeb`xh)=@h4^gsb}X2c?`XD6tpB!Vs=ADj&mt)LP3BW|VJ{oLX3~I-tVD zIu{d`c5|*_73xx84U1tYg?6YOYP{KQqF_p7%7PayF)e@#g7eCf5_HxorkG{9|)^BHLXG?eW(Dg&qTt$%lDOFr% zkala)6_l))uqI_PTZYUID`(x2Vni!KEro4F+QGx&`#v#a+EnsO3xZFrJ6Z9E@Bu6w z%}8;G+-jtg(i=_c=qs#&+d2;2i#JS0*74f>cIFLG=l*)WA2dJx?qWw;4W+^FpKsPn zb}B~$aLJ~GBho#|q%XwQ%ss1$1B(qc;r*#6oYxhTkGf2-1uJRp5gf^@fQ-_AO_51P zbywTp6ruP{5&ZuqMNDjs?2P~CB#Bm5u*+mX@O`c2V1@5X$zzMJpi+F9quDMgwpeP0 zM->_Cn^$MWSU1)9{+fxKbCoQ52fg#@xxML}h1oL*lBb|tR#m2tD{mN@2wX1{J&7YS zr&+d}3Ror05QML)GXv^BRw}@j@Sdr9{%rP>B z(^E9jKG>IfwKFxtpl+hdM{`L-z_y$~Wm6SL-q5+e*fO%qU6C9A{4o4xZuir!_O0qc z)NnBNn(+U%m@x`1W^jdom!XZvdmCkP{q2!Mn<6xeeb$`Cu_ca%WmXcpN7IU`=`!%3 z^|oyR)6vNhC0vTYV->q&wR(pomf9!Y2vb_EtWc?( zbVHLNTgzc;U7xY*LzLys-MxydY$uNo3kz<%qSKvC$En zQ`6JpIzmMa*6J~i(`14YzMq>pl-}Gb8gya(6W~P)8Ju94IXDzZx z*owev*u1uIE|hCqk-vb*pv^(03jOl_xTtm^WXn}eiZ9+kL(3~rVU->d_{{4w4 zbR9;~ZV#~5(VhKjj$n0t#I4Wo-T4X&6dcN{j95 zNx*k|AZsZUGmflPGm6{mYaPpYXxcWzgwya7Oey0I6n1Tq!tUN05Np*-OP`^n6r$x1lVTAK zlK1;c616U$OvvOt!4H@GRn*xRW@wH9$z$6-i%~w1rf%pD5*H^12@W2-ZIgcMIiO# zJRuC8_=Y4QK48ZF|-Q zG0fcMNCttEN~TJunczUyJ}Wz<_(H6}aN^0dZpsH%;Y?$@RZk7HD~YG0d}`BgkK`+o z(o+)d2#KlNcqfqku?0;@aR7&I$)!?z!#9Bn_i0vlSg|pUc{)2^SOeyk8x~22Ve7(yLDakw37)Q0V3_^QjDUghV=hou(0E| zVyEvM{LHyP--~zPH`b{67f^Oy0Qd;a@m5X51Y^T|l`2&%?wl0DSe`A z$MH_C6+1VUjdy>#$&+>HAhq3g`QYn@loxEOk)C|zX9vJ167dqmJ$lDC%7c$2fXT#( zzcLGb%)GV^a$L?ix@DU3wx@exrj)TA0iL}XA=Tp9n^EJ|C?uJuBK=zzg}KQ~ef+-B z&|2gc27&}iFs50nVxG2j3PoQMgI+Z%3Zy=x+=VvvL{dqMJVIlHls`*E9tHz}E1M%q zDu8sqpY{8qR9{&F{RL0F=oPBobQ?(QOlUhA zv>3kdGn7t*yEJCL3x?OfWQU@Z3W?6q?j!glM7lJgc38sSH>nj&ElcHSiWAZjg{;_D z)1KU*ICz?X+Co#}onQ~ZTCc)5tSVu?&Xj`OtoYHRi@T25Zpi)IylcqpH!89nZT$o3 zQ1T-TSF`mh{v;0G6`yuB?Q-LQ4G6E>JE*#7A*~GiuXpq(oxd2Tm{Yd>=?vX4(4iX1 z&8kF)GF00|;>L@m=})4@L@2jz()ruMATN5P8~4*5_2W8;ITI%$Ly^+?6EMy|ulFMe zyw56Zru1ClyWLrL=bGbUyucuLi@Q&0K1yhS07fCaP6;7Nc!`;c#wcQK-17YW(dlzw zD2+HSJblzUE5qbfW^n`Z&lpTHY;Y(jwr2-W+irH)Q;4Aa9xiq<=-)RY8Vkm-bz=6= z?|}jE2ClhkgCy?hq1cw%&7$WM>vDuAa6&73cmVWeMv)MYRFaR1_jPh%=ttvhgaER6 zd~BgxMC*^IS9j+G(-=B`AsA6Tjsd~9rmj?jJ;0;v)(pxy@+2JuR1PltJ#GrzArP}i zOHXfQb;CF;7l^ulsJ)c&@bGNaZZZDl%9V^@m6wyT5*6w>gLZ_etR*#smouve*u)n^ z94cp4YiC4==pyk^gE9z*DohI;CcvU(yk56|cQ z6DDj{a7T2Q2+b$o--K$p!RdeZde2S_KCks*lbMiWhe$=|$r8ou-4o$z=Gqid)05TAm2ZY~0?N`!s z@OZy0*X*I(K?*F&+#p95B=v~DfLMvubs)pIz^!;=UjYcaBo6e*6L7)Mwd5-~?Hrqx zUtdOe9C8TeKZ7}+9r67r|J6OA18>%aby$nozj@^UM^=BNaTpYv%jd;324X}E=1rQY zJSv(r_gQc2P)ol+CN0Bl!Bb~5qFSn+HpD;! zs9#8x6VWb?Xe!_XHrK3sT<}&D8h_*ixzHV`)t%Lq&( zFq`gu?e+058k)gYW1!h}PdZ`+ZFs^}Y2De`D=i|P_*<3$JESjCsoy7V7I?oi_GFFj9f@rAx)CfV) z+#3ChYfAWDILTBE$X!Q(2hJVT0xXqX{?0q)+EI|CsZEV8Xa1zXg4}~s9aT$?*SjrL zn3@YCwd=2JWVfiJ;S4eE4~ndR|BTk#)*iyX?anrWho{~lP>=H(52*g+BhLy`>Ls&M zUBhP!Wt%*|EnY=uLs{glo*g^9y%X&FBiF3c_vVkj_4q48+Mg9K=Z!?1am~gL66{-| z^zHWW-mrfi`A;fh)D)GRV>_?D#KfuO%yj=e9b}n(XZ(1J-(df9xidqu*0T8<5AGnp zldk_wJQ |F-a*{)Yg_PL#3xUjguq8tf+FKNWVZO3;b&G0>uq(IJEg0%SB_&!B}Q zUjFC%3u99!fo(0~ok)sEkB^=-*+gTjSvC(YMSm6pR8i_qU<&TM%=7`WAkrv=7D^=~g~XokJOvuBsq2F2dc9al z7HzBiA!gq6s$&qy7g6NYEy$5b0titA4b&65XvpF(@FbySRE1&U-#_U1!zjoXXkRhb zDoGdJ<{VG@(uvEkn7}o$0myr*f~m;q4!S6do^g~SxGJVs3%Ob4Dir!9KaYEbdM|4# zob9p|&KO>vz4)$4ebryO8&k<7sUf=hPkf-%iG8`-65xb zZPq0B%qj+29c;cA;5h0zIYp`FqIKu4DIKRz&9ysSP>ya};=&)K=RKi?FsMt%+s{q*V<5@Ms-I(15}wO( zaV3c>?F`WJm;*rv-<{THj3!E7;Qt&lqAn0?)Q|uGp*R4)0fPfzZ(&cbXJPAX;%IAN zP4D7tVeLfkW^Q6){XYauvBss{CL6-fO>dx*yf6?>^LQzt5R|jd2B_6S-X*XO0z{MW zrnRvILV26*{Ev^@XqYhnfitt_P=P!A&ex5In8K6WDvL|ydQ+t%?WJVB#dd?q_RhHF zNQ&a@x+9(Ncu4~a6|RT^3zp2LXMcnB#(52@#>i2i`(1d&q-^9APpqhGca<6Qp6S?7 z;3Sicd!_ItMD6)_*AE#s%CYVjai-dxxd~f?M5C7istYvD19yz~qU@w1XJD3^3#pUt zgdI`ko1k@mSEfm|yvypzz~UESa!*+a>$lBuk&uyf0@eF6_1C-clyLDJhyc@)ysBms zD!tM@D|$3zW$`}%5Mu`gZ^2I6!h*-E1*X+h!N)+Wo=oLhtf!pf_D}CGPOtaV_sQM{ zH~g9!x*FXevl6WoIWZVMV0zkMMeh?I2MfFpoqU`no2eZ)*pA6tkEH$Xeg#H`D}h8- zp3j*`zbh!Umv8_gNz#{iOp<86oZgR*gKL$ShwJ0#$XE2fy1l8N&NH?r;ULgW>ABlImL%z^>;ktCqcJL+IBU1P`4& zM)0_KR$wJW?9;t(RxG_DS+FnKA(R3|RYfz6Dq&7suWuvd;iBGU7=G}f+DsYvS+@bzxaHO?U415CdIbU!#-(gMxT$uVvmP;>6 zq@tmXKBB{j;rH0h->@l7DZhrxextQ3nqDp3VVVtRhuFTPHm#G~+SSBos} zRf6hn`8};_Mr$R4%K*VY1Ca772ID%?0*^~b!+2@{a5l0KmV+;kDGr%uLJ05-Bk9U-2%G_8Eqh=lQIH(5r)}FpiD!kcQtr-jroB@ zN-w@}8-HwSEzeZ)*aG-C!3}Fsx{SKCACd)CL_#8m{jot0!d`1*e6L+{TusvBLuSB| zc}9}?fExHBJFbq;6_=9~N9PyKr($R+?i%AGfp)h+K5YXGsND^OnCzEKLE!z*n$@9I zU#Cm!7yw#G>cmd*{I_t%`j;9y!q6%i{zZjJj0*E^D3D-#7@I?LxT*626T>2f5jLKC zYvrz3U6{{orS5o``OpRneu^ArO!2egvs$9qznqXf?ZSk@TJb`e-9gW5rxFmH1+MG^6V$YXO*o{SNr zfUh@%Jg!_rX{%ubxQ_+;{CoWTjAmC@lLaAgr5scv1*6u1G}!P=(9*LwJ!#^~clC5-2~@e?i@?yiD*qB9o7p zoPE~zgUDK%qpUCdIgFVp*^c>(il}aC-<~SuemLoTa7RBZyn6EGEoc6BT~Uj8F_S@( zXID|V2U8x>YbM4IX$AUBn6#+KCT3(p76|_aGrvjXJXI5pbzQ+>MH&k2nPe~OuDG%o z`_U7}6!^!N{ZFpLiuRw{Fdfw~ns*5!TbIpOy$$?ey9DV5>DmB#SFPsQANkTS+Dg#NrBAI4~Vio~H&QkYA~u8b$zXk9w8!yKW`|{e!{T*97-V z2{Yyh=7>S=Fi>KB|F(QXRE+D6!qj?rBNAeSYy+tx`{y$F$n19RnJWbiliLpYKsQ|@ z#qjSKgfRSUhT@PDA)UqI;vJq^hSbBL@d*TYmL05l9L`TER}_Xa(zp z2nILu1?q#Ncn7+Z3LD%gX-E$)8=Ks!CGyE&da!_gT#{wg2gCAnbK)|%0slqb%i1-< zMO1=-0;RLK6aCFTeG8=g8BxNfR`-44{GT=Db*#df)L``NE=RTE(VT@a7k(CC0 zuv2AzgK$(s-1MdBcX$$D4aMnCV{l~O-#=n^!gR?%T}6mgS}GKJ&3F8J=F~w!h&hpax@%Zj;?LTA4q^ot0_Ya zCeks?8GMjU3`B-KH-jY_y25fy%utfG8%D9Cc7|1+BS~T?3MO%;^oBr&7}`LuIt0RI zF&sQqhp`mq1E<)l3D934LpzVkE}E_T9qmutEo;i(`P($Xrb~j(*v|`a0Tt*#NQm*3 z5HAW7yNEo=0Bi3Ag(DjS0b^fRf(liz!2malqIaO7k0uHUhIN*r#2=lun^JahP|Imd z5ES=akSTW|d)v7*XvBAg3C zX7e8c?E6N~K^{yU$od~C^@8b`KkIadevTH2O+Wz#h-85^QBqlgGLz4`-R`|e%vPBW zI1N5hI2T_RH{a~`G04s}W|AVrd*3DQQA35gjliu5HPjdeh3dGMD!{Oa2BSI2=xrC6 z5qnF?uQ{G<-bKa@PLl!;yVE)bofQ?GZ?RzGc#(2LAj|WL1yq-15t9Hjt%#NS#V&bb z9i7Wh5jU*nRP6$p)3$}G7* zKio6MzKp#W*zJaB-fm)Gavd_yH!*d5;)7 zj8IK8cmMzpo-vqWzv>Fi+_WZ^d9%w%dcxSXn(ap!v<2NI68^n;FlKAr%sI!qC_ya6 zF6NxpFm(l2CR0C+N*OC4CmglQ;^oC7fFviqbsy=G9Xf7gaJ zgmz{**ij-#e-l{$ZQ7YqY-$q{a)4Hs3-bw9{@^qD&ZtM%%7qGq%<+|_dE3aARG zp$SwFlzwzxNm50iBwDq;kKxM*%Rle>HHSt!=BFM_mhAOO&-k$3^tkncsY#W3?HtqN z*ki|L?GyTl%fVAa4@l@r% zJQ}OUE^Hh$*|=w3_qTJx?19)tIolK86B0@;=b<}Fbmn9jL*^kg1)y76W5Eay%hn;U2utj&NX}2$Nc{!mOc}dh?9m_IhKhJ9tGMjh^)HaG8)}DmUkI+m5@WrG3FL2;SiDXoPf(xP|pof>^zZm@7x=^m|5L;f5QgcZ`W1 z8Moz<*sUggo=q6Q5XV5&_N}3y-+axF;z1YV9IA=-u=yH}T~bp-oNHIAR&bJ!Z-EGb zipcCm>gWlrDrT<#K;^B5aoHui@NxFz0{Hy^^fXqDV@^4xg$mAL{{(jl5su1jMJ5_w zARLr)`*8(P8cHV`ttmZR`T6@87&yF}Tpn90TfMmR22ltr^m*@8_R(!5zoAZYTzodu zo~_xgT)tZ-w}H1VF9UBjSUn9ivA*14w!CKEV;6`tiw*YVmYa4yMb?$I;d z(&E=uU8_%D3Hv|Vn1M^V%c>e*N8k-|A4`Ww^uuDcS)XdvfEI>eQ`ufGMZ}%zQ~s@N zY5JhrIkh%z?c_4n_}vjh#kkZqPIo(T0-V#Nu%%#L&jL?19~r^irOUI zGaq^K?%^C;Qzy7AU2P1-sD`KIg=`QDV+a~CY^-3^vAYfld&F4&rXf7m+1#r#J-yqZ z*2C9Hg4&a6xVI3I%-P}TSJ=qpdl@_w$Q%BGVT#B z1p>;=Rf6};S03+pafwqjtNL@HfXLNXwr$(CZQHhO+pb%-ZQrtO-LkEzo=?*q@lOAQb2e7&wVuqZ5m~lMTi|-y7I_PXg4}Frt1cr>Dx^>ZFXnVo7Q1?r%C3x)61|+^|M<<)0SPp z3q=}XeDxeMIm-saq!pQk;uPhdyOobiosVd3KHLzZf>KSCBUx+0V9=$lJ5Sp*l9KJY zlVXwq-Wn1Q?EzG}EHICuNqZ-orl55UIqapl&B96{M~d ztf`sgxKs;ZZm4DHOs2_dlVUcXdi~{~`3!}Hv5Sw=>m26Rc>;HSQb5OO{LXy$59(vS zt3i3`4j?KJIW7WZ@08moNt}V`DcQ5r66Q-#11v;SVCe|UY1AD)PNgS-lj(vXQe5y@ zh09J#XT@&K=}%r9R!#}W9&lni7cGUyHQ+m!QeG%s%Dt8>=6j4%h2@w@!eWmO$07nE z%}|dSwB8i(N$5&I`QzF{)w1l;bNts99$192k}fjBK2HOAJX=Rs&<1+~rHU{tA$|?8 z{Ao&1vP?_57tEl@%N`>}FzB>poK|=o!G^NKB!OfEWwQW`k)Mcdw<|;l&DR~T1cgjb z79)l}gpV*d^o_|W^kH~G>k%v@f{0Gd=eu{4HB*=;Ik6!~6)9lFD|p;lb+ zMjB{-=p+$A5u0xYicQ;fFqe_AnZy{hEwe%2Jed_j4e_;(^%XMx}Ue z7DcBzFS`V&3tw0r+Qtm{)(uL4sZLa&0yut5m6>w)X!cZkDz;!()rGmBPSDaUddfGHhb!(B2r8Fn)0GG{y^PuNM+QDGWSnW)%+fO7*KfHYBs$ zxvx5*#r2{Cos3o)rWIlb8DX?UG4a3Tg5*}^q!UhM-At^+SwJAX5 aB`S-r-Itti z+Ce-rEu5IUKM;7f2zx_h-bR8F22ALI>L&EN972{qB8c8EKeVB=ciw z0Dt;ih!8XnLSd%!cwho)?I?*|OHc^c@noKCA}tRBBF=DyJ_Npf+pK zsydcQ?CERERo?wL$!qbjbcUd-WL@A(Ec94YuoQ4Ps;s zxC!|@=pKVV*g-FvE;ili_7#6P*G`IBi$89Mqm*l!Oda4DWuw*L0hS3oRAc;;BGn@(y|#94n?SH=MY;t@L`fjQQoU^q z(NoIa)Qy1A)BXc$@&;Ka4ai?LsJn!_S;bYp1T@6SpNYNg0ZW{WZZgI~Ti$BkzIs|l zPe-S3W?m<^+Y|1^#r2j`>-REduJ89$R`>In-uHbq*P^y?tdAu09gHq_2e{V{s*%1> z73WQ5$Ze1I!2kJr*nK05wlA-C4spi)bm@<`pBc2BDXeS17q;v{JP1>+7~LK8%k0a? zj$b2@a)D-AlTS`KbBp7jJE}0YADvo=J=s6DL*}`07w95>gCHx&(IBosLCm9gU+EMep#cT;&^wwep8^Za zUz{vX_qyx-sqXpF_Vid6Jfs9++a(-us-o=ZE_M%Vg9%FFR11n9T*~~9{S`)__%0T8 z*P8+?VaOPQuO9c7Bt7~SBoaQSOrv;W`NNr6(;%#Ij4{~Q3CuZlmG*&MWz;LWxxh7$ zJo-x|V$ImqiT>>Et&e_3Uq1XVOt(hQyr#t^U)KKlq0L2eHG^|B( zB|Le0wtv3(;`K?SiZg9C@X*)=Y~n@u_K%1SF9DWO4TbV zomvs9(X5{coJQ{yYCx+}hP^eJgpsiqmxy@123Iz%yl0v#OwHs}O#e`MI^N;ZH(TtU zC^>8W`$IY1iu5K)m$nhlskLG?ec~+c$Y<`PTd~2=J6CBDlhJj*VotU8N584#2%VyJo|u3 z{~)x)%)iv6GeMQhAHk&Vno)gxIMdZ!xvWdu3>WOz{{3v__xAjBRkh0O_AylD{yq7f zc^1?r?K3nm_M13SUn8w)9y<3t@0uxSI7dK#`vpL&JJEg$;|Z=urx# z`oJ1q@>3pTW(CQtOD8H@OLDHYoMqZga)abIow~&Ap{T~fN$c0OELL4-K@pr8IM+gI zoBv1rfDt*>Q2iPG=yVNovJu*?Sn3r45|^t70xVzXl7GW|@vZyF`c>7*#Ra6;%$XJ{ zG1HSF!c)zmrc9N#-;MSjQ+rSyou^BF%cy87#q=pCWg@nsYv4=?&1jU&aLU9Cb5M%~ z*;}(Q)}Vtb9=3~qIm}j#p(Kq6G8hpuY_~B-(Snlku$^L!K2{82t}`&7%P8zb3fM^q zS#VoL4N{g;P(I;Rqc}8Hp5C6mt`75)tR>kHvg91i4ZB#L7Qywe+hpL4^sp#I#jnz)qXa<#?({XYG_5+&&62 z6i+S@_o&z%w!#|$+hx#y)m}^sR2wN6ZyPj)ayuE&rC@U zpc;vjy{BulZOESD6H-v>I+HBEo1 zxreD zcbCs_@6rK!!XqDlrp)CHzKEh=PC_~b>p~MUubTeggLH-ZVhBw_5DpHRd8NsVQI|q@ z*yRvb1#=GjA0=pD799^|w5Zc831I7HW5M8V3D)uLAbyQ(L=*(h7`Y*V+|shpZgd+` zXA-nD))uh>Spkbs6=eETw`l%moynlpniF9;Fb{%-F)XWK`x zC9pG2E?jxER0envid>aYhN8933jK`=5{AHSCA^K4D+2;H3@dcw~NRBBe5k?IjH3s;YDbazpSK5RVCK}S*pFw!SZ7rplz^qAu3QB94g2=A0 zeFsv)hJLlG4CHY@9ed%Ne)6@LR3>_>fd^Y^NGa_Iwu8jQmu6O@k8oM<0QiNeQ)Q+d z%#YvJ&G?YMk7Hk9U((D&(AnZ?+Ou4j@>&K-3WownjbzuuyfFtpCKRT}>bluVXi~GO z)%c8}c#sb*4SoWJP(X0eB7pi8!wXtHWU#Er(1{^G;a#EVrU)T2jEx=6K4iSu&>#2j=**6WUan6;m<%h z^O;v-FSN)d9U|n$K2PG_>mY562-+BGX)aB7GB=4jVpnnVVZIZsL(I0dRXwxtn3cDz zVo{9-W|S%xddf0#iha0ES_(Cydt0@+kn#`4rLM{{3K!{G5)6HmfMo~dY_g(+hfN+b zlUxe%oA&{QYDw~eyy#aA0g^0MAP9n%HR4t2LAbB(HU#M;mIFc&lj3H1I`1RC6laC- z^fsz}ayHa=2UupB;r2hKky$ilx4U%>w&qJSkuTMp6a`-N+`&#}VGb z%GC^IxgWCg5mhbkq6?3FY>+7~O*((YGro?_P@-mU`6lxDT(toxvXKFtfHhv~vybt) zGNQm2&F=TFel-dYH@)xo{D9iUbwBez@5?6eEbl92nfcvw;Q#(TAV)EuDK_TM0P~jA zFvjmfZjigp^cpM*y24iZjOvj*GUx4Od{a+BNZ2+A!n{~AB@%r=-gLKvD|x0H?`Vd7j) z_RSfZf~llc5fH8gX7^y70n@85^BT-+Jv<@9zegoTv{LdcP9)QctRE)s=wtaxZB-)R zHi=&Zukr(*2K4x`Gj>~FRt9FNTV-2NJZN3#T{=Q(1(+S7EZQ6; zc6q)(dCpSg{PVjTQaAo`y09v_RrySyspE>+T~iYJY+Mr-nTh;uS{?&hKqapZk=$@P zlnb4cmEpRPxx{EM-q55b5}QzLN26e{wi0a+I64DjSV_dh{0)fe z%9)p1IL}8aVM)WqbXBl$)W)!0-fW{#b#80yhXe$q*r?@jRH8*i6N0RuR^2F_3{hdi z^vJQl&=feWHz5y1+(WuJ2znE<;~tD+X>FhF?~-3TmMRc&|2Uab+D;+8i#0&JoEe%? z4LG&sx2d@=MPO`)xqq+?$x@eLZL#Lke3NKWM+m%(0J!{&o-xq}%IHMXmBxR}H1gKyDt%*92ixn39-A%qbPN0?9s{e({jVaK3NVJTV=~Rn@$~nmhE| zK^C*G%Y!^;xPKx#J)NgUvH}%o3!mL>zc8JDG??r&UQ7!Q_J-4G%>dsw$T)}me(W&> z*?s0%`-&M1M;Pc~R1y}<)?ppxyP6xsXpc%%4+ln??yRGW-4xgLlc9*@Gi0yZ(aF_b zmct1F@)4294RI!sz22}7)c_phVXqqke}sVI{915IDex!QAQFc|F8Y+a}~HP&>O!G9v16brb;rC_$R7_F?4t^Kg_s34{*I(ZnrC88)(AsiA zc!FJgV@}N6lMamB;~m#oJ~(VYG+wmhl#J4&`{~Km2X_7+7uRUq&vAb*L_VWE_mW%<{`6r{qk? zVenq8vp-!Pro0aD%LBf>xceoz^`RrgOew%NZ>w%57nS1U9x?gL3*gWHb1wvGSkC$l z9O1F|s3LemGH2_f7a2YCk;^icjjasJ3M?okWj(txl%c)ceLj!uicMVJGI5FdD;*7m zN{9{w)9Ch3G0o+*{GZ8QB)2?Rf7vPx_r)pQwve>E`k-bip>l+Dpe&9|V3OIv1FGS8w%$ z_meJlW1%zeitw-7eoL3&vPr?79}_8yXp8~8{IG4#Mrs{>Z2lXxdvZn2(+^~5|_ z7|ZL%>Mn|h{^$<0IklaeT@P+uA{Z>|l4meU`j092IUyjfTQ>plYz9AylU&!y&1G&E zgV}qxkI+2T$zvb_5-yFkfIQp5xp)Z3qap?u+Ay)4ODD#d4!hS?^!y$7scN(nh9+X7 zt7sy#9^00#Im?EVBy%J6LlhH!V?%F~Q1KJ45RJsmXoy9VM+wW57#F#*%jxoY3uXTk zraNC?cNIj0XNN9un$2M53p(`cwImV7GK4?$WaRjKpNB3?LF4)LRj#Co$6JI;`aDp} zWpZT@0Oxpy>Sn|x!+^@|9MbuHuTn7ue zVkcqm4Cabs8;Q^49>UQja=?w{)8#$7Vr;&u%9@A(!=-9sA)~iO);Ex6QRed2>+f zFrAI!NS~*aWr)P=|DomGs%-+t?P2Pl+$a-^shjUxq z?az?bdH^0i1<#Wwt=)l4IPy?$^N?G3?q1WaiPVBFa5zWws2hwq#eQx0=pk9B>WXB1 zH-ZnoGp5`ru)p4H;;*LG3=`Ve^{*shKE9sX%<*^8v-)AI_QE8Os2WZ5ZM##H>eUQ&@?O^0tcUAioxhA13de_RE57ATVmb8GyBBk_fO}lp z%Md!yfE<5f#cx*ao2f4D*Ni~z_sO-lAKB$d3GYviQCN1hkJnKcVy4yd2oL6C#b5lw? ztSzxQw(3R5s_Gri&@(S-*FUZeWp3~~`Z1_Df_J$K;Z%4P@7z&`4Lk@f$X>JnT~B^} z<(pPa3sex+oOD~H_qi8g+&Q6Dc*!xum}qPvt#}ftnlg5`yAq@0YabkkETbTcGn0sz z3|Ie?KM%RQ$Kd-_35)&m3#9*{Phw)}?DBsxQhh@w^ZyMy4pmY7?fAp|YK0MIhL9Y3 z!ea-ZFjHDDMq3p|M=1z1qG`w4INihL><(kUUd}GtB|8&#hTdq-lKFiXI!L<0guLxE zR{2DUr12g%G>zJ^F43Di;quCPVCYjPHf=&}aN!GH2HX}ii}-dd)6F&*k`!Gxh&x<2 zs==nxyEeNn?}wg_%Puco)-Mk)$)a35hkft@tLZKb!>Dtef$~E&QA9I+w6zZnp&sBE z;v9qDGKp!P%&^EAn!u1F4ka6()ZJpmaW_2FTzy+rzFh4Wl7*c(2B)$}?wlj&sD>{~~)PH?D*&l38Z4VZJ~iTM3ZP6)7`Y zN-(MSPW^O4T8?^GhYRIR`Wa|g50h))O%D^0Z6zpY0tMbk@1<~DpKqJHP||>4ox&fz zwe=Yr+tM1E3(g3a{+*>?#fxTK>AsAf!v|#I?niA78NML=3h%g`x#0I!mcIa{R(%n` zK&vt&kBSyY1Z1cjw6sqWSvm!x1{As`gmV|udt0}MtrN&5Oho~jPysK-q`cBzsZy-D zZ~R%{80C$-=`tR?^uH2WZ1Qxhv0ODvGNt1j)8v}h!uieqfB&P22NX|7zx)fri@*W^ z5dMeF`TrQa{{Kg^xoV34Mc4SP*0p!Qr-6%a54|hV;08@y1+`ix{8=A&Jkwv;DG-D{ZYtAhP~CT7*!b*3y7?w3S(TM{&R<>GqMT zNt2@2EPc3PkG5$q_jdiULMl0-zEn9AvVd2Urn=&x+A(EsJ!nBovL{nwYhdG)t!d^-B5b z841`+2=UNqg52H_=u~XQ;Ijn_m%h>WIv{Bn-OR~CVL5HuIkbdsNYAztsc-L8lEbxI z1rE(bfe^TQ6ZPv|_^)-Jij)<+wW%*LH34`Et5@hoS9K3VSTqUzcKFXV3PtvUclN?H ziWslD*kax>@4S`{OX{EU!|h#!E>X>v24xSpFNJ2|20=MKvHn2 z%HyG<$D)1wigVZw(l4fuMT%TEIi$(lbP*=}XE$u)Q~9~n3dJ(<3}m;SOBnB*6q;^CgRxZ`&Eydl2ws-WCJmolm;p5m{_ue6U~a+si$hQDTK zh}FW%4q+juS*VTVCZc04>&HFdj>7^pX(>eGjB~6z^6>9sMM<)vAoD2wlC9y9%IurR zguHX_|9tf0xgY&V5&u+8gc`~jxc<)N@ zYML`~)>2=ODFRjdmxd(wmX#Hg${3P8|L9|C*2`iRbj3@=BXmJzJkFsXdgyB`E}e1k zFpVN}@P;}joO;xcfYfmfJji1}v zyVaqvGml9ragslK068x}|7jy(oXJr}H`ILr{n|BKaEsN2#!y%@)MX0N$P_~P`)meS z^Lm!iYVAe&@WT>9D3o4iZfa6LX$fGxjfq3=J^22z@W+!N`OtEq!gy+LS0=*$R?2ge=B)-9P{M8=P{7^i(QNPq z)&w-zP0mF^w_&7Y;;qeOq>^f%uhRdx$*tK<$yz+*)BpI(y*8+A1TksK+KP@F^Ubz- zHe}T5-@7)9vuB?ZIi;MjKFr6k|;z zXq_*`lJ@<O@`@sJz>>KRlCSLee&ki32~QG)*N2a%Rt*9W|n%*LiGLcM0SMz-$z%;CeeDv1i!0j3IKrppH|V* z`G2EHyLqhLH(Qf-zo;E@r=zS)H{>=py|-N3EDs*vZLm&P&+C;p3>EHRq~3Dx*?Xei2DCt=*0< zsg7F0cyUh6Qe{wibIjDEGu*u{duE2RT`D80QM(S*Tu%M_Sw~g#`BGzeX)YkfIaGrk z{;lIzy?p|uIy})cb=v7t7u{v5BvpLjLxod2?Eqndz8+j)o{7O0oPpQbJsN?88NSQ=y>K28jH+F&MY zqd6;t<7X**dVRhwFYjpsk_az8aRav!D>;=OZLF698LHd>Fm%n%?Jf)k9)w)|ogS}r zp0A6M#UBa1KF_!N`{P+;Mrqj=@9!R}Dz0f0zg@BR>IWPE;P{jJQ!^CewNE*xTpDIx zS!R(30a^u&Sqp@kiss;t#nz;gd#E>m*f45+Jw03r2C?AaFNlz}T~&rMSpYG-AMYf4 z@>g&ISpmL#DpgJd9i74FMN2aBgHWbr5gpA7PDJ(s0c8H4QaXpZ>@Dcwc1@O)_cT>U z4<2QUoHEuyz5>smiAL8<`eqLEe>Z{X$ot=0csMvDkQp`%W2XmSJG#i&}rGn=7wtCpbmAAKOIm0!!)#W9aG2%_PXjEN+)33vi_7HhKYfYYOs!AA44QHRjNTL z^8GF`2}=K@OdvxV`AESK=>KV^kVI%D1#sX6%o5XrhjG@=XOxVsuUgQ=`3a;JmvJC) zLU8~&*cxqle^R&akADTIw*yo+DPYzzBZfQrjQfvy7X-ME%u;x8o9zQ6>!*7X^bj|P z^?l7OfaNPT)Tr%A`hEEFL}ex_N({`I$PFHocg5(i*l94d-cLVTyu;1ht7h37(oU+> z5Ci$;xJA@M1mdNG`a_17|JK4~KeBpCHqxN zT0-=1x=7JLW7Szo+X1 z+@XzbmWEDn4A1KWd;Iqn1dxKpC`x!Vf3C9t9&-|b|3jcV+&|4pr@4i~3J~SqU9r~I zxFKL{c3D`@Fo=Uk4%+mW8+p4i!oMtdL>Cq*0h&q%bq7Y#rQa58SndqQY506B2N6Ek zg&q-i{2&2NYU=-5KVQj`{!NWO3E7FrQ$0^5wFBAVyIJ(<3DrMD_JU_9m>~m*Eb;(( z@gmewDx?#5Yb$)%5XOXvSi(W-QJw=$j~IW9<9tde`kGMb_P6qrIz!@pecnw>K$;*` zRQ9L)Bt1OX%gc=pLq2~aYC6mSAfbWI>~(%JVjRn~%xv6GS*mnnYh0*Ll5Ra(Tg)@)oA!3tZA2P@gI-U5*Ug&w=_*F!IqErFZa-LBqb&(aiHgmVMS z4HD>x9!;LhH#+!vD$yj8+2#&gR{*{m#gu}_Yfv*gdw&nHazCeJ&XQ9Egx z#)C)6XW6YwYsQMGn80niNrRHzRe%`5AbIsgT;7H#U2 zk+!lqa`2LZs{e%EtiiiMSD&k>SHaQ9i)0*(pp*2KH)NFGh?H*F<8QWwc;aUO`h&BL z69uATJVWRdSd-Mq7Cysq7cJK=ixi*P`&0S9aAINRj|Myyr+^<|fgnC1GIIHRr;C>X zS<^wM3O~jrqLe-{mxzTMB?8iZ8$IQxv;$MASZ0Bcoaio7RmClR=ib5$Vgw$)8+(x< z6siH>$u**}`>n!t zmfgWFzkw0zbs&?ro#Pylu_XjYSgfbC;{erPkZ5sCNZxkvslx*`G{|qEDNx$zLMDDF zh`_QG3{Y9>s&S@#(dM?1n_DDngmz8>S49KAste09wmFj(2xq1L~3XbB00VM%q9?T7JjfYzoPtg&Kn8<5os?=!;~ zt{9_^gn1)opr8QgxC{B?1ClMEPsVX9z-dN|92@X`4#WSGUbN zax?X*lVVWq8L@b|zEKsj+;Vx|Kc3v5lbWd$L$EZ^V1RA{V?q@$kOgz1#6z_~VxQX& z+OcKU99_ae54lY3jly0wr2F)hvS18(G&({>EBa^%y1~RZ9r3^wB^LJdbxYCd_j)-a zmnP@v>$e{j=yGHCxJ279i2tYrFc_U3=?hsTOsF2-jErevg*cGmWhHv71sStrr7ZKj z{OH9ErR8UEFF-;|DiGpxI@2@C3Lzu>i)jk(XHf3!ixONM6+zTU=NBzgrV1^LKpnU3hfqdNPJTfB>#~Pc9Da8u z^m&imkV}rUIQ}~92MLt{+rPb+(tZJq9nyfD4G7QxZuqW=Mkf{Qh~?X0a)Eya6J{LO zp+WDo)x#p#x%_&FiJwzA3HqUq?$|KmABM zBha60w8`tdUv7W2Vi%MT#uKKUn7yliSX%7~8Sfm#aidY*(~vvaVtA$5+@h#W7pwxK z@@M8oCZwN01&EPfoy*Vd?sFm=oqa;yK99f8BUeZN`$bfl*}Key4Lvl;<1d7mU7i{x zK75G^KX;MJcQ?H zWw{ES1doogJ|JKTBgQzY1|1qvmFgyjZXQuwM~U@>^cE8MS0X`zzE$mm9^HtTuyAyZ88%Ck zEahd>3bkbiQ=QrhEVeyornnbfWevV`pmC2SHfvJJ$Q9jfMR!@O=PDHyOq4T38B=ZM zRwhAlw8>;mx7Wn*o!aIf-bHxS;Z~KkVfL09WleVhiFaITN|ct*xRjGh|6t*&Q?NLJ zkZ}bnw1H=PUJBg_E?%556-ZV&v*(ylt}WZ%81MtI z)0;!hLwBV7hse3yOUWG79U82^E3MWV=Cf#N?8BQwR`mVcQAcToKuw@C4O16vf%e~$ zNW#I$L)Kz`yDJ)b28ltmasQ1Itu7@_^)ts24~Qqgm=}o<`@Kuss^zP7h%9 z9NiU`#FovTOEXGOQ8azCW{fgCK$OF2Ny?IAIxT>A&%cyD-mr~+FgPux)M-E+WC%pc zlN2_RS3nBpR?P{|?Vsk@?Rnn;e{4qP^LW%@@!tPXjDfN>Ue!=ao`o+)K6JKTLtporpTj0Er31x{jlE<*5`AI}w&X4(TfUh#wGaBby<-}dwif?{4q%J8SS84ug4eRP3L?v` z_M*(!SL%D4*9Ai<00l~&Q^i#@ZylL2=I(USsK}zzgQ#nEjWbuOZLiTjuoA7kT4n9a zAWo}~66Yb0tkxkkCYVc}p-oV78x9X%ejwQiuo4SJjV#C5aTD=T1Gxk%wnQ9EtHhjH zRo)=*}bVfBEAltiX2YiAut~#GLhNF?H+YJFITi3*&@6ZVYWg zJ-rJ?Do{7DE*rB}rEmkQM&ki!u3rPh5AMa!Q8M*CU<{=Gw=}Qd)R}4#t6PZttrTY- zgIIKoAmD5K!^pamR=B=TRw#id{E>TdxUQw*_fOMXTE3Dv6cQ@iY5Q!Y3~aKt`IA(X zYC3A6Fy*@woikL6cw%&7peFLMq>pW2?Evi@kprgdc%kA zxIow9yT)%CzI>N^yU*F`hoQw&wF|y4$OZD5({zGE@=I_21>59s8onJIRi!{^W>|?Z zL|Q&=tfA#_oJh3TGn3OZqx7(#-kClpqYrIO4&`i>z%Gjo+yor=Jh@_-hp_yA!az*Q4PH-LPM9vHA z)C_2RjoanBT&3Z9ua=*Tdx^JLlqPLkA3}1uH6PsKzT>FROuoJ6x`Vfu>qmM%l;^f8Zy$75S`gUuq zZteM4?Os0!6QleUT;TIFqyI?`rj}Y)ff@$YGW>GL!UZ7-d{pcHQM%BNadzYaN}@q5 z4Ye_5OIA5UQrZ8H;BST`mdn%JT(?DR9|6u0P z&4bp!ENu_bEQOoDsRZ_@)!LTyiQQV^S?EshpP^ZK*<1rPj~kR3Z0zdYJ}Rz?N4lGA zPia~ZwD)e5)I0)#sLzoRlLCffaqY=%F=K@9p!PNoe5CQ;s(pVNp}Q>*OG&!!Ak>@C znun6g_fM4lhF)0PA+?>WXy9A0NG=B?;1PBLoQZ*RPsHlxrOYzzpj=6^3L*(+(D4cX zL{-D}ubjyQco|vF{2UeE@yGRj=NW2ui$9}1AfyVY0aMMB>#bf~{Y0Y!1r(27Of9TK z?Qm~jbLNu|_88eJhFOzYNLbkfF0Sdp0f%%Y%r`%A+d8SVk-Jp$?R85jj5Whti;Ns( zPLXVz2ynfhu2B(EA4W3_tB+DW8#&4rPW`$Is~XP4#i!TH#IBh7@+_;SP8eDD;m8xZ z@bN{;%OBcb5%28;qnGXaUPQJ}3Lbds&GM5u^A<-x$+^CUZH)IqKn=6t?HZZG_=H>- z46M=u+hi0V+OsbWE`DEOwBFgD-MUkCv;joe>C6I%Mh#n+{)9L|+Fd&$4kus_H+*xp zP30dtY}E!u@Oa*^BX?=vwRxBi@QP}l>(vYNE%k;ErEy!KQ}tH{ZJl&pNS&52&nX57t2q{@5j*o>9u_#6=(Qe!a5V zd~G~sQWjvUHgp_1^B`2T1>n~efXn<)M$v6~z3 z#*gr~N2oYG86h|EeTT5MO;;I{bB&!%4GB7G4;0_6Da1cydO4Dc9FtHJ_a|B0xrlxy zEamB=LN7xZ@e{&9gQg8yl5Ll+F&T|DJsYdgf}C7K?0jzMBaJ6$QTAECXXdjA*6E4a z#HhV&Xn$@V;aA+acEG(+bO>_IP2=^zo&KfooWFrsI}#Jv;a;O(B2=h@(KIw=?InA+ z@i=wLG$Wz;UR9BN0{KXzsy-dAQ>58Z&35uHby~e&Au#QV*H9B5Hv!)Z{(wIa%NBTU zF+eQAmvTJCo3oR=v2LxZJ8qJ(Wudw>S%e{VhEa4dqAS&mZ#q zTs`F5WG2L)&)0CL6iN4M{-ZmWmQYAGx$uciq7H%&0^jt?Xl1hSJUvnQU=<1Dy&+t2 zMPc?ma*uEp0pe1vv>*d-S{ZdaZa{L{5tx%PT(tZ=FB!Aa^<{OZ_aK;yQK1VwoMvUubT z>3abMFEq1_<1zB`ynbpRG3}B4uye*zR+wc|nOcb}j4~LQE((%d*Oez&N?scew^?o4 zN615GwG_^osfO=TWI3LEf#fN5_{ew(urMj66orlofX#&>ZfG$3;O&;`BzFV=ud(t( z$CF&m{gh*c>F&pMbf;s2b;KDqwv`BLCR<=(X$&B=Q@b~4bL?7UjTG|JA&Kh3sJ;&( zwJr5F{pm=02ji`w*a_UhXQ4cg<_K=_*T#lx3B&LjX+IkkA*=Hhv5Kq#ZM~51yLKTu zF~QF`01q7>uo3!meF8Yy{Kqp#A44m zb$4gON%UK;=ekY}gNLMnY(x6ohF@lbIc4XjdFgvQuIuU%8wv%E<@SwVs%Z{hUpl~B zDI}_83!|zAnSgZH|lA!q!)2{5Lye3j@C$6V8v1<^sp1x4x%hT8LXj6IwRht z*^FrIC}w(uJqR`YaG*MhM8zF#ZgMh(=$||;2usNP zH*(HZm8er`FZzWHi3&=o;f<+XUZ;)%)M+7@Zj&t{HVh3-%|JhklwIjRgjoU8Bl}A9 z5V|fs=a=OOO46V5+k*3QD+?b-Zgulj&c5SM{CA5u_UUAwURyHvjNh++?YqLCcC#EK z)`hq%NK?z-ZKYFsrGGc6RpX)44H-vVuj%*g5xqBDg-Dj8N+X<}YeMq8=V%~jkzRKz zwhd{P$@vQy)K*dLV45nyK3^IWQrlz}3(HZj$q*;C%fM-{Fj8u#!v5e5khw$7)tw1d z`s|>7J59ApCw0U);{~i=o9H_wi-${*5){(iKEwA2YOg9 z6GVh9ig&ex2Zk-eH9j+%A{<*e%A)2+p${`fcjwt*Ud2-I7+yW z(qP_4S$cru(ZZDy5Y8-g*Y3>-lTe2ZHFC51+ZE4Ibc^YETBhF}aHDPzx~=o+Xb zp?8F(`~ML3j?I|>YrA%mJGO1xnb@{%+qP}nb~3T8iEVpgXTqK5%UiYfexF)Z{SW#> zcVB&;#~~+m)Kcs>p&_Esaj9CaE&7-o9t6j(tx89nCbNxZ?7T4jZpJmsD}^c|BAz%Q zeBI29LNK!RCx}h)w*9z^H{N!cS&XOkP~;*bCl@8<1gA*zhQWw};~xXgL3f~^l}bJp_o zsG_<%vj1ku%gH7pf6=3uv&>=n#H?%Kwt!2mgI}8xBYXiGo-qb`%4)afUAA>au2%1eEoB>0i5L}^(E*#c+ zGykD+65mh+mwf_4Ex6h~0~Ru@P8Sy58R1X|S%w?Tp7iGeR+5dyZ=Ud)wy-6oHj zCXW27+vEs>>(3S@$q7M_ErYepVc#Ay&XZ}Yjr0cUbw zDU;P{ax{US>C8$Q!Z_U(9nso?sFRrfgc^&`;DHV+J5{LhmX~IJnISetnhlT=5hR-1 zT%uQ6YcCDtZKhOcpy9*38!wAE(s%C8%31$5HseNZr+fO0qe-a4bV}0YF?As}whY$M zTBs5oWJw~ATHVFobuYj2BO|ovd#;q|zKyQ;Fv8;hUAa9QIdNtAN$Qmn|L;yFV|!Z% z!~cdZ-qy5r-fTzus?!goPEOuezTF!iOGKBffWftodWP$o3R)*?qfHkjYBv0RuP)P%PlHWN0QR;@-> zC!6J;qbjuxW1IFH`yb|C^i+s`=^qcOPW@;wOnkp8w=B(|eA9Pp z<8I)Vn&d}4m5znTM1+B;$ysrxrh|bp3lD$#b{dzFNzmg=&@d(izjcIs2L5vUZ@0H+ zg7a|s)6=Ghn}NRviDP3V-~>rrDGrK*Z0z22Z24k4>i24>~Z$ zVh2PhEv779epM|Cc1B%A%c~C_;;_cEbNG%^M@33nbAQT3Zq^3c|G_CXlTJyPq>chMo8ex0{Q%u~t|Q4sCQt-(RzwoQ&Q;joKkH1C-3XhVPG3ffjE zm8g{}&>gPPX+mbNY|$@@op4O9b*DTu_i863T&(}=ioT%1-ltIjirnyqzT{bs}k?(l4&h(U#(P(odFFqQ>Eyd z?fboHUo!;W*s?#XQ5RyE`WsdV?CHWdwM>86zm9re<_ZE6+>Jt-B3BJkAnI@|&37sG zOlmw7;1&?YEMhMHXn{FwZleYk!Xu?OVl&gkt?bma1R{VegMU;@C&z^AKb#Vpcj2lbc7LV z069U`PQkQ+at((x`Bw@w)=p3_3si#pSYJv_7^13jq3e?E?~@Cc-bRoMJD&~*nxYgS1IU$S|l zz{Zuz{;B-d!7=%eSz{2tJotv}Lt0-W^w-ytC_SQ&z~#9)@%9^OJ05vL4y>j3Q>jyfVUBsY5Pzxi418`z%)*RrY^K-0YilAe{1al}Q^eQcXa z+v30Jvp5WoU`{|_7p*M=qQeqwDcF}L3B83Gd>C2+zko`@x~=JS!eb?L{`T|Z+8f`b zw>{`~!Fr<#kEBQ-Q`zLPqE=PjV_GfLr?TFk{JpY4FSflXok~O0SUl-3kH2}*c=7rzq zQ?~{+*|N{vi}J5WHfTh@t_Tz4&mhgUT~xX0v%`x2V#br%@5;c zPadw#C_0M+=itlrfX#MGGXC{==H5y0Zp7tT^de@s>L(ylto1xxyW+uhZH3KoQnu+T zxm1p`E%$mgZCn*lQf|lxk@9z3MW!7(sp{*w7`Aus_uob(P=Aiv0AZ9x%dF@aW$lLB zl&Y!}_XsXjmp<$&0jo8Z7(NSU%?uL!-$H7y4howmaw`BYYf(77Ia3-{f)+aUKKy$^ z`xWdL?lFOVFaTu0VYmH;NMx>%#2323?F_LxTo|ZSn)Wc!p%g?Gv1nodSSN(bh|-3v z!79qOlcnGbosUW$*>;uFPv|m$e1<)WPCXl zC~geoebg6}FKoexrO^pCxl~iQeap~FZDR4k>FCPpJu9Yxdmvt~(8ax)b;8sb@HHIDr?5k032luls<|$p`|BB`C>zy3e`j30`x z+gtS_tat0Pn|6GkVldVa4l0bxGP12ujZH7>M@ORg z2(=9Jtu(SX`?lde-;JCehG+D#1Szd8(30vO3pMiDR+==P4kW^Ib3A?{?gAGfFUQlr z-$7E}gG6>I{PTd922Sy-iV2MDSBJ#x4-O?KS64^g3%9nPOMx8tS#w@(`1OML^Y;4S z(Qfud~arg4M7cl z5C++hGs}2pUxT$~8fucmB(PfXf&#P0WMC_Ti0Ee$!pxfyIs)4z$^B@38uJHU$te|` zai0?Mhg37l-PB+5htJ@$>8ctVAo*Ly%169aiRpki{H?4c z+%{ll@@js58<@L5V<0hgAr4;K^xOlq0qfcUJ(>_V0c`~^UM$TgVbWl5kRIui#0a5R zAQ*_oOtLmHc#)yg4r59xGj|>MON9`6_mb2jf~aND%lYx|E6k&{f}%vH9yu!e;+fgO zRNj_fkj6lepbp5rdMkbfG%5S1yYk612TN1n%JgbeSj4d>*S11bEH8 zp#+`-^X7-q^3CP%)wzNnJ!Gp)9|U6i8wPTgAqBx!STpqYv~!|rtB+N}BhAB7gLNc# zF;?%nv$3SIAx5FQN*5{+fAX=@{cB(pt@JpH0~P!zDSn9-zH}%e?WN`@Ew&{{W16q`VkV)h2Ru?(Qe-y|14K`={W53-+=37@OXH40=%dD z;l@!J0(%@zpnLvY#*lXm@k3p20$GSCk9p*pTf42zt?}yFJ z5CX5RdmJR9;5it@ZR32A_WmzFKQFe(^?B*jC4<|mk@a$d8OPVB0eVINv)Zd;o6_LvqVwA0we z)!HSN;lz+8T4lB~DHVw-xbq+=>5A=P7IK+qWq@Fk{u)>yuQowj-S?Wvz~Vn>4u$_v#ykF23(=QcO|qP((RM3qf(DI7-Xa`+LdtK^)ZWOnWMsG zmgK0j(HBl)p-5htC)r&)TE^JheZk7I=V)RbbT|X%bHdLrmYM-g?bZL zdcg@W^y*Enk)OkxZ@<+wotpA{W!Gf%p(MmI8>n6fa(^`w@ttvlym!gZN`h|%Zc18* zJ%g53Th+c=D+?5z+9bf`&bDL7k&gf`zNrS%w} zpM5?pZ?0S4zZ~#-_$;>PBs|RefADSfyk4)rq92T-wWUEa*py)SM{bSqss99z%x%m) zRFU%bhKtgyEHxErC}_yWeQ)yUodq3_aT4w6I`tTPPmuqHrPxaM(8#Z9F=#3m4uF5s zk3e&U(3VdA9*1s`3c62c5g_DCIE7-?mC*~@I{ZB07rq{Yu*frSQw53g{9$!2VHMWj*`9azn1Y_aPF zdv8qsCZmkpRkYC4shX1@KMhK6P$UTgCC8~Jqy-1G&vtJgHTElrSY|0Hz|^W@=|N)5Ifbz+kuD%* z!Y4oCqOnlNmsNBl?E*F2=Gf87k;R|LB7KHBWbz(5P^v(rq)Kc${rU?E>68+86V8YCa;J zpCcH!!QC#{eyl|l_7mi8%)bgt=8or+TbK{#Z7_NN;R^FsL>a|wgy^!b3M>^QRY3^j z*h7^na|Po>MzZuas2bv$oBJV-nM;tFAgd|w{Vr#A2?#g2-s1`Q8FUAmiS~P1Lu`br z%0EKn!Lpig4dLYJKh~Cf{qvb-4T-o z9&-oh7B^#qsmLLI7*=S4axl7C*be+QMs%~M5!?va;I|7--lZL7nt`#XlaD;yK|VXu z4@brd`HpAg%2^ecFR5p}p^^n>oac&1rUTQwxSqg9z)lIYKUEdka4bkb)|{zp-`aYjHhp{|$rjJlu;u%$052<~?m($PxQgElAcjL$66Y0e< z!RMfXVPTVq3vcfCQ1U$f6qQ&y?%cRPLMJ)mH64{To@#L)LyK9trnS`=qu@cg5|a`% z#K9mD3zOYhsll^Oa$(z%n;0V`L5G$??l4}V^+2O zjW=tpCObh_J!=r68n&2}?&vfYC8N@K^y2mwP7wbAMF^{g#u}fUb;=C>FO`sr<>m0> z<7#BAdV7&YO^vpc4I@z+vj<=i^`FdN@XIl7HRu4 z{m5A@+cH0)k3eZE9L)7wuTZxPM-j?tI1v+>UURfyP0DPuo(hdT<(~0eKh@RJ96bCT zkXW<8Fh>o$i&RQ@$9LhLq5bL~&QzV+qih@pgFyqpT>cW_mfaj=4b+aMR|kYa)K)PW zM4F0=TC`EmkrS-2+_U)ByCs!Pn`VxrHz2_rypb(d`3WMfM*h%)Lro!*(C>=#bTl%6 z2?+X6PI>oCTS*Zl$r^rpp=A_x*fs{NK`=!lsR&bn6+9xA8=n_Ey1hxm8hImV0zFJDybRYE7Fg{l+FWMxL_s1>^*C_3Cip%v5@ z&^O-VK{^RYaUw)c&{xE1R}4!;4njuJK4gdb@3;G7%DsaX=@y~P$ERH(2WCma1X2g^ zgmcFWV&hw2Rs<4zjuTOE$Yr~)jP9IqGetEJ#lU33qkd%!zd^uJRW5N=Fr*v6pNj0C zIT>HmLDh^%aoJE9bZ2334Uz<+#izcKgDKX&bkie%Av3H`ViEijjF$phojU6lVy2Ni z8x6u>yc#^koDpeRGe4V`EQJ&KR3s9>i%)) zW2lnMWT45y&a}o5CHk*g@yYV4zqjjSN@TtM*YUDCR~kK&;@r|5z!OojU4}Ip>URd^ zWEf-uxm25S46$O@@c74{0DcszGw^8u+sVX;)V~%thQ{UOPZikv+Ms5f!reUmX1;_N z9|NbF1v(Xpirx{eFl8gZ!dGIvV6E`i46Vyvm~pTE79E}Qd^$C~F@N$**U%M!k4OMz zPAg*H9G2(H@_e0l1iu}UO(U- z)iXb*Lc@XXS)RX!YeLSfD+E_-Fa-Z#UtG^Adn%V~iAb>DSb# zb3L+R-?Se0xPzBqL3l(CN=^!Lv+5?X=JX*GN#Np+E%ukPA3z=iR^bDjOebzMS3N6D z5Iy!1Dwrwfegh09kO?5z@%gS9fjJY<1$CmBVY!S4QYy%Wmg?-K5FZtul|?zDa#P;# zZP5Y=8E-}C)LZ7q7v_Re$ij(P7>0-JM9k$;v*CUvvw`}+5E7M%B|y;lIp!4?n^r*w z$dn$(1Wgnk6+7++ZnEbj+T$|v<>}_b8Psf~RrEP_+|NeT4y*4H zo;6s1XUsQYmB`ge7v0;Yr-JdH!(H zu`Xq#Yu|SxUvDFRZav?hHvhAzBe*h zm@HLd1QEY!J&<-{u0C}H%UOP__*M&%spV~_bJn9x4PI2;ZT&5;ut(3!Q#o5gbNF3p zfyJl1YdbZl=%e$S_DJ+xGm6O6bGDENc3NrgA2_-EX4<%F&$OnGrOe79&(&_CGqx+kxq|}SzX;FBn z!s$R!O0QeINrqN(Z_qFIwQjH(Lgk8SDY4i%3wMm}OpcJI2VKFjn-98&O0PA6b!|}E zC0k_LQ_C?>ZbwJT;H$1;PgkUd>I(KYo?ryj_*I6 z7EnfY#WU43N_dz9h0>In&PLQU#Doi~*!EsQ9gi63HMuB?yv#$XBw3D2=|`? zA4jOUy5tn1#JZy7|0X|e2XKAPOomxtVyRRz<;AW$4UL7fkb2h-Fk1Hg>>pn@;ObeK z)4P!%UgmGJy2wP7-;pK5sIY?+S*<#g55w68$30jo?D>AOMFI$aXz1GJYVKd&9)97b z<$BDJw^=|Bq3I$1W)yoa5;nx1C#$S;cp=t|x7`s=e39|}BR+$8X0H$SakDMF7UqTH zcA$}04{Nq$?y8cJU8~S>9+~8T2}^}ZaqG>?aFfMq2=(uGY?}UeA*iyrms*6YE5*N# z`;pMWkz#id0y-l#Shn-kO8A5dh=7J&q)sLxVY#E4y@f*nxg#%cv-$kwYB4Q?LG=+^`n2W<^+hh=PO50Zb|Uhv`d1Y<$1`SNn} z*i2R#Y-EBZdNac0pKIzbeUpowug!pS?>|czU&=D$oQxK?&%#i@Fi~@pykT~YpT;(& zRkGmb)<}Fyz8is7>~*L&ZG)osF){}E)z;(W8er43PL=&Z5|&F?*`Nr|Tk4 zQ_q8Cj$Ib%xeSoZa05XutK2B2snd#YR#^^!%AE*Pdv%+22+Kkfi=XJsHV0iKf&()q zT>KgMn)#i7!4lFhqeYNbhB7=uWVocOaAOU?!kEGD1VlRS8M@Up=Z*dmzQ>Nd^~bH( z_nF>wdyKeut$zt5iDA7CXL*A6*!!GoUL(Qcp_On}j#%Z}LEHQeL}F|7Ze&*m`%VtA z^c_)1S#gZP9}v_(79VmvrZVh4<+QJ9`(O=&OUtsaa+#W}N|1kL_*$Q0#$R1Aj=PnQ_$arq7GL{koN(I2r#>h91K~ek>WF)kVOc-&xIyy&opa^vYUJQ#Z*1!P->5CMTHp4Y z?P&i4t=}(bXyzRJWq@fg1?c>B1$MzENZ&I=1f!x=WUFVQNFn7GTlD?D<4sDYl$MOo z2(UFezq|82JoPoCU;9*RXrYF7O*jrSwQ55#9ePx25uH&BS~eNIROa?xklS!J@NS6Th=>KlE=VCcw`U2ENFW#L@2m^-Rfwi$aDsw{94 zvu=_jef27)!9yJNQ{DQ`-Bg#UQM9!4Qfrc282;!iN2ci`qpEU0duc~7oZr-1g~-Dn zL}Q0Y52wo{6l_ObD6w}_a`1ImS*ym=S>tG)fx@Z=N?s1aW>g53#7Yf-IyVEp@}zaq zK0NZGms4`j(hqR%roOle#dBEH@#H zz6542r{7;WGG+L-y5)EEzI{HQ|H4O@r|@(;nc zpDi!!Gpj>eKtew{#~khm7&Wgpjy4z&?FWKX#L?KThoLpSF4&-x%Ce`bx~EoT5PLst z*^29qEOB%tD|lej00v=#doM$W1WlATfS>tiL_6>sh0mC02S2-(dVQCXRY9pO`nc&h z>+(m)o>gdQkY6-Sr0Sqnb)R%0Bb8?B8OyZ-WsFoNs$vj}OwLf>zkU7eLUcjv!wX zDv1)%vIe8~!4J~ljRCrxJHPl6)=Cy!qdAS>d@F{iXsDpY&Fex9k}eVro7ZQ6Y7D#N zE%Pl-5Zq%@y-{YBtzsa7Rc^vmVk+8 z(sbo8vPQ$i(N?jyb{QiE^SogKEZ|>Vw6~5PCmp9DD6=;n3FyU@6-x*o-JAbM((2Wx zc&sPD_iaUt%`@OWo($elW<|ji6YHB zyjGwvwvCsbo?e4ANp_GAN0e_YMJMkL+VAJMg>ue_shpDRf0&;7XQtmX^ksXu`&-@U zB&W+jAHwbneL<6gczYifZd?fsq-f@i_$`VrplKy-n%&vNcS}-BXFdxBV|9I5GpoF7IHlxC5!%^buiXlqg{)qKMC(2NVq;{H<2wo>%r;6P4n zYe{SQ(at;_)|)%qa+zG$Su=tMjGg|*y1#s}V zldgtD{oaseXb)_tX}s~bTEHlX56!2%5c-J=`RL{O?{5Ci&|#a=^d`up#Rz3L?naF0 z07$FBf)>gH^Yf^Ny!$8A%0M0A4NVQvraNvc^8JUL!?-d+ zyj(&5Dn-)TX-JK?p0thd4aJg%kL)si6A=bNHF>ULJeZ2yYj}@ zpp50%5HUHJzb{_L@64Lm`Ab&H#yoFA;iq}`rLC?Gmee4B)A2-L>6Wg*(>go5x;mQD z2I(sX?t?cjL1g_xI#HJzJyC2HFxf6`ejh#-Rpuxf2Vhq@A}Aob@$$~O)d)rQOlvqN zWQLMqxEa9mYu!MRPXLxE>X!5}GGVZ}DHJq2q#||f|1AZ@0k71BG(>W1@gaJTZ1UPU zLJ!C}Fw*X`uD393B8u=F9G~0#N<7wjg1}%TVe8f8@+Kc&Bb_qXdMuKm!>@tAmd#fb zP|2zc=4Vf~AZ%Eb(m-^M6F9LJ;6}frkSmNa5}qPS!TSCpGIegWVxP6P&N7L*V5p>bYvNStHeb0{zfSvLMN-e!^yi4LATqA&*?y3=wWP_MR6GMZ)yxqT-PF%k-#9i0GPaT_kjt-+uN))3Df$*v-31 zya`U{V$RxQJ-MKJU4U8t=z{OS`eO&hGpKbjT9i+!{EIna2;$PwJ?nAIXIY)YP7F=|1oz(P`A3?%?QztFgU*;uu0^(cRF1A6O*-wshh<*zL(S<<<) zyTlNh#)u3z*31=HebBFby7VcxHzIGGNb{sgXY(zQ(H@%C?$p-xlJ2l$yyXNzDyG44 zRZnrIcBG;B%%dJ2BLcsz2=~avG)HKdq+$k3{N_u94USa)dTh|e^PtzG2`V-0P=V6~ zOhiV!IM(e`Zit{=^xODpv9!g|YP$QW<(@o)~g1SpFci~!bXyBJZOrFo;h;i!E z{E&G}zT3{6o)nt|$fAE(EV4x90zO*a^Zg(!h&k`-UT%L|2ybAKf|;*6Y+S_PI;aL@ z0ix7(Pb?A!GA}GA6vj>Ku2AbzC*LehX*qVfIU!vKi4zkCy_F>Xu8k4Yt!V^fWL@VuK$rqMl5SyRo$$; ztVNPLFF-BcA!~Z`FJJ7yy%?SsGH?OKM~ne})O3JfhV9Ko?!v17&NMn`GWY* zN6(^o4NN z>rLn*9a#eL1xYH+aRea+YJQv7QX)LudqFlGIJHk1XI;cKQAK|U@-J=r#CM&Ns~hZ# zjQP)7D>t;3Iomc3Op_7BfT=jPpL_Vix_I3dgDb9|+hd1!QmMuj8GpdItT2s9MFd!T z5?gAsAH;7=%%$!djbbN4~dYfo*~%as5IKe1Pf?DM2}~o^@JG% z!9BDj>g9J)Flhd{zZZBJK)dWnUxga+hAzQIpd{rZdlEw79_C8S3%-f+xu#H5P%3mx zbcp6kG@gkgK#I}cPW7*S=uyAVo?c*P^xZ3~l{i9CMW#yx`|St(Q5_e3e0>2P7&*)^$O_;3Wt{noIe8_S$wBOHTZwHp*o zW)F%iCIKE)nzd@G%0cJR){-xmo;?dOM85};YfN<&hogSIrx<*YijjTf6wA5D8jWX$ znD|qqcb5)ni%cK^+7H!Vh34xpZbwVxZvUpWY!qfQnH>Uy@GJhrQm3X>hq>Lbm=nL0Qca4K=VuoGCAk-{EI@cal_3iIz(;Q&7rdh0%)}Zzz`PI3>B>i3)ZxgW0{8q>5^7Mo-z7{8oR&z%@Om3Y0T$3fh~+& z(00FDSUFM%)Dh_rBA-M`7__Z=3hy$&Vb#HtA`3bJPgjq+nS{0uJP)Gyqz6419Vy)dYBG zB12gFnQ^PpJm|+1qmIYl@U2v&Ax@O_F*i=QfEvOy0fx$F6O0&s3&}Y)kPBQQfJTHr zDaFnQDNRYV$1S{?=FX<2+(&y$wsG%W5Ec#cXaY7uE7l;At)eW<4gvZ4&rwoxfj=xn z)Fg-{>)jL?lQLsEnE=8uWKK~bS!)L_;t{JzWQ1s6(gEmlA2_aD0WgOG$Tw8hm!gKS z6Rp%iJp%a+2A^L9dYanxh)uIL)u4zvJrjn+ylf})1j!l9MR7wU zVVF=shVe^|8HGYY!S!=dmm=TLX~KY-(r|&RYVg_WwK8?L&Yk5oJdMAljEscz>c9lN zco9=laLV^3_*wqmls9-3p?7++bJYGZ{;qw@`tUQ4rJ2X45`BHjiS*K`+y(P;-oQWx zE{#^hQqFl|W>a+Lt#sBetTV!_tPt$UB@L4foMf7EO4UKi*lq??1G1k1)hwTjY)>@D z#ekk!Hhw;|f}33wxqQD+<}bBnxUWBuQ$AspjxHaTA|s2!IL?yq-_iWI{tk?CtgIt% zo1D4aZpz(P1S-cOyFszT&MGWcO1b9;$szQ-`$Ul8!l$`138`2u z82qP&b?5a6Jh6I_VJ^*d6tq7x6W)ZWnnt5LNrrii-jV{=;arJWKO0tN2719EQEq^o zZ5#P~wgu7|>aw6k{IfJB*6hwxG@m*cy!^>3i5|++d@TmcnR)w32BW~@xuPV6z+NlMuc60}uZ7MC&LJt-=@Mi*2Z8IXnb6Wy)e({=Tz`7ihGnF;DJ`0-QOxxa}i zWHmf(l*^YfZ+>|UMj+gqq7Kz0EikV}K!j z2{>XIwyAAOT2pd7^Jb$1dPMBV+x}juq$o=G>oKbH_vB|O;HIg0OlR(h1o^<=T5qx5 zgNVm5 zElP*8GGfD=^&yBUhaqp}vMG)U%pjp$s@m>W05sFWz=evv^zYWVKX`HMCs;np7@G#5 zmGTM3Z~GWQ4gmv{4`l|646guxj&Y&&!SZ_QJi;6@!=jaBjZfFH&Uc)bJzcn=Ui`E$ zJU##m=&ZsDgmL;^1)f?-Z{H;#(yT`$TdP!C+i4Q<_fVn6Y}mD`Whjaqwh@ngKV^b69=bk1bO%1%LYCB5vUuQQCe zx(VuS!6Y6~-0QH`2=MxaK`6-A5G@)-apLMo!s%8~ub0?l;~Qu*i(WBC#sE`cka8C= zR2?B5SN{Kbi@Q2k&*S<*j)VOm$Nyi?s=mIZou!Mu{(rf|*(SDOW;o>CgxW;&jQ#=`)w|w? zZD48;DNQ-uM_uYByGq5H9PKvD=`@^Srsk#>qK)nib+Mp@yOqnmOZdU@&%8vBiTe5Z zI{Ibv|G=TyA83p#HWc%)B+MN?Z*CD&g?{G`;zeQ`OVt#(9=+hzAG_f5$o)FFYeP0~ z=u4&TLz7nY^Uduaz$z&bKD1!J9-Hgf6Q9(c+eU@JeXb z1JHnuLSy+R3c*=a%CQA}?XQ7h^*9j-SN%y-{+gf{JCaR#G{t-0J?OVG>IM4G%~-j?B-j0E;6hOT z|B=H@J&a8qTrBPF{@V}2vX<@t#QnbV^aa}~Z2+y$&riV!oP^orvJKhI>1DdKtuPF9 z^S{`CSD=-a^cH=8=3yxzlWj_(znsH1H_|zAu;h52U@Zg>>|H9?+$&{IMg6G~Nx2wQ zscxy1N}PO^t6MT)YV#SoK-Vbt$;N8wduo+64{z0B3oUvbwZsFG@8bpAunG?I$Ant$0@0`kk& zh6DC*HF2_~N-9?i(j)26XH2#J?iUw-4+r;n}-qiC&X1q|We2W#WJmY!d-}lAMz*Qjx&{f*(y>2BMp?KQs-xgtVAQFA*_C* zLizoW3Y{)w(jWefSGjN!u~JgR&OgZ5rMwXI=qVgjWMYPf$${>~k38zvh_bXkv-g;F z&>n?_&JIVe9hOz_w-yh^5XJ96HJPAVx0)7Oyl;tBl_Uz)E7GzA4GDX5$30U^$3;k} zI!a%Mw~)tG4;FP|zzXH2)@m5R z*=Us&DMS;b(($*$@kqjuCD-cfka-g_=;S_(64q7wXk}477r=p)r2cTp=hP%9vPRCd z{L~RLbAmhx!}2tq^)O7ylvB5r-y~0HP(A+-WA6YfN)T;{9^1C=v2EM7ZQHhO+qP}v z9^1Ax_r3o!|Bo`Sl3l4zC#%zy?sV6#wbxP)Y4!i!r7`*XLI{7Qrp)flcqKfXEx3)mh;>q0V?@iD&m`u z{Xh((Wd2t20@*b0<6PD{RXy0uX{-NC1urNrhm5j6)Qr}x8#f5C0PUf2S$jx zKp5>VJ?4=y@lyoVbji=>2H1+fv7R9f4?lY(u@7{(9q&y|^nM$mE}2uvMEC}lXd!xw zHF6}W7$4a+&27At!Vm%QsY!L2oIUc21R>o8B`c_$-bn(diH9C9_ZJ$lX^m(ojl5Gl zjD~=To>Fv3#d-uHCYh3(LPH7;Gnsv8E$Se~&?0#zw46H>0n{dl(qck1SzEqO&E!mu z(Kv-|loKHkp&abDFhLMXQ;XvA@*`}?Ehbu60iuHX?-NF^1d8Nr5bbILyF|eZE{J+u zI;{$aqX_{Z&otP&r4%j~nMlAYIeo;qMm{b_IB(KOF6>doRwCi+vL}(URE*9RRQ^97 zPJxygS|v{Zx11Mck5UW7Wx=seS8UQ~F}ou|fb7Zy8=2ZmkW%Du)&_&i2)&&nUpA{4 zVFE{j(^znuCj?_8403wSQYZ;mpBMR@p0hukETz` zd<&GLbTC&lg6(6?gu?#y3#S?I=~obi{c6+qI{^hXpZM_it(jzJcSl9%6yzI;cU(SH)M{P{Dzw6Ld~h@$7B zZD2rQU!tNzq-P}A^pcOf30yY`%!sZ()B3l23wxB@hNYZ@z=st=i)fC07ybMsqJ|WIks80Bx&^9c-Q=d0`ZS*Gm zyj_tIPkyH>aNl`AOUC$^P%4I)Y@A5<(u@0iB9Vc`jlxD7$TfjDS9>)KHg#hCukwhk zlhwI`9G;6>w4-B^lSjnxnWF?yeIDe$?ennmx0|=RTk4DkQ{>EI9BWGmQv_m8`IOLD zQEdgcZ;w`+Gb1^yd)kSeh|!_@fybs43IX>M=Gv&6?@kOD=jVi?S)qG~3ESsD4rEU0 z3)Zn`ID%Ww%x?{YvdtJy?_$*I@Ol_to>_L?a5d5ZK0_V<*TA$6qpO$hvpt5MT{OQd zAK!=lnVIA3^{<1YZ4oUQOE-KsIrt!~#cNGnfARV_Lr(axzMb8#?kGjqMSDUlXc%=1 za?v2KMQR3cznxaE4@Gg)^Ke|Y!oR6;wI7K%Q{X;x34=dZ3kC?RjI15CT}M4uBDfAU zTA71bE2{M1P&~^%jZPP6p0Pcm;{!RIcQX%ViTjy_5Q%@ygC{9hCk!O$4b$de-^D?+ z^NE&Y;ATuE>lO7$0IkyLDPhTQKo478t{+&BxItI$rMMoat6q=^Ji|<+;VkMOFNRMZ z%bu4iwTyN?@ofDPAg3VnmyDw7J0hPGi9#*_&&&fk+U;@hm3Bqc^Dq?MS+^+K_&3~p=1{-doc{D@oT|r5 zFYJ3}4j^%_y5JV>o&l?YxR_r(MasGx{T-!3k8t9(r$R}q2JZ|-$*xgWczulp%|S4f zkJ7?EP`Qckb@JZ5M7;F*sO^$#LpQsf9o|e@%9GX2>p`yD3BP1(JGeM{c@o^q$bTDt zJ!P}2eS4f)@7vYe$=1oy+3mf&U4B2FGfTK@Nn&fBJfCJecQ4zSi{NkK-`fLw4ry5? zK(d2C#@BxXnT^M`L=ub`Cg4akq)#^qIry0CZN~Cvb-Wacsq(>qiFQjlbPXk zoa5Cs{g&sf7I&Ub7B8jRGwIl|Z&r8Xnzde`w`sIRn7b_RQOzSTE}=J;V`-by87kAO zi)Q1t6fryS7VA;XCFyY8QDr5gjlXV5YZ$kRk-xaq6H0L@+2z%J>?-HF{AZ@+c~VBW zG()^}+OXblv5{H5N%V?;<2pX`S*l_i*0j1F=3P_53rI@w7Z?Zf%Q>%z)c zRj%3Uedd+V|8OkA^Tsc(6Hxu`nQhni_1o!plj@44aH!9G;P~How>N2b{W`qG+BOo= z?@Z@o@iK%x?4!K4R$tznl+v{&swkuBEzF`DjM{1ZvEnqy5HHwpH;J@j^;o-1NRc_m z+uIzF(D_hh5jEo)2?9UyD=BfoE+)5cwT}`LHYYC3MS8(%j>B&|_hWO6Q}*qv>HT_w ze7ZE3YCfO(nGAwwuYKtBSysf8MF33lP>E_NKOu=HRP*qDU)?h9)9Uz@=Hm7rsl7tr zZT=ormA6|O7&D;lkA8ko{{miOt5Z_Fm(H_mR4nu3Yua2->!gRGmksV1c^;k&&u_C5 zSx2oPb!o4~&6c~1FNM&nL)lYPg_Y7zx$g;_W%H+2rfQAehLzaG+;_>!P-dNF3>RqH z_Uv6SP_11^c<9U#YJ&R zWH*{w_TaP>oCi9Y&pH7^%*vyMH?4^k5Gc4r<9~bqP+ZJ7>Tb;7TSsu><$2xg-y4rP z>?|dp2rCj;fc&fA8w#C3)$Z*IJ|&~uqmg4IT1Sn_*cvozMCmNv14GOh?TG%yM-Nj%Yzz2_2_5Ofn;Wk!!KI}s2ZB#4U8zT*~v zA0pM|p&)6{6GwyAvt+slgXjHrad7ax$CFThf{}aT+_2gl0w+C! z;59`Wh<69ci=r0orMwK|=vsFEvN^znL3w8mtC$JwD}D&Vdjy&hLD2UGL}vq>7*g>E zDRPkY5n+w0NbAb|wZ?G&6@F%eYiGAYSO86)CS-ud6UQs&K3KGhg_CIpr&Q(ylpA9f zA`;vC{PBhev*RD{X8uSY)glK8Ap)Kds3oUXrzIYT4Qm#!oo}kMVQ>=34ZQr=WtZv+ zHpc73Y(bbIC3`Fg!D>djtZ?sIn-3T*dY~W5@}Pjgtc_1alj+4{(T&bU8=Y@g#;;+) z`5Hx39aMZ464Z!S_Y#Qn4D6fsNPx6cmr>@QqMsiZs^z{mVF&W5(T25hI*x{F&Q=j3 zt>n|dQe2Z)Phhcqa2IL?YB$6n3tnXw^kvwOG@gPk4LnkG#yM}?BcL|!#{|S0M4hw~ zdJxA6tzitPTENaQ%AT|vi;KXsU!_@t{kda_LKs<5HR^9Z#UKatJkM~hGM+Zf^sE&?Z6BKOUdt>yTLR+WwUJ>(+D(+? z*(FaL4gAZ=MZZH2S;;OiT)3Q4V%d}DcYz$)naS3c;9=}0DPbbGXfwTdaMIN(vukPk zdiI1}2_(Ser9z!dS^5DtrA3=j8I&7^vVr?I9e# zCmx-`7F4`Fe*OW-kcwDFcqlEkPZ6*OvVwNDAN?<4B`9TxEaP3N>+H2LHUt3S}re_li2H6duXtcAK7#B+o?|=Ton$**H~%1wUF;?5pa$C1F5~GXyrpGz!&PVUg z$CG^(#-{7-*tpKyOAmp2&Ck(}o~|Az>(2$%jb$W+k8HAv*An0V!h+7Cu;QMceqEmv7N+!aR7GP2q7NkX{t zJMXt>SJ!jcC?l1Q2!u7Oi`r&k=$46 zC(0y!nd)`A5<_EbIx7#&AIm3viq~Xa5;?7QVq7PYGZh~jKFTAUHeVVm%;lS>y}&O& z1etz?*I)~KHXH3fe*3rJTkl5oF|Uxpe3aE*4%o#dCzDE@gFJ8l`C)?s_>V@Ip``eq zga5Zf`CoSTEo_ZV-04)5ApwAAVCeP#BV62}0RTbHfB^vhv-^+4=KqH##3wb2_Ydtq z0{{Pj_Fv336A=+f{KwS^ENq=k91V>ABOyv)WM^yw_3sSS|CmpGLX@D_`vU+_n)tsn z$NqnA!rs8h%D~LzpP}YIRLB2IqWhZ1%4u^vVfUGe)KMG62+GWh&INsYkzR$QtqKk2Rr_^o%{1WjhpCejrSht3(@pWZvx-t$)%lWR$q0Qey z@^%-6aLXQx4cX+hN(~z>jk{ejv5)u4j!q!s>AaeN`U+N$d)>c}r88{DS2__jF!U`6 zO_mB1s@LY(z%r_n&KW5#N@`7xD&N#mo!V16JiEZg>B;9^6j~%A6>m}ne$R-Yj1y?# z@l)_j5+Du0W@13Re({x`Os`(umL?p19;#Kf+BHYsg0Q_6@wsVQSD%IFxvZO-zYo>E z@al8FjmeJB&6*Ozxqj~js++KIMDME;3+y4t_x!v;E@@4*7C{=QRh7PFiamd4v}={& zoU_!N^eLBQ4t0nM<)-7f0H`xvbzDcPE4o@WFv;c4&yjuGi`WXyKDfhfxiTpu9)YVP zWvI|of9hrq)9#d88*?Xg9KqWI@ih~ajSQ!}0jbuv zt&2w<>2`B-c<5$-E@#%GR_A*C7`BvdF_z%f+HRoSIk!x7Dl#nmI%-rO3sbi%GhkoO zY&zBzXLnF*zAUs_6fHhrUc)Lpa{4|mr~1(3dU?Da$_`fG>2$fh?#K3XH?hWEIQxF~ zkEd?+dN@8u5l^3EZ)!Fl?|RNM4V7G_;@P4=u*#a_Ak@PdZZ*HSZL;!AzBOHu?_oqK z>C_y7s>}CoZ(Gi?AU@t>zWje}+13uiuzU|}IC&k5ijQT~bScKH)IKxC4l3S+Dvt7E zq@lfxV*iQ)Kq#$UM|Jb0zlo^tpg$S zEI1+X%$;kf&QGYIu&-&;3J-K4g&23Uc$mIT35RoyZ$BiHkn^tMfIR6k@7zKX-Cb2y zbp|YPV+F-|*ZrCR4|-2$O>$2?aN|cMiGBU~37mxZc})R9EkGk+5$G|O7;CTeUk8QO zG+5Uzs08Y259}eUt+J(%%v={|;GU7Y2#fcCEP*_;pxf|>J(pt)`uFCw$X^9bmcc#${-NL7psaN7gb#IKZ6*PJ_ z)ekGlfQZ-ODp!i*jN|vzU(i-AOkTQl;;vW}&m@C+t@cm0}>QieIG)&ISIL%8TFm+ka=3vvE*Kis9 z$Vu3+wk@}ecj9??r&%j~b-`MNQl#)1#?1;6+~TkH53Hy9}?4Ng7P03{{bHZb`y*7Bvmv@QI9rp6tu=a`F? zkXemaP(u#6>2c9)OIQ}pt8>g@&dGyhY_K)F7MZ133^&DOsDU#?RV%o~U`JZvqvIl0 zdFlD3t^AIGxUVIm@&bxJMU+0(wPL_NEn`L_3U)MNd#>w3d+v+k`0|3wj$HkZZ9y}u zs-V__Tr?=|Ub$~@5>vZ2&APfQ1M@89z`qUF;#}3jaLNUa4qBeQlly^n>Q^P^FmzO1 z)_0;ooN+5mH)n}``mFcF^d~DX3lORa{|v@OPhz z-u`*Re+v2M()>`MowU8c0!Vn$)5*ZRWgVFlj<;uVOYU`&`jRpkE0oCqIu!3T0V&BzbJn8 zb+exivL)JjS-BM3CUv0t_fex*&HCl3oD9So~kziQ^Y(v(_1OU`d7es8HS-rU2gd9sg1Qt)Y2E0N17vY)p zz{nCr;>qibA~O`5FSC#izM$gwG=V4Wsnje_Tht7xMqLu2s8b*@U4}JzBUd9bH#{op zNYFRP5quiMLe9EJ<=)se`tp&c8`mKWx%+-oj@D)Q@2IbAbY#ax*D0G2@#33K77(U2Tmb00gdJqrJ9ru4wEwaMzmyX*QEa4T-ujTt5P89V+;@ja0sg`J zBTIcJD-eFjM#7~=_+pAXgRSf`DOsbGvt7)y)s^cKl7zD-M(wF zMEKVDyzI!B+@EXZ*|!CE@8u%iY`PE*y}|c=I`eo;&QF@5P<+nKlb}xuW(1#bWll#7k~o^Yi|-CVz0ovoofO7=y>)isZPe!5nb%Uc56m| z!(wOF3W|kA$&jRt>|CMnXReCS?Tv|+q2MUp;twL3@OS__?QAotJlpH0G>Uk++vU2Y zqJnb`@Glj9oLVri$#MgT^@U1TPY{qmdNF^8E;f>dATSLqQ7U>3YOYGVXAIG%f z`S)eIflA4?Hj)BWBfp6}AVq}zy8iZRktVBHTiqly^=(%*!zMhj!(Si8612-@t-NBYzFyO|2KZ(o+_Ks^T{sC|=WNj@X zzL&f-&?wCZ8EML2}DBrI&Pe>d1*OvIK|GJhR!J5A-c8;j-yl$~^wq?!l z<{6mDJiV1h-tuTc1X^frZv(rW5g$$+^gd);T+9GG({U$TLGCWtINBFS16;1-jCJ;v`4#>LFR-)c`gw=Bma%P}&zmBw(l}rxBD5BT( zp68{zHaS&~*8eO9*?D0tDbkSVlu$N8VZv=Kp+t@rBvA|`f__wN)kMpR2_;t4aIGWO zVng@rctbu^7MgFv08-xbXiGRA(OH-en@+yif4N#5(emz6a*(jIf)(RwWEjYL(pV=r z>12GE1@|I`uo0BBAEm0wzW(_-iEnux!O8{ z>tgheJBl_iGLaKs>=6EvSXENj*)+XCnH5K%pF?Vm&c&4D%j}^k?q!@YrmZY~$e%pG z$Woe%(sVU7#exA}-vW}z*rR8X5}n!(21A4)%R##L|a zyIGOoTwi!QTaQSxb)Glmc$7qEfRz_D(aL4!BuM-)d0y%qIB&*8X%0|Z3iy|LqnbPJ z7B7OHQjCh_+Za6n3##_*XEn;z0!;nxf1Sr}B&AKGDPL%K>#(tgX3dh25vQNIVzY3sR4L)gylv3_m1O` zallLzHSzAnIfe{pvx2v<`Gx@%y&)zgI)$2p#qdg+QJAugn_#LX4@sKfh_SO*njDK- zsW{;&vb6GSu~$>bXM*Mlp)6zn8CKUo5hqg&3{{Ym?br8n##YnpJ3pjbOzJvHmj%g^ zX6Uz1(M70`g+T?{F9#~am^&C|78d~-n-B|ZjH^CzUt!IM3ySRQrotml1joWMOU8xF zz6dMP%qx+po(hqTY!ZMn==J+WN*Q`$t1MI!zO!QhzAY~2PwLZm;}YOdVE3U~<$E#x!n{OABYtu$Qxf(LfrMa^zM}!QZ}vl!EzAAX z8+78@`$7tNWrn!JFn?G?W#MW7XtaClsZwR@W0Zh3HQ>|8AqFX7ZOH|EBLhNE4DhVN zhCc+C&aq3+H$#$!<1czI8Vz#nOk()uk@wdi)kTlfO3j*4_vS9v^&D!);m8u<-u?}e zA0}lPhog~nixH~;2MAd#6lWEbXhMd*v~j`(3kyfc5>4;C)+opVV2>tRrT8H^Vc~fC zWJRPVWFh%eZPThYH9jg;*UHO|m`0s@%s#rZcy=4=*ydMtHOf2F=;O23S`juOYnB;y{F@sUSa{;&9vHm{ zH+pt75gA0%eEUPtgcD~OQY<^vPj=BMW5ce&Zwj4$K+j;P**1o14geT;OAs&K>zCj>8?BNdu??;E6XhX3l$wgc;Zg73pCi0NT4Yhs z==9w{p;iSH)&tHVI`mv3x<;`oU8SnaAug%qJ+!qlE>Pg86ncY0-wmt5Ve3#tg27ZV zOvL6>B3B@|tzSNbM5QYDdTJO}P?!4&g3zKKGp-qqGWmNlRgyvlN;lU5cx2ELgVqXk z_mBa+q+B*|XycPKm1$hOi7SJ$^(^QV25q&C5gecS14D9;PF9au*`b$Y6upiUugs^x zFV_KGeHP5I^xg)}ISZ#7LS?@Aa!Iijg+e(Qh}b^u3vLm9Q?AibSQAI*bt$k#(VOJX z@RhovM6xvCrOx@xvx(C3q|)`S4rq2iBZaB;j8ofJo>B~wgRBQb5pfQpmaqh{QcUynr z8Tm4O_Re00i+BHC>}j!YOAZakkBlGHB{4vD?YOS>bFVQ6o1?UeEn=d=s%mmyufQ0D zuAQ|B%GImAJ901?h*^`<0G7)|CXdK*=rAySukef+k~_$GXnSiQJ29|%Y|jzgEi-UO z8Fx=b04~zdpfn=zh`P!NRO;!|aZ`{rzmHxP_tC7&sJlo8PD+REk$Ofj86MUu2_5TT zNs9dfn^^QJ63Dc7;iErnmP`))#5NLAe^K#dDF=XrDKLc?V|FgYf(Lrmh z$<#f8c<;s+)hEobR)!aUrhIBCkqQPj=IX|c2A;uy){b4i1vNPkC2n=I+GOy+thdmM zAe?fD59D3uvhBm&1kZG zXC~KnrXwEJ!O2~=wI}6)jyeSh!7`Q#<=2}gdtX?F;yymJ1{C*DvWlvSOAOKnvCTe9 zi`6ncI?!{$panXMo* zOc`_d%)D=j{rsbyVnMMy3VW0 zFV0ypw0lF408AW;I~`U*oj=<$d_xh;J(w4CB{llUaWy0Als2yIasQhFmCmL}o#2~5&k0f+C3g?JYa<69t476=Cn?!?~fQUz8nDc!kFZzc=E ztIN*|L$uMP{v&GQe2nG6dfyh^pyr1-ZK^vkN4_xbjOJ7DpZ-Z11Uwpo{ECd;(UH)u)Ku5cbR_#Ho#;xw9#oD4CJ}FiA2?stUZQ( zv#Ds4!t-=Ha`Wd5SiAyh1?nlOvpLo4$;g@A7k2x#VOb(QFv%;t72O!Wg{Z(C919>f z*^H})GHVA;w71!1JBz7MS>;QaBuBGT%>x{EAiKiJ%K@uvKR93rBN()3^GjoqrQLp=rb@*FJQ}&tIXBC-C>d#6G<15 zDSYaw3X`HxX~sCg7yfOdplAy7-QPBjV8D&GchKRHZF2MNPn1$@ijv)(8%(}8ampD( zF4XI=Zr&S~n9~SEosn17{qpPJuyp#QZa?B^{=|rc(vu6Mop@L+HDgS;@#pT;0pgv< z^v*C$njZ9i%$1KVHM;Br&E%=gc1sAT%m@jjWx3BS|2&;C`8?3j6~Y>c50BFp@a2?i zZrs-i6LKsv1n_b!fg6X9S}8ue^+nZaV=G%w#U;I9Rz^WaHeq0;?_=i;&J*W|<_hJ* z_vGOPX!tGUmSR`#G1=T^Z%b7p^>#CK(dORLDqlXwL?Ku$`i$FqtzBXyix?+%PZpdS zDzB@#8Ht!3!i(eqT7bpo{3kvUCVidHdq#V}UM_Ul_=*L6^qc4a9LW_g6co6ph>@Vd znje6lZiXKn1BT~H`?Lucnkt}hGF7^PVk$oGQro`)Q?e~X(jXZ1iWGdshW14uM+Q1` zvkua#U2mTdEg{7)Cll=(xfz$Iza0cNik!dg8T)5>B7JL7mvL_!WjRt}5Ad=abFwPt zDvu1f1;@srq8=k=46&2mND$GqE!OquGF5|J`BxnxicO4cP2itv0>sjKtRO2^MFj<1 z_u-bfI%t<%+&I!lp^HK`RYh)icqlz!%u5RBwVGEK-FZ9|(O zqYl{-(g;w)M+>7#fOL@eE@mjHgTMR%O1>qMdYRAU=-8zW>fd?AoF}+%zee|7I6)y25!_xv&Gvjj&s^fTAZ&=MEP@Qv8qF; zPBx2VC)@h1xmv$ZIi7Tj3N9ULonvuUa2OsD8(pJw#t}(jEg?fIce;)Sbr++Fk^7}b zNxCEd#9_O-#Ljfyv=DA%?-{bhhm|31QADh1at1wbgMH z^9sYTNgK)LrRehKRv^xC0UU)rek2l6{4qR%dq4yaxddA_Pr*b}B#-IkPF~PCW4XnQevx7*tK@haq3F^$h?(Y;mwlt|iUQ?Vje* znptY@KKZE|Das2&Sa5gq%{hPs=;pf`ZY_lZa&yy@EBM-Z^=WM3ZKu0lkQ)yIP;tPp z`e@e&Q?=lB)4K|7|BetdD33gcL`VyQ_ylE}f8wjC;MJAK?hcgaixqXF9{6_K@i}|W zt8ahI%g#*Mo*I5OOdrpIuue34Jhbv&&Lv zhiF&orr(QjS6G+zG(XA5ZrQB6xKb_VKnkVsO|MFz;E$abiWGK^q%MYK1&#=L{?#ClXM*8>DRPssY%PU#2VLtqIawfy>H6_r)de(q< zlnvh;7el=7rW8Vp)?^iAHH)V^BjV#HsAA3Eq4LA^4Zlz$Ifmu+caXiep2R@ zE!SXtEa)t+^?bb*wR25}&+Z>k%k^-9A;$BK88`cS3zcQ<_T;uoP;z2GY z^+&D_9!yt65;0??Z9iO52J2Pla28OQXW_XCg3S_8)RC;QIrk3f6gFdvV0Z8sH`1QE zRBY~Bb3)24*8ynAQWMCgJ8tq)6DzcT)TfZB1l-#QI#_{k2$dfDyN|Q=!%}dF^z&5s z2U4WM^L>2pL1<=U$qv-j08Xlccx*lnYoVZ<9rHd^0d{&I!|^nyQSIqG<@?+XtH^VuBwX5(WNh)V=dY z(Uy00NxlhQF^qko5P2-Jkg>KepGpRvu&*B;1hfUdmUiCa?w$KTpr;!lT^3N7GH`T< zNZJhplSSn*S6%;+W_)W2<0+3vB(qwrl?><+lIvchaAR5OF1)Z`jLXHHR#-1}7Ak+E zK?I?e*#I8*q>4DDY<~gO<9A5(;#wXHcs&Q<7u9B%LI5}RQJu1ycy4u-cok|tf|l+w z3oEY8d64pfQq)%vXt`BTbWF-XNt8&QL+Nt_pAC$l2Mm_fLt#;+*9#XYN}cq%+@x0K zRb|druiGyEbKJ90n5x)=hs*uTQI{jvx9; zZy00O3M35yk-v3(hA~g~!Mie|gvaA)Y!-Iwug)x^pq+X>5%l#l-g;KDVbFzaev-MB z`ltM`FDqpA>VDBL>`x?dliFW>3k3u46X@Q)kTJF!^5v`nh{=!$1`G2U>sA|?gP*_+ z@n`(f_SgyK3WbJR3wYHWmjMu~g8c@bzZSQ&=w}V&m@HjkoQk?uXUY2v1~aOEH(6FZ zTZtc>A)_e{KmW$c#TJ#fcpygZHm1Fp6XfQpqCX)egsUipNw^#xZROo_!jjOLjN$Wf zfE{V2?`WZetF3l_SMbbG=!1;wRwvF1^gdLL;rsY62bqGG-U5#WME`& zqNn$Nr6ZyI1BCcba+Bv8&1v?(quzhP_Fq8$@6;qCdk<%GJ6jqi_J2enqyNr-n*Cq- zPteE5$A$obP26CRj{F}Cz*zbqhTsIWCjdwkFbXgf(E~7<(kchJ9uyU*P#GR16(SK6 zBpL4>P!sPI723X;(QRvohe{7ghlgs6C=7ru0TFs|A0!>1AD|haoh2Ti5fkeb6rIPI z6%`zvp(FRD$H%A=1RUS)^#L9c93L43kI#nzKp7k&6izCPe#M_^g>~ zypAW8+LElcJo4H?t+g(1p1*&01v2%A`l7mIG+Y)4*XOg5`{vK)V2GYhe<1;Ad8@EHG4eW@soDj zmwm`4Dh3Vp^X+s0)`Fj>mh7hj_H+K$6Ry{;r-UL_K^}Wy-m9tbUaP{~YetFLdx@HJ zyDo|L8f~}il#(rJTSoc%;Iy-=(^uz+&xiiS^W2lt^TmB|TeYj#k(U?s^Ya0m0{-T)>{tIIe_YV1 z((vXp?bq&`@0jmf?Rc_iLStT!>7on%%SYp{9yiVe{Ap5$*4o8BKiC$<xgs!_lM?m7H3xL)o_3 zwi$X$kEF@p8Ec-?+znN#Ij&cBrCX|$rP-cY+bunJ35Oe}m+m@tuPt;orWB@GT{Ha2 zKL3Z$oNw~oxnr{&@N94e-&v3G27A6+?kk-B??9({50KZiY@ykrc0Fe}uBCQ8N6A^l zEj>}bIF5g^4WmAw-`cLS9AY^SpO(ier|C{OEGOBgImojT$=xU1H{1boaKP^|U6-j6HwAI@kb;J3GL#k|v{~kAS@cCur$@6SB zi<})0raj#^U|lj3qR8ZSc)lEzu+6E>`C06LZGDxjo}4IfhG4Fx=WR!(Rz(q&t7#3E zZPfL;9M@c|N1e{~D)xMgZf%uxq|r|#l*U*p@TVLgYM*6H-p$+z(#~#GhmbI_&TaJC z>Ah~Rb)$3y=Fz9nM~>;*h&+8%Zd-fCl&pEzV0s7)y)>X?x)hy^u7{{1!#3J6--Vpn zufS#r1g)|%-fk4Oa_d27K54ceu$*qw3y)-O6dh<5o|s9@`!SFSof?)vQ)oXEm3kO`%gTQbldu{8%&R&~$ozRU-B7;6{r4$TOe>~T zN6RIr$ZD$g5}yZAHBVcs%O$55x5^Xt4uqKRgazmIZ-b_qZr0^}E#+JV6t8Mh2Qs7# zQKf=BzA|(rd-N%d1GXHKva4#9jF|~9u zL{j3)gTTxDLyyX8BR1OoR@b?tB8@ird7-#7BRY@#P;HlCvfg&+kT9jmumDQ91?h>) zW<_TkQE5Uqx8$*s3PrODR&i$Z9SlvtOqi~`Op5OTgXV2M;so)lJs)i?&|!gcGkmfL zE75IM$}~8Egh(07sHqEWI4y0rXGbdLnSk8QK47UP$obZCD?iP=q!Q{@3gua7)eS!- zpDH1d1FJQQ4xy?0gi8HVROL#$I&}Z4sB+BTEL&}9`uqz3L3&Ug=Wh{*Y&1V0bbg^; z&6;;t4Am+wX2daj4zWiD^(aymA)8xCGd8flN|lIU<}k}=(W#eX^c!kC znb3-k-aNRGw6U(B+2TSWO=!~e ziXQMkuyDqkeIBmsH8qX)IVr}RodAp)Q?=Le^ML)>22$9o%uviK(1r5fZqlQjNS_%!L7#MpLcBjjK z_z$`)fL}dSS34G3>uBQ8>l;v6d$Q1(hx~lxvt%_4;tA+HfkaWbh4{7XhaXFvXA=gr z+JWU7aSUho1gIqFP?zyEK)@&L@xE8B!zT7!)*iRp!(ZqQxpX#qg}r$y zP}VD|l#fm{x|E^;{xm4Ak%epU5E4@fa%6zZ0Nyyxn2f;}TdT*nwD9*&1!4*K3a;-S znp~n6x^9DsXe6v^TTx`l4oYI#j9&peGX3qQFPIyvYzMKhit9TPMNEh+1OFJsVY!RE=(4SSvOoZ5@i&9dI8JE)^h=t`-*9_cEb=kVCAz={3&n=r0 z>8$@tf(I2ta}vt`W{fJDua~4M!SWK{7@c9MkTvhDvee9Q-S;FHL%{@IqlwX+?UTDM z(V7i3peq(or9WEyFPX=FJCBDa9UQQtyBN6V;9f(FG*DA_0y1?$~#xlf?+ z!l1EeU^1Tw^OUgYvK@IroDar&S|gCYkiw-MK@+c^6&M7L$vs{n&&G(`j$GxTaAut7 zpFdB?RKCdv>f?4M&^V!g0Mddc@CWDf(sd0Ri{4S3IsRmSqeV&i_^HK8)tIiNL0FG2 znplP&Z;olcbslJg+R@Dw1@hLDibx~`sFU$Te2mz*5xd0%Cb+jNKvJ&{$DiM?gG-pu zpsID6DMOU1VoP>U@;NoT)pmn7KJ=uX$=9Nk%kCzE9=uBK%8*JJ#Q0T?mT;W9sgQy$dIVaFx1Md&vUd~lKp=Pc36-Eu{3raEp;VcbND9}NJYueMAwAQfchEuf?vI1t| z;j40&x>kv#^7mmaN?dFOBM9P(f#o(!s+uP^nPaHhxY6RUbMpG){Z!%bT4=DHdCWFM zkW;zUWaDt$qI{y51fXS|UwGz~h)oZaH7rT{V6}UUis7YU)Lzc>oXaHf7HdWzW+L_` zXLO%EhdS_Q76MNx7GjcS62{QR2k$z@ek~*&P$6(zf_?3`jmiP~-3wvFAkZQJ&4+qP}nwr$(CZQI>v zCnq_7?#;c)d8^l|RMyJ+=3HZlxCwih(RJ_}I5g-aaqW=l)8VLN!_>DbpS$H9Xt=eK2iQ#ma@U1wzOxmk&)AEpFa;R=8pZNSO` zf794UUHK=_89`}i(|DN}xmFqkt8ZcBBsf|XQR`d*QU;XRB@~>BllVf+>ziQb%!JIa zAOKq%acSJcbQN8dYyc!2X7`-E892e%qw2yevF))cRV7_x$i4_=Z<*8YnDtHxhdKk} z5xS@m=d>wqLnvBN89ft;zzWhq4RthS9wpf!Q44q{e6+tL8H&9q5ORMl-06w7%n>_pjI@sDahbR!Gu9Lya3WocV{u7;~R@7WhDl+X_%U(nhK*LZq^=U1En}8ulB6Dt&2W4 zbrQdm>1qnNqzbA|C`AYGOpLF?wv!x+`RCswnTE`qgTy-YS`gC&H`ySGPRGw6hPz7= zpA*sX09mLn+={*u{}2IjKUh5zY!dP+O!NwGRobyvBg~7$C~;V*-5a|6by){-F66sD z4bk^gF{Fs}u`!a_8tz~uCMLbzA8v}wj%!OGc=FOMKSS}_%W;N*Vm3%j@dZt^#_P$* zV0duQUO|Z4g5RUFUlU*s9WOuU89X14t9tE}xTOFuvV#-9#(%3Oy?6U;?JS|MH>LnJ z#dPef!E{=%hpcUPgY*|8a{itS)UG3uCc;Q?hHjJI5wJj9#YZ;p0|cJ4mgDfx6#i*W z5+c!#8|0AZOe4SE8d&*Lbz2PcD%C~nLH8C*3o6bqZM6cvf1?tU6Ss0l|z|rU$@FK!B z8PK#h?#nGCx1vZ&`XC%4#YxFK_N3Ityl8CG&ijRue-p+Sc5Ea9oyZ%yOp>!To1TEN z#UW|fXESb`;_Gg89tRk1wUyA3q*of8PraSF6~x8RoPt;e$Y4p!x? zqCvkPmPe};qMkvG^uE&+Teqi-JG|XCO_!lJ$R#?rU>T*AGp7kF@}?Lqa|6fO*RP|q z{bsYb?nbQ46L0mKy! z!s0N>b!vMejv>}A@_Xxm51CToJ6xtjq417`#KTW9@KG_?Wx82+4YE?guS8098(Jt} z99i`Mnti3Bvj+_#h|Yi_Tpo^WynZmZ4BS^x68~&r$5GWphP*>aPuPQ8g>i)f>qD4l zh4zkADqYkH?+C-36*k`J1+Hf?syT@m4=y-h>;2{OF`TjV9D;qC1)BktV_v9Lw1{SR z{J`!5;$O>m=DgV9b4k0C*lyG^gQA#O(zYXbulRci2s|3(mlbGnkMoL4BVHtSAeH2X z2*$e-EO%b>$-*wpgogd7SD-Roa2PCQ!XE2d)gkqLtkN(*fQpg_ z;_pS$2YwFOT;baZepqF<=k;0D;)b)!%7xz7cbOjUfl5 z0?q@r&|ro<9vd|Fhk&8!CEdJh@(WQrhfQKOU@S4N9gQ33IMG)XSlPS|`CIB=!@%6kv@62pD1i47_oU1q;mH$4&K9gj|edudmO&m!PIYf#( z9if`~Dp9LSyJ;=Zsx8$y)1imU4N%aipRjv#SbTb8>m5ItxX**L87)csU|StX81yk( zxjtK_&7gnpy=28Oo~3}M(qlv&U#|v$3GDCV(ENvR( zu4JzB$Cg#&c8uOTbQAF)dc5^B0`IrQx<%yZE`M2=J$((o0m8 zp|Jp~^AY=y>|*>o+bsVu`jmK^oGFV5*5nt8d}N{Ss`Ap=6(xP&^~D>p;Yz{5w8MdJ z=6@SX$21>%6`HUOrr4HB>=?OTlw7yIVI;tM-hQI&{hM=%N#J_qf!8WLYQlZ=;0phd zx|1NqaE*9bmx5TNQJ^4fR!Oqgh5Q)AR(E6o&a4|G&@*56`CCuts<*r#GEtYX=)R?b z(Ig!G;^mTXY!ob^JQxPD3Z)GtOSGyx%0I5N`4paz6?8?rKJ)h}>E3gPwsX_w#M-Aj(O2JXa&hn6s@mMspqi$$F4K*x`Hg-)@rToHZgE^4;K4MUHl6J z^VBc0R!^pAUP(!;>nU=*<27AW{ul{A5M1?nI})}IN7nDZlhwrrp@UZmI;3b#+s zaJiAs03DAzd(4(k+HOB| z+e3bUF}F9Nqn#$nOHQIjJLggJl5(==T-pMjrek?e`@0=KW+mOFzGFBPH;)RRaI6xy znTe!cTmH@8PHH5yb|a;?R|DC5R1F7dU+s{U~ z>T<1$yB=pKIq`LDUx>7=0>bT;8~fFf;zYjB*3k=O@h)64E|%mBtPW0bhu*SIPEK## z8ypVcGGtQ4%Bj1LUSl)->Eq{cWfPy0WKz3X+SX>L23R|4q!k+EY5W=)1J57_}s6XjL)FROHJPIiIRy02$) z2AV+gi6%1r@rsAxV9%XXM%}64)W=THe=o$GxZ8&OEHuBvl9#sjAAo?a`BZNl%wm8} z?IiQxN(;T(Azm{YA}-jPvF-SX55-Viyqh2H^*J`$>>{?>|H|9ul;~*G!U$(x8|EIm zT(S3aRfm?qyZdx5zDJM0b4-+wnub9rb9Ia z=HeeQ^?8)0V#p&bB)S3R7@w`2u`A(sk<|Lb`<54N!rpFiga@RgVaAEl{anSE*U1)H zZfl&EOl-3JMSr^KSYr3J7`N`DLMx3t4{&zcru}uW6371iot6G#IrrJkGTB)_+ekAH zinc>1PG}6-auOkj|E2zWYcHC2MYTurEgx5W)fweV!>>r6u_QT?Hx-Kga%J4TX#8o0C-j@i|IS<=^I8`H zA;5n(3)RuDIgY#z1Wq?BhggSSCBR=Oe^+2CGXq%6rE~qsCuVjc`QGUvSPvP|k0N%t zfZ>x$yL+1&j?@1Jt@R@z0|#Kh%E44y4!S*cpPIlq`m0S&GX_ZhNb(aRIzA6cxdHp7 zO<6FJV-t_tB<4N(JjiHE_t^go{?Xe? z2%jsV#V$i2*LaJmT6)vpj=QOG+-J&6RuH}0%u~uTwtvvZv$L#wYC>})uJxk}A-aH# z32#rQ4S_%8?UbLUdR08h+p#70eA}(^I%z|!)tY7XOS{K0lh?+`5_J@Sz~SRYUj6aa z10FI*eXlZkUaztt7}?0}#l67gL+f51^<*U-xl1?_Q~GNwM@8@ZxY3=NhM4up*T8&b;+@xTy zcYs+eUE?O1-N+?{f%naxQ)OFzsx6b@e=cPg&{96$1xebGFXhk`IQEN@CNM;sj)z3% z+ukzfwTVenI^kVpe3iaZ^3lOyh#pWf>9Mmo*!%Bb^FQ$;c(fu6DGK*7hG4S2P|+5Sw=Nbs*zO7rn^@qD=`&=Q3`|sY|hmWaTXOdSnqkqfv?CBV~6* z36f;RiI4cC3PtxYf^e_hRh~wsPRF96iCATboh$B+-kYC~%iHbmi#In7|KA^x<9bWq zZ_9{>+@$

Niicp8zsu5q(K*eagkZ7MhiolslI+-8GA~3T%6;W~dt`+eNm)s`b{( zG#zZ3#V+lJLpv!y~dKB^K=BlB(-c(ZlV&9px zG|$y6TV9J@##pl>ERneH49ybpGZY@b2?o^0rps zDBsooaPu7YmTsMHE8R5S?F7A^t|PtxG_F2AYUDENq&pC@r_p8^+?|82Aqbj1K)iC@btpW#@4yJ<&>V1xasJz za&JC;K~>g^0nQk|U~qx<@(n&27k{|j_EY_soH=jxo&2-+c1*!}e?F`nOFg!%>fg|? zy#XftRf#6Wrt;t2fYBbcboIui?eBD$bI#nUIDG)fd11!J={;n@rl~#U%og1YP7SsR z1h-iZgX6gc+ds`KI(5ylv~TTip>+8QC3scMqw_Hxhe!XOhU@BHa)-hgE7Tmx0}@>d-xLoGdat}&E*kr;yoaqXGc#|^CS54{)3ZN=Vq z??raNqr##SKz+;BaM83uj?_K5shHfBT@(>du7vG52}x}oaPAEp4A;!^x(<#+*L9%n z@p(R2cqmqbzz(aIJ!|@6scLUHZ%$jZA57UD;$>OgK5-81WMk#I0h46|u`KA3?0atVqcWmbsW^QXdQH^LPbgA(0l5VvQ6JW z8%%3k)ui=D8DO^7$(}n}wdm0Fu)>on3QCQwQ@-HNVzhANxf1rG>d}kH?)VBn2Z84F z8|`4|bnU8Pb8q_jxMWv^TUH807qQTMux`KlU64rKHP97R2QVZ2!B5|0 z2Tk8yJvyX<+!*_(^B^R%%WzlAbO1TEO)#v{DlTu7@z z+Yf;KmD6$w6)=*2&-Z#HWEOoxC$vW9hHN`7QAP z_%9bO*j~1KWmA$6S2@}m4j)LJe5hLefx+#2QS&m`UE2HzgyEnwQ?+h&${S3=*AW5| zM}jLe$@`ka6b%uw+Yr_lT3TmAI~pc-&uaLSOCk1oA9!W(82?;XM6>DRDH+x)kg4B9 z8M(rk96w1%SL>VE+70iAnqjwB<8}R(E1XMR`cUHr1t41;Gs;H98Dx?wy9xU9>(1 z7PtA+lfV9hoZ$9JolW6r$27N=R&h;$Pa#8dO=r`VfJw%b0T`9v6g6Wasz8Yb@uFma zySA`}6~N<#b{sVO*+;ft3W;nsRnK8l;!<8JEViof84H^xtc`1XFW{BjoSCgjekaRo zW2r3P&k1(3sn1J&uw3`M^z)ixW7-ANjwQpV2N11yV)-hKj{Zi=I^7eh*g0^a!%`2V zT6OK9ide}ZhPNJcla-zxM>xSL2 zFl}iC*)4C!1?Bi8|57|WE4|MzDRTrl^s4`{1Okhv`}VFCgXb`)GMG&o|KM*JW{%ds z(o>J~LP!M}ux}!pc8Bi$ej)fD!awJN;z;cKl52?flse18y?uy6{gnU=W2Ic_BcUZ+ z`vN+X(5)5#D58MBLfWi!XNRhVu-vY=_$C05Cj67+&_+8pATKhl%LTe-x+vShBFMcc z&@MYJmX^)R`9azp*Qlus{LJ{G;)tFq76O?3j%&Ltd%9iqq6KSU`Ic-eSh(WmZLPX( z9}iNBQ0qNQP*;=abenR#FK%E93UN!(!EWJnPQ_6cL4q9E#qflnrj_%6Cya3zYm)#& z2%)WEaQE9ef%bd!0#2aoh<-+eH(nRaPdFeltH;)KNf&2O3YBw&L!8e+FANKrc)AJh z*?^Z*Pr?SqY|?R2&~}1ISzs)m0i7EF$E0KY0V8PG)%d}U#lsbt(Ol+PB8jpt&Z3{$ z+Hc**W6$U^?CC6sDhpfrf1{%Mtg9a!$+<~G^3V-24u$X+vJYZM35B(I{o|;?L4wga zWy7wlp)hv{q*$1hl7E|atU~Tr4xnUchKZ@nac*b%yA3W{R@B%~ctbbT=)qtAz5>)q zXP-~~(=~i(JF94_?sfOi9-uOFI2YDwpMBNU-lVxEvo%>8cFxg(q$;Fdq7NKA6Pn6n zr`=QqIBOv4Y2Lk1-8DODAL{C(by3Vxu1V^aGLralx@;fqUZJaFPIx6oBQlf2n;d)D z5?1kt-)~;DKzf`}pXDRx1^>j)3G&s}O*A}oAj!T=N0)E*&9J>_t-iyrzu9r!ad$Vq z)--5eWpXinA80>UTG#>Iy!LZN%3PgUIheNCZmS5G;w&+;z1Uh>Nk##GIHr4)9O6Vd z#hL|63fcxH-vO96dfHg}X?s1QC1uDaE3(4fY^{oQw=K~DCheXFx?QKbz-_Daz?@Jm zQC|Ns@!a=p*B#-t-IA;RhRX!>eusdfc6$ZTvTnJJ>ET(y3sn7K$qcTAzxiYQnI9DL z!Ok_eS~q;rKVrI+q}S>9h2^Borcgl=`6%x!h34haoyb9^V*K|xtI0t*J~)6olu|*< z5m#A&nWN%y4XEnf^57k-h29kkLk5?vWgbps+HtujB}BBj=0OG^a>^MFBe^vLkp6F0 z3SSByy*4C{8?c$*5KKQ3TnGqo584(k$^roN?i$Fqy))IYyQ`6-9@nPXoPagOibN!9u-gre4p2*ED=vK}Ad~2x{DcKt zhL7Flk|9sw%45fxIEjz3Q0d*URaFPH0_J4(PJZSVIEZ+Rh-4^FC=WNTvZt82cuyUE z86iYfU42Lcu~p4s*v{g~^%zQq&@Fa0EuZ{+Eg%mMv&BHZ z)83y8WtN5ha00>g;vMg!bc9An?zC7cNTR*`G7x5b_p{PC^O#6*u_CF$LuCh}!mYg7Coizv+!DsIbwpbQiu4;Z zz8(}DKQZurdCVX36;Gr~9Q!(8*f`>Po|cL4m%LJBeA)!LtzdWjT7G4}c` z8)aM+!eibH>19FSSYIqntv)GOM9ux#z3=lPypo~RV7CIS+PzDlcwy#$mri0BFeR1o zIrnYlD;v}eB4Ht$?8}j%TIY3z-JPIGl-K2{EY{QT$4$&p8+54M*s4?ZU9oZ|^rofz z_@J$@-Aa>}BW(Ot47V3=%t57?o;6S}6Q><#=Va<(NasOMWS;h6FbYJVe-1|r-dUZJe`R9? zBR$kqP_kKg^Em77wSIiGEY}M|Z=y9>Y^PWUZvB8!S*3EaGP&MG+G`pQXCq-m7P}_( z*aJ@Z87;R+Egd>+8OB{1$Cc?N^(*cBEzoV#R7mauwX>|e#gHDa6s!so4er7$Vx3Pr z<4MOjKX~WAMDW6y6GG|}458fZ#ds#}HF3{P`cK39iI=;WqdHl4f-d0^63K)M0K^6m zvv$`tyBj4wQ7&TBH$tRbLY8M#2aTwXqPNz+ro_+Cc$_z6Soa37*m~f1P1JKE{bVU~ zrBgP%W}8?h4x`P==Q{i)p`svOmln)LqZ25=J*>=x-H8W6o&tEtpg%W|w8-b(C8?ze zjg@EwA@4o@do?FCC-j!cD%pq_M|=VC7~27+t4X`ot6dw(%f3gWteoe}!e!a`b44l?NQfJ|tv!|loX}t} zrk>mGKYHAxR*Zevn49mOgkc{zL<9jueGCyUa$@f@Vxlu=WtX8^#@dHM23R3l;y1(> z3AYK{nS8?&_wn$;>UBjeUX_u6U_9Ga3{O^Wh`Hdm|)(8aZ1)4*rYHQeF}e}Z6k^GF6{tEOE*JZ9`-jh|4I zGtBJ?FrdRN1BBBrZ$>yVr_J67ov3mCx&voKcVvQmqA}TXvhuhrE2B}hKyhlU zhMm`yvxn$H*pQws<_jr$KH6`vlfgp*7?3&tp7M0byi;IK9b4e(M;qZ|*G^RTAEZF6 zMgS%G7F#5aGXtT8+=B&W5dSYrHIS_gLY+NGA<(aG6kGn6u0ttj*~MaJcwZ+CLpFOa#1 z1B2#1wfYAv9eKQcor2DzavI&BNe-(aBnv6TwgK=bmmrj;G?bGN2?4_oE+_<`kHlmT zfsaI)kb~YKIYPtF7e^PRp}{%Pv9X(XVYm${&6j3rzseAuf8)axLj!C{dkNW5lS;(6 z%lTUXPcb!m$4zF%GkW4^ zMDK0@biJw#YlGT6vGRWDG9QWS%cB9_`PDabFR*UuTg%mHznm~amICqYt@V(+$&n_` zive7G7}ytpBQ#mQ0;KTzd$hF zJU8bUG=dNMSc}Dfuv1K~ZJ}rUUYSqQ3o@Z^-3l~99=rY+4_birm?Woo$6T>S*_*V2 z`lmtRmd#r%gZKPtAZXTF-rrzt)#Fq9erbHfs97^KyY&cBxUNAC#7%!}I-1O7W=Bfs z0|j}?!Kcb@4k(dCBoMUyjgPn(mOh9(EZ{1gncgS|O;jQ*7j6TyN6R(!_cwH z8saN?7U|18;}|QtAQK3VjG-@T8WTZ>l!OP? zLSK;XtiD-N!DH4BcIYQ3VrAE+PCe(BW}Iy9MsnlGZ$Z34N7BWcG?cVYUi=qs*LW=~ zjxKem$ELuCUjq=Ta8lUdnm!}p5u;hi5IAN5R#p7ka9}#SnW{a7GD<6IiX8;vz>1ZE)1{ihi>DoPe)n zr`~s!FDns`MpOv#St?AGb2USZr6GD?hD>4O-aN@}mGw}{`r^MC!9Ioky{{hNV&`?F z7Pq*WqTga8g)$Lh*nAHC7-%-CZ2+SkXIqcs>>Pf(OOyo5Bf;a2@n$jQm ze=#{#RFx*0c-V+z)p+1s6iq_pElw)RMa+%!IvK0$L=R;-<~ki>%1CBLj@^n_G%&Hdfh~ z^Q&K$p^y3uPH?1W1n?o z>8Y5qU6KO>#F!nt)yJ=**6z!!Xb;oqWlV5r-X~g=S$a#h=~F`i?y@ zO$X&RkJo?&G-81(W{2N&{`4cZRqbP#fE&I=IBXw@>V7{1-f(#Iz3UDrl*OYmEu-8_ zn%Yl5Y9q!BC5`3E|BJ4Z3?%>pXxynZR8EEQo-S`xmk)FY)pqe~$d3Tl-@h*1-l3m3 z5$>ZC0@>hJ7?mpSar=oC%aEkrsow6zuO`NBD=@yHse@GRyXkuSgXF?&ApLAEe%>1#Pa931S%Z|Q47t1xf*v6U@M*VvdH8Lhsn z3CZiRLftj5(cPqB+`-ZYiIfyRdZV=srqah*-jjq7JRQhFN<~p@qIuCZ4m>0Min6yT z>67vnZg%NzV1lET|B-zXxa11!DxHFva^GR)G|?UHxSQTe2WeAs^T~?QSV(C<&_0iYfzPuY^p+21Uo!15eqYm`_^WT#Rj}Dw4`rc5=n0{?GYVShRJffo|25Q`yM#V{PM1X+aIy3YTc{KS7`<>MOlUZ%`=tFp%koXaEW7bNhaH#En9M3*4+ps!jZ! z-uFZQ0KY<5jY}vLUXKN8lj32ho8}qFqnKUEqs8+Q=y|8>O!q5e6-pI;xC{L!Ksp`b z3ra_47&;{I-8QZXC*QA(m{qWE=nzv}1ZA2_E3!JI7^~p8v^kFQ5U~geB@#&MYI~7e+p%3EngG(aK-l z8Iu7FhU7T^y3#*bR6|_B4>sA{mAn^vhzG+4|Aww_`HXkUNggCB8Ys?Sw z8%T8Sv+ORjyP7)~k0**kb~~91CkVUaJO@Tmi`YKA&_!+ASl_|YQmcsM zIO`f3%J@eBA3#}zjifcEy+;aeW(w~2qgK#?!c#Sp13LT?=T1z@Y2*t zC{@m~K`ZlK{vS_H-ZPa)uRrYw6~V>B!^OoFaH|*UImj$ng<+9l5qG+32CWyZ2O_i` zKb`A3@Na!MZC;4)e%10_<$0J9l)v9)im1KE-YbxoRn9?@v2MEd4LQT%ABM){a4hJd z#M?lX4M0re@Rl7S4W|ODHJUZe3I@eT5*|kTJut6F$-$otZDh05TWWhg5!d;j_N>z{ zJ%vkTYcQMOy@^&S*P*)-sKyUpK?u5qDgJRxkKpH-_+&-Vu#g zh#RG4E3cC{5#VFs+_UrTOPd7U2+r|Fj{I>k9{s=8Y8B2!O8<@lDMYCpq~Gn+&oQos zN^X&wJ#sa2ZDbe>WA00ac2oq#@B7#Vd&>4t`gV9h01fEz)ihs2L_77wC@z?(as{>aY*Yz+(*q56nh6B;wWUG^giq*PI^K%o zd5P9@)ck6)@{NKL_~Ga>Z_j-r1W346uY`ZmLIB=v^(8y#G?9*S%oA| zue;0;7X^ntgXOv^Y9#nF7!CbD7_ue%*`9Z-SbwtI zFcPOg`6(${`}4d~L2lGyVEu-}2Ze!WTHXo-`E8@?v~Der1W_zTAK*AeA^@k1dLEPNot@92>hQIH5YT6vkF?Tvt(4G+6_q*L&X^bFX! zD@TgLn8RtSVV(E1zW?8DUK3+NNq@K&uw8dejr2Ck_V}jQXm*2xB9;w+rF-s_TY|=(&VpmtFCR8 zHU|_pkE*{~=BM9WU2Q$(xmH7CCg9!kL^iQEK#!-xtyz{nFKQ`|Bftyf8(8oZ?Uz;tg%mr5?hGy^0f^-fR`Haplo8CWUCFtuVxat!LQr~Dt zdIo2r4c)LvN|Mb>4P*#AE{ls?fyISJH@F;jh?l!=sgu3Q63VeiRhtP>U-eVRI9%M? zG!{~}gZ(laV^cdJ)qsH=?{G(dE`N+X6Xu>{>*YdDcGczIH>L&t^I1(jJwJKtZq~{# zOw7i*Rc@zD0e~e-8x@Y&FS}1P4R7Z&N}*XV54v>l&_Hv zlMEzT!o@{bC>F6{97=_4xBj~o{?FeF!oipqk5B316>1aJ=gc)=f}4@Vu>X_yclV#B zoK!kRWJ+^*H$qjx6FgKoQ=mG2XnY8xM4gQWoBxGD`bjV8CRP*Wjs{;{1Z0wAd9&4P z`_kpmdmt@MYW&|@kwqkIG!Fb03y$3A9ZsM-fVF@>^ONz1DPn&0kP?|jsIvN_^UyOF z?LQEm8WIC@NdW^>;jL_9^J|+WfjD{x;uR`U&pj6I^auL&Q43A_0-upFoACw7zVyz2 zHaAtWtUI-Q{&c!8sqHwphxsT+^}sk~eqF63arHx6mRp0~YcAy|#(*T(L7Z^u%HB!t z^aZT7K9IR#N~yk6+*1^5ky$FTQ&XMOxVKe8M91w*Y=pvy#@NY!ghDF$nG34ozg%Hd zlw|&TrX`;Wj!9>y=XA&+Xs)e{O8_r|!|an=toK1I_1L2mxtaN@BB-+4L%Nem!gNERq z3ZNjkqHYNkKf{^cr&Kcr)ET8Bnk=qlkZ|B7-DamQ(+IdP(SMnluaT#QJ3osY+NnRCUeuGVo724M_v zRT&UjmaGRVA0WU0zjToPvzKNu79W34K8!Vb0E04@2GN{17<7%c968~J+7>o)XviL< z%1%830E5Bfp9s_{7R%xg%{~1JgHvx~hB}ROYU{%4gs&e8^LC`e^S*`k5>{OWKeDo&_wcQNuJf7_q+7PLY`LMeT*sa zMMn?bNpoLIV(F^C!yOJQ(vd{C!`8$wiN?kH*cGS|j}cKC(Qd;SdM}IJA*7wa8mfd? zytbWo<}Ze@0|UE+tSeix+thEh;5du8om!=Z@)51e#`U!)q!PoCJM5A-u|rIK$hMLj z964h?u|&lBoK2~cgkS1ath-1NQL(EiCfKh3WC5<}z1c?hP9leiOi1y`X-rfkDmyI? zmBa9teb>{N2Ub=*f5?pQkXnf+bmMg)5G>vkauX5QB-ZPKvJ`MJV@49}kPlA1&nw&* z;m(m{C3=cYg7D)l!iaC4?1Ij+m5Ypp#wpBu8m(NS!USq{)qFpvp4lO(a{ZJ{H&QPP z{gW`40rR!cqfjAp*Ouen?F|MeWh&R5Vw%2U!BY?5M^_m2c|Gs0=htDPL9rzX$>ntH zOk~ilk#;_~cH4RGOj44AE&!&H(n%Xt0dP?xe3xZ-!d(RJWd?~-mO4tV@{`W3aLh(7 zFkxVKR2*MPQ33sdQ9bcT01&Qvsl8fTh^fH}>MbLR|EAlbF?A}r66cKilzq)NUwUGu ztNLIpj`~7q3A)Y~de?8Q+xxb^I!+0YNCIvOoY&|oeq)WE`Gq!Vj1C_K^rPa&L6S>W{U2cWZ)g&+?l(=>!W3r2AI^nD# zu>O`Q4NiYa8tA5xLhxJ*Nv-mp@jNfSbhJ9Q>`}`)k9JZk=mE;EV|^s&R6%LlGekf_^p$z~Lw*s~9Ro7y-v~lP;?R4Lnc2OFaD@prAGYEc zK1%R*OpFeK-Y+%f&JNL9;tOZX`*594xrh`^14Gf(y^Vwrg0#v}tD($Psm;$S5(6fjm$Zimss7!7q}gO${g=Ad%^i=v9);g21D$PUt^mV&V za4tA~WwnPIDery>5up$ZKwEW>%I*#a=QVD7S^Ucah5Q?@K7}mctgLAsOa~LN^xL|H z4ynHA9v%<;lsV!NbCM#OjyDzDxuUUQqFro85{W1EPlpj+v=nahX~3MdnsvIk|8KDz z+*B5HrmNM_sFQS&_t5!fTH0AhTQ=s3?_xCknD|VX$-x`hNhe`o{b2!JfCD}lnK5yA z0(}b0)E_iz49{pXU;#M@2;40Vpy1Fl83#&VxJ7t#U3!vy0YoaBpaZP-CNaI)9u8|AS?&wnJN;l1O?N(^kQDIdF! zU03E#DbeD^D?y*(6{ZDJM<9}8UYWxW$5Hm@H3So28M;>Y9=v&Yt?G-)7n77JjR3r> zDBF`O$Dr9{(B~gl9*FI`l5{Ynp=! zCq92ZN)0t2w39*}odKXm!K2iS8+koBrG=}P7*5V{M%>J%kn*ZyAC2aLvv4NREWV^~ zLRkbBYSUvO@FZ!HXC@KN5c8#JCctTqOtZ|_Z`}^2BbwoeiaAD_JjjrP68)v1?&X zPTg$4KXhD^SqlsZ(Gl{6p-+V#hu#J3So-kk&>Q>l(Vs0sT+fd?v!-|;(4AFA;BFZ| zD3%k!6L8#)rvQ70;cYsNZ02g7z- z$tnXGxP{Mrphcjzqo2!jE3umhlV`RxDOA86Pwj+1JRXR5c!;uyX^5K-Lgo z)8)0|$yEpXZU83wJpP)OaGENUH&9AhHoi6qYS3j)fFFyM^pq)Ap_iJJpzYnLynPll z7~_2K{htmklY^M{P&5F5BM|_A{~v|tKS&rm_y2+7{6C~%#ah3Pn{COz+rFTp=}8O8 zC5cy8&Lcd}tcTAwjLr=?YvwhHk7M+Z5?V?{l5wg_(l@rfub=>c2@VS*)~+N_Zff&i!oAu@$KM(%D3sO}oD%Pg z1%9O-oKi8Q{I}%0R+Sxy=aj8@kD|*mDySR0REJ`nzq`PG%y(%}al6W+i7DQ7( z?kX1l@TS!>%GC|Ik4+p00-Ii$)VRv&D$O`eHmt+3B0lJmf4>V=I_3lOB~mWILi$Kq zHP_eDt;?M#TP@gk6eX8Rm92qubhLGKb5@;IMh~(rF1p{noSg-7Lz9*~+8CVxPhc}|Izq)67R!P zfaJ(tfPZr(jTGELr9`XM2mNsZJVB3SvkuhV9iy3v8n!i3M?&iooKB{Q>auC2???31 z9f0`ZEcDGd=CzIhiIOWn>XOG+VO_m@FEg~6O1a*0m9*{80U!KqDM+qbd=@NSR$Xsb zd%A+c!^zODFi~56rPsF9+nMQ_YE}CRTJ?7RJ{h>9JvscW&o%El{zy(hKxUqT9De^- z5e~kK%`7Y=g5jtLVIX}WrdrmTYdkkln27#MZ9-42BvrpQ2Ic}u8Jb@{e&4`QwJ=>~vR4+A|#?wu5}MG7*OZt~l8JH_!hFJ~rYW zZXs|Rc~azR1*+9L7%ZalrkOvWuachGGr$ibxC4a6kh~BS`ExG(Le>QOxx9ZGmPj3+ zk&6YeRo^_ly-^`tYt{(J_-B1~mcQO=^c4O{qG<7$zLv ztJDgOoFsJ!4fBZ9)>t>p=#*GOF#xAvlLo6z0}~AJS>piB(vDu-KyDka|_l$ z+4uB8J{V>8)uL|8U=fZbA)Ns3FW*@876PCBM68C5GooVX#5tqK`3n!U;%q>Ywqs43G4*pmw4 zSgxRyqzowH31Zjm^@7W(=NWHMh+zO!GrN@28~6MXPor5hT`>OK6C%W%8$C0-`%7!QFkCq{+Vej`0H1$q8 z)3u-Kil71);xtdTH_Np^f`v$w+-xi}f2gp)R)kaEmd6~-8w9WXdF6z8iNVxb@n$&J z`{D3|GkVxGaiHwNzylY`34_mjtcb#@Pb3MRoFnuE-WyRy@|rRtVwihA$u;xa z3g!&&_fT9nh=$xO2VkmIhD3$L0#SZbw;0^XY_{?M`7h4SDOj*5O0v(kZQHhOoAqql zwr$(CZQC~L8B@`J-5t{tJ#qf;--)~P?97#!xEfjhLLk)|UkC8vcZ4E>?G#Y=@^52} zv=wq;s9N>irhY$KH$~u^pw+lC?DZH*O2j{R@63R%J8V*~5dNHZ3P6zU9#tbdcp$qN zwjII`@~Z0Q#=~&yK5_mj7&g7zpFmL~SWLG;0hw+D38XaYe_!V_Gaf588^A^Aa zN-!)YFVoLQmT3VWG{rngoP(wTDURSIRsV3R!`I3Ks%_o`hQ3PpyFbeQ$dAXi=+Hf( z5TletsTk318x{zB5v0Mv)A>pZ1ImIRaTGwtQ_BoR%5~F2%VcoN z@N}yBSc48=Q{KWNn%JBUZ&=2D$)HItKl-Sf-E%Bh*+=562NsWYzKom5}c* zFq9Oeq%WKMO!E6gPv4)PDm>f*j2^;$#W3lqmC$DD$pn}(DouLbWYuDY_`#RN@Cm)m zBE=9C78$$sAObmElSFUX+5JL?eVx3hu{fGGi3x=C@1V(qaf}0k00A6R&|yPp#%CaK z2V79ucCNE-u3hV6KwtLMNZE$B;4GLD(SZ&b}8w+C8HyF#z zuA#}cfr_SXX>akHDQC~x+9BsbS^<_dha&DP;0EEL+CT}3qxhfB_<(%EzsLa z+B#(pp|bF$gSg5I%Os0D;j(&~0nb9Fdstmj9w#TpGT>dwd$@jqA=I2=KpNzBo*5L= z8d5}KQ%TSJQu>dLm!cqki35)Vz!KjRN`ZJ9xXP@9J>B6_8LFSbzHt&|meJ=%T-d^* z32_JODC7SY)gb&u2r0t|homu1Z&I_lmX6OoR2gy`{h0G{bl?9wl-US0Y zWYaE3ur#IEc9it=bR1l{fkbQbBcm3uTm6+ay+zhO*(J*l6La_g>P&@_?=7JL>{7|H zX(|(#=p#D+37mM*^L(fLyDkJ=(iCPQe>A+U+=U&M#`cBU*~ z3(WBa(w#ethtY+K00yHNw-3%D%5YxE(%7O)()X@GXaR-W42%ZPG(W(&dD88Mm9npF zUDew^jPz!0N8s&a2reJv{qPz6w-Tzx8!;%=bW~#*>*Z#`<_xF&(FT@V2HW9tiB{+) ze^oI0Z~PJ>CZ&M;0D|_(VIl zk#K$pNKf8J0<&Zyf`_5_t|0vfy8u?W1uUU~TwkcHU~IoA^=XULnXKwvM`^*j|L`D) z@gpcQmI=&~*$BBF_KY~+=$F3;Jt+v+ThHW_1vy}`S+qkJI{>c<(IC{*`d4vWn^$?) zlsU%;9*_La5GK*z}+qXgB9V56w;p&E$pU;@zeb7yVK`M(G)6q-4gX>*)Zy z_St)F2n?paVe^bShW!PjhF8SgLi)}7O*o_eibI)IUKJ6s2-aqYSbbQrh|4QC zQNw&OZgW-?9?{d_tklL*h8&hGt#k}8m^w#-3i4+Sc0_`z9bu$9pupV4K2=p}y_>pI6Ku+L}IcHF;R3u*)x^C4JFpuf@cH4*m~S_@4`Y*Ix^vAN%JESd2dzoddOgQWYDh8xSNY|G?XY z{<>0KX~pt^m2gq!7nOj7#kC*nk~b~5iHfdY#51=n%wHQ0>~7Ja!0V3{@#iQYN=#<$ z#*R=_kY7$au?c8Ry2B^WtRjg*irm4|SY8jx=z6?4i?n!T@(*>NA-A#jEf8+!V_IWk zbJ@1oFtS5>`tJ~)v62()?BGj1O@Q~fBwWw9o?P%Bx3Qo+F zz&i)vf+a?UhHa;w@PyQ^4{a&H)Ne7Xkc5CaRZpi zjG0)+b2go`!#$gK`LiJV-AuAkuL!*5ohKE{5M# ztSWYnIY*sW>pX#$+D2B-u|U-mwL3j{%a7-}_|#dq4Qa`NPle33#fL`g@_v;u17Z#A z88t4eZl7?|fDlRbwBtdS%7H>5#Q=(kQF;_T9UuRg7=XTufC%^}YA&{eUApFmb9v}r zdv)kz^)nTyV>%+s@kH}V7F65h)GPqhuiAa1w zSi=1{0iVUiD9&UKpdfKIljG~pxqESLju#>OcmYuEr!q0R=W&1b!70O-3ny)Uuy&xTq5`?Aug|$GZ^Kp=NJYP_%!EIcC>QDK8g- z*ydYr-hKt|r*O;Oh{A3>mZOm$vd8nWO8-7g{}AGzE!(s84k<(?0N{Fuwo!dqxkFdq zCfz1odW*dIi-w^upm74#Oi%Aco*9{vejA-Qe;)cQj)ePr$QP>g#pyTBd?LM2J2Ug} zN1f5jpPhW!Ave5&_vQq<5xKiPCB5)Exy_eKPiTMAY86_KFLTl4-yfN+yD$>m2j7n7 znsIMht*wSLZot_zZoPwSuwvWH#P$HZVu%R}~{|m_9 z-jn6EJ6u&(OpQjyY;_Rx()Y?<79%Q(21n%nP7jHME9Q@QFN)CR`uw>>@b)WsSl^-k z8W)@|78DVV^_~Gln^7vvfc6|%w?obptlvv&(=ov#dX8$$tU$}LyIj!O$(v_{EuP`P zkIRc?8j-=M2HM0-XjMg^DL0+lr`!BI7n8B$D1XwX>pz(eCkM~O-yuRNnwRGjfq-^e z)fh-{PQEz+)0<1q4Ur*()N9$F7%5&h>j{QLfi+?;G2LT-59|6u>y_6H?iT?N2-?NQ z4zDUlo|HJW+D<`6nsehN6h72?Z-1nA@q(r|&WYEA>Q%{iUJ6|*eto+3vjz2Xrw<{h zpER0Ig7lC{asZ;JcETu%FHO2zVj*lw0zWTBlYbBVu_E*JK zP+*vqD5%<5uhg+>OK7tSF?2tOM$3~}L8y0(c=OV#4gjg+iZ7&FCW=iMAfT*XXHE@5 zBLS0c_6Cw74e+AJW&)#F*oDWQfKlBneO#LYZl*s!%yth81VaQ?h>P%ysKfFKWeXrw zav8N>O(oG*!Bip0FsospNZul8;`u!~gMr@TA*Ic<*U|w@(=E)e zlz$on%3tN}w22;TlQ)&o#dpjFBe9#O4~3uaa{wpFBYy=qt*6_2Cjh=q`rRFS14Hpl zskI7&KpAi2=J+Au5BGTs7azx?m*>nmT(y6_AP*97iUkLJsRL1;T zSS7ZqreD@FTE|N<&;73I zwU{ftuqWG&AO2%jOePCTw;?C|>N)&zYfYEOtoBy~Jq3$b+rcav9)FrWt8(8L?)}Mz z7PY0?%D^4HR;|}B{tgkt~U9mW?RR6 zr@P;(M?LU|h7angeqNWpqjwvKQ>K^rgh@>PbyGu#p2&4%eC^wDm2$zEthRl7;ee61 z*n`9i1|u;%XjU%j3r&7iaJ}g!>Jx9&$QA@NULfHp^#}05-*Uw4GWLq?Wzd~+tY$dR zD!1U&5OL6695TeU@>KKbq8#z6f6mMaQmNOh=^xs5JJE!zPDlX8;lf%19)>xQ;U6IIc@A z_T$y(6qq!6g+v zWtKUkHg9UVd_)L8vb%a%FVm-z{pRT3Lg?m|W$(t`_cJ|f#7O%TT=ASJ+Eyj?*i>Wu zEvH!5kkn0#MO!e2DoW|VE_osd3XGb)l7--e&cvl;2~L})iD#)n<}ZBYLWeVhQ9Wwq zYl9IQcRTt9tU)5XSIOcTmnsYwu*W!ZN+!d~Mi<&MY42Xc-&BQGFU;TVKYxg-mkYv? zbX&LRAHG89RCP{H9^mSY1v~Bhdw+iR_Qd7;JYSym7uxoEJpUf9q?Hj~HKOYhR{5x$ zAg<;=+`#0n2<;Dzhl=|ytxFT=RZ;ni!2I~;;sQT_PFpMl?byMkIkNBar=GLX!#74A z@>ETBBi}gb`Bb8=V>qj907UR8R8MNr<5My{U45VNkh) zN+YGp0b!qa6f{gaya=k}5`9>+1j~!qqGVWBm@KZ}P6UyLD5i*{0yH7DdEwq+d&1=O zidr-9hO*6KjSmTmDKXz*%Y(zXzO)Z6qF zWTq-QYsPy1&GE zSHNBOg&h14&5(Q!Po1_n=$6(&wUQZ#WbEU1E6so@^|^YWdH1Hmu>)|=J!UzQ#H#b7 zESa0G)YJR8X2*fCqiXw@HG+XXHY$jwiXnX(wIagNLPV+mw0vZ%3KTNM&7rp7i@4da zjZpbaxNGe;YlWcHIV`l1B3{(T?xq3jyNd8Jf6TQ<2QHk9vo7Sd9PnC!P8XN=2xd@= zUu8~@QE$3P!DfWw+buLWjA-F^fc=m?}`rxNL3@3ICf-ZA$$MhSo^ z0=Qyd5^d%>DVtFQe?6-B4vFO3q-VA@c0?KJKZ3*H5QebCbo?!^-6$mw9_% zr-siazjvqSB0rC&uKw#bn+s%7C;9fbtHbRt8JEw!KzADwdC+oPpHe*5NU;^w=vK-^ zLjB^ZL>#VZ8G_fXZJjVr)R5|J6pftKFl*Tm3Y!kzu{H?6;e9@{x7CN-qDYzf8jn+P zpO9wOqJ?LxVzCHHASBF+2KV+dR!PBip$us|y7N(7A%&c8u67K%csbdX+!)d&A+Q_O z;30*x`c$Hu*}ynmwc@%23sms*7=ga>94Z&Yi>hk+%KJMU&Po+)MdxMMlM|CM9$hEyh&Wq^ z3$RT<+@bYNh|9?Y-94lk76TT!2r=CG_!^JEGsr6uhT94bxc)GS(VylPUO|sKEv7uH zvBLcUSZ)#iG{SzYgmLd$L7mDEJT$I{i>q_<+rZ5xis4fhOqP|18{x%Gq}{tzAhLPN zHT;MvyWY3bjD4sr3@x%n9zS(-XOhDwv#Y2+X9ibwXYwkWI1l(SxXQf#H;eMmcQ?Z{ zWAa-;FL}O+P2j0X*VM5wiJ0;asyaQK$Yk+rDi5_(kBvXM8^C_ElDEh8)EXQ+^B5Co zIFkBMiOn6on9J4tDc8H)8Hc+D9MPP4sV`}^I1WA>_HM9;dE7jO1vESvm(l&Ak^AnH zZmw6^!-EXggXK=%y{s>B+6{|8usmsVx;)g%N(jq zRnV>eoN}eitXyr_{k^NfS#}`TG^xK_MeC)HB8SJF3v${wF|gBv`Ck%QNVjG)F!*dl zJggWv%KRCKv55l{11Dh@$v1Rw|_ElL0#Opd+hnQroVQUxJ;J6>P>;Lzv!UbKl_3I zVq{b-mBQa$bpMMoH8>A6UJijtJ1-bnTzZ+U=ZVybLspAVvHCh0HT7N7=1nGZE&W!gQsjnoDFmO% z>NsP+ll%&r@+6w)B*!*`b~}j*GFfpCx9$N?lOK?W`#&Sm1Zr(6J)DY-EmFm5XZM~7 zkcAj5;KT<<;0v!5^mr9B^&+O%H`&+*vO!Hz3Es;LPUOI5#P!r3m~ZK<)%!3IzZeC3 zRcSx>)x512p9)`o@2<7y93j?iv||gC?yv+Q_6lXjI`Zu*`mISi>b%7MOLKQ`V0mIN z%Q@p*UEp@{o2P7p4PMqFhJVklZEf_!bc$IEEbD%2rY)!fKm6>y{ zTlgU}dkL{Spb|xTnt}t z^MM$t8Q+?5YUb2tBe5ddg>1bi@IRMlyc{LGk&h|MdCnTl&hE^bV&2WEqVh+FThKEH zWTmb8TQ5sTc;e$ysKHLa%K>XM?mgrh?eGrj$^nVY%>xe#qh#CPvc@QU*3Qa6Q9^0; zK3O6AA=G<);C@Y+{tkthflk7eS>ve}+Jf@>nk9MaP{k&8dPej3L}eGAvy)H=iSs*f z>}u=o=_~E2%R1p)`@S{d{hW@8k0e*~iqhmYaLlF)%_-*AjEO6Cbm8FRO%CEWF{wxY zK8Kn)D@5h1pI*G2$x=o|GsZJ{EvFAs8b3!zr|0?Iw0+F9dGAU8KO13y_EQqBpa1|Q@c{rx{+mv4GPVArZ|CA{ zV(4sYqW`au%Gm1vp&DW|ZQ{1t5r1y=2Rs`zI$A=AIGX*v=sacFdiE202)Zr^Wr1;N z7ucE-%M+J9V}yUa%t8xAq;_>cs?`fQh7P)Un1yxgyMhe3RZ}l1u6UuU_OR4xTkqKEP;L9CL4UmO3RL27SVCd|@lxLC?rsYwhatW?(AR3MI2B5*f(Oh^;| zY06PUonjJCGL=z_SxkMXQ8cv@Jd*>D3_5BH&7pu&482WJ2Wal7d ze_TM0+}v+%YdrlxnFPK>={z;1x)S0kPThxM-acx8~ zAfu*|&zr{3>3*Abx*wZXlMPKuWy!`D@y#oUVRoqwaV^qfA)VHnMU$sjkxUwsc6OyS z88fA)LBNFerGc{3>=PJp%6dRs9YJkWOVii2IpigLYC5%dM&Jfq$bz@yH<|P6_We{+J$V~JA&+PHrC_$y6*ABBHg+mvQ^yB<12&tFYfwPNbv z_I~v7IP;H~!0(hEMF?x#{m_sTc&WFfk!Z?V2OxmP0DB*z`lV+=Dk8Z$7RziyK9$%2 zy`8NQcDN5R53!wTAe4{1#J0aMYSJ=EF^m%nn$#wh(iF1Pi7&m#qFcYRCvF&}eEP)s ztsjKyeo~^14CJQ7Sfv4t7U``^{s1Vvtfg~0jo0uwf zsukb{ttQ7em`IkM@Bl&h*;=H%C$bjJjr&U@91Ppg4b%GIpLQ27-FDVPg+NszbvdrS zo#zGA$!17=E?+Hy!8&p4uJsuNL_qi&0q3%Qx!Vy79F<^R`~huT44*=XAn{Dlr>2_; zsAaum(+Ff)!QT5;YCMa^UVvjMY*PZlC$Rl4&j(Bt-#&cj4F+h1(s-El?d-%UG-rbg6Q@au9{5@!-} znO?j-R(FT{*jHH2?;Agwb7>rt2_WAzbFvW~0!X#^Sx9p!aG)nqT9Tht8ek3?(P5Ke z>wJ4xwFYJ>G@W1hBanA!OR071uf|G~JDN`_#yDC0jnA17V2%TEL8(=IOg9pQ6Kqy6 z^?=k3D_hJNo5?FO3)&$#8-4dnXci$!3*(%k{8+G(OK&P(brkq27!Z1)0VpPws;`cZ zs`G5#g3i6W0}>1B5;S%#Wk;}7Zsa+>8|kl<{g`8dpkFM{R0Jyy0ImR&6ZZ&R7kx>q z&s6?Vmp=rkXpn{cO1qiiae*;G3Z<6E$86!vLj84T+FAax5 zD!|P0JuZ*jNjewB>IGBJhX8jFrGmu7NeeB3J^1>QQ;-Pk2`Hsn*8#bH5dc6lJjJ>~ zm{Pi@-eySktH9CgT0&-9Qe^ho1P%T1bdPF9o(L&kWDx;J^TG(3SyQ=5pLu585-7WunzWCnhsU0l=oH z@XXu?!&M(Y$g_`Pvw{)E0RW`HWJXZDv3-G-2dd_60MR6QD(ye_?ukd01Yo~N%o`Ef zwLa&1p(rh3;xH?6Fvvu!C#;>n;7pvpdC4c*fii1T-^h z#nD|%bTTeGk7O&4>29#NeK)2WDSx?)9&a{%20{h~Z7W2XFXUQn7PbI&o!xuKV6A)H zS&7lAF9Dpzt7yfONe)W_wUNiJ3z2E>@NU@40HoX zAqs2q39A<+REdYqy?85qee%vQIN5rN>6_4$O;kqoGLsyU6N1AmTUPtGZ2auZjSNbY zFJgU<;!BC;l~H0|XAvnAa&=+>`P;gaL(a2{rMhNZ4cl|@RIjL3A3*Y?Ubko18)WwK>RcM+xP;!NUt(13-D4Er>(NC*}GLkWu57htUE1PzDaOPjA+Rn)Q zxs1xy(KF{B)^+z5)C>TCnkEPP3zCb-jGDHrBY`w z4F^LwZ{O~U3IobXOSErh{15P1h!$U-(`VL%UZDKyL3uPn*U^nwuA#;N#WOKk`%hGF zJ!G%wmnh|zBYJlNymj|~9!=@|_8X72d9KTcUIB@}LL)Yim7+@M(fviWtApNp579o5 ztr;o$JPnBWVySpq0MNUH?71J6>+LTmpM?aSq8A@=BvC>A0nHFc)$L+u>fA$#@I-gD zNPb=X*;uUfP~Q-b+vu%D^HfeLKbYDiWm+JjT@k*;sDO<&m7F_ zAl%XvSIvT0L;{E?K2Y%IdD{=HAU-yMKtLhxa}B(W-luuLTHoEY{fMq3G&_m=X*TCx zhxb|6ckdAVq^WSgT%B~?cZHXn;*T=tqvFA<&07eRB1&m9iWr8AWYjphjpF-si{oQO ztBU*Swzs~O1&D=e+x(h#XZ6{R(VjVGV{HfYw^G$IecR->R29)4>h_3lOAE)WlrK>&{t=_mKG@#U#TzTX6f6EALttN4>N7E&oiyFk2CGF zPx@B9g>%L`ANb`v|AU}`1=H7?eK`QG9#bU=kf6T;Z#HfDbbblv6O4@aMIHCcB%z3<|yLGY`qx3xXccGAB6ywor_b4P`_@{e&~0aHmh)d}Zr z#B|p#=9jNPCabQ9A&22ke-NmugZQRee-vg!A71o+O=}H~o#C%bf=w{XKVZ4`0G|Zr^E81Pj3+(Sp`r&hMspGq!LX(@_Rn?E@)55}8~F86R7h95y3TV|`TCkWo#uj)n1HfdaNkm*J6D znm&0btGRPWa0ngW^uR;<)ga7@Lbq?io8CGRU_ip?%KNbt-gOY`1jf+qbR#|nQu-mW zfaw7&>{r))2RpXhd7F2)cXu_%dZ|;70#F2<)r%dqwzn+7y2^QD&qPxHBH=w_QZmPw z2PaZ3^eH(#OUqIxAT2})hONjb%}nI8t`klB%V?+>X{ha)0WXgfn`mYMZ^?QMS25IV zU#mRG(xeu+BdUvST&c9isTbPeD-kIW#Pd)jPO7AandMqk1IWj-QV%xu!?Xg(=cH(0 z=8CETUeJ-LTFfiI@N_#V+jAclSa?leZ{bm}tTI1=X`d;N;=h+3g&=BZS)P#{37V(h zTO<)<=>+3XvV7rF5M4;*CCZn8{l+W;woNR{JE!)QTqp2)=Uq`LR5pTq$3W##^=xbG zrG2+0$IT!r{9SfnB;z&CL&(268H1juGPHUU^8`}Fl;5WeC<~Z_8$s=dqUsrOKpltu*hqC#QUBAtHEGh!Z?2$HU_gYZH9Y)ws49J+1HHPvHk;9VNG%sc zas6DqtDB0C>%a}HrLN4b=)A|3>~Y;%X6_wDJh<7RliiUF;Ho*!k`2zYoTt~*S{m-M zv^-2MxAY~>P~N4dqUfj~;mi!f)DXy}`ne6*X~q7q?i;V`Mo1+VLf1?hVG+2zA{Y9g zK6quGHJEtae)Uq?_KX3l**{}AiwVHqhB4pAzqDI|_toN~y z+Iie`3p40~vidO-&`u$fy#0W)r~+q5`e^g{7l_l%wbum;8D|mhEpeU86?J8KU!XN~ zQo<{ci*xT{fB^!=fqc~7GM`&X-xlkld4$rFiiIjYVlDwp&Y5Mk16(7r!6=0DDymcz zf34a*tCO-JPeLFu{^m;{(o7j@h-zR3F`FSg`bwyyLg-1!8&WNs%Z&WR*x>?x#RbJ-tB2=@xtfn{@y>>5pP2#_6h1a#H*FktHUm*e?b#BpsGFawf$$#gwY|N zbfwP$h6kAx?50n#M_>rYS2`g3NCcC|XQ&O{7R&r&=tJg;$KWp{yFd?U+qd|HYJ`xo zTn=Zx4!~mV&B^1$^K0WG#goaD(y5aYUs@JD(F+7{yD08l9Q){yONrgtj-u%AW?5a> z4zP~lfVVe%$y#1?tbA}XBJ6=;K>N+m!ZhJccOTSAmLccdyVP2^1CR(=9WYS1FhD(y zP9T|JA%-|7lKHq01ONk%24(r1)^4VoD+~)$B6XH2A>}1OE?JtEcrl5xQ~^~Mt#A>X zD71Cb3T`ov-2_FkTJWYa!2}cnCqGx67sHoKSI9{tlllt|I`D$Go<~E-iIOL3o&rE9 zZW%4Wg>e#wZiHIn2(u{AWdcIt2u!0o#3r;c^Hhn1$_Dd5To}z#2tyC}yh6mg>M07A z%EyL~Zg#U>83^D46o`pw!9UNZf;U8iKS&?i+!XW*d3k?_F91iu^8_mbba3!C&#%P=wMCwSW2wB|dwjlGl{#?RTH46D-})f#!5Q*cc$r1AM02Dg`|ijn!L`AK;) z=u#`2VvbAFg&i!Qu;3+JBjQ{?z;oCmYM7dJsUYH_vk&zC{FPXUNA(6I@YG)(*ur`+zKxl$r8wFBkNd$hHX&PC2gbhxx*F0vzDHENR3Coc^fR_-1KfDG1Uj2M(g zXw~Bh+gp>E=h=@>8oL__v_GOIF1gxmS}sfm~RW%GPk7M-yzh_DnfVx)KihgJ8(umuMC zHV8~xL&p$TF#|Qq*#aW<-2{91Ru63megBc`(1-yyg0aYZJsYYEY5=~(*-jLW0M-M# z1)aXF6C%yPcAu^#!1GJ%hgZN7!OaL=bIEt@HaqY8T6b|dU}sklS53)=WKc46$UWI0 zOTqj8mMx2QnPvnfj(*QjlVzY$L#Od7QV-cl%rZ1bEHZKdzMs|*^q798V>_IBZwje# zAT7n7M690G1oc2ki_P0aODaid9ME>yZPx<$@J+B&l3Azv^`tBrH@wKc(bd4@7}B=z z^5rcFmF>9o3}7QQCRQ$!$3Bs(AK_-V9e}ogS>cjOBMOv7)33^4--^lpI$*i#giU7N zFcnsNTGmM8N(Cbgmd3mL6ijtyyOWkq!h1{M<%V{Wj3%1XHgb03xQ2T21$k?uhovEJ zUikRFGLtsa^H%4=(`UPjDNjN5zor{*Uw=37Df+JdVq#cxYHB{+fikO`+4TZz$^b8V zPTvfuP0O?$t74Lgii=P0CMR5zf726H01q>Syu@V#&^oBz0J!jV4H zD^KO{|LO2>SNQH*%j#c^tAE3Yx|`boupI02h4qaK`17mps|f$=W7*Nafpch-`p$C_v`_0-g0{=yjOv}m65ohTTNm&D*$mk&HLb&M!N^o;@!~?|P#ZxXc zO*Y*|=b~!}7e$RCC26;JZ+?E7A^5hNkRpyKp9l&Vf9Zt@t)TGBH}NAT$?V$=T1t^q zm^8|LL;BYGz#nl@SwwIVpgkw~KE%f*?G%zG`BX~D4p|&mRjc%?&3^wc+oo^8MjVKL z+oov5|CgY(wlg+#wy?8x`d@n0`O}ezH6Vc||L|ilCHrZs2V)_o0NM)9m zE=z@L%(m+0x^Z5VH7}~gTL!FPsj}Xu@ zuUTp_1v?yiHZQZ&>2wD3nfKZCkkp9E{_EUhi@qH#^<-a4nJ?IvAJp#~zldVF5p}Y{ z3VDEK705+)UX#;f4eXu=H~n5`&6L{!-FTZJ_WkOYk->VYPS&fm;0B$v7I>$TI;rk` zSzxAaQuBd6MCpx%B>H!T!D?|5szx{E7d=yUuw!W?Kh^@M1gbjsu=JDqv45ZdXdn zlQSRK)MzwdhaW8|*7aGx#p=JsZJE+8?Lqyh7I4=YsbSb0dh3xth4-BE@@#wE8wi43 zfMJ?f!8UCk{pVOZq)%(LW3yJ`;$z$#YyK{Q4)r2K_&e_ZIt%EonGVLCI396k?Xysu z0kMP^-hrCWU_?Xx31LlziIbH>=nE@8I12)d69YDt2iLluh8P#u2-}Y-Ko(795kr8J z_GShp%zc6?frXN3l8-Zu3Sl79dD}qG&Sq}4@dH)06X4fuazt>aK=n<>sy7e~l%eI! zTij7JWZ9bsA#^ylK}T_QfasL;Sv?@1WmYKUT3V@Jlx+APh4_MkJhPfo-LfwYqD~QI zp^l7AKtLNS}%;Ek%5c zE^%zK&^B>rz3sr4IRm^Xtl2x(&>S+i9tP`ND$rcs5uGjPFIKU($Quj35<>rZn^`5c5-Ca^zn2yqW|ASL9%-KR+-#XUnrj;K|(NF@VK?I(VhkIkob^X!+C%)Qdj^8GGrQ=fcOKc`0)%d6@~b$vtL6#AbX62_=2= za}(zz3LohWzMwJa2im#t$Zz;bPJ0v5V-w=v;`(3Bv_kb5C)$3Ym_;S4Zu$UifNaP* zUiJd$0AYW9F z-Z0J50`B?GZ;+O#PaKnU6bqSE#4_+Ggk4GRPdV+VlMxQLP#Bi}OlQ;ZbI{J2IdFwEEKM71M7X{zU2ZX!N1vqxj5oMS zri~tECwLCA;sDdG+^2sfl03Lqj21~0x1@rXpSffpPv{^x$>M>(IEUpo#;Q?=wbx)EK7E*YO4XAj9Uvi2Yg} zzk{bEkpY%5d`b7eH^@Ln02$;9F_=sKsQe2QkSI{n0nRI^wsLM*HqHo-6!Oms$D?es zJ4F%^@9UD8FzHUfwE%%anyj?rhM)-Qi#V=AZ{ZpSXa}?qj*PfKE03%bDIvvV<^Vi4 z$awERFBFJtW}99@ARRTtgTlY;2(LZu;O4;^GwP)wy#$+&UB!S&3=T)o>Bqg<9{n*s zkG?OxZto=r`i;Dr(xG18v{$;dk`la9QntD#xN=l47Ha_}b8t&Lc;^TjHw%-AHT%df zRHwanp&B`uo0?28e2aOTHzso%zSjWPv$vY35qn@r#>6;NBO5Sl2Rk~~w6eEt9u1`6 zv0KGu|6>eV&~7Y?_>k0)V*L6ghEaLd*kU3HzEZxn-9)s1a&&?>KH5FEffZSn1SDqI zV%reMy-SD|1hm2no~$sjs)^eTXbBR)jvv(PU42>x+rGg(9|*cCeM9jQtKJ~-+5F&_ zWQbA=i@9%L%!!PSAb*)2aMN_1F~hf1Xnf)ReAh(L7u)WiKBJ!^fetSX4Qnu?JHyX9 z*H+&V)?PB%eu}YH1=<_%?D2eC z>Q8k?nUmo^x?naTLRA5;Ea8Ju&crzmGr6X?C|XW)b+p-mCz3o+cpbf{@G|WIN0~y5 zQaZKA81xx%yX{UE#9;y4{yY(+~sjfN3aOe+192&bosr%DrvCa@H7 zl%*!Klh{H!^V3p)!D%BV?q;P{NNXujNskDNO*U>`I=}Mx{rjoke|9*Ld0K6o|EsA? zp#%V6`yZDm#&))UEX-US|6}m{U(B5;TGIC0VxFT`4Cx2=gqMPfjiwr@q%pLy-P$jn zQ>0teSEjWm4QldMt8gH4?2_>q2Fv~7hwkl?YMYKH2PR3fq!l_sw}hx=RH~dMj?@2# zvU6+}CF+v&v2EM7ZQHhO+vYvC?Q@T9+qP}?o%z-i-EYK1RMaonQMLBU%qLmHb(|zo z<0R>Nj;~DA-+#au22#QXR7&5igj2<93dW0e=8oqrFgPy!3QXB#Qa`Z#8cbQM)hZN|PC3Tej2My35$~%#^DiR4lVi7Hz;r z)!zWwCQsG?*=FGyh4oRf%HEpa;N3Xp))GgmYyxpb>lRm0TF2seRo58(P9k?WCY!aT zp4+0=snZ4wmbEV-*k1*mGv5d{|-;K z`Z6~D4M88}sqgNyn+Uv8ojp~A&B1H;3-{VCDY_O@TzlF|XZD_qUbSV%H5uPI+B{Pk zg%q=>@ete@jGh%q7g3(Mw0S8JlUF@H8*mOzH!~F1t3Pq}rbd}EJjVu*Woc^*O^m?%*gCPBkh4@}r6h@O(MfbrSV{UwEYv|HLXngvUaLD? zNgs-vw>07HM{R}<$dZ_J+^>9clOlS)=k9@?HJ}TKL$9{Xq z?s4d&ShmUWyV#*~vGfz)6VSR+*iT>=)`u>UzALP>?25{JqV_46*EW2Hwe+^)z(w8= zjQUGPTjh+3X5>omdu{tD<3XYtQBQt^=q-~Pg9U$mzY;eTcmC)_6OZRX1Vh3ZDwHLb zip6X*^1`Qz&b6ha#GZxHnV0fy9}Qhn@vilj%~L7PNPP$~14zVZ4!T!ui1F#?<@?dG z%D3mbC5=mP)7H+Z6-3wB|C~GVab;!Y5Vga7=N?D`vXO(o@JGv=JHs_dp;>45(kUEF zk4RI41lL%OwhC3XE8v#cXfbTq4GUJ;d%{c+$9RJ-q^aztykSE*ubf}C1OO1v`^ZF$ zSJ8SqHU6!2S_p4l5F>fZ2pw-w=z&Qi!zFra$q?J5ko6M`{nC!R@$X<kFF9!Ikw z`%4BZzmDVg20FL-p66V^`s7^3o>3r|gsqQ6!=#qrA&mr?v?2 zE7G!%(N??bv6+!x=g&AedL8*l&GDu>(zn#Nos!7mR<}o!c1WR>-kvM%hme;QoN;U7 zek+QXHdKzKd}?|%Dw>z3XWEkwC`sRtD*(vIl0#*R@Bjq+?B;u7J2gMI(d!2$XVJgQ;DeLyga7WN?}eN5ok z6#6#@`h26$Zv62vQTuSRj=H-0HOvMp^3ZK)zcrWdv+j+(aglI~URD1ER;xFq98}N> z8zl`k5JP#AnR)AD8mlG2_|~E!8|a=3UbNG5CQ6~XgJjKx@3}!qLu3l%$fl(tsp$-t zYjEYqvCaw3xSmWp(nr3zqIO;H!bv zQY*?0=0OG&SymKa{73ZzU8iTqRs)mKv)g$GP#QtPFaS4&ZzavpXU0QINSuN`nW0r6 zY9?s$=Vn5nCMi`s5W!T=*LG6-r$Ades$6ocJ218`@|nJ>&a`;@XY%_>)A8(=Tl4 z7vUbL5fxfPK2Bou=Nw0ZJp?#ZzLUgf5^v**ZPQd$JFv zn4Nd(2lY)l4+tGdy+??q$MUr4ZHuhp45}c#<;Et#*TiBRdhAUzyQ|X6Q3IBBie})t zaqC9)?uvL!CPd>7v~Si-4Z&=sT#L>Pyf%SqdyF@fJI0Jgv#T=@zX)som}r^p7KCjn zN6y@fa~VS}#X$0n+>W#n&X_}$Ieo{{CPoVy{-&J*`j-h@kwrt<;;g@z@W(!YuPTreB~*PQxXN{ zIVQ-zz0!w>Qkj)uX)gNMj{TXyY6rt{%pptP;=gr|k7Ot0eCaWG2TYlDV&=-cFk*9- z!C+nDi>(jq5x1xLydnE0j0Yux0v7GpLjc^!k;kG1@^ODsJ}MDJNQW<(csK};==QeZ zFgP^^07tcf_YdI81CO*3^>UIfDJab-;`C|~Jge}`-+4t4h!1`$HA)-&DGvV-$M&E1 zzFMjw6R~y%VR4ptue6Sa@m^XVaD+PXBB$`J6M1YVL3cUPIu}pMSV9i!nU*oOo zTO*5PHj|7)c5{#}P^~v%;S!=rn9GFHT5nUQAd4K<##S5i+o$F7iR6~(OYeg9XUU`U z<0zK|BoUv-7Mv2$Ao|usVJDv?Vl2JKJAeM8JISAkM3c%lF^ zcOyWaybyFxnXw^A{M9<8WCQ~dvE4~Q16lf0RFcN|Xe2^Gh}oEkwJ;^hpvx$63db!% zp)}}xz|b;$UECFuf3M+&=>D2`fWs?VS7?65>tAqGyk1^j&!Verez(iZNVR@Hnrp9l zEHlx0fmcwt;hQjN!xA5Bvny;RW}yV!ZzXD8#pX#}C?`;rM)YE8w2`*+!vsp4<79zz z0As{WIkx|z-SdVstv^p=*&$Wn?ckF7&|k_1X6*~?g)IA5DEhL(*I3bzre#UPh@n=u zJ1sQpQ!2mTfudre^R(76?|7yt)EKd?b#OROJ zUwHSiKXwv*!l#a|X%hAiCH_@U%3`pP#4KG56^851Bsj>CbVrxF7=W-!cjjZ_ZZWxn zbfE~o4%Cv@`NW6QErO!E7 zANS$X;2q8x^=L{a-uz8a&XVGKDL|l%@TZ~TbXYRvHAq{L_L#_$NeW1uMXJmawI?Qy z-xxObg0vrIVmD2!)=7WNm1rr4IQVjSi+`F;xGYw?Y@xcK6|5Jq=t6#rf6TOu^@v>H z`CN97b_klvJ-}`?-nrbMs`9_U;y^0XwlJRdm6||P)SKD1a!}D-2o%r0yt2H(MqKKK zKYWVKB9ebFdD*$7B`1?HDK9wMiFq;er1`e;u55Sd9IrchMA+Afzk2T*Y(#-y%jb#e zob0aNOeJM24bd9^%Ub8|dzaZR0B0Nrp)3W-zT0)`j25it3DkK--47wx{9jx_OLZn% z59pA7NYisFMgS}!AZa6zFUM?|-KfD<8jtZ$X3f_v2DNchX<%Wb%O#Jc1pkuM_;d69f-YC5?!s`vI&aRwrU?g%#~uLXCw3#@Xg>-W6k>jQ%UKe_T?gg>hFCV z#W!6IwDl3*W7=c!iGS^X;mk5=gs&~ycSkC>xP%nHk3l79CRDA7$^px;H2K`V@*b8~ z5ZCHOBHNYflNEZD({eKWI@-ZkF!TVlmbYM7(Mf2?Ej8Tk2sLV`Ea1GT)hd zdDKG>i))ZaA@&NP_KGWzl$x=zu>+YM6_M=5Z&1m6{Rv!xcq@40Cw6h$Z$E@Yb&ZNf zUa3KT@c4T9?kfLQqrdnI z`~Z4dwH$$^n{6%UEt|!#3q#J8G;Eg=(zrxF=0u+(53uCata`dVexPj9@!^WG_u_)1 zua~-={B6z8%>RBaS4|nXy}((uYGug5%>gOF3{EV^36zJ{?X!d1i-slL(YU0<;g)Cg zWop!y9{AFi4x0d=YOKn}6)`bBl3p?&z5pl2Y%bW-K%(O)ie>J z70sq?-;qSf$3JM`MMi!p<6N#|4H)n5d_aCdC!JPt16ZN0P!!9IHQp}#ib*iy7|Rke zpEWWe-cowOWo@Kh5@@Ur8mzIZ{bdHcWE%3khrf*=sA>Pi3$z@B{iiyX49KN9>db+uX5My+S|L^Jv`8_8X|bkihY^M9+W@ z?T8+rk>!hPz)dC|dR*Y3a?%YJSOCeWoaw9*%X4^vplOWo~|3Kxw3VvLVX8)+EW8So-1# zF4K!B*Hg8%=RA066m|$Cg6nt-0%p+@EHcqkz}GDGcm8V4cEgv7X)*x1=pXH23M;BB zMFjqxKyp`$xj`=$T@zF|QMtjjv7S`I3h0*9e)=BZK+V#I*tFE-+OC)dn)J(Rmi`Pw z$zMze2}=q>FVPO%60D7}pe$8=Q;3@>3eny!l5 zFBlfcPpo^6aEHKNI6d54+LJ8~B`Esdyrzd+&Ygj^bM=L(t2wqrcW-4e>8kVI8(S(o zLC&ot#XLrkKx_FU;QjE(yfae@51d|3NCj4GoYIOQ)n)ASPbHmSzXU=pmOW z%G;}Sw|%M(HS`%Zg%yDgw@}&zp+40LG_oqg8p4l>;UmhrkkUElYl6v%ta=_S?|Gh)DT?#5>S18QdgpX5JMj@f!2#t?28t- z+g2yHG%5V?#twk+C3%giF#Knj~eBOIm{xrt<3yj)U(qb0?ZV>`goetU||*x0_V&vebH zsQ+F?EX`VKE~oKFwINDvoXaAoe{^Z-q1kmSvk}d~9P3rD(d@{1x$=!P_TJeNMa4Zo zsK=%A?;H!<;;neL_!y;-VszIiYbBy6r6o7j?Qt(y<^8DajvQx`%$($JY;ch;g3UL@ zcgawL@6D1$?@a7*9pTX}(a3J%iLwfr9I0~;&7;R}q!8Qn^ z^fV4Dc=@|;B&z{(P-Si-ov$vM@sK{1=Dgs@S@R6p{h3dkcqC@64S{V!5bnZKK8Ufd z#PtPlP{^705sC93s$W1FXE4x9&VS*v3(7$eBL%kVM%6&zliy#{KU5tpcmEIJr4DKE zQUV^}AAS=6fbKu|RaRnwoVV&fUn@$c=U%kKLg!LDj2Y!#hgek}H=#<2z2?8I(SfUr4viKNUOY zFXuZ_-X-p(zNPN1zOC-HzH%?N0%6N9mDRH!bx(S>y-|)E{do?T2`&20r(4MS6xWY` zQQdcR--H~|-$KQ;KCwOYUDED)hI#{ESMU86bVoj!{Bdu0hdwD^S$5?)T5*KtZ z>9$#(P?MU%5SO3=Ejla`m z-{X9F;{6hiZ*SAp>4;s!>`T7WdN_v%(W@yrh5uw+ee)Lif*5bPLLt|T-LF^Jd+cfi zGk3$GoB4CC@Ra>#hA~9+#9bYNfa(wSV}~Tw6G^1zwkB~9Qh!&{Gi&rLfZYJRy$ruj z$X$*@#nCe1a4n1nFJi!{hQgi2_qWjY^kUgwdmk-Rr&_)+vU??`^dqE(-*7ckODS3i zar5PU!#xu&=bw=Jm*d{E_n~_o? zgR39V^LAf@y;y?-fx)PI;aG>sv*=r&v!}_ptpG4(CQq|X=zvqsT0^VIT9Z!zedX$< z+KY4S)0}j;;p{=CEBK)(#z^rb#`BXwDY%WK!g>yh>M9Kcs@;u&A{JXUDH1N zTkXt3kJu-dyd~xd2`nqM z;080+K~t5>i_cU=P^)sd-)FXX+CIi%Y}EjC@>Z{43b2$K2CMn?zivYG04{Fb9^N*F z#+%-G?m07hVM=eJmqa>AuG<}6C6qO-$S(}Bf6w3by3%HlKIqWTBP?Q$W67`nJp<}4 zcKV2Hy@kluD@n-_sBEw>;0@iR*>s>B9I{RhO!?<3vM^=4r-9IU(1F96N~@eyY84)# zrA$Mp3oUXt#1(>S+IIXEN~qB!V6sEo#YCIR-RKkYYS(n&eMg963}oKxJv;&IP%2BZ z`9`73vBMJ`Ts(ON2b{v>2}+d2$9alvA%Me^4TV62{!|T0OJWa`t^+A#wThfUlRdRV zAH<-nxGhoDstU|v7sLb>AR(q}b7KYOEtS@0tc$A5T>#pB(zYI#@dMJe$0CD*_9U?u z^%FXHC#y`?=jAbL~>*@Z)w|D8bEZD~A88q{1WjIzB z?AS?OB05ebCV?O0g97APQ!+Zml9@}WeAzgz%iyEJqB>DCac--?`g@8UZZ#GXW()7fg^Ly(iRUc%JVe7a(qSe{-xZY? zy{gn)i>kpD@~$<3nQ;Jf2F^Bm)44WnJc02(wUE?hT$724Y5OmUNnjH9aC(UTf7k}z zw)J+?Tyi^^_ITB#`*KrsZSvpTGv#WF;PhonIBtCOrEtIo)x+)4Sla7(h=h`&iqUSg z^rpNMk3koX7nw+V>3+hFK93+Wc7^ZpL#ICOo*0?r6;Qw12e>Ng5sOO_Ny?Sc79Lvf zn%{);8MOWiDUdW=iW)?(bFiQkz9RlI-jsi{JR|X8BbR3bXPgsD2h&@j>JgIsR2=jL%Hl~Fz zXR4A~jHv+(=nFI@3GK;4Oo8l`d(LJMH&12K#A6)NY@LQsK~z_ zC-$u_`M`dht4eMa%=uvtZv(n59FTb~8)RPmp_gpimvUIPYhHUGD7b(mb5l_!VJ`#BL4x*w)cgD z+!fM9MVY0B@4SBd7{?r8vJLO092@?bS=qQM%9ZWg== zxnk-UmIjc`5dr2mk~iXXv%t;|bE}NSd4|qhvS{PY*r&m=Gp)qEmm*CSCU_LsaK&N$ zWb)E!Zp#f%P#r(*=`x$B`+?#N8oWc6xl%(RV>+<1#h?)_xv=&R)Di7zsWpDxh}!gH zbj6C8Kue;X2k$Z2v3${5y>dLoufRP%@Y&U= z!E!2fB~`6T6u&`KLR!~oopZ4vnJTWi`2?+rkiV~Aivuj1;hH??ue7(;7oZ$JF9Wr# z0wD$Iv&9LWQTV3U$w=T{vL4%*L9#BJgwI%Pu_dn@)j-C(pPvts(qRNqD~hC+J-)F^ zp?63@;^%koz}(5@#@$ymtSwPOl5xc`nwYXHWui*a2t)yknn|HRGcx2@xl?%%-AG>L z=ZK%{TEucsm6S&MyEddEpw>fEoGkeYl^^kh#7fZ-GuP0{8`6-Ad-^%M%iLf@r*%4=Ma=4SoJ3OHk z@gx8nnA@IBSRp|ux~$G;_fI8a4}l5;0J||_NL2>03Su~=xo}b=kaKyDEMTG*G*A&3 zYgTlS96c<+DisA72^Y*qSpF-wb_puFT^tu=V$(v&ntUM2ZQZe*{RZ8ixiCXgEGR+D zf68aok6HJT9VIoQEfrt!0XU1Ht{vSmZcDQqNheViWK)@<@coB+vHiogRO(w*EfI>c zi|59i%DCa>TajB7$Hi@*3vBALs_KhM#)tNEh2g?0CmW9^%1Ph0zex1D%2zrRdA!Bq zlA$xwx^b;Q;KQlsTX29D@OWA~&1U>5go_vb0YnlqMqgB7cH45eJ)L6ECVTZcYzbT~ zF-M{YfH^FmHG91PX@P|Jm8`B>>CZ2wTaCGr8Tyio^b09P@U#)@3W;leas0JHR9Wd# zL4_?0ItOI>_WMNW*$wV}zb)1P3BZy~QbF)zIj{G~UVnW#obv!#;PogOOp}0DV(FWr_Jp1^w3ypYc6dMI*5;q-Dy>AH~ehL&> zD&eFgE>6mzC6dgel}0i@m<4^q;Tl`H63Re)y6y;xDyhhDHmH1LWZXd?^>N)zMazE{ zfo_mTX#F(k-Y%G1TykJvi$5kBzI3v08`1neI|t*IT7=6BLtJT6Ksk9xXAw8EU!#R> zI-N<8qUa~YuEp(F(y?@O;w}Y0RJsNSRa!q(?Ldu<<6}`^o-s^p^SNZTNYQqYgdSgg z_wiA+yM??p2_dS%g`@{1ij0fg#P4j`SzG7#cCMn7ovIuC&B4<{-!$m28uXuR)MX~o z;%#dgX_4#R!}~nD*GbE{6SQzy>{w(@J|DV&b~Diz&yQ(&ZJ8^O0)y(3KqxpjUq5KE zL$+W=sb%r*YDnvpqdIqvw&uG9HoqjCT1-S=#(sG>4&b?Ueg-+E+BY-CXS?S}_2_PC zV;e9QcT2#NU>G!Wt_alaPyyF@jN+;%_3~b{xP?ZV2L%kET_OJ=d0=d_rsSuT1i`80 z6d2{Z>2N5|kA8=SfS#)Xoo=NYGpV+U4!U$Gzjw>J!X)Xb3U$&*N#koax^j1LyCw5u z&$u+$Wyt)OJy#U4tKUGUbwCFJM(3t3zW6Dc9`R@BzwrLM4@p1f^`HF(0H72I0D$p7 z-q-c@E$u8_^!5L@EBpV@L1wEo9kO z4Qa=-iIF{o#hsFW3^LoF6TT1XbUZ}uFfda)2X#GW>`gQK>dXA{Gc%LI@yXfwV~2w9 z5dCFd@CZILZOaZxR8B;Fu_6Gf+6F}#h)~zYp`ysD6Ae{m&FTzbrDxZo>C| zo!H2EP2a`g;hI37$D_kHsefy}zIb)db9R`vF;RL_8J{a{4DA)g&v9R}>M(DeAD5-_ z1YL3zftOg9OZfHmZA%I3EKH2i7f-Ne7+kFwgeq%`1v-U7(ZV|QXR9&FeM+MOMH^U{ z10r;#c4R0Dt~50sb=&z`@hO$==G;*yVpa zLo+Z82Cg2^0DvH8zyJXM_m!%qZND{wdXk{?FF&CxNln@ilb^pGT`Z)vDHw}Yd&t(4 z&v-#qnZt4q1SXx>ghaZ-!(26)2@RsC7yJSKCOD(5{{{T9_S%E)W2+DKgbpIH)S32K<=AY(8Ti8&=Zy=>GYT_w(3O_@(T5%((Xn>+?m*5{Q%_5h)pta8;GK zp?Iu+Y4K3!?($}>NXo_)Ry<#1W#cy0wo)yg}yIv>eeD7nP zOW~613u(-(6``G@*0rV?lg1@2pbTAImpa2O$XmbvOUD`{HV1PO^lo4%&acRQ3tD4< zs5S$7A#7@UzH8BsMS0R?n=8gExXm!5M8;+~Bh{4-R+uL0B1;={rBUptV!^``WO%9P zv?pqK7r=KO8Z*LzDC%nk@CE&fMAt>}Ad*hzjwy{P)9UwYahd4-dD!{a|CH~|#`$sQ z#D29|=#zqzZc6^&+PYAv7vE_=nKGfFuHPLy5R9HeXdG2gZt1B@0T`)VfAB5NNk|SN zy~K8gq3Z5@EMnKw!s*!2T0j5<(L|nC@fYGDFCZ@<)h38bZA^HH_nxu}z}L{Zf52oE zbrkd1pnIc7=d2+AULU0u0A%<3A}OLtS~K1DDQW8Q)w15PP1>^AF|<=19zMR+@j3~c zEQqQ8PRT91!6p8qFb5aC1)H0tKpeC4ozALU+Eum0e;&3S8xX~A!&NZ&C6?m3J7U)+ z9&?4|->1NpgqlSFn_*?)nzur2y*a_)233<|oY4h!n&^?g{x$zqY>wmrUt;KWtRho5 zpjQEq$5!6lR&l(+JiEL)CwZ}wLEf4^1>Hoz=_$Bl-CmAn_)fD4iuE`&*VE|l-0K1Z zCE!Xcp09$I67rLTL_TydnIDz{M7yzGSCgj9pRcAnPjdnK!6y5~vt-^jNBE5{-2nT)T zW}7t<3aWqF$7d)nj&x)XALucT&kDpunh6XkVE&V#eyAVm>bfro8#%_pZn=LhK1QLF z)e%^=8ozoimA?WWg+7Jnb2F9&gE^U3KD^AHv1cf=LtKx(v109=M7rQ{h>s|caXtyV zQ?f6%inH^s!7f}yF7UE*K2X}RnSw6Z-`I0oN#n+}c0L6uuOD?oU(tY5`@kOsKscRW z@RKZD)TU`?)F%egy_M~Q4QI;3lgbr~OpHUy$`r@CUm^OUM$dAy67#_`8 z*}f_$kM+jCZAAhQ>~1N7%zx+M5?ryCz}+mT^C>giQ#U=C?X%C)NxQWZyl=|%_9ApI zro@_q1=m|?z;kKi1t&s?XX+*y`FP>x#hR+r{myMT@V#}S0whliNE9P#`qn!-j|l+B zo+-n(njWpqnPty3#-@;!=`)a;F7Hi5ITGLs=io(MuI^$!4B3kXy=e@PZk0}9Px(xc zrds7TXk)3;)ZenEu%q`;YJoX;ew71Ag1Xoyp;kIP3IHz41n4@2)!5qEvV}Va&QK6$ ztk_NM2Lca5fvP>U4T>?*LxR#!j)Poiyb%9+i@~+LTF?aE@1XKgrx=v|0tDpy-4pU^)ECo?^^&PVD+>TXiU!Jx~91a}&O{61#j|h7Uk;?h#DJ zT^_~;r8tpGf@TK;yKGT>@O{@RM&V)2?f&$N#?K&vH<0ENTlD3~gZJG<9e&cbcSqm{m@)&G*BZ~6DBX6up>&C3_b4H#v`%6=zy`7Zw-un+KDgj_JcZ~ z758^29mk}o*t`LJ!|DpIrI8+wR$jbj!XvETSj237BKTU2{nudi&O-f~(C^^q z)=r)eW+Utfg`_DfHt7)Xj9X=FY)l+{JU}5=9ILFC(KgbBSSCnc$lmaDawe$F3fa@j zC4aKKz%HF>nd#ampLm<0_)h=d=ZZdsaETOT0Du7o008FyIGUPz7@Io$$6V(BFr4OS zjXPtHdgb-YMHEs*CADlAYowl^gGjmJbj=w&tjqo*~j^+;Ou0Zw0pcgI9<^~`J?L)&r-HpDtlN; zNG5X6EsSzJZ+_l_*%v-UvM0$2{D!eNXaseKGT0OlA7RTygLa2K z0AzFTa|+N)IRnf$dv_VIi-ZoKZ}0}&=X^l47Y(BwKp*MZ_qYJ`MYfmZfql0LlL!74 zrvcE_cc&eIE{f@pu@4<1CUFeBT(gyjWr;HTYu-XvBSyQ^|Xj$en|EuA_pJP&|xns?QOleIYR07_Gc zJCtm{$s0N{d((lpYuUUS+cb8P=TGTVapN{$>Yqc+7L(Da%$N!Z7Um@!VP~eml?HXe zOAC^}AZpG<8j-C|U0?~9ue<<^2g~aqMoo1=YYpPL%t0F^zKYh~^pRVRENVdQhldH$ z!(*DnW06npBU)l6B51!&MBpZm+eN6m$?hfw(A@Qys@(8E(P(_Hw&AUmPt#3TTC!HM zZ@Ilq9}e#y4}-^#f9k3qU->%QJvyBZZ#=6or;V2Hw@xtgvyLzRJcZOv)QrYfCT-YL zPpQb+2~FznrnK}m^7a??AbM!-)Vs3gI{hehos}%G|49;&t5FrOVbOdO!@hxn?@3@K&13!Rxs-`{c`80Pnh}< zttM4r7dCf^ho^yol|8>uQ?)8_E*D2dgvmVW9AxF1$RT*MF?KpNbB?G=HHvF}GWRo1 z@=h^zI#SyJX=hj3Q^uQ8>9S+U>D!sMRLK@1)!!iIg%w`T?X}iq$FFBA)gD=pB zZDB_O;c=)6!Qm`>vF8j)<72`YSVDQo>lLgLoK=V7YCI9CUFN16B^qtn;WsT zShQLQoZyu#vlH@Y#|QO@jCe|D`)wJ)Ty>0%egO`Swe6G0GSIY2EQ|FJfM&MHGokO{ ztIELhD>q3yZg*vMBaXV3n@Ysp5@cIClLXK8q;1UA3b5jVD|X0E^$wtCgA?HJ@0?F! z-&>7(zsF1KU(?RGx1b=gjX;wF?mAI<+Bi~A{`tpXl?0mgTckCee_WDMe9w;U!U(-E z3|BKGc_AA(AtN|h*1(}H4iYcIxx5$xMjW6>o}W_@L76>&J(OX>FZu{c0`E5MF4Id` zwE7#GZOhKU#h~?bUKsaUaB>^UJT?ZrzL}&=BJ$8D5D~!x;+{Hm;e=mH3>0CA@)PK$ zARCfVtlH&u#--%WiqR!(vr`TH{+=>fSVtmT5@IytMGw21%-t-qx(d2|L&}nbFzoH@ zZ7V_*V2RwOEK`{m&O+ZYaGi$Q??757v@^m+u7qg;2o^cjleJrU^ zsfd3T)7bs#jD%!5)~7$DB%TMZGMz|f+AlVyT@C#Y06*+AtDFr3j&X2O>N@(^4B@d9F#)?*-dk39_@+Xx zl3{NGj0eB=!x9kf$dKK=m&%Zs9}By*>o~c%*;n|k^27a_8??z+m?Z5gO)tT89^tW+ z%Ot<6VrGuo@8_o9OMlE*-vk}P*)@F{we7tjJi6;yO`NDx+l-`jFfusSOZ!%*uTPf{ z;O#G$f7M3qXDd*x;bVQ-eBb|+vNZZ7XhCVB*Rk+)DBugH$0`t9HVHy(DuuHAl0{kQ zW(Us8t>`v_$?fc1J%Q>4j{I#W;;7Y6MxNfs;^U+WiQGf%l zaeOjiw`uHLF`nIhLBsB$ry+^LRzml@Q?i{Ddy>$`(nLok1(FVTOaCNYu-~y~*tz7s z8+q!x0sUfddAU0a~IVG=(2D;1(JC)2zkk=D0^-v)zCYdi|t!rk*!Yj4HTkOg?duhNA`I=##!4r?x$}D^`>( z28@^j5zfqM8q;Sl{)%R`o(TkIV7V%YB2AjkEZ20_mnD z7kgg+H{bPzi>IqO^%B9lO})fA=ISU{zC@R3%7H$QU^lr@`phBE8g@==TP&qgqAFn& zjsc0#HNbQ6l;KE(#lA|bDac8zs3b)?zlOx|0ouYYya zOX(v&a-z$1tA6Yl(YfKSBgS+xNOsU$9pS9gYjkqbKLv#}?PShdWiiYhQ}MH*55F9`9C|Fb2^Jd|A@=!B` zuD*&-6y`{$=s6wyg8dWm12fYfhv=!vG314)Q89lBU%neMq}bbT77WvqbaCiCO?Mhn z#KThlX(_q9%_EMYyrkMa9s=c_%xPR)*%pF{Mw=&1&Via@o<;;6HirCgQj zMc!rZ330_+Tk{qij(VDKMU}VMkz+@A!#y?}mjlD%G&@N)Wf#tUNeY~&NO$ME#L?kE z3O`ojDZ5f~MNGz|Od0tvdn#o*CG(?y&N;~^g-b;W6u+^h{3vrgtEl_jmvXgwN{8v$ z7~$-!{`!qvSS#Chw&S;ga5Lqd~?)5V7^Ydt<+jHWOqgdy?~I41r01@C_ep?}T)9z{i=O{;YCWqlUkK zda+lZR5R(<1l^$JGD8G58HH*vAcQLI#4s!inWfZrr~H?nf`lfRv{P!!$_@e|RBOe` z*6)Tz{*DV8_YV^_tE;w8wA6@xUrX>83hFSnB7qe&+*s_nBGm0XOt8!oW$rY)OU-u;D+N&$#u4y14Il39qOBV4y&lKyF~LO zwcqRG#5dfSMu2Oe{7%Yj@%5Sc#TXYpIULu0LOPvn65|)fm-~t;$kTvo;+LZCSiAzO zV(o>L5Xv%42W5U$PKSFzz#bQ^fXIzr3WDA@eD|KU>4P6B8M_==&GSp$ zkiIp|r#Ux2(HGRsE%UQqlJyvzau3~>(Ruqv0P-np$XJ)nW6CwJ`04|_M<#mZ`I}W} zLe_;e1Rwe~U}xGIK@V$*HU2;#icT-k!Uz!F2GzhKazS!3SHD`@!lu9fo#d zZB?uEi254E%FAU`{sNItJX4LCQ-To=rO9PNk*-Wok}#2xY{7jBM`GE__0`64;~qRx zGAqvY`VC*CKS4o|K8Y3;3e)>Od|FG6eE!glOJc6)QdZzh?)kHEpxzx6pj-7WCE`a= z33V~-;B!Ue89wCh0>{-sn!Ovb++o1PBP34tQMZd%TGXeOKvWGWqHP$G`ppYgeas>6 z=e(ChgzHlGW~;99wU_xtOU|1U-+Q)8mS4@rVlY!e$5tM&&VWggyqMhS`1lh zzB`j4v2uw?c&)6cu4l|GaKd-i;NOCEACWBEKT{ZB&9-^{XI-Z@E0iE0IYKq0wrxY9 z+^%&7EZ74nC!+$46?n6zbJdBAW@9B3i=sViR<0N^2HYEa2pSW+7w8$|l zlp1_u?P?tYA&I%0aoYQ+f!l`0Z%T;O;7aInDmTcon7Oy0!}WECO*Yes0$50ER{Gf4 zR7PHU+uE}hpF7ivu3;=EGFt1ro^FkKi=o>sJ@%^fMvS>ly6>j$nHxe6d)0;0bJ@ox z^&SkG#cL0p6cMJabI_cOz|s z9RDwxi`D8T=S9s9NACiySS?Jvr?^E~E-hTV$GnAE92&4o%L+?L zKePS}eG$F#wDq3hLeG7f8Ab1czAtFS(0im^s1lmby#I5Hv}{&5=`d*32UTOuQOKa=+bnn~7H%HI^gQjPUZr}^|o3t0? zWmDU)iiP%N=Z(K*C1k=lu6RKw$f_Azlv{e^Cd!47=(uK_*%hCZ61w0l-hBnOI9w#5 zyyTys`PwnqWHf%rIO*1@d5s+MSIpT~*ZuTYb-X!vHI2E;K=2@=Z&C|(@)lymh2;J} z`IF`+{^}1a1Cob!`Q(2Cf&l#n7vt<}C_P9Tt%=1JMW3o9fkW`dS^~HEXn+5yxHS_m zrpT``cM~1V_#kwF;z!Wse%vp@=f1z}_}%Wne~IDK(D7-1^ES!41X^#;D)v$lyH|1B zm5Z{}c4b;0Kl7+FtAoa0g{8+S2i2--*!sg;*6>3thd9$7d$-%9>tZhme=Ta;?+48Ls-7Abw%sI#*Ayaoqs z)UY$+0|+!^Ks4vR-VsNOLaUB`jahtN;#g>})FyBc>584yk-~~Q8nRn0OAxfC(z=yA z|Cib&Un8RAL$`4o#JNbyj?HfFH8cmiGVgOskq7{ypGnDM8=v}8>b{*+E+|RQ`$ZGY zt;S_wMv?6tq*|swb*w~+Ey?fSa8zpLnj5TX{zKrIrhz?BblmieD(`9Q0tqw#(BSc| zFm9Y<#RGLx^+Z|$9zTVEJtaDFF@G4+rdo*LF}aV z>-Q2YRIL^7nT~H4rYom;NYq8eWG7HHqOc-}H#8|MZd3b0CmW6=O$c}*U95}_Y$AWC zV6u}(8N$$T9laH+WjnB@C=q~wqt~8$J1E=+8Y7$hb$dKW{aAJlQn8;D_G9K|U>GJx zNZ~?_bv$v9mRgZ}3ReU|@yF@EJ*aA#+~D;G0pfG$en?Ug2QanFXXtGdjJ6onF3FM> z=OB$K|K1u*Jxo-guwIR@h8dXc5m!@h3ye_OT|xOe26_GMty3QTCYXU~DrPMck7Fkt zT~R_TdFIGJ0P_NmL~Dw^q@8<14-4{3@m*%4!%qVFf6ST}*x``AQFg`W=jR0MU;X~1 z%6EOu`1rej#k<2Fp(aJeYZL4g2b6sbJLn;olFSD1R|*A8l||F-;G zRVwY05FDRn*rbb*A@57Wu2I-zY;Jf#C_sAZ{TmQbIyQ3}2yI$?d3t>I#;8}dqoCqi zHfSgl;~sFTXiUXk;kZ*#kb36Uz8`|mv8XlXe>IANhDjcB6Uve#d=VJqvCSeUwM3<) zA;qW=&~TQ?FQDqAe-CNjNaY`#azE*=O+7#ZwQVb9QA`g^L`gR2A(Y=xx;*MA>%8-X zb^96oW@RKq#u_iUiAqKD-X|DgeM%1K!=~vor}H;2)R`zBR(v0^|5zcf_2`DSz(QDU zdg`S{VKUTcgPbXc+pW9)DIZMaaKBI^2Y5ijPIPq*IA9zDP=qW}!b*Z~0Bnj!VGgop z0)uMOvS*Eo!67m@Q_Mt1}{wZgJ zVD92+i)my;#2=Ix*ICSqvC6Y zfA{3QDA`L{zqRI;vp>VZy1 z5-r!5If+5OxH*01(A;r}6|oZfU@Z}Mii0crMNk_A7>4?B2p25kN=J>qN6UR3G_ePdWeO6DBk?>Z5`C1>y$GHPb>QS9T-;8#gDB^~3nL?~Va zSEJe$+ZB`1W*+wi=le032T2ADjES{+*TcjXYvQ6t^VJ}N{H5B2?qPDX&9h96&B{?O zliA=#_C@AiKiYDC=?4N*OJ%o7o}W{g0C`=j)%w&;e$RTXVNUY&4c-Z9wat^2kC&UR z+$PhcYvruHbnm-xCI}4wJp})~9DoRT9y@&DsRv=c68}Bvm1JwS9;XpOu$_vhD+<5* z`g|0_u%|bOKpD%`@fL~po~k+WGmE|$qq_@#fm8h$5T0=W-x2N`Zw!5WDmy(?bZ!Yx z^zJ%Q0lE7(AsV}?Z#dj@vsWCTX`j>~e;3QpiyJ^Pw0rAO0jY=YzXIYJtP!G4SY&D%d-Q23iA2!zyz5uU`c`e~Gm+ zlu`m<_PnZZFQzZtaION`C^=UC!V?`0GHNtwdH`Q^dS1PzM?B+?-e7fJMQd|Q3s^nz zqU-sqh1zLd{0GYWjZj9t7)pYQYtt;J^k6;b5FG){+1C(o0i(bB8eAMo+0KPp)N7N? zi_M!|I%t#GEkDSWR?l`Tt92glq+1zlv2XG+;SY;zX}}SIC~xN?o7fXzH^39dgP%BS zq85Qx@+LthLqfIP1fQZ`^gHea+vt0APsHwO+HaE+5j(0dD+tI4gaQd{7`Wlon#W(q zvUNF-xlB6PoMFt@0{7G8rw>Ua31@~*(DJsr^J6w0fUlZ4(w|SCc|j7u*q?cMv9<%b z{jaVrRINwD1)0m1fwegwXdmAq4ze%(|A+&2bEc5o4F6K5#QA00n1Sxxc! zP>~OS@vO}Iout;e!R5Zjm z++;6Zc_B3@m9$S>MKgit*M_eQRtqH3QK-XwRkk!8fs~w&1%j9nt0b!Z`azgM;m#WT zN|Y|XurRow3<|{5=-VTe-BXLnmw%Kw`2b7*EGse|%klT4Tqur4)iut7vrp~-sxV7& zx|3ZI%6hyV8u&u0W%$qa8vB5Ju!nCxC-@kfU6Y_cO&F$yYghYNm3Iu@><}{>y9t8-s+%Ze9{M6jly{Ldp zeBK$e-LzYn*(6)x48&#*AJC(nF+V_{iE}-W!|^b-gV;=xfR%qv8N>5q*7iI6<&Kfs zQ(fS4O@$lUp_v)v4c4Zy7DzdjL6qP{s=yXd1jSc)&M%QP^u+ zF9LkaWUcG=_gyW}^*?erdx10Jxw60C4}eYLEZQ z{?*9d!`a-V1PQMqi#;x>?)PlJ)_61WJ${G0eC}iZuJ}R zv0m;A+T!prD@0tXfeH>SYP<1QQtD>w$;@j@arYAY@ML$ZBcJ3)LH6zJ&KpAJA&wG4 znFJy!jw4uC3szA$(RyP3P|elhjh+?gjV-ItBQqM@ik2ieS%0L-g8@A`({_a(D9OGr zJ=TM$JSbtN_#D-*%ziCB`Rl+vfN3WBEY)9r*W{%6T&>TV<#aOOVaCgSm=$ki)W3e0 zLD~WOX{u$By|APOh8cvBz2H# zCi#x$wAy}N17_ECC*^Q?FZ-^-3H3d328jyh;%WoXp=Qy^Ib$UU@l=OXNRCG->xEb8 z%!2bnI=}Jit2DzYXlC96qgP^fuJP{Mzv6P@;LWcv30;D9--gs-4teTn&~|DV>u&&D$rHBt>kr|lxVx~ff+df}lf&%EPd zcKChOmqcOMnrpHV7V zpSPoaOKDz_ecd|pkh&emtlzgT)+0`NB_W*gV$bc?s|u<_^E)@sHfVhXhImjSyv zW{`NRxti_`O$f9!bI~EQspvi0y6SGK*c*t-=nHjKhq8ScI}rAbWMq$C6mvhQR`u=Eh5%0NTIcJm-Ly9xBeFKOR+RpE}j12L(zul zPaU1se6|ephB&KlS_)GJ;A_qn6p^VUA-HY|n@&k+Fqynpnlgx}zBhC3dB z0oDIO3U_6cKV7DSvA+uJn;9I9CR_QpTIuw5E=6?!=!mB7RZy#YvN_n@TwU27Y_aTV z(&KsbHwS~tu-!mjK>BA0n|F7nCfnN7hhMwCk@XHuo-IU_Oa3rIEyMPSZ;i}JUbF_b z?Sqb!JNYtRj+~S!qS4T>5Kd76OxbeMtC^h2uVEw( zZ*A%Ggi5k`Zei@k{Xhh7t+YqZm@>Bqo3aN6RX##@s7kY<8zo?C zE6!j$wfB5y0cwjO5=1ho5~MCbPL}STbJ1y3KBKyr4b@eBLz==@YIS`T|40u5LxFV# zgdziG0sX)*2cPK42n;)P8v8o~osgcA+63gs#FUWovg5_ppcr+n=m)J27bAR0FOScB zbCRPkQ6i>0rn^5Nk_(6@MDHv^yWkzNN>2hOqe%D(w)0|4vKShFMPr_JfKb8z2($^N zSH-~7dRq!YguX`e7qbb%)yfprK5?2WyvBvQDL-dz5o>}la0HyA4dG87sNKM(piL0C z#IHAO9HkAgcUY*?*JJ_2u0D=m+J;&P2YK-YV1ILLa^^&Ba@YjhT-1q+h`OP4Ql{qU z0ZqZ)Z3I&JF1fjE)P<(1AXD6)9?mS3BCW=8vHP5fnI+7?5T4jhvHNQ$xisz^HXsbL ze-qvi-gM+kkLEu2N%|ij+a0!EeXj;^$%Xr_s-?R<>GKDv!a>=J31`649{cT4p)~Re z0T>xFFheN@KUU`Cq;c+Yi?7AeVQu^xo=`5w*DXv+ZGV_B3?(L-bty*RzeVS_fw}EG z9W!UL2{!m@QY;l;<;bHz?=d1!+(pdX_jC*O&B;T8=g^L2Iv5-PGNdgyG&uNw+6Kgz z1r*Zq4EP6fn|x%FHqeHkP!(RZgU%R2AN@l&d$-OuDABsIxujQ`%8ic%$LcX@IRKBZ+fr>*IUt4$!ap zdx@iwy@`>xFj)HrOgA(c$#*f&+#@DQLy*brhf!y0>b3V~gxz(vvZ-z@)3LqMkWkF& zuF16h`QX|DmkZMkNUitKyZKo5jA0^H+c{-dw|!(!J%_lO;Y(^m#rTl;M{@8uv}sCM zF_Cg&fuNH~)WNGV7a_6qgJG&dlc=E*G9S5-%bV}5-QA)tyhr3#lc`aIJ<^1(-+R@u z`_x5{yYKdAQ3nofXgDVc(9apio=(9HIivPo^Xx>%P_}$%;pmJ?VF@Sj8rb~3Q4rH# ziydGUidJ~od_w_0D9|OCmowy2XxWGpa$=SL&GV-=p%TQXdkU5yzR9g?2(Q@m`6LH+ ze<^{%xA1sSIdC1kxlmo7Qs4^&sf#Ba`>{i7t8faA@SR^U-3*})YxOmLJ9tU<#>v{P zPNZM3Gm|VoZbA6&K#efSqRF}qDmsIegs1ZF$kwD&v~-Y++A4u&9;B(tC=3kX5~Uv=^etB{(UQ&O)xg2&_6^LbB~myZsEl!dSyAMIbAIwKAle0yH8W-5@ z;y@jlnapRwdlr!-_=PV6%fdkwV;x)`$_05Bof))KoPG(X3K!|@oQgj-g(5Oe7{x>r z2p=@kbOMH*nj#a;Ji}{)q7}VBe@Ij1htYYO_Q%U8(jP-cTq`+1bo$?RAdzLKxSbav zJ#ltc6H^?P=c_ggHpe_*L!&Z1>pD@duzK0;6w+u2nZ9^Hl5{$n{#j&$EpYuyJ0`Eq zQ=qF1kxkdX|2U42M`}r)3!jq1Zn8J`rnfp@@HY1F3`*P9lbAj7;x~uGi1m>rfr`F&X*t-fzlq@dpSS{;sX%~b)1O#IEeeg%VwN4@LP-=NjdVGd=h z+++L((<;GF!i>~=_ATj;QoY-)se)Z1KQD3zIoA%xAWCjsYx$dDS6@b*sJC@CO(Us6 z%cVs*hrvOmGa`vbg(S*L1&LETMd#QnUVn&Jg$f&BX zSktB+-%zDZNsXWB>f?V!r1G%=!J?-G86>Hn`w#{Y2tDa~{3}0QLHMXM1L}Wk(taI9 zXYUrDklEnKQ(oHqh>OU0&M9zGLsso0mX31gdBD!-WsoBwbV3w?pu!t0%UQ&q2_6L% z6hhL>Dk$T7b77Qv^e{kq{4P!MnEb(1ElBHqRaFkjnjs(y6-EYx2a^=OYAuu{dIE0? z^2RO>!Z1oQc>;cd?KwK^c7{q~qNlhc)!p*bq8t=cBkHD1ie%-JT=dBT*+~v#n4FA@ zcmuU-Od~;%#UPRV*ywC$#^((@G*ka*ewna@rW-$xT$;lP6?v7B2kX1uvlEgKQj1@R zRnBx7cRl)@#c+T@USEAWC_?1&M|gPQm7D0Mka?!XnKafC!~59VF`f$rB_)4K^f(Qq z8YVJ$eY-FNB`6T2B|Sr$*xF7gAvJ|LExJp>W@1{)cAs>GM`WkDU4#{L@I?nNj7i1u zZKZ;;jUGv9YTI709bvxpayae=v`_**b$rtNdO~UJk%b3<5UPYqIz0wuA^Cbh_iE;= z_Su2(nr527URVgdjd$pyRpMtR|NI|+G}z~noWZ|yaR9$_asR!3-QL8WnUTfW!0i9V zSEyQb+G$H1RZR*jT9he={X0Cn3V7gX&mb}4ki8}e(!g!7!2uCWEuq*_B_GA3V^p<@ zPLt;{)?5}26o=jZR3HC^Z-0PqPEGa=InUL~qxN+32u!hD>#O6Vd$spvS#M^F9gF*? zth)CkD&tx1dckPm1=9O%H$Ok4R6+15e5j)o`IC)kkV)Cjll0M4Ig(~Ja#EM0g@>!g zJ$dautL;MNFhfnrOLAUX`{hE|$c0wlT14$Y!;ZD*LMQsPi=(*&#`~n(L)|Egu5K9m zK*#9h4XJtGE?u?kpX|SyMapUczo3~p&PV)tDrdBJRL|rY0l!4rd5?~}7796sp=UqGsR{;HCl zW)KL{^?fV<1o`T4Ez&{cnKux#+q2e4VBi4(&yS{wxi9c}DE_@+58*fBrSUhl@< zM6!2ghOB4XCV*ZGiQeMi(xYv+r+&c4#KgSV-_+E``8#b*tAnlZ_hqa{XlEIpM=i-I zW<+L|kyqqndP8oMFD8NWTJIH{&Ouyfp=^Mj#|Pe(f^w|VHL0ECHs|axd6v*aef{OP z%8HNKq54v|M0k94YoU))G{`ycotqJ#m8=rn4C|>wfm0$WLgM&5d5k9_Cik2O4)h-Y~|4aizjd z@?Aw=?qGfomxisVY(Q-h(hefa&n!YAqnLnQHyNyx{gXpAcU_%A!V6~Vh!i66;%@Y{ zb7I8Y(G-Jk`=*t-0Mm+RD^shUI%Dn*FRd{SL@PKSMmDJ~h+WLvWHna4(F$UgeW$)* z8P{mdKhudz@UoA?)hFiLnHk0WEao_}#*1TQ1z6K!lE~4(f3<+K56>H1%`o(g9C8hz z64*9?(e)B|rP5`w}1Ch;Jj89-1&|}l`Du=@Bvubhwl!+%6h3#nNca9B4TFf0-5DZQR_PSP)^CLjj<5$$mzxeVQ$5pF zy#SIElpvH?3wcKsX%Sn-7jBdcLMYHRH{yhQ2U}6@e22I0V7*tyc88yh?P%zMfRx&t ztF{3jIjkQYR-rEWf~7J4CZ}NbrI>>`+?UaSybNcfi@uS*0<5P}h$^5DLdF5Eg?a?! zYVw2 ztgMA2pLHhoVse*RI+mx6<53dg+8~7PCI2=VK+~D7+pOQZoqp-c)WBaWIlvHISRp46 zS@74eC+8aKP+4aY`T-9!O^;`tTF216dH!b;i`OS+Vtvcuow&foc zFhp+fwyYkyunPmv<+a$Z9bXn_T{9A)V2n(>^8Q62O~epp#-3~?HeKR@M%eel6~x6H z!O!}7RgKGveQmjRawugfH#_`G)UKTsTCB;#>&ru{=gXSv&j{E5i z3^35MmAbfwp_P3)FAIC`K|hhl6IJ6CQYFK%mmd36`l}N3gY(0OjcA=rtUOc>QyQqH zd8N+pv7ffXeu5k`zh22XbvTpe)OL;1&iEBj6l6#X+`NosT=2 zjjIU8v5Z3kAp8w^ICv1HZMgwc5G)#=2B2_G0PSC?O*M2M`PInxBu3rd0fK z?ay~o94%)vPQ+M-R{UX#YtbtPv@9IxY6(lu0k6q&z&U77SbaB`viGQGmQK^n7+_HN zUAzBNuaZcbBUbb~uvS3|0KoR&mN2bN%nXb?^c+o`?5th?Zy<;vnww5rCoZElZUR@1 z?Ohj^kR`-YR#8c{)s-DFF2BxXIGXXt>KmLP`~XscLncpvQjwX(WJZ*TJh-hEq~k_m zkB`GXmr`c$8#6_8Ha`GeEp%_d?*|dr-!oy8h7=`;W_$qnJ(q7YZ`r#Xb76^z8UB7h z>+bvCwY^jjKQuURrF$==zVj{$2-f+;YXvkOhGIu*<;44xUJbR*DDgWKy2G`u6`wr^ z%ihg}4<8k5`&PKqwQd)_g^PD&T#3Goi$}MXJ4w42O|RV-G9OIYn0_rxleuJF9DY4a zw{*^EuZ<_!cXF<>k%3MR=tNx6869pDeA^t?x#wB;v#vAmaxOU!vo14lr(CBVv7x0O za&9>%FNr$^Khmd|zPpb-hk9q)doM~mjo-sFBEGv1v~Sn4nY(gcvv0F*IiuF4*^{zf zGL9QM=Sg!Kjx&32Rg1iT?oLg_xZ4i8?8#kqo8;CSpSOtX|1G?Lc7Lu>y=>*&h1;y<)tqWF;HBXO-!tMv{tUQp8*JJhot5;MhkdEcQpmNJ zalzA+rqXgRq(`K%-gb6W6;i3zAJd;~s7w0&DxyYzZLt6GM6=julkZL$u9_&o06qeL zH1u49%@_DuU{5-lgHf-I^w7UiI!SZsu6q1ydFEO;Pi{$DvMIHC?p_=DzEiJXkzwnL z79DWttQjnD{lnq39dUrakEhjsGB3|{3#I_G&f&`Fwis=AQuBbU33=FRK{GzYW!m(O zW<)5}bigVp>x&`$rAudAZ?wA+u{ubAopR!A;a0yNVr4^Nv5v7~4_t_^5VaT_?W+G`}*ZKvbj=kPg`>3O(}gVSQ_b=hniSn_jJ_UGvYGE9X?dY<%Y=L*RYgECo5= z@MeQD*g(@kgM8^O#lj}TYG$)ZEHrX`vyiE0I4ft|{Yjd1bwO+Cmwlb~VUN zF*uP=4TTT+5=@7p_03;*ygfmd-02Qi)Hxt;fd5bPI1jDzen@^R5pH<$*Cc7WYn{kgmvBS}r2)lCZWS-I)iIz{5Q zX8tadQ7X0dW(ZzphYr%+@Dd&x6N8AF6lP|Ru4;DWJImK`aT;7A z%yvk7|Fb6sV4!OdOHYw=)o*gy-GW$8xCQHKQdg&Df^(?}n>;?>VqtcUvD{brD)e47 zSP7ne8iI?oc$0N*{rHifXv0VaNw&*8lr8!p96XeQ{2r?tW}FyYWJ+pONIBD|P;&kP zT3iL3CJkUkyWMz?@7DPRK~qJvakqWbLi!JFv*-{^%!igMy9D;@GO$09(vzmz2f*r1 zmVS*dTCjB$q`ru8I}W9MU&G}t{OVREJ`Tbniaj*yzyQF2f)*{&jmP+e(MXtV25B$OAT zCfXYRCCM4PBa@&(en|z=8qnA4_W1LwVA(@WeFuyftxwgLk7<20H16u?{<2Tr(dpkG zf&=!~x!>EY!iCe^Nom~Ll$gPw@OJFuX$a;cmiGwKHx)(w^Nw6($KoNXY+nnpz!vGK zs3YZ{|?F>GaH96Fr(% z!32555ntB27~R-!*U$+8aHM(JZYxlUb4GCGi29u3)lT)5*H-F=`L)L?P$Fa)6gxDD zP%C}&53+2)cgpA1G=|h3!0l)=uF`hpXC>1AB^rJ_R?k z2;FM+rv&nI-5KBc*>+@rS7@(=0B7>>0ec{RYCF}!#`=eH_9bfrC6n5rZ&9DJ0&5t+rx6l<9r}zxtcmjczy?q?VvNOm zY3@!jo>OZ;pj1^~F)7PgGSoi!wHat*fC@k#XQM%J)9Ancm`AKeX0ThN7P?V;|0F^w z0^$m@!?ob7?14jUV;KB}uTAh!o=0%47cO2_(k!^%>bS;HW+sU;CubPar>p9uD-%>z zHE>uvg_UFjgYAh7?MWGJUQbNt!>vOlmZa~)sk2C=8p1aXw2tRDpM)cDYA3(5o*y`O zCy{}53f*>#0}o(%d5D3H{RFN{W30cV7}DusCYcJy=-CPCOnzBMBC*Z}@lA#6D47YA zEhH)xk}B~(qJEA~oBhtVXp?XA>I;Z53bPy|#J?2W0Jq2UB`J;fH@kXx*QZ~7L@AD!Iyd$VB3GKn zuaKLJHcYH8PSD@UL%QXZc;$u_72+KJ zG+Q6+#<3vKLMlbB`DZ4QqF^W^*Ek4R@895PALgl~sjk>eH56Tq(p;i8P#XYi_EOZ7 zf=+x&j4WzsjptBiDn4q%u*$4}i^|e#=@`%z-fmurB)P3gfwVJuV8~j*o{Hj-t#PuT5s&g>w zJ1k6cx8%p`QY?cC#68nI2Z?<@j#u5*u%M!FUuj1x?pYWfuel+qHqUPI3I4t+G?o|7??H7NmOZ-7rM`2gT1x6Qjr^}vn29x=75JmJ2ghMh*RGya%#EiDZ!VhU%~`Q6@thy~e6`nE<^F-vDRg|3o1~@3=Q~JW&2-R+zV7e@NDY z_Z1;)O};nln>C5i1~IoCLaVzptf2vG5jHyQm_K308rC_|1_nkAT%r~pTgAjEPA3qk z4y^5Ww@Ga@5OvRXiO+Ur-Lz-IWk;AOGDB(#NYMK(op)(F59`Bxu7pshyfSq7!Y?>c zL>#)hEl9}cavkXMaaB6QA2HFP6Az;V53nrkgC6COkFK6-6@_~Hu)Cuv8dA!FPpPI# zyib^`v=0%}-p%jSGLqdi`VV|#=z_pbLo~({w5+NdGnr-p zW1o*5$A>p8!<6KjJA?N-()jTt_TIdt^j+=e;szJkImRZ38riPe;|U@bpe)~@3g6L{ zw`s`>#?9z686^(+PSPf;lwk&_aSeYJan#hx3F>ol*q8|i{zUCvasV~0Q{wOo6*Wv` z2Z$DzDOcEgI_am|`$?iUo1}5uj**?2{0ST1HGNE&23Q&bj>wAu&W33%6Ktjk94D|+ zEAV^|SS18-R|iZ|1qurpDn{7K_r6l*lMnqtyd*{*Yo(Yp(bSclTO~o-v}gd{rf*w8N|T=agL`EVV2=MSIJ||p&lpQm zX~~^l)B;Il-WbHfP-qZ4;;;CdYC@77iN;5_GU#9u`8knKp)%O1*oey&wGpJDB%Bgs zuBBA2 z5w_KU*?`f0{j0hswHvDB8n>bw)%{S;UF%N(Vi7Pb(~^MJvxALrko$vDMq#^N9Liso zCuj!2Y0;=JBW@phqgCrC{gfQ|cGO{~dv2cVi2G0Z{7VT*o52SJ&6%r}IkSGzG4`r> z6~0%RX1UGdubrZ2%D@R^p(lCa+Lap+py`NwORJ_(@LsXbMD<~(wwwbsi$iBxa3}#k z@-4I*s1M=B%b+lg8eii&BS_qa=EE;o6EOFl(a_;LIml6dpi{UK^pN%-x_K=CcDVp~ zL46qRN=)~eh5H@BfI+E5KK2zM3$=lfA|1@l1PaR2UErhGVja*qvc}6nsLq%m`OpUn zpk*jNU&AaYvtSFPQkp+XP1gj+o!r;!f#4>l#wg`WoFB({MMGK==$(EQ_%EAsEOi=bk;v36OkJC8Afn(Vs$; zJ6NqFnk{i~>AM_And13a$8?q4sS&-k&5=-cU_wdYvoSDLC?>SMHz9d(^VpN?_Ea|U zwGMaAu4y21+O&tecu&w*RQC`1_dp@fvKehR_4ZLcUx<#SI<&gsw1)ghA|KKP8v1o* zV3!m~+N|(q#2Y=w9Hw)(#RD)Fzx-3E5ngf3<5&`I@X4AJ&LL*n`==|Af53*17h<6P zVuC5r2L^00nS*4V{KJM&)t`xiL_tJM*_KP(AyZXZtt4axJt0rRI`kd5MoBalR_6lu z#D`(0N)GXnfG%0j+u<-aMJ5t7m6E1W-Xmu;QBh8QY52Ta0s?L5^F6`iVDaefgn%|C zlIFkO#!A)X3sX&$Y$ydx!6Pans7lLoc_az!z|HbXDu^Uaa#rN^D~f1E{h#$vOr~YQ zy^;Zg*|y)=ls4HSiv1f6-|>kh?Jic}kr9aD zJNj8F=#qo3kGc>nc=bL7yh(4tgvNw(n!Cn%j4{a3^s`7(3yF;54rztR#qyk%aQoA& zmDZvDk?OcyQf?nZ*da@aHVDwlvc(C(;8>B`33S)UTach*5meWf6WXCg?u^vjB2+0t zXb5RcpzE%l{@GBe#tVC?+yO;Mi*+A+5{Cdo-(bV&ML{%hyfScnNpcqZZ0_}Qcn$jx z9+>9=Xnl#XyD95<(H}mPJIL-mVaT6YfXv737bXP9&~KNB92~wGdJ!HCr7_16Oqz*k zZr`!gF~X}wS-b*01|%5*Nf1^;K7;glk1}*#N=*76DF$_Xs0}zQAM#^Cn6fidIMZ$O z4ZVl2xqsSdz%v;nxi7N?J04Z~{|u}115&9pN$mS&&Q{EpWoWAD4eyS2$!K|Zeo=m~ zq$2w)1>G>d4<#>EBXro_R|#ZH=Gr4hjToGXa9^*bmr7UFAA`7#r7T|2Kb_>l$UV5d zk+mEj^!f-FzDALeFH)2K(7T&0`RQC-Jk3W<#Ex*S~z?koAKy@ zy!DnAdJiX3WgU6w{>*avnVg1WaYoYURc)z zmY-AP{}jo#9J-PV1P&~;kkC|l)%4o`0r=0l#z&Ak+O}W7s@X4KmFB-K3fdT0*#7^` zuKgGMs$aOO?b3h1Rj=SHtAi0rb?;pMumVQ(5-Af_n+x#s^TTgT-Hj|pha{@E46>?l z^gG#~0=mQK5~#^`0g;WYL#c$vn_bn9?7nzh6=r8c3VbkhKYerkIU;)-6?_~$V;vy~ z&x=fQmY@K%#5f6nny|-AnP)5zh7lnF(>rq{7-%(SeLqGtZR&h}c>T36b$>U$=k{_+ zDw$mv)R>Fbvmm>StfciMtd?@}j9_cK3pwq%X{T@`d?7pHEj>MA5(&M#y6hCx3>Ctz z)8`G;Cu=rnMxw5z(xTF5WmDvu)b7Wn@|dhjl&nXk2PV_cn=on4p=UlnkmzOS|78bk zT^Ir3q)zM@qxqxGSbWe+tSq2TQ_fs6&R3sAq;STsu<9p%xIN zpRwDrzCC^7yd3okot>nuT5sDqMkm^n7=L?hj+G`+OO*}Vx&1TlP(4zD@dLDdM|7{( z@9zI?Uwfw5b|5txJE6%8_59U*jWEa@eztrE{~zH2_1hH&03b|PQv6>J|L+aw{}Ud@ z7EaEN7KSeWi)}{tzh$leMKt{9paaN2PBHrpy53)kD%t<=*8k1*wfFe%K9H=WCl^GI z;CEZvHU-{l`~di@Z+KD=<&aU%;6(%q=UR`lf(E&}6BN+U*RU2GX7%ym)QeX?t~f^V z;=KSDoiY(M#wjGQPrkU)=mME^lJ0Pqf=W8{u>*>zM@0S-UP1g?6(!})E5G8TBFlO1 zKij#Q-RrGQllyr+YTCHN4Iywp_ACfc8&v~jQGeJ2{VE)KGqj3{78Le=2zy!der@GL z-Re$0rXRThNl5gUFj?>HrTB}T33r3d@1?Z6d%Zq_Y7fR9aFOr>#@2TBBS)H4%Q<8o zjpR`-V7UJp5$Ro&=cFT~^}RAY3kF4Swk#x}&7oXULjwZAnhC`|gRbkgJ}^+ov^_<} zfM^g(IYk~KC3_z6f$Nnu z=U+!9lK){Ho&F*pMX?MsL}+uhF7m|Iu2wuPM^T zkPl=z?l_f^5!gbyf&Z~YpBbi6Q*0ub%95XMR`A}&rVXK8l@^NoHi_n{V(b+mJ7Mng z0nJ8+Pe2#MUSXc1&7u0UoP}{=qb68n$MZvoyY@G?OC2YMeXy0lvV7vk zR0`F6ooWcLC_%i~kXV=2vW<>QbvsYU*+@?%uJ@s`w{v*d&>%6ovoh|<5&9%sYmywb z3RKdGTa^W7(CxZz2%(`J=49ve*zpaJ^ATWD5LvW~jHD)Xq4V1T90cA~y4@SeCXX1q zJbXQ$84;kFlmb4x6K82iyaBA#96C+XG>;ZS-*LWPcQZ~eTQ6RX&X0(ZTKx^I zrD`Lw7E5|Jc{``iHA-M>tk$IOc7M4}U^{5Q-=|p{pnWp{+7^Ne-_gH6#B+(cVI3<Uwbb$4fGB} z7s`dVYI5}Z5qS-P0@Wv)+KjS*FG)uYNGY3hiZBnMe^kECJbUI}lo}oIJn$HI19$93 z)g&C9m`m^#%x4#A$i;01gj%k?OGi<>Lb{^+C%)^KLI0)<_Jm`xnbe>#W>=Ex0RAT> zd3B}-H08nPQVSQFFzU6GEY_WT5xB8}D)gdb%@5lgK<(?i4h|qUl!#b@4<#~oBdl_^ zhMb0l;MJ60^4?)(YHh?#=M1WiBG{xw>7QBa0OIieOB8?nqzSGPkelha%@0CV-YEt+ zt(9}13(s3{of(2GvXswWgL~lQMlnms9zz#!)ZMH4LGB@z9a43ukjq-kf#LiFWoh;K zXd51{ot=L-D~#;i=A+yVY_n|*j~P6f%~g|kv`uc|rKyAy9^W|0Ss+jXEbLj^hglqM z9%;BtIcQycw2yg4Xzcxv$eS(K&GkY;(bbpbqQENva9nHG7+}|<6C_IUF+-MfEJ)-% z`ik*?`@vv;fHXXm!RceFORtkuGk-z?ecX;pC!}|F1M8QwRC95swb$&egHG0(F^Djf ziZavA>Jqc?$QdDqyD;#bzC+1ze4`X@HBR_)rU+<3*fR(c2rNzy`Q1>6WqgjZTmxKKRXHEeo)Qdqg(uM7AF25 zGO(e6lga;(fJ2hDZ8zy*LT4fj&a$_haSFq6i)m&0oW}5ViY1V-)4YbdXk;e!HAXW_bnh$pHOC)jU zENUib#g8ZNtc!PIDkd{4v0cBf4?ej%znj;q*z_8uS;Yn_Vb0DgXQ)2w1h6P`uaV&( zueVb;9!s29-WC37yzdz=iyT9*3t!&(O6ytSw<)f=?@ENxT-?#cF9GFBPF`~Lh^!11 zV^?YypQZAqnXI2r)n~!b&hlpKDdvs6BV?%rk6+q{XJ%f&ujGsSX8m3Q!#skD%p?6V zR{5SmNUXIeKyCu8$`h&MrMX-nt$cEdj$b&gwaJeoKE+dodVe^m_Yw22z5OFwjCAP< z;;hY!ONP6+&36oufR2_ThFDf_ftN-&IAc6z*CfiLbzNOA+rlmIq8u-<7{I-FxF_m> zWAhsu8>vZIYq~H2N1y39iZihh{~yY}F-(vy$+~RY?6Pg!wr$(CZQHhOblJALTwUz1 zc6Oirc6N7m-uaP#Gw+j`_ns3cPDDgy(njM6bDarI7>tJ!Aq(OK5H*z{D-zzs#JYCK z(ghXA^GgMVccz|2wM|z^;Fxn@%Zlq^-%eoRE0iyf_ftLao0#i@z<1-E5U4{?2Yx)+qt|~xU>B9i?r}xY^0CH3hmU-(OXW(W`R8sSe1pp% zXN=Np7-w)Vli}dDp?=fm4!%_4NJ)is{GQ^P%xgFEPOWw|cF=C$9hX34d$V@sGls|D|5bM|s8;n+<{VMU0B7 zF$n`U9?e_;qXVK`4RZcb83h)Hj3yJR;*elQ7sFCwJ0sB z`*}(2tOVDQSjf?r{K}r031@ct<(hYE3x`1654MhPJreN^J4XwVd$+$R&wnr6C_*yZ z;Odbd%p^TT7v4m9RO9MN{CV<+6g^TyC-@(ubvm|2*k6|u0v?22{y%kwk$3!J-1UO% z2Cc{0@bZ7|;k%teZ2q9i2wRU2F4m_x{7M{qE}b%ggiD zp7GVz5xsgf(@abmQm2g)J@Y<=$yt@k(~~+lxP8CFI_pK_D;hU~OJpQuaxRWgJvP7} zfqV$Z1aM4a92l=xRAZPJZwT)JuQ_3DDsGFX%8gnUP8c{OV$ystye_CZH4P37WM$u> z0J1KGRK-S|1caDdwyA~MyDfjXK zVOZ)Bg=fUmJW#KGRmf-gob-Yl=V5PkuPrC9AwsV=;*7g)P%Qq2^bHX=pKl(x?+*xy z|7_97uNTWv7KX9FWk*2O- z!&UTFFQLV(vNF2TS+>&oZh6$CLlvO226&mQj?XJ`j5l9WJ1&@QA975vA$@Fcc7C3v zcRPnqnw=7S*_1FU90yKa#~=4}-1?DZy=@BRt@=$p8Ga&HBNkfXvd}tGa#Hw95mU4` zi?NM{pSaqNhGRO2?uN9ZcIcl2O>p(RC2%m3*ZvEQCpFG*@e4_*6KuJ`in^!Clx%b^ z$JO0Wf-3mK^C^qKKgSfd`i^XpewNChi5&jk6KDhJmzwLBTJ4uAgK0k?HRscS2ku*{ z$YASNJubE6^HuW)-+iFG{FoCNu}Y~mDASH{HT&!yIuzM(#;4yHC`vT3`gO7X+;?I6 z+!Cb4r5zxS;VW=t{QJM*T;w^L#O!y(Nd3K~`Tm6i<3FRvzg~gq^B=;+L)&^Dk-}3j zKNM0L4r>5#8x$%HYK=eYhDu0glmu(3iJ^bo zHKvCt@B4$akhY!dX-f7_Hff8AM#&}*z~!)S z+$nSl?(ho3OFb9;=Hh8sQnywfVT?U@BgnSJE+?33p__7m}YWmS|5K6`*;hxfc zX2|yw<*bma(>#P$QD!5&3;jjT<e2e#KJ5YSnTo0T+BtKt{sw)3L$ zH6P5vk$0A6!ZqD~xf+^iGCRUx2fED^Zy-k{y98_=!QK5k&y;lWQ9u!1v(ywcsD$JQ zNL^e^W+&4eyWXeS9(_N{F>l`+eGk7@r$X=W52xn>Pi5Sf`1VI&Wd)0(^so}cT`2}y zF*6gETbwtcs1mkYT)L1{iOVj}T5)NGTWn)63Q3jD)P_dNcWT69Y=x$B>?t&FXfK}y z*P>NBspwZR+J-|Q&ue#B++*l?S$-GR$Ije{$ht`TG`q6RIx~ZtaGdh;W)bdmVfJic?ezt${uM@WBKT$& zP{O3Y>z_v78H}wnDY1H#oFx}iJ3^xyU>EZ3DbUN}+PfFr*^qc!KtG-V)7wI>K!N&D ztv#jW88|M%%+Z_)+4XuK42h^9Yk8=h6u!72S(te?Xu*aaNWqSnKGZ##0kPHmU9d&% z;1;5~gzO)e2I)J4>YpBOs|V^Zx4pCF%4YkuA!7>M&Wpk`$LIKqD&c8S*7GP*HxBep z*RiiC<+T_DIz!M2ygs94a=wJp+_MWs%B0|fbLy$W2D+D21BwZQKaXTe=K??}DFg}Z(2^0XUGKkb zWks}Ja!PD^J0oY5HR_7*5`T<^&CjA%p=!NsO6#wlBA%z3l31oQHOSB^eh$Pq@qg%& z@X{EZ^($o^l&|;;mPR{A*Zfbwf_ zMSWYm4qv2SApv9*TsO|(B?a{R^mT=MJ-yfKU2&x&UKb+hJ>+!s)pG4rN4Ex%mP zjW~f0I~Z8|tvCzt`MtS|I~C^#Hj)ys$=Sj`e@F(5bQPrE@D2hQ1|=kgU_&%x-&SUMUt>TW|^1$Ne^c#p06*CjAJ{L?P~UVdfa0O3uJ% zVYFq$6tcd1wsEaw2>unWz$Z=ewc%4l0lz1MTftd-FZy9O54{F-L$+mG(+|iLQlo{r zM>y0TbNi>-afDlsp?auGTxSF9?r0L%&UGB14&1|x&>;M@08TT*E|uF77fqH@>`L!* znv!7d4ho6N3B4s?M7~M2vV_4&(i0j#z2ERBW3;JW@~P>$Nt*@>mjW>rc%F=+jyfZ_ z)8kT3&`|!#b;NV@D-R`wfejV#uaOtO0te)EQK@R}UaQnS%to2m=~dG!3oN-no%9A* z=WbnamsN`bK{|L;6mx9!4a`x5{ftIkJrH%<)qV0W|0qrox@Z!^71-Mq1p8WPz%}Tx zmzI7)N1;8o>ErY^KgAp`<-;Q(s}BBA*&t%2u)@&(HKap|K4uv$41N)^ zUd8lUdl{@Kp2U#z9yNxp(aY+Pmoz6!phh=K`F2_hQExV6cjDRTO;))phA&F>pUh66 zRyqlW2IAawJKqE@uRrn-rsbMzmClz zDpTJP8w!b;=z@5{)iCTlcxE8E{0~aX3V3HF5D^_RnHVC=_%Wg;g9<{Lm?4kgBVpHg z6%&HXFM+Pdu}5&zO%=a_s&BTf@ zadp9VDFj0h1i2K{VQXBVc0Afdn{++-2a73dLLj|KA~3}2kZf50 zgEMJ3Cz+C1q7dGU~Tgmk4TNYIJw7J=O zhKdK&{^e(M2U5!>1Xc^(Ochvb4t_ofni!QtCI~lbf+!7OA@O17+;ztaM(lJDX>Ams zrG$})`Om6IbfNkH3JpGkL^-$uZebkMj#hd7DpWAm2|WRKxs#Uth7kpda(jS#%)bHVXJbj+WgynLDJyATTkGX;Ufy`pk))vjS9 z4V_>a5hIxFM_Rw1YNk;5wD%+LuoSwjy;#40D4l%0hLX|^mLs>(j&(Wcb2yFLcgf?* zI2HKri#H9oA;&-FlrS{9(iKRYbSl)$I%6LZ+rugAexJ)F7GgsmslGbV8x@kKI0095LaMoDZIyoCy zTbmgFD-w~?jO`*n!cGhBm<%!kDnS59WBaju8ALmwvU0w1xct+pyk2UITVlJ;ALs8$ zNh2|M?kT)5bbC}}I{*%bD-u=3m7NRIwPvPfC-0^`yXVaiwR+brb$&F0zDZV70vcjJ zy~;rll@o(QlQWx0YKGx#B>Pn_f7?irSp>&yoQktqgwDKe#p^br&?+=a1XE?63Nr_M z)eoiKx=Og6$5kwrEPu8E>yYE2{xaM;6wnyfh5-ti3SsOQ?NApXrl6 z)iP)r(y(_g(`AKSI03p;B92# zR~&oK-1cR@HC@7(V3yiCS~Q2M9Yb#l%5LB$)Syu=q*jHO`4t!G?PQC91A+pn`~#qL zzlS{)8{4YUXRt>nSPp4=H=J{7@7e#9*%G+G^);)ibBD&T&? zDkfCu8}L^e1m@A0G9~AMHT?;cAfNpg<51P(dZK^4U;kr71$C&c@nK=>92sb$g~(9ANh<<7H<$%i-Dv z82s3>1XB61I_@@q3sol2=+p;5}`-4O+f>Bk|h-I$#w>@`rut*lmZOy zOn$US$#l`EZ(DCSYDx~Dwl6#jziRn(dF)|)J5~IJ|D_!p-}Mh`TorG zQ6L|7JuGN?EaGOu7&=-mbnbH>%{E&0f>z(X+s7so zd@R;>9CVJ0bFL9%JZ#K?6=XS+%cQ_&uA+`AVqm#UcAi(IM&SyZ5X~PB`}DSAS8g7p zXAxu1!<&m(L9m}8R3TA>ok|Xyemk!mJtX-nu45K;dOaOaG&G80VTVVJs1tjC-gF)y z>2ro0HTUj!d&-*FYc-!!N+Ul*opWdi{pv}owMt6l2P| z8`?(f{&7YJ^?v}Wjh(THwbQ?lz7gpO4Ndxv1FF7ztN%~m(SO{|+QQcApCmMU)V==A zQSxUu?;xHishL7EiFOE$+6#4ElX@nQd4$zCV^rLkS{O|wG15pM-`B0UJdLF6+#l0M zTI%Iv`|f7kS_7&=pj^XLtwerZXyS2@C*GSiOR6E5k*er-E_y{g;)1Z0!<>rp1oxb6 zzXMYRJ3Z*LgSD^QYm=apMm=|>b83}&?y+{ARBg8Zu5M0t_9$7OUT$`e&*$Yj^C_cJ zgweg3KmLSL>RGyqCnB;|G;8ol4CO=hd*L1@y2L52-~2xHTA_3?x1IGzNS&W?WEtHE z(&wRFV_0?iiO5Ui!OC6l>)}V-@8hbZw7y~VU$e8id7s=f5zkd<>dd;(hsXg^R>&n9 ztoVqY#@YOHGOEQNgp$I!55myr!abedPM)*2 zuP9kAh6785u)nAttXQ*1IFz7dn+|62gP7{!uCA`MZxtO!plkfsA0-LJSgR5SIHYdo zA>3s|J)ux6Cpo&i*jR(Ozw?DXvVO|l*X|NZBsXG|g zoxMq+@ZiL8r`5pLsE%N;yKC#PDH8kY7@g^8S3L=#$Sj4R?%SlTRJZP!Q?n~lO@bqU ztUD~3yOe!VL;$aRpoe$6Nt(CbAO=jO29LtO{L_PU?U^+qBuR0gK}9%0Y5MiVh1*E; z_dtXwXtc%RQ6-yzNC<+4Kvbb=J%-?^s0p1EP%W@=-t_MYQPO9B$`1fc5W8EQ$vYHa zisGjI`1lo-Y5Qwy{&O3-?GYP>GkuUXwe zsHz(E1Riy0Y(WqR3gRtx#VVCj^xhXT-|pGjQg{ijn`bEeKj2Ne9Z}XwvPM!{HcO?4 z@_fzKH7Ry2Dy8!Dw!}xpiG7Vzo1(DCQ7I0t0HS z0)+t~F&4m!n~Z^VoA^G30u=m{`^dshzaciceys`;SGBdtEBVw>Lsw$ zoWa$@&*}|?9bYO~YwkT%QX=K5flPv(fPE3~U~TE#^q&u7uzP#EOV-RZTibQ!gYRcRl<~>vUq{$2TLa>2p_0Xrm zTCFu13)D5Qf8?fMoxQUoA3u9)gR`c3^rGfTr}Nw{x8LCt@ie+jmamKe)w+jIlMVqE zvi`BinWzjXwfnyHJ&-*?*?5bCuybI4=Bz+ZfQ<{P0M>&KVr~z%Yv@hgKtjVo9F!#~ zyNN5`|IyN7+vTd87a=kWe>?sZAyGlu5#Q*C^IS2z0;$*eo}vJ zP{UP44JOb6UGd1fr1{NamnuZ%2n1#*f;YUG@>XE*Sq$omRPrH%OwgzX!B zJBk=aSZ=~44snf}BygzswX>vZYu3K^l)*2kX_pAu>}t21>2~nR(^Z4A5?`vI%rfj- zhQ3~#?Eas_FeFRul3TUCkF~izjxj&RzLxd!wEeK$7wz4SticUGZo@0`m|1+yRf^e@ zCI;~22`+}HFZvOEv1aFFJbi<|04;8Q=p4|8AKYRX4plu%Gtm((ZRV$H)VNz}3p;*ZcDHWEPOKODgaq z`~%+O-Ufqu~^=51>_J|FMX#~kk!-vl^!WbHv5CS+M<$8~e5vBz9D!gEm7 z>FUjZ+s%Nnq%pg;(uNJosc3jir^RJ=MS^{_7tUI zms)9dcX>uwYe$=={TIYm(py7Fg40mcrG?2$glAx7LX-;1-i?w2$7U#JERQ(SJ_mQJ z+!ET*)&4WF!C79i!($=P?{V1}d^*;ox6GK{iYnJJ`TSEu6)x1ko@hL!6%-IJA)lU# zZmu7?>O!<8%UjVIT-_lZScEjBxJ)vm%cRk9S?f4kupNzTHiB4g*-4`@KY<>QhaPOk zlJGAUL&%?_2}txiXjkpk(%*}D&5d;*ATV4ps>y01o+M157nG8-_RrF-bz(*X7b^$o z@4%@c+O*FPPgLmN(f^*PdQFgjaee3K_`WZKf5aR9GmHCwlT;-|MMq_Fap_rEX*m`0 z32|x#@!2^liRo!7)$tiQi5ZGe2(%J3loGVElN53Q2U7`C%Lcr(#Ki9b!GFIf(E}>< z$?st3$G19w`;Qi7VQXyS{!i#fh?0z5(RT#&KqYz(7_aCUm%QVpAyT!I04(HSWj)1I zyua%P0~xa2+=7sPm&Jx}w*|5qu-Z#LXKsZKwUAcmWL8`VKYE6IHrv&|r$PWCLZ2~p z$0w0ENlwIGd7;yD&{T7m*s+MMn*9qozGdC|s}Nq?JcEBbo?cL39n0I^Ootedash*1 z1r>^fD?Yk=@xaYUa#SV;Ho2rVbBd9ed4`p=B}5dPIzk8GtI;)Q;W<-S8@@kijK_G` z0Q!D%{|@qtJ&GyVGmcPeg@}KDE{a3@3p6!ojhKD-%&JL*wKh}s#8iadqlhC(#&@Lp zQ#_M~MY_6(RX|I!tE#lbgPc4&|ope%4z>Jl^%sm_~nfe|E~W>=}9J( zxoc)9MWJ?7eb>N;O|-JvG7O@_B#%gV>TSEt`LbR-FH<@%caKsgsF;qmj9ulaZbMKl9!7sBOl6(^Q`q zwfc!5<0XR~^tHlsBAXyv^eF2{B5`ymnxAM*C>8O^Zrg>g&$$KG+tlDb79l<2OZMze zC(|O8l{L`Ppyz=t8+6KD`PZ&h)6c)nyU<&nE-KIpw5eHVRjXCM=jkn=tlViH!3Vb9 zk&<7p8%WVcvrwXIeo`ITXZWr*c8gSa_FGt@|a2izeOA-X1Z=ACw6^{R$Ct*OU&1%L2QATZ(vESWMy-_X(p57_n z6cz?*dlS5UhBq0+d^o_C2r1A97Dj%Z}Ph|dU=ySEbu^~3$hd2{JpPAUvB5C9; zE0D8wrnf|@5n*Svcl5i%MLSAyb0>E~nBgS{PV!Z_1dqxot=0WfSwhiw6%D4NtbteQz-FLdGKmN z5+98E<+WP(Qe?Z(bT{14(-L`7+>@K7B20P1eL8@NdPMoAaJEweyBCMNG$aoPkBLOa z;0-b}{kY>qJ}9$2Urs6^HAl@4A_+2*g^4*>#srd6RKS@uH@8))qw6B!%#rB_U8ct- zunE{B+XVQ2+%d!@y`Lnmf)AyjLf2_jn#bPQa!JIUHvgEj>Z7^Dk)zE)Ju6#1z!a(aNBH~@(vIJf;WLUsaU2N>itu8j{wu?g*zH+O*1EiTg^r|W?sm<p^viGy0H@-+zzkWGhZ*c%~^kt`M^pp zv+={aCBNvyh>P~WXXbixlLl)vY-nI{9}uvK;nR~bo-y;$`*z2K$&Izg*zo7(AT8=Y zF7H()zY2B1(;e(D0iSgUqMDtHax^(0XzuIgg78ZEKI2xU$rZL4-j!T& zgdp)KV-PaqhS~kV*hTx!NnA(WYui$aStbbnAXhk!<1A&z3acM+9|0XFM}7H0DV2D% zZXyf*NjlPfWt|sQb(JR%uO4&$yM0`4dE0vQ(SI;bebKo40>r+Mu}tX`F%1@z;?HtJ zm0wKF1?8Bi+Jv(9Fqxe0RnIOOQd*qo9v|0cPwr*cej1Tw&2<^D=|P}BcBkk}pbv={ z-ij~;c4Xjw0jBr9OCtpM8Q&CODbI_v61WZVFf$ zNB5SIiGV~zR}eXxQMXygR>ntL5@5-u8+aOJAsAeBj&U#*D^}KUerCP@E za66nuXJ2!Ox|OS|=vG!o|9r7Z_h*fN;<97LnCh@7pUoBpE-z$2B$N>mT9Tr!MF!L zO1N^dlB-lFk5GdK*RQjnu#$3`+Xv?-)8KMYxeJ8EZrh|#ubN~`YRP##Y%b>_pparC znz`5r(O_~kUO44=)aYm#5!v2|69K$^)NIKxR&*A~R_D)9V+FG)EyTp7xw35Ad-p7G z{VsMNMBocW*X7k!_4wXlJD4ac*;n?iW_@!WuBXJ9pN4*a^nqVei<$v+qS&>-qTNZ; zu04CZG5YgW4og+j!Q-^5>WPlsJO*Z06LVomN>*f#&%!j+j zOtP0EQ|bkn3X6&w17OBL7}{;S3#<%tSHDbeByw+N3l_{+Wx63?vH=k*qKd@Hqm72` zvm3WFR}CDA3z|Cjzi&stX&}qykF*lr7*&n4ZWD2lPLHn{8^dJiTQenTjDg+o1!mh9 z{sB3SU7J6>T6CH{=P-N5u@Zn7gb*Cl!PeEInZktuBPb=sNqhO^!-qS!`4dH2EeP-RY02&=-a_wizw*B#(T;@kPjhZm!AW!d0 z8|599q@U5sGUx>T|U1`fmY`C)fLLJ6Do>k7|t#krQkSMv8h6_2rS)ih}q*N^zQ5?FGyR&NybmR@`{D?MM#^TkB;&Ot~?S{qKfzM z)wVYXOl7VL#lWas=VfU>*}1n#d)j>{<$*RA$VVf(oAwb1ZUrQaB*%+@oHOhQ8yDqI ze%H#IHHbd{V|e=ur$G(4%Zr%j$oPUb%nQjj%!kkM}A8_#vm9*t6 zg8js^uS5Y{S@`Zr44fhuAu1PYH;r$4pL34+jcE)!d5663}Gaqnvo}T-v_xETitDUIr@{N|Z-)PD5SAh6mt&V1;}njNlR0OSbUMEC#Ayli2Kk)tHUyuoO;ZzpYsy4 z#+yYhnG0%0!APwDjOxmK8L@IlP4ad2!350_je###dTh&_@g&1#)u{APiRoydQwsBH z$&xy9nw|cTlxY?B2JCtq1{ba^kP`{IchQjE!LaGPnyG07XZHzPb>FVpxIsAhx!L9o8#+~*PPGlQQ!X5F9tk0<%sqIK52gzvkV@QIX(HsNw7yB;O#^p2gSq-}MxPMm7)JbrFU-oaOQaj4dJ@8#B} z13YTMxrk#*lc(VgbI)xuG|zRAPfd7WZ?V3CTSX0(XYsVFB%78hQ8PpS zA}Lu)t|Kw`K4t5gs+)7=Z8CrO{Kh&U8Y+tnLQUC)#&`Fz_y?S;(+WZgP>Bh6dC?yw z^!yZG#Y>R51tU7Z&6Ha}xc;1yVt|(ovo94fO>DRqv|mskb1>?q{stbtvtKuixeHLG1E)UGYLHtOCsjyBdZef2y_l9>yD zA0UDOU&4#Hq&nqmFa=ma*O7`Jpayvib#vl|b}lEKx1h>|*r?k+=PP>jo2joU{E*gH zSy@@t?CmyOKhqs{?@F}*O>~)Q=G6C7$LB<-Ye8%34GUI8FdBtPLJI>aF0y7hBHB%W z!P#1EtY)DtW6@QrA9oBbq@yK$Sq;sdNEvDPOD7m^f`5Xm8e?&rhY^iouBjSvhi!8B zGdlw79g&Q?UNH-kLh-Pnfkv>|ihi(XACuh*>Out=DM%b9iStGs2^IpH27rX-4et9? z2_FKfnZuJ-+D^8PROIQVgX`pWF+Ov4P zf?Fp<7|=YuV2s-2hLo+?04k zV~t3m9d`$btgcWFNGEKx1d39l92-Z*8keBQkYgC1V@aQ571Di$SwCmgR4HLfO5f0L zfb9?19K<^zRKVQ{IBmXRDcx#M4p zF<8st0~`Q6>d_AZ9IlmHH(hW6%6rmOxJd0)MjrGSdCI{crmew{tvMHT7;7Z5W7%>k z=cqW{Fi8Kcc%UL)w;g&g#G0de)-Y8{1?qT~daKRnEYUg-*kY_T5|f-3#p!4vW{3*W z7tOSL6j8$joM=|C%Skg~po*ubsm@rZ+mQ+pw4-g+xDf>mB3-uM&g%&B3|JOjR(;#H zKPuCN>hJs;pqyz|z@}m*e_S`g_sHF*wcn%PY{tulyiqJD$DGJYcIhG$q4${HXQHn644W@;W!L=Y~M-Hz;+Pu(2`!EmC!TW?^{H?QxoZdkl3`4>d#b z?8pyoFU$4&-fhRvA|~M=+zh<<#75znVo1gu(}}ybbRD?|qiUxMT%g^_=w^%<34k}) zUWk)a@zYaXMt~2D0ASs){K0$JpS?hM3A%XpYDmXnhHrmFR|4K8D}zN)wjg*lRe{Z= zJ|+=Sf8@RWv5k~yb+U#)7DeB$f{El}Mc+gN-3&chdA8SWzHVtfd~$Vcl?lR*`weA42qFBR5&!Cz~wAP3C%b~0V4Yq*$u-fkXkv${b(HNV&|7jMUQtQKA4 zP8C9$9jtHs84a@o;=3y&O{yhMNgw?QQaoibK2xV@xk!t6q`suWe;2xU3~poxz8x8! z-Rx>Or)wR3pC|8`_vs2lkXuWUnTp#xn z!dt`*b$vlw{W28-j)QhSqAY|cS2(il9Aa5u?$2RlychSN_g#qvfSw89viI&M#F1+~ zR@G>kBH0q8^=)eBJC!+ph-Cd(q(KKkI(hsqZh?b?yrNc*yjrX&t81^9|I}5QXFL=|N^d>=m8kEq77{QIt%$V5BQ`KRyb; zOL^j~V@T_N=Ctn24U{^Q1V9}wlg~`0W64Dn(gBZC{t9XzEFDo-EtX_(4e_;mc`UzK z_UK`uwIZPWy>iDNZg?4DNEa6;2UlGOzHCW2)qEC1Nei_+Me}IuLz#uJ2&PsLBB5Fz zr)D2MG-_<*;ktbp%G5ZVOO3b3g{?o*kOw$H2)F`5e$bOXnF_iR3>QW(uqrNnRLSC* z8miq^!*Mqcr8O2BbBdHOQRFwJ4u;A0J&C~ihdzSMXnvc6!Bc#L-C?u3dnSyzX>^CK zjyJ|Qjsa;T5KbFO_4bkgdJn}e(jXoz*DR|Bwz*E#YEN#Cc3Wat&qOJ14p6qId`gg{ z#Xt@5sI76*%q6xa`F2mw^IC4(m!BJ*EvcNovyLlBTwkJ2N}jXWGU5lPpY_6h#?Vt$ zP{H`)hlS^R*?Sl1Z;*nT)}>8YBjoOkqK(nk0dNAr&Q1w>fulIN)7`$m=Y&lZC`_&2 zNuj;(i~X-~!v9PX{q-#aeSCau2oTuB4F>tl|Hc4}r4M2VPC$DCfJ6bK07DTy0Fx=L zf))z}8ZogRab5vMf*C;qHSy{}5|QCC0@d+KQNb~SFi^M@Sh#es)Qtp6FiSllO|x=% zzi8Y&f`^}%n1_Skmsk)EX-=K~`?y>$Q7d0BUL#*C6P%HgMWl_Jn1w}bwVr*axx1SP z@<$ndUWQttW^!735qyIXqn!HEU5E!|7W|Aei2I!?zy6MDFl5{|M-id@Q6v{n#*~>v^1)lDjTR)Dwq4p9aV$ zkF-u&RXi|c?@IrbvAym^Ow0kw>o=q4{@BGK@>;g=@N?e_w)YEPe-Fy6RWUZVdity) zRmHus_2ldrWr$-&mP_cEFwlkT(0EFNOl_89=-6PeKb3lWeLS<1umw{KE%R z$mz(qQjK?HQfrK6a{o6=PON-XY#@x!Pq??_uE~VvuG0IjYNa-?+ zrKyT%?0T{*`!(B@C))yQz_rRC%>IZiz%VHvsu#XS@7^j8I7ax~MVAZuEpncZ$GgY>wd9giw)s^2Vb;*>6SgUy^Q=D>lk4z=m z2SVJybIlkB8o6Gj+$P5`{l+5xO#pGXKm#29Vy_qjLjZ9Pkbw^XeZypsc>7A;SZAmJ zZh>%ZU^>o0lQ1x~8LG_ElKB)C%0A8VaBv&x~ zb$3o6b3h-Qd~&xq{SV#Zw-R4qe#ph_pzWZ&;_Zt7bay6!dSJhS`owRk0P1d~K(Id; z^+H~BKcS}8d4U@qRLgfOyEbd!Z^A=SdhLOC>tUdXZP)0H^pycFT2(DA49uH=$BR#;WkITEavOcn%E2|U>1{@qHrY!z zD5K9?N!2zos~kUAmR1a=LDmUYRdXw~hHTJ|+MipXGztPAJD(ub;{kqmKsjo~0y4Ov zf)7<;3CLjNr>!QV8ZdWvV*Bd`m`$%1my<%v&l%FCM4m$AIUZChxPA6J1^{)(2bVV} zAuBrXu(?w2mV3&i(K(avk0piTk9T%;EKTu8j?Hk6o3cI!W}fP@+$?bFUxBG^iy%bs zbt2bkb<14h;S&A|?>|u0$6W5Le+}Gc6E1fXVe$w1#!?BuML(rjO zeU6Q9g!$2&9^QfxVWJKg-trR$L{T_k9w1>dpru1!{R@#2M-goWAFAGSe}Q57h1yNa zUI}VSY=oGMP+GqQEnBeyq zdak;w(vJd%P-~09`zx(Mdv)p{J|BayPhGHWTd{xaB2)&2jOLJ;U@E zy0GUw6;4YG{2rf~tIZs5DCdx6h*u;Hrdz0DG9tO|W}rmMSg~Y3GXOZzQjLZjITFH! ziUik$fLoTp;U(qQTWlK8(b~%u?K4p~?>`NBrv+@s`*$nASu#Sj;UD6?Tz!U$DUnR~ z&}~Tf?SuE5na-F`;F_p$t|h|lkHpi1Df-qC6k~~_qAdcyB{4Lmf*a^AEK7db*}?4W zq5U5)bn59W#0)YIA@|o_Qvr+WwoBMiGHrmz(zhbx1_pGxk2A|TIoq(=TC5GC;%h~z zxN*>%dZcwM&qo#n5yqbk)DBG?sR|F8nlep5QdKpG)J0Me>ZmI!u*>aOx?^d6!OQaN zibo)3zq3`JGpd|i@ckG%23r6qcT=B}ecLotvQ%#<1F+5zpDC_>YY%LwS;}BO@T_}2 zW$VGDsP1RmO)Kq(?%w7_Mhl(@NF2dnDFo?LRNk8etE|VH*@uQUg<~xB5BA7?=+Ywb`hJZ)&PPNHlI3}@CZUYKma$vHSd z;b^$%v-Jpsh{pTqL&(suTKxE99rz&ds@I>&rO+O5z#2JKu<`ASA??S#_fH8Bnz;RZ z)b!euHIOLWLl#XGNPj6Jy1ZrH;Djhs3XZD4qz4Y;6-^~j{ z_dw|rHA|r8U+DOD1NGY@HtFpmbl!ZbA}gI+6s66J%G7M@C$QX}Zfb`^o!C-hyysL{ zvdo-?B}PAqUht7?kb6KGKLA(IU8KBr8bV|diRljPi6EoC=V=?ZP5sa~*j#-+558n} zfL#MrX#>V(I_2oVg9`L!iWJqRNwZhKfv9H}htlq@dsGcAw!_46_i&sExW|!Ppk4uQ zd4#3)CrZFWamSMX2wBkj;kmwdDFm6ddH~@bzY#V(rdXdx^h9{Psi}1;$>L(}O~c4> zYz-GFw@4xqc}_00doc`nYT*_x>i-(DAzS@tN26bsKZgFjI{z8JdV92t!I8Vsj#Q_zVK>3#$Y3)*~~3 z8k@o2I0SORW}H)RT!LmJS|M}Jf=zdDO%B=tz{F#D+(q%B8L=omumS8>b2m<*W2MPd z9=W@*<$6Ybh{?IyL5Q7`U4>>?hRyFc{k0^NxH6sy#AfWwr2XB<RZrcXoEA>GQML_g=L= za>vhGpIgLTC+b>Vb~nGt&^$!8F$Q_16Zb4MmJEvGT zK=pb874i(B*qoRjagX9cdQb5A?|W)2|8_6^ywKWA(cc)!!s`b@aRJtdZ(0}@D zwOR6kF!V5uCn)Tdzg+$T*nrk}BR{HbmnQ>qrGLFKgBXPwGxI~$v_jSnj=$Em#i3I1TL=F3F96TUm5V-IG9Os! ziIow0zpL^q;NhT;N^-J(-`)<8T;Z>y9h>A9itCgVL&C(Lir)%7^O(09l^!mpQ; zMNU-vzZK2Te|grMQFxR#u;mzpo8L7K+A&eR;QTP0$Dhdik8*Vab8W}&av}UE+es2I zI_K(c9_KP=Va}W7b!BT;{1JNVQKuiZ4;H_q7MDwr@PnOw(C0%!aj;qeI0Q{oG6E`Z z>B8td$`qj&?w|+4`<$C_`U+;nbGWv#=~a0)N{FLza4AG^?u{eRJ2p2|iML~jUVUg- z{^GoG1hF$&<;s@a)65L3Io>B8j1~caYqqh?L%&9hBIe8276?VZTB4J4dNsa1SUDvSE*9dAjAU>Hu*MP?(8 zk8TCs6T>s8MK-`Q6&n*8!L~H+N0ZVldtV$Y=Su%LVp8xwJmiDY2K#%~GlF%VI(W~> zl}iUQ;R}UhYh{KhmS`D-c|=ewc^ciK&0%e8o5|KOf8$={aEsg^$Uv8DH8l;~p45~3 zFIj=B8P+@qGS0ZOk0oBhUWIG?>7|xHEA6yM7FmEN9*45uM*y5ejXgink%Cu1L6ss5 zC}AN0Rn&1QR*b5|UI1u_i=x6cEp@^F>Rec~+@4JG{*!m)Xr9wh9Mh5=ReTY-y}G*U zZTp-Vuk4&L^gH7j1HIfsKrJ2q5OUPIB$ItogRa_erF_rB=4-v3rvZ8o#1vfK(aIa# zY~oOh;e1FR#@xMsL%qYqnpz_x!}aa}wasUWzp?L}k5cE<4C}(rJ)S(q@3@yH`Yb6Q zUWy(I=18~!f^636{^M0kO#E+6Dm7S{UvFs-$92`W<3=3osz5I5?evtugHw1K@>gzQBT>$96jO@&2%e5H20aC0;)l zYoA)V^lcY006%K$=)-wcd|8f(KoiYb8)h_`QHqms{RoD*ig_UB~ww!ZRcsO z*6o&RjnZ3I?ZRMz1MMi{o6fj?{INfVVKz0y42=k18>wn!@ixu+mQ_)wjIcH6Q#W;= z5CGv{5^EV(U@5&l1H!pGH@8EdomG7=zpl0`@FxGxnepMS3tOBqpQaBhl!=atN=!S3 z6YnFjk{94%RtK=yg@e~F3p1Curi?mOm7S|4G#4-iWsG1kxA}-{a;kY$FIBNCiQ%F~ zb)%Cz?s^$A9I`wU!40l^B8lov;z1@rXwZLs-mgiw|2>?0mw#MAzj}_lis7QH)Nj{} zAJo%`KjEP+j}v7&WR&^R)E-?;WpmMSMqJSOiD_6RB9`G7tJXU|#j5P5!H`umWs63& ztK(GTUXG2|Hhr)Gv|#J#ukPm(NiLrKa2<}rNPHtiBHSuN zksu6|4~KWa2u~s;!338snbq`{sFJLdN8G&jJryZ1e44pxJj@M+KnW@bAgG+8Y=?pX zjWnh-`h1DVaP~a+4KgLBHw&TCbWGhSYJ{i@(UllC!Zt3DEI(;{SSxQMJRCnihmI>8 z+=Xi)!vq3~YAeIze6rFRRs@3-d4F_rl9?)~Twh1vynL~SDrGHP-+aQ~n~nl1&C>g& zbd`^qgi;K5DH_x8J>p03!&6AJLlj&f5a)X9NOev=!cqgrSURzsvr+{Yr~dpL45y*! zi}k!$ZVC#Aaw5A4n47KXG5B?Recbc5=}BFh&;xEy8fND&h(0*JKZi%Q4)&ZEj2`WJ zmU)H4w;N)_a#*AU*{KT_68_OE5maokyIsBn?&q7ocS@_BE;48Ll_Oe1j~f~?hjmi0SUUrtm&$q zfkviVJ^a3RH8r|8sk9g?WZ2G^vBnoV&Tn6nG=zlJ)X=>0 z7gfRzmYDGO)$;jKczVEVB9nL|EwpFF(T+0A(N^<*L0 z8)3ZJ-(r^VN(D4TqM%f^`@o+yQg`K-J_H?E_ZqND{Lr7_<~hMBnJp&2?6uCIr$Rt; zqUEWiOG5~hZKcC@`bWF%rYd|C%3DEiWRtp&8Kp%UyoL5cY@ZtlWTa8H6mSmE|3G?7 zpt>(01+ka5EcKZ+?}TUvSD!yx5C##;tf``Ku5Ir5mY}pv2KIX@aGiVkT;5|<7htve zWPJV$)_Sf@)GX}Bj*#?YN8tURoX#$WPUfaAKb%Sz3;Tb|$p3HPkuhqL_8Vd-$1s$U ziKgVb`!u#elnN|{7qeSVkcs)WZjGve!;}ckpu*N-NVayEv6rI>a&mEB@Q}08eljzl z?ms114tsuVb&ymey64-PekzwV<9fm;?NSUctEus#$;E=nZVdvaf|++R zZAChA%o)Lsjl_X#lnnRJ@Gm!;@YS20Zbu!vBVJd}RnM?1G*vf+LMhW%I(>@_bk^2E zJZKDCI?!G@-&6hM1i^dAcCX3EJBP4#P8X1Ow0Z~6$OAR1bFXZr2;vPkRUt@1t;{N4 zG+Q2vCJs8%+=hBE`w9_(f4U9YCY=aXLE<#iLMk(-eyc!cNCPIC{xLwDTwed(Sc>Y( z4B7Bd+kp9Oz(K2mF+v?}zG0ai;vE9HboV&vR?3DP3u}%$O^u<1J{TSw4M0Mk70XjK z3byI^j?HTsZFx@NEb?nC-Ra>^vDNsn$7cVW?t65!H8HZdjMlkkubRpA*gc&RhxZg8Cs}Xlwv$>;FrNY&&CXzn6NU78lGC1pglyeEMjym7q#-kuF;e%-f6HSj-F!Zj^?g(%F+Fzvu0qN_iAAKoE8b%COP6K!8a zBVTtS3Giz|P^!hl3WTUbzDeG8Rq5_)x;bk4_4bYim>+u6jpG~WF5u>4W64BFYu2KX zMpb~?AS)s}1K!?#&ve`mA8*VU+GCL3FBFUc4vyewfz)M^iP~*^}!Q9`oM>cjksk;8`jxIuyh?+Cc1s2rhOI& zWJ7RH>KuS$5h{pTnEcH^fr;2(uqaTbI=h5&>&ZKp(qNx{a5J;NsS#e<`41shAhKtQPPh(-XH!4X}&$ zQYT04p?#Y$#N@M`g=`!n zLH9mMFgh$5dl%5ML!>+Cwt)1BkDAuMaenB};754U@KCPAP@#@qcjP$&H(J5)^tcXN zg{;2dY)2VqY3rqInwkLz7kDUoFm9&T)ze7IN~vFgu?6X@5X>k)OJXU)Ksa9^v*PTt z+}GXf`~mzC23EbU$A0ELi>JL^q@gCT3*2BpFUf#CSflAhyv=^6leH6M*tSp|&j~FB zPY6_;3>3o_jBG7}1@KVcVv|{e6QpbbRH0b{*=MD?+>~I$pois}tdRay_UBIawCQ*z zi)qY!7MC(sLF^~mH9}pH)s(-U%_zzRU&(4ZV$x3v;$GIlFKe4~w@Ow4x~UxglHPa4 zvVh9>72mi{=PNkiZll(P1j&LiH@1xJmeCEK{dZ>4%aB)}J=W6o{4Ld}+7qcNEq0+@ z$yj_E-F(+M)L9SiS;oXlg(P$&Y<&`F)&;8dYSm?O(A64cOG2+UR}Z9}Qz4=f65gWB z)M_(PdGjYNmumw+ToWvuR&H9oE=!{^e*+5AWQ|uZ%MCVO0eUZL-3r(+ZShR00TB?v zH5j1Xdco+IDgt*7h=VZ+UI_PPNT4^sb_cMbQsp?fUUdFJ^f}s1Rk)_}TH@Om`vuq3 zr!p@Uygmv!fH+TOyr*YwxfINYc+Oi7M07nQ)SPn7Y%UuOSZ50tq!$}Yc|3$vB!0Bw zh90=v3Fb4^9d?F^g<)(@-R5pWE~yVMjr3yYy748`O@N`q*e43h1hl5njz-hJ|5E)f zBIRGPevArwKiUA>|D^gk|FD^D|2Lw*Pc%&I0t14Z?|P^Ow0bOBHq{(Ra4W%JT>Ngc zke1`wQ0rYITdQO3mRZYqj1T%C^(|bdKy@c5`LLyWIhxJe!zi9tx4jvkTq$SY-Nofy z=?x=c&sbH$zGuwDmNMjm{?s?f?->U@bMhlL$PR97B73RQ5qL3DRvx--;@So*pHg>^#bb~nVQ0+ zzr(rwbv$=kPfRIgjv|l8rIpc#t0zj27|E`I=%CNo-w9XnY+@RZOM@dj+p9SFmS9W} z3$8UpqD1o7t?MO3BQwRnUX2V|UhGf%e*YL8EC#w<8dJ&>leP1;!!ma1Ao8WJ{h>?? z?uV&Vnwi*s*p5$DL)72)?;KwY6a#)0^xm*TyZSNm7;$lxJ7CN32<>IW(JqWei=^R> zX+&gO5R9lGZ{jBuhVuq!jat9!niw#US^+NJBPuGbIxm#_c=KXD76bIw5QfPBg{)T< z{Sp3x*J0ZE>81ECB*$1CZ*U=iG1`;*=khyVYHsM!4d{-k@S+H(VG|2<+$&gA8s;%} zs^r#LA~3s{v&F(W``yH!?hlh&^n$bQ02upBWBC5uyZDSRFH$cKrh*wS5r=JF?Fl@A zegTO<^f?Hsp%srgIPpne>TZ72Y5ERl!iIf&?U>WU73hP(qt_>!`Ta|4TiMdCTlMEJ z+5BV`}`5FdBUaCsQ-$|HU)eRb}cQ19)gp#@x`HVa;cR0)Rwag97Sy z(1)|42t^Jnl8P#@PU4Tabhqx#_m_b2s8!~V5FJEC=Mpq16;|5m{Y`uwh7S_ zCb{{$lD$T$o$wm{UN^rz@}6?R3;*`;Z9}l;eZ3n!2g>B;%J~w`Oy7T=d_r1)_o&KQ zh>}i*Dcee&lWB1ln%?!KUkC2?;nW%6F|ovH)J#PkGyVjh9Y>w$-1m>wu1hE>Ab89dtVhsjz16Tm)n8Qc_YTTlByN(WzBfR-_aRNfUC) zYD%@#dwgd2@PN1(JeU@+K?Xp9gD&B8EgloS|-5u`=b4fq&z zh>P3LI`8+qBd2I6Wb45vM`djs1dyv4%`BImmb<+{$0=vURnt)d){>#UzI^Rguw|!F zPt_N_7pA|v{PEj<-hM$S4>%6VQf33=m);rG_~}+O+m7*xHQ2O~ii%%D{zb&E?WzJ2 z4%VU0-DBP`UFE_NIQPFE1@c#0DFLu(Y%MwgFo{MNQf%m6uB2T`K2;n)r-fpORxT|#SJ}Fq5g)``=K>i*~L-927 zX{Ag_)jt?5Ei96JiBohg)eaz0XaR&PJ8Ew88MR~Pu~2_FnktU=l!alTi|HXPxf$w> z($;(ZUeFJa+_+k9t>a19cXxxbZ!)^n<9*+^N{k_>YcOwJ~; zRXoL$D4YlCLX(8*pC05IkK-1E6%s5R*Hx4e9^`Kvc^bNX_7<${{v`I!P#CfMV zRe3iMtbth-s@UmKO>;2s*Zueb=wY*~O{_^*V21BmUvej7yd5T3w87JFL;=V5PG5GkF z5%;nhngC?S2ksXelM84>5k(`uE|P_+wN&EpIIb4~p*=zF9wU;?1$iV{ZQj|5gO1uO zN=bI8fw}&ue5K>2EE0zLXCt*>>UN`Hf7>@^B64}8_W9l1NzkAV{brcHLTyfIyo zNSZdB`@>Wnl5XA<~0e2+&~q=L#PBsnb1?_uv37w z>R~ET<)B-D>Jr4x)+42`qUWKtV5Hi>yyN9655WepO#Y0UA_W^_l(`niAcF-O7(QyL zluOOSCbzLkk~Y9QNmk3zRdKZbB}>!QSLI?Tra@XYRp2b17=9?<92Gk9L%2_a$aa7c zU6w;-bNqm6;Trz?d3-GUz8^M$&R^2fqpz>8+XDsEgrSiO3gnmFl($E2s*3=kNtl2) zjBxhmHL7zdT>E~4s}=#HcT$|3ssy|b^GA}YtNNDLi2Do1vnPtquDdXi&0soi=44DA z{VsUhg7xj5C^jpf!f2pVP1M&nt;dJGjr;?&M$HS3Lu{hWO21r)%hy_Ii*!TvZbdiI zI0jjj&gB!72&?6lz~jgA^+n&Kcdv9wJz+?wRHWO+5<`O$#i%aV3ZFfDgLntQjHqdD z#K?)h(jGi4#e$n>E=CoFgmeB7?M|baG{PG!Wa_S7H+x)m*0?1+2Nl<@3LQdH;J(@U*ssk4(?z&@sr<{0 z14DapZ2q)8Qp^NnC;~890Bnu|H)hC!DUy3?y}yhC#Hw=`#}MoOu9+x1n5ZV;I8Z$1 z&#A+z4QS34euTx5j;Z;=nNpi7FL{-Gg%4?|yI3jILSPP`&->+=q->d5l(`QA>pC9D z6yz&L5r+nta_tjK@J#p-Bs0o@+2*QRh|?SeC+r9_D^7SQc>n36kC|}eBQSR--$-@* z`yZi0mujiAutI!Q>Omo+R~1T1_zmVeb9p5W*TOB0%aMKK$x`z$^RwhsJrK?-Y;wBX zRK8|M6%FM3U);p0yGkxY%*O=s*fKm!p7p`}2!<873rc?ac_9tzL*QzBE(wIX$svgixW1MlB8) z+dVv;w{K5JpQ-$Ov}o*6)Iuh_cW==GJWn;ecWU#_HzqK$fo^Q+iJrW@*G94snpAtd zn-=)NN<<>DZL=wrBE8<@c6CWM9z* zaYUxOJTGNdP+BY!1-~Q;P&egmW*7%$?qHnoaYC-GY*8GzfbPLei)?{r8P4K@8yL16oi4>6|48`AukDG_9NxdiMjU4IbCW22 z5~KBt_nNl~c*HZ*VCeMohq$AY`zv@%{?B#jDBJCV>u2Rlf39_S|4u6Sf8~MyyzH(C zQ+5LcF#b0@At`!Xe~81jsIF=!rjwol5`g6ljS&oAZmz_Y>Z>-!heF{G;4L!6cuQfN z@FD;+lI|!>_D+Wa;%G2{BIOZRIo=7Dt>^?+6^o()=L7Eh77*tF+y(G!;Ttc(qR|Eu zW(<^2xW>TJB{&ljT5PS840&^hip!L@o8WD)G=CQ-x!ohGVFWwTXua@?n^*Ev^y7WI+v-~(%T z1&sOh!4FQ;?8>&@b`x7GoLu3lrU4h3Dg#FCE;krnj$ z7w#t(s7=`P&pup%0{|fXcPsMG?TY`rFfr;o{{SfZuIM{TY0it6>+E6za z3#Rd*h~>{C*)}9d1{4`thsR}_dfN-KrF!itX{S8u9zya!85jQyM=ktW_%q+;<}8tt6k;lF*}$AQ ze>@8PmM0NLApgYt!o%0c%SWw*~6O6?;P4 zQMq78YwK;^3e`bz71VVw=r05XEM2GrlI?R`2aC?Wn+_JB?;tfG5-l&6=p7n)>_)rg z;F=WI&R*EV_adk%M(TdkO6aSeLnClXCMw;`;lGf&YA78=9n_Ad5I#CP28$rOi4e#Y zvA<(nkGor{gF1Q74lTEKbCC?9w_X6esrAtz*XRZnDMrq&Cio^)PdwQo86T0hJAs|9 zw{ww&SIQ4V@wwsDZm|gn#z4o&=)v&aW(S)Cvo8HL3q=|&YjKfuuX}MFi1VpYSC{!t zG)-abLa3%Ah=bx@XS0h$SCeR*5|Uf-@`K(!sfsYs0O zyKz8J1<%(2{NxTP3W+=YX9OsyM};DMWZFVq(|`Jd_VuOts>|&&D=X0p7y_R$=?&HY zOx}bdkCK>Ce5r@PC*jc@E$xM+I6{7N#VC>exjG_NL?K(D9&!F9VP@*DEg>Z3;Iz~92wUc&FDJD z(QoGJ+Jocn6{ui&8udLeQh+f_QXm4LhxuO}b@cy)IN(nVx?f>YoRY9-^7? zeU0duLZ0sVG)y1RQ9{{_i=RcJq&1^1{o&MW%iyFiHnRj!FMj1(eo1LVUe!Czd?pip zH9))Z7EF%%Cl?x<0A}!&;C%5UIY8yTOO;6jpq4f&{ST=KXA-e_MOEIY(lRx z=Q9u0iu^${$H%H!*y(Bpqh+PV{|nFiO92#5hv-N43?kwpUI5m}NE7N4{xfW0^ zvgV4X3?IT58H^(88)5^NpDNL=9~m+*?K_}?Ir3Mh0)EvSXWCSAPcn66h1blTSs9Rz zh%r%~Ht7EvIHAjpRFm?fFFO7_qsac-R@7mV!6(Wpjr3t# zDG+ShMdun%L5GMSAjGgnY$%namF_%)KE1+{Wt5wdP;B1}Mzb@RUk0dOZNqApl+L>p z;uJ2LMUQ%~UFfmh1sGP($$wCV#de5Xv=VeE9QLan+XgARf?lU^*0s~&>s2l%!D>2o zcCC%+rrL$try}YxFdTix#jm#UdQDPT?NlxjOd$=wmZHBW_o(U;qddN%+;52_tiXJV#pdQqAXlt zxQ?Dn)7Kgvmo8q7$JAU8D>Q)l*3NV#KS$e=V`nVDrR@+|M*46V3x_w^$*0Y2y|f(1 zWsmbE)TbpkcApN)izH&6z7E+yjao9|%uyQ%8G@vjg+7t*)}rjfD!sGTsPe{* z{RW3B7V|z25rn?+uRrHySAPRJYZQfgVOcbG$U&*rNRCQMKNTUOSsui_2qAZv=hv=d zC~6Y1OFVisr#RCl+GZIF=S^X!=ql}C{ZbKPedRpwQ@_3T{p}6vr@-ra6aK7{U&-5_ zyAX81!qUII$>J|>0cUsemZ%M(@n|_jmD;1Y+qxgdtzAJ0Rp+bDG7fawMAPY>Xf}OL!&vV+0SIjgO7^ zO{AyqjM^G`nUK%LP!wspw#y~C&zW!1K~Koe)!u4SfBq@M^InwCJfJ}rs+VzV$Uh?* zb9_aS_@*<4^EBI-Y~tQ8*d6Z0-WYq$1N(hfzrT;jl6ftZ4*nJBYGaX~uoYpQ8iqT< zS*DbS{547|hvFwU5B8t$tmbP#7g9(704YDjN&Nq^>1|BS4UIkYolKqWZQTBE)V?b1 z@3@U-)bA}n&;_esEqQQv;Zzpw+Gnhyv-N!^1&fI0lq6Bno>S+y_JjPX(?8U9fq?4bEs4*N7d_0ErR5Q162IXj&2OP*{ z0K97K_l2YDtdrcgWb`3QGS`}96+W6KwBD8)q#MB$ed5jHbDQW=4AaMLmu|%lY1zzo zoXAbvtwyk637k_~q%bA@bk`yaD4aIM8@4>LVLs%8N$mLu<4nvu=rLA;0Jf2Vn{+g+I)tjN#9#M3M3Y@s;y?4Mgy|C zn2gPa{-nxINO^Gdie0L^sx|l!%h%S`gLDCC4oz~WPj%E!8H)0jScoo2X+9Iz6Vvym zo|3N0ByI=Xnj|gqbR4xt56bjVu=;A)tsU6 zgydKBZ}zeiZuilK<)(B>pt98&u~nk2gB4$B`^N?KM~6uNV2KgSw<0@{DMF?6GyAZz z2eF{W6Wf{|YwWl+)=_)h3>RcC zi3YpM3Nwr-(ZBN%b+y697@2HXBd#U^S!*!7@z16@jDR11V{>U28u!T)N-EZDz!IX0 z*QrO(fZ%8Kl9FKSp&Nf#S{rIiOvo#OIhrO7D+Kqf4c``SQNSE65bDc)s~J5(4qV!n zFLg7il8Ke8$M%;{OcY&xDuLgA0W^#fyy+;Ef;dpO2qnVlTg1miqs*)t1ZEQ-Ku$>J z)#@}Zc3IeGesR(BmYiet=TuEa5<4)J2|%L*5}bK%)=BkiQzm>Ad$laE&(f*qg4@8Ot2Y3 zux1ciP%jaieAu=g>dJzB28fCiJt4U^|Gu+z?!JsbqjG)hh#C1d<>#s2URSMv__oL+;0jh8_}iF9_R{&Mm*O*KQWn5;2Foot0tb+M&NzUMevO$` z-z!NGFG4W>@Y-63W3%oU-Cwzw6-sPZ@{);b{M>#5ZH(v*g2KjQ|0$6ukveawoE(dN zNdcy9)inSCt;UgxYcdxdz)WblNenY^z8!sqRQpvVmr`UL0yU2{N*vVGT_a9r5AiJF zCo*oJccq`|xuqs^=R=g@_VNYc8E{dn>+f^N7DucuiH6Co+ne7mK#-rBQyFF1asZ}u zn=lgDVBkjvI#jOaGJ5bO%vx3=> z3l4>OumBkXPUVXAc{Eo92R?Rv&!e+?DRI%*L*uU&wZSmp*!9W-?eDXgYKHzHYjoo!*+8U%?F))Y#IuKS}bH{V$ zj&ewh^J@enKBI6#NSmX@CkK1^w5f#=AE)p4Sy{f30H==_0q&wrFksbYx$Goo=?b?b z=>}b3;GuLvz%p~StZ>LO_z|w$i7o=uEv!Ws{C8pE-oPayxniZTg!bG{Ij6yl=@C5; z!MmQEQoUbzr{vM(3_RW_R33jA1F`|M6}>%oUyN3&aA^V|7vzC)XoHOCsZ!v%*Z8{w6OpryY%`ap&=fYxK}XRj5~;u}Gww*P<7aTMT}MT^J634{*gJI_kW$TdETP5Gn8D~xn-?P8{= zGcX_e%zMGecBt@qj};fX3Q}*wa)9YKC1T#sO9|cl%Q3}F-I^&g6xZd}LapkyFU7mrOZOWE1abl5jQRSVMmP=HpxcMM_yHr`;vIdgdc=-LV70!Wm54Y&f1c9D~qO zXq&EbsU&b^I5iyKNzz@y$)uEb!rSVSh!VrZi+OV95>xKat6MRd6Ie zfQQ(T5Y;OnGq*4${jORQ6XJ*h;5+rtZ^N!`(C&$04x!Y91vl|$K=|A0L%YO)MPx^a z6JxFoO;KUb)bSQyWXa}ybuX3gFdwT^57HZ;29yN)nwH2b?OX5`bN|Y~;{1jr3}=(q zs)aA9JLJXe-rV9NU5P=AT$>5Ja6aj)S_x9c9*@ExK8S!u$Lcx7?o>%ts8UK6^;+%{ zl;$$LM2!~AZX;YgGhPR5+kwXQ;rV45?2zNnV^HhIzC2*D@!bsoMwniOTvC zHh`N#FjzS|cciXVxb2aYXPDD-AfyC-(0(c0g~%plpGIx)3T?fDNJR zxVnO)JQ?VqBN4sUb&dk3&^=b%bKIgFWX>q{Ag>Hi^N%@)z%$e85ku1N#w- zBMb6gaYmd+)r0B{^Ak&&^D;JlIJi%7=?ZI#cEJL=zxEP~jeaP={Dcz%ci$WEu2&Rv zRMIL_Xv5$2yGfnx6&I15rbc*rxsOV&XZC4fZeQ)X)gJ@YQ=UMbzw=}H?OZ==AW0m# zl+pYc2x$FJ8HAQlw+UuC&PY_$F-*Nf!$trVPfRr-5m%`fm{k^c*zl1hEiWKypaIn# z8(0=Yiul$jF2@cg{Eem>lpZ9FIKs7)^DlUaYeAl}+I)P|@gMBwxha!eQ|NUoQXYTT z*K~%;4&G^d$Sy5(Exuhdy(4@5dNAu8sJ7ncQ4KNAD+$T_nWV(S8J-o@deS7~RalG^ z7UGbtz9<$|emkT$Vs^Sr40eu(2pAE!MPCGvU^WQQC}=Yyx}c6j58=DZTeiPo(iu}P zSD_u8?<6QN*B(~a;7q@?1tEc{v;zKyhBhJgyk9jPx})c1hL!@2M%;GICRd11Ejm{A z<24&9?`a1{*8gwd_=7oc*a8Iu(71jw%Bo+-i{jXJnFE=a)j3nh|*zv z5}(m-TUtZ9FY;|<Nb z);}q&d;<{-HBZok>dGDylok#HEjw}~Zh{!I*>;ks!jS?#@C;ZJ&ZlY~5@t&`@1*r_ zxcpbFzl`c|MKXTx!^$87&%Dc{%gj);KuLioK_DY@A6iS_%U!U-@y2bRFi>9weSplY zA}?EMe(zvR$c6uIObqiJ%2gGLgf1gRLtuuruki4=$1v`6_2>Y(z_nc(#e5Tk-EFSea9qhn9JTP z{WAmeSde;w@|LqfeqMqTawt`E zm1IiAW_Lr(HC>W>1pGJvf7@u4#VH{%n8{L?M^SOX*EWNm&-)3|#mJP#FJ!QM^qU!+ zr?KMetlFVC-O!YQZt6lt+g7b+f(S*KN|UCumz7yjG)Hk;&o$gwjpatAZLu=P_dX)L z&j6nsqZlv#WlD4Bv)UB#fR4U3pKhE;O_0TF(bi;N*z@da{x7m!KMqj+&QCs$=JHgEs)&p8LVapsfU3q@aa04uVGpdg!CAO@Qh^X z0;+9fKiO-7%Zo1*N~@-@fUkzdvUggAWX%O3t#A$uI~%Q2-PMl z%?AN#Vj>Uo#_ntf^Liz1LR?(j%?I!F+uK`~*iyZsmPFmO>&9V4^;CtDO}W@%v7M=+ zgtvp6udlD$vxLqKN+)&Xd3>67g6c;Xm3F}|RrSgtsR*&F3hgE|Bs?`Q(sQb?7Y|CU z?A0dSLL`6&{^b$rfD6+rQPl&e`c_Xe=&I@IdmmlaDvI(eG_*SYmp8qp5iQG){PUhO zTms$4p4j(Gn*|jw#S_=W?Q*A>ti80D_Zqn~wKy;mu5T0YuD7EIXh64otX_IY%A%{E z=+RztdV7`gZux+~KLrMn6~_Wt`KsQ{oyaam$AGv~MD&+I_}Pxi4vVESOUSQZ02Ai6 zOE^31L(YGG-AHdOz3NpNWBJ4TO+V>1ui3fZcUL~tHyZ14z}y)xsKD}r;k8dy$ocIY zffB58)cj36o3l##7y(}V>H4AI=vO?WeN>jm$Xcx2bxv;gE<19<+DNIns_W=qc!x~1-8e_j+609 zgM0DgEsedWNIviT^|AEv>O;Louk-!kbF#Y9(0ba$mqEH|qmrD>8}z9*L*qKJS-Qbz zGQI!RBeJrCN`*!bD8=}0y(~vV=NBtaNx(z{AOaO7N1|HFI%=77_V<^@bwSnlfr z6yA8{6Nx(*0MkJ!$RDB>CkmrK*|$1k5k`D?e|Y73z6=U4eJ*FgS_ZJ2Inlby%x&HyDU{s}&rK$k%8pH2qA zvlJ94{J16!OZ!$FGXbi%4Y%NQMmJaHH|Q}lEv8FlL#8tp_G6% zR_Zr_rkc+r*L`Tua|@;b@Ve@|CF@nMq&?A!Eh%59WDOVBv}{G7YUVS$Dw<9(Vg3(g z?;Ipb5N>(4ZQHi3+qP}nwr$(CZQHha+jjTfw=+AlGrO_-UPa`86;&A-m62Irp7T4- z;JtAn?!j16I^JM$`R@CF8b;Kghs+#yq?P7gC)75w_Xlt_OyLs%?_0v=nxB2cY2|mi4nxsSw+B0`!W*z|awMdLZ!P!pZa!zr#daG>=%nU7Cq~V0*`kwfzvZ zNF3z$Wkm^8j=UX^I6e1LdW<4b-iT2nfWI0C{EiJU&wT|W^#j!MX;D(}u?0Nf+AjrE zgBD@>SeJbuG{TUZ^qOD(w)9+Dd;SCMR(e09`{f*}JR$*%qE!GztRPOq@%32)M!iv$ z1AL>Shh9eouB_Iu(||U21>hcQAW@zS^I|DRTgI7+_w~O@!byM&1jB-e7DZ8hmm=Vt zh8QNQBVn<{dHIzE=DN0(=J&FOQ2V|-2Np9rTdTz$5Oh_ux+za^SM{GixD*(2LGG>e zcZOax{tC77=$t|}(gMEV;2Ou0v#~~Uk4M!t&Ed}qt10;UBK@Y9RZhFV9yF~YEkML> z!SanDUOl~nC+#ftde-x`n)o?}Y_!fbjowK@#xZ@GRW-&76dinUC>lpyqCQimfqSJx zT3m$vwQ95d$aEz*)Lh)`ph6&J=dzC`QF6;Z_}D;Qx~UpIra6F!Fkn}U%t8Om9H93= z!>{f<=LYM>ijCLFt4|z%4`}(nevX2vzs3DqwayPf1n9*VZmf7B8C4zH&jm2@=E^F9 zXskQP4BVHBJ&lXQW_8&%==xN`v3^KyLpVmDWQdk)s74IHf0a!fSO~5v%b#FiaEZf- zt0(VNCuxe!&-S?kJTU=3v%@HvYyj8{n`Hv$~WJ`QTz?ny}1^1Qu|oi*%# zNEc;B|JuzS-TA=Yu`&)0d}DG99y_e_Vj(FDG^2R~acBylnx_oigahEVt9DNWA$^e5 zg$zokk?lnI2WWo^Yv0OKVd8AYRthvE)3&#WB>-l%N|qZ>(bd=b=hldXEET&bed9I* zcVA+ud)T;y+_JRA6xHRhWC&rL8cafH#{9&-{=lpjvEbS+8{IDe3}Yd8F|FC(UB-$R zI4Y9`*9SFl<*MuBpn;jBpD48IcNA5|ITm&SJ@5{NB1LE3e2&+NIiJUp3 z0k-D~x~FGHY5}7<_4n3jbDTf-3*zuVO{*yfZ{vNR+R9lJp#>lqS~YNSX-Nwjv0w0I z_c2`kZNPMjRQH!b>6cacM|M!}cZ_vmN_5&o2Vjd8{3Q^7I`G(I3``$@HpaEfWlu9a z$G>-r_u3HXcicg!mla9fkN zJT?>LCG2Yw8yhoxm)C<8tPB&m!UQ8T$0|1Ij&pvd z!TTbMMv6k9DEb?mB%RwJK-rff();6gPW+i$%UxC0C$t|0ofOFigUl>oI2Y{~Z+yBB`4plfCH>%7+yg>nR=V`6;9yD(0(LvU-~Uq$5*DWX zSE(W}tm17QdV}I;sf&yqug#E*praxx8!Xdrf z9^qlXZ;kVCoCS-OBax}lDOu|s-R8`|18exF1DUL`jf-mdA0E8%z%)=Mur z+>T6dK4+HoxUgH{bfzS>jHLHZh*p_u>2uJaQ9A^EOJa=5ywriKMVjGrg9L(C%mKI< zJh1OJ&d7XK6lwL@E8YxhGoxXER+RxRCxZs#^`aaM6zOtP)quoUPYiV}b=uT))cVPF zGjW<@ldjn21%R~N^ZH?iX}NMKvO^Lyy(L4Vh{NEvT(?vUidNsVTPaqayG zgX|Uz!~F(sw%dT2)Z0VEwCO76dz7@NePj)*B~cZ32`xobXGM*be0JILCl+G6wcdh; zd=GXNaIO^uO7Lrmt3L|GS@4fC+bGcQED)Bqwg{YR?nTVl7a8+9_$8G_v3!Uwj+Nv7 z-c~f7O6KmO!voqo99uId;P45YqmPOfWt1`qIeR}?W@Z|MEv}y^(q00{4cLb2 zN86V|u-F9UkIAn751FSXyQLQbe`+FU>b2T@{!KTxB;QQj8%%^fiPH* zIgTn04D)Y*w|H-i9`2mxS`m&sN{E%t4K^(7MVl=ZVLN>+=asSMHz#wQ!e@10X&48{ z7;|ozF64I1alLLLI0@&qPP2YH&%mnTwr+nA+Fq|FOS<{3^XtvRzyFjf+)mEFPjCF_ zQ4Zy6*=N#A=NlVQmU&^#kgQXN7mVkfiU%U6==#PiI;tC+++yx%X1&b5df6M9RP{%X z!wQ!d-nL1Xwi%xv{d5CA9@jUmB!wOEMIZ6>MuCpd)W?t^-o^vhD+3*MGwO=sznSK> z;neI>h{WWPqyf83G@r8a!-+GX84wJ=6-dRZ)z$eq`+7Rv(~t?MwpCIZ!%E$lY@A}A z)H+=0cB;gpl8L`obq^~Ak4w{Hi723@q*B4PGD<_TLHGu#E*sxQV#lYB4!rws)OEJr zXif*wcxuuhx#`h2Pe8!z=#wdaxJs6WDyS8xIu-O9y$Fan{#iwN6JxBnU#FE%ffIs=Nr0s8i3KqKpA)T&f!m+Hd(#Oy%1{N4LjZT}3bb&yttgPFZywn3t z?pY%4x%`fg(gPHp&OOBhVN9kUHF8ED$7 zS+OB1w%N3Gb*?|uvKyolwNjZvvbfwCy)zpEs|=g`({-_f9aGSLZ|QzR;Qjp(ww8A2 zW$$a(nRz66#}@@eGN7u^JS8jJN8kchfCQfzbP5d$$ln0{Q(AGCUzXKB?%>Rwv|T&| zvAhI@Fc<2}w1gGAE$ovUbQW?jZ*M>h6}+GDcEi10?UXfa3Br^zUh1r5ge!gd$e%Am z(iA5g1O2sDSU}lup5Wj@ovvx3v1UG-qd0+43=0IbVTdAY10YMqmcC_Xn4>v$_kx?! zEh93V%sjqpafJ=A`J~Xc(A# zBzknP(}eE#`93C<4wA*Md{T(2(__=0av4{vpbkkLLhAqu07DM@ZY%xt8T`GH#iV+u z8-6VpGXfObQk8_|Y~R1?%u^ggPOlwfB>9zH)GF5NH7>>xz6iy~=xDSjjjvO0K50T?eG)KD6g9O9QcwE!X(asZw^@mGI3 zgsCMNH}W6S-SIKM{0uPr9q0{tbSK_r2SmSns5u|O%M`scykjgDeYq)|E;XQC6kh+?lrjoV2v_eKTEDn^!!`AObW0`xLvnn$^7$$tq1DR2taAYvdG$;E zyhV`wUMEP?r5=@kzl-~7ww;5`-&Y5a8hJAM>@;LP_d~oA)nR};0k7?C(ycw7R8^1+ z$&^hN$HpxBwb2K@r?PBVkBw^0=~mzvLwpYKE{2FlJVn|nGQBfW8u7ntQ=Gj4&+mzU zpE~1$dxrmd0V*mn1Zr=xse~<)BLkr6;hGX)W`%T?RdI@}S@9}2Ahn}^`FHa&X(8=R z_fK*LuWhS_D|MCHIzAM0Tv$-sZ0E25kM36FdULabD}BV_^NS9U7{+@5VBJ59#~`xv zHGZ)Ji`G)5M)Kx>S{ac&v+&uf#EyvsNIC=aJC)H}X34fy)U@h7FC^Cy-xP^?wq~eN z^QR#AYFk%T)`bw&U1?}AHeH3*f^^QqK4k(FyS?MhrB~O01f>=v4Oqw(JvR79K4|Vx z@K^8)3?QFtBFCm#*`^pXNvg#}{_MVzP;CQ*jfMms2Q83JoB2SQd7FPbxYuAF6o9@b zDWIU|Mz3Iz#RW{dabYsM2#^$6JrU+8kJgn3f66D}B}~zh1Ncu1qC{6PSy$)EC2?nQ zrXUW^mHYbR|IKeyNvYQ}U`e0$Ifn+z7<&_jUEyy~pk49xresus{$xi?JX>3{3$5Lk z+gL9BQXV9Mll2`aHQRoB!*q?+ zvidKUW&f^JpN9(O$+v&tg-2vKw{B|Znxqgq)G81&A0ZsqBXKM}$uH&}r$SR0M=eGs z^o)#*IOD3rh3LG07`VsHYGx?9DG7)#lzof!tmsoM^{KZU_4T`yED`V6yXv&Mx@V5l zCf;~W^;C}i=|0;Df8jgY2_3LB)aV=tv`7>p3+$CoHyaSqxa?MRv9FUoj?iPWkz>5b zCI(+nE#_6Vg%UZR$)-~=E}@+~r5@LT$1!?gTW>mi@NPoR0K_f$)~RpPSNwR;@*maI z`fy^~)t#Px`^JLKH{b87WKdVJ5B*mK?}%Y+@I}DulI~Rdao|h6j$B+w+R)+m!H>hq zRBJZn0I;OKYtX{XpwY!$X#u8b2fsqDey}5b;F^q4UW0vKr&~}kIqy_IwFl*(QMvuxQP6u_L((p0RMYpSw_&FRg+-2TD%e87&bWruJOxb znv)n)j|A|Nv|iDx0Nt)9;xehI!UDS|X0XgGnGxf0agIt-{S6b%PfBy;#*k)BXM`yG zCd^v%TVNRL6tC0MD?7#gPy{pvd(pQwFId8uv+|yaeik^ggASysn|`EezI>^a!V=7> zKPk0`%I>L*ieswTIZOZWV6|yktsCIu9U3)&_~=n8IqK1I-ba-8Cwm3M&;Lnp_`WgDm|oi?M) zNAI6m7qx4bY4WD;5s((vswx?%l8vHOIMEwS0|8BQVAflArurY#YM0NREl4g!%_b>S zQiM{!<a}W9N#A27QW-gkQJ(vwOqZTEIg=-fvFlJ+z~)nupVa8^yd=t z+qA1%ha$l=0-GomZc)pF$GP~$7Oce~^KOq_>gpv_NjI7bsJgAQwgfpiF9nj!I+gCu>Thtz5bAAvoX(}JiaqATs!j~(b?6*s0 ze!N~EZl2$BD=Se|{ES1NpbsaJ2U8ZXtlh)Wb{m(Wi>WGFFKE531WxKPKn0jBRQ`qW z`1xRUCpBK3Qo=)Oo}X`?1?W3Rth?d9Yw0g5mLewrnWVjf9*{33MIshdO<0R8qOCwL zy^X|fHFLPTO(s`>9*}8LYSI}gPFvC-6gc?ND|tA28WlRN!>2_ojfzgv7~TS6p+S`g zx?t8RJ?%YdC9Ls>T4kc^6^*#5c4bG&Rh@_{hX!el73eyvhqW9$tcTfSSBGw{B_vPe zbGEeOfg8Z}P{hN_y>YNp@mG(VV-c(wjPeY_fK}a=$v6a*>Wm1g>enEOlKR}=#hP+~r40hK6=DzH8pp^1))jn*-v4HpduCnB%o zPo!)|F=dP@VW=$3=Ve?rP+}@r>Yq!^dR&%Ll0D`&V4XVp#ALH9ol3!PQP1@LsylsE zH#LZii$gi_bnN*#iSXJIDs;nIj?f}dj@zXfL}u3%Xgp0`5@nzryksA#gA7=iB%QF! z7mK!Vxn;?$X%(E4=yTkaGzuXP&=v+nn4+SFy|@~oxwYzOiDp@iZ2_Lsk6LV1siK90 zIk7fTwbrCY5ghepvCRQO1@8v;EYU`r^6UQ|{`hkTUX5zI7=}2y8R;Boa~{~HRRumo z-c>b3YV$BfnhJr)B1b!Ue44CMhXQ%P2u!mMi3`YTDJ;DcBvX-h?x8OB^s% zIk4I{Veywe3ox;yn+G#r1z7k%BwbHyAEe8Ok^|$a@v0wZevyTD?u=Pnt%-IgeqD$@ zoj;XZl>deNAdVqIN3`O3Hq}4HfEOZ+W5bzz5FGE>obDFzlzj5F1y#U72{Gv&;@PgA z-NE(i6>dT>7M(cm-dfx9%WnvQW)}=6*zlF8@8zyXu1{P&YYY-Y_S>+Euwm@S`nh=v zBsZ1l1_2@XdJZY^t(DLpFu_u*Z!K8CZcC9D>h_Pn_cmlzN$paxnsAcz$T8qP!bT64 zT4fV4ld1nWIDGqFfbTu-cUl%e1~qXgU8iZ2buRoTR^=$~r@Igc$lMWkA;B{X*t)Do z>IU`305e;B%9IOdF0FSoWu$7@seem+J`(%7_iV+(SQ31=Od{`-Da-wR@#pos->Wi9 ztG2M|1LqcJukxhdq7|2l`i@hK77`MvJ0*tM(g=B>r7c+ zo2Q`No+xR?N%%WMG?~lxbiVKQRJ!?{f_+CM=%l$AnN#sors(FvUz=V1D-&7#cWpQneTkX=8Y_FvIF zKby9=EqaLi2N>_LdN09ck6>7K*O)%)Ju}t1d%3r*z;VDBxJMSjca&j5(YLDraEE=( z$Wc}#!eeY0EHekRVxTTab;$~SSou!JW}rz9Gc54DP$yz4Azjm3QQ7xLNAoKIecJQg0}vJ|O(fBwW+yTCQ?V>wbkJ2>oDE(r!J3XVhV`3`DP5~y#} z@w$GG!F;AyKYViBm=Z&`g~~0eUpeo7z(juni?N-q-n3X(`9PSE;-&qI89&(iCw^0y zd^+tw9gK49*l172@?&AYoZnC(m+aG$)ml@nQ(CaN1b3&)wk{|NXq`7`T|N;&X+##K z6Pc*8#yA%^KTdn5!qKPipgFhoHzk@nO@uD)g}vRrA$L>ToO5A-9mI6_rLoO)HjTd4 z$;*HDO3+bVkM0%xZ;YM)x#v3ALGfb#7nt=Qjpje|nf{N^tp9Ic8xawasGTFhKS+;@ zwTTmfqlxuD47@RcvmL>I-(gwUni1F=7+D#ZnK;ow{kt9NKU_Eevt$4I^FJ=y|6IrH zJ&X+gk>&LC{tFvJ+e)$!hJTJew13l7>c9G$|9#5-=QFZwlIG%;*-*xE@RKHtO zNI{fslv9SpuV8T62?eUe-wJm-~Lep*N2cqa0s8u84hS0 z+ZmMN8LNHYrst9KLdy4wQL=ies9|QTW$tWp` zaOACChR*lT0)LTkPAf@=^va0!8h3Lu&oh(CNGe_CBx|HfmE)LeNjBM@NK_=L6Som8 zd&n!|q9apjB7F{cQn;BV?6*}lJsKOKE@585h|W3POSOoO(sr*2QF})PT*jofk8e^B zuKMiV0!(AW_Jv#84Cz;S<)LUhIQC>BGZig3`thCV z@Q}}=ub2#KohxGY_ENC*-fHp%5-p1FZ?p7%&L!R@GtU8Q*%`Ct9wWEywzHP-vYY?9 z$5jrwXD1N7CoB`^eoOG9<_!HE=(=EMCOQlrm{W8H9~UuVp64n3pXi*|!}KGFvJ5lea-}M*RjKPLZh908DKL>OdDMjT z(zrsUW97|o)Z6S{azY)pTCKqhWc0<ebU)H zOfew2%v6-lAi+#~y!h5C>nrxaxMXROO)n4I^JA)6FrE4g^uol1 z{c7D`pB1uNK*vh3%lqQ7TS>uq?w?a;g?sEF3`6S=V=B6JV~=OmB&O3yX>eP?qLu6| z2ig%C#vbfWz!G2Wt#v0b{lotboct+WiRr}!0C?d50QmD?owWbeB<7XCq3VnF_qdiGL@$bB>&AML}_1 zyE{_Oi3j{(-exd1>-9+F0ytZDz+i!Ihy(&S+zf&Fei(Nrf&0G05C~flCZDT&uPU$h z<0UlQgad#7dV1?Tue|<5+QGt_puWAwy+7)G|EQsy^ig*CI=^{A{(SWrM-HYm4q~cV zRoAAfgu2v}rm%YcHOa}XaE#0q-N-lVv|eOZnw@9Xnq6d8n_Xbmn_Y4$=K+!HQ7wm0 z3xjm6WK-Nz+ZA&uV$z%7?cDJ##d!L7!p!Y}l! zb#3=8_7490zPa$x@X*ky()xF7YOKPh+_liR(L3>P$Y#aI#e+p9{MzjDTVd`l-yb#CBIUie6M_; zdart)a<6iqcCWTy>le+;hMrgLPshUK{#yHiSlZ; z33}N|PJZ$?V4`w@$k1%!UUdub+RI-EH@wZ47LggZ%Gw_1_rk4mmJaBci^et2l_~?5 z@|IR>=ry}mk&)*D!ZvwCU269w4JXjs=xH)-8x(u;vWt0RNJm_J}*XaTo4@ zHEV73!iXd?2gMx?8>p@u*8J{EDEyBoO%`nj%|BZ0+b_Vo*5C@OHg9*fPIAH-sAGB! zRrixxz@r6%k&}!Ez26VT%Z3LpROVGAzGO;WEMLvHNdeMhBr(t6! zco5r%G=bors%(?3HiNPQtd9zsjMQ|ML~`|SSWfS#C3L|HB2rXUmxW4>w=U;~+Ew*0 zXi>@gbNxbQQI`_6T!?v2L8=xu+gnMLs5t4XWZt$$Qt=3r8rH<2I-u$MJ`g+o>0w=a z&}?#irOPY9o#VUSN?TpKr8U^gzGl_Gub=8Lg=P!jemOJb$||}qLAyeLE04wZ0ZWti zQV>CuB&b3(89P-B%IcEN8j7*0ysgw}fd-=1FW6LSOO{z(YVREJ`;uR0s zB&#|ceV#?P?GgZmwbEQ92|Lnr{nj6??1(whFA=8+h-%#Aa|A>ZozbFtr=Dd_qmx7D zw$Sh*WQu>nlJgtXrNA%GDI`TzD8dHk!f!aG;`Q13Wu!ecQ)l&Re273Gdn*dYQ7Oj{UK>o#WYibQd>iD z=vV5bTI5!wZ3I2ePXPd>AE zSL8jdYrnfJb4ZQmOtRv+e_QuVR>!G**;+q{c(9xR!=?79}(&XpG!}nHyI>e0D#AQaf~k z(bOMDbm#Er&}luz<+dZmRiJP*{tGcCNO)wzej9Kc#~P$Hd=UbWM7Wr^ouY-VyI*E} z>rNt3ETa;9SZ+@e*jxgQ;2~&dIljj8)td8SM%bHDH1{N9qOrPPbR7dbq>Y9rfT_1R zi)o!;B<>F)6>p=pz(WHq$0MuZ&-?7%wJCFY&%xX-&;-0SZSK(AC7?cz3GNlEhXjKb0L9khbt*^;3&HU2Zco3nbmzF_Pv6#`&Y$!$cPL46l6sk! z11BA{^DN=Owd7YgH&&7(`AbakY5{xkWf&{B(t_O6zp{tW(<{>SQNt09b!kVLW!4ot zC@U_N*gPXKpOeI-H}n#rH8pN<eGqUlhui6tBF;U*G- z{&wZ9oMAv+z1Kg6`;by8S3#t^QQL}6%?%reeHap-6Kj$!I^~%?+P3^ zjS}9CfHd<;0+RZe@tzHtDwkZEkZqayUZ&wncVg|&r#k6Nf_TD@qjoFZ{eh5XdK_E$ z&yY>wNW(B_Bv17emWMoS*~9PLDvd9wuGNorLobp+&ik_Uds}WGWD~Njb`={ zwAzJwo_NmwN{@Op&*VG-lq6};5GH}Nc6tU8VPXwzqzQ-)H1C7#RWKax=e3q#G z1ae|r5hXk}d#Rssi;S2-1m<3j6Wwtm2RiGTqr5nz-TvuJjne=IDgcD6r3L$wRi>u| z+~dOaT4?zd`ecp!*f0y{K~kV!bx-Q~NbkUHJ#MvCV4Ib2-ElTpD>3PHe-z{>dzzJb z+{ifUXME!Et4!&GBylk)q3t?oL$yD}J<6XRSp38VVW6spw5+3wA?`Z{mio`C*@@n9 zibW=W;c6{3{=}wT-_i!Ol(;Mn^fJI2P3yC;un(AMDUIMiO56FFKU|?uElVGv%ssz6 zdfU+mn>n0kQMEn}76aW1DNT~Z0Cgmu4KdIoTWXPv+94sh(vjq&;X)~{-(1FOHjxwFePJ#xg!^?yXuvbd0O@AaGpPC&^5SLl{C z7>pcFIR;y?W|A=5_H@5-Ng!STXuy@5EdW^jQ*7-0xHhSz$pQpg0~s^WUdjNxQs$Se zTL#7>U*_IwJ~D_2{@d6hDn%fO>}rUr@&I@WS)%qsVSWkV@)ztbpp$$CxbB`ZH}+7+ z-bQj-bBiDe=fg#%zXp5y_JT=kSgdN%|2PkJfB{1~Qtswm(*%g6KzL)f8V4zaYhlGx z`d}o)@{-uQSxZH=weT;%;@MtOAmFZ-Z)tgzSC@b``hO$=XDzj|lW#T#xF&&a0BB3; z>T>DskL@2FVBIIz5A8Lmq2M*o=8d?dH>(B3@cfM3w84vgQS_f5pO{}-=}bLJj5$L= z;tF6_Hx|vR^Si_F=b#{Jlr=;Ag&UKan>dkgn)R*mTGiCMr=kWhi}#eoeWeq);PwJIFc@7t;FPEQPI8G902#&=K&9L7;0U^n)LJ_F7g(i7bo@QIhaNSn zeT#fFNAlPWAvZu0L|j3Q3;mZdEQz8$mfg?k{sR@7QO5$B1T}(Q9y9?jbU8jz^&#G}^J)=k4NkJ#e%$%nA;FzJzNFo^S|AI<7mb zJ>Sd1P%Pw9D7-ip#OIag7c=~~mN=PtJay=-GcB|x*7IYyX}J+UOZ3pbGDaLM?x(Xo zOTC-$%ErMMS1X`JMcm3*C}4@Me$n4>)5eA|vgy&(YBFEXHjJ%<=xBf}b$UG>pP9}80VkwD0U-e`QW}a7YqHbXp z4Rq6B7=n$Z2{5JHcrAUCU81ESl6tOv;Dt4JaolI5x4a7J#RBNIuTP4qFXG3)yD z#I57wKlEgg_q)1==U$WfGCqW4t^}gO)A=7xf2FoP9N;lQdQBr|;i<5uH*0)njOl#; z`W=yRt(y6O{i*4|t`G8)#Ew|JpWo?+<|h13NOW)b9G)XIDFd?)Bg}Lb-1yb_(*;Z; z(hPI!3foVhX=5#ez64lqS^L7$Tstnf)BsN-5frquDHBwZ0kvd+<*mTX((vq24TgwkVW<01}ZdYkQHXgbm zqq<`Lr{KyD!ayZi3HL%>omI3QigbfaYw4VGH?1oj)Q$ zoQQc3%!AF86Uli$cLxxo>4d3HDLJO7=uS3JoPc^}Xf0D%- z3&?>T$2a-J4xJkh!zqGEqIi(MD8ANBst6wP!;wku8yb%CM*(ERy8Ti)32+8_m}_On z*$rW*;&_SV;Zy#XJ8_MZh$H8iF_|DnrqV7=Q58SbF)%_;R8z(En_yK}@o>GcDtTa& zqUwCbAD#cF^vuYgJ)(xbxk}}B*IOYAog;>Y+Zs1SEjQ#2cLgKAaUfec^`9(0lH6Ko4jtW$g`;*^jb&NY1GCAl!uIyqu*8@j~vi$th4PBAB2 z+*y#>Ml*@?S!AnMo&>6m0(W)MW2ttksq(ZDn*BC4R(l4lVcjAtp%IlhHVTyb?~w31#5&wEx0 z&*G1%l1H#27k=q5J@|&q$xzfz0m0go9VNb||An?)c+%5QxIjAC9%lC$eDi?&p@6YN zaT`6(-k5re24QY;@5*)s+YJIOhAY+ zngV>+xs5gO`6Lc{GeN{ z|E6ebziFu9Fx+uhPzz+X+K6Mhhf(Sjh|4J|Xz@gASmec%emv?ibmv)aQ$`6A53`?L z{aodqR7(#1fLq6Ac)Z@%c8BTpBjOogw!*Z;yx>L64R4^oxB}TfGyc6M>CS;N9aQ>S zF8w$Ve|2{6WS^3|jVwy@bULU&7+r*m6|_M(#PoM4{dGm#odr7^V)n)&=-tW*{m{@2 z{;1k9ymP+Iu*b4@q-#gW^(yBDaqmYz;}dtu3+#RQblsZt#5}za9*|0Bl?F;s+K+%+ zrwclQ1flq%UZtM(_v=fTmSyU9+(%}`xs< z+&Xc-RFq>*F5m2woLCPvc3g)y>M$FpL9Q}*$4B9}1nP#ahBL-G;^nn&{W^~$b%h7a zm!iUTW=OI%adVOr%S)UQ+O`eQ<%395k1`LddkP@w7^LQ=&Q+nlq@>@3g6#{>I?sr; z$pf!aeo+9Yi2hBWlI>Ogq)u@{qfwPJWfyqa5Vm&U7r8~qE%hkkQ6Q*42zu4fOizU} z_72%>EX`m$U@W|Z2dBOJ1F(flt#9=Wo&7r3@Rr8HkpKq#avUB_Y^`-;M@V%6l$mOR zVX>fb_GMP!#2){S%SR3-zX*9_+w_N8;Z&|J;Kuj1!>z@((#qc~BT+-SR)4kte09On z6197tZWDI#QV5y^SY3Budl-wy7k=~#{-MgKjzT_GiSs^kk+wfv!e5bKCjKv6 z7}m5GB26BT`GmndZ+)OWhD{@P3wP1E_P$6QdEkBCgo|(9C5Wiu$gSc1XWpPuiw@7r z`y5fEWKBmiNb8%fbQ(~Nyqg{^9>V#WLO;vmTF$2CA%aq)d?^q^17UBBNXo}1tbO}h ze~9Lv6{L(5Q!8LjARdT$S_Lc~2XctuH=#lg{(9Umw3WZg%-ND7&)?#HW4-Sp`sMwl zUUV0rpQGG%wA-mEYqoodDOpi-c zppdSGOlHhg4klJ%h~8s$9dA4M->|3KjE_jfDq0S{N!iZjodn$Jh)#Xw3NZE`!~0<> zsGE!PMfB_XkcW=!tGD=CdgvGk=zRl58uUfz>wo^On>kW>Arrg@3fXw7cRpWqqf*Br zXf-D-g+6O%=)0Xh->WfNFEd(E?6$M?&M@X}y7h(CO3;V5E{*f9n_;Uc3b^jQauzl48G zzg~ioz%wKo{1Ri?FMS9tuvirPtar~kcJTIqq0;YD0DZ=RdXvFPRvLdwOwi${QjX8L zx^}Bz{D8f?+dk49<@0CXA=HMg~VX^ zxA=C?CHQO~6m!X~q!+m_yazs+q)|FUT#{XP07yoldlFfn3JKYM0Re2~$`kuo4*E(C zMn|-hIMpX$?U2G$CWGZ3T7CW+zx$2&Cmrk%m#z~Y%L4V6PB+p;9~R{)2By=KfmQqox8UAffy$idY|!!sb6wTRd}-kf(j75ZuqzQXNK@!l%>R>Ru$Vl)&#a$ ze3C-S%ylg~JVDeiGYY^s*>cbo5Th~qrfU6siJ%U>Zp%!QG6C8+*nse#%RwoRmiz#N zVzkhOq=gN@w<$$f7$R5snM=`0Y0OGrCU}Mi4&+Y?r|hss0R|I%oy}0!l#9p@b-!wC z0#v4%1(N7~(wvFitWSXju+$Q-i{s=K!!eQCvd4>Nn zz?ad`&!Qd`Hd{TKh>&Gg*nXTMZJ;IZzA@0i=sfW0IB~}c`W0TKni&@<{1U{)@AW<& z)Q0ZCI-%3(C;i05gSLq?f;fQ52dq-Ax(L#<1b2&hSmp))V12lOPdoy_W9^hP6nSMOWG8H8qtw`S6pfE}{^87$} zvKvO1V?j5AkC32&*QXBx;aWRDKsT$6BwRaP_#v&(c`N;;54d2T{7wn8BMC^Vg0|bU ztu>lta}RPHWbzB?)DsP$K>kuJyqy3__?yQ#{pwn&*-;_zZPD4$mdjQ~So!K7@0*CsEMws?1)k$%`Z z?atn~02s6as2y6~FO%ysqrs(WSVR@cUQ$F_hLuP5h8d{juvHlSN2W!G;b`H}AFS(* zTg0ICNr3s5GcThjQY`YnW`lmf|LdSJr>x9i{EOf^hXw!;{I3q$e;2d;=ZDNjRmzTd z3^5lEE^O#kXxXS_*RP7# z{p+>W;A`n^whrK$*Zh!vUcpFTUT`KHCfqj@7&$kj96<{>Dt|UIvVph$xg8_L&}{#_ z0XOAnGQV)Fq#SDvjFs25&~qDu<*6Nq^=LJ}WGtl|*9{EUupaIgdAe#ra~s$B=y|}i zn{j=ft;L*q7t8v>fwvRc4!(6DciMG*hZFN^5zK~<9qhIIef+$I%#Pn!h@Zo4NLZXd z(i^ihBI}+-U$FZi)MwQVADV1TgTIT(bGz;fTJ9iUOqmtqeInk2M}}0II@u%}wAUEL z%s^0ssD}dgFq+hGIzvnduBofRZ<6O)v($p5yTobkObGA;mroXHw5LfvmM0;^6G=$< zCqAI_2QsP&UQk`C^a}?hC(rLEYOd$i@8#%~{{fDlm*eejzpN*)5ieAb>g)*S^+asa zV>mZj11TT+Q-Q&dF_sITZj}#&v^|>eG~b(eCu<&SsyWIo+(4X|onG8FJ07#x(|meH z#>g@-SzBVJB>8w&!ay?>jaL2=wBzftnJ9|<<=YpK$CKgZGbl%&qr;CQ4v zTdM=MQBt??CF*Z8SyeMjRX{Oc7;34@MmqzY9yyqJW}1%ss?&07`QsqTXkBz$v>sO2 zXq{d3Q|5Iy7x^K6BePbK3C3RiH*x=4!XN661D6v|-5!Fp91CK*X|~f*YbRUjtTvDD z9tRkL;+C`7<`i~*2H(fg<{Gul$t@?Q>*JgaTqs6Ai8s~VNp6HsEXH0EInnvnV>X-p z+S6b*wXP!C&C(onaqMt2bLpV@-BW5ncbY7rOnU! zRW9Ry5U1G)U3%agZuW3Oy@@qCf!65(EYPeAuq*c}beSkPIjY5>C=YPCM=9_SN#%1w^VQTTjL%Xtxb@#ZDKW>>@ zd?1v;<8$A%@!N+VwhB+vjBhd>q4yqpemjY;WHCMG@D<%Z;6MEx>$b3|Xb+&|K8 z=y)S)c-NEco3jJff3u8z>?Y23*2C(}Z@~vVFR!l75iefyZN*3YH$N>#+G_L+ecOA# z#nIW;>MQy=OsVrbzOdvEW_@j@YxgeOa9? z#GlLgRfVdYYOvqw6DyTWmY$JcFL3JgRLgrl?UAze%m62@AkBlgjKkq@6rX-;gQeSe z&1x{rG$!)vUdYhXTGv9eg^aYn#&FD>?t8H7FF_ZKUe^OHcE2Ihh*ZoxW?t8OsVbe-+6nqs-De0`CZ_SfH1| zI0A2^9IkzQLDqsTT?(za)l5j)7Em z#)(VK_QaHvC0~H}i>E7C4GWI?si-kVZku1`#SBMuQGe8WF$1NRBRl$uutDj8|W_f zyT5+PBARsB1C}H3^)TCNB(sGUd+rrM>)@&uXXRj^;!!3T;k+*$=H;LAfgfrtWxevX zya52?kwv##rp*pD2JOz7BG?i7fPuH$B|Z1|MFQRWL)}_3qhgb>9iR+1JEl&cNJW_& zJ9S}Y>>j4#Y$RCR!1YdP2%Vz!IJyF|94M@zNYp0#s&a5 z(f|OU_)mKBf5P?~=Kgj(Y)S6@tmQwt{Kxh4;9F=qtlU_?;Vds5-)MBnxaPnOK_Uoe z5orLi&>AQ4{p^MZ01=<)RHDBp$e_SP3Z< z>#ZBPhciv7hK~%WOn4C|tHdw5%MzA#8sgV%Qkm!HjTt#OInh?Nypm3jfnT(eJF}@V z^IJ?Zfw?Ix+o^6%D3RRMZ;Hw$V0O$vVe4%(TT&4H)~_qS%jIRVt25j+STr<<-w!T{ z)gI2wbyB$yN4Gd*L|O_ViKSFdY>13{_&674)%;?#2_TkvHdHid4Juy3JJ?d)+t&de zPFj=|l9{y}wWJ)2TWk_F0QlQRbZ@W4;U#nc=!eDWkV$$!7Vx)L+9g*Qb$yry9hX`IyC4IO><4Pl{atkg%ud25Ji%0*7H z-f8ldIdw6_5r}uMg{0UE;PQdZ_6N6S9Bo(RtEE2`VJdfR#iUIk6$lN4Q$GRv|pg0E7 z@48ffy@Naf`Tpg%6S}9lQy`~p`U*La{OJT$P0eq!t;GJx((5bs3KFf2@HY3%9mGx` zVRehP7En`b*avGYv~}~H;EE$iYt*zkmUW4WaorMoOqbTv`##ip$484Ag(c6B7glic zbaDzhptEu-e&z?Uexc!kK4=qn$+HItEL5%mrQe2g7RtL&A+PwObc+#AC?~=%zu%jl z_WS2|VN(-m6IHZQxOqwk!cOmaToUZ0J3)oKgiMLam?oYL*b6;^By1>q!Y3v2^gzxR zi7qGF5a5UaCaZkFw{;1r>4i&_Tpu+FNbWCjjV5iROk;MuPT#(8rCqVTnb_ zzY{~Y1yGYnh>h%CaM{ar3$<>TbU7MxQ6rRpIyE!&Q;-?XcLQuy-BJ=AmBtW%6o#~j zpBDnuQL91%kreXuES;@iefkQ%ojwL(b+Mn->hW}=);-z%!;BZSnte9Uh_$+T zxmcKhF+Jvf#{Kb zNY2XSxpdzh_iGISMM;(DrG_{@c`tamtfE%|$J!U8GJ(u00noKF8P&Ved(avH^LBl*OprI?bEcM-z@e?NMOyhq@N;bG9l)XY_6$A7Aqfa=PGG$gz^id- zYBa+I07c|zP!5eVop`+}AZ;?@cY=Py?45CD$`|>!SJhAa+CRLhvHBU{ci9?W4^|Mr zF;8`?n=o6nB#QVL;_49MQZGPPFh2s+0=&10+)~5un~n+2s0zmM%x5kvhE!JJXUxSRVjp-g z@(CGh#pV6p{a6?+@fCt1z??NzO7u5=hj83_*q*D=MF#h7V!V->f&_szl`-0F3w;M8 z`_6Azuw;-3Fqbd%-OPoS{bHZX$O5JFN23FXG#>dyUC=qxQ&51X@-QMz=ov44gq<`3RG8&s;VbODKQBJ#99u zo4~nmn@z<4i3wFza{T3${T}DFhKrG@tPY$C&Hi zQKqHGwFG7Q!R@)X&0Vt)>E)}6@j&Q?TzGYb&u#c=f+h|d=hbEX>`?{nd_QV6zVO@K zQMw7@>=bDKKo1}W!|9ikRiqX7XSKF->$HLn4|k*f1LJ|qZMY7Z{d1CM zxDJ|40_f(M)8a8?MQPlW^@LlH*=6w$y7n0g4DBgR1i?;UJ-)UFwNc<6T(W|`hs)ON zx6$=@+DjS_$6SBztPI{`h|w6Oi}+{EX-HM&|VM*guNJx8+;mI%`59`z?=ZR2+)*6 z>^-^}c>Okn4Pn!_2qw(f!YLr$Zu$xm2zY$3pJ`C4EX}54oMlev3&#a+EDK>>3D>c@ z#prA6m~)&daR|V0CaN=Tbh%gkoT9bqeG!JQ4fFJjME%tgDJdV8dlfQ^YssD7)znIq z$;oty}96S)XAJKVQd;5J9sWg~&ULUv+?$u*XWsHFI7C!_`pmftJAcIW_ zDdOcKE<&C4w#Qrj6@eQRAP_3`kU&rn5Xv|7mA-G?;=5xVoL(3t#T%sdGiIMBe8vjK zjt5513#ROx$Z$C4hN`shyYoa19cNVxVi>8enG`11=A6c93@>ITw*qWFQmw0aDqP~Y z6~ZD+xAvSDd5#~VIUAz|NlDpsygI{O= zDgY}w{}1=#Nx#9x`hGIz-e0vLH`OLAVJe6O3YWcTV-(5u2?Z(zm}vDmuA0S~A~b7y zHRty{pzqdOwhZG(89J^hUSf)YpG@5wl=^LBeIU>QvBvbYtHkFp2vj&eqMU0DAg5rs zGIXSShaLSULMKL$MpgY0dNWB6OO*l2iVAAQD35%eI|_indWaN0TsIpiUw=$` zxfoZbyvQkr=4JBh=PJ9}_yc^1?w7QyeUf^1oXFl}c%&^nOyGQ~Myhv!tq2}~-XNSy zotAahI^nTt@hS&ULDGy+YZ4*Y>;6~Tc(0~(2&H`lWD9Mxre!}~Y+H|T{q+M;LQ~56 zOt9n&KN2M_?WRf?L+pUF=_S2CW;6h(Sfr9+3BkfWOxaZvAI(a>UQhUrx|bCZ;cd+HRYj@#Co%*mWQ9P56T7O99;{SwW!35k@Ivh3)- z51)KK&tht6&2j}KEGVuHy<>^nj52YEvY_J-ro91TE=72V0&Xms9DkaUJ7Vkk&SkBl zHH1>!Eq6n+(ds1oIC(dMnYsrVTxU7OIbpAv8FTPMwHo@IUoqcsRdZ<8a~p5%2g_eAwkc=$-U z<6g14y#nnrl)*vAidDUn5t!z)P}i5pPltsk>hky;(jJgo_=bZqAbNFv8#EuCTDtFwP^j8>L0+bVc}dfRs1Ei-_|8zC zW|tEWylNBeZ&1-D?!A9;$&!S+2b}|WG_Rs6LvJZKVy<=5L+LneObbUWwXMFy1vhR% zorrECO1B{K;VV-`{y+Jvt2u%n@Hu z+CXAFA|CEHVU?0-rWZZgo{|3hgrh8!%<%zfGR;L)@Y!)+0bSh6Sn9C}3G5`vdgs%T z1IcU)2$Ru?5a0A=3AKgY=OQ3C46hYF!)}v!i^Z`@msK@Fa=Ws~n=Y0Y&+@w0AEoA+ zrRdCb$lI^Jo1k|=4RE%-s9#7NNZ*fUqZg= z*MDd^sY&X3W!n}sUuzyq~^JgKd^?Uj{-UVotc1guqC(X1`x&`yGjN+W(Pn-e4-rvuKfC-kf>QAOLU zQHwN&&!`rI>O~d9X_lJ)(pAGwox903r_^R!O#!oRdpGx8p}(KA#Ahm~l0?QPHF6w3 zCoc!{d{vW*fK>GMRt?j0fgaugs>4L-V$9`SahTqq^o1Hep7RVf6ihosaJ2_ordlTY zZ!8NyX|IXi66OeR?B&k)O1OsKx~aN$3m+8Xlv1`+6Yu&M=Gq2tG-iT(u7GT zq#IaTMA7t`{>fFNBky>4ib}VjWr&MWY(-z6Z#)IMA>LEd8DG;)56LR$9aos37?8X( zKG1P$d}ldagtnNZEg)&3If}X%p#HJXrL8C_J%+~zn+FPx&T}A@5R`AY3=8HBhf8Ks z%1C9GHf_Jy(??n|HoL}2s$!qR9gDf#76y*vz!dzJtwy5jRZ~Oe;Rs)E`~C%iQ|w>Q z?|2Q!KC!1#Og=FB5kg>icwe1+mU)|z^NQ`7qi#u*TZ*-_E}7#b_JYmCd9Idxg~fbT zpe!F>@dvKLqwi+Hg8KSC9HX6$1JhOo-X@0^1B zv+}L19b8rsWjuP*n66|d0h)PZ_PP4Dj!8%T|KDmDn&AVdJ~DcugrnQ(T)r&8ggOW#UyLz zh;GV@A=n$o&e4C4o>*xod^uOsqO%Wd$06!k&XBkRS9t{Rc`^O{*U4p{Yu7etO=2J$ zOKhQ^Kvj0_@xiP`@$Cup)hI-tO}B8CaH~mACJD8G+Ez$xIu)b)3zs;mMb!`b^#Kiy{LXjelnIoSE{PK+GN*<@pQfUC78Zp7lrV7{*HuXQ0FnUFLWUy|>L zNV&gB**h>l9-s-qUSDO22z++p%$il3lh+3|qY`e1RU!1_1_1F$oe?J1B*IgSea|U9 zvg@HJzlGye1(4HJ49zB7t>~PMdh8(sN8qKrq(7bjgCD|*zNZj_1>)Kfr0&pb3>Wwh zSrh^?>sjalECDlC@d!tquhu1xCdrlu1(HPt;s{y|ArJnjZ231JgOnaR%+ba6%h9g3ucz!?3$#3Q zi^lvPwh`C*m}{7!f1S=5ghBKrm1+$$6ERi1#_q#AgC>`#3T<&S%hl3xE-JQu!hvA7 z!X^9Yt}%x=v*0~SfxtE)b>r-*XK01qLP@-eKxb&3)8#=vNbM;NIstZ^VjHtFI!z9++-m^LM6 zJb{Rkm=LGkO5NzAk*ec}CR5iN15Tq&t1tF=9OQ*1nU@WEfABHabN$Xkhr7U@E^fLU zg80j3X8_3+HqWfF3F<9OZx_<}_fWZ2lA3sv9FHdXaQ_}Qn&Gg<=OE&a4-0Ajl(Akg za?8lBdMlbqMRC28gn{*pI zJ-55%42)0i=CUK#t?lhkp6?wc?LoY|$GShPhiT^?Jic|#`Vkaz1Q|BiAxi8}w@Iw6dZ%OTFEExsL znRlZrOx@-Jbj^>OrbP0!84s%bv8Ph6G;t8~w0|+zOr2@HVVz3ittMELE0#zutM6!O z>NZk5H|J+=686e5y=)c+|8^A8kHTb$2_(`-$rB8EmQNiHk)78FSjK?JZ<+hyW1<`u z*n>XTUniXQ$HZasliCT^-uUQrX?9N89QJbr#8!%j$?V_|zTyJ@7I}gJV@vD`eVaCU zcoaMY0um)|?0{vx;1*3l8HjXBn{1 zUB=*=IM^u{W**H!ED=#X#0;-wEFzS>`YY(6m-CKV*hZ0E zutub+M9cvEOb%uqCqXkHF%SGJ=bqnSd!qgwCMB1mAC{@1%%YD~XevpqN*v`d_uHh` zB%|uu(xhDXR7>Jw#83h{V;_n(OinQ*$CusR{qeKCe*A9YW$*6o zbN_Ntnj1t5GJ5R>8$}J~fSTHbgq=vaCnnm%b=!{EeUzVmtUo4_z-IdmZ2L4l44Se6 z^mAM2>wqIy@Ip$PaVS(s$9apG`L6Y3R0tb-pdcRG1JCE4_fOuVGJIPM4Q3!vNRP55 z>X$S5^t*8MOU_%i!Dw*s%a?{fdpxP1-)a}o48dwa9JUaM z4g=#W>5rX{J-?!B?EM0-o62rPH1=c~(?u+sf?dkwx;bP#2kddmeEQ>5^!ZCr3b#Il zqxX0RA^B@{b0@rhoCqi?M?Vva_$lo2K*~3vwi7p{zY~Xd^zYwK|I1*~VpP%?C)!ra zc9&>vu4IzEt6wj`^D+H;+B2Ci1WFtDcv&-|s?5u}6Cs-o+SO^6)eU@mQ?D>hGb0B5 zF~1PHe-Q45UXs(m5@LT#1SPjR2tdH;zzZ4(%=g7tBBbJ!VaOi3j*v#ME^rnD1IziG zpe}?BH^&$xkEtsoN5TKyOb7c#(0CX6LDO}rdEAeF=5cyH(~i03 zB|Ny#!!40#b@L;$>UbZ)3P0X_iBob3RU*TSk5s$L>USDTd5};1^8`P9?~P!KTF*%! zeL@XNHoCVz3z*vONt@A<=fOXxdoT~q*=rFafKXPaXUxg&VF^e2Ld9dl#T)mwf6LC@ zFA0XCx&gpk`tddXi2tJ?NI6>AC*GcH#c5)8%bR4z=j-YGeX;p>cIO;~%lrLy(NpYf z^4#e9rIC@B`V>q2<&Vi_C>i2g`w!<75|1AqG_1}o%z?`#Ku`Bo^5!4p)2`R?Gi8IW zD>xmZ9>^>Dp3(Bzx^tSe(wHJx@G~?@oi(aXk!JeRX;E(2?i}dTq4b?_%`}{HU^uXN z@bz)&*uMcWC_bA;_Q7PB48k)mDmm4!by*c$3Kl*y{Ir)t+mbo<=A^}RQhuTFzvzl$y9aPk`Y zi~&O%g5+L4zf2hd_!Qx+G|>6H=+Wm=Gj~3rgp86#^8U+%;fkqOi;o?{m*eo|9y3m|GE1APo|OMiW5M`KXg+D6#xL&e_H;3W1RkTr&h40 zmNoXOd(P&}3~j1ZM28-AH1XuZ#L za}9EuU_ycXRgs8Nkvl%##(>BikVtMM?>m8cWI^oX8W7;a+-jbB&_4&*|^)?dR-zXJMfUsPC^P$8UeHx01q-)cT9s(5s2pp(~4sK|~>avPJ$y*+B(I zM%zUUZB2+#m{mW;UPY*>vQq@*GJ_x$B?pPU9>nB)7!%>mbRAMOXW>B)hH4>$88xQs zNTJS5jrl-&mQwsZDGA~Y# z5qHt8TUa`gSnO06s{?SDOS_+$;YE?ajx!=z{)QoLN- zdLln;RdfZ$Q)S}|i)ow6b!~>VHb)^wGizQi zN8V`L$#KUNWU`yjC<)}6YQSZ{7`YCvaOc2P-Qo9Jf6tAQJiH~$DzH5<1T)a-I&A7T z?0vk_x3kmCdPEn?Vm0hrfC5>D?o^P+X+i`3dy>O1GAIyOw6A|I9VrZW=Y}vIid}0{ zkEOYNc5B_Xuj=|fZ)DzFcP=inmFg8jI%U{A5sCS$XxI+15H;7tOPdPuvFr@!D_&-^ zLXJT%4oH{MNT!&oZZ^TeYNqk1nbqU!60JATVhqtVT~B|qiNj$3F|TPCc4*(xvTB=*KV8x)~0wS?3p-6Iuqu|;38ufWS))39Q59ftRBnjrH^uAnS z;jSKEs_?brbsi51%Yc~@6?6}ttWMarnX2l|^g^d2{nXH@e2`;x%dCj!eY>^w^NXd& zSoSM2+oZmhD3?$|qj(C5RCU>>vQKzW6)dF2=qd)pdlv#Dq^rWF{3inSKV9wKU-(!3 z+9DFcORLF9wEv2m9$&r5skpVu$|^w24oA)ZAtd#YBp+Mp4{FNDOB3^L)-c zQ@M*Hkn=>@V`WhX?}%twcFxQ%sL6<@yu*B8b5EoSt0#&TBPY*dH+SRS=8@4A{AY`k zo%5%(Jn{>hMXp9Us7=SrO3>n9w%ViVzKKD*Wn2YSIcH`CE}5odpq|JEPP?ovimFv^ z#5+||<0tCBeo5hE*)A`Ay7 zuPoKYpb-Gpw;(q^8r zkCO5bOWq}?Yv{oyWu<1}n&4P}*AmO0T7|NM@+dR&<5qDhXdz9F3GJM@iPvBfBnjgW zU~?>`4^q_~S^Z2N9INWX^`n0+sW;91(xVoln;DMMyRw~(L02Z;)nYqt=yvAAJq8#&1)?qSV$XGoYfyMs?s<@q$ifNXEXSEV8o#w zQ8=Xl;07TL%U|psS#u?em{vk}EsLf-D*tchm|6$qK!$II@ps6CE|q?y1wsobUU=BR zoDt`DYy440D$G|`hwS72fcVO5Rmgmgi;TX4lgW^Tvd9g^bh%1NJa-+g`PKffePNcg zE(!Ax<=}lxr0%qpRo;c3>aJ4ec&L?9S3a^e60FEgAEG-!gQa?$A(zJFH4c`Hru`?I z*fxTpx+^x|-u1h2VlKPZdcQW*-I&yXmg~gB=xfmxJD^_eRx`9Y;}z_52P)x?Jrb9r z>J3;3zI&TqUb=op+kSMizxe;=k z7qL-4k;tVX!6|yLdT&mM_ZwoFa^bK?rB3^&SW0N=#zqVUH zFqeQ_reM??a?0)xAt9itv=xxN=ieAmOyOqv6qt5xWdB;IPxb`GFvwJteyIZzM=2dX z&c(S`6v??pdn|N>Hm!G%l|W3YYG~raWBGz1k*S$Dz68X6Gc{9oFm;X=J0>1$AGkkL z9pMbV4R;vZFnuwrcqM4k@mJ^r@;p2%K07f+u^hF0VW2f1JcOo zSJKOu>=0~)QaoJp%RQuVc2U}8%e_K*H$q;a^S%b=^w10IjcyDNHXJ)=(eO1Auyow z0}lCC1wf(H2vPw!{B$k5xD-{8pVC|b=(?`bvX8Zm4qo}}(4y%T%irWB66XHU7%uA` zp{%f^OrQ*_OezHOm6i-Nxa+`ySgXzW{ZVw(E+*O~fN@k2fV7z~iubmv&&>Fhh5|%Ph*DPp=MERLc*#r*uS5Qfy z0W@DW(hUJ698J^DsG7dWd3U?OBlfOLx<5|~Dutf3SY<>eU!{c8*4*;v9r)LrtaBE4 zkYj;Z1uW!G=&Hv*QUvIkjK4rDF9(nmD;o4_@~!fx{>CNgJ&DTu&U${F!fC6)`LM1) zowZ%5h!x_CER3~KCJ{MnM=BUYlQJ8OUd5JQF@UASDnQUAAcYi+qVSfYR{AyE*mx4Y zgrtq};@rDc5`vrzEQtH`k~Osx0&*#6y=VXJ{AH)$1vGDcG5hkq61XX?@%6E(E$mW` z>lp)?NRy_8KvS0u&zoypR#7kp`a?5wL5+!XuILH%jxA(flr`cIP!noFg~nYGME~W# z`)^sjOi2dHicE^gxm}w<>&7C!WwtPE2{UAgu|FA21(dgZ$B>hTCWw5&mgm5kMgEZD z*IbXN?Hq1NG-2IeGf#=RdzlLI@)5~6YCmnaI6tM)3qsfuO@vN26|f^)x5Jt2gWL$~O@Yh3Tx$OcB9C{d-yl zceW6zvgjhwt5CoQP*Q7d zhIGJQ{GIA@yh_1|;Bzdd?ZZ_NKZPNoOzZY&8__@8kDC#F=x)(q+;?!n*Nb>Ba)Z85 z<2D)Uw(5KJcU^#EbYw;QfAP!9zvLVf*M}OqGb7RI<{-A#v|d)1qH3rBn1uqr%}we> z^tqRCU97mE97)3_C(Jio`ebR_4{huxz9LqQe zOrjTtUnY6lMNFzGaw~GbG>caxr_>t`UQHtJx+V(NoFpkD3oljTW5N}KVPPv@8;!Hl zFFQS!JS~I@QH7!*e>gmLr++!u8%w;ZSjSgyK?#0Gjq!L2uYTSfi@*{w3LG>EYMnd!;gyc0G=~yp zhif27?((>Z1O)5uG*%6mykE%Sr|CvRuWYz0#&H#YC@n=y(9ZXCnj|s9jf32YX^R{1 z$l&2jAvO)o5eC&F!qxnBs$73|KO$InwK{yaUf8e>@yDIMLnO&5O zBM1lQ`KH8`H=f^Ljy%0>HdtEEMYMs!Q$+-3~3`sm8sHfh>LGWVIFZ0K6Fr6 zViA#Trc|v?I_A}`4>U{FQ68QKHD^uU=A*&-GKQf`Vkve|xBt0)Jsn0otO1oD50IpScx=Pi*+d zYJ$vh03Pj)#10HqdOUdG_5A{$brylq`sJJ1*CrX;nwdHn{60xSY;p*C5~-Y^z9F zTNlgRC~hkZSuTvMDWavn}U39NRTsPXGceOfMO^s1&3c#S1l7klG8(ZHGz zREt{HwOmToW+)39jldFbNG)=Hu~rLPP=A}(uhsJl*=%kkz|)P6yReoQ<`SCZ1G2j+ zC2j7#M#JA-{24*_NYIT}Icf7ph5Ts|A1o4T)ws;)CX@Bm&{lGD&o)nkfBXM&j+RR3 zF3O`!MRo})hU2N;Wnj#tV2UG-fRyv&0tmphrJZUT`158vaz_S$9$|oGPP;P`NJ3*) zosE@6+Wfu?W$>Td->t2ETaF;kX0pT0H@jPqXX1q7Ahag)4!lnioH=>!ko3u?NPwW* z2d^*z0!?$R@_3NT_Gm1#P1cY?gkiB8N2V5$lYc*RmyfkoGZGG;33EmI~EiG1y>s` zMQK(b&wCC!b_3-b*hJ77B!LYMf&IJoT*AB(RVSy z>8%hMcX6*cHJbhn4$F@fE`}@a%7&N+4GCXOO zsnh3OFOEfk+6!e(MKZZcfDY5Kkhh_VA>U1NEn!)QPdpytki}QEScH8RgI>w=Gm=mW zVGW(vRGXMnX@2buO<{5h6LCt9BTC{TPvTX#sQEKPVh5=sZfqZnmTiPrPtVJ_-Yhfy zJ)F>cu*-zP-O{8dBt(yd2*=ws_=5;g)%2#wvm3%wKL|1&xF8qGD04v8TO$4PNch7J z`;9{KsJxM8(<~_KLqOB7(M#e(+5gM?st6QfQLD?SzEO}0?tDNlVZ906BE8x9U_72A zhBxpOLhZ6Br=eD4<`)0rdVq(3kdcz%eYVP~DNW|=|6=Gd|M&mdZ{Cm0 zL&bvy0I2*YnREW9a=EF4iHU~^?SG?|Ps7mbJG(&x0D_$TV+;JRD_UK~Zfhj@28OXs1N%u2)ON;zK_OJvl<_jVB#Yhr_DC&(QpQ(67)niEYpw_JNUb&v}MYB%wrsB;* zzG*UE`7TOtA~)_c&K4M<6YsrU3&zrkwshU$MfbTVFlYv_xG7Ib!F7A(aE^z{0% zAM`UIOXrymY<7Ki+y|Dr!&nb0r!^Pc0*!Bw?r!qy9o8hA8qp^>_c%3mETlvDid8Li zcb^Vh@sl#s43_mVYy)S-xG^@Y`vJ{>hV?b9j>G4gzgf?C0%t+@4e4;L8m=C*hXa@!Bs{)Tn;+A{#0TiUjr@PsWWOjv7t8n4}& z1qz7G_-OpURyn~gv_fY4$4=+%j(X?i zRu3Q&=2Rr|Xk;u|&iWBQIjQ5xUfbQuXBlhA`Lruv*K>a3M=hJG@6}dMYs<^ahSqiY zmK)dpfDBdlL1US(Q{rqruoTJXvC z?!lIxbEg*eRHbgNe6AWPkn)ydh*bE5R8Q? zXVE59*W%?-;z!^_>#2IMJeW86}+Vd&wNO6m5Vs|^C$6F zk0_G&C`xahF};jLM^;iO*kXewt9O~AL#~(jkJfItPi_~`rw#r0;yJt@5+z>T6hiOJ z#ir81YUgUBhiY)oJEuRddsW!41SPofoOs2crXsiu)1P)(+(kJb7IV@?jYmJ;lHYf8 z`pjv`i$DP?D_E@1IrPFEyAc1su@+ks(s`Ka>CJEvuV_){?4-KEK96yGS5@^&XnMxc z`_?O*K}tEz#wa~;TP741GB2RN6C|5|MwvpVBz9j7Z<+ zB~JuWbCNZVm7M9(Y003+5A4EK1S$i(Mvd0DUKq{4frlPpDov&b=%UJtmgXn6=@J^p zT=~Ht*S%D?DTJ0@z0$9a!)Uify} zKCzCN$!gAf<2R3h8$LIW*7K96u@87X-i=J^=+&h)*9nF5>I?m4v=(C0t^HX-PZOaf zKu6)u2t<5wsXDc+(O5{(8!qk+_Az8m_*D3FSkxy{TBfZfJzhE1TAi%1roOWfg)^I* zme%WNhk;yuv?gWvfYj{^=5}YB-9|5umA=y=1LQB-$5pd>IxwHTO@kE-Z5|Nhs9T5b z(;HX`4P2wBYFVK4BY&B_pm0ZJi|z3(f5hT&cC@3QghI4H6cP$&~u)4 z9^0Sii{Fr~vR!o`a*jz-js8^E%<33i+q6T@Rq^~8Mie#lTfkFaK}}`2B;4KdI!xKz zwr6|C% zQNwTsS7u*ZtO74yVM z4mbA;*0zJr0)o8!RGq!lzzTRw>Rl;DZj1De`obB~0Xd4Y2427g+Gpwji_AAjnUu=& zhwgLzkhfJ|_iFZ_f%I7AXTHLDf_DkfuA7mnf1KFa8Fa?(1Y3t#04YkcQho=rr*EmAud40Bi0 z%u&PGwKI^wAQhY*B`)_jGSD3eT%D9rSBW3;)NM$g9?3Zgwu@r1DA^n|0tpO9pj0g34kP9k$go zwt{8ho|l4J=1(YBjYQmA`YFMZ0TmM<<0)nF2Xl}(49};KW3H1U`#@GISF}f;EE;FB zj=K0&adLzeMPeTYXSQXWNRlZFy^RC8D9NYPf|X@o!i?LdP|Dv4-SEu=83AC_DuF3w z#GcO!DB$`p*4`;Pw5ZDxj&0kvZQHhO=f=6QZQHhO+qRRN8>7?Re^rnAs_Uz&9{746<)kX~cUDSxi=cuQ~>FR&wuL?@TB)*FPfg$#z<*O%d*!}w-Lquz z`+iK+J23%HAc@JkQ8ZD<+_v%pJaK8RYw^^G-sWZhQLvs0=9-vWUS z+9f9G5kiy)C~Va@f{V#d5hj|Qln#!7zm~zbIdZ$Fe^cyRD>^Y>gv#jQE~KsyU4AZe z6W~fHjcPoHM|tckc>}TtMKk&q4Hpadf-pQ37l-e)*-g965{VC`Fa%n=ui$U%s8UD+SKlK zQ#|c~HQ5_3NQ$)x+s*~Bczt#K{mxp-`C*>MlOY7^`&to}+_o_uP<3da7t*+M13=oH zk_gld`iFT%YM&KHX!MTf;3a_IFyJ>uj$GN@$b<;KM2!d!FF$4dxz7z58PT>SN4lVf z*V#zwiE1s!ec|aGV!WMk@(Wi|>jfQ9O}7F=*d|-c7#EBC z=eUKRSAB%7aWMk`%iJ%lRoht#=~=4qOJ4clU6S|lgWs|Jeg}F?k_k`?=B9K6P|c?` z{G^X-u14=4F`?HR1{o)@)m3Bbh`x5JSb-FsI7?k>zpUN?#KN^e^z!TUm`7>H+ zxrW*3o?MzWKRVMTVL}AR&Zh=GArM@Y#{eX`uOn73fa7nBNs?66=CCNw3X#~bQWAV! z5!L(RZnFYyzEp#cu6>dFM$`j6y*m#gT!TTwZ{z?EX}?0qIfvlTn*u$j=dz>QdksHVQw~q8 z?r!v#o*Wc5fO}`ROQ5kiGC;u?oTFksea?_5 z1*NB=1e!qbT~aRhI50vZ5G0Jy+AR>t=qPDRw|9oKjtkoHv+_kzK6L=PJ82sFbHuUz zAt1`I!BU(ce)p2&1PdFijai+g5p$$0bS9_GiQ~eRWcfo0HJXD5VrKC@*<|xyiihj- z@XrUfJqte2v$vS8>9J{|#egb=Elhv3@hQ z{*N-UnSY;=xvEdw<4B_3R(xgU)Ejeu$z{2qg-%OgW6zNZ^#|3-0nMAqCYh|uS}QK* zRA9E2@{cU@GPe9u0}?+Fh8jH{=;yoX?ThFB7RZg;YcRLN@qe!H;$fD=sIwET_~CnBB$NeLZIX6Y&6l932aGjF+@T7%_mNZWuHl*9OwF94A&$iG;H#M7yA? z+wylVOlCF7mbj@PLp#xyxv8*2JJpujMnw4rMUjIu`viR^jC-(jh~KaTZAQ%bCQHXO z6ur>XolnaFy+G8RQOhZ{z|@^n%Tc{R)g9H1{z1BGr-VAfE4}tk+FP$>)dbs%>ak{z zs%K(V4TaOI`9i<^4X&zZ0(ZSBaeV+YDJ>^p1k`Uxk0ZI7^( zO-6aO7RxdD)*UBo-*P-EiPN+fXMD5&Gos9M4E`x_7dE<%tY7pIfDrBpGWj?Q6~J?R;jYFgthe ztk7w24K~9p|BHi&AQ*h4)3`*OyPvZ94 zkAuj7jCh^xQgV|#TzYe=re+=9<=G_Uj6|JHB|c@i6;@K_j+U1M3gEoUdn26~@cl2%ix)YF+Qc76j77);nt<_( zdH<1+>%P1J$!I+^JF z0W&3Iq0fQO&8%ZvJFvS8545Bm_z!p1Ju z%YuQOX}LyFOu`{ev0J}z(}Akaw2Z(!AD}pZc=8pNbO1v>O!G`9AlGzPz?=?(!ZyKE zok>^Kl6*`QIT)BTGT*7{#wMzD&NB|!Ww4hFWPUeV6OEuXK#f=(=+)$6)y>!}G7BaB z_Hsx8HBSe|UeSDS-ZH~l)L(qmvl~lh*iox&?s%~_JN>0*K4P7rd}Lu4HpyV7VoVj& z51X%ge=ENUQI6acV1$|m=YI}Tz6dnbAJm7V&2*!JJywlOdfcck&|1J<+BH( z$$EO_#8Iy5*_e3!nw}U?2he*=IJhgI#o;^UpQoumB=NmX0@;qA`nY2m&o~)Z!6Q6L zfR7olxtJZAps0^r&t{^osVh1mC%g3oXqUV~Hp)&CJ2Ku_Pl`*~-N{&g&RM3`P2RTW z(3n)%RIcm0WP?IwL$wWzD?uZLAMQO5ieLXC&3^^V3%zVE^Giul+N%q-2{;SPK(PIw ziD5y+B&**r-C|{!D(4ZehOLl5^qKaet_3%c$f%UDtM0K}ta;>jT^t&-G4v!Ns*e5v z&@)Ib`*&Fn&?Whnl6aoPfTjjE}BVvD*}W zp!fJ?K^>rRBQIY>xVW77OE>SS!`J|#4{k54Qec%6m1iF?SHCo#{8=H%j&_&u41r!b zsqyG-UuZ7iv6~b^t>hPK^I$i@A;q5YnwEAx{x#FL9bC8HzUSyP(v6`4E*35By?tA$ zBnfIp#!|V_u=MXT{DKqJ%wm#XlAURPsTgs#_l4UV>l#hkv=S-_^ccwjAKYFgs3xg* z`FfuhzS~X0D5l2KtdzBzRiT`uP~Uqu{Dxw8P?S-Wd?-p{sXO7zl4h!z+Keowo0Wfs z5LKMK@j;yRjk#E05(Jr{TEWIK{<1m_N#f)dXNxNbS?SXOZ1}GGt zG+Bo&{{|x{S2G+Bm;>Dh98Ad41@|Uw7xV_)AL-|+0!tdE_0G@>WLfBF{-b_*aPwMe z9@^&R+X-6^GG~QM-uoOQ{smA`J2MXQ5Ev`s*biZ=$hk|xJ&hfF?nz_msb^^PrASF6 zu$l1cFF+9?9Y<&5u{TA7hqeD2m z1E6U;PEw)av+Clu^xF$U*$HUvZ`)KJjr>LHX*g+?X66=@PQTMlOA5-}MHyCL=(iE1 zjH(E5C1q7feTV-t_=}!b5>3YmxoMiizr`Y3ntw&Te)K}~elDK>Di-(IcPcbX2m>NUJE=x~O zQ6vdDem>?}l4c5eMsfaLf@X?(5@!Bd4Sqa|3{52bT6G1_$U!o8{$dvLWjK>F^SHnN z0KVcT@B&M~007QW000R8*$@A3!1d1?-I2#KnS(QSGpN;O%SyUML99G@sUbl{ zc9|BPvRHK@r4heq3YMJE3woF&`4POjA^M-5#IF=<6B()r0NZ&cB*G`2fkm5H|0BHRfbOPZZ_S`xRl;jHwjCQ(R*B6F;1`q8j6lypXazLyAm1h8a*6E+#JLx23 zV%0==X?h%caNw_P1CT85L(g+oiKks~o_iy!Y)J_o+-5#L(!>;;oCMf&h^h_t_;bEp z`f;*)%3k~M+`GNg)AeauFEGn2$VLZ3J@-eembCpzE2k8pePs z^~8ElA07eQ$~!DKw^LcnP9Wk2D<$5%uQ95tS!8ky988~|h@R;IOQ+ztPw(Rt^3?&L z4)|KC9DOGp2LQ8;j>xt@6tlhIayG4Cud$Nb=S7y5RI7>c?u0_a*v;NUoz@=KH|3NFYf7_Op85p}2uOR|IV=8+`T zij^iocYTfx+tHuYzYC1%xqz_=hR znpksqcZ@xPj>#MO{9~*iw9MB9Q6SH`L;HmoG8iDg!B&HJ#zvfD-qXAY|0bR_ofmm_ z-?kZKYVXurLIowcgW6tFZKM79nmHNBmP;a7A3f?LEuwTSK`PRq%@1}%BKl3LhVQF6 zjJBViBQ-t|wPd(kDnMWiWCG0M2kHZpKwngEh^3->Nj4?hlsHc})BP5u^cWP&!^Omv zVBtHmRM%ez3|!M>Y}?YVB69rFDBCHOH~=ELsUuGKS1U)rx*{*)>Lrg(R?aNY0cj-= z2aed0;iEj3cF2Y1rclD*kl4sDUO%cqS)MFk5!pQeFAgs)Rg7OiNv5V3mhol;C#Ihc z4b|peQTBcn;DnB>ofoNDO?`oro(tGZOMP^Cm?3y3G!Xab5(F~Zx}0M`2RKQ1EX~cl zziTdHd(q5)CZ*_fE_%q61$_^dc9MjV6})eebB#v@*;>CYQBM3%vDoBXEEX9Qh{bj+qN`S2|z$bouGzv0|L_pyxpGrJCouTtsHhB z-opv=!*(zuR42GtfQVcBbA> z+(@_X9fb8XUA61M;Lo>n<|n*sf2@K0a5xim?{s((nRw9zrOV3m!%s1wESq zm1W$e(T&62LsOj`C%X(r6}-Hl)F;szQbtQS@*S5PCR8;&1{q4~w1wAe(r37UI~xE`|c(qI1`0EIg$CtS*9!J|lb@gQoWw zjcPCVGntAjjCWQ>3=d~DRT(C+_{qe=Espr*#R6yTm0#9tonKD&^HkQetM$w;ad3Jp zZF45>uuVp&YZ%je`u})53;&-5KqFU68|F$f6bc(k9mI#VJZ%_5=y6gsvBqe*hqO_(6 z8%lX`ghFse5jq59QBq4}pQ{@gHhWK%nOUaEp^w!tGO8aTqI}oA_zUo#3FU7fg}to% zlL7^jm4~QPj}wm>&Rx#N=L^?e|J~YVcs$t^*hBWiq1nK9;YZS+A-Cn=x|J7gsZqFeaU!G>tLE`q)>cPx6y8y zHoj@xciYPmNB0GfW`R1S#7s-NiXYe_2d*R_qM)(zHG!$Jk<0K}=^?xxohg~F4cJ_cV5Cqfq{iGq-jZb#o%8`FwULLamn(o z{AUo;z=_^89mTo-rtelBXY5bT)zgtqU6y&3-+9qvW{yGs)D-f_s*^{8Cjr|-wLR)< zE0~{q9k+!C4sQOI6Zgb$G((M?dzy}pzPT+XzoGOMq_m1@oA@ye%}$%Uv?ooW5p@bS zj-}07g&U8S)uVxm?@#NXX+gCOB;)J)o^svebFyZ-n|Y_Bdr7Km;S*UQb4GIdBvDsG zb8~mdt=S+)VwA9eIpK~@r`%M{--Do;6cf@azuFV$`h25fO@uHCVJ+tssu?6sMBxIZ3#OAg?mkGSc3Ba6HE3} z#9hcHaUd+`Fx?sVjL%8w4f;X!*Ea`3rB<&T_&_%EcoUYf2LoQYG>f-MdWf`5`_I{6 z%Nax9pQdJj1TFE!UPxQCVi}Oz7WM}n0QS2O==C`c=MRCx3Y~aog??*>CB!|~qWT8Z zdl8>70ID$p#~KVihZMs{g^5S#RY}yRGEzwUchm9Og}Et zA)t_~y`hXf{)*4MMwutOC6-^N+Wz2CRvaxdgWi^#5HO?Rw$B(;Z9d-s$@)?%5MXT% z6rOhQI#2=niKkmB2l3uK8F$a#r0MnCUX!zdO}l8-X|=;8S$KXx8I5KH`c=P zQu^yOxDUACikE3=0|#gm<-lX_ag1OY+R&^QdN^KK5xHqwa_!%NZC<~&2SMN`-I&{V z4%)ex#A>BgUtvu>a1&Fa`bu(zR6NuA^!1J6tjh&SVu6UWJjfY_GF@GXV?{Krr5-)7vl1r!b@KYdeJKM{ui{~@~kH);U3%F}i@ zq6jxR-?*{S$f6SAh)oFb4M^OXI5Z?d2qumWB5N3h6!$n7X6_r8^{25ncx-wj=zD#n z2NRCZW5Rb3T>|=?_fR-Ln$pq-1ZGRT6*U#L7w;u+^Cu;-d#}80pMUMyg#7ZpdC00_ z4eo0Vq!lBaQC#(L3}3L?71QFwm($a=gK^g}6f>`X|7alZi`ngq<~(hB*4`20e^|5& z{zi>qQzm!y6PZ_w=oRs~l~;A#8g&X~HI>xlnH`dxx|G2NJ?2SQbkP6&INPJZyS|O) zi-gCI9(^9oeS)>*9czo*8PqaSO+P|t^%1z-=DxjFUtXsecb+JDBDJEc!mElec!svA zjz4I`g9mxTYbEm%-z$#C`eAEp3sJ$K=8g{NvNFoowWxuK4U1P6?E2q{aIikgmL5_8Ql5<7&Fc9vsRW6Xq~-- zQQ}Ptkl5R2{%&LZ?vN^ezGKdMG{v#)trME~eGuXm^6^NtJpT#6K z)r@pYg}G`l+Q(O?KQo#W-Dh+P)xh7IRCMm^aC!V{x^wo4PwWSVC(pmAkC0^@v5Q?$n0qh6eRMg%*^Bx~jovG^k0O z3xLDk+F9MYdFWhT))$|Ar*t3+`qK{f zuQ-p^)dc_#_U$-N1}WD?_10=?bM)bvaU*Q{$#zI_#iiL&E7=P{??<8yh?#K0>r<^t z{yO{)9P+GIkg0y%sOvMhXqmvxexMCgudlo0$Z9MCi^$@nDqt@>5PU}O*0@9)mD#r0 zE>pW(a1$=}z(-NtIC>PW8ms)`y}|@kXt`s%>UsT#&0UB7w*mBLbGL!~CvGzT8(iz_ z{~vs6YwBWXV(4P{-`U@Z@;~$wN}psz3aY$jg3)!LDTd2m!UrgtHB*d`VnJ>f*e;r3 zEnN*w6I)Ug(m0hZkQvJ#!AYobM|?AVfz|9MRJU`y^Ns5eBm&VMe(%`c=SLT3XMcka zOutv7+R!=uGe2VgS6mrqFlceigEZuD=Br*3;yYLqh50C>(!vJyV9m2<-u2o7ngI!s zHMk(twgvlH%@$b$JSD9P(2&H4NPX)bNFNivRo(y`<#dh zPX#N*H7)(Xy_v+*!_%v~`T2cgw};1dR>nYH zU69t7j%R2t0segCN0{!-^&QL}Nc8>!_e+SsHAjP_81X99D%F(BC^5q{>c!h(93c%aaEvS5cYmz1nKa$9oriyVriL-}}qzz=c?i3Yx=-vm&!~+fs}#ah^(L zL&uGqy5X{Q%Q3tD(ks{?a4a(}gro>DhH?04nr``7fPL%yE$Y6*pz2b1^~WGD2Dg@; z;8#aXj?k%eVvliK(A#Th6wPCo*I5HduFu?2gJVD$^UGr|nDs=*X_J?p7hs)rHrrRK z#3`3OK*;D{bSp%_6=9<8TMJDT7-T5;n5LGn1hJX z9y0R9s^H!K%5HzSTmT3F!gOUN7Q3&KfS;EgOUCzQx zF8af5r~Z3x`_Vj(_#e1!BEJqcgdZ=fAs7Gv$^Ra-_?Oe?zn{AntI679k7DMeXMZBd zjwe)&HEd#K5`Ya56l{U;u^bxTriqAU1XujB%-v|pG#&6*cYpbZK7PVW^AM{x=nRvcciaAO?4*HnKZjicXgg8 zSMAhfy3^}UrEExJ)N|Dubj9gSr)*BHOL+}ftu8EIX}x1r9nNEUnMQ41-Y2(x!8F&7 zM&2VmVl#RMVX1@P`V5(1gfcyL(wOrkNyfih&dU<{_3rsjbQro^MHb8wpNxjb@ti+4 z$62iS&Q-KvX;gd1L1UJbuYdag2^=(uJ}#KmL?Hk5m`QV0FTk))Z>m^CWUy@)cl0ib z@K6H~P>G0x5awHYBsvt7qxE?M(ezv`YOPDxA#5N(abbZLWp9|`Zo zDmeU({KFc&b1$TajTO%a$@4RrhxM5T3AAt5bIL9x zXrvFrj2_V5a5xM%<)-zD_lxLDRKeSJ@M*l-BOFU2d?p&oqE&1)BVDFh$jk{K5HI{{ zgZ9J)NxRd8v8Te(gb&JnQIe6u`;ZLFy7EdLDrHcCDFu8|W<#j~ECwFhuU(U+J{)gg zpU@Z9GvBT41kH9;vSTxT`oXf%gXu!xk%j5qh`pQn`NbH$O&~dmk)NSrQBNuH`sMkM z?FqSbEE$P)n%L!ES}44TMUW2AQ*`f!Sal!cwM`c>jzh3rUyFH|SHM%u6RfR^Kx<@f z8L9UC;H5rLr7MCT*co(KMs@r(a~Qkg`k&YIE3Fn1At@xGXi=*HoJ~Z$p}Q4hVODAe zk1r`r)J_G*t)Y+DYkp@@TlNT512ntb#O=U1gSK}mQA?>3 zQ*vD@h=Y%rBP@9n7YM*I2(F`PzmdNac}ldRe>%p73Di7jVuuxp;IV@2&!i7O!@-HWX(d^&|s<}@PaL4ts^Mm5vB*DAdek>&`4T=mUm2- z8!hC|#wp|?DAPhYaRkx>^lIV_YIsgeg7g*k!aJ!w%Vsy{vhBJGthIz?hbcp;-N$-z z$X>aps!24}8D+oUoB6K%GaHDMopAv>*p8U+g5YfyB`g1G-NCX(gd#XHtj^|{kPP%b(WlR16?7sx{|oF7AKXw|auD6(i5^bW{8vJH&5gAomk zB|CI+gHj4L6%-wIj8;z?!csD`rhjkwtkuOyi=%)n;9wynQZy!x^eLB?O79RG^JO!d}8(e7#8x3denPlVe%x`a?%WfgKZ z&9>l|gHi#5Uk21ikHkZb{RGq)cxECAX5%M<0#NxG!4z`5V71Z15#89m&dY

?AHi zE-ss}dx9#s{q57AkE_=&Y_9EYFKw0&%AgXdg>#xKrtcPu`)W!5s@V%{4prJ?(K+-e zaK-pr^6mZ+lExYM9H~J$YOV-XTp$jI{Tbug-yR2iB?M889SeKs63gO&-7=9Sp#QgKm>!d6_Imr3keq_%$z+STo~lT2!>;NT*5syUt%t8hy}PA^mboZ0^Su4XY=3tPwzK9Z(|3gj0AT#jL-Id{;eXDJ zXRF&rVzVQB_4FFuA=)VKa?uv!!{Jy6Cxno##x>y&I946&uB+LrYmrpbmpt}9V_sM4 zL$hLd6{pWnG0#Ssi5Jd`pNo?H)QFcBplYK^wro_Stc@vCvEy&X(F7%6?Qmj~>@;s8Gpi?g;is7&lP1V^h%06j_VzG^)``UMX5| z?J0HOIZvgpeDi^{(Q1y>=l7A-`+ht5Yd?OQE_|s|?G|0nqtJZLUD{F zT}&})oR!qNxDjqfQWk3_UZ%VL9h1^Oo049wJ!_?Aw{G_#hKyh(N^NX3$xa_JXMhdk z35`wCBEs-Fs0@dTx%lBL=P20#hK~z5RM*$>13ju3#5}!9n9%XR3+p zK`dY}B0)Pb>ttbQPhpN(B0ny^?&ScN0V4wMsP8E{cZy+r6(Q=e6M0afyS4CYnkhLs zjbFbAT!n9W*|{axT1hBak8`FnQl!;%0_Ef^UAhV$EM(8DLpK7QKxAjNLBy!i4i2D4 zP}squ?T<-3t*Q3#@XzIYBqX(OrQO+c?UQ!ZDmhq(yS7q|Vvw>^RdZ(jKF&iuej$=P z`3pNQHX`U6yaMKT;E*mdi+y2_aHZusn^OR1@^VtzbddInu3>*jIlPDnpV)$-Lt`~g zrERorpt67Qe?6jzN_vzxM(*PgU<&ZiU5C2HX*Txxzd88e4mNm+t&knoP)C=>`YfBa z9kqmOK7W?GJxO)vlj_^k*#O{_H{Aw0HDoQggDY+4jPbV2b2K_<{H0^Z|K+*B-o~ML zFiOj26~=m2R5d$!V0=2(9U^Bpx!m&qm_=n9j74L8l2X82dvgXi2)pi*=%U{JIZLT5WyE=89WEf6%NW&$N zHY0G}1Bp)*d(^CafxOCiHmQAUJnPxGfWKveRjn;iVqc}FG#RFW@^|pr9llz!F#SP2 zOwBQ72fP*%6a(u9bg?$I%~576(cd=0?mB7_ytV1#k?6`Q8%vytl3}{JBl+Thr z%5DSK9P`R=Q)ZK^{c7&V)aC-H>Dil;d(`on= z7YjEBw}xbH<1oPPAg?k?8*HLXhs*rbF7KxHDtOTim#40|xDIzkP06gTH*kh4O}f}m zaZVZ-jm6W(@ zMOce`O5}z7_^y&_61^e0D0Rlg*x=k61@XQT`r4wE>$hESy|*BW>^;nlqVNbVY^42q@B z&WSeE!yhLt0F~UvJi(rgn>_F(0g@ux6}jpi@_yNLSAiA(UJ2oL;0{_g0_}+}g6crb zCu!I!w2p4dYu^k|Mz{v@>u=c(YO>W{4GnWax#7uNhrYaK#=gqHMI7!5=ye?{M8wTpVxC4+^>7M^q+CibKIy1kf?GCS2t~K} z1Mj?M3aCeM^u1lR3$ITik}U9g^XyP`lWT-Ke&aG4*9MTxqdLsjMNnlqt?N zqM=#nQHj|O`99lNl_d=LC0Q#h-YtOG!3SJ zx?>~UG+2eGcRl0IsDDvV2wG~;sv&5bhVLN?-!_HL?Wxpy=O+{f9H-Iwj5_0SVblIJ z&SjTMJK83v{HbD2m}sVdI|z6~l-Cq0#~84aTPVGshohzu=7EkYvi;|Gc^ zr;}cxQbI%^qdl&TTv~@IYQX`qBShH`EVBEmg{ik9J+oq7<1BUwT9~nf*A`K*J_!Yg z-IAuV_NcL>M19CDtMB!yRVxP!DJWScgoRNN@qA4B_*rI-MHr?Cn!jckPS&YVF|XxV zWw}g;MOYwMx>^!7Pl4_Eyd%)}4i=)j$#WQt(`9Atd#iaB` zFT7Hkxv5F@fBnP38 z9&8!BY!*#gD#|)no&>O9N{mSj5@no<4)K`Z?!IWsnRGW`rM^l0sc+9M&V0$SP<)0u zs;R2LHFc_EX1OauQXqR#v2B)8i9lUd47aE?rnG`?B}c7k$AyJ1LMbK~h@b2e>O#GQ zV6hatwLjOi2&uW?BktmM1u73XrBC7Hd*O0Mj`~F) zx1VH|?qmn`kIdg08w77DG{cpqd9z61vn{=d=Qj%a7}D3$*McWs88RB>QdbH1LYrN2 zQW!ZdU{%oUZshM_)QX3L7Kz5h`E%o6ZMXJf zdw0p3<^Z!{5=f{n)WosHNn<&4t)UI<{7O9N`|77;*VYGD%`7&TIKCsjlh!e!ycxov z?@af%j;=h8%4zV#quR`5sS01Cf$@1OC+7PkDHzyCh9H)o|1Y(XjM(JtomUl8B)4sA zNZaU*C%F?x|5C+CWtCie{;Z|aM%;|#c~S%~`FD67J`G;oDz0_o2eps@e*+Y}j4`V* zc?%hGDBd$C;--}L#3b%6?y59Vr%q(DuCDf0dD>PXXMH|WB~?~Vh|5-}an7JQ!obT` z>H>gsFLkGJ@6Nd1tGkh2H*)VAH{n)B1XE*&t2?r`uk*D-DZi5vNa_;m5U$ZhY)YTCnVNi?5#`RAw8u$FD?CL7XEuX_ItQCv_X=#~%5-oc!$6S__V?1PiwB{PUt!RpmSfsj<^ zCCKY-HX&(566t!RH%I>V8j3jwv-e5#BkOCMxe57$4$s3uOwoaZfvD(`-jb(SOO%8g z0z3^d3fOQ!ypn^*EVL4#q3&|RaHF*oN6ILvV)Bt?GlJ=`sNkPv>I`bLT{9g;9ScSD z<$9BKB4h65sr2h2jyMuVoW!6zVM-IxGqv!p8V#eKS+i*mD56G`RK;rrx|@)%+^pHs8G>53$CpLT^T&JL25hG{|e>`S3MD2XN-k*-I zM~^-y388GKUiwroph4TpkZOK4Y%yZ6Jk-(jb0*kZ+h!q#!}$555w&aXU*F#P%G-T? zKAiB6zst9_*4lrAB5c6I(ElySsGRK|3!Amp2o01yJ!%EpbAA9j%1FdkR6&set>t5Q z`J(pd&+@L4Rv3xP*E&)LRLRg?sy?}lTX3g1 zzW0&`YpkChujUq|-U>t@KE`SXtgWS7o9)`f=n+rIbGuxO(hjgHD-w?{PN_i5+^#00 z$JJW2{AEPB#7l3uc(b-h0V>CK15qEVM#IdwkRD-ui5VLfC-U1YNjH>e5H(On&wQ$5 zlfym96;*5-JJOlh*d(jO2m619hvC^3MK0NnZ6F&CeFB79+)f;ecf4(m2yFibAo2ij&{MFN0u!Yo+7wo*QKY73}dT)g)?c% zJaoKldpial$i%~3!+DfKAIO?miD03B$nv3f-=TF9XAxMSqpgh{`*!hw6q`$f@xr7j zzk&haxMD0xf55Sy?>|l=>k8K(-HqxWf~T zlVEvdGyvmg%zil;NX>I&pawngB}zqL>7Yz7DjIV9)yp)%=2z0}>%22L4aC+RLM;G# zL_JHGif%&7p+y*nZWsB;H6mElgfn^C5!qp<;1U?>V5VrZ<6p{4R|smu)yOg2|Fx@? z%4Q2&!tPYq{T&I58smn0YHjN zOsl_W0`^^D(ItPYY9%#Vm}Er?;lgmL>~;(c`>d}05FP?bXt8PK#ilRn;4R8RQ;0`> zC86kGk271ishA?-mIa(K2@6GnDQwv=M$wGI_t}Ys?+k}_7K9k*f-#KV8;?^4fs|S( zmTbUcIfh1lt72TL%8-|-vfnMtH>%P2aSiDS9Lqny{rYew*sr__B?1#{wO?~%PO|Q- zaeEbET`ZN(4xKkz?vq?&%mB_0JtiJpXr6K%KP2iT_OUFl^2BQ-MMUxWeVn&tWr7=+-bC2Bc|EZ*iPT87;tkKxAd zbp5~*%;sAYeo1MkPuw5REDMcJOK!RI=-U$4n;9`9Rr^7LH0uyW>$mS#-VvSxS?)6H zDACoR02#rE3j0`3v`Q^q zH0@5jvjls?#QsEijtp;%x;IBk_|o{c#F}3>qAdO$d98|^U6UJKn@7>CHGBy`v7f-N z6FY02K1F1`GR-{mjt`X|dC)858@Veu^UBZ8B70zN1IpJ{RQFZhZpvD~gEj5GiT5vt zaP_jdE6d7mIpGr86I`$ZzlyNR^Nj6KL)qj)@!4@1S_Ak~nx-x@@C|ONs@TnhK#aF! zc7pnv{_*KD=(Tgp`2@{cLDBKAjGUI-T9u;Dx;Itb%TMA|W_=vNA>u?Jaa93z4b_O{pP9(A*`dG_aV z2RAy$$JI3OZ!|}e>vB%jz9SlA1ai=N)|zzllO1|o@Y7I31t)L@SDLNCcFl@O?N@Ym zB^X~cL4JFJ#SQvOCK%84IE4zF(D2!eBjFKYaYXPnz&6!~I&+M6Aes;Gvl)DOH^A>$ z4^>wL)K1i8YDM()c3M#-k8~SCA3>3T<9+NMg=S(%46vn?eBHSmnhuw^KMIWMx>t}* zWh(7nS0Xbbj?699UXt8xs7Jl*_y+0%O5N;FZA;Y=wRyh5xWBp3W+ff$y+ZrNjyz}G z?=0Q%f^?oglDlkHt?H~}8lVj2Tk0j^h{*R_ZxssqQtaXYO?0?mKV!l)3UH{`hz7_%?4h zG|(TO(H>9nBpF^|R~&h{hiHQ5nO)+FKVv3 zLVknY5sa-^@Dv{$xRh8x5uU4Un67jGY)xpO`U?Sz>r6%zp@B2dJA_cB#v(Wrutf${ z@~d4O<2#4=Jmdv{ysuXy8G}LT!rwVHshn+0iHw7ZM4lTRLQUF49_S!;&^IhpM-3O1 z#AQd+v-D{tZn*zY8KPquw3Rq;0`-qxF<_(mWqM?E%hI!OtQ9Qojn@dq;(R;yxvO@A z5``Y5$E8uzoO*#1H^W7dvo0v}k34@obUPR}@s>f3eI1XqQ^k@+Ak;A0R_{1RnhvrA zXqOZch1&gASGlnm((c6MJKNQHrhmLXcN4#>x!+_yJ+!m!iuy7wy$+9UhEZ+*96jA> z=2wh{a(Z4!tIl>^$oz!mns)VO_H!ZQJAbnxeAPze)JE;(t3{1W9B#wBq=jPxt8E=F z6JI#99t5m_FU0kMVi!K4K>96-VH9v7x)^MozyX-LB7brd_Tj|U)lA%Be;{iwlRYJN zK+q4W>|J!KYJO`X;v2T$?%8E$za59yGx~qNPlEnGwb*~`Y-|i|jh+6FOECYBtn1%W zDun*a_6WxU0KogtU+83R=k|Y)zos>J><-wFe$`w-cSQ+0W5e8Nr&>X_Gtky8*aRJY z7-18V4O8OC3JOve_^%y1Qwpgf67H>5=D=prJM5WQyHMe4@MmWP>(YCj?s218B^REE z0@L@r44yx;fvWpudZHs7FcpOc#R<21XjNhc%IwMEX83D&DmiL2i5Z1uCdx~tO2(5i zmyho$Ct6dcol>}(2^ca73?4M9s?6V2s@qFMjI)iJ+&PtBcq$FCQrLj|V98vtMOclubZF8bW*&u3ZC$c%*&XiOV5Gn}f|4+OiLwL-66j9CBN zrq7-{Ml%!q<5tD>pj8FD3rtR<0s%h3QzhM{)kruIKspf3KfpAM*A}BCV|6^DsV*eg8hHZpP>DpzODbi6shMM0W^t zb>M|L9y()`7Ldh#i1PLCF=Pkk?{`EOxxH~DcghbM^MZ^jTkT)M&M7E!$+K#z2P+ht z!?nBLFwXutC%AXSRS=PVKIWV(4mH2dB3P)vKp=DXtYeH08lGyMJ2Ze1P+YG5JKm!t zi|HHXO-|!EsxCYK-UVwkG#3`LdK80NQ8J%g+GFVYIZ_GajtiDVP3@WsJ;n<*<(`~w z@XvB8?ovYObET}8x(Z1l6e`hfD{=>0G25TI&DD-J3D&+W)PdGL84pSN0px**WX`C} zS5t6=jCLuuiX8s91#ZBp_JkFY; zV3TD`ah#=sJbc-m3u!KPAxft>cemhuDZ5_xX4A){XXg8TqN0ti_`2f2DP``X!zuNQhOq4!jZ zrA_vIcGYfx7bIHCusXCJOdE7VOkjGyAkj02`Vds9L7ID>Xre~4JP-oW@Uc8-!It3A z_gaTRFu4IVf`%MJ>{O>?T-4YLmSr;I*s`p=jIYe=wW)BNks3*@>s182o$o=$ta) z(WzVpt?0PO&IdJ(hA$-kW?)p~Mrr5B@iu4K!#?3xbHM-$i>4xNYpyq~jWHDxUMgOT zPKXNHt3;`GHgnznFM2Ic$O-*B^$0i$sp?)a4{qss)1KUmXn=kR)ex>~>V%&bE4FDZ z<070f=r9GiB!dnMO=&b9d;vwwMcC`h4=1(P=qXvjY}2eCK)MPq`w&M=2dwxpLAAwX z?C9lrtObCbeEn;Ij?N=(1jRU@?A$?5+Av@30wDLM91=h(wu(Eo%V2X8X-Yh&*jB+G~UU+5BQN6O= zw}1O5LX=Yw8Bz|!N)uHDH-Ud~yl*PlkssK$A8*HJ=ZnjW%Si_~P*L6|MBI7)Xf_z9 zwQX-blBecamzKtu=2b04R=wF@*%0zqiO5>oJGrngMOk)`gyynaBR`T5H$PvC_t%qG zt9I~)v02k}wSZyfWi8GcInG@l-w8LPj-RwsOEuB#^nG-LxbE`no%FHt>bd+oJTT2g zO`xJ3P~64)n$DdBa*_27$$LW}vrv;w5i<4xiESrRx2fB0@Ry@nCYB*)YE|(ERGZCZ z;NMgm#|s30qLT>zJYT35_6qC#9~JZlH|F%XD>FVpg=x&BBRly|%KXC<@=WPO-MSJP z!ge-sRj;2keXL9j{(8HV;-<9hX!8C+JQT{NQcAryZSBaJ|| zxd5AoTy8~lPu8V-YT9HwJ9+QyK3aN!A0u;$#yTrgo~=)E*}8?}+=f_Efwtxo@W4y? zo$>}7lbkM`-cZape12q>&lBQIog0`|{n_%E&NI{$S;Vlq2i_dpv$&(4^nC+N;pM3x%BY?4&s+&b1BdrvF3}UCiHj18Px@oY{KR+ZYUu-h zOd7pFUhcoU{HZH|iJkQ+wu3T|9K{6m^=BgAtf^)t0;?rb`>($F#Ww#8i@pkbDVXnl zK{lf=;qnksh(^AUm`t85ehi$x8XmP@+C1DL`T4bI`-^vsZ^-BR-jz=ex=g#%df_r3 zi}wolQWw=`c(T5b8-2f^F4)is)g~lV{$3^Y!!U8Z{*e~j)=_I^)R;?ApJ#Z7bj_S= zvk>K7>34nf_Ymkuywb|1DLAghhddX&VkbFyQTu_;*~#4>KPypSU#TO{vu*Me=RWWQ zef`aEF6<7+M0s5Q`Tsb6Q41>qOn)W9BFg`5yJ2nNyV!f6eX*{|EI z*reLA6JBC%#gzS+Rqlky3L_WkB|T>oLAEFfwZGbG2v9)#G{xMPA=Z&P6bml3QqoVxhhqE` z3tV@k>o)^DQ^W@|SvpNz2#fv{yndO}h4iB&tJ^NCZyOhvxydy1Q8R>(XQWu@IkvLY zLd`enES*mcs5Iy^JEK=ai$CVmt$oERIZtylBNm#xa587%rt5wNB?*mCa5TtbXW*a4 zm}q-n!v3sB^{fUl?n|LmsgxU$PAXciNQD0-{)xr@#uQ68c9|&v1Ab#e*43U%LDlRr zd+V<+I}I=)t%cu>Mrt39KGlM=RM9z#vF9Va4M?(Ju3=KUO|g|~nJeT53u?9`%oM<@ ziT7T#s7(iTOAwy$7n5D3BOCYlJ7SZzsa7?s6~k;vAYqrTLNJfWrecKkhc57Em5x%` z;8ihpy0NMRwaAqzUFJT4N|Z0~n62wU(UpYSX2O|k+0TLYESijM+Y<1P$2zKcpi_br zdB%{KJ|Yz+WdPo(ft6B%@^DIDp0?vOX6mO&?w80sfU)Qls$}}S>+97E&x5C}g=887Z-2TT#w z9N22nFaAiJzu5Io$2l=8BuS?0+1VX96M3@LIXgPl_D`5&qUs<84kC%Et z3&#e(5B?BDYu^t(DaXj!AlrPQX}ljhdZnz3_qV*O8&q!#C@g=C6b0{Dfgy}8v*4g1 zwB^I&z6eA^i2q{|nExwJn$DC|Tk14kK@O7bJ#ec*i3N*z{W(wRezx#WJHevFW$B!L zxInAngPKTs(ha6e&@KP?dvzSD4Lv782FAvwqSi?!rSn5g#WG9Q%uAr~z~FY>L)%YF zLVazA4uSbYV!PYf5&>*9md!QBU9g(}nA%VSu~Vf$13{?GQn9kXFNM{+^=Q9o$k_LW z!&??w03Qh4IwstRvF`3WZUHp-vjq(@s1<+>z`uP4;ub|@Vwe55W1#b)U|${9o&BEh z4eLCJ$(cGv(0y>?$;vA+zk>RdzrI|Ns$HWRMyjvCK4rg!_cR14d@+Aw5oXniWP15%0WJH zIV-2Cg}NiGK2{(0QGb8o;oUqF*TTmj#^WY!3;#qynO)rL3 z>wUq3XR}4A&r6@~@WqxU7Y#|kbxA=~YOUPGj>}qYeWXCr6uJagHB6Rnk+P@>DMX)k zg(vkADgHXZ=?G_7G_QD0d2vfNq2$<0DfQzY#;Q}y?ckQ@na`hkmu}yhdcg^PYX%hm z%f1-0w~e>HmDW{8h=-MUAuX#L&rSXihv|NL$UX^eqtPTkqh{ZqYR*d*-0vq4t5jUq z3|cl!W0T?^zBE5VB6#lom{u=jjmS}&zOzjvH4bjH_kN>l7XhEZV=)d}qz3o7^;e5n zSc!C(r+hTGr`Hyc0NAACz&{)e1!C?Iehu~uhbXV~m=1vIg^|1}EGr=V>W4e;xZrnn zD$aWn)feBA*nB*D#fo(t6Lz2VR4>lgP+Uh7!k+Ajh}^EylQCFvR@ue%wzHHM>QRh{ zzL!s#J$-taKIhRiVl02$>=-1$(W}6-mAbrV2HreQbIl*+IDig+B$vzr)1XgxTt-J~ z`q4EEdON4|bL(8_d^G}492ms*ZD%zw)dx*m^cZKXzy!XDvV~@2&uYfZcy9arKvS>c z0rZx{F^g-J^MIP&!~A!g07sWACSORxRLZ-B^FKr;SR~-Go#P<@;09B@1VH`7q+_!H z5rhKsbFwY2;8&UO6;IJI4DX+d`YBL?TqG-H1)H&`nWW4B7Tgpj3sP(FChq9Q>tdhS z_1^pJOOoeO=*Dssl_g*q@5gBFglV6EP|h`9g=PSnl$Wnyx6Uz#Hx8iA>Jj}zdi4|8 z?|7c|C#Os4mps3O;@_Z?WzY{8qADj&3oWeGwBXz!EL~1Gb-jJPhL<8NQ6RjF?4GjC zDA?mpNCD}hjRo%K)Xsj9nKE$zL5I{v*Otztb)04L%G8dd64Sd1KxUMe?Vcg~`j{)Q zgPD0>6FXp}l`a*820pxUPF{?`Zh~~EVLo1KChm3BcewZy{kSk;BXCyXhUfT@Th;J* z_fW6+u7G(WTU>bMapZGnPo{z;#u>hdT{-Ga>6;1my+n;iQC%c2YK0;T_k~8AH;S)%QpWmdu*_qJ)bPW^Qt$C+ROA< zM?-ro-5(;Tml>bVH(PhQ+ZT4OVwqERx;#E!?0Vm>uXb3FE1ak1IkgzLMllX?{J!47 zE~`(!aL~8NHzvHA6p>}J_K=VU;XG>{agmF{%!#0f?m1s&mHRbfjJIQ{k2A~zV348J z@+4hMBE4j#eDBEX#vLVB@_^efZcDaD6GP0h*#h*;@Znh%5Pj4VZ}!?TGdk1zhf2GQR=8tP zJJ#7^&M30R$vk;W5Mn$~r|#B)_(+)XIUOCM8_62lfeU-=w+=@fK}c%xEWI#$w-W#> z-)I^PgS#_CWgNkOn6c?J{`MAHt@~seiW~z9VVV2-W#B6|U!+41T!JmZ%;_3C+*oyU zJ@PGx5o69OQ1gySPqP}G7hl4@wq-p2%P!-M-M25ZldME zuN5iq7XieYM#_C!`_uXD%xVcIm(1U$ElT$MAA(_=DAaJ3e3^p@LsECfp&$dc%u_8 zV9X4Q_m*CR;<_xEY`2Lg+N2XwmFN2uX=q6$%&j^ecrK3_kwwb`j2%r{Zg7v+ToMO< zo}x9-VIW4KyMbjZQnR<36I;`c=J^SU^qO$TTXnb$l=+;1{TB=why zg-gd^zw8*2vy|d!I&MghN!@Ofki(T@XU|FNuoIbF+fX6P35Y$bHennzYAX%chT@5) zgclX6PhH8%Rv111iLy?gt4hpIhWo*)gAq+v1iCRAE|INe{=lf|CZp;AsZU8Cz^*dQ zfOxxgK>NZtUC4UvGVpmWtPR0_?nuWljof}F@D)VIT{VA0t4$$7Dn$eSr%MH5rC{<3 z-%};W%v23e7O}1H^C=**IG+%|Hp(Z#dfi!f&G$gX6iV!@t%BaPy*SxWT`H8Mex#R{ z8CZ$yx*K67Hb#e5Aw&ZF3?LNlXvBQT8U_>w?=Z+E)N9Bo-{`Ax7_cb7_Kd`<@HNW~ zdp_FH0^BAk+-@hOKMZ`wGYPx-qg0g7vd=atGDf34nB5>3;yY0nDik!iNo(ANa#~)5 zUkh(UrsU0!d^Clg9lU2^kYcCeQPTzXjq74JNgm}M?Mq)0^xc0iFad&2p&_`Q_?a2h zWccCyOa*XE^aT_#{d)~4gA3I>FVvZ5cHC;N%)z`s>?c5)YXkVX0)(+k+x)&9kh((2 zLR_Q+M6(~wyl4Cit}rEPeGZl#HO{%ui|}tb4>DW6u;u3WVFTPEa%AVMSVUomACx$P zlssi4F$H?}pmm>|P%GY`bthqC1O*!lg3(kUD-aq_n<|EU8F^}#F>|5eow^u-Uue~b z(27PZCe3NCi?{b2jm%3DI7}lw9caO;AA|I#mlvV!FM0ocq<_8L@5KcV+r8x_eal5+ z{_MB`jmPqv4sLB<%*g0fuPRvDqMs0*7rDJ=^#^Fb762FiS>yiJgB*&vC)PXGE)j%7 zr0%V=5zE+idu0c{oJfS~S_X3rQujEMX0^_Wn$|(6yFg=q%1hdw+wX+|914yaEWDra z>XI^>2o0d2)1H&Oxqag#$#IEhVxnAL46SD$BHc6c4&c`^BU8wUBO~H83;`q|22R!i ze|B?y_TDwMV-LuIdtTWdTgP-qKH1;}REhy$O=rs1SmvEBh;dtif^cz56 z@p-2sXP`fDN?IDqWEi7}#(Mn2I%j7qN=(8oEEzbj0Vy*RC$?eI<@DY)H?sR8&1O6k zi%Qaj3dZM+9k&NGj(@l|;6AFY}K5HqKj&HyBDrhs=ISmZ`IAD0NlujNA3c4t05hBc471;(* zG#k>wX^hJ1v8TLLNf~N0dvgz)!nHI<#iiQ>s>r-zM8u&-9d$f7?TT}7qXoCUeLqdyG}2TysPe2g`je9psZ*-UX~ zKu>Je8}GT2Ibp4$F>y$T zDW5TA#Ycbju!r6vR8V(hLD{Yf<-H!ys?J=)g9eY={xu(wyA2!m%LQPOVCESlO1zzenE&aK#jfw?MwT$qF6D{yLt<}qpW zl}pF{eE|<~4d9__xT=!-4j^JnU)@+s5*)#rQA*9KO_S^=P;jkU`JhjkWy}@#4YdT2 z;(K7-bZ8qWMxM9w!f%c>3ZBlqx2M#dl`D>sZivgj&l}g1Hi0`F6BNAv49941@G1=) z>UptS$0bsZ##?%rPvE$X$^;gnlgF5e4e<*?FJuhru`S>q5Z_?B#`mW`>xNPY#;_0l zGHqRfO)r6N$S;EDS(Z|BUzGiwrZ-!w1;R7SH^M$iLM%q$U^%oQW6Z3htpZ__p$-cs z0C7WhTk-5(osi61wShC&EINBxTvlJXyOE7D-RIuDyyQ6a_Xr}pF-8q=GMMi*u}`jJXs zkv15mF}DuR-H>4SI5Ba_8b_gBbZU-)2b)n^4+KE29hPk;Rf~r4MPjp?&dJ* z9YBRb9iF_hptRu^zVa;^TPhQ}h-ptbr0jxcb^yTQMsaMIBzxsoyE>pIwf8wjxgpc# z(a_rz79qjn=N7O3MtJ+ORWYodBL|2;p^)L$$m@+ik8vYhoo= zxL->+C)2HJ36L8YsBPEVvyOv;8nk_(BKfq>L7c*Q5AKMaLhPEacHqXP@rG^5UQLeY zT^+7PZ+513s#?xEw{2=TZEe0nO2-r*UEN9@#J%Pz%>G70?P`>0?12ndi?LtIcV@aP z0V6-}B_rXskZwL!8n}GcB@vbTT)By-e|!|?sHs=TC>j{yz~=bA5xA3FIOxn?Vwl_W zZ?b+;6L0%M9fn2pDsj}n<tKjB&3r$TDxOv#nU@XJ0ThFVv@#x!pWD)TM*i98OWs z|MynOvnA$Amb1OWg*i5LKY?Z5W&|E{?I zCm@mk#rK9ab**t$U2?enxIYF-MdMj$6`v(qbgJ`pIsJ8;0t?#et;PQmP{$uEWpW+t zZ4)Jbv?YWFm8)lik`TdZ!QZqj|Y>dAbC zsoDDJY1hI_ePQBP<5uA#wL<;vedGMmRHgnEvTfv5-@2rC&b#O<*0TJ0wB2}RX5ur# zzsSAGH;E$8t#LPl+wkmUN8L4JhEL(WQh9B4b@GP8|0H0s>7A21^1-9O8|kjUd#+nt z|7gYK5LDcFZHe+8wC2>&?Mt!0X}(x+4X3wUwCVQApz%_Gk((?R8}`+P4Tjhww*}MI z`p^Oa{>46^Hw(*wW##cCODGg@lg@2xHmUoveQw0SO7ri@yH?ohAL4cfc~{=Syk)7^ zb;`->mcis%FduBcH*NO87KLj^{K1{=WzD;ur|XumFv2jMm_yjRsGAExxs=srL1a*H zP#Zr%gxLuA;4}|j=Rl*+)M%HjL8t3zbQjsmeP9{3+l`ki z$a(=Y3WA9AjBLu`WDEVXXq&Acd+HT9F53teaBPTK%35P!j>g}0g>`lIWkT$VTmkOT ziISF5*k;*m<{G5Ra9Q|#>;~AX1e>G!7AOoco9249I=PnVV;c?B>b^Q_(9p(sa8GNT zw6F=n$rIYKZ_%lRhZNFp82#hfd*)9XeGl{F>Jx@*&TpPp@q?KM=ugn^eT_-cD35^N zA-^#Ff~`7bN;WpyIVC=o7iUj=756`7_!S8Qm(qpwH3C)iJ90~=X(}1A263GR?pl8V zOlJQM_jyrkCJ@oRiy?t6$f{e4YVB`laNi!N?A(6xsbSAq2KnMFBzXtyJ2e4}c(By? zi{D4#sC#c9+>$v{SsLc$CS}O-U$*%=z8q_XrhMok!t3lnUvJ)pVsB#G8rOd8Ra|V^ zf@49!+|R)cXc*Dl+`DCt_HRhZ#9@07EtkvC^&-D^x|YNj3jQG&eP*eFO!BM_%{j*z z5t{M)AnrW4P+U{T};Zdy0RhHPAY>)`Xo5m~41MR8gBmLT1HOsv+;IxID#t)in{{sP)V{?N z*F>zzE2N?|ZQphL9-lg6f;Nu5ess8>xgN|oWpZ&)W=MY`9jP``if8y_M7XlU^|Ter zCu$0Yz@!#UHNi_I-(*>A#GXQim+&|W3@FVI>`D+TDf^G?iDiYvEj zQIkA2MQz;h>JY!=5sQdd_E}{JnHXEFLOiE8<-A5CR>{RmTPN>`dL5|gg*YVzxAdS> z@sJ}nNxs*S^!lk5AbwgqLF(d;byRSe=6P} zAAEEE%u^UjFUB~#K%dTrJ(T^9-hR;vBO zt1`cY)m)aqhcIFZg&p8^*n=ijvmhFWfv`oek{gsu6m7D#o8zj6{J0@ieM(bK7f z=lo{gHoc_FXoPXZQ03Ai7OJ|~Fg1(Oye6)*&-J01a|81=!oji0t=6Ih$oq-Xkjxhk zCx8EUqN)5?;GqJQ@tqIKE-wl!DKa$UK)%nj58B`l9Om2hnn3K|(%{hnP9ww#&r*HLk$1t$8V^X9qY9?-uFaGHTVaLS>g9OHGuK6jD*_1tU6^sN5~pM$CdV z6EtH=W`h^joW$HpX{lH)SdMP>6jzG%P3}2-E?6`(iY_rgOAgvOD`h4qJY%&+7tWN- zA;g3WGZ0XQ7~%p*^pmjAn|!cDvM_=8@!t9gDTQJJ9#vMTsC|^*{LEHlmE~lW%%0?p z2MhzBkaOnkNYZn0CM5{BfI@}9Ap?WLPoWL7MFivpQmCb~mAXrJre_``&>QbX!qM`=4d9F7J|3FrVA<$<@XO0LJVEn8bdE`=Zn|^*`L6#^X!)uitK7t3mk%#$tqSHYur;MJa+Vv~VWoaDF_;8FLn(%Zd~3qSCq zle<`A9ujiG@gijU#y9XB&utG#a8L<;28PV24PWFdYng3o0A+H4TbGiB;Y0n^KlJ< z%dYTA9B*)RTDOLoQuWD3M8=>rEIgBe1Tr6hLeeC`Ys~-cbe5GT@4P-J8mEAKgPC=e zF8n2cig7x6R(%pLgUIm37w?v_kBONdeHu077T&c}d~Jfc8{2_% z({ll@6Kowgxt@gWp!T<>@K485p>lAlmcid5p??J<>z^=Ix;v3>A9{sc(bGH1hop)l z8c1d3p#fL#Bmr0V;W15o?Os}8nh=5(bjcPai5h#BNe-MUMu`r%+k5A6e=F;!psp(Yg3V*@ zNx`v(FHvSecM^$Vqdp}nW-GnG%Awg?VfIGB=;MFI#n$Fp;7fhsO4X)ot0g3wN!1CB zBl3F0)W)r6O+0!vGFawGRzXWa(enqgrdI^m{mpcnL;!)h7TLFc#zIHqttzXYP3@!W zr(Zmy-+aS(`7x1kO@f^Pi`Ea+x<$R@50$KLi`Pk%`ete!3NQSX_JM!rD94rO<6%~?r_A` z($?KJ;K+ieCwgB$ydRxp@(jty*LMF~{3lq*^Hk2<61t2WJ!hut4@46bNX;?CKX5Qa zWIA}vb{i-sdt$|MUg7PvG;RA+CVG#&VXh-G!;B{%443r5MccSqHv3FQ2+@~o37qs+ z6For~h2Ja&@}LNa!S4y6X(ci0KT2Jp?fC%M~Huo%2@wk4R*;OStc_On9qcQpr2s%Q*0Ge6si57yJuf znVH>XJ~8!TnQH0yxCFCz#P8CX@SJjJ`<|L!l_uX@TI;}=PC0<1jlHPmk%P2_JsQ{4 zM+f1f0Xm5#k#`8*n`q7r6eqaIL2-VR5zP1bH8}(N3Ok2#Wtgkl7$uqX>BhR^;yFPY zTPF5_NDH0~btu*m%Xnf_^7bh`V2P0Q{x|`MzDFXbNw5exaz;;i!|)a@7C-TaOBfn@ z9myN-kFsQd{RLmL>F|+SRZ{x(+x*3+xL?4tEhP)w4Zv@eh6sA^>E!M{;EVX7L&!6C zI%lf7PN*<@eyJ~BQQ<5pjBzL^irT^*?^bk{;6a!imgl^9&q338Y=#?zIz3Nn3BYDA zSOxS+OpVE-?}3}M{FlH#eONg3Vyvy%f_VDH8xiWl1E$7Oze+BQYzXwP3ny_|`oKyA zyk7KJ^ONR=R{rvq+A^A&MX2QhgLt*0l`9xaa=4r%M&`L25zIb9v!-VZEg`J2QxIoE zaqVFr_B|U`&3yUgFll-JB$7PCjFX1;sCT%y_@yDQ+GaaJQMIBsl0xx4;U{u`;Yh^$ z9wb`V_yEi6&b`h)@Vcd1+XH8gZU^T}LJL(tU(}8C{-1&RXEPHX&lrNnV_6&ssY+a= zd6E)t4QYa*u$LT6pufAyAx+Ukylq*vvNyf2ESUXgrd%B8zg+EPn37w&Y1Bv`g%gnP&cI> z-=h>6H1ZG>Z6XN0)DXMj2W<*W8*BuPK*rLr1uYtMNnHL zs@GOoVmZuFn29}`&y2N!7)ctX=oTOQOs}GTWgEr>iMhvCq@5rT$KvQh^y~Vl&K_n_ zj09rLU%$_Y#1NBJNh&6GnHNcF==ZhxpTGdS=7Q<3^7|fEJKazH|EQYCl@BNG{7yGV zeuHi;~)PoR1+5!?O1G9losCAf3B%5TFFEefG&vf5-k#s#Z<+rl(Y~w zqOR@c3MOQK$kVU>tvs{XB>5OpKb7C2yW)RHyYIulCX;^)=}+8|SfrxLu;l#tSmQkT z=yB?~an69q;onsEdm9uzrFTBA-|Ggg{X_)|#gJ1B6^@FQRYFR5w+d1FY8J-sQ9C!b zJze2*JvZ?^U2REZYcO4#(lV^f`CX^G2+p>q)fo)e9=-5B013PKCp`7%n|a9l8c%bN zbH!lVjDlx&jPAVUn@!QBUN1JZL4tbNA|W|MfxGT_i?V@c0yAx9tADpYPulsUa+9A2 z!@Jupb-TCQOW)1)1q|NxdO5MPvu+28$A~3I<&C&}Q#rmbTC{jVYS^s4E=Au16)Z+* z3gIx8&<)5#JO2SEnxQfMVd_^IWP&ev&H)b2hmZg0aN$o#Gzo7+p9a87>*v2CfFi3y zMy-Rm$(67w=+l5Lkmj6HqjO60x}-b-u>)$S@7fsU zw`JIQ%|Rdr_b;nwChj(0Ie#i})&W3Glwse_h*1gIZKMVm0IFfvCKDAn@KiYb=if$Z zc9@uVVV>zw-h?h6L2|6rsc5~hh<8v}CY9Vm&O;kAUb`9mQJDZe@1OomDSI!XSn}{d^^Ti>jJ!s^og5qcD$I_gU~m(@S~LYRMwGaAPYhA|>5D#a0YDQNkuz zsPCIfR*=Ltdz20n&YsiSFbLx3^GPpRt&X4TUJ}ShCCZ-*lwLA&{B7>zmQ04JzyCl| z<`~sL+JJnMyCaX?cQ~7l52YV(_wx-gX0O_dd6@CyiLncV@{W@(r`TE!pN@qJa)a7Q zJA2kx=9;AdDd(jE=bA}#fdrKp^90gbh-J)>$k4X(j~QsimdY9~!Xr(WwIfu!I`3Cp zG0XolNYI2%n$9DsZnK{0l=au&VYU2?^r-_NIqc1;&J7)QXO9B7r#K++Co9(MuUJ~M zk%F(F(7kp~Y9Im|)GV^+!#v4T=%5jNPdkaVvK(3=iUd7klvkFL7k%5NTGH}5_Geia z@XvwGZ`pkEl$n`Z(wKLyq#NXPJ|VvU7!4EI`$I8;>}^h&cM1V4X%!|gRnOZB8vvf_ zC$c){X72ARRCk`WBr?s1VXyj^N1^iFXdGk0Y(5$0)<<@z?!vN@f)geFPBJmS#gPv+ zXMC<&3XQS`8~NMV0i&(sJ`~q(eJbyAx6Jjt#w(Qeju0ldnn0i^IuaWc^+6QC$0nBEK(ygm#uyhH;cNlG+F#P0@o=Hzwyp6x^ab%|?g+O!Gi zE6EPnV_t#v8izeh4#M)8uyKVGg)KvTw!iZ?2gU<_O_-Xd1yPkQs3fh zkLdI#-xc*I@$ii==DEgr&lg!YN`oxOH(rI{^9w2d`zloG)4QHr2dj*8ZZ^b79A zfc{~v(M*iEfAmihM_yku(PHZ{uAov?w8wm7NtP-Czg;PDin^%)H^77V8Y@vdRNy}Mwu+KHpPQkkcPy9gtc@!BsNTbf2M>GdQ@vXM_wqgj zzx(3xTdqMZ=v1dT3k5OB#qWY86+i>K%ar<=Qhp2Slc0EyUQ1I1C^SbFh}u9PhlJ6% z&|35nlj@l?nnXCc3|b%)eeqlrTvC{wqM&_XY!wWJbxyiFtG87@&S>B~0cIK$z1(z-TH+ z4ZrZeV$#c^g{blQx`{Y7XXcXq)OzzQ$^+6YOP!ZN`>bP@LknLL zYXqQLoDtLwCU1PQ$TCl4IFY zpI0T+KtxiiXUVTm_5-v$dgc6zw8l?TYlKPztVx4`$e=WE2OyJQ$gyY~x@FIccS3Hc z-RjtHyd156-r9&Qc<1KavMq*C+wSe!s#osGr*r+Lln1RVaO)ghaG+sf2Xbg$=)p`7F5!QO`P~q zc^f=jPgs&ryz!LHBrEM8Q|b@9?G0_To9qLA>qQ1NvD;!7me)_?_eIAfYnaz*Tx}w@MD-8>3A!R}ay?tDj4pm7*@;d-l zET2w;B%F9suoDbmFll7cm3g==RJZ!hFlrpwWo{?%+A-(rD}z1SaVP@)D}DAonwd%^ zXKj4>fVw@hposu!J%Ipt-aBF&j^3xCScj%V1kANDsg+&fGI3p-7NmInn_93|2iE2=CcCj>L|XA>~JFhT4T-2f49`oxzZY z48FKh5?^-Dk^`=kKTr4;U-rV^qxN*CW`0SDEFL}56j0t+b)$-#dWw{i1y1u zPyIwd)cNfbl`jt1U;4X{Bw*!s9%?%}-_+WP;`MdO$3hCPa!v(8Pq&``uC5zm%Q=3oRwwp?;5Z3rT`UqG>eC8~oy2G(!c z%#0$wk!flw8kwhOMC_sDCx~}hO7v4i{{{T9QTiQ{7veNyFUsgBWhrhpYjUj9;}jYj zHpmw++Y8pq^E!$~_(R6d$H#*|P&jL_7rdB-!cu}_LGA{{?n--gthYDXQ{2r%F~HH( zlq)Vuf33+i_A#v1Wpc)Vk22_Pen!!&YCXD{^qF&ucf(KIMemKs_q4z1eSwGx`yG@M zW!{;McTQy&C1I?nJ^^4wE~TdGp*->zLM6)Ey}QH)A4e8GJ8TcbuLK37Inm86~KE~&G*B5F)VY0{IF zf{Lzm7uq(XZ$~GkE92tQRB7wFw+B3ufbodLl_OgBdT3kSSgL)p+f4D&DHnWJ0>@jF z2PrHrqOSX^?Goo)NQ%E8_z}~41xc-RUDA`}vB(Z|mmo2tIIP{E#AsTpwyeo;D{^<$ z^fK0jl|J1);V)JYpf;&*=Z5vv_X0(K+foT5)2dZvboBAU)LOrwkFBZdcoTyxZ~1I3 z3LM;Z{hN#_b0_|vc8OUKZWLw-bZTlfh{XG)qEl*gu`(beIJ9y@<@7;8CqTF=`Alb9 z-if3t*v!hNnvf0WliN@5ti64iLscL9x(0oo>#lZS6JDcS)yh78v)?dLK7+*Z!=KYA z)XrW=?2A&?vD4^|m)-S|jUQMvVHn+n(wX|kBI%QxIW=j=OFXYEM{q`a5d=V z2<>3IJ3xHB_mm5M_*dGb9{aj%0Mbo(^cfA>(1W{B5P4*IPzr z2i+AMDp<*+ViWvvX2k~ez-)%+RZIixWF#{|li zEw)3Wj6gYTqrF+BWl!e#RfK`J0sPq65L;cH_YD;(5;0bzyYHZi-#Va@TW3+Mp_Z&% z4z=lCm0?Se6{)jEBr8_a0ZOT!=G`0#odU)+u?o8@x`$(3ND^PnBDo-@*^e9!HY3|! zJh$2x1F?MF|1FdrlZ{heQ7&$KVG%E{O|L56;UaguGuM(zqWPO8NwO1Xhkuz_upMTL z!%kYFetYLlCc^ifEa%Id%g-sY&gTx0M!)FIukF&dtv?Ffr&=3O$S)4k9h6qk$&v@> zaQgmXGq<_>`F~ONO);Vc?Urr(v~AnAZM#p~wr$(CZQHhOyZiL?%p{ZCn@sZGm;F-7 zeyghWty*A%K;>)aU?NpBFu4KaM$7=@#ydRu2{M+*NhI+WpwpJ1?J9os^ZIua3?KKL z`h*U)QtXIG9cZL>O&eHj%3YMZ@Ok8fcEoG8+X*342Lrf8zd@_B*R`YJXvw~pM*8+wd*H9UCyqQhTR5Vc zuJE)~7eP|Cw*_|I6XKCG!Op!1;5dFUMCY<4Uw0cmlFwU{1wbV&G|UdH5o`phONHKp zbuNbKd`8D}*33l>x_@WjJi<@saTl}S9Cx7_TF?z+BXeInMa)g3%I~x(u!%us!Jrj( zHi)yT3EjHYQ*3}(M~yf;kW$bKuGX-xQ?!f=!iYM5V}N7`lnMfel&P>T&)P2K1hz@e z7M8F%^lRsW+k9pdz@K!wtaPUjXJ_QNv<-jY00%;kZ14OT%+2N!s5iRqongt%lt%Vq zX-a>FGQ@N37>z2h#0#(fIUdwz_uecBfn;a05BAJ@qc`C0=R+5u@8wGCr}%N<5eKsi zrVH?n8_B;%42{nNbj7ZZe1KFmHZS}W@}zt`9+!CBJn!|@qA98=>sPduPAX4FZ$&>idhkdWEcV;N^XfO; zf4zlz!R#PDepxPs-;jUK|Lhj}f1=d?d^pQi+qV53&Q4e3xp8lwjI~@0(X9ONdGTE( zBRVLc)FAYUL;wfv3Y%cfK&Xdx&dDDqJByGZyT~vgKK44i#~Yv0R{!CBgTFM(eS<^& z3bsvCxZlY;ea;ZIZ>DBuZl=CWTy9qf^9%cK>2Ab&J?rzyeN||`VchtFQ+=Uf6~Z#e z%P%S^Uz&vBhuae6!qi+Fm;Mx%zLX?7F7bq!0sd+9z+4vK(%@jq1$N`!pLKV29l z)xMIQmi1&-zgWgE$u7@Bdh;ojxjF@Fb1MHe>yZx;1e!u&%>66Bu|={L!|3!K%#Km1 zN4k07E|tCKqavo6KXUHFXc!nmu2nG+{2*aHo@7 zq$ldbp|N*0gUpi28rHQBObDL;GcnR(XEs753XH_WFyW9ABH<+%NJwouz+=d8MN#{k zbjUJDXQsIYj-!y?czD(@`TR1;7ZgI-BZ+L+2t~W%b%9 zS;!^cNRXt8!O46ao~PJ;z1m4N#i%Ysfx9422F?ieY*9LWmlU09LD9P7+s#0J&MU9k z&MR)~*~diZrzoAZXRKDLT#*tP+QZ`cldoAuT};DB!H?Md_Fx!YsL7{wg9Mp2#CB^$ ztAb#&7TQ33N6-;&m%6Sh!Zf@=k+Nj7s%$fGwW{Scyu7HzF@Nr5vyVwqH`AjwhnTLA z2F}Ed{5RaOQ<*@h1J_cWP&DU~WT@t~yd{oBw~)0{85PdOMF1y#m?ZO*_SDA1Mn7qN z*!PwyN?eETB{^s}mhtT#&fR$D>Bd&y?YhiDZM36|M@7CCsS@G{o`o zxaMPYBZ3gKzZciKSM)M6&OWUl4OL1^L#r+wqCJ>~9U53`sgV$RnWQ=e&EQ}hWaM0T zous6}l$jzu%-37WnLvW#h<08O4v0N!ssO%K*#IDaC^Q*y1Nf$a`uPw(5W4_DaC4ho zssi0dr%DzxS5pHwe$$>|Q|?ix!9oQ92KpN4XJ3gx4#_CAp*nqs*m}ScM`REjx4~c# zdAL+zaHgV!!Leq^Fj#rj-C-wlaoja>Dq0)WY8f2KXCn9PjQ(BQ1pDga&Hq zmV%SDJuPTA=}03NP}KHliZ2Y(=8l^54RPYY*GuAjCa7j zshoR97M3gbdmL>hinOZ*Jgxmzm&o9cPgl154#uM-Au-yH-Ia&IP3?qssw^B)h9oNd(c&wpKFXuvp9Ql^1Upq4J)0>wYf- zGMP#mNm4jBp$*1$e`j8~*>XNgRIbk-+crvm_dq6B<=Iv|q zDwjD(xk`9LTiU8gIJ*M??o)?%S0m@nOzXN z`Wa@5rier*uV_B+=g|s* ztLjyeI*TSTsLO5vo|2mPkoLY@S~cuS0XMM{N~5>Z_z~`e@}<8iL)+7AkP{Ul&sO;U zpzf~#S76(}Ba9U0K)2l~3Cy}{rnq%s`4=WLt>5U1w)4HV0-)lDFW`Sg8}<76+yuWQ zu+MMm7~6k_HvVsW#D5Mog3)Chv4@>aTwGp+IxFQSA71sZ*d4m45}}fZ?3Mlc`S;mD zg!+Wa#?3lNqM7w>ZsMz|b>PNSv<(lAvI3RcgFJmeQosCrN+K%0{IG$LkGgL(+|>{o zlol6npD$Ny^?GY}TsN*ue!1YLnx7p`OY|S+m~SgLJ-<|6I9P@-46N|;bkdjVwFm0w zYB!YUW*)4b)Pr)%`J(NZu8~ZQKs=K zw#tuaH`?^qlSEKkf&S??;f6Dsihs&pj2aIq%DpJLlCqwqiA*~fi+NI4OnuFVjpH1* zS(vv&r-{%z!9&m5=&f)$`DpMmx9e)Kj4~#;7=J@pU#WIT47Zt5On-v8^jMFb>P8yd z5SC&SxQz~I_cCs66ft+924o`S)8eSn6jB`gPIe05Bf{o`N)A+0hy^55Xx1q^Yw1%M z+z(_#T??xA=ui}-bz{;52ajgfjy#nCPL9A(cs(PYL7@k%C;UtkOS<%z$Pg2=nT;e6 z#Jn#~{nvuRuUpL%fGsg2qOSAxdpmwkynj|KYqvZGeJ`^+UG;iDDe22=@*y6$cc&uK z-k=^*j-wy9ON+pdcxOpf zinu~yE7nf^OVGP-0~P;>MMVX*YQ&7sA1u^Ou9bf-i48F^9I-Q*=G~_(D-s_`9r=Di zSNrNy;#%--_CV#HWI2S=x~F_=8{Id5{)lt9w-5>h168%AW2#X=juLIite8HQ1P5uA zB+P|K5umOVowWVa`q6fCoMnu4^I2@^Ncr(z4ir%AD_x2+f)`;N3kP&e6=ShjuO133}*>GTIdnNLYjXX z5d_mNRf3S+}K86 zT4gcl7Iiw&<6r+QH!HkpjjTO8MWHz@q~>a+yxzsomAR4IevAh8I(V956<8GnLa?Fa zMAuJM*H*seYf7eT!#b<8wUBKn=5H>}5i>5ZNid>b$hT$7FvAJU{^->}LR5571Q_U% zxj0v*mgpThQU8`!E2&Js!3j;EoZdh58dRr}o{1ywy^GhBXcrcV3D!7{QoxDL3Zsw? zFvj1xy$=Y6yhAUD(Y>*zhjaW(8MAGv4;8Ua*{ba8EK=nN)m|5XQG7{2~|3` zvlP~k@ zZtwx3l5Nlm?ldKG=BZR3-^KGEFgR}SRaFBwg5f1Okp zCias0koN8{R>T|PP5x;nfmzAP?jI24!9ECiVE8+Vm%#A^ED*|fWgz5yXPwOQy(+DT z+%wowf`sog_tCdkDIt}2kFB^_C85j+wxe4Ym32D=eZJ?cft;}DLxjgqhUlWw^ak6* znzi+Uv1)=xAUr{*$jiR40ryC>XUPOuYu>Ew>TASLQpi(ys{_g6(#xi2g)WJur{!ta zNM1^nCYin+HUJ+iDmt*7!^062Xh86=O4E-#<9R#DqA5qzPY!eO_2}zu{&D#IG zZ*PZMvbO-85|T>=x)nE3>XyuU#qt1CamU8H{xPcOFy%dQRLP~&Z)h&7`@6xuhsP+8ib@WGB-foVeM*_XCEABveSo?MmdTC zhW3m@iVB1x4v&DcIZ4UZ3vSt93{lzVuLZO9-o@lB0PH^DoqEkQlzb)NZh46&JHh*5 ztO{qH!BS@E=B@#_88pywdWkkT3}5%f+QF@2<}!n!Cs_}i=;Lrw2FS)*0#pKqso5P` zdTL{}8W{V^3vUCQs0X-(RP?@rDfNR7(c2nc>K_*X_8cN;78}W{Z+5b~m~&fSV+*CR z_n1?3oITRBM!)0v9Gc38C4a`->}?FWHZYy@S%1@~&%%|q&Gs~GsC?Vz{24mpvEL{9 zgOB#XR=2B%FpI4%3^Nhd|4)ZVry2JC%H@yAzkcQrrjmI+I$9iUQrNuDe*Kd=AS4&K z8kiD=0oQ&}2zhVz#~k}z@#VU@oquInkz037{5`Yau+sT;DS_jQ%ui>wQLUsNlpM{s6BP|wWfeF;_cHS4Lc9d6 z`M5U_yfe~9a%vsW=*; z`XIc}0yivCo*C8}*N4#|I$}>MW~33Am0b`!LYKpJkfvr{^i0g4S6;h+^)Y-KaMxa8 zUIIGU8LE8r^;B;=n9~I>PDD@uZARRD{SrK$YscpNM*wFld>4C}_a&;tJv#&sE4xb* z@qKm$OiJrHV&8@Ikm=DbCs1o4Qu9rM4l)z4=2Q@SeD7NXxoQ43B42zpsIH>)ZBFtn z?0+$v5pBIpX7q4FWg{JP?@Ufu9mdY=3ri@ePWJGkzWhOc7+q6VPLa1*S!MMG^|w@| zR7Y*3AlB>yvpuTvmx0EjCNtI&IU{_nM+lM32RT;EIR@4JLrNPFmvT&j(luINIGB3v z0Ktgxcepf^)^x6m{4XeOaNX;(^opo5kBazJStS0Y^qJm<9m___bJ(R99T%O$6nGx0 z_i46jXqm8@n)3PGw4iW((;)S3Vzb`vqLXZvwN;+|;4x+JVUi0baZ>g$3nhaLMg~-6 zzWsCq77?^bZ{LZE)m(*fI`m1Fq+{L0YRmON2mhl? zH=_|Jy)O90zbSiHts0~KK*`X7((_LV(FpWUnq6Oj*KUWR6QL}~d?gz8wGPS7D}TmC z#@tZktP#A$(F<{kimnbnNrBD~Yu77HOBI7uy2Fgi;67hguMh>Xl{w-*=-oke%@uf@C;?BpPOJ^~U;J6zc|9cfH za(N;-_EGHdw43-K-^KOG$Ni<#OqsHecuvv&oJ-=xK^YMh{b7pOAMR#CTL9^}b#Y=P zA7F8LGs@vA0d$4JO4c13q@8O52SbP$BYS%-pSStxL&lo2vWz;$v{1~nm=D))bJNFUXT*q{uD4+h%Mez^D2ctKsU9rc<0H6A2mk?k0BW)d8gs@kW^GB_ zW|uFe<8t#nFa6}T;(GR1UsL=DE)0G5fQrX6FDF(y?B20fUB04LPLFhSHC@w zLC=y;^d{Bw!TQ(^(tTlLme3ziJU5X!6MAZv&MC=RTRKPYWnG+G7uqyAK4*EYa5rYx zo^A$vP`k>N1B+3^caK9^L49yjHJG14TZK#u@(oK~0X&JQ zntyf8mCUeR*_d7n$k%X|ZfADJ<-4Oo$)o|Y;r@Y;Em4%5(?vFCsW zs!l?$?70XdFAMfh{Il3@7VY5CUc-CdqSvgW6|fY!+;YH-_soo4sFMX7u!zW`QOmQc zt{cR%Sv;;{#2-qB4ob;So)o1Rlc|9pO}YePSOdFIucN(lTC^U$9KaZ$H*1p}N^d?E zy-c}nde`?3yR=;Q$a0sm!JKmSZZ|~fB%8;!>R4;~>N{1PYdSgYBtR?8pB)NM$j*iD zSEd%Ts{~GB=d$Klu~rk-8QnzlgD3LeJ@H|V|C|Gwm~zNO?SaB&(l~_v4Y(t70cS>1 zt)Bc1liP|L#NwH?0EZdciTf*Lxqa@`27h$)@3)r?m(TlfV;hiTBvW=Zvch3c^J}($ z2r?+Z*$9zs3LK}%^QMG3f{ePIfiKr$K~wtkJ?2mKAjq#Ks}3WHw_b zviRV&oOKL6&G9Z%gnu`XRFQB&$>j{}Iv)2MRzPi8$*Q^3$_$H>D2fp!8*B0QQg~bx zmJ|?f4;MEZDDLp=X^b2|HzozFaKt7Cr*EAn!WP&rRn4%GZg^R2dFTtjYCCgF%^ZxM01y?GydaKvJgXT#!F{`^4B5hMxY=Vp|JYm$Z>y}COO4TM| zBkm|9U>O8$Gup;jVXaeLaJghmU&iE@g?v&_cV;dmoqvyS#VXvW*koN;qFp?_ph;xu z-g};|Mnobi38Sh=k+H9@Ql8)b(P3T0vDO{;&HqM3)gX=@A=`vFfui#b1ME6+Xorxw zNlL6cd$87B7-a9WvmpSfg>5*y#EooBk=)dWAItE;&z*37B~(d_*&_xDh^S4Swa9zO75#7jLA> z2;m4K5<>imAn|%OK%h`(`UfE4M`SEi5E{RGzG)E~p~N$BhFDx`b28)^-(yLSf{=He zq0m!$6UXEJE2CLTayo87#RGy;@)PgdCIwmkbkh0}zei&xp|n9AqE%>tEf|``Z_cS_ zi0)Lx40(uukUEBM0vp?44Yb1lH%`e^3<0Dq!jbCkPCbS z{0CS*fyQqM9tU}=CB6HKf_VIM7;P;5SC!JEARkSJdC0mTU{p%kPClIWJBfMh?HvUU z5YW&NO6c;abQ2|rbIpti;o3r4P76h*3&L_Zww@z=8nVea0oiNKN@_ODJQ@oOH>8#L z78FjMM*Vwr;R2pi$t}*wIBg09fswz{<;3;YI>~d zqoGFj1gU+LiRkclI9A9aL4P>yt{|hJNTWCWOf)-T6rEmPe$Zuc7jMfWsUhOw(2xoR zr9yg9ltTjnns_9Rih)K!ybKG#o0tT~nEAImVdXw(Q2>9kl~2Dnl#@9G_8S2^K=C-( zjUvQ=04uWx*-)-RiOdUk<4^$MrMpC2*jYpJFb4!1<~8%1J)7^a085v!wir1UiTaW^ zM+zqZY-M4dWDGGoTmNI1u~Xp?WXI$9w$RWji6Oy7pspQiZ|T-?R?sL5o(C-tsY;5^ z1`s{bN;qM-p=oWMx^fv-w zdPDNv5rk3J`^kW2cp%Oiz6!8XBHxoT>*cY>Ox_vB0qO3hhXnm$G2i!8Vj|~{NJAbN z8+?27C8|L@I~$zisQg8B$WVM3}@mG)X zaqg?f_7;j_UWmAb^nvHd25xxzU54kDVJg-m=)6ILq>BG1=pGPC&+# z+q~+51N+`^2Z5aDqvgh_c~WlOtenFfT=u3{(^Bpj-ifI1#;I-0)ZANe_*ZmD*C^L( zB41gx*gI9p@>pAoD0`;lp=Cv-? zwnc6+kN7Y?s1mD;J@!eCJQfl7u zl_Vz#A9ncaF<5_L&E0)4ijlUO$hl?)xlKL0fGtE)FS!P`s<=NYK83)KMhJ8w(lvqG z!ng@%Mk7nps6XN^mOrg4MA3Ey`^*^amWUHLj4S*$S%>T#^bs7gL)fZkP zQI0@tz0@2XfVM24Ho4z1wZdJ5a#eB>9pDf8xiqB-1o7TInyNSTo&wt0`$*4~h8p(` zKMl1T_=D{nq>o~NuVwXSg{1p_shm$KV9FxQ!Fr^Ifw@FvO#o==I9r13!=x*wb_wu- zO46()aC?GsjnRXU@3ZSs6Y;UwIE*$XYVt0Yrk6v*5w7ztEGMx*#&;3OZyGNl7JlS( z7x_L;8hJQ=^$v3%jle8K25sT`ng)lcv1Apaa~zT-l{3+|tRmY&E%AN5#7ro>uU&aS zJVD-YCwYPPOE>`v1diapG-ckP6Fj$%bmYVDEyy|C-nSxb3LgIAC_U1@(hZ3L(JG3o zgP#S~yBD0gtci`*sLXpOd7BUSl~H@G9kfra`&IIPL*SAu-?I6;ivLn%PwD@?N(EE| zLpo1hNOP*5S zF{~JMY^b4-%FmDeZ9U6b%r6Fg{%@Le8*0%*!e8lK5aNHVNq00ha4`BGnS9i=ekUH3 z5n6tLpt4SCsqjO5o1?V!1ec9*=}{FPd#hr5N-7ItIc+Cx|@;5G>Et$dh8fDNmdjI%XtX<;H*7 z=lVfG)_#Oo1ONd6;O~FyQ2P|zB$(1~Hf=FwOw`EZja;vSv;Bmgp6lW)Tc99ob;IZE z92|V*E6cc%rPS{7%LL8-&YN_6)n}V-&jev`HK4xr?_zi0GA9hAAKzXkZxi>PZykq0v`FSxFN`oV*kToO=3eku^FJ(i!ei(*b^c~Kny zXjaM$G(RoX;d@6zamky#xl~U?-)zSFe#f3O!pPS0eAG8TForp9aljMyJ;=9)T8EsU40e8E$Ft@%K zG!}3cN821LBH#oTQkezc7f=iLGT22BsvCdyyq>_^0A|cS+I+MGS90}3V>M8S8=x(Oy66#+OT0m`QUZyTg&Y^B4?J;E)%Vx5@ zIEV9vIXFRLr;M0%9^{lHX2?7f;6r^cRzUUB7kQ|_c;Ble(-bg8>=5$IFVrSSf&>MK zgFdoS80De9Cymh(YJ*18VsVD4t)Z?~WvxS2v)|Y(1+C~=5}|AN&(Kn2r4NIZ3tU^m zhqE^W)&x7BjoAb|iAwLo6@@YmP%#eRu`YA_$RcmP%yaY5PW%W5e8xl{q@GH|Y{N1* zvYa4)QV#~LSYh*fgn4>f!2Ix(@ZXeX2qnuAgTnd<$W;rXAiWnPg_EKL7s8QW!9J&pqAFvg zpTlk=)&(|v)k%ix$Kyu^)3=#zIUW1TG@}~8O@W*b$H;daoFeN1|(=CQF*|(-V59q zFACgLr3d*;{G4DZHUfXZ`cJ9h^R>>6r~&OZPW%XM#we_#-5`EM%vK&IkOgRCAI}7NCviX%`kw5;V+rY&6c3mg5eIMRL z3fPTqhFoA7czAHR9aIr-mu7ijY44WcmJet|t-w83(-VoY=O1m|Z}ULPi|-zTnRDpB z5tQQ$Vqzb^l_2XN5Ga~9Mqj{WD=*geDDJ8ArkH}J05DTekpRSF;CXThJQ3aEFs{wD zV}%rc3I6;5p74T+fMA)4M*2T(|A;CAlczk;|ig z^t_`WvJrEX6UoQooWnHr)()mMvMHzoEdGdRP8(VR#1ohcS=uZmL=RxbbxWx4BR$Ou zK^tS2(J4RAHorFSTIQO==f514TbIw%o*1qZ~xM> zRW;4q6Prn$@y`{>8(ppO%+9y~>rBdJ zkb3F6ls&{ynA_DpkaiH+inn8^Bfe6eYE%ea|K*Vqwo)k`IJn?^pj83N7lLlTG}7eY zp$-S@ark3@h=zr-iEd`;AsD#nGI0n^wEe@JiMtXpUU&>(QrFU|{K1#wtw7?dqNrMu z3S~T)KN0+08Yq#RcPf9#R2m8zKy7W@0B61shn3AZmRn3!GafLJ76{nmGNPH2?Zgf4 zold1+9gThIx5+3YFe%ULD8Bob&R<2X!I0p!L{zj$2w@w-#=}H?LEZ#%3rBGFO2PV{ zKt7&H7=@NPjLHT-%uUwh4XOc54UVL~vI^hUOMusb#&8eX{}lnK8=P*%&tvQDQz}T&OIn>Qmfp$LCs+FMT-EdF0cSrsHjAu-*9^`jp1EwpyQbS`ET+VH(4}dv0pO2 z8T~)Do&TRUzW-buQ>{Mjx;cV48h{Vs6INino^tJlj~6q|ohZ9eB%!lhO{7teCH9h- z#cX^)h~O$B00e3AOTy#2C43fit^Q(Co~JqBWTo%eqZKVV_LfrJ5AZf{R}+5mxWA`y zAztd#CcP%6ranxKcrwyS$Zy}>4r?2gH_mJA`z%PLxw z-Hz4RU5+&?)2$CnCG8%qbCmKtx0u_8mEz9ZG|rRNjLXnA#a#0lXR2B%AFNyBHq|Od z5%OZALrb)lIKF!OBDx-BcM0USr<#jhQ&jNDE0DT}D!lJ;&9V;88s&JOY!8~I_eI?Y zo;UaiDT~*hjOrko<^m8tn<+hUcP#U}XX=V?JNzxdKVie88!oe#9M+r8f(Fl5HGaCm z9JQOxo?SH~@0Lit+C-vV>I)b(3$*S&zj@|sap_#|LR zidvYn%@2Cyl~I=5KXYd1+NYpva{JH-PLqDw==SdJ)0>!dcsq3IcR~^8PpUlY&A_9V z=`T>!HXb|%9t&3#dtuE@E%fNYUMmVA)|xi}(4N?M?KnW}e$Umuua9 zR~s>wHISLm=A@5o=IU>h-O`WRdLB5BO0}`jpRUvE_g`vLCXMc;({R^Yex^vSzMv8O zkm^NNm6sMngwODKEb$FFTC41bl(YFTc0YRO!n3hXHu|465gPyvy8nH>Ey=}-&pQ#_Ry$ojri2-aa zD?xTxwjV2-T3WAab=OFC2oURy+fvuULSIt65P9pq__4sTbOlGH_tb01i|G|*R$o80 zx)7yI8Ozdai!;Wu^n5-ib~VamRg@}g0VI_%v5Ry2yC?f7WNE$i~oP2!Pj9>3Il zrQY#ZYn_<9U*jZAhzw)a{exea|;(nkHoItfXwao!l78 zESf%I$E7nT{@Oqaji+oak;3?ax!zhsw@LAbO}@XMyA%Q+|Dyv~ zDC)=twcMeak0bt3U|U>_J8q}aJrL{ZQQj-(gi***MLiOChDDz8uThJvqoUr9kxC0) zfv%uuZ-!q_GG+Pst#8<4xPcYCh0BIQ9rblXejMIw4dhI=G<1Sy_@vMOm1n+FjEss7 zpYD%Qv^n%@a}`XfsgjF?iUP3LkaM7UM~Q_+vGf!0ie_Lbz%13;drSrSZ$=Vyk~3@V zRyJls*mWJil?#rnhw3_Y{xmNLSGL;T(K7#M0AK`Q2@i9C7l>wkwIOtqzs=Y#*hiV) z3lC$#7A;XEX%QCbAq+O!e3<*OrOPXx9wnFl`yKK=1>nh`Cf7t+m(-;QW{VAz?uVsM z+UapVoE$;f6~I81oK>YB(>u^p&BFw3UdOBFnH_ogtP=#!k8Pg(4!98UWETRcW76O-&=lrWFL((a;{JYGtHV$vy@DT)P; zNcFBF)zZGUE^bQU!`T|`n6yvgQr^#0)qr2aI}P_Ph|=an9g>RZXd%!B^-_sz@;(S3 z>|tr>vYDY1VZ}`YIi8BC{SqJ7gdHPglx#uOt!^HQ>^)Om3uUvJ1M{Ecz{M{Z@!l`4 z=cWKhpK2RH=qfK4)o`aXSDZNhP{)bKQ@?~C^tbh{*-1a(+0Y*Xv4m(}e5=hdmFtGa-u?b^LDo z=Im=(BIj-Yl288C5%pk}@>|{KN^xZVlg0^f7Q2XPQ1Dyi>mxvY&Kjx{?U5LR$Vcv| z=UKmQr1AwB=ANnklgkMLwm)?pGz{&tedP|wek>5H$2$8SyBrCAJTiiPV-NlSr1hal zaA_FCX_b8!=rxU)e|f$KeZDe9u$d2ly5|?21ftIBv~~31mg)Sw{%f<(F3rH+`RG5a ztW=ac269ePu!>@d!Q+%nm_G1l(*AeDbQPw5h1mCb?d-9EVOo(VO#$ws4S3rLXCaAu zt}u}I#ei(*v)m1^wxQO=Bg)4wS~*4zip05?Yjy`;`y)>sC>ehy|9f^%CStJ^B z`b^0WFvixPO0C#d?ofqX)ts%7H+?9@u%5J^_suBy=BzYB0EjM#HS#{+*s3mmC)zqzx|u23Qs|-wdfWiLls=YM!)uI`z@NsC3kf0;PdC02m%s0J_zgAG?D;p3(ZNWOZgzu#}>Qai2PX~)F%jqv^GC25+?{z7Rm z^D`pabR+e=Br-5qQ&E;t#Q|xKQnr(-VD^APK>1*?5k3x%DOq7yX9uPy6CP4Kg>&tH1F?GK^wJlWsiQBenV7SvD%eO7PeDthw8HLOGKsOoAIWu%KVuyR{?Mq* z0l+;>>2_JMsQ>B`}my&o) zNxt&vj;cJhY}l^>%C^js(+AiX$|SJo3TDaKZE*q`T=DeaEr03VRv!~vF`w8fANh0^ zLDM|0i~j@LoVzuDd=+@4*;=|1V^-`vK7wL_mRM1kAxv>fUQ(FClpLi%`Y*XkfwT!Z zO9A$zd`XxCw@^CiL^#YbF(1nWqH{^%RYj+jG+(zEU!zcP-M~Y_7&gW3V{O_dQIG$K+eesAa6*Y@rm zuxD1rZXzGr2_f}JBHcm6%w%$Kn+q>?xp>b6XZ^n1c8kv&WfDk(#6I7Bxc81<%=23v zk4Oz7v^lg(Y4Cms;u033ikFi5=ZgT!x<6U4l@GDukX4Hn5ljcHE!2zA

x&BQNJ*XWo1d~CT;vO7s@8^@Q#$o_U)f|5|#1K z&+1|JF7H*+9SMEtY+K?36k~>`PNHPS2qUUYQo1BUS(=W%YFz)4oZpx>v#^CkLL4*K zDg5-N4!@%`u5%?_Uhj|bZtor-6C)%bb{VwmN(l+zX6vDZ}1&z zTmdkT%}2&W6|@Ko+5-eXv3T+ivgmI4+nxGaXa+*s`3aVkvlLxS{7gh?fD*a-#%9xn z{w`3*h;WaG29H1JGxBoWe+FQv3-llJgjrivvFR=7a?whXf=z|aqFO@6}0Pg zoUg}2XpmZ|HO`i6i1XBz*`f91@JLp1`xQr391WQ>GyHw+neOzPpy?vZGaji~dq^lx z9ZZ5m1;x;L@#y>T%f&Qk#oT*Qu4~5{)ON|tYT#bSU?_R?1g#G{>Q8#wS% z*v~QXaddfL2;e+vCn^>dDLYUp`h&6s93Ey0qF3d&QrZ&9^U=?mq3NwXl^$yKz-Bh=Fr@sK~9UeZGvY2p|#MtaZf zMvgw^y*y)i2~Nhp>C?k61PrmI-K~h6hxm1=->slBC&i?>waEO>!3q^Geje**1Oy*z z#bO%49Lbzwoyg^lYM7rEQXWygt7vO!^_6O4og{*KMl3X zQ=(KW3W-@Ots*4DR4QIaIE@R?L5qdf+ncukzbJdhCe6aOOY=_Kwr$&)m06jUwr$(C zZQHh4Y1_7KOm)Y^#5^5u&)f51??15PI^)`FoogL^gZ}s;iL-`A#gQU3+UqCGpx;^Y zxv-Oi;BvrN81W>*Ao&T=1ZSuRwfLv6d2JS#PThFAiR)Qi_?|tjznuZ3yyY0h{xMo8 z_>zXDSj@<+q=0m7dl`#cj|C)qc|yoID9+CMO`%~2cFkW7vmtcohRwl8NlcT>z{E(+WY5s5U_QS}++yHrrWxB8SiGMoSVv}a zXT$C)Y^8^Z1_;`4HQ7hA?i&vKx-yh9i>-8+S|by=ZV#83l?1ag+9lsZSpD{*|Rg6=pMzdvgenMmp8 zBwZvHSKI)rYZFR5FA)CGSgZiF_N>Bq&|&-$8)`@fok`*`WvJZV=W(gT1E+KIT$e@s z02LGi8kV8}m%gr%3_u$&N-YgF2clH*EdS;ffGGX)Cq7s|S0rITuW+cY82Y_48i_M* zwe)U^M{RI4cGspy=HI4A-zU>QBWPvV$ac>C zD=YSwn(!R4^+JKfTSALrASipAW}*QIw-sg`{}{vIJp=3q2KZ(D?g2RLXm4Do$%$4% z%4J*Mv0v)pUi(Q-?GBfCI}dLa((8x#TlO(Q3Dg@0*WJkOJ7UdlY@J$>5UmAMDtlR5 zBRGm{IZ?m1!;wtBeBLNYr)23WWyDE9rHf>=g1DvGzP5cR_t7tPUW~0hnPU0;p_qK--qUQLoi^%Veh511^ zmc`ERnkkU2P57^roqr&rf1veiHzBi*8tb!4Pmjhm=MIk_%SQE;oWg1;whUAaoRWin zk>qpyVye z63_}T+IaE$9-tgNZxt5@7spyS5Nkg?BRdl{wYQ(Ihj&4CB0s5MxTf1!GUB7ymD~Ns zO!O6YqQy>-UZ=l@_5jJHGtYQjC8{@y{K}9{ObbfL!zdX8iaz@`6D1CtMNKD{9rNCo z9wSZKz_yhO_@Og3rVy6 zarhSW307h-De)aVf_Q+7?E;2^ODBM>~>Vo$Ly62=HgUD6gH692I4Eu7B2ci;G?A?eK-ebQW%EU{%M1_3!lEIM{cAl{KXH! zi!tSGS73W(8H*^ZpGkAh@VP*ND#ebA*7V8^w3>zX*+FtNNA^CJ-R`WP82c zKek#un-+HO=(=*AQrT#szp+_u@q8Qczq`J^K2ZK-hj{{%1XBuGOSzcDXK;SH)+v~3 zmlKS0c`{s-3K0WReu0=M(9T6+2UET9el~2;5AUx&pcI+0&U^=pG@m4X2Ni-mBdBLf z(V(QR^wZf&P6KV`pOd~7;M!i9Ujp_hLe~3MKi2XQ< za(hd~%^T<^^yr3p$-VchiY3!2q{m^I7MKE*$2p zN?DlgIdDo2wd<5!;Z6FtxhuE`$ur-G$n)CKgcmZt4wue&Z0+%grQ0VtRvj)cUy?z8 zU*55#+zBfjKAgpEzN8Pr2yk(nnC{0pBC zdU6tBHHvkA4qfUg-uDws$e25H0BD%4x%tBzg$nxmMP<%VatflFtLDOoT* zggWk$Y*Lde1qp}^6JXT~wzonM4R-8yeCz0F}w2eNP#K7V`+sDMjm71@}o# z_GgwXEyB_;RvxAdbW+qA2Me~i1v_NKa~&%jMZl0uOF|vj87Bn0iExT>7&4K<76d6# zK&rthyUf)CT3uiVh(sx%ic^)nFcO2F(3yj+(>BR4q!61YhFB>E$e)&KVhD33z?;?j zO~Lmt2wUFV(5r!+qK~tN8}0VM^PqiC)S02tp{=ub9eu#(nV0Nf!CJai$5mfwV%%Bju@wncq%{Q>Vr`y&Jq^0 zHKTbU6xF=tff5ItitS)1!^z5$a=KGhCn<`vJ(Ssz7q>eL&L7bCzE^fBOhk2W{>-^9 z<@l%M+*Fkps6<$d>oFiLo*gYYGSNcpVl@3#$D=ZzjTKDeo|nsNakf~0Ns%Upp}3nJX`Z5T3sOiCt`3&Nf{Bc~kYd67Lv&mZ zC_I1bT42_fbYlr6h7G5#@W*o|yb=gJnt7unL6LY#{jklRzmWwZ?u`ZhRZjr_G&9X; zRs-IK0G_5Y0k1dOZoT;)B!IfZ*t84!ou6isC8!h=fC7N)qvO6vC_`^AeNJ#dSIGaP zFo0)(C~>L*eTrORNyx``Jr^HL(03nXL_#o^C))t+*Ev~|cA9)21nAhU%$AM_(SM^G zl#q&Kv{b?MLyRCUXn(L) z*0jZCL&f(rF*Pw|XlE^w1~XHVs7xL$Q3A$?L{eU#k3gng=XJ`%CbztCL7oBI*wAAA z5FV#Nw&f*kau?lCCA@?999R4SmguW@MVU|1ew%#Vw938l%BfbNsoQ<=e0X1R8Ep8j zoBm>qiq#Jz5JIGBfFw@KhfJr4VdS+oF_k$aw02aZb0pz-AfB1DoSZqA=YuKeo77$& z&5&Q{@~ld3E_7i>nM!M)F==c!gI9NoQDv-ce7h8OBGL>)@57H928h?jlSAcb&Jml( zgYz;Vf6ksaAqaF}MX(YuVyDoa&DH7N)~Ox}-|Nc;5dCpLp8sl?)yemg9HjmIQ1_=T zkJl|fwqs3*`qa3H(il1(uj-g1qAM4kpCbZdSh>4iIYHF4OYCDT?zeqv!@W#@qp0LK zQP~nr1FQ-P({E1&I@q!(v5aEcy}NKI6$_g`+qRB6r*&9YswKvsQ4T;8R6CSzOn{TO z8GHdZT-(j=?mP3(zstwR-BYrJMbBnx%oSN5<#850Bj&{BRk3KYF~u6k?hO_M;zjg%>Ce!E`&b{(mmWy065 zTc+`f0u*Dbf$YNrwD$#CjSM$=TWr+DPYc)@etU0LTpEs|x6**NfrZ}Krdh)TB9uCe zI@;sogODd3XFzgX@4yJZ;_1MrI9m@ipY1IVGL*LQwHIyz(X^l}mzS^0k%Cm1APeu8 z0+e{|6`sDK493S2VI#^K`4m(TvZ)f_3c(NZ>E|;E!R2BoB6atWu=Rn1%Wh+qMk1FH zUU48|0^z@ol5q&a?9@pv!-=e-37o8gJ6GPo!c?cuTn<=oFnZOzpptyIwUX7_p&_)e zj*aIxij9nKsEVzQw2^vSTU&dptt%0MH>OZp)(y|jvC=w^{GpdIS%F9yR%}nFu-)oE zX7-j;Hwrq3BXkCaJYISUg9D~vSLC~Dg8ADuh|48fu(GRYB{7qRpa>wZEju}^m1`KF z*iy+loiujb`XcqqH9#^HbL!5VR0?ks0t;LJI)^LMC9|T8uTjlwu|cBoMnn1bEBm;oB6jDUD*9)4i?1Z^7uS@2fDAfZI##Sbn)Bj^)3z9 z1>VYS7-T%)K+Hf30V->VLGp_gX9vW-bu_tVF*$w4oPCYKs_jXe80xZ=G`K6Rfzqji z-Wc?dTqJvgx|aBaX8G$cmDfJwa3z!AbmIRgv(ubFMq7ZgMlJ)QH!FsHYyPFZ+*CB1 zCb_NmV@#=EF!Azj^+Q3wcl1a1mABnm9GYa0lyr1=61T}$#Fb-?2VlND+88HY9}E}} zO0%(a)X`PpF&Yl_GXEjT87IvWCc>BDRR^ZC%4?v>T_exHrQwVtLGrbTelsOiw2T1B z2E*j@rW`BD0Wz;k71pAT5hwFYVM*ZLwRFYCrNN5h?26y`$a90vn~?Z!w}e}Ri|2~t6Qxxn)hxtYDox4 zAE6(m09y;g)}7(No9#tioaAB*F>e*qckp3m@R;j-#%36p+(dtiRUfy0gW!Z<4V3?N zp@QXzr#k(xpq`bjC_M|&Tas{O#rkNfLq3b4KTod1#)=_2_fU)cGlKeLp%zO!g6vFU zB`RG?b>3`8pW%8ewgnq23Nsy0wletFY)l>5nT8h|&oL(4gM=5Kj%Q*nq7gaUPA06y z#EqHzC=2-Qa56n>!ctx zJGD?XOI38kz>VL6i%wn_nnARdyEfu|?zY)%N*(3NP@kvcR15X#V6XVJ!4b_B@V zSdqZV802}l@++nY>74AjMME8#P&{?w=ljTRW*!*_mXajUyBO&N2>Ud*p&qlH`_Im8 zcx?m&;q)ud@>aAUq3uAXJDT>bXv6bCE?)E?KAy1oprf`LE-r@qPnmz9z{Wcr9n5v1 zoVAxddZ@ypF7)UxKa<)u)|ZXrTEs*gx^&gORrlRsH99DerN0dkPK5{$u>qkR24*ee z#|W5Gm|Yy?F+gy`)){1b-txK~A|mG}f&-dSHj3aM3$W``7e`NjDIfgi+it8qYH=8` z=Qu;v?btDk?$PwL;a426x=(BxNge#-+FQ{Sd>-XgA(M6~5ZDaKCa`7+p4I)5St6_l zw;ECgFi39b|Gv3u3qal7LLH3E6FReC+jQE|@s?b;mib~}yqz{`=C-eVKL%RvINSPm z)!Q2$h?p%2+zrrcDIKj(5l*z~Ne42;O-(oYu?Nmv}Ud?{0Fx)_5 zvyPbAg&w!fsZEfBB*2Wbv70C9gqrZ0%;c(YTD(ox2n&(Pu_9AriGPJR!BK~n#lngg zq7}rClbGweI29zGlZ=%oaF-)J#9v|x#Iuf-`y;A*)gQ`30RW=a*(&d|8qc{ zq%}zG300$wdJ^aENMFU#GN>t$0Y;iqGKTKOwni&i{ImZ@Sav!$uT^1QYZfPp#m@|* zYEm17k_O0_EHD2PwFgk6uM5|f=RW7-o>F$X9(DlYI0V*<%%B`et8V_zsVu2fHgk-C9&5_j`!@(HjmU$llUgl|x z&SWyVdD~0{suGI&rdkx%MN@yIwXK{}rshj+I??_d{BOR@kj)huW{=7ys{siG?QCIp za?2UOtykW%_$9Cvk;>y+dahbD(9uFSyl?fBuldI_nbK1_L76(bC^6lT%s->9ttWHBMRPmT~uMxFktJBEQMH&3ilY`XV+|?RiUPyUtz?|LCYC42njb#iic2D)$XnzEf z5UGo?o7y&Ia;*B`J@sxLlitA z22j-*Sz_pK;zNohXpIGvM7?H@;Z5n8q(_WB!F~ z59i{m7g6)z#Dn?6&ZRE8r&3yuURZLxGWK6W(F|Or$gWzd*wA(^##I2|Kz?)ydeuuf z(I0&`s1q__&B*%ETY)OfjqI1wUx~-?uO<30zBVb;ZjLPTc6f*xYP0|fcM2DVB#3sE2x zi$bWWW+2Sqt#Ltuy!ct5sNpE*bDa>&&$+R>xv}s!p9Wc>0EeH(8?uL*h=yysae`+Qemo*lw`w0Kv{n&cM<&v1c zrfQ#vkpv_j(%X~$6RzSX^nRajkW=*N_~`KH0)6}9VHbbL-087f%`a=i+)Qa99TpO1 zf5ImD0xxqcsXMHwAisnG5emG%TfSF}8tXIKPTmg}?Y!zB{_qV~+ZxEBe7*c3w3fK) zsYUZIsxD}Ks&KQ#S4)o0fCxJ|h)>GAd+0w{ASk%-L-Fgnxxt0Rq+fx3g${+g9AsTO zdIh(Pe~gSJ7idydotl>Sl4<&bdvpz+pIp9S0DU@@WyIa|TOrCz2t zLHIzuF`g~Tav_7%^YWEuWw__?RZS+{a6Bp*4|pdT1q-8NS4^T1@>{_V7|=?wbD&QA z?0vS|zpu6#=JcoMv}^e4a{?0h>95k=3&W-%j-AccQrA`(6`eCdj-u8Fe1aD5gN3rwWYO#4v>x9Lk1(sAf^juxE#c1p;>ZidV1K!a7u?2= zG{j)6`-ocosb0n3=x4=jPdwXLL^2Vj?upyMl{3G%WM^I8$cJl zin1^8CH|e4)cc28`cd$Gb6uoX;$0M&m^zJ6uhd>FeI^hd-D8z5yESDX`I)Syz)eQK z?RgqL`fM;sn~y&ASv4^GUDb4#MS7lIaw(`n1iK4`oS!pTb))caTL`}6k9aPbHcvpE zC?!5l*Fc;HW-f^Q2ozKjpDVs;6Z41H;ZsZ5)?oT#;I#7N?60kpX~Pz3OXJF$mY$Tk zV`Wj1pW`3X+NgPhFL*cvc6ICKl)g@aJ7z=202QH-kl=T&+y_W33J^;|u^Tw|5z9d< z?O{2WcD5YX1F0=cjtn)R0;WIOf{TwOv>pywFe=q`&WvSRE zg?oVlMBk#z&m0t)#@XSV^KQxM{?a-ZkT;Pwm7zEqU$v4)SsKtErr-aWLpRdqBF}74 zlTv@pzW-Ajb~n4>`-C8P5u^o&Vk=y~t`JWl)b2qnkj$8&SL!f{Kv`B1)LWLsB}jC? zizp9U3cT|RXNY)@ZfzS~bWqHWNs`n03fN}&lJ5AvD#~N>rY$|UD2ZSM_g6in27OXF zac)uQ*fjjBT1K6tMgL?k5+e>=hRHH7x8)+5Da!Mmv3r_$xo{q=(M>OBpxHv>=Qw74 z#k?By5!_z2UK&}~t|UDQSRgCx+-@lx>#Y-wr-u$uBvBPW4Q{b1`P&!&S#6%U(gtI@ z=&D$-EeULuDnJUdbJ*A|EtxlLavPmLnr|c5ZR5KMM4p=#HWE$5Pqz-TEer_q%na?b zD#d7QIpXuNLR*6L`;6$Y)>@arfFJ3#CUC#-fWHlqlNB7DlYR`O_2jQ>|B^X+7MeM8 zO3wL(nha$llz&CtN!1%LHSa{)QE#e+eHlX-m>I z!j0a!==qzs5?>$iT@!k8X6E7H_v3f&LNg8yQ7LQcGSIg%e}A8Jf1=gtx>rluZ}>>x zjIKVRp*JX0x3$ZzAf!?QKeR91fAD}?+@J5*r-XWVrd!-aUlNn%9=ZT^9kKEt%-n7g zQu|IE5X%Hc6dOtbkYB}olBKO*jAn-G#%Z#qWlpbagMs7U`s~T(!N=K{;sozajF-Vw zYT1|QYnjiaVlXYa8Mv79cr!QAyfUcP-}8rvPPv0sd|(_vRcAEAtiEw|omcvHl*If# z9?yCDIkJa1S7S_hFzWe>>w{{A{DuN?cP{z`os=lS`E-|z!+`1V!NI=*hI((%j{IWY zccB=k*2McE#3RH-kcre@7R@&J0QGyF2!I+QIoh9+*T`r(XegSGSye;vdd`rkNJZQc zKqOvn|4_m$ioq1)!%5X-4~80h3v=N9;5W0IDTN6jzY8v82GcGV)i1=`7P?bWVoSD| z*_cX!MHtxx3Y}w{%Ar(sZqg)eZN35=6IZJK@a#t6Z^8*1%%HXVS)Ml2(px4B!zccK zY7^6=_YR-H006;1J(>5v)sp{jCdWU0!p6zi&FTL~a>ZIf%635zaa)@w=72lDO9RT@ z&k$Z38W|%9ky4UCSd@1i7=3=<1B3DPug5}(yez4LY*;Tq+y{35nug*Vn8GBhNLtGJ z>hf~(deVz!$EEuk@ztlJ($)tn=#$)(A7vRt?adM~01`Vs%_FH`niw4?NB;bm(J)%A zaClW29A{=cnrgR&m8Xl=gN0sgctoA(6U;-FGqIIC4vKst49TEl@Iw|W#59E{M6$HVa-Pv6wMXj4@;fDKAuJwyYX7^Kx{A#8KwQgyJnG^X8 zfou-OQgz^;>(>fBFH4v}u(O<6VS%}R^}1oF8C4;PeR&~X7tw76Auybc93p9bNXI|F z7Apy}nC_}bPUBU<089H06w&z>OqGPVR^&k0Qi7$w?T$DE%?i$lu95tgtpPk}mR)0ZbKgsjOzb-ZgMKBO|3utsEeru&s0Jil(a3}dPxf_j}&-)*d? z5qUEvT2$e@-^G{z&^*s`pkG-#NNIZ(Nc(4-N>od2K?F>Z1Wp+(So?i`3xRpo__|#| z7E*5~Q?OUobkG&+n>=cp?fZX{1yTPc=pg?mS&$GfX*%U!pv&jqiDUY2Pu%}-Z~k}3 z?7y;Y6sK%(I1tI(E0-*~6VTS=QAnUbi?|@mii!m3h2)zUqu8q}FzEw^B7rxa66BYU zzx||?QwZM@o|k(9K_BN=PP-ZUL>Tyv&^*rL9N;Lfka=*YVM7ORaQJIi_&|3Ez6Wmv zz^@n{w@v$hus)A!2`Qlw|0daGCHU!8Yi>f*vTXQU|62oKYDD2=+~~^a@V7Le=}PhN zH+2fNE%w>P=^no@Co#j^I@&O2F~ja2wk@j83r4aG&(*)W%XZ>em9_=v=r^fdzYJu9 zx0&PKD)^4&Y?H3Gm2YLb!Hpn|9;!k?1C!mCAa`HZPe*MemStXh**?#7u3wLl8PAd> zg-L804aW7KiX~@`eQ4VK!>qOvDUn1ADur!~3LC9fC!y2Y7W&(sP?TP9r=SYa%8{H_ za|f3IKlDQv|I!x^pN}9qC#L5V*%%>Ff%-)~zmORJz|xQB)>87B?bJ6w4RC2%VJBcMR=aLYLs0Dtp3oIt4wWhQ{s>q>HL5JsC`8 z^fKmidUI8_N9K}6q(ODJVC-I3v9o@+=m;eV!(12Hm$LSIDV#-hc+4oiu*;7V&ixPk zo3*2lqjTUoj3*R)}@sO&S#6lY2D;+A{f7|u-3ZXIAyV4RQ;8gEtgqbemA(qVxx zY9rMvQX1nScg|>0a4g}R*pWER*4Db_**2QeB-E-3X0(6gQ_s_bNuk zrHPhzxbTmEKO^MuD^f&|M9 zCj0QDZbchqg*cIIZTjs)M4%i~X1hG>{dAkeFLsG(r}X&FFG_5%=J=uc_XD>}qB5W` zB0{VZ*52tAJ%oCcE=}e6(s+~wzRIEm5vRJIzh)1?&75C)^*feld71Rx^;gW64PJvOM zn>0y`SKGeOMA~ zY!YmBLObcORSUU$NB#7et;2TEdK?KX zS%M|6g5qL$OYBc#L(8h41~sj2>~CVj%W9k+>uwN0$!eX3z^H=h7rQWEw44G@t&(!6 z-PeV$QByr^JJ0OLS;leTJ^mqeTkv3Mv(Qd{$nd3eoA97%v(Zj{=

mQ>WvydF2Sy zT&Cl~f3bydT+XVP)tpgY4oNQAfj_Q(+l_IiXtUf(mP7GjQmaGP<6Tp%ZY{U}gzt7O z(75p_i=$$G1FKpXj<@L+e{?Q(F7Z9cA1rUj1oKBhUU}93(sr87(zlZCo$2XytF~?7>FE@k&>>o5iGzo#Whjndj3m^>ZI$nf5i~$ zXNG*NUE4~$r-C<3CBz=mGH-AF(~r?D}6{{47=fBxM=W9QOqQ~j+fu{QV3$=%xUp+B*By41zgc+jV- zVa**BvJwF=VIg(-z8~2TNs1yxgdUfm2=HhuWvYtheJlp$o94#vepqkiZo%^C0~x76 z$ZE1EMm11%W~1o35`$N7E$&HVS6Iw~pxz`k=qw~SDqEoQue@1qnG5Z=)yEpPUy7&F zDpRC~IfRjsuP_e3^= zzH*^gf69C9+^T&k0^B!w0C+`JoY1+0tMV@ zWiMFKGG>`sqQ9XWcdYioVldfj%3kF`u`gV-ToAWhOq1c2sC=@2Lm`SXruewvmBm5? zB`%dH4q!;eJ`d&VrC0>S)WtkcNE1D|hMDmjUA1BeP&R+J8qQpei!OTA2LEuLXBQ9$ z$KSSdLQ($kfp8l)?zxfoG!PQ?90 z)k34*`Yhh+gXSnR^np0+#E>CJYGBpgl`4H>qhv9+bK=U=)AK{KjROG~2r4v2;O2e% z6P=S|W2&hIkDw06?xnMgMIxwxja8(&Jfxx@V*Q6+CDKB^`V6kQ9H-8}%M$a;q~_@= zzfSuqiQJ+cot}94cX>ESa+x@`CFBzWk%qs_>6gvYKF<(Z>5hE}$)YgsP1f?|(?qhUuGz6~E z*F2l~rFA)ad!&hPzzlKbM;m`5T+r*TcGv1OL(`F%Ej_(f1_gqpjhbbic;6vvzj z0l_@omI6`ad7ufM6Q5TQ-FzV+TCwGk8m8Qz$LSR}qNH5;sbZNRq>tUkH#T(M9RIs4 zA2GK744>-sJr3t^FLgcNr3}6a53gq!wrT^+U#0=zXxG9M7v^0~a9+@$NVc2sBgs>X z=&fq#y^3?-ZGek?>L81%;HR963Ng$Dwu}t|vWuqhj-0^nhi5t?7MR53p?CN?A6F^u z^5@*Zz%+q%d*tmOf`Zw{3tXI{Ld$misqqp)aDnwFkkhqDkjK$0=MN!4frFQjRuZl` zPh*^kbc7TqH*n6Sx;+<;fa)7*R=Y5{y-z{@#mLu*#gFbghY-3gtQ-+sF^bv}UOtHA4?yG|MMLpBs*y z`K3wBMM=^kYY@+sI1`$X>(7~|+c(nfo^KM_1M0FS`1= z2bZ2g6HWnf&C?nYcEas=PMt%}xP*t=6Nw!4IMeGfmLGQBM#mg2Orf4kk(3ojn!r>R z2<&~Yim;bHd)-UHUrIo&Eok<#xDqetzxa<$p?)#c33Oh(JzCN|5T$*4MTgA)tU#D> zAVC$1q+0*dKI?zs-Qj=|naLeW6UdB1PpgD5z|lirziFP5CFT?>v*RTg7(zD+DZHA) zVh}ZIm0p3GqJyR+Ok^R7u!2E)_;|pCBHH{bvk`f0&Kc_tit!M{U+9Bcn3x^a+-EQiLqyA=*AfqD&E!`m;tbD@AD=yM$eMT&i_ zO>dJ4jSgDQM(QSgCunlG^tB*#8%cF9u{ zgF@)EEu)B%2iI)sDh;+-alS{&_#L<{O=-a{Freyn1sKVx>r9G zh;E0kJz0t^G-ZF4);WkGCD>t?F5Z@F@6$q4j5#z;h&nsVB-FgZF^!pqA4h(GcNC9l zy*n`rx*cZuG=iH3&atF~nFs!-q=|1KuEmUgKI~QA3ozE7nPbFlM)`y$=1HyvM>B|L zbLp01yhAActT3g>JU@`&J4{pz=MDs8{8l^;8UYt#1c%U1-dRL`snRZd)Qm;`?os+t zVBiIKO2TouO2`@K&qaV!z><*x!_r^~hsjCY4HZ>N7S3~NTN5Pq5M^!-G!RjA9#Sw5vwB^3zs3yv{1rd!P@!*6oz7)&Y6nq<>G?l&x?G7+! z;6?0v2xz%Tr+q_@Iy9~*+5?aVQgm}XUjSA&J&wp>+DVgS>AgUD(6ZNKu1gxIW}i0| zpf!96Z}U1VsFYjlc2LwFD+7R1(mR4WUS0-MlCfi+aaXM}+p_@8CcV)7 z!vqai9rgq{T}Nz=xlOkvLm3l)26_2kX#UZEOXOQ#;+0ePxI-S&BhRwu&`Rn8f};o5@Bmcy8jA z5!eYlyP9IRmzp`m<%!7gf``sPK3{)*>b<)yDJiWnhMYthurX@%avGiL#IJTa`c|KD z4Fz2*9+)ye&_cSwAb!ugUpe5d+HZl#nS*$LtkVOha`hV_qS^fQ?Ue{y@&zZ)*Ew|5 zZBLF?M~7e_IUcCBREEa~xGTFDdZ81~Ao2q4`4@J_<;IwuE4#tD@GMAYSbLcoLXKxi z=V^8XfOQs6uJ&SONOtVroaLBX@a%*FCxsb$;3-opo7m3&`bZdogV$_N`FILO%9`pz z1PVz1F7@kS?!MKC3&dpL`6*=Wh4pAB7?;%=sx+-{51KM2`v4je3YMbbqxMw~6n}@i zzJ_PJPNMFqiWt8!J^uzmul&SoQm=+Ob~!K1KVyqto45KMvm3~lae`&lT=DJupW5lO zrSbqZ5CCBP@A>b4$cPwn!0KIQp^PqJ2iigD z55^O8N)i^fpI1bmz#*c6gA~sye_3XSLEop}=GR)~0H(5v${xkGGr9WX##*#jT#0=dEgQC`cO~L&=Ix(?XBtk>Jc* z|H@FZ`X2gkrV4hkE}vtoChvV-yliOB4I5pR~a+S$4Pf3;K{X;{Y| zwER!V^s8N6v`6z*DCs};1Ind#f`}tS+eQl~E<7;Z0()aaS={0^me{wa=__$O>JjNm z0i7IBWHaTo9cPxi3Fn~~e=k~eNte7R0aiO&DT=j=krWzObhQHyLoh9?ai{r5{ zD2rLkEFbMh*7EniSk`7c$}Dv9_@y}XWe=SA#P&Tv(3*Vap_Zzxy~hN)%^Yx7OCy@G zmnF!8W{Odn#r@CUm6}xCkG3sl=6+F6A+1~rRytCpBR_#W7};J~rT|;{FIC7@nV^lU zwhHWAbIgvDRv{>I(Zemo3U6a{uW`PcUh@gGlqxJoeW*W&WRoD%fsp))Mklne ztlE%$D2@^ZkzNAoF{AIr8e>dt=GlAs~!7CT&902W09p47(JL{y`==|*n z_lxfi%D0bFuk~WhLK1l)bA`4}k5QiM4_T$HT8%dqcQ=SD_yTXkIe*S@_%=(@75-(* zFdOQ;B$St=2;8$Db;}S6uuDdu^{HcI-0o|y*Uz!H`^VSAMsJes&-?jOr0R};>NU$0 zhY9bXa?|?c#KS92H4kIawRlgJzN3?vSL_^9RJsmAHLTMG>-7jGjG`FO-xoqmo~b=lz7J%GI5X4FBf z=37)JJme`?2?9_zIod-W@_X(<>z~P)f9v4q5=R8TZ+$rk;3Bv(>ScH2VyX+?BBWc7 z>OW~nY}Qa=8=}_VWS1vQ57x9X`e8N2#YUK@BKW(>z5@ zRINru@Pe3|k5+e6)_A>h=m!;m-R$QeszX7{wxCOmagsicu5(PU9cyh;p-ltg?}NgO z9(%X9*=z!R(le$H1M_s8w+B|KRKI1G6>;x}G@7t23~a);JBb=C0;b-&psz&ytYW)gQQ zO3+i!f}GPZAVMgLsv4T3p3Njni$Q51*hM4DuOi^oogCj|QtK$xHse7&k$Jel7RwJ_ z5Y9^{HrQfR{z7F-OP8RH-$nD!ehuBKZtnEeTLukSfwu3{5kW8MOIOE85tl)rAowk} z0#%0ssQ5H%K}?`BsYev7L39)H{T3Xv7Rr)OHimqSZ^q6P8C0`!OS`gP8k#g*a!~ zLKDKqsE9VJDNJuZAx+=!SLRWKfP3Iyh~8HA3vBRG0VyXgwQen_3)f{IMUtJ3avO()%iuNLWUI_Sbi`$5Ni{Yk5YcJY)k`VA!9zwo zMY`ssnekJXCF@=2F51tjTUkZ9<6C zebq-m=s%+H1SOI@UN~J-OB>J%XFS{=M?{GSuvcm?c0d6g>0tt-u6{~RD*9V)S~RSn zb~*&@(G$UWVSx?R%|5Ifsg0E785wiGx3|BvDK-u5No~>@A{>-B|5B(CwMGuoi7Mg) zYuo-}&!_pn2z#d>(V}H*vuxYmW!tuG+qP}&vTfV8YnN@?=3mj#4}EUmKK-y>=G%-J zk+Cv!jPaS8m%-p=zfm(Au?Uw; zu3X*+dz*GF$pQ1L;5&AQ?4}2!tTs^2c+9O71|5$6>|&N!9|AY&g|PN*l?nG2o` zLgpn$nUXxrNhyDv7$DetLUs||u9>XCi5W`tNrhv6U}ipns-g)^! zDRfqQ-RS|n+b5F0+tLx{(Ftl9=I2ulfZHJ6{$%9VIhDTH6I3}-%jCgQ*75*^#H5BX zkr6;EPwkJS$lksDbI4#v@t-rCJ|azKz??vhqFp=EF}l-rK3t@*c_s?BRAh>Dqq`O4 z*N6Gb$E{PqOeKQmAuGiX0N~HWXpCZhtd4hGoT&5_Tn_-(V#;ZU zW{jAd1m~ptXY|(H`KdP_d^j!pBYr6e=$PHAaROb6Tph~rD1}lt9mLDRfg%+~)Z*-@ z2|=nY8lwiJeIk)(ra+4ukXelEt2pB-4uB3>YmV#?Q_Tie{wLfGFT6LkT$~1EAmEP1 z&B{r<8nv*2Go|A9&k?&-S!8wHtvZCqLh1NX|I}ZtO_GWoY_(^D(ebT^qXonZzl#3- zva?F`1$lp?M5!}50&0G!#;`!$*Ps$XX9Bwd|G-kjUXHHqBxy&K)Z|Kf_;B8pxEF8& zjVlYT+hi6ErZO3aFT+TfK6y5GGu_ah*3D>w5c#34zcc1JBf(y$FDF0(+Nz`az@FW$ zQ_RIAnVF1LpWqrBf?|xxYu_xET}Fkv(&=JQaYty$D z6lUcdg@Cb(hzT{ds%#ff=BCIF~peRCoic=$V|Sax*Q_1gBQ! zuN&O)1ij~HLD*4=47KTpDf2=4Pf(PbbFh3n^$2?eB*{4nnlQyg0ChD$-sb`HfF2=p z%$qzj#eA6GRAHd)XF*GZiP}X4(0+kPG|z1_&>QB7SQd>ndwWU~tq5HwsK;nSR?*vc z2Y|;bVYl5UaI4q32_>)Z^4c_s=U=j3{@gh(>z5XxR!Osh#LNhSjg*^`lBlhoa@Qio zVj1+X);7I{`y2<`tNOk>;*B|*WpBLVm=jviam<8fjijA{VZ7`eXfctT(XDReyN8p{ zB`n@dKYlKsFRkm%_N6b~_ouUukINT!z9YL+SMyPW?h2l5Xiq=Nwo`G?ud-s9Sp+b( z4qhrk+Q>kjPE>jTMX>We1k$OY{1!mY<-i!`ZD44SW(d++H@AO|5;4zG}oAdQNXEq@3#WlF<*=OKgx^(#%Iy zWf<3?3?sz&ErkUN9Si&)ZGumtk3&PUw;0I7oaj6v|tRbNa(hkp&(7phNkvlY>wS2 z0bMu2f){4T?ZC~JYFs2!E;uNvu@w*=HbC#<+7QxQ+2$h1!d+|<8J-a&R2S56;H$R# zvUm>r3|JuL9eW!Vk5LvfUo7yZxqTd~J+$&mbKxAR!D_J`Ue}=?;t(Pv0v4a+rn15_ zTw|K#KJ;<0btFVq>}f5OpdN43Vgv_IUJAa(O>3}@Y7HG7y)B5jGV+(@9{67tg4iL2 zUMPh$t?1DYJKtT_3?2lLST>@!mQ_@jm_?(*m)*-_WET4aun|{%TF!^`S!BZu9*F{r zu3XBY#0ifTx$^QY9P0D9BqV-&j)yQ4RF7}-kM$2Slb3}3M*LMr@cnhL?q=p}RO#0D z2M%qyUbKL*fL&eYa0KG_-zm1oKU^`6ynI3(prz75T97e)1J)2hCZqv!?g^Pwa%O#5 z(mZ*Jw%WPhf)U;DsnKtmDjOCo&ZgY5wuD{s`RU5rB)QZur=(*z3vc7J!PtJ^%-N4YKLGz(s5YwHo_&6mR$0Fv;r}}H`Hv~wf3H+LQ36l{^avs^ zPLVhQTCKE}$PDUcB;!Lzd9#7~5krUHXhYZAez|N%%vAB^DH&pjPgy$@=q`TV^OY$I zzSwf%x;B06Vz&7-^f~diEDTA+fVt`q(L_!f^lub9Usk6;CwRG4?EP$;y*5nxv^OR~g;pOW40`06 ziR#j(`W=YUFR7PXF5BA#n~JWsXwarc4P$;hsn&H@P(Be{08=gAky}nqRa;gjY(bO^ zD{Mt2I8av<>c=Fw(^;9G>04>hF#hGp$ykU@p0_7**F3H!xy; z;o32%YPl3DqrRFOCmy{N&?e7BdrP|e|5ezf~$0=hN(K4h1;KhI6H88dsjElJ0*45*C_*Mf(U{eICb$#T93ti z(k;ro2UXJ*5;0xAtyNb)bRCPO={KrVM@C`~`pylkFYJgceU?4OYt3qk#hBThBk>YW z^j}Qd_TL7e`;207(uDYGK+blczl-*t*w*9Lpgu3O&V;8s@p8id0xZWg*SYnu6|Pz@ zscPWCe!N{?_;&_G9yuPEu}z8=_J1>gypz=K$Qg z^leVZMPv*;r_HI!!*vLC_u=&q%grM^*N9DwzOMl_Fr(aO%4kn;X0Q@ss#f2kjs0+I(-a|t3@~aCZhSli4NxwcMclpYCl=vDgYZp zb@QRZ<~e3cFvvhKqd&LHRn16 z-}bmHUbg42daH|cB@&AbBla^*XIeh7RT4pGPxyCTdgA0gmw}@qS%IlI3FXf(9RQlQ zcNS`Y%amM5+%S_2G<}sUM;rqxzd_UFM_}#2P^REo^%m(Fej7grsf18P-8ePX`f29Q zTve#NBXh)Uv{0{c>AKaErM;WwlVD)$`U5%tse_fgQ@Q!Bm05ae3DOTzH7ZPUe+SzD zKe&ts5nZEZKq_VoTDpkHCD?K};WJ}e*O&QkcC~LMAHp53mjMA3^Npjtc-2s_#;7J7 z_Wb#JRFjDm!e+D!aKkTiunVM`gepi=5z^r>6t}9%}wYkmhC$hn%=}_u6E{Tc;QEPZ?7zTZhjB60)R$imJlR zpc_R2BnEnk-`j@BamTy%hJqP*mFT#C+iYkhhY_M8%WT-3M3Km3-ZOD+Gn zZ7gCFtGMcsl29Ym-;WMvBU0uuUt$gDpvKR=V9lFmyQW4$e^~S@SXhK|a{YUX*QrV( zRhivMe2k@=GT3>d;9Yv)Tsw}HT+)>e3n;^(usM&?-DcAJz9L!)_92(;3dG`Ah;x0y z%(U1q7dR9Hfa5iQDYU1pY;&u3bU+C3*r!v0dKJix8epz_^{!r0mmq9RdBT2#@f!69 zg-pp%X^o}%Zq9==za!^;f#fkPF)>U_W7Cy^264hiI#=C+DzXz{CU&asY-f^ESwLY& zs@l?$Sb-pb=TC2cC*LwEmyLoD{L_2tjE!njljK~pLb8=C*hY$jN4trwJd-0E9ncI+ zDDs6nWj;KvQl0aqbmyi(#^?U=vV{vPgY{ZAyG?#Cr9#+J=^7BKC$QYK8`{=cPZtkb zLA_Dzk3{DdcPJLuC8q8y!2RmeJr{~ps~D7o}eD`lStZX=~JJ-$;ZG zmiApd$?eotht*zJM#H4O%vIkELz$<2A*n0A=k&)a~dl2R&zd?~? zI2#lBX3U)Yx$XL(=Y0zAB%83Wp?3p_zzFJFd=u4yT}i_Q#(2txhGRr@;!EZ@lmM?r zt0BW9o!sDXwA2vpxPMhjTegn%h$aMfscG7|iT+gOt@E!ulXsJ~eDG5%5(+b(xb}VE zY%gYU%VkQ3&Ft|XgNRm`FT?1r^54V*iX7!uPAq!rEPSNHlQ}^(s?EH4E?g&M z-F0L}8?`_0(V?mNhQ^oRB6bRK)zu*D6bkZcZc$&T?bs691h7u?L^AaXO$)-8f{rr7 z^VaVaRjosAV_Ksr^PJN=8Is(hv6wMkA}PW&`&74nYi3fZWWYFC`}{;%3*l29xia=K zAE<#p?u&aB4K5z7^Hl$CUp{WYyv|uR z-xqu|pysLM_2ky;&TjTWAh*pWw~J|YciHlpz5aFHL3Gde z?mk&6AW*15=6H19N-fH>@8hR|$E4jhP7t_Nm11FN@^sg!>g#{V$#HK6Jzakl2>*UP zB_#iAZ}2}|TmQXD2vM4|45CNz`KJc*EDw4zhzE@uG;d>~JaPm+c@hmdqQ26v zcZjux)8Zxwp6vv0hT|oJBK<%Z3f60S4Xm;2uVkmJEa+CCAbDe5AS&TnfOs*K9I>0N zX^Yvr&cflzucbs9a$-=DNjJ2EHf^;dV)))gqU2xW8MMboc!9@bFv29*x>2wUOO;M& zyFsaD1%MoUAR72EVC)4DZ+W~enM5>M%|VPfH&pZ>u1Yi%PlO66uORte6E&=yt#)Z_ z?A6IYVy2yVlb?LNU}(hMFf*YpBsbTy&6c_c{YXxn-HihYXp@|YivK;>D)8ptV470D z3Jr37Gy7rXmW zBUWVWNv^|O{*Z%qC>r)Tuc|!DA;13*@d7*zc);ZEz>V=Yx)}3+ebfKT7xdpB(nod9 z_J9?^dqu4dDsa`mdRG^=sE<&_OF&5vVUq_ZkUy_Dc_@?=G@;?Z*T+m^T((96mL#ui zYwhUrQqd!4hpRdHn!tF+N@YB+3eh-_>rpjb-q<6@ET&OQA!Ql?Ow5F0v89z3qWw-4 zK49W8%jBS^C3(@=(^AW1{cP^t;s~BsYPS143TbW(vph<&QV_0R)pf%v5>f_GuJbYe zM3qwMdEUb@QOlchuPwR6cZII|K2hjMJoM)&FE!Fr_UhEB_8t4A%Ilvegd{$!)j95; z0=_1ifqZbY#7RBAYrmuwJ=>ZeYW$wsmDUTsK9`4?XG-K(k;PUBw~4TjS1hFz&dD}% zf>X;1**V3wD6hr_X2&SXe~r{!$h{f{*6e6~i-xx(X@_gti%?{c@3&E}*G6^rn@AJT z8lcU@J^<3y-X`E=S{1{`ePTVgh<|qDvgn3dV?n@mh2MrMoSI-=980T^TL7g`0XASt zBr9$Q;4^y>Q*8(=IeYxFm84c_+IuE}PY+2n$y!1Edt8u8o0sa2 z3dLcuZe79EOd*q>Bx(Y#yv@LMqPkuF6#%w}7Dc%LIcV#%txJd%1ft7tO2~9cO71Sn zX@(E^)O!IXLf4bsSzq$zs~om%8u@n%Qj>)Icv%=iCaxh?_I7s0UNr%a!^&qRz`5E?~}Xv?Si*AR+vI6 z$(5L@i^uVtfdcWBqbd|~AKaoGJVu8Q+E+DiHPU6d`#OL=>pDwM%iYP6*dI&d@Kc^y zBxf58^GVMLcDROp`%D?6(WT+xKxFz7a*n-OFvrw^ey3__!DpBj^4!>W>KvJ1ikYVW zBmQ0olRSznjZi5-Pd3jHro)!5EGI_WRi!GT7DF8J-U}V1cP8ZZvK?Lw2=oflTgqF; zAss6#59eg1<6rfNpT_{5{KnpQq`Uz)4D=i|Dj~AhQA%7KW7e*&&iB9yH{*u2_+z>N z;C<-vdK%>AnGtnV+Xp#^Ae8LGq2emH{TbD%Cbo~ySDn*<_`aSY+T4Z#DtYVKA+#L( z7Lg#hoP*8eJOgJ#HV^QOc#tfY5A#^p0`fVb#6(YU^Bl2Oow)#&T= zBjR{GN2p^snkgmzPm7G6w;JA@L+vtKaOm@RZ|`DIGV4P-tMTg7Nb3SRDW3buE=FCd zQSKq4n?)fe_K+}%7yFeI2p3}<&Q98-{m8V}C~qz+;xL`%-SKIsor|pW6;WY1nCzWS z$%t8wu-f!sWXt94?b?=*mUjCua}N)qiy$Ym7()2UEq%Oq?(Tef)+27ErT6rMGrx{Q zv3T`&{<{jN_DMm>^z6+2#_}q=J;ex@7{049yDUx*B&?1!#b|vK`O^kn>Y4-`RIa7> zkM{Kak)!8W`hW!aLp^EiZL%5Z)GH4Q*Shf!(0@+DAVAfY=hctpS3u zVD?lUl{SG(47y$F0jJRD8PaeH#Hlw*s*NG^SvMTHf-qGq=A}I@*}2}NvX&f~HC2a2 zg%Mk0iQ;W13M_@WYon@cjE8o_h@ZHrRH@RUzcm-%m5BLR;Z?NHZ{Qu0g$6Ug)%)%@ zNT<&c{4NCaC1n`sBBQZsHn=TzwW@c3Vf_!!X{58v3-olq>>V6Dd|gnxIexwkiFju_ z9(Pv8>^9}(q+hhgK=l=9aL92*Gcxi&)5JxvmR@1(;Xrt6D+;jA<549ponQCPKN&f> zc)XnOx;?!(0KY8?IwT7kfWUs(K@63sNp?*%lr!5R{8ch4=rP`*d3X-Oz&%Uf1br8? zX&Yfi7=}y<=^+>llYgXo~p3dLz2R~NkG8Zb@PSifQST>N> z)LcAYTBCYJ{Bs(6MN|2@{C=LlF1~m+lwaPj9~nEoH$Y*SBvXOuO^E^dr0vYw7I0cl zF|9k?a{`1tK(+WE#It0ET%aAxE;ddWY~2ImDk5GPW;8Y2s<$Y}G_Vv;DvWZx(`&3T z3K6gI%^eEZ6d}}qa&kZwl18yt0}tlRLH6a99W*DyU#v*tfrAvMi{z(z%GHc?-WpSx>TTjFV! zfiZy?!PgeK0ttq1++nD8W~0^RVM@^9;lJ3PPN8D~+<)r%9-%SaP1g3Ta|OhpR@S2d z>>&-=>_YQ>Vjda;&<%D>&68rpwYN9Q0u2PO4!MQG6^#MC^C;lHqwwQ(0tU4@r{+J)LWTuX3kwN|1apRe zcu7h!y(E;@Ec(K{^vdrpY|#*dcj>6C;y#9Rli3NFVPY?jKCZ zJ*q}&2#q>5iyMt*#E^(UnXYtcleI|?v3<)0wO5tln(bV0(VBy10C1CNr4|tWc{<5Ee@m zws31>B1EU-T|}paKK$L3*?ws=$duq@Bx}sJ2z%UF680Xez8%nQuYIdDz5t@Ni$1z> zb!PVTh^neHoj`SpB_+OaLW*Rhl{&3>VSbf*AN5yjYb15&_6y%`BJ(AdX-!h7Ad< zh8rCC!DIxyTZ`>#Y*>bF9(xEz?*3~3okM+A06IJ78E*7N=ZR?crD%vOTXlF|;zq)A z0rNJTWpEOubwyt{)ET8 zDMw|sgW1NT^n$p?o9Pds;6@HL4#}vd3=Sb)QTB{wObj)Msy`2&RuL^wSr^I}wu=Qd z(@YvG-Ajn%e@5f0UM#4+X^OmCtI-Y+?awqfDuV%yFb8)c+QbNXE?NH;&U!%Kt}qPn zYXh3wCrYWaQ&&M@puuDrW4yMBOMw;bmMe@oF`*fc>HUxZ!S{P4)>{n8ZoL(6sPe%k z7HoobR@-6B&^)f|a7|rlyfAs1-hNGa@M=z0MFRvza?p#Qs-8CT=>&m+9vVsc6-?!J zaNJdcbIu#{48)OrFLk)*#pQ*H9l+hKvvfla%4_Af?jA0K-bQH)pElxWpk7*UEjJz? zasY6fIpURRB86dsg zgxVNW`o?I`?7Sd3L~KM9MX$E*7}ClQ`8H5W;DK3eviifrW*?+?ha~v=Yr=`x zQqeM-xn|o(J1@Qbrl9a%#{I`2G`l zomwE#zYX_AoRW&JZ(%Ir;_g$%S(e_&y!BFEbX(IGUm=f!i~(c1pxJH2u3Wx4`0zb9 z3%c=qX2`R_X5?=)ZqGwM>32_EUd$x+FNLIug4&Zccyl1 zcXb}%RN=f{=CKS6*#z3W=WaN+!}h0ez=Z1{5a`8DBo8bnf^M<&j%*i!d`>KzfiT)P zNc41JA?%ECy679sl%u!lQTN4%I1|HpHiD6n^Kc#By;ZLdSXhX@qA@rxZZRdy{u&8o$+tl~pdyuix=i(4c6*42kEY^;!qR6rEI&m|rBLmevFSTfDdBdw zuJ&xWJ&eB~(~0QOnQo+RK=F9XD7$=`b(BDie|}19i`7nny|MiAD9ZQ|Zi4;FGHOj? zt%YOC>x|uo3hlxo{W818;!A@JPG`$BGKtjn$ZM**T6R}EYXUs5EaFJ!A;CVqH9TNX z(5(Q3-?;fsOG9kplwYqgn40|Q?tYUEWjk~q%M9f$EI$BN93Mhg@*G9s;`X<}3@^6< zb<=2ycv+Sg&-@Kb)W`$jF`I*G-}1w5f`v)?McQgBj0M;CK*B?H+`Zo9H5(~S)}xOC z{?sjiVkC$O_u|T*aS*?H*7g(2gJDKV`ep{!z4!nW35 zc}ShCUSynOZa6*XYrJL^SM~c6YRB>?6wQYfN3D|2X~CR;RkCOJ)SZ{VVJDvkGJsr{ z`UjVt7||G~0TU3Zh?%NQwpi;1ewmOtGK@6iNu96T@aI4XP+PMlQ$eKyb$5(f-SA{fZcb-xx{+0*Vnx7QohA3D> z`CT%qNG?uOt09!nFmHzG`Og|t7(;7Rke_&0@OtFHaEPG=4vTT5yv%7hDwjg;WG$G{ z_N)o%M^{KK_#?E-enqPo?W#-}QAg)M?>xr+F*SoM*g8e+KUVfD7xD$475{@>{w$xwH^*U?PEYX;@9J@YIBWnplly)Xzfm0HuoE(!o}cl3t1J5tdig4APs1wsG0P6~3mV)8XgB&-b!{wD zcE=9JO}vR8W}X1JgbSrcW73r<@us<1gweB{nlBQ76~HcB2+aW&@<5fbrt4#kTLGm; zwT?hD5Z2&6&-}UIe&@!jM@yJlYrsFU;)!_`^4q+)1__8IfL9f!Py4NfP$nA>fazEm z-U`aV56$xSX8~tbAYEYyvmzEkS?A}bj(w6{pd&<43F}@)qCN4IP&FyF^{;oAP{mfK zaa%k%)ke%83~!6P-%+Rjaj{p=N3~CJK+WHcjw{ld;D7_#m@dp1|ExYM|AE#^R3~^T zyKZ$$A}UBwh~xN>Kr)4`@m{;}6O*#$zHH={<`KQ`XqdG5dL;`l-XnrnS`~5(OrOAx zbR)3K`@xZh!);d7lA$qJ7ak?gnUR8n!s-n&M6Q?pWC+?Z;xp+s9mSgFxMYOfIo)7$ z2NS`)J#)aE!nz7SO<)QM;?k{ba#&PC=}@b8ocm50z&7F#jmjWFYCGc3^bjv|PPZcAj;2W!4R3)Q{CD+%)1J*9LYpI z#vG24SQ$uUuPPxg4~Cf9EHgC)JS_-78nC?jg(G>r357e#&)f2--qT3ZnOQW-MFSitEyd3pdGUk*fPCKqngyjSB(OjtU;_7t~zI*b%YgLv$KM z`%HdUNy<{z4VA42wASm0$ubwagQ;!~r9q4x38=f11a{>K?RDXW^=--URYLk;D8&_$ zieQ?iSvrp<^sFXfR0s;&>{qKBf(`UBChH%wn;505SWJ_u^gEqr-aLnX^Bo#d-CVrv z8Jk^v({@!Mf&8d=w6k^po1V;%1$Ru;or=jT-#Ri?c3jIaTo;mF4{M3Dkg?q)29K*q z_j*3%y{vllJ@D;Iw{g7z4h{dyrhM*_dNl6-AqxDy3>gdMlctZ6Cv|)9*J|k)C8VZx zw{XxgjuWA@fUj>8_^&0hQjH=FLs)yfHePDQ=NYS9rUh~O(L@U+bd|PoH{1unr;g5E zu~S@7e-~f&xmbui+b7pBr%2jLwF(;Gm91T~fvDd<4R{`oXuYW@11 z(j+znDgk`}@_tMN@QML2&j{)`vZc)&sRZxalSkveI{30_b#E%&8CQS;|7U?CYkJwm zDk=(C5sao};TyO1dbHI<&cd z&CYebTCg-Pz=tD_OKQX>xcX^`4CT9_(wI-=4{twB_fz?ldpSXUyX7U!E-(7YWTR@} zN#qvi;^O&-=Qq^5Ic6f4&5okEyp+Y~iwSQQ01!SLKCk=}qh! z1mz4IpPT`#AKX0Mw{U6KK_NYl&Y7XyNYB(*%V;_L)#cjBobpt=D8_ne#Dx0z8=I|5 zEzlYy>ugbwch*It`K;imGNe*zJvg`|lcR$)>>|O_EzCP(>yvEO&NGUHAOk|}=}K!f z`&1#&kPo!txr&#EWUcmg0q08CtQ-Bj3BJ+B`Nc1V?i8j8lzrQ*!gWKfxRMAr8n}j8 zPgmF{dYz0)CL1(EISb9Zrl$=VZC-g^bCkmR9-ZJupL$;?CaF)vCd~0wYg16SH$LX> zDZUWt?}r$iX%29+dvEEJp8_f*=@ZpUqZ81qYagh?aP&xViYBqiRIxLZ@fI|q?<`rn zH6Jh7XbyDe6gT`Y*=%A!oIYr&5cd%e2LqR>*I+>X90Hg^98yioumNTlTG)QzQK6r7 z%06$(GqNLnuFoIEuI~m^by1@)COv@>{K`B46fygQayUvupSEc9IE|$&4+gbEhW*~* z?wQE*C;y-uc~hapFf9!4F+OQ$nt}~QUEk_&r$5$UhjWnFy-tZS=|Mnfz&`ubs}Ze6 z0}t!x+FjHfSV$P~aE%z3G`%_i!AMEl2ke&8 zs6Vk{haqfWk&40f$dn~bpl6Npb$uYSkU<)asPAyXk$^PY7yJ z9VcLS!=`zt;~J~r3BgWf{M{kbQqbPy0C>9W&j@x_lsU543!bSPF-77mi3^yb{Jfl? zYOH(yRMt}VF2$?jlbvEvYF9CS@?|$1%ov>Sj5;}#xv}&6|DaC4X3mIBLE}i{r_yy7 z``=fO;?in?e~;4S#0fZ9X^r%6WKb-eirmc19prI8QO}|DmfA_iA*i~?O6g4_#T8`w z??A3C`hiQ0f3U}>sSZvM!`I;+iJ97@Bvf$Lditj4f6ZuJ?uoW);uyCzM zPo2<jgldiTq}qA#vz<%MLnABsX~GU;4f{O`pLjCrwng2Oyc z#&;}CL~8GRc+3MNVCxJegMG1Qy-q7a>s@58;u@UT0e?K$Xzs@$xpO=8mvP+1fYtij zyzg-vL;o;T_Yu%jE-`k!#$Chkqe4)mL&sQ~7sMh38{$O5tuDnBEDpvlw0VSC-*t3(7%#iA zXbs*k$CD9+7tZhs&{NJeZJKDv*VYNv(yG)Mt@+{hFV6Ld>!IDsk9uMwI@EK#H8pZC zX$~Wi+wDA!7AqJA-!<_F$S6~LWFn1qm5X;SP+2_{GXt*k;Y6Gm>RjpmE<@rJ<~Kpg zbIQg7qh~7;uPHTq>&ufR2rhs35&PQZ2$IXjda|)-8Kv7AiBS0vn$u{pE8FD&_waOJ zxU{Z^-!YlrONW??VzG%*F1OvqIY)65Uu*vK!sm^$#y^`dG?xc(x~%wZ~`n*2(Vrdqh!tT36@SKF|m3 zHGY#IEqAUVXgGLzyb^881Eq(E{g}dRn}+eYwrlXrFVTPLVV09R@Ox#awi-N+S4g4z zx!l989Di62>H%J%=od1aL{tnQD*07rQ6g_zuo9fIj`nPHlHP)ogIRRHBCr-7xgyCa zH&FqpoookOpu&i`Dt1ub&jy*`R5%TCx@Y6MYpYIh$=6dFB%?$sXl;tt42zk6=zzU1 z$g|B7s*w*6LpW00K*kd2xPg&h@VJErw&y#tk&4DbU%(=wYwDiH#wMBWB!NQe?{T=7 zq&g<>g<>199L8uZAAV#f2fd&5aH@9Ul+Jf^-ZlTmIuhl&;)X0IVQW+y2e%ISZ3~yK zWHIJf>D+FN5kBl&t4yJtNgA$|bPS52#_lu4GMT-bLQ`6p&50Vockp@5fc={ zkDSk8bOZIgTv8JA0xD+LQ}z;vk6}CL(~qvkaqwK@=>~xs=%|$NNB?|tGgj!hz#lS% zK{R9CU@uO_+h_L?Y@@P{XZg%<3krhNcsk`;Nm(T*RY#@x7^eqJvp<5!c$OT=9h$T_ z_xQ9oA3DxupHW^y;9OQR@HQgUw$uYxnVUi~PBo;~Z9Z$6J2~O{4sFj1W&GE(wNBH2b6^T6K zT*kcOlYD8BvJmx-Qq*%e{EA8Jq$E$sBsO71%(2HQoBrpY>Wt06?v8_D##=3uuR+tSUm^o? z&xDo|L9;tU&ziLJ%h*Emkm`E8Pqp2P`-|e{b#}-6tj8`X$DB#d)=E{~ec2Oeuxpe}CE=s)2<=TCP?Ut$jQ!uvlzpQ% zEno9m0OXpYMyoNn-$pDtNA2_BU7tGPSWUImeGgIs+Azz<{9Q_NRRWO)b?W5sezZ3) zJppy(J7Rf5$Iz%S&Uww)cnadG9$#ISyn2&fu2`I4!Gz?Oc z>>yQ%{z@-HS3mz7C9R9l01bY)c=AG$38EB9nqo@|8}*0xrCiyQcraTB+PjiD8s zN;&k^b(rQ*k;alFTg&d4w>A?yhk+79n)?QgWg5)xgEXV&n+pC&Db>vrnQ|v|Mk11wiZ522MwAt~^c2`FS6G=q(!Ga=Uo=Ub*Sv3JXzzsY~k8 zt8H%mH~Wi!683kRv1+|Nu$7tlsgTZl25jmvxUD)w6(RsDvqse=;uS1Haq*!O@4vy! zN3C!8vkr(3YhxiX6cT7EL}&%Eu38t|CG!jk;Og`3b3cJs@@+%twjl|L`1US1qEv--k8rN#aS%W4tNh-nEaMZj! zg@q)|iZ)xRUWO(}wHkfSn5K>`Kx)LvU#CAEOoL7%J?<23!9P zw>(K;6D$c4mw3)&o}Ac085=6JI9cQs;W8hkB~@%jmR7zCQtsfP4PV$?yFg6rp;Ik= zMp}{u&Km|S-AlkMrKXYFLL(}IeTs}co>@HH+>I+R?igps0ou;ng(p7&aBM$(C;z- zD#Z4Kb-?f$;S07$F3BH;au7|*6!y7+7|Qt;NE61&H5*m(FioDYLos;;_#sz+egS+! z<{-2V2}@aw&v}=m)rGfpSaeOTjG3vK9P*Jt!dH`=qc8`f^uW^;WgS%hqs;P8q(dIO zsAL?YBSPqds&v{^PB|_Ff+e|-)*8P0XI{Xw$@|JtjB4?}r zMQFpHwv<$p(qchmhjP-qp}7Di%*SRlhia(76GE)cQUbG%;x!)NH?~*kOqtGtPh$SD z1QA(|FE5_M8-{zSp4MnnhYtRr=f9d!k5dMW5#R+igS!3TYaT1s6vu2Ik=gEa9!mC* zR;1By#vjp17YgYtf9GXp zeg=Qu{7$;kopg38omBU(wbx#&Gk;!;!G6?2TOAnio0#svcw~rkJ*b2nhZDSXe=PB+ z1sV+X;(W0&Fbm%=Q}(log#Y%5cOOw0fY7OW(U4Xe<0^?mn zN&C{j40ZVdM|W4>Oypb#&$4wT^!77+vC9uk2UB>Ie&5*Z(q~-{Nu*mQ`k~jfI^l3( zYNHkOSiX0)yv)1U29(8NR`nZYlPWWGe$)|AFKw@U4@>l3c_w^ZgPB2>Me?{B(KGns zp=oCF^!y6dY8{rqa9)5)rVch zMJIJ|We()|-y=w0;GT=4ayz*$;=lZz$-!M483H8h)vC9azN_)a)y`QY0_)7Wd>rTw z(}#Ll)pc57M8~=LAE6tu5a04rYSgg#{rdev{G1SieShA;)iq*tPW;{rXR}5vznD$z zN)G#aj=kY2MK8=AI~|E@`4dGr+_20-LL)lwnx1r57d6(k;CA*gZ%Nmq`B zNbo6LPx*XNz<@1TYIFXj>W1)`{5(U=TYN96(i_hh96*km-jYG|UepTSSi#6<7Nw58 zu5}ja#BsIvYc-dnvy-kB)w*r#vvU;7gj|%b7_EYdR=H80Hv5w|p7pzPk=3}R^X-Mu zp=_E|?tG=Y=_}cJ%Vs^+7&3(e6b7+uI9$Fz>3pMfCbyins{F^|1<}Iyf?_nik4mB_1LR1S-9H zuca(q{u}7xZjwKQ!_9FScv_h zY`32#B#?xTd@!&8PhUoOynpfB?-3{W$n)I3z-Ir)aSJw=gO=Ou@Pu?^rG+!Q(yN58 z$5outARKbIzU>2CC zrwbrb>VX3AmeNK%M7YeMP~q)XLOSrbe(O3jR<`eeRN7L^HjGI#dnTgqB5aK{{OD7()N^zo6FlDzYk6^G=qz6zzA&?_-v_B zrrszhRCgwd3S=zPgGMiLIO4<8(oM!wcOhu$@nF~n8+O+)1VTf<&*(4Dw;MKeCs#6InIZCs zqnD70q?F%gM37}{7=)tfsD}{RH{=|FWe!p!=Ucg_FK+|jkN#Yu2e?MD9bwvwsomW@ zvzlkTf0$e~6c)pCudY*i{#wZf_Fk=GxoSfw^s}Sx;7bT05rY|s%$*>-Bf`(edNxh} zCioH(Y*m6iD976uIJ9@)1R;B3NPK|u6ws(pU2V@Ns#nf@JdFYGAD#}s9sayx`GCF{ zdfAp$m}^mOnLUC-%15&X-Z7iZ3WSQ)K_)BdLbevo%+X+}%0Zt&Ys@UMSm7#qR?s+g zYi65T4XJqmP$f60B&g0lK^Wu&Uq$jOslLt^sama6hSvQJ#8l(qJE8`04d`QfhdgXc z1(w0##74>@sZD`C=6-X<@Uq#rXXi5&VxMT8=0pqzr8tc?70G?Sb-iV4&dCDR(L?bk z7?Z%>*~Z4^m}%4&UB;Kpy7CbUs>1C%kGT}l^m(QC>v5vGgyHF&K}q9CGU-J+LIc>7 z_yY_zO5s*fJZK^L-nzP_LXCClR1tyIUQ6@hyf*a$o*8|GTDyr*6~9eOuKb_iF&9(4CFeKv$jwZQ$o+g?rlYirXb z$4WyBc^(8O9~v&MISn_5JqUfQQ9g!b8U{OXD4t-?FHxo7x`3$U8`X*Sk6v-qrG7Q0 z2O1a03%GkJ)o?ek-*6LO!_4&03JIUD!0c$9eE9#Pv-{aT+!>{7Lp70;~rLs<65{tD53{x z)><^hX#dyR;1i@4(N(Tq1(Z-tGOQ4!13RVE=23@JRFJO+9>I*vsvt!^4cnz(=epeL zB`NJTZ-}`&di%)rAEC|bYv8|r#5~_jyoOqRCm_e3A`xd7@x*x3FPiR~WtTi&aJ26P z1QKb3c6LQLMT*a<=5_57(NQul34MW=q#3eQEF>y&4@Z<8u+jz<6X)e5dpteO`iF&ylp zTiFub%HOAv;eF4!kj$-|ZSx z(-E}NQ4V44%7rl{xuObTIY5qv*aG}QPHoSBf5#9yx-dd=V5%8Hz`{##G<=rmNcT=e zsdQKcDWtGfTf9$)76*I7o z%zAg)e}Oyqc3OlDelry7uTZvi{Rm?F1KTR^-(SWN`6ylpCQSDWDA2Hj2HXL+FDOIv z(2*hlnjcSgZINQ1k=J*q_(3|qe~shUdo@WQlKz&}gm@_-35MZYj{PbzdPuqBsgYD| zg*-eEDRB}QQ1S-@lPsoSgk`F9XEech?%jRv%_P%))LjYc+*zE;3%uvO0;>EY4|q1H zm2*pI8{69tFm6SlsB`O+Ary%~g`FO+#NxxUNTNS-PE4wTn{?leO-vTm%)8wy>zf0O~)LPJ6+P8O2h@f)C4Ng*O2J! zVotZ8d+fv1{9!7Hbz77)F9AkBFp^zt-1~|e1wP^Z{2Cnp(mb{*E&psDAu(Urh(S{# z)N_Vx#z-NUnxHX}P$Tx#Po_jTS1-^G3^;iJHs7wLe&!7Lcac%yq zyMo2aUmp}b`FSA}CWePw_IRcyXX(5HiU{`^D{A!EOnz|IdWv7?UVUtkDrHt9N_2_! zTD&x-u>yW*$Pxv~>`j(4gnpslNy1I+(h9=H%O^RQ6dSnZ#otNd?beq6c<-9SyT9*# z%l9v6=ikKg??I5Er1+1Ee;v^NOP*{(2JrHA{2Cw|8+gvG&0K*9bI!Zw#DGjPYHZEvzk^E&hsc zL;Zak>OVrcERxpIP!IqB&KUpGWQ^_HY_07KjQ`1Ga@1}9=F&)iWp?_V8tT2vpeXF~ zfZF?XvbMmkO8Z&62Xzr3nuRyGr3zz657kIK_wp!d@~p|fr!*qNTBV@7Kir)k@1K`?K3qR6eVi{G z`Oz94b*)H0H@gUuV9ellpFZuq->+`xo`Dm%naEtwJY;oL+FP0E@{+ZzcsIilvWDw6 zRBm5?L|KY@xC=?=X$~J&IN) z=a0g#_=(y3?fb|pXY9Q% z42UwCDb}AwRc`%~wfNRZoGs8e)cN97t8$s&XZSeJ?m=0ljb3pn_HaL~x(7HKAo;~7Yq<-V$_-GF&&~Ko1EM0ae%;j1Em>scK4R8v-Pks$1!}=4zVB;(8 z0!{yV{YY96W@bLiNXt#|D&~^9PwsM;E{MLT7`Lhz}sKV?Vuh1xA&`S?3MlP3Mk7ZrmgVx>wXn8)|nwoOig+E1W zwn@lSYu*+Rwh0TFGPR8~2n1nVeYaEe7It9Fq5p(+E%H>p+H?mW16*tsyo6Xf&R>8S zmIcdFlO9CjXQc&@8gf%b!d7EPuWm& zGg2HJ1<&Y;I>QncO{%WEB~Zz>8{GsQxOH+5bV_1MlK-@c zh(i8|HyU^q`rdB@m{A(!sR>nojlqb*W7StQ?J1V#FwhB6Sdw`diL%JPDsq$r(~u#l zlq%!C5aRU%bntFz=jnugpg&%xWEOz8jkb(T-g)Mi{3&-3_4Alp0Rk^^qTczdX75iK z4>PN$w29UeDFzy=fr3Q9qB&Vj`Wujok-n_XQ6({p#{NT+@%P}&i#TM6FCmA2WH^gQ zJ~*f)`0Kr(ih9I;zjB2kk~u0i2)@M>o7b5}U!{ixZ^X3S;74GqNc1h1#)=AODKzt= zlfMjo(x5ZmS;HG^JtL=PXf$H61vDP1Eh+@|==5WiZ~z$!-W;D9$uH13OT{Gx>)sJT z^%7WXpXDy6#zlk6}T=^k?MWRoDQn)|<)zA9Qp!G~;Fyn@_MtH3Q+SvZ|FzYxs z6|Hk%DUA$1-NZLTeaj!q=fQ;*AW9fj;;>$aP!1>lpY=yiXy0M%tF5O%s6v4U{3vOW zQQO4!U>x8L;7zbJiY-DxG7pi(L=`CeSTW}6zkX1GEhc^V0PD?wnOZZF4aq0%ogj6I zgb^^fed|MHrSN#kypPa7Kd;Kx^uB=Q@M73He z0z6=M`VS0r;m(t-rJPKWu+}}RiR@XKhn-7D)YNDs@V^yEPZUcmgw`PhD+&Hg1&NS%-w{hNg8Y#t-~sZ`((Txg5_Z# zVs^wUYJeU=x4>m_4{)}&4xe;269JCtP=Bo6C^suQ`mdAujQ0! zlZThv3$COBD@5ZJN^5!d?ffbAx;3l9Bh>Y%GIq(N?ztGb%mnQ&)k^elpK*q&X2Bn#b#vzn7U-vo4}cnIwU){8b_2o^&Y_mXhaSCk;Fx5$6)gLzdSYv}R6{)vl4tvSt<~ zRPcA@I1Slq^SRGtzdQVthI;dM{HE!4dOEz*{9c`%oO~YO=k$I??ma*rgR4g{ZMjq< z~jo(yCSXjgbrY!PNGQ=W8o$wpIrUQ9x#>YkRT{0 zF8KQXlm+kVz37Yu!ci^qi(SUL*slPZzjuN4BCfb#BJ83bVbY*F_#0yqDIFmG}2mLFFvF#t9^uq`>mj-I|3q(t_4Z4?n0u>hTbn*90}l|L&j!JnW)n^l^tOmz{+b#14>IZc1)S{CktjR z@x^e>2sD;GlXw|&M;fEW{7&rlw3|^kw-Ng^#zv^|vB zxj}jW#zg{|4lZ1cu*LZoEx*Lc0mJF{XIvPFZ`jA($>1dyj@tnvDZN+W2O+O1Z^(|| zfN?>NdS1EjFdozyecE+Yf038E$|*J_z4fCHJjc;xd)nbE-@)PNigUTqbkaZu%`{Rj z)KkL_l&cI|SouCGb6aTYfNc49a;i9Z^!ZW58_8*^6$vkMR8Pkppe>^TyX4nCCAN;7 zy`mYnC_OF%URjoHU;DKC2s6KSgJ>G9;-Q?y{)&>wXY@~yX!{)7f81iU%m1i={$2fL z;Q!O=|Ce3LKNBs;QSP_hpoi)HpbCGU1rhgNqu~d)7FY)T(^xP??>vYw%8Fx^Kq8lz z)S<^W9(lDYL9gF~V)BZ+LnKnFc_e>JxOu5SDjA05mu6lK>6DUB-}fMB0sSyj^<>zx zJ;~>*!(*G9wu6rBE~rFqK@TyX8X^^?$%vSm3XQy8x$C$Q@9p_^F9;L$c5r-lVcDY1 z0|F>V7iHvYsB;^aCXN5ogYaFAd*9R>7)zo@h=zVwe zr85CCFhNwz%Ucq-KayHIY1fkyn$&E_Hwl?ni>Ah{OTW03l6Ak*cngtNhz2sqxFAzy zCN{s|rRVF1Vi63acSHk|PdFI{94NqG@ouLN$7W{>M zs$<9G>CiC-I1j)GE$?G(=8RHMP|MkAS#C3p03N^nNg@iw7+-X9X^C03y7yo-0zHAk zqDR&MGW7*M%*sKG&+X@FEV~IR7>_m-jTo_aOK+?1Nmtx6771~=ZYGz7r{V2|lt5Yi zg*HHOBaBFsB2ExTpH~^^3l3))el?vD&_kx9w{kvw{Y1`0L1v06=0sm-u0zW!?wBk@ z(?*+vZK&yH8+`44?+x0>7zK}wo7x^8hILpvz7F?I)LVqga zcb_I{I<+O~Zv8wA#4vR9Jw*uRc`b=r!fA8x!=a2Nyi==>J;=j=hQ6s@;-;jbZC3s5 z=1=n!bykeqr)-ZE8tH3b&4t)p&79Rj>)`5Zwb$d9ymctLg^K%v;LNDKbDsC1eO*O2 zrNZX-4^#F39-JWje}WTwdiEaw_`T}s{ZpXg{~ER*-5BP%BLe^=5dr|P|F2>@nK(K9 z6(9M3`L<8P(CfRnLjwSUoc{eD{9}mGu(H-x)9tP6a60kicC{Xfc*t(HP;47xmsoJc z?y^uiF=2HnWS7|35N%^~s=cz>89ChKa^TL zN&FUCf27!d!ScQ18&4b}mNH~i@?KLEuF8A|WY;#sXuPH2toj`CIqbyMM zVLEMk4{TI{d#~}$cwYRJq}PWHckRc6Y1P;WB(M^Hbn#=yXb=_dJhg)ttx=d`{lw{) zwUTa@`mWV)Ytd?!@sq1xS*Kd}`R>v0ZP9C<@MU4w$3eLA{i)csxH#L*caeXj`ey1U zxQI80e+>&Vt1%05u;O-~_LPl=eV+jrt0pS!p5nt=tj?tF5aUgJ)55^KCkr%MZrE*i z;bu3;fzYkjg^<-G1AVOjF}zKDLdw^(*BgEb_L~0+{kYF&B#n`9I!`z5-nXnO+sxBS zs*z}GewAU}zc$^#BUk4ccdgH{j=nPNJaM^T-Z1JOe{S@7A-P~_%~Mgx>%eaSzO48_ z@*3ZAm21%z`>}9E_zJp4cvm{*8-y$H8@lY8t9kXX=Vr^(KwCDfEc-o>3pAMfeulm*q1{_s z;zQTXknN__2fa?Gb3P|Y>7Wvut&rZe>8OD##udXW!fk}-VhI@r9SaWqp@><{&hf=k zv@Z*;%*dd0ruC*h`?{}n4#%VDjBI<2yssl*qbkpW6dL0u&*gaYA@>G~Q$WL^KjLaA zZXt2S9^;^0tPpafVj-0M@>xq}#*B5^eCCe4-oeOMS*~rSGvX@5A&|;N1KmRtt@xOK z)#5a!t**;PPKTTAiRR<{DI?=716r8oDplBZ5Ktv#F@0EtU1CV-DiNKm!l6T8<>u95 zPqS&S(_+svoEOcIS6kA>jyIZJCtSe|$&GiP3ctBNo;Zd*CGS9`YoVR8vKfT)mmfi7 z()OO}&K)w{O6;85J~lRKWSJ~Z9=mTLSGuKBJI!1{n%aT8fODe-&6VHR`(sH{D|y*W zspztZR7R$(lv-)s>O#}=qO(sEr{Y}}p$l^`A>#OHPx7c)iPt?3rgcrLE=$#`wo4Kz zeANWBZ6g3uxg(=BA?~?S{)X)&rQX%V_mz#L45%%?Nj+wt@Tzb& ziK(IuQ22Z#_UcUjmXRG4q5NvV2LOh|B3jke7d0Sl^42GfeRcxSu0{)Fzu=fZEfb!a z#(gSi)D2~>*KVG2zrgB8;Pd*_uL3YYhRm`E{6%zGR$EyxJ%0$X18wO*O~Erc&!on! zgKfZ>o|#fm*G{|ERaL31=6OK%I*OpeaX5x#RkPI+1H860YHAEdlx%8h8XF`kYW{-f zsOfGsMq4!Xt^5o4woc~Kg}56J?Q(88b@6I#HFKXYjjCFjIEG$47BU8v={RUjeB+ut zO&>#-;ptxz%LB0=48Ol{V|-$nvcApBW@)Lf`=n8sxYhu(`Ry(ywJCjy?JH`GjwvRi z4Ppi+F3;o*NQdDJtylK1mv}BSSUQxf(H~IB)c~tgbvGnZ^CPQu0aP;ec^XW-P8e=2qB2a#Dav&=I+~EsOnSu6WzdQ96+2!*b_*18 zNHx+28s;*KbpS`03n_e6I%;K24Z)17|54!IeK5@H%p#f1ek|CyP?%-!-b``NA@;?~ zS)7)ASKnL-Q2IJ)0?t^N6~%nB=zkgbYualT?gFNdYm=`%U4fpAEqK7-5zU;<_z<#5 za)q3cw=JlJk<^2{X*hl6b^66-v$EdAl7gvT>3;bWmXoJ5;`}W!^a&IRU+$1FDsK>~ z6l2XmW)keg>Ag0123+Rr!Mb#i!tM~%JgT!3au8qnB+7&nj%AN$=(k0j#h_l3AdFc3 zIeXyh_N`gD*zHV~QF+mHQoC+O8_$Y5)nrziBO$fFJ1LR9Om(C5G|gGJGVa#cNC_f}voJv_kauKt&hrX7)D6 zn08-4bFAI-OMc_wTa*+Wx_0QSby(8KWDDnhpo5&|MD4KCO&gD$Fz%Yf!5xXtYfNw* ze67+zVw5mfSSllDM6+VPYgHezr1<!^617T7RILFLzY%tMuwBdxePh_r!2yEi)4pqd68#6DvRf~V zu|rf7PL36iSn#Z6a;Q5?nxDH1p~okfWlk8Gaz1*(i&Uv_GIil*r=l{*q&QFQaNxLl&AA2+I9v*M}UL z=|DQXCJW2K5Ih3C-GYKY!ygV{l1N;@JphglQUXBvvPC->rxsY)p)#RW6554N(0>8G zxRy^0N+y_X)*jLg$DDng!_p8y@p!7HSaa(LzqY@q6Bhv!MLeEXk_BTxJ@O!06s*nRmQCCYO&cS zyY)<|(|V&VD>iTHcIWiEGsSH(i~PIMsuBj2n2*sdYK{gN{e8&G6XX%tLKcl6+Moij z&!CZW%hOSZ9U}6`Rz4W8Iz-_z16|xn46FmwhrSS zmGDEY+#MehzTCea59_rJlnL2w6|*WDy^-o0hmy7SU07DCRp$lgwtUM88?WdUy|A3R zb|)EC!W*yU+0G$nDC7wiT?Tq7krs#n7De%N(8;-$i#!OLU`; z7Z?Hr3=`!73kYj2R8Yqbo^0bousn8{pmKGji z2zc5+Oo(k5Yw_Wv^m;F#k)>z&&5a@MLy_ovZ7yPm(Ul9-xwFfX1 z$Ho4`f|>+xBE+-?XZnQ)0)%a`vD6V7(5t!abgt96{rGO*Pe6P@Ux(F+G2kCOqiU0I zn2Cyr2-O75LV+_x=23oF#p4)8@m9R486{my3<0Ud-Cn6*J(8V*Djo%C{5-IO2aTQJ z(e2=`>g^z(T*~oxvMgm8)b=u)kozP(0}=+eP^f=u7mGK@VM&VTUGGt}2*NWB2vO8I zPw7oxwh!AWn1NhR9vmv^Xq2W_%=tJueuOAbB^Sm^ZNT&Riz9~SU)U@c_yq25h?&Sj zVyPzft6(gCYpPCUmQsdRQ2dm{B@z`+jH`+EFB;hG;-)M?WtS}98YNV_*j;+-TqMXO zN}WRwI_4QG#aKz}hD0@q8nh22mmu*$d{r1qYb5EVa$=PLuCHSq(koDS7u}+7*3qE8 zkyP$|qnM*P77Eb<_BZ1YS7bb*jHX2R6_}~|aZ@EW{8={3DhZ`MRd(Sl5LRhEtd6hl zv);K&kJ?Q$MZDsaaOsa=xZb`iG`*}-w(GEM7cjn!q^+{q=84VRJy2R=GGG~Z3Vl<@ zRl`FpOn)GXAa)aRmI-IO%nRFdNuQuR;=n7ii~(#5A7>&Rk9+(E+|IDbSTckB{qAe_ zS-{;tGxwq7YSA@>JtW9kKq^WwldS|Y^`jik14;TM~Su@XM^h5-hh!gB5 zh{F?YhaD?*?2(qDu;-H1_^e{(25)7P8V$Ri*IpH` zRp72jxB=s1p*SyJ49(Kj6`gS2DGB}z(5e}LmYNC!#|tx;s|31PUcWUioywpxKYrO! zaiKP|mR2XLm!6w}y24OvLb#R}rB({xXf@l)ZpV2k@O}w9dxy#4rcaFMqI|gAliOt5 zkYD@wE6v)c;;*cD#6fN1TO!5BvckIYP_hWbvY|i-)2sp)){vOa5>t?P2P+1pMN7Nr z$|LYNQFoPVBn~i`s116W@;5EFPt5s7QjJkWgJz)pyi15QRLqd}7110BEwYoz9Gh@2 z{M@L7Fws}Is4unDV~D_KbB%&(t&Mzy4xbIS;fvf(s;wL$DMc>{f$CY1`Oo1q@laQA z$Be;ob609UE^jXnWIxTM5Kt z+iW1p$V-ulWChpWI3oZBvOJIXqq*#tg1`gQ-QN1!os9*@N74w|k6kgCXW^gTj0j2? z)SoV<4c>r?LP`U_X|DV{^43T5EbuQ>jwB~kt4Tn z{9rpdpxn}==5kRSF(8-_}$*94qnT34ws0UIt z`D4RGLN(^&L?RX5CFSpFlKqP?8gtIkr*9CR{>se32JkKOU^=asZaPmwnetQU(Ys-a92BNw^5vn~WQn-68~YIcu8Y{s^~+k0%vNG(%l$+zv2{Hs zMZJN1zWCj>S;8=19@r4FVtREcQMDATrZw}8g&M2E{FW9F z;i8KGMTNK3Pbvca`IIM6X}HLD|M~(ns+U{C9~`z?lfo&A?L9xa*XO5!qo3>L%}y7! zR}6+5qEYm61dDMUpso))H5&A|%v;?LyoDbS|8~T^Y1?hVE`gZ)9a+Np(2RGC4Jb=p z;&2f{#}n0u0Q40mbfH5Gu^u#?#`%1+?e7*Yh0_F**vDV4;8)^5WcLh|t_lra(2`AM zm2bN3Lt`Rii=~ksRoqlV&yDfx&CEBXX~7f84ZX7-Db&!N)0TchOd}<>1Iog%hZkmd z{0wQO(!y=;Ota~ejl^YRI}vpWj^v3Gvkxkw~{&1!*$RIQCP z7x|EmWc+QI1~p9-fls}obuT{|xW&4Z?O971uICl{s+HWC*r;??PaD3mMyeM%$EFT7 zF7ET!_RZJcU_%2`zzkpI&6n&n(!HGHrBVM4>1SgU7(ujqFlMx9sM%?Tr}9jx+4RXq6YU(>=i4r%y27Rn%qay0}4CI zn;7A;eG5CyI;uIXyJ$8e1YVkNxRs*0Gxz1Jn3FCJpI)dNu7jMpi-uEc?whHLCwFIB z-kY4Tlhbd|Yg~-&4eP+A9>Q%A*0ECko*~%=i}W1>y9Ug3x~2tdv}3omUtGWsakj{= zsZ)L;tK7YfW}YtXyd%?tPaZx#DRU}{y|Yz*iPyvmSoCc;qTEhyf*ohB!oLaJQ#%X> z22}Bt5@=Ljykz&4RWo;RARb^Q==R~r{`=UL!XQE|;(wu?obY$?Yp(Z#s%A!bq zOYcMT`OSL+*=hB-toYs5B%hHkA5L>}KB((}P$qPtXPqmGHx<2oE|-i*@A1VY5P z({n@OzUZb~4{BS4=BT)17;6qAs_tQVxIt$;0m5`=68kiQR%a4<4HGp&4J9dO&Rb?} zpf>0ueDVT<)h3R3RxgO!b)}Fdk~uQ$kA-elrzK;ODyFb`0FX^7AFT*19!&@q3v#%< z+4f**Y+M~?xhoFcU=zv?67>8WxnR20x(!SlvYmm{*i56jv2w(r?aX{)b8*cq-)+0# zZTEv>`0(sGlA&&_tRYmDOxJQ=+1a1jNv_?&>jdSxW6QYAx=Y4nGT4N3sJBfLmG5pT z28{3M^GiQR2duHR!br4D+E5-F*uYi~g?2F47jL!k7cR2>8JS$Ady$$y%kmlq#7RDc z;H6nMHt|cI^F8y&BCa^6V(JZadGa4^sJXL|5;ujtJUqXxK!3OFu`}&8BT<)mk}(Zh z#Cu8!aXS*u8(qi6N&awsw(0GXJT%S=)P93+*4t+46O%1c`*z&beRGt*k>Q>kFdkeQ zGPypgX4932X`?gCs|{i6B?a*|9PV#=PaYOq^LI#Y1vw^gfg&28!S@V=y>4QL8vtqV z%D6UHl^fhOYA?}&)P`p@+zqvF&g3Q)#-tUNxDh@Z216f*N^-3v?YEe?VznE)rRW{W zyBAMU0EjKEP8lwH35k&_Y#SnnaS@x$N23BNtg=Mh{`SOIRw-o+|IAJrA4*broJi+A zO6Rq^3vPU9Ujms7(@^GyMCw9@U}h4lh^>A_@G#_Rwq#!{g=>k%a*1}(EIA0ZVZUv< z&(LfJa-+e=CV2!;{~;f1IZ z55mxU%KK;6k)fDlIE7!g(4w?j79gGdLZCE7f1Ml!S4^K4 zyJrPYv_nsvcj!QoIiGl2EbA08OH#~6bC&fA+kDRM)L)Q1<3qj?E;?YTZHQ}raS!-n zdWm;k+RN*`eTv`sr>-B`HlDsl#C{DmLUquc>r`}}rn$pF>joIyo@-JY*X__2F4Y~L z!jz(^1rey@mfE*gD}!IzhMBli36%cw2vgbSwN$8Cc`PmdHW}74kbU8|-XN#n2;{qO z6#Y3`KQ0?(s0nB2>zPFQ2Iw)JzW<>xSaaQ4@f_G@2()>Y4-{mOB($kH#xaCp9*c>^ z4z6U@BxkLiII-h`y>hmw>RDseio5+*-HLSI^+w)!dD0g4-n2`2GDLW^~TKfV^ z&^f8ymLG(7Scs>g?xxmd=P2p!-PR!TfxiUEvz?R*S8yn!?B4w@;uQ6z2GYh&tL_23 zD6!iQIHPJcnrm~pcu$g-0TejCVL$>@qSMF(_Gpes6HCLQC=SqZX1V&{NGkG{@WDh= z|7n4JMmWtKSY`ddPlumeo&s{zVc}C|wa&TFF2jH{hvw*W_*4r4+6qi1u<8AikuO^u z8g)FFubw)sLEzg%?Pna{$deVmT= z>}JJkm~p^hWX$oc7S5$`3a+F;aEGmV|MEmzQ|8!8(!jswwxG!o{H{#lg^sCi_*mpB z2?6}{_^2nhI6;<_VUQw`lOL#=YC=I2gaTzYLEjU(pu)C9gomr(h`%G^qzC&To5zXm zk_sZ2G1sjr%F2CcE--SN`VaA$mcYvwXmM~m6q ztr3va=I9q52tgxD?))(IfCHx`+mK^-kL@cc60A$Mn|p%5unu(8Aa8?|?qjnjz~UBB zf_I454ccpy3k)+I>}*QXs&}YwON*75`vBlsH(u-z%()x*q2mqX_iivR>FkNZ=@PkR zB5Jn4&1r6j*>U%sN6spHYsaj12UixtHEq4-@s?_L_ylK(jY>c{8XMM!8=x^V8&}Ju7^|6%Y__Jl{ z3#$$Mtrg!N7+r5ku%n)NMFU`PFVMZ=Vs?c3$f0)7bsV8gg>L67%4=Z&c7SdS4iQr9 z-hbbfN{nDp@1c;7K0sLL$z?)L$^OqeQZR5F;}&`)lV;(o6Ma_;h~MjLQyINj!z35BQ~T3-jQN%EEZw_Y z`*d;T**jXe^>!WwC z7qD4||Dr|MGJ{~ze#qV7mOAC%!qjP;XZp0AqC0$&@iNmzCV>5(J7ih?-LUBU?h?VW znh;0gI+Wmc^vof8BRRFU=Q|P62Haz!i#e1Pi`R+6?0$NHo}v_1bXto^bZw zFxcrj!Z6dzaclUZIUDx5ayfdXzfo%OG1**1e%kJON$)g>&2CDjAG-$Ij(ERYFrn=? zcxfMIAl4ejDszfz8E_@mfaxs5hX?1zi^Z<+s|G{wAhb1;d8q;WbVlNWZDo0z_cWt8 z29~TfpW;T{HMJ;|H7>g}bKJE#MU|jIoA1|<1+1PB2AT8VJm~dfP*|+FiHpZ<8`!2) zTG6c20X1^9r$8As@WO-Lw%70Hq;N+o$dARNS_`D?4o{cE(&Pc4)mWOez(eKB~-#!U$pvUB*cv9L``% zs?i6f;m1roG17_=1<>PWN@y=GR>L9@5fp}|d~rIECap0B5OvpMF3N-#R8d5*xx{Wp zybfm~az;W8r5%~0Tu9z>$g^9C8%c8p!gqu@iCK-IMP1<4^O?8=%D03dQc3wuFM!Ya z>`9t1R)zm8sJVuTq&4wh9mN1yMn%7p)YD+z%=6nnT(aD|m>7oIG{`Hs0Y>Y`p&zq% zGU{H)Z2g<#skS97-p?*%v19}+x?&jY=&*UTlxQEkHE4N3PuA1LDcoGZO95xi4kWQ1 zoxI^W7un$4OI`X#gL@U@*-!nVmGFdNAFewRPe{5f%nILCx^%3pHP#!OBeI9&$1*f2 z2A-enF#dQU#47b#J;8O1`Fqe2S-0O)M@#K^wV}4|4!dElW)lYJZEQFrov+@;-Cf;Z z<~S3oG$#D`|rj!f*p(w3Gl+t0pQdBYkIk2(} zSlm_Bb69pOnux5?a#dJIj`u9;i>v{2nJzK3g3V+QRwA4Yupnz%IPZtj&G%@@=5)jf zHGtmH9Qr+|$LUir0oo-rWk_m(6rO}Yq%7Ncop1{l#Nu=843lZ24G0_e`ywyH;C}lY zy6b#1U+-~9PcnKyy(qNl>-j5JvpLZJR(Fc&Q^U^9WKBsa{3ZaBzt2mbvoaLj6fe$2 zVF~UW*kCyedLY6|3cgO{89(I(Nj*Sn=U4+)+adENC_o|Kt9_gcwC7v*7bG2Nvm*JOZU`q6IT%8G~F9&+tN#7}nLj_ufcg+oU) z*p&Hrj-?3S-tId^N)yFp0;sP)vnL1jy@V}PUz}+7um-V;&k(^ng~KFThXKQ7Vl#-s zHz>sxGuYt9XmU=ZQC|qPSv}&+Pzih)Oqj6`ny_N zYqh!N9DR)5KeTtkkf^#{Gf#x{>Yh+G1en0U;OX|wX8+v)|7p4%CgJ2r^v|6F3hHY8 zYzikX+vQ-qAFg;T$7yoC)H!zjnle+CDq=PkIG$twLYQIZ@N6@*pz`i<-3LlaqF_bv z#%X&jnZssnoU)W!TWn7iq4GHxLxkXwzhsD6De;H=cnnj>J@G!rH#`X=81eFTe!#yRouNMJF^{MTfC53D`9m*h)o=sTk|5 zm~2IXOtNpzLYkux($mhTJb&)-rx)E?nL9u0N$4HD5vVvv1-Y}^up=#fjd0tRmf*nU>@Oonsc?578E;1; zV7O=kX_q-NK8Pg~P!_V8xjJ>Jfxm4Nrd(4D>J(?88R607V{)$&qGA!r8FajZ zU|i9#cz8UaKU!&DKsP{SXU}8~9j!__)HXI00-w-JBaVGw`5IP*ya7YO$jP>EVjOc6D;Qp46Wp+P5Oab$`h(E>?NrE52fdJ!~LaN6bN?m+g5p#3y z^-yFy_e9t@H!4}RFomMpkzS#nl`M8a1RB2wc?=mL&YU$~FS&k=XVg+W_psSFb2Wx9 z61C)_+}u0$1B@ueoVJjpvAUn}6k!@n!mJoLDae-t3(yYQjiV3dZn51HEx% zMz=O56o*Bv`5GjPJKL@Em{QprFFwEt6J}`8&?z5=8GQ_6UK`LfHoFeNV7Mf3Zz(&B z5#yF?u=hM}(QQ6j3V73h8?lr%OGXy4d33{ed3VOpqlh~UNN+~9GFhtMtR{ls6uj;f z6q!*5!X#~<^ggw)&nOqM9mQ|hmx`z-8RD(i;h-IZ4XjVKAz?7~ID(*0Z{UDDEh&fN zRPYzjbZZI2!R_OQ@QdMa!ff2}X%&nI3XfzecEl5I@r_cW-EC>vn{V>i&EEcBlZZ!Q zyuujI37G};IlLEXc<;O$tPBKbgeek4@1zUNKz!0MI#dV0ye-2#cFzcX7iG=Hh;4?lU0-ODS~tb}z`i?C5vp`S|ap@E+gOmx~Akaj)e){A< zWf3tr!Wcnst@==v5X(zi{cpSg(s*EW=^rXMykdDZjBSi8TT}TSquN$uor)qLF%_J8 zkucJ&Fy%yLZfk}#>ggFRd6fyH-y!$ugP0M&Vee{ys6@$QjaDexxQwmyM>up-28Beq zsLnBx*mHc@^!?L1gBf*fHZgMkMp`-r%s}aS_?k66_L4G_a#P-BCQa`f->htttag%@ zm}{mFpq9otdb!bz(taU}7l%9S8Hdu#RK_YP;tNnu+60{`oP846h*wv5X`>RlFnd5Q-;_7m%J} zo~Zv#|GUO_A*3yrbfc8yyNiz@%6`EL;F(-h?+S8F@6phQSgafTT|SXHp4Gs<&7Gm# z?sq5$Il}w5rPdXuA1Udy)<)|5e7m3RK6kf$zpk<^ZOTtM20T7kO?z)8b;(bI$8{4) zO|Bg7dqC@`u0?8wPs^U7JGz=`?`b@?x8w4%aR_(1ju?F6&1VQY`J;0XQU4TX3rF2Q zwli)j;u9-S(NdpVTm+OS{*9(uU?2>*E78&gLrAP4BR)JpI>}N?-;Nl_IaU~VSpsV9 zXc@FTuczk>`DA~2#sU%4TtP^b*eXxOl1U!!BweFT%r7^bkUl=7A|C7{3kx?V2dWpi zog0MB9miS@&oBD!Q2R15C(D6G*h3+tW@D6cNkmnvgZ0m^Q6`L5ecO3OR!YH3Y8uFOKu~G@h6I^&fH&4Nw7*L##~n zhoy5= zsQJ%Uvn!7{;%Bmzhlf@UU$oB*Dzk1ZZOPXHj!-R*3f81s36y)LrSaP(tRpuY3pUwK zTVy&`y>`_a!wfNfll6-I^>2XKZZEnGRk2{rsmV7b%3101Atsi4Vv?*a(BCNP$b~rA zue~?ZXfJ}L%jF95vAr(7cAa^-%f}CxI*asYs0x*@(wcQNXioYhsGaXYk9N5boA!f1 zu;V~oin?o&VNnvOFiW~QnidEhx+GJcmx=qRM9;HOTfG9Xy`?zG5Wdi^`jQLOSM1Et z)ZXl8VF>AzpiU4D<%9#4?L5_zoydFs4q|ay2t$~1g_=@LomDYtSZO;tB9?e;_qE8? z03O6WkaO(tJTVCY`=mymrcoSoR1#C`dj)9?3A9I`iQ8wPfU%&f5I48;q={LS&8BNP z#c!3EBy@!jVejdR+)8& z!#CB%>fh76%iE70fC1;vH~aI`Ize9oEp$NB!fpqMFfgKF2BwD`eK&T;ss`e0Y*klYPq$W<+PM-yr19$rmfibQdfPxzo6~>zl<7C zh|6^QK}h#lbE@87Pu=n-=qiw$w2wJ!P;ud#UH*CM*z~ zvC|6igaI(|;k*o(7PGBH)=F7ul|;+oN{PT58%-qMZA;>vR>h`E;-4-_g_=QP*g$zXc?bU=5t1J|9Rl}E<;F6`>B;ao{IwPf|NDt|4(((FcPY=rT&bgkX1u0$=POVt><5+)#}V zvb%oW&W<0lxfo(TdkL=k7}Dd$ z4pI=-oSR*<`k2_>DHY%mtVje!_kY1GQ~@tMtgPsOOP_bD*KJ;I#Ws(@pH+GQn9_Fk zImybqRY4~yR3>=It8dOeF;^JoZ*nrku1Ir=LiPMQ3;Sj zI9Il`8yai{61-@NEZ-5ZfxK=GJMOb|HktaI!>Qctonf!HtJ;4BdN}6?(e#F@0hgH zac1dzCxC?>03@#ea-hZUAV~F=?l~tqw-ZXK*(S`?A$Y0cVdGzJ{Dp~*vqqZNShm8# z?jmv8V3Bog$|I$bEWb9UK)2<_la-6)Ks>HqoPM5uyc=-|Jg004nM{sgvv>;LgTJ%9gx57AroC#{POh0M9m zWKeR0?c7vcLqD8U5DPP5?u!IR4m+<^t7EZE0t7udx@U`hVp3v zzkxq*nfHhyeg^j8jP(KjJ{h)YwB}K?$5dN{<`K>Hpr+QpCU4h_ z`+OGoSUK&lJH0yeP=zX2gBI~ONoG{a4mr*nEf6K^C5J*uW)a=;7HPq9ZGPO*)cFT$ zx0E>Av5A}hzhlRVrb+Cu5A)-ygAr*k${Ha&c2t%?>5*E&bLggx^=|wITlaR?<*xW3 z|7>--JPz+{_1iwHK7;*nDeY13BPmbff(Gl|nRx;yN)|Y;0Ld9ZNiS$Uok@C`UJ) zpcaXlZpG6M;6MLeUW6`1e|6aoD-<4iPopi#ac;g$H=^GC`#S@njpDrJ>LkY0c8n%~ zGIrEQ0iYwHfe{r@T+bbw^C&2UTF zptXc`=At_88rE-h;5Dw_t2m8Qza*f$0liqqU*8R4ugQ+=^JcZ57$E&td%7U`T2RwnrO{+7?vJLYO}bJ^Gfw02Cz7 zJvycmMl@6@=d3RX#WHq%vA`ki8?}luCUL#VMOuyEHzIC)k0Hq8H5~t(KuMuMb|pf) z`w+KHhjuH>2lP+UoFQ8n5ED(lfGmIpP9*^ac1NUNd&+^N91eIayZo3S0%?AdU~Op? z2iOr#i1s{zrjtKh>{Ve4vxW!0wpF`y_nb+)u=oS(CJR7GFTjJ{5add>*pQM(ly%0K zcEi#IqDJN8$;ik2i#N`ev*#l_{wXh~R_<$qo#^dX@G)CcUe^MjekNIQ}&Mw(WP^#^1<|&+^*!!c>h; zk)3ZLNYNR#m^D+@8N|qrf`fP_%W7S8&e#kEmX z3Pej`TSZ55$>s_k+Q|5spN}3J%pJcmIz0J(jwNa95H12TnHGS$jHa0Ye>_1(Pq2_# zXL+lgpw-tIO&N+g?QL-IKi_08anibF@E_a!rvGr*U?yC~kZav*dA39>#G|{6b-h?{ zsoROCrf_42n9F)ZzF-gB(cqV^NcTXfcCc+Y9o7P zi_rSliz$CDKV`Fu6Snkf;xzq9;r5YEx#cZMVh`27Cnm z$9<-8jbaA_6_!?owWod-AIPXJ^{KL*y!w7qJ@5KwY3|7JjaOZ|3AbBXR!y{Q~;%@X!z-pn(SrQcU2D5g1D!#1Nc- z?g#*h5=H@rGO8CQLt15R>eZbzJl%Z|3ba_XoHH59y`1#$RdlsoK-N&wGD65g(p1(| z($umJFEy8JpZ4kHCF$ef{ zf6s0H?k<8PF3ZQuR9DhcLDw*bZvpPpEl=K5(yLQf@Q@ZRbK@gvE=!p^?iYVx77W0D zeMg{HvA;lo008=au77Vs{hv14fByyPC`{TSGa@wqoif!Zwnzq+IILez&XD0Ga3~v- zgCJF=DU1Ej z^qKElq+6YzM}q_!Im_yiGN-PDL)l=TvV)V=Pf8M(M}NZTX5}mN>j6rD;kpy7E!1Ct zIrA0aq;OU*n)CyVHG)5bU(4v3oIu=8SvZ1AcY|As&iqOQuJAs>u{Rrbm$%e-P*kXl zxMYDaJ}k>k^N{&!H70>P!XtC0m4GEGQhP@Gg)Rjw($d1Q*F0(TNtjUGQ5BL)ze*pe zQf&`w&hQ*-PPZ7wy*{tLuKgRJs(S6yvzxrWUX9G8Wo(=xM`5nIG^u2ho2OH28GqWT z3Z1NiX}qv8RY?KedZ|(*!Lg<@X+4u@7xfa`BZ2+Vno)>Mq-Dm=vjucr4B9Y^U|j)m zyXn9tc^P_9UZS^iQn^$5G2O95ZQ#N7;0mgl@>(YuHPs}+S6>}?qG^6c&*@G@?>pTl zx*ksXh^jbLetsT%TaY&B$2s%g)+L$~bF3!}0Dv7e008bkJ;eQw?%}^i%vWpL#ICa; zeO>AG&KIb2mzL4a$VILLJFb_&u9XNTYAb+12meI$*_tR2mODoke1Dq0$o{SReTr$m zpFFbLIn69=rty?ePK^G1u$p(JUYZe65#o9PzVswLvUnEa8o`!LB2${SG8+;9I4xY6 zVfPA{^Bp->()Slzs3Sw3(tS~W(6ZhRT#QPWxqjbp5&COpL8gT~S)Ub8M5{=0M_C=T zk)Nv1wW#3&;>kc?anvx`WYyAHaBG7wzxhyHCI}x+AZUb}uaR|?X~ljA-kv5n^rJ^& z+TXyn$5uX2A2g0L>unyj99uGeVLo4}G-pxHsyT6a+Ml#plQlF4T2!-ZyI-MlQT7J- zG_#8WUtR6Dg4-6wh|GoK0w6`;;X&vRJUHh!tD5q(aYb|3xLYSDk#q}@IP5vF9tDe3yf7y*0{1eFUg`;qV zI@8(#U@4CI&Uo*2ihH0Sb9dCg+ceC;?czq7ER)e9hvVq<-QZdm zrg(a%%&aO~)P;b*_P0?wWka4%A-CC*$42RSJveNB-?g1JCpcMu} zZ4EX1%wD#xdLVN?H08g_QpF=bcdsu(Wrst$+5D{l@cb^ytsbv01XoSTT$Bn=jGxT; zJuM5gN{(K%kAD*3U8P<#0{!{KP1wpXzS(Ydm*6@<`!4$(*b8$7I6a}+FX>QJ5J)=& zdXxBR9?p_5@?H{JM!+gkyN9q6#Hp!v0G)18zI0=4G|`>DZ`c%&H|JxcXa22TC>JMK z5CLy(zaWDm`d#l)rPQ4iQy`s}x=;9ORa)Fk2CT5E6YcwhPpu`>NpaQlg* zuxL}Zl#m<{cx^7_D>rBdV7%l%LKzLIb#UK(UulTfiS-L{G1Im6c>}DwWb7X2kr$JQvx3Y&%S&ddWStm z^^6-+?4v6<4o_Zt4l_hwn}F-;2Yn$om7ohp;Yw~dh|_#N!7Mh456CPhx)}He z5tgwc&!A>1|<>& zLDyOFd%ch4FFaOIfa)dYYZ~YqU|+fYeTPVamQWQH@(=3#4=f>UQ=o?^Ah=wjfX6}t z8mflIMA%77;2B=sgm_-l4%v)OVJ*~o?P^H_zYE?jZ$XybNtw`wl&mwM@30I$NrVXn z_dn2#3WEjNeG1VAt7htS3qHro_~=`pE!?G(kkS8!iLyWl21>sehtgIOcY_o84@$Cv zHj@R=5=ODx8H8c#^QfqDjZwM%jVml$04(WJ@a9$O*@Y+GNfojoHZ_#(Q&1Q9>1Xf9@~AdNU~;W)XJjhk%MH@bnZ$4iI&t#<)?ILs)w zroBHfFg%QP@A;?U!<3nOsMkKX8g72f9&p-}BNVRXje!N|zMm0sRMXqkTz}-XE1*iF zj=rEMmz#aT2I`M+pztQB!u*KV(g=;AUhRb9Xi)#O+61&?e+M{O61w@G;*zgiY96T( z(nP-gZMazHq|7z==W#p?uWV7hRLii2)4n2mi37P4^rt){(UTX#%6*J2b6y5R_~U>y zI}mr=6#PTZu5w`_M>kgd{P20=M_RLY36it91yv*ZjEqj9BwvacwmS`(erOe7a6L}3Cz}~ z3C_q~>^4Ydk z+?ik8tLaCkyLlu-$57-mltZJ>tV)04d#%RIkq$%LUWQ0%AL=-*?I<&K@4diYS!SXq zdW8-QBK0C#4ZPD*pG2OLfhrQj@Exlt@S;lsNLiVbP}Of;+F5=z!ks9r=2e20qpNOB!!|^ z3#3nfQ|OzsN7errGpx&-pxAurm~nnWD{TYo(TR`pV(hiI4Po_cL6oVwbK=2cMa_kf zLyVA%D+4CG0pjZ0@Os7SN?W&Xp>h0rF?7xT>xhm|vMx>JyoboyOF6IC5`h_g7G8f0 zDn6l#ye1THQWasQg)nYK^=Cc;B-JxI&pgN;SKiz8?e35^EGN-*74j?BdG#_xTMzk# znxtr_h>vuXk6bQi1HXJ_oP_%mjI_dv@Pl$GgVvG^G6p9xaL%&VO29i;fV-LxhgLi( zYL*}b6#vPz6Z8!)&yd@&&gTX*hJ2CW*Jov9x6XcVLwjFSWs;dCG#H!zNF-#YeKsJg zE?a2Vqr{4F4<)`&$hrSId2QbH%_YRtcLX4F@mKv)eKhl3C1U8&9}I(oedZ_5(q?w- z5}FAUn120TA%08&qA~{DtG-!>UnV}`d%jzHkl7vful$P|vg@!(YKBr+gc?NNg?2R#lJZ{s{^5Ep2GZpO<* z=2k2!si}*i)_A7LyRAU{BWhw%Uk#ul(9VV0cs=R3DrbPy?eSfy`NBKakv=GLu#+@^`FVGDf%H2H^h z0Nc>fyLR#jBi$~aERxMi4inaL`v#ob;1;9ng&;UUz&&>q-g5YgP9pZQc%HI71hZ_n zuFK~%m0n1NWE(N@H?Z}G%GmtDutxmu?VhPOX#tG3T7N2N-k-J>{y(i~{@+&CzpiP#m1XSy zkwA5>hCmn5Dp1hWfdUbyG;0w02f7)@LkT4_oOL9DeDt-a_M30a#gP28BCtT>V1J)@ zl0@>U*hQseF@iperK_IKkBT~)G=m_pK7>@VZv~bHDyV63?J8+iz;xUku&cId${={B zwoz+BaITmZk*e}U2NPnp4z5X9mfWeDn-6LB9b;^gX;ta=j+cbxLjGyHu|)Z+xyd<(HDrErl{puU>#slz7CinTAMtB zo=6H_mH+fJd~D+T@M!-&hD-1mlp|52%Vh-c1;WCRdZ-NAEO&cwK&=*%+Ci(DCtfm# zrT}%_h^DIje2+Bu2K}IRZu)Bl*2H_ zc;f@!QH6)qN>)U6PThItj_p_hnDTpDgI2PVv3l1$&3L4(e|5ra649r~^{MG9!0ICX z1Q35f{gHquIAM~4VAw*TZfv<2=M`u%2iW#oZ2l94V}-svX*2I!UF13c$1CU+!v594 zh8QtvAUSAgpV)1tu!rG7ho}Udm#X~M0lUENd0?$PBEnQp=B=s@m=_Wy%y zn-1;X?AW|>mR&aXn5iX~b2T z+aq>3C#73NZo%$=&PkV?Z?Z5;Fwvq35-^|{HN=xvQ;<4<-)}#2h8BrPx|IG!f9CQd zj_0B0vE$(>8s5JJ*U_dna>{{BC+%AhjZaOUQZ-B`w+y+iO5iF4OD`#y8H}e~P~<;3 zq)=M?t;-jo_}QUaQcwr)p^{pEcXG9;$#>crCANR-#=?cbZbgcB$1<5q8$Ky!lFV@4 zDQm$ZZ*xbU3=ux$RVWf~^>8k&45F^)Tuzj?Y8`nQF3}htbXGQ1VUwRwD8ife%AJnI ziggMrBT^QJ%x0Gpp{xq;-gbL!y6(g~o&aJj zRv5~(9T!#bB55M23&q|iIWiG6OV6y3YEg0BjR_N*;@GB2a>pdcdx6=Mz1lo4f|g7b z>X#!xatX1Y?;9t^S(g6tJ~QtP& zp!K&ZnXnbvut+zhf*{hW4Ed0BrL7+3%W!etayT~9 zzk*~wb{~KjMm9NJn%HbBzN)eb{Iy(``jahG!6dFqH>cqGSzjX`??scZ%#}-}N^^Rt9?^nDe-7XyWNW))oxLo1d6tX{xX?b+U z2?83X{0C48IvxTZWRjQoU9%;ayqJ()S610%jLIm;@-PlXuZ}}H)GB~m%Jw?RZm=tK zOHRyg?YRVANqeDcW8Hio)O_#nudDp~m9eR*k>mK!!U4rYvSELzLcIk;i9c(Bry&~# zN7_j)X-*peJTwk({y^JQq`OTwQ_QEgmPeu>J{T=c*l}6jI;S`Ap%-&`K9JDeSP$zp zuy)h43MHp$b+*`Zi6Fn-q1dI*(b_u>Z*FdyvlIZ7N(r<{pbLJWZ?J{$OWP{r1X42% zsidTi4Kpc7*&u}GE>j^l<);)9x3-ldm@c=K7sSVU%m&IbLVt5%S`D!btr1c;jg4P= zwFo0^{-D8P)sAo9D+gmE$E|AJ$C>#MMAOw?nL;tbu^73KNzj(PiSc_epzo}s?VQc^ zOVtDKzzr;6>i{pifPY6|VVKA+c)o}beVlt!6R<@0{Kw`xyTT)%NY z;Ea+e9qKCYA2Y8D)gD|wwmaJ8WOeboedezN29n5KA>~|f!687ySiq<+8#b`m<3|AV zYsU9*1!pXs`$}A~Ge$Q@s+&TXsZtEr_}GAQ+o8x z<#n+MIJIUp)ykv8gWN({WeB}kB}`qiZNUj$2#*%>ehE&%1LGMAn}w5AO87-60#b0O z{E|h_LA*(gW8&BafFOa-!APPKRkgc941znU9*N{iE-vLP^deMAc!+Hc0~GOm&LY%h zNEM;MyQ~^wji4g$_nZr_pLhH~@*MzX!Yaa!oAQREMD$hVQ=!Cd5pL1-0@{ z^aZ!*kiNAsnQ*6>yv02pEtZujy$EG`!de~820Hr}gIhvf?O_Ud~M}bI! zS!i`Jv4i$8WIANAeJseYCu&g@n?VuL%8@|@l4|n|=~B4)znW4)bI-&F1q|f~UGZBB z8W_#JD$l>Hnrek{5tVVu5?NCK5;`9y0i@TnFCE+Vu&= zhDXghMu-Jw9&F#8u54+KxEXW%jrbUr`V+y%`3U&kdoFYFj06c@gc}jpngI;}dX@d_ zSJ>uAk^8&+gc!SWl*jyP1=7Ld9x(mIrIldi>yvKH_)>R#V$Wz`L$&|l+cekV4zxX$O;@=+f`mr91_cn}= z@eoVP45?S1rQSB07;npR_X25wjUA~iMFWDXPgaIcs&!Pz93Jt-?;VPCZgh2JI=}hM z4-QC@K~T9ZjK0_&Nr+4sOwhk|HFx20bU;5#M?R^3Q|tN>8iPu|@UHP?#L>c@zR6PH zh_xHD&I&_dz?~E77q9z(!G`*1l!w#gIx$b|; z8r$UAwCy&zFkQ}tM^)4YNM1a~yWAt>eLuLby$vG_BD6&Y`T}(Xo*F?K)4TzjAx@|F7M2u=U{E^lj-XgB zZGRc}gg>V!B-CB7P+l*ZHK!sK*cdrCI85WqMz=~{<~gV#lijpRoPbBR{|wUjqs&|= z;9_Od-dm?HHKGde8SCTtamvW>Ax|gS=1<#6B9!_?QI<+#)_Jsjv_2I-nRNL~Tzizm*; znB!D7by^8q!r~~ar=VyD#k{M#qDI*EVRV#u8|C`3k|8W-g34b}ot_9&D)VU8C|%6B z7eEDd{YQt=1!=*2H(C`w0*Bxi*+?OtX_wE0GcGCn?}S-tWskzUc1OFkWS^Dx)M6?f zPjdbF<{eS$ejWc~CCI4zH+OZEOpbbGmf!yUW9ujwC(!+g7Nwy?UMiVsG4MYT2bF4@ zwmU+<{n|velh?1_gvz3ts64XV*t8;=U#PeAa#Kk!n_-%q;xF{i*44J*LX++=bpXDz zt$!zyzX?_bfi;6ePkHGhTK3TdYIhP|PK>CkWsYSCf}^Uu##0P7DuK2i9S~|N=nhU^ zdewOls)jif>sALnvTp`f1f}nS68qO zu`98@wdeq#&;5W?Il~P)(RE!Te(&HH=Y1onFxtDGb^ z2)Y9D$Pn`O2wUV3U={1{2np@-7HI)4-yGp0EHC(;=ITe?SiE#w0?#53F9&&A0^A(| zIo&LKDzNd=kEu(J>a3A*sjZ(C`*A2Y;#$|67=`|!^RrZwJ9nHgQ>w+V(Aabhck*9F`xJ;WrbSbVL4rO0W=a9?=f4$Co+C z=RTr7?0Ux6ae_@sp{A*uOWx5g8T|f%7{54n-CMhK~{E-7aN?$lLn#y|ZG4-$98py?>K!S@PkD zGhFG!q+4ycq$$|%NL}jkqY-!g^tBj9Hoz}}-8bPTaQoe2Aug1f5aR3zZp(?x@O4|9 z(umMda|h*{k@Ov(E8Vt?n{kaxF`hGpxEJRn5- zH#4C`1lPhIOqMIr(@?9P5OD61OqzBCZ|eD5owlxN&J@g5*K)hX@&?V{5d!zUamOdtR$en~2p74pU+ncf22fK?n=eWcdw=Lz z|Ax`$Az$DV(#uMuUI?(Y&^i_xSZJlNkP6*5r32xb``w$tWLz42|WAHG@-YQ03IQi6g8g&RWoM__FoY&!( z_SLmL=WQGHOC$Yg)uK<&m-wGJy?c!$dR&q2>)VUc4#ROLGtJEmtGHQK`YCPKVTiXl z2+y~d@y^)wFTVWc5QF`ip?;Hi%T=yQ6<1;|4*fiMosg1+x$TG;gzSxdhMf7*#N&&c z5Shz~uY8=26QIs97@07r_e20UESK+}8ti!VRd?>x@W(C5#aD(ExL-zecyDm#oC+H@J8|aMgQUvP^0q>RH!o~=- z?{)B-?@Mv5w0JMMOczK@?=j;*o2~THm8o{w8ka8Un7VTB&{2gP%2uspUyv9sdS~@8=a*;-t`-hW1kdl3 zu5+UAJ#fk^d~4Il==HtO-$xY&vQ5<3uT6z^kfFs86@rOL2MPT_f86RELr#%#D=jqW zmbK}O@>so2C4~O$WZZF1n-Cs;pg1 zClx8Yf)I43aeqt3a_;DHk|2i152DHElk7;IB|(G9X|~@Xkj?h1QoSR$idf%gG+=Wl z>}4iE*5kDw+*ZvB0+*RuIaQQBZ1)e)xWyxGKk@i2#M$Hm4wEy7ZsI!#fQ8Psc7Q_O zPtv2%bp`lVrjkMzl)y)lKd7!gIl zCyDbp0ap1!cHt->;%!u`U4Jzk8w$16O4FOE7$A16`$;c#BtK~4GJTlC$b5+LH6FO4R@N1z*!5YT!d&LNlt8%0nfiw|ieq35COu%KA&W^D+TrLxUdwTcZy zn{-tcu-CIMtmaRpXe5)!pg1amEHmgvipdBKn$a1nw}j}p&-=GilS-y5gw#g-H{kCb!mfZ&c!cFi{~q};eiLfF5f9Z9dL4$DN+*254e5%6)uQSW7{2dPrn zNcDwh%`gH>y*Rl47ByLFfq^K;jizZ-^g@CqnU#3ghZ|^5m}-d76veSqdJ+2-wCPCg13uxQ2_5~?~_kpIk62Aj(WbQD7HI?fIzjN{%m z^a2X%Dq&}$sGcEI`8KIn#i!Y(rxIpO&Uy*I+_)K^6zVnSLOpAqBAi72v(!n`3lwohMVeZP!HV7%;;4sB* z_%&xwwX%-wLQ4P8cC$rI+G$6@Zs{!bIL$V;PKa+255QP_E_p^kVCTUYFsTgLfREJ7 z6=swt+LN~mRpEGUY=cX<7#hV2jCA7Epb0?o1I#4?0EKA-U+#)qTzhKGl>~65Uk}Iq zN%;^^qaG}0_7`2o8yRkR8!Pk|;gnvH54^{#B3(UMK{T6aTowhF0FU)=*Bk3($i z{le*R#HJgr{CDsfxfiH`o#fNmXe95 zX-b`&nEvW5PUaH6W2}!+8xhr`4}udVuyTEo)sW*zvJMf+8i%-P{O|}I1CANXAtudF z6Qd5faB56Lh0sJ;i|OMoTX#cc5CEB_pr&F$Q}1uEhcmUnLYIyR9z!L=3ZoC1#>d#Y zXkAT3jM1ZRioC13=?T2^BxdV2Qn3JW%C!%?ox+B6smryWF7m2fX`*j=#~B;7$ssG? zM&fhrzyY(jyVaNre}lT9i#w$+Yns);%F65he5C05gt zVRUSGmnN4rVY-)^ZR@gpzVPJj6IU)byMo ztAo~T7Iz6AV+6bS;0hBz9{*&!2H62gczcD6~wZ9VV3+`UbQ(&c!EAMt|aL%gvpUZV?>hoHl(>L4-O=$3g` ztE~jAP&vjLf5?GYtEvrA^K*&<*3N&25%MGeYo3heivcP;V_*1e5f4QT@6@{riP)e@ zRvtFp)=ArqQ(+Z8;QL?ja4`P2UF`o41xLG^6$|^v)RqVh06_mQ?)aa3v zi&HjjH$+f|KbxNZG-Q^r$Rq*{e%fm8$*hH>AR$me7AP)4=UHkHVw#yHI5Rz^r8^`z zBSTW!hcAdr(78iy`JrPt46Eqnt7YBF3Q-y>^=js9zf5coGapY3^Zh@Rol|pY;g&^X z+qP}n)`@M~wr$(CZ96BnlM~xX=k`OtbX8aNAJ~s;*ZS6+W7xKM1N-)|n)PwJO)`8l z=zc8!(wA+0H<@6JonefLqS7mt8)Q`4BDNc-xpFi`+YX7!4h`IDb}FhI>jEr4$hzXR z-D_*!yogoShh2^e-g|rOTs6xBKJjB_DV}q+tkE{TT34Fq$9r4s0`Y&M3#5#RKgg{H z`isgttTH2MXB20UGmSFIS$7wCN;qphG@XPVqECuXl20^d+E{lNywx7EPrNb%PCRCy zGtpV;Ep%793q4dGGEbUMTxPH{Z>Uob6|xpm749MuWI4e28m{@-*Xv3PYVD$@Ju6Xc zYO9X*73`MGeNUU)gP6ScaYLe7$JRr9)kVT zNDd(fH`e#lJmSzmK&Lp)7Nz8^iHk3x&dA+p0|;zukvemdX?F&@qKe}w z%SuNplG*H>E=p5U5tuBR@Q_Eu2aJWyg0=AFfLh~ zPmZ@+B_7z0yh_LK+q+^H2-=yQcrtglwlr03Y&z)hDL zrzM@5_ce`9(kEv9YpQkN*}X(O9de6;9o8>LxA8(dNH9nncS?dAIbx2(nFg|hr+1U_ zq}nSb)l@K2o^mB7x*OMc)~T=+f+@HAyK%UyLqUo2Dadu(f<317_h4E3-BC|`J?`tV z{!wbi{+JwaUXxKnvPiIxy?t)su1~J25r=Zps-qw1&SC0=h?AZ{XATNrpjE@$Rc*Y0 zo&=_q!C4aS{5#MtPf^I_VS(d=5Key&lXUx3^*A0cWeA){+`@J5ac+h?$b>aMZedqE zPENf4R4CC$IJp>;8kC7|c62**x7jJH7k7{gjX6%?028kwZ~?iyA7lU>;5;@=KVjg# zI%Fj@SsukGD5ef2y_(NAz5C2M3W3whZOEnM-W=#}swfDF-mnB3}l7qMNb3ucLv?Jv`TUj=8>9i9j%SIbqq@%|x zQX=GUwIh;bqzw(NUK|K|Y&P+f@l*^pce7WhMk&;{H)nXYvyc$aL0c@EOgNK_a$He* z9z9t68jC~2r=uN28@ZKgB=w;)BzrXl;wn?}vj0>?HH#t3u;zI)v^Y0te%+h0yfBqj z$^Q0YEXZC(2Me1f|0i(BUw*i1rRjoPn|au2y5u}9+2*^_LcgB!b%wQ`sJx3EKI~PYI6Q}>jj)P;}C|}_8n*=KZ1i<`X-}#>j{(o;d%RLvK z*y4!!o#M0=T`fk^+LEnhVJASM`2woQ)q#rs6l;g#+`Asd z4^ZT_83`I11ST(+>|uIsqN*mMJ4D2Xc;f5T8EQ|*N!DE&I6wP)x3{-@&FMPmX(p|7 zo2Fg4DeFs1Y2afKc|k#Cy^71GqOI0+RT>S`Xv>Wt<4>jK{~U9-RkNxpLtm)DcxN+P z?0n{J=}(qBvu!e;=r*-eE*dqCG@h?3|H2107$1kBve?a!p&z(zG%7*bDV!DgCl zv`l5Q{zRFo2nAJEY{Gc7ulI{BZS-PfJVtG|fhR;@Mnzg(G-HXGlrQvR3Uk zrO^tI=5DICrP3@g6vxFq;#Z;m4%JsYZL;aIux(sIFIzv2;|n^bIyuHFg||v?*<7yF zurqgDIydRan2wTV#E~rnXFoov%s36!29IJDNS8s|oN?8WBhzpZ&O=4FY1*=#g#7Wb zCzvxxe78FEt-|`U`Lmt;{;~1Zx?Ur-ig6OK#Na1|e!thMzFIF_>(fQK)iu%zR&AYn zef;m;v8y80Rw5X9W}^oTM7{qPlG4|KFl_ zm+l~1%)WBns5^u?XYAfqHG&o5SO7wQNB7!($E+p?A^Hq>KhbsZoj-)&wn$MM`>Mdp zsDHZz<*2=Gnu?DsY@gr5{dUyErk%XJUY`dzvrpSjs#j`nXi+zq$owCUS=Eb^!glp* z0E+B|OL}=dlKpSYaRCp6IIQ{3Q5(w*$nVO!jO%l`R+eY9TaP7C)Nk+=hCWJDfe-2Y zOVJB_`7NUiLB^mj0Hvn&>MH1b;Py`Y#9PCJlwyzRDU$|aE-GmC*;@bGR(2a(Px!sl zB*@xpn@kKL$vGDti~PhqcrxB_slMC|G7Op3R7tg27zb!aEYNq z%LG_{e6u*Q^&bJlI_50pr@{d7*Xt-myT6^~duu)GEAHjyz+qvrXWjukpgVo;MrKS$ zZ~Nh%{lLEOZF7(9-CdRd^CM_*Y}&rj=*|h~_U&0%ax>l92&X`GE#U9Z&Dy)lv~UU* z2>Xz|p3By`d}?fD?$F6bx`V@j?wec5>&Hm5CrZ~do0c6Qcmq%4f7V!T6`@I*buQCc z0cQbK$@t?lD6P8(3`)ptIu^u7y!j~i7Cq#*CO~eokm5D<8Hr`+q zt9+w~h>1b`e4%L!Zc-Dp4nHBm!#Wq(w2?Avi;|52CT!yB8Hy&r(Ym#p4%Z?&0_lP2 zoYuw#0ryu%yGKO;VD+Xkazx6KR|R|3%yK=F{>=J_+JpqVZuV5~qEA`U&D;RKUfegP zU%|K&AdGtq2taFI=lLb<%O73dUJ!PRO#*&?1YKxlMB$Y0Q|#8BtU>I|Ljx=6%~Y+E zi5Gh7Tx*(h%z_-47vswL!ydqs3!evkA1Nw^-Bw*B+qtggTlt5e3_U}odoNL;fS+H! z;}B-UlF>G52VE{*e!bly;W4vluvuP+Ex#)+^l`oQ82xs$6%|%%oNY#-i8=5G+c;4C z=lQX)*lS6x$Cb{R+k(K~sx_`cZ3QdHEn%YI2J!7xUBPBVV~5RXhr;+x>e?0OO`Pst z8tazq4+Ce9n|iO2qog4scvtM(4I(gOKO1Ol=}ttS^VRiQ|O(I^^d&^5Blfx zKG=D*XJwvj&_833e$9#F56QK5YG}G2xq}4`c zRgh%>hn;kccTt%2vzz>qF3Q&FPThabVj`kff#aRLWoO%%-8~wj#F9+> zHf$v#XKe$_QJ+E~H!dr)_eW47fh6_;zFoGr4iF$yi|lg>Qk?Pm)$Oc`bKn(7=l!=j zgX7w0Bd2EuCHo#D<|*_g&6Yz|gKj2?s;0E^vm$Co*JfbHTWAo#iL-20`!nq>&Dv}0 zb|-VYwQu=mGd*=}%12;&EzSYZp6IONtGjGsCAqR^Etil;R)gyV<98t$BJ$Rndlqd9 zWiy840EV`z6-Pc|y}o`Xo*)TSK3|L%wG$Z0?A;(Zcf!QTjexV5i`Ao~ij zEjhTn?$_TSNa{Wvx2@HN=ERA?Gi=*?irIY(*_|-kOKC}C89wL%NU`f%ciH$+qyH$g1PBc%q8Evdk85!AFa*$8DJ^<^QJ@v);t#5w1922+ zQP{^&&m;G#t);Yi zZ>7N?T1VJ-3G~4;vm%S3l*mZ=vRg3*Zyz=Ol)y5m5nFB7_CWec4~@A=VIGnG(!bcE zeSM!M_n*g`ZV;F9^m@EL59}|eo2$FM9?yecZEa)0L77QOKu^;Gd*;44>-;jhD?^U?bOPLQVV)M!HRvALG!RSUX) zZK^*Upf2|F21MxTgZS-KvvNWd4}gVDF(<3894)i}Q9e$c_+FkD`qZkHARy$CA!wwd zWNwcX#r0u!8gsn^g+j?S@%^D(LL^JBDub_h{Z`XDgRdTt7=u##oCuzDIQ`rKb+*th zJcbhrI)%v~R+nWJ7b?8od&^TnvkOiM4R|@+emzEBp|NZprZ4BB(tk<1C^iz?3q3l7 zo=bAC&JvGr6nD3)wG!3uq|w~`Q*?;gb?MNHVg(}P1FX<(5|{1*7=rQ^#5tKxiP^Wp z>EMd?#S`EDu*CQGaO~o$xi6+l>vtqOWI;x!a&jF(CPb%Pjj|)5-PIUv`D5-XJCC1! zGsAOp{By4aDhHX`f)^Ve(<3t{R&NaUd}Wr!qaW6b_j}L*xQ*5W+R_7}#SD5w=U}gL zq{Z^u0uBD{d)r6M;pM#ez}?<_zTdqCSj4IKxlOs0axOj@GJD_pN4xfO#PZ;1??T>V z3QRz5tjW4KHZbSAblsgE53(7qwDFMzGOaM8sG8 z*s$t^Y1d@*c*R14Yh9rs&ik4JM2p{TJjGhP67Z0I!4~x$J|N}M>tY<`sbM$61n~eD zgWFWHlg_s=?z2pSBAVX|L}uHh*HHqk4%I|UE*3+dzMW`Lpj{CXwW)8C&c z0-hQi3_2VujFx897k=Q@ki5EeQqjeDN< zcBPw?QnL86>WD(o938j(c$c{CX03)5S?cTux<6)w3CH~R0;Iw}!GVm>q-qZm8X=1h zeU>2Lyy03kWh6Q|vED(`s-W+CSyoB29PuZpa0ws~qqAfLKfZGRU7Rs=em~35HL}xI zdJmT(pDRcm9`Y2kVqvI_B#r;Gvr`@YVtdGJrqf%ic2|u+YJ%GU$MM}1!9PH57?H?q zWHlZuW^lInSY=_cvT6<(ABanQ15C_6oGM*njWvyNAZov&a~xRBr~E|}T4d^KF(6a}#-wFsM!Cym&e zM!!x=H{Q>)-A^j7QPzOt*nIFwn|T5loHf_B)tF$LNb(|8tMOkGPP=uJJ*fKJx{SIi z&yRpw;AQ79l*~_Ae~SEgO&!fKy3=gee)p4Ukc0q$FH+CP&%gA!2HqLK5g`v@gDVQl zA81wFr2uid1(W>dBp+Zgd)YP#JHV)~U!0DdQ$P^!2Cf{laO7e8YJqfNmL}<^dDC(H z7Vr!6^Sl{PVvMNv4lHnZJfYw@^oikEY#$KJpmYq@R9GtU`=$?QSQP?0!?MRCv+8~n zr38-1g74@98`?ElSH~)3wk3swu_!Ktgfg2#on(Y-fi4+Et>v1jLoKyew_$H(Mfkrl zWA}7^i~-f#@E6}1*}ytt0&!=5BG%;q(fMKxX*hSOEAHedtLtMwzq35l@`;SJ*fxb{ zOTMRPj+r2~Fs8cO2CnFMUasj&3jxwUU zv!k#`uEz3F7Ju64&Cd6FU`>TqLR$ZZvut|=lZ8Qq$kym} zvU?d6o1&&&q!bY?`2sW~{|LL6bi8f2^Z7Sqeh8ccTn1;fB4B3c!hvCm!_`8IFC!Xs zsK?i8Dpa-RXtxkL@D{-&agE>ge~2j%So_#j)V6cI=(F#5{df6Wa2pBa={rLrnj*@5 zgMi`6N5_2VR>%+pWexTvz$Zex8jP}1+d*eFL#5gq?;8i;O7hV!6G#Q>5TOj z9xz0&nF~QCge{@Ag>KxT9rXtQB7f50bfW)Va?jLMJ8?ce0rVK>hN zXLeS6m`|Rx(7r_&{{c3j+Do2at&s>k18fn%rM9;1O%K<@XfvoA@8rcU?=ZHf(*yrj zGl2dC@oj<9lH#fw zBAB~yqu+gi_7x~pEY;Ej9z=jQ3Z17>0rgmDBBjM$~*cot*HubAlzx zS}LzTG@{;HY6~J}+x__BdR$_$J>E^sWXx!Oyklm~ATNHji25gGAby`1k2-Gi&Nhlx zduIzFbIY!MUjahjEx8=FXYAhrMz>q|h#Tg4S@$=K{xJ`~YdTA+xvYlCdczsN!^Xd= zLQ;A^s4pg?v^#z~sb0k32S7}2jt(S7b5Br|5n$nB#LrPG7@8R-u#Q>Mi zi=Lvtz{HpDBVmqWf)ci^pDC`fbiGrR*&jE|&URopbSvC!G2aByzkuc7RhE^My&vYpabbjnBuL3>L5)P*zytAFPH$bx<+_n6a9 zjyDp>*~$1X3Y)+W$6-@g3NP@7fO*Ma=%4TTU7Iu39~OyGXNnZqy;2({l&eiZJi_BK zA{mBoY%vd}6Ol{Q`{E|<&96G?p#v`54&SdL#H_))=(S1l4ienO72!FC_pp~W{Qa2M zZQL*Lvm769E9W2*rOGWJbSScM`9mAUx{bX5mkik%0ZI5Ky*;YZnl_J!mmhc8Xdyh$fyA%TmVSCPyte~A{h92+h>SH0&_bls zMoM{(P{d4}@Yuh;5#pIow9pHOp-Es6 zOJ9B+BRqg!i1r4Zw`TDcm@OcX zAS(9KN$bo#uPz1upeAPCOM&7-LKZoZ?ue4{<^Uo`8PPvYl~r%Ka;g0m2GSC6%Q>hr zd<766Y*!Kxv#~%HL(yCkTwevq143*OMA;cj@lF`yVJ_fBa5MQ?kDB5-zAX{uM;*^X zd=GNI5fy{XSVr%)C+Eugg>3&&&r~AU?M-mv2h=s^4cO$pidacPurxfR6PqbQ{WXq8 z2dZL?CNL3o)~yDN+^v=-?5dA{u@GP~NJlVddAf%9a0(6Gw0n*Qn~ZMQahNtvhx`jVE)kDK6zD+n3X-M@qnvyvK!&wZetMMC4iql;R~Y6>`Q|1snpP-j=B1Ml#5fN=8qGE_rNLZwP0-7a?xtB6v3df zwC_$zX~=EmFJJEp{ns|=!QwwLMMnhFjJ1zGV-&>1GIgIZa@oM-VuJ%5U8jFzjbUDK zw)bSXC6d_ZlB`tO@w-eb+wXCVsin<6>eGp+mNEVSun|U@h`t$%EW|u2*h0TjoHWfV z`?sMe!YapwSVLDZ8r50w30qxspi-!#ns6t01@?&nrp1G*nlsJ zhQubx)HIkF!xWVytkKbICt>G&qGjY6Wx?Fx7BYp6VlnNSq@_bJS@qA=WTyf@DHOy_ zbr$-LX(nSx z>8l)w`=pY7HuV1e2RpxGW3VU+42cD=IHt0ZlY}7aV57jzwcD82Run-A^DGV)LMtRT z%G0xS6o-Y{&Kz+ykPRKAfY(PGV+7zJHp#zDsnTkq5q7|~o6(N~wNtvTWtf+rFy9hB zch)#4&XQ~>>i{GwhUb-?SiFS7>0h~n1zZIOtpdC~J8MsHDk(4d*&kCc!+~>#lr1>r zbPp`wvX{e%4!{b}VLMa};p8-!46mNy*uyE93kr|pk(I-+xnwXAQjjq19XlP+ygp5p zWD)PN6TipB$FaF`Er);jbpygb0I840NCa?~@+N=1aya(uQC5zCkcuU)x4~{iNVf&z zpdSz&6h#K@s#i zj1P{lr=*UH>a9sD$Ibhfx(_A?Ocv}}Oc*06cTYtXgHX@t(O+#xA3v>~Tn;%M{SDy9 zqPG++l;CO9iIFA5Q+g4kCxaD%o6zFw-8w7ujq8G9-sSs*S$S9vKZ3O?l`)X-+WsoZ9>j6KgG?P6qV=$gYe+H0 zx1gZH;U_aSiYfYB%raHXC_YNxO|bx-0ne;GnZ5&({z@9ILqZ^P1yHk0%!H7N6`LiRYYYtF*W~UCrpIBhl;qx2rXc)6Gtql*x3)j-WkA=(g^MHgq82#~s(3-BPC7Wgv+9|lh z-Umq7p9lU;wYv4f@jOmim|KtL3gOm%5Dj25R%ekSmll_cCy7=!vHOC>uBrph!K7*D zT}FPv$6C34+}m1hn$>#mS{|6EAO>T@tf+}xJ{CVuJRi%kPNazklNEUd^@mG;BQAWI z_nWFai%x1$JKZ%)%xNb%fe@DUF_4IS9fX2n#G~-ig6j>e7N109hNze%CYG<*-Jss3 zGJ6CxlUkcCm`C?dWD$RZWV{n$cQQ1bnBgc4Mk~w$_X)JI zs1F=uayec6y-jWG#5SoRlJB(K;6tOO>X0}tCN6g4Q#3mbDRPf-u5oMDz^^LK7mfvr zaTV?~mnbprEiLD-NCh&?tia=v6&E5&Di~!ay-0EMqV&7Uh+10EQADCIiacb2vHcjL zY!-43%ItTkx{JV;8ssW7nf9hZad;99b52$ndEm9G#`ckxVbSgj{Xoy^+wG&%;&eH(!u&ef=fKxLPLLWNWU|WdD5tMZ$vw8JwB%nL!!?}K z8)RB2xF|F-q4{(c32JB2Pe$z+?O&%k@YjnIr-Fs)0G|{jb@m_Do7Cu@$PBPCE6xy@ z(4PUVN#O$o0SYZyB4{Ct;@+X_9=+Wh4~Gn3>zL(J+VMEm5>DvDOfHYEi1u4^?S0oL z8#dvZc}awb0qu@co zyd5?FlFN5i2Lv&u8f%>uBare)$S3q;Z_s|tRk^T3`JfaKIYI+HE}6J2knxh=g40sE za@_87;JCqH=>pwtPgoN*_uKmqFe9ms!&XwB0O!0?{5{@$>dvzi9Cm2%^%4wQ9ChpX z7Z@F~a>ixeBz(QxMTn>Qrj=LdkOy9&j(U#x47V1rRDk3-!@~EqX2lt(cv@ZJ${U&T zx2jJ26seDgI7~!f`>Hem8lC#RUn*P*Yq{c^C`<*0X1`jKl%Tp*fV40?lOn>-l^W3P z4_fvPh>y?;_hFw!dR#xNunILTmE3#?pVE4>DjGa1&{-YyG-@c#FSyJiT8R$w7@a$< zJ(62(CPxkH;(DTN$-03?!8J2!pkhR3VmK@SVVe7VnFxCtPDCchef_yai zwa$BjKn;yoTaAlM2KVFu0oK8~%ENKQSU1U1V7tFp3G{MQe!(9&3uP04(>~Ip7f1k! z5Uk4Uw=!@WFYr z8K91MK7stxVNEk3L~uB}Y&bb?S#CI?yf|Fxm)}?9W}mVXuLiFbis+pj=;Dxb@w$ET zFOjIK{#du`7aWfq^>FMKx#MQN@@yi(C{nxh(+zF(e=gv&;>)8{5!Je1yvn{L;auvt z_QMz33ecJtwAuezx#*-;T{f6fVRItqb&OXOAF69( zxMBUEXl(!M*hMazBd6olrG4Hpk(*gV?qaZj?FL*@cinQHSoi4CM(D#7Nd|CzctzkPIKU*fb%>*q3h`jgD=0n$G$-@F;NonE*v|^0JuqeLns5 zWP5mO7o{qANB|il@tlal4hpKV{NQLGCB|k(e)hpQt}c9)M-mhSl+bk$zv%$U1r8ez zXERxtot~TEJt44g?;y(`UMD$Gew-Kv$+k;~jdlrqbB_Gjpmuc#6Bx`i z6s%0dk7yXNQHQm=)?s58l7d#32Ftq4;O(}8J!4BrU$pc1zrmA9eFcuFh3kKdImvxU z>j#B<3o9eZGs!rHYumW?`1-Qlx9|dTT@UiJnJ50jc>Xg=>NYFZ5{aYPXBXQ><7C1d zL4NycM5C=?ht_Iho1iLko+w2c+t;QDzKU$8K)Mb7aNxW{!5~Lk%j;fbbS-_wuv8bq zuk6ZJVMUFb+K*%|kWKY)m$hKQPxn8Bm`deAh!!9@W)Cy*%@|sQ<(vE2)aSzWfDhp{ zg0y1Xo7>H#ed|jnGN35TV#Nn?@d)>QV0uLiD`^l%Ni5cBa@q5r)^^}JQ+Wmme+f!Y z7!&?<)82ti!HH4jPyn>RlSpGj03%Ftdtfjl=@zBvgce_b9cPh3od}xVaB#BI`HZ(Hp zO=6d)U{ac?I<^7kBZ=qD5oLvaEW3uk9Jx#09jIhjo8)kdO)d;#`p=mTy|od?F4IVP zrzLB?8)q0@mX^b)_6rTygt3Ic^U^Rz7AhJ>>j6_ojdo+$e`0e{46VB4mSijg#b`^F zI?PTm8i)Y&vh|GD8etcy$?`CrBtThIk>})JG%>BtlQEjZ<(?A|+a*H5UUL_PE_ApN z#1`09m#z#BT>dVtCf1W!p}H%qE$KSoje*Lr_OHH)(21WeNq@Az+zh|ZKf|Rt)iK!e zbtgol-C}ef$u{+QX*?p7fV8pp;LukdXE(SxdVT>CO@fkbhHH%Hv3@W8${65Jd**gE zSh6|l>7XF9>Gnr=S+u$N^pg&I*v@TG@RYFqP|~VFe(6!YXu`0w;wKtV*KlIB28N}U%Qn3=6cC)rEb9}1WAc&J5vAYcx7f~Uzc}^dxS#fn zMQ@&h*7+v{4>qz4DgHu>VsV(=8b)L-QFx*@PvZ}kmLt*lfVmpa=`g6U_NOP#dH|Vj zgmPKb3@oFhqCMzY=CKS6@Atcr+|&S8AX-u`yRN37j6%U+bkf1*T2kJzqn-S{ITASF zrP(_d8?A%XWim2kVE;`L1bK9RqZ#FX5UPG2rdYo)8PIN0ha1rDqq^uh4=s1mvZ^F{ zKZ-eHDC>H62Wil|@Os?QNWu=geDjeHxjhw`JRz*-j03I@C1EwJF_qHUN2NV6o74k> z60sQ&V2VwCuCzcweE6QT;>7S8c*I}cLxR6aBhs9mq2KMCT898C>GS>*x9SyrnXkJb z6+3zs6+oPj&G`cP_w#J`{?7a_DMQT*ec;X%+|_6m6EVr}tNgd#6M zC(7g>RJ}d*v8hDz`Q-HMn-a!zZB<8^!E!r8_MZ7!hJKF8&S%6;NKQgH2Y zB(Kz=8UtdvPUGavUW^am!NrEU^uf~oB{=mq!q*&~Xa=&JYV3N$*+UnJNkqFCP?-X5 zX7r-@V1aL-cTyWpV6iHig$@4$9fE$Vt^Mjsih9!!M5n8- z%Bx1yxbif3_R5{7n4sOf`juQ!s3_xZO*$kOx|5c?Ki&8v%#ht`1CyS|e3uQa-fR%&14)FH)U zz`pR8C6w3(;G!4>Mv2w4eTyL#EBIiR@rWB)xzp0m85jW{bMy$qqC=-x(w&@7Gg*Nw zXh4vhX@K;)NQBeL(d|dFX#~<-7d}gn>EfcXJmM$>jp#4=S}Tb|<-zYMVJr~#cF_n1 z8Ymm8)OP*pW~op;o>YkunWc#8c5Fd|`;fsrlYl@7w_+|gVPEs39xtQ(&piUj-z$&h zLb6|Ii#*IS`5<}kn=v7tZ2T?v+CKSaVs9fW!L14fo0`vkyV&k zYWiA4NApmRceTq2*XvDc;B$ksjG2jC^xp@aKZ*4B)zWUB;2XaMtnp)?3n&BNgPl&m zHO%4B?N9jnfrQ_ZH7n&^T`paTOZbv3xm;JA=xYtQcG#zb_}08fXADyIlO9#A+|()? z!xF}I;U`}Hy{uK8{qTjs#S+b-d{Z`XPhJENmhT}Kco8$Q$MKCy+9ye8V7_o=UcV)8 zt)+R+I~#k|uj)|Iq|It?^^`O;1@>z20G>G%NIOg#=irz$j>y>-#v?x5ZU5CGzKoR8 z41^7U1Sv@!UB?a=d^gXe!}mOv_P1$v#{5#+O3TMxAgZKm3)8I?`z zv3n_cG#Myx@n2^3>oCq6G!;M?nBF9Sr^?^7L|!7S8_*cXqJM=;eLWu+7i!4WlAo97 zO?|x({TkQrJ`J@j27qR}M&Fs>stxAkIl(C%0El95iIvj{7fmRq*zh?@aO51}g9Y(*{YePa$OJpuHi(wG6< zY(5AR@Et6s9CZaUTz%{_Z$|EL6adFN0q7zm5-%>fZ4;YBebQO05cA_>d?O-)R&ZX7 zK}C1y9WhLsp1(G@USi4Xjr$^__9CIx%7VNN!3V>+*u7u!%TNK|vmDd)UX;f=0QWxW zz~e*F2ZE$y5i~Pvs-Mt>LojNWuyM^yEa9kV_tS7~tn)9zcyq_c`7PBQwtwU=;~zy8 z?diDD!ZIem4ysJJ>$I)Xl0T`2om{z0L>U0}B+y1ub*veGBya%|=f)D1QGeP^pPw76 z7qALVxL*&xn)*&BD99Ha zL6Rc*n;X|NFm=;+Oyd-mhBU9Pseo?OxRUE=#c-D zg5vRTiD`|d+^|(b_U| zmqti)i{Zn*vio2}+}+RGnBWXD2t^pkh+Q0okchYEG~#BHWhCrxh@l)KltSWc8yYR%VrlO@CIu>}N0er7&^`;%XxV**6=u#RBsQNP- zW45Pp?0vH{WZAg)A0O8+`%I_$jTm5EsQxfZjTg2trCWE-90hogu>*Edyem;?JmIAB z7iyHQ^HU4&T_<7)XmkZ1jA7%OtV2zRcD5>#bQWl<+b7}y%kPL^RB<4&O#TvoE`K|S zq8Aeg!DIb_;RghHwRZ)D4a0jlXFlv*Rf&#rNBX+e$9A|nyT=XVQ{%{7JLU+NAuj6$!R8PJ58r>G zfL8Y&;Ouk`Te6VpEnOl3#Adb`=Fh5`;9e~t#Y&E}4RJ4M`h{S{#v097Ur>#7ZEg=N zY5D%;eNpP#s^-V?x+?i6MC~x)p1GOwBwC@-IFifA(XujR0F`Z#!=uUbv`h93O?YT? zJlB(}Mh_p$$WP)GNdSlNMF5j77jo#2<3SF5PU5 z*rvbc-HLR$Y7k%7?|Z9SKu*V&@s1(q1;(S$q~a~FQ}E5OjGIEI58Z z+0on~CUx*6osuox2^X$TiyjWjVSqr1PZkyGh`GVeahSVnjZrc=LxiX?eiLbZ{|QM9 zEYon{rT5R7u-r`TYIu~d7~}YbT+Vps0ZRPzHcq4F>+8s|iB~%K(D`t*XG0uM0QemO zc&@X)S{3T!#t8@10(W5qAl@IFoLpoeI z*PML;Wq1?!cEM0Dd6k{T_fr58`IcOPm_s8y)xHN> zW!SDmY^^bwQ3@O@45c@P1NXiWbd{T*Ca~HntZ8+h7}^lgQE`c^cyLVG<=*oS73+PK zTzFme&SV-fPgV-z2ckC-tS=)O6aFqknq@MddJ_)m+UMEKKc73}F4Gqbm=b?)#yRgE zEUmHZ`mZ@9W-lu5C}k!1)>(?%S8n2_Tve;n&$eGx0(isG`!^E?OZ*MU$i+Ir!a&D( z2y+BS+*$VhHwZOP3!Uz9d&l%my~kGe{?m{_kNZYYkOsRgakWI|MNFT3Iu0E7UcBu7 z`Sl4pFbH|E?OglI{_HJoV2m{}xrK(0pSDdmD7bGA&zano=l= z^Za2IV=`dWNBcrs4|ZnFeq`#NOa5sam`vp?R7~GtU~K@X8$h83goB3z#D)^SS#8*7G<`{fVvdyy;sK(c2zM?Bozyb7MuhAH zv2^9CN)>t5y8AP_zfpe{he<>|FLPmF-XJm~_(aJ6wP`kCd+t;RA6Zk>s=`NaHiNSk zd}ZqJ874SJ@ouBD|8e?va<>EDv?2D1l-%zCgAU0|bP~2ZS%EVYq+Ro}@P_@u6uJ>z zVgYt1pjuBHk_V%l8j{+4 zsHFt8P@s@ROeQ|T`~?phikac+9-!!eIqgxmXO;2=-}{o&Evdoh`g~Hy+WPV8f~OF` zjr)GvD)Tu>k9VPd_u8YE{QMkK#_V9B&8+lYx2)PkeHxKfjk?;y)E&?g;7Gr}uLT}_ zz3jP(!~m*-jy3jjVp>Qvg9w>wv~BBW4(7=1La!V-t#yS_4z#sl3Q)EybRrmAEgi)S zMb=x$aa?kRSBi<6{^GO#yFd&N?0XY>6Lmgm8Hx#LEIa6|SF zm~77NP^v>Xf|a!VcwFHU+Qcpo)c}`K6PhN<1biYu^dVr3q8z$i zPWHF?#$7NY$`7g-%7^cd8pe_kvGqdss$U%AggZSHD!mlK6gnjTyKD=@04aS@zgg_q zEy1f4{NRw_3)|qc*Y=nvSofII^hI=a3NF9-gpUU=dJVx_8Y^?rM&E|D>Qz!0ycWim z*jLj@_0>m=#`)JXZ&2P;`-V`XS>O)Nh)9GdLIZK3*U z7JL>2Rb@~pkKqrI%)n9p(c4fQh)9cIr`1x0;#KGC3~u}Rp#Hw!PlnNmE*k!7*xCD| zyhE)KU@5H{XbG$VElv23sEbDn=T702wzR|cif8$dI=t^IVUPLEiogdY_W5mTf&K3d zx?udZl_qeS&LelTiS%TbTp6rNqu;6#tm2`4QcKkRu@N7RO7@*7NH+R;J?V!(`bB=K zu-7y}rBJp*(oHN#ui>UH^Ie?=y%ZWl(r`q`X0uMas0@pX`oee@ln$s+FwTRpH&TG^*BMd(b z9+3^CgeFf{x6lnIW#8p=0e26;89Tb2nfWF$OEZHThe=;oa6(dw%i5@QOr*89SXpN? z<|&@e9eJ4Gat%)-pw?@esq5M|LS6wSK*OKt=WZ(Kl7+icO*Df~nHj@|{c6gz5%kFxj=l=9vBj}kiU{{T z)Xul?k6Sbed()l;f};=k7*6FbwtGKbSab{!Ss!UpSNGqL!Tewb$zz0@FLmR~vS$-* z>ZmMpPF(AlJ;FWl#3-VdRP-vyJb-&q!S?!|C`y=naK|VGp;ku1DY}}??`eb!V7rly zAxvrNd}rYS^TZ9psfUhzB@dWl5O$Q(;Epc7YLgyv0|0lL!H4JAp$QFEvRf!wL`VdO zrOJ$TxBX?t5f2-X(>$K<6Iay7#WB)fnME*we*_FX%A#6Gs?fn|!g5iC87wbipJMM) zql?x3F0Buz@4q-Zrx?+qWRZQHhO+c<68cK1CqnM^X7{K=i!4?Fv5 zz3fzFt*Tnz=ly)T7Q~xZmt|IztK~pkyJ?VjN9By=sp8>Ps)-Q57SpfqU*bn-)*MW{+nm;@KIo`B zKvppIVQfctAOi;qq~i$1FSN=F%OIP6l0ucC5kTS^ekfX;+_$l;a)dZGIqgoexl0ZG zG5`BscMf~8_lEhQv2h9)JlaFJp<%!8emoQXkWtl;v?4!sVdSW6pjL&nZKRnb+?@T^ zISvzF_>T9+k>&7nf5vj;3pj1+pJILMg)2d7B_{%24Jk@wF#rL>4xV`-yHL=uwwZzX z*}(ULnlhn>#*Y3-^!WB~9B<(BUR1$=;ca}#kagFGQ;NYCVl~3*vlGAz1_&;7n*R9T zg%P{RPOUwn;!40Tm6|($#h@!AZQ2%yH0=hG4W%i<>q|V@vAlX!4YZmX+e*_0wP!GA z`bxRe?XzAoRr1tU!^_N$@$zLHFpWR+(D$4FL`jGde?Xz*2zOMhOF`C{o5r_Zuf&P%D0!}w(2 z16am`7e^v0#E;M@69AEiu>7sURgeP2EvdI#`s+|HT4(gw? z9!dxDhXJgw@f~QPE$gN(6*^$Q9iA9NOGKWJCty<$tT^gt;`=*;9D*kDuS^4qZev6o z`iLbo=fdW@y`iUR+)N{EjS#?LG2RVxjOsy3`5=NJAgmI*M-((LHG<$1?!I= zZ9l|2p~}3BbmGze1XqafOtB*rpT)y3+~zd^HMtBNB8trxRaNG;xOyQnjEHACt)+y@ zE4U@q1A-F3EzTMZ1dm0sBA=&u&t%XCS8H~!q)wzrI-1$jy7jgVjJOUg39;O`H`=L%MC1*OIy)^N9|+Zu2DVTS<-(d`ZW8xpi!IYAi@j z0_}N$jtneihe!sJa0IqkN!|2t>b4Lz9RH){UzyiAuw~qlqflDz-50VpSFbdCNPbG> zGotYjw++2!-i`SSwDlLN^KVB@g79Bu=qS<@|Hh*mtq6p7{9{uLZevm#v)3iGg-Vw& z#sdI6_35x#&X-{qSp?1ld#X6S(yN2U3|(Jk@TkkBe zwT`*)v$LL8_9AgMx|v!6dyQ&`y%+DFtqEZ!N`fv)u@pb4o-zE;a!Q75_M%O75BZ`b z$&wt48=#}muC-Q5s9r}Px1-_^=(y5|KQ-HE#9VSrKEk%g%YSXIZ_IpMmV7=l9 z7W_`hIAT5!^hO5m;rVAma!E8J;qL1t!A1c=6HGG%a9T}RVQ zzPIgxXEI(2X3Ou@_mha*Gz62aF%;4ZcN)xDGrZwCyI9qdA5IxXgnG=&2Wz$S7X)Qa zdjF4W*J(sf^!m(}*f?w!5@U)D5dgnCt5cP|e9o49Jc`&PYpH%Ri|@xu6K;j!i;qe2P*JMAx;4~IdBNf6 zrf;J8BUe8gy-Fa1G0<_yA~>`-N4$aZs%sBp>Lw~c`L@T%T#D;p*ARIEFR=UGGZiHq zr$o%BU}T22LP)hqcC z8CGsqCU8|&e2!_!%(8OUNh&pEWM%N9{?e+GA;2Aze9=WtMPR;3fH=urO@EMA#c?+5 zUGd=5?yrOfWd@&2G}+f;(72M^3*b`DD35Ws>|;_}Eg7lA zy>~MI+chp?&hU*FT-U<0X$k=$bikX+xJa_*{^1YM`9&1u$2GOX@Cewb^l^x8$UMSd zdi+T*YL1FuLO;D>M^TG$+{I>Fhk5>{RW74_+o(PrL4rof`Jw)d ztQQBRpJ>DIdL16OoE1MMxq7@KoW0&J^(Z%h6DM=tS~puG%^;n?nJM6B^Vfo1mLhiu zhKj>9k^_m3s3JjT96@nR2x)M$NP-z~m~@3aC6-WPigo#b{3b} zsS6K>CEUXOwpwIEz^}C)nGhn@n|{7qK&%3FQo-|<^0})!mVl6yw^el)-!u z9-={xQ(^6J)821VT5SR&29P6}cAlPg_j05l+ZjSZHmz?S;=dm#=4tD1fksiehI_8E zeE{?@WMhBsp%_4kY~hmVe4TsnLmT2Od`X)2<{enZJ==Wv{o((8?T5)<+B3Qv3Uj<4 z3WNUo^`6HLm0loNSR*^3(_xrs_j_y7{?H%%Qm>vB57WGe9enNec|ASk55}@_UA>;@ zz-zuL2D=`Z^wU_bR+v;y&nnVN_>>J);~EtGc%72YGN=v{!84s(xNOl>tb|}G%}g8B zpNp4y`QsIm3vJ;u2cG!_hz|Q4pi_#F<_JglWEQ$H1?A-=)Y;}4j(d7-pS?qX@ZncKeerO0_tK39Fv#`^J<^60)^w1RSwr89H*N-$dI`nK!H zT-1H*R+~H+y*zl+a9@FQo#h)V7`=mWG(cuXtI_tl$jFVZ%U^)5PH;KKSI7q#_{!qS z+?G9pOActrlvi)}cd|LSGTPkPsfb(xon_PqEo0v;Fu5k-S%1@6_ICiB4n4B9jbw4a z!2Fm(ueGZaP;M9)V{Gqbq@B!v?5>cT+O>@@9e`0UP(qlDs2ym&2Eukczx)*>sw|Me z>*0|;b9}-f>uXXr=f45Atb|#gW#M{q4{>4P@KHt8^W=I?RGTxF^VK5wAwIf29k!W~!F+Z1zxNcL>IfX7^ z8{;mA2J{-9d*xD9$|c9BE|OM))==m&l6S72=e`PV|HU?$N&UGsh4vE2~yL+~smW`h~!DWdi=S$nR6m{rX-* zK}awd*pop>P2v&@NJy_Le>g%^hF0c#^wsn|7Z{Ofq3$jEJ=A=kiVZeDd0L;<$kDBI zjeo;q00dH-{~zHoZfU!t@KaM>^R+lZU#}J%5S_zoRY+%ILnq`sA{nkpugksyo5SSP z?4>xaS?!7%3CU%ksb?uoaW&i2iprUloz(XCuu<>P%JIPxEFICeW(fX3qX zv*zgWF5T|4;_!`-gn$~K-Z#a_}FXnXF1ZVO%J!q6(blQ9x;VV5@ z_%qG9N4TQLu@5rJCNNhE0&XMi&maw|1P;uOH&IL;Yy4iAQ&U0V|0H0$dqxPAT$#e5 zv8cCnF~L623pLe!q{GZc24?7K4ogSgtEqg9c0Sw4P#mO*qO(3-jp-1vUAWM5QVXnvC)Kww zOZ+o-r{tY^yQJuj-8J3&qFf=cKSvp2(SE&Z7ojQ)3*YO|QD)hffgR>1+Jn7=QbpL~ zBD2i_+$zVOgye^fXNMB5g|`dToIStps^u7DvEgRfL)%GI{vF&cai_A!1FV7Ivm+Rl?$)ys&!K({Yv@#xJ^Jz0j}wK-;jgsww;I{2QS22|=8&6_5msJTle-Gu-e1saOVKKp=ZF~cIgcD`V)+uF~u`JKE49Khjy0c z8+X*MmiOa9H#vU19mD2JNGM+pOn^g^}fvZ(l6#t10=zeq_!DGb_-j)0QqU8-y80XLZZJeoW)FEmBe0^?*R^G!NK0rATCk-Gzw>x!od2HZM+E0>J( z?njO3nPrU>3KGmT6=6p! zTf|%o1$v^0n3|B-m>PSiii?dfyrcQ)!pj(T_ZJOpa7nq_2bW>@8@nB+Nlc+vi-u$_NXj zvomTXtCqxCa=uQ3VKiqS?3&4bNV@kXjdb{NnQ_~zg>(q+bl0rb>GM2}AzJ-JE!UO>$+GMyKff1@-|p3mAM-K_!ahWPn;V?ZlZ(TKlL{VF zx;Tx2IX8(g&94eQN#ng6-T2A@^WWmwPAfscDgjbPaq}q&%)tPRz>Orc{DkRu z3tmmifZ-|K#t7`q#XmoSd4q{fl;mX7wR$XM5K%(SWr?m(!h{|498?Y>3ivp2%yZzD z>6?sUuJPjjqFlt#^A^XSi`fg<*n+mcGmIDvBG?81#I4f1*U)X@YA1t8?D0!xJ6`tD zQEGy*J-jczz-Xb?7+oPc&Ic@3Q@ivaDqQ%Q+yd1F70hv$3#meO#EUfSb0rsU5>>{L zAtGLy&0taNR#wQK99Uhe*6(;1`V3OL0CGy78HldfY*WbCk|a)`26AXOm6FuB|MqI? zqgy-53)GA2d%uL=Bo)!)`Q^&hEn*)M#Mwig4i(Yz#vU_kn5XOUW=auM18t}a z4N^=X`l7jJXffNYAeN90i#w8RbE0aI877b=k<6Pc*JU*Jy>S|qJ3%5wZsF>SQhUWs zWr$lOyQkN`b9J#=5Y=*Wy{1BaD5dBLh|bkXZ=7@5#~B01VYr*T&`;WQ4O&Rop~=ut zWM9RgRHr-(pF`K3Gukr};|r#AYTW{v+x}(F;ubiZCA%OC@*5sZs$bDT?@cbjZoUVq zo&r6=G~RWHoE50B!T~f6FbxB>PBVPE-;U;s^9p#{^#ogZPo^35lZ5|UCcjaJ6#Z$w^5)v{ z1&e`00s2xC$rT{_?E%|E1bIKFs7N7juU-qrnim#^VJZ|rKsR*SIT-0)b&d5V?E1n^ z+zg4{pw*~MXFLm>+H;T`owR=Q&`LylF%4sRBooaGn;Vb$M^|SDMc%-u>BNUbnAh5h zt_uoi?fkNh{+IUiYN3cfKZDmx3}LLiBx8HFY5$a1)vbldcRPP$=aaC-Flm(4lgJO}g&%6UkZD0HOIo?j5AMN^l1%nCJki0I3@NM~Vf8vMy z#NmI=?US7<(fU^>s>*gnV%}}e;9!2;Kll+~d$~S$$4>KNr!6^0)$LoHcjq@(;C7V- z3_C-D0-B$zzLv(H@8ZB0>K@=>Y-q;Ve{V*z_}&i<#)B<}x!GA5ZYrakC|WjEuj6)cz>30+Izntg;D*@R<#w|A2F+MVSqK$2 ztUstP0?IBj@A4F}BLGZ)`TKJHe|7QcKteRtKko z3hg#Q2bd)W#%K8~=fD|C2mTI5lvPjn|+aAPf0x z$mlH|UI{kzf*8H;4LsBStX9F4+I1gYD;d5sMk}UQ zsN2i0lLC2bRT~PklkOfRKj1zSIZ+m?%sLquD@G+=wo`l>p)1q^CsuzSJEE(b59Tdh zO3OZN@2J*9F!Zb2eEb{nB``(JpG97%elWwhRR;gl&N#DhlDZ&{2o;hwMJ;^JHX+kD z_-#@~q;d%u;{7lRg3_`~t`UchZ^*mjFe?2-A!TZ*E*yis=~?PR zd8*xhHIim)1Lw#-=AjgpQJq8Q!EFg7!*kCf*i`S&W(S2|-stN$$R&IrkV-&DM$uN{ z8B3@@m4-Fc_WX}{w@QDPRDd$K7%N^YriRENg8RS(!nN9$jP2l=Zx-_roQ)r=nm9nc181u5*4^i0e~{Oqz9WLf^^XkK@%_o7kZ2J zNL!nx1AzM>fP(AMGu`REXv#dSXfbK4w4yKdD1L$H@ivw@kcfpD<0L(VgvBvd?3EF^ zHhpevEAD_vf>?m-5=38|8RKi7kHJG3EOu;)|ND@_(=E|rs_d?+3E$Sq;PL=Weh;v9 zkhtoPn4gUQ{)Er-kmk=`n3L7LJa9_#U7pD|MlV8zuS{2N$vY*@gD{~oC>d;z4%v8K zIF7PE<8#HaX7fIF+Xxc!wMmyeLMJr`{3t@Gq}^XXk+hB1lyF z;MD_yTG3%Dj%r0BQc^DOxNR$KNe>{Sseq=m31+(base!poTF2Eez@Tuu?-C`_{1p_ zIo~)Hn9)Q(LpBF0WFgpD^KGNamnOhpK8Ag($^J#_FJpUK6KhK78as`Fr5SR_9!BqM zx*f+SaCz+Cqzd!Vd zYl(+Le@C(G)Pz!=ivFPtH7^OGeaL>3nCZ9|LAyFkG^>(#G3sgSGNFJNS`FwD2gZ+3*c!!5wqQGei+U}_Y%m)85(HUx_96x*9*n+p$K((lP=j|hn`FsI)~x3my7@Q$gwdj^C2COC=Whb{>PkV{Z&D(S$Aj$Xo=;AyE z@ORVf0xY$0Wd1d36hH5qIE=5iPQe>?@eL>g(k5!&g7~ZAH5JwV4Z9T!*aoKSm|Uu1h8nY$S!j^ zp9XN{Jl-TPJZsJ8*aqi35zB%2xFbi}5<)~qNkZ@Mf5-vy60#NGae)kFq!Zu*x>PA` z_;`xREl#M7tlP8-Ms1Vdtqb@m2y_s8Zk!h{81V0d`mz6smBF#YxAIP)yE^atF%`2L{#C4mmp6=WgjJG7u`2`ilXK^l1TK9D}{6;titmy8N;qA8iFKDFU^mILV6w1K9Xf7ovw{r6YI$8Z)M$rVjJQemsQ zr^m8^3$V#y`Xg~+F*!jX2^D(<;WIB*95Bk?mFX(mz=*S-$=}00JqX8Y+v4ed3_-FShK7S&k1SC&@ zhZ1Zj*Hv|AAX1`a#ENc(KclJ$Co3sn;C}w`eLYeG=SGm=(AB~_#f(QrwRE-;GWHP- zVcEYz3$ZFwTYx-69*x>KLmX9Yt~l601dB&kj~Rti$Y$jWo7D;z9Yp<#*5g0fT5EKk z_)>yrcGz~l9JS$6r>>A#Arh5>Y-+&Z=!m0=%~V}FEWFpt4(Pn-Z?NSX`X4>&4bO>#LTsr7Lz+(yTYKNB4`+8ue2v8rt^b4FJWdh(C!Q`IpBR%-DL#o5#Eu&e(Nl$W*yWAz*gfF3iD z)e}%`^b-eJqs0K0R&$vxAot4iKa`0K(0PWb+ijHOr*NTXKby>;+$zi6H@IRr%!TWT}A!EwAOP&7by z-Q`05;MtquQ4|ggwmpLRB0dzzU{0p==IP7V=Tb2YNymzN!vuf6V0vD8a|zmWkwbrg z9hkH8T-8?Y253j^aHLyi6PILW*nkqLj2!HZCo*`}<$wS1X|c6>fa;-KT}#F*%#Et0 zC$8lUy1XR+gaDEy6Zeq}`0LrtjO!bdGZwIia@XJ@V@ei?5rg7Fi)hquyHT7Vf^X zM=Ax>3n~Abqsyt(xqvVH`qx7C+PprM?C)$fe(1F%DEC!;(9$FJkWA=56bSNTR&9=W zj4iOs$$X-BwDXtw8oTFT=_oc zk5>2r_9gL9qPhqa_AuxzSaYf8g_BpWg{8*^V@OaRG0gxu7k@f`=+QkRPV98INd_gS z`5-bgCM32HAM+XbFRtkGgQqd|)}(7s>!RBwIc-T*MOO9pY;Ev7&19fbvUj8FPE|AN zHuA>ylq0Ho+14D2bL7v{@V7M)-B*q2tOiCZ$9H{t-v*KQ%zQtOH)s>$xpF1U;%^+?-2z@hO_Q_g^|4@3I!M;?+`)J z1uw#Iyc=vgBd%2-eG0&Pe z_$)7aboD<9W0GMY%&Yx;ZqY4km#bQ3(L_JeShzwdPJ)K22pE*3(qUX<h>eg%vS^ zRV@w^=uJvp1ab>jED<=Atn3mh%SR*8yr+r_wD(K#f&m$B?H9L{OF?|0>`jat9Lpi@ zu!gSwhgIf4C@d1=*7u47YHXag)Tb^96Nk>`h7|_1*ywm|G2!ylswlQtSf;gT?P>1^ zasx(U&{ZK!yONJ|0^HbL--=uy?qFB#J?8*-rw~FM_pK_rTN$KKO-HS6`ZrO%#IQE4 z@tA+Ou`?Ak)>zpHxby|q>xhs=n=U;ZFkIc%KKb>yP7N=`stc5oW;wR<0&>J+#{*Bt ze0LoW$g?4a#K~GZ-)qVH{hf|n{awR)!%!0~Gs(x@7lWR)4h}YR63a`BP*ucEF%RMw zvB>8sDOC$wcE6E!(db!Ysr&cJi;?Ec8FHe5zhyQd?6S0uV9`_I2oQIDqyd!GMn88ALb&+bZp zR^#Wx-GRJc{IkW@%!~C7C$~EQU9(13Rd)-K`Y)}5$x;PkUa7L0eUcs!ypT7)ftJLP z?I$k2a_dF#xp1<3LxY*>>>C{?=Q%mRKY>|-H1v~k!D!d!v$z?$N!#5Ksz9#-vZD)% zCrNFfF5%cXTQac=mU~8^J$H$GnFJ?yfPgEyRGEhGOOUw#J-P5^%XU-a*nJbWt%)wX zAXYK3Sjw#hWf0t`Zbz?VOPj{SW=8q zmx#Nwp9mWwS|aq?)pA+%NweV+Wvn|_%ccox4`FV-AD!&rclaTn(JzzC$RoG27Hc zU+3Lk73^)SJ?^(f2zK)FTIkRI*qrRVuHp-7g*HYC37)xoS5D9oWlYvxMXk(1InPcKK#g zzs~8fAB%0N_=~EM*acsS3jeK}IaZp25sO+p3LOWvA{W!}iB`oDD7@SZ_G@U&6XQI+ z7i!VG(;J;womqy85C$?{8lnO~!GSV&`@u*>!hAb@pYMZfZ5IT?Nc(`4CW!nmL9nMud_+ljZzueDNIrdCH6&hiZ8^f%!3nCaK-mWk&} zNqh2Xj>YKUplV`Uo-VUIus^9B66zzjozl|8vB&6hOwU*Daa2*=UviBBZdH*ok>WbQ z;WZ$ty1jK8uhw7n2=fiD%VrL+g|o+twG<1JHo^xi(FB&MSE_Xz(??CVat(N<*m^_) zg)8Nm7xqilWXae>C8MHD#k}6LT3ykB)pK?q|FPE+YU?!aZT6M`TGPEYyNCT zO?hwVIwNZN2`^1(HuU*Rof}Tc301`1gZx}niz|2aSg@~{N$cgP%$b0r)Rfa3GW#oSv0ZW=-$hVQD#dIQ@JXXC zjaKdfVPuaVaApY#P^zFy<&$FY3w2y-U*Zi|8Vcob^A|ntqceWlB4TK;i_!F70YQF=a2`$=rKnFj$@&&nl;8ci+37_e;W7T@&2<=mgn=c?nfWB z_`#R8hU~#RNh(8F{V0vs;GU!NwnTE%*v_R`%EG6DqT5@c=q>VJw|?Vsc0Fw?tt z^toUwg*IF)vRGnr1*skek*C`?j}1%;5IwAbe^Y+rBtJ`bS<*Mhi%QSF=IVD=Y?sDG zCwO=1Q?C)`_1mstbz^KimO@E@@#Fun2QxRyAN_CosK;C%7&4yJ{^H+3D$+xY$Q@1mWij{G1xG6A%q9O2;IY5KazR$Mi>aI=BX5{7$a<1IT2neI)HVUxszW0DEDPibx`e0rtNt zs}|=mVtDt2kJzyht1AWoisulgY2IU#c}z=-cuCYop68p%m$Y8E){BApyj+rwRZf$^ z{;>-_PKUafrem7sSfk+2`N-ih6wJOqU(Q<1Px7eY#|QG=+b6D8MZ1qk;HM5hT3jBx9yQ6`U8cUW(Nv<0sg)Mq?*Mp z7QQE|tf@IpHE}{;A$?v8eYcKV(USy?%LTXatli8UB`WGw7j=8$GW;@LG zA>HUR8LLN0)lj&wi83St#rnBfy09>^YOY7xv|IV>=+U^1xkS9Xit(*Osd`zU5&k+P z&-e#yF=RWo6sA5+fKl5Tzh^C?)qm}46kiO6wN}CtA2XgGt*;W%jg~P@GC3#nhJCUv zp{%aoGe(0E2g>G3*7gJvnr9E!jQ9FHx**82kH>;R@eDHQOT1k{nkozsGY!Lw4UjhP zu^v1qJf-AZabz7bRKZ3eS5F^tU_X76^}7l@^^?c_?uTjYBSl}nH9eZF78R!^_I{}> zj-^*KeGr46Uzck36!%=+&EVy28~2L9SUIX?F9TwE(!)nxcUU6flo3F-yc-R+V|Uo~ z%>HWur15%vJg=>H_4RsZ`FviyUz+d!YYVJ&q0ccJB>sMUyr+r8bkboJ?OvN|u8U53 zpYRr&ghvdFY-!JJkqT!4;-%!4k&?$nu}~JO)Sb){KQz|pwqhRF1qQG6R9NaPaX84V zA%_BY4WWAxcb`*F_Jn!sFbFy(P9%7t0R{S1#=(|FisR!R69g}&Ts|VWC+BBz*o~1y z|H*P6h_~e#S_Y~Z#>!d7=pMZ^J*dFedYf&+aYa~oz1SlUke2J9o5nM>fni1zZQ5(b zT$fBHIMhrgFqYp4GjUC@MS}1$3IaI43Ea?uz3YeBjy_X2|FbvO5*-C>bn(3i0tC)d z+m(c{`NzpZ7~`i4ISkmRSfM$c5TdbwDZM`i&o8#IEZrToB~JlWoo5ubjW28JcE{jWUZn1!XQ(}uk%Q}cC&x$7zr)gO|r*rqio#-|aR z)|BJ}N!Y@nM;&zi)fJgY9^RY0m680r@5c$Z2oJ6TZ!Rzuo+qGo{#f0Yuy}Im5|9-Y z*KQx=lZjC0M;D~^2=WAX9!o~_2}1iO+w!}(L(k0PuXGmv3;}3PhJHmr5;YRb6nplP z)AV?G9Fw3ey9cdPL=>EpL}d-Ss*ZY>qjg4nX%OeB_u!Y0`36zx}MjtqNaV#NmCD0oDL0GxZ&=89o{tBywH1jN{ z3~tpITJl*!!pdo5>2D8x+{62z+H{-|C0~H~*=B+t8c29_e5KwEpPzJO1b~J6EVW=sAoai_bfpYr!p`rfm82aT6&&}%y(Xz>HGTX`IM>sF9mkdy!;P3U;^ z@m~c#yd(}m_UlT3VFS+>AkyA*l?{ImiAC@TAZiWIrl}+Nff*M3!Mi(|+-zw+Rh`vD zK`A>ZC1hxhd78EX$MB1pWn{-{e+bht*j1Ebb&nHJQmP=WTaM&p{%#8N3mk$Ea6Ej$ zLq%n?uWkRvutUU?>iUr8Ht7IzMI3SA!ip(_LIsmny{5luU+u8(kVs3>n(ucsv((E8 z$8d9pWQ#Ikq9ZRB9G_1vj9Si_ADW5LZ*P!gF4s^I6Yt#K@*mkxW$CRHU=|MJ9@4KJ z+tO>ZePJVF-cHGet(i7mlm2hSbP5k0LA=%kBKId))E>1+8w~AoQP*y8yK>h-Ln0svs8LAtODW^N(8*ZKVZt)YZ0>(gtYjs~a>Vzadt~|VGT}YHf=e{O4!-FgTPx>T2ho)W22W=;gDS)a*jr>aqRrzj&5H z#F`u(B3Qii=&GU;Jsf*20_3UUHV=F_@fm%VTFEoezTQLg#s~U%uw{y8_OcW0=5N2~ zP7jv!p0FQy%l`!=+S<=Nu@rCk9Z-sEPPK6{vc!m6%#8*O1`{eDtBYVLqP0)wD3nBr ziR8elAS5c4V8Gi*3Ym^*=6Q0jujj|&2}r*AZM*~F7D1tysoT6bLacO$M*M+l;kW6K z1$+83%|X#a;_@kKB9(&i@RVZDcI9n?k~{rayNH(YoIK03}a~pJoxl1 zaFK0(cKU8eyY)h4yDbc_=}z3@L%Kv-`JYo>`9E-p(BS3j$%xpYT1$rYyM@N{Fh{;O zmOVA(Z>Lts@MAsk(2y1Pv|zl}x%E)(?K!}Xz(@?4+lOujOZF}z8%Fzj4uk&fAc`LZXsp|gl~nY^ zc@{Yij4XtCNIZb64saOr8-?iN1Tfr?<58%J!HwCwh?b4!%szcnM`lK{p=Ei`&y&H< zT`Wn=1m$_s8_uVRLW8y4ea|JHSc+Q<$bCYhF-*s7+d@J+qXZxsJX01%@~NJ_LAOFP zS^ia<{RWe9zIf@%bkZ~(0#Xw?!i2EG&sp*{mMRDXVT6Ik4PsZkTr9HXx{5O7MrIe7 zy!7w)z4Z$`Dp+hH$a#M86{LYdpaA~IL-#P@|4oxYaIn^7|DDvsuM8m2CseklvQ(eI{}JEqEuUm zG5Dq-nbx&m*`zC1j-0`3V2K)++zPdN&qw{0r!jB)!nJFc7Ubz3@x|!ht~Yf@U6bSu&iA@;V?Y``Y%Y6#NgF=`3tcN;`ANqq7bFSDLX*;EC2zb(Y$#+sj&PI ze4F@$4Udl?Six2OVMN^KRcC{k`xG?X)KlYNe%Mw8RV8VC)ehkmJhKI08ML9Qu9+yy zs*64xyI&Tps53PBRl2!Jdv0J_(bRmB)A`e>86)YSKZ#Ex&?5#fQ$}?nF&?4vD8f0o z1XYDLY9ji6w>9SrANN-s!iJa1BMb1e`tHn#BbUMm#8TCd0)q19=|a=mSi!)Ih>Sjz z?E7L7m6{$eK#fdYi4%<(q;lbv%rp56h%0bXqPc$qthwlDe?pvTaAgLG@m-ZbC($l( zd88)$GPnz{T`#KTg~Xo_YJ!{vN@pho6IWrzka^Fil7}~In<9XDAjHGu^4m^_l6iAP z9Xn6eJ5Y?6$wO>_=dY~&;rR3>EeyUSxt6}oZLu)E98 zg3Xp7k43qrrQ$PX#}Ta970Wat6c{?FqidrLUGfT#PE(FbrjH)Y7fX6lu9(ln#0%2Q z?ClFbbhz)Mp-PCgfT)kawU$|#$h#ACWJz+6bU0M@y&a!Gy_OP2} zOaDYbe%Sq!R)mZktO+V{yF-7rWU{p$5@r#d?HSI)#%;{=4xNA;!;Cqw0NV@N8i1aQ z8?rJw`DZQ~D>$^0Kw#Yh_S;&rFM3epgVkO+>bH6`)(CfWYpkj;vR66tzOC1H zMG;N05QIMGKX@l@T$NB${ zQJ(Aj?w0hQQQqud3gP(gEd9UJ$$wuh@1r_rhb@YdyPns2SX>eooT?NfP{_n02Z|F< zQI1-p02)aJ1zJ7$kAj^fyV|vx;h>!L3@VPpN#GzK`_10|2tS>o{0m9~ay#RxOHNtc zVmHQYXSULuhxOBD`pQ$EF`*m(*21<kAg)B`xXo_=+s^Maw`+D=ET4n}gY!y+~V|{4{=?%smG8 z=pRRD(&)zbG8xd06^YGMYJ{ACc)BYkVeJ5;uQXo?h~IAFSXy6zdf3*sHB7ke>^Qx%m>&?Y=ySGrYx$$D z1lelfvAjT6{2}TXmEsbo^dlb}ajPZXBPh5W;fh1cKq);2Xb*CS6#$rxOsxi$$`-GT#){rskY7r!<&Nb{xjT1RU-#6L3h+=!ZwCn57HP z=?_8esy0(D1#OZzv5CA}*HR)ngBZ0^9l;fCJQTDAO2FS3!7VD06iZ=FlxZMJ%p~`QI<6O@BDb9c%Bv}Y;!D&tVibMp~l&aC$hv7 z*sAl(d>gnw{dJ<+1DW4}E;v~2JG-;|<`5mt)0q2C)^e1j)8-+qQArwr$(C&D*wZ+qQ1o zw(+&~{{1^Mi>Xc3s&W_SWJY8}sksx4*vvSbvO38U<6Gkn@W!BQb__Q~WDLkq`k4Vq z#K9L%PiKNKqNxA3YL`oSyop8d5J-=w7!fD1oM2lOc*~X&z!R$UP0d8BmO3g&du1BJKXJ%xtQoaCEIv`0Zeus z2t{ZDSHx$@(N@+v_EN0Q{qz5T@iTtV8F=GbmL3Z8*Z-Zu)SBsN-ZV2C3H>--yj)az#bs-8MTJLqqV!6#3mbGmr?>2f7vid_k4<+1BZA^fdA7;(~X8!+f3m14cJ5rO7htCxlOW zuU6QRKQ+B-U$v*()9EksfI+1K7^;2Vif#whZD;J`2-Hk@iD+sOeQ?+MPf1nXTle#E zcvacr6!;T=h!5}q@!!+xL7nQ1vC~|+;H93&J@G=#MMS$Z*Vu>}^^v77q_>*K{o-%S zoEyh2t7Bh$>9w7%`cdE6?e!$w_5-;TfC_jW-XnhFfeVn>zoYu%0}4PK+GBq6f%@46 z3K&1QGkVJo>PNlzK>6uI_>mvnyMSbCOSSXSHrcvnt&Tb*wdLvlu&RBtRHMx^<5{=a ze>JhC?1q^8+l<$ZF(=j*qX&7$*|c-*%_T5sZ|JlCMV4*s#nm5mW5&r}o2lKXO4n@F zhIp%0Gw{-!y*_)5;ZEBfw=<_dtv{|me{1N`)V&Vu&e`Nusv*W6;A^jgV1jc<&=LhMES1(D;`(ZXleZQV{{`bkz2mG&?S(C8>t$in>!r=D*E7h! z7vEp6Woy*z1;HIA&tsj{Rv;(8DWArDgR?37;1%YR!W}ke@2h8y?Pc~_o$B>!gJ;9e z@eUVg*Fp<>pS~Vvw0&U3WhR(*+8gGGszra27B2t8gPl}7YDFBAgoNxP2y=p=3 zgCEF^|DtvSuS6eo4nDdy(d(*T+J~Nfu3u~Xwz|ac{316T_sU*(ZTdab{_}a;)-$d&4XYSyBnRr&(b4M40O za2xeU)D1wY>rZFyFu(UNdeeI`x&Exe=?2g(e*SGFw>M#J_%-VIwf`LUO!tfS!;yZ2;+1P6G|dkxCo~fn@yELL<6QnC zy>3=~vM8+Yi|~v8rrQ42|F6oE;}8D}_{))F--v(kH(8DVgjqbjfB&}<-O5jgAJ6Au z)q`(z0L<-P-y5`-!N8Boe0YCA*5(6i4TPC*l3&y}T~0vYH{PcgS3vYP2oKPi0;ntX zOH2*$!Z*<;`OCE99qS8aW#7DFXMTyhKZWuuQhxZSCg+Yt|4<*?-Z#>=Py4rs>zRfY z^6eMXC;Q8l<4+>ZT>742KXj{a+Be3hUB@f;3;GL>xvY9kx%xYlZzU)_Z`$ zhLWc@TAn|2-4Ep_YsUxcrwr4W0PI@8+z&|IZ*bjzchYzB%Y0-1mtfJ`({=s2fe3Uz z&|S~K55(>}?kDC!u7PpDwE6xIs=x>Njpqz%+r@m)*;Ak|jpxI=O#>qX6Gpz;!MnYXECX};icYg%{^iTY5i2`u$u+iWOH1w3 z5;d)+(;K|@T=Q&=>+QkhahA`Iuk=YgID@J`+_V}ta~ibj^qd;C8=cb42ihy)v(A`R zx5BN!^EyT67rMz24i-5tbk)w?haB(Db9xP(J2|w+&K4N9zada`+@Hp<`tC#7@YVJ_ z*zK7*4Rc$X!l}dQw;*_2J!k8VZMx8sb-KF-3<_s299g%!+hO3Ij=QIC=s=78_1CUBA7oxzy`VPluDPbJh*I z-9hsOq4&USCmGq*noL;i5@|A|D%Gpi%Oa~RYAMvNRrC+=sbZ-boAFyUXYvHxncdH2 zItATy<}Q}}0HZmpc5S&^<)f(+uPu7!>DIEx6X!DfZdf_>iJm}TC;iv4TCH*|n{M|? z?QsY5eSM66q;!smt5B8R3%YTpnC~ zhvllcQdWrrd{l^vM9v=5l|hXp`D%4Hg9UJ?%+<$QPK_)#EU6BhCT)7p@u2+SA|9iO zKb$RTr!qekT;QK1%R5wH^RR*J2yg+Ezc6>)fwe20G(9_=59sb ztx1tiXY*%w2Pe?)ap~7_xN%U^`TX)~KpbeX`8=ho_V+i+yZH;a`%$jktmrCLE^M8t z4+dc{RsiB#Ui_n{0npS4(k;gyO4t9}%XexW^O5y$W%apv(`w)6!JD};<)9tPD=07f zjklB!!69%PXk6w)mVc765X?dHC7BaY@x|<3mmS>0yoGTmr1ZP+=K9CtV}ZekAq6S;D}BIrnTg z@tIr*ExeDHu3ss>;Ox)-j%-foc`*8~%w zJw*cdlb8Ao>>XkcRl~>Z2+L9#Fad^~{`I9{+^F1Sp^KjI<{If+HX zv%YuQ64FQIf7lTJ2%Q3L>r$^()w_hZMy=U_{{*31^{dJnv%VZaf{|wd(JGw{B6eAs zZ!l2ENi%V_m5(KrgsQn*#6^D_o187wUC^9kPfUjj=bn=Q8rF8hr=j*7b>e12$1{Aw2H(Q(GwHQ!+uk!% ztX^wJc+fK$)R*}dRlauA?82(fm}$!ccCeInyw>tBB`*klcfny{JT_%c;Xp&gnXDI% zNMy3|-g+9nhr{snou=V#H?&}JJ*e64n#}lFtuaVONVYu8iQ!qD`};|up4+bFQ=MAvt%c}9T}RA2&Ns%N1E!)3)gYb zszrym`rNL7q4})FeU@I0E~9C8B5~}U#(^Wj?Uls>9IPBT@ImFVIieO~hV#}8vD%N% zna1?JcLw=-D0%q=pcki4vV1>Ao`rACacVuGZKn*IWz{8-eFO2-^q0+%fg|3Kwda9U z$VQYpIaojy9NuBQ@l+JjTkGS3wMZ*f+dEqr2Y1`GC-I~TUIk=?;XH#GrK#YEwn&6k z74Nx%^N?dWk)Rr8u8k}d%V9fwn&XlDzokLN1r9iy0<8Nnu-ZCzTV{p}QbbK&fBxbS1CA|mtoBhn#v}2Z;#b&GaJz75;!x$p0 zDoj2`b?rTM`x&y87c?`5y)B|W7?*)I5Oy!bJO}uEsG~lKzt5HKGYOI7TbIHYHw)SB zT(ZoQe|PS%JFIsOMGP9Chix&w3mjncH29?6Y7Puh(QyWlOp@fh6PapJi;+p9duUN- z%Y=sYN#fjhDtB~TB_^Al)sC050czHftieq+Q;vzWN@zw7$t4)0H>{$Fa?%0ghJ7=) zV{WW+fX1R-!evMeROXVe9BDVKmeYLX7NEi=8LyjtW)i)p=~1ESMRV54t!?zux;GH! zMu0tCH}8W-+^_D5_a zP77y{Z#GH`dSb#2s+)VHaDN`R9OQ}IBrF)T^)hG$UKFf_m@ew?P$%J)OZrFh9t`U#| zQjs#F^GvXxQq&NuDR|~AQatF2X~b!v2htCB;+GE`LVV7RZBdOtZJYL; zmS8{#IjpL^!_J_z|JY{T_iIY91j8!6BHsAXiXoB^q_8+bn9%0}0#elLTp3P{7zlc| zb&sjW?$k~XpF@;nfDI|~Z+WWZ0xaKO-@{(<#jg+b_(=wtC|H?dT|Mrx_$&0@yMX$w z%mVkOHV2v<=NgpG)0uaNl==<|gzwdUutHTMmfKt=EZyacAB+_wBVKh+%}73Aa&NJP zZVNOWM@=RK95;YRq+GgL0(Cx}ru?Wc3qJa;oS(ghg=lXTt#`O9)E_Plt^2fAZ%nZk zoXl%3JX`CEQT)qT<55Sf3v1+cwZ}8WhuonHx%r`n{z(e##VM9SO`$DR&(%$fMCX5T zt`hWdSo$X9;VWZgR6{N+RL@i|F8R4CLc*mspqDNxm2TquRi`q}9ZNunTYBiMV~Mm4C{Snv+)ZeYeryI@Rum>G%bHM#tt79!Bl2Fq&Q=O*fuV26kw zfNN(&j*q8l2jw>DVz`rHX}_CQ>gJUdB``b#hsACLp+K*dTkQqgoV-LYzMO{AxN9?5 zPE;h^RO{X*l1!Uf!_vE=U=(^!UG0u3*Zfq)jU^$g1!hNvU=h}O3?DQCwMLL6LyVIx zY;@sV+IDAE*W>uM+tiRNI&5v8WZ5^t+6-4QQ0ZID$k8LXwc2e)`>We*6SX$~mC{*d z>VrMo$1kjRW7PvVO4U#VZs0mK>zS;a3uiL@n4jra4uvsXUJz~Y4W-PR5*|3x#DX|o zTY>{1ohSq@&8iTXVdJ7_ZPrmMQeI@yQs1qB-%%@Zn=aW$@bBiOwr>z%bQ5MI#La$ zoQ)}mwp7M{Hdh>3qawa?1F%P0RD{ytpNwZA?7h{)OJx4pm9 z;E0W~PClb)SMUw5%o$T&oUKbOI&?pR`-6Sb4DS(jZB-ReOtNOhTO>_Ukf(Zzz@~}l z<(8q?C_eo?qNLVb6}&yO#0QSzBX_m&rR0~1o|3pAbh)LgFW8;g=nPEN z5Lz%60j^O1?k*LZd8ObL9*r zo878~AV|ue**JJ`GW){UD)3v((!=WG!{b$oG=O{v=})k`z{|Qxr^pbmq7Fu>6v*ws z%=~}Blne%|rXh7a6+jg*&`m~La0Qk_?Xc=*QZ?A))p0LkMK^t|!U;MDq=ipU{|Vll zzVVW9elZ)y4VGQ<^eg_bMb#gPQz^dL|B;n3mgd%) z?hLaQfEVl{n2PCM&^H*n!vCDPhNTUNavt=Ivmd8!u)jaq7ukSRQLGw?X-csam>fpW zNm;?lx(OKvHFfI=ZkLuk$#=*PKR-G0^`sono8;2DXkSsJ)F1SuIQ9v?iXZnP_l);P z-U-h_D?t|c4%IuT8L+(P@4NKR__jSkM$oASGxKOB`Thi^inyRUa5|4*511HKKojm| zC;p)yMD6H-C%Ms`s}rBqRug^6G#?hvNlOKfc4Il%I6qc~vY3N2@>yn)gc#=9g$32_ zR_g75dvoAP+TjxE*p|}2Lj$UhiW_dc&EVWq?RXAr`F(0D9y(7wrZRjqiJZj+2NAQ? z`|`Mdfb07s8V!3%!FcluMUy-?hz1D1$Nrhv|2wRjlx`lB8?>OVKUzKj&Q)`S))A)Y zLhCq(U2u^ZYIW!(y9X0veQ5^z3wK=2d6E1^+ZfVu4P`9xC9YT*eLe-`g$XZeU_MY3 zb)HD{8v?e=UC>Fv!b1nV%oZh&b#4d z;ch*S!%A4b^cjEtE3EBsA_Hnp3)62^m7y~>sp{1=kFb9J0A4ii(xnfZpQ;j7{;4JQ z2}N!9A*^vJ{vk?Gwje7Ov$b#3pD#FGvaC1~V2|*r*`KO4-;3HMi?+=0o+;+6==(3wG5f zm<%VH$Np)KR$4qeJfZB$YEgQY^x3XJ4w$W=tqV) zLNsv!GuFfV9yL>6m40uD2LhF1c(^KhJ6R5Av_Iv4A?DYh?_2~wZHTUK`}t_+E$ab6 zleE^=Mq^7jk=G@Ov{}Nq8Yx*F#?qGu;UxqN^v{kCOCJptU3re91+wFZRZ|Jq1L-1hlKL?hN!=-hFi0tQ8}ZU)8z z92hv&su>DFI{{6M3F(l|-|y3GMs$JU`U+UYZ=L%0#f%2X=dT3mpag>SzMm&EFvXZ? z_ocAYw1fPG05ZP><$^so?DLZ=zLFloFAu^_OO4ICT0p-c<`+hRiBhdKYzd}klzpR0rs}KL{#|Q zp-Yt$gfuxYpwd;KSwk@IVPTInh&+ldWL>C)dp10Z&0-xY@stjiJb4leaLyILgSOQ9 zY&g)BV6EUhfPg)W_qZM-;lZWBrcY;>F6kaA>H`E^&`ReRS~N;W#M$Yr$Ayy`=CNCY zza%9sK&JUN0%BOuC)`01Cq5Nxa;e63=abV$kpjH8RJ=wD_&$yPD8K;#UuG|yg?<-e;Itv%*7$Ug`I7xNypR&gki)m)>ZUA7xXHZldRc)MX9J(^+>jV|F+En z4ZdisnZF%IpI^G>1Y8U^yq$!@P4~Y7XJKLduGqk(5}yaD`#twJI)}v$RO@v9G$R7j z4jXBhc3uW?T;9K3rd3;pZddEoeE@$^aOo0i6+(d0#o!&^-mCF`K@#YX3@#p%X`{@W}B}y z;B9A`t~Kd7T99_f--JI=xbt-b&uJuDIS|%^Oymwj8nG-}52Yr-X`hectgv%cga)Sy ziIT}DzFn(ctz?ZxNzBdzxGuny(IBX1LeSI}t2~!4EEjS^7oHw)bzPXFFd~OHlTB#F zHFRX60>fN<{A78+0Pt@x7tS*F1S2CKcr3u-MTY424$>bpyEh>@`ICrVB9D#f$OI!; z^v9*<7ZIGgjn=JN%hxb|R|*HFgyQA;|F!p5_w@%iWILBfqm&@sW$=4yo01oRdC4UM z3zPGDo%=lkTVWB{G3Xt9&At{o!tSlQkGfyGQg>In=4U3xUdUDaTC^qamYzQ7# zrDoI6Afpl&1y_57i4UpxgNk6kY8_KSHE&*5$0QhgI6&ebu5#6>@&?3(0My&8Ki-_w z)?kGS!j$L^)vgZXz_FfCXQ=u`$}YS|!6M)QPs|BKa7z!Y#hF@im99dCa}x-h&VN7b zMy_pDezpFq#X$&6Zt;J73EX5MCcZ29#L07am$xYcF_0&_;!aq7B-(ajsjQNp^Ez%&SyT6xiS>_I_xUdrC_Y+j^#Hn zxuRVMZQ&rn@k8+BxQ=*cH@&hM_tiiWxJImo3=smY-ih#P1{>V-Nkg&VPxQZwgnKvjzFoIG77P>aK2n^B!)Aaj50~WfnC<(&(SEFNY4H zyLUlhvL!m!;4IuEi!vl(wT;EP!D(&98J&79eUJh@5SgICBeVd6-Xth7q{Aj56ma0t zHwatm-;#T(X&8A<_4Ol-k)S>O)*x2xBwq#l~rhlTR|S% zcx`&<>QM}C4$Y8&SL72I;|mF?-vqZ_ABWPbsN&k?#NA@9a9cuh<3MTXA`#e9-usXK zmd#0Ct=H%^GClU_z9hops5KUC;h}*A;7h6gCGp1z8q-0-_|1dvPM+IF(eWJc@GUV~PPx`lo3;#ic2nnA3Lca#bb+Ix zu-}Q!*BC@F@J4Goi0OzbNk?AL(2MA#k;p0LsADbjRhSgAC2&v`t=p=!ipB7&S-&XJ~&1lr?7+({dyBtTn?EC6HomYH%ufl)ABrm9Jn z0dJYi#Xz;-d>Z|c7!;EvwXyCbn*=jQ(N3~yb>twzHDg1HEy@e)FH5 zU;4owk9w?ypr)2Ik57J(R8QobKz7$y@c?Dsmg^jpNf@dr^MkS|0AKkCwAdWY9%ciS zNQOB%;a-D}$$|4ahTea^Ib1cbaQ-dS{M?HEsddgDoYY(R69!TgFu)g9fJU4la~-4R znR;ttfQ;b4={vtvSYy<)yy4WDMG~2@Y}^!M+$HCVYTCu#4Qi0^b`pSmlTtAU;1mBV)aH`9$XvMC zQh$aO-G|`)qds|LgPeE{R0nsDyB2zL#_|T+3~8thc1^EM>(1JeM~;95yB0=3g0|(y zK#C{JlaKnu{U^5}U}1e=a|oEbpz7OPo2&KTp-8g$3{pU4DkgkOgsSN>5{3RcYAP-x z5Fh*oEk$OPrdc#vDCmC%#UYvqrlOJBApc4Vnen&mJt@@5EG-Cwkd+z%LI16+WLloH z!+J6R$EJlTR*u2o4Rl>)YhOTG)tm}A2koa%$4;WY{N=cfaBI8qhN zN&3E^Xwwl+fzA14vWNP|7^wds$=?es z)I3Hi6!8JPMPp{DZ!nR5iLnOA9&seSI~N>lyCDT0=|Eq10-oNTibCu{I=+cpasO64 zBlZe$5UVWHQbC=hCs3i4NM6JBt!7CnbGzlI6H()`f*x2kO>+x78c{P&hKny+w&L(! zBSS^I+q5kBLT9PZVyZH1@rEdFv1@4OPyI5{`&674a3nhs2JAITM)IlRN4{h>0V&>H zl=5UM2H&B3{DY=4{-`NjRcatqlO&$-x2ssO(hzCs%oHjZu%>IV+-<0d6YTfQcJc)? zj7UqEpYYSx)RyXcYue#+vYV^{TZ^ubr#~J>z4ArF8&i@VB{8TEgDzpW_u4RZNmt=d zRJ!nkqPSYJ!#o@I7;0Ac`0}?0Z+>T;_H8^M$xqdKs6Q>KO2+3)Uz8&*KT?=cuTWL| zIH>mGG(t_T;U1V0g{w+L=M=2@>~io^r8t3Dk$3%@vxd11ia4|;w^%)V;zL5-c0JkT z!h+ABzTMrKw@`qA4xXS_^|)5}od-Ak-Pt-h;Y{4M75}V2{q^PC0u%~Mtqq_(hd{Fz z8cz?_od}1n;T?F$ma}IUL>409okUO^fIN=KREVXD98X=wJml!6TLEEJ}@mv#bhe;j|u>RR6Vd0MxWM;5$c#WT@``h&abh| zC48%NeoLx!sPPDzT-X?lBoDg*`z>~e9Q7gwCk}9Fk9>d=a-gfWL(fYik(KLmMR^j^ z+owcB+a#vK#ufw!AV?Q8?^Dfx4E}5Ie18Ow13r}HqC37j(AjbVMma(Tp&18XDB;Gn z^!U0o!B$%)7ExED=u(t+SxJo@3c|zQJ+wKux+sCvq=e(RnEGNLj#52DLyMQEDi{3% zE31E4Q6)L2S{!z>!8ZLlRhD1RzMQVG@1YfS{5ZVbX7Cj3_ZZxVNmDG@fClFn($!ow zEELxd?FrMiLpUZ@b^kY^!;TJ?lfwiS*t8_nh5t`G%aw}~UpI23LZushMGQ_ucNf9s zxWbtGw}TPRP*;I)gfDsTFcWP&ff|^&=ol}a6J^tDUl;{uDlcsSjUr0DIgFtx<)%K= zNHTg`;fn4u8N6Ai6y0OheH#V31IB_H-XgYh0DN^?x-IND=c{Bt zy*bg87`h;N1Om$UbnPHXAdV1mc>Mgukab=Zis~rhZ=ycL%0`hqGAOP!wPL?qkn3(m z{u}V@|_db~J}o2Sk`=2ZRDxgF27wS5y0Tuxt`wc)WErXB8` zSXxOoapx_zsRYxt2|-5892patmFCzI(F29L_`G%8r`#;Q{?xs}LTf6s-qrPOd=xk~ z)?bCZ6@oQ>UN8H)#6knB1kf0Z)-Cq3`q*BtYvv9Q`&(xEKqJ*5rj|4(iPfeZC1kx& zgWPN$jZh3kA)oMl?p7?#q~)9i@uF+SmPEm4GW!L%Yo*N;oz@rMR;3{`ZZabY2JL6{ zSq!V1+a6Zmz+bVcjI;~kz#6LeK*>Qh6fqu^#QMrNN3;B-=Vls88SCSn^A)#=pfl4# z&ef`BQ7OM2&*PP@l`Q4KAjI-w$MKl(2to1xM6e`?I(U)?%XuQABu=GcmMwh#!%s>V zIydvQCYEHVL@SHY^o1DhlaXLR6;HMm(dtNY?orwz=^=WTRd;)}#>UzpD0~snBNw!1 z18A`EK&c7UhmhDeuwKtPRE(v-fgo{|k z=M{K@DTqQEq=vY3bHTB&yhy}OcI4`Y?%a}FL^SE93dqFY|C005TwK^~_#-%YRgt+f zHsV2)4KL71u~|$Q%qa^;H8HYnRy8x6<-;GP*-)nZrKQh062E-eet`RFVvNINQw$Q1 zkif1^?KjTag7UUAvuPwgYGSP+a>P^iYjVc_DW@tnw)=2bb*#d5PIIX}!6r+6cF3V( zF{6iiu_Q*0cnAsi05{7=${0BrX+*283vrNVStN!-4~S?ekSWruxh&ehF`Wcg;sF;$ zv9j#9iyRKxDzi!6wI-|#cY&X$JRxFNY?I1oC*%Wo`T57eAp`^k7`On9Q*S7l#!T2J z-ILL`K+RS6GJEk6DfNc;V-u`&#|#O%1-x=84k>qo!)Q$&N5SkYZ z*ga0~N%d6EEC)b9v1rk_u(fli#VDms5ChHlyRZot{aaj)(ueKr35UdBGlFGftuq1?>WP6hH0doq z7GH`+C}P33M<<^}IlMuB3;biooXR534f?V}w6m)IH!&rbR$~YqHj%6@J*u*u*_%&M z0BqOx-O3C+7=>vZdz1EL%T!+!{13pnwrr6sr1+IW%A(JX-2-H4i{8?9esK0=V&kEm5AEVW`Sk}Woyt72U+1X`)H+Xi~-vPVkYko}M8emYE!Bv=T_BOVE%t zo?wppN3K_qEzG+K=OJ*GOufXUe|rtj?hLNB!7;Hn=rKg3x9yb6`v-UWheUEEQQJ0D zkd9cB<>W(lA0)*{WLw)t+@r0g#sNO8aI)rD^fAV&+EvSC+4GMR3UR;yx z4GgZoF?MIssBFXfBC%d)FH0O0lEj(AR+{t)SW-2Y51?XYFneTv-?F2zay5o_(^gsc zPUCuLEhtQ&qJP=rjPj{~07A`{_i!R=E!-@GGUwxdu__J^o{E%djO*%6%4ygK4c# zK%v-QPQCu7dK8zlsy~+5w?Mn66+vzn)7hJF2WUf>`V;^I$2jn$WGFH>Ox(DXT@U#J zciGR^hOOOFr#}^L9I`ZsqMjTE{N>y-g-~j`E?x^o4j*w zuFZJJ0Z(MEP2Ga!J=*PfL1ib7S?^U$TUr`M&eXj{MWUbpCNez=aSzp{wVw=e6PhLY zl#?ESZE_p6ev7@14DJKq2&_a%2oW5XgMPFtg_^l?P+#^k5ttBNdB>cVTkA@yumXRDLq@V|iP2u%&R%yn0uNePL2H<3( zw@9{;=xy%xpnY^t(We%vsi@0UMw9@+TiE)Wn$M|~X}6X~IX-KFyaLh?htEG;$@qBJ!hiI3E^)Zh6uWY>*LX1Ib2)CB`D zRZ-c~pP6;STy#lAt7*ZR+iObncG2B?qDzwCO(QTlEOjEU2G&TFEyz)foN&kh%n1oA zWSF!S9#onnA}L%vVa!`~(K??FXoSwo#Bf+eVOU}Burcrat?h_SyK#8e(caxuvlWQy zj6MP(jfm)z^>de?&*=mcFMyrUsn?3oCx~OL-KDpTWo&Sg@RKYaZpbWZ2&ZLSgi+{2 z;vcG&m9B8=dnAg?I1qllru0-b#P;*z^pV(a^svJM^QCM>;(@?^t^;ghVmzfL)sK0> zTA<>U4HP}{;C2YaH77YLs>Jy-73U~{2QJt#)+72#j=hC19or+ zyi*GZHwT3bm&_2@7{jM%P8XYNCn@bOeu)o;kBV`yjBGQMUdR?jRaW)`|1wIs{1kvv z)L1#c;7dH$skIpRup*!KQaE@)GIseY)(!sOIIR@+Wd);|B1Vy-#L~vMdJ8S3nfD;s zX#MtvTu~Q-pWb9vFZ9ico*(rnqDL}>uZK2|ho4>EyTL>j9};`r$pA1;uRnGUW9oak)||#kZmu=^R*>+{J=pRe{uYd9{Fwcop;G6mo1Vm0HzDCJf%jj_Arqm@v^bL_v3nz@4oz6#1^O3AvoLVlJu+ag+*H|g8czlCF{L+o~n zvYFNi)H2YQzUaI5`b0iOhuKK4EMdB1s{%HxEa~dj$*=iw< zpF>$Ux}?`g({{WxKaWTcPX7uG0Y-bm%Nor!5Lo!n+~w*6<$xjX~l{P z!UXTws|NYNL*+?25LfR1w@}s6z7XwIOE6~h67@@j|9mAYARi^n?=7kv{f0%yV@Sgd z_$;E^%I*$ISmF}&V756lGRQjrNaR)$xsW?^=N!{THE}%!%x+c@94q&nXqpguVUT<( z!Z(SGfc{ghTIu{q5M#sbNWJ2Y?|o#-N9#mM_oWbAA9rduH^@>z8B)SgxW4P7poYsH zwA^0YF;B1%;yNMK;WLVTej(}Q@4$SO9?3|@&dir1%7*_ol58dbtXu^?^S8IslBC%e zcRY%l>P27r=A;)346Ci&%fjg<hYyM9nc~kB zD2`P_)QF8N8-#mOHnIq0vNIn5k~ms@>8v~~8?H3DH%f>{%e@Lq5cXmN2W?@Ct3sVp z8v9#`PaaF8hiKQadB|{>ml_G%|5P+$6X|_zhoxj`fc8p7xO#dCY2Ngw9)X!<)s@IC*BU6|CO^*dM zQwmf!kg+_Ae1?r$-V?yD-~G+V>X#TcZ2ei{J5pyelb6l}Ezd}T`5xSGV0w)!JMQZY zPkHxtT28zCQqxm9cd*bmSVFjHF$A6ay-4mN+iFT#FG_qj)XP?)-wF7p|<& zsOY7OBPy0P@q2AAvQm5goY|X~lZr#9!TSsoQdwb zh2uA5aI4FM^g>j;Qw{zbPdj7J*#ZB{Tmi2zP`I@eJ_tqXvfR6gq06YV09%+fyb|#; zDzwn|-|X7YZNb>RQzK%RQ>8$QH%6Z@6ft2t;!`eUe++Vd#F3X1$yz|GTzZZK`KFu= z`5(dcM402T zsqLC?HN)bKt9?KL4F@O+EbIMb3n-i2`apJ|hns|62{Lqf4sV#EPDV7_p%X)gENz7Tm5@@Z$3dDkY)7(|%MY%58+t`FB5}}Cw zaBxF4VwOp1m_+4;pfr@F@;eYwy)E4VSv^8O@Y#N0*Op&3D?{$g7$(p=Zv9dFkOZ^%x zvc?2TjeVLFL|byG(py;2h;jyMH8Exx%x1TWX0i2-x?|5;(3_LplJ!u(&*!Y;@XJoi z(pb)^NmTmaYiU2X>r2D7$EjpHY>aggMo$73p=P0)Tb}5;qGAecRC%GciH83(vomax zQ4vgN8ljeePs@;s&k+ro2<8@p6c0Dl6$-I*#C{<Gyj_xa)apZwH=z^(o;kzL5xX}_nvcg1 zk?;YWye~G{U*f+p18%81>9(9MF%LW6OjnXx;=ByXjJ~=*@x)A|jnk$QRDaw*q|G&c zGATkM0|x|Noyhxw&5D5tcGjAcsCGDWN*1<)8g8O(;Tse4ENnZUrUK2 zE+M9#1LdfEBHk!SP0(jXJ4&nWvV}Pis^ODEm*N-cZLn8*!|?1S8I}X$NiK@j$RvDr zAsuPan#QLuTI?cp!qz*l?EQ9bz-Y~8P1<7WVu@LNAQ+4=nNp(WUH#v^qrJvXa#ocx zYEp=-1un)-Ed{&7UB(b;%T8e(;+Yz{9MrEt?2WD$>^;*0DRwic@rY>(fcg(v2lxC) z=MVs9z>i^Hkr|08spsvMm8p#06kT9GB9`QqEL*sL^!~WNjATNN{)Lp!1uSBYtlr04 z95Ol_BV!?T>iO~$C$(e&?22w@#bJiT@l!dvC&B8#Y<@n+tGNFw28DxhVr}WkQj8VpD@bzubaXrP28_AAK?kG z7-{qKr&T1EUcf_ynHK;^Ap~OF&9daTDH2k2ifT5BS@cvokp#S`UaX?1SbcdMv*jd} z`Smtj1>cT~S+cSK6C;TC@LTAmeR%mh`>2{n6s-HBKU`xi1x+7StFoo9z(Edx?f042XVJxBv-7v}il};WR5`d9#8XbV&ad?|iW; z<$EW%+$T=ye>5E`fz^S+oVrXjv)xjy`Q)M{Y8E>K%URHOAKOCc$x7@3mW<0>IKlmi z844I;!$z{TBMuOuAPgv%B?}oWh7NhnD69grYqs3CB+4o{VogQbDJW2oa&x|IaSM1{ zI~w9JsInm5RIb>DMftV~%+ae% zEh6~jBosgq7@@IRvF}es^~M^|LM1hC=XRmNk+8<#oR%FMigdDK^tePen>MZ_j^4MQ z{*>0M8MEQ=Pk|rNM$7?jylk4C>*92(4-a$nO18?d?pO6vhXsa2$14z_WQ)j4D3}v| zEQ(muP&XIKRN*=j`D!_kpeQGTpK$@>?v+JTA`gqD$q9Cnj%tM{VH*rPt!WiZJ_kru zk!*G|OraDMCZw?%r7VpIjTd}BmOf0r6;4UTSH^FZeG%kj%&$eWIEO4vjkpGEQ?I9j z>JS>ugCHQeD>lQcuIlhkb~CvFxJU$SsYwk$jJ#MyhmD}WgwuQA>@Fn5K<*@~_vIQ# z3^z_bWl2%f^^li?Ax+%yUhkGhsOlL>hSs7UOF++z%j=?8{b+t;Uo$TW#AMt>n~pG| zpxJ@+_M{FMN@o;(`CD|ce<60WjIu-SnZH|?6OAD3YaB#Fn{CSQ7jy+OjdTJd;DUcU zGTRJ2vn{ZwTaJGU0N<>Op2I> zep-%*>jDBUmLT*A=WUT31GBMOwH8oxU?F(5vcC}S0VlWvDQ-*IGnnLi_U#ef_TtzZ z-*j+a(c0I!Y2O`%CvSXF-p`pcea7?b*B ze6#lmZcN5-17n*BKR$ist=mJCZO;{=#+4#QX^&8(`WpsF??`ehC8x8%?^~{PopBX| z_C0wc{|${C$bwGekBgprsE;YF1BW{TWJ(R*oE-yC(1BZ^3H4Ps=&QgPtQjPa5u%>k zBpt9XU+uGm<{pn32j2rj)MM?`-vmwP*eF1{MB!!JOzjQ2h0?_mGK*g zTP=68Vqa6T7`#?`PT#LmxK-M48?d%e)I0uoP|**=Pb$F%b?=?^$QNaCj)`XEI2ls&#^lHQV(b|FEFPh_-AN zixcfhY>2I!C4GVWK7Cn%^_HwL2^4f?X0ybb6G5K|2gBc|mIOi6m+Py7y6#!I*=7?N z0YBxDZ<&)J(*FGE4fB!3(B8gEw_%6NZ&8gTy1wAMO^K|FH9M3T+m7@-+0$CaosFUX zJs?7|cFiB1e2OR=?)66j#a`-R`oSN@0UA9fs*v|SD1vA{4NH%tjPytvkse7|>5()lJ(9-cZd~K+ zDz=$?kZ?~f^g+TMxwPUW?Z<_?Zi)T4HqmZexa*eKjcc>qjcbeCjccpDjqPDm|10HNOv5q>MBzi#Q%^ChFP55CVsVkNE7c|No@mUqEwnVQnOXv>s!6=c*Zyc!Eve26{~e#CuEVyC2gws|4$_)l+fSXMK&ZeM$*2w!K4v>iMJ>ckZa26~l1jomnexrsyZ%-*uZHqt^*^My{PJist73?7pytF+(Pi_f59Q`)6 zo-9RnE=H7pvjWyNQH1V!cW?x9P7}IRCyU3^qR&JIEW|Cf-}nz;k9`^spHMKK!0o3@ z!98)`lKel+U44vP*HwRC^XAR$?0UW4cx^XHHybCr6TGvrt0t*yTTZfZFikcl&WA`{ z*0Y{jd-h{y{pPJ>PiGO0sc<5kL_`It64EZEErFIIp#tJVNueMiM2k@S&kI6G@F!BG z3IPcu;r!11cpvk|n>a;6PG)D`$G!KRckempp7T5BD0mbXtt)0xP#3t44-%@TmX?7U zWKpC>N)K_v#@5cC>e42qQ|j6Rb0lRckPA(cqYlZ@Tf2^9ERlYW3Idp=_tUGI&%a=> zT%~J%!O?P6GA3}McXI2&;`9TZG04HsZ%7kMz;=qmbf8>_(dHZYz{?NqQ$KeISdw$_ zCXGDZY~af*|71~#0N`r7)nsUi^aDra40CJ^4s9SvQlv$t;cGb=#tG7Lkq7?E`iH$c zP3S}=@f%LnKoj_?diOLlFRO0--_KaQD0=+sedl9F(e0aFyRN`o#+b?P^+9odIX0e; zCB~D2Z}uI_J~{1Ld%B9(a_sk3@2dDyeDIjE$b)jwztML%siNLDO&U)@^|m1nOf;LZ z(cG3zoPI^R^>}WV|XTBGI4SkVGh!{S|GRpqV_H9#~KH@VGbvtI)es7)7wv z7&AC5#Q;31y+0tmW64@H08D&Yc#YsgrE{B{ElCt(+ytmxd`HPpVixeRa!99DbB`E- zw^Z0HqEMs%QZUfXT{SmLTgHYP40hdau9m-QZ{&laZoZ2^d(u3b$54%XWyk99hG!bV zPJpUv9`!Rqy_ntHqSN)dIcj&X>&W{HbbmqJ&upkT*YQLZo%T%U$Z1jj{PW_-9sUNJ zWp$p;s5(8asjnh+;gZ^(ZD6M|Eeom$R&aw5Vyh~Iw=iHGI=#AGt zTNC&l@+*DQP^|wi@PR!pial0qVIJOA;*$Ow=%s)~&yD+Ua##xKH$HexxhR+(7aIC^ z-0q5}3I}A>BHncEkUx}SL|5?~4IS`O(WbhAkEA9S@^}4qPWsgi4h^=zEZ>K5e}u6y z2=u|fA**D$G|xT5df&54W@jw9I-+_;ech8FLtqHUBwpX^)?DXP!g;YK-SfPc5|Pfz zYqs8ul|2#qHFE3LUpK>DbFJW{Qq=1;u{(V&V-Z0tzY#4WI4?Rold1s;+z&o-|8LpG zh>xu9!1TVG>TXxEyKI(rvmJtk{7tIElrEpe9BiW}GHcTi1#P>Qe>Yq6Y{aV39^8Sc z7#PUYqLi&Q_l`MJ&V^(1m!v%+(nA@C6|Dh4!^EtXK@tvJmYHfLmeBVi)d<-S_n4jG zW;khU!tzdKu&*T%VN zb#Pi>fFlp*v17-^0lT4vbQE}{#m41e-LFqg`t@@-K3VR$6o8;gn|H&+WM~miO$vKq z>e@^G8nu~xPuUYAecROJVyiW?Q1vUpqn4viRZp5QNn~pKUa22wP^SV;jY)k$ys$QE8`HZJfUl zOs}uOpTPmnaTlo?hCg{Gn`Te>)pK=DNj|mO;;`*=Ft)IRai!W0%7^u(l}aVPwARHQ z;V_b?z#v|!u*XT^sD+EP8H-HRUQ+>WmLts=>cfZs-w*bom1=WYpkZW8rMRT`aVBr# zjnB23)6yjo>w-p-K`unXe`E?hr~*VKmEz~-I!8Ye(YSC+XNIkIj0fQu(Z~qi7Hur9 zg9UP)WfDpi|N90ahQneT7|)gZrTR*_6f?59v<$G5fH(^aj1OZ7vP}yl%+X3%Xoqey zU6-D$9|BL`wHW}QO?ojy=&#*{&j5n z?I0%v3H^6F`#%T=?w`hMzah4{OI-5X-y;(snb@}kcFj`iNZFnXJqBWtKHWLGtqv#6 zqU>sEtq0?i>fWjHWZCiml9eWWgn0hH>!;?xg79(Ih|=GdGF3ThynJhxpI(@h7?3A6 zr#QiGdp1IH^c|Z8Vcil&3)c8q#m81&c=oYt75;o|&O{R2Z|co%w4M8sDc_zjePlVF zVRJs8lL_yT`qmLneaEx)zr43Yf6sYi^gsT&mRbCn9-BPg=5a%suaY+Tn*B@0b56~v zxjS;a3rBA>c_+HX&Ujmw!fli9S+X3 zb~8_lffNw`>lrT^*G;?HGF?KNf%E5k4byQoFo6?Bc4BP0H;4c-{gdrKBeK~0$A!fm z(;Aj`{^i0VzlBtydB#k77oX{(Dj&`jaOD|m!`!eh7J2%U^6NeF=%dpo=T1C9TeYt- zqJwn$dCae*_8WR2D$lvMOr;EeOWQa7Rx1#?u@j-MLc6t6^Z!1BF#kx$4!Y9jVc4#$ zb~MDEHH&_A_9h4wr!@RU{gOU&!l@qa^clY$1y_?j17uEWV^=xs^VP2WW`fV#u#yZ~9 z)A6>u%27ibPNn|?l7;vFq2(_S0YI2-Tp(b~kHyAuXL=l2PMNf2UmMNuF_Z`Hs`bil zb}*Z8Fk8kajh{81G`>PB9DjwW+y57nsl~(mjv3{;6Y7BIEK5*5k>p=Jq@ywS@UKL^ z{F+Knc{}kTRNx?PRHG$w)rMIg36HN5uf6C=j#Re7;nPfk6SNQ>V~HD%iX%XnMn{R& zz<(I-5_SGo8VmEQRU~<;`&U8-wiW+Z4dzH5Gd3Z;S#FAw2Q9tX@a97MiF) zk)2Y*A?B5lCtEnN3+zB1@L!_aI~6TV1s+^xPb1BgqdZhe3gm{MO?-x@*i>^sfn#Z@ zoDk2JwMHMJ57fi;aZhLWBdcq{6;0nGE7jG7TJ_im>V!Qy{W}8L>#;>RlI)7-^9{Sv zhVTA;;3Z#(bGlR?St0jk&*LQf>6b8M`3C(+{enb$)};KJo|NCz${kNnyWf1o%=md% zN&!~$tP;=3{-Sg|H5coS5T+y|b9Kx`j%^A{&o$N_uQnTtm`t791#+vg1_U}E8(&y& zp!SwXg_Fe-@s|r;C<*b(ffr*n3$C#)H!Ers+c1b_a!O82Pz3>^y()ShPgJ66H&z=f zRbSb@XrO`xMfhHQH(SL~@sIawD$g2Yxl!GV&a?wWm(cT{Y%aER)!#&N)i@9}3ie9a zGsdS{?F#)W%e>HXGl_!Lx+R=Z$+jCS2!v$J*xHpfpthBv!(1dP_Op-261VJ z`tR^5)o^_OV$NIDIFB`q;L_K%a=#Pr47lleeOnyKj<4W~GfsLbMLlPag zL!#q`B|2`WM8}Otblfh9jvJNexLYJTZns3ojmf-Suh0OIon2bdkV6&B80?OwvjDu& zCN)Dz(erfNNN@e&GlJh`42isAwWfrzLC8oLUc$T#?2ofH>K41zzD9wsCzWb?*S$u8 zzGFRQh}7Q9bXmDZ;eaJ)+465?{EWGoqa*H?=^yTzK_1_)nxd-HX(RAzyz-XZMN8yv zl$J1ogxM>?$k_ska6Pe<7RT>umkXimi+m~iNrmYN!{ab*-^91?f&@bka?xrMm~0c3 z*r(84Y-eRR7@UU;C1JqY`R^)~m(!zg<**UpUf%EQO;9R+Pyf`~OfCj4j2U8=gqI6I z(U`#`vI3BcGyrl!C@Yri?u2ee?ji0@dD zmK>Sb@k9?o=Uz`YcUsak*$gB~Xq)q@Km~ z&T&mU3mC{2-M`Y7GE+q?B6H~||KGVI{syvfrs@5;o**i}EhqKj`43y+rY+wHoaUC; zmD>y=5g*?WGpN8=-ZlxVu)x-N7L5*nx~t3hi;66mW}LLa!KMBPp16RMbZ~Vo8wknG z5!>e0{~_9dyE4N`ViEM*(1RS(AwQQ*g9|O8E&|P~Q1jneNt zuIUT~x8OUDKWj8EICR(2?&adECaQYjANMwf-d;6X(UK#gU*p|8f|+<+*3zCD2@_ls z>_xeBx>L6tUH5_nQc_>zvA%p6GG%V=izSiDW0yDAIX2M(5&)BOg2gg^uQyj3&E*N@ zq>C-nmW)bJo1adhvR^K-vKiX2_q~8+`!T=WL?x3iBtQ5P+L6;4)tRyqE`I2bW_t}XzejW+LQcx4aZ1EG@&74;vA0|;xB0}rD=hTpp_QBb$KA~FLxt@U6r zbOTPvkY*8h=C`m$=6H=DJjEe_RC?caO4cZhR+a^ajNuXED4DKhAqD$;MQ4;$&LL7g zEpx~kLH;1SNOyA~UOGBr4OyMr5-Tmu-VzI~ApaK&&4?rFGojA-cv5iU=;aYP~W<3o5@kK;puCR&L^HlDS=PSwt9p zCYFpqSN2n70-0?oSF6g}p{pq=(HuFK{eQ(fD@9W%Ho+$FlQ#!QNy7~8f3zTFFJNSF zEePRX(EW>duV1)mr-T8hRFI*$7!LCF>PY(K-$pl%<-jH(DP;9zlgrpK%AD=EogK|8>M+c& zG#1)`B6N18WG4>NhG`fN&mPKYPz)YQWt|>Yt0Vo~gLGmducERTVTFl1!b$Xc#6zmz zo?MrD-m<#}%vVKfA^xh5_i>e`#$mT?~XyK}_2cVnl*rJx3g5XAeAGZQeH2(eUb7kRA#SNZ)Pjzk-QNr?>n3r*$w?# zBe8LHIoWA65=)E(gYa`19m9rtJRdVDr&ipyAavnb+A=nE70nm5QB`0DdNbcI=3h_^37=3Z@CA#Ef zY#6sDhLKY4%X>17E6ji1X0eWMyzA$#3*5hWrno)0@knIlgS;ursX^^0e z4O~R-oc{^xr870xie{XgXnO89V#Rs=Kfoiw15&m^uiiY@0(hEs{*d17vg>~v&-go$ z!e~gXF&q^c23yT}8R^e;QJh#X**z8;pye>KLdoiRWl93f#u_ErT})H3ZvdGp0?rf! zzN-e8k0r%7^qWe}h7Po3E|NZv;2YBOq2)WAHCV*iwb8_n-uQDSMCXtQT;Yt>$&^L3 zjMnNtsx@*P9Y?%8{nUx+2S|VUHpugvcqooo(U3$HT6aGPF&rb)JhCSE&*Qo*MB;sP zeKW7zI+m(R)wv@%<1^_0p(E`4KQa5vYiPTd`YyNL(7L%k-dq+&ElIG$_pj0EDjr2k2+giJ+0ps)@nlzh1jC)#X&1F#(YY(R?d=2r|3#8l~f}K z#(VEUDjc>#$9ib5tuzqaG^GwG{9M#$`Lp+aF3|?vJ{!xb!+mm>@k*LUb#DjsV2`RV z!^v{_ zMvq@Xd7a3J8#SBp)GTV#=q)X3*$!?-Rn{YKjwRGb02$+eD1ocZkiaiT`wQCn+!B9o zEraJ?&-GuSSql-1rlT6Bg}Cdcm*0zMX*_%F;pGW^tUvb>0&58I^8C3<3MR8=Yw9hJX z%mW6eQ`F)I{Nh}`Pvodm89ydY$~z{;rxGo4ds59W%lx&O1LS;uh?Ef7Dlb$6;#*bD z$6FoO7Bw`flQ*eR>Y`Hz#;>4`9tv5;IRO{hR8_V_Ags*(!{9VMR++){?Ac^Y8AdoS zvpAkTt5UYrFIN!`R+;mUSge)}CWsd9%6Q83oOqQ!zN&?HzCR8EF%Ket(uNh7T&3G$ z2Mc2xuG)-gsE8th$u}G;fPn&&XYmjy^0#`H7#8M~|Ht?^Y6+i=J{>yndHJ7a2UGUw zQI+~zc_XS5Q#5-lx;O=P)c$Kj`4SO9=?}yAPS1fSqUYEo{h5v)f)xzTxSDgFK|o#0 zKa4Bs3b&Tqf*G+(+F>4H(*7^XU~99Bfb3i_5R^6t;n?fuh&pc9rK^ju^fH{tzc|}< zHixz_0{FIPQ+HeHZW@u-&2_!`9f7ksjPqS@%jPy_88MLW9Oucy6?&mwU>N~z#@zAK zs)_*eMy~`7nj_<+cLhR@N<2)*sXTvSMeG7-*9Of~_|J4 zBGfY!Gz|Peplx z$1Dl?dz4e*R&^D0^?Gz>R&Xv<{i7X9`y9Pm&b00;Y~sR|D8t+O>H@NH@o~hPi8QT8 z$0rx6{^Wsi#5UrOOapnSa)0IEy^zwWgNOK-Ze@PqiYl``9}QuO8yAYuXFp(*(GW18 z&-IS;v<}~$K1la`V&R~=FMa024>7ZajFx4eA8m9F)6o`~2e8(zc^)2POQ?4L%iOmBxpiLW-4}ohEVx`Qmn)K@C`c5^g|u8gM7?NA zBBiAw%G8pUs23l?f_t$`>;u5wizT%X)^SWbmYuO|HEHch+$rgalcrA7N#eM6CvDxd zooQ32lX#|03%AL{ZW}vsJxS_JYb6$YzH|Qn-V5L^Eze{+6}5QWdvPDRk7>ooRjTun6cOEKl5KA4#R6GsK#4m8R+fH{XSDl}5>Eo+%H zNm9rtaFVpkP-2N-m#fGih+Z>dhE}%vIM?`*5k&w-e&d}$Os*Q-{{)8!HAa=Ds370@;2!M+FeuO(c>t8gPTO%EC$eLvH zeoUb+BwTYe`Mh5bO^S`K>%Y`HS!(>kE;QE9aNl`@mbj0aO%w0_VT4rQFq;njrJ$d` zA;AOcKe7aK-4++euGt?kK4Q*V?DciqHlv}PW)_Pv0IauEFlIX4dhmxRFPx1RYL+2T+W)T**OTMF9y#_?=f7s_K~v1KyF(eZFm=>`|4UDf`MWtsVRT6f0v#RO1saiFuQ z1Y~G=vD&H#C9l^RLTGhGS=?BxrD*X}mNM{q7xg?>4AE&zXmJ46!I%p_u8o*?k_Vc!a&NOqA)x#*^eB$or!8b~bbb`IB(f%6A}5NEu>1 z>9m4d8~zC>L$`Nz-4g3hp;MLBGU&_jF9!9+D;3U>#OXSjsXC06fb4H>H8h7b-75?X zsETX4SCK+%Z*g^i)p5-s+q#*iKg&$3clT!6a=y<;uI~~+9$1n~phDx=-&t|aWmJ^M zRmrjyh~xQiA>@pD^$26iBNI!g$06vY(II1db+H%iz&W3==9xy4lJ`GDA4n3w&@Gj4 zH>J{q8#zRW)P*PX&hls-u_f`bJ@xe5GI!n8~mh1FUr-Jg6>**QhMCdsKY zhcn{w{4bciuF%X-YgPPuspMDJb0we!_PEONOye%&T4^{GD!uw^SHj;FLs)nb5DnSy ztfoC{E#wd#HU(}qMO(ow+fdxR2jHy1q)vYs`g3RPg>>U(n)W$0<{DXU3l@C&!L;JZ zv${BY*|XF-DQv_|fS|Y(7wgCIpqTjPP)-8?E>z+v1ofpjQ-Mk)aIYdo&#(Ja)dAfd zXxiiX@f#50#xoUvsTu?tJlq+csyB~M>Lo+AWlldY9{{zg)jOFJQ>V{Po_wy8K5_iX zCr><2?^CBwOr7N%K}Ar&Jh7xQ%+c)4QJJ20xj^!N$W^8SEe8ysam*oS)EZ=>f)SIC zNlbWTD|yz4D|bqxVs3H&NYiN|io`tQT=;1MD_4^Ntz_?7H5XWI_7LD#E}y|>)*cg{ zg604%>CTHPAsrB8+y-^=9QYVe(Q>8|CwUOy8>izk3>mVOr3jvX{|`-Nhx*T;pP~+T z(NXoWIGy{Ua5C!=69(WZS78@~zhIb*zr5u#ID{4v{JY7=^>yd07S&-xyF@;5x5^L= zvsm%&54I(bXfO)HDc|Bj?nt6=fJhvDa<#zW5%Dd?2^ zD{QQx;wH{3VVCoIxEhST#bW8dmedtA+C|m)dIJq=MtNv>&Tc0Va$r3h$;71Nm%D6G zR+XgeUATIU7t{jOt!nY_FzR3ms7!LdGFw6U4z5#2s!abRtsxhzWx=2)Eo+Ci1ElZ1 zVccL=(_UT6NrG8w)4--nON6;w)mn7bVnC|a&DO5or8Gg=(&!h+S{7?wg&o@4)ZKL` zdQettg3h2iv;IE7x&zn4QwX|4S|jp3`ZVim4{^#hb5MGym3dDmhj`pm>^}olo1_nu zmRBh$rzmPS#5d~#@jsFS_-C!S1Gw)R?EdvCGmDIo)qBHQ^#4zsz6m$g?egXN;J{GE zV|iX>w$S&>F@2}wqQSA^Hm+E~rzEn)pJRMG64DAYx}x7fG%JDBnVq?eT+ME=Ooigo z4aP`g&InL7Y7{UubVsWq=a#O|FD2r&Oa&RR{^CIIbPttMP)W zLeC#%rb&v8x&?XcLW%orsT5V^(fMjvaiy{L8 zg`gt-fqqZgNuWsRKMbYm6IJ?OG$1ox`^|fd30`V5TtcBXt#;%dz8Zkh|9~inK zI%a%Y6kUIWVZkP_fS=fI;uD(&a3xFa(Jokq&A)k?f5UcbTLCY5`v(#+G*H2(%a)7*fv9@nf7n$5xHMxLFS7ZeLL*~kuD(sbUe-)TGZ z?3lhjL{>8H&Az^=&A`s)a67|C+q5;!s?&)RQX5DL<#K@-P5vRJfGa_Fu2p2!jD_{; zic_65>n#;1tkOH)9-QJdEp@gd#my2B05GC6I8$!UTrP#xF!OQtyUqZcfzsQ!dba-s zynL0HNX!^PC-*GxJqsR%524)$LBmoKv?z5Fp*#9EUN{2r0nDg?n|20}uBc8#w@SjC{iTuVl0GMwLfZo#F}NN@rT@xn#z}g)JGSEw%h29 znU7m*j_2Z6$XR0l3aM`M)cdYk{&d^HXD{nzKWrT}YH55g(RXmbww9H-%hJ*%62h5) z3rtDzhH_I%ii!Czvl$%F6)DFxQ}<~^H|n(*KV#L8d@qr+x=$Ct!?RZq@Jsdz=Gj+H z12pCl{3X*rXR%9#7kjfeiN`-fdw*Ro_3ZuI-Pa3}e0+(udNylis+E6(0imJo18nw~ zPHlnJ7viQR3t)f50a*7J%034Uu}tiG;Lrh{n|D2M@cvk#OuJf}ohsU$lq8d!=Fu=q zy}4O5SrewE-X%H4Dl~In+|0fly+a_-zv1evB}b|=wlW<+pxB%Rks{JuK>~WVZ8_X#$MZ^)yb=wLg>yu z-KA1?M)VCKE~cgT&mzHdQEaod{}zHzIs-NKdyE91`MVn({#&@ozt!();9>D^;==-h z;>njMxEJx0U&SX(w~Y5LraIZWUsYsWpRv^R=>J`gE7mGkqn=164ew_WeJa#$KTe;1 z#nt(=sUa($9n3NfvN>e&-o9jrFk9|l8IlwYR7dNV+eXt~Nc-DgGCq5q*IS3HfE(A- zSf4N0Ye?{+p69p8jJ2-uicP=B_@{(`md-ImzsVvUh*nP;#I>C?hzDp8x6~lcqvvA% z71u-4zP_PtHGa}F=ZqWH^+C15Vyl5I$TB0VaggTNjlAX}AM~@(4w{O&O<9ai>yb&N zJS)I}EWdkW%g|oYX8V-uDe2cAMt20N#W@zsS+UXd>HH~%Lf`mj+u zIUn7byO>|b)-M`*vE^3YXX!<0|7N)K9l$59<#a5eTj8|7>nc_bEP)oI zJk!*`LaT-?Lx{^dqcGC#A-fN#5VrYK@iw2}xD>||CSe#NQ`%x@1yWu{o9Q;U7fF4z zN9r;GPsTMLGET3c6z$^bK4r;x38suzi6SM4pA@tj*YWH(@bX!_u%N%H<>mjh%qlFP z1038|rxX>UM`k$sFI=5IWQl~3L^Nd0I5F8|j95;>q!E!>ApJ+?+-(MOM4OI^qS*6@ zql~PjX-oQ=*-kB3plDb=w!EiJQ-mn{x4u6i3<*&yWPKCbVk%tNq5xegjrc!j9q&;8^!v6v3Kgy`a+D)A@XAItAj-U zYvv99$B3JQQ~KeRxc37l%1F+TEXS_~C|SDV(^63hy2Fr=9cs;WT;yuMvzz9`MC z&Rwl?lx5~J=}T`VxY2%`Ubcl#WUZgZzukyciyu`fl!oLYv-be}HM|Z#N!B43aw4to z%<1P(zFatT;K0MKXCD$bl-tS(ih=+{KyI7#z0s0s8#xuPO>zRGrR!>?Z|U*bBkO?CrR z^$iv(aDAb~bRno~+N22T#TO#$b%{9?FI9lIAp40dBh9(nNsH)d0_9owy@nBsy>&9` z3H;9|%nJX2w(SgC#O3dOscc~%1I=0szFA{iSl5jfvqNezgIAXfPwYR+4$XL0pGKel zhVBTod~+WG%nEg5P?fFs_As7{S?z~J5-)>oc>DUjN0%qMp`csrL4Am2HCbuG(_Z7$ zSg8Tc(@(k4sFZyzVz?6K=2SgS2aZU(agLxNZWeR%MR$sD*}+hd4u9{v!;lq11}nr> z-zmj7`IY)OS5su#3R+E${b={R5<@?$nur{0zF$_?9-!6TS~E?2p7XTr;jD%Uq+E0K z9p09xqw_Oq9o;j9qD6VNP5)s}lOfqnP9SaD+n_1o6LqApCWs}9hgPML!YP5{3|Zmj zX48+%cA89i3T2=Jr-U3xc!r;%ZBInKN3tDqCU5Wa(&Jg!OMgza4O)aO*oTFsgI2f# zKb3O>NwKCs0@4{gYcQh1@*}mKZ5+3iw1zbFKgJE1YVXs_N0pB7NRJzTKR(eU#Mpmv z>9fyL5qcxf44GZEnabPdE~o{pF>?g&k0G8MLqqt7{uPLUX<1$~q%s(tCFqzz#|ru~ zsd30NS*(hk&q|p;3-p)Z`^PHnn z|57UTFYVpVj7{dbjH+emdOMh}$po*{^#O0w4U^fN?(l}a%^xzs=S1H|ye-V_w2?mV z^hUkgc+U`hyVKk1ZR2m7SotaVOPDzCKP^sHzoMcRT=BeCD0`@xT7}gqnhyJx#Um@K z;7mI9gz5NHcT_qnb+%v_1T$hxFoc~`jY~A(P-m0rl38H`w^KU>x@0xzTANk9N$rZ| zlFV)={p{(<7fziJGIYik>GFhJuqMUSTb&dJX5f!&6s0D7;X(P2(Hp;vmvDa)T75nn zX0^Lq^Gp0yt<5Lk?LJel)|$!8(N=u^0TjbCnfHh^2XGfj^16So)MrFc65fN`jE7{8 z<4@8a>J+@kxnYjV9+T7ETAAIz-0cqDHjnVU)Jhf3?+z}$ZI07i+VglkjgCj?eE$mx z)6wT~m)S5cZHP-kaapM0t_P(N+w+`Vt6QF*Q&x{r)r2Fl6QJa1Wo)-!BqfZCC@1k~ z{v5r$9_f}nqDBubmCp9rOprCY14lAx4$QZ$AWwGD4$;+`jNn6Y71}qB6hkn|ylFD8 zxWo07oz~MaKMb3cks%Z^Qbad14!=w-3;l8%Za2x|7y>PYc z&-Kl#AeMT6R;Ad(C*znFC`kS~orZt5wJ|1a-1YhZh?k9s)_=|v>8??KX)+Z<8x(@( z4LepA@Hvy#T=qL;#0L?U*mc&d_gg&>hsju5h=AY)lNeJ2wIKtH200HudkJ>>% zA{>~vIxcK&n-!#eCnRnrZfv-nF6k2x@gLTk&Vrb%Xry}ub1>A3JC&- zf%9gR_;~!@#M)+{dt)+ySS-iFrEyHy$ zIO4J{uHM(xmCiLC_%qW{NcTkSuz(9g(_DpWB@%B2QBynujQ><_B=A5JBEcj488R!J zXCWPgu}ANRE=E5+8;(Cd0q6HetFo#S&u!)j@(91WFJ#dR@ z_@rR(*8G#$$nk|NqY^+a+}Tj#)kn z*Jx}m>ig)Vz*-!L^2Fm@ICnb(@~9>3_WxeOu>IF`TmK@|61c30r0})2#@Fb$-1_`? zp-%Lop`*=8J>)S}HF$)Hg>s0;mfcQqRmgNZJ?}6B;Zse1ZhXIH)6*hyN1u-x%RAfr z+^y|uFx9$-5jSpYSnHJhl{;^1%Oq)xD9GM5?nr81v{cuSnylZ_eTYmQ<|&?Hfr^2{ znK}-%1pg|Q6syuls5c<8;Vb`kxD4Aadpq-76dl;!)@W~!ke~E%Ifk=UQ%SRl5<9T} zEZBlIw`p@cA9A(XKmW`HYt13KN=*KVb}Bfsd{5I6`UOMTS#2P zCDL@v_eGVvHVdcBI9zPXIvu`^I}ydVteW zJb?cr4%iSsl}xk}jQdhTxMaBhw!RmtohjE+F5CZXB|!Q!>ODZlRzd*}{#PL-uach4 zDF02S;(E`s4+kEWtn%XIDg#2{MBDO;#A$;!=xwC;L2t<0#O&Mf-++CaeK+SevDXId z+wj*I=Qh(hwtKhpIY#L74(|^Byv5t;-3b^(qR?(!b= z9-{ZVy@$O==zW)W#Cs3D-@{FS+TAr`ISdkjZQBhOh!(I_(86gfWc>on0N!G=$BGmX__5mJ!^&{UFRSqw z8M;O(tGrpA%nP-JTK#IRnDen-`xEH0D?AJ8j_SXFZ5$@S&L`rO!06}A1T_>(Pb#O?P-igoX|WQwrHk()^lHU5xB)dVaE0Lgm^clx{ml{M zf&=E=wal8URtt->DJ|rt!AfdEZ+n%dP5!pcSThj4Ce0+*&iSvlbHFVK>C+7-Iv3J{ z+xDzQB8E_1FZ~(PO+ID4Xomw&UeAsGRsrIF zIHyr_7F-2+#_u~Z{C?g>G8poZBrVK($FZz;THE_MT6CKEtrLLSKfIvLAJKj7%0-j> zj_&@^Esegbg{mo=EXwsMWbbfkV(iSP8avo6nr__VnX{mH{4VT~OlMHm{BTroX9f(2 z*K!egB-x~!zd(EU`)X8b`emxIeQOO3t<2qyulbcWjx8KjC<$HDLT zGV5he;eb-Q=Ep?f%X>CHWtUQFVr zOTKVOoAuv0q?Mo=;Chu(>7iR)ukx<1=e(Qi&C&fIxyAM7-u?5X-qrQ!{vW;7^^%@1 z)G>ER7h>1lH7giWT*_p`&Rbwf=2Sc~CfLyVls+x$PxsUxSuM>jyDZTOo7N3Pzizl%wF4-k7&#CEr-; zo}hHSS>%Pwy#HNmor&oiwBv=a@hp&gw{GvcyY5r3U(ZiG@F+_U&H_xT@S$+>;0_3n z{l_mi&K;F8aIZ!-Fy2hP&|c zt6?u$#zBZuh&zKTb47uk&teEVS4gP-79))GbgWY^cCutyiG+n#vCl$gvP3yTcc%+E zol$8@f}rCf+jTHQD#iDmZ0oM>k)3dcz783V^K(h#{Hz}5;*x^1V8QiIv15-zn`>lM zag7`Yy3Y_GD7kL)d6uApory2gI$A+N7>Q)G|;^epxl{Wek%q%%_)PU({iyFnr9lC z$*d7XZe+l>Nx3a^#RiSG96N*{rv!&f0SX9mdQ>N;En?D+;J2zgP*Hd+#=BzDNHRq~ zU@y7>MqCCZy3n+|4(&(hp-INQoNHZ-)6KiS7y0DMt|Qy%ApbsAoz+e?)iDU!r2G!Q zS-LAKKTEa;{`-+iHkzIB+V#s{%THr&C7kobr15fsV+KcOyM}bSdeqYnL-FJP^GwKG z@L|KyE6SvZ4;}(LDcO)wy+HX;ZQi#Q!PD$gdcI^8yP!$=29>K3js%Tr=~wLCuw1nm z+$Acrf!veW4!i(Se3We%DosyG$LF@e0D1nz(6I5=9g>EokIva4kL*6CeV^^`{R@OY zD^F}7__ChOlmSwtqYESDII-jK)OY@67jj6!JY|qXsCc~FfaCh0No+a`wXvP{!SK8f z;IV8?Rm@Dn$(wo?KEa6#2cJ z1FNenOG3iWP`Gx!NoanR!Qj7vJy0g>%XoE56QKx_;7Kya>v{Lc_it9{UOtR#mBx9q z6&6va4daGN67ps(b^I9&-|O#Nn=TP^**&8xo*XWR==^c=D-i5Ohqg zBI2ZD?W^$N!m~7uODA`6A$$>sK!?FePKsk}0buISZiU_9e>V z_cJy1UVUh00%P_#eVo%2yu%GAQH{XVGj0m;^(V!CAA~oUb4uVx@n7Nvv-pa~tank@ z(1*XOijghs2+`Dvw3rPF2@=U)-b?|YP$1a@o!5%Kc&T)ZV#_=zAg7AWAsHr^j5;HP zl>JA<mXLux`JsK6*9BVS)*I04cMVbVW@kY6Yu2;kfAus8qV&N+l_q zxK~BL*i~J?WQj$bH!eeGPV98Sy>iFIQc~^$4mEaSg@ip5{h66^f+D}vclXl+DAlYz z;EOFJoHjRdsxA~iDP-5JaR4@B%_id$zzKxYNjEo~eMP%pH&(jVq~?d_n$`kQxNEe9 zqq94z)n|CWqgzyP1LJ0f1DBl}#c43=$efLR)qteU1K=3K zMAN7IaNS(xgKuw~aw>z9b;cWA(LzkHt+Rj_CV}PGx97K&)PrK~tWJ>!7tG(7)emum zHjd!svMmg%3|wKGBHXV!1n!dX^Nf4qE)>sKMVTx;KPG#3JY2v|iUYC{`ah*Rk zlW;cZ2Jg>v8w4#Fm3FjmNZrEW`8d1zcU&ua=ch#HaNj+Rbo04gyb}f*S`0de5vubx zatVdS!ks-?SdHVfhI;CT9Ot7jFRrRXlfl%eM#PCKx?Cv=P+6^H{*wTZ!|rwxhMpHO z(k4Ngm3Gzh77xlZOPOU>d8JhemJpz@$$+wz2pC+PZSz@WPNB;&pZtqw5L^1eXV#j> ztR8~ex+RHjNjp29ks$D(^IGXFk|w}OJm{jicUfKSLnO359=<9tG0>rfhPQ+QZZE6l zo&uCk%?t7_7_SgA)E@sR+t6WXu*~0}y*z9E#m#o5a0Rd4k^!{UhPwJKu$ZK7QVm*{{Vy-<qOwLW0hJ34>&Ru?+9`Gdd5o=eZX9c)o-HhX8w4abn*b$nAbP-%+eHR_;tYA zm8$szM}2($;72?_-IG1}c6LXP^4M8?D2lO@)C8)^ajIyV0@Lz@XItjO!Q@Le?XI#6 z>D#hgl}62%k*3#^Ki)^~Dd!MKH|L|}a$xCXmyd+GE;?e3Hf4;gI6rFZ*L{iux`bc; zHa*B=A8hjGN1O_iZBlq!=uI8ccxoZtq4dboF)NbjtWfx*8(F+VoH&R<#)UA9?sXGX zIx)G-$rZX(Ww~9)rcR21==IZ3y!-7(aqxrBfF-{$swOF?u2?C?UqUq2q1vUA)oEdV zoVHxj<&gNyIofJKlnKqsR~f( zmaS;Cewi3P_YA4!s$Avh`4WFjoM$wE6E<0M2=_0)WsbwD*5xnUXs$n@NnFu;j=(&pOZelE=P$!;^9*&%+7FJm*vu zFB)?d%^A`L6`{X-lp64`1<*;Ko(fSCHY_IC#S2kv%@M%LIa^7eWy z>3P&r>5NvR1BIn(8dYxHgl=$o5T=I8X~_+Zs!IKmPYM1saAn^8j;}gu9^$amz~I$9 zC92%IY^}5?cIf>UryBwn5JqF3ibvb$R)0+A&@L-KeA=q0b1bk@BIaAqTy_BeCOhN!o@ufOxSU6Q zJ!~(;=%n)kRZ4cmyTM&!0y!CYR`?afD9musLf^ES;iWZ2O1iL1DUi@zy79X5;DPSm zxfJObL*{}hO-Y5GU;O5ujCaD-Qovm0W3+qvYg2RRpM@J&Pu$`@z>m!XQ^%kiGWO$A zC*T_Z+|$l;Z#FxFjmffYn(NsvIok!?65d*q7lXg^Gh@zv(G16DLmwSR(%WuH#FM7)vxfk=%!p;mb10>%b1ieKXGl?i7P-hy$P`J! zi!koErj;?vhQ%k6K07J-gO(;f^VAH|xtZLfs7&NMIvQ|YQMVv63sPhT1{KjL;&F0X z6(RfutboSAjYlCNzDK>I(BR~7c-b5b`>M4#?YDE^VR#kEfRm7ZIGegkT~WvqnlPT_ z8K9^n&$2`M)Z>YCZdmunD|LzW<~@3W)d#dhvzw#=Z;NT@B=6BiiGocF2oIY3K!G3} zt3}dW)!@U&tGHu9VDcxpZF(};tB#R?v^1DL`f)nVIa^8~C9(kTKSF0J6HPy6t*)fb zgL=caD6;Ro%5(TG^6&Giwq*{VoV<%2WPZ2UxUG1&ahTtj=%@l~5~xQw&~yd!2M3d*+r%({GO6l|rdf`-&ie0rA;g(}QFT?AHNn^8k zcH4ZeKZ9#;qBCN>d$L=TkdsEIWArHWXsht51oQduYfdz9SA;eGE{7gS!?40%X*wcF zzQ}{c!Sd!+GrmtyI`E`dlFFj!9w5+44=Ol{ex+$Ka+QrLwRDx<)O|^O#J6;Q-;_1&3B+;mwIXNZ8ldk{? zt;wdru(c>*e@SY0H6Z-B7fg;go&J)p|0cHu5;&v-FM#$KqM}S}wL6W9uXp%t2RbZK zObG_y=rsv2Ns+~rc~jUZ~DEhpm<|Y1hpftWkH-SPcEJ0T_q&us60mj z^JZ*2F9QQG+_7rJA&O-I*oY^%?xb<9 z+1+mbZ37d zEQRyJd_5WTxJ-ucmQm*8W_ePJED5S;3(wx{eIMC1kVvG)%5MK8`~9GpvC6}i!3=7H z&kyI#uRtKgAE%!Vw19!jY7_YL&giTpwPCj+dfSMRYWLBTvq|{Fv-vYrO!;Vq)?lje zJQ9o6pdVl6W;OFv>F)Yi9ddK$lZ~Z=%32<0Qur|)Es>l=?AknQ> zw1pp#e7ZpWt^r>kwjNT0^)bHL0W~t|CM{tb=?i^c5`+Aj$m-Gpuc!(hXrZFXMFe$i z+EOiiPml0R9D#^8@;y|Zg#sJn$B!#>S)luQ1nu;qYki))*RSb_RE+g4n*<| zA{@!0+tr3VL@CKLN*R4uJ$a^co>dC$R)EnZf>4nVxL=2AS-0Kt52#KCT1|>{*d5oo zToax&i`hoK*d1mWU(;+SYRv-vpvuWfcww7>h9F-j*uLK&r7k+@tp(o;X0aT;eqGIPZ(>2YF}ly6Id#t#?QF%4JYyd3^8Q`ymw*i}Jm9R}mFW^vE4o)kP=(){b7BNf<{^8BryYhR~>nW=<&P*-ZM)%tDnk5mniPybB%#QBa zyy!SQyK&26Nv^{)Ba6WR;lV(*C8J=NPDxI_v}TYF!??E5a%!-{k+;9vPj~eDA?H!< zw5Dx=JqPq3uLr}?vNHt2w-Y6yzp_z_6GmxiSG+l~j5yFkX~qyvKGYrF@Sec4t-N*p zv2)nsXS;H8qqwCl{T=68L#ZpU=;QF_`^eF z#Xb$l=6-yk+Y>#DSU0_KeH|psFKoQ=acXI~)XRwrmqPAC0c(#Rpgh#M9s@6J(j0C( zXllIniHypat8ST|7uNGvFf3n@2Qc7y4A7y_4h@%4xO!m)ksX=&>RE!2UsFE}HeMWd zBF(uTiwz4ED=Rl;^JP-~JQ*Ju3!w#x>?)kHzl2^nDVV<96X{o;o>709z6r4e*{ya{ zf8LGS^q>5kc-6^xy!l&yXsd&kpu7I&7f71Xrw67j!B3yLOG`i}aYO(Vd5F!jpOw_e z`n2uT%{^Qpd2oga+fjH?t+!1SQ*U;ewU4)j7c|l0Uo^eb+HSOL^L&NzHdE=wTCp<3 zghb0<3MHiuZo-JB8Mfx`m*|WWp@wp0%k5u9sl?vQ6 zbqa}&-q^9Khfg$dZ0W{IJ`yq;42aFtF7;cI)6f!T)=^Mb=o+9uA~XaKO0v=t*j7@6 z>w;AnkrUx;O@NW{oI1{lw0MaZ(+x0g-V%tE>driK{$6Mn87=jx9X_s;bILZTOh3rF zG&cX5^WM2Co|q!)kl;Dktd0!=)bTw!RQrxId|~^f$X290)!_p{u{i~y-Ra~5b1$1$ zR-VgsD|RK`TaHxt`IBwQ50yD4bPFI4DcAXcC8cdh=J;+@(d%#a1!cgy)}^Gp^6S-kq+8bCbhBttOl{`9elX6Y2roy8G_GFje7*5xXlNG5 zx-o^Pl~R|AZq`E%3xZRWRY_og9o*k!v~=4GAy(G;(*WAguXkoG($kJiW6&z+Trn^k zqA-GYzF(F`$V+x|kO=Dm_pNDNe*e>}p+7zwU6^0Yk?9nAgv7{lE-G2EpV)~GP-mok zB(n(v7w;bj@pU5#20PF&F*@;Eb9G@@L{)fq)APw}ZP(VO5anNyCFTno!_W9ZK=mhp zPoZ9vF`$#*S$gG%sjEhSVpzpcQe>%o7R)HxPabPm#(hrQhk$JKSrC6Y{moEq>?E7>l)E3*n6`|}60%y380SI7ea1940BNB;HfhMY!7`H- zs{L3Z!XK_dNuMFHm@R8ljWtKEszny7bGyFWfM#A2te^!2>Loi+mUb+@iSv;uQ;*1f zGxy|xq3s#J$!qjuBq3zozeLK5UA-iVGrAJ3xcI>WT~;HLYDQ+G2abPkQ1RAyh64{P z{}K*AUQtK`$V4VyM}ta!>Y|Y~&B{r9lW(GGObvPRc}h(PLx={FN^?GUcMJ8+9@<|o za-m^68ovt@A2|uIp>~DazvCo#pwUZ8h3P|yU4>}_Y46y$VK`EkC)WyC3=sEoI8*v$^1^-f`-zzlU|G+9SbO$DR+XODat4%BD46 zt73R5=UkK7c`C*10!q@n0Y*_?UY>{-OkkeKNkTURF_L@-k6tz?af7zWSmj$m2aJh1YFRv92XW@T{W28(vp@zJRxNx7-yKxM`w z=8q`My5e3OyDDW0=%;${pXp>bwJ2z@&$_B^UI!Pe3$&LJ4gD%7FWO$1G74(O;c4AZ zzEia$@z`7qhA)a*yXIcXw|2ja6L5)1Ta*C43j$QrOY_4GK5I{0%FQR!cv!qLN7$k@ z!oKbAw{OdDV*oI5tC3seMSIj zH&-wTPq##*%s|3wDeV+k&6@Ac-$sYxurnx!1gC4^h*QPXE0fspgJm=z>AOA8M#c7T zS`14t*z>kc(Ax(*j`>E@VX?_#KVgMMxt-nYpWAMn%)qw5v)mc!>lp0x2@`2s4IY>G zUvTIO>=yHRLv`3!E$Uy^!GD~LN+TCb?hlYZWp=L*i_5ju74*T} zy6{PXqzBDwUyXJVlg+={LzI9=IPu=&9TJ`Op8)&tjjA;(T9~}kl-9Z3_~d$Sck%a} zoPGE|YLN3G(1NF=Nm5R?)ga-42d`C#j%#8r6I@#zoL`k0s{&eT(H0T$0nW|%39YUf zJA01NS{&8*VZS=m{!vuOa&D!Fa6L~;ku`^f%=w*3y9WO|b2<)w?m zG|zWBbau~K5#S$w*G8o}KxJxI|K6w4_}FA*U(bdz~z=4t(YtF>34ikFjs5 zn#1fjXl1t0WGU}!O3IdcXz|8N#N$C+A^98DmTkG>2ZtQ}KX0U1QTz*N0wV&Cc-?kD zO+dL8LxOhBeV6(JIcm2K93@h78dKoC8w4@rX#s#Gqs=wR^<%SlfXvH@$+ zPIJb5Z!q-fKyLsha3S;eS%KO>mhM$OumQ(7Js=OzBiesKBXEJ<;uT;*Q#vFYbNqn< zsEhP1QWPNKbOZe)a_jqy(H7{0;ByOm`5DrkaREp z4C0<+b5GgQq;%yfrw&)LD^Uw3YQeH%8pPT-$n6otj0@Hg@Z3pEgbhedND((eUxW0N z__^3P>rUp*^|_cE{NCoq_P00lg5S`X7^etj@C~*k ze|Pl(X8YXFOwPX$N162yZtsIQWIjwcCmEW`IK!Y#Fi#kvww8SdZ=oPPVh z-VL-$kb9-5N*1ULe37XT-zFAN ziK!UmaVP{d&4TEf%-lxdy@q7}!gne6cF4=S6Sgwn4dL#G)=xf3kV$}N0r5*1%iMx+ zF6UgUxmD0Pm0A0<`~UW8Ro$q5SMo#1RBiF;B&gs5dU6bX0tPtAo`_Ld-DI)YoHg5Q zVbwz8o7(M4m8hDftMu^3J!B?ds9>wAoA1P<|C6G29^)%W1B0Ld002M$5N0SV89lK% zbpZkZXaE5KFazKK*jt(DJDNDzxi}h`IMM6t+j|%p7@3>s>(kqNFf$t2+1ML6(;3-& zIGfwq(lT?<{kyNK0to;-4a4x~KQ0${XaGQvGhhIK|6Ftxr)?Jn5OUXbx#f<6a}ny| zg)@KpYlO-vR1*{gq4;a)D^j-ES`S-TFO!R(%8vK;go-3F6P9PqI>6 zeS0%JHm_a#Ctlre9n%26{JjQqc%4k?a3$h7!j9s`K-zLiWtjdYy`n@2#M@ww-!YQ~ zAbDu?CDV>Pq}qo-Rm+*E_@lufBua=r$$@H7jBiS6A7Fgs#N2wc3WoVKZy8S}QFe)s zA^YA?=5V!Nv)+NO-k~Dy1o_hB8;FL*BHmyOUJtP@>|`Ey?{`pe;CeeM%5MRValg-msESsJZv&_gaRYFaz zI)1`dxPtiR!D2Jvt#0zHpL5}IX#vAGm6`@ux6s;|sy(i!t0ga%Y00l(8uD~$=dY1c zcWBdFcYkR6KCV3L4{&Ne46u21UAT?^EldS&8%}8` z&|-^Zd2hCXoYdFHS$h*pn4sdFcv3a-(xSBZLCo(5ANv(vJrxr-Aw_q3UfP{_n?d9< zVZ0qCgzhz<=`OKR5rip#4vtxSH4++d0zzUsU+-yvxv#)iS~b07!HJ z_=omCc=um;P8RO}81{dmR_od%ZL%f))anN$SxqVx-d!~`;VWe<#h4vwbUnHzcFWCh zj}%In55tI3fp9SYUH*Q(v;`n}t4zCB`Ag(~10EyhRs@+S(YO0cGenV0h;E%xd_@^@ z`Ih@G*`J}~kyxThqk+`4S)(&B3;B59-*fr;*|S6Knrq!^;og^My$8QOk=17B>+k1l zjPL#x)&>_4C7l~da?=BJp`BYROeo|J395acOy7FN_iQ*3gs5Gb-DEuRm6Epeh?oTF z++u=#U^XG-X%JoLL9k^CZ7)Er4nUGv;{Bi`m*^ox;(G>21dYV6{ixxIeOlbr^_%)Wmb$6|lYD?$rA6ktGxO+B>XE#Q@nM z=Adp&*=b(B`-_1iXT~odPG}1vH4Kpsz}@rF z$05oGrhZJ_DclpZi}e>hMg4kN)1>qj%-js$5Jo8lDR*DTw-49*^J2D7XGb@N@NpQU zgxkx$V>MS$LC!z8TCuBxtBb2uMu%+xxL5?pl<2F;GDbDSJhQvqcW+0hm>|x+j$HWy zj=%=FQ_jb<32Pohv&9LRYt&={H)}{r~XI(3&i!GqR88t$CsE# zumi&A)24q8-GvHJEZPhX^r+buo_8tUvOEw?5)4fj$^)@CP8k*FTM~|+DruB6=QqwL$cntiD2>SrNou+giyPWEO!2l zmUqPA6&|cVm7WuMq^i^?mD<4#X|}T0hSZ9aYxXWLo7NBfMzmKOUTFLJ-DAW9*d!752t*+z>vbYZL&O&r56wStZ~aTo5AKz2m(gW0vX;Yt-K z7$4x@{N3Vp{3;KJyVNi6En=SYNo}YY-=JP@KyykQoT>$o7(;*VQop~Ly?wr2_`=!)PJJ^c+ri2jgH1y%z5j8j(b-R=aU*X5+?B)P8N1%m|jjOVZ$ z=<}x^xF&*I;qgBpCPTLI%JVu zV49?!n}g3UP&$^wU4AaE|M~HyukP!s`UA>i*cSktMAuDVPw0m6Cm7QJt$-DXb5>J9 z_Fo@Hu>s;6bCHN-1Zqqa1q$)bs$Uhrkq~#Bh%dZ{m41$#ild@6VTG%9xE-ca>x7n& zO%YV462v&e?E=eQegCDpg1C+tEdejo?!Eq09wL{Qxgpzl}xAiPAYiUO)Btcp$Zj{D|>Qx@dYb zgyT&*e~uoxgM|{a1{*k9Ig-!W5yi3KnpKo4_;|TJNZlB+^%9wpdQxP+R6`8E3rD9Y z#85q$B}@gz!T$Pft z&ARThbrq-_s(Hxfu9HO~Z8dIEHCWadv+h!>4c6665JL?;Ifs-^Uf&BVxbdZZgzmtz zZpe)n!7w$d0YlLs(hhI=&8m4}ty#ACmMW?^gA|1XOA}}WG@x+5jW!CyANj?2TPNXT zBUXvz=h`dtjwZY_D|4_Ty9*$zdi)1I)jag99LC!>bHCwSZl8ta-qq_giRIv0(=u4R z@Tv68h-e&_XWpRS&n&MxLK$FlOP3p8ny2 zmgCddNKp@&jF4G%0oTikl)r-Rte6a(qnO&jgf!BQC3bTR*pgGznGkun&P0OTK=H2! zIXyGnI3Xg^4HxL?M6nepbW?4In{IY;YfRC={vt0F_j^dTi6su}ptii#1x_*{kg&}6 z-d2C#6>R`T5ou})@?&Ux^hLTLBX4y1^4ZEl6wO;YaWUmXDrFuK$mJVsM;RXae$Adk zAxl|pnmJhvcL!pOf+Yqo5QcIq#^%x%S=KBoX6r)Acbj?_!~9_Bw|ETWQU%hhQ$U!C zpIM*kb0hie^|C%O5?ED<@!QjQZ#>&fKs6RrNyYXoO*^gXTTmK(o<=laYve9}CfZ;j zbuU5!nU77Dc+QfMLh5>bsgy-Av9&xgKQJ%ho4h0{kHwAx_6 z;Tn@$DiJD`!KB|u!mByqMKKQL@@K)1P}K0WI_OpF@9dP3)Z$J=&ZuZlIc4^nWQ~?> zl@z5XoP_pmd431FZqosgx$f;M8H_Un*266QkSBndm!0DZ33CqkzMI=ld-lj5w% zSUXVDx5!0OL9x9qfv3n;!+KgxpF(mXjl2G2-mu8p`opD16%6^4wF)C1^EJs3IDpi% z9yl^c6y$klYDr=Kq)NWB0Q_46mc~=GsR6Xkl6;FXU(pSkwP1m)KKK(VaTo}XueBjk995&0D&}klY zumZFKP?1dyh3?}c|Cl?-#frdj-&O>ku?v#L&u)H*QWehM?~TUO1L4!i@wp*i7{1tQSXD0J3mH*sz`E+yNc9fmq_`3E{f><_sJ{;2ze)5$U$MRSgcEME|F%_bP1UcL>Qs3* zx!iX~&}md}e`m1U5acC@y+<>in_P88V9pk+_x9E_W2Wm)m1c=gkK)mDYRe}ry zc@m@4uTy5a5kQo{bXPM(p{=+a9WXOhcr*n5)gEVfz#=EN0Hr)RSp2$pV53L;EcG!= zzEgzY#fXq5R;QKC_P!2D=z=p?);Ie@JqIbM(Bs6~fu+A(m9RxQ?zT57xdjBvDTD19 zVIdCw7G4d*L%)nbfOrisSmth$4_|@>L{vydQ2fo3w>#thQC?c3C%j0g(g1n*wJMoW zpw<9wAl6})QC4A#9_xqw0dJYpM8|$n8L>YbZ6@-#>pU-#_#j((jYN-aA#%WPPYJbN z!DEHK6p5@hd=`%S5THazl65%=$HWfNLs5|KmY{#mCf?@KaA?H?IxJ4HY(SGqN3mbl zJ_kCwW7cV1z1^R3#sxS*2X&sDvvf>7?*jNY9x1ltgYimZbAl86Sp;6k)+ z4}vwJq;P4kfgA+>HH(g&>|lO35#UgiC5N%&D4_owa3KRhllUsVnLkYuA#> z^eEeM3dhC8z`@n>x4^paVP90NQ^wFH8vl_RHom!9Fw|u_#NTT`w6Nw>Duthf)T*(( zGfcI`_FbX%)^+>3`SoAYXl%tXR{pdN^ELT`Yol_(9F8UIZQzl6-7ciXKlKk)o3Lwu zORI}S23eE{+Jsa|IcSqrR(V16bugGvnO9XrBxh=T*La`R)?hJJBle=2>pUk2VBjJL~E=J|;lzL0PX%SNoS_ z7Y=cx;@=Tuw$!SZp1jZA$Iaa-Dovd~^{X`KEm#8|!k6b{ynhwsS@S1abZ^pos5V;J zXM_I2MbGMamcYI2))dnCO4SLNpRVDeTzxu?A06LcNv-jZNV^vqr3Zl7`YPT2NSyE| zGVmoXm+~j8=Xb^(O&_E^Wsiuz=G=ZCDf;-axgnbz*zeHrH7ZZLTeneeX&joq>{l1- zwo6L3i9h_^N`*h3l7c?mF+xRHnhRR-^x;`6M<6(1lKLuI4;a+ON97IQUU}W$qU_B; z&)s%fXnqpfLIY59%(^zh`QBcCA8d2bwv^dcF1$Q}BIb-&<|G^KuAs-3@dN;d7X z!MpZ#mF^Z_r*&}MuxZi>+o)knW$U7?a!=bnc@>gH;J#)%M#v5RGEJ?z|Jzzc{o1Ct zC(XuV%OZX!#2=PwzCzEH=)BkQqVGauBWHKFmvJJKlnhgpVB zk8}JkNOji6oVS{F;v2TDFIK;$Se50g zyoF%S$-HL}=Q*F&6{7n$1)?`7=6D0ZTg<(*`zG^xV9zwVmUBxTGsO#Wk09f%eHa=b z{42PTH!hsw%8PB>+>=WhgFu&0p*zI$_12(gz3NMJp@H9NIuSD6?#Lyd7q7e(V>=w; zOLGU%K1UPvTNiDe@Ip|`Z0@n^XBB_^mPO!khI!bgNqEgJUm$2s*;Z1v2di|E`t``@ za?gJC$AU{A-j}LMN0T5wn2pI#q`ml+okiYv z%zU}H@KV_KKbJ`Sk@h!R_T2Gj4LL( z^$uS50pebU{R8b)_cu5nt4|s)&yPBTm+E(QTjdjs;6^+cp>u+%KWjty05y*5OmBK9 z9?&0BD>|-Eb`p0{tDa+e-MD+jhivtmV@rF0t0h~1&!MNmpE<2$#AguTn(G!teBO;V zE8az@qR=JLz-u`-cupA&@T!KORsm50u` z);Kk7h8nok)PWy)`4=*e>sKu&-rredng7&iAUyjWE9IP*YGdZAi|6@VJO;O#8ag8F z31yX(WTV6j7ZIKzx14=C5ER&LJ=C){cR1Huo+=cHz%2%#4r8rf^{XALG}HvaLQwIj zja!{Ei=gfhA+|-I8%(<`pT{ZBP>K2 zbpfELBKx60b!6!)u7AZ5`VAVacPg_5p~1=cSYK-|St49NRc@aURBU3FW1dX{+PoIW zb1fLk!DS(h*vyU#A{VaJymOdyp|r7Lf69dxaF`1@W&)Fuk_+bYjADiiO&=`LjML20 z640xd8O&o))Pr8+%h7Lhy+IYn6p3sE6pyt+N0GDy*`S{Q3^SK~_WKy7-;9=JaKZdm zA$`{tMR}5F!CP@NSMki7=8{dIIE>jiM`m!hlDUI_9h{cKk9s5ltsjzf>Ws*$tt?U446r z{r3L5qh*Iey+i5K!gu`o)dA2<#r};Y9+FyK%X41WK65llPJFdKulM~#ec!y^Tz-K1 znOF?3SIGp=^Q-FVuqPV-Pd}YPGIaE`9|OE!?2YWfhhJRx`+d7g9LjGW0FGjg zl?J`LnSLF$CABQNOw&+_5!Bi>P$(Ek0-OJHnZ?bGa!SUbVLXWlt-aQGyn1J=(KPXO zXzZ;CBR_J*XyYvYyH8GaqY^8uRLn{X1Fm|bq`zVxcQZA( zw!As{VR1d62lB@Js(aba)e>gJ=LL369Dw_)ESJR!+%Ye`5k4V0bk2K$(>rLSL#D9iC8@-k< zb~*-0AN?hjxo-65Ti;9l2Afd&BNO8iv%A$DrP=3~@FnhY2bT}3~y)G*4&xz`FQC(g1)&$kR zmgKE})B+Ptu|dC&MICSE8?FJp2v)qy+X7fcT)|)p&#JBy3FRV8DbHa))t_4cR2?~Z zocK=U`5`)D+7BpPnHikMXMMfo&H8dU_)~ElIsg?>>zgFmocm$;07S2$F-bCLLB%BYt56U`xSg8m3EX~|+3mPgj@Z*rz$kBu7-x{?NF@_XhI z(+~?ed{nZvWoHUV53PFm8pm#{|E`AmW>wygZJlWp#<2)#0ua3YuGE&Y+hT|Bd{c+R z0!j9}&W~CkV6g6iUij)j4aqGCD?vO&T0yT^f=+0&Q+(`l-`)!sli2y3;a#`{6BJR$FeeNF1crO4;Xbb>4AZz}vjwt)&2ii9I(MC}jHgWo0` z%`QI1q$HPoLHt|unO+e`tl&iqEaw*XgD4UG2ektm3VNp(VsACmami`g4>a!y2ULH} ziSonmHJjw$#{MHPSDLtV)9FS^pw@CYUyT%w4&kG+`0oIL0Z|V4luqV|@qpLbM1nA& zYbW;yNzzK$U^3HK@H= zd8a5OiE+7s#V#IWqG7Hk1MDnZ4S5Gk+o36x;r5YizUbxbNzSMp_c0Z*$!eaTaAI1P1HwQ7Z9=Yj>B3kQ{whA59Z*M? zSO5@jui%E*Dd=o{tMjyp5`QfnHm!Dc0`1FZ^kxxRd}V4$f1dH9a_E(7DmM!N_~T!i z5q3=54`E?|Ao$GzC$A1M^-_i2%GYa}Vm~tmV%+*)yv@#5I;;~@j-pBDsCX~clurMT zaF=aVc=Hepjnve#*>mViy-R)*;b3c(7t7UB@y&eId%zWm`0Q7=#PP zy%~YwZ#}{=pIaF#6V?kH7{^EZR7iG^Yo>7bmY-)G#8e_?aRw^ERdN2 zL`S9{NxWmXU7P|-xP2f{L;KYM+wAKg5jBPqrGyp5FCI-|5TOQ%c3+QB0*E#4J|wJ- z-K|qHd2+xUdnpQlbHz#&rh=C`;Bl9wGo84#@U9B(rlpd5pfV#$1Y`)bhhKL5v0raLHXFvs|2iw-t+W6$+)){|ZKH|s z`#Mzs;6*iE2|&54He)iOYLXh%+`AmJx9|JsUtXn& z+5=&wJ&42hMNzs%Trs zDQ4ls;%Rzocf~(9NeapLiZiOw>VH`oJc_0zQ!Bk6R%CGiG&ai&9O{0mV)q-i^v`bJ ze`7`FA!@uZ@)*9Qq$xJs@3-3}#$9l+I%)grxC9xME~t2xOCbb}cBi zo|xWtD!__x@QD#G_q@(d$0y_didPKy&gaN^?h4UTb0eXg_3|rUj)t4;qveK7`bY?3 z=ByL$8VV?!Jg9vbt7+~O3yLj7GEkgcMkMK-P?z1-7n{s2PxtKb5YWd&_;p<#d^o70vq3xei2KNO@#_ZF(noa`fXLq6@sa&95Fou zPOeY%{qK!n!vD2#tFLciYvHV~|NrUU{`a1+DSU84{UQK>TO=?5(fD-o){MyM*^C%-tudU8ur!%8qfDA0)kGB$L^6szx+866 zJN&->bOt67l$s%7ece}~ivYojxe@CFx+89YGRvqFX^u6{b{{B2u5ok2+n3J{o#%Q% zn^fVjmB!)mdhx#9TmO+4(wUe-Ka6d+*Ei9thIvbgRM$&%Hz4R1p;4_awQ2}AiLcbu zo-!&C;XuDp8iig)v!F1pM@xuAhJh%ncmkS|3oo{3WCkpg{v$Q$;Yn=-`j!zdiPV`3 zBE<;3ZCw(mQp$3?^{7ge?JRi|J~|F#+3a4Kk=T0&M4&=+i`1sq3Dcx9OeJYFOUhyc z(BaF*oP31P+x9TU6C4ndh_FKgNG)QMb#yj;uFmME$oAZ0yiUf#97mRJO1Xh->82_G zJTSM&fEMxKBXke|XxdqvV8DQA5Fyc9k$^Gl+XbVpno3aXfd-zgF`a&kaBwKePsz?2 zZa&QO^nHhBZFunK1kq}uKy#e&=wI~5z&jrDoCaIJhjHhG<)U|e`Wh|Wm;FJ1{H`s|`{PSOdk(x^ zan-#Z_fOvpy4T|B&GprA)B_P`z!I;w5A=0k4tjdF%Xe&=gKqz#EzY_Z-B&#xI0T|=hBP$3 zecj_GOxeZX>9{|9{UFUQw-W%-PU*W+UJ+y1E67TxRqh=g-~J;V$oT?`sB9t^$g zX+$J>qMeWwYXm4_=gp{BQgqhq4uEb%h9@Ux^987O@>5J z@IGWav07xljDa|UD#;42w}XuRKwWDQSx2fq+& zvD!kU`BpM@m(*y@f|VgMs-nOG#^GmgM#}}qIgMq^zT7oym@Z{X#4z5hNug)(wImuuV(CXqndFd< zax2Ou4>8F?Xc~s!V4*bL(ZgHfiDTxKI+% z@OzWnoBwPUnvryJss>+Ji>_6Y`Dp^((SbZxDZ)Ioffw2U6{==Q@aVxFD549OHHCt? zF6libSL_TDQZpnkDF}uka$*D{X161Q-5o;%B}dE{2Bs#zDGA^3kV`O0DOwV)R4!Jm zCuF!XPJxs?T}PgalwmDCt2-KfyHtU=jXgHuRNbZ8++)gC;D68%OZHEcjW9fxCy697 z5=sV5B9kl5t%qzx`blWW$#v7HX4||A(H2^LgrHWHx}6r!_gfZ{bc}s!5>`_+qh!Yo zSL^{u1iL%0RLV4uQpt9^x4W}f|LpGk;w7H;e7S$DE#|%PF;z8yy1`NLxT#E3)w!<1 zBo!h0;&K&?A_Bw<(1AHgb2{QpqOl+d=RSu*fVz_unm9FEhPRkci@S8zzIH%5E>wbo zQOUwXY5Gq=CJ-h?v!SPkmdXR^0z}-xuk0=25DwVJuAOnproj$bBVsfp5>2g+xMZdg z{20gMO(cUa|EuC~7+-|3%E=rCDsQj}B!ksX9lrX6g8=OI=z^F(_u?cqZU1Z@4das{ zFf@N`9`z8hEvKL8n75je&ov2vO&Yvnh!u<}`KHc05e9~cqW015L>nL?X{=3RMuiNi zN5Njz_7jyF{kg>OdqxS*KhqWoPaDlq)|Ip%qesx#bIH;A-VF(0rnnMPvjMzAE;7(J zoLlIacnFNJkx2kkl|i$5g>FtX)V*elP1md`=Yy0ZBKFZ}&J!C4orBJP!)hLTE2XM!5K~TY{!aX*@%qq88z$+JqFWAmJqQV>x^q>O zias~?;y8@$F?xuVYM4-{T~mv{@@p&m%V`I~Ulzz6Zu#|DRq zT*9b{rAPlJ#qA_1I^zz7VdaPh0xXBNdW>%iW02x8lAXuNhoB)I3&%3wcHL%MqNOby zF`td|{q9Z^K9&-rJY@VsttlATO(u$P6Cy@(8K(V!-?V3?M`DG3$pQ24DoWQ)6j{x4 zP8rqg<(k^h!x#q1=wF57@HF(Z72|qE!G|6!0tP_d3yMb$?)t?L1oUN8pq|T+-}PhK z4S3EX%;*8(@9_enn>xAGxb|LvY(|gQ&6|LQ11_4*Wh#9O zGM~xBhyrfJh2bX3Jg!i~|8Q2M^GbTZMum%2{;Xc34w888k%?&Vw;hdks+rWh;vGkZprHw)~m+DT7 z07#eV%C``HlAmRr7T*||U)qCj+XKA>A!A#~8%4ZARy-xW|7yR&I>-dN>1pT}EmyJn z?1foEn!C|xTbr&|aj)_i3-PvM8COPQ2@)L9u2yK1J45piH8=dQ&O zWr3TkLBuhnE{)%6`X8$mst#VPM8BgVbX8@=f!H+DPK}02uucOb*<|6@%_@myu+W{Q zy#P;AH5kqW*hWhsWP#^~GgacsqN*ZLGTF_`IL3-xPLWE!^byKgSh2V8;G4!My5KZ5 z+C}apyY(?}K8oXG%0IlhAP5rxCl}pcC;iK@9?)6IyTtpK z3I9}HY57ub8tYaP=Q2hMz738HojFLJanKf$E~TlEBCe3_%Xp#pmOR?&;fl=^;+ZMJ z^@f(r^F6|)$9ChzOEZ!}Ws)nje#Z|vhcl$T%(xRyKeeoM0*U)s97cN{Z>W%xlc{iNnL}&N zAz8&G5!ipDbrcznr%;@)JIKUPQXr0Muo689#GnDtT%(#x&o@Pp%yIPs{-$JyM6Ckh z<#QT~$dRNK>nK!Vwf)1NFb!?ohsB?5c*P*Lybx6 zauCv{I#S}1w~nXC^KW=xRo!_y3nX$oTdB=4+9aDSbaQ<+80kSVjgT?_#spBt$`Wcw z_6G}_$Fc2UHtS!G`cTO&wA%_>SDDU zW^xU6Y|dQ(MGa7(X+nv+9*;D_d2!I9v$H()qzN0HPoWn$E=$%Wi5fx+Fp3~99l=|j zn^a6tbOuh^ww>p}wPrIU%n z$1rUX0Ra-B&^>;JbSGIH)2>FF59;_)*eXavI)H`P@m-0~7)l2}G^Fl+Xb^QD^JH5( zBb^o6G2cqKw&20{!)U6L=pMTk2MBRj13^q+t1jfh(kLRy-+7VsvAQKpw!dP99ha;( zQne({l2gD(-#*rd)@*Ig>G`CBcDcRzx;zFa;gi4QxK!D(5Vegi8R&zIJt04b-YgN6 zumD58)Uq3#J?2@w<@Xc z#Dtkr=Ol-{nv@c_8Xf$~gEBE)^L{s-deyXHPw46y4|W1djpRF~D$dW(N<*cSu{stv z^lKvBs}XDLMSfkD_dVhQp08T^21T1Zb&^k?RCw;f2ne;kmekMv;de*EYt^agt}TivKrF{g>}YX z;xjd55-FGNsp*8}p%RWJpP1S|7g?>>2=2Hd#yzoLjWQPhH5IX@$WsC*Z+m}eP4Th4 zxw`d_Jx{wp{ocZY%A~cikU3z71RFUOC75}n1H8yv^wKyp@9?n|W+K zTPZV@&E&;OS@c60LDFR$-Uj;OfG%k4<41i1N}pQuTtAyS=NoN*vD2U+zff_bRk@@?S#M*rtf~ceO4;hZkJDHL-`2Kf{M>@_HUM#{tQB7$s0BnK0r<-zV&PARE`fJS)-4`;1559108-Z%NMbViQuP65? zIrqxzPc5LCd9;0OZnPBq@m3-6UFL}v&!~J|Nmn&wAhLkY!YN$bu)NLvMn!Y-CfHPg zJeK5!s2=^>6h7A~`c_ATF&v=4g2%VgeS>4Kx~sxlE;{D(Hl3vh@R3A)!5L7NC#>j= zH8mSS&N3(kc7?>iU?^_G*bGy(r4*s<$d+Kpz>QDRu!j1 zan5;#OJxs}6?qj>sfr>qV&I#r%-GYM*iMbwH1~;yVyP=RjWrPznU=h{tv8`p(%#L~ zt6HqERb}RB3n<7XOXoKb+W3vceM z)r}q%L_{LA4o%4lnNr(m)Y6IW_P1Ki-#jI<1jK=4TD;9L43OIRq+w%kU5G))kf8mP{*8 zMvkovtFjZCr}~b8tRZ(AYbB9_A$@K>ZCd*!_0JRW5P}s_ishfeFq7+sorOIT>bJ~; z6EUZJE8G9sOc{hVCZ3e-Robi$p3*)^dL*nQw8)5MMN!RZooy%7uJ@XCJyXeK_g}nt z@pS*->GS>STx39W>&byC&x2z!v-&oGNm@~b@0}QDqoExIxj0FyWebdvHAq#B9=94B zy}ARM`(Rg-rPX{8pkstq?K7kJjDo?ofp`H`KwkyQ=g3y52OIoP3#|uIaba_+Z{(Ax z>A?RfeeE9Pb;d^-7gA%R}#q)i;iK#;IabP!+v7ilDYYtb(1f&uO39de0xgk-Tt!^q_&7({x znjRB_{J)CQ=jTckt)503RBhTIePGYafKv8#57e0sHTq@g+2rP-!l+Xgv+m+@D=azmrJbhH~AOzxZwz}jy z=EtbMx5F@}bgY#ODk@;XumI>xgMOx;$&3nj1% zgh(Ybly$?T>5lFw*PQe8qErlkZoOH(fCoM{v7)O`r6lQJELsBiC)n3GG{mflL`tFa zpEmoFS=ACxY?-s;h)O2SW^!=Y3Ux9(kqq2W9sF3MufHD#!Sl+i0TXWCmW}EVP;}Je zTz4iCpdIvch+D~eD-5q@vR|ty=kTExFC1@b8#PcDO@}4uRh6Q(h#Q=0h`>70_|Mq| zTcaTx;cqYSs6t;?9ud9ohR>9;OXUkT_b5;3fRU6KjiC0H%;iY>C|W}|Y(m>2_-rH4 zw@M?($DomecK5JC$(nHz7|sMah~A^bh@9fRg^Ot*I`r?>eA=BQ(fbv5ZHub!lbQ+a zlh?!O>`+|}>1Sxf7M~@wiL~%IbnxEa1?ERk>%BuLfB!m5tU<0vf(Dn6cpq$I;i%uF zFLmquJuK*OH|t0auNQJPcyG%*@fvPyH*fN1%>$ZF>VUQy> zd>^p>-m}=%FGVzB`?z~~M+(Q(aLd2kky;(G8;mRM9_JtC6V)Oqp3$7#a$I&RAXgya zqyW}5oubWuS!EI(oD5|gq9FqKnNNg-Sq&|*7;ur8)XoVWDkz`>-fcwLcs@dDGK(!F z7IA;87%#Be1?08{XUAB7e;obnSU*;mvO6DzS-R^)E*eXVRfaUNXH}BAaA2q{O|HIW zu3s};?Wib*TK%bN#kA?*f8nYi0Tkn3vuQydW(tUNyqjgy06O@1F+R$gb;ZgDn`r*) zfWTsB*+m)9YQt(hO-r(4bxD~-4OOkNbmvynnOj+6jAEhgLU7q77U27odSyHTz}ZSG z!ORDPO7I$2!{-%P4<2@uNSbIZY=f)1E+6>80yrO3VFwNTG#ZUJO0CF5p|BmOv4*n> zhdvOs5Y>;BgKG!9wucuj+e{Zfas{<*6YxgO381A75)D;*^y8+zYg3bKuf3#UZ(eEg zTBQDT8gDG<^7M1jd10fUo7T0B3&OX$wULf5>7aThe~mb9r* z$(Kx>z%o<_*K&_#D61j)tVj!XK8M1O+l@LVwF2SW)t;c@k_Y`W^hqQdhmphfQZsV^ z=Gz=kJ3M~oe#M}Xumyt{`clk4jvo-;jLAQO8vGk%$rC zPqu+#T|qaE;&8ORdpS(Y*;UIj7kta6WhLM`JB^@#4xX`liTGXtUL%Z&*Jq0CULvxs zD{^f^GD0h3%Owktroe|Bk4Il9s>ca?q`{0srI~6@H(|j644@^JmrG+nsivY_#PVw! znbcYYAX&A245FAq(4fuG@Iw2pw0y*o_Cm5t~e8P)gS%#ZwV$TYD z!bCd&6$2b<$2^%e3`gUemlgjS z6h_#-K8tS^b+~}o+!=c|c zWQB&^Hr-Z-=}|WHf{A%}fy9f4L@XFL_I92;+oKENAf}-%App-pap#FaQ?BY-)q^%h zL!uE58zM0kTt*(lu|s%TXsWXQ-ET*oglQtva-*np6w8mb7`1bW$g$d7QlzU@nsM1G z@oPq(zdyqu(+rG|a>v2HWR~)Nwc8;!ozr^bxWO~^1iOLuj+rudJ>zgChP^fK zmQA!rIBPisux~*$GN?Ghjip`}foF8uH?gDL#bpJoI+#_+MSJJADpnCIZRy40QuOR=}BK8N8GUvJwqoFTy0Wnpy{k%)n~UGXw7u>6u3eOU=Q&Yt%+ALSTw z6qurHj7SIC7*&y_8{}d`D5CGJ*$r7heXemWiy*rqvp%u@!0rofvJ3jgD&Z=p#e9nH zN~F9}q&6^|$EyKTb=}*2pZUS8Qj4-)e{=w)7T@@|i{mf;;sExNO=nu8jtdq4lyA{1 zs%~Mtph_j#_DWFIC^g2&!ZgIdI4rA%W}!1>>E2SXTTPt1Z9&Wz3CL`{B5^Q^#w^mN z0!Kfc7VO?{Sx$-!Q57K=S`T21WBezHmdX)AqjmBd9bZE@^+X7(>E-l-))vXG&TMh@ zs|sIdsyTLw*SIbCq?>|UQUBjq?Z4)z{fQdx!C%58sFjJQ+S&!VGZ?7w5^6od)P(BV zeOFmqs@14sA^$TLmJNHgMTUVk=QDOFz+e^bYLbmaqW8kIrVui0sth!!t}-TV4?obkrJ`Ds;iJt;i_Ktg0}>|D!-o%7Ty26rP9JA>WglkV>?*TgmQ1khm$}ja z=}_9YInDS`>CsQlpTUcWWz&W`&j}&;7D&w;lHyF1V6uM4sAmLZ2&)l}eOYzlV3D3F zuzdCinbjRse4y@^NUx@uTX`7LW6IXuY_dbCG*)}M^QM@Gt2fVv<=Nops2mK>em;(d zXQd_4&?|m}F9zk=@c8Gm;h_9^a8?eRH8aG!-{uLGL<=weQKPxGt!CdsF~*zLLRYEj z%rLY+ zj)ryaE11z#$9byHx^_GHl7@ib^sshB3X(0vlEs~q9-n}gOks|Hm2Rr~XsNihP6Ue5 zHGb$dG&?odXC6*Uyb9DHnN4aP;B9cNbcC7>jU)WT2wc7`PUwTf4}jlOmvI_cnChwV zK4771>5E)cYYc3I##b^(wtX3PWEC4uELdyyWEZU4+Vwm$k19pY+U(3HczTX?70ZIW z8cG1GyHj<_Q`MTO^|n{^nkfVEWM zv|7$sS&)H6e@8CG(hE`8rAB3k&ST_c8VF}c(fz0|YeFD*h*k@?(TF+nGKKnx*&VQA zzmim*lNq^$Vm6H}akgw8pq>TAMwTGhoI7t-jnSML%Zz|9$k}cqcNr`%Hh_HCbnr<_ z7BA4~S#h;8n`}3m4tAKY%XJu_Ht>W~X{NdbVQrjN0626Wn`@aD3bZP<9Rpiv(d~NW zf>@y|QcB0|;%Zu93nekACuuye?4YD`0xS(7>qVJ2mNwCG>8vCRLE+b^FG-qAB>9&~ zU86+e+m_h160dp_Q4R-ZKS#q7|E2G~9`8<+p_UXgy`7wjI8V^{lEMU5Yf}&eys4p^ zOiV-6pUo-OL29|D+e01_r^(GgT;Y^Ysz}FM>}qR*;C7sl+<080E>MK!Qoit$B`06J z*^&`&S@|(AXBG7!ayh)AX-}LHM9-*TEa@24(!JwfZWr;h z1fGh!)#4>UrYKIg`H|OmdsPSerg=Kde>K@RmVnoTq1w5W*}fSy9(3_y1?M>YK&s+TS|j*-qj6QUtgD8i^c0-~ zj&%?(&%Q6@3{$D#8wI-ajasCx6H{1U|#D4PTs!$y9(zgXGb`d=>}W&aZAYV*}0M6z9Kv4e26LqZ5r(cQ?S+P zZ}|A`=n@t9_ zS$bmmMGtU{N=)ytO&-g93pk!_H()h#P%qdXtFGt{P2;DSl#kL0v=&RGfJ!IA%o3DL zj)j~7t3%ny4P|>A1PLrfd@gKkScA(LZI>GF#@3_iiNo|nnAvtSRRSMzTq~*Ga zMITo;VF4RwA7*>7Sqxv$D3J6(U)G`qbkq&6feDP#397Z{GbvXhSCL_pfLzGD2U(d< zGwUuy%xm-j2kbtmbzf~*#jjFgC=XqA1dMsbqaBdo`DlAV2QBsiMs8QuG zG-m--=pyC98c?%j>N%xPl?4vvj8Egm{R8 zXXUx5;W#re2oPBS7q55TU&;y8C!C-_eU>=iYorx_@C$qx4WAT)3yE20=PzJo695QZ zE;`J`pAO7rxM^ZC*O(vyylzmtv31|Yz-4natnq$;H>xU{FS9NbAb84DbaKuo!1`94(^`#)Elr7| z2ZirMYa0`gmom_zmY$-8mUxp5E7>{~<;TYviMw_X-%);Ys)G1p;$Rd6XL+Bppj&Yu zZ$Zyemg63_Y!bpW-VN}7ZT%1a&sU?sNxaN@9MM=AC9sCC2T8;f` zIwlRo)!%MxMBQ$;y|K}L0H5g2#zyyvkFl-cXLy16&ME{_w5!>SS%Eg2Y@uSJCF;Tz z19j+ov>9z|ROSdgwUDfz3sk%Nq+at-FJHQs-R{YZ!ag{s!HO<@>Yo?=Ge%BEl=UJf zyzDq^Y(=Yeo1ZxN#_C#G49Qd9m@10An`cs=)fdKnCJwkRceFQO3o|fv$s9diPukr| z>;}QM7LqtKu5|D3vruw^FqW`z25vUdV0ABsq5;xF<12iurdY~OrkY7jy!Ht@!RaIfU z+QS@C@5W81kiKfZ*4d=ID)bsBfeyJb7NTW&^l5ic@i+>D~;JzDY5le1bA6hElY zs!_Y3UY(#9!ty;&PC<^)TI(*fi&=7-@EYLB@jf&#D*&?q(G^Ms4s9ao_`-H$dhZd7 zceLBwDE3?Q|I9B;Bb?_N+ell2E{yuT1lP+ zp2HZn0PC8;{p7*8H56rfysua~uY9VSFsHqqSNHb-bav6Esu_n9bp0kwr0GPggK%5j zz2w%eB-eRpCmjrO*+`Y~J$ywLWE}Dcx>7hR_jdzIwbIdz(MI2i;vX(gXS2!X{riKW zUv@YRai^G`+<$O?m>*5k>BW7iirJg*xL{hVY`daxwX7`a4<_(v!Tx+aA7kWtNv!S* znm~1|%abt8{Ed}fY;CE!Yf?+)Opl$+*DK@f8pq=_ zN|U1`J{})M{bZ1Atgp9{?)thfCdke%v+q0~fB^S!eT6L^T4?&(ii2kLS=2nLK05&7 zfItAq!JmUBrLU&E+khtCgaf&%`p#w-U)GsYIFrQP#jESdN;iq-`h2U*%O~%j4Ks}I zJ}dgg(AIjuK@0dHh)=Z<>;2oYkT%CRRZ|fsgZ#=l@GG_DWx#2in@-+qWdkRP zrKggyC;Kp==(*`psT>#Wq%;KVC<9)SapoDd=_+u*TF_#p6Gd++`N9h?{es2EueNGm zJ-%XFU~C5UOnB9xvfC76-I$mt+9|bmFSqu0o;9pP-kwW#@X4usloCKI zkJI}+JNKN*)Ob`KI}^F07JkLVCx}X>DAll5;PJ?57Ei|~m?!*8=4BU`=K2;iw?)bo zwxTW%-~oCLZS$dz4dzh2+>Xl56vP!0{2EEbo}hX{N|weIrlg%A?N;U`z5abx{=3ae zlNhyB1SDvLTec|T#EMK;bD(rNdNET`~t zz+$L2G{vk^rU>5bajD0y%YsFg18#1uyU9gmoA!3YV1+|Pyq?Vcw>WX1W=HcAaoj_n zXcgBSNlTX#I%zfvf>9hdUeeV{1BQc7X>?gYMk4HqZ@rRXYs7a4iR2iKZMLA=Yf+{> z_faH!po8(8tP^W+riI9ej|aK~Ebdn;=lb0 z5+)}a`GX8LZEX6cx$%5Bv|G4mpJHJqHlG%4Ooj|?Hi5H2LGeW;_tH`>m-x+zD1?!j z4d$e?RR*@zWOor=_`?AeC|KBm<$(8(i!ri*A#=2O$5#=Pbr>lYlJ z4!xtN`H0R~oJJf=F+0L}h08Xb=CcdMe_&8SY-CI*sI>ijf^gHzXcA^Jy6MwZbQ_{z!2v6Em&%J0EpUbC2b&v* zxYNZCl1KImkstw>%((|Vq<t#h z!=1^P*Yz|jabBL|J>|K|SIKz79ENF7(`b~+l_|~{n9vF)S|T({H{e4Pms~T^_o3&R zq>|3ZaKd2_lWd$0XP8G&>Y{UnjqcuySI>G+Up#*fUHd|{_TqW8^XjkB?(3(|qTN63 zy!!6h+a!ASmuIh{|L=#l`|$kb%V)3l-$t+BL{Ij1Uj3P%K#?cU_J4c^rS|{yEPD0q zr+s=3pq}b};G5l@y}fAvb@cp)SG&=RS8rcHD?h&3`TqN7ZxRcim)O*kXVJ^o@bks9 zr+?BB8HCv)BEz{J1(j~*P3V!NsG^GP-#gf+vNd=@$2A(8qfp)zz8&hIB z5&v1hmn|RaDCdpFmd&{yi@fg+s$E{z($i

OJqXhQ@F_ z5DcF3Y4gX^92Wcps_vcwLNO(*cU{L_o6FbG=rkW>rK9pX*I*dH3KxKPYAcg74gF3c zQaN!dIaZ;#Kx(|T-J7=bsE=*E8=su!(a&c?jL#_1sNfY{Y-Pvz2j1f!D6-7I+2rsh zKgJn){wNG7%VT~r&X4ncI`&w1C68~-IKW8H{ENU_>}=f?or_+05;_B1Gr{sPQeuxn zw-3u7@W2s!c|DzWG0i)#BuR#JRUDtw2JAS{ zKh64QN;xphj%V#@2FJ28x82m`>NT6}swfn9a1>*in4glLU{UJfYITd&*46avz2J^qK`3VN{-Y z{*;UmUTmvi0Tq1UaDV1H#^P?uiG9&74{bm&DGgnbkU2$vKAI0<3wobLF4Pc>BB}22O(S4T~?-gc!uMW`F@%)IVych-xoPrdkx_1l%k}k6nnra zX&MKhJtZyr{`A5Z=vMVEf64J5m0LM!CU@Nn!>dlDykT&tiA&(P8y^^3uD58R?8r)7 z^7?iX{phA+Wy1yy=UJ(AmBlna$;nWSAd1ZUsnNSpe6oW?ip~=6S2iOGj{)D%&%$>- zU|4@PyOCJ<_)#YvfCB7ZcYWg_?oQgjrtxQAP!p&xZ{9$lm6wan$NhM%x|1IbI{K?8 zGd}ur)LmbXzIeF)=V;^67cUzt7?3~eZmcI*Es4H(^ytAC@OR^juO2>l^zhLa)^7Uj zmwEm^9pY?KIVW~6@%Bn6LP6h2hUUlcq-N+XYThCtoki21;Ce&EI`$fK3V8dqzlA%| zGqJeK;eDp>6jyfY!M(~O3WC1rhA4+v0AX{LQk<0Pf_S>VAuLk3&UVISE}`JE_U#~^ z;LIKae7#Ihpa2CFy`JoDt$#NK$dg?y;aTBdo~bkyKW@hB-HivGPNx;cm_7vv7p=Dv z+&0G9W|!`ZH~l=LF1H~9HDnexu8DwRVXHM>je{IaEA8#Jy0M1D_3OCBy%dj0Lyt)% zu_HrPuRGj;)m&vh`EeG3UT=(SXwNIoalSJg@{M^J5RDhkwrNHiRG&jEIx*m!C|KCf z{AfP22p}7h*48^AJ*;W?>h=D!O`g^|6%Hcr-|{_Hz|! z#6bINF((Xw{sj)0Cwm!t^z`Uxn!V2{z6okd(+`%tr?Bn@R%#$iA2R|LxA!K4F4}fN zg0fjtkF~PBt1b2I@oFis%qdfCf0cHfQ)j)tQ6D=i0Nms0O(4)YHjoV}bGOR+&fS_5 znj2{*JE!fgCK#~922aqgaCkanK6r#*pARWELBJ{UCHp^8hK%>XXJ|>trSN2MB>Nm%8lF;MG~5hD zubaC%l=O%kCrQc0W@{Z%e(hdr6t3_!ogpY5JzDD~at56h4zNL9;@i5|K`>+*s5eqQ zYFoOcJas4TVMI}iV8HD0OppeJoTz9dlSmFh#0o2pr5YuU=LR&ZzJrIjR(hn!4uvF= z!L)I&7)EKVT!eftGwD;Or{r#U7S+gsGdiT^T@B(?^-^;{g3AD876KkB7y1%YlJbjSNHQ*s;?& zaFpmH%QRS3B-6ufJB6#20zw7CouvJ<^n_`FUfFxDU$zoa4B!_GM_C_{h4S&3R4@7Q z1sfa*Y`Q^4p+TkfJH;HOr6pGxuvP-iW3lQbbP;N9Me-Hljk0x4GZr3f`dYK&HF|fS z=NQ`!=Ek7N*ylrqk`$yc@HRE>2oB11tCF*>bO+d1!C2{5i4kA5IHeE9w9SuQ%Z>6> zn}p2A${Z5o7^J6JI^d9S=@4}#SXg2b~oh9gKphjQr&G2W@57JH~DZJAA32Of~sLj z4ocbhoOcb87?)>5@Dyp+6bCSsk}V538e`#6q7!PGL`qJnj%GaWoVnU^e?Jaqd&J5a zFG}Kq2nf$ES6le6Q)%&NtbO`$1RkP0_N@%kF6Q~AAqtIqwaJ79;Y*C73D_|9QfqKQV-ec5lxq-dpq02*wkJb9nI$$GSmjr~>6#p!whQngz8Jy=V=i5|r2GQpdMn8np$Nbj zMjDf&K}~R0+^KPe$Bvi7xFwZpBaPEqP`#qUKqx=pp0^FCup^W7pT_KAxjokgA8JDe z@_9U7PU1#nQ-^OkkkA!Az$qgYPRj~|=nw&0LpY(+w%IXAZ%wy4?201n(t%_hyU9Z> zn@(F-)f05Yhv@Clso5{a=VX0GCRkQa#5?93&$+W%Hky#$9~Ki&dmoy_Ml`1d3ljCP zrrK21GIvrlObmrAY zoex#0sNG9zEE8GoD55NAw{{UaO&(iv=S^Dk{G-CRVgJ@^MA6f=tHr2f4D_+Lll{N9 zpu#l&l&%?Q9t5+qhW1piF6^lLs=9p{7VC>G-vA+z6o%WL8GFJ8$=g+91lL}oqGH6! z9-FSI4bnL$2GW`6E%jQH$sD?UJQg`yDheIfa{xog1!8fo@AT?pviYB-Beb}B{iiap zHw6@)4=jtCSgeAr6H+aqR5dj*1XuX1Fyqwc23s0_^tM*n)o>1>`pD4^%T^bL6_&R) z!t$2-+}@^#pMa}w4QsmgLb;Via@_^;Sr*5wER287qF9Xu*Rf9j=#dT7;iLVyk!V_* zFioqRC%UViC%X0XS|2XFDHJ|w>LT`m6SjmE)dSVd!wFa!Qia$DNwL~>Vu#wy$5m|k zEiIEf6d@dGL&m{$wx5m(#w$#r5a{pX?h<@WFSlZ)PqB+^V#!uDc^y2hR(@b1mTu8+=O+eA@Bs@0Loz83@R0ZMvetRvS=6`E)(F-0dQEMr!$Du z_Zo|Y`$%Lzp(r7EA5nJLUJs*l#PHae-%gz}T&G-Ahq@N3MK9{>^{|f=`k-1PUv=_p%)JE=Dko}FJt3pVM9W3e|H42lx@|akO)$Sj>|bd4A7Pw-&Mp?6K-EV@ z2=t#XU(Ns@n6>v}g>*1GNumbSNH{mZUle}}^ltdHJt zPAS4Lv1}$LEraZrc@`fW3Qqr->s|GIg(a^Sw626d(4`%N@*@+kS>L+2T$m%BZf*50 zZ1DFrew%Cjj>)~n%L$Le5*7e&ai-aXvs$y;I$8D~Nw}diHYT1H^OMs^A|SlC@6_eG z53SLs>8xkgYjnr>!~vby^5y74++7CWbA`C|jV?y_{>pz2z-Ke&K`k-?$EXCTybiS2 z17RK`0lwLTziM*1B`}5!o~sYmlW6_WP=?wTe*;V{p@}iPP`(CY-|bL@Tobf|ytb5x z+6wM@M)vbe4h$z~mm-Zg<_Rx=oZ0Zb7+lPN%4m>L9AjiRb^EU}u%%?yV+d~!NPLRB zy_>;5z1UBpmoMI8Bp`GEH*YvsA6^&+o3X)KjapNg=;rz{S4Xnukh7qgTY)_iwk@vB zcvnyOToPsg7q$6%fT=9Po95R660I(3TfO9^@U@QQ>Y{fw*Qe`h2q$&h#T_BG9aX|I zh)HPtR9ZkC0&@|+FE#ZOXttvxy2bb47n!xLuH2)3)yEjDHW(9SDMloJ>mG`IVr{Fu zX9Tw3nueFp30O^aQ^L#dg^ec0l5nxnTaA>Ua)s3QT=72bZsyFmB|*Pzu56*VfC|+e ze>urE4~bJBM)zp%nAqk7eXN0jeRTLtUwU@|S<=L6qJFk%C221f&fVU@JA5={nf_ZtLE zQHOG6;!gfcV;>;L3hpad1RqV!m1d9tt$R?U1^{S4m%kSF;b9Kd<6}Gty~mLi@8N+< zLYId7l!kSZWdqpR(RPtMUV;9S1r}(5Q%9mh`Hn>V*a3Kol1&NZYcne7c=lWc5CPaF zZX}9a+QzZe$dUl+K)fjClA%R87hgy{0KH!jD(}hF&Kij0j64z&tnJ=mNspotI)QSe zW(wATM_&;Iy?75Dmr1lRuF{KRAIGVNJjZBSyO)#lqF<1&cLP@;p50*g#onA04MNP| z-~ijbbQ-);?tNI09qkBo2OVz}HUw@^kY;XB5VhSkEY9pS$NJN>Je6@d%1Rv+g5?Uo zeTv~@7={BiJw~~n$AzYg9-8`PTjQA!MV0Zb6focy4v@pJ%@46OcdL4vhKJO`vO#;$ z{J6?|V0zbF{w>(tDl)HsW3ZZC#H z81sxap)73Zta)#xcK z?xPG3&zN(;@kNs5d5*#12rb@>*}v(Rc|Ofd)EHTghRV^9-e380WAKjmeU#bUfy-Qh;ii(^L{>)b92d2VPHo` z-(_SVMb&-T;!iLH1#0P;BFqG)1%|1XWO1C6i~Rpw4>pI$ehcd4T(S$bljGg)HZkn# zzDC;}=V}GP%gSL+KC=Umswh6~%sznz93Gg}qu2$a8YaWQpR`S;b-vHki7HU%2-&vx z18nF=7(9$bNyMfNN%gO~e^_JZEbO?neZ)1yE$8RsD>u@CIL`4NXuBDk=t4MMphf{>*jL$2Srux+ zl!h+g&1-+tQqgUl5VG#3x~iK{)mOISLhTfK zf^k^1ws!s#oG1hd>W~w@jVLjlfe{#ai|0Ttlx_&|sX+&!T4bm->X=n5b4uXyb&|~} z{h%Ua^4glI(ZLip^^95)r_6u*Ho zka!2I-Akbp1rwzNP8eK9#)Wu+MJWu>kORDYNli;veg7YJ^;)8BNj=cJk1_n~IXU+%)l+x5CV-Pq0L`Pkpa ztuk%_KQ`Yg5}0CkPTN%p#qzG)cHJu#fGultx|R!qcC;})UeU7_GtutZE+c{J%2&j> zuaup#3iUcpxEg8rvKF|SS#ZxJ33vC<6$s%hFuhRZtpQVlZYJi7q zd`qmZ5Yi0?$?NlQg+8kfx45(y_*p<~AL3$4t^jBSw3a}rn>zoGOUp(EhO*-lMVhc6 zyhx=t!+c~M>jITfMtr!sBKc8b6&leMQ*@JDq~i?=KOyOElv>JaJA)(jK6Ug5e3gI- zpWREZ2hg?-4Wu+Gj=mzD%~0TW0g{qvCWtV0b_7L*Dg|b;wOAN_mX$OS&TkKuPQX5^ui`(wlW@Ntcz89XihfsmK;YRK>>N z4&&tlfmH=>6oT)3prRIueCfYl7{^FL40UGtY?xL2JwkFX0Q7s-py+bkt#euhQ`6o{Z0|eO-dk?($pve<-$Hv(<*(RY&AP*tzfCa>)Dz6T^2`-0?%>SA zj4&vQOyBExrWEqA<|n5!Sh=%v z)T?`g!FE)dMOX(WTl%Z0ld8fD9c7X-F`}n^j1TfHi*(97(u!4q)Y~i%YrM5X5iI1D z?M;=~epHLR>TvjAUz}-Irn+s-Z-9KWRsejXZPKEQe|Ll*HN(73#j53z)6cOgleS=M zM!Gr&g1?Cqo>vKF+RK%FoA{0qTbQ(X~3mg%mpv8CN1vztji zqeSR{7X~UMm4@hhU`L;0BGNvm6~&D@fo6uo;+!*4|C&t;9h?)N+C{x!JkU~)T5z_} z4mE(r;PRWGth7TafE{P1G%!683O?iL#gtOT=-+!;I+|yhIFV zPaw71d=$6%f;Au0m70poh_fIAxky_RN$N;k1H;U5sI7#?HXTCvpRrTRlP(=Jv7P2& z5*;+L9sY(b@Hd1lZ~2eaK=aUJeF7|r7!>>^K=7Bq;B)-P0a3GlYaK})PvwJXw&HGT zvyZ419sbUK1MC-AVb$do=teKBO9V=xI>_GQ={}tmQ*qp_WyarSw3N#%sr9B z=n8K~UUZL>Cc3*cp`*SsiK>}|0$jfO3O^If!@Z5+lwTiHD#N(ZNxs><-~Pk54WHdI zKcYfdt;3U{figX(y#F?l14V|X0L-KeKaNuLT)+ymIhvIIVI`*1M5xFK2qJ#bKQwrH z5@>-+*9OFcofZ_0qvWd&;pKRJ%4YUJmgwePmjT&=7`}Yg?bIQFPiF53a5{7@<420`k+Y=Ws*= zTw=bLoY4VF?p;cD->VXZ30XJSkzh`y8M#5(=W;-~kzjr@|KT6J`=!$i1R1=W`V)Rh zu>5e~7m_dzr(A@>H*l+tB?P@*ex7z3Vsi_6gwr^|f9MT<`9tljcF$2fpa~^@uQ@65 zkXNkZs=0<^H9MTf@J1uhpaZSa=6O2BOV+Z3U*g7YIz}-4VswOxER~%Ftw1m!@ZB=t zn}ZSgD6lRySQo_OE#(UPk(*0+n;T~Dv*GrJ$I?V%aMP>G!yP<9A4K*NIW$o*coj`= zYZ;M?8+t(UBMM_eRJIbSC?eR=T7RDfpLrH=zt^fkYkTGV$Q}A?jC@;@bp0)N<)S8rZ$D`9$LV*WPI!jv_Lks-`JTuPES>D!oONB5j#g0Znq*?%p z;&DQL|5vCuGS4_wvoRL;2b<8P!eb!E-sRu2X~DUuuVQ@Mssw3> zr|2~Xh)~4e3`OU0q-JqxM&Zgy;$ZNk{Ow~OFAI@)9beZsyN+eA-=t6{(CU(28#vvC zKy(&w1H(Wu=4ll==wxWDFhG-XD}94CDYP<*kM1QqbXAgwW$EY}$)r?P(!GY-&BlBU zl;UwLAI(SBu^sCe7)8H7pOOi8*%9M>JU&_p&LrTySn-`tbK9}PLjfk-KWNxiV#v%M zVfpzi5!RY;HaJBWlbQN~r*f)e9ZUTS6D~kYxQ@HWN`PUsIl4ycU~{8-2BnhdoRlW2+JaVWT(;p{zBrtQnf-B1mC(%#H{P`wWVEe)5U0pwnjzyGct1=53$q?VQ$QfuO1la3Y+_*?|kWP>Siz&yyePbh4zO zevWJY_p{?~cy=^oU#>;GrE&jVkMJ)#7r5Ua1A2rHpEC4+uUqo3r@s&HZ#cZKr^}c4 zZ4LDAYy4ky5^%r&9$4crNH-t)Kh~{rbg2A&fPcdQMuM+!A$UuJ{rfuq7o7&&?>`3C zc}|uLF#3|CX!UXbN8KWSRm^tA7q#Q7@x)T9Sr;iZebN(hoQ|?>(g4VlOWzjFQ{g|`WwJz^7>_A#pw5p)`t;UA-tO2iOW$WEo$0dvJ>{5m+&j#K zN-+kYf9D#63KnCG2r*8ST3MysxEPQ=QJQ6>a(0U!R>#Dr8l&qB#(63*skmgIXM0lk zePnsJk%N{tIvo{*IbJj#%{d?OQAXCtY|2;`Fs)1n+9ev~lX_Ieh^!+pPcrBixR~uj{+oCSw9A^fzMC#feeCJsM!P1ceBo}fU)ZkL}g6=T8td*Lez`oDL4M3 zU3RtJJK>X-%{tR#)mwdQhT*$7g3<0Jd0t(WY`mM|<)%zUH4FTBA-1WmXspFnS1Nij zy+|rDK$PpFj;WO?rJx%FlASRWe%4x8IIU{^wQ4BJ(E;LUCE-spsoSZ*3$pMfAcH8* zIwu`WGdmK^E4$1O3J&T)%hKy0y!l40Euo@`9Zr_b;xj6m`Ak7ab-Z^ul&h4?+7V*3z?C8CznxtS zvt0&vd+jGtlb^3!feJUAQ{pDnun|~fyaB-7J zdISK|6Aar^U3Yr9Eo2{d_B9GnZ&1bs*Aq@kIoPZ&E=x@3bk+gHFRlT~CzJ(Dd$?HO zTA>cE${f`=ssTJ6rYF@v|DSDm-cle+Y}5pyq`;HdM8aDpaYz=gRuTOxzTYVFvV=|# z&|%9L(N$dMZ6k_X)!=8S67*>VHK4tZQN?}>Kb0d1om0max$rc1KJfAH=s~IYwi(uq zt-BHa8tG9#>TW!UK3x17ef9Oajjwes3mUt>WXB~%pNP}0N9%Dn>9ztz@nok93+wIs zjK2ox0|5Ha16oO*ts@Yc>M;h*1`#28*h-=pBl>K1DdGF(qY#SKhQEY{zgn#~K*AM! z)9oUSd`-o*`UADS4s{=_)}!ttZ2XH)YWz{9@h_Zdw{MPXMgt;D@|T(cbC-rdXd!IdS% zC4!*Grl1_B{EW7+ES`lQE7ER_AIDormdD8!P~~x}VQG8N+X-pWLF$Z^#~Aw((?*aD z%7j#cI;H59Zd6rHkg=zzOsQnqwcGNmb)p@#;T#td(pZdCiD0A)A_|olF%>X4osZIS z8?79PX_KNre55V%nASL102%?57QHCsoyJi!`7AASj>LWM#N}=bT3J5(D-pP-g&b7wA1Op0M+gLFh01&1jCE@a!l?1 zzi2~WxIafLNM~x#UhRz7>w%yeRA}1D8lXjMU+DhLW1MwzmT=Q{$|bNCFQP z6>O5ZEf&k(g%+H&P6NrOr8>Ti^8vs1?`9VakxlSzZ7S{5{$$)0ahb8sU^w3T873%9 zdL2XM#EP^7{4&pRf@Yi$hZrEi06Fgj6`^=djBk~iHTtfQniS3^v(9Pxct|?Iygx0l z3OS^d^CM?N;!`#TIT^?W$PgpGNo@UT-Id$-!E8uvtMB-uU{n?6bWvk%6^M1p#B+cs zqPcmL=n4=MDWM>SuyMauJ}$N{S(M4sIY)k`uGbx_Ycv4lg=HV*-Pd?AIh|1{y|5bH zb?3aiWNWFgWR{!^{aV)K3GioYa=OA&E#nTaa!*`zDMV@5=Hq>&pf$NmZ(eI<_IC45 zGokbgPv@hFyd!miTo}qD%&iHM55Zj$K4h7!fzd&xIXhcf>jFcJ!%+vvKTGZDg=G>0 z%_Ib4%Z#br5~7I_w*QaTB%NT=@*+A4n?l6O_X;T z^~s;V+{bSiVaknW6o487kb(Ht*TGLs-WpO2@RiOXSMpHUA+ppvl;;S^F(Amd$v7I{ z_^85`P75I6Ygd9VRS>p2Ox8*Y;>VgfrimzA@WO63DCRCCdjYzTB!-QmJ@(;PEFpMY z$sR&!gV5&$K$$r5rj<8r?6L`SF&52sqNvkS&Z)fOT=I1qmeRUG9dC+vh19sV8UC;3brTbrFgW9?4O(9DX0lW_*C zJ?L~FcDj$g4wBE?m}v!l3Pqh-l?#Jq6Sva819)=ikJGYQT%ExO?J%6{%<15KKA@*- z8xI1&uQ$sBGyH&_RUpeq)QPv;_`+!!oRVIWhUYsk_QENh%q_qJ{}SL~Agto`=6PU_ zFGlQgn!y=goW$!$9es@KVjm-S5?+}utyk_fLXjeC*IWHsy8(HFH&!)s!P=s5OS8m2 z?LEqpGl#20s2w+LpgOpzYP27hlN6&+h>3}5gf`Gbbn)tVI?T^9I`HALuO6-xD~+d( znb@Ck#dq(l(9NaYFur-fjfL+eV>{K3f;mmkb)aXqb+(eBswfsHAgC$XoHjcPa(dc9 zjrk~4uYY0TWt$`oiUkbCP>-EY4xIg!nONY$!DQtX&mMOJ5$vNDqJkHQr61ybA5E4$u)fok1iSqEQ!@ZA*@xQ zMNywo(#ywzjH&fNLlq?UbMxJ}$w8g9;T880I-FrILdy7tvpv`hb}2xsR)hBujD?7*q)E2=Xx5J;e)QCv_{w@7<|TIn zAvD|1e%gKZ{r-#BuMEOa^VTu8l=HA{ont^`Nj7!f_WUgjnKQ=&JhZS{aM9S92La`CLuP@w~%;` zKPyHcOlb>r&xlk5R*o}y*lmU{7YIYXROncR)At!}nI`)Z{*U{_87HY;wJ+lcZ8|PE zbbG=MCF$@yy(k&q8{tST`Z)Rqb99FZ%!>;9H?yPkf|VikHhjAcWnN&CU%D_fxA>;x zuL?2)sq4DrcOl`2`aRCxXVXvUwzRiu$EEl!cHJqHO{b$0ts5FYjHyqg$)i3uDwo{o zg;mWUK#YA*h?PdwK#?#1+=O1SSKY#ee>ihf30&bJ+UEg6oBEWp1GBABYTbJ~mh=2? zK*yw-X&w#JQ$Iy7KhxQL>F41!>K+%xCxU1$N(S7(N)5Y%&r#$9384+7*1jQ%yCh_q zw0F4+1%|-!RQ%wM58*7kAe%JJmST<^Mh}nRU~;AonYedwK82Z;nn+}6F)!do|I9Ec zZk<6vJzc)25{CY^>W|4QOggh{h4D1mwt6g~0aTYF2GP<*9}~A3CmgkG z^=73m_VpZN3T`=fi60+EfaWffZdtc-OZE?pbMo=9ikp2<ZVWDEBBB?43I!LM-G1Kp zD0bG*_I5WCyF=o`25+kzrj&2BD()B}nPHkf2WDa|(NEuNdVA(v|KI<$)Ro&VtTrj( zU!S^3abgBxyNQnKh)L)~#l!$}I1mr=bd~`u`HzG2T_WoZZW2e%z#xtMqkeJa|1GUc7*39SfMEi46?Sx8GoI z=m%ZREe9Wc*zPv35)O0X`o)+H0rApSQcBRZVLBM( zDzhK9sYu1-w@Hx?pbmKmUdeLT7rvHjC`*Pa+XR~+QcWDysa4Wp!*VZ}bC$l8QT8N?F zwiL5Mb@o-q(yMNkw^A;AZqH(#_=>1Q_ zHCC#XFp|hjgl&!pszxDT&&eW)AhtjRK_!d^TNBvRDzL2x+X?pVKUlPpet$;MCMdRq zc9-8;UUAB(IftIj^3|D5>S1Wa)VsjEPTA2M8?b2m7i_L?orSy$O5vM0r zop@}?DwN&0A~HmW3V$ufID~0cAL@f| zcb9_<1^K+5Fcpp?c|(bi`g3EcFbwXK$K`tCv1m9x<1pM@e}c8iWdluOeCyvn>3yr4 zm9n4FxC0!a)IWL!*3-XcWaM9Ytcni`7j>VWP~bY#l3QG2@UV0!2H5Fc|yT znMAK%?^gG7Nv^yGf*Bjc?A0DBfzxBtG z3HV#QTa0H@%p|~xTNo8mhzF#*)+eikyzW#q*yY{tZkK5X8ufLVjtLq)!!#%w@zjIfwI*G{N%Ia0+B48_} zL=`j2$?Gi>ed@W{GP&9M&`R5Du8+!rX2F7~Impz3vyMhQt8Q;bejfSmH<0cAIT|g! z8qiU1@eSAebeckS{lr}N^T^m-@rLx2BUbO-_ zPe!^pt5x{q*)Qhf8SCS$L6NQBvV0~Vxl~;qV`wyXS)eUknMK=sJQ<)-EkC%EQ5lm; z51$}k*J6P~6{nBJ?3&yxijqBBX*lfWg^Xe#Zgu=TQ>m}5Hb8bc$;UVu+8i5Be!H+# z>gK*^7>!$!+dG?p6k5>k0&3XQJu`Mi!WnABqw|zYpaRvof34-y5>v@q0*#&hUHJcZ zJ3IT|eYfM7()uxtOwpgHD6{SOpy@ov^v#z|(~st6ba3$XAv|p=TH&Ln({A(dYH7T@ByeOtSCPceNL`EFqM);(X*%)o{p(iEzdzNDmu z78SLAFPCKRPM!ICcVJIol#b&HK1rbA>NW3j-CCWJ?p9T6UrPW#axXs*|oshMso z3o{Sv8Z*cInAPnTXMXIGsir~vkhz8Xy2k2}hsqzkwWu4?MJan_k}<{VEk4i$rs;>m z_MxA)%&LB1INag#S>;r;SSD5t@pDs0NzU5g&7MG?ZfNx5vI|^2KS_jw(j^H!6bl1g z%0+lISN&zClgvMrs3q(^!3$8NLz4VR-^2AOE(u;@`j>|w|L7aeAPBw&E(RC&6=jSu z4JCN9W@#x6yIg`+8brj!$u6 z$Oa%J?sY*b5kL%9N^QX#v23U7)YdnS!jB4-3Re2zD&k10)Vf>=qZGOh8)cRfVaA0P z`aLvp9swPRcX!axQFT>x1OSyh8RQyRpHC=A7D?RxRq!Z3IVDdJlBJPzF(@Mp?_S~n z2}I>lYl13E#L<*(taw(j-77^gW@vJ?hD5*vJo*cq7xsK{B0V{R^4?`RO~)r3rb(K0 zEKwyWm@^mj@y;o!h~&qHDiaA6MhzJUAv*I^6QYLKi#ndNdnYmmJR?$wvw|)IRl8LM zY+q^Sv`&=Ls5%rMDe218%LU=|Xw zg59C5v+lkZpn>fL7;D4>B+|yt&W^gzYz%g$89t;aWET?5L=5o;8A?cU(6eS=a|hK) zl=Xg!|71;Gzs<7QQ9Mi$N*$woGV%4g)&P*YsiG0HqrcGND5KMCIKk1gCW(%Gfuyt! zu6vgp`|-+pf>-iaehL5KY4#yluKemKpP_RZ{y55JF#2xf?wz;0FJ8!0>~4J3-gxu~ z56o~{A5%E{86b*(=c8ddrzhF0uU(a}9Sm_Ut)O+yHCvJlsu!@~T#Sy2A%;*uF}>_h z^9edS4e}Je0=N|4RT|ezA3F)N0a5TGXA=so1uDxsil5lq6*&pox5$A|n|LC065sOL zS?_KCZm%cIu<%Q&l+xQ0-@$3NMxXuTQfnL=iht{^a6|(U<*Y`u>Eo(5uh9%c>49x{ z)r^+9uL0>@zY8~KUa!y`Yoir{uR%yhgAVn(uADOCP`_PD83aPMCi<;3rhhLgD-G)3 zD}-hA+X-~4wjH};RVBt-eTz#v3^<{!S99B(aWiRD!mdO3)SI6JW4ilg@ui zYpT`4Mvx7*r694o96kJ|EXOwjnCD|Q=z=d*tpN5SL`HZewbBpEiLOicUhe$Vd+}=D zYlx+aWld43Pyy8gDG=6GIgv1(0@pXqTB;e+%m%Fo)pxJcP57U4`C~7)wZLShbk4}# zw!8ElIo$TTL~=zgx4j;SN*|i_+kqDA0@P14eIwmCxLY2sp-!!rm9U+{vHv9d@CJ8p zHo&Mt^;j5%%+nevw`5&<*$NhSOT^yH4`t8uTl~j5j zRJjC6e1q<-J|MqAU)8MBGk=ASPaE%!8f(teHG1Y&4ZCeiH3XA&P*l}nRZSEAczCX| z3!!p^+gnlVD%wn|Q66o7a_9%0xr`#JsvQ*9d9GL&&GW_Ollu_Vqmy29+g5BY*R125?`vtmUIYuY@74|$CcM&rYYsxp5J%Y+%Ttp;}w|uw`$uen1T$ zlX~j0{cn_L{P{$sxyY13LG|9Bvrb8+kdu*+UZ0O>k24e?j zx6G|C0(+4LRP?JwBCii;TsjB5Pix-P0%-_?OECC<3dC?8Ly&MfolYQt#e!H7s(K){K^!_v{lRA;^fY+uWYYlTgC95JyJd1$ zt~Q;X2lo2Pdw1imY>Eqn6dwmdU~%(-8EAvDuTV(JaPLs2i!M==%8+&EqQ>PI=T$}V zf}0dMW95=DEudtk*o5f!i80`dlX3p5$&ZnbQC&HUzQ35AVy1^olJ7}_FD#2&1f6{_ z`P0}whjz-6;yn^-tp47;jKBSUi*i?B7KE!-A`u@YC1*4dvrjI_D#7aqIQv`)5q@ymk+O6ZTvlgUY){& zcY|;F!63bmpSC{h4m5kb8J*5%lg<10$*rb%pG}X4#W_lC_kWpVm}L-~?r(hY<%6%k zzJFSrw+BW0qL{a7jN9n=*Cypwn-o}WQHYgo9MpE&mH}*=0j#RLRF7X?t|t$#;@y`Y zcb|TI`t2_Kd~nr@f7<={)85CuZ-0{CFMj&?;x8Zn^6d-$T~SYoyg7LDjMCDAzdl z*bOEY=ujjd?+j*F4W5?DDP<|ZQ3Cdo1$^@YlvmnlMFiYC{2{=-MByB!`|9Ba@FR%~ zY|T{745Q{d?i%*znxS+3@R=cg7p!cEjG>^oa41fKHx2Cf3-xSOEh6=dvQ(10G^VOl z&dr&=Nl{vT3{kC!5WRUO`8@*a!heP~ttM*Ct(?cNckEttFv$Be z`#s24zA=t_8h3l)AB&LLpP{T1($xU$gEO?U8Ni?5p#r|%${E7lC~kU)u=-hZgs^M* z((Ri}i?^6v$ziD15o!N#UclrRYtS1?wz#7YfOn1Z8B3kN08q~&o*@N9T-PAHY9k-v zMKJ;-&7Lukhh1KbL+C2ix~tX}90;0fD(npAHt?+M3ut4ifx#?DvB&_>Bj93!ci70I zfT@>2yi+>@Iu4m__)K7lxQH^!@99vGDKiiuDLjjAgp9)_R=pJBUSbgRQE5c5HN#kq}p;Nj_k=nDh=r`f?PeoD0Is+q5tw5&8fw|Wa^w}`Q>Plc{NSKj z0oOb{tSum&T~x$INn<1k>3R$86ZA|@6cZHd1WhwBR#4nSStYnjUGlRy!!5ByY8FK$ zu@P^q_TVi%h~XK11gCOd9GqO94e*#KtO0LF=Wyi5`(@0-a&ewo;k?X_vTeR|nB}-C zO6d}dgM1jEayfp)2Um9dVb;<}+(W{GGXl$MT%5&a|1|1w!LZ=q6tVicP)_$M**~i^ zvgl+NTz=+qTDcX9tw1#rgo2}ASH?t=32}Zt4`G0aAeo(*F)Ucu({@2ggM|IGa;yU)++w)GPCN_d<2wzt&1(zTo3cJ0#ltv3{F2?pblVPtw6CGXyF82#_f!th2=K&&<5 zPRox}?BdY6ceixguTs_7i)vz!-B4M&nxb@NCFu}MYRDj3<-8|R-JXIj8`WD*S1O$%C#X036%F!j{SdKOo#T+#=JE#b4o9&PkRY`{A zs@wrmQh%Sr7)j=hz-ey zFsO)ORW7*jQyn;?9|{hf&Hw97DwtQ7^P{+aTS?Gz@MNp|xPj(pvlY<`&36yA(3V?I zBd3;H-0pEAs5p;qOLHDP;QwlHy(! zvlrt}amuwcoG&hc(_gVA2pe;tYh#So7z|M5t+Et~P*`bUEl9Fypa&@V>vGhUY4JWs zRWmtbkkJXkZ^OTtis95+-5VJ5s`?JaWyL3#!70bw|2UuAg+6WCRTh0j)3!?6J7_b~ z6fovucABe1YtnIsaKE z>d?Mpe{NQYDuE{AYVO4hcFh{|#5HYSWN0pi&K0GV7sglomlS5cTp2PyzlM4FzlYtk z#R8+>R`9ZQaB4E3{w-wW>vZE1^>Yq27429sq7|!RB(T& z5!&9$O}_~WNL5@ZPVX-r43aw?p;bZRh-D?m)>V=JjxMaY1SiuJycY1+2pI z9iB%~_$x+^sK+){^Qk&epu~bXY%!ulI-Yfu)aKb-Sz;T?L_v>g4pu0V6^oPKxCt5> z(YtrEckia}-i;eq(A3VbEF>zT4!^>3S|T!5;s{wL%Y}*+BRBfcTgoR&R-}6z+2V>x z;^$2u)Io|V-BWY}{@i@d0SZ=sq=gDNbqkceyFXl_r1hk~ho$AyPqfITh(gf+-7BPu|k>v@3VEdFUmlPI|M{k4u6jB&o0 zWubhjo#tJ$zgm`)Hx5W3k9S$+NtX z$WpgXfY~{Z6USxL)M_hq9NO4dUljUW)vwxc^9!wwHW^gMARGX@TDELoO0Z6xz!bJ> zrejG{gk}!ve3YH!+&1Ta&r|#_RaH_>&ZeQ2o zV~&ztdBrb}<~$Hoz`5yrqARnhD<#hh7X?&o{!bhUhc-5pq)UGQh{g`6v3z}u?^>>% zB=*eT&smi?YuQxzKA;ao*h$nhJ+<=$nAZ+5nuiQ?DVq%DO_i=KV~+uekT+q>ZvsGW zD|4{LMI*yT1JOn7?b!}O`>Db6ks{B=gWFj&Vo|-ya=HGv0hUYkwt?e|o9R-e$NBM3 zFZQ2tavXgxhG)8@(P&jPc!9|vJ-y|rfX@5Q?pRf#R15^@BwF2ptP~7zbi_g{sYyOn z5a*ydoJ49-Ph9lu30>)|wGpEzB8uIkR1+vbb6H&a&N zh4oD9Gt82$#f$x4fT;+C$14K(>^uo|l-K1*6b*M}k(FYcn0!ETF$`;~pA96D^4N-@ z?VAh~n7u^js}ohF<$7erY;AQg?rt`M)9fr0E$q9aD?sQpeV-SUf2JC(LMd@goMWbk zjxdTri>((|Dq&oyWBgY8%^McB=l64CN(dsaC&jeNsDoE=ZoS`;LE@v5YpA8~ycDW?i&66hDB zBe6^aO2QhSwI|a8^PQPl4H7Q!iOQv7NJWcF4#S|Q?=woGAhRhT(s|wSr?Z0K4ZJZ{ zR!#LzvN5KQDW>}v+{YgiDut5??Yij4f~YnMrZIx9z~iwKpaph!9tV^f5TC+i{(*BSl+ivg^!&~DaKtbP z-%m3>@C3}BdN5ySXya`~O81;1jQIsMagaM!Fp`!?>T&`JXLad{Dua)y*{Kb79elmK+tu`OOFVH3;P_=Nw`J^WM zBAMjsP2LM^wfg2}##FLo^Gw$qzcSQ;*ZzuKblqP=V%8MY53R>Es6Z0Eoll4Y6{dm7 zfe3~Z!+PNz6SHQ2t5H@{3ct#HTAeJ0Ja%VotPXIyUE=9^b1YZGaCPizM)Jm{YIVEf zKgUntZmG@1gcQ}g=)|%!WrDV92xME6DMG=cEFGbQT&w#Dlfs8@ZW&qmZ*nGKN+}*#_{%w!hG?u3iFdp zF@uum#!?oD@%$jcAzx7p^FO>$_ z(R@MZR>l3fF!y!yFj|A{!0J6L`@R%*H^ZTH=N4mx$jpM7(!rP z|Jh?`^>q_D^_n-T|2`vFr_DwSy`W+L(mkonW^WAXwL=MfPe?G{84gABvt2#2v9ZEJ zhU|hTxGvc0uHd=WkpmJY0u|iU?|nGPX4?mc?nXL7mr$n&4DcGc!d_ES)9nJxip9`r z)<1ib_2*MMbVmoy_HS?}xsfPwEvm7&>C`ad=pt#fY9S)T4Kq{PjUI_f=(bzD>sTv1D8yUQ^hz?_YjT%OeVlxKn`iTPGFjmV>BvdKi2eZS$xevZP(@)|KwpLM-2@@w8nCa0DI$Eb`cJ7VJ*S6 zZL3m6*zp#u$Kun$K<`Mas?iqc{MAWn1!aFl>169aJbi3*hqMI;j=qn?OG~Wu#7{0t zqak>p!@9R$9YKX%thmR#%r9;qZ?CJ>tRUpIRudc1+x7xOe*`T3Y&9Jk0EJ1E&g2l3 zh)7eTS5pGRr>ny*@$l7%#662oVOdZ*NAaq0)v%jf5)$Ke<%Cc#uXEsOjH-a!CZ3Q9cL+?g+<3aSG(|y?e zBBHFwi^AMO+2&yq9W=QDe}`JDg`{2m^7Qp|bzxLT%n7XL8bNh@aa}>R-ktCBg%2Ci zF1SbT7VWP8T<7v~H*Ynww;fZr<(w}p_5g|-v_Zn_it%Q^6~~rH9BBl$>97d5qAbEf zTZfJPG+}Cl36DTfaZx!Yus{!XXQA{WF7U?8|JwM~8B@68PNqbifTR=Z&;oy~8o}re ztuAE~G%6&TkIbk9&o02^rx%)I!h`a(n4+sl6`E92LIFBMYyb;z)du8QOXWO#RP7SL z#~@B^57W`nAdNn3M(qz6UDPd(^ShT=F^@vGUiFf_>|LKO&aW`%smjXpUWl~%+-Ksg zHvdgoZw+_@WI?mSwpK>WIvcQ7*Amb@(S@XayT(FJyNb|ozpHwsG^!4HDGoZ)v8}CM}PdRax`EG0&YJ1 zL)3ok3eWtfDnUC6zxj-{;V|K{KJqgA6hq?{=-g`kfsTiC{@3l?lMDl3R(kh&j|OJ0 z{C-5Z*%9HUhXKCryP1$=-{INMuPHqJehm1;V}Q+J$Xe$Fq&fEPLrs>=VkFvABI1`; z^qPQIN|!Q#+H5g@JfC8o*xABWvARs@Q)!u8iJwKXWeq~6+AYeM2vj)TzlnfpNhJTK zg67BH1KT5M~<4dJT6 zxlF${DN>n6Am*nw$VpL-bshXcRlcKO{Mz#20~tazlcsGBaRC5AK)t`>TTE4Kctkx7 zkbV(F`WEv8hdTMM7S8a4O6x}ONyFQ4D9JI*#wh0TRf8JA5KC4(+Gr7K4zmk=^sM>i z$p0}BL^<`0$=GztlX#HGRG@(TfCs%)u?Q=4$Iwo=shC0dqea|5n((}aLM{8TCWISN zRm1K~=i_}~=4DK=SsXS-LmkPaVw%gGq!Ep}>+4C>-SD&ha5b5PMEmH`x~UKIo2x%s zPrmZ%av@#`RC8lp;OWUsbvM?NhhEhR`n5L&H|WGax8tM+q7AW+-xTN@RPP{Mt7vFYO6b~|b`OP?}GHX*n&1=Pm+_~p^M zPnRE_xny}{`t?;UQGR$9qKQ|vLXk&Rf_xRC2jlI$kp88F9Nw)Sh2P?@fVVY^`KAXexWE5cdGTTLx#Yi&Ewu|S2&lJG3+W~0fTipA$V z1z~;=ZM&^H&H+#cdJw5Hdgz=&bfSGtg4edVYO7agSvGm8LSFmJnZq&KMSShjX!1-< zz!kD<3Z=E+j9Obtu;UaO9eB6i^g<1(YV}$dgPO$Q8*q8O>ZM>!BaFK`j|Z*j!a585 zm{C#yY(~~O$!5gFkbl)^i;!Cgfp9Dq+$&0n4(I0$V#?TBAYo7!Lxci#07a+9^l7O$ zL24jF_I2LGbi9)VVz`^5oC5;DSthAhB1l~i&BdxC+?*OO1-zZWT=N65|1Bfsi>Q$C zj!)@eK!>6ESmpImY^cQDFzTb*F`St%qEo!b_fp)5;wrel*U%Z`np+ZXD8h*KNFTaN z70cW>XpCYo@J0h^Hq}{bwZ_?@sowAX(a_DR1tE}JH_9A3VG`k%^HFRnCOnw(IzDi6 zZ`uZ$Hk5x01=$~eSCCZ|WZzp2KO3LYOus?!5z&{aN>`sP{)my-1CDIAGnUh(n*|_Q zsEMZXiUg~~!f@g-IU~kiJl7~1^@Vmni`)acbqQDitg{%7k_cbZSuyF*R=_^k{G54_c^@duZ{8b zUFBDi`d12y6PDIKQ(zpEta=sFd}_#?RU+mnY5cha)qHXhqDw^--z$o<^fXHcCI_2@ zv*BB87AuTdOD6(B-L#>SbrqRTva9pHNL*)<(^YIxEBZa>e^I-8&e3le-1}^rALq(o zll*l#e+#*0)p+Y%eVlwg3{R>?Jchyj{a7|+Ej=m6hj zbM-a7c~b@WZ9)=gz?kQ`n7kfuQymJ}@x2M!5;vnJ9er&P-+VLhG!9;F+@*J#fFW#| z!|Zt0fU0auxyYA_09x0bWH3o^&3z|5L-6>>G_bl&WnjBB)DPVUExiP~#d{gUc2{sO zst+9cs+jGJugfi9&Z{)lR`y1W9=U{faBKepe8XE2ww8XX#_Q!Zd`>}Y=3@k})JRFxSo62v&u|uoBl?(D+$%VMyM~gt zohYEX^381cSJSip z2OOo2J1Mg<-w|??b;ocj<%HYywYCCg1tlPs^brI$)>9zU-HAq+ z{{{HEBHo4dALCK{8u{JE?Y&4t~h}J((({Nqt-f^8PgSvu{ULd4HIJ9|;A#k78kP0|y zf-Rad2G{6b6nB%>B9txW^sg+S*URUfPG@xy-Prvt7v#%4?~C4U6~zX88?n)%OT z*io5}a!iE;tYGg_FS4r@H3v(MNtSVE;Dn?r^Pd$JXYNY;)NIj zmqez6VLYmw-JZ_c#=$XaMZY`I4{ym*E5$r4gA7iEV>| zz4)Gb;g;!cJb3uXedGgyifa!kDTH6OyWVZDudjC(*U!gvnTl}SS6_ei=J)fR7kiuN6;wE6>)^_1s=x1-fq7B12PS_TpU`!0Gbxc!Az>b634 zwVm=a?T}U7&@CBkU3a%s`<6o^;ZcFH46BL^{#M$F#j1^M&$>B)g&$tcg>VpT^iWaL zhIB0*k;X5Gl3S++i~&*2AK)lm{yjyL)#Z}6XZd8mSZRAF(SW3U)c8$kf5(eJj06BX zrNp}+el-Vaen|VP@<4F6S9fb&AO+0Q=}9(otstgn>VD8ltWC-U-r@;6?ZD86h1ws^ zVRv>8FtjY;1Ot>uUcf=Fs;yy)S3LNN{k3zDp>qqj#l1#TnJNf&I2WlS#aqygws>;T zC1|T-FeS}v@T4_o^KbFah)&p`s{|}ACOI;k3y>%ZP6y8k4-p$1-+nP7?~#_sQ~Am1 zOr?*Dj)_a@Xtza}92!y7#Mc}N1wm6uMI)mmPqQc$8xbBW8$lT-om|7vww!%~1I4K~ zjwXrZ2<3v0(c28~?lEmn^fW8`)0{)wEdG3qqNjL~{(6#mL2BCgS!?T$ z^>yjTF6-e6at+2j14MCd!PggKI@hD-XBL$gxU?n58ymtVu{m-!g;31P{%j9!Tr8|SCM zvOoeR$BJ2j_Dkan8Qao=`tZw&m}zn6g+V#qKKmZt7;WH3Tb;}5Ntt^X1~rFyrj!~u z6)t9UP?}FHo=J*O0BeKM%)wpdAcz&Rz9<%+omslf2Y427DzGgFt^hCU9kyU6VB>gx z$XIwQ#GNCbs1!UHn?rGSF($}6S%#dVfc80S1y_G#DsM_gZXH(z~-z8>z~3(2m`?H zwHyFne$jMdBIqt`+B~35Gh?%!m)J%12w`}QuKfmvU{kXu8|kkf63)V2;Co{!e`#P$ zkB7C$+q_0$zZ7OoFTQ?Q?S!CecjC*hu@l72NR7WLFQfPpU)J`-=5M+utHQ47(U)IW zdPI1ya3B>=3)%7cjHHIu+)Th%jy)Ps2HW%>_H~0se74HLNP*_+o|p zUZhWS7{j*sr&lOdM`I6yYYD?7SY!%Az(g2Z#UO@@t`Lh-!{jd>`o^&Am9hwC*$jEp zXR|5;s!V4A;{cWMzCM<@?~CNVS=AngNzt?I*;FNd<(RtZGo6sK#o5;JZZB5#+Mj}X&#qK_LIK2r;^GuhjfqSj~BGg{& z1X&0e6{?SJtA?-+-70Ouz-rS& zEoeMIPWM+Bcgs}AN6udRvLRFzY2h>yzAi1QSEk|T4hArl*w$*qkdo-qM<@mKMNI3p z?Z{JR*QQ8N;xV3L#fF!Rd;_X3C*w~I&^ysI#rxo6U-4mEiIeqsF`tx#4J@4+nUF5j_)!kuW8Ajxqr)eus!L2UYDIC>WrCDv37wu#Nj-=9si|ET&evl?PoK8! z)6((zfVSSPEvWl3I)eXXp3@N;j?;5e&%tP9xHc%fY3dxfVjD)w1wtv(k1ohJ8+&|2 zioJe>%bYEj;N*vtv;z%yqUZ$;0d#`YegjGe2{Zkom@`}$w_)DTXBgTU?V4x|Bm@ks zfNV-Z{>PP}tLb{I`!1_uw;01P%w&+}9B~GzxNSyRTYoX7$V6*)3TRKJ1$1eoXTjSn zi}o(9-2}OeJeVS38L!sjlhS}}dYs$3{ml%0!E=fWE%F=&b zIgAS^Gh0`UF>oyh{cHJ|E7yDp4dImaT@zMwNxyL?ui=`0aQK(`gjJQh79CqsS!?bR(8Wo@UXGy|mzbdig~(HyQ7KLe2nwEf3~=_f;#3|*-4^&n3Mob4wc3}kLHrP=Bp>o_*~D*F;8XhPqC<^#M!=unh%O3P$3 zVwTU55_sz|&VUMzX*NfGa5N|N?M6!*uJrY0*|%2dbf?-`r5xh3CY`^?dI4|frf6A6 z0#SMWt{T0XvGV(IGhXj*JODjBp#4 zRLR%}BZsoNNFd5U$!R{OSsRuj9!Du&0iPYYeR$&XUf2^9>Y=@AnYX>Fi}A+g>oN&8 zaHV5t3GdAhUu<$i&-r$TE5sRdQ1-g(p3?-FE#NQQ_2fcKjj|Z<*T(0n5q8mxSt4r$ z?`4Ra4*h^s01S9F1!z|9D;xD78>(_n*l1OEtzu``kl3RJW-l#yTyWory@A6p+DSAj z2I+8{kCgcJO(2-78VAc7kpxFUrPk+DXm+4+K3q5=MxemLW_x4*vFmJZ0?9U{lWmPP zRX84PRIZ>T%o;tcU~PXSF6>M}kwZZKE&N?x@0zI5{@%dwNfJ^b8 zBid=!*WHcALxP8DAu6AS%Yl!~Cj{ytWS6q{s`OPcpS~#%;KgBHADTJ;6w@QzV9KZ3 z-OJ5qspmcKHzbqLGt9$)gEhTS>7~#}Nf}zAOr|8cX?6@-I!N1gs2L7Rz@cgKie?*H zfZZzs<{-d-FiUQh9?j9SObiCg{xqF%TpZDmGw6OXoR7vzI3yK3;hm!m1_Q2Lb^q}` z#zQhjJt8+9s5qZOm81D|m`)mDw12aBUw6c6%1SkbTK6Fu&63`{A_uPM!OJFCHEmj6 z(FPnrk_eG9b7^&%5NQ&z>f~7jmF@-!@R?TMyc|{Lg|{Tl zE5GQaV7=+nhB~?F6H@hLQ};yWV!}s4ByrKj8=w)JQxJQkFo^Dz&=p<&^i{}onOa8| zN((|$ZdFxCV4KAm^iSJmai_@>c!#@F2J#c$pk+ox4mb@_4vgZA@?oq8bcm$U7+3V_ zuotmBf3RNFMq3wASTM=Qm6k0atlDHyEoDJmi|6)s$PPyL@Bo3L^H9$o^dIxt>FeWT z;OQ9QI_&)Q_b{=6hPt#m9s;n6OHh-G%b-gBlEY!-vBVgTO z&yi;r;HM60s<<6;Qi~@mi@>zd@$jxBQ^mdLW?S^S0axmP*jN_xDd{~LDM-sn)K3PM zICWkxO`Z>W*b&S_c8-#y6~uy5gq{y7TfeH~2nmdVD;eH_p3Kl=Kpm>4mWPlWWe4-A z(qdDD7I^bBDq~qPcQljfMU(4?bWSGqA?!g&E zg{SC@LpEM9Lkeh1H6qoUa;=V%^h5f2$oLN%XsGnP*b}Ih%_{eK!Os8pe_;i@ugdHL z)^TNspJx4n4S;Zv2iej5fxi??q%cg zV?0`9#8h5f@^H3M9K2#@`WKfH3%AD$wueuz5-3Z}^ISr_uAO;vtMj zfG?L`fbQYh;O8{s_8#XBsjm+LI;k$o<#A16rsb; za3Fv9FO-$PP#jKsmsj>FdTUD=0fteCfFv_OVQ~EO*|4-VJ_qWVuVp;;INhqCkyt0Rnz; zY|38YRto%;4XUZ4XBDCDohs1`#I}OoGhii4>L~eEzm=2!H+(aBo|oD3h8V25@1{GU?(i(49o~Ug#xsNYmu#DCwgUuiW6IEQhlo-nT{c0MOIy16_ux8QR30;`R`E z&F$=LK6$daySw@H>E^R%rcw8Kg_944be*Y`E~K(uYeWai9giBvC+dNekT7P#p9Qa~ z6t65WSmEWIjksU%jCElVZPbWN%s2@b@lMVHHwaLlwghx*A#mmi{bG)>?RTcr^g^)& zSX*c$<=Sm8Vgmvs!~|r~?Bn`lek9dOI+l~kkUC#t@F?fjR00T4AM`&!crJ2ICMLu( zBtEICFw2HRXpT}(klZI#6=Py~QKMG5C03ai5O#``QJo51BijfNA=Gu4x1z8ui-QP} znS-b-6yyR@o>DMJiikG3P=|Rxu-jx>4CZ|#<5>5bl}-y5uQS^9Yqz-(rAJYJ5M{?r za{-(3!W~qjc8T`^*<&QZ5qYnoFL6vesB(mnDlZZnP_w(Ljn z#>CWQP`d@`=JYjtbG_TF2*1O0bTmjK*t}83ouQ&D+OUPiS_+wE;Wp<{uDiaBbk1U; zo``?7XMw3#=X2D^+nuPKi_wR7=IAmFTy!!S(>BUCQ#<29e1Mbb@ZPx9!lRK~f1$HL zAQ7*M^n_Y$CO{y}l6qrXG1QV?QN9)Ca0Zrqb4+8@GsVst)YCl-``{Kx2M*1Glw?=Q zr=&I8pI-2`;>c97MrX~Uso|#07)0|{)YK8BR4}O~u&Jizvc2OWvbu4+r-qGXU`1Tg zUgGTDt94+>lhAzyfKgr&x{cf(#jxU4rEbpM-ij?RVoV(I`)T$*FXp9_!gcw6Fs?AG zyrgwK&HCs#rM&Bor-j(FP*fsjt%?=rXv{DX1T27wf=Ij){nbiC!!&B5{X;ryir%+c zzeA3I>ORbI%OZn=upv&Ffgp&7{~%qcrd65>$s}f|X#0((-wa3guUy&Pq9UWa*==00 zu!=e^da}{D0(75b{gfTS@>0i|O4W&5Iw)RBiDh$Y>`WCmR?Q%B`TKg~%80epfLNIi zvJwLgC!`tPy>z-w`<7IDTBsC9Sdhd@5X8@>xI?L(i!2)lzKRhBs*dSRE=cdcU%a8g z%%)YAhjB=2?(XR3E_5e`Edo27Rc?K1y^&=}MYBpa0ri<-5fmTQ>YGWF3g;r@cd&6e_rZw&QqIT}SW{I4d#^}4ybuvmf3OM<-!ag*p@f+6*?vY$?}H*oa$@FpFfh@-34$lmz} zU`R!nfE53&+>HL-w&XDiY%y)TgNF_K3I{KjI?&h{Jo;CA0P-i;f{ z6#uPxJ)_sNhT9i$ZqxE3NZYTEW7H54)yr%MOHhUTn3vpB*O4K>c7K`Y{WHy0Q3sXL zaouu(k7Qdac^!|^vkZ^1oD5_j%XnA-Ny}MVj6dP4ZMZq5a~>)M#>Ydn{ee!Mz?%)zVW9$;Bdd|0JWc7w7JPk-F_Ru|0|T?!(EC)MCqowVN41e9#b_Su zf0U9g3h6X2i?OnarQ&NAZfo?&Qnb^3m{-va9N2gQfVvw|w6n9l@gRD#wY{?g-ye53 z7Tk>;95kPxT40-u**Dlsac4(A+IYZ^sL&QYg11(w$Eu>QRlw1b;j~5OGQ;TkXa*d~ zVLVNaHlwsd_JuLY%}4r&BdL_+t>V_xMLQIMro^2(*1#M96U%2)c@ysnhQe{ex_~;A z3Ds3lv{74%l14>%^~LC@7~0{k-6J`%<8YKYQxyw!$_a1-EszWYV4@e;Gzc|eC_{4K zndy64k4_-(;7v%`!7p*+g~ZWMrzdl=4YT*zaC@VrNkTRmjA~U={i@(Bo0>1=(4BRq!No9Md9+0bHv!RV+h@1_ zoMK||tApG+xZ#%YbHa{Vj&Y|hyw=@33>bLEYFfn-69n35Ric652W_vb~MJl-HYj8ltgG zMZzGC8V7gFL%gTCVk*klXqqio6$`}ZEG;p^7R8f-Q}fi8sEs?7=f5r{smOdez!E#lo8tx+K=W?| z%l9}@v`^wU1@J14xe)~mC1kX$zq(2)o{EWfRV39uh|jk6O72iFRW|g8Wbh8(f?@OO zO0G}WN}K^eL}qLn(+J>QF&Y`p#~7oFgj0qLQY#(}@UJ#BG*@6rB_lli?zS6??*nd7cUA&BP(nXmh}7HS5})9Ud0ln*Dn_W!;v071dJ?bM)7H zr_Awhu^V1o8NTJ~|RvDhT=xAt}CTk}xS>dJ+iG}kgcxZ*as%mP}Yq}Ja zlb1=nDc)T`n=>?zDQX}r_s9Bwz+Gx(_bJ~e>KYzZeuhKYf{6N#%>{ATh_()x>aur4 zt;ncuruhj*7TSk4o)=R|ZKxdcS>si|*I1tH3Q&S650HK3zp4x>tkJHdi_`wLvqJR( zmYvv4h%vvodvP4hKkdKV<9N~0EIlz{45#TiJ)p)o9t9~)3|#cWh)Rs~fQkmu(39#m zY^W6-fkdDJT&kXFV@bcL0UaBFv zGRGz|YAD6$SZR3@)@~a+V`JQqMoQ1^x!7IVNOFjH<69?w9OtMxQ^>0@F}Q8wX09OH zR%5jt*VZgFH>Sm?5_bpa@wPyDI;7WEeI}c>y-RNbo4%CJT>uTXT-fN@X8M?52u%(R zgjz?N+#HOQXp1Oex$~3{tq2}x4`5g*`%D|G*oG|h=9!{pY(w2`qP8;HI(i&|1UQJc z^2bP|t^4`oXzM;a9peTvWXjpG!N_5qV!6bPqejxmD?!{aVE`N^`@^Cn%@nFmaXsy) zCuIzEy>kIdGZ733Ewr$x-6oo~Byc@vthW{0 zm0{6;N#Y>%LvAB$Y(7eg2|U}3OfcyfiJ>Pl+on~zV7WBq1S zyT{GPgTffPHA|h1l&XvJerG&zZ!uxZ8Jm#;*$;(5G+5+}S>rYtG*xd130E(q981G> z_DVBeN!%%NX~_nw-Ex!5N=89B#PpXLH*buz3exK% zTQEO3_zGWfL-4Zez3uXAXdPZ|JgD3pP)CZDI6Coj_u5jTqA(2Tx1MjB_r?vH4D?&d z3CFJnE)xL6lSONEhl4eaa|$rt7Zc2qogRx)<*;>fM-U$n0yy1b`$2k*Odma1-qPZT z=qf;d*=2PRRsI<)he(%)Uw-LlyrJ;oeJe}vt@&k_w+fj$+=8m(wV;bMh(4mn9DL8- zKs0Y7xt~t(D*NEDeXsLBYk&VXZv7)_sNBaJ(c)1?{&&zt7N{Ed6Dx9|4OUrn4w3NKgE#n7tSy+J{X=(Jlf$QOS9Eij|Ey#k5{YDvD7#sZl*%t*GY(#))&(_}K8F^+_?E7U!k9 zgF{U+pJJvs@{_1}aM*Mpie{8HO;_|MJR3ME4;vWkru{f-tW)~xFTVWh>qekx+WyrP zO^^Bj`s6hK`D{2E7n5J6;*9TRqB*7@?u)hRmz6 z*wqXyEJ)f(wSgI){D~z+u}Ye;d-<+?g$f1ua(LAWfjiAU)Pvl;Y`*)@yozF||6!vG zNA&a49Cv26C29VlX$cE0JL3-4SpRV6&XrDCiwbM&*lGU_mQL?~JWzVM_teBQXQ9bvG*LH))*bi63zI@g zwv;QgaOi%^vb&-+g&WuerSF8l!6vlURmxBIeo%#u)>nFh8D15Mg)M$V*e+{z<4&|X z$ndlgTkRE^ZqBiR#TX4cv)y7CkL%6_>_jgP{Bob;`0ukaXqx>p&!?7qAEhc4KOu45 zmC$(3DS?z-Udt4eKbz*q7l;`weM-?Y#;8c8XHpFyV|s_BT4+(|-y4RbA842j$CHY4 z2J0YxcL#XuI(B77jhUjP*v6rJjtMz2@x}_oM0Zb8T~$aaxnp&JM6t`#mu%07s;F{f z*b+;H%-Ja3pqQxcUBWSWT;df2&z3FsRN=jSd=DxQ#%+dR zq{fo!)%~65)lO9yvgrwON~=Mz^M6Vga?Y@={jCM*mwvhiH8xk4}Z1i zB|OI?2K)mJ(l`IGp^`f}M~VX(^FuQq&}skwFvYEBIO|UbCzu0=b%m<9dN4sQ^E|x3 zELoh8GpL&xc+rU6K_;u!&^}D|Pcyl={Ufe|Vkhf$DcO8goU1MUN79>9{-yaedYYGb z{Do=O)bw4kxaX{ga+gg}%C3xp_d*&i?nE%a1cPsVhJLS5x=}OLe;0eA!8WY zB)XScfg2XNygGC32(|Sb?K`EAxHCy5hI%RO%1(|3_BKdXU7Z)aucw27I=*tFhzU(9 zR>vpiPW_k-+)aiszWLD&qxGnPrfxGz4)|m={*r+@E!or`B&?p7vRnCJ*Jh7~@=1gz zH7(3={%h8(nV?fLjVOaPlEt{JazIWrq60Yo;)}%UQoMXq3N@>9R-wDxqfA;1Eh z$A%r8JM3Vf*#WH1L55K=rsU&O&PO9CM!|x}OPfUDi(-0KH#Aip+|sc{9bNa!B*G1_ z`z8F?c=QOq;nN53;|qr`FQfZG^W|UhqWaG-UVZoU^-KKv{Pi2M2*!W@^!m-)XRcfJ z=b_30vFaBkof(DszCMm#JIptFiEzJDaNjcACl{=>ehYA+%3lF)H5dbBI$ZK=nlRAsnnD3I?a}j+Oqu6 zU?WlrFg3waClrh-s5&GBn56h%K0%XA?I@&|m+@_v0HQ5zi~ZmK1vHMIW|*B3Pm8Uf z$i!)3m~-naFl;G-Ep{RU0O@_4zAtE6?Op2In;y&I9UI51h8&ZM^YO}K>$*C3@w04WGh}C5e>RIUGK0R^owRkU2 z=>=sAvyA%f@T=T>*!mox$u#3)matF1;l-b`3)~EJH?;c)9@(%@!JA4SaL1mc@Cbty zNjw#6M@Z-oZn0~PUVGEJVT~>7Ss?x*7e<4l;s4oEqudnu&S{Q3Yi%t^Zx}1vB(1SU z%1p*SZopsq{jR$D$<)WP^btL(-AP-AyRG0F{4tn#5VX5YMtB%$J42KIau3SA**QXW2wF*q_M~qVF{UW#2UMay13EBlzg&CF z;OI&7C5YH>H=;h4E-zR%noDNGztVglEiV&NMJVd+0V(fWv_zf%=e_oF0{7pmXA?KBz3FUs;^b5j0d0C^!;Gls!1ZnuIp|gw0048bua0#4ZTWZ0FUYHm*wO{!#h1xHXCPR zCvYG=7?~7MA}_*$o{0tpZ*|7Xu0|n8w zIv_JU${BYWe;2`BvXgt1dnY!z=^A znM{k9juaj_i(1*j=6|1lu;JCD5-P( zy9_L&lJ*dz(5A(uN-fSHwT9gqmn*pt^!j+!L8E4P?qGez?(Kla@df#Oi&@nyJ+WFy z)wRmNvb>iN!Kjs@MC!*hQ&a#A4n&MM3xu^?STansLwfpH(A;|Z;xCVlz8`~LSCJGf z$_%r$kUmhO!G^%v`KRneZ`pZB$HbKV=r}sg(O=(Q%6?@)(OlP_v7~SGfJWs9@_BwT z-fm3MY`)R5y}p$XdM5eqInj&^)V+IGIvIV!Hzk-T%IS>0P)(!nFJ`B9G-NtQpjq!A zVrLMA&%Jw>4LVrEhP?|X!D5t6(V39YglCNB)s?|fhaAKv+iYk?Y+3g*j^f6+>~1n# z0Hy)A5_+|<$>0-326cqM=r8^N$q4FQ5G|CC^ADDFGsj@bR3I2sMs^|-#g#$JfLXS4 z=-N3hId7Lbb-Qf9*#ur3v%8!MzHm&FkotHP#e`+S7tk2L-$J;hB0BBSHBR z3%QUp&Qyj3*#{uD1XNX^Ef=>`ttAtg)>{FcomYSD{bgtGhi6yfB(^+c;puFI4o4NW z-_{_1|JZ%>7KWANifYMdb}`Ae8z<9z(0JU99!Bd?H(KAiUj^cnPA8{OJb4gpz<=GO zTUX&RsmxAsTP&z@uwdYs8BzQ=orJ;({1+4{;CZ9vUhL3T!Ul=d1K4#=+08B`jI42_ z>A`D-DdIHR!$;&Y^}c#;bN331sJ2QMA1E0|1Jt4pV)rqUp0$*Pkt^E}gwre?uy3~p z=!!TvHNy6jR(<=MjLfRSf z>PD_bVti{TtU#_xU{l+sZ&jGnOU<6F)TsA5~TlFHU~UBCaFH&n+c)1ZbCUU(DDMhuNo`w$m{+ruWb7X0sv@zeNiZ zire`T1A)chCEfOo8Z6QcDU+(#U1{A zn{s&o%}!)Ms7AkA%5ekD-Skl*Kem350i+yu9A@R6#_wGk$eWSoNLN*RT7@7eQxhtsJSZ(e-&r~LpA%*Sx3c_sEhF_~vPBfsThvPVgThj7l{ zHje&r6V4S=_gSmis*R%I815L>_pquLX1RiUxEFC`CW1a(za}>{h zHXz@S(;P~`6uIc2eqEJjQ|4$+0Xo!KS0a&_>#w68@!r>J-xNj9$y3+=qf zFf=J1;Y6)dXylwQ_;h2gBC!o5R=O3e7cehQ(50J1No4r?ypIMjV~SHq*P4>PA~Wrn zZkJJ9W;)p?UCPrERG#%&Vh@5^4v?3sj%m{YYDOx9Apy`4TZPgHfYSzM6 z%QJ17kyG(_rrf4S1}F|@IhG(cMvu7#B)=NS7)4gQMd)HTfsFu} z#e zxrf>{oY`dpH>kNZ)vH$7NtTI@c#djeIHPc=JcpLRh1hq)lZ5Uak6Tw!?6Wwxl;z5T z8>Y*Mv;!$Q{o>wZGkPm3sI$#lAg7B#@-DU%W{Y9g9vkjRgdM%9AO(RNw~e{!6lMW1 zUtpjr;)ha3PjgBO>7`CLR;Cr}8w>}P4U`?KsRE$H@T5`&wnAX$aQd2B!mOnUKdG|=kBtpR#gVB!C2`pbKgm*peIAiLn^FZP-gZ4f4~|#?T8m=Ltdg`^2b&Kq z$8Fr1#I6bs7xWX)7HZ2pra5pCZNYZO2aCI9rI@w;RQc`g$j>GS@61L_37}{z8jIjT zK0zC`>LAj-P@=lH!8<(dsoQ3ISK6NdU-tI;hNsM809^%XgDg?pjv+hulj&#+4@JY4 zLkMrj-rjZ=U_gzh2p38)VFx04E;&h`T*P{ItwoB8+Ar67XSwJKu_|c_DYB?WAv6xo z_@S!N%hYodbkSE|o~??xsZs3&cceC7`4X(wRz<~>TS!EI0bGYLUAv!adSbfd3K)FZ zpK2FYgk9}cIMQfkVQNuKtwlZ#$6eTf_$(a78!Zm-g~qJ-`$5ZIjzq!wl|%dDHJ8pE zG}<<|@Oy7mib9mmFhC7mbq43V=W41>NXn`%6c83aGE=vW`JF7zmFEMO??_A`#eA%J zsTYH0O#dqDIe_ev^=!IuyX*Nn$kgL-yK7pvW3M|K%THL-3t|6L*K{@0(2{24T$|ON zS@W5r&&^SnRpkq|n|PYQsSpK&gv5eiH0RntR`(|9YV@mx-~iBrf_Y+Mw~{MSfUFqe z%9d2AU>O+{fvN(I0$7r;DN=uLv`F6hrRo|1LJzvy&`C*dpqv^Q8d&LQ2Ge3PQR$P8 z=NSJInjU6oY@!@CT=RR&SXg4PG#l}^n+Jbyyc@rpzI%805q>oqE&TKD9liN*`0;}s z5~kH^-D|einvG^9ij5O{Vo=QS+(^cxBnXx#OHgSvslld&O0&5Pl}2l=(QGV6MPgkT zRDStfB>7m&RBpA84*slCl0M>fi%)or%}@-oN_TsEadS@QTHn%v4L9c>bs@N?Utmah?Zftw~i<3>ISn0YcVD_L?3Xi@<{ zF;X6?qF-q(R7*>U$F^?91Po!{KMOBgWdjXfwZ3t$9)kK?-IBzjY-?N9RazUR6Ahw3P zmxf+fPSy{(;j#6yWY~uaRSBr4Z`6pEcq8Y}78OW?^AaP4U`EW?fEN*!x&kN&04X_U zTg60K(K?(%49kGC=@WNnj@LQ=K4Sl!@^|h7!X}9+$D?$9e*&L29SF?zTbJ1yn%nnFk=!cEp-w#;+AXhh?`0e@ANTriP=M%m*@|D z)pYiW*qLY_qyF33#W36Dxz=*Q_Ox1iJMs{Y8~AUdRqHA&9f}*|w;4Dksbbhqdr&l6 zpgey-GLX~{4qKSq_@pFH5F$!FKury0M9~U$NkX^AZvR6n<+7Mh`&o~6?tsZqPO-6j z#bAIs^yot?x(pzvQYe48y8*k2`~Iq0yxIhizc(v-ry%>#3OL1o!)>82DZR!#V$Jnt z^v6GPaZD}N{JI&gWn)Q!AgF;hXAg%Z;$uyivxapUxbFIz4{-+}h5*)*#vwd1792^G zP^>X^<35{l3me2V?#ATY2D{^3vNvs&Ew-*l=dq7)@Kx=DgC_jK z#rMI<6kx{CFOHPK@yJjBg`1IGFNB>qc zCqT&mM53&!1FSGw6Jtv09~J9mQCgAGJ!_H2qm}u#dM~@m+*ispQMzi&1~V{rz7`AI zN2>Z!Bj@LU9O>A6ZU7d8A)x|++7riY{!WLX*PH= zEc$2h5&rvj2FErWE50S+5^pg=$azs8kYN zH)j$rO#9knGUXEuCTWfM3L`=RmR;k` z2D(8SJIJ6d8e?0Ofs7aNJ1}8obz37`7n66v#n1;(-O8afdR@q6fF5*Jy5hQ}36ZuT z|5-+Tbi=vCl!EE*vE%=M!@IWOP~FmppQ77>i(-?1QHWuv$rvki;KRdRb zwv_BXlkt^2l9m_Npm7ZcBSoDi0xpt_Y7(qHxa!^*p>Dsk*QM*?HEFP|B)E3!OKWS9 zM)0pi@_jMt#!4mlA-wio#Bn78+h#;8%VjJd+aJrvd9dT=t2t8@m=oa|N~Q;FAQz}4 z%JUxzaeTc4*|9^NdHsGrrGPLFSReySg{|D$ldD?WYMm z7WdAS^4W31o*uYU3$M3azxJm7*)!;GUjTTVJBWb~%z@|eWP(P@WAGvW59%V=ZmGLJ zVh9g#>zBh&0LueFV|5s&N6H`Ag}1K;tCr>OE|%d5fuLPafWI9YHSC?pWA`%jel;$j z>v;vfXXHXcaqIlkALhH}>nX3VRv;ovI0aVG5BP0tqDxIFK9A>ifzUZb9^`CY!l>ZA z--E5w_HY~9gOz?lQG9wzNc?HwXU-ZJ!n3d};DM(kxKu5@b?~}JCs99Z$OU2`7&7!R z2kOZe*I(svO4N!*ny=Muxh_DBF9d3;>YQ}Tua!CY%g^WGjz5}U_*ik*zNs^|I>wXa z!H)~swAiUS7t&nZaVHC;qYy(xw121Uvb{p`>1+YFXnXjUi*mUp0Odcpq*Pf83D&>@jMwCnoQD?FG=rFeyTZu{ZMmy>oqw)50O(~8bUN`&`8|;3G|8Z&i z=6(nI^N8xlJ5o3L_56mA4r#Uwrz+c}adw7L#(SHvlTb@`F!*JVP-N>#3mt)+F zv6KJc7VVUA(tH{znIv)gQc|qYZ9+yjK>P}cJKtzfxf{q%`R$bqXLHwl5n3>@F)vvd z59MD?BbGA_N7TZrC7;MCHU_|FC%plu>+d#iBVOmf_gnAxKA$G+zQt2aYON=I0RH z7~WG%zJR@+68Zf+TzGi2IDHdd|Ju#&{)te4Fq#YdR6e*Duz ziOXuM0}QT?2eAx1cf!KuJO$OU;}+rrZ~sZ5D~ zfpIWmZ8-y|%;6ea8f_b7izMu9V~)uB^~S`|_4?hMXE?15=jIM|Ip0r^%v8c-0u+n0 z_<~eLzf%B_%o@`LKW*KF;Io1pQ^Y2^xZ?cs;>m1rg%sV!0oCZph^4?Dl)Vx~@*Es|y_#N`Q8Q%z5byRpx@YW5$~aT-k;(=c4c| zME(73jDX^rFu_9mP$<^sV-UPMnz~q}K6yRIJi6b0z6Wc39)1ju@6q4hpdZ)vo(`@r z>v}Y9g&F{-zyu0u?%1^;P2<=5v-GDQ6i>Q`!O^n3)A_&d4$fD6^5ApIShhFJs198= zp{4~@CnIGHN5a-7RazhPqkZ%%O1%ZWT1xS*VMK6v{ISs3IjRDF`9=`}k=CwhQ`6v&PyTcue{B^gJ8Y zJRkl;eC7Mp@_83M^C8xH-v^xE(v>H-Bj2uc{&`R9nnwfkd+cp}OsTbI%))t~mnQx3 z^!4rv$#;C*TJNhmX8+x@y8jaV317GVL-A{nbA(PLNNTOv!DhC7Ja$4XlaEQLuRRCs zqnk}0p-1H2Ob<6efcCsC8aS6eRcHIP;MQB=Ubv(9iCX$&>wscThu25HI=$_?{jys} zTdSuT4*oDisj8U){$yf%7^pm@T?ziQDNW}NOs0G;Xif>qH5oDYPM%CS=BY!&j@JQM zV1ouikMD^9485jV1Ad9y7S$yOzj2vM@0-z5-5*yq=gR$SY3sFhSfDLBq1&{oT?anK zbZ|nInnk<0mD2k$kd#|MvFf&AJy3R31ps$lw4owXm|_xurY4Pq z$mG;MVuk4P@RHf=3ym-&wkWtVD}L?(in7hXDkeS8qhXEj_i0yu^2W}E+l%W|nZ~)$ zmb2vg$I`|T@WpESkT-HOx$iiHnNxDv1>d!0wc0#UxMhdoTP1#>(EY2;i)(D19Qsiw z9$0utS*H$(wx}PI&H`AnL*RDyZbf>MK29feX+GuS48Fs)qo9{%Q}$C1Dwegxul%=U zodA!9VH0qI0~9A$O_|r`QY}kz+NWG$vNV-i&I^S4lvoyjW2q|nTlaK(Pj7L){9@X_ z-^KsNscoZFatz6xTA>|bmzd`t3Qr%cyc`*5Z3KM1N%;AYc>jjS%6GH!Jes7T+=`x0 zn|ym8rnx%=#+|4JW=V?_8nm0v0Mb?AY0@I+)esFX`as6}(NerlL;1;=#D5EQ{{q)F zT#-b@ifFMhGxAE0GxRjsNG4g;jpm`H(Iai7gzK}X2Ck4dXmm9SuSofQfAps9>9sN2MyKV#J@+_ND;>V}s;6i~mh!~K{yJQ-+Z*zM z`v)Ea8)5+WvbQQN4~}WD-3!Y{{^5|V*-p1qn1=wwHp`AzH z(y=TK#&*0Q2wxb*{)}eT{06!ilfNMuv)3)z)p&NsH{R=QS`!rQvdgs3PJ0wQ8~62K z+Uwosw7c%B;^ji_JH5LbwT9Mg5j;Ly&98U^+?`ie&n!b0o@1QcqLU)~<(>aL2ls80 zIsiXWFqyU>4t~7ZW^9+g?JjQ1EgV)WYNDCg8zf0u77hPpft9XkI>RY$sl)9a`e%fs z9kA(A>kMtQB`U7ulDimWpNm4s$j%ojQl-_Rt)gninv8aY;dxz?p=N2LQxhO z3e87va_f$Q!SD7NBZ8b<&<6ik`D}N6yB*)n4(~5cG;rDVVQ7%vFSO{P^9w6zv(^Qt z!au>%W^Tct!p1617G}`tQ$HiY)8hJrzub3c8<*i5EvpJhwmcF=;`)#NcSgRx-);Kp zzulmw@C~#%exKhfqG@vYz1V$vt3kZ=vGE2t=4E$R+XDPpCFoxOaIQ0%0=kDpCQa_z z@QMh31LVC~tl+`Yj?U$~yt;i#bYkFMiiLd~w5H0wOp+%~58r8$_2!V}NW|rhxN3~_ zwRR7x*6ZSbUl8GW-<%$`D^)gSMcCF<^=jSRU*+Z5#fxPTASU1J@mDu4FS8l$Yqcyw z!HT628!%}xW)%5wPCn2}k$?hvmCiH}wR;P<3X?ODbN``eJ9be9i_Dg~7f{4-9b!?Q zmQ}Y}{ee^WL-u(t>^K(SFG5`F?!jN4f_*ju{g+1hYzhFi(69xMt%hkm>l%;U`crZg58;tPLC0 z0NKTQ_>Zdp;_1K3BEKs|2b-`#oZPPaUvyz6j4Q}HFuG^Bpl%@ zor-~U>|xpl{;enGj_{fjs_apn@z*}$f3hcx>`b}YLy#JC->X;b60N(9EnWHYGqX!6 zn_z9`qPC2_Z@#!R1boMU6(k%SG9$ZRbG|1`zy#6r;%9(>R z3Tzk(wLJ-Okv@ulM94fPv9vKw%v=2+P!z??c{mvWrOkqj#W1{F!r>Kz-*GqhE59#w z_T2p6&-VVGRo<$*>7WFe%7&h7JA9kotzEkYln6V(6XIu1U{xx#0)FpKvGP)+OiJ(Zf;5B@=4pe=QE<~m{W^|=CFkWw09h;h9vXJ zBo6{4^L%ML4uZ$VaQu5lpp8u;`W#@88!5k*fIj$iG9UtuBWiyog0V7UoH3}Q6QZlc z{eM4q5p&@MT@2zf0SqT&7;_=dF$UUCcxx%;hwaLYiViUk*En=HF)TY&kNFGHt1$Uj zh|RK5*Bz+Eyz(sy+J-o0Menr4cw?S_;T5ETL7)Ks(+D$_mHs>U-yIPE4uFHTxxSOB zv%Ra6v8gk?zMH9?iM`6c@K_?YRLN&0l_2_DnJ zWp90@Eaa$gCq(88x&Z_HpWzlx90cd00|4MD0040OkHR%{a4@lSa{m8__DV_yS&pAwd>koVoYpnzb~K78T0Dw;ctHxSba5MRwrbz))@f`z({#4_E!fl` zV?Y$p2b^3W2ZI6VVK@MR9|Y_Hi2!mhd4>85L#>@^k-Q9{g&?Sn>VR{x1?*%o-|RZFyANlDX9nC z$uOW>@M9bxT1{E#Brv`AKZeOF7j<1kBgk+q^Y-S!Xig_0UG?PBGb*k3(X z=`ib!70WU?X|r{j^C1&Cy5!71D!mM+ozIWP#;A+A)>9`^ZnievM_I4u&DQNMFrCJS z(SW*x)m)v1h=2DnP_rgYmPeUvB1W!yIwnm21rJcSaO^YboNo8MX8QquFU|A|_N^5u) z}t;mq={bgK{HUx3vam<+G!{JgU_USR)fu#oTjKN_L8FgEc)l z6>BYDhH;m5wcgAqYN$*IDKY5)iw>{uMYC?!S5n6PYdX2YHjwyNq1#zop`chc|K zVfu*{vq> z7FT{g3#BwmSuZ(#-&5G25^k*-+~mxLX=XY(o)e%&$pDBir{X~2k+MyIMydPGdFy#bZ&Z8++pu#9>{d6mnO50i(f=3H$&QRiWO}hO4ZcPs|eCCe5bZ zJB#JIMVPB&?y^y1<{JH$Jg4 zi(HS>b?Z1UT{#b9R%12K>{lC+Ds9{GdAzjuH-5Wuxp`(@&)Hu}rxzTv(+o@Q$IfdH= zkm`xxm0ic3)`3$-cy?6DcE@xw)!%*{=W)xC1-!T*-_8GS=jinH;&DF_dzmioh#ioW zVGyEqBewFn$eip}5$G-NQEqurWawx{w|At-NIw%|&H!1(7_1ZH z9PHv~cBvB7FmQOrjeChD*Xn!98RjQ_%Q4MeKHi||809mByKv1=YJ0weWZPCaB`F{H zrEpjLfdpDpt#(b?<0zQN#l_Mi6*rfekrEnfVZW~E>sD%t71p|lwTscfVgy^~ZuD_+ z)N=4Poh`AlN$#iD#mKl*nPa3o=kmOkyu5xHd)K;wj{B>)Aq}N|PT6{BX)*ej1!EM8 z{u!Nmi594wasUZo0^n!u&#~zl69-uk^d)H_Xv>Xxvfc!Hx}N$Zr5EMykT<11pI#9N z*sdvX-zRY-ZdjduYY)HcFd7`$(wOYUm9*`C^0+u4D&?27HRl0*daL7wsd`k15F9gJ_*0;%m z6G9@Y>5qoVL-N)O<2n-o!j+k02wKpV^H>nc#1sqVV_9+7R_29sv0|z0J)t#mbGZR#C{&yS;>`oB^Z{~hXSwBK zcVm}F6A}rUd9kp-waFERnTzsY1xmtZPwr9-)%2Ic4KlK)Y6DIP01K5rawG*7pAikG z#e_~^zz$TL)+t`@E5s^X&BVnGyh7sv3Q7R8(*kYU^PqssdsCwa@f*?^WdwjjCtQh$ zUf^eaP|ospUvJ)OzLvkbPM;;SsYND zfMvJZ{l3Ncz=Gmh44@<`SDy&WKg!x}A6jL%6g@h%rWi$|3m&3HU8*;CVr*DIa? z-FQC%p#MUQE^@#rmMp6~0=Lx5-T<9$0cNjQ^@dsw(SIh4B?g@Lvn|4t4j~wZsrKI? z=+$F$$F(qVBkU&-7JVpYu%-nFu?;fB;$%JIbzj*c4w4#tIz~~l7gh%L3L2UY>m zrs56xcX0ejhcvm~g0FXyaGy=cLNXdC>#hQ@=DGj^A}y<)unL%G37E-7>K?I53dknu zJ7X)XU#r<-OOwX<%U-eggN=3AsJY!Q(dB(u?Nw~UVEulPF85kGuXt@+UG1{6g2}GMq5odN^X?nYvG4t6`-AjRe$svOC^A@7$w8|He~7I z;x2FYG<<^LmIekf+nEcocVKmXY42QoM|uo4(mwhRt(^r2@(eWK`3D@)accg-DDah5Wa(L!W&F#nA+9MC`j0in;{j7PNK8#*J}4_m zKcl1r)X8U|GDD78v-zkp1MY_4G(AA?SJ5DHVoc%n8;T614d8YtX;=MG6`=H0r{(=H zbkLjHQjh7p;vb`Hg=#lWrmH!So9IG=*(oeIdmPYvLv+M*+$eW*$`E&4<86aOUR=cH z{0isVoH8EwJ_WeV(C#0Gk+dG}7_zJUpOpRRypD{08TTR3S)NTNw_3wY-z;SLwAK8KYGs+)y{`3@S zw7PE0PC8g2=3P{6b7 z`!OcYiH`EbXM=)^Y!l!wOqENI#k#UDt1<4-u{-JfYo%5-GKC^jYeP@WcQ{^>3GG*r z4AXGvQ6Xmj2itWbK-$s&F|O%HK4%9!Q)WpM z83nvVr5!hecF!1G^+QsJ!3jifc9W(ljD{!p-ib*8)nZS>ao7n*ez1nY9B=2I|W!S8P5&H|5SAWwcm*@_}>SZ?$4}=Hl3&EZc`Dr>t z&hDUFd+jG7mmX`8&4eFBY+)@wnuUH7^~}t{m7?87m;pAdD-zHxwyb#}AsXaX zuE^2Pk58HhPNx5fg%1okQf>ICjo(cts+Y~L)<`;D<)M$BMac|gPoF?;@nXSzkSl*GERWpQhe|2#$}_>iw+=}F*YN}1uha$vL#m0xYGZ&n;WYF|X^ z-|hbESBExulDBmZmk*Cd_}x&62~5p*nu@45bmBcce%D#UK6XSfi3a$A0BHzdns$W> z0_2JUgpPtF!Jiy`Itv!TB$8(Vt#oL~iCv|=W0aJ4Z72mf;g0a92PgEDPYHf{^8y}$ zmpdo+l-Hzx2Spgg;pOu$%0>5h&hjd`%_U!pj8&?DF~)?nL(%|xXWx5;5)%tN z4K-j%KWINWq-aG&pQ>G@gDQg>edXJVwIVT64EJ1ryaL(Rv=1p|w0{-wkBGBi@t89aXHE>q*u92wRygDo@aJRSSGU-aJODng(t~E{ zG*Is z|35XVQ{x0#h}Id~CMVqWff4`K(3*6j%N4(vmz)?~w3xs5G?$^Vzdqh0MzgQ23@cGU zU~LRwG8H;G1yWbLa?l*a=qX4T0_odVPqP zYY;BpGv80(GW*^9k&Vq524d{jnj(Gp_*ql0MZ1FD3N)UWhK;7lVyV)+qlSmW6rXQP zqC_1YhKanz4^AryDgI39BCZgkQ`FB@KlT?v{DF7hdqC3p(RkTy9Q>lvkC|n*6rHii z{e9$1e1?|GzJKl-SdD*1%%o8DlxGKi}-~c8(&=Sf))c!WS>+9QNjEOK{=rW=UdIdjXgzh65HH6|9Suj9RG`RE#c35f- zLR6!uu4I7$BLpplP-!owUx#Uc4}dTqf0ba!quU#WAP**T@L7%jNJ7_xwOO*-4biO% z9E9?Fg+e+1^(kR`Lb}4xV<_$MvfQBSk`72VuLY+p!o(k$l3@uzp7fOm;bcxvzf}DP zmt*D?4=kko0V)HQlm7eO&q)ti0R0Et3lYT*0N?{n_x?raedQQF3fbLmyECU(x0~7b zJ#F>z8qAdXme8TI8wQ1mbd*H3*5zumT;3Z8XV70VW!3uvXiiB`o)w#Yj2{8I0^AGG;HG(=N&rTwo%7y&?K&nJ# zpwMy(t04`e@rH>6&c*B9qjd+zni$J;JO;2zJYeLcJ*qPYX&XIWjhv@YR#_FIn~ z6xyYxL6Y;Xj>7uNUxq4`qWC2|7JxT<^$zl3^5V;GU zvvy{9bYz%al<$z}#xbdMJ2{TMf286QO;2-FQ>+u_ZpBDMxz@9i&fe*a7cisXu4&U& z484GfL_>dGyUwi_B;FZ_P_^NwU4#8Q_F5iPa0Ap%_MkV`7Y}y&!G4?)%G56v!*3GK zc0MM8rA7{>r@{(KD-OD`yGG0}8XB=Xpi!@oW=$pQT5-Mm^81ial0~ow3P$`@K*Onj z1X!AXPxS3DOyZW^+xDP4`^#D8tu2|tnyhJ$eQ|H*8paw(KvzR}Gz%zIg595XD3=cJ zY~3Cx7D3R30w8`J8@9zOeWT**;CZI$sSyL_1`KAkZj{~Y*k9_S53S9xz_+5c8(BtT?9vpNkr#w48xEJJLYo-D6<2=> zN#OCpv~W+llIqfm=p$I85x#!Dec!C@+?);Brfbop;ar+Y{_SsAaXmHKLm|rSPOHK3cAmBX3K_5t7D>oeoKF2}j*Ja@# zlp1)8A-~%Vg{aD*ae~wx+y0`tKfPsFg5UzulssBX)QD3jKo1AmP(Es-?UcB0-CO6) zCEPFJ(~J$u-NK=P(;Z26i9{qg6rg?(A4Pa7`te8Ul*jN#+HQ_2rnFV*;&OiLi?g~% zIULHd*YV$8XT9=>&9%}?vfo~4XPv*=)I2o(M(T}*NVYp`x5vn-kXou{M7Z&qCHhm6 zvu`AF9+=vUI5M(xmFN8tq2#0seD)lGj63qiDix67g{CHifvM6u$xvraTx}HjM;*3K z*2H5D@-vGTABz zgaDkPbOzZSFsg@_e(yZ)-!lEPGOxN0=*>F>t+|B*5>2h;fg-n6?Vgi_xCa6ig23D~ zCw(g?SkY-N|Nko;!2ezkd5s1LP=pK&!1X^$2RL{-7&La;DV}(wq~;C;0=9k z$!yW_>ZAW|s&^4Lv?MuIN?jZkaitgB>YVbT`zxR7r_yGxa{P^h9?H2A&S`gNEn%`k zZF51%HLNsGnihF%6#7q*N;F=BR4tm-s78Z)B|3U&_yEbVqFpA#DEJH&d-&KWd5z{n zq*o%EdI*h?0Bks6jjA>B+9-UD(k+sDSoOflF}7Xp3T-vg(DCmYaUQW9g7+|AgFX%d z_;Bn2nPXGCD33aiJPuM@6r!WX7Fiy>9lH3CqGNcw@)qe0+G|8iyZRP+T;!*y8V-6I z1}Z0E2#T?hj!Z;%28wbKK~xdRL=ll3gf_);SW}5mKtrNg8_;JD(RonRWp)?b>)M%nN zxzp{$KS}Q>W%Cx9-S)Kgek3Q=6Dmiqp9|*=!0R>EOlvc*qqukLV>{2(ZnGJVGG~6B z7{7M7Z-cdb^>2sxmvYAg)=Ky@S-5CRMrXBT^(bcN4?tVF{6*%~=&TG;U2nUEA?P9K zS*wH42TtdPDOe`H4)k7M>*guHd+to&hX4=69r%gw2Y>0O!`rk%GV z+K}g*JWslMUII3tO|f?#18$HvQX}L&*$0F@Z9smC4}e!j9-ueEM6jGR;sAJHKMfcF zyuF7uK)(tP%)N9**IDo{r+N7H{Qb@2jd$V)w}TK55gzbsPAWY@J7JITH(f{S0q)`A zgH(uHq&lSD@H@MEtNTxgTf{m7ix@8-vE7jH-H_& zTVNlUJM1B;KI&t}zE@zs;&zZbQW$f1wcUEi?dhz+UZY@b0{Qq&zI=mmk3ygQoV0h` zAwMM>fh(|)2ckazfA9==#xJA3e55LXIwKFbyRzZK0Q_|4fLWj)=?3IGIXQoTJM$r@ zzR6?Y0DYjhCL`EARv3PWx4I#yK57gwq@qFNVEYNaXr)l^zuzJsE)!eK5>j zvK|tpW3%hj;K4ud-elt2>r-z?xD6J-my=r zds|2313!32?qPQkM8`U`T~yMc@18pm(0%KpZ|99K{0Qv=$RCBYw{M0Wed@_CzM$9D zaj4$-!|&$@kly(HZ&)Xt9g-gM9|51=#I-N%;oYcS?kd6`Stp?{13B?2`0osM;uFZY zcW-_(y&lOP&wR4e`)m|`B=dm5wKCJ0aqwf#_xiW{oF1{{(-i@6(;cGt=wHUNN%Y8H zNF0BXpM9KCUJCPL?V}FgYHY;MUJA7@kdK?11N=~t%^k8INgTm9xBK2Ncyrp}(?%%54AG>?|19ORA<9p|OpOE-SfAltDpZGU^BdC4vdF3o0 z`xoE6OS*e#M<5^H-fqB!XF$1kffxC&yI_lPdcpU>19j(*48or}3gX-Fqi`ntG{F;`#39C*K@k76g9&Fdnp>e(3jx_ZR1lECSSj z7_!5I^aFLGLZy*|h}cMO!SVcqYpJh;B7n2mqs_ZK0Pvrj-6W6C5FePo-TFHa?XVoM zBkO)}&s*jue3|di@09PBLoRbM;S8+i1xtrcK)2F&mpQ$fe0;y@rz{t^ebU06odT=o z2z1D39v_-k#0AIBTzS+3I@@E<>N$-I@#lh5`p#2SLq0b-BMnuEpPq5Lho{=n8T2g1 zsrnEdt#If1Df&}Bk55ipHGZ{kKt^D%96{Wc@o?8AH=IG+ViwEKQ(1+s_O@3&-%<$It#dSeyuo!)K#gj<{o zZ@DA9Ox_yU__`-5;iW$eC|M5q%KHJ^s}~IKlJf9i^+xW#Qsfp)y&k`w{-VvHWsM)N zlK;jP0^)xN0zV0dfqBl5W1mM(AxHQEJ?E#(%lz=J6Xx7P&ae-?BZ)WvRJq7D_3Rc} zR!q1IH|F|SZqcNPwh&AUI{WuK;hblvNoI(i%cX=GcbY1XHTXz6RrAm~tEy)S&O2^W zq21?o{wJ*?V+WnA7RH|Gxre+gRIk$?CIIW(OjE$pHQ(z-- zC2*a?WYW!bwUR#A_2@K0nF;3YaM>O^5e@)0**Mo$5>G#5SWezs^*08#8A*={QW`Mc zPIMu=GJ#K>JF${Zl=7|8NK!_W2Q}Lyz`UiL%cSdEHgkeaP0dsMmUk8%pO8^7DM50D zmRp#JK(XXaL0?cbCE&NvdS_Woz5hLx)1XTnXht>;7;UNIOjmqo%_6d&%+bzZdnA2q zwS025q)6@5+=!Yct1QS-$)id)yPa-Spn%VCPrVLWo3nliHmYKQ^-*Ff76jZEe~dD- z`pw)i9Hmmxjppb!@55;gDG-zFFc-eH@#@2=If1U#tO<~!@;!q=h+YTm#+fJ%t^wMq zAcxOg*G6jkLo-%H(-D_>!SC|NUV8V=RwUI|K@{G!sV{%}CX;m%6~#?(ivwf`GI~{$ z%OD859H~acxTaDY4Pb!a}HXqE%W4v7k*MvmPha z-k8A#C@h#?ZH#tiAi$Fs{YKq%@dT~Oy#RgoWDNE%)GdfBFcj-Ec$w-P-Rf1o0_ERe zZ!d5aQsJ#|@%C*h&fFL9%-z}JO6`iyxZTh(2Pn;8Hg*+LxEsdX>%;OMz$W_uyc{8V z?2kCgZmALmyNKX3!n9xkF`zVo1v!;|8gKHx+tG++$}GLmPx#g?g!_(nU%% z$0ifh(&7?gCJ{muf`XONd*9dB(4;*W$|Sg4!^{p{uH~Rh0VOeVMj(YY?H1`X?;A~i zWeN?%5m@>xpoU37=2)Q|Cr%_MLoK*?uket{1b3Z;Xu@=3Ut{?uuLdc~{1D|5@p4s) zQ=mf%6&rzPAX<*V7gU0Exef~8up;#SzeW5nlC|6CQhes93_bD_iz**WAvBp~S3L2m z>UnOUCJ*NkR|izBY^m9 z(}2p7v6f2JF3!T1l{X?SGBNkyM92y_sYjjxtyB*J@})}blIaz^2Ux5C%!+)W7a5bTvN{S>V&`9Ap|{e8<-sV=pMoTJoQBQva>OfJA*R}# zM-1|U-Y{{Sre~`ZPNmkmcrexWsCWZHR|+MSnJHkVpq){t>!BQQx#JRDK5IQKHj@Ek zgQS=uB4fq-6)J2j_joIJ7^Q=4N|W|en{k(;+q>*OYdgqR-#yd5gW!zF;wqiRW=#ha z6{`Mv@k(IF>SCvYABm8WWz$ZQ^8iK@9Xza2uHje?8AP_M5Fi^9L5OU%j^*47&!pxc z!{(60DqRY~2p7#vYP2F0|0>?5AcHv<%0jkGsI1Xw;EvSH(RfFTx&c>=f9cN zx6BHow4K>i4S_QTQQI=GdkdvH4aNZFosful=)$EIwjYrnpyNwi>CGk?L9T&hTpmRu zUx%*4Cpsvjx^1(!J|DR-yhoI)@3BQ23exmJuZEHdH4ac$DO79VScdezR9 zLp^$7a1F4T^3E=R^*?jv&qk?DEA4b{8lnh0$xUQ0f#}eux8q(GF6upusq{ECU%8ee z4V9B#s5Vr7OSBA#ctsW;Q))hRa;)8M%D1MsN1wpb`=K*u=S|soDPkzOw(Pssdn#9= z;nG*o;L?{4Sc^T@wt<`+{|K!oiq|-jr2K(bH;LRyKZ$E!1ntnDM$w~Dr}NlmL8F1- zW+~vG>OQve+46Z>5eAo@Gg;I#uhpR?^sKYhUfgNaDP0J#%*3E&afl&`Gmwx4;Y?$L zF`<`K{@7=%lTMLObvpAf18*nRSB`T7;RK) zQQ#mDuR8Qz7rQ@@aSu{WSyijOB89zh1+TRBI-2T`}Z3Do@ z()1{j(w5swGw{d2k9!AdiVf7FUc#LAzStu5xRk(kk0n;iK9hN8O;&QWRq7CdqKvLp zPQ)gCuzg$-56kZ{O-=e;M{_J7&5CrvTiViV4I9H~M~T8*QmLs9!1t7vdh`9BXXHx} zLw1f+PrGG^nbs6%GC!=xz<5m5`4pzB>JRR`nNqFd;>lCj9p38Jn#u%U?Te63?!oDyoe`g> z9P$UJv6}m42xHkS7OQcO?vO~1PednJdGVk8#pDg%J}351m<35|)G-c&bn0MFw(|=0 za`E*Qz~WEC(LbrzAb%wD$_!z43q4?x$>I>9iP zRxOM%lxGSH3!mf_B6PGJxHJfuq5l!jXJj6q#=b??uC+en@{&Jr59z#d;tBbOBY`l^ z6}u{vWpP5^*DZc!9m|r7nZkHgwWaz(4#tx|pttp4JVT`qQ*_sRb$RVJlPA7k{cP(T zo>-CUVbY-O$H+)BLJ;evfr-;pyFVIgU(?FOnl-|?$GNqc&J(FixvnYPgH`?W_hmmw z6$f=C&mH)9Hu5Qxb)Cw~+#+MBWA6$R$|)BJ6p{>Z+6;sT9oUk_t>mPs?UAQe#^1w_9@dp`w$vEteB;#fk zakQ&~Ffs*?Jw{{VjLGZC?XPqje$k2Uu}ZWVAkaaIXDT2q~kk{L7$i8il4#29c|3vV%vg>(qs_u!wV3;~9y2*3=;ebszzxWz5hJ#y=Yr%Ws)a2c1335$?|Q%DRNlJPv76?vR4iI^0{|^y=E!O9 zFz-*ay8xCH;oj#c@a+Q0s(<{deth&WOBkOmJ@2a@u7KiK=}5pXWs#&?Px2y}jLw#5 z-?^zWwjxBpGt<>Wos&4D9}~x{e=Joe;EqW5Rq78OjF>&wf_^w;$-6mNM=nc9)mJj< z;?kh!X6!h9N?&)rJne*nbGM>Yhsr_vPW?G+Yh{TVOJh8AJR+ zLWokg^-mH*M8PQRX3fScXU!55RH^;D-OZZFE7b%`MIf%3F4ToFcQ}>Vi&Y* zVh#?gX=4z*^E9&Wj1rva)m%pYdW51}E=UDO;-)9Q@FfR;LmCD(^oS+GJ&%jTEhXR$*nX2whp z_dEEWG&sx*b&JA%0hztwcs_sCfW3^*74h-2>AIf`0+8yXd3R!|%bGl z@oUaNkLJ|NAq554?BUUCG60NmD_~LgIk?L}yREdJtB4ExhyJF=u{SL6)q(J)1?w>w zfU+~XYNol0QV{RLj})ZkoZAjhk6b}#U`;GQFrp?go32%j?*JRONLoA*qgcz3UIVhP zpkNE{_}cMcU6NTb(CJl2b6kGvb7_oLoY&qsu!xtfCky-xZYw@Q@~BQCbc@(hM6oo; zVWhh4MO4R=Ix(^l_H)%h3dgCR&w_xjt_Q(9RajT>rb6%i%R|v`tSY9Hs$Rd)vSchu z$|>W{=*oL?OkYB+0@;id@L-DT4G`JU=3q23*hEyVU&U7dcWFS3?cDi~OqJ4xt83T< z9%IDSw_wRWoh>OK+(pL@t1q(H#Y{cfIZgRVa{^7v67d?mAiKNSBLNRthgeFya1Vqz zCGWkB*AmKKX05@ z7MT5^7Bxdj(cVEe`-^ZOEvA-KzF)`oY#44BMr1U!1(gr8Zkp6)iDMW}YqeP@U3-@> zU=G1-s>R6aR%%%A`&jIpS{}vD5qIM=4;&;XdCuP?sY@8kAL}5B&zCAy*SD9HFSBUb zQ%=)z#N@SMWJ{!u&R_936`9LJNh({UzT&VSAs)@M%*I(hxdXlUWI11gp@WJmNMH%= zq^hOuFLK+7Q0gSCOzF)R|0c#Sr82irBPi3a!YLx2)L}nEf-zk`nKWk17JboBbb%nm zgTCltDJCP;)zy-fw!f7GFY`4G=?Z#H$Lv=USuv5fy*SMTEyV?biVWGTq1UCQwUBZ) zVC5-%B(2+Iy`?+t*AuQc(Bq8(!g3D6^%xIoo*&daWxtOyeUKg>rpHI=@kx4ox{&yL_so zwtCdAZPbCRcBa*i1GncoF8(y9f@e1eJS*k@Y_-16CEk+RU7y)pd%AI&<1JV6d!@KqB z_m^f6>F#GN#2XPkQ=)B$L6%$cAVzyIBFp&_?Qvl_PCh3k*wpiYf|lgTY_FEYbmv;^o^gXVQGdvLU!<*6i;atZ#3pfkouW)97zshV5oQ9PuMGl_RV$M`g~U zy*aC7R!gH+Zi*(iDeeXTq>7{}VMjw9ND#*iz5oZQ{g*{J7+b(WBjBL9fP>_?;L8OG zgjm>tqiuFSaWu0)CZL>}cj!)9g*jtC)g9U@ zw3_GjnHH{c&+FcbN@O$VsI3;cJku_ZrqI?vGjnJf*%g_bdKcY`sV}q^wWNqTWd;U@ z-zAHp+ih-g?9Xbg%`Be5u8xqk;X-7weMgpZD<$z*fUc!%P*3jAeIpXGp|@W^ItCh~ zLl}^Vm~v4=LLeI~A#I`^VN!H}0V!`yHo7@RI|hfx#-PM=u}B56C=a_-4;y1fb1%o- zY6ZiY`_-sy$8Sfg-n=ftHgl2c7hg0tN*WpT`nrGyo17zoWa;_VD~!A=i`ne;5h6A& zPDGf0flP(#OyY-HUkZI4+vwzjpe$JR#>vLEzqptbkqPvir^gOutS`=v9-kdVL`{!$ z&esFR*k4&lf!6`-s*b%;X*zMEdi1?AHBtO}pN1&_Bm6 zknBVt*>BLB^xnOJGYc9JI#9%9VobTUB2F#D>Fn6jBaW>uy4a9O(X}FWYjx9=j7+EO z%q*oVMtJX{Yeoo{(N!aa%jvoi!WDGo2w}HeX}>`(&-BO@nN_kov$}LSpf!Nj0$N9x zl8~#1E+!#dMVFHhuBHo02-njkC4?7=`{=3?XuFuMD53D=E5!YD z%?UZS&{ZeI4A6Bago7eWSDuhEMAx1Wvz4wsA>2mSpAc@RD^O?YiqSnHgK#I$;>T^; zoUv|6__p;CK3G$=VOS}4~i>3Swib)1E^AWu_9KhwS2jtvB~+`IkQYVi`=|hTDjY)nP zllP%1SBo6^5-njblqaa5TCDV^d-*_cy5*|MjJ8l6d?ohMLDQ}D*uEot-MPK*SW_3F z?Nmk;X-*4TuX5~YPN&v$67Yse3tCS(j@nfj$+4jIl;=jP;K&6vaPyx*s|F!))4R=` z+aobd5f+d;B5^b*5CxQKS$VW!rz9D*I(n7WLFW_b6a%adSD(kEe@>rGz`{*rW3>cZ zB1hA4dzNPUq#6z6pee~y*{rv!VUj1e4Vhf9Qr|<_+uZULb)pw1e}{D3*m) z@RAsDz}Gyre;bb}J=oM^zgLR3MS7w&4fzD*l1+_E1&tfkl`UhR6#i0zH-YGBNx;(DA-R?@a2Q}06>ig7D77`W8;a{$1&+N#JY^SOXvsLzY zsNYvMNd@Bz?OsgwLY_|Y1AyTA`0EZxA{7OoWo-f7JDrVF0YTM`zPa5ZT2pN35uhI0tpT@M^Y^k zgA{eg`-l>f#E9)u;}#sG2&z63tUktR!@H9nuCF}*-q=$MkT++7fH9#%ksW}p<%HGv8G-K5A1!sS*+i~8@F-RzX)sk^?o|iZssjt&E8EeimNdr zxL_PDC_&nPzO81Q(_cXceK3>I)kvLK*)gBuPbKWR5A2*x)M9wwHk)*p)DraJ zgJZpjZ^N&BwgdXVz1D&M`Bv9TE!$Qizf}6@ANU>Z_ckI1P+cj?Rb* zR$JbZG8D6I)2UO((79%r1A%`*r_F3l9ywJw|$qc4WJu z$?(&A^h*~GmazC!y9+0^sbp{{M(4)*o5f6PGijYbsWvd6_&*!*TdZrMpq}f(K0)Qb z3HMh~_pic1vB<6&xSY*?4w&p3Vis69oV=h?U2Ae)b>hFisk>->?b+;Txm?I*KOa`u zJUOWJXVlE|h8L$J%@?efGGwz~T(n-5zWC02PgpP6V?uu*R(F!|#L}TJQh6siz0{Gy zZ1zhb0nL3}&$GCX?(#Yjq$E}=jY`|o>I_IY+ZiKXJGE#^PCMzi*EV4}M;FnM zT8!L|Y*6safxlM6jGi)PRyR@{WNS$-9|WZHKo4qTI{R?jAJT$jiL_fX((=sN&Y&2k z;I3KyA@+(koi>Y3!fII6n-Lx_`(`lz@~Ocs3n^!<;j}nH2>D&!$eRy^yjc<{`i;nV zUAq|m-xhD;0dMN(Dr-J>#*9|{u~+D=8S|Y6#$2(GaMsN&_+oc2#+6jP+_xi4S+fZ4 z#l^eR7w>ufoZ^H&bLZ`WOQcZnZ%F#9S`t08zwSf}uQ8iDhE5N#ca2Vm`G zr-z^!e-sXdR-+(J=zkiv#+X^r(3(Z%ezA7ky=Xg>pgh}_c&WP3wQNvQrTr|@q?HX# zx`4ng)~K-ybply#H$-~TG zDeF(y9dmUm>Hb093C=F!Ew~4mrwz)A#n)(~4mQ4Sz#FuMa(PM}GgXHccw;-qM;z&p zxwQ zt#s@P|LAy37*n(u&;@3{T6_$a=!tGu7f4yH(eXk+hDwEzZ#cq@laE3qrtt2Uf`w$i zK)u5@)oKZZNeZvmYDqr6NHJ}-HcVx_3v7KXaK_W$?Q9ULPgDfGLVat3uY6=`EYF7^ z*j?^lFSvgHnS$lGv+4RNsw3*qi(`(K-3b%v;kC^DXK4LBYdW%MmE3$zb=3Ydm2#y& zJLmKk=X4`g8~Hvx_o}*fqW0XZoI3qc_It5$uIVq8U0<=b5>5yc zGBj1=FDsSg^628vmhgvO)F#|w0>qqnS^^X>Z9yJi=vCGQOkbqS8QHU8bVDhpX@uO{ zhe8(=(m|6c*li+X>KT;f#gW(M4|sMV%nYg?9;f>`bofXHXV<3GE$zA{=-cGF?>mrWId_- zn-W@YTuJxY4f9EN_@wQF!sgCTlh2AHdwVyyhSEs2P~y z`0kIDHyUO*HLEoUdH8K0KHHQ(DNDpG{)~t^@MQav9#Nb*^-U4~qGa^!q(T5CsO!kQirG_sG2jPqHwB>DBmObVxGQ{gmLQY=W*$>ehzXxg`U3Pb~63__I6++ zNE@a3nQX2u9E|?X8nxRe%-6+Ddw{J=Oq8oOeLDsEs?Oj#iiYT?g)1mZof_u%FWvbE zoMI58a9G^gVp!Ne!(*orxB^y?)4xgd$D7Vskx3aIyuV#jE~0t9iFnRn7bPF6hhe!( z8I~{;McEe^QmdVi&Xs7tU_fMu&(H=;*WV& zP)OCBJLK$KLe(9kt4ZBZ(3NZ zsu#cDwLCIF_%nS~p3+8BS^Ft#(W=l9rBK9M zTC`6~cZM!I=`1rXvbdlVfIK%86JVoTO4HK{!)|vB{}| za3;l+Q|OCGt2&^gHm8-`s@4W_+r~aPd7@c#H$!x%LIY!IiuM{B#aH23+&8&i3l0qn z{Q={8E!YR3aJ@|!W$X5Xx~&e!?h5#eJH zF?EX~NC}QXl;R@T9!jdq<Dy?58J*zE=e)>lvB}EcCVf>X;=Jj+V5^lgHBgiEJAyZi_&kO_so9gRy49^e ztUss+8%Pgx8d=q|25&3TNtpJUalk(u0NZ-NKMp`n*Z8mon>#_SRyP5aKkO#?tOdtp z+fEGEP%&TMH?9UlvUEV9oxTh-+0I`HQbN?yoxZZpIzGYB`4FvjwTJkNHtG~VuRnB8 zx9~`o`5bqw>vvCJM-qvoA-Xdo3QzgDwjz!!F5`y zrdBYTro3RK#bsWO$rg+iK)!BJ83!@?*CBX@2O)2;r=W)owWPkMt#*;mkLq)HP)JvN zU-woW8_{dnT*<}&<%mPRT8e_b;JZ>iG!z4S!oBs}u0@jFfQMfscsKBt@=1a9WGx0~ zlb;Lql!mdkf^%2t_4PRFwFzpT-0h;1jtPsD)>2$ci3DT8I2~(5@h_fJ4u4a1y(cgh zI7NP6>ODhEQDl3U+6CLzh4t2U-K2Uv8u6(f`vua$enhFcEBw8%;dmZEn$P<4p-(70 z-m0Ec5IMd6_q@K>t(sa(Ciz|MBbIsGy<8xoy^8SjGW^QS4uZxo2r7wY{n-6Z?N(|i zu;dS2Wv#W&M378dXM}^49j0zaT#q+}bC2{zShSD#&X1H!AE`s>P|;2pJz46cSJHLG zt^a;pzS&SJhNIy=i1Xqf;mJ4g#}RKS{zoANMWOWrISkN>bFe?#fgwOHH-DsDfu{H; zZe6wuUi-eU8iNv*(x#EF1sA}rN<=`I=coW^kT?NyLABB~1^!eyBZErOa6QX9j_3f} z`rQZ)1*-|X!->{34z`ZxvZ4&(h^F{EYNI1xu(`%X5rSL1O1T-vF0M4R>Y8H>hDe`&=*Fl-dnQU! zOovFx@*`_Y)%w#^`dxEfs~Oy0W=o6dWgEA29I)6ON*B=z>MT^(<`=|_fD+>ta@56n zhKDJd7Z(UVpZr^3YPi7Rw@mOx_~}sj2lFQ z@4PaUzL|j%WX98%vNFi#SPm{{up-1|eEtYs_QRyd~qsmgZf-p zF0Ug#!u_P~eg^rPo1%%2rw5LX;wld|Y&gLR#Z&4Scs@2z50`_| zHWONrCnaiPY_I4wp+>j!FLWnva=MTHg&Tf>>P`3Ghl!h0J?GjXT@m`vO(OKEfWX5V z@kA(3pw0B(lid5sFwY-`dDxqHZ9-`hv?t;8A5~wx7A{itsOyLBeALX;YeoXZrBCcOK zH>%}J!tH%R&f2U~aP%X$O7`lA?Wd;VEn^VAHPjWCw8Y~P&n>R5$c4L_k{1yRdH7q5 zZsXV#<%WU97+j6jxD(w(%Miqwa4>9%^P!vy<>c@Ta5>YnC-V6e&iTCAu5}bk{F8_` z4-7HE&@=z03Ma;hj&oOz#TIbu#C%OQ1uG&dLQ>Yod4*tBqcC4EoCwD(k)}pI_SR!H z7>)ZPb+e}1$62(l!Ji3#QD)TRFu66B;@0yur5-2Sx@P?vZsC`>U4nVXEW$0b7@Qk5 zm{%~f7H9GK=u`MUg!AL^8{dNlnW!fnqn4yVnV;4Ywb+tjeE?4-x6N9tmUs}FYW4f{ zKC=dSxvS5k`O2sq;e*EiiSojr|IF$9>M+j-{kr5DbR zq!Id@h)%dt%eVoZ`^}+27iEdS!=dpa+^N!idqYXISddyK%0By1HyYK@c2tuBp>vgx zT%j3~zY1@CM?xlZC<$~;7=?5)3#s?k2Lt^Q3mGyiR$*VspVAVONFyH7TMG*z0jnMMAGKwJR zjW|c9f*NnAm1XPmWL@&^Z9D)ObJ+4w6p&#MHZkrh2NKP&=%Pwak}mUDsGuSXd7T3#(GomrSd-rmD~|@b6+| zwRbh)!^`zPlQh%)(j7fU6*+|bZmTFmlNP!UudO_-x#L|o$+NCjI}*P$bhM|kye`T@ zlMFJ`E-Iu{D2jxA~=Yf_1F*-H5D~N6Zlf;2;{5Y)is9aujl}!ThUb)lvSdrFj~%Nbo2e zhPXEd9}txU_ZQ}i1G$h)mMf)dlfB2y`u$A&+$5UKKVxI*(b3W2v9aN!@GpI6Y;5#o zAh+0}$ambuN@!iTFs+8UnMX%y?#q9=&wr$}X;zQ0Vk{dTcD%F5sdse{H`% zJv(~R=e_9r9xeL+>P=$G!8)x19uw@%-?-@VwSd zCy957T*d1NcwYkF2fsf;c{1HR#rYAw7tRv?T$Bu++tt6_=^4mj0_G>~y)3?+0@V&> zY@%@1Z`eIuF3eY|Hpn{}zk*!>RVISmUK50B9AeQ9)zm%JX<`oN&lDR|6>LawGglYt zo-40i6$BwD!UdgxAkCB9Z*G$1ir*k*uPhg6y1)UxiGbk$fNiP?rDa$D?VXHJ0Y`2E zadFXEyz2tW#Ru=guM0RAPl8!zl@Mkcm;0f4-t3SS0de+%t4WIW6_hZi+vvz&*8H>O zN1B8RR!SKCLt@Y#w1?A!_ITQQ9@9l(*?tAApXap8GbOh$8+dxNv>vP1g1`@y-M75# zs*&|Ql#@$??8-PD4cZ)?q=T;sk=jit9NfCWsYe0}yA2(SNo#Bktx&nam3dOulU!-M zfDcC*biaj$4jPcq$JMFxJSoo_LCSYNq^1ifcr^jK80kiBx|aldF9>y9XzC~Un|`&6 zd>eI8GgHbjbto7SiCGP85)@a44mu8@mZNG}0@d<&U>^03;(C?+(l4G~vWkv#W0+bx z^kI}u&CaSGcG{4S((u&H6?&vDm@-2|6muDWC0qa;Lh`=A14>-Z7G;c{&lR4(W5j(G z$E5(R)}tid?%1S z`OHwW-gha}aw(meZMk#_Dg}frWD9neGIMxBEVz(CH2p(0U1>>X6n|@S@@yD9%Onuq z*SugB>p)0{Ey1;KYjRO(U%;TpQ)=%yFd}Ar(rkt1CxnW!4sy+EC5`Y@i)3sn>80R; zc9;c@^v*WG2cZ1f4i0|#?`Z;K6qm0}k|g@a>b({i1n-IVYxa^7gD|lo95?DRVrVHe z75C7!pm5uIP2t5GosiOV2i|L<7Hn6HpOamz;*M%TwiF4#vYm(~@O zx2bYv!i9_qsRi3D(+@Ne`X5mey794rb_hi$$RtxqsV%kPJ-IWQek&t{=d$tlZgGBw zo4;%KxjL!xD@BT*%I80D+nD5CX!=O*eLFkNID&g_gMj|Ag>k5VnYj<}^?!yNipSsA zZYdR^^?&HgQP9^5VtjhbDiiT5XxaCFE_CZ2)ogNb3YANC!l*5Zk2$d)uo9low2jGhiZ zErDosXf+0oj#c0TReBI@imCk(bc0<|k=WxRfyr&-0y#W)SL-LRxPlI^kwzvCC*(*f z0;JyX(VZb&K5{>SegVxLA@oT(Am#y^GmR3vIEZm%>gLRbA}L%uqrO zRzc}FGFwEdqN*hT+d-2hX7j?V%lYf)6v4D+k)apzfaI1^`;n=wSXEp=9Z9Dz60+;L z_Jrp39U0A0_aRDRw5_1cx6Id7s}=WMlJeR|!*J^6iRp=x&(=l6hP^gF&*yPmQL?#P zeVOi07ce~^wEwko@wGqzi2M?*K}|!#&R;3g0k3yVP^xye{GKhz(I@k~J83>6z>*qK z3(1&4V4(H2p~D07*1I8H1nGhPLhAgHgs!yb#UesLWt;r1upu(7k2l3wNK^C^YJ3{) zk$(OE*7!fZHDVj|I~+Hn^s%8?(lS6bL={Be#lLX}#YB6BX)@3NaW#9J*y!%k+67aW zqShGMo1kfODkSo~rE^YBdNCrn!%7!|EG$?@#p{m0;-Ol8h1Q#Htq=@`s^G}0Q}@)p zT4@*v?s4iu!$7O%sSCkcLW-oHxr-%QCtoa4TY|OSh*iGm&Cmj=qPBvdd&r|n#~K0g zMK)CQki|VZ0r!Dcqew8)b%UsV)9a>)Kuxd5vV&}hxVIWnuIg{e??-Y3`5uu*mEb+O z+(COrP($m_i_S`{#y+;@fATaV>ov5^1epolmhgyIHq9-YTGORw=9WX7S~p)1AyMl( zI

UJFe}5EH~s+7q!;#Bbe0vk*d%@uHWjMb&bB3Q(bCNiTAtZSR-d2UrGMOSCX4b zz+x;HWqp8bUP;`Xt5fTHJQ5zOP==m14z0({JQM`8%v%uUQY&5$l2kSh$V|Fv`Lg+Q zUpDJX0P$ZDf6qn4=pcfSp39uB4kJq;eB}(tT}Vwtrctn&EmnB=FZ03@i=vjTk+oEM zposu(h0hTKtsR{tf8pj%wb0JhBp9%no1)3v=uy9=I*3cqv#Cm-p^J$4tK89;4qK>T z7GY5o0n7j~G0A#}djr+6eJsurx0O4QO3G0eL9D=5zY}3e^rB`_mU>%Z9S99t(>Y=g z>x3ru9+Zmjn^(JhsA({}HMx@c@@b>o#t<$xY> zVoM3@&jqcuxrOM(2FC(MPlLRHaM8KmsZb~e@^Hekb5EXt{|*lF4Q1K7PL+%Hw8~r{ zEM*UTO&*r=P#!w#)qKG!J2zT`QAlh}Qr$ztTZP?+*aJiDV;B7*2Nc&7Q!5~L>rn3) zfRl`100h(f;Tyb7@m%PE0AIwwFEWoUD~3^O_!8@@Qe=Mk@x6QZKKukWBs|}T(S!^z zJWE=m)4pM&-w;M2BE@o?2-1-RsL@g6EO&Y6&~rYdYPq3jTvp+v7AN~}t5k3(GRWK_fLjXgB=p%GOX19Zi1+%kKt^Z3M8NNi z@ko7GtZi&R16wcP|y=lTwe^}Z}GOiMfMKs*;|pyvGoy$j5ma# zrD9{oh`+a0T5=b|^%i1oE#8W}5_ux>W#}FJU0eE+Vto^jqc~AAo`S3)miB7o7Hz)- ze9PM@5t5aS+(oHmu!g32cj0vKXR$t*N$s_W=`WoE(zCo4QNDyz-1XiB)I;KJ2 zAa=EI9SsPL?v+9wDs(x|*$Hn{oCW{N<7*a%>{`S4Nz&A?RHcWUIXYEj=~7`hKY(r^ zYDz&Y>h%MmA4?>&-g&|w5&SF}0vhprp1fW2`5ec2mb-Xk50AQ^u;x#$m6t(zv8^|; z44aB*@w|*N5l$%5bB7EXCv!1g?)T&~jrjRoDkeJNw!JsG|EhhZ4vFVGSk8K zvL523*~fZ`lctaL6DQ4sY(H_*e1;uBP8#+QI|%!|><;@ZOT&{r>|r)Q{4;N{L+lZ_ z(#rZd37euzD8^{%FM&X-kAX?FLBmDc@IHdJObxmXHT#vZ-X*8Gsxa% zPqE{0@1w;G(@HA)92wdyvw2+b*$fFjn_K#QkkbaaYB;COF~Mo`gy6J!QgGTlB{*%4vv=4fb{XFI zId+A;3RlKip8W>wpJoL%3;PpnjxpFj!-}i~`)AoaTY&xN**933Ey9yuU`uQnu1v72 ztOEO!tjbnke~PU#3-+hy(bw2!4%~Z&z020vH8`3i59HU__1osmbL<9Nhda-*o2&-= zbF9w34EyKVSJ>;Y{~~*jeU;sUr_Qr)vfJzpIC^0d_x6g>rgvX&Ir71iS?NL@N@- z67Jx4+`%n72Ms|cEAvHENXhBmLHA0TJ)Ey0jdr?ow#rj6(af?L9PG6wi%z+ zrBdA?LW6cM?0=#SzTsa0y;u~D89&2p5nY`4T4cF0x4dQx+F;>Cu}p}h%V?fKfD6$n z?i+N=YpEh3@n(8w*-oG5SO2@bEBp;L^cC&#x!m@#Be_j5TE%Ps(&cW4W?rsfw-8li zzl_R4RzCK>p+avK0Y$e^UKYnO_zo9}D^?>ZTo!O`u#vC} z*NPLILZ;JRDzA9*g6iD*E-B13WRL)9?8A@*zi{D~JFgaQa5LPQt1HfphPhNMu1ptZ z?M4#BGf2`i*H_@SD47x(NgJj3RjhP|{N6V_ZkUDvquo_|zL6pd8?m5Sr(NYqZ)w+Us+To-DyE|3U-p8QN>^B0U96KGG`bJDjv|~vK z&*sQj4!`=KseM}Ly>&m-7U)(`KUHVX6)sT8JZ}kG5sb^k2omcB{Hw!*6^<9AU+{39 z=vUN3F)8D~ne7=ctVDULtR1^|?U@E?iyWHA9~$pl{;@Y-exH{dyPBh38sIBxVJEIk z^fM)w?0cxPd)KbY{^?y0Rrc)Le{B4kzIyw1@7XnphbAlg_wC!epZ?#o|G@O#ebf8) z$8`8;G7%xB!Qp3M6;_?WFq|x+$!R*%f5?q~ym4KKys5m^j6_Gl@8Ii2-nG_LEch+k z@F|{O%9xAr^ru`MlQn{zQX@M6Q`;hi=hbQxf-(!j3$$Ni}WMS%a=NmG2{!Pl|SZUNf3W0Tkv; z4ThgKPlrhbp(dT+Ge|}=&WgL#Ao)hNKMlU90`Q`;KGr(RuP2GHRiTkgM(P=Ep4GXz zz<;XFL4T5{KK8Lwq;MS1jDtir*8;OD!B1Ox;g|$pFm&%zL@s!KtJEh;-kjn)a0EHc5DH*U z%GOm+sHN384%%R2f%q0ou@T|$GqhH!i!+VtsV*)fSFB)j0>@xd^1{*yvn;P3;$lpE zPGph<;*U4e6cClw;5|P0cH7uoW7mOBZq?PGT~04Y?cpr#v%J-$wvA=8yX3XBs-e{k z8JI8GymvJ;%Wab0GFbyR&JVs3@7FN0Ue-KwKW>b71JrZ9u~|(uABkTu;hZ=zk?R%Y zrNLJ;pVCl&rKn4>52g%i*Ksbp*s@)7IDxDPI5!PsIaLdP%7I3yBAme74_LO8z)9JRM;O8Rn2RN} z4W-{mY@~k0BPPUZjXmE;XQE-mEYk5sO#FB4+#AIMg_C>_m?D&_T623iNy9S<8FZp+ zQuG?*PwNYELLX3@ln6{GapD}1@D0MXvl7zxJxLC!3}5VF5fPxa2^!13M`!0^hba9VYDo_o*^dmIS&foK%KswCke&z%hoAYmWSmtuo&Ebk zDF)j_GLCihdWe{ZdhI-4(?!$o^UPCq#);F&lM@;eM^vhj$fc%ynYgkjv~GZWDWQgw z#st3bRZpNCI*2eaun7|cxNV&6 zhsjzOIYhiV5CxFWAb|uNo^G9Oc%YWS*{1fdK$v9pv|sfEL7>`zGLEN_G#o=4i(@y? zdyYRFbD>K(&0U|H9Di=KuN;4FxWgQOuG4FdKQ}%UFfF*GkKZOsv{|SCSSKbegQYW^ zo=6M`Xwvp2ASJzB_MW%eKOd;X8G7^sL{u7{?1eR3=eRMGOdr(5e3KoFbE;2w?@>SY z?l!W~e35wU%tS$~x4ARbCEgSlD+W8@0I!rFN=@q9EyQ*+C7AC^O0x(xW_r>;%{};9*=|ZailQ;LpcG+wxcoF2eliq#K=_pXuH7D5Gwwq4d0krZF>lZ4| z+2XNQ%XxXP@QGqK5nr@?8$za*KFZGz;Q2@-D^|ZoLyj>box0U(_{5QEI23ErjC>=* z6m{qIj2H8S=q=!yyoXyQ{)?P!A89h|+TnCLlkr<(Swp3p)50m{*& z5^eB|NVYS$CH5y}7}M5L#7OIB&d^BGKsL_bEdlC~c`~IO&A$Er&R`EUeYVc=qe+8$ z-@B&Ff$eJ`uH1W1WzR0yuT`(#GY*U(jpoNCg?xwbcm&Fgugg=S+HHubY#>il)}DFI z+FqZ5vp1mHzw%zpZ<=JlBH5{fhogDk%kw;&$vCA(dh~5d!Mli1dDfm+bE|e(5ncKs z9X)HCLFw;_XyygxSK@{Tc*mYoYl<;7rku`F_4d4uQ~|BLJwq#_0gshr>Q4}4qSZ{2 zKY*`WEzK-%(*#@FXE?JpGt0knPDrNMaGUwS0=oS^zPqmFHH(OD8r+^KVnsk{387eMb zHR%VzL^q?ZRzzdHr=Nv6pmirW!mx)qNe|qm26o&mSNduWr_l0w=t>S7Lelr84wxq0#Kbwz$ z)eH8JBhCn8al-pJAWc1xiAjlQQIUnoQ&to=FR=w~s$#*H`%J6*E}vbav*J?kQ3)4HPgqiR^HRsXWCumGK>qL72D&8>YX_^f%(=o_D)t`t^=WPVgH* z)(U^0jz;+?Pv0k2j^iqktoyrzok4DYd6i1)6ak|^wR+Vo^OD`V(tc-$-qRkdIjc_m zj!X9PtJInq>3J&o5!Ls%>mH|b_x9`kzWw~+tJca1P9|#Qv@WevD`)v6xAQfAv&*%J zesj5WHJ**h+H8YZ%|CO z95M*dW*qc##JYPWV#X)R#46rr zkI?xsPMf<0F$a#I3E}F9z110YhMg^pF65~6F}OZvyFVRvM;%ClTb$(ivWw(0Tbwi( zPSh+TRYzI1?xQa(uLTKZB@O@i9Aactbd61<;GkMuj*y~-oVl=6K<5mJ5MS1jRV3~* z_l?Ejmt%{OF(zqlLzI@=u$EVR!cx7K<}&)mOtT{40w$xC5%@9ajHeh4YA?mX0kCeB`L3JRjxMQGt(Kbu_@eS~{LlP9ivU@WhKe zP#5hrBXt-wDh*g&!TfQ0`FXUoH`HvkNgJN!Bg5o~CtfjF^4_aV!8`Co1YbTAw#1uRLp-Qs>2ul z$f(Y~jaEl;^{rbWEZ#O%DGDH^$}mmuQ<+|g$8nbA&p$S*bk~Nfq)VA7246?vZ-Cn8 zq40;jvg}(Ud4Z_v|7ojkV89wJ7pE@$B&z7YYAv1pbYC`gfgxu&H^l!CLN=VS9IRLK z<0NyYFm^s4QJ9P}k}TvU-BCq5_$gKG_?sapS8hsGbf#WY>|)&vd)m`n(~-8bN|Yr* zO^AYgl4z`=Cpm+jxCTARw_z5JDF_>hBMO3}h=TA@UL6(R96bsC1q1j)TMuQDXnZxE zcUPv?>y+!H7e!rmu0myK zteI`RVe301iu0A2;*k1H6lb^?Q=BWeUb893ga1y7FfnZ@$G5*`kd>0tClK~Js7ipO z-0KsNOGyIauwX(0!zt@xZp~rA#7U46`;)m^E+!^SX!?;8m()8aA|N=*MFa##nw%8* zNRyM&+d)pg7tgZbf6yCg8W9yfoum<@xL$OKM%)exaZ%#eEeNm6MLNoT2B8?WgPfBBVMwgEF=ORZmDZyGiZ%s< z$v0xUzY$y6X_mQHecJ|C_m7Nz&pVtIG+wNO^Q}h1S1xpU4+*)izGQ;|U3u#0xHWwi z=eP0^V&RY@0>MaO*wxE3C^|@XvEBmYmG)1@%0m|UX4s26v!~W9;`~ z3DO&d`&dwI&nhb30)j{4oD4rtlXoU>2C`%r{BvZ9;3@K}_+lUj4)0*A!>`#fvf+M0cf}gV6xi)967{htjV+f8zMvmFM#IbC406Rd$ zzx0}6S~TMHpX9xA;FCzfwRnF)Qvj!IucU;~__pu&+4PNY>%W?|EV6jDMz8 zUy*2qgwt80b*es}*a>^oUy?*S${#^CmDC2B3S`p}$$C?2yS(Z&us52C?XXs@?Ke3} z03Luy`ql8CuAB<0fR+g-*lW?)#fjVnD?D{Q**r>M>%z|OS3Nix1pZF{X@CA~+dxga zgPy2+)wTrIdDwV57BwDQN$fvUGfSLnwNF?0u^4x{=|x=>?RkZXelma4@Kd+6{UA*5 z@u?L^((Nn*^Ux{7e{uJo1KkNaRj&b6U+;&Dk0#Z1DQG=a_fp$&74bQc(s)Fu@YoxV zCxN{7Zj^hxC9r_v(ZLRS%~W~ptAPikC@vnp6^leFDL#57tsO45EUmhu~_x6rP`NaWud<)?K~9 zunuU;sn$4GE3QIv2Rre)u6A0*ed0gLB~QVDT-Sw5^IGiL=e4+}6N^^GI`Gt*531p5 zH6(L>7zF@{qj>uD8~_;;h(s_%4IUgaBs@=|QCV-D_V>W4R5Ih5zMe`8y57LVp%jRl zWX8RDR!s;Y)E=8UgyTSF3dZmSOY?-?8%a}(jHy2HzMm;*1^E`)%p7utG8@^6ClW$D z1k-3A?+eU{B(MYfBjFZ7apoiU2=YYcIypJBycI5R;en2Qxq$ppD~IUb0bqCWRyQ(Z zIYB_@klDmtqciQ&s?{#9TJN^7Lxy{Cp6%JYNKP9hIqkC~rwx#tHcC8hD7f@25?KyB zYqNajbO$aBuzXe^`3$M^g#X>2HzFX8GAHo+`!;Y`0~nWpen#qmL&Ior+ZaF@YNLtL$n zHa%L3-HEBRcl_amn>tofqds46H_r2N4ka9q_$hqjv6x#~_xPApP}jF$j*!lfH5s&) z=!Ak>7Ia&7K27>drsF0OU8cO>Lvhfj%Jgk9)6FbvVU8ntCrIEiGTpFqwnyR&1G3N^ z@wjBYdW7IY+#v~x_yQlQ47cmJ)^igwWuDIjM<}9<*E~*x26zbWW@ZYyaakg6jG9UA zwuff)K~&(O#NoZ&MBt2a(iARay0XX7oS38Z)C^%ZcD~sZ>!=nM}ON4gd==X zxJ}o5e6pg~`8`@7ajs6Eeab5}64`(T~ex z*hLPf#kC2^$+~vCz-~_P^gf>_t-Ix^1|K4vYSBz8F1DJ;6d4?88#z0>NJ zI>_oeSj!>7Q70FCFDiReXA|G~&CX!Au>6Bgf$uLY|CoQa|a(i^AgjYI5|vWwXA zFtO#ac4=V~9dBjEJggXVzB_zjSUYVXr|m?c`b(|}a0P;wS;25rPkS)JMZI#AYwWSD3zz-wMOE@1? zrUb8z#R6$_x}{PR{V@G#RH1`u5hfFg7BiYv~fMag)^e8aHjM$mk=TkYsE#FWPLpRN(T% z%-e#S!Q~>RCQ#?MINAWnERC64%o1_I8wG*}2ofpi%P8`vNL!=*(G&%Wq78xo zMcRVxzotMRK@s$)fHs})oSC_EALQ=Vk}d0syqr5T_uRQ>=A1d_`-Gj@wu!#nLZaPW z1-6W-w6Cqr(Q9MQUwN#}n6@@CsbN2Gq&y$~mr+OiwmH#2Wsb(E6S3>yn57HmfNIw38*vQYQVLQT*3G_$c`iWLFPBs}(A+mEqj z+*EU&Ko8+b$TTs(O zOQu{E+ro6N~NVCt%*y%gx0)Ddu}Ea{EyJ$$4TRKu^0z)xmbRGXk7;YiPn*dz%$zP?^6C$9R4LK z^GTDU-gsnv+8>tb5vqy#FJ1vSd`>VtWSXar93}_auhx8?95PHfuORW{#8*r)eY-Tj zgn``PndB)wofyUuQ+p=Bb#jI{3Ye9M=97@Q!1-ly_=}{%Tzm*5T}j$g+eJz~O;Z94 zq+R0kgfxu&ahSfl4j^l3egC>RtnY0{I9|fd_h2?;sbLWcbWv#77-`tpwYc*fY1o+7 zu(6vlkA{txzhi3HlMSW-t_|0;Epj%^uW7_6@`fqJAT=zl%w2y^Q`#4(Z;Vk`A_d8xjRJ|TCOR+Ms`EwpL}$oCaS&4#uth&Gm%nyaF?c)`J8 zrxV9<)-3AH!xs&er~!{UD^mSnMVH^Hl1->8Rb7!qqO=td7%}lQG8Y_z;M3nP*2-1$ z`?=;)HFJSekIx|f!GVV{4B3k8oX&DC&tBJhLs3t6WID6ZKMNXnO(7{W_J792WAUT0 zxOaogYJ>XupCB(bqpyJMBra@?7`rznJn5Q`Iy11gm6H z(>|qZrc3R!!qsbk)NJA>ddFp#72T_J>BEEjc9k9(&u65kA2qc^#lVQHH)T!2H zHFcQbf)8Q=6|h-NYJkg|jtTF2+{FfxEodYGmQMhjF{q-$l^!!MHygD}^Er&fT((#^ ze(dR~eV@~WS=j{g;@>jDNqTBFIUP{Z1*75wu4BGeVb4l zlc*CfGu4L=`irid&VyRRMU9n8%LYCJ{$?u>IH2+*VHoOR1;9RosiRr+uz zBJC0O!bXV>uWchtZGp(7@`>`-qQ)DBG)?M)MhrWU!Il-hbW_^Q!1Co}quT2g0pns~ zGtnI6xfxfwW~F; zn1E~UJU$dqe5txG#0QtjUF8zlsT0`(x9Qotpr1D~FFdXA?g*X2Xe{7Bzu?0@V{qO( za;n@w6oOFyS6~Y(L_6$ytgX~CPs;U@N8Xg{_fZsE9_7j+agNN0Ax$g#f76r39U9!L zWe0v>F@o`lIF0*bvxHCj2LI&1L*hIeGN3{3`{;;d3XP1WC;~1WwIbHfl2$x`b6YBv zt5qLCwr5bk{D}rNGNFi|G_n5n=0-E&2O>h3Pc?`*0@5}B?KB>(yFcbkV|FESsY6g2 zAK77|b&jCaGdMt~&QWWC6hVwUt)&(~V4w)|sZEOzqp_bV5e>kss54Ba{gG0s)wxnCy*Na!fze4By)^X!0uC(QSfL-%}POQSC+CWr_w2+Ah-IBJM#0%0^(1dHazkCmXDp8&dg zH{n$=e07&t;;OMl+c{swx5Q^7^A?L1zffIw_&k-mBd-AS;JfV@qV#8F*=jk-xBIuH%h7KNS?Hw6Gp!%ov0@9P;tdAdb}uoD++X*Mq2zj z!jJrx^%ct3U5tDXbwc)-bdZQo~Y(n?w3OK&TsV#I+ z%rytFMLUN&TE>!Ec0jK5M2(0z?ZI-WH$0&#d_VhhjRH!*PwW`ynCHNaPV(*fP+zHR zLx|$yjW5@nCX+byayXsu`7X#g2oe^($by`=CKj8S2E`7S8x8=v%=i!6^bReAcP_!OVvA*Qu8K z??x!$8bWZ8+2%Zg1M#5JQa|-YNQM?uw6aoJ*9Ry+ODI#>VynNsxzbi&m@Soh{Gw&7 zxu{dWfUciL*T)$aVoF^BrD&7a#u+OaO(&8B&#{M~ImzQSdvMJY-sl6d#@8bAxp+_zxZ&$gIrg?yz#oa`zfxg#f#wJmVbXM#)mUp zNcVMwog5;lcLt5HOV0fnS&t1GSwd{@K?vX7irC(J&|~Z5#$)T9PuXUpd;Z>*Y_<)= zbYDl;sUf0zYS8FHsO0?_U+E#^OFWQL>HAw5Uv$NT9A7VOJiea#l*bp{^FMCQBSm5g zOB&YzgF+;?>~wJZzBbe1-P0^r622wJ?@VP za|;b#Pe5J4^k3XYc#v{k!GYAX5y^r(W^PfV!4Wd_9L{>dJJ|CTGXTTVuSzmcAb%5^tb7#o}DOb~D1 z3r{!m_My34Z?|E2Q2wmA)=k8?$PnrqGfvU=HViNTz=j*jz$LDh+hw1Ne*hVl^7#XE z`apIn8!XpqR)i7JX!=l{2Q)LVUb7;z9#>jmqy2NdUX+a<#t&yJZm$2(EB&+`g5If$ zZTjW9?G8jqfha@Znw>UG)3w|W zW41z6iA#>&Anp5>DA3J8xBl-TH>Pe%duv=$9nDw6p$o(@D2JgM1O5yXBTzy5J7lDS zyv~=iC|TE39V&QMXAR0dL|>*k$C0Vt8E=7+S1MlVKNvKm#ylBy6P^L(OXBsE9K5)? z7%>)CyMT3h%UD`DN4mt2x;WyTmy8yK#nTw)Zzzut>|1nJf~@~TG)OXLVulk715;5~ zGr3xEp$PQ+WfE5&Lv%?D*k;`&Jq`q899M6xd_<1KpIBO>pb;6;tVt$i<#0PujG(Ts zu8^vAtnj9H#c_d{%3NMxb5hF(iu&^Kt}K@n zm8F=g%(mB-YNxoe`__0NGs)-OUgVR8i9iz%B}6=-XW>w92KVxFwnFwFOUVqpv^5^^ zWN_gChP7TRW@)Xsk`zPKS{ZFeyRj89Z0BRd`ySO4IM(`{`vfVU9TCkdOJ$<#c1e3R zO>fA!)8oy2I}^?-?(qhN@8Up+z5w`@!C|0OFFS2X_C6-_t>xDp+6~Sp0&|AYlBW%R z^`o|m9%HTgzsXo|?(khR_+{sHwgc=VNhx$!SV@hfDYx=hlV;w+{SzH?PR?&cH|cUr zZZ&k?WiX}_2(}Do4-fFB$OUd^Ipi8~H_PGz(VAxY9{f^@RLi!hM_F2*FbDO#oA-c`o z$@Da&bLbP?i@4a&4|8}^cQgGAnm+nTntmqG^igA=&AFCJ>uPhg!5JWB0#2xQD!dzP zt{Z7IYlMR-MXcmK&0*8J5uLp%gGI?kH}zDnh$t>zw@Jt-53qz8c7N)|YPIKKU+3=m zbde~RWud-+vM?=AD5<{CIFWk+A~{ibK}h68KI^(U5YY%h6d{_13J2vVe^TJJDyR>2 z^|flYr`uE)6Xj?b?trZSVHr*NuPSCvVlQ0M;MLSlKS_&R86=(-U=KtGu6CBojVWvy zlU^p4ahbbd2uC-@7+aeps;`w>b%xOZgp-3^=qh-yun#KtqzmS#(5+A}Dh@+{QQ|B; zG3eNyA5jHd#I7Gh-y_+|**A{mPQHBVG$`z|hKuB^m~_7gXPR&3{f=v;^y8RVf)=nG zaW84(r5f}7;z zt92k;P~_HKOD1o{MGZHjkzRt5w-VQq&NWKjN@y^q#La|G-Xb8T^&c9`yCEn{68eYz zvGZ7Gg0WEi3#H>h@G0xl9_)ln&OrYw%PJ^5BJb)+12>5Z!27yVYry&HP#O-=&@MGw zu0J4v8`h6HGx?Ez92Yo$NID61IG+niBVknJ{!TQ8omqKq=? z*$b~-FO@#DHPJ*$+#M1WgL~j8xB(j+Zp9k)>YD*u@Qqrj^mRke1e!yE!9bm(5$5gd zQktXY=j+FXt#Y+*)vMu7+foU?mrCClrq#K~;9Irzt!{Xu*hq)mzBO#Za_*yK(I6!E z?V$~lYzMNp5Y5S+E-~X0?U7ZDzE9wA&@M8aw5X|0VnlTkr#y_mGrd#HjzDVrdZ#WF zxTN!DT|qC3Skf)PqlfK3{HolAnR88fC8d-a#H;lNF;_3wD^3$vP#|BcbHy`>u+5B& z!>aW0FCqI~VqrPq`$M6ap;Oc?HW7(fp1Y}f?PD;c9+!D#ZPuaCmAqi1v{wbRQLL_r zE3wSUve<$${h`t!>U0?JhHg9DOb$2ZCCT6b7H;gGIc+Lbl=-l^?DRp?02Yb^x^wRA zOg_dcmjF7Tck`06IpxZU%K8^H&_%za)y$X`-6hm#Fgi+h;9m6c%7`&Ov5?YW)&FhA zXJ?7KIesm{;D>ic?nc1jOkUO)l{nJ2DSkM%5b2GGzcx^xz%2Yh^zCo=Qr%e9THNNm z(~aHP)=gDocdgcZ*LIw4s^xU;JE?ApScXrF@9$kdU5($_-nH*WyQu}Mw;i>uAM2*> zj8+q19wut9v2IGdG0FF>-e`BbxPJ6nx*M;Kyw6_TZO!j>lcN!W#Qv#xmv#`UlOyK$ zF)_b?RrGqSy%S*7Rl8wTxAoH1csI3}6lM0Kw)R8av1_}!DZpol+QgY^s{I*tuDX3s zWIR$G-5u$schkzNv4_i`g!dOZKh}J!ZaR#{>91$T$^lzSSQe0-AH@#)rjgUGw-=_wp5wY#C>n(2;w zao~J|$GN+N!0h@$bqB=4kT-?R-T@}@bZ2>GfE=p$NrO~N?r<~9U;Ty!D0Q(Ry2pFX zcoN5b9j(u^ueQLOu2j9e0#$pS5S)=JJ3g#;?5$*ZNQV^hwN{%QPemBc!pxeJV=0)z ztHh2Qn3pjR{6x!4eao&gL@a}~SHX|zHeTl-m}6oH=A_5IpahdwNf7*!$)AlD$#q7c z%+#WE7#SGcIoK@B0$oRlhj}~X`ydR)g3e@CPekq}8t)Ds2TLZw?dwmqRXFuD2NSU)Z$x zw_0DQx0MAvSq!!`RSbU|?PinV{KGCfT%0~qoPOr{FrgJZ?>>W-{{Q9ZxyZjuvcVYj z-`Hhw;%z^e$k5>$7^;`2!s^(<&-8kZg(8^?{*vspuB8pBnL=*Jq=E`DKm(hIMS}7x0 zQO0oSHfRDY$lV5Ik}uU4Yh>t(H#%TeD%F@1hL{W+l-&s%cBV6B!f2Yp8dFsroa~Cen9LwYG|KrS?b7RbhYBRPX(iSVgH{Y_)3ckH{q#Lw^v~S(0@;GYI`~0M1$8REW`bDY5xcT85J#$-%SX@B z|8w}?n&ZDwXM!HAI6p%_QGvvq(}dq*?ri>&pBD2k>1$Lvjr*e@WvW*glgIfM&fleN zu!xGj`BQwQkl4S$0p5P+2l(_O9R41Mf5O3~o+fhX|HOfqfB%ch;WDC}NaE=eF?idb~ zKXw|2GdP^Z;T#U%d(=W zwD>!o+HLQ))2Y3wUG`IU%6`Ni6MsfiF*}|*XD4lY=Y$>I_2|w=fxRlu?WQZ^G!nC^ zL+Nw&fze0O6ZW`0N`Fq-WCER%FbGB(}8f6mUX99UAg8srQ;r{N4|F16g)O?xK(rV%%05|rO?3}votR5gAH zar%7NWvq*0PMWO}@xrY4LXC4+TLoOGOn}?X?Rv`4Ne_Wa4Ix9fmN-kd$%*&w#-`Bt z_8pVtdoHd84v-JSpR4tWq)ox&Qf}Fl_>IVvghfe=6fCl3g%JRXcMiotOteb_?Pq!3B#MK%tTw19tbSB&2GL@!-ZfCdu>g8JPqqR`j zDyc^vU&=?{hKaQ>wr6?Ki~JoVxGs@V(y7e}sIUTbm<%U2*8cu-b%U(X6qFz3APiK< z`Pl@&g>o*AaH-&KAO}ePn#KOtuC~=qhLhpKO@75sr~1 z3X~H}!xdPHp*99rnaUCxoTE??N&m~FAhbAR4F<$TuHAnVOYaQ=KcAL{?3k1E10d8s zu&f~fhw`&@aOi)rAGpJ{`u1~c6>nw%DL)6l_PHIBiZW)f~z<(W^Ule|pk(H=qt|vANiW1Dd&l&UYmzS7hWMJswN8{B6XSO zTF1nW3|Y!HYxE{AsIS%36E6zgiU^lqA)<3_q2j?P{l)nJqdd;#354e#$wwoa7r?nG zLso5pPNZ2eS$%eR30Vvjh`E8#4zaF?Fa7Q^WlbtS4}J2iP1-TD?i~Z>9w`YKRQgorn)JY-R+p z&M8#tLt>J)g8(rlJEA_nLFh~%ISlEC`-PnIEdRe6mLzJH%)Q2PA~+?9{5^)MnOII? zO+uba96Wk&*HeW=lZZsUHx%+sQ9p=$EqMQ1uup8PMaZ|i|9AENJNo|DsPBILhH3G> zqapAAF(}vgS0(cH-y(UE+7`4qiVmF=PPx6{I)3~iVnGKT=6?*@dP{H0}${L+dI zTN;vwvSBDozHh~b-nZh2^yN}2q~9|Q1s(PWI}Ur(#6#XN=V0n250=ml1IhG$Q|>_N zkNXEk_eR8;KasQqZ^U{=jtn)pTf5peFmJdiOrT4>U58)RP%D#F!sQ^#ok<@bRrF&YCDAh#$tEaGK^3y z3U&mtOt{275VB;!PHd_k$M|}LxTGYm(iOHbc538hLgdRp#GVK=MMKs~na zFEn}J-i`^`&c+7?gH7Eg+rsm?8K--CL% z_h$e1NCXg34Em<;q6%2)*MHyRtpBsN@9k{2ApE23dk;_ojMHb?@gW-cVZ#I;Vl(K4k2 zff{px2)0pHmH`wyLf}2U_Vrgpj~IQa3}7zIN3MS-=q) z$TQZ~tnx&Py(p2ou%IRMD^2#gveD67U1@El#UG1Eumr6z6-w7-WGCUP`r|F&rID6Ew} zew0{9?G}EAh@+)Oox4`y8Yqj>RWyA-vIxcz?XA)L`1Az)|Kj-g^ouW!>y}@g@i3yA z=cy(G=+O&>wsOpiv{{J0q3~Sp!i8sNp|l`p35yDC-4_v-k3XUDyS^&PF|M(Mm= zUBgv4q%CT3n>Iub>l3@3nVIf0Gt>QMW;+w34TqqNB#7lf;O{%Eec$%iyOe7K2}cj# z_d1BrJip}zc%qcs_8uV1oh~%3c*9Q{y>%5#l_DMkdX#8W#&5fsD#h{?{o0a3{iNDA z`~9}9vftJB%49Lk_}-JKoQTy{MnCMW!M1s1r1-WJtw;jl8`#Wm_aP7*N0XMb6l9oE z@kFcFhfdg`(+Pirbb{54qxKT>r8n@(SfXqL&7{bW{tlKjQ?A*xuV7wtpdp%07!$;9 z@{26UFwy(wxG{V9qSdsU1C0Urn`sU-%gap6r3dcm!y?5Z3;V`foq#Ar{LbIk7&!T z5l1u;TM|gPP5)CPkoIQNT?A565=hT<5=etYAR$?V1X31AB!>wkD5cB~Gf5(rQs~9w zA3|bjB;CfbtNgQsPJy-y2m_K!FnS9LDnd~^xu7Z&fgKl4kyX@)?M=cx?^e$JSA`nm|Avz#x zifSFeVDN-YR;u2WaAAx|B`GxG0P-B86WSome+aM?x5JH!N=M*rUnnJyz=u--C zLS$E`ie+{2$^sd>5R?O!@GWPa=;5{Fz4qbVC>;{=K@oQn^Yc)o@;# zUt>2IhE;Te>goIJNTd+iDCL5U)l0P%bl}8@2En|)xE8{lyI6rsXs&|KI{Q}V96u5E z0FIy|P$!L`*iRz$u!I~sLLvu;h-B^+`V1L?wtO#qRt_FI{P+`3KK1l7&jK+FOH8E< zL*QZgSv@0V_ZURXWT`9{35a=v_Rc4)+7NZ`E03@?fQ4ERvJWG%rJB-O1cR1iqDSJ$ zlq3HM`F?xXCDl^!7}W0h=>X?2g$;HFXKa*Xg)@o~{`@7{jccUkXFdGt;`MfIebh2H zCq|J!dG`FNiQ}*Iaz%KUU`C|+@3(Vs(?#f`P>Q~JK6qn}@vrDE+Ku#%!h=WiB{702 zqSc6eot(Ed>dQ7X#rEHto&3x#!=H4`+nT-vJ=||lDEEe?J&V&bOFZjRfkWLD;)haD z#)@g%8=_h%Rm*O~-NZ7QWTqQ2H@OUSbm+J#&iVzV1N_|oUIXi7yd+w4&1D)1D*ag_ z!FO0Q%whx&vg<;H=MK^b47q8v?gGBUm>YH-!I!1>7|W@*O#fZ#)1s@m$OrZ=war%~ zlU$0^-81e$xD)S$CE1AgQn-unMH`phOt|~@9xS_KQeF5C!2ynV54wZ${my4_Hw^Fp zj*HyM$R5LG`?QhzFtmr!Ge+*qpmVL*T!%Z@4XLFuX8 zeB2O%=7upljG5+c!94h|a+qOw-RcPM^lgLk^knqyrSTPCfuGkMLFmV!58J5I-c)R& zmbLjx)k9qS{Kqsb|4usti(|ReK9-1YtIvp3M@)#IZIdKv1)T{rE!#oJtU(+lwpc_j zMFfUrQIQ}X&N^8eS*NR_1jf<=tuqKDRm$Uwqh|5r%?FC_+% zP@t8rNWph&_gpmqcwRjXSm*j_#2wtc?F+dJbGJVv#+0j)v(Vb&N|juSindU9V`twX zz7&RmEa~-Df`}UbyZGo^O73t+@rpPNv$$**h1>y?0OLQj%|J(sj0IPgVuU(ey_@{8xC8OIU)y=|gQ;Esh+ zwt~^n5)y(KO9&eA+i^6!fwDM8S4Js9JK|>$AnL-%0 zl-^@B?a*o1jpPlh39z+c14R6eXfw5(glqBk`YqRLrlCe+FZMP7^?vNeNS2cETPQ_= zl9u*nOFSI}*s&L2TpZx%|51){lMFmk7#SoO;Ww#{dKd5L?KE7Cb$=7(GA9`eMb}6$ z=9!%4tZG@>JRKUFR;=o|t;7|-c6E)n4sA2sKmJ|(c^iNJ7=Qiqr z0mHV6`LDYqZd^*-FzIhnp^~^a49=Cr5ENQ5LJ-jl_4K*t zM)wD${Xwywq|2hz;1lR1M=|ncq=<*##s`0>nce(F5BVm(^Nu6@Dhz-LLnz~n0bEID z%!klHFryEvnAB(|CZJF$c-Ov%#{>+sT74~wq`>-=og`}3hGh&3Ch~MYbE2(!Th=f z1O26C0>jF<{XJv~6eRZPZX4KHOrNsc3#|{Jl{BZwsH2@Nxm2J0z}hzd1jUl zS3DI%%Fs!EL}6oC)Hrq0-29={S%>cdw|9IOX)jU=J4HI z=A5zqBY?hxOId)wUl6vr*cQN0JwMeK04lHl=)B<_rhd((9nkX+s23+3LNp#Xs7GW* zs8`PpA8-@M#)QLyE!jyny*rt-Cu`na$f(TicGIZ&um9;ZM}-nfc1mPH-j`B@ih+{Q zY@32wN;6&#;pnQIw^9-(|^BlQXTLn$Q4!XNWUNQ3;U5@1NK z8lzH)IdF5QPl(u|OrK9r756X-DJqB^Ip4RNCAU&yP^|=gDN`@s$H(8p$Af`SF+Wj$ z8wNn)V!F^)R(5^*M7ROm0lD$N(1-qRQ_B4qEB&O8QtlrRUpz;21f~a#OCOyWlDUKMV381XhQ$baDLMS#oa|%JJOu}(297B9+Y3p zbU6X*e|OU%gq7cq@V+GNF!L&@!OZ#&o}Avao2kPf#K-qZyS)G~DZ%tv8!cu{)l;Xd zZKO@H2Wj(jwLN;dnPO#UKi+6G=* zv>d5n(Cv#@aDE@{yf)TQT8+>VsDNOl5-jLZ*C=0mvAxyTsOvJ*YLyi+l%NV!gEwE* z`XJLE5gAWZ;%~&rYYRv$oq6q4A;{(PeO}5Jw;W3pL$I8?RI9C2E1n*e@7h9@lq~$I zq}0Q(FHyQ6j5^Lt_>BdGUHVYR+bd$pi4=+d$LOy1g z0&k_QcGrCLp_11FpcrX-T@0w9Q`>*{D>C0KGV=khX(oSL0{E?9Aw zE*CTf2jbtA>h-xE9c^wFN^Priw9ssJbsja)a}b-G`Y7@|jApZYAi?@duR-K-4C3$| zE#$jDp5NQ%1Tcuo=jBm@Bgn_3V`jSIr(L*E=xVGmJKOKM_|7eA=)+N?5rdJhO-)XB zDIgq)SEnqd?QdxYRcPvua^T>g%or;v@i2A601_lg`1Sb)kQ`pVk)-;`MlyJv>c_k4 zL+f)k`YPSPE2jbYW}k5j)eA}Z&A^i+JsE6R@SAPKZlSMT;uiYarEZ}DA@2Vo9A4T9 z|3*HIZ|-uF;qdL5ZA_X+W*IJ4=O#@{-3+6kCEd%>+`jrx3_n` ztj`zMb8>#B*?u)wyU_wIcCqZc6>hXoo6?Wv)L_D4b)U>2~Z-_P&)ikmxUkK>4m#sN3ON9G3|`GVY#c)Tq7;iQ#I#CoDCriwo?zaU_#IreckE8eGPx}+7gNd2aJBi*ROE;ynQ8_OLNGy*@Lii$`T z7@`ey(bIEPM^v~Eb8$=fcD&z&w)Pf{R}u}IoElOtDaW#2shFi#+tXprH7JyA365O+>y2H zgO8p(bnKYeY<1jkliu*ELB?!l-sL^HTrzi8ZNB0d098P$zpmIrD0dA0o>dO{bhy-|nxDI2&fhQ#0wQRZZkWSW=Y}=k z@>alwtod{F@!FaB^9S}FtX8~FTfSwMU@Eg|EHv;be0|1>xHXt0zK36o5Xc1dE&Tet zPfAQW)k1ny1%~xn_Sxo{OSP4?%(Km<3oR@{iA^%KSB7+n^`viVTUmR|Dq3YC4*vJO zY?cgFn~2Ef*vWW=G&W#|KWyBz9sYo;qbGixB(TJ1m1^&2T=^gaqSNeZLURl)`UX35 zus(zRWj!6!4EFaW8SGC`Qhk~fWMETI5s6vYMEpdeP zt#33=sQuS~I6^$(He~TU@;ph^u7m)@jgJh*Y53sP)#z)f8BLsWFt^-#q%lpq^jk*S6h21pds-jYSHJ0A zTx!lNHQkGg=VqGw_D|k*_ssn}ZlBq|@2;s-V`w)HlK#0k4!`73{Gy}rhfbg>KZBUy z*-U6|`4ybZoqo71x=k_-Q{ezJnf zfG7dyaWNZ_^Uj?2F(_EY9h^~sIB+|+Bbr?>lpxW+ttl@}qJIg`Wvox4m(6jjWVOd4 z6ecp=?#nC~DBLlmUkeHMk@7@wQ@U&YK)-O;>a3glK!(KosIH?aJdtrXxn*~Rgnc03 z$Gkfs;D5o#z&N2?#6gWPFk|~9z82QAz`XD-!5cjjk>O3hi#(rn;ki)C`gyNLA_V#P zl8`SKz!9PgxYGQkxqK<27U+hKO)cO6(~c^GTB9|q+u28Bgdq_R37VLJE2YZ;^hVu% zOB4ocYI43c@69)+x^x+C2`lB%x&}uC`izpsGZAqdpopn*p{DL!8T4a4CY26dc^I=Q zPJZCTV}}pYpOc3kIM{X$96O5d!^iP`^yoq2lE^{yzJMmzAbjM4UxbrU6)K>tbK3CktOWu16lQqK^d*v40fMXBz1H#IeD~dt`+%> zvV|{MqzUejZx4mCNQ*{$2k(BHfn;^ag7;-A+t(qPD)Kpyst^2NQuQlQ zsT!mu22wSfDpfi8FiDUWN`4biZv5$R@g)fiQwh-#d3Hg~rQ`iAP8Aay)#P-vzl%n1 zQvCy_Lk^y1FZ2({}Ubz zGmb&sT2eSGd6SpZpW}XG06rBAa=?ZbltCWI=%R-g)?SE$RMp%oH5I)L72KU&UV7#d zC-ej$QEv&?7Pe{&oS^5`SC&1p5YBqF6%D4G-gb5({@Mg*TQfFCUelOr&x68bzQ*eJMcX?iT}Qi62rX|9 z_d}M<7UXQ(#0*Xe%Roj8?cH~@W*~bynk{6cnFh0f-vXJTQNvp9LX#BhRdcy)&DA7GU{7`kcrM0x0rHzhpIH8qD5$Q|N>#4WL$ zVNYnblaaI>c*5Rr5>anhiWeF|D>k8_7cIGOu)}0qVl9U*E424owo!i;mFn*@;FVU($=!6e-Siiprbo|VTQwT<#tl`Y4Zp+<)T#z|{#e|VgY(Wz?hbA+gx3{pjXZ+g zr}>1!>{4Y^oY}dW*pZJ6{i;rYt!)SMc`$_5iBc4<@|Iv|8$*i21GvvW3C+Mt$$1^;-)1_X{kEH!d@9ps z1Jf=>5?P-lW@01((Sq1@FAH^Ol^f1-zlogRxr2?e9!6W~@8`wjq7<9Wnp{|g=T`LG zTIhZ2lF)qkO;s4ay-`2X*buzif&thT0c|0%c#nuhCZ?V6T5h4=Nd(oH)<;?1oa~uS zdR1FJ2Pm^I+9E~QC&5}EE8)2-S!4VSAa}XJjS(Uq?WqtU+NI3vNQj_`_FI2YDX=jD zd@Vc)x}VRJW;BrvB&d}LPpSxm-Y{3XlSzt5$o8f|2t5Ok*sB(n<0hC8jrW%Z^ClMT z>k~#RQ04R1DC+z+hX=VavcSVwijc+Y$)EOuEFQXf{`5K%M2zQz$zkut$l<4>B1)e0 z2KmcVMufk_to+7-5Ffb*WaIM@z25PDa$T|J{fjk#T&{)r$e8dFU>)5O+{(sC1`q7{ zbx1~sTxX5`LauYBCL8!+eX{B4bkZQ9t~AzDuKdx_0HlG9x+0Yr&d9 z2N?l(5iL=}H~<4Cw4v+cCO0)|O8lNRo{w_*F4R@_b`xkKC=y9k!Phf-r(#pgM?4iY zV%4OJCfn9IL_1q*9E$%6?1taD>n=Uzq~cpYWuAhnk&E}WlpxnHhb283jbr*DZ5V@C z81uamgm>d&wmBW~#@(CBs2StkmJzPcsNWx$e83n}jaY68h8^ilm2B~y(vNJg#fL}x zp3vmXjmE|NYnz<#+|-`9`N^qO&%|jN>Av!RX<8CrOq!ImI(16Qoo;k8MpW|kreWM= z7@LMx2nhUWdm=O&^_6%os=(j=$XpbX{*d;S|7*$|d@<%m992&xWe#S-bMP@k8oXUI z;kDst=ELw(lWcrg&p?yrV|0d^G$$X97vP8Iq$65&bYl8J^gc&*l5+}^>!m$mg2rEwxIm++v=+hNcGNDKuu<)8HL zlg(G2Qs2Ni(cUzPN&FFpE1lL*r-_7E`70Kzw4WhmdLr#cVtmjtBK<%X4TKeSh*L)M z=SKYD{RMq}-j7WfX8R5CE1s{nF0|^G5-w`{7acc(3Q=}(Aj!h&=mFR=fSo#l;>`)~ z5nI0yXfT{1Jl;Q?+R6$s>%`cqwl1078!W1sIX)=KQKtMpT|zuqM8xIo9VXNEJC0m! z(RmTbU#i!x)Pr>Iu8zc$xLrVh4b>o*Q~n^~E;OzzBhsI6XsA4%{;LJ};+&4CCF|_b z#A(7H94JvekBK6~Hdc*av@Sa*)Pvh2S|QJkze#we|3P10_UA?xbK|c5C)zjY&=f%) zB~msI()(k<$1f56ntf1>q)TG^mr9Bf4Li%&v80UNw$6nk)D>xg;29zm!6Uo}7{_vY`MIrF>@1ppJK`_Nw}A}!5#SGxK6+;xKlMA ziC?n4*YqDr-;~FmUoGi`AUqCC_lh;jEz09mE_pHODN<;Kev>Iu4@(`VZ6nn41!NwN z2lvh8N{iC~I0?*Rq#{~!5zexJG{*^Ime=c8i@7Gg^ZZ=!tH8^)OMFXVOxvyvWN1#L zw3(X~J1A!wqWy**MG?~wFPCV!#LFc<%86c$M?u$n!E8?WS5)f?yw2dOI(*g82yW)O z(#iCijJ4d66i+E(;a|O-3=%`Xwl9{#t%5kjYj^BGECtU3u{u9Y%NYY7$Nju3fwZybt;5>q zMe}!iY;g6KDj=GxU5awHNNgJ5QXMm(J5Zb?i4tv>G1Q(Zir!_Sl^!YdB3=9B>XZ0- zyA|BP6Ug7RTbEW6IW%^E_?HUeCw(0&GK;yJTapr{H``0uZdnkc`vGw-hkXMD?b|vXLRr4tRA4v~N zL(>us2oh4H$H(+61X0O*96F)-%e^HYW3Vk}qkc0Q9YluD&yX{zj$2G~+3ji@d4 zkW!LdyY5`G$%-0@bfX_YwOY2E<7UiKh z{CwYI>#Cf}0CYQmaUyfF?#-(BwpNoE@?`;-1gfwAE|E~4sdBr-5Mc!GN!%Q}_wFXO zY^6@eFMGietjG;I?2gc3GpfrDJ2{%qtndICXaP3iMNX7SDUwKn@zomvFLefLA#D!2 zRE4l?!+5!Bze5do`bl-x>8T6uRCPw5W_k)gX^q}qJ5P(J!-!FgK2WbUFD%ic^pLO* zc%b|GFB7@K3Z=AM}`LzDcnmc1Bu@ zoXhiGQ-wN6CqVI^YL{ir-7xR)ovol*?_QlT#$2E0=J^z}?Z*O6P~ilz=m@oS=KVw3 z^u^Wg9S%~#uzWIR@@oNh+=vS>82y^fI%2rPy+!w#Wo?f%m&KgYaAhga{Y4l}S9Pz5 zv15FiK0EfA@nU~s>WikR0Z9xQX88R+LuNDlwnL49ps%c-oU9f@Z-ZaNH?>;A7vq38 zr>n9N0wde|w-oQ&!C~L@viKE4Y*<(Ui{jqqO!@aX^H$gD zId)&DE_oSg` zNJDRlhR*O|SeK=Bq+@mSrqQmD)|UqoaxafAChs&KH-408x0`=Q{*=Fef%gBb4@(B8 zj_R;BB#uAqb;@Xr#mCUeHNVlx^-8OTH`{SKxi=eKhem9598UJiN>`Jk-lU}z$CK4z zc@v*DeFZU?HM{WZHUr>SXU>52)xiUa{6B&X+}fA*O7@p-HPdQJ*NTFr2l>2KsQa^t zRhP9QC`BA(-b+TD>fn|z)dD37f}0mDXIh&(pGTjd3EZ zF?Q@lt2sf_cmL&yn8x^ae|Ej7G{(>1HI6i&SvX!ld-&=4*^4NuOVl25=-KczlS1+K z7;fM!4y98(!yOr825cnO1ZYtg4;Gcu<_T^Y$R^o+n07r|l3jf!$4C{~Ey}U92y)HM zNy{Vic`kBDPq-KN6e-lE_}2UJqkq>Jz|)o^JZ-zYraqWb&C=G)E)m0s>5CJ#oH*Y; zu$23*0UdBLc%DVJk|(Y9Q0Pj?cT9!p8qpInh=PH_B3~59yW9b-I393Iaj=u z6v_c@JCR%(amkk>F8L9^eW9Co3+$9Hx&(y@VPPc%?_a<}X*zv&ns$tNDQ&??M*Mv@8x3(>o?xA_yB(RlNVS22ARojZW%Ey+L})Nnc?EwaO&p*}S0LB5CT#JHu9X)|{YO z9lBIB4mf0ll#$~m+}Naa7~RZygTcVT;NRcPwMR*S`#_BO$Bo7nQV1+k2xv6j0x1yN zNr5Pk-CbC8I;a#r-YJmcLQ7posS<^E6j+rQQ|ibElq!*BH3G-{3SxHjlAe9B#+aBH^pgb zapQuWYW$PY@za({>K%Og6n#1wg^zSUH)hD38R}%-X*S9d4|PKwlA++h6PDObot+U9 zJ%I{1WT><=ex+4&&Ai%ANYB&PuhJX#0Hnf1q*aQr+o5)8!L1#vn%*Q`>ITZ}{fI(s z3E(fa7TLT_-5H6vJX6;wL6+~U?)2X0ftU1kPuO<4~hcMEiL>;Sesdn|q)w9Qz z&vJ)=0QY9Lqp#0eGNa&Gf8^Z&kt))p2Po&?AIMtu>9kkuwOCD_9*br0rx^n zV_d`Fm|HD$kjq-_QusN&X4T94ww0`8t>tN&U0o*O`BI;zrKTWn``^(}yzkN=+cq)p zACivp`w@2bM!vx`6~+4=PV)Uh>c~eE)RAIv(sb<RF@bTa! zLgQ?2qTxi9P4>XSnj8$qp0RzUh_9Eb88Q70tMnw&jD|@sdJ`ON|0{YCg5$N1$J}YJ zyI#aFS$rZNG(~hGtl^8XHWcdMyPhu8xmjI^)1;2_FqBTz8Ke{4KKU#s6iI($SGqxm zZ_a0<1GT8m4^xYxF-{(>U0B-jKipk!Y#Zl!Kk_J&q9}@%RL6Bv_o}248B2nsN_MQ- zSsX`7oj8&w$#v$UQO@E?rbLnQ@n}cvu^;LW%RY1nhN9>S3{}uBL%s~_kPkyXY#)N{ z(>@Hth5>9aAOTi%16HgX0u05r?s=Z~&%JlNqvRxZhsv;YJl^}>^ZtMS{ho(1#jDH{ z`_sWeDUCxk9;xIo4fzHh3@YnNqt)54qqPMZ9inr*--bPFVZgGEmi?Nrh5zW=M@PN6 zc_jAmgxqP4$R7TE2YWaa^2)Vnoz-7!9-GK_+23m=nM~3gdo=+X;_S7Q;_cE*u(8J(jQZNgUQTfjR6EoQflzvye{C*W!RD}<*R z?5zA#=56ex-i4`&<@`*|XBB!r7ITw2B6EW~)q4talLzMJM0e(MYLyxuzQ8FhZx%*Y7M?SfS1v9+ zzhM0K!j&t_*Nx{_78aI_XRlmaFs@!(xq4**t}kAC(YXHQ%WH7GvV46>Ndi;9W$sz) zm?OfgbM?2bU0hi(E?r)^1f|zjE<^QjvAT9~#rX2V%NL(tUNV+1t>Is#rmiMN_8QZ1 z@cR+^G(Q4-g7^9YyQ@^VSF2ZL5&S?Up2t961!?npjZA=J<728Ja37e40u>o4`a4e6 zN1v!dx+<_6YR8nD3c>J!9+t1bJ0rd{qLgC91QxNt233rt0prTUl~XEBtg{Rg%BuUO zl*(!rs4Il)Zk6H**=*XvWMne{zeFPFOA+iR*x?v?0q9qHe^lw#Q7^!n*EvP?w(JC@ zrC!aGcB8sx)t!0)q1J}-!v@&k6N&XTpN2G$#`M(GxG_C56;_JRJL+>|ZpteTGn$p2 zn;L)0Uz9z=ral#%nc~&S=}Sdtrp9OeC4;0#C?oH`MPD6bWf14his2P2iC0t@FR1(& zap+T1cw-!YK~-v)^9kQOmD}v?A!U_TO&G5cfxcV&^FDGX{7uYcf=$2QVNu)9%2GT- zERGj*Q^D@Iw&3rLIj=!aMfJtCg^;cY6byF6Tt`1V719liWc5C8xY9G63}xCGa^4yK ziD&p{-dB~DQ*mG4%uoZo?h{q{`)9^$=4^QXP|YD76et<&pqY*inhoh7K~zT<@#0X8!Jg`6Uh z9Y?cfzmEc+D0WO^;u!Vi&tg15=A>bf(sz(?v&aO40QmmPnwvhr ztZMo}pOba7Kxvl6Kyb4>f#@@C>Y$&Mxc$DHeH|loz5lxA-E(qo-@O?8&JYIp-BNF> z_x8IkrfL3msqbI_I8W^B6i+wZkJ%hRwCs2Lk8AhzZ^m4P|H(mrrA2?8g;qnma&8*h zHPQmg4)Q)ni2*kUbPpf}Z^UlD;~aBy&fu0tQN{A`T%Oz|2D+eIM%fBD<)K^bI7+?f zpX|mqJFqSZ=0Wf|{8h$zd8eD7&4LgdL^L{@q+!;F$Y^vZ9FoZcJ+ZcUoIFV@2&da| z#SimsU7;_MH1x?_6r?2?X(N%ONq@{}+6+P43AU5i2?U-x@q6()P^i#X)Y)S9h>W7| zd9lKgz9dli345lJ-etzv7VHi=}>|@sq2a0!d;TqwDtyk)qztQGy5Wb3c6+ zjls;^>`Jj5k_Xa%Xnap;Cv9sNGlG&1jl5D&!`9a8ja^ErS3DMKJ4_%k^m~R{ghs>^ z`~?ZV#Dixpqv+Jm?pW5|OFRN>I}MNEky~#kH%-ie$jpqXT{a~4M>v89NLO~V3@zdw z^Q^P_bX7-pDaWy~n2Gr~*&Go#Ge}9iF|Q$_(riQ)oLHA-mDeSn+*{q zL5&%?O!XcmH*(f)KSF_%kbrn{-iDq28QHtbWCeI{rJq;Js{nC8G`O4)QH zO>vmD8@&Wg&X)w`$)Bxg=ux%HsF;_Ga8!AHERN#-1^ke$x@d1p4J7O z{EXA%B)3ye8m?!Y1fqy6G0|RF%#XRQRNyk`DQuep`7*me25nQO= z!oZ$g;(8>-0-VvfV>9;WDZG;I%^;_I3l1&^b}uz@0GIE$AMk-jCqA{ov&eLf>+uKP z0!5f(^K)UOM{l}uO^IN~(7Y_s&zqXS@ls<(>8{T3fH25d5GbY5AaV&yvmCXt;TPZc zHnt@B2E%spco?nNGOcUkyC@i61gWOxnby1{Pxd0Q9Z}T?Nk_%3QkZRGC?Fw zvuA0AxG`Ynjyn{y77r=P#1VFIvB~!|o04p&Qyr`ea>WxQPxliaIij;#XEt8uy0WVB(P9yWC$#@e;(2beDW_<`k=*!kHQ#fH_AYoc}7Bp{n71sm1(dw9KkHxI>d|4(9;7JyFXrpKMS+t^3&63%mWaMfd@QyeV z5j#l<&&eWKi!5DbhjPMGZ6N5BH_O6nisB8i0N7TkgBZ~^PZ&y z){(i6L5qaBj{^ne1FX6W%7dqs7Z;!|?^!f33H%{5@3GRSja3eEr03zYhfb9BVurNZ z-g5N4lRO1Ck zcB)RX2a(?r)#@39=pI&%x4i0wem^=8)k)2-RA-qmWEk{+P)@qMT=E3Pi7U)v2%q?Y z5bBUmYz}#&*o6s{QkWW{h5K5G@K8L~4!!o@x^Z>?>=A%*KNSLw79J6s`?rEKM6ZKx z5jDGp!S4-v8z^D$vH#5<#X9ySSYsl2o06qQq;&7HOD)x$i`8HK4yC@@7gQ}`ufiNO z;~x3G^7Wnao`ISm^dv0>)Ajh9eCRHBh(pELH^vV4rZ{9xO+~M%IGIdzkpPO+Ey6&x zxYj(rNa*rL^{!cUgfu&D2&>UaxdQ)KigmBcMMyHvh#tNiKk~R8^mk9jnggucjuLBe zG_V})Q<2fzIBQG<{p@Js*MEEB7v>Ua<~d=}5|?BgXSFVBuE|o|!JG*R?B|m1Q*9-f zYO5Ll#@9)o)Cq(0`ZY?+6dMR=nLu>R$xanWxahoCIGX<|h6Og5Og5G266CRqY2#LUKGyo9Y!{RB(o(n`VgjGMwae-96% zgsPDs8(g~i73ANuP<^Wxo_h{_asKS?B0EcSsTA1IBA4L-^;Kf8IV6;)^s8Qc5oboQuHHU5&w8-E> ziMqN3Pq&Kx3Q_fH8V)ANMDQ1!lXW=1%T=qQ_XxyzeDkbz-gDPwc z-mxoT5w_PMN`2n@i{8zs z1mNsp@8IxdAY@O3_Q!OO36;{qB(gB+?Q5N4CZdjT(TG?-Ubq|i zh)1aLq*0h2FLtAs@vIMwlVV1~L~C+#(tcd;!Zp1R!ZjU}eJ>cNrD8|cviC#{O08bi zxXVs?n|9)}(Tr3__VA3);Ke+}(dgBy8ojv0mL(4Y^RAHCgww0KkJVVF;Rn65``+&xYP;*$J{2@qN_PH1)a{bz&dqg>8j~Mjz zGMBEFx(ZlG@9KajVD;q^xlWz3yw8FqOQzp^-OhwMqz3s`Dj(q;-1<_UIkuC4;_~@a?vP zQAX12UFmcXw&zaa7!F7cSsGY#x);6mp3x3TR3KDkNv}86FM;;f@=W+xfyA@lyiHF*f0Y<%)-9 ziwfTa6-Glk9yc5t*gj6xjmuZ53BE_BXTCH$=erZA0ZN^o#j|QRP;Po^dSYs7YPwtD za+M5tSc&hOb5ET;GdB^$bVMlO4{3$J1q3vnog4Ep${}qCp&yHioBr})%?N3N@rwMo zc=7U;c_S=g67r3dm&2GVjvECuHqTEJKxqC9XA>h&*h$TQ!jc9gt|YuopjJ@&-wV%- zdvQE)d8P{T!=wZEj&wx%g3xFB&fiBPYzu$ron*r-oYyfiWxJ%UkV+q{r}tY!%)f|?WrNqJ;lhV!bm=u z$wi-EJgI%GcgIRk^fs;c$HKGqU$F#RB$8S5fcZ9V=Nz+F90Csc{X;w+pRIYAR8gTCT z#EC_aOHrPH({0UeSS&tA=gTl{5DKu|J5LoWNQz)@VhyIOrX4jf6eB-NO|_9sA5O{|%QT3xbDfA$sNJaTlJ9kq zvk2v_TaL(%U~FPvctP4~;e8>?u+_F+JKDr8(tEGc=Wl(s)eRUXCE$~v+5gmnf3ys`;TiF&!Hu7dC&5t zwJ;{|=k$d9Q7#YtQJ?iw3dc6aX#p~EKEdVXD#_KTvvG|2e%-NljSbtZ-wLBt{G16i z|J*DEf2qUTE^lB@>{*ox_8`R_HJ}r&)V44^@mQs{*Z6Xxs6A?CvU<6M47INSGeP5& z_ebc#7cg_TxxtO+m?^~+W@hx^EAJJGw98uv?H2ntx8{~7tx2|DmXz6ivsT*oz_Ucb zI_=39c$XBQmE*i=7Z{~X(N_#B7F2lByI(T*3h)f0P+{R=a_v}-(6xFndGs>2)?ow* zE{|guT%P>rwEF78NZq<~pCzy-4lg1JE5XVJF3GBngn8&t*6tmOy`Z$rA1{ba>97>t zSah<~*xieC$r*#iPWWWL+VMJax#O2-##ETCBz|65?-Mi`=A*X_l0h5Y2RRacQF`AdpB4{Ht201>V(3XUQ@Gl1$~YjDYwX zy+spFFYw`uPUfJ`O}vTEWvfXPLe{e-9h0nV=eUE(0GGqo7Mnv$!gr5x1h`a+c_x=V zDa5OGrYtSDULuutmU9^-lGs1Sr^Af;Nygv=98-kYavC2=@tT;&=xl_R_2-`Gk|%@# z`|Th;48|vg4@=(ZnAkpmA(FP7q_}&M?k|SafJ;rKN-Jvn&r0 z-R&jQea7wCiP?YWrs?}l7a_)&sBZK2hi)(3`))Jm_OiRJ%ysQ{6^-~HOMY7z@Na(? z{#Rdy{}^TzpDZy^IuX<0`48dww9`xS=ihMoGgH#fYOM^EdjZOQc>4t>&0TOZ+yy7o zLR~Tl-~^rSbNUd9+`>#h**9YLDdvzsvTlOQy8Uj}?T1>ka6d~R;hv?%Vw_2o@8K^> z$3xx){S1faNv$+&@`NY{j6+)~1C6sw{p_1!s`0Jm9FEb0F&V3I~knaJT zPwN|Il@7EeIPv*6-ZWiz?0x!{Ab*wGMmvo>Fv=C}3|_II?e_OWoWVbU*Z%JSkMgDw zAP>|3<{q^N69V8v!JB6L|)0*jb6$rsd0D~W|UOnS;IC)3NT+3iq^%N zeb=;0utRQCFiH`(aG6z~;*=y3A-`gxRuDd^IEh}k&DabFaK{tBfFo<5V<5_iTh>k6 z1Rl3s-7LR`To=8F$#&OqCl18L25DrcTDw~v=T65a+}^4(*@y*3;&iu+JEmPmuNBqH z@BH}=H@_v|sOCW~+CdE~aF4YAvufE1pw@|OA>2XPy;7^~h-}p8V2N%Wyk?F=TV-yN zBxjBj?|F*^Srq1MwJ30>RiaJustVh&dAEc!-8g?9in_*4jA=$+vh1}RPJ`rF7zPXV z&=gL}RQZ;IT0_xS1@wt+-P}k2$~%_RmL@T6f}roM*;ka&y& zC^6XkwFXrS<5ekdlpP>z3k~?x_oO7pC`NV5rWl^pjv)(gbwM_p@e-G6Rp@?)4-U!> zd}uFtV=FxzSSOJq0!R_iB)bOf+2v!uYFWk=20G-pUT!yUF&in)b&_;h-d%4hQ_tAI zp;@N%BW1+N#!PanWh4Yk&3douRLR))&A6BO>zFthLqSpa#WQ)&%#-H?L}%fYn!Rl; zBJLmKJ~WoFWjldk6W1wi3&!riC>{rC`qV2DxZq)gN#NkBk8qK2_#E`p=d1*OkpVLo znuOx0z(t8!3=Kn=SzoWzZ)zcFA zyRSu%&I~he5esMjo;1-iSCZr(lD44gWdC%{p?5QqDv8h9l zVzz;-$`|xbDiN&oibrKyV8Y}o>Y87UX#9#6t{=y=j*kEZ%~KKSQ1O<$UzkL^RzqA^gk=R4=#nL9hPwCorGn!@mKH8b~j?mhSX zeCM2g?hJt8F>E>V0vkfaYH>U3(%1T=opGQ4{qM92=7dGh-f{Ce+LLUTUBf1k6=fHU0X zm<+P7?4%rcH)jkB0;GkC-JjNdl>B#B4svN*!2(&$t34%4JN9NfIOQFBcWNefX*+f_ zUpZ3AR|=K#bh$D+8GZmsXB>Xu<{`NGAJ1oG0Z73B7IIhoKRys{fbM_MAVv?RRz?g6 zD2z|fL>K^i_lmByVoPtwhZ%9PHEWEEEt*_x1Yj@uPhr7-nh(!|f&>`hH+7hRh%Hc7 z2VWiO!p^3QoA>GqrTn#d4L%jE6+VtWFhPX<#h4t^S#yG|KZ;Qg_C^1-N$UwM zy{fB$i{!ndD-^IzS*IdcTO|Y5cGw3j-uXN2AQ^QMtQE~@lPDjteI6UCBE*GYxf$YF z1?SWDlvYos`uuGTlc>jbEcq?~P9pv(pcY0p!?3m0>-K_bhA+~`6r)PKn*u<I;y zAqPBk?rEr^7CFiyhaNYy$-F*!j4FC1N?gAwK#tWhi_jaU*NeXf8ghOD zA^Gx5Zkamc^pAp!vqYXQH?&P)`$L66(O7;<-*J7-N@ zJj6*+8Gd&rLS~fcPaAf6W=V+fcu$RnffurN?T|5mL*0RalBZ}~lj z7wl6Xw>URAgd}7H1S91?J1Fdx_bvS00^3y(<^gfq@#z*({D2jg#3m6DPr0xBkRJZtOyrYPA-1E2uqe6ytR6lPTzp^=%f+jaIx~?0 z;o1J-fnF+T>2*EZ929$MI-LbAa!^fpkBvL1av&%JwNUaANzD0?oplqgQ!=w84@-Y z%oE^jzzaz%C z#1v!8P6*@woB@QwPWnrO@4Zi2h_>X{%9FR^!MhLx{N_xoz&&!1lla@*gGaCjpD!J- z2b~CFpUk`xZA6Jd&&&nib6ac;cKq8a7Cp?<8chSXO7mjAw@K%7rmAMBvErC}-GWVy>zzOZ zeySb7+Ke@7FtV5m_IxVR==p7Dr6VYN*j+A*WC-dr$oiiIl=>jJ%-3gvzb{}Jb)~h zs}u)|sty_#Lj03ViypYN6}+~~bBWDb1@GAMf;v#>-CnpO3VA%rY)1Q`y||ESC(#=x z;DJp{qM34MQ!&KHoY{0NcKnFfDgLFFDxWO8Sj`je9lOgJZSaGPRx$#b$EA#CVCs2>!Of&`^#T~cQ^b8|21-l|BYXk=XO4==k zY@ulCsEBGcHEwGq2(PlmckhHha&IU6za>uiBUpUd2Ykgc!od71_hXR1V_&dd{N4+> zAyPKkgW??$3AS_oBR498BErh)#O55ku^{*E*n7o&JdyWv^!^JWBElE$kT5X-OuM3< z73kUPR0D|=4_RUPPA+&oEXlvjw+F?&%06O}mtA`mvs31J^T9W%Y#HVJZx70Qhe!NwTo_{Ur?`B_ z(qat@I1g)KhJ=g^ImZ8B%)H-h_uU zRZ-6EszcR@!T*%tF%=g9wi5x9QRF%sh81vJO`aT1<0D?q7;(&()R`}tIQHf2u}?U$ zoG3d*Bl^{hez}G&%9MDT=EHdqSZ0AQ?@+7GZIOW!Ru;j5 zAvP-?YPndupZC8EHBSW!RDr`#%d3dx=e(R;;^v1D7u{#0tOm zGN4bF>E5YX!!~=Aqv<5Njv2T&8+AO7wsa|Db&iU(0KM>OV|^Zt8skS-77mcc(P95` ze!>dHDtdf2)`{gS`AR8ejEn+zN>PC+~4y&PONVKuWz}u`!dVvkM2au8zdK>Tv2m~n~j3L97!evh6;dvx6_uP3}t@HYp zDz;!A&bNs5UNvOZTWS43b|=yYVlWnBvc2tI3#vie#s741+ncyt+pJAGAL##w3~AxQ!<#Bu(w z|K9P<8s~oKtAkm({0)n7E8N6$(NXZ3ygmh7x_o$6+shuP*waUH95Jk9ziHPmrUKzb zhwv{5Z-7NY3qrVr6BfWba#tK%hqN^O^H@xLBwHu=35lC|1jhs9C(Mx$${dC~(@!KI znDZA}JbBh@?}$EEIsQ2j7w?K4Wh`6xDMfP?r?0K+%$pONn{9RHilW>xu(KGV0(7k} zIX9IR_NLcKM%S$4ec5u#0a7%|rWqa>Sij}EbXpLd-*H6ou(m7d8oX7whh|&gQSYVA z_*G5@PxMi+wp?xuIG_zpDW6b23J^P{gSJ7AB?Nav;E;gAuvgzFM@Ei(N&Kj?J=9iG*F!YiHsG%Yagv`2KH|m)?y);KpT<}Dq zsiF}sYskEyW#VrU6_kqBKwF*I8a}sldM?Fpww>z@*QpX00KPK3xz` z+5IQY35q$C%(7Q9V`*^mx@k*eg`ug|qp(G-dn-e<-KEQyX2D?5kNzXsy;za2dv;Xe zQC{{s>%@!w5w+Ye&9}YILX`oc#QQOZ_B1Z*xV&a*%`p?~zmDL+l34=|d;IPF&qw^$ z=OTU!*z6vr2@%t+VQ*c0FhjylXSWJdO7VMo80F_n1lH)kWTPC?Y!xoMl9 zWG2?j>kjKfCRP>g*0TTh=Yr=I# zdsS`v-Rs(0N0VPou8|WQoB918N0PI1Wci!)k18=||mwUB*yLO|o?>m{$3{R2xS8 zDp#+fVYpr(>DAHh+HPXVe5^^S3tb({9`7;3NbL2tkMm2PYaIr&E@l(Rf+moRl7swV zVSk7j>@G+q3A!MOH!hQ8!bxcE*dU>yPUV}IPGe!3ccldp6bYgoGmi{}=@ki7P zBKX&G{_7y8xiB2xc*ynl4Xq;OTz?m`)`&?}cWyIgdcFG@Ua6j+kr0q5!GGy}EpEwt z4BVG>42+85X4?tBW{>i;_6_QPe@0thH;DuZkojr*!Ce3J+wSwa{{l_oo8@_|!i6ez zipeii*>4%17~toThn_NFQ$=FMj2T+&z zOHlek$Llav3%X)QrP^xDq3cIN!*D;MjPD+edxBRlQ89aeTsNP;YhQy8yIQk~dQGnC zu|!qKTyWRg23N@O2yM?qu!5(9WGYXE*LuPMw{tT>}z-!XePUFa{qz1~Ut zzL#ePE%wwJqjid{%z4Y1^bUvIpF|qGqmo;4x}2hUIG&=!k+9~t0E!$3Q?|$MtWfOk z=Z4me0`9;DiGT6$f?LFIc0hwnU%JvSyzqrnFZ$1-mphogzs2Pr#4h+7_@3pBM$mSG zmo&lVIsHm>$i*k!*QwCoM+7@pVT~s-n7F^5Sgo9;Rg>*+BT$9yKP>KFLo9RrErdk4 zJIATZa<{1N($*jbx`-h#_T?fC3@VLc=P|yAtR0^ZOBf*Cn+eO;DsCw}#0ri)^v*#T zPTir^?{c<_@GzrcrXIAmtv77HFena6B!`v5Y5aon!#xarI-_wu^FnS|86Fzs2Zshg zzI+$&3@V}|Sp{eC@{O+!3WM?hQA)m=d^#xZ9ie|8;>1pehGq3Oweb;aSi14@z<$FH zzB0&BFTT=mOTWUy?)2W#L2;irk8M0z5ASo2;GQI&9TX*t@q3_(opER6-F+KjmFdk{ zdheL|Uiz))t;YPa<$`802K+ikC@LrbV)`W;1Jg2N93Js&qTvr#9zn zEA;bhb%idg)kjxrF=g!gZv!|CQnm?~zojVUD)GGTqEDL`0+_~u1 z^3!sQUs~Z?^wfCktS)$fe+27xpa#Javrn`f*X>*^A-%y`DE|~rKf95oEgvL!{u1o+_R+z`*xf%4{iIuf=fHY0UmAtr*1nFKf_Jv5D3wrq>4#3{%B&2 z(R59zP7jRE+6VXZ&1jB3d`SgHcKod#dods?3+4^6s+BjOCPRLe=>oB!465{(bBf_( z=~o!Qe&OoL;Kd(D2>yC57J~D^?dw@m@OzJ$Qt*T0A392PUxD0c4^rJJ=`qf?Gci>$${N?avQx?o28DJu4PWz)5%G@ zn>A_D8+49X>De7487&7e80+j~W@i`f_pyE?>vgUg3;c?kDd zWx$}?8uO<3wP0y3l@sh@au=pX1)OL8udzR;K0QWdBESf)J}O>!g6&{brZ3&-wgUyN z1^&iH9ZyC|<{J@v`&qjD6Sza@Uab=xWXdk(a4qB{ml^$+E7>_K_dg}Nga41w)AzAT zl|!HrH;MaGIRvD7(0(HK1P4h&iRof$vqef*fxk)Ig#nwb@gMOkw)6dBieK@Z02w_v z77$69zR9}8u0&)0*9u*Wy(bZJ#Me8L-SK?elUl`4Q?0Huo5Nw3==|q4bXDL*fG8dg z>nX3ndgM09ei_85h;D(~QkIe(pU)WPbr!|Oh1RvTt;uF132>~~6SRyV$*|)BgV^gJ zwi2@f+6W8|41XgSVr<{4r-CVQKwd0+@tT>Jngn#BGudnCO(-bGwWyNU7NFb#-C!kY`svx6b$0Jw-Q z1)i4K?igPkIVfQt5>FTRzixE+9eXEb`xIrD<)>`xQ+#cl3QT!6(X4C(q|(i<;H{jI zeyY8N?$vo{+#~31_!9}9b0IIzI*iM>Us!`GPN!T3P92BEz}+#n;MDgLT4+ESm!&p_y)Jt3K5f%1=^@uc%P7vzvHkNs1)C<8qLOARU1xo zTZb^zR5y5F6V~{^@^l-#qFx#^!fmbDpTWA2asNOv2Dx9RI|401VTE7F@Mb{ zhd}w}YVo@+isKmM8>1bZs!}13`Kb-f9!g~0*g;MCu-t+&L-$+j5(??eea!b)71^*!AO)1PL8Ge`aL>(W@*TU>!jc zCH@VRK;~3Sq)DDvbO`Su9W?Hvb}Sp}U^nnmwJM;eV^R-5;UTf9Hu+oUG?D_R(yBn~=06Hw} zpmk>}n5Uu(iMPS@Kr@k?)Oo1{Jc9&3m)daRs$a=U_&7mTNj(7#c;V{OixYi@CJsK~ zEo3~*0xtR>?qw@YYa!7($FxNI=-5o8<^PML`!@7T8%&i( zN8%e^$IXmzWvC_wxoh~}hB7x66K}J8g3Buz2Ld{|sXLi!pr{*oTs5%wzvNw8Y#i5l zo|(OHd67t6EX%eckJqwym*P@f>S9NtXp^Gl2$m?M|y&S!9u*Hb1M!m)z=wen9ds z?2l!+BjZh742+>246 ztMGB{upp~GK0x$5M=>fj(c@+GHXM*#J`ZaGavUt6*f))h$a=R~v+Ds0F6YVsWaMkl zt*jF@JA7aW3lQ7?S1V)~#a$%^1ZDw6YQ^&UhR5j|VjX-GlMf=5I8KQ*y%S2wl|%Wd z%^KCNeF(#FJ0l(oqMl*~96~y4@^PnPO(4{T=h}B5sNU*!0(TuY1tjuy{r)TY!dJ|Py7Q+-%=#jo4H1pQ z@S!$ay#8y?CjX9TGJR_tot+(dWoGN$xtWpT7p-DtqIh-gbnJpg1xj*eDs;!df0~Y3|WVJ4gvw9}P1pJ09CIjXMEdn}}KXOoT$ zl7w0cnymz5do1Ipv}d}Za#1XnO;i3tS*~tUhAc+@0t=G6XkiSqpbE4CTN3Ytx-!8r z%)E#raOK`?v56WuT+B5KG18XHTb(6dxtE*W$~DbAWZxPsfm#cyIj$S*P(1fsPFckY zN}M9hFtYXh^GzA>4h_QOB+Aatp{mHKzyVZVb)mXe^|pnGPz~#g6zO%hI*#x`e0gS5BP9g?{u2Ohqr(i>8 zu!)6$Jamxvs~q9ctoesp`-F+-Pd^A9mYrrVZ2Jltcbq4uX8~Rhh$w%C%S8ei#PpWF z5jRo)Ku*-hJC)hF;rl*@EAW%cBn%0J$#&0+`5@8_KMZxlQ*BiejYg+1Y+>u*yi=Zp zVYymnt_08GQu9$l9Jc*PdW?QU9+X+|@x8+WMs+x&8+tbCQxGC9!ZkPq&S%P$r!FPT zU7kDY^Mj_4pFXoa@qqV%Pap-3;~q*ZY6j=43+?#Ht`@&vlTI#KHpGcuiQtGQ(VG+l zKYXYi(5;I22QKvrYngXG^c@mc`59D+l}E9E8ADV)t88Md7)?17kW0tpYT_D zc$HTk4f>ms<*n_(@UVcA0+EA#v%I?Xm&KLMTtf`d0o|4UG8`VS7?}0@HJL|&zU|mVNOqEW5@zF)~rQRhEVfZ z9Oly08sUWMp#thd?h;8W}UgQMPZ%k@zh+SKvX!-$;8wU#t!6ikKth4m!bX zV1=ahM8p;lqM%?jw(E5|&&Ak_Z1KZWVwY_txqciDIk`(r_XWjt9~H>_{DO$C5#3t| zQDZ=cA7yU3ephVg-l3BQib}NUm{V036>}KiIr)J1nLOn1h?{N3;qYr%3-UlGRcF`U z*|i0+#28F^;eWr)`$(N-<6Plm^FpIJx=7E$$3H3~P@M^hykBEv749_6gsPu%#yn_)#47N5JA6Z8H9})~0nbrb z=xK|%hCLp@3k`&lCxF~4)B_uG@*Td$_K%irSNS0kgG4w>Y}m4slA!c*{VTIAwAf4VgTP;gM4&blcZ_=q>4(hHg+f8@m|5IbMiD28 z(D+Cd(XbV#V#Y1HU_nooE`;A~lcN>63${fpxiVxFR5@zXiYzW_z$@OiFmX(%iTh|{ zo3vqPvv#}edTu@%mw9BwES1dBQPZ-_t5?kt%N()Ik`+n=d14?FbnG0%y1Q%WS<0kT zFleI`SLj^X^=%Vlm)kI)P2WxNGISs<&2-ty~OqkHm3wu5K-uWbTG0 z8Cy;=@Gjc$QmoY-@?UZ{*ViE#5hjt_JZV_lb!RpHfwUPN_j;UYlPtY7Wa4^WdI`Ra zo<9#)c=s%PxuDGQdvx|p?#6qFH+bXP^y^bMZ{X$Cn{N?r7C*jp^Q~L2sb2D*OJ~f` zw13Sd%LAXtZ&u8kp^4nQfnr}5VsA0AliSQBe+$GymiItxr_;TJ*x4M7%-lYyophKL z>o-i9&}_Gaiq~OKyg((Xz&8K;#>d(>jSrHylvPBkUN9zW4-My2{NXo3PU_Boz{ex8 z-%g|EB}Z_uS=zAFjT21UI6I9i3)d%!kkEgEdp}c7){e%BWZXN*6jVq$-Yk-@cI#-IHIJuqoFCw;AHF!*JkX6xTDnpzD* z>LuWA(o1=1e*9q9B915%!JZRdq;v&y`-PM zuTN^7N{3WOAyq%C1*^jz^%!Wchxdec%s#|WLUteKZ+7`9$Z;6!=Nmgu+DGi84~(7T zP_L&RP;QX*wEcunBwEds-vz0U?UDLPp1R97{M7t2@Yw~Qke6cL9&fyLO~j&EmYXPP zN+w)`IQB!^CZSBMrSOR>+um6810Ll$pBQ*RFkigrT-S+o*IIg{Uw)*Yx%yCdp21fH z`6^;hJS0Kse{|<5m2ib1ymu!>vEj97P~@ z&KL0GZzaI|UHq8Ak171XwzQ1->&&|_McWUCT_+IwcM%zpX{BMvz&^2+*jish{n^EF z)#`=26Q1WFds3^9e|Z~iAgwMOsnD^lCunH|g^X6PhEKz{nMVVwA-VWfYVP9D{d(Y=F@GmnkLiC-9r^e>XhqsFj4 zO!0}Fhl!YZSE}MYS`aZ2hmmErANzc!_m4Izh&5_|5r>(l0_XULyQE8$tBBU-z)r}^ zLh_-%{8RO8osV6ZsUIydIoBw{h{z8436pzFS?bvciX9HP4RAU&hW@<0k$Js>@P&>7tB-I|Huhyv-YEM^Mh z(Wk)2ZWxLmg9X4^4a>H`7PyEmV{{kG=&)fAo<(uo+~cuRCR{fjlCO;OAO?(d13vOc z#Afc${$IYvU;oN)-n;vJ@rbmUKMj_gUcfWK+ZTC#RDAsPd+I=A*yh{Lr`Q#L9Md0Y zY`G-+BOD=1?ClZHKr!Ha%{ffOp#)j`NF$aw?Eze|1E>$RseqAyPPP&4Ojx3^O#9SD zQK6wLcKbva!h#wIclZj8JZfLl%u^NX>@b~z z+6T2Q2=b=uG$zUAuqg)X?YhYh!veRfp!MY~=w{A{Dg-NzaF%#`&?w4ZiqNPZo|t}b z{_TnDzy4a2JCp6fT)6D5qkB@+%rs_K?~I4;+=53*JB_wzvDXPG(RSyUJ0!O>`7uLbJ~wZwV6LylE<@@+=H(DTbHeW_Rt@w?dV zNO^M8gLU&w-YVGqAhIeO1}l<)<+5eNK&NP0TwZv$gM%R!lc;1LM(MFJr-H@Z5@A{C zEv{|v)q8P#5`hn+=tK}SPxTcEi&XNgfA51>}NoKv30;0u1@NrEq6(AE`WHQ^*Njs-?N z!fT!iS=IU7N`k>1K1gzpfW|QqC72;D#0%Rv9b6;-In6Qb1!i>U0_}$13JD@@a+XM? z4aQMQ;XwL#hWr=$bGIdw=ZAVLgLR)zEO7oZx!e*KEwq`zca3d#KG(&K%HQ|uCR2Z=!hYMB zTZ1Jd&4TAWDUmm`NhA?#_B4C_ZacZEId9r2KLfK_+D_x&W*^-*oZs{_wy~OVJ*ZhH%0l)WSVz2cFcHo-)#QWizp17Zy)ZWnGx%W3yADr})e(DX1BM+-!pEcF9 z3(in@3cz9qE5Z6Y#-WMC-JoOX%?-HCEDc=6XT%1KpE zn=&;+znhyxn!*hVoCBV`_lu~ZlDdsSY3qwsVuTwu84gFHAk{d{@CI9`D>K_#T~;j= zbbt=W1sR#mN$M2>WTIH@Df4c6KFA9HVCEiJSBap^IRtw)S6sPdb!LGvHK7sewzNqgI9z?XTMb)0XvjNl#fIAB2C zDX)b?JSsKfBmEM~PeO6mro^7$dGhrQY|jt^N^h5)btsxf=ye#c6F5kD=w-Gb7lxRF zp^57imDVCcB1}Rle0rg zwJhFzZ2R4M_%xT-Op%01g7=?$PKd{PmLRxp(0H{_dbo^44~wGPOg?tJc!GJv3v0TL>hFAA*q2Lr0*YYq?A(TWY^TD%IFX^dfam?W0UMLrTbZ`MioMlL7m; z$Rj|Y+f99g>M{J*wb#FNyUA&p#LerkUA^5L4(hH97&$K5&Eld)+&Hcj9G;p*$evI) zDx)hOet_YU=*h2_>8bGPxxQZYpwPl4;nb?;P{&k2gds+dBVSX2Z*+$wT|64sL1kqe zb!s=ljKdszBAeU6O0Cc|^U>KXoGNf~T7!Cqryc3|N*>C%z^L=N!hRW$8s&3^K%%p| zM7C1xDY8H!J1Bk6bCM&uZeZWRq+1LCq7FQKm}OzA6vQdQpzl<1UXMg>4{)J!?9Q`8 zieV(-D%%1%DszA!GR(*1fVB=LZP1#XKrabSKCxy(r3fuUc~J>p2p>`&xM|LWzU6a8 z^Z~{>NqLD1;VgOP8ju?_&*TbhLQvkW4v9~j#k~{H#pqr^(>jA2&!0X!cp+RY+$u!w z6-SH3QYmx`1i{R@xwba7xxR6kh)z1_Lg6B2X3h_pxzmt&1}5;_AY5FSn^O>m(eh`4 z9B1c(96^RiBk>jjr)@<#UyF25vd$;PW} z#i3dLaiy(bv7^Du-7v=Z`gxjwu{! zWyHRym1aAdRuZSHRuZQeiqz7|AZ(f(!-zoR`ex%8y1v)#a)iLSE$Xo}9DH9FWU|hHhd=~W{|r?0K{Xv@Ar?`+b+Twk zkk=Gl$4)@5KZ0vrT>A-9+rNe|N8N#_XQ$@A@zt6S#EK+lkh z>>VHzOMkU&}q3Go+5%a+HY)ri-^?(*CMyAnu6+wlFqb06o-!-=ad zU?<1-yuS0DbMHCl`_B0uN|RS<-w(()qIOnA1#XlC6y=Lmxsx zO7{Rux2}X!u|CFdMM^cKJsBHK5ze!r&mLM!MiX}JTxpqQdXI~e)(-k37xmlpBF=DE-bCm=*z82y+g6*m$E9H3F(hC8KiZauegQ~rTP_- zk16Fkfms7xxv0A{OXMOyLs1LS3ik8Mn2ZvG`P6+X#RiR&C1`fbRs*0{u8mz!U#Ebt zjMkDK*OfNglPOg^0^4#Hw+_$`=2^!UkUH-{RcD)mU<#a1YTwqDIe(+Dxnxhs&r5Z0 zKA-iuwDV>OuE}Xe2Udths+LqX8BaU-R$6I+!;{Dt;%<8;$?ePiJ_zz=Gca6YdCmq zrKK?-D9$6}RdISM?b5D}IS34ISAm2bb;9-Lw^K>>Ue}{wt9}r0buIh79~NH;?V?L{ ztHskOITEZQ6+BeztyS@dkzLw+!)x_I%6-$LX>@{$ zC8V7;m+0ezhM+*IS@P+D&I|(8?g5kHDQ4|9hhIc9q!*vQeXc+P@VnByt>|IrI)WlOijIrLx;c)H4SOh7t zhX(!|@sDGX+8@-`w1wktnHW1d=rWGO>z68$gdRbUh_#cx71AueMEDsVFJs$Leg>l# z+pdA#v>n)Qt9!tk z#FqKa!WI{tnYKsTUoRHivZu;4tfTgRcOuUc{r8YrVhB5X09YX)QEA^ zE=BW~b1S)9wl+L@RMO8geTvyf4^~MoyDg9NFqN8o=Br@$ki@-Z(}22+K>jvsnRxQ^ z3f?KbFBs3&)g_xP5%`Y5z3UzMs=U=C7!!MQRa$w|+Gb8{UEsi8-VZ*r+x*pp>xzwY(M?^dsY1E92wITzW1&uQfG3uC^tMjU`J6i@CX6 ze`&%%X+qHKg#UCwLx86Aa&jZRSpuE&>|3|;C8OZ}_%i4C!N>( zgQdA7ZFVFTQeU|U(O4dZ-BBc^h)B9X+yJq?=W}DUYvNROe+9eMwiCS3Z6VK9?0B+^qmqdM`YKxWUM%uvnwT1EzJfq=$M3 zCDfGLw^V6s!^39MhrXo_;Fe-(DyT*;oY|^A&D#&ApeOGFTs66ZKm_WBYJ|BsZw7y5Ntk9 zH+<}|kOk;FWqrVM=HfdmS;Fc*f1&ZW6_)lK?$n3`WXo}XuqDkZMBZhZ{!T=E#($2A z5owaaG9ZtR8wNHY?wR6?US-=)&i+LrAa3QByz@9G!6y04HJhdf$l}dZR1)CNAvlHr zvgq%ZIS{U;eRyJZ3BH4sHA>ON-amiap1*UA084t~t1W>5dI(O!;{5BJ(3U;LIj>&5 z`fv?|0&9fI@I*!XyKpHN0Uf#$SBJ+l-_JwRBu5~>J}3JhkzGF?cDpXV3Qpl`n#GY~ z6JvK{eNH0x^%mF6d`R}oa5{GDm0$0Zegp4@#A&~y-m^i^;rzJUQGWMuiT)tux|w#r z0kIRthrqpFG1pflqS|ZcZnHmwN`2qQeYojX{L2>K$Gm*4NAOaQ@78^Dj$@UwHv71+A)M?Vm<5Z($23rwa1Hbq(g20Y9U-JeQ3$7#g4$KcU7Msh-dGP_d zbRBj61W$j8;Li})Nc-~$u8Xf-ym-A>dz0}g*5;SFA`ipYe6@$$6ugBINMZ!8#$)li zcwGxIi_P>K4aW@QW5Z~p|Hj8LVhGzF)*6Yhb8LF1Z)3hML!osV!C5>m;Bi4dF3dWI zP$<`r=-dJdok7N#S;xo@Id#x;D&%fChi?%{N^f#`&0LwwOY3!JZf!O1)Q$|FFxxww z_=)7`wPEamh0PJM7J;Gc)N@X=OSrRZAemcT)mqw@fltmi3})uS&UMwypim^AT=R!! z8T>_0(~_w8MPa&DE|rUdRHWFHh4lGFM(5?+n)n_sH4?pwhZeIG{8x*o9c?%*y)#{W zY1}otg{PyvsZ^I^boDy>Cx}+qT(Z4;250~9(M)D~CO>mywrez#8FAu_tCwx`bUAT2 zR$^X)*h=R>Z!cd;&#Y`szdo}vOMn}Cd;JOrCc3*znur`DAT1v2sb+}>FydjD^~HLm zz6)YAJ_@ebL>Ibsyh@4VuwOhj{Z(H z+s*e6TJ=`L+sxhD&GrGi#cqMz^ZnKb6qhFf<0v1e@@;n8{e$))E}O9SaeGbN9-tkj zwEdix@Y9~KpRf;)Q`-dN$p@jSr>M*UF4OFnIYPa9+B!%WK7(+_pxhQpf0oL&a@jVD znG`$3vBMNQY9FfvxIa%(YCB=?r5{21PS|>y;FhIwjc2IFG5gs4#$GQ?RE!Ye~d?^->FW*<`~D0Q!Htxtn=0htMhFtG1Wz}5i4bN zajct4c5}%zl}uAC!?7NUWhmCmu|A6R*u6aJeF(=xQ~d;|-x_$E@SPeUTn6ov)*!Cv z?Nd7;T-4LJowf$8leng*KAy2o?SwsRM;L8_dz#>$wa-!R(EaBK_Sx}}b;dgTC4*Z% zN4djx%8pt?7y;CqI?wUv{P>79Obf)QSfg(?_iKURx{zL5@=$(q*M_ClyBR6wTk(cc znigR194qD<>&t5yU-92vbu3g~UBiU(4{wO8u*Kp$%K+ygedx-v<%ivek?pj3<({x< zLmEaXFZY(gNv zia2hv>=7x+DzgfU%eIz_gaFAa_io<2d|`NfebG`Ad3DMJ7S?ejHOz@wKQW6$w~{96 z@4pmW$huO_ldG5IdkFOXwcJa%@T`(|AqNe=s#)lep3Np*1LG2E*7_QB@F&@&ot|T@ z-d)l1svPT7xd^Q;ad?c?lX36G=6FGdbB%Q1%D`2l&#l4jt5{^Odz)+eDVTmNL|B(5 zbeAR!_Vl0ZKXpz^JKfVaU=IxHknK#re!`<$qb%$3!l%<^zU2P@+DFA$>u&wTWti++ ze%GE{y0oVO7IG@>*0NWoq}^Vn{^2)o#ZI_-4eF|%Y`o&FCL=_m; z@-lj6_bwGnXVV_LdtWU|k?z^OzdgJ5xaa?(&y`jV z4Y7e!s##lQ0im2z8mRJFsLr|Rz8Hrb{#eLZJ%VAUqJB5>ZX_Vbgrq|f^4{!%=& z>9(h-HjSB{?0lR$ohf;ZP^@#8Jf{)w#f^x!!8gaIyEC(+Ggi0LBvmo|Y}m3a#=N1b z&PYrDl{mK9;scwf+>GtxH)Aq$#FS5lYwWQQ&$~msobPa)(Q`64VL35+!P>OXfEg_;9 z%Z7lCc3w&joSN>-oSNMlpg$+s@!9NF|0w^x*PkBPP9s@yBEJmsQeQcaOVK@JxtKyUfq=88rH{gnlUuwG)vJvwM_L7p^Z;eq`R># zHp<3Q;PRZVqOVA{W6Cx&LbGjf{qqKVl7%0Hg<*vPTc+Z2m~D1|{VFzOnQ4G49MORz zv1|nu0@ybFpjEML8V@znb}lH;^@#!zn+x3cXHclBnHa^^iiziwM@ryro-B+>z&*;JQpwcsbCtf z%*}?&k@#FH+v4|C3aF}k9OQ9eJ$ML~I~GUCo0))I$e0VuxJ75>-GVEN8hCW};ZO@} zc+h0Hy?(cED`ZqTD}x^Z^0dLq70DF7v1fjDZ8MpwT)C9;DubkPY{`@k#x*qI1JgWY z^q)I-ju!6BV81H$SVlqd!mo{P5;fDbb)?O~{#0;XTz32plal`NyVJ%;o@}c3-OvN} z3Ge#-i`;1tFNQOQ{GDhhEmD6|z zz#!i@#J^zr{;R)0{Ihq+UEHTt|3<54TVsE`#(8G6B9)9SPQ5}oNnV5ygnwH#drKwr?1QQd$s!Yzpu2XYzU~uTvIr`T_ zNqd~9+^9NN;jJlco;oN0Q$}B3-($_+&tU#G>+{#0yYNPH!JoT)QA#uTG3IU!&t35y z%nNCt0~onLsq(DDBkl!6V+B^TiS{r7&~=)05^b5^k@q3z;&+ zVXa_ET9Wp;wF>{M7Q4AYD_yWE8UmZVP@*cq#@(|nh6Tlh zmjqB|FsocAUOnOUjb0HP2|#PC!fF<@uPtb7iCbE^k`A{z%LXpcg!6|Y7zJhxJStpX zYGxTz+PTD!%RJqfU#ThkeOkww+Po{yeHFG`t*Ds9`he?20Vl-buMpe^TwE_YEqr!w z>IeFJ^eiHNdN)eHy)E>K{FR8G*$rxk2lXm(8sC--$G_pvsPyCV9)e#$@COLsr$xH3 zPL$p|6l?eZso11nIY_8YsarwD>zbrTBH~W*EfZAm@+6p6CGt6N>w^ z(^KY*icxUMMEbdxO5#cBpjtA$e+wXidxmeKLR`HF65m2na~6DPR=o-;9?UZ1sU?c9 zL#_N^)kaYGO4lktZW9k#?iWXg3;+mPku9LGi*2(&OXli3ztOoB1AVJ-4JCKzicqatzA=q|NcP zSyDf3PNMLD3TJUeN_6Y^5EbvrvM=Nom;BVVYRb4YnF`ZC-mdWU_q>=F8?#y0<}1y<{eEPU)*nh}$Yyiv#L0c4F7wUPMIly2 zv0moT23*`vuMlsD&D7=Q<^{|{2ppt|I({PXQ;qbo*}}G9X`kR`bF_kI*~UmQ?)3|l zh4>4!1xUt;ckFpsNVFR9RN!um=32<`= zz6&V7j^H;C{1l~4)lw6*KNV{?*z>h?;7ubvx4uZTjz*dt`Os#`UZ7YUlD($=CP4o_ zf^Q@ESp*s&Wgyv!6YIhq zL0}=^ZFYp~0@Kgp=^BDxLG&h`K%0q01aBZ%@@XN~w|fZz7;6C;H8F?aZ6+qNc78s$ zW?R?RSLSJcy0I7SjfvYi5hT1aU*LqstW+=JNJAC^fY@0>oq_DME@vBIK0a&*9BYp?b-$ej3IpT9XTs&J4Fv(#ffXW|>a*8tu zUPBO2G~Yq+lL(3c)e0ofBMR9=F@)d+MwbuR@ic~D6ajPy#T36&CzQrqO`QFdm!8kw`5@s5Qza zn2c}>`faosv4%t>4#{BtZ8H*Q6RnAw#KA-?(U5p6FK7#>x$O0{Ln zE_>)<|6moo2ri3Pze4otw_D$+1VWf3GjDQwhwxBfi8ZFID(UAq&=uy?lc=>+r+5ijke27)S;%WwvZi#c^Nf&Ws|LwNgC9)%-Mcn_ z&S9FQse(Y#%OQFBa8|_-$1ztTdH_&M0|XQR000O8A(>NB%?M@`jwk>CZeIWZGyog` zaBF8@a%FRGb#h~6b1z?ZWo~3|axY(BaCu{4V`ybxUoUfMcrIgbd30!RZY?u7E^v8c zRa6N81I-LDV9g9LV0Cy4009K(0{{R7=mP)%t$Yo59LIIo{@pJQM-T-6BuYB!mypP# z_$NvfN%2=CB@%)NkP?@YR*Rd#VS&TlVRnxM&VUpPv_=0(w39e-k~)Blol}fxL71)E zwyo2)?LKYWwr$(CZQHhOo2P9~-^opG=3!>;%TA>p_D(95%C7Z)>tBaOB@c@o)*H;u z87nS}tkK&g_8Uf6$HPa13(oG6u+d|m6S=_n!FJIC6CXsh=C0!e)8Yq3TU+S+4 zpxR|}71ZD-wSU>O-R82)V3Qo%<6vQ9dFABOq>Jp3ft#F(9XVkI!{|e@8 z3hF}tmCWh1M8E9J4FPPbF0cKu;#=O6?{kkj!_$jx47@@ZM%!~mAI1yWMFzq3&kc$h zkQMaYkYE>K;hKq&KLcq#A?Eu1DxuG20oX3tI>mdAiRsw~if2YPsK!g9qg7b;pEFF> zsT`6sZfyNR5N$p5bw?1MSz3m~yvZxjXCeVQhRANIxakqKaDowbY_hT`(lntt;?EL@ ziauGv#oI(VR3Dar3#$+dvNTEESe7%-U~OYn2*Z?Vd8x$i*lEQnAkW}#i8=VXm&R2H z4WrdHaENyT&une7Goh=&t3M##N#0T20&|&HU?1!Pxq5tKK4E$ICb>p@f^)GAvY<)6 zQD5vIkOALVAIu-(0V!(^awDd%LRY1%lvj-?@8%F+FhSp(!Mx!4nb@drC26ybxyF2= zbF+=QdcJ{qz2iN7-zx<=yjE!TAPv1d#oP2l?m9tDy@NjX@>G={sA5z(aynbq*GKRV zxL&76v^|dUq4O=7H%BjY1~HLd9}9RriC@}M+hx>&EA9GIT3ubpfI2EuKb*NrAv1?RKIJW3m)U0&EA4v_RadiwsabJ zwJS1r!@mtcd3jR!IbT-vRiBW+^d+}Y=;bT7;6r}yT27q%)tOi1JL>~4@y766sYAM!SBdt1pNT*c{OXW1z6Z;s3A0xgXft62b8Is?dJ+V z?q^#@lV}ZQ)GxD21Apr;%^4G+ySOf)_Q$v7kC6%ZnQPl#?4Fq%5Q(H>BbIlE=K?H}e}edG698^v`#?UsJr=fz&@s&ocC$Hsc)Meed3NKWK zanR>V#tjb~mDVXJb+BvW_KfiJ9JkFF)x7^=H`VNl_&S0tIeTw7S>c|OcL)%T-~^N> zA0Pwd;zrgE;=g*iMdgJ4U2l|TSg&%kd&`0WpA9_mAmrD2p z4S){>MF)1P@23m3M+VSRQ3!w=F3*Ei=s_*=^a@o$W}qZHQf4qsW5%|?Dg3V|^iTC7 zU{uo#$gQzoE)lzHq39=KP)^7xb<#bf*K9u%NZs`46q5SF6o`;fxX>rlk^E1Lx0NLBpednD;K@5ESu(O>|APl>=%uu#cS7gFa_?-|c|*`WfDIie zFf&)S8hNj!jL__eAj)tk=|`GNAXYl9+RozY-%fbV@c`ZMRm4TYCOj!2r5CWeKmkf3 zD81mv&W(j!?@&=6rtdBqg&H;~9u$n#&!0$WsG>g0i5M0FKQkL;`QY)^$!4Ypdm>n4 z2M#$PDQP&!YqBd+W`Zx2*@835%QnY?Po~`s8+HQ~@&UU5`Z^M9J&F|! zVgh?VEJ9#mFq7l*?q+2@x768|1u7RA)?7D<8(<72)gIY6Egv^$skQLn>q@j}?5%za z;$%)k=oSN*AI9?9_OJa=#nx)=zce5RG^eRnlnMpG=wGE7AtCtcV1!fXd$h!i1C9eo z2qc#5XS?GxVoW4J#_T=S`UhotDz+6OF#^@$aog5u?!>=J9=VagT3Z11;#6;~V>+Rv zfpW48>a7D_&QLM#4%FI?V#J$&gh2O2B-=lM^YFlAo z$wfz>8i+cMSo@&_{0bYpf)mD)M`B(H_fSO?`c~9Y7J|BDW)=>9mwdi}=z2g!y7^BS ztYL+lu_3F$uN_ChHwmlE8;6I}$1(LC;|1ZaDYtY$4) zBoyqN&|FAr(n9b2oS(hXLdM$0%2XwYqYMtVq(g$N8P{|71{O>@T$PfZtZ8B!kpYUU zEh?B)+~5H-ZXLX1+^P&>%bFpbBwTnp*~YxaK}!R9juS_v;TxBd8fk^A6N2ioEk>hA znjRF5?pY+7B>!@7HKk1dALDBTl7&%R{|SE;=e99j6*{D#fV>%acNL9aOrms<2L+kl z!g{S94y%LM3IJCjRrxPYUp*1`HcV}jsl;0|jqyjom@Pr-L*q`rzELsb>#9HE(4%<6 z>Fc(+jzv6g$1AU!WeTvL9It9g!ey98%j!5l+>Hi;5F)`ibYc-V2{|aYkGwUqgV>=q zc)%Zt17QZ~pKuLPSnR$fU(a(BTLp=ar+J?6K`PUNc!Z|5@eV#RU&>Vpqxh@cyVRRI z7WcdtgObFE80jIY3}o!26kZ)U0g8jIS~?5;!>BYHS`lfeAQ}o~eKzl}Lfh2q z5_bXPVikI8?-Y#Y;QL;tv86hnm#157x}iD36rgV(mc7ZWKP`SsH>7#B!~Ca43xKaE z^kSS`nUF+3WWroUiXC7oBzuy!h7w1PrX9ASf4s&NQt&+FC{5hSs1$0<2uB`zh%DTV zyPK>2RyiX<_&OB}cAvpM%v^RE3uP7k2y_`^UkZMuU4hH8e?$;f`vLESsVXHXFZ2ay z^aWL&0k9^%iq|3F&M!0EF&uHBpiu<}kx<+s5<(i><65E7sR4U3Ev8uQ-x3O)L)*eG z-ap$~1QFH2)p6HOa!3UWpaq_-APCGKnEXJB@l3u;d?U3Df&3$)#y35e<)nyxzf6R& zAv!pZg(XV<>0{C*pZ}D0St?ZLct2_!Yqf~3p)6ZDE%;K=I@dWOj!?qRaPd_ z<3F$~PnWcrSEj2_piU8~QRTU9fXSJLN@FyqU~v+rePNmegmZAq_Y zF(ttadQbu|Bse+1t-t|6P@k=2*ux5B2JQf-rN}aO$nwGzceT7DN1MjJeSts{D`hXC zR8MUvNKl5H${2_N*g+Rg7(cD}*i1fkI5%WhnV2}GTS%~A8Nh-n>o!H{2wKs;0(&VV zmy{&b_te}se=i(tSI2I|ToDkQ3;MWE;9sPtfJ-_!C)Q66Ff*JQ-UK4~S2&iCFgy+r zE;R_9ze>%60-#C@Kxa{S;gr9~j^dW)+KEHVg!fI4cAz{b?Y%w5e2=8XfXlc{-&c5z z1Gu+7D9h)x*<5LctFy5tw5u~olIjtb#D+q@&-@`^Wr&4xPV}8^$v(tPm^;nJSc}>B zffWSvaK*B0q1rxJQEiaK(pXK&kC2v@&{GXF$ygGZ=K*t1&cLd=m;Acf1T-`3kmC>w zF$vp!hYbXd|Ej4_yOgB}rFEa|Ea}3y6K^)4B{~CV6hc#XOwjs)h!`d;0tz4Q60^FP zDL3yw)*Jr9EG0ylF?#sKdVDCERBsrIV>8ca&E+1DT0SKr&2c%3k=Z1XKAg&wS?)ti znQ2+k{G&ESz>#-M@Ex6M6@N_IDnNVsuCFBIqUW(2c50cnT*rg_AjN7nZY?PAb?V7k zh>r@A!$dd;zp{joyC?I`Yizil#J=wZ}xqy zq|gYalS_bu7DUp+R2B&w(;Ex%mg3RuvRie_68VR=^fE5zw0UHdQ!?@eSzWt!_Wh(h z$YKr9BuE>d4#s!tG;tp^!f`rXTh28Aua`dPCR`j{Zp>EI{ad6zt5FiRBR6BtQ#;y0CtoNS2b)Q|dHXjwaewv>xunD z*2i2Be==za%9aENhF=>q9$8*`q<*{4O%R)QyxlOi(45sevkYrwe2wmk*70R zT<)|HNoB%+e^t!y5e$Ee>WzZ>d|_Z_mB^_PjC40JU+JiXQPXad9$|fyK}!P;#C)33 zw14+*F@_j1r~Dv%vGb*(qM@Q~ZA9y!U3L_EFL->;CCMi*(Q!c0!$lHq%a_#S(;SR_H+a}*!gl|6iEd}x6g3mC0@8X^+sXp*rbDFB9)_o4D_6+pc(oe3@LaF zbrYXMXDD78%nUYp!i@^Z#o-#$$zFUh`-hBM7Sh-%)Hjb#)mTlxjIbLC*+yMK*N#$^ ztiz5{XYs<&7Z*wnlO56Z{g- zPNYu_Atk|-!Z`ElxU*wD4I_X21?fcJJg;uLfJg`?`4O3M+4^S4#S6IlU+b!q;0$Us zGcbr@cEOt~C*dW@{D#Rf0{K+EvRlC+J+eB-2IuN0B@Mip2#4&cfDe|~q|P;_zxWVzA;nCF{g)Jk@+ZvRKo*JB9;#m= zOR2=0_SBgv;6S5x5y?J5P849Jj=A6RVwuDu0XhI97UTmZW`+6$$cF0Fn|S~aIjxXf z;1S?XO>iXkYAg&&}}xCxS*)rr==?TahoTMIkItFJQ;E%^A$ z{9%&4n3r`k+&5_#sR8b%G~)+d79SP*3Wc~yYi|Fz%m}RC{1M=#h-GtpxZQHMfzqUX zSAc8-;#aoYO@^#%^#~cDB_91lMr^mI45+$of2A!|+xEf%YDlXggO_{;{m~lF59QWH$Ubj}WFTdz)Xd&RQ6*LqO~% z{YDwM%%-vm;KU{UKKGf;U#rNZmE*dyWd2j&a2&rzM?wjBOnw19*aP^@8qa3Zwf2VF z8x6!e9O{g~g;~c=#(%b)oF^UwwC?;P6u8!I$b{8^QyYk#IZ!uYJ2(j(`+40vDS;YW zh~54W&Lb}b9vEZs)o3L9PFP?KvMqBfIIWV%+-UK=a>YE0^jr9_foRyCc@H3=!VtYg zsH)`y|11ixP4zH9x3hg0YEn)#_HmwXvRGJE!BbdQTVu2N19tGvNOPzCZQ5=;Ku}fi z1#EC(NOrhyzhDT{U(gKAV3n@W4GbX$eI`tzsvcS7D~SpDz$uEM)|B-RGu~M?0J-KCK+fA)^r{59tzCB zsd}cV*cXYuo=cXYtZg)CW-m-Rg(Oa0pk%2@e(#eR6ah|t3m}*P#t;$!NhIWua`2M% zk1WGe^)U48m$q8L{nJdN`szn_0o(oD8@NuFE)c$gppa=1s&!cNtKoeoo}t2UPMe&W@FR$lJDM z)qnh#O{|F;3>_&bPB#$jl+5}5=^8YgSlPoJt4gv^Fz5THylMvb*TQ$O z66Y)F38qY{&rHNiW_#7volD5eKp*uw2{^c-@z9IEb?Ux4HYBDqJ}YNN zVyKhsorSLEh}b&_vgf+KxJTc|RH7p{oT{{^dnlP3$>f7`yN&VmlU|MkbCpR z=on9uxF-vKy(I=`Yq{u32+iM`7H4k7<`#I`wP#{NR>~waTegkVL38;?d3a8`^Vi3-j^gZ(GS?#}d|4HF^ZcQplLdfJFu;VHW%%*XM}1jj4Tca(?J?8r$fQnxwda z1&dU>zbF=bPsZZDOA^alse9emzHT76Mbt+i~8|4(z6(ap^rSrX& zcO>)AGH&-0N71ULQJeLKA|iMjP0_+lIp}L;E@ym|k88C37_`60{@mRf3gfP@L1yj8 z?I&b)p?Y6#F&7+AfDUC?Nzzvvx|ac@BiL@bRsP_e^^Mjl3CRNcR?5Q2;C0clhnBvn zD@2rxt zL?&2RS8J1Qb=~%kt=&e`=7T7+?(5XC~0 zdF*`K2~bW57@;w4f37vovCFEx3?pXS*;sUqdsv;D4cCa^3~*wezQU6SzPiyUa`>M~ z$9Wb|MY%xxW)0jKzs#zJ$aXcuA+rEF(Zxj7le~yjcFtea@H~#T3%DhCQK@byhK8(Z z?2&X!J5XywhYJg7Ea27MBt!LDov0F#LJSKpv=x0ESSHfw?{&y?b)p$bwY=z(ay9|<>=1g#JO;={Gf%HHZm?XO$4^!sp;-A#RmA^O^1 z@%B~7hsF&C^$J5p265kKZJD=&blN~MYb8VC*}{z_IDBBHso>&hR~)B8S0uXeuHc|) zA58BZ7p?1@Q)7CaDQ5wk;F)zDbD(!GYw&_y{sFZkR}} zdtruS?>ZBH{>UA~RuBBRs`~p>3h4xI7mw2MZ$+b<0uwQes-}YBf8EO+LzD_PPpLZq+OElxc1?y z^O~fV+!i3bOEw$mb^Fk%7^APKJ&bU2?|?dS+g+8QnXxzxCh-~>Adxs9YnPR^j2c-h zm;DPg+dgnX>WGv*s0NHaxCxEx$?GmqbrhKT^KfJUF2wE>%b1}l1Eh+Dm#RvEJGWNN zlXnn@Asp;N=1@a`J{Tq#sj|AEQ>RCGq7evrPLe1f+G+3K`IvrZr+-;GO4F`|e8?UH z!$bj@UhW6;7Xgz`z+Ls8+&@@TcMeE9D0QphNI3_FdrBDg@)e`15*m=J)%{7&XG7<9 z1TOz{^_ScEDmW6_UxSPEB<9As}rY($vz8d$yQAle4O(^kykpGa0L>f|jeYwk)tB zC}^9pi=>Poo0)TybWs0@bI{hu3fr@8!~LsDerq7HPMD%GSNVk^Lv3+AsgqEQZcZ*(19L1fMMl0#21q5)UL)L&lysRGM@8irJ`1oV zRCn!TuEUYv)uvAfnI=B*<~~(U$)ua{_Sr@210Eu2Bd;yi--_OIZjo_}rcmWdD9s`r zX**kr4nxUD)5DajA?8M*H4V5t0KFk-LdcQZo*x1Gu+ioJ+lgBIb4Sh;L1s>F2$N-Z ziz`AV>+=F`HM8;-sJ^ZFalmpmUh-4NA$(VROZ5@fDdcP`tG}kNv#Os3xmQ3*MGs@0A81@}HoZypHkjqy}oSd#z${{2_f)*WFnyK%$kB=S zb-mx6oAAzRzEem2ucWXgJEr}aS`dEcZNXlbm_XGVe8nYspCB4y-kz0zqExQqpKfhu zmzbcnTYNCRaN?S_AWF$m8gXgiB$T6L%}LaCC#Lu*P^>LV-S@Zmud7bV-AN&XY$bWu z3prjeBn&8Wk7T$p2?D!e7zpG^w8UVxn*;s%B|V^c?(J$_^Gzv9kMJ}qe!)7~h!l5q z$y#y?%#fR!v8ZwrWk~WCu>o>YYz2+WM28YFh*jh0FFZtU1U<)_zWDZOrb{7jv4Z zO#1}p+JQ5MCi+IO9n40H(xegOH9q+$wPLNbNi7jDY}Xl@<1v=;5g3TV&RYR7D73UhHGvylHGAFL zE#j*Pu|$DqJ@RPUx8pwxsH1Yj<~{*}J^sN%T#zpSwHhnH9+suHw{+Ed3}eg2=(nPU z-|zY?v~ND76W+RNDjLYS1Nu#1EA&qpe!=Zsd)VrT7W@cC_o4{j#67&rIsu=pp#PL< z{|>~j>4o9zT4#ofDBwpI-5%K5fvec^I%GjG=v0j3f@S?NZ^VdA`lozMq$8ubDoySH zY$~oz`r#{X=tM&z$0yn+HfL6|#ao+9fmiazjY%Kwj%zxQ9*PJ?BJvX&qo+Nv8t;IV zv((igrobBXW6)Q^ z6(e+c871t$HSWLHPu7*|via(dl;8yIVJ;)RT>|~kMen>1tuXR+*woPJDqaLex~h|w z{%cJqrzh^Nh(;-F(S26!g8k?lHx%m59E_jwvrCt*{Ze?9t8)eud>^Q@Z^)GSE&Irl zq1yaOFEb<<-3=OWg=eA~ha(ntg)qM8=8i40WUwhf<$_JvvcR~~ znf_{3?l?FBr$>MJ>amZl9tJP-SsioflcIQw@dwsz0WzIOJ=#Kerjc>r61+D)8DbT% z;3&PcNITKV8%#$#CY6!ml7H%}=0JAWXAgf&rxFjK%*ng>3{1o@7yWaZt}anG11F?E z)X}Tm(2sXzC4TVU@%ejn_LX~IFwG|2id~eSVJ`IDGqK6cI|@%ti)X>-OMV9VTi0UA z{oznt^*+WG{c64!f0zjPAm2rqi&)MLP&*LB=(f2wyMnpCW&Ix?yBeqan~=k`aGLj9?-e^*BP*52DBsiLxI!O|#uoC)aals?J&0a^8^}`$u0(htes(RN zL?IM_WwPF9*>O#i3Ozf~o85+G!TBHOQ{Z(jP*C8ay{lK@ukE_UwZ_>ETV(KYwz@U1d)DVcpq#teRNK{advf+=agQAQe?VviyN~HuTjIYXQWfr zXk-p$#l;)qXl5E(wz4=OU`@#z$(@cZ)ZW&pY4f~@_J@iRvl|Q%{{7kLAxesy;}_V& zoH&bI3vw{I?Kl{>H&c-YCYqO+{MxAPrA*bkOvxjUGCG#^!nI7otR;Uw3;btS2u$%k zc)M`CPiwKgZ(xOpWjWERJ#fbO)q{MTd$p5!Bbk8_UunS_{dGN4p%s0CGUV?_j3I_N zw0}uPz%W+~Vu88})0SW7JzA{w0@M4yp_JsBAFO&kN;24a4j&8RJgJjU$18^0`5=-ZveD(_&0gCXJ1>$=DwIPZW+)M(5ztV$Nq3L+F7&RdrUW1s zkVogTadln!j+Xd(p>McRjHi*^J~9Q_Q*4rM_9 zX!Ce3arT-S@RJU~K|>0a8Y0vJpjmM=2z}!D1xlr+X%p_)qYONc+U3dlL59R)U$Tc{ ztwp0se-LU`x!SJ3v%xjPUq5zcp06Lsu<}+i8Yz4mWhkkX{bU0|c zDj4Ryx(xUD4Efkk6J>=8nKTzqc ze|%lS8~Kw<`fB%yEL5N1wF8>D=tPPbn3h#WcI7kV9vgYdjbAV_w(oQGvrsQZ~-#=AL3-VQNl6T>TmlSWO{C_1B@bIniKX4g3(L$p!iy1BAr;(B1aiIEV&3mei^ zFGkf2%>WkRqakgcmDA(sr%LWwFLS zd-%Z81-tGsAT4aBQjj?`4?If9DiG^(Y{49IZHmr}=zT1yA%f#!j|Mxzao~c(HAoX? zHW)!hZwwN(Rr^}`Aqg4Q4;HDlF^2JITtW;As7@eD8T6{LNXJUm2@(!2KsW$HH-zse?g0W+h1sxsRJpSN zA;LpDOcKCB5I-pZ(eEjd;ldFt=5PTMBvRhG3X*82D)c|6k{I1hx_*d*KPl#a(aU@n zkkbH&XZa`5hnc`egE<@r6ng+d7GZ^QxdZ~sqbQ1XOlikZN>I5?ROJVl-0iG&Mm{45 zW-54uH)t<*0PFj4%<%2PO@ez!=9ID(EC6H4^qry`$qcdb&SMMX2>ej6=HqKP?)tnt zOALmo?JAEDeb{gNTmYLfaG3+b+qr@`pfLjW1Q%aA;*qB_YCf($ZgM|wyPkWDZ>&}! z)w`I>^b&ktmp(E+>VJQAzG>V!rg4y1io+~< z0kX{soMYp?$O>KjNo>txV@V0kKV=4Me&V~cv&`9wt#ErWz zT+Os+5B~bkZ_WdN)SR)em-KQhcHGWh+>8uGblQeQ5&3bX634^*O#EWR%*WFM6H%}t zU4i**OP3g_&zV5IsYk>4S3syio890(K~IAPD(=H;S7Cu^-XK40*2`bP>d;JVw_;Dv zn)rr3PW@BZA;E|=B5w<77L5MT38(=n?6*KeNF!150%3*^_>T?5Oi?!td3P;bPYEWB zN=m%L12Hp>L|P;?hik|=-`y@)Z5~RGvrgy4(*e4wTa=!ms2MfS)MEQ;l-ZXxOb#E+ z-#VY~vCwX4q0GhWxn&s2VbKW7Y)+XHGlg`|qA)Es!ia(lFo!js94uFpV7?Y0H`0By zSl)8q2k=!~FtUG#aEKE!!v^x&2QZm4VtS+e@XZ(av2M2~Y5-6T4k?axI7A1YIvWZn zuX|dHJuo~hLYpnkr=%=nX<}VJtW$R$ra^@%oS)68lo6o8)CF-{Tz5n}uIlF&Crzl? zkWdC)@ObSd)OL1u#&^SXlo0bT7GeW|WG69^h~$P~xSsCg=WU20LN<&keCX>6s3p`r zu6CEZqkWD+&(F)5b^7eL&YE>#3zo;GADSVSNzETnu=zPq{Mzpvh&MpiS+1km)!j8J zlh3cFdq#>XFHybac`(@BJ#21!2@P3~h=F_tx3<86d}zt%H?h=|ri8~X#>N8n%4wyR zmniYaK_*{o)CBn2S-Cl1OVn-_#at_Fj#5=sc4(b+3X&DEf8@+I}vXWDZO(x5CYlLp@ACEN#B>BXy% zp9IBlCN~H*hj<%mTta*eEbs=-8k@>iS=x@9(il3~*zO+JCDUxLT8?VMDm0X`gi+NW zXu-9Ht2-SP4?kx% zBg*~`A=(Se{_f@@;_G|#rj8}Aa&XlwJJmpza9*wU;9tANp?-OBdtp><*r1sk<>XSV=+%9d|#}`Fw@fyntQOHxXOs%dt|jpwOQJG!0fQ0EJ-{D{EMz1FPlr zm{KhX?R7i}T9WtObZWakp~4##L-kIT)gNEgM~B~11%k|LayLr-ZEbYtNk!QW2X4@v zp&--)3Tk7NOyNJ0QLH(Ic>igXeUW%SySbDT_ok_ulffQ86`_G&SB16oWS%f7|zUeyIYJ`WH)keWGPZpd<>2v z+Pp(<5*rNfJBwPh62jpqs?V8&k0Jwxo@|nmWGq%LnWy*`z8qK|x^mAYNVYm!6k&5C zT!7}%>z7J_0wUss0>;LD>$VpFFKpJoAOe0dh|2*(z*k!c3y-K?3QQHvm7THY!x!v- zsn^g@oyYtjJS(}6FJovLS~2`yY%_z-e%!oHvY6e$nE5or;2pbaH6v3E&!}ST^hRc* z?}jp~0GS>Vd+0bR?~!q1SW0R}Yd)?C!jZ{6M#o5Hc)Y5jJ5>AjSAe7U!TUOSSL&;z z4gFrrOUx%c3A+1w?Bz?`gJjjX`x|CKCh(Y1A3OV+@{+M7l_^!(GnL-d#e@Ci@!J{F z@{QKj&0AW0Hx4uO^@9AX)eP1+g6DMSp1L5Mp- zVi5*;4yY4DqylRsOe3kO{=&yUy5}z)dfxPZRLVK;9pJFaVmi{VBM4u-Y0#7XzqvLw z(sSL{OjCe1R0`KhZ;=R`c%Vf8jEO>vrjc2Hgqb1eWPbfTF(}4*V4P*l`iVC~eE`j! z&w8co^KIW=oF?jWiQeq=@No2AbXjJ1O=E;nf9>}?V{2bnQB7^~O7N2id`2?YJ&!wG zg(Ajo&?KR7k%&W9y`$9aXWST-;RYF-p)Ij*$jXM z;%z2e!n%OEzi#sV5tP^K2;Sp_s0y1(}!i{e6H=s^*D!CjROhg!e(R7 zgzV_8JsF(9{nB0_<02Zrnf1W>T#tYv5nW2O;1P*%O>5VEAEB#UulwiE52tjE4#RVZ zxJ5ex3yxygfBYgNL26EC(g({zcay!wU2=J|`37i^Mh5n@N^OR+FS%>jMAHAlrk4mU zm^HRuMs>HlPLHA1HYp1ZI8`_U5ldx&wm!F2~-|&_9j-)Jj!@h zpDNM5SEapBGz+d%!-_u7;}57K;k)+g;$pny)W8IH@=-_mY!|^(i=9}ZH$g(`s&lGo z_rhy#XaCzKQy8hhPC@KD9It+HiOl)wA#G)B7yd=aS$i;cRd*hoa~@E28rKXJYyoMb zPleGuCnV^`xsB>w`m0F>_?X5+?51a9t(9C!@MXC)K!%AMMqt@@$=>yP`jnfT;D zcWWQKq^5}dG^JH$wV=G2Kxd6%5?g6<(7j1>X09c3h1qd6$H;|;cAa~zI)Mv9uU&-IN}W)OuH66_Y{jZ{%Vs~$A)ycH`*qh({8WilmEMcK`xIREiV3~$TI$o= z$MNgWf7*1Rer>t{|7p|x&%ytF{P$9ooxY)^zNxv5Dc%1hRsB~H?8IE+a1syzKxAZ>}wfY5!Z3iC|pf+%T6JG>{9c_ar>yr)2395#M! zMN^Q>x=^)P{MhSC%t1;~O`Bk{#u=29MdF;COPw&rlaQAiqd@T6}4}@_g zzl;Io=in{3!UPdcGg0bU?vAIFlC(y{MOi4>Bsi1Udi7wE%3JZibboc_kU>59i!*T& znm(dG5S>+h*4y-NV+=Ung+rslA@m9w#k|}?q1bl$O-8)d+3-qBUN{-jjML#v2m z!9k1a{neZ1ci{iJUFcttx4?h*B|E|Y-*&Oqcd#`6U)9rM%uSn3_UCQg{tEaMx#+m` zbwDr??Y@5=X#GXftmhz+EHDD`=9<;i7Gjj|0?((1X(Xn7R)%jaxCgGw3le1RAqD#^O2A- zj8{Yhd3rv%LjM-wC6*7?&pVGpD~t8j%2{U8mYM{BWGqRc#$S2nHW_6cT*@RVDc0rE zQH#Y$HD}<6rCXz|*rgQ}a4beh#%(~Tu*DU>@Dio%HS_cs%H8F~`O6%_17u*pDk*0D zls{;%6tzu|((tc3+t87xTfe&`IZ&(iIZz?LfKtj6-g{>Hz?Nqw8~|&b-bhNDm4M1# zBq=i#BGMor@2_f%LKH4ijho-_-hWE6vL9Ze0^ff6)fGpN*hX#`d&0;0uu0EPB;vpD zGE70M2JcJ*vJmeRl&)r{$g_*wpwgT2G)|OuR+TUy0-32>BQ;E_(*GTrW}XK><+1UQnn==WQ&W#v*0lL2S;rY0k-kj z@nVYzvjhWMSU7_PdkKc*0OleDDb?*7!dmReE%`3igXP8t`A~q^)%>l`Cp99coMC_o ze(z&tHe$;)qxEm!0HfGXL02YRWJYP)8qrYvgY&&_QLvnQDUFWWwWP;Mo+Y?cHWxSu z$K^0j0E9aVt;3ha9RknSvlly`NzjiGFD^|XolI#CC2Lm89IeS3KM2TO;wSV4k6Ske zCD4y_kMaj^19Ao;wy=4DrA^93aRFiac;lR1T6cSl5Y)q$E!!O60$fq`Cg#ZfEA^;D zM=OVRCx>RATnN+^4J^1h$l?1@#WaI}NS7ukddb|I?gik$uq}>9!|g8~VRWxG0X5HX z=wgCNK+H8yu&ZAYWUGx6`~tLAC8D_q1dx>l;7$rme8VSr9LbA{6n{6+95K`(K zMA)_r4o41QZIQ1%WmvPNHbqs~>fR6P{^@ z@F_Dt;XLkEw1$6Fl!qq;l4bPMv29q;{Rv81=$ zJ-+e1U%v;sHy_`(oK=3VqhDV(JU#cjzg9;d=a%wicW7yRb#+Qk$F`G?DF^gMD4GQI zqx?!?zuAxR_soekaaJQ6dFlLqUAWPtklk&qF{B9L&fNtKyIQVxa&mLYz4=VaTC3lp zz-p*c%j%*lbi*fWf;qn0yx{aI!l1FIRErolD`B4*91wDmFlda{A-rAc+q8V<1VZ_f z^y2>*mxC9M7dIlmYo_cz=%SXzk~YV%Du>7UE-x@ve6oQ7u{LWk9#Lq$;ci< zVWP^1k7`C5(wWtp%uhXvz%HYLmE+ivZH}B+rB1WwJw1IKnors0P-oB8`@EZB=!H$Rjpw!ay0TyRhDD-rLho{ zc`i|M>Mpm&3)jOyierJkv<~wSDo&4R5Q(E3nAk$;p@py{QW*^A-nARjAX6;LI89J7 zVJ3KFe@8&wY*hIBu|~1eaT3zT$+j~OG+fD!ZqF%O5u+rpJh#sWe~Z)@bFT@SQ`~*y zr(^nb25!Z?H>Eg+vPvYzQ(pjyoC!Prs)C9Sy%+O5XGaVfl^JVUY|TVVgLk zy7ExvB3%ov_aFzV`k2&DmtUwMNX6m9G{!iN{+E3Zjx68aYYEus99C+Xt_Lf=n*g${ z&!@TIYsR{&{k5wlQ#&pc=?srvtV~5g`(J489=W-vL{kp;`wazJdb9+Y^ctZ5Dl>H` z`}{RiiJUiE9?Fb>Kq*43vZ<}i7|Vi9VN3~MT$)o+r(ZsOAJ+DXeBo0mOpkFBHz*@; z0POPFcqpZcB{A_g!eyF2-)TBuSVkDJ6cxZCyHhm2iyHS{w|4c4rL;mY0QZ;qq2HO) z7p3^z+Qa+aW_ZiT{-|@pGIKS{KK-=U@Rr_(H9f-5mL>E_UH>%5eK+?U2cw4E7ok`n?-(|A>nM~@p(`YDeItmBb_nS@D;+v7B*bo?6 z;sGYG+O&@jXV?zBy~vh+YKVtbX~)UqSYxBR;<;V47;_uaDl_yjD8pt)iI(_E`w!3@W4R4BdlNHzE20+x-=_RIhF zz<2FqwbCv{6Ed5!BNNz9FY#civ7Y)l#+VSaGF^%LgEZ{=V&!KuJ%h$BPy>?!;bJbu z=41{V1{IF~ubk)qwI(VK!QS)&1poj-005x<4>A)6V|!jzUwLV$(GBJ|{ z{%1xv-vJkPB&gkGAw6pGGWbpGB3u_l7pGebEj!+uNR0q-t5E#=wT7r~fFykc7kc65 z`z3$*#vv$$HJ$I0iWEG@JlHYGlu`ghTwYjlK;B(YPW(*;uSF#?uaDAAiYYTx2Z@G3 zq?+(4)As;hN^$swi^tZ@>n~CP3+bUeTjZbyzOrXly@FvNNY-B|BjQ6izg82h>a~_J zad9~biLB#+)|D)4`Gl&B*@lHICK5nMzvOW*5S|Y8Yf%f>LHIvs8(Wvg}>W z@ZZ*3s&fE?gA}jqmZ*6o8+ zxZChbcx^V1obFq(`_QL=adUzhVCL73tryoD;~oZ7qZsLFfs|HGf^?en zGXd9Q_t%r}Al6ZObw&lijyKR0&|j7PJG?ubggdjayW(Ieq6gO!Lc-&K_XqqV0-y?S z&wxJ4K!H(b7#s7zmuQh(4{RRmIk%%Z%9jXe28;bP=zOT=2eEQV7lF?QL9}x?N?Kig z4RW`iFd*{h{Fp!EqwmKHmif6-D@u3fM4k=uV9wf~WPeicsRm@D)A$FoW;k=!sO@#? z)34*=_j}TLnqpNzEMSTT_CGHbU%q=Ap+_%2a|CaNlqC8L%~?z=qOzd^52V|9rH(-Y zAxLA4xgo^#CA~0VmG-D{{wmyTXwA0*@KOPtp~p}P6%RONBL_!rp4kROT)@a3SOp8V z(|$dEF|pBjD=k;eP^E!zK25?4F4egT-tU*lW{efKu?&G1ZFy3uHgiVsFUaLc>#HS~ z9fUOfhawO}f1gJ3+Xc-aMVjyI+rSI;*i%cIk;_R2RsdJ~tVlY=KpP*6kS~H(+uSnv zweM>Dy6(BXD$24*<=G?w9dwd2139T{8yiD=CUdq)_+0s;`TyX-F2lMk z3U9tng^bqlCMdUCxMFuYbDNxt?Ii_X}_$0I0mOaJ$=N-(2uw| zf~UyS-i1#?XGgSxqMa}UWF!b)kNb0@O~Tr_le?_D~EOahx6_DX~KLW5Pt4ID|l?>sitn9%GyhKOy!_clB3cFJ)UV)u<<9 z&xzmJqfW!T;AE{kUFAdSg=tLd409G1vV)rkYog2J*Sa7|5We^IB{fm^t@X9#dJ=em zo2^;bGesAX*R(SKBQ*2rNMZ&GrV~25cEF25c-c~NYQ+L>B%sE0qJhcZJI=yHx7Xd? z0=<rlU5!(KTUlgqpTMU7AsW(-z4abFPqRs;UiY5w&Q8CmJpo zWF7Gh#QCMFryQ+?@v{WEA_=A|OhS2&g@}-HJaE}0OKc4lqc^lFoI)9}Y2=>|d@nFB z_IH=%6J{yK9xNLyKwKdrXK46U=EPR{Igbw@Y`vaE;~T*XN$0^CQ*dbOYb&A;KPMvJ zpywxeNvL$YtUfTFV3$0g0(h-QB{p)8m|}!~gHkriJX^f36qjLsJ^yEr^LI&^K>L;7 z0RI30Q2qx&PFL65#@tC)_y3~5NyqV84$(mmyZS=fw>H5GobTlO+K^#s*Eo?6w}mgD zSy7HX^n3r~kf*6ez2uhU<@JQSEu5u$^OJk+X#?nYO=EbGQ;3CTAOLrm;u|EuAzfX* zF0+R5!ZVc}zuNEVw(KkRG56%?*7DR~!>2j9e}2Dn;iy6_88#%4caiR6lYbHLD(~_~ zAc)Ue!U zMSdsTLMyA>5Ee18%+zpY(q8+CDnK-x&O82)rf>+KzZVX6gJ|qMfb@Kx{g7YD&@{YY z&QI6_W@)uFsYg(zfv0ATny}o^c08`ae|C#3f7tcB=u3SE`LALY?CnUtJ`4Z= z5%qs2X1V+-S?0Dj|ChBt*06TmWI_C{(e+*%Z#+!yy zQKUy0$4gLOP?B4eqbAESe&2UQA$_`Aj)@!uE-9Bp^vAg2M2iy8D3EwMz7!UQ52Yu4 z-d*3riISR%y7UL+nipFPVj`NUS5QB`zwiXqPH_KzC7t!Jw89*XWQa*ZA2$209%?2qQYHq=G{T=Atuw}gJHh8V00!9 z!dA^w##Tq-$1q>y%s&CmmLHjwL^FYt^LRrZh!1JbBHMvK~sFi!c?#cTs0Mey469wkj!5&9(0_`BzIOvV|$+pDCG2`4C_|Y z8|uSd2K^|=rJ|(=nYJU-bhYt}wy#tVP8HAH@(DaD9+bj{AULV6;Z)7n(cQfm+9N6}$Bop+y-;453ixp%NLC+stY#-IIW39)zIXDjPZf4!S+W}y z#E%^gGervrtAiCF(gr=WPs|QH*A1$Cf3vUQxUA3cMmEuUTJc7j>$ zpd7}ljeSTISA*1fLJ@ftofK3Y5}3EO4mJw!B3=kBk2+yc8OcvN%_Xl>HAl!(21crO zLVaeht2Y@FPFzJN+jtnHE8AoYMQxp)h9e`Sfb|a<<%&0u-RqrAzh(i+V6x`3R&qm} zo}8%nL+PILj`)Vq27-@X64Zn;Ig1@U9?eZWc$X`O58m~t7iq}=!nB}P&FVvHa%S`n zhQd|CK+7oMvrbP|K*Vr+qS&PUFOOnvVQc8?E&l=ddC3@DniHi^Sj*z68<#r?+cpeYsB+eUao7XK$0jV4LZeHWUrXu zs?0Qh+BXmFR>ux5Xs-$t;y8fV&&!ldi%$HL&K~xM*O#cGtkHnHJ6*`zr_NX00qpSW zRM+=$*7xh*<}HV!D_?3u%&-H#a|(FkNdx5lI!V_ok&M0phBt86bm(r)gP)KPR#iT1 z5A+btEPcW?c%Lzz)Ltf97z=IfL2XH2w=Qv?k~#(uC}Dp@c@USvFVfB0=99=y<`F3- zcfe(c7E!cA1}Qm!JPw0jIAGuN-yds<>%! z^}BHu(SWoa!ax8-#t_#ofV8S%zFp-C2Db4sU-0W}QnfS4R+*Zip00yv#`UTzv1n zek~2@GJ-wZQ_nTqCc)mO@>1T~d0q--b}MTa*#(V4G@?%LBn{;eT101ZtUSi?=8DbQ zsj0(V%sb?NftoMUcj3h)SEGC47gvE(w* zs=t7~&ai-B@3B9I#HjowCm0CRfAAydfGF9h2X%_t-Ze14Za{9G;>^RXna}=aIN`My z9G)Qmp!aB?1MG&@%IMaO(aw%~?rPtJ=myoUyw}_>QE;NcmeN|Wse|shBdF`>hFr3> z-BliCy|j)(&A&gyAA5H3^_srB+i>q@Y6+#*cA2L95c#r4;g-OS2g=~Eq4UZy`1H*M za?1?bS(*elZd$ZGCzk_Ix2!@?`0G?HLZoavLX!^nX#Um|^Er!AuP>X-Cn5jM<$|Rh z@Q2Fg>Tum=2J!5Z00E|Rji2V}TINdI{NZ*Q_}O$%9%J=ncFH_6NDV`8>>;u`4cM)- z&e4No!n7FW({dGo*--v8OooanZtv0rqB$=N{LxW@X6x|uMKwhG2))Lnw+CVe6uLir zD^1MZ#s0d>z$=@#`KMqm>XioznvXi6c2m}r-dd0qoCuR%K1C$6WP%fc#FHp3-B%%; z9Odk=T-!v2ctoDPK|fO`RJwn_VJnjcbPp{&-&jK8@TqC;Bbv1=A?aylX%R<(hep^q zIWnVfqtGhhgx!%(N?knRZ5hjKI-56WMXfwvd?Dc{b-yaK2mNf0 zE)^5RtY64XILnKVo6x6=80$DqT73BT5dwlunTcU8Rs=XU)%?DN`%3s#wn6U>@JJK} z3aAggNtPJUUJ+PXqA(%D_0N_In^p0?`02IZm|l)3xRn%-NI;pp6Pk^u6&8uNRa*5D z`GrJcQwd!Fc!9JlaK>Sm)2+aZ|)6{TM zra7$$AG8S>Mam|&pUke1C0po4-x?_Zg|XvX_MHhWs`Xj~-O8m6-U(7rH-X_nL`Bl`Q_Mkoraf&w z>w1Cs6wPr5D(6iOD`WJPcyUU}45i;lguXo{4MAlV8e4D3U?B8jDH2-&+EKu8zkq?Z z$i=$BI1LMi2Pq5c%_*#SQ=Za=eDF5m`Ew0s3^4mS=&`L_G41H+$CAra{>H}>lYH-f zyY}#S8Jzv1X-x=^M<*Y}{8VGDAjN#c!YvSX;rwiw;u7@hAua>Q_C2~D=4$6h1%9h? zQG*D?Sy%*KR;#xbxBl>8_dt-J6y##+2g^p+jcyG2ZB%D3(h!CWQ3GC#+w0ITc<+D# zC*q}%Ut6}6pyTA4PaQwl8QOyJ9pgD^Or2%D8Py-*px1lm16G$>x1)9DCUasIIphB@$<#)92Y8e1)ASU2^EwQir_RpL@lTRm!k(B7BMU~6QgZe8)WiM2QAx0SVr zY@8ynpCV7B{Znr#ZA5`&B7Df^D#u!JZcKBnyocPCB}vGfyTn4{aH-Z|$lxHSLANcS z8ORLBvcgZSTYt+;dxq|B<*#!eQgD(DXA<(VT$9E=zLd9v{$Q>8WM4z)B? zJ9(3Rw^WBRDc`$*+3nxMkPY-3>U}n{=VZFH#Q7+9eYCDs=I^u-7+|*8D1xJh(?(ac z>DbGVrGUjWNU^bwyN5GaYfkQDCzZS-cB-nn0P4}sRARFuRVmK%I7#!nXh~Mn%N~ZxjA+Bc+9OmhP`A^(w3~TM2 z_31lnT`cZy;1A$`P2z?xNZ}BEGw9;qi|jwhpq-t}t^RNNu(h0|3o-7v z-ctzLxtQ3Hx6s*y9rGDW>ov6Hofww&oq@k%yG>phzRCKzdQk}01@MwOh!giVnNwMBPe7gXip}i3yiyTa} ze zk>T<?b$A0OYJ0v>#bgo-TF3UrmxerqH(=DI*-yBJD`7;X^C zZ8AbtZnF?cB$k(!Ru#gl2UE7kOA+Fo--L&_O{X8ZCpZLw z7V^j`5|ae7-BYism$4%P6HzNXrvkIOBJ|}W@E)seFcyi+qqbjlMxC1?+oJK zk~+kvK2wY*3QEQ=#B*eo;GU_JG{Ekely%4_WEDf_vr4PvYX07#75-z90^hrim{TFs z6ej+Zni^KI(LFi{lSym9enLTpqy&Yrf7q-e|p7XHC{gOoB|+K!BRQX@Nw)dw`LKzgJR zDDcC0ra1rRq#N>b0T@qxBM%f=iaNesXhAUv*xX#Xj`YFNdav(^zq@#v+zrvHgq|z7Yt~g3ECU9+{gaM_CW|km=33 zBWG(#JXv}xr2=4q*ZKaTLyX#TaZ2RQ-YA9;#Gu8b_3OCN;7nTn#?&kI>wTb(1TFRb zbK(Eiu72H@RT4E|Dxm9aoYhrJde7f}>ZIxe_k_0|x)!=(Tsvx`@=EP3q=3CVS(JVC zoePl+j_~OzW1-?AH?}@0WE^)h__oLSsL$*l`PFn~Bl%icJG3&zE#K7v?{+yfJsfgS z@lYFE-+j@}&%NXUH0F*@0_Ol@;i>Wy@gagg{Dn`lpyA!`E%7+N{Wt6fEhCRITUk{Yx=>Gkp7ux<*1+*B)3-tdCSq8sdtp zjHol~kFu?N>$G2`I6AGq@NQ5o161?uTV`sDmq@$KIIC3~7ZXDT(?D?#PlG5XnnB_F zajSvUIQ{x(ejSDiWA#DuuJUX}kg`n;V9*Q5h>i+6f3e-6e%#z4@ zb_@>XR{yyB>h(AU7hv?O=QDgO(Gu2sdi->&jZK*v0+?-Kby<0NS(#hAR_F3u9RBT# zlKBg@J2vho4yhMBN*&FA4qQKI9`e3i+IxD%YkP(Kp(#Qi(;{XKA?;aWDR!NHw@I4U zX7np4Th0OWF41K{cAdO;^yYriW#hKlb6Ep;g~26vpfK6zCyE=uEh;^^@jH+E3~pU8 zB1U!Qeek7@*C6)o^!hQ03!kb#0T*2I0ZMxNJD{|!{);%OHbg9O1LfARoMgMRP4-H@ z&vWCAxNp(=lVPvh`V(?5oy7o$$qZr;=?o zQ)wON(9jCt#Gc1Q_Kt~jv&ahmOx!1078b!XLe}p|na6*DPxeuMXRs9EG&KYq^Upda z*R*I$?|%ICZhsrQXhw!Nl-nSwTkAWu52xrAr(FoA#ASAhN{asJ+MTX5%b$&#fbYpq znzP-N8ubwVB+HZU>ZVE-UjK;QAI)I%+G zH(%eqdBAn={bv1=!7d_k9?AtjHF;p)V4j_KA3`00-5R+@O#N8^XZ=ZO8|3ef$Z~;X zXBe%6jcC1x$fhnDR=2?|l10X_XKPo5$fQrYU;fmpB%gQORpd9Wm!$~iMXC#u1j4&% zQszS?+@r+TGOTMN?WCwWQ&xUjzqOGVd8{J?&h}D2a@Za1rx8UXS1?)YSS+I{Fk3MIQT>s-s+cLr8pnf?SE`Ob8=Nga zZi*BFS}izamY>@X$AS*um{-d1avZX7F>H#v5goBqC^=_rg|b2eDeUUFkUyTwJ5+Pc zlrC-Fkxh|obsTik*POI}o+qh)V@vZfIL;DA!BimmDRXT@Mw);+>Sr_avh$r@!?z4{ zz=ls344LFmQ3OxkF76yE*wY5!G|t>T5Qih5sp}JjsRD*uNA}pOZ;MWpcsD);10*2c z)*gKuMZNZ81to<@(RqV)E3}Hy7QziCDL`t{GY#vRwdz!%eN}en21|KnQ~**_0g*aI zL*JKlDpOn&fw`L#+`%6J^PSqZZ%{|v9ng#3GDRtTUL2<_--)~xdNYc^C|D$886#Nb zSZssPl%x&MFsZ`tvf6;VB!|L6F91F@(xx6OvtbD}t;vaJht z1HZ}dTXGyH8GDMVW*IeIPUID-AHKYLG^#(2LBi_LC%^PcA^Y^Jm`C3-s+O&rw;ZXm zw(BY@cX-9ogI;B1JZ8M5Zn`==??JsSNQ~oDlp;_OXgTcMC`xO~;(@kfmGtF^9P!E{ z4?wu8#dg!>3O(mR<78K)Oy>PZ!|~FjX4pB2+6I?`a}o}ncUHe_C$X0^n(fltX44`L z%Q!jDWO!kT9YLrabQoum*C_3dN?TDoI_t2!*BA4|Z>ijP%{i6bOWyO#BldEO%d`D6 z8v6pe(V<-d$5|ohCd|$e7p+fdx_mvZH{|<0)w;Ywnxw$&dW$54tU)3>g@ar0SC1F| ze<(xHRYe0#cOJ+)P--HdNczf({}`Zw*2r$6sIzLM4pSo z&UVi)uK;wLx-x#<;l_T1mVj^~DlIB8|8m)_s&6?1^|PuS6E1+e87scHV(*x{D_`^_CQSw{ zOk>qKRKT;vs6Gpfs*Cc*Rua_CGfe|9nf;JnFXrhlkV*INz7_4yNoC9xI03V90%_0x zcAYAhkUC6W4b8)*z&1#?oO#}jvmmd!p5qv8{JwG!MB-M1zz2DS$IH@$!|6iY8V8w& zJ2pyh&&9AMMuoNSf7_Z`->3rQ+hduDG=d)f9X|a-Js|L)XR!Q*(x>-}YmIJ7HDxXI z+<9PMLa5N1>v@CT@~xgqY4f&`{GITo7B%}L8Fta9Z}*UqPw3CYR3#HlxD>?M1waT? zs2iQlIBKhS&E}Hc)TvYg*tZ-HU(>Mu!B^eJXxA$_&Wzl&9%{#?9Ef_Cr-c2)=#S@y z4gD>&fgPRYU@MuI79EbiktQo1l&!T(G?Wdk&*3w1;b@gft)AK|a_eiausMBv?`iVF262nqj|N@Z>ro4vjFvViY&ARLmlrUuJ}XYpiTzt0NP=GmO|V3 zfU|XB&%KJcnq%$|)OgmBf(uyCKZ@Z@S08U$OaC3N{a~YjDNy8hsPd1Feoa!QZ-#EN zNqL|!)MUFt4_RUH3Rb$VhSpR+Crxh~U9XZFg#I;;iUyxtocOSsJtP#RUW2e-DsT@kJ)7}Wr`KG z^T|@?hnQNm$wusE@~1;jlBV_mYR$pecZ^oe+nD*|!X5v%6Ryt#VQHmNBqzm!1?FZK zRz=#U7Wm*~`SY1qm_NGJA2h!JGmFzR5UK=?5ZJSHGZD%88eTCYym|Zsf7^m67Cx}Q zs)QS)fdc?C7%Gbz7?8G4iTRj#5T4Ft10E7Txc~J~MdX$t00|EO5J3(AAn@NjRQ>OI z^?!bzYUYr%+Z6jXkqN~UmQSGm;l_DmY%$YpFdgaSJS2NCRbjl;4n1tfzNN8-gRaL9 zM|`sfN*L8TL!2&AXl_>a+{AK#kL@_k(X=U7s$nap@Jz2zs!$lmKMu@(#Q}&Y5>wyN zNDLM!yq~Mxy?h1x_HbeWqR*z0~m!__S z9&Ia4X6Cpw&Ylrjhp(9HlA5N<1So_OGzubbkn~``w9sUaMZQb|) zVK3taOh`KHZVxzv3;xYVF5?}GMP4zV*0{&o)!f%y*=!;R8c$wvsoc9!CK_B)wF2a6 zU#$bN*YU(XD5_?(Q%;VYRXWZdpAi<`N4ZwA|v>hw5&2&4n*HpXHrP(pl&W*{HgGCT7DWXCsMr;WvJ=&Er z(a(y~0Z~Nf>qPsrwNUFurQBt2rd2!@q;L|Dtc)m}oU-|m zAl3%5G%B!&{~CO#85!N&(PmZsPG|By8O;pWYK+iAXjb$o?w;qbw(eYdvf+}{c&#B= z<-Rt%`SQp-DtTjMrO8CmA}w`p0bBgZ847hmX4naFK+f;#366;MBq?kOXbM9OlI7fl zV#gw+a9kYX3LoEJ-?;@@Ys_^_x?9ay>Bk9Sgp5FNtk)r9}qJee3QVGOhb%YSJH5P8f4KUeXk>M7BnU?sLaSUtpQN& zgsc%0&`iqnPatiknh%4HP7>DT8{X~hC80e8O z>W%?oi8hK8vZ2(lZ~g!+Uyn7**9Rid4YoF8xG;jIOsgne7RUNv=(f@?1d)K>&}9!$ zd5+~-pAAs^_c}q_dV})?MPWI5*6<49|DKAVR{M3d0v%g)h|szo7E%T6g$k8-L%8U~ zp>v(}Ip-s*!EUbAj-$K9A|ctZjdI4l3ZQPsx7}O;B!|6v(+dH>xSO+x(XA##7L)rW z-&5IGQW+F>hE7y&HC)`HSB^*}4A}bi%+1d5_AfX!LQ8YPBvs6~T}m`%>mQ9sno1%O zDx09iHnD9#kUQ0vh&QImfUq=cJ7{(4&%-7oumbyWR*GZ(MwiEGVv}j=6>VINPAt;0 z@^QEJwFXs9v*snUJJnZe$#9S65WLyG(F>PVhI}#@X=coATp?TyJ!Z`bx(JDXfab_= zM5HSWnGhXBI;iq~A1zw)zU{~I{QLBL8b#=Qn`jdQ{`-7pWC4aGPC~j^7I^#TINGWA zTsiP;&aNxM$|uv zb@nmp(OzfIU76?1v>*kG$d@{y7pA4i%1&ypMGcb*tL||>1fxPz>y9OHH)tHsXhqdydOgdTA12}yYNYD zD)S!@FxudQ^br6>aDipU$cTDO=32$tBx52{(j%DNa?*6|Zre)%;9=rlpGz*B_(g2RqFnU$IYGaD^qF)qS{J!F>^OD7#Bm4a@I*`YDSF?Rrg`9}X2^aS zg@d*!c8eF;k6GAtCB*H~RxQsT`*$+V7X{7SH*vXLE--4Yu1~g5B-1*bAdm)ua2Zds z&?Ix79cuQ@h$=NIx=H=fwmkK=gEM1`dQL6o!!S%f>SxBUOOI%5FhW#Cq?}rgQ{MB9gwby#0-B&rG?ziGo-T0+0sv3~RgAc_vEo%@OutLkTjGsqh z9NI?QLTY}RC`K9`F6$go+7g{6kpYF>oYiMS72O(<7-uW#I{wAN;I$f`eB5T^gPqB> zuagknTryNAno{4NMZ%FJ1eAjbTys@qVjjmgR8*Km!Y`3jWa(K`N_xs8_J&{Rul)Qj z4^8@muKs~;t)63E1>nDH?~-6|!tltvdgq15e(3z&I~|yX&iSKSecwvr`)_OnvXR?8 zt>|MVPY4i5*XuB;MC;I#L{rIGw*Ci|37(REX$2XYR@ogkKs+pwPu09?nrS7yu+iCGh33`ut;v!c z@@;jVh297QCUDLq=(39jNQOV3;z zHGwIyS>(0m(upFooUNt~c?YYsv18oDB4b0KaDTW9^YUyC&%O&{`kcm|tEpE())fD} zCiseqFF7q>^o=wme}rL5RJ#lguJQ%ztnx)jt3w`i5tAp)kVCFyY&zjJp7n7VGDrfv#==NN&R~S z5t{=3Y@}XKxLO|Wel_VmH6iRIL1B-I=Gyats>htxkax3~2GjD8AS*uE20Ig#a2W>a zS<3y}cog@Slbe@Qj2oB;EoC);8}ZVu-v~8M>Nv|e2)DOmLGz6w$;+I&v-hNUFa3Q* zWz8{_k_k@^gihN|hoo-y9xG{&G7J@X1Ln#SIslvF`o~+t@BA=_q7;uCnhpBw;y_N$ zzy_90u`imnkY+h1{1{Bw*)o~pv#@hHhErn_L8w1+w&~nwmmwd!?_viX890s}pS~%5 zUQEohz(&ueQ!x@#k*rL`m;v$Gpl09+jbty!d>@swbe;6e%nR-lbG!TqbV$307p5DTtK-` zkq5N|k1HQ2_PO@BHLa-O6R9h?d*uSI2p9eM)oH)jzF*$4Q0N1|L&)3p{IZf6QG*T- zHUY!#bJ*1VHszIAID%w2#0Bi1g9x$53Lkjm%DjC*HU!=Y$aS+GH4#lowp6gaD#1sn z6fdF>TypcfP@*$t-@@*Bk=THmL}WeC9CmQUm7~w*^2Nkq#W&>n1B|mmsC7sOiGmRE zB0P+8Ca&4y+e5E+O{{Nbm_kkM$~{INYG~a^_MFgMqJ1#20E*Hi;{{eF`J4E|>h?zk z79!*Pcm!W+5nG1x7uxzB0@k{BN~@j`P~sqok|Xnj*xos_@m|U2ATzWhP69`kZzhWv z797JW@rOr}SxYVPZ(Anqz@~;f4aTX@HhLe6PbMwOK2~qAk-2Gz$0C#H+6>$iCC8)x zv&rK4u!>6Mx0JW=d-44@Rfzx9aPgmO5ZZFxGJ|yRE!j_^#mAy|hzJsaX$S%a2Im24 z0deAntj!m^?BY;i@nGg)pg19@cN0UDP6MM#Z09nrr=9TB;h#T#%^`FuQhtV($(VY*e z8V3a-V^}|6!oyx{m=lR?h&u>Y9Hsm|D(uMqh+(3{G8N8Gd5kc2kq>5UHrF1%jG}2b88N2QR1#2C-vn2Wy>8_F2!zHH%#-8; zu#Y44=FQ``Smcl?4@3p?z2eIxjrpfzo`jsxNz6HO6($aBMUg3e+)I3o&Y6o1# z9vHpiu=(DGc=zt+e;vN+YI&MsVQqtIUix8$#GFiC40X7P%IdBHT|u=Mm$j3V)02~* zm5ujB4GlqHcz%?+o(`WoO1>&rUdIQXF|>AQ@ewlgn5$M zuk(+A46WW`Qa5!I`t-yl`9lcxx>$a@g>nyhY{0~D2*ZW}yGs+Hy#nKt9&|ReZZ_4& zl9T1E+Q(q-`&*7&qt?L1B@P%p&1)7)-ea@A!*!5w5jk+QDOA4Q zCZ0HPQ{A-42xy+7H0#UHY?UKf z%BJ)27Kf`)BwjkUX)`h8O;ve%>dvZ77H+ytRh`tGDBa`gDRz}9&vJ@mM8utss9zqB28-r8 zX3QBb&dL!`mXiuAG*lZdUpo&8ZEITE4M|U1DHRg81YfmP-RSioF+$D+d! zp&}*WA_<>mmFr!>Y$l4&Dyi%C9z2sYM0!Di zD!+}K7I}Pb#ra4wb1mwokgWZ6Qb1ZF#_WlHG3kiB8@ZqQwa0W+DL$vE8mr*7+zD`n zC@;%IHG+%xWFR8wG-K-_wTx^OpLV~P4yB^Ib1(H><`Jtq^=F*qKy!^6VSV`pLt!Sb zC0?z98MRIuZ)&pi$7mu_sdCF4@#HKk4OoWi)0q;PsgHKD@yyNIs})Ujs+|a`^<)k_ z1YE8ZZJ(WCRILLaf=N>%8JV^5m~ZPk{u2@p3nl=hCzcKuw9XT4%MkHrpi#I+Wwca( zs4?c=BtCNLjZ@Q;C1~mKM5uSGNW0LJAPsPWx#K*=A;m^nOPr>L5nCk%1$W~Yk6TIX zqk`;hfgV8Gb*Vn75l2(IG)l|9PqAx2EyM~YIY7}lL%gu7mD4VMS+XTC|5x(Vt67g| zS>(S#n#%z>4#(jzt@=!J^Nhc>E0)nl;az?q1N7!3;Mxpa169JRyCQuDs*Ku&-i1Ok z(=0>ygfQs7ET{uhCEEqV79Ljcx?x9(fV!SY<(pDxH>o4+jPy96Qx*>ydGsl4>F>XD6S}SSaX( z4c@O*MTF`o1Erzwwq7|HDS&cMLnU8dfvI}=_uB^mSvVtS5GeTplk72D$-`=74#A}) z{unhfbnb;|ov}sI9|A@A=;QW&D9tvedHYq>5OWnT06_zErB-`uT#$VWfL0kH*eaxb z(7yH%6o6ACF@S7ts;Ijxa+Q2lF$h?T6rjBj$v51TVFYg?z5wrmJO}+CZ=rk#e!5Y0 zvY~wr^0xUYbUc9-e9M*POMzMBX>;kM>(EFG(ZpQ1Y}RW{g**>m}x#(sx$ zo8JVFsE<>@(ply~JTH0Iom6An(1doJ@HN`wq@MVni)zcJLXHMHH5HqFe>9csDlttE z1P0?nNdT?f-n$zRV|9H{wZy=zfC~COcPu%2Ot%FR=0RB1Ou(qmMb*B@vbH_QWbGRr zt8+7euX&NJZC8GNZ8tdq6+kl6YD!=Zy@LoK4qWeF~M?8 zW}BZ6s3oNfvBkk25au$H(dc`wkcY7e^!J7M2?GZ+YT2hPN^|Vg!Xx`eI7*Ap@}sxO ze7A|NL}!<>war>&Fv7QRuf@u&twmcRE!|&bZ`cseFMw|z0a+0gUO(7T-EE7UGT*Qv zZG5N-Y7BV!SgdaU_%>()$i4bV~waVixknoF>nw^B3) z9npmB5oPh~ade4T`m1o)nWPzSqUJm})c4om@$WFf)GECg8``0O3G02jZQ~%;8#i92 z!+b@Dt45$Sv<;^ExpbY$tFI^;to80%hUc-xo@47e|IG+Zd2;es)#R33iSw4OPr&_< zA-?3(?W5?@2_U}CGum12G?8qOepir9j6o1?nL~^SpHL3&k^=+W!$6dZR)YPHuMMU2 zR;os>El<{rqkYLJyrNT5zKK%Zz$*Ou9imp)5p*>${erkfVRe}WrY}2T+LD_hr~k&X zU57jtnM2S^gJR>ogINKxyfvclhrUa*MQO_$N7F7fjYeZhWSi+T8rf)A)2C_KHeiKU zEmSKj&JnKX6kRk|f{~&qh7Te|OOly4U z&5J-9h|Ix^njCGD>#5T@*lV1KZ^C~U5v)Y4E$}4cHJyM;pY!@FYZtiAsvR~IUA{Vi z*Z!kf$W~2~mR$;SaR!1$FLIXTpXMytb%bM|wO#Tg^mbSAl@OGEz76p!FmphCU1Cu% z(v1m}`mD26%7fQlLDg&`V8*^Od2CO$JyPKOapIX6@oaS1;A3XbC(-jCJ}n0aA;rh} z0pkw){Q|wwBT<>T|m6p`sFP6qF*-iSrhUN-=1p#`A6-lpApP@M%P-8X*BGIFKWQycZ&uFTDYy z(rSO0YkS-|U&hqUPEIz+PdCy|H`EDi^(p@au(ftK^12drwk7fm&5q_}|L)t?`kYpI zZgiakKtQE6z}d-WS0G}SaaG1VHtCH_2SjMVSI?X_VcLymscN{;OE{Mtzn6CJwGh}= z9Y%ScceRtrYKf*JMTEkKCnmjCHk>c&kyMTNp0i$8fY`~%ujD|hww|z^nQp69*8RL_ z$;M!3<4eu5RkE%M!y)>z$i$1phddaym;y`BWBE~#Zm~ct1F>v-ZO2(~{$MT{iXgp( zgw>65aRcV$Zm{wN&TOy}c(RSnrRp#&IQUX`;nqrOguP9=5qmMT7Z<}0)_tx^C{a+j z_0pNUzi(~P@k6efw$)5sH%xY3P25G62m3%g1N;bXEk^r1(H%V^k*O<>kjCBkuOfvg z1K_kf7S1+-_sRYiCj&6K&~S_g_=lzFgAXuUk?-hZftm-MM15XegbJ1hDFJax+W-D_ zEuA`~>~cljX10c0(CaJC92hbY;ygdzrW2EcH6@|!F*jR7&frW|xNU5#?bOJ`oKVs) z;bl(sBr+CHVgtLzWi*)DY%l17UD;&z-cWWiDg?^8ESanhLm+duueYS(ptGi@!nf8Bbr+wFKgy=t$gjDZhv>Mz8B zlq4#X%Ah$i)NfLv9uc?N206}eeQ#3(%tYCrU5$!|31&X-&dv?QAsXMSVr}p{7O{lY z-emiNS;gyLK+6Orb7GvPwgS#RT7QweatkXR;mHrY1noQ6>X7|g8n%BrhkbH5<2eS@ zvvwA@R!te=W|Ta<^9MN76x&qcdONiU=@tET{OUMUyV-gtWxd=i1DqJ;$!$9m-Q1(OLn%Ku1CY;Ey_!inMf~;MuCa@cFOWXA1)a;auALL`00h99m_}052e6 z)V3IRQxm6a_>`TztlP>2$M zZr{g(os@G100Jn^O12hlXu8ASH{Z^S(R?ZqSw#d+FpNt(XbF!=kK6#ZCM#XTZo3_T z4MSy=IG`A0IxL1WlpG-f8sIe;1_U%jM;wY!3 z#1e5r`K2nq2wO65%={32KpWYs0blAQ^>dpmqrmZwxLjvv&0r zC;6Igap`Q!wpgZV-@z%wDM0~uYC&E3IPy?6pt%0NKDz_fz`lrete0ut$l4Gc5M#k% zZzq2aZ81ywc*w(ufD4e~(>+E=8@O9vztm`l=sAC9^*yxvzUsiImRpYs9u zn`~}PzvfQGb(c<}pnGx}sDG(ZVXeoFDqLC>Ws0}{BFBcV{7rDp&ix&{-sXR_3oTpG zHoe@L-!U-%Owo=EK?bxl5W)f7A{q$2$3bB)PK!$k9Fc*PNu*Uz+0xBS-z#U4ZzpU zCM@26_uW7Ef2I8>LQj&wUya3H7vb|)0k_)s3yMq%N%IkB-dfI^(f;k0S>Rho@GOeY zFl-TQt-m>7av){5ryX+*s5~_;i9prkp>snJVlfPaU@Jkj58Z>6HlA(C7l;ie&h!lP zjZ5RMkqc|=@^(Q^%}W%l1pcMU8IBrxLm0&PddkND60imcR%FP8>`E;>H}IW33fbg9 zCYCwl=KQ3dd!RnO=Rf7)a=$>cL;8wvbK_#p^uo{c3m6Yi_X&{%O^UBSil|1z(Oj#9|hPQkJ5(}*?L#ImEczYK!@R-R_x@QJ?e zBV{rC%08q7o-rE&4o<~hoUtHHXe4x3RH9s$V248!LWOadD~Mp2-Qpyq+FlB z&)mzT{DYP=rv!w&^$gcg@OX9VOBLFjSAc=hu_6XLlF{G5^U3OOV)D;uJccp-2&v}P zbU$T0jNOwIsjXy-SE1K^s{Dn)zT<-%To+`lE}Z+xl`eo}j*yur7~I#YfEM3dPwSUu z{~)`}ptl(VXq83t! z9;lZD%kyYPKEFsH{GHOWD&?K&A1ReZW(nPuFK-f+0ck8WYu-@R#}4N^i2)S)yXg~- zet3P#1l_8z_||8;+$-(o@jg;t28BU#kGFMW%d9V)Q{#rqI|gr!?(X#4Q@O3YOGNc& z#|sJht;o>!5bS~9rTM$tzV$MX#b2}NdV4N=&L>~}+yGeLaA(p$L#8`sv)95v1I}N) z-3xPa&u}jM>>C7$YY-bB99FC#{ZW%T3!MR!=AlClx;dj#tI)U9-YL< zXMsMf-kovpuiPjh6(uQEef~u}>jN`Okd#Luu#TBe@u9pz6@AzfAjIlWQM~_ ziDj_auB!}NlLZ>#YT2E|diAA3s+`C?U>$#7F#@)g3rP3noan@O2~PZMgOIu@Gid56 zxhCQbY)}1fCm)+D(K!g8KHr@GhzTk(&uYa*ItxSpV5u%5MT~9v?qV)R*oU)>-OzN{ zsoa8)vIm6;6f9=ZHcDoLl92M-ckLC0c_^_%&IO+j&?;eD-0A&Iet*Ql$i2K7(H;kI z0R70o@!5JKFIm{5s1wZxt3;}SUrfRDzjL%F16Ip4qgBM6q^{K=qO z5B5&D`7@qH2rm-|MGzzP5S-zfe9kCgV#=#;x=1k1wZG>@D~l7D%MC?k@oL5U{(Y0a zv?BIQqq&C@(Ut*e*nBOdp2<_qsEI4Fh@TEveD~+#(}hg;y3EaAE+Dv*tHU;+$zy;oTT01BlL71xza-xgBO4!-PT+1 zjEjbAmI<(Y{q{3(%wrnbPeDLt!X;R-bHxzvPmDKV3BA2}{{jn!mAE=$7s68B=U79L zUd=Cc5GvlUUWGYDGR4`$dH?*gf49hQrPlkc+RO`U91+Z3qqFy?m{<1sdg=U%MYL^` zh_*@-4rM78&68;L64g*qgZ6z)n%TcotIkLBHGE|0*_cu{b@%zADll3WiqW7OKZAD68H`UNGBAzEfi z8p!+B3Kp1hIeA>w#Ph$OYdy zzPcB*HsBZcBJNzf?3l8N=ub~ct<}McJs)ZaGl+p(Iq<>@{mFOok|4mpL0T7LxHN7M zVUgn@L8K)hMFtQOm&LL>g1B#*f{HARhz~Ai64bDp^*jh8j&s4>RDn6n#qX!=FXXVd z$Om>TFfdfk42fZ4ywUN3TazNp`s;v1MhHY1ptgKaeGYo7k74a`oH+$cXuc5bHWuQL zONkk^k_k1ycUS-|K%lO%O!@ci{)k~!a1&<;nX~|ZE2_1w0F_FsVVnz)Sq*)Sk-_{P zyUUS%eH5qNis24y-yUv$gpea5$0e0MC>?V7O8Vo|Pzniq_u13>+3`=Z$HV>xRSU8I z6^<5^_Dor$MR!(33m+EPjNz!+jl}U>*t_D7=&*Kym5dlooWKM$Kg-{s)Mp9@BG*=Z z+bx*7cXn7NL@Z&ZaORTLy{L?L`3r6?ly+0V+y)1Cf4Z(p?1+p z`Ij_>YYM}u{1U9dNt?DDd4$D0?95bp6e|rDx(IhF2!^CB!kyrTQVQ6&i-*~HhleSC zu^CE-JAG`QO3H31jzkrT&*ipMFGTw)@O!$ zQgh;1-!wjE;v|cfuL04xcQX6SsF5?WupYxztNNB*5!7XnS52CynW`2&QU<0_o8PVw z;SKKaf^wOMcq+k$C$a;LQtf4A6V2LwrkuLM)+cGhZf=z}22q*_O6oIncw{ucY5CTn zjjymK564oH4vMw%O86WjaR1gvDGKsCd7TZ)3-?HlY{IG|{{9Ak(Bn0if$$j$FAlp0 zbw3ijJz-ZB<6YJupT_+GWL#JONU)7B<`H$iRU+_K7~m{wx%FVsmjUd8few>&#?%p$ z2)p45Z)@MI!7wkAJ+TLaE3r1+E6TPU^|I|B>Oi5b!ft@JtZkZtbd^LrS2%zVIn|%Z zFyTS&wNK)3u{4WhnAy=+rynvkcUUynS=i%TP3;i{$Ik2~w+d0=&?Db6JG1GRTBcXY zh0-~xu8=5pxn;?jXCKYYAUocGlpZZ~Mb!Z)jhwMXd<}93hP}JvB7n#>(duB1p(m-0 z7d*LQGqAFfF1cM26~)fnv*xsgclma_ZMX5T)_WP>Czfma`RdEFYp1fp_1ne)&I)kr zT>&|OLv9h!9orQRhzA(ke`si}cSvx4Kq$fgfEG4>o%pUr?vNGhX%$8&e))^KIgiFB zzLbHUh3M(1KLTW-1|)UJmBv~oZv8n{tq+1L79G7nCT1~D=t!^(+v5!zJ`}Z-_K&PZ zvV7@I2zf9#Z{9q^Uhqo8|kI7PKiiv0-qB2J-id5==W&X(ZhT8-8H}7 z_H|*uub5oF9}&clP&=4|>rnQ`{$LTL)ABw@Itd}DOa&Om#KsWHmlEQ6Uy^e|$&O3Z z$4UXvj})j;j&+L83h>6Ou^UJ!JIMz)*kI^#mSQ_;oOCMtssl|$^^Fb%v&JbC)$@<$ z8L7!p*$l1Ton8P#bUj9?d(?J>GcRa?2W0r#c}lK-u)2B@@&Xd`w{$;ZG~ZEaqQ54X zAN^e+GekGAUmkx`>Z}OBzz50&Gog*a#4~a}Bnql5fQ#6eyFHbkoY>%bD3T2#k(`=6 zgh-!D)(#jM9{hbeJyW8#u3}dTl648q(%ituh~dpWB4_6k@qlr6_+PW*O4}W)P(qz} zxu;>m!D0pJZ52md)oxi#X%~b^-Q!B7j=7Bqqt;!B4nG_QnweCK zlueEJluN2yVA_omQUro`GI`zXdvjrer+9HJgs)4;k$2BoNv6c z(Nk=k?uci4*@*P7&o*;gQEQ8uTaWu~t0?h*P!Wu}VYRi@`uUN(W;R1!mi};*SaQx{}JMpV5(W=Q^mGiS9c1!#0~GP99zy?o4y#1}{|)`$Art?3Lzi&s+W#9zZ}T=bHclRgQ$!V;NaHCs6sMGseiLf9 zP--R1e!8TlvQSR;jB_5&yCrEkxtlFBSHfFa?#Y1v+x)(PgFpabKzbmB2tFdEe@7Gy z;5jzbOG57^Y1g4^H%?Tp@G?uCB&E#D(Uo}~by0V9Rb3UI9qsP+1nTXjm+|piCpyZL zSfvM_RrLs}#3Iag&?0vIH`8y_)NN#q@~tY}?4V+H6H5uREoZVeFIciN<266M@Z{FN zt@pkF?aV(ppWC&5UHQD~@#@{y$FBod@dx{WUk_Gb_h@lz<1>N(+o8#=gx?Z=N&EuQ zac4{>|gUYoCuqq}-#Ja=>IX>qFh$!P(9hiCCx{_;4-Hw0e5OA#mh z3DN}rNN52c`H!drxFP<=&=jt^8T0~yANo>mm4_1ib;bqiVUwdrtiYF+JWGCjU(Az` zOixmhl1!fDL_;Z0dVF5&!$>(xa=c#5la@SO%oAV2J0gG2=oi%67vKL|QVaW;jIqfv zO@9}ypCBvcXd+qd&Xd9Z?B z*61HWfAI3&qc&>qUK6l>0Se~Q^g~ZsJ?Q!$xp?gRoHP7ytrz{0^iOxg+wB8K5I${x z2zvpmCH<1p3c3c&-*J+azle9BkGb<1AOC^Vprr;|UN0gEIHy8r+nXfqKx&C$%-+@FaP zar3Rz9=|WX_l(J-!%%vG!GG&1sb))&a z^Ix{HXzDqaE&oE( zjp&!z?1V)Jld|n_8VWoA4g?l1-RJ(ZR}qqJD0>O<-)c4 zu@RdYKzt)lm;nsnMHWx^-j|@2Cs1FgO9~k?>sRGYFsqA&K5S?;*rXdaOrv)h8QcmC z^L$K;UH~0V)4kQUIu{1M%)L89Z;3mzKS3)!pa-|8In(lwoR68^;r;qxu^879|H_Cg z)}?_NjEh5+#BqlC{f8ZR?RS(Ic+tawpwB*J&dpxslkU4wW2`+Pr{}(Am(J~83B%@F zH3la5ogg^zT3lG=xujwoXm+NG;B=(eH0(VEcdYonu1CGMj!T<0Ugp=C1Cv|5W@R%Y zY!joTBC;I;m)A?&-_Ddy1SgU2>)bs>06CDtDhzk75`b?xE{chdK&=5b6{(7#Tj}%9 zYqmforrsiQ!uD;m_9p&G@t50~i0}fJ=rEDvv?Pc-m2patTLOXMatqwV(T)TuKNU&7 zV(cnVEa&7Qhok~BoB9To{hZP`<>Z_mM_(^PGs1;bk+u?1mIw>l!hO6fE=}i4_cm_T z&=vYW#Uinq%QZUf4byiSLFP!gN$P6r=;|%!OKdq?Y;%O_-4UwYyqC84y+T!gtx}}4 zYxjZvDv@(G#_tdwgKNC=1=xDIWySe=UzL~}>dV%PXI|b%ygz6oM=%*84|x$p;$Jg3 z*kz%?x5%kE{Soe%IkK<;(mLW5tpwGB;#F0oz7+}pR|+=|BtbKQ4D(adC<=h^`I=qh z^(E9ppm7=d`vyd$P!`Au3Ra8|82oEq5*eY^$x6tt8T?iOr1-rgkI-485}&Z_{8>OL zyYdyK4P7e5y$IlnhlEQHp<7E-j95#AEf3N0IstZPOkz@=Grq`I`eAnsRp8LNF+Z%| zdJK-hq?7o3Yk!hs=; zU~lL*Wfz>gW$f7Y#YeSeqzXnj674I8!_4UjR6l%ln}25EE8oY|PQr6vM_9(Dqj!F8VkBqeM>%ghJmCgGYNO_J z*J2PvP!{iOpbz%I>l5!;3H2F;sX1CdWiKIrE;WacA~AaJtqcc9iIxAMy%lFzLJ)%o zJj|ex`>cqp6_eU6+ z(`RX#a0lO98SXbQpI1W&7^?KHu~&1kFV_+`%!`I`DU+#V)u^>20Wb;XtCqP7xhqZm zcE0JyQu?!?rL@*`1?FsVkmf0r&?>ekTie`vJ+(eto4H%irq*;BTezEXGySpJhI)}{ zwHd=*`p{+=;szG`AU)|)vc&lWSa?Kb` zaZRv-&;aFADLgy!Lmu7J8~~HNe}0`d2=|3DZvR* za8qc4wAi>UHY~v5bPi91N<*bERuyO&L%2wMSSML_lt+Oh^)8X|&m;%TY39NSnW976Q$_2U_&Uq_oO%V`EuUsMGWcr7^;b3tBvlw6 zSRIedG5(*L5JcBX0j?OvuwNYbKcL{zbk>tx=|+WC8LSr>+0}?OgpCMA7?T+corZQu z0i2+ZP!~`y6dDqjZ}TUwDost<#~HQW$sgjrx|A?EfB0w)Atwsgh!vrnfcmu|^uzvdX>-9)4jHGJ^PDY|Hl=yhkdUq80R9bl!|JE=v*mGU|&fxp}(7&2okI^GRGIYL; zc=vZfLH)ILxLdE26_-dm7h#<#bNa^VyHH46qg0qh_}g3zY?oIZbtH$N%DV`ciO0@xv9g~wnV0v83YET(JPKPrzFWkEv({R`;U z#dU=SEoJPHj7$4Eo*&O=)msj=Zk(SGTqka?d5dwwF>AH7hY?~i*mcPuc8Dd<)XVhh{1ZxKZ?>4`8(AFnKa|cI z<`9S#Itkh@I$B|@BMQ`g`>_>#H%L(TiR*+y4?(_!lC&pRnVnfp_yZLYq=YS#sr;%= z>BTH~P>=GpD7mbBxTC6TZy!Yd)V+$=QRTvfHZ$awBpi&dw`l%6g6R81`jCIKnwuLc zM9q|d)R1X$NcxbdTQz$GUMpG_p$foMh&HjDOG&*_deG=y`RWrBXzH~Hxsy*TWk`4p zq;|<8Bph#vfbS%|QX1xi1StgrNQ%d&0UWS{YQ1viE0*HY;Nm3Au{0Hafj&wQr>)X~ z_mYFa`wOVdPV*4jgN4AciLV&sU{@0@MPWN^bU&(NU(r4BsZPo4@CpN=REH2Ye3a_d7TqxPE?cmj7ZsaTFC1#iW6@d2bIxyVOpxc;+!Wp;r^0>0@BdIQhS@-{-u`(b2LDNNBLAQJ^!oaSM)t1% zmFe)G>leC-((#K72mv`{w*M;TX)#-h6fV_tUNZ+p7=q>&AD~vT_b1wsSi# zxqn^vpK&<xF~D@6sz)U6EXZi5DxsmZ=!b_k(8!#Z(2OKeAlJv4 z+O+@i?`=tHa<+tX%&j8l?LLFi6N6&-BPd~x-wY^>yAi-EvRMRzug10s!U2mVzdeK32H$R)CVP2N%oX#-#a^SZd?({ zz;2bXZC3Kq__F_p#EXVHIn={6uy+WBi3EhOnI z`Y)bh1SkLi-GB0t`M)5j|9io=lX&fe84$wUf1{Ke14I;;>y^U&ij|5fqzh|Ofx+9D z*qY-d-d|Y}GC`6HUCtEfM|!+x=ucOf*H9J&$xwsx7PTl8m;|pGLbb{)0-->Jw7D2G zJ3T5y4$4f^(E7Qx$Yafz+v0DD5V&j?b60D9I2Ln5{8%Gq>H>vA1 zFv-W)x@*%gp(81&Lqq-$LH^a5VzQRn_m=jh^V4w z^$;LejyR!F7~)(vm$8)i61eVXAhZu`yeA%&L4O;nF#{Y<^$5rT6aAwA%g*cN9ECD~ zik?7*!6Mq};Q>X(Wq^pWi^yHN8{*^BI`Bfxk*1WD{?6b zy0LqyO8Pj?XJh00BL7|-L0G`p>mg1(1v-xV(mJW}3mPxp8nO$9b@DqP(dvI)Y{*|4 z%R=%K94{7cydgn+L{5&2%kmWAzA(l{_zCp?mexl!I3^wg0Kn500D$&CDDD5{!TR4T zd(CU@jLn|7`%FEuq?VC<&bi*IKVv@Oh;*A;;Uq^TN9sySt>plb(1EyO;@CDWsQMAbe8ozXYDu7x6*VBVnOlv*{JQI%vy zm?X9$ouZQVbo?x3a(76*ZIkUoZ=Irk+;8~6!;42=n6212yX$MYSv<~7dA_e+rr+iH zc@v9SS8VR8%8JEipfIUg@=#jQ3UJ#{kyNEs1GPS8LWZ4yPQ}|+RcY$v=-6(z(%jW1 z@o-#GktHIds#=BZSPl(_T7;vp zdeqc~Cd%jCnyBfQG3oWzO|kMItE>KeHY^B~*KZ)euMcdp&7s)h+JIPBg-Wx}p-GKF zs2FXfJ7s{E)>f|iFr8(e$p8D!;hKNdmj_L{srU^E8)$ZZIotb&@4+BfalUK15(9t> z^nlqDVrpTPz&dBDIDPgmqc`Bye;6HIkT_f-m?sa&zbmCNr-UdkU~CeqMWx9Gq(1E! zAqc4PZwqK{WnZ3Z>xE$5H`Ml^Xd4eirR*tUIxb zW^L1hep1p@117M7dpOKaW(iY9XUct4>+j< z{fYz9O+sL?0AtgK#)_GNq(~GPwF}3h4;u{h{)sTtBLD^?o zNc9G(R!S9JZP}=Kv_1eh7}{p+v}1J4VZ)$XbWblQ&5~;Itv!630a$rJuRsKnZk{5O z2#*h+u5oI*!_hB>LKfUFH$fwsL<;~zxfiW9a|~NoU*0&3&>62Itf77+VYTZvDo^V~ z+L`L)fR#CjK7I&4ijNPkG}i|p4$r`4!I|dJR~9fghaDUyd+OS(2Mg}@5v&;H=Ff@~ z`-zR+h;Ka^#wW7_D6p<-k(ukFtiH4rxD{3WaL9>LqwMa}@aVC&fUXjpG!ws)1G)C!>VnYqd~1zDG*4cQ?o^us8S^UxXYU3N9Y+ zA!y_42-urq1bH%|Poe?K>;B8Qx2~CwTN6DDJ@;`}MLMB4DTNo)Hfj*CH)$w8iYtaE z0fT4v7faF1Ny2_Km!Iolxa4o^5Ac@)J9${D3sz=t;X_zDJxVK`1aoDps&mxLCz4D{ zcDq^w0}yWiKe?fg4~~_DH0>xdH~VM8vSSeRJ-C$H@}oSy)Onrb&_J^D!ikFoS=Lw^ z=1C8##gRa?N6(UWTCcE z+U8f0gYt2!-869XETKd?F}1^d^wgK(&BQ&(V+GnM{PiO693xi$#A4(Msd*pBl2?E{ z_3ZwM;H*p3YEh`Y7Tt60BW{cuNBAkrAezUvo7^@HUR9N8@R z)aZa?^#Bw|%si)1YpltpZL^+X1Teb=o~O`kGT>q|F1A8rRLDx-eLw)Wj!_bf-`rOs zO>Lv=4ugRx>nw9OV!*!67HBJdb|kMYe517UFh_E>Vw806Z+* zXH{W!#EM-z5RO5LS+-4xfqBw^fn$8nGq5n<6G>}Pu=1xZ%hG`Wd=Azp=w_xZT{Py{ z@DM^jU)djJf@||r+SnSlHb;y)uwZn)N*9nxu9ywUuNu9{c)V#reA@mHpg_n+FgMlJ zwpU6hE#L*#2{7#K8R%7v5u{@@HbWR3+n%vl{7cD&q-5DTyZ4IianQv06C=0zjrek% z_sc$w1$Ae>I!7lLmu5^?+>pT|6q)Icn?o<$4AA#=31kpJRk;cL)$Z z^dz?4LbNDF>(A{Eycw`^T9?Jd2@IBNOH!&c(C8q4Z7u6Zd$bl~r`xtj0<$e8akS@w zD-bv%Ofp%|x!I0U2>h~0FH`7COrY5~8IEu~JP3zl@;NfDRo^&rNnt{D2UK4zF(JNi ztBFZi1<`DWw1IJ;JK7kaMTH%9&#%X<@no=iK2AzhZ^;M8k6z}FUXG7mKz@38F`KJC z^l&|WVf4uHHq80sem}dha_|i~fQmJ_!qCR^38uiS$66%uxW_Tf_qonvkuz-W;C_14 z(p~?qwC$z(vWYP=1hXgtdYsJ~9Pt@E* zFat6O&?>u-JP0|dy&?qnaQ_2c}$+^p^OeH^}Y zw->9I(2E{40Rr&Q=Kaq@7oLYVthqzw-*u znVyW#a}hslU+dl!s9i=llyLjA?JX2symPUz1shi2x|VR>+b*YnH-pJO_F_95_blXDL+Rt@<3VWYdL2%f%L z!si6(_`DR2I@BJg;mw59+&h02RixHc2c}zA{qC+Ij{>|ZqknGwNPiORm!};ThRG+7 zfpp$FBD~fp_uIYAIm7Uzah>@1w#EWRA|aaAyFJVx^#GiVzqKQN4aqu5+LBzT<`+G8ePD_3(? zpJ%5a=rDzz5s+-MKXSX`sfEA++`2E$U})GlG(y+lhcKbJvm7@EPd6@OqeSAyMaqrI zbRl|8@d5;G19fv~rv5cQVJB|#ayY33S;dy0Ylv%xV3WGm;GN}6h{htP=I07ouJq>V zpG{eSP+2+$CqNLj6r=coO9uuxG&&Y%RMH!lMJ!LWOcLi~;Ak`)vMTNAe}25`R-^QL zqhLM`uHMf5bND@3yoSM3Dx;3wuEp6y`EHfJFV7;hvbx1#yxu4nwcmI6SY{TZU(Y?! zwSy?_%39ZLbGD<5ngi$?5L*Edesxcs7PnD$K@&(VOs^5I5manoATzsr3+@eWV z*I?>*Y4d%x%^}D< ze(b8hAAn%N4pDN7J8x*ydtXJlRpT99bJLIuCjtHE!6O=L3&#+%5*foE7<-2T$N{{M1Y?zU7|7 z)i_B~62YnF$jWkZE*bR-kYZa6WF@A6hOhF9+w1 z&ZUnSsQR;JQ-1|?niW_+uEJ@?^+#g5;u=Dme1nE~v0UUfVTr>z6?S97bl*j(TuTxD zQJbGuHP(V%Ulpi7N7f`EB$BI)i{($}JWHI^I3_etC!dFi5#~rikuqIDxj^Ul29H#v z;d6M(>4Xh*NMhbB(il7J9}{WVex}Y-YE~ABX2k&EZvUh_#gg*iMrKS?cGSd5Is+@k z7VG>?9nY*;hwOj?+j}4jU>_{!Aj8dyO(ykN>9<=9!E7@TKQ)$X5ZA!N_;}|8W$R6u zywK901m;dcmta}*d!6~SI5raTn(hEFoA(1uhSRrc%qdL8!m7VMU(RgGqeC{iBYD{k zM%$qQq&@Bw=ZJm$Mj%q(08U9!go6W|bk!5a+YlU6HLVRm)dAL@P)7&2*4l_3P_yED zy5H3+Skz9oDUpDXGF!YL_&1LvzyY~HcNyg>FD{Hr3FMB&up@>OZq=OBOpkBEdM--m zH5;0Xmh@?f19>qkMojNPIGJ(%ttZRTx<5CJnz^!=Z_C(-D3{K0w1}%zTX;|=+Tk_H z$eIF5b$E0wd|Q?))`iUV!tUTz-JyUJ>T&jF?Uh$%1o&a@BOp^w!>JQl@@^YFOFpGE z&S8$X?k&XgQa^0W7ik?a@DYxB)8}T*wB&9mzj-jLqKC-$;Jxs}t$_FZRPP#1S-^y_ zkvgQJc#BjkU)eG2(Mj(roiT%GV&h(hg=P2dyeVNpGc-zKC%{p5 zg_KLkLmpmYjx!c58#+M$mD}zshg-t3P>w^>i7BQOZ?MnoAvdEydKPabnN)QKfb(|X zTDA(b(U8*}vD!FI(`a_2{aR}dtcvQ{Rs_GSK<3o);emhA{G^H`_|)!~^o|P@|5xKS zWvW2x^CDd@mg|VLdyQ9cA|>zjMYLSU_`(Saw%R6Efze6qdG|%{i91)Y(y<0HkWgx-v8)M!nvvqA*Odngn^Z(8JQ4W0dgl^PKayT{uzDYA1{0=SQou zsJ&E@;~k_O5})1+DG$fd*d=X^{8@d^w49(&B(_`5`@R#?N;~{*0Ngg5rFqS~fxCzw zc?EX`-Az$9Ce23Cj=Z<`$NF%=tGoOlu3MD**#+TzCY`=9{pTIvD(dyml&JDiEF`(d zE11b4RE-C^hJr7XM%^`~d7rmO;UGVy%PQ(idC*n6$luYAii(=MHb6bOhW>swr)uF& zKNkb((GCgrimlG$QzXJ0G0{z)E3SWXGQ_ZI>0nb%8z`@tdEO>>X*S=rWfv3YAjM(2 z6S1*WK@24=^Z#M*9fL%PwlwXsZQHhO+qP}nK4qV>PT`bo+qP|c>UK=@MBnM|J2Bs{ zFJdxdXGH$Vl^MC$+PU+6)?Q1LvG)$=agOfwKU6(cYX1DGdr7-pqy zjVq5e6+NXIoz-G1Z9igIKB9g>4r_NiP~3}UxuIX7g%*3967{M0(~cRF)6`g* z1qH3Hj9!Sk$*IhEcV5T%Z_~;(DIV_;mh~F9+vgo2@K&SpKCheo857>{esy{qB6pMA zPs<%S>UTq4ebZ&7s%SBNzJcp92%D+F>ZU7piC3xh0usESCYs1Di19K!YDppB(jCX$ zK}I!r5m@ndA)ACDq3EKS~E zST12wdS<#PvUyh0Z9QX;fm?||4Y>M#wXfop6lo8WWmVK@+{a{h0W>oq zOf32tmjVEr#C8&wf0SjI3`YCLB7Lm^G<#TA?bnwTreuGZ(!y5i zvuSJ9^fq^%L>b*C=4Zb0;al}t4uyA-#wI$uClPJ0at~@py!58uyjU+eEOlC zp5u@byYHZ%Sxb8lQ(dlPqUX;dwrx( zPGQwToRetl(r++A>kK@Dt$r81(#akmRCsakMaI2(5cmY(j& zdB=cBFxbSNiWvM%SKu3cg#w z`=q5jn7AcU9C&3)dux(gBQ8^pY{xl8#}+=dNP+w#aPSsPGL)m1(eCa*{n})sD%$2? zJv0i4YafR3qN@1t;ulLMH(WTaq-4@0&eX&(IdtJ7P#d6yH{M*b(?lk87s=Dn#V4iR zk@4Tpu%(q*??UBx>KE3SeE|+M>l|0tDCvL2dgb+bZSj4dz^Cl;XJB9$Ws*i)3DW>c z*w}aq0~oH$`H{p$TpJm=3F1Mlx1R05~gUCW1BmR|Rj3I}Z- z4Eo~{E=FHJU|bs1GAi>bdd-tqz$Cpb(fkYCs(i?Z2~1cI&xg6Q4bWm=?$+Tn&Yj`FhG z^!g(`Fg<35=x`2i=tQ3p$g>Y(K%yD39v}wxiB!?LHpSI=AAG=b~Su zSd=*2sRB6SY{D9f_x%JCKcb5Cy*Ou{Fl7t&b`u#lVkiz5)2L1=gQOZ&KDNQkCMAfk z8y?Nn)n2h1pe+%j-iNX=e)ey{@uUFU5@Ag={hWCRAsMlPaft2-^!nd&l1f)Op|S7O zQf@s20UG5o-7n+vB+lY~GA`LB6Io(5PaRS!3Q(@d_aBm_#kp-znO^ZGu+&l*se)9b&r;%!JF|xkDsmeZ8qc91W2*a-TV{hiQzaP4E zjKc5Uy=7M;DP^ncnBvI)1RPMqnoS(#P@`1?oUCPc?)die0FsM$fR%MlG_1$$4yzGB z6XFc0{Kb9P`Ti&UGP);GO!7z2qWjS=vHv&K!@-l8(b(SB!O(^7zt=ca6=i?atAEIq z9%sc8x){cPDk^ZeElXw3;MO6F2b0SZL>$X@wxg7=mDz0Rn%B3dH>YD+L)0@9o^t|+ z+rX`N46v6Ly>-uL`thh;mw0Me1(#=5fLi+#=w_VJ&1FDMqa?Gz9>sBz#VIrfK}_RV z(GoGaMaqO68shc~;Z)nxDzV$Q%F`Jd=rpvIFV@=PlG0SU=0#|or2CC?=MQ)_t5e5S zFb0CE-NRsx_ODlfUq7G6+%d*I+X9*)*j9Hkc?!w(XqHPF{$})mlKhGo*v#|3AA0Ab zB3yUBPI&?UhbHx(S9!$y=eI-4K=+T`#M0S?*3!<*p8mhnlmDaEbuRO`5cKoLg+KrR zDF5YkWh8|~<&;I~Ts&O@!t?y>K(>=<}_;F?d%U zj6G~#q^g|o-M~0D=2wMf4Ev*A_PX#(!q#H-{-OICkG(96IAS8Lzzeplc(O3Pf{Wci zj6^+`!lvHq_=Qkb4MIuzqFC2(yGpTO;n-yz?u}Im@L1}<sOG(CkU zuE>84so<{Qt-^Hh_6~+E0-<5rqDfc9 zuBHA-2BP8jD}_atB`t8&St$M)TnNyy_&Uq2&|<=)UA4(0{_#Xwc8%`zW@Ape{?|ZS zomzRIFxT3hysu3{*WSpw(89Wv&2I?iB%b&Vw`lG78yu&f_|9=})NsW*XSB*VB9Nhp z(?o}q6B?1nnlRdd{PnS5*$Onv+zHYKuW)`5Jh8-I^$Hy{f>a3SM94g`f(MdKlA>QA z&;y4`!emQA#O0|1LF`n$h|MueI;7M*b)h36TZ4a5xX7nS6PYN|=ZIEKWCUv!Luok2 zN)_pxf6=2>+^|kR;;1S@y)fhD>D1C>71{YC-KC8fl@82H^-Gyi4v&MzGxefjc1szS zkr*4{3Xd&aM9Nb{(m+{U9ND$+&7+<%evoL5@bt+cWmty}V<=O7qPL-v#s^X=DiKPP z{>nWQ3CWf~NV}(oR)zhx0TDmxpnPplORk4$l>+j|$rbnix6t;#oM#w6t?#FQ1N@_r z|I1D;DW|L=C?g}P^xt)H2TKR2|L92}6Z=^%KL%=l8ri=zA}gvQC?cpL`0qBRU>FQs zJ)i*qK~8?M2>?Fas=9y)(D5F;E~y9jd@@&;R|ilwJJChRSBpz=KLig0ZEfm>(jSK07NrBQrSR zSyD!Jrg}^fEdhBg32iq8I$sa{9-iXN0+cqAr14cCE3T;4IwTsU6HG7- zumQ`MB*+3lhpZc!9AXwoHUARwlgvFXR-sGrwTc6Dza_>0h4Om$NmL%qzp=){rJhl- zU;Vf7uC~6_ZHrA(k6L-KyvqMQ3tF|J%U_2#9LAy!Mwol2dKi{JNUvtN8TK9@&P?rD zx!G4F$Sm$8?Dv;hkPybmT+}g^ECvC{ZyKXbc+=}nJn^aXq9yM5P$DyY4{9L(0#~)} zJ^MLSEMm*7UEI1g78^kR$d5(>jgfT1x-{bG0ScK~OZBlDhjq$L(0+2kFu86B_O{(p3(sQG@ZL@4X&R0LC4OFhj!lM>d>)1ePU$pa> zVBLIU-G{DeZ~YTezzK;qLSi@Vnb|*jda@B5;I{`ZOh8Hr_yRgAZ4a~aUAr^kr&0xJuKxXrl#uYYbPCQt-T@#L#mQ?wtA$%r}(fsyJ|Jc#}hlF z*9mi8v|8;%1CFz?!KxXGhfy`HAy%lA99n*-bvMJDLFEH86neR*mJOf zWB&J(*6O1YL36yET;8v*hliKI9v`$jc-RX+SSug1wQ1LfIm=kpTuJ%fC16OrDKsit zf5cI|8u15$yok06ud<4hY>|@RhMXSY1CV2JJ{VEGhC^?=ekPc&|Pqc;4?lP?S`_VsaBHs~secZ4Yqjgry7Ou4MF zaCM)zjANijlpKJ-LH9ADvQ9RcLWMxt$NE5@)ub=u;^j+pN$jk!l0o>Bd9I}ri51TqARR1o%+AySu8m=Np)@fjWs5b7}Kf~mxI zS0Czu(172{L+e9r;sh=?KxGRhKhi9?NTa#TxOP z$Sg|fP&tE9O+~j|{9nGJ^^99BgH#Q?QMje{5>iymINdfCZMWCJ_EI;>C4^zXxfCtI zPi9Xcu2>HImeQ~w%g%u>&Y{P?tVxkQs?jucq`hXixNCN!QQPwjrm6@|SHc-D$U5JW2?&q{M+&Vef!2>IpezR21TTq&8BDKcKmY|{Tge#5@tIXjq z{kA!42{J<_9@wTJfRL6uQzgkBkO-5yT{Sn&wnE_~v&>ez8mr~3b0R5mt*{uvp}ZyJ z_rtvW>}xt#&!xQOWQPM8t?A#!$C;F*W`Kb68zb7KZJLByq94mlDz{{Dc8#}yW7!~k zMz|#=04%k*)J+QuisGSZ%KXsp5m$Xb3-ZY=b`UNt--*| zUc-_rHn%bU{+@7qmosFQMd)(QsF8NFmXRA}0);i?lwS{HMUW^N6L_q7n&)YS2jonWm9J0Jb3mMf*3!AsYiZ zg`0v6HH}jGk}Ms7_AG#u8X+`W*ERJ6{WcreElMZ-!V2DqD*3@x8IQ6K1m%}d=FC|- z3K|P%{(!VZ`1wnAn#@KqgqcnQhNiK-c9;X3W+h=`#do zwXu|0<@S;!|J=kVb0Jx(8kCEy2hBxgZotN{$^)lI;CU^K&trCt{03UM2C@%*<^eH@2r8-S^Dr5u=qwi3V1^ck4Z6&_}P#(UdMM z{+Ng}4u2&30iKMlmHgWIKmwP-!g8^7^Vd^Rp6l1cDd3QDFHS>VCwVWjwzhmpbo~2lD64L0p)QS>nV1%fg5+b)%ij1ByXd z3^QR899~$B3V9vVR@wH~k?2rat-%x?p8xmFLEx0tD96lbPWS^r^(9y*F3%)7n4gHt zuSl87JQbgU3{mq@&!0AR*nc=cU|-g0Ghf~iT*1B=qbV#Kvf*kyEIMAd0?lX% zD~D$sNU9fg(N;D)b})!F-Uu3efCp_|SFOijlPI?AF^C5X@fe=DV22TPW%)p*u?Kqm zDb1CUp=58c8&!b1L+Wez!csY1hDRg+Zwt-ezrEZSL=rJ%I>vc2O)R|;Nu=nvu^N#gS7XtXwg0yl58c}(}*2m-a+fTJolfhyW){%^d!n(caXmPk;#OfwD zXPRr3c*ey(H~oEkLLDdGeU)ipwTq!j$xo#e`QH9}j%(IRyNUB=#AOY-HR?6ri(ayl z+EQPB)>eJ4HI8K>R?C}12UW7$B6X-Q^r|X6A8>6dxr`Sypv*%t?hX>zo{u8be0ETw zOA&U4b&5hKC0FVNIx6_Em=*wp{I;cAHglz{rhCq2rLB{_``?(hcua{>=r_ zRpdQVV%Cn6Z%$8^G}&^fiC^6&k;B9DzFd8BU-g#7am!kqUmV;9cf4FZ%m{m0OHI|C#*vZ~AhlmzFX8}nmq1$&$>!xzHzGxM-b8lB&%gipA@~@3QYsM>0b>g~dh7+w_?rsRueo4d zP@=K`%TtAc$tfY&-UWOojZpPZFtrN$mL=&DSw2KhptfLm^u9t0SIF-dLTiEBjv?j4 zB|~LLot z3(nsw_eOy;=0KU}e&sgRfxA*ME9|PSY`+esAmn;m;uwR5hIuDR5Q{sTT^flEHd%ny zLRQ#{I21`kv`l{sg^(;G4*`edC$X=YXgwiI2&Mgsk!5biaWK!SOkBm7+viZw-5Sy$ zZp!uKyJS$6e8D^qM+UR3D#kD~DmSa2z45P7b$%dChfmiE5(K?EwhPdHDU zb75G1e7W$EV?)0;WlS2_!bA(?Q3qoy%Lk{9Go)KxA9`I{dAeWJ0nlZUh6p znf{JUA;S^sY))?U#Y!{kC2MAFf^_7Ylx4Dc+&V}DOAB#8&Wf)4cST}vW&!&!8m|Du zSC2q9<1;61Sp%!Vs*kcJ6!0BBIiy}6yZSHmN&y1W^r&Z3Xyp|WWx|Kymkr_jx03V* z)2||hBx*Q$Wze2kU8{Dwwi7B;wm!6x7+z*$R+B3@$Y}2LC9i<6hZ+GK3`CZ96ut$W zm{8EQe*gTgWd3VI``(_!I}Yr!QJqmka2Vwtk`ln^EKSw{C`Fj-k1ErMBIJ-e*}Nw! zMV>dr*tS<6JKNf$-;^>iI$(UL{ZP>!h|9pNgR@{h)-G(yDHv~)Y`lY>n`jEtD*n-x znP6~=T0L*gvgrgGLx~%I^74RB`pe#ds2xGYusH+8ALa^X#Zr+aWE=^|8z27q(2yD5 zzs6UBpW89RE_Yo~JBqfTgNYCzO9VWEYtZ-sc@?)4U3}1y5Ko1}R6p!UA&uI)>uQI| zq6v{j%bWz}sJ&9^bI}@GSa7Tq`qTV*X3cg&-h7D3oiPDQoMJ#0S4QmUPvFiHK*HVqOTXZSM3kZ{xX+5n-baDZ6wh4=$AKqFNdA zXC3zl0F3$ABa&fQn&3K9ouiHhT9}L3fvzA8N-WgQ^#oRll~^vm{>+>SG5A$%-O}Zl zu)k?VhPaDD@(Jfs8(Q*^zIs7X>jIYr6h5tb$sr$ZIsjbr%q0A_eJWqs7EC_0^$FdI+$D^#5Qe|-7;~a zLeQU{&bG4u1=r6o4WO~yetw*QS+}xhIBT*xx!PXcq8>sb4d?2v0S4}3q%8zM^~)YD zA!)BM!jnT;-wvi zY5`MLE>dYEAyZq%K6zdii%wB~WYd%2dVR1=U)iGTN`?#VuEhW22Q0UZ0Audz4Dfn% zkI%UH`&-k4kci&ri@3k;Agl-Go!h1RMMU7+N%;m;X?3gok}3kmgyh4ysHv5E=DDJJ zNjBhigd}2}NmYFgTP(XPH{KT7 z1%mH0;H4UH>vACER29+#Y_b>e*MNhrK8x4hWQ*Jn5th;_2-9K{lExNrBBsytp;RhkF)vcv}qx6_d00^NL zj3mgM*SWvTx3N}3ur`(9Bv7o)@^OF07mV4QGiXwAIZq@qFH_s0-P5)Z|2U_ab-7*? zr8>k#PTmnha>|ExG%&9KG2`Q!~;6xIdn$Myij~bTkxB!rv`>P zN1lm|p_$fAf!()|OwkYnw}9PD_tiK#&6lqQIn3hz$7P83GT2lsj@EO2@uJteoH~Lz z8M`nXCoMQ9H3?Yvb2W!PdC-t`=M9~WSEfrZ-Uhvke=WSPuCsG<`8+=k-o@d=vW2H_ z0K{DUK0a5I!iV8+K~9A|RzmdDt?NG1vpbM!xJk7?2pwH0kXVE0`5swV7oI3tO?>_w zp*y-1>-;g5cI_EHOt`NCuclhnMzu%@`JL#gyh5QGqApXOG&wfa6gNJDFiGBQt5()Y zCjI!@t=e!$i_+?$-?)t=IlpbqZFHY|eWe0#jBf@pU9^~pNj+M`TEIU4)_XaN`<#1l zA{>(+8nxg-jpA_>FQ66f6ARQ<;?CWg);4<3ao9X&xU1{Sd3W|y(!{B9V&eiCe?tG= zo5(Ie20D`5F2rzB?P(f|Sl^RRYX>IP-;`X2xEM2fXE54&3VO1M7 z&XfhhxNT);D3ldhJAVVPPoofDGCS3b;qX9CKR_~ACUHhRpo{Jjl08O~q-t13F^)Un zt(?|x2ncbV>0apNe|KV2Lp3gYQ<^%vNv5Dcb%>&ZcEK}^^|wjPBBo_VnPg%jDBO?$ z4lvtOQkMO5OUtqRD$mO!yAhG;RwxYhp-DN#Z}2kHStTW-?(~TbEz?xYbM*3oE^A0> zd(u_YI@f&IXN`VCm85}f&{7-2<&kNOAOjerJ>H2;DrF>15XgcbvaGd zI#Lo{K-`aDxL|b@X+qVA5ouJ>5*e2|b!wYt=upJL6c2ah%IoY|{xq>-1_iz?~ zTd{=J{MY7FLELLHNb?oIAWJHg!+mQBzdW+AR1c@B+k)Kt4YpS{Vh|HN>-sxU{W!j{&nfW4f2^wOVXP744-ZWny};w~*WC9JX<-ul`_ENR6DX1G?JM+6J)Y z4#%{e)BxD0xI;}Wu_eA#eB|igqQtTolYXLxAWGvA`u3OUFza*?bZI{b6Qpo>0Vrtt zk}qjcb4tG48h44%*)JgN13G>JUCyrWz%H`N_u=z%@%ehZ?YMU?O)^J2^6(^3M;W31 zXqtOb;hPJ~-Z$)RG^i+V$NZd8O=`lj%rRrwSx&~lHAnp4icuJO)i4(y1L$s`)Hant zf8#5Vnn`-pgf7_z=I6w7AW(|~2zQ5xxUhUP4w z<2b)2HZ33}PGL#9N6rBt77#tXz#nR73Irln*J({TE9aJfe>#dT6u4d^fpC%WxTb(AGA_tTaW_kdy*!`EtJfQu>)b zE!oq5aw+YdG_X{!yZ(t2fgCZVuDt2ORcDPaNU1xeuEo3TytqvDw`eBa=K0kN9zD3` z#*$pnzC|m;j-l+%Mm^$bB;<+oUJ}W(;e0RKSTzx7vT*x64?WpqdY)^jzNJGPRW$v~ za8PCa7uVi*`7WCBg(%HFdkJ^?Ie2@tgk+yCfd@1Ea2?Rj00@qK;1;BlAlD~_xX?B) z>1mv_8@qY7G3@(-Ep>eg%XmK7b`BtLu8RtmcY>9l{pNF@+`Q`G!tKMIN0bO`taxC= zGw)ztMABgJ9>HnAum?NaAIfC|sx!JHw$Op=uFc(PVAQm+2{sLEb8b4;}6C#!U* zgz_jVJbE($f4TkDTYfC3W>=tw8_ntVuP4iGtR3w$xIL7wd~?!i)6BCsgk6UXyiq&m z^FfAOlp9d1oPNe?%-iCk<knM8yGp$wCei4652>p3CTnZS&4 zSt;0KRk4ak6$fm2{i+ewZnvtB!Ib+<0V^&u8qdnqpu6>IQYiznBC-owYli0Sg|u4V ze!y0|epU}L?;|U{mScX40J$Zgu;aQo9#D6N@WkC&N4`v2hX*^ny(@l8)-r1Kym{T~ zz5q!tiIDi5E5dgN_9$|wE_qEKb>b~eE-YsI?Ynkac)ZpWr&8rdxBs)g=P!y&ukY}J zX=e`|ZgP@t&=N@X8uOXG;Ek?B(wq3DsMFo0SE{UuG;Ma4;lrcNSGd~f)?iM{fUO;mY0!Y`xId6cI=t02u>LNO-H64YNA1r9PA_PUHfkFJ zD?1Y(1Vb(dd@3Pt+ zUkgJ!E7LXX@k3d!{OFux-h1HXGhblPj4~B0PZH&UQjp>#i8{RR_!vJ`W z2Bfj5i_0~whW8H&G$mWmZ`fD|z9y7z%5=2~&oM(d!O8BuF6IvO(U@LikYfJPJUhYH zqm0pfj{mhmnpPNG#0y=DrqS~)wQ~RWp6bw%EUVgEoCWA=tk18soNk0n^K_z*tD?cq z-3xL^6I-u-UkAiwGRAPtf^^d3#a@P&D`)CQv>V?Mk(V{wmHO--tZ#R>*Z(MNpd!7M zkwQxG($c}{tI2(H-T5OGt%fBR5Ic>NGJ(IWGA%n2K~4aj*+b14z84*0{^Y#%6_Mo% zwJ|5~_8O%htYsbpFvG8(;@I|Z%W-Qg*m7Iw_gZc*s9y1->_V=I39;f1{JCh68-S2M zuJL|xb5G;f`M#OIuA$@8``cW?mer;52Xfh+xdU$V>7Fs=1dMoR*H~}`Ch+|^RP*Je zlez6F2WO$b#eutCiP=$Zd;GYuAgyiHU?)7@c2ZK-3r(TM!&sWnZmwL%&fXVzUKl%a zdF4=;>C`N%5Y7273MdbN{yZB*``;Ub%&rQgS2qjYNC9e9Jkw*)2u@o-rz7|lSeZkQpB=|ZgskPuOS97FW^>HZnYO&m z$$Wkk&Y5v?`JNJpp&vn$>AxKM#nqdzFDdzM2p8&$_@dj3O^gt>IqCHWf>3(~NQ8hv z_=^>L{wlcAPv38B2*`V{&m7@sA}@^OEE$&D#nVAtl?pi`!@G@nSJ)RIfAvBk;)>2R zRpagjq@GpUCjVJ3w+g;(N@GOLzou17J7hyaW8#;blN4hLcL)JLzYr?zSM7g>OGVIt zy*$@>La)!+x4{gXVKE;TZp`{BD}H^fJh2SPe=B*Or?>G@*d?M$ml~&CK1@JFPpoZJ z=TC3g*VIOd1gt~hdJ5dCVoIhVZD8F4VzpdJR@w#&O4iRrX1c{@keZ3dmr*@Esn&7d zJmyCPV0t21WQ%#|WpNO@UIfCFtjz)ydIFHuItke@tJr7{2T{n#vul`=&rieogHo)?$%gI{=M z4BJ_d#tTDJ_8J7%K{X#l-i60-(EDai3}{ow!Qa8q#z&Dd8vHn>zX2=~Czj ziu9n^6%8ji%E+z#UF11#_0@}wo%!(_H3-1$rVJ0+3fYn)!+ zxJ_NU>{sB1?S7WR&_{QkwszGkEw~*Ds=hCPi937T5C9o%va=h1{z;!aq`QNGKbQ_uD!DEi_=( z3G9j(>^AfY32J#uXy@%czW*0K|MzwGXX)>6(zn;{kB{x|r<(7l>+dK0?#&BqvZ~Xs=GFjPkfF=IGQaCUG03`nsWl|CqmRAz_caUlFe+QY0Q>Bv% zBv3-1kr}^1+C2Hu>IDP^5J3f#VSf<;fs!NyP;~oMrq?#Mk2SSXtvGc%%Wna*|Dl0X zSV+c&Dg-0%>g0QGu)IaV8@oZQA*m(p_yxbP$q~@v80xE=2ru0(hg? zyZ+cPCVnjLJrhV6u7UM7pZSm?dCh0DNkbfHHa^;dfOJMgl#h}4u4=qSZ&fhW278t0 z=^z44M%d>sa)KBlf%eK0R8H9{31y?vY3*XC@uRAmXTppZ0A1eK8G}5NdQC(0k4LF? zLabSU-t^2u!<(1xm(>$-Q)@Wu$@1zKC#kYK);5FR2ft&|U!w$9td*9%s@S?#16V0x z_*b+^%HvnJyLoaCdj6mv#oTkA3L0-x#_Grgk_R*x8IdKh>nd7A;Y+wlvy4%@kavh} zK!#v@(UH>52I_A7@YW-Jw{wiZQ;@Ln42pQjB-6WWmYRXhdR(D1Fh!F)YvVZk<>C8n z=$^5H=}_W>ILlSPBkSXAz2CrV ze*$mM$L{lez+6Ka^!nA^7rG>JiA8U^-TM{5j)DhVp?+I)m*h=SC2{oM4G`ZcKv8;6N99E}GruXR*|Zz% zs4|3khJ?rzmVDR{%OO!xs+KY^gqf_H4!zoQB`2P|gn)&9V<>#E*^3YS?b-<+BcNzK zsRJVes(h3#kkmsFn8%lQum5I;v8)9s0W zWg~V6twQKAt{(kJviYYVyJlq3&P0=`lMcftC${=t;^%^X z_lXPkfMUb_;Oq{bH}+{(;t2ew!J+dQgt_^Q0gGUSeH}{98bt5&l2lponBaL#!HzJri|a3jEKK=Vod2jKcN3(yz42Q*UJp-&GXGt;gPxX< zot*t&(B=a3j+6YPG_4fPD1Duhgw!YvT_intx#A4N3^Us-^V|W{*fjm@Bh3;l1+CQN zs7##_1tpd2A(W&{vl2xa%iQGnwDh9v#GjBz3}TU%e_~sIZu#Fg)PLN&r2{R~KWK2K z|Ia))!GCqR|A&G9KMef;=NS0EbGGV|10O0;te)E37_r6jM&YC||EFVkTWHyOXo709!xXQp6C7mSVDJzaAPTXiO04y~Mo z0&%7>Hw)+HCl$Ley+X&Twv8Lo`%+JtMsq$?ps!!DpJutp>%2ClnC0}l#yZq?aexGe z+G$@%(ezqw_6T7sJ4OWl*ehd3-@)?5T!=@7Ot4(!iNK#&xY?3|OqY z4QB~ZN%i-{XBx8Z?@zg54XXVPo4?vo(PCUu+FAXRufzB9{=cIO#kBsQK~W+OGXln7 zRYSBiCmi3vArTZ6({m)oz#YNLJ;-sPk2{@6hw27ax^+w*X}C#XNc*&L1@?Ebdr4M! zO6(qa6gX9RtN!gt(Q8Rz;Q*9+@Ah6yCJ`f)M}c%THCcCZ&mOD3TY#p)=Qagb{90dE z<@@v$kNwm=oOkE8{%EKlno=z4z9@5?dxGVQfx5==RSwNvBiz!6mi}0#4rYr? z&SJt{u_yjg>m2n_i`=}()O3H5NF{lY& zQ}dAEoyC<0=DZg5M2bY9(w(b*t^JeSU_Pt^6$Y5DD~~R$HeH%O=&Ys-7Mp8?vP)iL zE%|2&IwG!>HiBa&K}GFwS+ZYc8sur>#L3tU3x+5!O6=nRs!EoWhCX+tPWT@_#Qg@g zEok{Oq?@rxSn*c@mYuCF&|NQRV83jApKRe>7$CnC|5iS5tO3g6V+RTk9xg1qdE3~w za}W57oCwnINVxmNMwz@p-h#8oTzN#`D7oQgDIqdWPcU@yuOvipF2+z*H4WxzO#%5J z?o11D%mY~J+)B%f_1#CV)mVCv?M=+ypCJylue02YT_)Y){SxLNLKi_aT*|PZs*!5I z`6Rmv#8E-Oex`c$8B}eAe`2TPp}qz{rt4r z0~}^Q@DqFoc~o8NwnP5H1*W9WGuZL-53o8W!xdv2#vyDRe(gV+YC?Aa#7DnPOnkU46oM6 z3{N!zprXEX2vRRJ5ERFMPI8gaGa5F;1OPCQ_@9Z7|JktcuP3<;nVQZO6TgSAORcsd zv%`H`)1eg*5LDD=v7>zTO%QJv;U(qba?8GHre&y9%cVa2+D^Z|Qtj@}m-)N(x;KkH zO6ATpvAG$-zTstCq+732pi67nU_1z@$h7tMb*jxwb-<0gxwD{{FR;AA1aADlmuuh& z4!+|aqCXg|6M-3Cpg%yr?~=t~8Pof2gIlPn6+&S2yIG5xVCb;) zWwWQ2u{@-5nQ^(*4T}QPe|jlCgLSS~Y*Ip&6}&i}o0Iv5s~4r)}tjRNDh!wpvBw0a7n* zaKA%o-!P0|rCwEG^;JxF!c6|FV_#Fv3!h2*420@ZY>|Tn$x2KqW*rd(Ixu5hMILuz z4x(q^!M?&QoT zqQ^+O35ByC@g+w&K6igG&{qHWXwev5oirc;dF#D15})tQ`-L1ohmFueiroL9gA$D_ zC?NiRCt-=Zj|^;0#S~K)h6W+Fp^XLBrRa2!$iN&!WCOXIZ$F%9!AJkwC2m~YJ2ild>`9Deve(NB?9egZhOK2 z)>(%mY5kzHeX8bt?Z*34ZDFLi#s9e>WlD860eI8EzE4lt5JWkFfE zQmw07pNVF+?R{t{Yn!i=rD`T(ie#UVuG?8u9HF++=T6)T3A#h4&~^y9o2R->M{pUG5EWuT*WKqhB2Oi03gAaH4CxF+h z8EQ{)TQ@=Gp#ehfIwe$Y9hhpW3R8-^1k2t6is!2%08-HXP8!h12p{lG1;2`C@8adY z*sP1d#=zw=nyG%>KUjwaX1kw>P5t>}>#Gg+@Vt)aSJbT~uv}x-ogmP`L(Yw)YSutl z?4S)=99KX%tjg*S`*O=C<=!HW2Z(R<_uECf9r`r4rc!0+DMVP&bL5bwt|$Z>7J+aE zJ%;0}Wkk!|_F#rDxUaT#mxVD~=UP#}q_!;n^l(kVPNoF}z}b3va~i|&3$Zx6^`dZB zu3`%D+^na3CUtyCd^Q4oXuQQ{-e`R1$XyWj!Ef-rc2)(HwgaG>WTeQ8psesBUi;Ee~hV7pd5y1TYjpK4%- zVS)ucryS*ca#z=whyu?HkSe>A_6gTJpjB_h!v$YliVPf${SW5eG0N7a&DKoYw#}Wk zZQHh;J9pZ)ZQHhO+qQ9b)xlSFPQP8Uy#BMALj<{quAO4`Lk~htYll; zY*RPgL44;(*QG$pnOTzcS7NsUawcwQ5gt>4w59x1-!~_`Y#(HU8 z%i7~T*I?wuuf5Bx-%~1VHo9>inHv;-B`O_50zBDi;*;s0&ciQ>zmRmHdm|BCR6}GL zWVhMaZf;woT^j=G{c!h{%OOPBDV)1Dn?GvPTdo!9<+Su=iZmKgtJs5{nShA!DjyCq z3B@Wz_c7we*b4(>6hu3ebn9(!ExUr7b#0^=dLkGKH)jY?f^U)!jznuDHou#Md=@$C zoQ78oCaOywm2pI6IY~idchd-Org+De8A$bIsrRy^W+*P{+`JBda({b9yK^*uLciU7 z!Smh-XESO3P?Ns5{Z*db*nM3X>A97jT@)wVKrS12XAw}3?K-8%g##~MPXh9z$UBa~ z=Fyw)4FS7BUfI36C{z<)#&`@@VrjFr#7f_=Xluo*tbhDsPR-~d!5>vl9`uc8F%sP* z598 zHD-3DCd`0-vTX@&U@wp=<+08WE})E3uAsE(e=)l*d<=LfFy~srC6JX7Mi?#xws*qd z1&K6uDBfVoE}}&i2u}()t+X-;-lToxdIlG8rGF|P1Jzag<4x~aQ-w?Kl-~=d_x-5S z>(YyTVi9OBTEV~;8ql%SqK!WU5ScF}!!u5vW0x|FL>~c-(}iMn&%4!=$2WOW3{Z~f zHv|%ikLju)1%Hf5^R35#5AA`VY5jN}x{xAI1sU=`lK!Ov+!5?*k1%d_G*xME9Ia zb@I#vx0s+wW8Kfoxf7Ec^bYwuqpErpRdkL7A%lTjSJmXy_kEc$Y8pKuhz zeL6DwUW)q1dcCH&qfG+TmE85$Pa(R9KxdNFWGa*QyI>0p#E{@CDIduvlzMaeSGwI3wB$n}o1av#74S z38+o+*&r3q2%^%p3H4)5Lx)`pcc1NWQCWVs0r30z9rXqfFJ(8yL(kxIyJ;C~KGn2K z5qCSXPGRiDdi+{nSgN=&5@E4n>1`EikGd>pGPrFQC!##dkd{S2DT~+|r#+HQece~| zbe2_UPPRn+vwDsyz_v8~a*z5FVTG%b*=9d}j%uN@T)8%o4r*QrRk+x^8iuVHSGu%w z?a!cgAD{SZ%%JSfAMd9p@zh2>;#!WhX4?0GQuciUEjvIt#)y~Q*cJvX{PC*EFV5du!n zmt|>9Rzz?7m+QyAzeVD!1(`JTvoNc)k4f&a#r4g8IquZ;IN@vml_#DbMg(!7I0^CU z9s6FV`gd`sWoT032F9&^d2+2xL!3<6zw(N87wo)T9Df0ks7t#06QXkFh{gQrDQ(M%0F(B1@ZRHoHD{^W$CI2ut%F4SCx+EYr84)IUSYxK`LSm` z8u-d;C!9iS{VG;=^7-~Y`QE;yPE9V}CnYAAC7FS=3pd$~_X5Ie<>z_ZSe-f{Vd-5p z4U_qz6x}j;rabE266LlAP%!MHa*@1`JO*f{L*W8IJ`tz^u~gN!YD04iAw{y{F`K+j zexrYcSL{drTG4IgM)bLB8bE$h=C>?)Oa6TNA^+w}dH&<;)6)BrNOYQ6R^<3?NAbJ? zc(K#hy^QP~{d#BoT{$LWHZ%c=cK3UtL3Eo7a|8Fr4!~$rIrP$@gPZm$9^S-U$b$)@ zt%u!*bNGYA4o7L<%71R;*&NN9_7okLb<%^^b$4;3uvtD#o?sjh*d zqw`@!%M0+rB_KT)xydGmjb>CKeqhnCdF3wRc%>siFS7Lx3xB z=)G|wm^I`L8d?j=iM0;|=aEyEi#WFz(?9peA~WVD8mIFlCHF=eS3A$)m}Ht+skn5kH!DA*4R4TZr&n8ldra zLxB1*s)$fMK6TY5X9JNH_6N&B4$8F6-`B~Nt3(=95bC(<5B^%<8tklUavl5>=fF=e z8IAb5)ptE_!D`&!47NCIPdmSg)SQ3tlYiFvyyCok(iOsMIkc@_H))!bEc*C)U#gUE zuGFdA-8NQ>bu^MvYB2Kzz!M0_DElLZ$gEx)Wdk!iNUb=FcmSrfP}gwxxMf>o@9sg< zg#G9T|6rmsp=5wP(l5W-uB{yG4^C|~Er&o*f(sXL>`NxdgTF*<1Z##}=N)v(OITS! z4D*{Ktwb)rBK6IYq1qoTlu4z8wTGE^I~qGGSPSYn&Gta>#JV4GuvOO`n$7=sZS3v1#jq0Y&Kl$kzx zM!*_w&gTpTtSA=dWKk`rwVO<1cALAn>+DqQun#WSC84PLe3(!$+p0TEY;aL6LKWfF zSsgO)UZ+VKzL|u%wDd)&R&ZY(S?)sn#jp;3g{}IIdkPD_sC?D+{(fV;&-Kbni86TB zGmxRyy8{Q)*}weVqeWk1FLUHRMt?qEQ`>{@&|2`bzH-v$h7pSq+|6Fn(a=(SP)vOM zg~_I&K=&4|1s2|Av}=7!81Py!y2!KH_GA6gs^O;Ew5sKt3W`K!{M06+Kz}fzvR}R7XLbxJ~=77#39z@`4+}boQviZ zl&i=DB3#n^F7k)3k(^db&1*TC3SYv|Su&g-9t~#1USL$4=Dl4UH)x<5sLFmX5}<_l zGUDk%Tug<4yY-aDpl{z4{H_R0tud9lYd91qq8PG;ua)hk_|_MES{^5x;vM~=g7#{5h*d^zAh-hFQXzZXF3+)NPIDs6 zWgY|@NH4)LleCh*HxnB&Sj*jPo6f>!HIec|4C&2h2De*%$DU28R4IAn6}{Uuyc7O} z{ipeZ^7a%S>hR0<_zIM>IwM98UiK-%;fvBQ=l2l9^bZg73)H&u*NIH_58j^_L>E0a z?`N{svk5&IO1U}%td5^*dKrfozpNIt$cGMVc)VdNYM)yO4;{26t{O?rz`fsMNgPYN z!MvaMTyn8PPh4EjrLWz9Ud*C9zZV%H`QEc_j=G*I0}vWblu!aB{uuwck#D?4sDPd5 zY53MhI5Myoyx|W?eXruNI&kBE`%2x`uJyd=Y8_Nr;5@UV3zF&Ukt)G!rN_nCf-RNY zhGlh_fi|F|r?t=+lR;uf0&dhvJ#xP#%U!TxLo5%G;wx`mi-I8 zu~L{F@zq)sA*1&#NxWF}x~(iJ+=k{pt`Y1* z?|aXjiS3tgMsa#&k|%j6($hWA$Q+1ghza1}Sm~O|W}R3Qh^c2pE}TTW+7-z54}rgk zcVsWtpAn$Xb>yW@+{)C0$PHP_!2I^&h8kyqI$UC%3n{%r`Nae?OeS!h@SbNaXNs!p z($df7fL>}XxtgvvY1I-)H(^*vX?}g66MQ(j&QyxYDl>vN_*Xk5<8S>Z3^vQQ?*@SR zZj2z>f#`ISG#Uqctc~F632Y9Kzikl4uO#Ui{Gx;+dYp%6_R4WwKRM-*Upc%%h5L_9 zW;+Cse*h8_dNcWpqc7n)j7J<7pSe%$Y{Z2K`WTh&N9RXbI}mNj7{|r|cUKhC;VPl4yM1v0-g@v5!8~+i1GRN}; zD)?(Ro+aDX#E_a9z#??TSc#rKTWlU{FBqA)k7N|q(eqcv#2w_tOuIOkC8hvGH_NbH z3*>e0(8ng9;z!^;>W}sW7HdT6))h4%*U?TG{u$?ZDF=^1x!97mT@@uW$#@-&6$i|Uq$)8W_4 zy1Gss-AHK@?6;7%HUpYX*gqN|Jc|0j5!78BUTjt{pA1p59p?NS#GG?XPz;J92{f94 zfq3j}@iO3D4uAoRV0eXYPrS}8G<++5jM-}7D#;}p(1f%%kyQUGuO$wvYJ~|W=f^%Z zXK$z!CPjT~`D7lTYbjHL9-RWnPkSJ~Q_{L3J;*@-vuWoGAB$lFm?Z&XAu!T$a zmnOGMR`p^VZUDH2eZz}%&?O~W4@^e{5ubIx*de1MM!c-6nRT3{hD*i@&2FLlAO^Ox z-r!X8h!T*lF|{ix=3rOu`@jzF5KBP@*eD$1p>vd7Wc=3kUP7^5D9UsG<*&{?A@N;@ z#lD64WK3>KL0L-#`16~hh1&IstgTQqF_Kpy9h?>h7Ey=WV@IMZ?D~dL<^D zG}l1-?Fp1`B)e+tr%J{U=^YOnQGMIeN||$Z`riF!O9DZ9^j?pyvcWa4_a?OoRgip2RC($A1?fl=&?^r`I6N)H|aNA4ve3n8gCY@JKXoMkE`7s-0wD0Vmse# zLIMtf5HBIceHm*=7G$a1aFq^H0>qQC!c%VQNInwJb@z^hZMMrXbAR$nXAW&dE_C>K zn0RJm`Wi3-C5_&#>5YakY(P^ifZIKY+Ay0f%A605@?;Z2S^TOegQEcb+H~|ZVvlV} zMC0h{6y^w8iep!f6LlV8-dW|7o6dqQJe_lz4!n@kN}ddlzL5urb(P}vQF77AFoI_- z#Pxh~1kHtj*@0VU|Ci~{t6!p7BTjpvvw7`028*L@WYN;$@;q&mEF<7nxYbJmwOsm} z;pu$=RC3=hJNPUZTJ#=<1dF|w%Z>|-JZSt%!jP_7n~yG#7*;~p-Y1JS`7C9zRiG-Xi{Nw&h)?xUEJpO{u}La)>bU-19T z>|p&UGSM;rp9YctW;yqNVLSJqzvsrr{a_n-003Q@|6yzQ&x8K&SkOO=zon_=v@wk8 z{Zg~)Sgd3LR-DCbfqfEIcNknHWFg#UOO_BqT1(IZRy#^Z5dQVVlhWl^Xzcc`DpSlN zak!mLtzDV4A(fl8Gz!ET_p z<;ab!SJ_l7UUT>9M5BuKJ#~5`ITUIcpIXlj?7%g*aVU96wDUcJL-xzarJv%j&P*rj z;4B;v>-HujG*>Op(G5Z+ej5|wYKg}%B%=^;lB=XxQVB>+U(8(%`r%$+U4bebJ6JH> zN((5$Dkyv`#rEEX-4-LYzWVvbsW;O(dvGTdSJ~1YG z6HzgTeL=l@#Rj!zfESHhB&s~FZ#P0PVo6BZk&{l8?=TvD5o)eBl~eA`m8hd>YSqv$ z*}1#EkH#93wKkJytOCeFZS&c{%>&nVF^Q(?zVxno((vxr=cgNb3ohVeg8^`XgI%y% z&Ub)K<0NP#fkROj{XoS4YVvs|o`eY>)&ptnUd_*xES+QBke^vH_;xIXWK<6?cffPR z#w9pZz%H#T98m5dOme`sBa+4CS}jOQh_fX;F-<#_s>-0FM=Ke$pFpj~;(2>!2@O=7 z%8q)>F_hTAe5L?%=L!e6+XAMi+L2qwMnd)?po@@AVgX$kKKa1UnkU!BN3PZ)1x&9^ z>u=CJ`||cnxKG?xBWnsiODoOSy3H}TMmR_yg*gr{#bDojJFK5NG{ssEacu^k+!P0A zY4HqQBSB2XX?!Q>H~=%>8glUIIcVAU-qS02xD(q7D%v6Y(+49T=H~@SipxEz`BZxd zV%j3#>wX49pxU#~I!z70SZ?vHQ5ocWzJVg3ITYa9MBYT>!608-eK2?Serzo$yk%om z4j6T0LMCoi$jhO^PF*%3X~pl;-H1q7{{vaIxT9&B>&w zVMG;ibEV{xc`k`%2`f89i62-#%LgMI2uiFQ^jNdx+NDJb@F=WzkVE!IY2vZQtE`Ps z-ae9VL{i~^3Ol`jHQhFBwg6n*?jYL&b0X;pp1i2$#Qk^3nuwj!N7rkXamc8`ChK?y ze+qh2SyK1^1~Zr}=}zvand+jgd_YXpinGM}E(2hop9V!)Q$#7yNr zs*TB;m-H1G6Ml5;uPLI`QSShMOK}1cor9sX@ly(Ds@4;sI)by6E*~MlvA8L#3rd#9 zeM7qPsq&gq$5|bT(lcVD2@9CoG-BItIyx&KS&Ss#&M%C{1iF_omyPHLo@oei_bX`E zOw2{X#kV9qBMaupTvEu>9X&P^UxvsFCDA3H_`vPtoQ<=33-*N9ix zZ?xRK`e}qcjSel1oUfUZNj2akp(;znVTuz3`c4n-hoS>;1S$ayTr2@3L+*jkt|Gixs!zOo%ow9e=&;re2M(6-nB8tsXcG~&b3(ni{M~yY&8NP#@ zCuP4Gfvp6k7R-H)3gnO3@txMT#Qk#+CbHdf#LQ>N5ORT!1b0JdITC&8pG-m#SI_sYYE`}<^!k@ ziMz^x2+pnWTp6oRmI))%%L~;p-fdUA#f;0IRT;T@q(Y5d*0=p>?aE$D1UXiP?a&Z# z=_0Esv!@&i5<`7Yk*?$!RjHr7B=c`Ylaxg8dSqTuao_JlvLI{EJ)ELiAAX6O)@> zg!sjF5g4yYL5mJZzb@BnA4IJ56{lB0Mt>;Ft|=jtk>dm*8ufDyNePredZ;)KgF?w% z^iOf1DDhD$y@#KQgG(=p$lu`9I68!8sBV}(^eX82TDeLLsP41~t|YnO<3<;1c*wPA z1qge2a9gIn0yA~IHV_M9YgV991suWxzaO?bBDoDyx;;4pjW|t0MscVrRmx{a8?4i? z)^6}iPvrBd!Us3W>NE%z(A z0bt?c(`~TZrUK>n!bmOE-OlL{(5OOrD8LZ-#8HbHd=qk&CKPM7yLmY_Q-<=mmgAxJhLyp zO$PN=xw~$tEXicob1iY=1n714r?lxqo%LvWzmL|X+kNO{A;?l!P&WxO zRC715*r8dzH`EBWN>RI|HLy*VurvVL^^ZSS3_}zQPB4akaKo7J0@Z0+D){Oh`}gWE zxh<_s7KL-F(B}EtY{=fZU1}##sJoLB?z!;8g|<{l68M(sVh;(wgpG0u)aXiVvoYZ!hG;UQwAC^k7a-&iFR7{M9>`r? zmO6embbQXz{OHVLJc9y7qYo*h2IzS99d?|CQR~#CsJd(%9n#_$E2VXf0Mid%SIp;BU{nDR-2Y+p94!Sbp`uNvpg->)6Me1IrmK>G-2On5q& zg42GKZmz_E!7u2R(t7+{e1j&;20qD%QJx4Y8O3>B9iodJH@A@(*04#40vC36rX@xhVuFxBGUPy4kp5! z=pCv-WBIfyha7p3`Dm6WTz*}T9DT*G;a?Ap3~g;0y7YAFMr3q+YJMMQsaJZV`RG+w z`(B%O19}ghl}eG%1yZZ9lF48SJ1Jt?p99FyrG;Y={f4U3pZqxb`nUk9?DlNa?&{F0 z{`UM@cslP!;M3XZ`a*2f{;c)t>HJ9(Jl(qYcIi4^0Y}pvzS@VwdEWclm)-Pk?da0b zb80%;=m)bydlR{^V4A3VN#XEc`0@_}ntsIYA`}!Gw{gHj zyrJz+2JZITJ$3!`^8V#1I}Q$K;y-~UgZ&W((5Bk#$d$EsaDFSv@5#~o1a-6Auwf=n zLD1}#pP*6vPt5(E}FoQ8cGbznK+cC0>RR5h%1a3Gpe$srnv`G&paVP@KzE(b%G z-GvOVxmSlh0NBA&ynaEJgX`^|Z~d;jpNPQG7aG2z$X0M=l|ll8g5R zhvHU#b-NVLj9}EjD&S_o8kHl6Xy*}B8!(wtqq)nSO5fcx4=7+1a96NqL_Sz$%#5+d zgq%4oX4mK}@#4GDXh}@ztDh zuVRZ31Uaw#=Dl9lla8)h`X%JGn?Jcg;Pr+M)a7Eam@^k00h0f&0I!>CbllaIEuw87 z&i5qdjwmtRQx(7-2#pnvzVy|Cj~tdlcE)j&KatSrs5!#i6hGXdRdcKKaU5zZ7EA_* zF4NDExm6S<+n_3S+v`0=PhJLs8~5g*>!`oW3TLK}Fr@Ja&aRRJW8P$+9{lw~H^EIn8*t_OjN?$+;h`snC|g6NSL0z|v}^Obwned~=iF_%G9xsaX6 z<;zrPfsq4qEr>r^2;ya?%kdqr^~3Vd7m{)@sb2qV&OY9E786QB)S~Q;eZN$|r(X%i z>yLO3@Euu0RZ@B>f`6tt>>vzI)kZXeJwIeFjq`}z^P7dl{>Am9_5=D4;J+Q_|5YLQ zj}?f27k2*hVg5hsApYSf|37OGD1R#s5CDW}N{Se9Zg+-=005`I{)d$6pJ(__YKVWB zAW3t>b%VYBuNorP3~zmUekjG6PIsYXq;7#c+k#8iVgAoHO=uv=AW0vX_{8{4X31Oh zTiu!pfbe*6rUG8O2@nNJxvP$!l*)wkvg2zh8gMdRvl6-bCB0O!5O*2_iZ9-YA!Jk)Bw=3Rg8d-dE#8xEfc@YE}gsS9L2z zxi)HSM`hEGV^_Pb4MLdZ!0Jc_G(|)GF`hc72KDpsu4-ud0YY&+*$;kPw&E;IK^H7}wpABhBbG+)gR>6kf*vw*(s zTxG=DC~f076Wd=Zp!)H(8~7xyBZnO5N7mBfq}*0*eoi=K&LvYM$p`~X!>mK|Slx4sWT;Id zLp6`>)#o7o5R;x^bDvaH#}9f%IjOD*SzlyQIy-|j&$5^w-;z@z9({ijA>9%b&?a|$ z(p{wk@JxeWvPnXQcR$GlGR&YJIf}SnubS>#jy++!Y#lbRZvSDe3E;Z2wYA$v0{`|$ z&EQIU2AjI14XKGP(V~}(TTDGVfysezLYiI0bXLuiUNP+?dO4@K%#l6Cfb2&RtD@ZN z37ui$$crEuI*aaC8wkh=>9439mu{qX={$^7P+G^N{xbW?q9u7)g)bI0cq|-PVS{?I zlx4e_c*J;Xi2Picta{Dk_Y8DYneoM8w)|(zj7v;b%(NS5j-|G0wMnMdQjs#t)&(xz z?QjhZt4ic~$eIB`F0oBg^r8v}uXv{#nXgTjnqL}|m6XCo70Atgi^i7hQ-lT>K$D(v z0MQsh`k#;0Q=d>K#^<_6#YD<5zQ2^Hve!iay6+tHMCuVoK8!PO z>|QFlN!6*1a`|&=uZ=Ss65ixd`)!$QBT_dCv4gablC=KN6g2tmyzlSQ#}iCrA2B4@ zteyeE+?aojy{WZ2C&0YnKQa>+`+(f2(50~e_HUCKe{?-S2^;~&J)l>L`G71p>Ql{%snHi!T^IhSjYf( zn~N%c=RVockU6j-p%1$3b$}d5Mm_Vl3j9VbVd}Pf~^7Ne;9h0fYnn? zY1#|&9+aiRrf~u5j^kh0ezS?+E*$`v4)jkHtlmP0<_xe(CG)VxT))qNsROWrPo`Dt z#Fs&NDw?ztT{#aCQ31~o&4beDB{_X=28>04H5$yZ2dAi2WJ=v5Kz7I+wh{>oue$`~ ziviz3JFwU{z9N%}A+4Xx3X5S^pNKV8|A>6q%37grQH87b!5d?52rl|Er-}Kbo`DXuaOET=a<)y8IV<`a+MM1w*Qc&L0w&~UW znp-ySG+N(!5bY)jT1?ERRrWtHg&f05WQ5bS*p{z8fMAaKVjOCDy<%PD>Y6Q0qJdBj z@-8(lL#WH0UnhVi9wEx9$~~PVaWdp3v_VIRO|<|aA=!M@LqjgMB|@sgev^jO3GN&W z0%mHC4|0fEL|sCJL`%J6F5>L!M)<8awrCIF3;g5P<;Xf52EHG;fzM62JV%3D;FTGJ zk-^=6;z=3z#fz02^#VVOdXL6_aerM`@Z7#?=+8Dt-kia50pn7dp65 zCs#ibnswk(ufeyta|iPqi8qB{RwjC2_Ztn(SJEt8QR?z>m4P$`P@j+Uj*iXgJ}GuP zksIQ9?wPV3g30@!6~DOv#t5ZvyaNvx2QLat@b}s+a{r}N*yp=x zUf+AU9b>O5txf8u2Ks(hVBDj0rSsl?V^AOC-CVj|*;&SKGY%O$4e=pLU-jJA@}4Kh zJ(3tVRT#Mm7%U#9s47?-o1JoI7*~>jQeXpb5&zYOT`M$GUG1#woN#K3YiD``k!wAX z`p_5I&03Sc!~iqW308}F;VVFCs>#kJXpEN*^#YBgUjh-pqtUoR$sXM#@6_&xpODV8 zq=F&)(cG_}F4{PlFh0@!&N?NKy@-g2ZD(~_rfh`eKmI%z4)E@Om=7b+j3578c#JlC7^(z8#Yvj)O@v47DWrUV zA0$M^!fy3<)jU5BYKV)tSsta*UaltI>z-$JNb#0) z82_O#h-LinhjUKPWONu0B3QzT4glv5Mw0e5Z(J7NGz=JH4gqBdNmRCh`C2R8~wM#Tr0EX#s+1TwXvO1C&6>#uHXmM_4U=>vyF~f^-7mD@jEZo9i7xKKi=|QxRTh((yeugFxwWp~WPiAgWy$UEF&^YSXbHwP-7<0d zSohN_Y6>0T5M$rIDc`(5g}E@Z&7YcVGboo=6PQSeDa>dqI2mN*&mv>EZBw&_%Yq4S z`pz)ps+mnjV=>r}?&`>!#C(xv$YdXKB+yRoFdJ9mr^XFx!9j01{9>}AI0|#pDb7;> zoO2s35)o0K48KKz>>_s;hmZ#146&&=S1Fp zyS8Ib|1z_C1U-Pbo`Xjo?d^SdM=wEDtTOSf)%lF|Q2AR=weH$}=s=nx>K{egk_yc> z`;)T_(}rN%c8?M^u7j(o3vZd4u5&A&sra~`t1NrzVACHTt`1OP{uK3&qxdscT1GDb>_=8H#lXFK+w4=V!)Isy2q?s-p{ zNT%rdM1+)6Ni-Q$uaRx#Suy+od@eBiOT*B2(e$by9}?3m{L&x(A-4Ur8x)^rH*+mu z-SjqCXGA%7(TV%cCYc9XCbvoo3%)xj1SUn=$=N1b!NQ5!FYUIuBa%%$7dkC&&rfQ4)6tGuf2c5p%Pw3KxDq<>*8vi2x_!?O zk-AJbiAX%*W5JYGY>0`x_K<6i8cz(o8h1K|E^M>{6I{vxDgm&b36=$LzTWhAxb%H+ ze3CY1NgXL139kFgKC>k)&Oci%^Cm)e8=XX{)zBZ^BgoxNA!GWoUVp1BVn^#D)~N#z zx0dUkM1VA+I~!1yO&Zti zJ*v)cF)l~kd_+D7sGHJC5EP^8@Z}}P_OJJyNDOX(-X-9RV*^XGTN@$ORyQ7xGvrh5 z!t25 zM=-mDVaJ8AHbNxlx*L3n^0Go9)e(YUaOdp&T`=Jm^3e$bMhgiDY$1Y)bEO%}<#x8)15}n& zx5}gS1rSbt7#YVtADB~+k{vM2>_xf#$R8=kI=qwBKHf77SFvRmgrU#s5y;DYst11Y z+gF}XI37z^EU}tA-&!tQcW%+G(6;2)%wiNPXqG^{e$*WQX)K-;89>W+z4q9Xl)<5zGyC1NhX6w?emnrs-ns{J?fOWbWi%=pLT;Tp zv;iw{0NBD0F1@FeylJSqS)a$0hqQe$5U9@{R)9ZG>tL%1pP14wA z6Gu|vg_ls%k)kjK0G?8h<{WrG#U*dXfKFnN&a;UEM`KIKYkhT)3Q&y^&*$FCPa-e5 zbIn7)QV5Hm!Gx+D%E_#0%BR?VR(ddMvQeJi}4^(XRL4t&7ii7wYcli8LS$*Bq6ox3bb*;r08g7 zFSG4{JW}u9v~@m2r^QMNa^{YNHemwNx<+>>gU!UEpEz>>0xu#TTtzsl5d#?Mm3(tI zxuKQAX6OQ#3lt>K>T!&UiVFDCu^&`NRQ#S zNSR%V99r#U$nI{`0#}&uWJ}~g)D{>UbqX?aCb%^HFRWVB5M1}{UXWS$Hur|Zji(3P z_lfI{g%GNA22Kk<*lB#XFvfdpiX;!o8-<3am->3vzEoXz`i?8aM3bEYKIX63tH3zm zSlIw|=FKm6G>(qZg?5f}G*8VYoQaN0iCG8~LWbk6_D&XIyTP|j9euWv8I$@0q9Bq6 z6E07!o-pN!=E);Rrk41G1S0m_P`6sX^vCETmPbp2a!x#{i+swEAU%sxvO^oz2CRhK zGbP4iO8W2@njvcD7jHqr~4SEU|rNqp^ zJIUKU|Cz)4j~-?JZp`)1EAzjo$A4Iu|35V-8{`Z6g8thd__rs;|NWNof3lDN@B#j{ zE&Y24@4p%xf9LpL59q&>IsJw9?VauHteyT}WMUh?d1u7@O+rWh8^nw9p9irvaIrNq z|F0s@75kz$2oSm+PzxUQwH#@muqb`xt5myK5sBP0bBBEOahAT`;bNUN^tdN8UXG`F z_v{h)mX05BPorIn()j6=W@Ys>i4FqlDz44NxF0pbxub^pUi?N`w`He3`f- zff~T@Es(%f(RX&Ikn7`#%-z`vA8Cxyz?aR1TthChI~b>0Lsr6JHg2I$S{D{plOsC> zN=NThR^fYtcHbgkIc`4pKzkVG6 zgLtI_E%xGQFJYAU7#h)t!n-p;wJYSFp#Ql@NU`Mp3xb z>%hsIkY`H{&%=y}fG)F>hEoz|d1;z_YaRb-V$tXR3$@%#pSbgyZPEQu34L(T2khwY zzI}-5Tf2?ndtQ7A$`_Gsxxyfe-{`VmDe>JGU4Oa6t{sx{i z{{5GO@t=R(zZv&T|Bo{6U6gICHhv*|SL-=A<6kZyp9MEi|itLzxbHI+n*Os)d<1pHa8JpayHy z&76>@4xS-h2hdBf*w1u;CF3*zaT6srax$~L#ZYC%DDd)|0nFOIb$|PW$|q1$$nZJs z;AlggE-;FGzzU#9y3KZyL|aad|I=dBlB*>4J5MAEHI90+;c(_X7E>!7s%%$e*(j0} z@3j*SW2%$62{n(hxSzwGt_ddd1aGMm9&y2{(?P^2?o@PasNF$%TuPgK|M2iIMp#84 z8GC~qu?wa$7VdZ$Fx(MxI3HPoPdrP!Z}MAFBz8zh6r|E5BhFf`ZDEIcKHH3`ydG5) zTP}YCgV`xuzVzX*=E@|1cyWz2{5!I`cAseLehuxdF%b&++vu=+-E*HYc~;_>SfIE= zmLuj{u3$BEXzFz(FviF0&4a7$_o`7?g~X;}pB8)0{4$HS^d1TwUC86w(r^BxSz-(v zG7FR_ERlpA_=Jv&F&AYQ7l0@!%&y(KA8`$9%`#xR(-yG=A1^mv9;_y}6bHU7#iN0V ziN0Dl=6YsM@veTIy;5$xbF0w>l5WMHH@Yd#CzJGq)r>d-xKUH)P-_7vbpMGnNAp-# zILnrc@piCekcerJ`tMg7w6uc;Bn+mHQdf_(XohxJ}|GiuLuS>Nk z#6+P68~~vAuQ}1bA@2WSF*9&9GPiIw(Q|ROu>LPrqb7B!mZl75+ZK-7HLqMd%U!vi!@IN?T9>OV-MzPi7OEDmW!V>ZW!cfUDTT*2#;6IQj_NXyQB*t8EToy8h1b(y0Q92nJn0WmKVQ$$tAydd zVb}COO1)+>O+Wnn{)_`u?#)9r@62R%?$n5{c>5d86q;lvRptK@^v|jLwJ8#i6JtZ0 z*w8|-+YqB5TYv}oW{pyVF!GCH?AY|7KRg)wTDVRIQw{W73|_YinWaoWCE=I9gjhQr zl9w04oL>GY#(?=yX>EHG-TRgT2JN9LBHLqW{Dj0Yx#|P;xsU?%wBhEw-7Q6^CNx*k zdi;Q}$hV-`%~;7Z4YuNu>?Wc$%7vmwIL%3DX_I-i$WU%S#0+d;lCww-lMYgBx3%J+ zE26#kV5!Ea7)tyu&Bh0aek>gxXd&h)A^IxKAp0T0VIWPKO-6BizIYclAcdJ^1$w^i zW|GF888wP9TJ8`DfH0CF%3K0;6*m<;4|*SYi08cRyf zAlNi?{iQf#ZxRCG94n7H`Dlz!5+@+Co5PeJh?GeTrp}mHxS7|e0$@#safjFx^86*B zsAj&S)^v3aWhiwaow4^!jGM3P;I_9TGn3=*nCHUzorbDe+qwd>kSFE3czM&bh(2D0 zIARHapu+E264i=`0S9&30|%WkuG;_S0v>{$;pzOh8be!yFz(ZL16H3~)zXcd6|4A$iba}2vRMvH^HAJaox9ZesI<3K@+v>u7MTvjzttoff zDQ-?^<-c$$P0Vemq7Z^wl*UsEQ#y4_tR+X?yVrL~vdDcRGp9BSSfdmdz)EYLjBjSP z5Uk?fdxGxKbv-Lsz>Xh0CU2uv#EBGk$GY|tk zfvugAvfm#Cej2^vR=(+JjZP61B@S!f?(@d{ybVjGh8}Lc7R04A)$7};#bRAfjyV7j zM8;Gln};C9O$x{mg7;@xQMQgJCc#PZBs0UK?CTKM_*z)w)S4}5mp>!5WdN$^Z!@Rb z#}W@6Jt?ny#>zjUa}PV(fB7E-7{Lwt%WleBE9VAq^0#sfm_x1+;9m0;L4nGq3g}>h zSPSloml)p5_c_KuK0W+C~Ahu_mxd3gF?xi2f@buh(uTtoVHWlX0#;GB33 z#Y15Lc{AhYVuagFglrJ*wq#0s$iT<5)sBUQbssEVLaP5 zSO>@}XT*W% z((yj}C5m;yTyeCW@UaA9j!~)|^(RAhAXAq~tsXh9$h)RGnY*W~4gvOs0!@eCG|8@A zH~KDI{i7S16o`8s9>kKaA*f~Z=@@4lMVQ`K;eX9o$*<<}DUb`>HjX~yN=3I%SWB4C*{fy9-& z_|UR_pr;yJ;qorTqjjU+b_iuZdPLctg;vcu2n}DQsUZ>R=Q#NSkn@TLl{oOVb;mr9 z!=~a4Zooqa*rOLA1!Zgga%lyE7Na3XaYn)hw9%m?_Vbhz?2Nw#L&g=#OEH1*r7;Q_ zQ~#LBwJ073XKJ~P=$;#Q?f`Wmp>`{u?S;CT*5iWdSGj7?=yHe}nnl?;vD}cK$w0g^ z9bbcMcZc>l<1F(lf_C8fk;Yvk%KD;@8$lA^KSSV}adRK@py2Zp$My#y+9QUPCa;+H zJI(Gz&zRlbDF7*#9_;GF7r!w9NA^b^C1A-ByY_Bx_PD=(_1QG4Va%Und%Zu=c{%a$ zQlkfFJX96}X}WYkYZv-b1+$H>_K1p)Mo zP3#>_j0~JD>}>Vi3>oealyB#A&KP_@2>;**;S>J%FEcc@aB|jjw72;m7A!_- z-1Z0Pcb(Hg$R)n7Nsn zNzA&gag>F)Y(ZOS6tAaNW?uFySae{tf!l~AkxG!YHzSdFaO4J@+kiC9v0nD_=gnX# zkhFmc#duv6XE_;!L4J`o0hbmm@tW5bFNhap+RUl78Qq+q>(3_(UAhPqHf+I>q1z$< zp+bs7*90yVFmnzQ%gx_wxJ%@&($G84?Q`=upnwgPG!@bqDV_jm?FAJ=5k?HDR|3q! z#E|!t<8izCGFRS(n#v%1lCXj`kYEV>K2P9T4aEs8O(6e4CdTC)pf^un0>}2_11d8q zsbw^&SRRdeY|$&? z=Yz;Q&YSi?K_IPSh#U2Xe`R|u3#QlF;1MPCNwZ3KxS@8!A<5QO@-|XTBCUfSb1Z7( z5t5pgYrFmmY~LurstYq;D|hY^N7d)kYET#q=Fwo}nh9QbJ9=N6L4FrF^!`R*;KA_5 zZbPBbT${=T%Lc$Gc>TsnI6f=W7PSJaken!+cFdfv+wM#vyfa~THfi#d6()R@uJG;m zp9vhDC@LZLA6CKn=V<;15AuKg%Kzt#|8I7|#F6Od#9Nq}I62e1+gSg&2q+SHtp;b*Vh!O$>X)RvR)^p?pD`u zmVgtVYIcft;mvlEYn!w%J`P_6r8$a-bjV`dabZCG*dYur6VvPxB%-}?$Yju zJD`Dp;_&`=&*Q(@7#DkMI|E}qV>=_K|KY}{);PCY=RoJ79FB((4v{RMET z9c$^lB>yv~b@4kuP^xJ%hW6}FMY&ho_owMge3^LU*6v4N-C)Kpk8d{QXE?2|dc5>e z;RasPS{0^WAA8cNv!+^z@hfv$My~YMWkuk%y9KMkLCj1ETj5Nwm`L)8XUf=SYzn8u z21q~%&T2Yx1F4uS{S)SO8TsOtwMl!*+6_;NC5x29_?U6^L2Om}5kp+~ii#q3Av}~Z zwO)-b!7YmNVJx*>(@k*5#)GP2O|mk)V9~Qj$XWK@-e9c+zOO~brUPnjPoyOs3;_ZB zwoC3K26!liK^wCoMog89j_Fm%ytI>&+LP$NULc26EUF$JfrNg=j-)&fqv54=%M5go z4K9jiYMA=Fy~@r>MF%>ol;(r71r+l|UkwRhWap;xxcE{>xuh}DW2**dU)hHXccGpA zO?RQPn%(12>?xOFYS{?&qN~#(!f9v*R!Ep45!13mC4IORs1gp31(4{eZUDA*8oIO< zO5Z5S$n{6K|Dj|=HfrM`ShA6efq*?(Go#`q^tnB1fs`drWerVJ%&~DZMK8-xYXby2 zD%eRk7+1p{5D%%Zljqah{`>ji;px!pV(0n&IRA|1LlYk#Pt{Y(AADovs;Ad@Sz0rM zT={+w7!AJI{ap18ZiE>@y5d8DJl_U}+oYML8q^yU73VG5M5^G-Q5WlXit9Kd$9%ie z1Ax~rd`*@t@y?U#EQ7zZ8BQ7!J9k)5*uF)p1{2Tn%4*79(o9S%MAQ!=lwBE| z86q_QKFhhe9Wy%gU3BEb8)MQY8GODZi|Bz04AHCB;>MabsN>~|BUz=<;Bg`#;cREo z2@)35)@p}BG_g7%@58>Eo`fx4L}WH+AGvIGapyF6C0yIRL$QQr%3kpphlX#iUjg)y zm*Gi9h=D(|8IOpP2YvgzX44Rfp-Urh|)p2h14Z3Z>;Z+)bc|f0L7L6uex(lsyJS1aL&qQhADXxu&qQxZ^+p#FAVN*_= z@+z4ye`1-O%}@i8I_e4*>aW1Y$HiOH*KYgEpTGkd%@dSqXh@b-=ue5m%fLd%h$UGf zhyBlsELlD3QVbNYk%LsD!m>A13NTrjlrk)MXZ+&TRYvK z8_OL?p^GF5^UPh!gBNZKnZ{1fV8crlLlqLqIed0nvrr8c>$l99oQc@Z&sckEL}wV0 z6=WBDeqSLkY~paju>?L6J^?ly3U=bZmS$+jf}+|D^(%M2o{ro*j_-Nyfu%Zu zx8y{1!LMU{ZU#-5cyGZR`6S~3+thr+y_s9d?1#?AL$<4KDf6)NJuIfT4=)(71Cd*l zT&x4vz$*peAX(}DSpcAXEUH%@Vo9u`NStAyy8sg|z$${%zPT%w&>u7KeBc61Q5duD zn|F$JiNzGrl`uC#S&5;imLss0K6xh_vgkX=UPCQ$%$(_IyINn~_ruBeylw4nPltz( zpShOpyzXuupU1t!S(X=1mxqtlC=#4UT$|*orYy($`~xQJ;Mg<|=~V-7>&1M0O`b}q zk90fRA}*US>g_NP4X2p+Ldb$!IW8v9xDtiAbhmrCzvB`gGl|Vm!cT`{V;w@5u2qs< zDD;Nqi`*G5*gvKblY7*u2IHf=Y>+0zVIH@{%aiE$R@GKyP zoLwh*KFZX8P7TFa)K*_k`mQ$ovpP|eHSQ{^;1WI= zM>hLd4)72~&-p824R@P8Wx8$Z3(sGS zqIW3)rYrIa1&IeUQZSMoU^aZY6nY^wTzNAR{4NK2KC+S`=TxO&H!@ zQl3mHBUBLZ70~6m+Zsd<$@S~omhJVw6yCRq{4|reKtN|kKtTVI74zSKLK8DHJque? zyZ-?ZPV#)Ft+P4yUh4&nZi-tLnOvNAvf0(HTTQt-u1i_>u1I9o_-IB3le$tRipzH{ zk-ctn69Pf`C#&`h`fR!#{{dl4XMi(>0F@?3CF``AUvw!?tlF}kqn10c{LN5d;^TPN zlwv_4N_{8fVpG53DykzYsh{R_0Rmq=(b2I9jYZYaab~<&K4$Fb*kFAQ4Bs7BI*BQ?e+pzlpNIVeH?NaR;62`8(IGf1OoU8hyb{Nl&t0(T1Xy08K3ctxv#bIPWfW$8 z^<8*4#|{;pZ8XbKFu3SZgYowV=VA9?=}kVaap$3{fD>u#C6Gf4X>E(crxLGxFe3^< zLIv_vYg$a!U|tExRYn(scdKB*VJ+LiRAGfYG;HSRwJ0#)9eU{-n*WS9^r-FiP~Owp zIEC1kQ}ms}$NkLMpz&3RXa{gosnFTd;APUE*+8b}_+VJ1vl1keRl63h*KI-hOuY{-d7U zV&|XiNGz_2hZ__4vI%$kv<#T8WQ z=JVBIhz`e~f|pxGK{q22Og_fUuFZ#$1*Bld6EHiiXbEk7#7BLZ1FijIzgR;T!X_WD zf{t)@0n09%{uJOPSSegIRv{QW_%)v<-QdsUc!lWC9BBNnkCa>=FVEvXQN^Xll^p{z z2oVYXa@~L9PCP(0+WK}}TY^KPw&!zqcz1Fa3x&c@1{)Q?Dia#;haD>xI^^oMHZvT~L?rlj2I3Ed18?j&NMR*R4CkXvG*xTd?MBs_LX0;x5|6u8y zZoUQe#2UuOY6!RpFLLz?o;iO*<~~IJr>GA(UGy@Ivzdf;!SD`Rb{mZTV%nW{{03jP z_1*;<0}{>6>Cn?UyZ&uD+q8ofLwu97@kpPdlH|5v9?$ z@pLzdspkjJ!($MkEqD_ps9cTdlvZ;TMb}mVD8Z}~Ung{OHh;8x*!N?#*%XlOFltr0 z+kzm_YIoLViph@ADC2b)xG^T<{t>XxCNkvJs4}w$NJFW7)5g;o?M&2_lb|QT19jGe z<_R0`q>XD^TiPoCUMm5>Q=}dlzM1+*0HF4U@0?=E#6R%lYi-43Smoa0HAwE{FgbpI zMLleP5&MMkCv`6|qR4B8bf7$6D(PWr+v4Cn`jr;ZB60NyM4LWPNV(Ne6bZ#pO0k_I<=17|%kONYkjQM^glKj#;XwL^naF{AVu9sGg zc-h<^>Gk_~-}d1XEwUsX$h|8w$aNh76%#%fu z-wI@f)?iX|LpL3S$z~TK4uqdHfyAL^k{*AgBr~{HSch<8E1ODI4I)B(2y%pTf!@tb znvi(1Cf`ja4#S0GbGKeWM|C1!S%tL>6`WQLMT$F02&tLlwlZ7oVsy`vIyYl1$NC5Y zl4+?D=}I7CYjc(uh>FC=Ue9?p&L<6^!+juZLH{~cy`sdEmB6}$a8_~=B|lq&k8(KO zTm*-z&_UD53LLW_a}mVe{c6^sd~Ky0J^))@t<$c;FLrF`9+L_ty*CqG^68LFiB!bwKPxTj z2dgbM3A?nOThlxkw61%@NC%$6^SJ7UzXK-$c74i5G%fHbM{qsZ9b&kv#WOTAtogX8 z(VPRC(C3WniY4<3fitGFZXe#GY%zORRjsOz@NG7os}~%>$1k5cov?{k|A0ZQ@YJB( zo$C3As^pk)5lFYgwons5Ix&GFA+xRyly!7-E1-vzKC`j7?Qz*Wi@X8u2h71-(sv`l zz=!3zG?IT| zo^OVsJhJ#s%mQ_Q3M?H0A5WcPT@^BA2y+53noJn12(J8b*U<40nv?GmJRa9J#+V$v zS1|o>#H>?>^~bk>IgXcrsqc0D``pcOJQGsBYU>8n}2;o63A6tm@9Y~L9m9B_w)si8N^2sVt5 zF$Dd;GC{GjQP7+@iPN^or^;P#<7&rh3_aeQ10VAx>ebxNu^X4~$l}pWatvDKjK6`T zLFc)H+#fKsHMh`i;QGhhm3Tlq*jMmeG6&)XOE-ieSYJrMxgPR3~$j@I^ACvUawK4(4DHcX^bZS-5{cj!cj6iLm3- zp8%*zpeIMeCgCocc8U53m=#sDCuk)+wYadhS}7<(HenQZybwT*L~ez z$7<;WsMG@=4)Q|fV{*D{rWXNfR-A}W-9h3{jHkhEERa(iWP}W6L)rTZp!SkuU*y7= zZ`jnToID=)`5|>-Eyu_{A+=#>Yr`qlZ9TqT2XV*u#EF|aIqe4^8wTNf6H-veMV_NZ zG22uhR+cSn`#^t2^ZW7ECT>rjuyK14F*Z2(EmTcUj1f^0Sqg_M(Cb`VjbLE9#T(hO zw6te#32MtqI%t=T2A;6#tRPtsW>1}s+Z5>f3^bf3Bt->MZ}rDW2|^GmomL74%hj!` zBSBC}vP8s@>T^EleDBC6h=AB}{+`{*4jb_{RTW@b&9-5V!Oi59Jt`2wNjO2dfHPpJsp9(bG>&RA z#wMW#gKp3xtK{#X)ISP{H=sj$n<&r9L3X{awzs?2bM`vA$AWSdyB(-1@88z|*wQ`W zs+NURRDRD_fEw1W{R5N?X2%19!OzVc>3oXMlx2ngb&WJs6ug< zRAsEVKOtdpa!Jgn9>eu~4lKkUAn7|;fnSPiix%jJY|#SRz*C3^J?Gn&*&8u`maCJM z8A^%!{cw3^2QQcr^hv+`@AdCAVKl&qoEOOlVbZ;JZet0MwsyW6`zm|B8*pnYEu8{?x*Y>ipfzh<)=S5 zEigUJS$<9iPrbyTPf=|qeQh_VDBpjTO>3ndR90Y+62`|GCHCAgS$d zClR7ZDs`@b?*;+bYBLz(-vbT=bd6gH1tVkWz}AbI&AG@(C?-%q%O4%c#k3ERQtC|g z0PcpO{0V~qZ$CU(=iayx5Z=Ce+8d9VomuqsLPxh6jSQ#j9Lz6@e9(629=#5$fXY&!YPWlJc^{o1h6Y+0b$=oeLOQEq6o@@#KbJ)Md(}OBK}iKld~4uSkAwiF-qO7zEgT{A zjJ2KJYPzJ2;zp0Bk=H;(Hud-j&=8Pn_RCZRkDI0`=IFky{g$DZ!=msyIB5;lZz~!Y zRvH`4Y9jIkE)79})1^7-?D_AoFjx#Zvr(5@TM?~L>anuKQ^vyr*AIPnda2&={4in! zY-3y(=YMI~RY;S=#Y5~f_B*R7TXq?ZvCh9Xc_oKAyt+wU_t2bu#yeO|T{3v&3Iy8s z51UGbxzF)~YnTFXm9q_f3M?9$u-1M3Q;)Ct!!c|-@!A(T7;#JX(m=HBOm1RC-j-#2 z5WOMAyrzc_3{Al1YJV*&MFI7j&FZ5w4c_i29k$TIn;102x*aw)j^0)iqBXMxuJ8SBHB;L$9@d@}Q^%OsVj`zA-{6ppN2@vww34_xXTv-)m)HIbu7>5YbzOadGJ+ zXMIV^Jha4=V0u@-bn}_ONzMBK-7Y^{>RZ;8pnW;{ID8%CR2EoO1YQvyh5s0^6zpZ! z?8zg3m|dJCoJg~ZE{wU*b>zxgEA1xyj$^A38YV?BWh3z+?2w3ZJ(!qtaLr<#{L2Dc zT5w*mF$+!-x|Z}okx{G_;wD#z^U%}Zx%SxLM*=>LkwwQF>whK!Y~Fr%I=Q7rDw7KFt;>>Lu@6)a8cE(fv zN1bJ49;y~Wc_AhTD&<_)K%(Qn*`NJwGs_AHi0}fs9bP&&!$z;rXCk7nbi#_buDyZw z&pe&atYMpWP$yb%S5>&qK_E9QJ!=1ZhO+cq+~~1Rfn+soNdz8?Wo2QD-5WeOyq~eZ z7}}8C4*~;`&iPms2K5sjCK=WO9K9P$4Be!_E)>aN^X}eZtxi`+ZPL1VXSl-56DX{l zbRxr|>(!cc-O^?bH3txe9&o2@2TE3h^JPPQ;3mnt_fgf28Q!Mye| zNF{9gv);i}k5a$Iq8jBd9;H-ni<&t-&3A13SN3ppa@zGF5hX#Yq80wd%|r@CVQ1c3 zK3kR6=zEc-lXV#EKhBgK@0&&1It3>mAGqZ&)ZUav)}TB(L*p-qN#zN4HyEm1JU^ws zy_3#mtYhU(b)~C8j%5P8JQE`=1oR6myn9qRbZ*u<&=9$jcLkS`GzhO?^HlhzY2?#% zQv1T9=-xCUQjTyWT|!oJ<^z_fiSV!B_j9G&Mhb;zu6{*N^mlYyvcVF{D=fy5M)%bi z$}XM61+lo_h^;-I%_y~+TON-joGjj%X7bt=v)pw-PBO)L2mO?D`{KqGc-pvw&vk;46BpdIX&E6~t$HN41Kjh~Htd3c~o{e^6crz?x8VxUNOcl$DJ#vlyr4N$c zk$VaXVQ%KRwd(~UvGa@&Ik2)1yP|=N)G$HPek&gMdQ!y|HCssk2-j4E%+YTS1oafR zJOKVCzXHHOmb(vD(_`)I-_=2MWkDZdcJRjCg`_!p#GL`6o}#ut1P#7-Q~+=N*={gu zw+mNcZF4nmbH=e!huzqa(lql~t``VMrli+n$MNpjJ){k<#?nlMg*J$Ki=#C&JTJDE zQc2pC5RBJS9YB%=Wk`CITf>1ALt)4hDAbm0#^!x11oLf}x7p*YNev32aB5eCX`1cn z36>Aqz;(yFMyl;CaqT8HH76iR9d5iF{3(fRN*8U3^~{YGVHd!z<^@(qn~1Mo9wt3&p{+KX|YDB)Z1*o`moppMi*pw)bh~)@4x|O5~KE+qA%sS)tAEUA*w2 zg|1=9uWi?$cckL638Z(PHT*5}X$v!_UnHpP+)C+jLF=Fk2|;e(mVg6ari{JG{6p~V zw-FG*$yhZ8J-yH6_A^(LYupE~`X0fZnZ0lb!sfq1dg|OPidMPwZ5)iQUWW1)wa=p3 zAwgVzPQ{28BTx0`zClwF-N@Q$ulW4`{-(9rK))jdoD{w=FNdr_fPG)NaARRJ*Bao@ zDUQFQK$$E0RU`4(%W8PYg+S=nsmssO7%K0FKO1ZyVB{5ei(PTXms5i(gZ>k@RkAe2 z>fs`LNT=->gaVo8a-gKPxBu2ak*H$JbD2ngz@snSS})YC$-lI z<}Aai7&&}{uDLIS)ZC)nj3MfIzwez5sbT(_OFDBCd2PVZ5!Sp2zOOmmKhWa?4%!iZ zl}&>@&%!-YZF__J@Mlvw>TG``n{zELW4XAHKpbZ@n8LgN2{{zD#O1+x&#F&;5TFeo z@t|iLHl^-Zq=&U@y@$h;%CN=osIW>OgW(drhFBrDG317FX#+zx%s! zhK+*wJg_&9$uE4k$JT=Eetz~ldatCB{@J74!fl!xKyQM{9}+(=XR{9_Zu9N$r}E3a_Pm-;Q(QJqHx{?U zu5`bZ*Gc$H5qfsZsfnoOt00O|Ioji`5VpF9o#G>s!NU6oAxUjz7D}x`e28B-D`Q>c z!>^zj)P550hrjIDUjawezO3w$fH&R@UH+$YYI(1d$#vjMXN8GR(ISjo?NDt4T_E0L z5u|oOJ`#J*a~hVanm^Od6__2nQt)EA#DT<~{=|q+SCWb&WN@$$VP(4 zMxX%4v^*WoCJGDlt4qEWV)tw(g)I*jnV^e|kvO>aBZpecwN+0Li>8wKV_01TT7m^Z z$2~~NeO+1}CS}gr68#?NOVZBHd)sAw;KZJ6EYpccm{f1@>_WvWwu9I!&rKS3>XyW} zr_e`3eALzapYZNEc*|U*o}ead-oQ6ThAWPV&!Q7(J@|rUk$qs*fjMNzQT_UzEl7@s z0aO&S3~NFZY&`sbb6#n7l}e&N3f9jwq!^3QsXx;bm>!6g>LP`hv~T7wM**E*j4Q0N zhTqPrHqdhvGhTR8YImJ36})qklR81 z(M4#U%8uimn4k(zxS!st#m-xWMI$A&XQ|X%$?8va{ZnWXjH< zHu%E)&&n~3Yiw|+A4wm_kEHMaqe-au(;~ER*3xea-}(o3y%$**iuzHzS|O! zJ&CJaMLS_`C~1N4JOG1>Hw^Gh3=>d?p2AU1nt5ngU#ePpPA?i(Vyn==Km0%>^Qqz{ z;nYCKo`P`I4JKXfLbK@?Qj%JS>!F2dJ)B$%V%T^Vdgj`t<&$&@+9ByEo*I@cTH*uY zTj%FTP#RE1!xYj_^;upL@$LivMW3`*bBbKuk$QaPm4yG)xiPqmjlD0C`b zGru2R&M^`5VEqi@g-aY85D-fJSj=abgcwIMT~PY{tzvvOPoe+w`ii3ufhXw!0Ws(S z|5x?%|B+0Z7&v+SEU}Zbf%X412({R4<%K&^PxO(~YY0a`2f++8Vsu$g zhOZF0U;G*k35d@|0uZr)>Rvp4JymPDsXagVC+A#v=G~2Fuw{K*X{m42nCA3t=54tLnL{(}S61~?|E4%29 zZ=NSTH4dYK_FAg%J-is#Q^!RWb10%3ELv^at;rjIV#CL@2rQGPYww~8Gswr%plZ$U z9ijCYDqdYxs4dPAYxWe)gC*!UKhTYF%2g*DfuK!rREe2KSGjK&D>n@No%nft>qY?#HE*J!6TLgnH6ZsMO04}a z(?iErbN#-n%0Msmuw(S>*Tt&!T~@PIyRPw&4byhZtF^|(*vO=gk#F^d9e*nB*JMk_ z-;6OmoBB1Pmhz*w=`~gsey$(h-z!szPhN zYO99jt!3Wc>G{GE;rFY@tOebQ`Lc4;V##IGzw=iU4;|w-A-m;2m&~sf z-0>U zk31Gn9i24LT<^B`2sezKT!4$%7h7^Mfj8S}VA~4aae>p81i0=@UX6%JCmzOt@_@DU z4_q3nqu{Q5nCvRwV#kmRiKc4k&9q9soSh!Ufj-=Qbe0xz()eY!+Pm#ZCm;P_2mC-8 z#(&v4op?Cxe!a9*)aujwFB;X(pI3Y~tkqz`UDb+i0>T)8Dbfz{vIxE(U(VU>8X0tR zx<)orWo}#{Zq8nnhH1R5RT+=GGuYv~xWy&BTB)9%o|2xm+6Wf8JiI=h8mDu;t-}2a zAe4w`?D;41PW2VCkJnAOu_)~CBVkvXNc`jxXP_V<{z(hx&MAh<^iapE!;g%~_gcI> zuRkf;2?^W0kWJhE``t2ebc`vym9k6Cu)G2$2M1*Z@vzg?MVG(6g&mKVZl%b!YR8|I zV#CGtm+yBzW>q@XnsYA0F+9;9E_ZG$GI8;-UMY5#G3R@10VL>t|55_(?iF1kUsi#`(iLCJVIW)bc3@V3(F+D+b%zDY zUy7CTRa<=p8BllI+*PN*SR{W5s?5hanMkdbrgHWnjYVD42hNKw?1V2{eHjwG{QKKR zWS330KOV+EZkZ-q2R2%zbDmYQ@qKLtW!%#8!aF%iT7>l5)=bR7cM-<1;zAyjAlor=*Sbpaj^A{=ju$-iTYi&lmC22nxTfDy>~1tJK$`xuPt!I~&Hb zJTyG3*WRW+1&?8NZjmQ%2ucKGLl-PK?lhrqo*!H4@-SQP4d=-Tmkzr$(FU>chq-(* z7_tm&{l9tK;gtY7{uv0Zm#@78%6yIzE$_XiR05LJ`VH|d%k~T7-oLdD28Z!9O-(x} zG3-YaKfG8)g&HKp0g9lV++h(uatnLU&^0!3<_3jS^3)9NotN7OR_;%U8)N8$pafW< zN^JyArx@TYVFDfcp+OA0%!EKT4U-y2f1)S)at;hc*vfztiuy*J$CLNMpT{@;aaBUO z8bwfj{S_wn60d7nt`pujCfY}~O1^0gnq7Is0_x=`ukjB@^u=p?GBuPy02{qY_8mc= z`EqoeoJMxlnf1G)IcZvD6`-w&$c1)_2MPHjZG|}F>ZEWS1>)rg_y)>CbXMY%nJW>X z2QS-N?`*C8GiO9K3S=e5$Dz>&mU~A6)*4O+d-OO|>E$O*#q;)@#+%HFljj*0r`_5Qq1DkMi}WZlnVUPFEeRuO6N;-Kfo6e}sJ9 zQ$mU1mY;I{7fC2et$x;xEi{uIAJBmnxqU$mPN2Q)yaui0V3v1;{m#FAv=@#OJlZ?Y z_!CWOS`yJ6Q_y7)SyK9pG^>sEZ3;Ef`hqZcU2Xsq;Rn*KFZea<-pkFT`~dix{4W05 zj+Kj2esS^=8!+IbU?Mde<~ztf zFZ(qqxLNJ7Usw1y&{om!2GF{-tZ@|A#2P3zxzrbt0gExJfmNe({m($=_21f(8-d@y zMev^GWwtepeFTjy0;B?N@0K7#6Y&XDggZR~^Cw6rfK&ZF06xp2%$tDNx#)25TViy7 z>NdK;5@NifQ**YVE*^&8zXs-HoHi~}5G{0MFor^3x|cVb`_#bouRV2L*-bSzrRiyQ z^vr+j863k`d&{)JR?6L2ZG4ey*cjy0G2KfMPBehX+Rs(p%Q$H?!_SC;wZI|4he|?O zDZGLzN+rc}2<4#WtKL^y;u_Y>(1>TT6M3pLr{-@c)uzjnbO7U`XQviekAEQKKO=j5 zVa!_kYN!Z+&Q<=_Zad)8vyD1Ja6hzXNH zRo--oot;e{71cirHzsnpj34qB&oK`WP16X-vSt|aZ;xQvwW%~os4c49jn8At?tE6Q zC*7U3{`fh!;?W6U(8(S{mEy~OIE{Anr6Fs*-D91sA>8Mm&j7!&pfH8wm%Nu^W%8cRdnQCEg0J}Mw0mG)z3R8PyaU_l$Ph4IqG&B`!ypYI4uE;r_x8$ckQ6S zGtLpc=}rxm*ZMjIF*ta&VUsRYHTyZ(2nxf{*m(iqKg^V)Ufaw&(wW- zjZ@xw&-Q|JWZld)Q9zMB+qFDg7?*LuPNStq;Yb03V{pN#aYn1g#dJ zY)WB@76k`()(cA3Z_59<0bXC<;2B^XiVkW!1~A@-IR+f|@jPU4%W{3lPm}43QAp2#zZQ6<~|M5P{orPWN1hetYB^M&7GtEX@9>TeOgV1Hn2c2{k^NcbS z3>8CbMQ_8yW*MM`eUCo-<7d#Wx`3VnmY z8SmZ_Yi)G|ArZ429Xck!V3?o(+rG>h&Xku<_OD2WNuB?6>Y}MXEHmCDAfJ-1F+hS+ zA3fo(;cps@(MU)+=a#bT22b45Wr1n+nxd@N{8qQ)QYFWlNkIR~LT@|}wnZvWZ`r^YGjHZWaeCV{RM zN0tDCbw~6K<%F9_kn@O7sj9xOZ~?QCE!W;FR*p@ z05n$J3z7cyB@TC}4j7Wp2Sw9L>b=UWt}1LR#c$oyHGA>$HMkzb6jD_=UGRiV>9*>^{LJeF@;{I1+1>z%0$)(mC$P@u@gVrldF$ zQGacYw3-t-VnI!x$tn!&!#Jp6_YJT(u7FRc8vR=Ak;$4w3FGr|EIEqHrrL@(%++A~ zU6+KL!ywh%vMV1W;iRZ@Bl=hah^MV{_YfqFQlkA}RsrcbHwD}1$#q3F%$aT-Kb&%q z36gbdO_*8!oL#2|g|4#gZYh;R$jf_lQ&)?kzOYaAuK4!Fa1BHK4QX#a#ek)M+`6Kd zw^zXTk$(xg4*cG#yA{E&a_9Yaq13cb_FBcGcZA6|M3^ZDOmxAA{jM)*^a%dJr)+lH z_$wRHtR0;>7XcoThlj<^VHBSq2q+d0QecY)SPv*GnW}&r^iIHr#X37wt+Z`(hemG7 z5YSpubh3P>ay)yxD&fbH4}W{G=_;^gyTggKyYI~fM&ROpqoT|5;0A#ZT2FTO~A)3#Rmy-_{!nIcUDt9z^FBa+Xg!0+LL;7$AQOf2Gn zzfrZ_5maraVt7RL5Nx{EG{wTSLQSjwAJ^=4qabTBGl(q?_SWd+`B}<>t#iV18tr>u zC`#Fi#in8p{e|kxj(zA~we(Fg%~O31pOzS)J5;Bm9RdDy$S*?sQ3(<;^@h(|I@^1i z1~x!VLF19@Cbd9PL|2*dT1LDu`B$X;9~{G3LtQ(}0Of$}Z&$j^GmdM1Wh;=slETUJ ze#0*&E46nOZ2{}NB{~f_5^kPN&ai)y>E0N_dcBuqX|^)jJ81D0L`e`V#OZ|5PKI46 zMSg`-Ee+NY1~NQEKKX5=FUkok z>1lE^RIy&e#>sZ#sRI*3&Uo-8yjy=vUbRD3gu#9+6daVx$j)g$GoC|$TqwGRE`<1? z`C^|@J!e|Qg^!i}JMGG(u5HQlicnYu?$rARf1HSpPaWR7v@!lJBYOCe2FBl43t7aE z;W+TsIrIJ^H+v+?wqN(%7M8}BofnY@9)D1LM~q4bkD4R}z>|qJNsq{Nb5ccF-bkowhdh zUSea6I<=S6-pvjabsOClbrHpa96lbNb!HX#aQCuqp_-rZLs??Gm%+!0vG@ehmK}wA zIOb^{(SLnrI>0(MmYQiOr|PtWPM<33+gZ5Ju*Oe=6mmu>o(A2<a?H#0co-S55S zmyJ0YUw!*~m&}D{Xqt|Zr3wzM67FSM?ru1;91X0$8XJF zQ5dHe#%mGp8o(&>5#9Gfi?l+Kpce1)Bma9t}2H)Tm zShT$ZS(ttMoCupvW+QYcLpK#*TI{LndYtjdt6SZ<^Pols?AtYJ*MWu(2}VcEUcw4929_$A+N>oS zLsYLCV;=pkumgDm{0!Lx`p)0k>wL+w1*>Q+2%lWRX<@_OS5Vr>T1hJAWr}&ve!6al zak9qqh=?HYMVEAPYZpF>t;QXNZnt04S?4&R0qmBBD%$Q{dkKf$BtLYg`a?qExx=7w z(!m`qwxaLQR9`=>X_PZP9cqAD<6}UQI17-5XWdo&niV7@C+O)#1;=5aTnW{jfge)e z*E_xv|DwLHt%|8fHJi7&`tEGkW|IWwHnHBW1yO)sxGiArxv)k(dQdBFs*{ zURPV>FuE_ww=dqke)ak?TvU?X(5z(<>Hz$9Sj$@#WL zZ!cpW>~~MAP7mkn{w%x&(WqX%uK+0envI!*808MvNP3OV3 z8|%f}V5hOifucWOhn&%utOn{rb+0n{8#Gl7o1W?idlY5o7${uELsGh1^_&wrwo}kiXURK+N)X8@V$cBk1bSrm} zVW<}FYN4%7chzG=J|%iGMX-O^%Ma{sXYuR?8XL_5>#~^fddg(BPKj*3l2`m2ba$|J9qwnJ7+7AfZ9|Q&$>P+*{XYr?O{1q1Z_Dw?r3CeGS#s^HmlwS?ymN(iDI$r|SOe1aYfhWWx zeRCp-VqU$WU-}evb96D}XR3t_r0ouzHGVmoz07rl8XEtpIUX$jVQ#`M36~{X$NG>h z&3Yn%#G8)%*{Yd#G@Fbo=GI3gbGtE$ID{D&QuEz7azpP`YbwCLt8;m7@4hJJW7f5d z{gqh#Fba3PLXRd#gILBvY6)bDv>uzgF-G$M5r=0HIBGQdwVrj)PBh|7?uVu?&6fIM zDWNB*Nu40;9!2(~XDBkCQaBtfK^DLq06y_i52#>&+2?y9a9D!_n_($iTw&soVm_iQ zQ+I_GIAKV=e(>kH8jrMTD8mT*R<67Ji$eqyn$9bGQiH9mfv93&C%0ds2jxTCiW^vN&s za_y~1Vn}lUd`>A%dOey_*5^{_9i5f8VHO~>Q={qbb?0+@QXhbSZ;Sde-!yn&wej+C zOQ#$J{K_&!_6*Sb1RTPv^9SG&M<|GIM0JBfsxDa&;maz&;|q*Y^5w-^Tix@9bH*)J zM$PD>gh0N{2wu5HpZnhdCY_n z_{Dko_>#Q!uGFtgqi4~IZwPU0bZ{Hs@;0y_z@+&l%IytF^RyA-wc}l)o%l@>LyRK{ zksG=y{7;V(%$I^@L!OF9m3A-! z(a!E_JNYff43U~Y5U>JvyDMfLuQp{}&PfQqW|7M<`zn0_hfi%bq#!b{)ReMnXtRnH zwK{&1rilwbd5QBw`sZW`83Ex_Op3sZ3TD0R{Q%*)IaODthwY3aKy@|LP5PLA>D>vq zaM^S`+De;X(-G=V&k;7V^FIm5PwJnUqxYM!Y?2P&{AcHz80U{y1=j=k(yviKgT+;^ zFyaJ<&SLQg_TL$JXlvw?c=Ns_YEvW(q^6hdV}4t+>WY=j@!fI^wYOCd6lQh_G8Rfb1?VD#<&iBlG=GJbd^_S(pyTTi^_KywhfF>z2+vn+o&Q74wBt1+#qokY`$zm zJ%|N5WSQdzXF7~`$8=^4qTfZ#%+0#+lUt%+T!UWyisXIr z1XW8V_WHU4{t}UtlIYUATTvDrOhVTS%R6HjwW~(nl?9dlh-jYiwX7BBH+DC9K1h1d7r#}adL9}#UT)KWCaQgqCzfDD7<@G z2606Mj3r9LpQx5vR(~E}XaD{E*d4ovz{WxL2*q8PwqeM%+^2uvW9iUbhEsRC}nSg$jF=V_;nysNLF3WvJ;*%1jVHfX z)fm81ZlSm*wnQ;u*6!X9jpx7yvF?m!Ul0?f&GJJNe>lq6F zAKrc4#C!rMb)EBzOHyGFQ47VHja0@gqfhC=K?xD9>OOjPWU71j<{p3YPW*iLLFw4# z0#`#Gb$V6Yg{t0%Z~mj&8Y)HnA-U`KviXY&xf)5##;V|$RXH^i8Ap90qg(kWmj!() zzj6RiZFf2YMmu5`;yK@JAt{Pry+^+T3Xy4_zx(LdbE9NH0gfN8@s}doj&SCHIa$k1p|f8eAm* ztSAa8Psn@Tq{Bo-ENb%@DR3K2CjA%;u@!0Bh6Bc*A{)rzdv2SNWp&}H>mQRCSnn~0 zL!_J@Zm~4o`S`{Oi@{x~aM`5~J9p|B+n`WF$_@-ba#Z8*=xQvRM8;gP^8V@#yJxj} zyZrTbm)jfNgI-cc@dWxZvxxK`Q0&eEB;Q8ltj~*fe(5LSh)7;~UF=WH$=b&L#p`lB z&O_VffEst=Is)>k{}SG^-&`rq#4jn_4~N4?5SV&-B=yRO;617-;~^|5c2UE*#t%sp zn1dvpOjJ@x;xHSn_m#v&^y*_e&{6j}?pJc^R&+mzbwmdgw0F!&C!(|bcjvmFOkvas z#YA&@IAu>11g0_v-i<-TjkCeh!bcY&&cyvP&JRAI8g|e{d$~UglL+3eE_NMyZ<`x& z>OxudwHtLMH14Qh6CrZpg*6@6$;Q4nc6R%wrk!jhF4MQyUKuMNSjYU5~~ zuMr2_%jFFu_Ez-)N@f8zeoWs`k!jXTdMBRS$AH5H7!XrnryG1W(;?!Q(uq9)P&XS^ zH$R;6Oz&vL!gYl~k7k*;POoFkF)AFnH+CJVva#&@YYN$|yk*1N2Dnz6eX65b#$?jl%ZP?r1O=oM6_Em^&|0l$ z1dW764S&Gy0Ryp;aw>PECnN>b40v*!%O_47Lm=Uhg1Ta-bm5%11Um*YByNYQH|FmO z#x95j!$v)zUI_Yyd{H;dhjZ}l@a&3p7|ZleVF(>{62~6us`yfk#$@9fCyy!DTaXNG zyIElH*ak^7si%BQ4I@W`MjDYq3P+?1=N=LJRJ$qr2*pO%t-51}^dV5Q#hR%!rEYp~ zq8{U8shjS}*+n?ja2nZW-dk^DXdctcyipoOn-2d@f{xqUmTU3!bLd`lZ_LKHGrYG0 zx1;Cenp=Hy>k$D&;-)0dp66vRk1l#A^CvORY9mA5A~ENKVKAy4e$;15H~}_)gJeZl z9bn-CA15C#+?tozU|Kqg%tRYF^$mlQhr+!RCj^`i2*cA9tb55emxAfOsJ4R^rJ`bg_b zQq(I6B!$<}r$4^k3iJ*=7!6V3L+a|OrKe|D`iBhM zZK!D4tydNgVAv#2<1LZle$lswLZk3iBrrZ93GY=*0wFFrM5-^T`h&4-)$nv*=jd)H zTh7__p?Ap=Kt6BFYmA}T$xcAeeohtdt4`n1rMo+944#59in=j8{1Tn*E{lbV1$YQT zI*x`C5@l53AZ{ZxM;g+Lb1H_2mI@0` z<-WRwdyR|~r-isa`}9ug7kD)6WbP;%0+t>@iHh2jlSMt96%CMaVn6ZwG#HDwWhw4% z#;X4qn?_WJ^0k|_Z{;_Cpn(tNpleQegml}NR{v70i<;vvmc>OrzcYzEWq)+~Z8%gf zmjGJ@46n4~!NLF_hI)j*vp<(zf}W}8Y2YbM3p2(Xf{`0?q-WB$65C#}$+7eT-0E{q&lnG> z-A_)6!uqve03*LeJM#+DujR_m{h(}`ZP6S&ef}8%q&mtD2&SfEd?CFx>?V2oQOMBE z8rkw3^|1(orG=BfzWdDfH<}6tF-5=8p++UMpFSo@FF%nAcZL&7@DxV;r$Wp+zu^?dcr{FY>|(}5qWQ?*+FvNgm~Q#3VFRJp(IXv-yPd)*)Ge>dcrZ~VK;$2A zw{Hq-AS$|ix6N=J7SE$E0<+4l*|UGMl9%t1lr?5xacO>Q@Oum$4kCWBmt_`v<(r}D zK72sXm;)JG6(v4iRU;<>s!)7xmlo?IWzQ^nIMh-h4(;oyh5~Ou5>_gl{UQ4|BeU4tV5}k*{KCj^$?+ zKfce&I?@JzjGhe>FTl6o7`2;eKK3uF{WyBo5BwP(|K%@}SFgW(Gu-J^t)_N-abain zW4YnLovHn;P|NFZ;#vma9{bZ1yt5|r>zXr$v5l50qUkO$9o~~8y+IKVxlqBob5v0`?MP*2S@-z$@}}6A%j_L42{{Jj z>~)8GNNqGgb6wofk!EF+!EM__YFwJ1hY}ps-n57?KmBooaQ(2Lr&1Dv81oG+IiBmj z-}ki(4oyyo3}bw;H+NB(E)k1oVu`5y%nvhFSN*p!HX+5J;v<0pzZ9}NIA&J6XKsCK zjh|!rm3Ak( z&6;KFI>U9|M2}y%EtC>}x5DE@s&k@O7)5W5$rgp2h*P?pqp?sV?d+yp<3JgF+Q(A^ zKWT%>a;#Z<+Y7T-K&P;e1qQv|{%5CGhXEBZBR_?q z84r0nF_rskM)l4$6{m_wI5cNFk&$>z`4j?<2CY32C7?j?PL=iWW>yDgVfQF9%-RC| zt4-L!U++q7VwN=#ADzSG>Ga9>>##X`gpQMI6xk7*F-oCP_#BTWyFy>JA!~bGwbS_9 zVCM6v!Kio4xC5`_l{33!lt5uPnzm)T#B!?1^(b6Ym?OX|u-1!1Heg(x2HP|Mmw>yS zkcYfgTG(t8i|t0|*^Jsk{H*1^Hc1%~(4gBf%l8_MeQUApbEX&YXQF_l4kv34S2Odq zs53%KXhP{=@I55i%71DtgJaQNas{)9BY(sNpLmH$Tj-7Gmm*fNI2yb?9jRGooVRx@ z`eK@!<|kP)I%nAdc@d4pOZ#SXC=B``!ftMx!Z&PE(j+=3moI6Da^cIXlG4%)i9TRP=TkdHrWybyWr!WRH0ktG@Ul}oE;on-vyADlYGTyjXUODV^n-TF zBJn?Y`R>)*_a_HEWdENwZ+AJ&v=^asv-wdTK>A~&Vgi)X3&L#D-MKp-Ygk;&(3!4}YN3zo%tnWB0o+igfX z&M8+ZJw0mtj(!cA#B7Ij3#b@@r0C=km{7uZ-Kb4-p%LJY3vK)$&bZxivV zfVEvHcd?w~_mYk-9x|YAOWKqB8oBw4(+6})%`S|Sup1i)?x3MeB6ag2Ce=J3xMX(< zol)}hqP@$oV7ku@+{?TB@{fa?uk+>IkA;2CsUPjYh~~vPPL0QIdzawYdmcKP%q&Ao zFIeod*g5Q=r*ZK*?TIIBZ~NZ{wOWf+ZTh?lUv= zR5@T!P9**Bv{ooE|4d85ueBn4oCRUGa&w2};6AIt11$zSVqJDmO^`~EBX5v+eEcj! zU$FahuN}RsLi@N{^P{w`qrT0Frl|Sns4@Q)`pPU@U1w5E`<@ine=g=Z7w@LL)jEbO zZ&b;g36~w1*wC(70d&7G8K~TC1%5f-8%;{)IakoiRuF7T31;)uS)*(3@0H(vsv7|7iX#jCRN}O}B zFbkPQQ(~TYn+(ubH+p$n&ESJaDM^HgzVK#p7HGAB0_$TS9UVPNrJDguTM6@@x4#77 z=RE*T)d6_OFUyO|!f7F*`P0kA1Ci@>MY#%_inDyT{VDNHX;D?<8gn4js5D*`Ui>1> z7|sh*P)*UwGrgE%nD(qNG1>~bhStAS#XH!>YWH-_8O%~=n!wGJr0Zr{vpY`AjsCyW zk+)Nw*W3%lwNcN;{~x0wj|>GY76V@q@>Q|ioNt%@j;%m8z*{77ZkuIJj(X;DVZpve zpMd1G`F{N<#nDC}`ydwuyvnG7-%zw^02TCO+D(S($IPxPSx`6VsgsV|k)e?L3weuO zoI(TROXIVj(J@#Zk` zT#l$gYEQpI+d1vJjeC%*W;~T1P^>@{XJ}(Ex&7?DK8Itcd`|qtnykblRj=X|+NltM zn#B3RQ~L6@@jS!EhUVK4OpYCLxU2FN4af}{@61Id#Wsi(_`ZyA&GEDj!}=8|2cC=? z=X@xzT|>07S@%Sqw4cKtuL?FW(;C?NiTKS5A2HN5-{*0Aw`(Lsp59{l=X&Dcq$1BZpa;Z^CMnpC`|JVsVXk^Lm&(PP}T9$s~E|^MME# z2@^<8SQ2hH!L7ay_MQafdXZkw~MD4?t}HCzQMF__m~A^6LlKs4)qPbDagT3F#O`HgFZa z^m;00n6b|C7<0GWh2jdi1(!~T8h3}23I2sOWrk`!hM;q&tJ;#Dnvntp zximfX)r2a+je*yF_;sMaX?5Do-=asdD)U$rh{^${&?V|PPP6t{qUc@5AE$|aU2(s2 zO4vZY)e*WQ!IbOyqx|d19NY z`r|PK zqueDPmd#|QH34MO=1~D@=J0OoQL)ZqMY(V-=1DS8v%Q^M2t$|ghvGC$**`92z9??9 zZB6=P9CQV80REn1Ew}8lYP`DM;izVF$fjz)VuCW}di86wR`HYQIwq^UAmLiNS3H{X z-J1-OrLL<48bDw^r^-gM?@H@QRX0@0P@HdG-??n0l(X z$Y-RkINlY#M#`cI&paaaB3S2K^+_N)#)&-#xLV!oBXv!64P3f>nB*y9dD4rp>BgdV z4K+Kn`sOlUz%}VcOMBo|D?5UP)s4^U?oH>)_>O4dSrA4=?#}K4DdMJR!b3^3L$}b% zwdK0AvptU|y%Sx1ug{G{y_VgnzJMpes;PTVw3D{W?z-I#n;niaeJ&Q{T0!1S(Np%e zR_81F_`_C=-+kw8d73V7XcyAJ!t^{5^M|{buug9 zrG$56yS8uWClOGX6^)(urL?Ja01{=apv@mUeftx%ga$CR9I0g;IkCXjbWffZ7unq( zKWB}Sj=Tbg5-nMXtl!b!2 zYc2~f*P@thFVevW^QE%`DbS$`1RaM=sa^&<0q$pFEa;pj$C+G(8V|6qGP;Wl!KNvdLP7`ULN3M!!AMofaLr{ zPo4jHQ}qpktLz;j7J;31Pf?v@NN_l72pliW$#=yGJZPdPHHO`OpvT2-s;6g484$t?--QbXiHt zzi`f(L9~`buYl21t;1)Z?waYMvQ_-BC)z3QVW9jnYWQDc$J0Z*4w3pGk}<&6G{uhA zp+&3~O#)I@(H4H*t=(cLE9krqJqJ2YjJR<0WQ=DvFOHr*B<9a>f2Mo)biEOyL_9hT z52~9|oI%;?p=*Bbu}FW61YegI2qF~WvHq$p5r4nY0kar)s&M1gb@nuOc;8i9mV{f> zoV8*Pu+powVxbeaf@UfNuT|zy;Dl6#U=n;UOAwBwte36PjI5)SIW^A#Ap4Y(Fu8m4 z-(IHMDGFdEJL(_Xy2q;SHVU9QOe=(1yT89O38ygg1X_b=2&+h_(3n}1h$|LU(M2hc zkLmQ#>hs{D-Q%R37Spk=@~md)pCBd)R=xywi8D z&=ec=5PPPj2QHWH(t>e~X>vfp=W;YS&{+5JEW@ss+ z?)xd?h%LEYm=aOy9K_D%FWYA-$aYm$Q^;=K*6TAiid1&Y_oP7XFBesF-Z6mIZN^k25E5(SO_yYGI-d3#P~ypD*`&L zFd{s8yyhv7cBVEedbLf|za=%SNX{q1yGCEQ|1<5Y6N~OeJ5#CR zc$f^2gJ5}Nckwnr#1TX~_&)<>S~LFRTvC*@Tjeb(=WABb)6lG9&fwV&s|vsb!;A(v zjhO3iPgzpCt#tQ6ZY`0^g>JSG`|uGOCqQg_@??bg?E6`pAKil`Q|`gXBGQ>WOs9v> z&v2>f@Y(b^z7)@_3db7(UCB)+5JzzJWk z8FnBuwd+9bf&wJQnqXmUKw!8%@;{>`I%;?{{5Lcn94yP(0lT&Q8z8KCm77aoUk?1a z`qGXIz%-C%-F%N+BrV|Wpj$oMy}5n$6vnq@b!Da$B20#%M0+X8=OFfzei5y_=};R?ZJ#dNCV{D@Y=T+XG6#0J?U24m8<#gQ z_#BAHDKHDOVULppSMV{EVc<|8{>bau!Vw;9o7#`ma;{QtO%Eh%@hJg;?PQ^dTWx}+ zsEg;X1#@(?R!CP!bYM%XqjJm$`d(lE1u|BsxTMr`{+yKI|o>*Fj9^r*(a~{5ndqk3$$`X4e zr$x;boEi}nU@;et~tSpSqf#p&-e&2ynEt zZZL|Ne$X~iYzS3jA>ZLKv^U&Hk)NP)!u$$ zm7de&rPb4ut$I_`6D0d%fZis^qSiSFK}5hDye?XtiETC~=Z0BfqmrslFIe%AHPTbN zlA)tk@yAKT_VDfa>diODJps%x40h_z8$p_fX0tO}YOK%h6tqLxiQzrXcn9ulMR#!c zOYR_b-zC24pZ=sEA$^xk;|_rGq(CuQXz0-!Znibh@);&3Qy&6;(}(tzqNf@@!jrdv zd`q!uVLXatE`iT^FhkQz=`>Iuc>MaspT9oNKAarC%T8XsKkld-JOESMPQZBfF^yCJrWHwlQxF2FhRHSu`oi+y77jl<$AMi z8^;ZOR~B$VZK$But&s(c{gK6Dmkg@qV$!sC%VLmNqGmazqFAfcK-6Va4ga& ztYj^bUi#=292~_zaqG|O4g}hqN*_PZOORW^};xyW?~mL6`s*U^VxM4oGUUp7*AF z3#P=k#2QxC)q1knZg4dCO+-Ow@8t2gqPw3Ih+O;NTPAYro+MX@1Ng005D$2iL61uw z0qtBR0#b|7vG-Y|zSc`Kyj}W-?iDuQojfUe$*|jwoK^S}MNa+0mkS|{^(7?Gme}2w zmei6yledip=4~xzYs~acXBXykL+NTyNskRx!@|BBkhP0?`YykDNq@hkzsJ@gOa^4K zXwWyvr!=h1Yv{c#Kn7~6fhOtnrrGg&@vfMEfvF?UJt8ShcX*%&?rB(a3+s5IF(&2S zr~h%5Oa#*DZ_Y;UkKdl@v0T?bBu}4_zxujL%udlBqB*#C4(79Sknf7C)Pb7-ICcHn z{9=s${;*5HfUcJG!T>^V=dC#HrGr0|WeKeIIU6CNySFOiW{mvgrDk_dID4ugZ_$J5obSeIxh{mJHNJxqp3R>Mq|@Tm&{;Viqm z@GC{QJEHF}r4)dWeUVwkXf1kguoKETa1HSOY?n*&Ae(xvc`lMGOSCex;rCBqDNiw@ zS^ygBVNhXt?p9K0HkBe{Q37dU=f=QBu|sqK3`Gbj-&ZAUNk>aU@);Iq!t5{jc7n46a*+*gKnmj|&hf3Y#0abbaO!WHCpY^xweq*x*s{C6< zO@81v{o=*@7i10!WF!ZY@%u+bivL%+`I4$f=49 zyxQcnBkr&#sh!l>;bd~CJ9y5;6)8X6voq2r*c``E-h-PyJqzlSO(?{@=l!;tNEZi= zQxk;<0X%$mHqwU>RyZ<0Gq`|PJC^jxQS!{(kO#8KyI5Y;eX?#gR~H`(#AKA5Zn2VS zI$|DLuo|&Pkh2e_l<)nKX>>f4f<)Ha>D%v~$G2a>F~1tx7m1NTg)sXpXinIc*6TT8 zO8LDZp9NwjU3B30-{Ug-(xnQ$+xXrNk|k+p4%0xpouWs>0sM~=Ih$=CBjnLY+}3D) zA+h_>OXIA`P81s4=9Q1l^*;-(nZg%Hy<$SsHQ*R1z&Nil-c>MBMe zIwk94!bfFd=j?TeBvA>Mz@DJc_s*8(Y^&}3GP%SYh)6q;nz*kR zumE~Js!#H3=dZ-DY_!CPXyK9nagTFvJM=tBD4WRdZ8{NA!|7nfzM1R7_#&V8D zY^#NPoz+?K85}C~B1VorcBqbV@X9>jIxBmY3amxTvWK{B;Ro)fE=bIgx!6dOj>(#N_2^gTCB-t@oN{` zU6Wg{A5G6q0glG4OaSX;mxa$4s5F71yEsMoisLQB+@3F6 z=jTHxj{jm|5OM$twi(A+Gt=<-kr}^hN#pBvRQ~o9*1=E(_(&3_IzRemy095sDQ$-xWl#JF;i^fuO;ksMih}IbQ;^8WKvj$;_AJ zptjsDlx}~wvCA2AVz8>FC16I_#y?=wG7#oyHnkVjYrHY<9J9k-x*LU=CMT=D>LSd` zXdg8Ira(Eemh)3Lo+>f}jQl++iH(#G*C*Pf9Ncgk&$1lHn{p!Cy9FxyqelsMM zB5=xtR-!))kqL(G!8_v$N=63S;|x<^_c&(O#l;p=Vi&g?Ov!)*mF_Txxq1-%EK{qT zQ=btq4%lm^-UwLUuptBYdS0X+DBRw*s4=5nTX&fOudQ(f_2+^wCr8(Qe)N3$bov<) zGyMJ8^eN>AViQOrBTco|2qs{{sG`%dT0Nt<&$lMOLwdel&nds*7|j#L#r8bG&&iG6 zW#-4T=hxzlYwIY7;B~9i!VH;Ua%PC^)wl1+2PWJY7zEpii%Sc0xE?2&O$$3G?<66b zsLQMi3h+y@X}DQz_KZQsS`7%#-Q~bNEq#N^!BEWPvl(5XmYq^n1@yE#&B&RU0`On@Yh;nwPv- zW6HMqrHs;;a9RLP;819;DWDQ=j+DbBEieW8`|J_94b5yo`NGBCFYnl%LRrxBM2Y}+ zc8Vcj;IIrL*;T1DrRzkX&Z{NuN}XJnb56FEPm`}$e4_=!QJF=_Cav;24xi_00(@%; z8YXk#d=Ck#?+`{%9AL-7IgDM(3&1{cmI4A))N;zv%JKG0(U(VP2=~IgP-rQZ4X}sG zZ!{jP-DE(KazTY}5=lDKOfgS3;$vaK)diizTy{s0F@h3fn#{5|$D;(Qy1>Mh#T|wH zpXcQgw+exJ`@?&E&jE8Kh zMaVigg*bYsVz-*V_P)l>YFI`8+a-&te( zr9dO?O;tB;n+SG;A~m}H{tx{wm1`-v3)|5_VI;OLA~~d2a@iiVbhaQbm(I^>H)60X zOyx6R%LJPF3TCh_D7U;xBZ^O)nL~4#OIB3+SZ3LOC=z4}7~5PGi?ONa!QsbCtO9PX zY>9O`Tq<|U0oqWK0@OO?AyX5^R^T#l0-Fnai5kMeTe570dR1~W|kYvmJ* z+WO1thEny_^iUCnx}lUTUcR7!Vj2B#WM6>T5{><(b2qI^{|w>|$x2 zdt2_0P=UI;b@CH{v#_X0ZYIbtBRwEzeb~bC+9vSda^Vh~GdgoI+KckMX3tZ=`NmA6 zNUl(Kj*JkrBd&yVM@xMiUX>*3Y1pt2FAI>C>w=jNH(Tb~6qm(J-@@dKxk1Ns%x=SO zMf^bG&-Ms6gGv@7 zlsV`=a%rX(?G<#ZrRYakyhCRXa#MRDIcjJUjzhww)74-M%QBv1mQlrz`+m{rWu zsHQTBu@D#~n7`fF$Cj@-+$M9=c~7hoabfh{9lw7Ou2@XW;1rMuq(R4VpO7@NB5zaz zbYg8LZ&QqO$*3fIFryLCH6Be7U87s8(ok9ZW59dNo?VaOI24)yjTGn@C1r8q!G#HcefF5IX(UtmoWlIJ17Q{kw={!Qk zyhe<(Po)BfJNZDIGoEVXLsvBomiQcdL52IAP>i0>H6s18xW)^xMQ3VE=cWQofR|a2 z7k0vOU0c9)*&>VKfh#Ff6sB{a4Z$>IQ%x19dL|{CUZ02dqR1AEns^z^Kd#TD`-CZJr;QQ^KYN~hU`zBV+5^A2(o zxk?*-NoH%bDau%NOWtkPBPS(n^0Ak7lyxuuFDq~Eg4fega(^a>brSMOnQBu&pmGRaq@+I_@!q_Sx8~O zF33Y*%(?|qt)Nzlaj$HwyyJ5wj5u4ixQQrWan`b9-f?;iS7bu$L@{s0b&oC0oMjqe zZ5x$|)}PEp(H@{JRSaQPAvR6EG!+pS1&EPLLUG4yG(`m1d1aPQ1$}%LHgPFsF8~v_ zGc?H^z}e<1#q2@ZG~1#%c=qJkKK+UrvtSb@@WFpPeg4_ACoz}+at2KM^6uc-<$sjz z|NNV61k7Q^x9o^_^mOCfkUJlu4~^+z@IEJglYUR(6|g`%&Ntk#H?@!%j7`kk+CC3` zLYcl4ANz<{2I`lyU_3D8k))0YLZGnR`dGubSHkFH{SzxZitYfN_I!Z>z*+4gEfwt_o9$AHy5@~x>}eoW zgpx(9l=qCE3K1*ddD+{4phUUMNz0$tsL>n;OBI^60%%kfoNOtJExo?D-=ed}eYjsf zvK3?Y_O;$$iaT%Nalu_-t2J-2Fb9&t8()57c2uJQv>x#i6R>0%K3`d86Wn1c8CYJ% zdMnD>CY17C^$F08?|*?@^bh^H}uonPRi zp_`vN2#b1CGlsQB@R7hsay%f?HcH67kYoLBnz;J=?#@AHfmpJ`;Ba@@iQN-lXSlQC zfa`YBuVh@3Cmos*sM6cQdx5`enLcj`YKdAGkwl^9nL>whNaNsol zhO_{O2BDhHh>)ZA1e}}w?J*J`_lp63Ht;suy=77~VXGJ?|L<2rY>2Nu$k!IgB#bW0 zl*7X*YmF{k0+Hh{JAzRP6hK|GQWqfq!f=qQ5M86JhXZ(;kJSCz;nDYYh|-l)ce{2_ za_xF@EeBV#hQ4EZ$Hj{5)HjgTVAa@Yya|Gu_aKYey8VVWX?b(x>G%)X(I-3OpYT>) zI^Wj7qD9xjZUY{7%AF7FT+`}@NTfv3EL--vr}SPCTUldI-R|@Cth}Vw^0yiN*o6Hb zGNJV>=ge;-EkK)-XV7=Q_33xIuQUf^yLtHs&|oyD$MMH5R-}(s0+)hpoWS$@Lae_e zvK)gs&70}}B=X)4*S(tg!_F!ExG(n#l73}K{?^2@+r)qozI!%^C3>Lxz}F!iy^@ym z$04#Mogj@J_fy-#N4V_V(=!t}Q<@m`w4AxJ4c<_!nd47UiO|N$_=N6&5SUSh7Ax-d z>p;i&k*dS$rnm1?K4mlCp(^vi-6ZCdLG}t>190YJ4Fj~qMbY#zI{0%Lv%9qj)$gWQ z%l6(ogrsfUx14X}f_=y|8ZnyY(${zCl2UgZWL_QF}JJay6wYTxo3 zXH{7|P^Hui$>F;fCDLk5%B}>vnzpU5b1suu@vkli^Z+{Kw2O~`@c=%=%Sv?f9#i1_ zM}13um+ILe<9}Z$jx456-4E{m6~`921Rsjsjvt9IT)1X>SBK5^o2`+w`uA9Xe}knr z&?-)_eQbo9L{mmJp)HssT~Vq8XCshMHpn$WdUn2}^zu%!iewp$QmC4H=c7(%qB26J z_Xl_+qKZ_PW!?B%ot29;RD+&TEHltOBY~c>4S)k^fiLr_?jay}Fyv-Wg72SzE;o2`HOatvd`2{=QH$`Oh~FP;t=#~wP%`{m6hGCJN{rzOy@qB#02G}1*Ia! zhIb^s4=5A0;5;(=h|3#!&;H;xX9M=b$5k)*d>i>lG-oH6cRf85auCn_5oL#5*D04} znXTBd-S8kAnvEqo4+%J_gN3o&Ge$P{#x_oKmtp`e-rmWD&MqC25bXB{VCwE1yb$c% z4SG-vXi^hhrrt(`Vip&NLTDuL;R%6@RmkL}q3syG2wabtquDa;LI3dR-blN_}a(Y{W&KX5(o$L@r0kDgmgR|w4|?WKyZq{KH`r2Qdpof#{~fxJhLl3 z)r2zI(4enG`fVRs87T*jtaY$4+dpMLXrB9zYdbigv;(VGQ}@R`tqdxSY(y|a)tiRH zWub7arR7+NcF?u3JuwD6ig2a$Idsgdoz^K_WKWLn(y~h;?{NdU(3VC>XabnmTz=2i zHi&Me+al?qD`Qk`%e-kA9LvX*9Wu;EzrMM*G%2CT?D|~Z)F9Kw1^RI>ZM!`ZT$=#d8{EFR=smvnRtRs4^(~)aaPH7C238I)Pga@c<3(onW&HLYwA&kE zYky{>M@-2!4I|kwB{*YKl2xJ)ZyLRQU+%`eOw#KP?>a4Oqo(@EZsSc{l$ABq;0NIN zdx{fz0PaTB_(PgoRl4f_ourP+KXDtnzD3a}KoS@67)aaYTLHd)Jt@Mz+U`A=!2vg z1eMXyL!3J}oj@_}+q96ei4V{>_^714{m{8DF4{!>JdNZEa5qmw!Hp#uqHB#`Z!XLNTA{@lW(UWs+pLf@Xp=}E zt0QL1YZs%6(Nlq|cu&yu5iE`fJd?b}7h91`&m-lj!dZ0;R8vk2O3$K!G`6H!w31N? zc)w9Z&Pk-$+{()CO%%+YAfa^51%@fSj730}pp`tjLy=9R>DIl_>uu!<>3ux!!<3H}{DEb=0!rk?t${t9`N&t3l! zAM7F%A&C1XNgOx5Ol2}}Z7-)~du8v*5rfpG8+({hb3&f5ka4;3>C8sqy-(FVLZF(kOs6CcKr(iAyDFvu6RGJDB}NP8 z#LvGV9-(r5gZS9_^6{ynJ4g$%mlO|;for6(({wA**(hg{$4*8&Twl@uszt$l6~!ET7m7dRYcY$~PLa z!k*&BH6T@Osj78LUwwDs>7};BTV^w_byT*#KskO(>HFs8mjqcnaB1VmN7eof$%;khnS$nxIcA zO0kk(kywm;)&p!?%zj1WD^Wp@GBF=m3EjKVN$+Df9~@GGZmi#l1Sc~?Tz`+x=+T1R zzbb=a(i+EXZ?z!(6uU`JArcWNqvvDtlI=D|uZLZM!+Y-E_%$|AY=eZ=AE#Vt|2=L| zJ~W3y{FtNg&s7J9>FafvhCHZqDF#yL{G+J-Qb4Rh%ETr)*w0t2EaD zoFJ|39566|bbj>TpTBD{+9#eN2H)(GTFVcb@83q$sV`mm`mDylkmfl1@6|k1jo3wl4A0%e3?{2H!j8Qk6iS;8yOpFU{+G&Wp)GP4 z>&{d%yD-=!3&eZ6ck9YW-y^@eJm72*4X(p+GxCqe-a^kYOYVkSeW{VY_nq+`@S}#W zm56An&|kQiNWBr-x(IdbOkBwxTK|MEab`l2pfieSU_5D7)$5S9js8p(G)J5Eep{=$ zM7UmIf6@|QjR72UJPcCbQ-U=#^FHFnr1{(BpBD_Pdp@9(<)$^ukb^DIee&pA({f~h zOX$4fW`yn1rZ`SYbFejmNRPMZD)vwlC>prJwEiLLXoUe!G8>&r$W~>7?ax99rqY!s z{*>eMoB;)-kR&tjWmK7cc9)$7@ghcJ-lH{Yky$fh)lp{!1R7J&6*+enHYAZ#oijHif0>?MNeV$ICXq{xmHvU#Y#BSitvhu~5n5mYxlHtay8Swp(KYsCls)}v{b#dSf>pz8T$;F>rI z<-T+*s+~7RvZ59JPB=|=bMTeWKRm_Yfwq|4_xD?GYp~`%f|tjk^yx_+g^sIK!1IEM z}KokENDzVO&XGpn}eU5!4eSnO4fS~=w-);Mj`+Olo^ zSiz-LJ;R-{SCCEJaT+iqUZ-wZE)(q>pu%C8=wNU>vKL3Ji<#L|CT|QkFuOnFNV%!a zEW82AR3-cGr3quUN0yL^rw$o1x5xBIC@=UI0<=qsWn*WJ3iqcNqBpTC7o#iwxA*%4 zm7V7PSSxpL31{XHugtaa%M`;%PZ7?1NB-%K3^k(OW8K>_oF6kG(d4x^he>Z}#QVCv3l%iD2 zMmzs9{N!DJNi0!O;}oNDC+JR+F@ORms*c2{W;;y1!MHRHe zdUWAqFf5A)7)G-7D%`>i@KmFa)6T*V6L)O@1S6FF^DZ83_G3YW4vcUCa4#L;X$`-g zeo?x-Jj0ngp&%^GJ}tv(=tQWz7MgqLg+VOZKdrusjU7-o z{^SN1rdR}W<$!U~ed3%31AJXFWt@%07$ix;d{erLXIO?NAMsafBIBL$hhW=egDI=^ zl;!0aCh5h?NADldDWJa*--JzY?Bn+8<`&pVjySeYQidZBG_&SHP1fR6N(WGHBx4bg zP@=1Y=F1&`jI~T``P%lx&U^2k5CB#iVr5UfZvKN(wp~-AJ^m@W({^K?_^B@cun{4$=DLjS70!pQ;@s(wqM}&7gF%f4>eP5M-H4m;oI_(u zd7)^`+2ArnBz3!i=5U-qt4b!7$F85Z@k%LVHS!b6aABGD=yXKFvgXTTNqMDf@ezZ1 z$n?!8X1J?cEv*%i!>Z(bE}p3!&!(_=@Z%k$!sMO~nQ@jy>Tk;~mf4P5SK$boyO zo!Jc69FKlT&@0ik?e>)C;VuT>;gmNC5!$US{#cOgtNWkPwAl}5=STO#Oy)oaDT3sr3lNF)oQ%xEdBmt^6;>El#6wNy?lr)rd%%Gm$+`^hk zDjrDUdgQlA0qS>d+WBlWXIClssC%>HeKs(StlK_6@Jk(dG9-ubw@!m=y)eq9l= zw`xBCjTr%Op2J%+bv`57J|bNVk5OyFS<8}`5Sa0P z@%+(X3m1?Nh~rxu89L6Ee`S5#=;Sg{c+8(hzXJ9~0yI3$*om%I`^GN~PCK*3vIM_^ zx!O`el8X$2g4CnKu8+p2)4g^gFX(~fn1upCIB~x}ihdk3m2llN``v|ukYyDwL6xmu zw4n})Cj?7s>KOdWILYiB9$kV61;P@<7CM6k50*XYkM&xUtplViSP2ipoU;X!er4BI#O9T( zqV5_POJOv7Y=9@m8Aok0p5SiqM~L5{y$OV`+*%*JTMYRUonUck??=SbfQ$~hxRl1_ z9aW)ZLpq?J+uT4!%#hi-hS%=3faim0?{S40uE$By#?cpf=pVdUGk#f~3xmE!hLMrb zI*^Y8W305N4zDnrD)DWeTJnRN8d{^-T%EGx5gT6LIZrxERmiqBOc`VX8%0u|Kgpl! z$P*9A1a{r26ph9Bf(EoeBk1tgOa_@U_ZiGkvt!A-aUpi?#MIFm>+r( zoK;G>X*l8F#iE>R!QM81fiQ=YqvU@wMw@(%iR7ciB7MZCd%B9fB6=0Aur(m*yM7gu zS=*<`i67tjhhXQ(ibmlw_{rY2#qvI!u5hD|IP=C@{35;t_ze9@rltN?Tp3sX0{mxa zotu8-35Em!c*6$(!2R!`)!4+v#M;*Gf5g>d%uR>GmS-J3z{z#O^y2pQlWC?6i%c2L zbc==Trxx7RL4V;fQE5bK08Q22p3^;1zane4N^lL*nQx!IZWQnZyJGNZEtP$?{ZL(T z8J7Z2W5rdT<=0AYpi==&dp3^pv?M_=zu2Gm*S9vD-(RWP_Oq$Qsk&*2zQCKp)-KhQVn=_m$yHV^RL>7m*8{*9ppsDF0QV@@y&o;xgw(g z*r>~|5Vg1AXvUNB4PYXpqo@TFg4E^l z-nN}I9sio_I~hhROUt8n=i~$g$~33rk=AgJQjnM+ImV}Plw8N>ptyDLEt9UZ5mz!g z)$$O!3G(BOd8g)*!np=oxBX*WJl<#&V}ehF9O5oEhmIgH<(n=5FmFaWBZk5rE~`d> zuPpy?JLi~&_JFGC7x)JBg^VS^;L7cYPvN}nFxpX)BHZ2xo(K($8WZ%$l-x};QlP7o zktaClr=&b{hdqwOWwj01x7%CGOQ+f~?b2pCA`#2+kW!f9w+YG^E#u0?&`Qj@!mEqQ z=xg`amy?wwk^kvbfqqM_12So+5eWBL>R|PU1Dj=2Nz5K;4AO*8MgAz4ZHN#xKh=Bv` zAAmek7pp_%jV+d3jMM6l3FS^^Bd}6-EbzI!U#5r}DUicvwt&o`N55D&`p-1o?2X~! zQI8MpM4E zIuK_1XTp~-ejIX)Zh|fN;+s8t9nBJm^@*n)7D*Um2Pgcmqffw5-lLPqL=Q@G%}IQ=h($Pxn7KARF{Jf%IM6y6M5;M zZ@fC@-TpIIx{NvWlp@Hkaq4uLpcuk1rtIHuvK5B#=48=)lm#znpAonI6Xz~7`Mdtl z_;O}dZYDHAVaha36#olx3>bE>6icb*P?P`$aPsMUu@*g%fZopuXkD6#XtHLs6#(^^ ztg&R{IVu$*Zi05{w|1Wjwavk|e>5;FCQOqqNh(3E!nx_N@Ik(Rt7FBP zhJE+s;!F&(Sx_-Y_Ne&4UO#yI^}kTzwAP3N^yl4Juq@$1I24)<#kNTXFxR9W-XBky z)>xVz#Lk!;(D25i=&2BhDi_MR;Gk!%>r;<%ajNge~GAgs^I^QdP(Ugr9me1qQq_Y^u*BkYjmgX*op%LW#(8`2gAfY_Ed= zweP_*8R6}mv^UBvbI@x1eGA7HG)|sX)hTEpE<&FjaSdb?V&PSHcKeQe0UZo+DT5(- zpML#Y5p`w|-4ROXNW1O}X8w6%Y284smEydm*!Q}NR9y*w%Z*T#$`j(DvNm<_^pbw*Q*3QB}VL6&zdX za_wI79GO^Kg~pX+lst?D8G^oEJEEmNX#lZf({O!~AK~5_AYabbh78flepY*O`1bN4 zOh$nkkpU=5xNd8|kozG1ApK`p#AH$zB)A*;h;PbqNx%Zb%+3uI10&hI@#*J}G#eO6 ztM?zI=BV&w;&=zN9VK|0khV^c&rt8@1;N!16KkuP^4jn@v$Wt=-%05KY~IILc-U)u zDn4H-Gc+fkv&}^GG41E|P9~v2_T-J2ToE14K`&;Zg4i0O(4!%S^to)52{e{R#){CB zlO3`0iH(=RQ1}-h@^~7b(Mu7Sy_t^jVnc_?)N4>$yO>2%Pd)F$7iD2^>cfDD3eE*0 z*ZQcjOxOYtn1~Z2nQzTj4_byDrmcp(%KMnwk@DV})WJzzNe}xwxv2A+KR^xRiZX0O0@k+Ro6}!qG|3#LVn} zRCm?fR*qY&3A?9i1Wr!G$Px98D(h4xWW2T2N6N|0+AWR}vMcjANKA%9gzg}t3+&0i zKHJgYfJjN&o?Q4xm`LW#Sl>4xfdmL%>`p?PD}QJk=qHp2)YR4f1P-kdXV2cCD`ZtB)q?lyn->7Je1+W9+rv1QAvdWY;jCFR_1 z!gFJL%pkY)o7hHUcQKHYln zL|%5Oem0x|9lGtFsR%olhB&cxR-G2`JPn5p#lWwFm8Up6^IC8E3E zb)F8-y^MPLWwQzSdM&F??}=0(0?5aH*Ka(vhp@uogbRgsY61>5q6W?qy-D|1o^SVT&7lstE;+v{Z6*$;3wv z*HC(ZlRtnBn@{lxV85yagDaslXJAkFzcujD9RTW+BDsD3^FZw1&Dsu7AM*MqKG9C0 zxhEJM7XwBT@tWL)mDkg)ioL89)42J56E7?q@YDJajRxdp47)ImC>>KDt_i9|g|nch z!Z1V8t6)-SEK4IXp3c$s?nc#%$fJ8=>MmHL6zG;_b-rTYXwp!Zfu|D%{YXyq08D5!isn+;ilYKQ z6$SXgoj@RVG=d{oPxQV$SAU};pmH8Kps=|G9Kb|cSY8G3$t;lAnje7u>p@GxM4gDo48`aneU^AGt4C5cNVBxZhS%(0zT<^$?ls}vV8lJf=C z!4NTN|DBr{TlQPoc+0kZ?9i0Ah!WQT{E3$)%OL>hBd3@%+PW@Vc$x7Bnle(fI=brd zNRUv8VdrQ6PIGoKO-}PDaLA!sIAH4Qh>piV1e?18_P=-qP9k=$S;>y6#U-7?vWe@!G@G81$`0XM1 zkh-=s+o62Pi(wafl&G&X56UH1D_=AP;y|#r_?@*k!4aMD(p^r;@C2^E1XPOgF*qadf=k7D;d(jZMG;V(AH; zNg#|?Va8X@QEo>?Dr)IvM!C8ysMs7$J9HHNn+%NAM!8@P@VqD=o;pNZ5)V`lN`TquL3d;;aj1zJr2we}o zycMRCl7i;_XqHAhW`j>e%9sM2H)P{_jk^+*4LZY>{!7DI zL0B5!aG+evXa^`+?y0_L!UD6=O3_eLO9w{AeFq{>)Ucd~JJ@^cKrdM5;QC&c5w2SR z#CXHK)ssVx%57AIDL0I4SgD$o;saya1%7 zp$uBJ>#Jr=J^|+*TFGN<0boJ^$g`mbVz%3VV)H|C&a=aWlfaJ(t3vj3q1iVUR}&L~ zE~09c2!#2@}?yv|;&kAqp_Y z$GOEw_%AS{GAB66&-c}U>hZ~{!^aO`u@vCm`=_ml#ZIfEq3FLW)aMOJTr)RrQ7ZOi znKMjY+s};{Kms>Yt309WZEb1x5#+R+^ER>J^u_EbjxSli=*oD}9cE$sbOj?|Zp~)b z9ZI3-5ac(d!gjj7pIkTM`%dXcz=(Oj84;N3Lj63S-w2vw+#-? z`$8p_i#4;CU&U(pnm@rjJL1^9^Rsfm(CAQhY+wS&j1Dg{1)d&K^ar(fzX^b1TF-`N zr8#Ro8>;J0oF?-a_S%8WS_jtc+lgnbOT)B8qjP|SOE-CvV6PI84+JdX_DTC60_dW2 zlU17={_zCN4q!>_4p5&|#*d%!E5ozzP$b^V z-NvjoTwLt-|1Svz$bHN*vq(p>be71{y0KhsbCxKiSanRf3W z+N*;DPP;dH#Q*;LfNet}S0wvw4~;Q)jn9GpZ&~?_@7w;Yl6Z%Cmr-f0K5KIxV=Mj|zl%J~VMZ1pD`n0tSbrfG zDHdAyIC4{Q%7R$XtK7IXi*ssC5Ha$;Md?d6Xc; zPf=87sx}jH0_vthDx5=WoA9FH9$-AFF0dOVaHG7@k(lWMAwk|P-XL{Q$*dn$;MSWI^7?;6CeOG+%A@) zl@OzcUgOL{9XanTpU3r1(;QuRAGEFeQ;(lsaDC-_RP%2FXNj6eSzYk53P&C@Nu-yUI7<{&?){q)WM6?<=!1y+dUyR)36&YvRPRzQy3fB3}um;GU}P0(uXvhFkP_(wV3HtidQD$ z@JQoBiMGwRB1O0#TK94Oi<&G(^q6e)4S^qo285BoHy(YJdol$PMQ#n#E&Buf`kvH7tfYNBzEKrBBF6_!~$1kO)!Wv~@t;`I5R2rs7rBab=L zpDj>)acO}Xstsp`r-HctU~p~b7}Jq~X25yu!>APHp>%JZ_x8jIa6i~UBlM6Q6GwAv zqW%kFjy@|^uyT2VmJOKW_l+q<2*ABRaxl)ePHdEv-tR%RYw2ci6CoNAiOx0+77WE^ zlG4Hl?jUY;Ei{pH2Vmwv=bs{`mf!6{e;Tz&yMY{f&M0C7gTC+|QDVb+3H-)CwszB( zIB+aUQo%Vd0RVRA?`VdOajRM5)_^W(!U%gE|9X_w8;B9OGrXUBvyahSg9wpcudp5j zv3N=*c1X>ROx$cGN;NwxRjsL}>UuJ%V1@|!LnjsVWjd$dWFHobHO6F2k{J_Vr>my@e#lgCjXhTu@{>1;Ve!i?CJPX$oD;!`zM4e3JWc|$M@@f( z%88ogzKpnnisx^}^ zckPY=wgrndRI}ZE=)G!(4?6y-OnXA*YET7`y?AW zU$@txt2j+YS`o|5I})1{=uM};FWo?!y)QQzEzf=yV8pwvYd`oyMkIdVbn0W*JK0m0 zbVso$NRj1vq_5waNOJJQctBK}mhNSWNz|wBW7kr@yzmXlF3qZu%16 zZ8kq9=xy7qIc*Fb_V3oh+~O|M=1oD^K+~|63ZtZn+YlB#V2?3LF|wRyIkE2BZz>J->x=p>jT~{Xnx33^g)~ z5_~@zEU`L!lB@Zo62o1yRO4cVOjl@F!^RmdTuY!aL)8Yg{Ax{pKbIa8{vwiUm_?1o zV2Cb>sm~52&nj!G;th!2LR>1g-3sCotjBe!AK2R54)ZnIu2j2>&Y%w~BafT}LBs^; z$Bj03?k}=O*}+F^cfw2Pqa7{RImatTYA`pJQsdTXD{uJo1yP0G6d=k!ehmJR7(qC~ zEmTO5WF35mfR}B3HV$1X&brLv&cJQm=|XjjBg#i%SQx$2^ajp$n&A>P2^Rqi4%h3x z_MiF)JR-RPp}~aSJ$6wBdX_%lD$Ze>1Qrtyo*%L`ht0PLM@3}Td!8+5TQjp-CBC#w ze(QQ??t={c)He{y!S zq)*P|b~+Eq2hdo+aiz=U+z+3nQiceHwONVxEnUaC(e4Syx*F7ijU}-v49L0Twh@Y~ z$MT9Qg1GCIx3Zj0gGQ7#PKL{j)kLZTG-0z6VY|z*(9;v$yrHO(e|T9SvR*wZ*mXyC zTTyY;?d6@b2E?dgVgOuvUH8Osrgen#j`Bs%zXcsqdf%qci3{GLET68zsXa;&ncvu~ zViH~?wla$RSGLq2QUgC&vjjZv8_-Zc@kQWrvi_)EyziOoM>)_tzI(@uB>Y6+nJt-h ztJ~shuPLdBf=TdYGFH{MsSD5L=9Qxx^)Jfbk%vBkB%|e%fKE3|&y0d+_ho9V96FF4 zFwfr9){_PGJ(kUB^>?_o?ZRe70R;lu?m`!YKqIUqLU#upzPha zZ`Ap>5$c(?EFT)E)=2^vB)#4{aYLdK&O&mp~x$hRX5K{rz;fd1t4EoyGo7c4cEu z28_TeEU>p0et57q1>YcDI|pFBFg#()VUx?!*t@O(k)e07X1(JJ%pE)tCFkFx`#cHl z)tQgU3Ld@jiKMkD@xws?m4MTg&_}oSZ=N110_L#BcxAw7?7iDxa2QaZv}G@Hcix&! zNrR|Lv2(;O=NmXfih(@Aco3o4)pZd&q(vUYC79bNxobl0aM8~HOfI2E%SW!*QIIF? z#NNKDS|UU4TQHk`D5$yv1qTNpQdf6Aj}$CL>$zNl zgs{&8$^8kjc5EQQB=G$~v1R7F%+x6?sZ0@=*2K@IpXkLpuAWbAYa>9f=w?_#w7^ey zn{ZvN^AfNvSxKueq(T)RK2 zJ$i*xTZe+xzJoc=rSQ1lf5Bq@8Z&m(n!#&$5jc``MO<9273|qKXk=LoUTiy(gv^C{ z+aoRD)5O66WPGY5CL@|VZXp9`N60UmA8_g$^PAN9V96_=m1^vg zs99>A2mnLJkJvJ(uTX?-m6~!~oQ0JEZGGm}O@M_p?K|U0Y7Qu;(2L0$Rqgp)Hl_Ifu4O48ZY5*yH|Au?o+h{Rd zWXo@al20D0pv$`kjsrAhS~tu0_pq_`lnw!rC!$NmYzbSQ_LR<=ib3eD5Vq~2C)Wx( z>19aNvnsDXeyWx&G z6S9r5QB?L*!ANdU6{%e1(a6=gyaQ)B36CP~*+p$@ccrD1B4oAgYekwUODEF04MhEG z-b&|wS`GhhGBPr^K0G)3Ri1Fiaw#8#RD~ul$ALRdYP4IEbS7OCYbt01btOTL5ZDEA z70tyaN`ABRR!JrW2920xapEXxQ1MucVq=X=_6INiti@{LnUcgU`@tFDdt?i+-yH=l-9ozo(p= zlb#011g!q*hVCJ8aT*G|NRcY>%aZsS)#}Sjs=*wOnt*#U@w#r*JxvUrMr>Oy1-99Z zQuTp7uK_r4X1_0;T0c!bpEsk<9Y3$r9~U2kqm@=r!onXU8%raP;@O6odpNS)^^QXh5CK3c~|0 za@cDR_r{x;!F|XS`P#jzt;y{EUL^<+*INA@OnT!YkM$HZ9#7po7I)XYMYUC0MT~Wx zai1mx&yHDB=-B6*rx7!DxFnY{X|zP(IbmJtg~q*pT98d?NMY6Kz(XtXo@1kBt%isQ%2 z3b?+zHxP;H*=-~ zBW!%J!P|r{@786^cz6p>x)TQgXszCy1Lhg93t=gVoU=P5=RFPb>9^TC5ZDaGEg@F~R>)bYmIeqZ zZMTvpnr2Z$>fFRM>VoxC#fZyPa4_QmPL%TXP3INM*AY z_n|{oE!zZ-#1wHik6p{DSmR7I%ERDyBC$sUb$%?|OIL^b&+K@A8WS0}{HLk&Vr-8a)U(Y|`Eck%~R_Z?Oll%f^J zRydOyaCs+u;h+m^7>Uw8JDstXul}j>gD=>T^5hIof9B{AJWSS&TXmS@UY+{KVzs)K z_a5zrTUs;MJ;JL`(}u&ZcHGmYzH7KwbkX1nxP4p_Q0g=)yxJzOyxkcV-JoF+M^Ro< zzVB0RKg`5N!3Uf{LJnwTC*UkJ5Yl6%&D0)B+@FMzKUZa(s+!+GXIV=Z^1_btxP`4r5U%)qznj^!o$~U0LhbQQ+d17Fz}TTKlyw+^IdAf`2wTE@(Uq%WCkgrkO6s45%8- z-geN7iX=uh2~HRtXh0v1-t-?XevA_P!;VQf8 znmF&0PLrOA$ZU0FEgg9rLm6eOffrF+dIRk&zChr%V`w_pYIcTnOn(S+erLDIcm0d8X(O7rX6tr+^fe)}o*UjKwjP0GPM1fU57jsYVO8ZUKP zUSy&Fut8>}ZoZR$0B8LK|FN=}g%?}V!F3Yz1tWl|+~8t(>fCbS?XW_E!_>$hq|jNT zic-LZ3)t>9NcihIZysid0y^hufvAq4YKSNNf>Le*&v|p_m{NWb)*!+j7zAkFz2;4A`RDltS$1 zhT3f;QXoMw@1IB>-j+-K$Sp&fWKxlY5-tTO&r^1uytNER*A#N;@JGb(A^(0*4Nm^A zi4SLZx)y?FSPT_@Kd%jJoYKB4$lPvlW%R&xG;gV7^1Qrz7i0e&c{qJZWg}Isa)aFI z2`TQTQMeD*Y{Po7kJ3pCiJT6@9|P~^pQjho@0gm9&s-P;qTw3e9s2mmk6x3cFh-^J zFz+OTeCyH&7|PF}Q@Ed2=Iij-l92AO7*Wwy4)|B4la&ds^@FkyKjFf6^lEBbPqVO^ zLo8ax*6dF>R;P8Y4v|a3fvdP;QJX|7ffqy!tV;ZD`gz0Qk^LLj*QPT-xnSp|&A)DW zR$|C0uhF-?LPi%hWp%S`x3fPPbykFH=fjhc#!dCPh3JbC^q3vp=d_h)G~>b1uExb6 zYbmha{rk`_0~hqDl5~uEDbWyL z#Q#UxJ4J~S1#6mR+qP}HPPyt7PT96?+qP}nwr$%srf$#lthv3q`}Sn6+$*0lpCVT5 z*zx_p3+dKJqll#?l@(O9;h?dJrFlWL(D<+>HFTHtabp~Jn!D`@_BQ&4}vabBb;*Yb?&@Cj*9w;6MDyMLngX z>^dJ0PlZZ5C7kEfUVnqQ4$xaYuFq% zqk8A)^sTCjuTPer9hZS=I@(bB7mpETr1bv^;D@E_RUsB$?|8u35Q#*sSUu{_ z+}gXkPP}S#3)nwF&_{@kZ!7AdiIa_M0MI6LE z%d};^3zE~Hn7@ZJ-ug*)j<;en=h3o);E__m-RV-^-w5aB zBKkRu=^Uwp^{8CS9er{C1g`gKn)`DeEy+pGl6YsPDm7eIW6P3KX~BvuZ7o4;K2#XL z(i4eHeT@66$>RSggzMVVvueo}+`b?f4RwpPHeI4lgpQ7m{|r%UMp9u-?EG2OkvwHJvdr*E-|saE~^daZ1+i`T>Kg?YW0Nfm^W8F z9sq%OaZx(DT3MKv{v;fxATh%D%dN>FH$dPi^L%(54rt~)g9su~a1?tMiiU2c6p(6C zZDJ@|cSF<1Ts1O$eCA*v4~Da>A^7}aWBr~Yt_X9Vm#>EE4IO}vTTPgxyCE3j9~jHR zQH`@d792uN&7CE~e;M#r9rJI*~i$a*2oQk*t2c`Ji{o0%TN;>anB$ zuqvpBF!pXPA2x27Cpt+nt*co$8Xq6cl$LJQm6Tx4f}QRjWm@0Zx@DAPfG6vRr3XZ; z<58!*8_m*CwOMuTq^x|;xAW;jmA;pSy(;wNpl_`KmjSueU3P0km8luC<=*hX+Pnmo38K`gKQ`JPz^&a)7-h z#~`Ue*LN>Q$v%lni9yz);2ao%qCi7ao7dCzO4xu#32Q!x09Dl%pnU4^G2s=J7v%~S zHuXqT$;7dM06$m`1?4A};IyB-%(&p9UNqronHbr;peOj6 zb_WpiKur9Uq!$d#q+!gW|Dkow>6x?vqK99*qJ47*?Gtf4C$BBi;~OFwQ<95vY1&-UVA7SX!49WD}7byPqEbUNBaMdUuw?;gGkSBcWPtVgwO{VLm@1Y6eCn^iW+s^MUSxqorMxC&ydlo-V2g2rmJYk1_H z;7GeDJXo8||H=$Gc;FFyTSDzpcvJ;0Wm%k@q6JIkMkvB-=SHw_O9KOekP*80^`IsQ z>dg1&?0D-`r4vOJ6bJp9ob9EtrxN;y5*Er2-N<0M zuqC6nIP|wFD6UnDWY>Ll?|V`EYsTM|^RemG@1{dcC459;ECL$onkJSaN{5f5URd=) z0i~uV>bi+#s;90n)O)PH6r8Hz+;@PTHO=h~01{UC!TR*Hvvo|d4}z3WjI)DQ@KUlu z>UK%E*(fZSr@-a*iE4Jj&93oGfmhC=^a_wTPY~E){Z-4WnbXG&R?%r;t(6-32qQdg z^?&qz@5HacXLa0ku#_4@NyX3NO7eJRZQ%mqlv+wpqkTHF#HqlJ`fxZRg(9GYli+@8 zI`e;XAgEq;fxDaVq+|#biS5_=GXkc101JP94<$FLq-6HU22=hNr{t}N(dv1!%&X_= z1VTN9Z()7en@PBicg?>##%3$5K#`N%;g2JzsD)-X)BR!YL4O2`jO4Ird`686O_1oc zawc-9!Bf#MacV(s*P;_cq(c-Q4B%1IWkMW`wYcl3ILx*=xdJi~u}I}iT;S56%r%xh z(rW$BK^{uL$J(TY1lz?lG&XQVarRoZ#<3Ve1j6dRlxy1va*^pIW^)--BT*{3b8yzn zk~dc{iM*xj)h^8K)*PsQ^8nS2ubX-IthRVIe4Goxvb`-#ZNVmnhQ`y_$ zkjkOKNG)u#!i4%a1Ygr21ak{xc*Cwwryz;Lxt@im75p-Pt>)4Uw&q7WhaZ=q z&gbNV7^U&{A-8H6<6;hjUD1j+n|=pFt~Y2%Jifb-MRNzFYT21xekWHOEjQa;D?fy0?oa16 zhp=u^+i@=@?0v!SQyy}3fvNS#@RrgqdkPn{Q2cUp!>tIrkbLKMwH~c(qOBai5~f#5 zl>@f?E2B@}<^72;z2p_<7hT$Qo-KNCQ?x~@al^(}iP>SuGoaAdk*}fLtq7XBzo!?O zHKu+kEO$>h+eJ?1lRKgXCQT?k_VI%S$H(MbW43tsJBTgAwXd|XUZlo8=lct*vZ;XQ zn#-+o1%Zw`KjkHss=zSEc|8nEiCg0fCmf!0NMY%)HbtraMZK3{EwMp z9W!fVoByKZu2Pn_IAlZc-q9h%@wYs862gCvjTai*5{9;t6oNkDh}4g9Sz3*cJDjri z@iMWTXzuhdgFg>3qMh-4FngRbr7FNymb~C1x0oAn*9q z-Z1EMs#;^tpULyuIs&V_hS{@Z z6QQLMm0J#LpVn)cC@Od485#G+>h_c1?K`v{xDCrU{TvR|$9%UQOKFA;S~wo0vP#_m zCMMDcKdn9Em8uPjt4dI>^LTEe02VdrJ8U1Rg}5)%DI`BWux^I1oB1~^^%-W&Q}X3~ zXOmdibz(A8*&j16AwSX6cQAr>ZobLN``W{kcGPipm+PNIXHSQ7F2b?nxztx7N+9!|6| za0f7~K;*64GGb%X(=l{HxBHDB0B$z4y7xiEGTLb>DeVd0DXg3Gz(fyLH4;}7X8P=b zh*l~z%UoJ=3H%I5tiuI`0={@=x^U+LA*C<_NvewB!0<+vpq5!{gOLLjXyXr)O-(0_ zyH0UMw`SDj4IFT)P$%0Ni2nU{EzKw@4t*J5;}GLT#gA1WgX46rbjCgemw%mGvwXFj zvWuV}*M5dEGk$<;?)O6U_HARFTUDnv44J;qZ1f^O=J0dFeiijZF6ujx^s;9fyevl{g#--nbGY7Mt0m%Mrt5KmFFgBQ4VqufGS#1_;_N&kK} zJiNPK2_bE86gmoWC;qthV1oqhl7%j^@uE&|>agg+(aGl)>u|eDkZv*UUSW6CO@k2OBt`Ef?MAru#<6U1 z7ElN3T~;O2BlkY_w*Z>^@7Odpgb1nC9>vvkMXn%TRute5(s)a;+c)vQUAy;Aw6fRp zD4BSe4lXksKTHj`YIT+ZR**ZG>7ilU=d8Q_V1EKpt zMY^m!mM+5GL!ro}g6e5jsfhPct|}H-c%OE4)Igi<>w+5?4EUyK3x{arAnhh&$1L+I zcli*!MgwT;Y1z&6iW71~L|L)f$1th$etBXQ4UDmOH#0(_&$D0l} z9#=C6dKA3*@-Zw*BVhpjh(2eoLftJ17z+z0xyf18?ZR3jUa^X3dCT9#zthCgGY7zD zp5;roPj#gXjcl$mTX+XET?Hp)5<&0`eLrpjj9POkgw zA#xw1rfS)uw2G7F?CAdP8mwz+c;?Lzvw?Ee31Op#?LC_KTp9-Ry#Cxg7$0!vbV4+P zG46@JfMU*|%E`zCJ9n(MmO?h%R^xe%`RrUMHu{a%K-6jDMD|qt-CRDDME23+1g=D| z(}x3(gVWAZ=Q+GhVQm%a`i_asChQ?^P0Fk)4=2RApiVo-&JutiCPrAgkjwluaYF_;?wJ|(YsR}B(|73j@ z=Tw&N+lK%T(%WW>I#xsL&27soH5;J|`^@if?mns}{NyZ;nTgEE)(g+)LLLX<8;!9E zRTu%Zk(|Oz>p?60473^%aso|!xH8s-KwHD(tECi_bTw01sirNI$PuVg6dgC74hC0& ze(CFF)hXTq!#2c`8{Vx|8|A$d}L&yh;R2n>Dy}TI!Y?u0}Z>$OT zO}%Tf2i=v44j&Zg{&#s|ItFiq<5=x~uLhH6*L#X|Ynd-yjpnp^&0V<2^{U<`_;`4` zGjlZt_sIXb=_mI}e9!wE;qJc?{=YZ`*RwR!`>*1sf!h<1u}B4Sry=v zT1Kpu%33S~aTwHEe${s@6RMwkTs{G$@y@fy`@(p4I=eArEGX4WQ|G&kqsGe;g{X9` z$P0r%_C762(spyA7{bj9@=LF|X#?jtO{v_fR|#!~m~opl=CcB%=9&XlIPt>%!po^M zY9;!wSoQ$uWubECp8{>_$u|Ux$}7%cEiTk(o2DbR%_t-8qL19MJAecNXFt;(VVM)= z5n^CE{-GLvspZbM7KU#-$0}ZcS*mOoOz!0%v8(sx2(xqZWV!fQ-&uMDZx_>+3@Z;MJ`gGiELog+V>ZP>7NtfQVpJo@ zk64(c=!$i5l;3qLr3d=Jn^!Of~)j9x?%%T zzl3Dt+mA5&&>5Mh=X|;px@As+jMX?^e$qkpl3;_3)HKuhD|cj}P8GLb5~Y4|5X3PFOznu<-a<-kDlJv?n`|qcGSbfoY`E)8~;8HsjM%o!ndme@Pat z!{|2UYA^H|;*HRY=M(X*7zPsBYyQKewwfHzc;AgWE945i->e|!`$ueF@ZRC)T&Q<@ zE8sS7jdS!;u~H-^E!BQ&6vG;4H>Y}fi(>$=AOn5_Q*0_8?| zgT{1icg|6XHKwpl2ig@=!xNPL`NsVA;r(1j`CfHbWc;&%%V1Rv6T%sia&BV2dsMhn zyPNU!>h_W|^{i_5>~De>v2&q>KQ=c2p&DJ5;~5J<*l={4{uIo&MRVlkRWg>mHnfEt z95ogf)~WW+CBE ztI?DzEQ^?p;kyp+AyM!E#Q_7n??ve9paU`e-lhPDd5%_`P}H{g)B^EjDYX)`ubZqi zuY^R$lo`}df|Lg4-}_;mw#91UsWPrXfp;vxi^gN_N#@_!TDe7YC52JX#e`(BTf^3U zyLd`RJr&a(K(2W(_HMk<5M2YXFiJ%|5++}IncD&$6AmsSusLm{3s^nc$7Cd|pWjDk znaa_6{?=IcTJjH?vt<8r{tSxZb6SjCXtf2G*>MlkL5-a&fQ4_lG4H>e!c!O8F`6Ke z2=!zctK99RiD;J)iQZ|Uv3or>YL!=?_XV3B?J11UNTKGd$ZZ{;_qV5y7#sf18NToP z@`vs7u-Qdvj&;BcJKj%px&_GmZ(ABbo@}scoq!@-J}u3sXj9_%`399#Re_Oj48)JPN8! zj0WiDqZj`%E%H>86kV;`l3}WbC>?b(rd=9-4VM;v3;F01YAz>FAvsDNmY!6qM>tB}0I< zwSPY?RGfiSYsc-QFD*kwCG^5ng6xJjQ{5cGE$=5}_+E*A|%)e-%HD5|F z3*V;E=74D6!~y@MnDqI>%fI~VS}IM?OHHu9)flt~*r-8FKB55Xap!|&KpNFls@c8L zivh`UF0BkLiQ0jq_W=-m9-OipCUhze@BOsULegy}a8MoED*C{5W6-5zjFlEPZ`R-T zLF!WIdG#Ie_dW+JWAITr>%$Q2D^X3{&=6h+Wqzr4(R39cwo$v~1uczR?ZI3Q&_m4~ zH9BKv#eZPgb-qfSfMSHkx*V7oYYOX#s=tI1Xs6h?HPO+ctTh(?)XdgjU$J1$C~3h; ze=oq+b3TP!KfyB@ZAIt7k;8_Lz4#X|babWu{EVEPuJLW3SJrtZj{WxA75|?>P(u+= zRjO_+w9GMTvN>c9APP}5k@bSyp8bjYwrIY(XWWOkPcVP{KRlaC7SqPm5|ofs#>fMW^M;Ubhokq8P?ZT+~fQm}c;>~VkViUcmv75vFS zsUqf|<^BZjuGG_|ck%ccuuV`SWI-#{Iee<)P?TA#j3_8p1RY>4zwx%=p;N|r9YsUg z=DY1UBCHAovmX6zot~Je2YVO~ibMLwA}9$#4pvn70!#l@hI?+xI%t)qwRt`O2npFq zX=BH^R!sl9maU<_%${cHtVO50qF#psjs+oQ2hB7~Ei^$)?`Oxnux5^fSv&ghYo3*; zuxMUffX39du7r9e6a&<2Y|JAnzbAa^INMHMa(1^m311?pFn{k2+%Wl~*spwgKoKQ0 zntbx&DdSBRHP4@3AN_Q=Q88h2P3FhUfS;;cC@AfgqyL37O&jQFS+Lv}2Z$;%pOF=* zKRuTtSa+xZEnJ`zSZI`jUnH%dL=Bjdq3UNr&BQMbUct*R&Qul{HdAY6tCGN~mkqis znTO^HUyWi3zK{U&Pqh|&bQ0{;l1PGaZKu#wK2h(w{jcxMdl=GCP36i7vF2`N1VizL zx+zYdmmW!;GSah}k=T7E2wQuVMVVYwGL zC^6tGSf2o1E)xQ{I(WV$MXTF~XCpO&mcG@_#%VUDE8Y2~=ML>!)aBKy<-~@q43+Fl z&rW)n3m^fQdL(VaS~AsMcFb@e=3Y7_QUVW=oQsmRpr^?2hJEcw7o{E#ZxzeHdSEk_ zRwxWrI7ELbTrM(=Ydw3+uE8#$@++E4Oj>_8PXpX;XQC0UhxUn3m>BwW#GRzFQ@)c? zC(xS&Oye{%40#$t)OykRaIssNp_fS96U3Zl4!QU~R4pW2>#GAT}NA>Sln0O8!K#GqFX2tg8V`JuaP2n3=y zx5Z@-ysKn)!sq)Ul?Cwwk>+nebSOrSCodLY35y}sPUz>hEISni&OzTGCE+a898?TB z@`(RFq(RR^SF)HTQChyX0vZ*Gw|lhkbA&aWhko$`d39oV={D)bxLdw=<)$J@&TjvMA0t)Y4XjIx*BU@0x= z7f2WU7f861pK;l_7(O&6Lw^5Q-b7i(cPU_$6L(?RZ1kRHA$X|YojaY@8Nx@a577{) zSt-lnE2}H{_}m&*cYE|a<)OX^NKe*ue8?WX;by0^oA#ujkImX5!XSXSj70)bzIfZ z+UP-&llB#qBykyb`1}xq1M3+5d*5UZQcNt3D2d|61;;%!L?Z|iBdP^LB6B2crCMDo z(#=e#e_*noa=BlQAUVp#p(Y?Ed0A~VY=5;Vpzq9B2bln)Ixy=^G`$}Vp?+PXSwG}_ zF?MO#LXSaxGxEFmlIkl*rZ>#P9;N$B$sjR_0TM3iYRmv{6Td--QTWe0pGC3{1O#c! z@s3QGn0RNGT_2mArk=|NYqOTmSmW4YXuYC-x?U_oCk7{kh!`s+D`zBhK_AP+Y?H~r z*Etji7gk)zRef0@U7u!#RK$s0S=Y3|9DA^7NZNHN1W$i}ffGd;B_Cz2ARPdzV@^{D z_?A=ttlFJB?nkxNuE|wjp&v%mcaGvN2uF#R+v<@s5NG#1dCJRMvu=!4Rhz9>vlM_S zIE+m5a|n|yb&EQ#(Z7G@PguXXTuuiAfQS`yLBJZ0-*zFlq0j(-(#ny4z^0-crhcdQ zIXS~v1vL^1Vudk(EfAtvZ~Mkp&yw<%14d*Kp25znl$@>U19+dT5Q_tp%|3xRd_oEM z8dHOJkzvI94FFkHS?4%KT@r0k2v9Z=A%Fr}-1#35PbWG!=FYxejS8Ud?ri+6y=qO_ z>UPc7v_b0P2PD%oQJ!*FRDOqi)A)sOWN0@_Bq8ra!Es+?hhr3w*sfo?*3R|2{2Ip< z6_9SO474I$^gS2!E@Ij{4}r5F`P7C{(PB)MjIj}=YxmtWS80g&23%u=DlHlXA7jw) zn*E|0R~o_3Q7If))Y(W z#a~Y+3JH%Ow@!>TgrxI7*w{qHXd`}qdIp5Tp2f2a9)XkaBmpz9W4!Xi>Na81PkpvU z^vS}`Y)?;c=E>|e-Mq7o&*5!QQb`o{j}btvuh=uj~q<`3vmyX+~bNji6r*{7vbKSG+`Pb zwEYDG(Oq#ERL3*#$^$Y_dr^w%S7nm~h^hXNy2nie!_5+Y6wMHf4J$Mc8J7~q)|&F0 z7M!25U!#citgMG@|AjKFzI0k+>AK|J7Q$+7O_$ASn%ui-H&5<_G9kH@T;k%Tq#mtD z7T*kFVBmU%{>ya{I30xa$pcO}pJxk$rl|NZWM>%67E0NhkWRkAkSco+%3P1P`>ocJ z8tlf#rvT-FLjDSz6td4niZP0l338^Y2C1374AtN`Ev_?>ST>;H#CV)e2k&b`N!7@V z6^UN*C)&X(29)gh1BeVKWJLOj^($ftn~o zTHcjyu0dJPjiU}ELHnDNu8MB@_H?ii#Wt~^FPIOEO{FELoz{NFyGBedz+gLXW~@Rq z+;uzyPE*x2Y_cb_jpwo11-Y5yi~g?4$=d~zS@8P(0@k0&@Ef{`PPq#K}fy;rNW z0Zl}y>;Riy&oP8|>jC9>bfAY#>~`+*hwTL=W8p;I|6KB1B+)SpWs}Qw(AdU0;n_>f z#cIcGOYl<6ExcQRyzWHn3spxShCoI>3YZmqyW65Ue@8%VZ%4cfBmBuM|M6BD@@ek= z;TDGEEI*|i>G~1~n-u~HkET6hLxh+_dtqoIcJZ~Y^fQXn?wh`KBSp z^VpTz#;0DlxI9AFAQ4YA1qhrh3&8<}hUgB)sJ#-OX9P0|1PEZuRgB9eB zDEzE#?7TVYX>x)PG8beQU8i|5zD4!x2hBmnRf41?}}JWj6A0DvH; zzul$(w*2R9?vQDoJH)RJEjA$l0Mq}xwfz76u%pp0h+$ys=4fhTP0P&j+h#WS-~Fpd zP0Mmq+4*?KmZM^=?Q2r{LfM0jayBvXy*Ns#TGzvv{KE>-QA1LU0NOzG&>kcQ0SOGpTD3u=F z&CMR~OLoo;&bOs^ciHaEjRyO*&s~20XNLXxOz%y|YtfIN5QPvdYKd!k^tkNQ+-n&( z7eDOCuE|u{URjW_qRV;Qkt$Wy!hq49Ub z7Cil*h-v-CLmH8ZX?w@HHjF9`>bdd;tSU~6Inoma$F;UehpOAOQ?(PdMeKY`K6Kt2 zo*Js}7Mu^U@Kofgk#N&DhmiIMtHu)%?5pRzV@*K|LC4wi*BSjs_P}?)dhb08F25-! zTALlndCOE#z4zwCu*sB?s~2#!*ul+?>SOoR$2(K+(~`9qWZBovG_V)};h0WA>t}xk zVH@HbaekTL`il-i(=dT!=moqV#P<14Tym!Se%-^4U*+%V6Ff3|_RtUObCb7tY>&7c zxK6q#XP2(-oMY(kY;?G;Nf%<->vtxdr$E~-YqU$ZMp^F^e1lxNFYp0@cejTtj)V`F z1cK?>m3IvZ6t}upbQkKcZbY-F(V+zLlE!@&$LPCRCv-Q~GeP!}ajaf(Eu)=e1jLxXm;(FGG}5&J)JVfXd<2dPPw4s-!6w;t3_}b9hIv-Y8gKCKBSe3-7<-6Ymj9sY)*123&Vb?Rp=MQUI#pZr&w z{l-W;cT6|c(qP?_&mHS9lvST~MyAQheM+OP67?R2-R@re8Y{1ZM-?ZR>CT^ERVMxC zrdNy5Ir@o@3v6h`f7Y4|Eh=Lr(qr%BC#*(Q#E&2Mm!AwRM#>6CpTSFN*lIfHnlIX2 zLd(an>utLVmKrkl-9}o-YW~?3?2CKfn6*4^oxi>%D@vVYGqR#hPRE3=bf|sk(w;1p`QAXr{`l8-3Xrgl7h z(u@+N-vo|JDP1vQ^$CkK=DO_=r1v$WGuGe3p+BTlO^NmnSuUELsI7HVSu5WNqk;XN z_!jjU@GevBVHEyxMPKEUgD4%FBPwguazywTSmXzWE?yS`B1{z0kSo_T*N1{rwOxto zbo*S+Y|&W{u1BmFq{JSoI67)jNTH910|f<ScnDz@!S3Gi{-RMarom0bNv1w!3$K+@0> zZ|T9p?$C0N=8E-o%ox2+VTUr)<~AQcv2vDteouz`2wzH&k=OzQyLkrWT?70%mX;KW0c*+{b)hZOo~tr zin$C=Fo@c0!9GBj6$b%7g#6>It$#5Uj{M(1Rn&TC$k}XLzN|6bSCxY4e3JB*pUg(p z7;4@ZPQt0s5o%tF)9OE}vY`|U0{^%4QBN(gJynh)YakAObIp$65#{)IfJOE!{dxkLhxLx$@p#Umo5OX@0BgFk*t|jHRV*C5dY1MMFeo z-^K*n9`D>J*0z!K$>zBhs>epu>j7@%5oP?@fIkAYr+5(nOT))^8#a`m*KWnqP0y{< zcJgn{Iw<=5J!u-Zq}SAH_vhSgLv(YXnRG-NC3u6E)P8{C zws>F~_gcyj)4YoltyJvokVHx9?2o)@83TR*8S#rf0Ji)^q{avXx`y_C?p%`$xHNrs zyOfKP(7+-fSBb5-mnIt$li{nnB96xat=MouH}inSe*>1n=@!atV4t_FNivPy%2bb1 zy#>75k`#Fz6scRT8p{)k@)nFQU*tUnQ{J#NN{pr$)~Vhiila-Gl{MVu3*3UPne$a_|!etVY3mk-z)cjFu4XcO?*2cfMW+Tz+>cAHyLx>)xH{qa@Lv92pAh z4~Dx|fYODHixa-&&9(|!{6&tv0|0((e|YNt?U?*BNfXcYYqi`@5xAB(ClJ>NeZB`? zHTBO!)Fjo!f_)$n0=!{XKXaDq1U7g!n(I(TA6RW+4B#rM782DdA2J^F}CvPtRW zC#zO{T&pwVCqJ7M_R@WRF)YWCm&i z?L7-2uVCtnA& zEB0r;rO1N}4elf6Y!z-CiLAym6(a8Lmba;=&h@lK_8hAm&1pP4f70A&jjQNrYj**A z-a7xN`!OZ3`7t=6hw;ymJQ+J3VshLypn}EK_rBM->!2t-8UCzK&qs*g6`@-L;ut(p(al)#04 zJQB25bS(kUTRJ@v05m*s>+q43U_M19m8o|;#j2Xokpq%JvQZ68*ymvm`-N?1<8w|X z!~dUYeHXfGP!^>ZsS$C^fW=?LdejXfi5P$y5xqEf;ZXWX*}Yq~%bY&OV&_zn#8H#Q z^EJmArc-+w*o(9=FAsq?R|Vvpc+XRVyd20xUWBIuYo#OH z3iD(q=c~kxJ6*E}G7)oz1Ox^)rAw6uFhF=T8F4I+=O6_>UmjH~5Aq^`HCumX3JveSKq|TB zdH`!eu1pRqi8(K*OmJ#mBSII`su?Wdmb^wgJ{g*9qSq8T)ppn25(f8pGy0z2yV`6i zO{UYoAeD7`-7f$qXnU+*0?gRyd$J#=zMOpP4STv#$n!mYf4CnP{|%h?mUV=B1W?YP zhPhI|l*KB#oHEQhj#k^d%zi}X>LKQ>QN}dXK7biZv`KgVqH1d&fU|4rmq5o$-%GmL z2uMoLoS29&&lnUhBBv?^4pDc=*YoQ zXxoTN-8-bv46eqp&K|+fF%~#IN&*L~T{qpb=)k2sIj6_Af$d1Xdx;ZTIPt zw^h1Ku!m7DAL?<*N$DsBRMSjarcyh;)xYm}=c@4*GvpJ{c}EVJCl2aantl_7mXeY< zZQTz_h?ORazr{C3K>1zewcsk`>xi|aABTI3wBM;c8JPf1h0TZVQi+P5ueU==8Qt-6 zh>xet5S(k2X$LHNca%oMmQ#c4#8-0{7ww(BFYLD@Ko#zk0FNRlHNfwA*9+64-;m+W z>P73)?WCK13U)N)hNcc)Pl{A&_j5#NLSTg0W-4HrD`Oh9vGtPoqZ=$AGDXs~=T0S@Xfj>P!0k|@j3QAY=ollB&J#$9jrX?YIJ8zhxI zVk;77&bMWl?ZxKl&lUyNY0F6duv_(&T(3RFbLwxkbWfx40Q;J$9L3+L{HtapnaE{xi#=_ofrF? zU36Ya_FCVX|1|esa_omgTcCmMG8`$p`oXvhzmFjQ_tC!p^Y)9A(pEG!D@rqOPa4VA)pLr%9{^N{*)0WYDnA7O za#Zw6Dy33W5<}yW?MuUxnr7klIU00J(ree?LnJ&umt9a#NR>_ibWMPfX+sz6KSbQw z2MGr=C!RZL^dDakeJ3m1SvKCM1drV6AFT|0euO>#VT8dBin|yF4P=~@IQ|S&o2wSI z-j^FY1aP}6V*~lfF5wi>;ntf&r-b@+581@Wb~cyU9CZ_;1}u+13?{I3&iCex+>VYn z-egIm&ty~;l3N~$r2+J$A$$YPAf6l5?XaKw{t z(YtccM9->&Kxlj;0PVmG?e4_XMUwZKMDfhn~{;6GT(z^Y;=!>R0&*G}EksarffamPs<=y4! z@jAI~@W7M}#~oWLR8~rw$ZDhtFEr$~K;N#8`2*4C4pwa8_i}sr-!kE>kjM0uuw`Yz+#^n1Rh<4QL@hRv4Vs_gy zAAc`e)~8|U@)9Zm4Y!&i|HC7J#-xJhJe2?7><_62X9z7=VadNyT0`#Zd1(bk%0073 zU9=^!^IWQyKA+cc@2ASx4J*PHH=-C*4RYK@lC%^=rD$B3*I)mb4VKmcu~89*Cc zW#p!uBhB#WIxS2)k(Y+~#8Q0@K%eZuonwxqn}G? z**;VpQj>P=nbr|kbk|uPdrU+cMTl_rp$A9!?DS-6BitD_d$ibr!qWB((7XAfadHA( zk#&X}q%QiIN&BdrX2NLAhn{CMpT86=2Scw`fy>@7C{3=JO8oGcpV8oWT7;Az&)2pz)P$)C5^-zQ}9qw7rq>cK1`v5hxCHNwfKhNmoRlP45sw6>O2^o4%>|&#Khx*nq zv973fp;UGO*ymk+vY3HW`Bb~`5!OgDdi}HaBKP3fVA8iVO$OccZ{X@&7YrF^37cvu zmJo{oOye`0V&+Q{NNikyB-N4>%(=UbDuZm{mND5D5T(ImhuH_|Ah&K|EpVS5M?%5h z#p$eu4_5x>$ZjlPS=Kc{wOexBq@NW_DD?2*$oCnsB2qfyE~q7c4SwL8a($Y*^~AvX z6_!cE+Xz+**{{8!|K~P&JvK?Q3K#%@;xCxZ_kW(U|6gk4|3}VN)`>azgXGeJyCIQz zdC9;HOfA5v+Xmfkh`<%bzt5qIM);Q~!Wjf9Id&%DdW_>>wRj^ti?M>!~8=%dKXGardR*<(|h2BTAw{hR<9WJl+&~^S*%LOlP&qH0G zOhuT%0>*$j)CJ2M*ELQk8t@UM;2v@2oc3SMK(;B{qy_~ku(Mjw?ykM6Lg7Y zf29ry0}q@KBX9WM*T;8CQ-^SPLE8cH$y-Wd1Wv!wv&dIkW2TF`y^YEt%U145J-SV; zWnV%hwe8 znk$W+hYFHZ+cg;^Zy-Bs8o|vzsHG9(X@=!P0n5YhST9ZByCNWjM8{% z8@8O(7G^at$JZF}XKjowLq2kJ8@U$v+(Z-Hl@FnwQdqQw8@weGbQj0Vn;UGYE&1?f z_fR}HWB97@pD!_1cV6{v-B6!fzF*jHQ*X!jn5%V8aCZU6%P?2g2ACmVV@8Mvr@G>x zY?Wx^W%$1J5t1l~B*Fgu!k|z`+5(MUeo_?8W3Pg53UN5(X90$`NW-8j7`Rbbs>%$M z8U>e^(Tc(6P8frn#Ay+yxdPNmldJpQ=weNjUII(u3*efiw41(@1UF_g_>gf>M-bUV zy-?#{mlL}S@Za7y-dTYF>bmLReyjauT5U=!N#o=FpWuwYT#z(zp4MZuz z{~iTzHh7?lp^G;IQB^WuP1)b z)LYJz)A6hkVJFVZoX5*3eCt(FS8wPLgO!|x-O#z~iQqO^G;zu4|@0CM0pFo}lO9{5VD$&50xg9qe;&OOPs#`0H1ret5 z_rYf|HI$e>6XX0|m?1jezz@eS6*Plu6!b*D5dT2|AX*WQ_h{kI$v7=i*Egt^K=!D> z?XG`V5@!(k<1;6O|5Pz~3LU{*hi@MVnk2*{Y~`SpRtB6KUib!C3m^nu;*S6QOOCp6 zTa&WkYOAu!{O^)Grz}A*VT}@*&R|*}Du3E%E!e%DJ?-+Uq?sDG&iY%GY`XxZhAJH2 z*Al=d@MNz`AP1};hGP)g-8vCtEhPtrq7_rD9s;JFk=N=!E>SgLqE!;WqtT=2nA|0t zw!{Qt6%6-HLBT^HB#ivLbA12ErR{zHS`g0Kl2ih`^VASXr?524_>D3zLVz4d1~*zp z9f{RzsC(#K-h2x<57C6?UtaHge130>d>ni-(X~9s6i^FhYR!fJHC~a!6-^pF3Lxh# zXG4oAp_a^;?yMi6KHxK<$z9L~tI<>lr--eX+;f5ou1Wl-G6Z-8RC+*LY>1p-*k*{G z{?l9x3QsTJ-K?Ak7I5Hl;D|MR-(_b7)(T0OS68+NzZhdk!qaKHVc{9U%Ac#P-rla= z<9Y4EEfuUqEG6WIP%4c;Ew4Pt_UylV@h9?v3=YA9BZxo6jvY0Ql=KKSJ|ehiP|ES! z1jQ!LwIl2ZN}mpiIJTcd%3f1nZUW@EaWmOt4!d^)udm1A`+w2N zD8B?U#Q&m`eI2DJVqgIPKG6XH*#Gl&=45MWqi3jNXk*~;Uy#35suB*rw98%LoGr@dch~oG zjkklG+_#|Hp2_Z;1lJiak)F7U9_507Q>hbk(!F~rd{i~z!#`8Fs%nx4W7RX|!;S0p zd#x+wqm46;d##J*!;bB$373M6-VLaXfwt?+%mSq5;D@a@y^f7!BTh{WT4(gQ8U`{= zELx|O*qXZc7IBw1g&=0t2aO=+uOh*&j{ZpzaT8jZe_|LOl_UG!zZS+JVyEz5B`Fh%DgK-%{(*XhCE;WVL_OVyPbJm&0 zJR6~J(k26M(S^%$!kkm|0V8TQA6*vSi!o_2>fDhox9VJKAKn5A+xuL{8jIOrGo0zA zSH^1d7a@SlD9fQCdbLr@Zv+o+@J^q(DT9E~cUkJy#!1*$6^!Kzq~{-ji!V^|l4}a= zf%s;U*cCzcg@3zbW0)bvSCJgfAUam>7>Uzemw8W5HwSS9d~TPN z^rYYlA(@5!oO8Yt`cLNeWbkc_2Mie@4=(}pNH-B$$Cdd(UreGM2#TEN$%p`24ZqHy6xb&?oU-3+OwptBZOrPu+;NqH?Mnc%}BqpIYu&)nZBW zTz299>77bnY)$%Pw*lk9Z!Mneyy6g%ZD^YS_SF5p)zQll(&`j^u0&4$1w*{RT0p>R z%Uh8o37K8#mZG;=j8bapHv|omkz0mTT+iP*FUs?c0s_M>rZw37lNdls6UshchYWyf zNTR0!zu8YA|4PaAKoOG_2{J)eGpb~v2;k1ciH1^+tKk$#kp>evlNovSam34m)aPi2 zC#JOXdzf?Ok=;W^Va`y0>f3&T7mqrogT$Iq8Y8@&JH~Zyk)sN-5AHQ4AJj3AhK{Di z&-qL185u9*f%i(YpRF`lLD+P~0W=s*Ugg&fS8PdcWxf0J?63e;86T1hrbRO~qZyuZ zwDs(PM}sK!0v2_P$<*n8PA~`0=O1V@^}})rYDOD#I2F0u>e-=C`*kgau0a$|P|$;B zg^KrW=+p!~?}v}Q*NX>WWfQrEJvVU@PB{P-@c2890T8sy2H0;wWM&9gtqMJ!K=VzF z3zSRqSRiw5MYi%4s(+d!H`HwEOG2Pd3^>cD-dGLgzQw9g}o z@%s$k7uoNFyKSYb;uE|B?0GOr_$UEliXG>A8MZJerX6} z!i^W^?_Bx?@K8);WeUR{qt`B-ilDG6`dqf|esaQ4P+A2D$kH7)079G7Hr6 zZdTx+@iSVDW8n&3S! z$gDCUhbf=i{c}@pm&g-V^-Q(fIpNJ4H)AVq<2)9M_##YTbfl6^YPjOFzV`sdanfV>@~^M#j6od5Mo+B6TuakV4WYbL`~pG?K(dUs zpDb)lE&POytQFTVL{)vjo-9r-u@S{pYPrYf%o&sed#;01r}V-&^ulc(4!Iz{h1Wt_ zikh%EJMz31bTJ34_eY**>!T`i;GA~ZId~B%w;EkM!{~>Ux8KF<%%v9~S4!3O&7;HA z8bJbsu_QmQZQf?VY#o6Q?7qQ=xWJ~v>C2p?9vw|Ix)TOnaxYSm=E??bjFXU;Yc{t) zQ5~~s-W9ewEVC?&Fz;rlXiU31!8sL6jEbcnlpq(>kQ0@Y)FE`jn8YwGtmRhvCy|xr z^J_UDQlS_VX>cT)Ks(P--g{MMpuwThL9ZvNWZbv62J-|EFi_~gr3`JtSJ;`pW4k$a zW3c|GGdttz{d(s5`!YGh6?`64K&t+}?@J^`OMYc6HF3Ao`}pN7OC)FK`|`L;#)ilJ zXUjsx#^?F1Yr_R^`}gUkx+~!D%R*(x?L}RDZ$eEc1xrik%Y5Kk7xC4?XYFwEQm z3}2yYOEsXnvk@P}hZxWqM-I355Ag~*Y8e6Dp-iC~EcdIjyeDP3V+{po+Lso*Uo-z^ zqsY=W3yRI(oND0taZcvEm$?OUuRce!wl3?fm{rK&b|uO&lJ+FA(3@pb^e$Yy7^KR7 zL5&xdBbT|CfKn$)A0{FYuFYp|? zW(6uqm{f}!YW$mEOcp^TJ5OC;F;LKf(;)OTzH>l@R6>^kGN{?(U_xR0O%U0oIdqwo zT`hcwoEn=N9O}g^kB!4kc3ztptRoHw%5#!GvXgsecRpjvy~yU1!8?d+=W{{+uDzaz z`PJd=KSEnn3GMF9{h9gAf7(DRqNX}ECh@z(Edg#KDz%wRxAHlx3qG+dP^{F7JsCR^ zyR=tB&hy;mSw*M?kGIBfcquO#l!bYj6EE+#bFMghl-_O>jXHBF--J1IoXb?%6zzst zO)qDXY7%{zMr9Zt-!6ja@+=EIwfc39rc zJC&&Mx`xnf&x`cKMmdIm&^4%=LhB@8p6JpJkTkyim=CSW13(lbGY8>X=zcbCpIvq`!K>`|q6L;LrL9_tl z9opaDd?!8EzKd$h%G6Zb_?<6Uv8sx=o~^&^cVA}daCMpGe33V_C0ifYNYk#LmF~PO zpd?xjd;#fE3`oA+7uxL-Hr6Ge-p{Q3{CH>aqW{bE)x^>@kMt4ZIWiFENkftsGu)lE zZHqlL=0_80%}w!SyqkYio5UnbA>xa= zOSAA!)Zb6Ak=cwVew;oSfzM4CO({iiQ1oU};D^ZTw2eo^SXLN3mQ;+}8A|hn>(8|7 z=2u|1?J_bFcX2`BqKf+X;1THg)FhtNfXCnVAvfQ(S6G@yC!@nI+O_FU(Ql)~B4eDm z!RkuLHtr7~zo1T0DR(gycItIGEDIyEmtg>|)d%w=Jk>?t4!yQJJP!&cIvsElAxCo-TE)ySpRWA%QM@c4rm{bGjwKLEjp>SJL_^MNteUjh5agq!4PI6h z6zBMtO~Tw*^+wr*f0cX8#e;kA(S0B_N??4&qpO67F0--GX1o1sF2N(l1Ky@j^@gYW z=ax!tz^EvuBbF<#Q)dM-ZUMR^b>rXabJyu%JA;&kYfVsnJ3HrZNt(BLxc)GVTR&&uh`&cC5~OXR?rMvYh2z6JE# z#-q~d^3q390k#_9;^%EO^XB}>po;a`>*5Er7XXemOuKSsWagk3PUSbpIDXG4<$@4M;gR}%dC+tg(J&lTYRUaVN9t!Nr|D`onk?<@#~RGwc7L0k<{ipokwxWf5-Eq(r0 zHnKpxu~zY?N%I~oV}b{Uj=sfq0en|PSO8~cl2l3_0dK0#2;b-A!Daf*+Mpmp_j7Zj z`^N%0PiHo0uipp!`;rvH4@8-~A4Cr&E-qkBMHFH0(>IVP3;2Ez6VdM`ulu8adkda6 zKMoZOlxPkD+R!F46U*ojN~KZP8WLW1{b*e^Finpm>J@}&v53CgjkpOesL+_SEEYMN zN>JwORCW5bfPQX~Sdlnsfmn``9p>Qd$~x%w&UbstfU-mZZ8%}jeVlE=2^RA~R2~l+ z%C4S1j3OjJk*sX-JQYk6v~B-iIDb$RV{T4`pm(MmY%FU(8>40!Hq#6N-jf$6#Tlz= zHy4Ba$gbU`2-mR!1%W##2=I3Ah`72wCai(`%SO#r_S_yDt1V}R;5N`ZgA$kT$%ExT zctOSjH);Z*SOAq)vz@wp{F6D1N};QcBM$O@0DL@3an`v##f{GtxXTy2Gh=zF zY@#i{t`wJGQt=S8)OWYc`&~bj?>$NJBbyr>FEnvHSVpt^MdGmWVA$hZrn7)YRS$p$ zGqHB1Jf|_wgG-!0*&azNip^eX#pNovxgiiHGZhWwEZyR;h5LC_*>pxxo# zf#P%!ldlx+;bev7E7E(OVcEVid(>Sfxly;(`9W0c&%^nk9asG{>SQ1V{eW2?nUB&rcxP{B@Z%mR$n>cIUX8I zU2h^!l3%a91%h>rPFiZ*hIqRB-Jx(TvlebwT*R}Ec#n8(l=rEg72 z-?VncU(#zHO)e8pWlR+cTMb+q%Zj*lZiM=4PyO-9&DK}P@1@Yx8O)7{ zn^;a3GGLM-DztTFPHUQB1v`Kb)k;TQ3dK>Qxi66i2$Fdq>k5fTEo+Dmzpu+3PZCqaBB4TS7 z8(w1*lVes!5Bz2GVvwF5bO?WIi}Lc?~?MrtKyJ{+JqXxj=zg|KE-$R-Ry&q?aV(`8vlN$SC#7}P=@YzmD8@aG7^L+H43 zH}M8p=sgad%DfQ%a^hbs#KPMgmZVGH3VJwL`)|cSY+06>86g}iD7evgzU$o?KM3;H zC7AYdG!o3qhoG)sS?4X@T*9`*f_sM!e9j)nb;(@u3qW26ZCPbvzwX6(?Sd!f;cj1y zIxq}11I=h9UR20N7G@7>|G5{n-@~LrP6cWTcQWOZnD7u+MTRuYzx?Vff?k)d;)Q6v z@z*2Hy=>&+PK%Ian_ByjoH=u!14nW^0XeM1_n;2UPMwP$p|B&;6C7h?UqZsd;Yv^i zcK&jA$#^-qT8(J|BODKluR0JE52(sg!S~rI(e~lY^F(+chl;?ipY+E(IV?uA|ETVz5v8Uws*YTWV?u-oc99ZoNSvTd+GuN( z2W}*~9TFULw-!CkqU_(#H3`WQCAPd_F+ed!!74}jNF%ke#tBV{W86>ke zl7=_vXYAC(Ir^l9CKFVS+&9E#P#?tboEPFr60w&tZV9t5=Yz(7<6~E9-Z^IoDW z3bEQ1aNM7CGMn5V|I1-E&jYj78?j90Oz#FYZ{l9Nn4gy`G+5&Xe0RKbid?wK~UK;Z2p&GSiIuEK%qL_{XnC- zFFu-aMgdbj8j^{WVeaJ>nZ6ti&v|>KvGiZD3%$X2OcNjx3~>c$1GtA5@KJN~E_h(x zyiFp!7x}1O)pklzkeE`=0CWw(-NZGdc-hh%tjuSFSRNyl*(N3E?acuCC3c7q`@T&z z0PP@s@ID6_0EE7hF|<#qA&?$@aw^%H+>kiza8QG&6RcM((4U#4lk{r-3JQxIj9H`~ zn_z5E*BQ$Ef^0G3aZpD=iU3;h0|0wC`|D6({TH=f@!qpWo3 zGOay0ek|NPN}D$}bn@_VwtFsuGB&}UfNo-sh;{#BR7W6m^k(JeB)rHHF^V>qo2ALs z=E51(>3HH%v!Z?M*yh9g9HwsMV2 zuKcx^AT^n)jY^n9poOm4PMkYsYWo#wVW-uN9kZshc-GNZLH|m+Fk-XB^|WsKAW{f$ zJjeQ^UV58D?}dzX1T+SiA`^L3>X`tuI!(`3Ig;GmEPVs2_%sk3p5g??7uMWau-~IV zDTfooX)7@T0>X@H&ei!Ef}htbWa_hvZj&4qDbZyubousw>L8Np;?JiSbr+!6+FF@g5RRBi_kMQ>{+u08y$n>i5)! zm05GvYX&GV2>#=L`a38T_+Yt(N#i4Bmd(|FwN`gOayox!TAI11)y(7EWY!EFX<0`N zgw=xqsCu)Vj(&`VDPSfBmkJn|Z?@lV`W7F4pF{?iAfz@SX3)kA5$PWdhwS#T#$@ifPd2;2rXX{GR z=XeN+2PahlP0ZUw4~i>+eD*Rf*cu513xK!XD=wDwEL{%B@BWXw>`fV991Jx$3 z*k!jW7sQb81kPaWH9#jp4ZmzXK7{5WXUpQ`q(ws_m~}`QU>_Wjmi=<~oqFI7DU!yj z3ocL?WRV~Hq=VKWeSh-a-^9K3A^9tEhj(EeL$u)!i%G@V%fbREjf4JBk=Qye1oW9W z&DUFPiteSP?Kqw-PNmlE0JeTAqNA`;^T7`Geu#qG^VR-kbf>)p3*@uL#@(QcKOGc( zI8w=Y+y53kNpG5x8RWtuU7B=pg%cyJoaMN|z)=;HVIa;J8kf@W)}*LW_7MIaAyPE$ zi=@FZ+b$25$!O)}05i?5A+kDgx52*Sky5=Od=m)lW z)KG+x9vDvp(QfHn??=GQ7oBA|N%XP6tlIx%k&gVWFJdw-MXAWv{q&iJc z-f&>^lbqQ2W{P(g7ncT24?k9HRlpI8nFhA3XvFRA26|_QZ+B0V2ZC@G8+6XCwNGsi zlLlrjxC-k(Va+M64kxW^sSPfGPRxPjt8a~2wpmc|CH0iJ8tz5s@385-sv-3>0h&V7we2vPTKG}19cmm z)1fp+VB;BE*_|!RQkkTcwOeObwO{idzq%c1yroI=zVu1cs`lRo+>x3DTj|>MjWjlP zmqz2iOmcd;z5JZJ~prm6uz~J2CRES-<%!A5!{l6ReEe*p68(G zu4t*71d=jZPdgflS|bkM*+RYx6WOF{;Co^~%i-Ijo{7I@5kmPLa)lB*e4lP=>)Rx2 zKIz#oq5amPhRGB4Mp|eDqs3I5gX9uz(JHx?HRQJ!( zrFUl*TGk^+JDf=#Wo2r5qdJTF0sNo68W|O27KLBEuwDK}M+rmtK#_pZVH9`sp-2p;Txm37o+imx%bCGhHs2t} z{6~WzpTn$^U3Y- z4?&htjG6LLJgbc}P}NHAh+j=YW=_IxR-!iY89SW(h3u?>aB;i%yGOGZU8NiB;R$wV zwe8L4o^|5-FJ?L71*u3PtMGgyPdfZlf&v=So+=`kyW$!m`;?yc{>o6+1&WbmGd!`B zGm3swS{`vhA)JvMEwQ8YlSVOnn~0YNe-05hj$36tJ#sXaL0}BH-X>-g`5lEAxZPwd zV`>$+lwVAF>$97>@wQ+y<}i0ssQT+l;N7e+=rJTtQH&HL8@U*5-<5)U*w^S8 zk7OzC4`xMwki-OEJ1o^qP?i>;kPTqU&8=l5$X=HYJQpyOckP3jh3rFIQ_fCk-Kphh zx$^hJ>{V%d09aXy!f1)Bi!9L(vG3AVC!0j}+@%0yJvv2^?l6SRV{q=Nmccuzc22P0O6|T`1($)$o$`esH+FLh2O`p4w z$wc)Nhvm(=O(Tg!HY!a6YpLJ=qL!DB9W=GKeu@>>RRj^qHbT1DLiMxou$W|4Jr6+0 zd1Dyn9{k+fbg;BvK443^Tl{qKxE%lK8Ms>&{YgogRVPl?qT0E3tmtfD~h5d<{`M#K+%0@D!u@u3$jSzw9wz7&@4UJw) zm8`JdZMTm|AhP(8(F6?JUwOEgGLPsWat@0$d&ueu;k;dj zV%OjFn4izi{)-fnu(Jk*$vC?(Zx!pr7SvT4NLuRRV#&<;Xv}hv3@A`)er-Kq^UJ8_ z`aGA>rdk5z@$S7qxv%d~lWH^BB@#r&mWi)IJS;g;AkG_{3#K}=8)~LmCb5-eV?%KF zaUY6RMv+;VkSA!aXsKojb685Z`&Tp3wzxzPr-;fV=n=n{KGP!;g`K0Ngyc~>gk~Ax zctcl!W-g=$-mv>GqD_7y;C7lr%p1`@O?L2E1*c6Gk*9^!&^oDQXd5p{3gW4@tz9f@ zW9+Z#skRKzQ@N(;_h1Kq7$r*oQ`Z}fz~I28Ris8XaI$sFN8VfrZy=G+WUb|R)@O*EnCA}5lPs>EsbaNA| z4g+q@cwkP#snold4=(N-FT+IksqusGG#$0Tv2wJA=%QCTce<|Z+JNojDOku{HqvS~ zb-Q}Y_&@XaN^auXJRktTC=dVu%YV+_I=@EqW{x^K|3w?jN^Zh_fgUC4kj)vX1d@gj zgk{S(u5f@dLV6Dx!x)3*T%fc~oRU%lOF|mE8!XvV(uYq&`4eaWh#j7RUbLX1;K1X0 zu8GI7!wO~C!1>Nj8sRxm=nmr zi|Ob5h^Cme*9BOilVqhbxN16AuQ;Xde&3rT_|z~N!Loqa0b}1)@K`@bb)rlF3r_Mn z8F+aExa1i24t3Lk^z7n&)9kPs{>FMJOO@^3CAPHc$p`pUj(r!f0eVrT)7BQ~jgg#B zUe-AIl%Jor>dv;710s%@MTYXqtK84c-{(8!H|NL+Z30siuHizMm;j!a9jnb>Z=MoA zP91TQVVWFzpuGrAz=RJC!o|b=r2$Q-?3rli2CqC!=q~Y* zRVFTZ_cV*r#MbhRh6jXEyZxVi;P)j_hRpcLMmubiL)QO^0G?p?H{*X1!0ImoVEWGy zWN+iB=Vax83c`Ro~5wF{ybX|y05G{A#*4dQ0e|m{<<|6 zvPr_%#APZe)k!c)Sxcv%ml~d*i7$GpMzw2@cxfhM^8smN$9mcUqsjCQtI6lpW~R*U zTZP+4+&#owMy7}5D^Ea;CkQZECMj_du6Ud=q(oJ;kttQ3LdgNfy7XqW#j$z`SVMxV zS(gHum zRI8#FD%p`rQ24{81BF9d(1npFgu<0~cCp-W$H_o#v7RSX00Hi}Scu(v9oxm~=01yy zyYk2xqV48U6B!83iz}{i%tt4nLl$daAN$p~rm(o8jZL@^IpQHCI>YX6N@UB&siNA} zUX4}<>Ls+?pc>sO6vLfrBIRlrvRrfJxD?USR#%0YI*s6}_-G}JA|8fwE#(kDZ?b<2 zUt=`KiYqmLx(cf=f>zQ*!R}pk>>t^V{mLbRc%Wu>Q|#tTl?pZ9EwG*YtU7nc(@Qw| z$a$@Id9*m=+pQ5vZ3bVASX(Z6Mh0mD3C9W}vk~%TymHt+L92pp6UB`pQRi&LHUOyX z9W52JI_<$BbzZ9c>+W3(gaFZH>mBw_Vl=sSZKx$W#cZ-8cNfjACp*aXp*Zcx2Gt=s zB$Yptu*Bmnv+OIa7yTMqX`(+m_da!Q3#-}v^aLIVYu#k%s7H^1-vWLEFee5eiM!DDXyad^49~!FaOaBG+E;;Nf`gmL21ciLE<&tfb3mDT zxG}?_dwzX_bxK|jM)(@fH7)by)j4wP0Rj96jqgiIP0X1AC_yd42uA#w6m!V;lJ^KGaGvn=ZmPa` zfp@lhsgw-4f*k&{-Ui^d{ZexplKWs+1l!?g3zc3P3;mT*ArY;YHotr5Lu*=Hke~Fa z>?w$rz!So+2iMZvn_1&Ku}O})o-I!t+$A_SLiuagg|^rlJ=gfKl*ZYajQLg9e`v+u z`?bRQWMi#sDnSf3Q^y z*N$13TLTb;;G$LcUb{(q8>v8y2UJDntk!v5VyM~d5>)aZ3%o6=Y5>3``IJTs2p5vG z1AN~`QFzsIu>-9GuLj#SCrEH~|GCtTx3O@4c;eH{2C{?nYZVDW*bjv}h4a9SO#U7C zx9T))TtTK(vZDl`mQZDCcc_j;+SnE;u>}cOS`zaz&vRJmXNmLrx zBsjpYBKe&~*ee_uvoI~!(|xhmV1Wx(ON4sE6W0`h^q`Aj1hz1(YEx_{1>MXlicQ|r zo8JXOUBftIri~G(Ey`*gY`#qHa4qN`N~WX;bpB97GWnoU(dI*5namdBoQpPtPp5qQ zrXsNRTX&k2qUU!?cyo-S1x)5XuMvAI~|msyMQsWAY2idmf;la^vN1#|#Gl zB2TMa?2kRsBEZs2)H1~*rI_LwETR!?DvTQYk-jR0ty0MvU za4=dU^4IFh<$R?AXL);=P4ETblcYJLSd6B)Z7hA+=YQt^CGl*eFj4>jSf&3f1o8hc zcGTnvYm2kuw%YyG(KWPZ3&8J7KyfaF1Qhcpnu%tNfkrM_NIs8yA zw#CJ>V!YtvnSpk6Bd6uY>tp++`{$+0%gJ+7dH2S};UxJ-L`v>Eg5lAm z_h#Vsp=Sssi0aoQO$EEMj00=HqAHISb|lxLOOJ(7I=DJ2cxjSDt(^tC-C!H`7d#r6iNW-;5cKsU*v+eVPT1#UvB6y&1b< zN^qL69WUU5-6Xo&A!=ZXXd1B{&j!beXP1j_l()<+g6%M zhJ!5QVcPRS?_|#v26{?inxZ}1G%>v-Yr#>=mxp_wOJF5oHimH;vo(7kd|NJa=meE# z3ckDGHejP%A-DsR2im2r{^}%919nrtY4pOI;G8Necl#dg^N+IHAmuGzYf~=CHANGK~r;}Nsl+S%#=B{ zblQpG%kKPbTVPs;l9i=$php8*DA;C9TPL0(z^1tutaSsGY7I~pjoO@I2c;)E<<2Qz zPR8mK`GtzgR=A2)`&_Fh%-5}6q+E11v5SGrxpjaFmeb4=(MLUcC?{RZxi*5-Z&L*o z9h%aL`mUfZS4k~Mk4W(}pnKW0N>^unY2DbV>RN9kT3e#dd&~+LtRi%ErJ_IJgn4-+ z>MfNhM}j@xs;;`e0K`&oYu0%!8S9i2Y;&(^c&WO1+&Gbjo4(_mrK7NOV*9(SWs$~U z;u4D=Y@*d!bWO2^K`Y@Rqa0x?QuP|>$D40WpLMz~X>AEGoTFeADSNFxx2SEZxn8Rx zV+$m8ze20QVv0h;dF2?5@9l{8;(Rl`h~U|so>NyMs(duFC^hPgc=r)R=iRdK|3o=PiN^?bb} z^8Fs_8Slbrgr}gNoDa<^%Ef_;$ODkZ`oWHJ&Q*K)G#WV&haUr+TFP+*aRH)+v)Rb) ztk4`wR_TIwfGEPoVA^H2`f9@mjq^4psPtB{m^ONF&*H`GSZ3?3_~8-cG48 zeMqTB4c7ePh`?*0>dD=zOVx@=z2$Si$~|DE-2Ve2#T+RUFXw~SRveY~%l^(BVCqxZ zZegH!DM^{kH#>``17V=>nU?GB8l_9xVF-0-`5d6L{bC~epSWq~TbO_egg4$ad!lUi-*)_Xtlj%DIg|gRIvC|6J{QY4uyt z-&n+}f83#q$@piXoUx?Vobo}~Y1KLv&0FLb0x6mp;m}AUPx&yTJuJB#(C`-_OWSE$dtx37aMcV_qzAn@7)CrVLrSi528_GWjrWutnnkR_@KC*M8O0rf3UF z8dUU33u!}^uWIIi-Yi@#i)O97gVa|D6M8hI;8tmHE^f&yl5Fd12ymv_unj;O5#tAC!^MN_-O< zSh2Cx-jHIVC@FsPN-V3V#um^NAFFlhE;8VVc#7Dg8`+t@v2b+G^aEGv1(8~CFB5@ic z4qIA588c^IV9)4oaT6^h#AV4Lp*H4)nw@u{`1#t~L4l;V1B;WR`LQ{y$FqT0^-u19 zVn0l|Y0no>cUIQV1M(xQxsJtwKIOuxulhr(4^iD|a-?=+@>74ZITMK-%%(v;n%8q- zr(#zs)e}_+ENGMoITy`a-bn-3I3$fnNjDMZgi=9#xCL4@30J`W8^yh2O4b@45V^gb z)D@ZE4u$XEQxt!FoC)P;x(~?RiUtKZ`@c%uK{T}Q%66&hh zhhqAeQ2ko<_YisHJ#LJ3#Go5g+vT6OO8y)N(>*eQss}7_q%#qz`|r|a?_ZlYEkMxv zR+|MFlY?DY&)GN$P0@h$J4ujS;mMEwk%KtcYcpX}9b9GQEoIplQm}Tb(&X~F-ZVJD z9qSdzOXnH@#T}+H}ufjvwV?UDx;LiW*id+fb@uA@I zhP*}aov&i%*u1(K%ea%>M&k``w8K5|Q57$PM8*{%1p<_d6Zt2S6itA(SLy(IETq*g z&v4jD;C_UPRP7o@46;p%q^~dB$f8vfFPZOZ4)P<}X9(gXtD2`_)?_FDrF99<9@r~# zuj5LrMC5UCgNY&mR634H?q2<#7U_i?UnRP$#j@YYl#dL&Hojmv!JPf&Jxjzg9%9V?%FdTAZ!H0Q65G zj$s%*_22wjlHBe(^@=%w;GwpdVQm3h+8#x4pNPN%j4&g(ms~^0Gv)mcgwVaUoW}}Q zg_dyR_Z!MEbp{%m5c4xzaS#tmc-fpVeb%%}leERwQRzEFK*qjDa%?O%T53-&dfoQP zsL9}_s{X+8eYt6_qzVo7SlCP2bK^z*!&l1yXXEjUaF>57{&i9sp8gcCbfZ?0H-~S0 zTUyU%&%yg;_(Lx;wnhs`I>8nF!-vV+OB*`nRGbQ$@NkxrH$a$5q`5BOZFSJM0hocn zaB1ujU0FlVsx}J9KakTQ&d0SN-VKZP$tJbm#T4Hlx;WcG-@5pxS|XH~9Qa!d?O>0D z(6p07)pd6OX#yk8sP^Wx@?Hh^y8h^`wE3%RE@^z4{Hyh^p}}+&x666mfS9YBIdp9N~e-M3U zfL1^zb#u4tdwUpn2t!z6&d@`Y+57s-I!_TS4s}}it^)k>i=y0$+wmb~PSBM*tm>PW zgTXFX;?o>{)IVGISgOdg*U6ErsF2Y+c5at_FH}XzrZpM$Yh7T^(uXbvNsp$ z)xq$Ep7iBTQadrIv_s1vt1f@tz|Vt8qn(;?adC@jP!5BC^ddLxU=>lwW3piAVPbhS z)yS{g;HY&2d+xnX@$X_@K{WtjeWO(~Enrkf35Rl6*vFy?v2RRxst_YBSrS9~=skznSbj$Z*l6fqurDrqh zA6a$RTA!$fAnP=j1+S=+)4BUApq?H&c}xlhPy|PY0|cob`nzk`M1KjCn`Qv9baV)i zfpgyosPk3>R<>J)OhB~pc2)`j_lOVwKKxPrE0A(-AV#qTH?2M;?wmPzC`*eBiDtcbgej4$8S8j{PT9%n$ewPGSiE#!_No%4 ze+|{V$gU+zv}zs%n8k-4o53j_q~bo@jntv}oqgCt`orx|T?(CeUmZ2HDOt0h2LEpiby7fMVZXlQ2qxp=RJ**>GB*n7&jTw;kl zE$aFWs=yi;Sj>ExD*;dYcJsYQ&$zR@tXuyoygDs6=vXxy5kRIyDckNaT9SuFG#Zt$ ztQ#zUY)3S)62AK^AbY}(A-0LuT9aaPTm{9xyhVUPnI#3S*fMYaX24!5#g=QSpnlCf z!pttzC1(Fqe~}<@E^_4iB=;8_Q0@$6f@RpK3FAoXmxD_z6}{Xy)h}8Cl5{uYpLSR& zboEEtBZwp+ffExVodgkuk{gOgfX|U$M2E!EC)@|cnjDQK&fkv^JvRyxh);()=K1_! z++t8-&~uznHX77!8LoO+TTtF+sPZ?G+u$aYILv`3;v00MGaOrT0hq#Q3~ZQ&weH6Z zNJh()%06Ndz8`UgBYLw7Wxx(0x8fNqAvbjMl~EYIC&=-8V9PlQA=hOefmi6ghu{?l zoB;P7iH5wK@U@>FIk}{_&^&+*V%l(oO@X*Bl@-ola zYVitQ_eomcu=}VH_=x%cC_AU_(4sEe#MScXOXD$P1cw3(NlMYx@ZKs;K#4}=V{~5B2(8R zQU~W6?Jfxy2;){9)f>qw>DyL zQhC63O+7OE_B}hmO?#q>EwN;8c-w=a>n+zku(b4ht?G;0=Z_-u5tzRS@Bc7-o$$K& z+`TYHfA%>eArFhW6__Xn&fHS^dv3f9PuJB7ChZY8#3O|mqGZ{v zx^k)uA5Y3LcY>IUBX4{*jtyDnIYLmX$}$h6iMo6_#@>wb4DAu#707Bv6o2YxL&t;D;?O6Ex00-03kvPk zgD}0luy7F176W7sE_9wno~4SQIBuhUB98!@o#mDUMsUKd~kB z`~J2bC*2xHgr@mT%CTxTTMqWBU$X?Z{yuA-ZNq8Dig9YTxD_M+v1gF^>_%KBpGfRo zjuetM7%Ha!?D#^A32+NP2boUe281x(3!iNDBM9st9ZEvJyZB4!$vJ!A$6PQQF1qjZT$tIk zZ84I1baBDxpRY+LfRc}^0le3Q!3)h9u4+h1-p{8nnJ+NB9)3VsFMMe2qXJUcNL^Ne zWvncQh|&s!ed028`k(?R3H#lK`ztt9@$l^8SGDnX)~03YoH+B4_S=77g|rFiszD-6PN% zu0#=QUTNOW@z%u<@iVx4=b$yyE8ch(0PZK@d-Q)EgN%eoS}RA|mIV;VKwbd&2iX~E zH!ejO5#wG*2e)uV2+Xs53je&7ymLvWoR7uquZ;==V5)934JoHGlEt9_*%0f_4A%Vo zy+4?sEQ|{XZdRHPPkk}AWvsUQy!1-?JH{*_UuBjD@2CPrxksCh2>oN%A&&`DzqI68 z9YfHkZ>v14X$@@ft)Le&H2-~%0zC4)_t&ztW%XpA{x62&nzUig;ThWt(!tG>m8lja z{+YsrKP+zqnUtzAU_#OOqa4CMd49a4(jEN5iXYR}AYK1nCbdLO;nFUJCODkg%h|XW zv2MFIW1u_TRdR~g$r}%(M1jLyG@|p@r2Xqx&Tb|aLmEE$6GF013orAU6XIvEQj?uyX4SCT(&M>Wk98sqrHjKH!zLmOu0`w@d=vV34 z6fEqi+wSd+QoCS)wDc0}pLqibey^1J`F4&XlJRmt8uUJd`RfT3Qa$}+TuoVOe= z4fRnvk65lz5c8ABZeCK@a$T&JVqztN)2baO2dQ6|Eg8-*tDTy-l0ah@MP_^tW_HiH zyUje>A(F%d;MmYuqe)!y&cH5cZvSxs*bf&!`Jg*NdNH53RJs5rYx!;t^7aF*>WVym zIdK!Dklu?O&6rRk&EuD-x4gqFzV7u69Tb@%Gyk}dI#9dCk0fO>S%A_us&G0+pJ>EubJnB50z{%843==b*4o1?_&xgW-VLXZl| z)kvczAC<}QEdWS3+m68)`T$x{$74vIDS_;%$*c9F#u&JU?qyq$t9S|9{lX&SfWE_q z(K-g4VUO(bW;i@lRh|$Um$;$fA5D3aNu`R%^Fg8RtRxL-6}`cAa2le<$u1+OJ{5^* zC5FUx?m8)CVl-{|1-)3$DvCAKsvRbqU?y7_Z<(ravS`R#O-^+&-=*BZx{5DlLQ7mg z+ll+a+(3%PXBkn~>)m5w4>|&^9=LP!oKG2acN3dR2-pszA1v}JgZ8CvBkV7S%~EP~ z+r6(i-*Z05PVh)+^AEK}$J?V4oQnAqEZR}}$j{(tUzGQU^m6M?qe`hV$P=@;NpqCv zO=c0bWiI$NSY&2m6YcS_wB^2j;v%FXrI9V=^!eByC-#JEzgl(dK|x>vd&VTOjfgFg)C7w{paw{fx+ zj~GA)yDv$`CRsDG{MFT-+hJP~t{7669drntvUmgv1G=eiBrx!W*ZZVHO|Rw8P}m1{ zBO`?*BDM}Y<&VgWSV5A>I5e^}Br(v7g@1Ap4vNRa;Q%o|@}}MX8Yo(e3?FS&`oG&NzCxw=Po9BNPgaSry^l&(m z-J~pUnq3(F$b4zDls@+9G24Dge< zVyJ48i@yzUeWv-4KWtEx^66fH1l~0;mX5Ps*=_9;y<| zn6*P(q{Ukgim^;tQDyO{Cuz3bidJxcRFzJ6%SM{2=`E6v_No@v6rD8TzUqjDkXLHG zz{sR-N=5#dV$crzbonue=5Ct+FOVLP>RW;@i?Yt(EU{W|e(+Sz)|hfDb)}PrxERZa zXq9EZtFuuj$#&mwHeWl{>Rj}wJllDaTFlaqR($M=RJFHC8SQJaTTbjxAVP7$t~38J z1F^{-OObGDW0RPF5#+>eVsj;Wu1X}ZL8|zSU0oe8#mFw~7+n2!vv&uq*9ohqNnN3* z)9J>?!ydSc+t;N$3XRq$!jo*vpTd$X4o7MiOCXs5`~Z8(a6S&hx0orXBA(W3qL5)x zg=-5(i_(LQ(#7?oY?QeGSXx6?7sq9Up|&R*CZX^Ul@{{lI0pD}1{BJ{_#VXc)A5jg zWB4_M7lwO&y1#pXQDn^`mk2wp@2P^Dh`njO8h{~f4hJ88z(5ZxsUT@P3du*ilI~&g zPO$zBx)aterk?l`ZQ9CgSy>8l?__Np??$>IZ&MIY1tihOO>l17E9KTx+hnuv9{7OjoZK+U1zK&i#KqkYh0@z@XXAj&+E!B z(m5n>0ETZ`0$u1c@x&%eA}g`5+@%Q z97>!Vm%?dW+GW$(Gv1YcOX6h38F}-I9A{)zbxM-c&<9mng0d8tu51wH`v!NOG$7SE zA1GUqj+6Xe6@vO&$@MTfJD-0*kAU7Bc2C0htK~2GQEGUb$TqZt_qx-5y9>Qk^RYM@ zhU^|+;rwj8zT#K@I^+tR-)ii1qpRRs zP|7DGP2DIGgqHr?F-U@^cFR$iudWquo$re~Rdt1tlm)8M618?(lsrmRgjWOwK1~`D_|2!$TV=8ae-Pu2LY6iDIvO!A*=kE5SZqoh*Mwv6U~p-hH-E zII;7s=bs`dM0^*3TN(V-my{9;VSwJyW`XzpVhB?1(8vdyCS>VWN$sU(lLM|aO@Ecx zVe?YQ{^e#)ikIZrD6rs_1lwj*ct__k0cWM!*`S2N&>8v#L3wkoPs&AO-AfGDUg2D5 zK1E>dZ@qsm3Gbq~0e!y^xIRg(69WR`=KZX0+=Bsc-b7e*a4F?KA>I2iM(j&+(PuFQ zAv^m?I>Co7zvtXNcHPxB=6PbT8}_$Ygo6n|0mgrWL^o0bQcSiK_6r~r>pCuzAkb{s z7y+=N$>D@N+FO8lLYO==hzh0&Jl+RDVuR8<$sCLxF<~HlWFkcr$$DwSbl`|lW{Fd`$!>E@J=-kw9~Tr8$%-M`Wt|_jCH7 z(byA&n*NG{z7WAv_RN;~QsQD}=rID>rg$4*SxH*H|sim~+pG&gMc3xoj3YAl?wACnDX?=|iMi zYE74N6q~J4TFi51$%hILCc8urh{`ZLGD+uH;y)hoKg8VOIcA19r8|NAa<@xgi+)i&vlK5|anw`@y7m4`^ME^hlx zu3}`NcP&P2(<*J^-!XLd_?ewv$rEQJT?+Z_$ksdDL?1ojpZ>N0lWyL(H=<_P37@D#`LqL0VWEXGWKNect*Z|r3VKgLeqwUi<5U(q7PfBqU^*U z0B}X`V~UDHpGh_Ji#8=T5|D^EM4Mz1c_TRc{NnYjI>HvO3pc7R5;z>2G8k{=f)!aj zGK@-_UUi#mj^O2d6gl)>iyYf;8(3^{`{AX7mWtj`xH6${90a7yecM zC{y69T+<7896G@}B6$pZj6xvf068IX#2oezWa&wmlEBF!HZEd}oWkyxWBcGZFV!u8!c2bM<{97fMoRQqBGjR~ca4N6EB*;2#mAc()8xEwNlE@<2ZC5o;;38=5wIb4j62F`iwY)n%7FpD&4x?K zVH-W8)KzvS1o?{Qu7+IXYod*^u2);QNe6}+t<4$9-cG!wz`%`KzQjF!sz>Ss7se;9kvhh z3uI3Vnc2q%3(s${u+-4(dEYKadmd@W5JtDysJ-OO58%vHwdL!x%Wkx$v}H*Iilt0- zDg}p%eaV>OEvPz6pYBVyf=wyT5wO~%o*MY|tACa4O+D>A;USl;!1Q}mu>uiBqs&M` z6ncH*MwAb2f%`)v-Z<8WX1AY+giGW)1wNaW6+E;3PI55IXontbX|LDvH>-}zH?ZxO z8Mf>{T%9XJ_%pr#{+pT$owgDFwzX~`|DSxi|JCSWZDIHyK>Eq*(@q;Bs5?3UAP@@7 zSL+D}>$C~wR!sHAY**4*m}(1)^#@ZVmSmEfN!8%NZ3LiDAiJRES{V0=?Zod17G7u7 z$uT`o_-DcsMm#y9zor?A?jXFzSwCOa1# zk8Z4(0H|bO7B=YWb1?Sc)biLpi|eW_7bO2*w(O~k(x1p|IBrqh9l7kb17U}z=V9Fz zWHC!#n*|OF`>OsII7w$jaZ%65IM{JSkcAR)jKg#SsD?i1 zpiQ>}66k&M&Uy;}veC_cdfO%*9Rg6Nh7w<=`@8zdqC6FxmGteWcXac*kGW`itEe(gvSFmd{ZjFj56>TM&OursXEMc zI~C$==%po$F_umieIq}%UZ1czC|zRfX^lrIK~$b`VVY@ z?P;eH?uQ(co)aeEm4>+bZc=QX^U^8O1L81+La`1SRJ~HLig4a@s9-&>vp=OuvyeH#0RZj z<_bhcX#$H%)(+f33wjCm#nHE^$g+-h^V9D2$@TFvdO1IIqL~3>hK&nq*e;AOnY_Hm zIt_s^-qJ=%2~3$vW@@p?0VA8tr>lXyD}}I6e7jV!76xmjw_5q4h40>ULsPR+c#(4i zKGE|d0utI^_~qhC<06x$QBN$e95`G{Ka(9paf7!+#pGO&Sf8fKKnHN49$*Jk9=i;WzAJKyFt>eg@5yil@JdGj0nEUu90;&Q(V6ty{q;qE6b{-yyOjZ$(L63Y{`szNiJEIAsd78Z{~$eAzS zZ*iCirrh5S9N!rwQGjWjH%q%9;wbQEV)SlVG({T^W z6F(=;-h9M;$QNfKxeicrFS$HewzIA*nHD+N)(R!pKO3)iqpAWPt>+!0T2{(k<0w5^Nt}>Y zsG~aDILY3b>m?8TS@0|1vn*g;+_MT374?-H1zQ&SH=b66E$b)WggIGwUgxQP@{Z^uJNkHw z(u1vJYahr$je(5ncX-&2#?i$%LOap-Hmrhc1FDJ>2khAg*9834ck0jKc#+Q15Q^r= z-1NdCIl_sd<)SnW2f#*F%u@nd=44n8?xcy~R_ybVS-V+Xd$aZNn3?+H@pP_Yt1Gcm zQ=~S}nh6Xu3PF&PXHnyLn0Bc;^u{pQ2gd?cNLd8jsLYLFwGU{lz#3Ag8r4Lcu@4~} zz!0<^67a|3SL2qUey|H^DT|N9VpXm|I$_|V7zL-2*p|Mtx(=HF0yHjoI^cN)^*Unp zJ>Qj@i@qAR2M5C*FIl;3sW#s=7n8{24XCxk>d$IZ&UYtVbnamBhA7A2Af@yw0Z}T6 z3;mWZBLy9;W&)4As}dBEN>Yc2r9p#gbILS-DI$^)tR+Qm&B%u9%-OGWM~G)2_MLb( z^m4ab45}7KeHMlAj*8ksEzWb9Jmc(&>FM7%fq&n6;sa>n$h7y-SV42fjNS090OcE^ zzlBPKwhx8p3ueRta!;=V{;h+9+8~Ete3i0wsLiBIQ)^K@qdDZF4T?HM_7KY5byX^+;-ygwSxL1`&MFF3tx#LXDmt@h#nBo|FmI8cVQk-= zSv)dl{bU&FRaf5rb^+qrFKyh%>2&a~sLY7cK3wGfC1zzJ52#G^B=XylE-9G_Sv^Cm zs>)&=Dq}&y<)>D1(+~Dgi*aR0aJj_HyyqPZj&-jC-u?i5LA*wET4~-3;4y2vs7wZj18t_^*QdCGZqgGsnd)pe0 zsUQ2<`Q)~y@yyPKF9xIH8%^X;ZW@nbTlf_6k7@{yVgV&LexRCDJ76{_k81Hf%1!4S zCo@yDYL*H}T~5DU5C3>hxK4C?I2a5hZXZ_OoLU=d#pidVjQGetyFvWEaWxXsl;hK; zl1ereDI=mBn#)_7B9`Z=IE$N0<|dRGQC2cdskFuwH_bIsBYWBYv` zL0?TX5~~f1#cigJm907$w>XtK7BkAHR;nd)iHZAciaI0~O-D@~DGAgIW6>mU_ z?x&5a50Ve6k&}_-Is2h*q>{z96V}a`$Gw~v_J2sEUZGk3WX3jMM&PbcM`YMZ*&Ib8 zWg7lYmsz-mOt;x)p=*e*Io=|MVr!QlNSRN^&x;cjb_TZ~nb_3VQXh^c;kZVl`KsaB z`mud463^sbFg>N|(|BeNz2(X?b%~cKht!Rr&mi8D*6}p`FVs}^f7UEqO?4`>jO6MY zFE>9Nk0?wx<0R!?a_+kIJF%TPWqP%*nlx=QlULNY;BoAHwiyHJnlqG2#myIXpvc|w=k)nGZj(Xq5rHvo6K zm&;p$#Z7c;YaLRd7}19{^=ZkTqmU7doZW(=WjETd9Pocv;19(>e(3RZ@dCiB<2;zB zMODJ-v@qLMwaLc1{ssR?ctP=@uDhLC&0YSvUThs*xvo^(dRlv!4L)Q{p5*jASZ_IL znT0CzVk^B_OCCA8u}yF>voQ=Y;Nbru8vjI?*9eCqRtm-PMr!!kaq0zf%8?-BLXtM} z2j*tQsiTZ_4s&2Rd$fQ^!;#Dc%Y`ip;g%QFmoAx-@S#Woqf~k^(S_TiXS%v@poOWe z6?RNFlIw%OZP|J}f4Sc2)te_OJ`lsQi8^!3eCq2&7A{#a{g%yc8?IW))ZMW0Fj9)S zA4AmKaZjnj{J!;{$>)+4v1RlCFy<{>a^6mrt)D?2Aklm z;!r-Q#i7jCRI(HFhBk(oZ)kNbH*)*DkJ;F4y0F=3ZeKZ~kGJ%xK3n6uzQ&vk$@R?i z&{26>>AWr|hWNKTlD-RES%A)Wt(gZI~_ zT#RU9S$QFXE$}T;qB|HGH*ksNSbcULfJtBlUSu$dS*)NmN*X8A%90Nm|6rWYs|B%y z(CRAnb^<#sgk#PNa|Ssjld_ZGqwo>vpbg+2v{6;tyx@1x1o)<}HRYPoEJf}!ZPyvq zpyWwK+yCd;*m%qezsvzVZaNAo7{*RJ>j1}G+1gRZiyh`Ra&23~wfVrc(RD6>6al9! zv%W!xQ>7tmC_A7p6%&My;~bDW!YM%pvQ_20zWq?w^kcMskVs<`FzA~9b4;ivBAO^GP~_tOkH{x<5DHrx_1n2&!zJ|2mgK@B*rP%SOuyA&(z_X!2r?h)U`nb2q}c zRd;EeDDEPGYlX4(tT3yKl3ndae~4RNY)&w<&WKDfUPt!{@|KBF3a+ztZSyfh63T_{ z#sNL1=^yQr4Jmuc%`4N}tnS@Z$@6Z^8`?6+&_`E;pCw7H_Ejrt4woDt<0b%bu zD^N=n*iRdHvou_Stjk(>NYH4TTX6b;Htg$V(?LOXfDnMlO`kII$wilHo^nP&MFgY{ z+VILu$_YI%u7piVACUO2?l#P zzhuB?4Oqy-32fOcd*v*gA+=Msg#pn_V!T~tV;F{lWAo&_PW{E{g$6XYgdFZ9dx{5e zBxge*ktAnPCbP--6sgF+oP>oP>fNRXOGk)#;$2qEPmyS@0bS!E$$)I8VSird?Q@dzPF#YVnWgCMK7Eo4tyPvzX{<9&|m2Ps2mxz@9k4y9a(m1LHTVI5Ehqz5Rf zYPHH1F9lUoHntD`VV;Kx$_W{3a{fJ(+psn`i2f`LLy-_Qw+fmO1@${K@kPjqd^A$r zNi&H#Rsezf+yQ1JDoz;t=>XzAfz(+YY4vYzRelo+(~wX3aRX|w#J>{-pX8%riP$wa z{+BUx5poZ-7M~)Q&~Cwc1#k|c@PnMg#wuse`?5JiIph;1f$pUc`Q?YGQYyxvZF-5! z8i~+9CRp7@Lb4utg$le3qHl+K;c{4GR3M-@{(!%nwURkVIu8KA2jjimptbRe!4U6# z?3u9;D8N!^U9D;vSUXSfk3k|2MZCdTM9a^1o?&Lcu;G|AS=5P3eB1J9z6hti!N z&mwrRd`QB0;Ud{$o)|!jG#3<32s`q+m6IYYAkMUzJd6qmxz@j@<^=~D20uKY zWDxHeM*MQ1f!}5qBMc*;*;vp+9TZ{`m}|pXFOnIt{=Wn}I^b`oV6;%(pnMaf!*Iud zhARTD0cgwY=1=o54)}iQ0Gf)34xe%0)2wCDlm%S!d$!093Of!#J-l=2&$;#u@Ign)=50;2i1jE!O(1$`G8_^2Rg3H{by;t(EFw!P zC>#cI7d{?`;BYQa0z2xYh+blEF1idIGOEY#oA(g#=x+;iB*6&ceDo3(o66qY+ONiA zf#=oZ{d~c&c9Ib?gI(v42?@Z(Z=f7j(7-N~$zoADV3x#HBBeuQX#*?m8|~V&D~OU4 zyMq9U!?K8kwW;=ENMZl8-u<#A8yAJ&WT~(_K6zFr5hLeX<=GY zYe4mp6HY*JN&&;#%kGr1@Gamey6-Pz-p`2e3X9ikyqLa{(I)`Zo=%u-B(>-^<$ zNQs(!g_~qIqy;j^<%4{`Lo{VW6UQ@n6}&0jnX@(r-(!OlFK2V+=|YABrcLvzTj<#n;&lRqb&vdC9h(Dm7-0o&BC2EF0f!tx$p)i~ z`5dVAL-$+e{B$OkdB!3Z*(!t~_B^7D0d!EabPqw1+Z9kC!ar)LleK@az`Aj{XzhqI zx=MjYZgAxs*fUI8=;_8WG;VLk&2G|D^*l`8&L@)D3ZnEtx#(}b8i@->J?d>Uq=ziC zrqxL9DT^y0LaI-%Vh&uq5^XS^TSC{z>A>9r@ianL|2P+2g2Y=t{q>SNd~zIEAf(*! zxEOd!uB58vHlvF%rVIQ8+9=+Fykz;e{VXt4eYGx>o90vVId!m{+4CC+WTd#Zu?aHS z%LRQM0u&jxn6oVxHjJb6qNPe*BnPIqt_JRlG0p_@pZt(UgN!_kxlPSekbj5N6{P+6PjrzR(?+tNBcX)->r%fT=DbP9H{p48g{EO7v@~-<-xdYP zS@PN${z-a~(JLC5<)v?=%<~N=FxI@~f9Qa2I<+&T3Gu;R;4uS6S8+Pw~nEfx*b4TBk4_Q4(J1u|NbROONA#aWhT!Vol9dF1NZ@1U6iEMp`QaZxflKc= z2AzuDJIwz_s75FR?1eTq(?qa{60MF~J@x4$P0`?hkD;mpafAt; z_Y}6v-d6?D$YOD5NXVZIbveO5PLyXfZ;Iv*xBJ15SvHn176MWtfO$i4=y1H#m;I$p z)N74mR%FaC#BJB9e|`OIpJ^BmP|=3#e$_{pI#~?!Q!G3ax%DnDPGETm%T^_qp@<=l z6~ib?mnEbtdqV)lPXk+j{Rn}&56Nq2IIRsXvKvMwu`8 zo$Lft6)JCW`pNwl%#UWwKe=-8ka#}llO-J!mT8Q&DwcGpJz87OC|v;WBGCj^&vb@x z2DMGq5`~a&u%REN!{&qR-RScMJhaSPG|33B5dt1}1g8XWc`{_JA91LW0J9;eFsx1; zu7#`@Nus-um@Tr9cT^J3eBW#7s!s=aJhCQgo2pQwB{bF372WRXvKUmiq0$z+)nzbP zMjORke-4a%h-Vd^+qH&flZxkS^6NhJaKaU zbY`nTukHjrB_S(;&#u=D5W-?(8@JXn61z3H_?lKfGQo~c?doj~J1pjhTXe!b%|0Fv zK4r$BWem^>r&lVnbcQBH@*lJUV7E<;ke&md;jQ8(qWP}Ag+Y1CmUYT!v7*Ix4&T#! z*Aa`)zXqGyj=2Dd4VTvJCre7i9-F@L#$BKzHfPb!db%Z#EcoZ^!Ppj`4Gr9 zcmRB#R_^A(+Erz`t*8{bZ1Wb##HeNX7UKGZjF7&V4E7v}IahmtKOzutdw_gm;NDoi zdtpH%YP)JebEPK|l|i&>$-g@EYW=asB-W$tsj^%`KymO*m{U(F*lk!OkbTEy0kIrK zEF5nSy|y-I`U}Rqu758q@+)MVov+9aH1Y=ms_dJyEFqLUb+c)t3$*B#g86nl{o;Yo zIb9I+^RoIy-G9Ar`(ua+lz`bN{@+`r>8Jkf3tT@ zcnh>=&3ZrE0~BXTGzAvS6YOVpq2#ZXXpjQZ4tiHUD;O`!BYRK<7K#Dk_oFnC9xf(` zZU+`^`fX9x$IZmtD|ffu8S-iHNZYj!N}%mPb%&MdB@_6M)s_=865_caH zaD8}KE_5~IQf9k&8vPfFIWMnj*XE>Nyc`cQ!=)(^w{vyf?USw6R`2$FXmEOqtV~t2 z)%Gzu3aQJZEq(u}NP1PR-m`v{nVK$yASWBa%JD>^+2Ksf?qYJMIa-F74?F~Ec!vmz zwGeH(b|?!*6DQS0=N#&xh~Z~k#%K&d(3ThuuLvMV#IQ;c>KaXvOuQAMUff060h#{i6%eRx6n1?t7Caj>;r?&7X+5_L8h;63m z>II0eNY`*$&SFwoVC>b$V`4fkNH2ZvPG=nSlJ7N2U87aEHwUT%r)8RbFRDyXBMqQ^ z0g&&9OnEV8?<9}_L>bSAGINI9@q!Tg{rt^vzeC*TXuTy0-1g(fmYPc49!SNv-H_FN z&#TdSRI>IM8R_h^bqvUeSkC8Y5OGu{O#$x&VmYuQXvI_jE5;M_1&#)j7X!zvF8B?* zYYD~hUS)9a+tS3@gtL++sDH~u1l;ac#%eut5~ z5g?+*Lz2(m5fXGjEKr4>y%r@ke99GJ+yV3RuY@UDIgu;~MOW5GztTXo*b~RhiK6Uv zX&#cyLeNk3xruTRDRqbHGR>BFyErSoo|XWFFMg2}CocO%Uy>~NG0?}=3YjP!bpw#L zw*fF2aZN~1qJ{w*>NEPg3Bzj`Xb4OR-u9S`*m=CN(w?;-1o}nX@g?Fl>GBas=64Ys zxZwDo1?C9%^$zXU(z{~}y>o(iiFcl*xt^k==kq1`D{l+&Eiu}<(!uY#aY!U5Em5i1 z{LMkG2O;o8J4BJ|e}A!9q81f%em_ZvDoMgA8yj;jCpW^x0pi!}Yk|@cIsarSanmy! zQJBjF^ckmS`hzRNM7cokk(mA^?FBYXo3aIhIYupRMGdZrVUIouJbWjA7@Pu21_sKU z)%O=@S|%iMy)|%OpE7NP3Y2`j9&$H8?Bk6d|5(3d2O196RGpA{;Ijwn>CeaV@{2m+ zByW8Ca0%SvH{wzbul$EtK4_;`*~{lJEd1=xOb9qp#Apffs#cGlp4D}M-!k}J$dC?L zSr5*~`z)ePW%Xt^JYS_?VPd)nR8EbALQ_&wC%NYhQ9*a)`irdsQSS&A@33?Zk3kd; zf~=iuzaMQn(3+EOC)5GmtJ*193$$WmQe;Ek)xMhyS_jI?Uo9u1>5@{}R~P_d3){x+ z5$FZY?&!(l2B0;ah~hf&T1C=meA{{`M>M|u9S`PEr_~%y|Mj>=P;;f zxRc_8lTe&>3S`$biYuGHw9u^1oejqwVmW9##Qc@Q8W}o;IFCqVJ@mUE)ZsO?e0X^z z#*;n28Sz399rIle<{X8E{_I*&0PG`zzzmZFnJvz8ZzA~QOC&`a_8Za z1VHt@4g3~|+U%UXVKf>3ZtgfKsSOh!8 znl@i(diNk!ns#@=*fC0ul8TWu!#N|*4|nM^Jv4d1vG9oPRKBEiNnJ)CefqICdBMAn zfX4uBrQ7E>A9>{b5k0v6Fgq)R44(%fVIfgsQGr)h&?v48p@6CwfQE*54us2edTh<# z7|i>Ip@C~$VW;wk0ZV$q@@JZ^K_;zXV&t8ZIQFyQkVo_lRQ&!xY|KqgTX&c+KYfRK z%hl3iMWI=_g;mEAaDV8ZfN17=xs8X@r>xKxy8_m5HZ1V;*rjo97nf)p>u?;MiWO`9 zAx~t?I%7BC$V!4NDz#dLNe}FwwLH8_#Vz+iZc(4T`06>Sk(k}Q*CpUvcu)UvbDI9B zn&n;PQDmUY!0jey`8&_dPM0i~_g>i48+R4Q4xx*Sz9^h19UT8G3w`uh^=?R;i2`C2 z2dYE1i)?8-XLR&WkqnxiPuY2Q^}q_w0lRP`2tB~JR(X>Bi;7GDz_X~|86s>B)su%* zo8O%a*dUKsjh@4UbZI4EQuXvp;t~Xk(Z4r&m9U7k5B|xMj*XGQe^`k08N8fqLuyHb zf+wh#G9HuoWegwvjD#SR4bj=@C7o!yBVKBp%U+rI%XO<3oKL(O6Ehd~2$J*UX!~w1 za`fI~57@h2+D6hbNr-Tm2S55pk#~ZGE$I*+r$(PCn?~o~VL*MBRBCOPuffxO@z}s( z^b%W*5VumfTdh9$VFm#|7vhmZSn+kB-zZYoCrav+DI>5i_`^4H&`;kk9@tMp3~v*$ z`PolO1Z9`?=f>h+dKnW@TJm7)cw4N}xzb{N@h3^FJ2X&1)#RKQ#+X4)6@N96lselr zp`K`-+J!-Dg5Ds8juKKLk+mjeZqx;_rWG>^)ZXZRATU1vJVuuNBe4@`J7`#Thuv`= z4y@C&qP9{|J1rB_DvCFoF(V{is|93K(Nk~+Uj*8OM^q?cG;7tN7FlE5 zbVF;AZEU8G&DL|*0WhSXndWn2QGU&=oXR=tKBdR`I z4bn=dx;O-`5uM{s2|jNAXQ3mVsq84=FDZ-gOUnKq6u~a`)^-NQ|G}=;CPB__fgWSz z>yJg}JT4eGyJ%LJaAr7i1^}T9umgosfE0TgLMH2AO!O7KW-{~!cmOdz7_WbA)+>~D zpDbq@CH31Ac5h1V&OsNQt6OMatX<)k+72NAU*B@rr}t?o$87)*6bAx*DE(m=alk{_ zG()Ti-HpI4#%$QgiT?;SXTKTyXwwT!(O2$X3kv7d(I#EDsDp-lu1+Qc;SQ50c`&)9 zXHoOw5i3|nU)vrqFh>!A7|Q!3;_wMUtofmcVYH7&GH-$={dB5?5r#~aG-tgq>d}Vb zjPxp}E*@WclD!o1Dh~`NTaeBxVokr9oil7LFtpq(I!M5g$xlx!gK9=_jgpj#3~`=+%F8)2YF~wGmuHs* z62xre=bEf8>{*`QN0f8X>V$IZlBw=AL*!+O37GkF1ORCug?7#_%}Om z_N|7&V=#@;4T_G5Hf@b?)&(hW7bS4n24GhUc{}7iP-=tIfO=Ua_1FlC=z)m)A%7tx zu<`B@32!n2?I?W&%cvpe)IND=){7BP*8P^@75gUvM9a3)OMF^|sEn|+92PvbKYrWa z{~u-N5G7i)E!nhf+qP}nwr$&X-sDZ&wr$(CjhmHKz5hG)UgtDVYmKpE$Bs1vp;cU$ z#FcgS^&e*D??O_EZ_bZpM}IfmtDptI;-evmxJAhS4rU+s34^r%rd>;asigl&f2gaa zjfuXghs%F4aj{z3HpHu*e5X?m99Q`m4#O!WRBo5I}X<&gMC=}VHMDU{c(FFp3Kh#jpKtQ9=C=8nD zMR$XiHh+H1$MPv`6_I$H?VRa;-syLL@co>vD#rF6UymnuKi(H(zOl333@#t7tof2%pN>)#or+UB_!h`(|oN z?MB`fwN7m8C#pUtsX9mL^45~OcAVKU`d2WM&8#ho>Kvv|Zl2?n^?pF-Jkb#3yVq^0 zajJRAIHrC)6+UG(mgx%TcY0jq+P|MOYU(TPGqBv1-8l29j=SP1G-Ge6;B4-Yr1nZen)kN}a)-p-wk}%rKh7Ln+_i_>PoZdYl2D!E>0su}HJc z`2z{xlQk3A_^*eDes*G%?`Q@6E6PR#{Rq^Pj#An$ixvL|X4bZO{BU5SSO|`mBumz_} z-qS885whh3$U3rP2L8VO=T9i$Bh&*M*d z^+Nx={qLb=*S@(Gr`^YY(Xs1zQl8&q#Z_xtIuP0Jbx>~>ny&w)gH~S;E77dD7a6_Q zqmFs&eHl}y1TeB+#=wsidR^XA2b*@N=X*MfUBBJ?@FmaBmVE2#oqAO%s`|@o^4a)t z`Lb2tZ+|8BQsRX112nvhXiptOX*dX^oFEadGJkCqZjBC~hfb8D$PF|EBA3$x>uyTl zFdwl#B&T;OuhkD=3S?Gi2tMzH?s3`>emsD1YI!Yz)^+z8Je_^xdgMWSXZRRA*0lYw zwZm@Hc@;~5^Sr9FhZx(k`uf>Rd()Q{-Woe)lza4~*?Jrfd?aeCAItHx*$gkvk33?! zXBBGIy8=3^_hsW^T3xSU*Jpp_T0{IL+Szv2vV3jr=2t&Z96@u~I1f2vWt+G)RDenP zjPOllvrQR*XED5jk`T}(-51z7Sf)^=cSjezK@vkD8{|tL!AxR<9L4 z?{(B^29eB?ohpJg*UHbRX>`Zm4b32GF)bU0@CX^4LOf$cif{6fPsgef#rJteb7+3R z-Y;1csJ8=P=Jwlr`2tfYoqxctW_`^tCCNB#`Kog?Uh7%HIZ~^0%maR%R8<{y-m6En zsjcmVCu?PnjRNT0l>C%#GiksQvG}T>m%E8C{v_VK=Ocj=_6BSTk_PmWOU_){FQ3e2 z*~>`wv>aGW0M!gJ*Gn_O%q_`ILiIp9YN{G&q%b#u%_ZfezPzKEQ9*2)Fr%2B1T5;wU;I452KY=BN^k65QU`Xn-E*^O|r`0*Fd1^~LjLfoAd z2RnMmU#AqXexMQi0OUvLG}D^oA}vGg46VaKB}!+s>jM2pAqQ4OP$3V06$Cd-&M5k?u&d>x?Zc>=bqN$39o|jsyPm1 zOLVh>IWQ8tY>U#(v#GWB#yjI7U!k175L_uELk}rhMRO2jfz(1yZP;0^xmYaNklx#eK0>+h)<9{!ww%^|UGYDI-vrKyl!duMW6 zNl>1e|CpMOdf3h_qI^7;I#^gs5)jKK(C$@*Q}I^GG$BffZcW6_m2si=nM_&PGk-V` z)>Ux^3K3(-x%`XW(GQN!1m;Zw-a3r2nPCHi{Y6UI?`zNoks+M-|!FI)E+8TgaE4 z#&zOT8L{q~+h|q5?MCILl$f{*FCZkGnW1#0y!@|X?|PHI-)f!{?}Rih6B@=#tOD^_ zr5fnVWxFm1yJhQ#oeoG}f>3B6S@-ctc1MKEH!Dvc&x2y?vbreO%<8Tm*$nVc(||%E znJU=w;P{XzyTdnu%{##<1jZ7oOplmZ*c-fOzEBB6u$?M>zcFU*Nj}-uIWV*xIHWn~ zJq*p-Zb74Db*C2`_z#s9F!MfplfeZTnTJ?fq_}O55k5LFI;Sx0)xDseuNuR@4st{x)OXtoYN{qFmG^j=9PS0FZr&g zqpnw?d_8t1cYd)ev07;BigSKrYDSR0I9u>XuFphIt6({__QN-q-RpG9w-7)2y9p$Hj{r)TpeT| z7CfTpnQ}gra9l2rNysO^0WrEjKmm4@i8v1n?jW#U`@!=DEqz-@k|)B2x&y&o@%r@1 zdB}A|@@;u-9?Ntyd(O*BTjr1;O2u}Y9AC7rM%{Al!Q8Bocj8sDYz1~kng}|mzfeJ< z!1~HEu1qdIWdTv729s2Y#)AP(85C>a2bWsv|9#{RTC;fmjH6$UZc?hN&fj#sx~H4= zArf8Mc7Y>G{j|~-d%kHfw(X*d($Jz2{X|KeWuyRq$p;xR=W27 z1FTsY94Qcw zGoqxWUA)m7wt-1g+{{|>Enb#0jIjkl~tyU%#=m#K|^<&FO#$AU8wpGTZ3Y z90zG7;*@>RaM{{zD|ts)SJ9XJl8;4vj|CXIh-{;!{al6PnXG1drb4#tNN9+#3Ry*o zW2vHIJ%+SgMYm5#U5YTJ5xwSsldNfK;@;W10yu^X^IHvjfR&20OJ5!H*b;j(43_L* z+2oE?zV%6Kzgh3pv>`d;gPz3yyD8Au2G9+@8*Vy{5)uPorY=TtJ|~ZzJ?-(xQO*Yv z$xsXb{^&CBH&UoFNKeF}0Puk<0;J-aR>ihmrspu~F>hBnANR^-)k`lyt9vLnjy(Ww z>d4usQdi=iSs5_0FuUDJ9Gsg4aGQs78(@mLfpi)cbq_VzY`8&;5GBZ4H~X{^2`!}Bged%S5v(RIQhi=r0{U5Uf=w4jD{Lvu%=e0H^@7|#XI+wS5AaE&^-v@ z3DeO;7Zn&elakz&ZwR7-BHTkxEvQUgkP*0C^_0lh+27%)}_u_LnlFaQ`~ z;%BNj*UE7cV%jkhbjZLuN9Czy?-&{;Ekl8Jg85O6eg6T&gp59@Mn`NO%L6>iVD)hb z>X5uqI+Sku0XRsfHw?6nK0Y(;k*vPzSC9vE$Tb9kJtta_1q*C`)U*t%l6{-GmlT7Pj{qj`Kp z#aIeU;RkqP&6(-P5kh6o_84*CYph8CYA_(UzCtW20$RjkB&)C;x3yicWp6TQD-x)5 zpE$$DhPZidc!GEH?C7BY_!GFx?5Aa6>7|iS5XNP38(u`DN8^?JEWm&ejJbV$We9NG zNriN*$V80DAU_mcEMd6zY=<$WfibC&yfAL8-$<)5>=_*-%X{P-p!9o~P$(og5R6xD zEVnIY(L|iWHy9bFXaoi!$qyF~hc1Mj4_{k0;t@tB-k^}Ug{TXbxpyB;b{BAcU!18o zZK4vcF@~BQ?g%XTENuFR=ExbCR#9yNPJnv_#TDM^X9am{V8*QMgJ{DCBLdDP#RvoA zg-#_*8OGz~9EL&e2`nLz3EC(J^98NJ+hJ-N1RJed`*9u@iG)R7F+rVtTXV@#i zIdlQ)qiKos51@z{_pwx%e^fL=vUc(T#D6yFC5`_EwKpK7nL5I|RM52atb3A8 zVl0KOob$%1+cbc^YmTiR;~bq3wg#*kVFQ>#9-O?CLJH%2WJSFuH{v8hw-VXaEJM%I|UJTo_jdgN+>O z_!kC#E!=t0o>N5C^9!0iL=rf@_r#L_(osu@vdHl?mx7Cw)HN5-!f>Qx3KZ(ZccM=yCy;zS1ilEBdQmx zL)Ni*+5=A;Q&+b;GXxr1B%38Z59<+W{X3sQ%s!DHod{@hntG*NtFz<3QJ zfZy>{CjQwIlE%{%Vs+Zyj|2-Rdo6p`41)QDuBLSBYT34F=6uKTJmeWP_$Xm->Vdc< zGYXtky{8n;#z;JD(I*J`k(hPf&osktbvKWf75pAqOonX@S3>R)FbAcJxc9ujA;;12 z*a3`n56tE=pOnWa3dRecQ*e^aB&pcR=WyaZih(NxEjEx!#g8R2`aHr3#W~99zMYoa z5mmiAu%fd$h~Xs)XYZ%Zpo#%5E${&TOACvaAcDmj8CD_84~~~2pDFdOgQ5@=8U9mC zUg+bXf{t|dkA6wby681Zhi7S+s8|(fL9}L29ia)W;H!NOBo&75pN#ZRIsXzmV#Hx; z9zf|df@#o^q+c%lMTXe4&~2rxU!!L1^#1**=;lojqA*;uavPrl>T#z#!DH5hUWEoH8;}oQEW*`8w7EDqnc=CfH2{8_=sl zT{p^uP$U-qpg zvkd_rBl#`FNMBY**&l#p{-Gnq(Y${U$^0Wn@(k~YWd2c*p|6rh@zG!euz$t84!1d} z1EHh!t7)DHt1~>-Xlf3~+c!gI6Cco%VRHwL*zZ;3OtDD2Lnn23j4Z7u(l(9R3mey= zi$W#g2^mMVHwq=n`R0KxIN#~PzRwBT4a&`?;qZhC&<+R6GF2*6XaDgvBn?9{#2HM> zuu%HD6hAf%{J?9N4rI94-+)-fsim&jaCE2IRd%0$#BJ2emH3lkeh-_);2h}&zDVu> zUn_fsIzgV&?D@?Y1QBvSqmZFIcZWiTB_!RYCFo`E+JL%Dh6t`4RgC+F{EM8Xj%?|S z3dev!A{7aQ`6|GpgZ{$YLUC0@%L{L20_$fvE6i|Rn(L4lzzd@Dsn|luYl2$dHM3v3 z3qTs;9oo+RZr~}l9$o&S|DU_@m*qLFBEQD8=dUsSAG9Aj8@id=JGeOi7e=A2(xe?S zBg(Te8D^47Y#xmOM63vVVrJ0=7#b>pfYGY#uo(!`VtsO3j=GI}{=CVuAE15$-8+U~ z-~TN^q^?<{6hTe9NyT41&2_$l*Ve`bITZgb=w$x|IJlU5Ak-2*(UHV)$SH;qXD3D& zJmEPGoTDD7BuHZ^-ryDn{!DITBW$ATV5OnFi^$owQpD0Yxgl96ZrKXiW$^@(D1>lE zL5u=O5XA#up+@=K0DDY=aq*!8l%UVX8KRMirVVrAmoTC4%Oc}u62%Ng$_yX0Q^UKe zrj?`kGzvf~rxuzp!9t^=nUSe@47&O<_G5o-$acBnm?v1dM5SpIke1(5`i1j#Yc6Cu z`G_qodiIV`D=k`g6|6$cxbY_ygYVO8H_t*YT`gBv&P5X zu});z0hhAIGaGK|=rX7t2e&*oNszBN)ArdJ#!QuNERY|H`r9@uoTZK8-)jKZ$oUvtMzKuhP}^P1oInzP#( z#=A%aKzhaicL}3)_YNy~9Qgqn$FUl>3~H#|QMo?i89!3VWhJv2cS#s591D?4)m$sU z=l5qmi)}cLTl;m|2|@(~im!N!1Jipw#s8G;^9RuyG_@$sYX|%gZtmTM?MuIwHg(RG z`u{KNh+Bh5H|lTKVmso0^qAso>he3X|HZ_HqHj9=q8y-U=s?P)ZC2&9HiM~DNjeIS ziqea!ugh)MZ%mYmn>R{Ka{>u&qJltxo`9NYV3spP{LZu=AQuY#N#w8LuVnsyq-6L7 zCR=*V&`Id>l7fSGdeeEoT($4VBO~_!_WHBg)qGzT7=CSXJQv=5VdZ{F156o^FnSfq zLc~oEU1{1%$5w~DT(wk>urO|xcyZf;@3u%IEvTFpl z(@S*r)743y^jjPx_Lpc}hxY%X23j|g8UC8_P5JUcK2nOQ|K4S46-UVuW98EL4htYY z73(3LsmD9+I+}1!hw~zmzYhHn&Ch`end+71?T5DgNSx>lZgyt9x+zQ>Y7qCuvK=%} zY3PKyi7qpc5NpIa)8%HM|44I>b15zmj?$P77!Nw*SGPbKK&Wl9i3Vp>a88oJhr z6@FbI(gztOgO~YXJ$oeBmT_XQ8xksD(SvN0Xpg#+1@WO*1FjLykw1R}_*ri{POJp& z5YPv?CL~j7GDmrv5&oI~VwUQIahj!IQw&E=XJwep>s?zvlM+WxLpDZTViHBOd~M|M zqZ=<^nTYn+&Yb@2Bp;i2jn^IZVWx2V^r>3NUNE&I{IjS%MX7tDaJMD3m~NIP9rcgk zTn(*s!L(i=Yiz><{ybF51w*PrfzN*joLvADh+gT#KPm}O-EWbFRJ2ec+H_c2SO@g0 za#LEgws$H1vs!Q?o@+C^*^P};UW|Zr~kt4DgV|d`AnULI(IMVdGgW zEpQhLmwx34MiTIs{CXRok7Z=%_?va%tc=ZE4;UY~#xMbQ2uB#4n*^foMNbTGju~ju zEWE;U%glV;@vC4N^I6;usS|#bZrCR{2Zdku2#jm6qpsw4{Kh(``Dy-vJ8CbqhPENL zS6q{Pxcn(_A@YIG#yVH3(&I>LK^Z-ghY@QleG zuo4`wOt20~EHe0cwPq^hc!OW`#jqOADp&<(gE+=0H$m%tA);KR+~C$roL%4n*tP>O zXHXKGMr4f`*IKp{HYYCAEwSBw(7;}ySZZ%Am6aKNFzP!Uow?{l7XlOE1K2J}6yaI3 zLlhBC*WtWyliZH=n(et!r(KranRCPWs;Z6)wDu?S%oJuDXJ-%?YMg&Mn~@uhi;Ysp$IoCw0`6c`KqrEgo2!siSH#%8w7)>$*SPrM0}~8#?_(_zP+CWi zn<)LF+~1r5$TQ)TSn({$_^`#zH-G9Qnc zPRF1fp&XG&9XTJizaVc;DPVEl(pTeIC8N#9XIZ3NiXNE(bdBMq*3t-fLYzdQ9MXJs zyJBdiX;iFFJYt!QJIQYLxn^84CVv#>H8X4K!U;m>ZK+zI!uMe|iU~b|cnC$aSaMM3 z`XI)QfSp16&pPNC!ZQ8w|O zG;(!W-?1_R+W(auc$S0w8lc?O8;+<>5~Ge>MBc|P&!X846@V^i8Zhw05XVECrkEy} z8NNpW2E0}kvX@?Hvtje)xd?5HZdQPypD zsYH%)PemW>*`H54P(OVGYVZx)tdN&gl~!r+sJsaNk-6>AW=kh{okMnA<2_!eWjm1t^5G1;eie?+!%2td<6 zC5*Gl80omZuKxFO0;pC(ItfALRZQ|i!u1?#N4@}V^@6@f%-2#7`vLTZul$Mex0L8` zz`aDYS9K>w93UyxOgAsd2(up;1U|8Q#$yMuo-4Cuj~JvE(=(Rs?BX&BW`kz*^pk7+ zPlA~X+t*6dIs20BpWMrK*@6YHWF8y2$??L17zN+s$Xh}M-Q6d|%tLYg8v1)!fNOjl z-wE1>Q&9ACBA;%$0^p+#`KNe_kisd9FvX;h{2H){x#q-^Q(Q@}Ru`?FVE0NY&)~gX z;@?2#UF%o$zxdMAf8hV~+EB|#vVjKy004vp0KoD8C%-v(GP4=m+d3HjH!`eRW7__3 z1oiYz8im%{*1n4}DbKVetERdBn1FI)NVlzXTQ&-h2xJ@$G=vr-lewX+Si;M!sUEZf z^a9lDy4?J8t+)7$zt39!8{F%R)Yo3ZcS93cki@}^CdR67lw6o?q$QY`%e3xX!K#^wrS9{ri`grC-FVz)O zN>7YMI;uy1ybF?j6MBxo5*b&(kz~Gh`79<$QOE+RB2SR#oT5N4wIt@zCm~jUw=nd1 zAoG&{QT9FAQYrSgL@!AyeqO?>VYZ8*7)DKq8%YlXT*%{!#RM~^WQU?K&}8zoTz7BE z;?JVCw8I%pYP5`8eY+c*xNGk>izXDL|U*6kE zd3^rwFJ<@uI&E7|s&q04GI33AZtaT{nK54)ysEf7nDvOpa>g)9+s*?hY{dBMn;C{_9uwYTHf3&rbO-Z-3$qa z_-QZw(HQ8rGtVEweTKVbr`I~>MQA;8v4@}mZwyF4M(65y!0I4R`MjIa!$3U9MN?9{ zxs~gd%TeskZ6gM>RGV18|G_U3pE5q@>#Q!_=tVv>k%?q@A__atQZ_%U$ z3JH(1!JoO`M0WZQ?@s!l4S#e)w_?yv|Je?^@5n(nJRi?Dhf%+SJ|OWT3)-gurSP0N zKlkSuI%zk6fvE9)HZ9B$S(w=(;p6QaxjJN3_ge$Xve|Q48DD^q6|htO=>{nxHb(iy zcHb+cqAfFd`cXUIJh_;iM8vgDFA2R(%=taPIhYp`L<{-cw8>MFr^M5q`&pDEM9PZ! zKD0aA``z7KrDW74f%-CGd}z~&St#&X=^#R7I|Vdsj?NDNe{~w(zHpc)V_zYs2bIsmzhoUOPP&;1b>N(9 ziAj+e*bGkY1*fT^?{v%g>ey@OtUly@TjcuLS0^QJ*i(*Wg45Anb~;JytT?>unblvD z2UN?q3K;Fm(}h@XQQPlV>mKe{jZteVE6Sb^eaPP~D9W|?0k;4@MAos-y7pf)4^f}D zk)MyIw5{6Ih;* zkn6mZQ-F0|lLr`9+aK9xPkIZizzhGH*fvzGkT3Wc3scX|PH~BquvO65)!=BB z6ww$t_a91OIIGeHaNeWUSfjukN^rfg2J49eZ5%rgZKYl+TKTlffT|qK8`Xie1I2Wd zG@_N26r3KMBICHBNJ?vHn5}k0Mjby$C=l(;p$DF>lKCLx)apZS<@ermObH`*T0sCu zCI-L?owKqe&5@k-PS88MnQK;NvRuI*p;_4NzM36R{o}x(89S8Onr8acE%6y3PW{qr ze-wKQ9R9%#)X&2cSnNmbtGh#kV*O-b4Z50k)G)}!W(x9+cEb%bhm`00jDg~BF|;xSZuKI5GP&vz=4K$rQ6Kb2 z6Z%J12f{_*2|_VC6-1n}FHDSclA(GlbUHAUJ3ulcS}Gxq(oFYlcq1dL{iz$M`u!9r zS2HX}$%)bxEoxC4+7n$t8?-1s;#02$;I-AqTze~i{0m zl{>Qik|ez$!0LeBzrKJ=ku98>gk|#k5i>X~pbM38vQ^F+L`1ic+-AI;p~g02FHkd8Yi~}``hQ818crmk0U*;_^JQC`&r)#y_;&J90388S+MLS4d5$WjBubrp9v0UsQA1`?puS1@wNrS$I4f$hm2;2qldlWq#>;6??Su_J(eI_O1Io z0SDP5*U%2!jNfM4Q4k;m2RcFU!gnNL078f$fd7Oz!6up@hR6lNn!AIUO9&P3rU`V?fqV{}_azk}JP%xvO25RJiyDMA#~337UO%IClWb6Z#hy5jt|;v$ncH4|vxU)Hb7d-%OSNMnv&x@4TO2%j{Bc~53C2c8qMS>U>AHNQZr0+e zGs?yQ!{5A~VVOOTUH9s>unJXnWof!BS&y@@FqzWWr^);F@H-Qgh`H)IQ;pKDf%Mjf zl*HBy?NaUolF@M&?+HAV+k&sn<6yyf*GtHR5QESy8X@0ew40yc$XET&l#D2(A_>8F zSoPxk+n6WpB`2QekGl~@9v@T8HJPi0uD0{y3&%?8}I-Cjd%b6%>REi>}>KoeE-Gh zxoXZjV~@MuoMQq2BY+4-6}0Kly00{d^h*mxU8|6EDPtoq=)m z8JMjxCk!!qM5-LCIMvZhl9mRvj)CL*I2@-r!~Fw4NfMU(KyRVi>00G|>&KT~diuJ! zIrsa1e(iaEbMWgC*}IiLzLfuY))o4fp8Yo2f6s_B&o9sqvBV?!gB1G| zYewgtWPftpK1VawxXyCizD6^k`6~6@exlR6MI-DReBAZ!SFAa{LC1pb(cC_Eq7j%; z+jO#E9)hZQj%rA%x8GiKzhHqCbCaO;4jWfpQrv;=g2kG7k@!iJ0}XN*#LRtgk1eaJ z5%mXqxMlFqw8tirYZnB;IzP)#r?3kKAQ9UOY`;d@w`Ee^aqreXUx7_|bjRbbWbXhBzR4Dx*Fm{)6fL|a7iY=o&bRghI=xW;{Bu5)UE8apj4VOT1au)2z6%*4d)u;?sI)#FSa zI=RJ|<)SY+J$&IZoJzyyF^*2uLI@b=s_y9+L03VYa<+`6?dhC6b}i@{oUT1kFBeSA zG@^Pmj-_{;u7%=3`p>G}Zv?PjS@zqnYx5ppLr8fvvOS)-UtQm4oiOR6{fwh$o%+je zV0Dh|c$%`QuW@;!d-e3uyx?W4ufML5a`cj3`ux=m+2WJB_{qzw+hi z9b{Wa%U;#Y(G7m=>;-#dp$!;)W+AuD_Gwyl7qJ<~rrvQjf?nls!1*EAasG}&g&kl( zU^HL3>8E@Gn3{4U_>jZ#U6QafNk_}31;v8?M7_Bo7*SI{{;(6}aR~|5^}1^T%R%wZ z4%ZIIWLWkZAN2qa=A7q3%hryA0E4(>6PUMxycyz<5N~?fGS?ycwj%K!D$x#@h*ydw zb>9zaJrKara5M-F)_Cz-L1@g)L!NxD?wx!&32#_HRs=9071IsakMa5Ks{eg@^q-Lm3c&B)}3SJ9(PtYz;ZNR)+UTX`cV$U$wLU(pn5LyRjCjfhs+^% z!O1$lHNhMQ3`cFar=b6)4c(xpXYufbMqvR+#pyt!=y-i}`W;5Vs;k+@N@U9#c(l!} z689Vt)`q~1VP!8&Z-%ZI4XDtUr z>{AO_oeVfPM$1Of(Hlk%h*(x_`AyE<%c{+VXRFz!P3H1g1QdMSLR{EKs^~0M>jrk_ z8umcTVj-ck4hu+BFf;iO_-~OoxT2OHSPu*zxnn9CQy9|f42HMwm+!HWRAzpldrBcc z>$h?+eH^ww|E7`n5xaC9Ar(Evgy(xyIKXKutAkonjeBJPqd*PBOO368)8T7$T0APZNR-Z{GMfb!NB@mk zoZBO+A5s+lQFxle7--ZyaHuAQ`3DC&MS_S&^O>iVC6-Zuf0QVau4!}zq4p-!KI+vD zHZe}(M~nslegwRo?{@jtOxLvM_$&{vm|#bK#eG+28@vwh%?l_U=R6P9yndv71L*uC z=w$x$6KpnJ*1^ir`Qf^qvAexG%g+>~_h= ztpB@kU`kpI4m3Lxo*Pd>P;de?=#YE8(N63fV`TK(Q4V8&*UCbHZ7UCX)JQ}+!dJNo z&!2#pH2@FOy_tqIovAC&6LI;-k}V8>c2jrVIWln&a;}05F+yEm6M;40vB_)=yf~l< zDoZfb7n)%Gv`hvNKTMN%sNa3VBjz`k5x@~p(=vSxWaWmAp6hB0I6e74Z6LTVirN?3q9o-R-#%vJ2> zkBn?@mCguZ$(j-L@>$wEAqRiQ*78qfUCyX8Y~`yqC_AxC z#9}BosMtA{7$i~x7W;d|9>z_^{xXokW`S07zP=Cu9W`GmU~{)>+=mbjJ+$H zjOTBESQE$%6~@2FD@%uujrn^%$DtJXv(Td=e&B1`GH!;3#y1xE=;4d5s1YFo{naZG z%>n0PkQY%*#%tIMt?;#pkpq^;EPwVlxw7#rd&ca5liW}O*h7Kow{KFUofa>r{x?+h zb~?_5X$qy!>3^awmsrY4Hp{I*l2$Z(+<1=MwZ`R9kK<9lnSnlerow$wokY#t3A`L} z`0UAHWnPx_(%f;-9U~$sW6oZt65wyDFzsUTne@X%@D*_eR>Zv`+$F9h z`q)tCS*!_jlwc%hkfe*Y9|E*Ju*zp8!oFfI(R+VC9O za${|*!Ws(Nqj?WcW+;D57!qd4X*;2Z@k{P1E>LYn=?$CMu!*MP9#eF(hq&=)|Fl4# zM5N7q<_QdW%Mg5(5H+U06FW(iGR`G1`KoXb@s1b7c2c5tj(?`3bntE3+3fxt^}pcC zaP3DB$lVvnMuVyy?f^$Kv;S@&WntA4lEe3RY=*s;EWr{Kg?jL_B4Qbcz>Pg>17?kh zZon-nZK5j1c)gLl7F)lxF>l7&2z16aku|FQgf7;M!K%%}Xn|fsU_WgRO|+c2vwhhS z|4WNm?EDib7&H8bH=pTbVeXj6FdXHP>EN=6si=_W0Dk&hA5e}OppB=@MKV7&q~tH zsy?AH5w-=c$9}wBi^+;v=V8s&j`j}?3R1&w=T-2{jN8~u^xPv!3M0~;#Z9eK8#2f( z%6??V>Xh=aXby&oSvvcaVW$_u?iVxxIJM3=p3j>bcwQurKyIk+6ZF^#7iHS7AECpxY8$+ z>l-zNZ%EbWti2VVBC=ZtWN16Z7s;mJ6NGQyiJR~#BZRV5I^`&T2b|wLNizj41(6GI zfnqMegpeWqu9^D{brvQ@yuQZ4h=zHsF)Ii~bV7uHV7GZpvo5jqDZy#ks6$^E|(dMd6}fnb|;zHuS`TK016h{ zmqFkM_C8*2y#0nBU$7!EUue(+EfWrrEN_8vNO#Ao0QxW&28VaEQ$si5UD`pW@E_7Q zyw87XY?%&1D{%~{8X}q1eDNHOWb}oW&y1GpS=)@qvtf7ZXBbl%(Rhu&P9hnGmZ zOUV$$j#_W|1#FQq=T3mhlKJd;4B4J|~GTNsV@r9q<6lk7Cx_m1}7sV`dYj${$Y3F;vI zz&3%Lo}(=0`X2eiY@w-LaKg!KeliUNnw&nHv7FTML0eq;Bkl~=Hqc;+HkG7Fg`S@s zZY=tuzNj+sPe&{J%_*|^By`-Dcd~i4Sa3net2EqlV{mp_ zl1?BW&)Yog88};W%IUzA2U}FuvZNUM=WfB5`9X#y&tsYt!j>3ZtXdv`utmwoJk_vG zSAIIw|6UTekU9scMgRclC;X4Hct-zkYuCZ^zi<*#HDztKB;3qU*KOFAlQtSiHXjd< zIhYeS>o?=vjb(5~8@Ug2GPZ4E#@Dj$5tt3i=vqV~Wm}?bw5?o-$0qu{g1-nx0XUoD zz?>jn>cVk=K-LbAn$iQtX~RiMvylzV9(E4p8?`q;66aJ+z7uM9ZeQ{I+q!J1?q1`k zwf!0Vq!s_EYQ8b=z1qGF|A53QfIz487*WI2diH&6ow!tkS?M1#?9{G%@hP=lE@8I_ z`VQJD*l&h1n0jM+(Q2I6Zd5k4qBVV-UO9iWdRP1J@Xe+uLW?~cboUzCGaMt6 zb`?mp2s??ctZ}sR(SVHY+qTPY^G1v4Syg2>oeSzRrT|RVAcxtW6;hP1Qmmm@aWOzVl*$53Kjq zp*9T3pe`w122s;6>)-U6bXYJ+RM49l`^D?F!qyhvN1y|kcuv2f)tKSg z-u?_REl#;{Ve`XSjuFtSmcvDe=0Qh%*uN+;y@inYu+5!jE+IZ<3MU5o-iU)?`OkY2(p!%R=G^+am&~vpB(FaIRl?SNzR8O?`nI5OP?t{AQS6%}fRAH@E*~4lLmt<-9Zo&C?M$&DO)`1C=&8d@a!)Hk(pz1E0lC&ML9 zaQ8p{to29>BU`n%m%-nR%M za)(zGSwygyoZ_o&=XAYRR`w`X<1orXpN9eWR^ZR`87ZPgL$v1mlIa%GaPudrF8Z8O z36wqYGey>omHE`Xam+aaB;`%$bFwIHvSO}DlTR>T8sVm~$HG|;WRf$c48E*mjcXg{ix=w9;T@ui zz4{k~EdnH^wt~`zX`e(q=;`BADfty6#%27VZ& zOB;jQzRq$)#qs3wd7bK#tWUTeds$+xN?Lc!@0D3$k7hJ7;@(@fC0{v zF1VaxF}EC*&bIgi6Sh~Z&r3U?0_y)^Ejpy&k!-1B4)!lk*YK`3HnSMR&@o+|Bz#qi zuw7qtoU#9RC;uDBR@I+aF=M0IWm#~; zoJ{a=xsbE1PZsH%!&dGi!^)$xthg6wnp+}IkOVugI4|q+IG<|v+$weOT($Yj&+h!8 zIV4`SO)0+J#}+0W=_*8asi>t?{?en5aq6$d-}^|m@>uH!U4sBd+Zfgd_>H!e!;I!e zxy=-;@x4NM`_dBpPs8jyVEHVI&HcD!99V&`W)Fln$>XExijD-Nq7H5hkNki=IiI;k zPH)Qih_Sw=Txta^@X$O&+$T(*52C>u!Qfn4yF}NTKu-4lD%cu9{tXIDb<)EW!E`If z3>d8CKuSp98^GJWQdl}Dx2bsMy!#n&y$HV5Mj!{9v(wg^lOw%&Q*@p5uH0_8+60f7 zYe(-%Aph8j`LUFeWbJq`JT#DOR7nDnj*{WHHzm_X@3NuG}}6$prPhcZu

( zB6d_|W#w|uPNS(g166mP?Zey2Je%b4;(iM(|8H~RYu4JME3a;0 zaxk~gyEpvi9VO#V|2Wi~z{_&qW`ZrQPUs&#>9nPV7H_-%uV^{CS+P<~>~pJx!%p}~ zn50`$hIvI@B`Hh)V)MM^?*_n$VWZqLm^{QhV8;A~oXQ{!@~+ zf_xMYB-;Vj^jW0Hpqa%cb^|Wlv^wt|(mnQq=_B?Nk_^h)`OMg#h^cuJ7*S@@qm>o> z0HELc1Zc~$t~hIh5r{ni*JqlBzyrcK0xuUv(D5)6ekgciQOj)&w3Pns-?E$i`VQDw zAbAah*qgB<7IlclNxoo6TZt9uX?gf~dW6I;8Q%bfM1wlRPXz9rJ%Hj0@~flko?Fr_ z9f$z3ozs^N*AUAcHKrW7i+Vq;MKtqoi5fGZe+`4P@;9|?6~=Yo=QJjQk|urer_jXy z81Tu{gV|=V?7K*gxiReRn?RyLzjFM2I~davqUXE>?7#8(zO$$7)2n}zF3I#Fz{ZRD z8(b3U13JRCgE+&XJz)ETvh7S|(#F7fj`be-XOQbzceDg>{5-%;%~_iEG$EvSCW;39 z%#IonRLN`zea8d+JFyN*w*69GMH0e@*D3RH`5_|C011|QsYt+;-)xdC^Ybd;I)Rh^ zyFq$|hWQEXbMXXVAtIE9V_5w$sI6dqXybCmr)$}9db$uSs^84y{UwzEf4Erq*$f8o zCPL@NabsB!4LrdqQ zKxCP8*OjR4?9ru|LD(ulb4do=LZ9V`Sw(^E z9z9lRlV$)o5sV!&vJ#cSYffQ;iIhu7lu0vRyj$ZxYBH53SGjl2UqntEGR4*44pN@- zHndP8@Qb&*g+x1nr*R6m>Wat|fP!xIgKK~-1h$%GUe?<8cK(SEmPU=?=yC_?AB_+U zKcrLXzGT^Y8Q@@kCDWD|=#y@A{$ZBEf~>YEcHfvRMP!~uj9tavKzFPCL)Tf0laY#= z9~NLWO&Ba{O}KB#4OINWRsy9D@S{{EiuSOU-k7SMFao@AV_5Da05|9aekpN+4RG*y zN1GswRgn|R`qc!nIho{>B7Y(uuqSWHaVg}H3S(U5Z}LecJ*Uo^{Y#$K$hi;1p@aXs!u>U{+ ztNhkHp>h6Mca-gU;(D7JeMnlP(ck6k$MhG4DjETbK*}jQw)}*?DDHPOfX}`mxVlYO zY0TzZ3TiIY3%G>Z8o&}JN?uJycg8&e>rebQBd~3rqJ}Tj1Y*mfZyX0m{=~XH>rxVH z0)9@hXlmG+&RLOqG=VGxcMFnbv^eks^+8VvR7%dFS^!gn4uR<9T;lQZ%c*(sD46YrmV1Tlx<() z@bsvLwO9R0^sBijnpvbdh5MSaqRTqoU+6hoNTs4T&v;~hrpt6r?htW+l|PtE!Jh^B z24wM5*XRu7Jfs22@g2rF6+fH|K1*eyhBEBU63yY2rTBvN=#fCFP#9*!#(N5MHWp+3 zIFva&CN@DKg?{L%Q9CY`x=WV0NA#;hiJ%WJf}F1NF9b#4OZz@dWs3TUmU{*wI+iCW zlw+)X+}<(g2OC0;ZPYO!KmRG37E6aLnvu_YE2d!czsUt^q7xKPf zu!V}+fiLg`?VXvsFcw`W(Bg|*)*CbfYP~xG_M*y1@B6jt|2-HWXNO7E;FG zJsN*kpv4y9FdG{k8pKh9zTVS&=K;K~8;_aR72XP8@X?W&2Fg%X8|e0%qGuK8l~3Jc zLB2`&aNR{~c1C8qWa5w%2ppCw<6w`gb z(}F;wEed3;8x!UmsEJfTSxS8Zyx)s%S|PJF7!7rZNY~x~8z7=!fz{^bM$1meeqfd& zhgxu8Y<^#DWZU&$Zs@~M4iieC!*S~ZC3=Y&I*i0Ywaft>+DRZf)W3Rz|5AcQwe9(l zI%tVY#v9LG?)Id<6bATg>5JE+IxaBTfOc(43-J*ED?+EUD2sNIZ<{oIyW;PQD*u?3 z8iamf5}{0ml*}u?rxw_M;XUzM*GO%Xs@9vwDHSBQ9m>yX8!lx-M5$60Yr?5uk~5WD zg~wHlDuRWGMboA$iXaUl;2GT7?nt{5#-|^v=~XbG=5>s{fia|q7-C$C;B00z7-uo3 zMn#2L>98{ku+ce+UYrsn=Vk&IPi&ZCjHiR%@m5knw%CtzK<)_R@t(lXy;%I?HyKl? zB_XTtFENl0sTqds!2k(O*xeXWYpc7n%4+a`0jk_Hm>YQfO~Wy2f#seE4%{O@u_Ohg zaj%TiFYSW%!~xW3n&*Es&i%OH1#gfZ(m5V4eiZ6TJg7qnS z5RAy0;jSgGK9rSP`^L8kS^g?eB+E;gt3BJs|1fC2%2=INi>Od(9Mvm){|4mI;!t2h z-xE9oU;H;w_yy}NaH9^g#@!*Z#{3hbo@u|-;&bTvCWA<%OL5HA7IM#1;7#-SIeTJY~^pk5JK`hT{cD+=e2XSn|8XYxDPyw-b@ zRR`2e??zLzGk+$n8Rp!l0P{y`4c?+<9wk+R;J zpniRodp=~%vp`~CHTel#T>)TgrHiet{waJc>wMw={~n9YSsBP$HvoW85I_K~|J`F@ zV(8?d|Nlt7{|AAjrw7^_XUzkjt8NFE22C0PWFU;fLNtL$ok$?E&?KV}4+S5|2C5KJ zs&O?@9XcDZy}#GpQ~>EJLcn_c#F zx4n*}W~&>ktBn>}`t8f_Z2J1zh?3jJPaVbd%;R*LbMIp}u1s945$xwp-Z4y%M}sZK z&+Pf;R?z{P3Wyi}3rN}tt7H3}N$>p6y zZG0-&m8KG!Jo&ZIs}7}FJ|(P!BNz(7{*cW`lq{7_&nqBRF>@OJZ>}q$^`IWc^zl>YjR_^F`=DxHo z?dtdyJpJFstnSM3X>n`#H9YHmtDU3gY)ZWFsd!cV+MgNl<(Kg)__aKf-`ZAU*YK%% z)%X>;6!|r|H2GDzRQYwebp5)Y-G3q$kzbfgm|xsdcQyUgFLYm;N}68CrR7)4q?caG zq~urTQf4n6eBCbE-FjJ$c6!|ft>0ql`Dk6cjTTyR4$&H=fVTqk4%c5 ztJi5=7w^2ffurVnOee;MbBy3|(}wjN(0_W{7^z+_n7>vq6;a%l?w;bX5AhtPrb63C zxSeO{dI;dcCAt3i7)jw4?KE+a-WKno4(r=fe5nul9JqgG7oEh1={#-I-avTS#mDTB z-&*rcToi#bHiEDxLAvwg1)A?>b=j46LIY00}iD>m#$FdyVP7f}K@sB??W zw2ZWPM9t_ToDO%MsYg5*h5LNHlEq$xYzpy`Q)Q1diyX3y-P6(Qcm(U>p)gG zxq27NS*Z{6-B{yOI`;Rk9b3qtWF3A zIAUJA^Ob5AOct`WYrSIpwQShnP`u};LC|}IOl)g4?NqU--Dx|^y*N;HU>l#Fj{|^O z96K)6fqVZ(hIvDxW;)f)7q;|h(#je)96Rh8A+&xMg1~*~HEa)xz9}zML3kza-pVRx zg7l6IYLMK0?dOY9CsltsqXc_WXMBM%+RQ^|g=#pZ`#M1BDca6`u`)dupq!j$Mor`w zJEZIxr$48fd=+|i5_}gR+4G{oj@xxONKKSOj~*(@wBD^<*zogI$B-W$IDg3a@{wZ_gpSJFgtD6GNB8oD;uN7D*A|@R3&*URk8InJ)Mn~ zyjut-cUA3dIm@S4yDgd{;|k$3>geqEgwy&Gd&BY8S&`$mCF@9gICJaFs2c^5Mb>Qk zJXPUAc=rm&criC$q@rp~deDBoS?jCS%TeIw*49K}k}3K(U}U z=c8xYD{hvX(0S|Bwo%~fRC+S^86SqcgF@Sss#8s^6p+argLQYr13Fyyc5wv z%0W;)Ee#3z#`(6ArI*1o0YNzzgqLRaot-)e2W98n7t4^z&F`&NIGcSgGnCEpxYYSP zOizW<5qG^!Izkg%EOxs=o%dd-UErZ9r%3_%aCp&mcs8COwV#pb^()xy)je!|37s!f zEQMnL1r;+0jCws+p3XiuP_lmI{ADMW$QV{-3~P~#8vh{zHI@lKZL{}}&pVe~q)aWl zTpHTUmPNSl#E+dL+1X}uU@U8cYp<*p1HsD6=ne45;cAXz6;b+u zFVX-|`~bl=lJ|^e3nirY1DVDv;NWrfb_4W3Ld*I=y~&F*%V>1lhZvO4TchNXBG~9X zK(p|D$Mj}N8S$(XbL%pbHQo>uv$ zcW69N3le<9&W}VMUUjpJH|M9r)vWeByR|3h*npu=eH&1=T?2!c_ogzncWrmFZ*p#j z0DT~^ng0lZD2kbOaawYj?&6gBIhh*a$^MKzN$@l-Fq%fM%~;r8x-hf+^rj9KIL_0| z)gmCK%L9ya0}}keb}0@iH(SI3)^iVM)M)SHfykB^gRCm4-KuX7Ifd4n!5m`GgPL*4 zsD5`?z6@Rz(ze}a0c#nb7?g-sJzR*n)Kc<{zC1>>hwa#!R`T)djeKcJFwioam0BPi zD+h65*A39b4PtRw0&SKGn{lT50ko&(N9u8%`|tpybpks+HE{ShV8rOfV?ZW}9oEJW z6Yh;j>-S>YWsI86U*#Q=roS)K_+5tDawxKs!Gu`UAFfur7|(>7H{%&*TW@*R3pj6# zr0XZ7sHKygLSb-%R5Ql!SqrHIlwgG&-WjNZ1;2 zV-&XDQD2jM>-e^R9Z^Nj=S!$P>3(|{-%abhD%S07k#zbX9x=o((3dq*oL;!cXcxsn0mpd8L3fK9cCoE?cojE)7kqdq*-1Q` z+Ai7A`*g->WnZdfdWY&904ATNE-2Dd=JR-F{Kh zr#U-*&Z4-RWvp+UyHIw)Ue969q3*L6y3>Q0Mc(P*n-yK}`A&~}+~IM>82E4;bDeD} z*@!$to^5I=N}3)Qg>T}AW0SMQ!%>MBD!Cq4HOKv;&!HXDm`!TzJO#s?tWB?MH(jMs z!t5@6sz}VOS66uy*biU6`}HC>ik~i*)T5+8A3PGdZ-#H&Lz?b_{wo5$t}eSYd{iEi z&4aJy10vtrf*TK&+6ef0$I)TXq44up`a9kO(oZhJ+VIq~my)-JH~mj85d9;F^KzeL|1lAr9i%O~#@ZwH4g(%u-q^$o)? ze8Tj<4}Nk!L9@KU-tWNoe-}DKi2OQSXFXe9ZSTqN&F=~7G@D=1ZnlF6{9O0vP2R(9 zk$n%5%3ShitHWHe(#(fWhhyh6=)-(kq5QOWz?JK7|4IaTbPEJar6g+vLFsOV5`T*V#;;APv|&b!h@Y0H;Hzr;FauZ5i`S+;I;AFx$` zL!cCgfpozk3$?{Bhv`(w>8V?(Sgvk*UM7)tRxLk5qEe=0lvuwy`Xu5mxg(TkXxh;J ziMkhjIDhFGZANHZF^By0g2$#x+;pTknQ2rj5s5#y>lfdRU-Zf%RedO!N4|>qnO*FV z&t;cshy8F0X#nm~&KXD?d99%G_r8si-CgR~Xu2nTN}21~*zsrfsBh<_~{Ekj=_w?d)$IBKqzKdra|3K;}oIE9CLuCmbU z8<^td0rq+%Vmy%Mkr}sUW2M{RcSksD z*%&b3(a?D4MP=X|dYcz6%pyqQt#CEuEcYwlXqB9@L&pmY@aa|{Q5V-S%iz+=@VWe_ zKD$Z#EFLR&!Ox%C?@4Bp%0<1x9Ux1v_}8nt*O`tl%od;nbS;0CqJVV00Rmy~Uzazj z)2UrVVJ_QuC=k0s9+it{p8~oW4?21drecE(7ie1U(R!A$LGFP=#h3;ZyBjfHz@`8s zi5WGA2@ZoyH%Bc*6<o${_dA_6({-jRx*b(vSjnUoHGQXcAho+Cz@m_npeBnpIEA z7s5x`(K6`R=oRGIExy+RiC((N>ESJ1!W$4buAO|6!Pl_T%jjMwkxTk~7x9vh>dPOP z7t~kmCxyw@FQ-?&y8u3;TcjSflue`{`w=TS(YFTUGxou+^?6}hPm6>jl1Y(dSRz=cjnG5u% zbywKu<8A7Px>ZQ<(d5mZ*AdnR?#?~2RT10ZZvTLAgFCpp*+b%Y_*PGF3Qq)?epARy z%UE2N@rrhrlr}IGNS10LTCS=Ts}4B}d({y%OFT_=*#Ct{Nhx0ZFWkX5!`?UD1Q#Mm zr9DDjUC8862?C=e@&Rd z7NRFZgq>mQZ>2C85JTpasoGPERjOwH^set?}%RO~xL~Wu~9oZO% zh&{=ZJirCg>mAclISa$)sR3()ggkK*_d^Ztl4%hmTE!a=Ly9`KBcDj}!5{7f82TYl z_$f)@r7$AOYVYBK#^GnM!CcN$Lbb^!j>OY1<`e$1W{_7QM+zXREsdqy)|58LR)i~n zEgb0a#kcQzHof{#MRo*uf)&@#O??nDfIG2r8L|^)2#=G!2%ZB=Ad*&0MRjSD6*)WxP8< zUo<-)2J3xW{>#6Ex2jE5K96=sKG_>dMfXqB9~{k2nT67OJIA?Z>-Iw*B-vu4l{$eU1`p1ZQG^Z z90=zGq-Po81u1tlH6yDd5HaR@)T|a1@pks1&+6Jqv}z{Thd{gqhx2O4Zk_QcvW0A0 znEc^Rezw=oVf=K#7o0{2Ly@|Oo8zF$N|_6>{u!sz=RHHu_I`(>d;EK^Qt4%yLxV`Q zQIDi_xxVb9Q}c)MD%*WNKr*gXSqA$Sw2X$*nOjC)ESkAyz69#e?$UY@1C0W0AzH$0deQ_)Tf-taUsMk!vYXh!fi zuzUVM_p-|Na?J9Vdf9HD)ISQ_@*f4azI)&NbjqFQN~7atPJfer@;9r8qaWujONY*M z$fZahXq!O;LplDLP@s-9^018_h8h9x=~;$C?hze5^QE7HAh%#S1-lhC0UAUiZ$FXY zUwz_5!xG0}7o0(HABL?r0eG?gpbv9b-z_jP4VKIfIKf-4nje4De=~YzoLhznx%R=N z*H)`ft5na6qehmrJ+}9DVt<{_(g^Tp02F}rV_VB`##sx55ai{pK?VJRftQ)I+jB5M zeo&$4PLD^+Ko7D}nvBjcH76eYQ9muR=deGqmwPjpZVocL{jN69FAnaM#D2sW=p9z4 z(x%R6+h{MNi7&HRL|7caipJ1z;nc5%J~BMWwdZO&oqz5fQ<39^}MO zS~1=Ig4|a|e5{f#;mY6inCX2|W@UR!Kirh>;4T;VpEFmuh;HX`h#XP}_chrk-;9RO zJ+OwXPP;{WD62bh(_-&V-g>~jh9xs`(R(~*I)jY|bG!uV5m0>kxEO<3QeyFpfg$3z_Z8j=nH6{4TZ`J45L?8ebLKSfj!6_gT02C)e;smo9092laAUyAKlf6`Sw;dVMI| zQO35D#0l(Z_zn?_beJw+aT5mX{*-{{aQ!A!Y=H(GT#?_imF$rJZHHti+WvRl-ujL7 z!zU*1OUXg_YLU(_Io2mR_T@0G?-+R@uIO;_NIZ=+Bv55zwFmGYYj;GYiAg)BPBlD* zEpq4pA&XOR8np$RVPZlLu)}QC?8UVFZ1naP+-L z!K{UZ1s!RX#RT41IJ48R(!N$Kd~0eJ@k-qUY0W0ul{$uumk=89!cZL)3*A=SA$ntC z;*Msgh&KL{I&m}!ul6&9dUBsH1(x|!5-aL%pv<@_AT0Qs2RO1Jip{?feY8u5L~XJ2 zBWRVha7(5wQO7u)6fahSrBs=(CiK0`{y|3Oq_ddL3&tC7*#th1y`=><+v#f;?^DcC z8h$N%AM@zUE**Tc>+Lh-X9a9PvO1Njk+M+$xXL==h8O#;yz+`=izV0^(8ezAn@@|n z=2AtO4(GW_q_QUnxWfjo;=#Pwu}TDgE!u^cQ-~}si8cCJoU&*wK|7$zCAtg%)u*n?l5PGtTv@e@*vgfR1M0j z{482QW{@YS0WT-!#rmdrSr#bLL_|SkyH6grY`g3`B=3%I`>u?f-m_(m(L?j%!MBg~ zFI$t4ZCWY#Proix|z&dK3e+*XS?@xv)3`WY`d7AJRvV`Ei}$lY=#1z^N^9 z!;2+nfdj?Tr$Iy8wBsEaXe^C+6AX8?{Jwy1YS(`)BB8+y0~#TMLS3>S_}GWu9$H6e zQbwbt@PEKEg1q66nt16nY%O9mL27E5V{zi-Ar8e~SZjj4@tucB%z>`X!B>bX_(I|T ze!`3&BsM9o{zkZ^6f~7wsf`3P(0||A*9^S(^lBnck%1*Fu&Lz0ABHSXL+#mFNqVI7 zod6wic?zDmE~Y7KmMdq9w$mPyui46Ybk;tvC;y4llV46LU_55csf7B7L1H#zEe9O3w&lBXu2&1JgyERFz&NN7pbXKJ8z*$ zWUbpo9h4(yyUy9?ZYVWcN2OP%*7di}aVb8;H|@(xxqHcEfX>-_Iqd&som1eHm)xN3 zUZuksqF>3bjdmzrQYOP4dE3S2&1Q6+L#T@_9I@kWt@Pb!?;!=e8Z_X2z)ERJKrn$r z&f=qk!;RDGD-@qaDVG2rk09K6n|E7A{C3wB`$)v06xk{tvRkGgP%q&gmYDMn&7) ziB3s!-PtEF6+M>%P9br8w{(i?zk@NlU2s7vFu6!#%q3aaRi<9(C0*PqNQu~mJCFzP zNrVJj?N0{UNkoCwk0A}NEQM_Tq1IxpkbCsoW7{#lDC0kGh$h9}UO{qS+2^#S;GB#t!&LO&j{WxQt6<(lUV5-K!g0Yl@*jSvHD~E5!hKbUy+C!7 zIsL|?fI)4EJsAGZFAKp335I%pKFmO4!}%!;kIMzb4g3T>=!QZ1tK%9(LPMvqh%b-7 zlF>01&Mn(QZ;aLQ#pg!FIQ#RWLZUerfuKZ#?e{XoD9Ejvwc9lkz+KJ))uS`c{4U`gC2)d ziBy`IVPdFf+>L$8;J0HvO^<{L+ejf{xB0+)gPolhelReDFM9*5aHxMqO?%4ls8~@4 zOlMs>+_TbeIwGSpaj(&lDdY(lwan0l3W+{jvpb<5+FOZFB04Xjod`8?b3_-6a^s@L zeKO0W+?3-m$gKk3D2Z<)N>McOR{vdc7cjy?lToN(1B(>XManzZx)eA|fIeoYMvh50 z6SH_8GQw0C`^yo5HXXa~$a19&uu8f+;MtZOlnOe|AVyb$-~_*=90U12Mt;|9)-ZIj zqncMUcxOciEHwM8H@9S#E1iMKHWdnRSIggCvKlmkEt$DIZRuLXG1Un`gkc72IZG%A zq%nx@b^hva%oE-WCt2T#*Hj^=77G z=Y$IN+Cg#+#`RgFrcDE1-a%cqmPWz9%F#NUm_2@WJZXCxO}cEbt+f51#;;3!DG?+RL>nEgE^X$uBOK4(h{ z>w+8I7VN;+Z5LsU;W5tdZH2LbJ%_JbIjLUy`qf4bG6r0-W^?_fRY$2ZoE&n0Is}0@ zkPi=l7kKLY*ybLsHIuKt{=1(L1C1n{*X|0j$u1r+V#P6ZWq|q>jp8b@D`p` z#-N9Oh*mx3T1{!p4{;(;Y%gPWEw7nmj~(MEmm&`rR!^i{0GZzie4o*z_=F8i5VWBR zJl|!rwUmhtsVH29^KC#HkdrxQV;0DQ_6A;_kt#!^d+bd0QhJm&O3b*E;aZm)xP3ef zy<=8^o%X~ngRqrdtKjUDoYK~z34K!l+g5+ZGfRdb)7(tO2fPes`HTB_PK`m7UKj{G z4?rn`Ec-y4{c9eSs;h95lsuuWe&@+`HXSuOiD}qB3N$G#T9j2R!Q5fsl7mWo>2y+b z{Ykp@p>^fi4Qz}+{-T+_h=oeoz|@?U^Sm76=F9qXP&p2Hvj7#y9xV&2gE56co2Q6m)`^%vx1!>;wb00FVO9;4A>{Hvs`RSA%=u{yfQ+sS``m0z{Mc>}(Y*wQ?&@ zdj}aEXe0t%62{ z3O3Kr(w}sy<$Inm3J~_M_a7S5=yHmV09q>0-9?u=qB#Vca%3!n+VgkzlgAKbGNMPpL|b~Tcef(moCSW zOMMyl)E#TF!&fBzrNeuq!B}b%ad)V=Me2SHD&J)BuWcvvTzAXQ?FVRilx|yd* z$ZDVgITu6317Asb&hNQT2iXTO=iFJK_N1pJWO9vi5Z?Y@e#~9;pp-y&*O!wBD?~WE z1#m=?8C?*+t0ur8a3O4HPc%_BD>bRb5dwv3WK@$ zSQ1WRiE<1jEEKHeT5@phVcJ!_1b6YiRy>0&;s&O{4%0?g>J{JoqyO+VgrV6XoV|A8 zchcY+BL^coB{zLs8fcuZ84ZR;e4cjl&2Zth~JS#PFLCMMebTLF9}7UVx^qf*DRv3f-LnIYVrecMVx zmz&X{$mZr_cDg)P{8Y-PtRu>x5D}io9e(BY{<=6ao4wr1kdxzgG3=iyi)y2`27nC+ z=Fc(G{fZZEl>rGPHY+hQXJ#R_zQ?qnrA;nc*TiQ#`?@_5xFv87P}3Z1hL=Ta=-67u z01R*xOFwK#(I1ZL{U=gdX3Z|6c|p;K_q6ku3)+)Toq2eW2%nybo#q#4h@&`e4rP{c zGjonf2fGk!>eLsljW z3T8Kqp~zQc5%(uDrc%(3aX#=aB}GkU z(~jPT@2S?H!w@)>UQ4VXz@R^j(&L_Azg-^S6+vg{W2J9|X!^X-TIB{Om$dxoJ8j=v zYg{mOO^Y5oI%XhePxh*+I!DF)&sn{lwlmVc53Tu5u{a7Srf-ZX>D3~b7m{uI6cwPt~kfFV9wZi=m^^=*4P9oP`fKP_wkT0N9Ouv@haw<-lmg9VS@77Gs;MALB_DrFR3slzLm68)?3-a;NoGSTAKmp zI1atSDAHqD3@kLk^q^R|jPKqO=^bb2ldhVV_ME%(-3?|a9-l>5s46F3z0+wor{VB- zEbERQ&r-Wig(|4v0+3T^NY5ihQ=*h@@Q|qWJJ{OK^G8!}H+xB4g+cgQ13hPOf-S_EDS$2ll5VNYRI zZzuW(^)R%yojJY7e-r)Jvj4z5+V%O9?|fu6#3nPUTJUui3rP?P&_n)n(}IABz4lAo zr7Dou1odg<#w<7{!|lCNZ_`^@*c?(im3B1E=T>Yt{`VoH-UYfY-3_(i6y(FTnW-somL z1DD*`Ex=P*Zb^bq)`RU)_k*!Ny^-6RW3(qU&ZEQl2QIWomY!#lmp`7M5N)R#r)Bs>&emrELnigl2*c;(Z)Brz@)FW?Z_$4 zYy)=~wkV_Pkjy%3Aw0&xCh38zDpnRb;f0Yr5E5$93liJjU}#FX=6N>aBj4FX5C>ze zN7$}2neB03=?qi!qYyYD$0O#oR^e!|Q+_u1(!v>SOi%skfp$U(twzRH_{_v2nz+Sl zzdejmC`_0Jp1Y#GMra1{AeZG!!SwNf4p)Q9HpyggNo$g22MsDxeTyq)Gvr3GF}=xE#gnC2twLOhd-*ENKRw-XB16 zF@b-QgBS_vbd0oy!2O9P0#4J5l&C#Mi%LfEN}oN>e|7+?@z@|z7Y=ezKoU-S&AauB zwY-rAct&+&v|&Gf`%%ocCL3mD@Pmm_HDMHGpAn7%%=JSWEkLI;YBofDt&I)N=CQQ{ ztV1cBLem1REL+?#u0!LHCYN63qtM?0r#!=3v$X>CRW%})i?+#Z*~;G)^D$gpy3Qow z!8oI#xLk|ri^*6z<1&U?ykvVbO;F@fg1fXJd87Cv+gYw%+VDdQ3KyI+PCz{py9#u!) ztDdSJUfRu@0%>I8=eGb91r=VvWjD|&@FgZKNeqdEXHFzH;%~I4GnvExE6*r3E zoQlgNdqR4$Jt4)IVZg>I}UC(QBKla5Y*ts|)_Td9rBdT|+}mZ7(Ju&v768CKQfzyV0kzrY!90&dRXx4Q#w^saZe|MI^u z?b{yN_MS5@-1Zmb<$ZFEpSb=_&zl0v8`Wv4-?w*J9NeQT*@TAuMkwaVXPjF4#y)C67-8;M$>W z*f)7)WnNId?T4--b^Pp({DV3Fh}_$m$obYy#&S(Hl{-!j>frmx^UeqKGDv*?P>ZrY zqSP1;#$i`E=FCEgeuZa~RPt2Y zY5mPg7Fo{vUmJz@%wD=|>W8^u*58qBe9>%>mTv5yb#vQ6vOYm>2M;9fUK_F^y?)@1 zy?jnQLCD-!sc8}zXyAdUG(kBx?Jj-=n!!+?GNM)^A5Bd`GZ!H&XQFY2DtNnzzN6+B zL*PtKsAMQ@Bsd1@}909OMRg%j7Lu(XEKr z8}Ch82sg0A)7AmD1Nz?ckhUuE^=AqIc_%W$CayCDuz@=>F;r9Rb@zvqU@XNCE znu<^2O0a?`C;+}%FnOvbvcIi>sUp(wOgV^T_oE`(8U;XBdc*GWu4anj^gVX{nlFw4 z_-edUPqU_Jle80QNWx21o2<|ob1Cx@>#SuU%r6($0&gm}C(U*|(u`{|IKyT}(X0#o3^Uv&)btZR z#NCl4=O9r+K(1BC#RxqU7tAWrsU^4)t&67w+SZb-{f$) z#UsfQ(+KXht>u{(X}-vkmj4RLcxY@MpXc<>${9bk0ay}mHk5Sh)V)i~M0DnAOrpF% zRJESbt!5Doq6i>04t>UQJre!$2-h?U6TeZmu;Bas$`2a@L_g_idpTkYKo5tm1vj05cAk>d zZVYc0qYX^&Pr%Rj1bc^TegPOdN4dBQBj{ppebAZe9Fx1}1qm6%6JUr>=^OoB(OVo` zN^98|3RV>CHAJkSE5z-aqfiG8rwR|8zFTJ2Zc*`M))ogbCS3GNU$mrzDzr<(L9%{b z#1{N=hdWH(GOUX*&6?iUki279ZRHcHm?najFmLYy3WJxT49?v*SNF4A^}}tsme%T2 z@6?xRQQM?-AZ;f7vCE2jv0uRzaG9+bmh`6)mz$VIeU!h}k|!X6j&pj1osOZTwFJRt zIHpo63)v)cv|ol0GYX2IZi$qec3uLbj^}W!7dw$7gZKFl*G`TnRZM?!vAg(}tEpWu z(6?ENS%s>DGK3@=r8`u;(6APZhAJReoej-Ujlh5Z7P&8j7?Z0TrO0Ke3Pm<36DvqP zEr40mpU;-oFgszW?MDA?#Bvr4<3@qvGRqFi?S{TM>uhMO=kIfT4EI_Q&re;b6O*MV zW54&z$dsD>YxrDxTm#e5*f4pYY*o<<;a10wwfOIcJ&uqEpp;V zdZLvgB9V-LPu-P7IT-?#)Wxc%iMW1+M`v=Z$#{AkQ)s`{>ip79kc3TX(rcVPoF!hWeHETz*^<|;-b zR|Pk%P3&7hWQ!l2u*6;?9!AZkzBD`}Xi;ORt1y?0&|j?J1XA=|pMj08yid;N8v||m z%Uw_qVrtMVCp+KJH^;9js?6(0ea6>2d=@B_zGaF zpr%)$3gq=tGl#QBC}V)vjLIQ4sL-0N?MA88SyqTvFxYQK?J;zhSO@}8zF5zplLipc zZ5Y0|O%Of-sDlO`v03O|`pRo@u*3?}CmB)L`51}$nu(c5hMLeRW|Q))`G$CAgWcW@ z&(}5>kjBVcH-R*nYZ+4u8+Ay^xT_U&8YW^*c}}}(W92|j?Ksu?L$%keI7t^&v3$Tw+B^u!F$)r?Ke!@_OWDL!$k_+;eczX~FkgY~??|B>`X1 zG3iH<0nfJ6ozi~-+wQA~3b=t1`3JvNyW6D#+cdQ)OC*rF+3V;1?PRFwM<^$yd^+%= zpnuvwM1X6`C;((#L;xIY6j><#ewMvgP&T{(G4@rh@pVuch*QnUprmPc@Y_5!}>vW#X{j+iGrvpcPbU+ z1E0bQ#?%!DD)O-q$U*H`NKFMQ2>63xM`@-9B5JCUD_ps!%Jb8e-$_k9g}iKi1u1d; zod#h(C7*P#sKh}jr7$_B7x0WT=5?TErYw2m%N%UWfl4XLGZsQau#cM#1ir9WK zRF8^g#iQfW@f-Mz{Dw2+DK#@O0FWP>B6;)})N-!=2W&u-zgWaIpbwpt9R&Os9XXIR z!0RLVl-4Wp{<;a2gZ*PhkXaN+jmP8tTERrk70#NA~i;Y51@WbTYgRdneXE!^C7 zTc0063v1MZ$PkK4t>vk2gzVVp;Zn~^t3$!2Yer{iharEvdv9k*41uXw&GNZXINJKZ z9c(5v1XMNL872fYycR!8eIC}yhlYWYs2{&AaEd~XFb7$tYv_E{YBnGTWf54OTh-cZsPYCQHtvhD?74KTc}CfVH`8A zgM;INXdL0^GxYq|hz_}gy}x$Tr)+vk+3HMf!3MshvzESCvEG1Z?Wnx5JPLYC))9gnVtHz6&(Dvn=d_SH$!1U+BBk#mIaHVY+*N9-8w%b_) zzMYW+IF$DOz7XyRNp{h*ZdQI7-T!;o{JN<}mI)Ri?SG2>|3lL;`hE~Dc6^>Lj?1^B zhY(G>LarKC459o7=EecW@RfADFwxc7FbB0@^!269`buTq3s%ZVgjE`@G%B@~w#Vq5 zmBGC@o)LNve#TJC{}X!06kg$nHVMn}A2T_L{Fh7V)(Yc!wxHYivaZtSt1*85RoY8q z&>z5{+pc2xtnsZmofZPNs0kW&X8G76m19QH<;lSm?d&&3bSI(*8AF*FyMz5}Bgx-E zY448*7V&i|ZzV}gbT+eYu-yvhT#owWV0Qm8;?0!x2v>$#>Z$R54*PyB7+K7B_}*CV z!qrWD=c|ZupySOQhvhCu%Ux4A-?10B@c9%!G0qYX_E@%xBp&wB8$-OQaL_)>GZQM_ zl+`qj(sxhGAHzt0-bC^*D3dm;8NT!3s?jrRlltK&8tvP0@79h+$u0jy+_m^=hr6(xK!{xk!Bw#+WfE1ciCva0+7d>i=Bu zKhogCH)$|R$=Z~Ki`9jTUN;W2{a?B{dz$Rr?>ALsU~uyQ*C>ryA`@GIo{-Cppjzh? zfQbpI`cZkRsX}4DH?=SY&nK06UdP}?kg_i}3M8TyX4I|O z6&1_}Yt&RXawi-*6HQ!?G9H?**lq`@UnqQPNMx5Z{f9dahv-=xqQ^b~fdlp6VuoYe zqwB7|ZY>TGLu@T(iQBRkhgXTqS|uzUpyfX_I6{V_Wv&BH^@sM=FPC-F zL4_{6$qG=d1(E-G@fUxzyt69M06 z=3ygUMj^FCUSh{4NSYK>$qAKDFRvpf>nnDig36f1XTtUULX8OEQHN=5<-qHtg(UfrrDg#+6VTSlj zM3%#}8j*fr`ZQg83Bbe-#Y}4Za)b04K6Fo;gH3|?zr|5VV^P43_B3=p;6$E=EPIVi zw{Pi2-f5Vaii>WxcW%5GX+7jWz@YycW~D2t{Vj-U*5swOHQ8v7oL3+X25+x_!z{FK znMvB$kR2SE91zVz+~4LXO^jkY*n>!CNKj(N?bslFk8@T{H4nYzRZ)Hu=99 zk@D$-32^#MWXn=sIlnf5dBf8m0W96cu#_j147w%exUt5N~+qV-5u;_ERn?d;?v-~`DZ+9L!X>L{qUCP}X3w8J(o-80?PC3;ZsRM}3E zu`~e^B&X8CtUppDXh0efd7)RdWDN3!c+N*n4Gg*t1;}npnT@=3h;B!u zlVqza9?e-dTh@IF%d9dyV1taWDo-$Hcx6QSi>5}DMN^f~8&ZUQZhm39ILvw6L4DrHgBIw9$c)&H5kckJ8`+h4 z_ToqQnYm~(HhY5IG%f!Saoq6hMasdQfwPt(J|s#;n20-I5B|(jTJGeKHt^}JQbqtY zwem%@fF~ARy61bj9ZUJrHxBcW9oH4%@HC~{)U9UZ7rE6e&S-1%@N1@j7vIfUxX^Fm zZ~)w0(8;WALO>lm(Aa#unYFxs8H}ur>5L3pI<`RaPdMd_b4y!Q`>@z)h4}<$p8zIy zr`vbMrsBO?WbaRh#lB|kBg*m>ITour?Er~HMYIi%ws#*FqN}SJ*s^jI%qP;f(3Q}- z5-3J+o62v+aK@5KU%XKbhyNLHp5j8uaw$?HDjzV%Cv-4S`NKM%K2NX_w(&@>#(G$# zI!q-TNMFQ;L!i6bz%Fbr((PXbY~RngoG`aF$~qhT8|Cc7D!4zLQs?rBg0ph=C~E?< zgyZ{kf!$b$9)7@1!aTCkMpbMGa*?RgQh~o?PqWFqM_Fd643H_|%`PuQzQ+F$1MvO< z49zF$+@Ctys0W9fKGwL;;i#vR;HMqkSzj2iIq;Y_0v6A)H4MjFSdU0!w@80Uf}yAyxsMV0#H_*s+%_M<#T% zvz%YJZYd`pTDQ0Hb$Fi~;XP6 zK9rXBl;0#MV(s^*V(9#2#8A+b#N+?EnvjwUjX#_c9b{$x zJ%i>Y;VY3)>d#kMfd1o6EN8KL{S9fCQa6yC!fw!o-8wrE2-OsO!GEVDZvQ`K-0Sjx^d)bR zFfC4$mPovZ0GA4NtG`v*J$@qc`1hN2_SENBL>ws;GILGIe419DYN;sEX+j6_QscDi|LZd1-8n~t*sS*!r-`xw&|Lm6 zOqlo9$MmFuSRQ z-8iVI59J=9o8FO%*dS;K@9fLvGAJ`^&-bO0B<$-(97|?KSzWj^gT=u=DHuj|@DKdq zO_I>lt16iQ`x;9XxC_OKQY>bb>%_{P$vqEgt76d$Vs-Y1s(+lHmzWul_Bat7$2npr z(f(e)JwmfmD3@oO&0v4=X#2sW_g;5(OfKj!H4#1jV45lBW-b(|&`=R$adh#Ja?;+-;(kzx_Sv<*cZm}^EyxHp%Uh^qe zo14eLURr$&e_tAt9uV&-V*p z4WkxG$5y_bfd$`i!9aiME(Wwz`<4?bO>NSNYMIMVeqd_)hWUZ^_NG4-WuV)SjQ9r% zhnjCcbf{SUvhoe#sv=JB{Ba=+u97o^piSi{h?*E`o;b8(n5C#Pmx`3AQyrDba8QsW zQB|XFMvzYYg;W%(A=lS-KdSJHNkYB^9yIVH^apEnTp#``pc`vol z9`AqqeRLa*8doLBqSi~9Zw`mK{EI%w(m3l@`Q%&O+t6YBwC9W#4PN>7Bv&)vbdULs)s4ep!u;D}{ zAh==v6knUy?3WEfT z`R5Gf*GPBG)je9ALKT7gOKf1=S$Xjs8NkXCB=lt*zh4duS7>4N@yGY7I zxONzu`>^4ZpGcXhGI+4F6eqrdMLx`Or2kbe&z{%&swSgUDYH1=29o}8!WvGB!Equg zm<_S<9Hh;G!zv0KL1ij1g$+4ysb;@DcD0hfi%p0Plp?T(DwD9X|NIDlFgDQbDV@zv z#e(@?n3^|a63bX!*{RvzVU(6rDF+;d>QAf-|3t^?4_qapZeRO`Co6ctG>3nwFJwVs*cPFXETl2%& zbT*$Krnbi2?R3{(+S}r8$=~ieZo$nKI2n`f=NoWkPY?S2W_pXIm8Ctks!b!|hf^@R z7I!euYp{sI)6pO%nsD$nYsQfOU8%1a8U3ZHQ4sr~h8flwd#x}{;uleQTESl&pmLd{ zbD!(-{}U#k>FE~iYr|2uU>00ZuGYl*T+^(}qP?JscW@yN;=K=b%(WDbm0^I;{2y|G z@gsCDEs)IXeaN(`Jkk+WDC~7s^EU!ImxXBnMuasZz9S{l^z5+62v@m#i=lNVzM2)o zi#fVJ@@oJ2+`6u()!3=hHYKjnI~Oed1!*xt?>r*%9VU--SDvJYO&sWF^D&;XRe|RC zUG{p4GY_Ve0s7LBU{q|mX3};Xg@+Lrz$s0U!pz`QMThwAv`$lWDA>F>#tEr08k-ll zaCIoIBNc2$sE;mGGT|7(Rt}xJu0rQ@wVjDzTd*C#K&&Ut38$gHiv`)Z;7(LRX&=@r zTMLz%qiB`VP5-c0zgkMmsz2BCLz`F+nZ^2rM|68AW`yLwGLhYx>)8%lFkjQjw$Ag+ zHO$+?ie=$5VOmt=72=6TmGWU~UJ{OgH(cmE@zj&2!VF$ik;LY!8|1GjkR^!<=rIFP zm3E3d*iQ=OBPU}F)GfBi%I2RljSZnQHo?8ZRGf7A@ANK@%{c6(DB&jJ0a)_TELWI6 z9w?_#T?Uf9EMhOQVkUGo`t#*)no+M@;KdAcw0^5JL|?$1tzY7s;rrgd{QihGKbg|1 zUnAw%Ii1zW6VbjM#fnH<|6 zv+S&qvtV~0B@~sn_`MtWNGx>DLJD@J3Ka#oy03AuJ^+}-`NGojwo9(E$Q(1e`3LAhI^HPk2d;q>9tE| zssAa?I`Y_aRj($xj+03_i&cWk?ygmsh271XnDm2{nzuXBovCnm4#6OPX%F`QlgZKR z?BqLL98qqCeNoYuaU+{e*h0q=HG|k4*l?iMr??r(oJP?_VN}!|B{|sh8p`eCNoHsx zTSb`SL|>u98O-|=O6f9o432-2iYwhXmM$*JU}urE4EmWRP;rU=!oY_}^DF}--(kx8 ztUk~gHWF!`;m3w@P68=j%-78Jp1@MMgt%M*QU~7sEMdOSak@YhFxY{uv%}bq-xPj1 zurs|xeABbW=YC(O*>Z4BnLZ$53z~E|i6Jced3)7ipAJX31PIsZsh>+e)k$qL)RSU} z{$)RdkWOH80*Y0)eGDxjUjv6|5+xy;VTq9)#%i{cT^mMt4)8D?xoi1glZuwocp0VA z-Nns}ncWC8)B8Cc*n13mVoc;YsCqZ=Z{na(8Ug+Nu5u|-*@@UN0|V!1yAefIDHn!i zskN+?prTCK{n1v4t;i-2zt7oo@NBChiMO6QU%7IEkI(TjyAV$|8_LQMT5@*!8&KkX z19HYUpsxG|v^j0(ShZR$TGjS5N5-n}r;XA_S_-}X0?qa}85R;QZ-@^KQ|#DQ+@j!{ z^WbN6fMGaXKGhKCy}6UfVh(s-l1G`XR<<%}f&z^*TJGz$3bFZUL2v(2>dt zS?VfczNK^=?hID~KJ!$VQiZ67ku}fvI6+WxSOw1T0!o9>cypy81e5?RNgi$uI(xTrTVp01Px(q zYt+tjI1@ag=!(4oLC0EFtg>!N&4m==UDr$mrmb4-8?mp`A7LfI8I_T5ngip~K&~P~ zyv~P6NOyP8n$Y{%9SBJqh7OkC(G@w7=CHUC#c{2hB0tZrB+R*t>XzIk+uu#?X8_y& z4_{LIqtwdhX+I@$)G8ryv6&G5ZX~nhaGf*~AjseBq}TEY$_q9j?+FxUjO0hxjWy!3 z1nLUncuWvqQy!R$aqawgIK&uV{}bEHJiY6s@*XPPO@H3hE3Z8SH`GaXLj}}K%l{marFM3*;kT9+V2dH1FQfZTJE}`J%;)7Kt+;l2 zuYZvK=NApk>&2DiyLpzLCj`%>6^wNQIZJyh$|EeUXm=AUh31BoV~DG+q~qL5X`{Ud zsu)CxMFD~XujrO?=ws{$#th(l@d#_TnIa?RPNiD1k?yna z%Mm^JD83vVf#Jk5F0pJ`E}flb<}YvFMtc*Aoij(Zi$RX}cC$+v5J``)7R?tL_Tgsa z86{H~C6Xdbwy;W$*aDRCvRO*OANysal!iv`Wq8K95TjnE1ydTL#XmylvdBU}zrzrF z=rfq<>vYbA2QcSAfN6+eQP4kRs0?zdI4%oZHd>-%BG|+N5Ho@n2~nKYr2{S$ zM-`y-GWPO-Wo$?nozXRp!xU#@Q#I(_av5}>TvlN7$Cz(+(1L@sR+g(baFdV50MLbk zr|Cj19Vhopv!>itN%wY~3oa&y)1Qjox1p3~Y+HOoFU>M1-V1aB8_X+_E9=L#H-VtsewTU+& z3)MB#(NBu>F_klp^I^%KK*9;417GA;RjDX0d3ouGfCzw^#YZ}}iZEv@V%RbLP?yET z@eS4L4t68-Z*<$a6l%A>)5OaJjL|#P-{w@+x&WC^vVR=%TG1u?+;lA$CraSllxG3(2F zE%stY_U1uemw!T!emor~-h+8_%yd-YBrDIbF~O!nlV~Je@RNNt| z{46T54R}8taA9ek(Oacqg%hqW!_>_;k)T2KO6vl$uD&mx$9TPSndZ4GLal6`cMgdF z4)3X;0jI3z}cO*RtEAt#ZtiU*FWKY{451(P$IK{ag2!@_Lck3!-k7&y>8b)2P?ysoM&)Abq= zAeXKWX`-ZcM2bw!Bx3Qj^*t3;^}F-{Gyc{z^U=jzV$ps*M(tw}Y7f(uS^!OAF(LpY z=`Bm7e}1>6X+V@05N(7hu1p*{wTd50#=FOndzw})FWwP3#w;z%&e&|Vq8SFC!L)@Diri`GRjv3HhJ-)uo&RnpL5UX9 zI;a7b701dBxwpF$M0RX9?`Ce!eIf&J#C>|oB^tb?I|q2iPmxp*>eqcvz9; z0m$!b-8G<;W$im}($yp;Y(LVUJ%D7wZfwsA7`hh0N8zCYZTCki$ZoWD`?ubz0YXaj zWc1W~yX_r)p<7(mt9^$%TGR%iK@`qF4-ORel@Xa#Z6Ln{d`XHuJ?4g5M_Vt@W7L7Z zuZbU|tF6L4{8@BYw~6VZ+XtlK@Ek1`Uz=nZCXWIV1@=7aCNK$z_~+52AiO4VprVsor< zMMY(CV?OJud=)`O$c4)&K|El4Uf{_FXAmbI7p_st<5>x>0|qM0mwVp($LS~*IF&OU zTh^>Tp{%E1pK@~oGNnHf?};i+1#lk$ik>3GY(g}<#vCEgIt@_LlX8S`;561btKV&x$#Gtw$Rwm7U1^e;!$NQu_)*_Yp9Hh!jj=GpUS zE}T-9p?h(GWqO)oS*en!o(>)40uSwqTnKIN>Rf1f0imPID(I{~=YC~5ica|N>A2e8 zPDaOhQ-TA!c^3UCLutM_TdLWyUY z`5?JDq(X0~!*~o~wBk$y;iL<$F)fMSRl6K z%*Ia7qU#@CTRFh3ahi@wK@Gshky0(dsZ+m1M`~9Z@u=Y;Zfd?+<57`?%hfp*NLHCD zJfY+e{$QG_=%e%?p;kD%c&pqs$}-BWA>cs8Byd7|w9%J}<}E&4xmxRFHZ)Gklb##$ zq@LwCGwM_#M`}E$@C(;o29%KTMs_^gvYKHLKWzU~NRtdnP z7dOW>+EFe?jgAJ!0U&XJJ5%%KF_nZh1!88s6?RRZuT*OoDm2_QIrUtpUe;f!s25`|QfiSJys2IV)WUehnvaW&5eZ3|1gU zChlnrsyyb+Wonex#sRg0R8k2bfe0ix%B51+hiDwu=PD^(6|~sLrYH|O_A5>4cZZ4F z_Mv1&7|C6_B__62T_hF5u>pjU$g&)NPCvfVi|xDmbY%dj)w)jDZw(kehXHW1CK@u` zT6Bqe(C|1DOH|yTQupFM_!lcWAe&F?Ufz6C)JM}os`yJDtpc4rN_hvX@@jg?R*@B| zoA`u!hfJRJCp^};7ge;hzh=9R z1fV<2>{*YY#&^<)eb*z!!%TM~08QlpL(~Y$D#lP(IBcjVrmYWS0dOLIzGr9@R4w}&Wict{XJb^r!M9kcQ!14f zcPA$I3=mB10Sf$h_d68{KrdoY#3;{!9|k^<96L7WRWE~A=Ju9Vekk-AaTf~g@hlHx zvrz+DYWh((yuwn0#siEH-N#&s%Cw=gv8k`p!DK%0KT{S$EtfsTd~|!O@@^-%EET{k zqPV6jaQi_7R+Wt&ia_GkXduvyUwmPIJMCep6W2i<)xstG*Jgu~Gte5*#tYwe&addsf;wm=`x@mgzaxLIW zz{vLxXAQFzT8&n}ptrj`*Q{~5&kZ#J%KCF>GEszg)-jddCu?qh)3S1={NNzLIo2LL zss%w*xgsDu1Yks!)Kv$+4;dY+xu46=AP^2Eqs^runMJ+5j(yCyl+~i)C!>UxPcxz! z0D206Cwvrc0&O>&Oq~OF@N5p8$s{%YE@$&`?wLZCj2tVR&Qj%%sW5S<^e?5Dn~51$ zzQpbAugs&NC|ie&a(o1F12IYCR*Q;Acvo97^QAfyO9kpFt_#-m{pxIOC1NubC(rT0 z9CNGGTk3<60FUwHR02PsBhyJ1yvu{=*JzBd>k{?}k}(mcCZ-hEksLXmzPa+ ze4ZW;-5~MhYQhKr5@~?CbxIE;_)sQ)%t7iG#tq`bs6~8NOibauT z?Q1{D3FzEMGLebP{o29&~i2=>cAhn&)}Ps%S=xf z359`1Pumq_<`;>wdcQkqTO}6`K!P3byI%G z;%pxnbon<-PDM80P0@UOc))yIp>y9KLxAbpocqDF-ry@Gw_I+mv{w3DA^xZ5D0XqW zD=|mPi$X;)tRYU>>7bs3seH(yN|@K8Z1LqcN5-sK`54uM}2c;fPUzjf1 za)~VrGb_Y?UsbN3Ll;(B%Aub=^I3e-Pa7L&XDF`B`GuGdwcvj>X1bRASU+;;N#O!B zcY8my<{bvWSK#vi|3gH$n5$OT=Yc+a7k#)LIQ-!!)rWV8mw3)#-(d?;F#PE!PI?4Q z^(qL9Leky5ABoC|OkAh@i-rBMwxd$G^Ns@4|HXC&2E)eWz48sfDclEdSa;q*z-zD- znAPjpD`M|%Wd-M~q}F^ZOw}t3)w%wGN};Cc#b1jdf(L0kr-YP$y?>ZYBY~@NyK-4Y zcs*NF9)0&R=VFet$)VeYC`7POnIncIVnw2QH1KW4DG6QQ>sFX0K1Y+cFb8MA!*g}P zpKr?6fOVK_1m#P3EkY50BgU4N{N!6wnkS5Iwk2OzHzmVAS!zESK{i4H4=5c3iIX+Rw|(GE?2k{vH!&(Y;iLamWL-HONpEbOvr$q$=@*M)qEF8q^B zb;7Y` zdz3rL+7C~lOc4!l*H7rvv8PGOV~k@f+RiDZ230}F*!{a0;g~4*hxDo&$29tSH0OVx z(d*;6V8FtD4LPSXa1dvkyG#4<`effuFQYs^X+KN*?EOjm!?Yjyf9ACR=ZKeA9-wq? zllB1}rE_Cq3!mFe`{QCO?~jQI8nJER@CmhkX9z{LmG1p`yrzM-w8%n;NhyF2B(NF7 zeiX45hX)rRCq&8-C7rY?zFq?7nk}!PK>s^?I}x6FCbmbPP?>^&Pgx(A=y-wc(p~#) zB1sQ%&~p%ql*PZB>Jk%4+|T>~y7@us$G2iwPPIo9Z<@lZH!w1>FuBXBT<%FTjh4D;rn{kVwAj(z(2a7u^smEB zaAYrcNz7klk_q!}Nq$D(oi|6GM-5fr15t}I-(iQHju`-D79vYBn1dykVYe?X_>s#m&6iAWq%B2IK-y67nT zJNyB|QLasyfP-+D&nRvr8p#yDbAw%(@8nCcuPgkSjsiju1k#>Jj%D}un^Vv{L$s=q zw7`QFNjqzRz#km|hU;{0lbi75+wjiB=iS`UyCIXtpdN@DV{U+BnV8p^g(zL~u1+!i>P}kG4pV$VML{d_#2)%ylULw}BL*y2Voo+fU4+lDbxk8c>BSoC>5J9ZbH(lGQ*8b^dFevAAWJo5U0)$}*%-0pbbQlspe-MgmxCvC%Oj)7*} zP?=jg%s(y?fNWzgBekaOFhfEgEPKi~nY+_1RGyGrDt=iL)p(to?XAf^#di!0@!`%O z$E#r9?~}$0`?0tYH&09~LNCl{56lHL=(?bp+fib5+uFTPjrp%D3iGKb2!}qyL9U@v zru^=wpSo~rCNwYgf51pt6(3`!+&}2X;+LaKeYJP=5}m}|Hz%S6BjOIB5kOQkyiiw> zJ(I>+INNl3)j{e6#5pn*j!Mg~u`~xKF!nUGx>_7teg+fsOYC!LbgN4K;sEIR8QQ!f z!Zb*X-oC5n!_;&q!k>`I>uO6rtXO&m?~f~Soe|kj4S2`T)48|D5QcjG{50w=_{4Uoe1-kH9w9Z_Uj|Vyxa<}>!bx#Mx!=VttSHzfS#RT$PylgT%o)z1W z?ShYTbhI6@%X|d3d|2cZTTWL-M4tCYX`k41&6;Pq94xcuw7-KHbv(U=hhire0d2p? zDDzZfuF~?CIddW$Ybuwk;L#-;OW`cZaT2V+ZZ)eUjYs9)Rc_9PPr_;;qSgz`RisSR zym93dW+ET!orP1!XP%opGd*+R_}R0Qr=~BQe{ND0GCUepqmc*p?q{^jdt8yGo4vFg zC%!M23lGJQ^t;MRum4Qad6o%DPgSYtE*Q6!uDZ-0+D!^sMY=te->C4=LvWOZVYgh~ zceE$1Dg5P#+qnGRLvWIn-ju&QyI=0xKdDCSd5GnYbe=~vY4MRg`wkTL(O=@B;)d2x z6l8zTS!Rd&I=Vj|yh3;M3eoTt_xHA|j;2rd6nyEir`{i<%s{1&x8-s$ni zV}iKU#%c;Nzr@j})>UozcJ67Cs}Rcx#!C@jH*|INB%kX{gtwlm_$#^~)k*Mv%8%(; zbyK)SFI1KEj01h7s#^;L6mCZAYD_gf<9fEmv=YELr8#S_GCD#&OtaIk4Ac7dex4}N zAbS0Lj5zI_3d!4*?8;Q%?L8yelP++Nq1a`NBxoj7&@`IciS@CRT%(IHr>5KaXxwxk zp`|OD#Ki`cxg}K^^X(>w7ydH765}X;g_X?eEPp%eZ&=X#+XINg7wMene%mOgU~1oX zvv1S9Lekh7<$GWs{11ULS}d)NMg>~~O(9{27Zz8cb>IQK&EPWgHo`Q(^3j!tpSN^b zd7TpnDXN1EiYBeP9BJkt5nRVzcaWWdef+bXEK}avrK6V$Y%F!!-_uRv%o#m&F-`u4 z{l%^pF<5TZyeP1{*BdTwLF2PXR%FW{;k5WTfd>=v|Mcq?JhJ)G(5CxKZuCTPi06kr zw^xrqaY?;bSN1&l~yyxXbwKL7l|7uxrn>-BR`o?38nQ+8Ti zM~9z=QD9NYfFA51^1mC*L1CmyIi!VPj~K-K^bOLl(^DUClkW5VYi7gj-8|N-(2rX& zI$8+o80z8Lv&|6OmS|7&{?cpu5ie}G|9-U*6JpKVxUi{YR^QTB z2^#u?>0=>$w-HrAS~sGSbR=Tiov2tA!&lL4Kd6(-#x|k@AU(|LMH2UZc8OjoDvn9_ z0al7)DjbW_IfCyfv%XXf_UB_^03yH!subFDblAaC&Na9g8{Iqh*8m+KFxoe zq7s9Fg3N=&mpEgiyak7hPFY0z%~+cGlBH=P<3T09V6n^Jh=J!T5rG{j1b`(u?P{wr zWSD#&DFAaB{kIwN3;m@a!6><#yOUSy^aWBVwrZRN}?yeJIvA(aiu%e)frk0n59gk5-iI~t+XW(MHZ>l z`4(E!oIl`p-NdO_-+i{S+<;@HW>kAKGHTUhX+(W?xz=nhEw@6qrXL!Fnts-etg5Lf zStRkG+XoHk20Rs2MMHXS{}VivDqGMiG;}+_g>fhwvTk9f*HHBgDbyYl>BZE%fufbK zB1aDbuG0aRVWj8TR3x(0&hSEp^YUbMUIM0vuC1_0p}k@D<(~iwjUTY!Tl6qP*xny)jLgV z{TneYWccIq^c>yHxe&okb{BLwOe}`fA{U3)h52$tEH3*ovK_i96+=9os&6a*5jH;` zf9$`ol9cW5xKWHV;q~p7^`>Jx-*%jwE*&{$w)cEDAKgRo0Nt^K1)mGSvIbl%nF-lR za)WIdh(rWt3qT3&b=b}Tr3C+r4pI(sQOR^9eaLrq(le^WRI2@bF?#4G``@R$LaywK zqkn)-Sl@xT5Bk%0^xV)dSQPe4Z=oUuL7fl%HOd5QNk8GrQA{Ya@5k^$@RMIwD!-q! zRBHWJjRanBw93~d?fG++mKSEvJU;!@`BNv3&zuTve|a_>E>mZs8O?NORBODov{}XJ z-^J;y4mK?}XTvPq_Xf($@?X-uU+o&S9L_zRHOC<>?;bd(J+QT5LB%|bitGl?f`(a@ zt%4~5IBUsn?N*5dc%FW*O8}H>W$!!US|_oqr8@seSF`gJ9A_JonswF%J%EjBS1Kz! zjZ<__eEYNg_i@<4Oo{pwpPc!5g>B^FSUrTnLOI7tqNHLhlI_;G+1 zOD}ReA&nFvjkG}iiA-ZmICPw%<1~ofg3XEvLz6a_NgFt;h_nq6u1^zbbD6XacZL*c zyKacwHt;S;k2f-J<6K}}GyK=+N`4!sl??3b)PfjRS2ZzwJf8ONL=`o@QAz0{E}{!G zz!L4@E-Aah^b@HLs`CHBynxope~!Jc^>c>*BZN&M{9dy5tsb&=@;fk0-#v+AQY;q? zR8PU@Pmv5#ohJ?m=6Zl%ILZuWwNZ}QtA|1ACRk+}ohwI=MT(RG1gYm!m(frb_II&fv6nAbw~i15uk2WaI&s?FK%rRVJOmJh=2Y96y#ENc_Z^<%;ylE(18!6~Ps9U&s~$4uRG4Jn4oc6c~+E?1<_X(P1qD|Dmh`@iSk(vv%eV)p>fOla}h z(>Jf%nKvRA2vxT;PQfCtut=mv7q~nesV+2{(kruz9K0GDytl#BMw>f^y54{|-r#50 z=b@s?K(886YE)BsfLYVu7*m~5&UwrAioaAeLp!K%Q2YG=HM@5xQcG~6RzBDB>YkZA z%F9L=HDfhd{mO*TIP{>%nIX($hE8k9I+?(|7L~2FbVSs%Ed!Cv)YO$B_DuXekHUt+H78u|ud_Id3Roa)IvL#t8y3 zK&^S;^bh=%zGbTWs*S`X%t5=? zY^ZMWyVR?DI}zUg9bWQ|p_t-0mi(`Hn0-V3H8x!9+nT&ww8P<~e)9}qox?_1t4NrP z7sG!BgS#nF`j725fB?k||0!DkrecwK|G!xJDfQxR{~wB$%-hhtojiU>-!`6cIaR*H zDflfCQmw!2fiBE85FvAtXM2|Vn#IO^d)@e`S`pCGxyYfvNbtR?s$((D`&j6U5iO2gC1Z(B@R#?dY8mr_WAsI|?15l=mU z@^HtM%%gzm04O51<|!{ zvxO^R`o)g`a6(NaDI#&?kRdk`0hZoU}NQP<>S z=+RC2{d({F)Wf*0id6yTRRuW!NI2S^2Su|b=21c+qbmFX8-_cQv&E<&@*-44fWj8s}?;2A4gs>YcYcjvO_Da2(m=U+xPE<{mXT!a}2t+YMaq)Km5 zM!un|sz4SU=PBKVko(I<6dlF_E0$_LH!gu zhC7$M2OAV7latuMZYU3O&w4y>=zH(GSAXvxSnL8=u6sd+QGdA{=2iKk$dtWPbZ%?2 zH5%KtZQHhOW5%{^Co?m)ZQIF=ZQJ(A-tC-r+S={=_iF#ecrV|J8sm9-RrRXg-AHga z-Oe@=h{K536J**Z4;4^r;POPj2#;>FR=grhxQJNGLt&_L>|vq*PEV(|a*h!m$4RS1 z1f)@zf9wqc<6M;sVIks-JB06Y^fD6&DyIn=V>5^KmjPf03pkJt#g=7svgU`6+cN_Y2468Q zzJ}H9wB1A{P1LRWbp(w&a9+aPq<&v0Mp;d3ax%ZM+wQL>Stfd1Dss~;n`+o`SS~w= z>rON^R9kgCu)hf!@ApWuAM#zHoo;u}uAL0Fp03!&Uh!SWnnN%2AK|c!#deTpxHLH1 z;nkTJsBJlH&O$E~C;4rk+|CNE$*e!HrTs10w06Z#$e{iH9}dAbz|c8@5C8zR@Bjd; z|Lzd{e{T*PqCRD}K8kt_Lm8QGq4{*wp}&C^q8>_HVzXw8E?C=Vrh8z7B8z4bfu^Iy zoJe^u%q={WK&6lMyu|y!A0PK>{02YSRDu(=^%Vcml}9n*Iwv)=4`Y5b_1kq|euBTeY&F!P?fVlL2%h+yVlO2W{_S_x|-md=^m64SeM&()wIJAFQB z=5myY=`)TsNh=PF#nIW9rA}h6ndD(EHe+H{2`V2~)xgHHyaKi!Y#vq95VsP;jKFWv zka2<5xo*%R_`zL{XI>wkX!3SmL-OoFLcY5fqkr(_=sx(VxWF9?<~_o{YV1A8Jlvo+ zX*%+8C6-;gNnzZvPZPtmf{aV{Vc@yn_WMOskD!2&fj-vgmC^cJV|bNdw}ZYl-XZ() zE)5hNQ-^t#Hm)J)lztcB9-h2Ab2PAI@$hSxLk=TTIGeYxAn;xLlZ2|-n-4=G01J(k zpu7u#H~87VH0OCVl5}+M8B_}xp7CzdT^2sOhfNRJR5JS^B&ajq``MyKLfoss9RxrT z;jgQFEQh@7_4mhN31i$G?^x7r>FB-4)#DwCLT%U3=jN;kCwvkGugPq|HDJs4&gZ;T zr)^W=5_N#7{9u95m!F4dSE2$-DzWSz2_Ay&kv^<=tBuJ>Y+K4`!u0uchiYL9v*6-l z1h!mM$C)xpYV=!y9l|C|a|c9mNuEPPKC0e8r9ALpe=eOzfF=g#Rt9Hx!xMYMlV_-I zz(Mg@YuZY2Yo;#s)AP4O{LrUUR10Qfi%73%g2oHHNt#=LZOKB`*Ia)DZ_zI)1lJKB zcRrtw5$}rQAH@y<7FwvM4sAxj$CV`xo_F zGzSEH{h}QvG$&yf9>AmWh-zMCXyCqhdBNQoTV*KDkFoF-$H)W#8}WDwL{})z7Jq3~ z78~ZEe`%>UtAX<>#9t1|CW9R61~fTrVF*9CM{^Oy1M9MJjsx|jNKwO%7HBT2FG8tKn@V3F7ka1n@Eeg&c-N(` z0B^^x&uy*pW*{pKVZ9=}1dEY)B-Xw6gpx9vGaXSxb*9Y&Zs_87^bMY@NaTva+}X9(vo`i`rC6$79ZwEUnBj$o=&+eWHwS9=y# z;8*5ft~#Ta)EB9hH~p%v^?PoTgA^GrSP;Eg7dnZga>{>=Xf&g+o9Er_Rjdmp(+)NQ zoRwY}Pw1zcp}r|R0Yl>MFND~oU3Ab&&%f~&h?&0IFr0!laYRe;D7teGTCc_5O5v*) zxx3?~-}Y%d5r-hnE=l7)Df*nk4@puxJ2w0nd~Svkqv&p^!{8OOc3n;RPD^G7uLm5} z+vG*FKW%}ies*`(#4DUeD+4DSltytGij%*t@cGt9c4k4d%}1R?53cUnf8%W%2vCs2 zFt1>S?y<>~R863%Zk3yHRXfTNB?yLw7Df>tM(5g`922Rsi)$4#$caPB_vI1EWbT2x zOIr0tdBd1Whc&9;O+F%MLoJ?!1(EQBh*Bb>CC`Uh3=QCNTkL$A5-})q`d{>!8l`4YBz-JqB{r}Y4M!M;24@no#z`rC*4cL<>cDzL z7aKMOc!X%zN+!nav}NRilcT(143y@wGdEm$S9Qe(MXxiDI?SuE_3OKAbRxE_QbIt# zWa2L^3&g3M)w-@kgv6XbQ2;s_V|D0pC3RZ0`&692 zcg)kLgQfxnX{un~!xHy;uy5Z+A)Tc%b|lOb+`M+mwGN#cc$Vxfa_1;4`W0sAIP`$s zu%eP!R(TlVgcpJ@I_g|dwJuFYhKoSz4TX014U=y@jHGEDhEy@88Sm!p>6e%rFjmza z$*^IKOdS^nOEYRGdhYGrV|h`40HDPTN>`KB4a*7lx?{xqQa#SuLT2$km#ox=*V{tT zOKwHeW0(Ng&Z1v;NL^oaM|%oSHMEu3mtap_uW^KHC){G@U^gE1S{FT@Zkl2nJhHur z0Kex0y7BDBn!V`+g8Z$CbQ3)j#t46W{RJo^e8e_E-<7;IVM7PHb_JKFsI1RzK8n=( zkzqPr1#UJDKHU^SwzojpO-&KY2QdicECU`(=Al~>7h0>*9N7~0+f|Q(G%yGX00004 z0Aaea62EHV>^BeqfFdXW0Q`#;Pii0Kii) z3^uX?BeBg~;~^z!1BS{~D=>+N3%1$LIi;%e9d-h(v%s0Qn_fZ{!IS z9P@r}lt1pNbo^LacE;j0eKPv!+W2`gzn@ujD8jV35P2^oS8u9MehwFXKK&M&mv`4V zsx9VjLr!R?^&?VYb!`(!53WZ9s7}HoZUi4*?SP|#SjlVtHhf|whI-6on?>nkuKZ@S z($?Rc+C!y-$qWu%ux9KIa=e4^mymHA2p8MgY-r+fra-`j;tlG3hr1n?q8l_e{*2E1 zj238-8wUN8lPmNoWFi_j332+?$iOax83cEzwWA|5ZeGQ%DvWKTv>cbKOtXvU#qmMl z`5Bj;z1+Rj?(c6R>e%GWzmghCMi%eEqRJ7}f2lP{Yae+sG~7yblFR18r7suDxMqCY z>8p}76ymJ2R*-o!#z`@%JEWowh88E35tn1ytTH^NV2OeQyjph9pbR@C8Q4l)_XWU% zRV>FKW(f&NOJof{0SWQ{G;;8sDw8oMbljc_5~piSDZ!|*=yq;azK}E0e-Bp3MkK0qeME(>Q}iGl!9o7tw79RGgaj9e_OP4tbeEsg#!4qS|yw%vvZN;anc()s4b zni4`j1HA>d2wRang;01TQE)Jn(rMJ64G*7_H{G_k(~&!VRn;p*HUFENuWxtAjQ+{E>A)xI#+?@ih7pG- zCK*IQGzi)fR^nPZGKW~R68kv_F7bLoDW{kcGKp+yY6g2NRFlE!ik?0If1MeuZErju?Jp;mF(HZG< zeGY)BZ(NC+YYDFvQsj{;r~`43oCSi8!H}K=QeOK5ILDOu_UZ?7 z%NdbBg_M*sw;9|4{k+`n4JuYT{5&iDVe;^Ma&)r1ikZXp*xhWIO*kwYhe~HXlEO+v zE@DHOjhMA9LhhDcBVmmXRQfQpZL)lfvv2fez1%7C@7N@uKDY@H=nJP)596PprDO?h0+%hJ74Tq^a^&(irY8b4Wy}>V zbIaJWRaNGC(SU2_FA9Qw2b`j!fT8$QvbU7;`-|3Yx~fxV=W!RyS>7(=BI1eIeS36# ze{ib}l+F#KR$q-HG+I?mnghJW91aE>xOIk}LPd>QFT!GrHk2PP%Rjc?Xrx1Jy5B5r zxQ^H^67uzEmv>w)_A`DP2#s3Z z)!29yUR!J`8LyukH2rqtx#)kF=2{=|+3Vl%z2ssyDE2d}wt2WuS$EThT>sAO>;bxl zY6QQLeG(e*#$fZsFaxbnqJ18?u|zFGx8pJ#jpTqC693bxofZcFnCqrym$DGDW9U_| zX~qBIKlQB#Lw|xrcl$eXmdki^B}8I)>S!+LoS%3u`PaN|sq7-yavC;ca2MPowQ{Ik z|FXM&qx3tHRXiTdvc3Ly#L5yd002WI007+od`JI(eH(j^|1I;$(%80J zXG8E^)^~8iCn;&(u$G54u-;q(+8j`D#*HV00MW{~u0|?LP{FyZ*~TT6O1@;#{fw6) zdfjyEiKA^Q&qEk)R#PE6{E=4{ScsWJ^L^ajKKazviU7%KjG5||Pdmp`K*=UYYEoV}E0OGUAW6=PuugZX{o?oVZ z>8j#)&h;SW$WAeU$Jw*)jS{T?Q`1Xf(ddZ)3T_BkM(|r@1m$Z72X2Y&$gE)%+RMUC z#B$ylc3q~Pz5jP=#?<5aa>l6fz>?zQLIK4%wHXY|wPb5+X9R#>)X<*%KmhZ63`ObG zOZWnIs-Kxxq4x$#=WhKDllat)$pL}ZfJ-qJbutS%%-rglbgL8iN!nmJ)sn@r3-#zr78D&lEoGGLot5IbO|;!9J!2 zfeK&;oQye5O_y1%m8dEKoa6+nIohYHk^f-tv)BI6R!0waBcJ&lWr%#5a8{1etCb2Q zhJ^2AC;{nho-8;T=A4*aDpVh}+BHx1k?BcM@kLjfibh z{BV6-a9|n+XFrr$gkM{Wppb@e>#UtwO-XZH$0@DofGGtzG;A2pXxDvA7imLZ;;PA* zb!{O(>m6;#hi7vddz_c(YQv1wD&($T0&!Fvd0k+#zK1g%T%6)vvlm zd3O#fZ}%`V#$!v4cw+Jvh@!|r&t7FL@O@dd;2`y6Nh(iL^hSv(dl47st7t;Xx{>>1HWHT$iu5~G?Da?A2GmZn2&E!e z>v{fyi}--P1r*e^l&j3_`ZO@xCr{GZSP|lRCyYt;IPAAX)DAjhI!l%l^na>>WXG93ecu^_!1v!gk6Ily-ApwS8e$^@JS8b$!82jHPXG~rj=aEIJ` z{K#U!?D(9*@(IH3SdqR}u4OwUe7dv946K04`=Y~4D^)A=!7oc7RMn*lH3%`w3b&hrB zG)j}8f75A|xgH4gFBO_3u3__{fsN7^Yokj8awtiFV?ECuJapbd|KQ1)6ArAMSY=|m zMfP2DK0#04ebKwcA`VtOAC_1*it(&T`Pf<7zxU;c_c^Aj%;Pd$8~=kUh6T5HzMkP$ zSek*==A2?)Z|=D@oSj!mZZ0~{US8N;c+oa=H`UZo1IcuA_5SX`a)OFCFyO|%JP!pM z?8M^shmZWT>=05a)TPv=soPI}BKk@N1In2zq9OWW6k#*TA64<_H5mSIQ%!txN*yqovjqGk-W5#>k572lcR} zq_J?0C=1>~)nNLs&S}Cym{?Vf-!Nwz&eg5T+j7Q%m8<4(B+yhL-P*?LZY_iY*d832 zaDl#C5HiQjr&0CmIY_{N&`z*)T-bkKT&@4n;ofJ2@v|5Yt~W_EN*&kXy)JSKK)~k7|Xi#`q#5W_RG9y z;#L=4TlW(Xb#KZTUsIX;c#W(^ZCW}D+?0z#_It9sqi-iS7E^DJaTq76iu!!l^c+)j z|B=!Yu%)GCW?Alquxof@KNKr@cS9F>*1*}SgwG%1;TvaxSyxTeSA+4Au5q>94gN|tUmP7RQ`DQNfReslnRZHv}@So`CI(OCt3J3tO@blpP zXY_M4HUH@Ym^%Jc{{I{N*(3$^-fe~UF~}(igJt-y$V$b4CNj`7 zB9FsiMvZR%?SIX`P!J#qreClHd@`6Z%`cyK(1f zK-lZn(2Lnt$g=G~bOuxH@>~@n@yXsmEIMqFb#C3nZlDKe&^(1=6gF`3r<}&~>-HKM zM*Q%c5BPJy7U;o5F=wexGB)#rtX#r8taYn{kGe_~#I$TNumPzv#zoV*Zl_u^LMS68 zKT22?pNX|DMkhILRU%3i^#2U*W@_fNEi?c?ASnO<)_)GJv#FEwzXY}lOE+%4_14D^ z^qe3*+G6qGPQd^WeQfj46R=vcHf;|913Dztg1(`?l$i9oy{DU5SSp`lwZk$4e1wd1 z;Pq>7+^5QUAh|96N}HC&F8Rtg!?-7Vm9g= ziw&`K5>!To3>xr#MsTd@ur08>@WX3VA{pMSI+D%*g3oJc9G~p`YXUj4#9B6LTnvfvqNbYCqgTOTD z!KzZ%9+cm-^?%q~#z470uk}v3H7}V67z{Osp8FSg#CtztuR#cq!S$Lu5m&R%x$~xt z_C*tJI}^ZT`$?fhNy7*EwaY~Nw^U>Je3j~drRJG%!TBk@^VUFhWZ7zIqG|eExH8WS z=g{7GBCJ9Du&O4jdMrHjZH$`3YL%QzdwY9VI$x0q<#cYd;UxZ9p|Afh%$@pz~Hg zYp*p<$Y2SaHfA6Mz>!B}RG+|Oi_l~|fRt;)wNgDjQkUxH_j{xxR@dmSHdi_7NcpSv zQetyx=K4IeA|y2P5%iu%O~F+OfM zw8Xw&l)T(j3N`IMH-ggfFaxwmKsnP8%Uwk;6hWJ63@7%iRmu_^f!{_lKKj`}0~K$V zGAtmh1XCdCrYTlOFaaP7aaAo0Lm6*=W$J`2Zs`-9T4*BlnTEP$=L6PKOd&yeIZWw1 z6d1J%jaG!{P1OFlczB)x38sj}7>7Oz9k`cFPlQbOS|NV~Q?V_5P7^p^xX15oqS>T8 zlYkiy8V7R?yn*-Z40@yxNk#TTO0~aO8HOMgNzZTC=zRR1q+E`Rlcn9$X?TH2t%54p zzXaq65}XRvOhB}n8>g?Km%ZAfS}Ah5zp!bzJvX6WCjj`z zMe%E_8b?xQ5IV_+Ij#-@7~y!glDC`iK)+?c{P6XkSh z5=$2s_@RDUmSSkdl-mtbguBImSD^(J6`zjjmbMVeer=*X7-for*~r~F`nQfW)i3|P zA!Gqfop7xvoCh@;+|(tAEXsbNgxX`0ScKW4rbbl|LqmA{D67^`S0*KQk$^U|whbwT z8s07qGD0ja84Z~ORFvSq0?l+bSP~Soj0{9pa&;1JlpEGv(;cpyPT&#%Qt<5}#APR} zlXUsk0rPMtW(=S#1eVg|tsKM0gYuA$|z_Pe)7T>wweFYK9`HgP9o28MtGgIc7dWRY0FCZA< zE#$lBJ(UeoP<->?*XFeALeUl@;Jo)sM}Yo_-l_R*)U->Ke>|6Wm099tD|i(EeU=y^ z@O*PnRrg_Nd{{39Ry<8FB|B>nKqkLv`fYx;a3#;ffuR9TNfWN-kC1M7lzA+YTXGp#gWz&|srp(9l z4hxU-igTL{o^6?cwiTGaZ~J6@ChvS^heT=e+b>iedZXan5dqdsSyEIPYQu4jmfwS_ z)AA^M3xUAIDN#LhJ*b|IT8QmHuWrx5#-kPm#*7_L@_;?@P}vdQKJUbGotj>lpTJjs z2U^R79@Nf@j2NUdpoirQ{#EJpIeh7<{XFwp!Fx%SudRzs3IQ(#yYJVC(O*_)FSxWF zHTaG)8Z>z~A~A?3K7q&8SnOdN-zx+L>WkFJe@_iAV}{9@sAG}=K+ z^X{SKm}03pVRk72G2_Dz%9tFQb!yP!Wk>Y->y1|1C;Pi)$5GFJ2>PTqv~NcnzmJ0& zX>9HI)~tA>xNxy1F>pfQBpXifD9e#t+>}Wa?^#}-@B8g`prj?o&orM)qN=>B z^bg*AfYlhgLM0Z+A*>ve0AX9ND>jRID$HCO&?BVKa*Qt~zI|^yVrroCO?1wCFz9B$ z{<>aX-h;x8AjG9R{F~A(fjkOG{FklZM(HZ7R%8ih(cxcYEIh`tedK*X9M}(W$uLX* zY3(XOob3RjyZ)=_`=~1KS_%oge7PP<&7oa`HA^>ZwV3f6hFAiNIeg=QjM}E5Ka&Vv z%wh@=@76npBK`xsd~v9i!0GLq1R+iIfX=mW7FycbZpxYQAW*=-4pN-rf?5?^GXt$1 zeSY^oYnW_6T5_*7HlK!VG&U|6`^S*e-gfZqfNY}j5A6GGXGa{Dymi?y+Q@pd9cUgU zPG;>}T(ey>t}0IbmW6*A7?s?&BguNEbig(*X@D(9l8EPDTt6{rU}L!?Z~!WKl~Im+ z#i6(q!tB#}(QCbc{3-H0;)wmSeE#_1ktGZ?I6etMqj}oN0w2pQl4D zeJA=P70e(VauAU9upyd8FKWTx^g(IEG47jQ_Aej9p7FmNL~BGaI^Yu5?N7#$SUwE< z#TJxnHzC;YGH81JbJ=OEaW91(S z$Xi<^0GW@}iaj01^m6=2(daZ`8Tssz84*^C@fJqiM(LNiQr2g?GvU+BtzjpdEk)}t zvbk18n7cz*m!a2fHtRD25PVA0IOvr% zBs3YBCs)W@;gaF?_FFkRLgm{V-fVD<%px{Hhq+fQbEKNhH${@NB-r;xMOA|a9Ndp_ zo<>#Myn?he`LboS4>Z3}hW3823$zI#Cax!a4?Is%y=d_2Gq$Y{M!Png+nej!7ph#> zc8~USCD??dG+kz6^B>uOTBa~=u@c!OBtCj4Kkv4c6feHpX1nk6Zp1zU3rbm7C<=Zf zj7dFDV>g7r#-ldZTPkU%6gh1oIX?|re))7lc>kD4472@6Y|X^EE>5TR9{F=&G%5I& z<4lc)W4{Eyb+t5qtm1i+5WIzE z^yCD=y}z>j0N+dP1%i(`5j0AW5y1sFQa(ZX(BzZM0dGU>3=q?FA1N~**V(<0;&TxY zyV0n?wBdB`m0_IHV>7{kvf|+I znTv5yI{fi}mPg+wPYJOy@~&yGx-0XB>ms(BOm1n+aLyn&Ub3HZj1`ZFg)Tz zg~u)YaH@mfAsRsR^)cnmXFbcVP{9a`;0#Zb7Z<>PIlWv;fdT{9UKB9b6*f2*0yfCK zZWWA;X_gFVf}#6IKS=0++T3JJz_E$B+dh(s~Xy8O@aIw1X0tA5Nk}XfqpRfqohbKxXMoY%*p1A$)@Oxm~4&i^~ZI+rST5V(OIysc?l@}^}wr1 z(1KYc(Ncd~i_~d`L3SMIWNl&U5VhUlQ;^0>+xMU0r|CyzcRl=4B_<_}DRZPN=0^yVzJr(9euajS!(D>7-Ap0{{^G=htlS!OUiCXJc>pZ{=E+hOFH_ z8$#E+dMz7TsF;ny0Bt$_kbEecqE$w9m2Dps2Ai(QDca{-O!c(B zntk&q{9)YbSb>jPk!(tol)9Sa|DEnna#duwrF8oz600JT)n&K}Njg z`&q-dM{O7?`x0|yM$7dLlzFP}5&?XqtB=UsM~{d&())PTG626m`ZnKQOAF%`y8cI8 z(fCcZH#7>v*zMw39-q(mYp^%HC+e~S7hr>P_|fBL2FkdnB+hPx+C+HMV)j<6ypoVQ z930`G%$_S;n=NRk5c&4aRSYtuX<}L%=u(T!2+#Wd@f~o=jvtSwpOdyQf5}(Yz??tc| zI(ZO`Oth#k@t90w2iW<8p7+un0l|Y8B}^v`SAsc5k+b*#9y?q zKoas23Xa0MC@NQUO>UH=Vx}B4y`eoijjul@anE()=7ooOc`6Y;C!{8Q+k!#ox+&BN zS=EFS90(C4C5tK|9!=&H03jGzA;gHq{jr^YDsfU|XV$O8%~_iQ!q9lS4ML}j9e$}W zr^-Cxid?^7J(T|@R;!49po79`-08|ZOP9zyXU}3Ew+VsFk6gmtq@&8r&A`}Vc2bf} zc-0Vn&(H5M+or|Zuer>&+4r02Bg(gDZ_JXqUC6F6doasBdhR&;e#%&XpIUJ^BnWujf+=6w_KDL(v@LWpf(o% zLTFs=62z#~a-zLnE0%4e!5*w2Z3ANl1fwZ#_>Le0|7ZY$RV^Eu@|BF7YnbC@$NMCJ zTEcj*pFn!~fNR6O;@Wa{2~=Ce*v2|=xl(g6|HpaH9&!1XEH@+gR9d?KQQu9gaXzeI1Gd=QJfe$w2_)59_s>GK?k+pDSM*-Y zxM7Vd$f>2=RIv$qZZ!^w6BljA(9HRiVA9QbDGtt-=+33^6}+ahTM=pz{`^S2G)Ys& zqZaZhz^590at&++^wu2bw$W(#d*6DAGS@al?Q1QP`-LO(AKnU&&k0cHpxY2IFs?B@ zol9@!Y}EApU6M=gDA&Gcu?5hJ-&Nji=5nXwHTI&*-W{6JdVl_k8+Kqs_tK%_fdMl&4&>bBy$F@e)0$aj5VDY+tOo>1R1s?r=}i zrhRgqZhyYlJXT}CILf;`AMJt~xpXfLI zgXIiy<@ETLqvpH_Q27P?&x@W2Kv(+vXB_J952oY%=ZoIO-rCO4(t;%DW5q;#h!&Oj~fnMwhPeYFmsLQE1}3+tJhw~x&+fHh~xiZds1`ZVMT z`(%)@@u?gMtWxH^#GjZcVX1&Xnd_>!jmG&9Q(R#J`uomj=g`m6VjQYjhgTRXFs?}y z86BfCVg)%f@71Bu208^|O9^NBmMV6YWihPI+I6-~PE9K$_8|zl5gqWZGd-;{cQ6MX z^k1*pHv-;WTk2=P^Mh(R`4-3GyJH6U_g{gJAzK|74JpI5rTAQJ&e82iLdqU5scd~o zVY&N%DN!9$bO3_#KYtco`=cA(dX@JOEbBN?1Tqax^H2W_q8sx6GpP7yEVPzC3~J5~ zdJ_KUp#HxMs{VhCw*2pDQi{g9?K%g7&$BuL9ne@6k#$B3fSlXxI$dp7t|dBXpg=C^ z_)#btXkuiA@8@3y^u)wOTiC|hvGjp-W^}lLxF(fQiLSj(_RTZZvV#Qsf#d`wi@ECs zDKuGIqZ((B)!AofDR{5#p-IWOV`}5we$91=+&A_r+f+(B*)WmqV?)&~|j{ zAbjVKZ%vg%!WN1My_IbSpp>ASRz@V0yXK;CF#gg?V`m@AR&e$8=UC3_XoUu(nM1H8 zf!_w{m9S|kv8>3ZelWhpXoc`)(O56kylg;)D!v5TcY$-q zsQt{W%$mx8JT)4OP-46?$2K#apYlGo{T_Hx4&N?SVJ zt)%MONctoP{rAIrF=Z(e<-sO5?B>C-MyGh0XWeGcDnqmHHGY1t=W)|DU(sx_a*Ha; zV6+F-yZPZ+$~ys52t0jGbZ{GZA+4bcOl*#M^zsm>5edLu=Dl*# zD{cc+2Vjv!tE-K)7^nw>Q-)Wc)vPq0+wEfi6O| z8)kx@ux-j9)HNoi6ef}VNabam8qjWZahH~$YFR2G_rK^h*hH{>l;acfr*hX$@d`cZ zEW^4jFpm^v@44eg5C#FEA9a5tyZ<(J}jN@vAx-9CyA=|LIjmE;>P8_aYZjHl181vF61 zM&3F+gR_f^D2R?)-L{T!aA`8rrXuLK?+flN*^0#IO~W_VCLNwTmjGc>UwLg@V`hZW zMuu9D?%+lRaw4$Q?5tIqa!99rC98B}nuuWx&m8#{qcO5b&~bFM3nnoyc72c;J@u@S zZd>u2m2R$dm$8i&5n;wcgjI7UpZsWATn)dT(Zrzv>O}gIO4CZh1K?H6eP%^x0Ih%_ zJ*2!Q)T9!!Wkzw^!tlVJZU@fQB++>oQt)&iS8bAEUMAelwnTuHtd5s~UD?bIIdOEw|+y)om4M3id>_eRI<^(taAPxwR0tmc&0;&fMS z5&+(?f7t8?xRgVkC||O#{jl|&GID7XzhWCYA1sif`!%HME$57s^+>f;cS`t|2EcH3W%v``~z92?;BQ?claz+N{o3|nSfb$`f zi1nCW!UQ|X==oup)>WNGO#mf4orBzNSHSflKmSy9V@EWa>gCxV0|h8MTmhubaEC^W zn=xYw9$Xa1(R=r*3T{xqnJe((K~+*n6BP?S=MFsa|5dFzBtisElxR3?&zSfrz_DcFD`YR0B$q zf~z`aWoQMPes7FxxqM?((|uXBHak*=-BUj5yjf+!XvFdU#QeE!gYDTajG+eF2B!6A zB9F_mvJvg%cNH!Y!jDO(f}m#blmlfH)RiG|9j#hMxNx27D*Q`ziUb02B{NlS{RnKP zmRh%xmJF*zOwDUjjNZ|FYgjaEi_LnExS1pyAh?QerT%1=nw?JKsPF$6y8;PVViEfZ zc;ZjM{}05olcB4roxQWuzr@-!QPwt?;lFdSqA0)!M}R_3(Vt}sCc?bbyP!P=Rn^BU z7p4G17EQwU+t))*E_dj{y>^jn*vC0->Wu}bF?z%qIzABvATf)-W?}mEMx-bGIuY!X8ZLat4Tea6qgWBh{3{BqB_PmR%SZAmFMABL&%! z?fPTAGfZy){2mqmj6Q7JAWMh}D+x^9ivuPl6Zi6`Q|=v8*&W^9n{Zn)w9hY9FU@-j zOLBoUL~RY@I@XPp)7-y%_n30pJSDq=32+%liWNZaA!8lNlbV70uWH-29k&z2Kfdg8 z;IN>peX74**;y+zU}BKRS8BtWM@nf}FYn#i#==eN=~@CBbKf+76l8hf|Eg7z-E+&8 zeeUGt;9z95W$^N3b_Vm&jzCtlXDz1i2InNGFRFe2^EhPKPmCP=G(`p6q1m z{PS}D<=tdyXvbx6p!iPL)W#F#%9cL46jrkQ>UeKNZ<@Orun@svh-d+chfNw&+uYuA z@*V&)Gb`ai2$+8T$f|%Z6Y(M=P5Yd=*D`Y_|JZ2CCl_7kVVFI}y_Bz@ifiGrmYQZK-?Axth?SVReLBquEKwNbQkx?)I`mmHiqZ)dcnXhOAq^N{#eq zO)JBDSGFzctU1>ud8-maM-k<7+;c7mLogvU8`F~d@gjN?p{Sm4q@8!ij#^@5&=o)! z=1VHz(jkbK6TY4tyw?&Xb=6*&s0yFbAEJqPLh$o0k^o@!Qliq?XbO=YFdHeR-u9$E zpKF*IHHL55(lqon{&W70%puBsH6;<6g$GlaNF8qCN790;+hu((~;ut5scKB}C1A+p=O3inQnt(er?^ z16-Tf4-*MVzsujyskbk~uZp6Q>mZ22#OiC-S?YR7WNc1szh`*uV&j>LT91q@Tzh7; z>KRx00-NZ&OMPf2BZAcQSG^ad^sRCJf(W5aIWBNNX zBU!!byKamo~Pzr}uX>MOysXXE85$NH#!2L40VbGzr`N zEs}#li)gWDZOvl^$=GB#ZwV|bEY$s`OZ6^7f4z90bH<5D$_%(OmKD;vOpU5x-X-j; zpJ-A1C_3!rnkvbK2DuQIlmt@M1u2CxwJWjn!gjky_y*i^c6| zD}sE_4aGFNXz#bPEPzXWiJZc`sNjj@zpnJ!W0)4tGI;x~;M!=Z$v3t7rrY6QJcpiX z`@!|xW}bnlclWW8J!INByi#e}oNBC)z3`i4>?A-mrcFE3N=AfLhABXI>0bDk_k#?F z54#LfLRQCDIq|Q7_xeL8bROIfQt6y2;Lan?i;Np368?;%0^o=UDuy&YbeR-Yemvz9 zw0Q}vN#{e)%-EsrKFK(e%Q&&OQ1B8v9R?op;XTea`C1V|@gu$#%da%uc;2=czVRO?oD25Mmg0&+ku$cO8 zk_F8W*7e8&#Ak;61xBy}|87o^7x*&Sj@>eqZ>(^8wE9_<&vd`VFL^xK@9p{r^D-A; zd@u+6awDynSzS&?3yBt10gk{-5&!RR~sy31CcouBVP^ETC$`6)IZyL*M z(Y(@P{&zF0UEp1DyQhsbRXPob`b4cfNbL=#@xfGZi8L~}4wN8go1HN1gONG2h>AJI zf^3ff)2{1`{C;l5$+J`gZcliO5d{=|^BINW9FmV_s%&6zUak@B1&m1Z1$Q^nG-Z#RhTXcKapT1NZ3%k7+@N}{DF^`y^23cun%(&Ai{JcG8 z^pi~s7Oj-{bblkWOYwId-Uat5fxbEIsM`hX>)9*v#mO%%0rE{F)dL4lX2x%A|0f&f z?Nu1_EkCO5|1nS&rg)z3`-AD5-~a#^|4gKQihm|&J7#@T_kTkT71_89hW~1zN1qrP zW;m{Fsf}B%r+8YZHhEQ09rOxpU|_GBC0*8B|GqIC9jT5?Cb-EsX1~Xa%@5~oTsqbI z7y{~!3{r5D^8;CDi($LUW_$tYq`0^Nld>ULKEsSbE)NtshO26bt}CgkRXER2fe3|; zLTe4AZ=!#F|MnL>HVVb_OD~9#$!6D!dK0>LXGq zqfbISBt|=79wim8Z`MFEgCYYal1iAbcVEz%Bm2v zwirY~+;ncCZR-(K*@{E82u$ZSg}$Rb;?_r1kWKZV>`bAr1k9m^-2uP8JKH!CQ85LFHIO;C&-hMd*}3QqG)= zl_zi?HPtrA*)YgTh850+KF7j8N`!kd(K0>0)n%^j#(9#HBw*sC#qa5EefF~p9%#b9 zP6kaR&~JA`23F!aax9K7I?hKmdEfZpVUk!!2n29k93uTae0TobdKT9Y77TT~j?do} z{w1SnU2h_LyQ6@58-h$}n|NTucvTU`;y3?`aZ=!x8mA=v1%EMsJ!*$8`cyqCFQ|z> zyUl5!&V!l0M>7H54tKos;m#fnEA(q?GIKJJQFeUVtIy{yD#Tdqo&`7K<#SLV_w z-FZ_t8d8QUU6$?%3sTL6dutD&?4C`AQcjfNJ?^F`^iwrg3=V1Pn@_LzO3k>e15N7M z15%oG_WK#=^VqEDs$1jbb}NZGAE`Zjer^tqo*xZ9?oJ+G@3-ln9xh)Khv&xAW(05- zi6moAYb+jeO9#e6JM>*9eos1e&XRKyP<(pK`#Fxa8rW1YctMAesbra?IsSI53O^jW ztBEE)4o)XYmJt*@D|~o+p>|-{>HYsS2Grdl9}j%03qkCs0Zw~;&+gGZoP=o z*EjtPLpS-XzOTO8SPLMxcWZ}Yq5acY^Pw1Jv@1GoT*<;`2nJ6ypE3I)vq4*0a!NmX zC7lZ+FzTt;tCNWX@YdK0go<=ITAuiNXi}ImHBr~$CVrj`@y_=ug~C7(Na@IuoelOd zxsIl&3Iw3+uCp_8qn2+b_w%wnA@zNk+8NO~F(zpVzs)Ix3_lXCs4&yuz7QMMO$jqP zg!iICa%4be{A~;v{52v62@!m;04d+GG8A?SeT&ylyr~!;FtkavW+Hv1D-r88QA^__YYS1O16AxKIVo)yZZK!8KE<-0neTIV^yss7zSPrChCcJ^kkL{x6+k0N5NdckO90gVs$4Q)e>6;v{}L+n)K1r<*7XCT`zXCy+Mz33dEgCh(?4jW8CG`-GOE+gkZ$H3{mw4_fJ{$A+aYn{Uw9m+FiB>mNtL( zz9n(R> zXDa{KPH%>qJ$BfV1r&0>4+N34x={R|o6QsH1NqD^D4oNDpi}w^>s!GY+f)#T!=;+c zReJ2scrxn9z6eLisTT+bM4$(Ilhsq7Y_NHtWC9j!upoKp!hF@3uHX>-fjg4beS#e} z-e&X^AlkUSRh)PPV&Rx(soI?Qg4gtV(kM1E@sxQ%_g;0x1t#bK4^-y^j7mF_uso1JlD8#2b#6?2WOb&lDjP8wW~;69OE z#n*v?Ki34cokVY@mG*0*ileGG|RD@QA9obDBYgAZhV z_zyH}Y?F6@B_srqX0|_~BDLHkr<-X9)xf5+Tv^Gb$%%n*%O0yc18q8oBZeyxIN3%; zbFeX$fo?S_*Tyb%%ktToLK`B`OK#qLAHY?X5rG7_9818vt(qU)j*%OC~`Z74ZmG zAHIV&z!6bKees`qf=YCGa72nFJNCuz>t_|>#PfwJVy7&L%TZve;^6iD;^LK#{c$o!~b{()^3J||DOr9 zOxrhcdmQxvdh)eD~=_m=&&oE z745@!!^qdb*3l*0Exw7uf5820b9Gl=#c6-{hU{}nZf5*}{v$@T+8hEs6|2}+$Vfw? zc{ba+wZIbSp;G3rdEl@IkOJjBZG~i8RWlj<8Wz701}GDuBcv zd}{Pzn-k8%h%M%-Hb`%4ZKoR5N&0}*N&jz+>K+rMAncNo79i(c=(zyS-_J5pVn^c> z_p}&$PNdDPlBi8PXy>jv#6KOnL!Cn>Ak?MHvf^szyXUf*oLd!Yf1<2SREbPW%G?XC zl`1=Of*LetVk(DtXr_BH{^kaCZAbs>fJ1c}{oz1+mwFK);kT5-2tJ$9LHPu1ekkb6 zx{3}wxs`ozT+CATO!tj~W>8ayclF!FMg1)zbUC6-d}6NXRc0qv=A+J{(O~C@?9-N> z^VK?71)ir9wBFf+@$Uu#ynFv$srQEFune;nQGr0$zoEO)0kdt73ELoHnnaW`fVP4@ zN9Y{(4fgR5us=M1%^f#xlna7?U06@<`dLzcyl;PQ|9o#ke3P=M>Eh zUSR$muU4-ui0i(PtEqn5M-Z(HWxL}HYmnM3RU~Vex zqdwu3wi3aHOH?e8}%%f*K%4hy_+eB0x zNRor`lEIb55gQEF4P;4-u_}$c#t+-zn61B3iSV;EU7XF8o|=-JlG*7P-8Kf!%QBQ) zfpwn(H&XK&UQneS#DiLAOeV#ZDzfdkymD)W3JFCF$USHNfFYU7@fyHs%o3-joP0X?6W0-72);)aqo7~135Q?RpvaFBUlZnoTLrjtUnwSfE|u64dR0!g;?#4_bKk*UZ!xG8 zed??t%h))77*^%U`c=`!%^%=C4b zOKg&Jp=x*!Y5$NF~^+fs16~VR>|B zxs|hQPu#PHqh217 z+2PS$M#V%xp^zNn*>ambUEB-ySQ(vbwK`J(*A%>>Is1~r(@FOR^s~cXu*w-YcwWrH z87gc5tVazj)q`id*Lp&19jZNrRKr8*ci1Co+h7-vP3IQ~_`^6mV6vZwsyuje41}k8 z-M!iSy0Ubi9iN0!fK^Dwhx>Zf(J+UP2>=g^mNe>J28Ntbpm56rYZixI6O@>mS_zkI#KaI@! z(%)seWVXvn_OP3`5Ea#JA2_644Jvpl0%PTDLbX~%Ze^U2J&-Erw2NXGbo#RAickKC zMF{rcVaqop!}NHu(UyEV&98;gyd&_wk#s;Q{7LAPNBT}#`rO3lE9x+Jlql5^I~7iv zh^Z@l=;s@&?9w(pJMN>|3|th=B`v|rMjS4|*hh36&~W&W#0xoKzTm6`9FA)tu-$!~ zWj2cyYUT7j%;lYE6LXH2^ExRCHYa_yo`6dhZyQwSQfO;Y^sg%PON3QHfi}XH)3|BU zf(nxV1Pna$O>g(XBdf?PY?%B`i>usKjE_Owh&R&a(1#K`s;ys|skt1~B&l*d9-Ano z+A>H3WrQaCI^S+~rR;2~?rxvop=$uN~u$RU}T=4o%M>-$ZLgv|9o;+{_gnyLauk+HKy)JIa+5V)&GLB zlb=gyO3}IMXev-#>tB{EG1p5wUZVZRDbBO#kzDRzN6(ayDrel!cNRObM9RiV9-ReG zav@f*-n%uuw)!$PQv{#1Vjq{OrarS#)F`TD>XSQZJUY@Msu~qP$a?(!6#rsKTx(VP z;pn!!#9*`BFiX^PhS+?oAh{^fpD(=NW{$)9n(XUwr5@<=-sa`!dxzXIB8gpYMs+<#6pAYdSr{~a;^ zk} z`kk-3%aRl771-}v@V)=;RV*y;sZmhRtLAaP%B@yapD(a8hl3kwJU|OKeq*{S$oowE zw>3Bx|7nZ&?DMieakn)0`MvR3M*Bx=npR`qu*t2=d~;d7M&mjCTZRsOm}VwMJ-ya< zH$AN;R+eIHe4NbI8m;rYx5Q!J2EO}JKj7Nx>o=1fH=j{WLML)$rIBpUrfdPKCR!j; zM{~JiJ{xSon>Ibo z%AeC|?Wx>_vYPW7cF1tpJ3htfe!r}bW(Q_3cZOz)2;hat#hcYAs z__>kuKc8}5v|7(7D-ASPh;pCT$Z&(T^!w?jEH37{`ah>0 zpZ&C_9_#&{X0&G6`fW^ECNgadLxu-yoB>s5*k0jKSj_A1VDXjXk8{!q3$IBeQBeCB zQ9FjN)Zf({&7l~d%^SiZati8OBm%&X!Eo{I{^(0{aH09b9R?Hwg7i}S(4CWfF2FQ{ zHMHi$vc*nHb$KuNiv>`J42a(RIDotZLiDgNq{54woveFe#pMGp>=8GezM zAj{W)+JSP?A;CvFNc&tyM>&OL-QlM9W(Jj5?hJCp!uUKgbQYCtYsXaCI{*ebCBSg$ zi{%f;gQ%SE{o33#x%+Blojp>273W-aPD-wtYtq1e>-#8QGYi(JWHfHd9GqYUL9!Uj z)Jp*f3-;b_DQZM1hZdlkD2$nZDG1HuNafag??$3{@<6SatH1{bha&ngP#=+dbwP zFL$;=Pu?`*)!bWlijX2bcKe8cfJ(=ssoY%6a}qRQ!&Lebc#=7hj}7XmU2iG$ zZTUqo-Ir5dvY%w)pLKp>Uz?lYs1sl_l&V8IeN#|)O_*(zel9ll z#1jS+0=M?du2>*9aC9U?FU2lck~)+h?rG|kWkXIzgl`qbW8NvZP;`QHz42BT7x7cQ zO#Uc-Bdh7(7S6i=ww$-HUxEhVD>qNv1}&xB2b>L`2g#4j*{RF0nctN0wW(ty=7P)A znDMtymbW`MGuf5<&BS7WNdbvm@C%B5Su~KO1y1W5etiYn@eBu=Fy(}b5F{aPJU$-m zMruR4g={l;S9&Dhv+qGlKj&ujB(2A4O|4j@b*Af0dpi4>55kwY+*&x6K=GAG?ZNw1 zFt+i@ve%>+0b1;ABDBZHc1Key8{RJkRudKblr+#!2=@M(UKwR_%AvAm3ZHPD7Q*ND zE6<5zTSlR&e1uNB&|z|L0l6VqqQRg9NWN|jR48AW{o*V>ZxO<-ko`E{=h{iM5({BY z$n0do&m}CVxhD$Z4%Kr=u@u0ObPOoLgw^)jOf|U{C|v90gYyjF%;tyj;sDpv`Y4;t z%p4(EBE0W_Q-p#m_EpZww|p9J7~@Ex2uzkaoGxXz8{P{#A)BShVS;T?>_4yS1J-lI z=%%Aur=qOW3rQN$_9wei$yPYxaZ#FEYBrO1L7V`ZDkhfAh}^!YEFwlbj_zmvmy3pf z<)(-blyj2Ylz|rJWc7qS-NOSIW+5>+uA97wzfG9o#Evj0->#7z7Q+PeABF{1;qj2* zGFx^6#u0GY@%;g`o)(je)~|k5l55I&5fykc(#1U6R=B%^%QMvnhA(Bja1VoD;X zL0l4IR6&CE58JYl-&1%FD^}nruA(U6^}N&`-A-8H2r`?2z@itih#l_A28OkfKg|IF zjFn>jQOacd5-4+z^vLXHy;it~ac<6RaPWV~W$syqL=vpslLcoX>jV!^0dASd%u)== zLc|S@XbFcCE6M^P6#1Az0Jm05Ie#2?sP)z#qZuQ4U5}sgkB!{1CV&MuTzynH{CJ}z!y)v-Q{9j%5(+nwLBXEN zhGYO2@=5B;%xDjePmf>mLtX9a>Jpl%h2%%)d z$hk`S%XBe$8;5qhbOjEzCIc&NE+%;y3cL*ZuM1v${kS|#?Dfeg>|>J6sS-Vcc=HR+ zL6?a%kXI(@K}bXee0Hsiw5feZl9fByN0FH|O6Z6aoHh_+Gb@oZ(HGtgre}f>BdbYZ z75`L&lsyo37-*A|)~onQI=Zuo&+c4n2(Qfe@r9dk@1(}gpXZ{Fs$kCY+{#!KT{n|R zg$oEChhw<-52lghq>rqkCea1S{D1spcqPOB@lHuYM-(6Cp?}dM4u7^n%d;l{-A!c%IZ4Z|NO#&)*f54wlRE0|W)WgyGlLW!IjH^Dnf(f?}A&@+y z0`eXd(Q+^`=pC-Cg`EPln2=THRvzlUU<_-bA8d%kt_`$Gk7)HN+Z!{_p99suzBr}; z5yvJK$=!+s5Oxpf5*0OP3#+*&lz-fwOMKse$ys`l3*ty_GU}fxH3B14As;Xx9pU^< zRTY=jgo%RP;;Z0QQnMo$;lr8M>Q%|<3_M?SuCfzIY z-%e!1`~HX|G^FN9Y#S3#>sVnByhsj)zU#mqFOe#1g%Cvh1-CIl^V1FYT^Jv_)`m|F z%h?`+8B@6Bu0r^3SqZREZvSbm@3A>^Gp@d65)`Rr!<9n}gbaVU`j6<6EIYn0^y%DA z=Jb2b^wy6d$%sINUr8xS=D+JCrwD)nO)|;1b}Wr;1$hD&%8Ic2*Z4Jw-SO1Kit)I_ zN&$`cpq`}1aoM~g0eip2@OTXD7*M*Cd~{HoFxr;JkWIe|?wzI)q+NaTv(!ww_Xmud zd^!QBcgNn<2_1ooNHBN2rPdwnm>k(49u##HH&s? zB@Ox9Z%$o!-!SIhHEdxZ$5#p;u^J+Us@Uo%QQm6Am^dsV#HP5(LL@2T-B3Nxoe%?3 z)J>cu;YU)Q5akx+0bKA|{vQCmNe=NOozBHZrrw5Gtav`%#R8{$tt3RTGjpO}J@g9i^J zatetWZ5~jI%Z!iV*K>R7Lu@chy)H_@6BsuuJnex2niC82-b90Qq+RM!(2_zoad&Wm z_TCFaU%bt>dVb;N%}qCPMXi?okaJoMI?0xsYt5NM+U~5L1{{%?oY!}>{4}GJ7JW&E z{gK54217N$5DWt31ObG}5qt+!wI(6}4z81dvY=C_s0|xGOqJ|~KdJvwkuZJ|ZY+#E zbRRZa=sxd71_{8k=R)g2wwKJQ8Cybtc5rac?SmzSFR_W&c5a`^yDl-4)YUI8819-% zrsj$gISj3n?ds8GU|Y|}C|1Gc2>^#aiOtx68G2VL)X?sM@!>MlbHu>aY65`2u{!!V z2s!=fVHo+2yX?vc=e^SRe+U?P*%2_d>yr)ke0C!W7cM3p)S(4M|NimJ_Si&Uso#td z#NGQks9O*O-D4QpHvf0~fDzOY6d017v#;hDp>|Y(h%x&HH-_AZ0YNhlq73q#YIS-#K^z3%~+X@e9yStCr3Y*SSUXM3jAGX~uchq@qyWI6WxgGp8!nBH~XS;pcMG7TKzsz3xlN1c7W{IbNVTnCy)}_qg=E_eMXl9_(kUGT!75zFU1JXsi zYdV_@Vp{n2et6~Dn=pSP&WJSIzX}-XBaiN>$9c5iifx52eSXd!zYTs6WLiy?0F`X4 z!(h=E$kY6$UP<`YKwp+U}Ai(&$}F#SoZniC5V~dYy9AVJ6`+*6d8-8uDP{es3TVVV^5vS#+_3 zRAhv=+Or-g_dyCeSr~Rc#tZYn)ys|^93Bx6&ek2-2pvicUqJ zE65lyeUSmwr3%D)!NH{-m{LTp00}=BP_ceEvBYV)o@7nnjfv!P5eV&n!D&J(SZCj` zl@M6S^h1xNKtzzOyU&p2wO)es{zWL}Lc0Q73y;w4WWzGIQw}D|Uc3IF*)3OJcSC0fo9L#aCPFj>vdlD{q$X1OTJm46gz}AKP9v=oE%gHE1AnE*@ z61iCDXWh^KtTwKV8M{+I@EM?Bu{mOh;&aR}Hg1)Syn8i~%IYzCMCO#kljn(P_o*Dt z%W_pz$}}dzj7x|Tr>;%@MTUqxib*SKE^vXQMpj|9O!@(xk(nq#H4L0I`#>TysMwDX z5_=3y}`ayP(ls!!fAj#{VGb0K#u?$=4-+U)Zm4snzv)WUUYH8 z!aK?fkoEcX$M+xXpSoSqK;FxHUU7g}{NnV!X=Eg2rx}mY27|F8F6SZS2PQ>tgkHb{#liXIb|vKv@9b`33$K0^ zs>iNRMb*{=>Gakm#s7(jW!5)jycZQaR`(IwkiHh)imJlDHGdT)H=r}Ww=L~+9(LSK zIUaVLl~!569i&kAhXcjE>;!maw!?u8eEFl&vtrcZ+HLhLw0774!^N89P`BZ##ow($ ztn6ivzaE^%+uWGLmTplJW!Ejevxe=vdM5BdSZI`!%R42XFl90H;3v|y`_Wy2kG}LL09BHJ)wz9*)fw@9!vc-$sxu` z--5|Toyvw#Dv4EvdhizQz#MF_3IzUu5K76e+8eQeR*pSz;@k%7=aD+oW^ef1M|DoY zkAZ3JhZv>?vT8^(HgCp!t8Jl-gT>n#0w4a$7Vre~acxfM!M8uJfdiG>y_ZyFp}S&K z?G4@e0TdMpTs(qZh9cwGbg2yDx1`nrTygKSTQ2!;?0}M^Uy8+x6=?y)Nlzi6>dhHz zzWPmD#|D6=oTgS~SVz^9#!+$K#qd$)s=n-c+gdOnw9O3Zr(>mim}@pM^ROw3J!)2I zs7i11V|+`-d^jW`7nmexE!r^^m^#7*IM;Enon6fUlUk&yQW&NMXlv zGuRspZm!l8?YjRqKvb%Ct`e0|$1kdOHz;z|bR&gZKvZtie-)~f^5OnU6=_$d0rfK~ zA;ld+C|e7oKuKS6{jI{w*dP8cgd(MSV3=TBcU6Iu%!ax>e%Po^zA!1vX2R7IOR2P2e8?ijkBjO%MZ9@jt%X)-sz+j&W1`78 z1EGgfWM@)u>C9ppSp&$7AKb__$98`#Ut9B=pv)34(rK-5WJwZtE)M^TK&~tN)}i$w z+Gfs;Gi1`#=f8ViFgf>z0L#(_eqrMSOa~gI4+SnVgcUEZf&3pu|7<2z% zw}XiLk-fuwt*(&R+m*l&UyM8uB7DQ_!f zl|#}KHMA+83Bup>vwk_QDYpNzS~5cZlj_;^P`i*R67wov7Yt^ptLgr5ZX54IWa&3RpaFSn# zXETf>MHO|FBk_#M>epGuI)`1i;vP1K-A#g;-^bCD#223aplLxwqMas3RerUzwsAK;e1#>!G&SzqXrZi984t4qq*b3A7IsI3l3mDh=$elVwh38Xd5qncS8JE>mp zVWm&B#kn_HU$1j+;{rqSu)S0AHi7Q&ohF9hLI2gFAz_|pbStgU0qBd$;Xg;@>xY5e*!VL8D;3@v3fS*4XJ#^KO|VoPh0-8eAN^Uc)bf-fa#+ zhq|PNVPCbb!f9Kj zfoxr+(V|biYVjCkoQ&ry=?VKqyt2%YWTuMv`Jgi+P+riD9!jK}-7CBcwOTe8(c<`OSd>?2t4< zKzN=&{h)`D*+{2EQ!uR^$pS(}iWtE6<`G*C^@AOm`Xa5&2fIxh{0Up3hpS63niTOk zEO|$IPprGMUN)Y{S&To>Am$$f$-`58D>GcVk3?~nib!CIgvBkNNjNj)%dqRU( zR}D6v7stdTl=>hBY{ zehI*pi%Oq(^oN!sZq1%;Z8j8>ese@Ds4#(yoNFz;U@N{Q_ufdO54gdg395lANk4QjLIDg ztR^FkJegsV6Xuf-^3^Js$%dhhDO-l!n2lM41GOHtjk`5K1ru=<(*ZkOI?cA-r4^A% z7UO@+p{j~>q6iCHk^*wpU5}E<9KF$;dhK~EG|8UIQO8`NAu|pYcF)NWyQ)MM@?^d7 zslc^DGHRFff1H{+?P5x`ZYK!-R{9h1&yghWS~` zu%sWOei@OedO@rDCzjf7!NY$@GKmc2M<7x*JhZ1dzDh>BBx1d^wBeA)PU+&d#a&j0 z8_A2e9Ei6>lU&h19AA^-V|Z%tgF!d3a%!aZ$20mP z*1VC`bkN$i%BESBGU@2xpbV@!RxL^}I4KICvKC_=ni{lMK1k|B_?6;n0}pV7ucmrR zdxJDG8m73%?<4>NYuOXfq53Bdqj0qTY--(soo&geM?JW&8w4FT!Xd<4&JZr-l?&$I zwkpAUTdfgZbE3IyDdk3>a7AEamxah)p*LKj1l^VGql8%9tL3DoO!|5Z!FLaDAh~D- zkGptS*lxpCgx~rIz0%fdf0QU<>7z?sYANinTE_ZM;wgobwe(iWC{(3V>F1|nbP2*& z4>w~27L$oq;m|pocmy~MxziLAK$)XBft=Z0*Zj+%i8}I%l437u4B13rATnI41%GCW z!-=Iuvz`z@AaCspkK0VP(eww~v%uq1e71OCdSa5K3?hr>d9yE2Luc633ruf;#6QZF z!s<%AH5?uro+y&7^!Af{?K8koy&*3O!D{dv2%A+gw;Nm1d+p#=l)m$uc;f(g4`VoGpOBA}W5Q2uL>aBe zDtP?+B94Fe3MGCDC|tUUMpC!)<$fYJwz?f8lbv_SIr2vtdC5W7Gwo3>4|<-EjiuaC zSV~0A@;7Reb0Oq-qbRv{&`W+0M_7DYgEwdk{Lj_YGrW1sizjQ+dF8kYDf~>k+45BhjsWlde znYE$55_j@_nJ&sd(_x5MtQJ9q#05x#+jOVyn+T7hDhQ|DlQ?Mg##o+CE(V&n(tE~E znW}HWg@7$0&9~|K`saTUvhOKA0?4{VhYBwcalA`Cs9WmuthflJcm?O?E>jfQ7#!gd z2#Z1{oQp!voM3~C%{y#GO=C+6?sd+cXXBG{JaC=xesW(_epo8F*=$3EnCPOg_P1u- zWXNo_QgZfAp^FUM-9U=(EwCq`s?G!P*Ikx@$u1#;Dc^cFp_k%t^kgb~+Ebg-a}z_f zh(|9BH_l)ODW}JiB;g9R;zH?@l9&Yl^{$|Gk5*k!IW<)n9+=Yn`HsAE(%SHGcMKNX zRI~d=5Su07mnp!p+H*oiPSqGC8<&zVs$g$^*4`-M>lLOhZG5?;Q&}$qOAoh;Py0<= z2CjXix9^ry0K^5glCHOe5ghRL7(4FOocl=gt#ver^Jy~u;M;W(>OyB4=YrNKuH`08 zye*&G1Z4b~R9IZZhx)&)S3P~a_^qmJ)LpFwdBNGlx^AXu#Zn~cIY3G?yOpaTTR;Oo z+^t52)N~=;-Zig;DF13aLI+my8ynu%3LI|^rM%j!d;r^mmhC5D71gHm=QlCOWR2I_`2u@EGbH^Z+j=yc! z#(Yu!=z*vn2ltg351v=BA348tKMecHPC)`D`=yD>iYt<%s4vU`wEjEI-~z66J{gC+rixlt2p7ywKX!OW%y(Qi4@Sq(70vw^%(Hp=6OO++!y*wDA?Cz?? z)7$MhUp^G2E%x`|L|9jM;dh2X<=B<|Y5lVC>Pp_IE672?G)n-qFzWbz6<^*Bw;5Tb zfL|X#lRknu|zyE+9$d~s)))_+{M!Suv5 z7ELb6^^w`s|ujN2Yk3uPlOsfy=mrjfMrAGeT@X72#kB2C?d1r{3QD75WzthYJqFmUm`%XX%k%BM<#l zwF?Yav#UaGd5wBx#I_&*B`Z4N+9?j&0ipHI$B%bgMlg~qOlzH)n}Ewr+h46QX|7jD zwO$0R3+c}|PF}xDzZlH9oDHgv$?3@jg+z3Vd65>gEz#KU$&w<3Tf+;Do!<+4UPNG0 z#x7w?z|6l4tF5LU04hx|LJf7e{neQrT8`67!f`ttG4IlN+%X$u#-dQH^#@^!&&i2} z3bJ4DR%v@Y(AA$~OF)t7HapsbK*`+xRb5etD8n2Vyz0_o(`P*ZUPZ{m13fC3vTzqo z5?5;2#2gnETFq^eK1fHF!bS$Ji?CGIu{72C#XQ@8xg}{{F@2`PoGydHa^uz$_Wbnu z1XS;O7rs=9eS#^bZ5wCZLv$<0smTb2!N)8ipacG`jj`3;*WJ4nWfY@+P~O3!Ao1#Ed6HyFBWchdu_Wr5 zSlOb!=%5rwA}x#N@@zjlh@DL_f?tepG22^fRe27te&tBh-)@!9<U=QvzQ3OzS! zprRJ|aPd?Qv%|RNcD7Yfh?&i@OB+IGfO#HOEk;`RsoM?uH018)sgLUIdgmZ|Fu$s0 z^xe1hh+Ks;~o41yQel8RpeenYE+uJG1Ho(%FH}REhj2Y)<*%`7D6V4Cq-_Y>V zk|33FbpMqwBQZ%5MFqN_ zL>oEI(Q|^>Nq^4=8fm{LN+hhR`b)=MPzg){Q7u#)$EoyNiEYeQa<5Du?9rDEWlFTV z_vS}M5WdJ4MJ1r3od&;?ITzqA+Nc9O{FZ2B1~h_CI5_c~kK%vC4k@2VeODW<4`5r< zWcPu5dYCYp%#}hnB@GCH9+U+KeLcXGJdAzJ3LdQj^j2F+jsO=e=5w$^iL)IkE;v z?g+D3=l9FkV?ahqK(FQac7Uiqgq~6f86y<}*)!t=*T#Yph0d9L_mwQ-l6j6zLDLf~ z!=4y4a+$G$qjRH6GZ6Z?_CNLiu+lM1+cNxYp#DDkd`OD^i*$5`s*6->EjACupb$VC zR4Y!t=t5*Nu1!7nuRcwEK zKz%A>TaHqLCf$=lbXFSSC zRAC>|#1Tza=;@usaj@qigYUHNaS&unhUjU-zn7s;QBktSr!8z*yAAo$ApulZ>L+cr zPLY;c#STQTSSOPIB#>%+(_RgzzT9+YU{~@sMrxw6w}taN-~yFe?Tdm?Cz#MHw+E+_nz^hH(?9$x9tCypsX&(+90= zp$WqxQsHBP`1tQh%@`N(FChq3B!4RkBX#=C*mjQ%?A-57G(>VK4O&%#aB>v|=|rR3 z6%`t$^kGho=+>&ObsUPt^*iv??uX7e;Tm z5`qeLz7DhuJ7L;S)S<3DkQ=NOewtDic7htTj7AtMTS^~nL~qC*#o*)zFpYCP4FJjC zB?1+&7lWiNcy4>}z#UV?+Y-)_!8Pgch%7h(g>MPvlnh$?!EDZeDtYr98zqqBmK1f- zgQ3jKTz=)hEdPD6uQuF6{mm{4@GlG4Tx&pFYoL3*Zv09s3Fs>epqH5_7faM!0LJ2u(rxyJ856=E#Idg{|yNq|Q%KVYUf?h$%`l+ZO5@vbPADbb0YU>0BwICj4U>W;|i5w4JkYl{@ z>S+cZ!ZVtTQIG6S&qluAWcd}bnv@@rxOa@mxB_4v0SqT@(u@f(DesxwQeH&^baI>nfjW@hH5TiwSXf<0gn8n|8&`9sQNLk{bR z=U%|1yl}~MGBZ`i#4DZcz_qT;bkl-VreDNsKH#u2}_gJhMbG^EgwNvK=mIfmLs1w!R>@Q7pUd;c=f& z2XDp>oSo;601+Ko)?<=wUrNpKfBD=cXWw{ua}MTIytd{+iGQx97QnaN9*2vK@Xtf~ zrw(->+p?O-_3K3~km8?1i(T}`I3G+=)`gk-Af8lt^+8s$Y|1MMXm4!dh3>amz|YOnh0dnW8m(Wzcb;r)GoGW;M z08t2=l}8%Lt|B+!QdJ*mMb5GvWVsLFe%;HpEYAoS8sVRyJRF zN4cz|q15?EF%^W9ZYj<(DLewm3XdAAlWOUY*Q(tzh9KAT|1?8dr9Sa+06wt!G_P)9 zG0>#oD-4kWZQ^FJ>Hh&;K%&1&CqPR1q%~dL`FFdwOS5iiwSCMdi_dJdJ}BPKiQQ_svx6o=<>}b2HU?AEVW~Fsu}-oZJM=T3y%~L&v?) zq;kHt!Rb&p@+jQigz9I2{Iy%3PxZhI1K<>oGG30eS^piHPB0B|I@ zv0mFIrQ=!LEhlHpFf>-D(JfNnrk>O`N#!J(p4cbvD-7EnehlLvU+LbrOUAue?x2tsVK zJ-LyL={YX8>4GaTVKyn!7~KVZ{rasTLJdIkprsmeb4d_k`hs?SsnX2M!wL zO^d{0D+d8IcoYWTW%vXTvYp!anOqoCpz0(tW}2hw*!K`lG?`NANo?{c-$`g712isMZ#HIptJ=w5ix1g@w#j zPRWkm0x5e5j7SR?2ge~anM;G}-aZ3=?D&&4AtUUl3ON=l+hcXHyh%RyK)2B#aAJee z)?9HGif(XnMYhH@5g4q;Zlg@aG{{HisCHo~%|T+g`=gM(LMx1V;-x{G=kN(~lUHAm z(#T&AjssVm(kNt+HRo~im2NK;=5{`h0|VyU;`kG6E_BE!z1 z{L@yD+8|c80cEs;uhr2eM8QDtuXhy1>S#v|p}7rpng+Blyu|S_P&ht9yu=D4<$HmO z-j!x80e`_R-&-s>kGIS!-a;vj6DFzDBstH>v6P?^@Y8U}>O509Ty~y8!pdJHWew&O z#~J@=vZ<49RtVGRFqJXNx?;DI*H+*k4mB%RwxZPzk85i4KfxxTVFM8xEIWc&Maquj z(yZdt26DDF$c~XB<_sW#?F$BeE~1}ab7?6y?#k96%Qw=U%rC&;30&WQtG4tDRhW7( z{W{7&8s$dp{neFi_zlVnr)q*%ECVkdfXtHq+?A>LK{kG?P8yi#Bte0;xLepn`F4U6NU0a(= zZ3xX&Mvxp(vpn)t+_MTJ3Lc<>*>l@ zJd9z6^EfmAhCvY+W0c2Nmn!jDF3^2kgRhKM$ zMAfBe;dw}jZN5vPTZf@!rkV~wqdszmg=c3(3z6CW^K<>5(*T@hrF&eX@$?-;(5&cE zPiLkc^y{-Ts%9?YFCexzbT{fiRKq1{qc2-mm3BRh2c7=d)P~g4Pz*dS&k;D$QG1Xd zGMi?uUvw7~=%8>8%K~l4=TRIvK;fPl(fq91(|o#VZ-Wbf#}VtNY9V9mBcXU|;gqQU zlKNxGFb%{20T7gD%qeDPI~Ekzx8c5OY3c-MTs&3;%9fTW7$hMe=LJyIb-R6)T_gtW zc^znAm=3w#x#n)!*#)}Ln!DuQ#;^1~)?{m}nC2ql`&2-+o#$`Tq8s}1J($43%fSS4 zw&R{_iSEA!of2&k`wa=Ul>=gkKXjSbaf&zfG}=oDla%+-xQREmL?DD}C8EweiM{KE z7_WZ8b`0=Gs40NfQ;P#6+C!;P=>U#rvC1vWtz-B&yM4JeQMjN!{v}U+4U%%Z-6<{Z z6TNmxVYQqi&+#6`K6t^z9l!QGvTY}a~c+3^@IQw=qiwYe; zVx|(ISkg;7jywPDxnJ7<_BT9=*w(_w);96cJ;%4BC4zs62is9eID&Z!fmESaNjQL9 zu2Y@Kz~_GY#IsYBga(9jbfr2vQ#)-vLe$=SA!Yxd+Vet`+}zk^9@HsO)99Y}rKy-f z(c*>uQUw|+n+SU{IA?&onVR!&TZu5Ms^# zDtP{)jvm>h9oQr`YR5GZIU@iuZ?9?RlV70+HVu6R1uI_f|GO^(Psw9b8k>9>eWAC@ zp|^nc7FyxP8I{!2AhMcm=Y@FNrL|`DL>Rr42*gY^K>BSEIR%Yjl+9~Ll9uCWffPCm z$aP$^Kk|EUlb*Aatl2}&sjUm*O|{QL8p~xz{2Qo-F1IzVod$i^1UU`LcY8?M>r{&) z{BdlLo3XN2z^lxt3*+jdI;BF0b-V4-x`|{q=6-!B_mjtH?f`G9*`TN_U`hGqj+JOa z6sck#*+Tm>g&7|PGaT1|3SB+tbI+HC6BThbfLq5^m}~&M zHhOLf1dN=Y9G`j`-Z*$O_I%XSDt^SshvZZ8hnP>%J~JbZuR>FPdj6;1sHOAG#ReOwWrbK zm_InPn1mp=)&V-4~Uw`Qw548&7iwrV%qZ?pda+A|1~ zyv8DH1hsZeK*D~pOOvJnp^k?T>$yj8w+)#^AB*Lth5mRCc?iKs>XCknMw@$oE_u2V}K;=NCL7{h?pkz_mUaOdD-$v8n#Cxgee~K z>wl?aFa}y{ejYd&Z#du|Ea!14E@SmY zJbAw&T5O01QP&^R8DVrlOXmzTj@9{cU&;och(P1FCi&QkgDf7cutk@JBm`qd+-%7i z0PVt5dkO;FzNFjap;BI#>ea`3~$~0bOPUak-b~Ic;{M!_s*Zl_pr8mIN>f_ z-l`HWTGkAg51sP+=IGg;Q)3tH$?A(1#sLCjhx?O!cejN?p523XClDBkfd#BwXq4TY zypWZh0fVzk`U#5~75vWQBsT|W;YvnWu7$ng=Q^pd%T)U)+NKD-;L~`C_1+0Ic~6n; z`0i<={;#XpVi3jmL6)Y%$+KBJ5|E}S&*r4L98|L3fcj-+7id_vkF>=cXQ$72 zLM{Mk4%deOdM^BO@N1jP2}|msQtF(hzQ#Iu!AcxoRcT^`IQbB*)>D4SGKomPY0n24pTLAibv?@XZ-~HrJOEpX(z3 zOrgRh?vSUTwg`k>%Ze+xc-lL*^K_pvw;lbZbVQNP4{lozZ=k(lqgZY7m zc$YF25Q6I%;C@M^snfw9bLtnIY(b;lbheChrSJa}#ZZ_UPC6D?l0l(EpsYcn1P z*h)iif7K9WtvNruwEkaY%rE$i)zTAZ3WKt zpmD$NmrOY@fxLk2;<`-vP|C5!4x?|DIYZ3pRm8fpxIf9aH2@FE49{ zstCN`M+D|GTR04=HOR;jXc^+W*C^$%QU>R{8(ugmgB6Q^lSR!*-uw;HOMP}`{eiy5 zng+DspPMNdqSv#O#Gp%l-E(rRi<6te?f8u)j0z=A7lFY%h(Ys1GuF|Vej?Lxh)_nl-(_s3%h(tm!v{7Fi4DFXqE~% z=^hq2$~_$X+6p)!zkW^>aFL-K=eNpo}o;BR?2@g&_9kg{&??U;e`PD4i;+5`J=?HqXdO_1_j zopevYw>3|aXy_F3E3e@*H%52whkSg+9!E6u$l8R3#LuZ%IcuwAcRf%TF5ceMV<+PCv zsx>mmoFiF8C`n_^N8hGZ^ext$l~(IftX9gC=eC6fZU|ND+^}kOm?eXhl^CE~{Q3zz zej8-~P7YX-Ap$v!*m#}zX(tTOK%MT{K!cwA%0c2$<&VYN#G~H*33_6Ba>V zqSRPqr>wMrg$(7NB4aSs_^8+rq|CcH2>@~tK+5GbyoyxH9Msnc zREfk{Ij*X55F-qtqzAp`+h|)Dkp`kS)@7m403fmb1RDJi%3QuT>ofwTLeZ&jqVE7k zR(p^iB*jQ`24klOUMO@LPGG+VuiK$pcgb3y9`zru!@{p%qQ1v+vU6l^k zjp>Gv_vkU2?JtDX;yvvnpkQe?hi@g49Y#-Tw^Tdj3p{xvjs8xCU#noIy{97*w8LiM zMzZ5As<{6AtWRhRU*K%o;R!ywdi0@oC7Aa_EFfYD?!?ux8_|0d04`>{9H~r+l6;mg za4%V#wrOMuzyloh<++;ErWzM+SV}m9a^Z8dwrB#W4N~n4tS^Vz^vGQic#ufe7kGje zmahhM%lmOd*C3geI<=wdLJY2r)MBzSREoGhjo}mOT~q4vy6T+Y;mJ2%J)VH%zsIz< z(M3Kut7?wZWgq65a@gQB1FyCnFg@}ziduSKt^Er;e~iqSpk6i7tDT0IsZd1xBfUDe z3IwWs7>tiqmvFriK4(|1SLgE~Os-4WiN(@ltFwrzfxse&;AMQYv@Q?gDA!`4WCp5F zHSEEPy9v*?qmgAF5|W|Ox^o7tE+j6~mIOQp?ky}oW2(X3o}n}WhpVfLrf$AziX10pnbJDq3`k!{0zk?@pKl|vs=bgl1W;TpF2rcm&)6q^;@*1 zhcZmXKDkv*C8ZTxWg@nUTlGf7JtQMzxd_D?CemW*y|D|IONn;7 zNVC^#kL8ltZm*^^(}(5T`QyuXpYH1N{X`ce?XdFQiRHt)4rzflBFNPR!G4-^K~ajZ zEHl)yKp}KH@x^eI79~zCgP~bR`-}PuB``FrCD;LMui|Yq?JLd0E8cvae(0}0AEukq zNY9CM$&D^gDQ=C^I&Q1&V^hs9wN6HhD>tPyyL>fMG4l6yVBTohiGa3`Hy`#J)ww5? z^1)|Oc%UDSBFgXWyh-g#RcRxr?wm~C--Yp$ zF#gBzDq83wy-}u!q);MSypW#XR76UDLwC5DO9>9wWEWjQ#znW0Miz(Q)FJ(=ovN|SL3;I&FNv-Z{6i;-@hVHD%td1YnzxFbzS38Qk-9L;3c7|$(rJ15^apfd=DTL5#hs0!hCWyI|>qYzj z{;~}vf7uycrhmgSowhZF$~1yJ9s-~fjAVpXnB!_;W(+Kh2?`TO3)Ac(W#iPtHRP!7 ztVk%#ZHPLN%ybpTA7K@^3M8YM)a1OAc%DV1 zx_sG+wSeQ3a;y$+U5sg$xjQRn6f1P%9Y;{^lyh_C=I}+pkn9;cEGbV3KmH!{E;LC1 zu?;Va!R1UdUVi}te#ck9SAyp!j3&{q4_Li?{4c@N6B>{YL0qD)0zKYR4$61%` z2$*&;E;9LT&9s(NoB^v4So0ZPI1|_b%6Su`W-a^#?|bUit)1@M7}+OP#zPuo)imO1 z8fW+Rrx9-z;vo%(Q9hR9jK}@tY~2_?Tem1uNh|C{WBo2%JoUO3&^u2K> z&)SM?Kd{{FFP0Ca92GCZbw`XWZr*4N_^NBYY(o0pRP3QXC81N>{UxO%h(96BFr*~{y>K5KwA`la@pKJ`d3IVN&)IELa6kVbq; zV~))cU#YW8j`(dg)P6*7s(BR&v&mHR5|RiSl;Fw~y#~o5aB?KxD&w%oQ_oV1FKb~k znuWxJ!h=1DeTP~DDuP9|J~7oi3Lcv>)%A=XNWbC^U)G&mI$jODZYcRVbZvRRt%*-+ zVU8RD$ziaI7~65XPZJ;A!eAYV4V>iYLjKWZE$lMY%*4$MiqNGlUE}Q%7Ii1g=g2pv zc2av56@Z%9y)PdC1>AO6-TK|*Fk;sHP1eFBQw`l3>r65|`a85$5R#zhgvadIis6Sh zIke>%MBnPmiq_B{Mveiyle?f7ds`wAeX*JIk8qK@KfkgBawl5s17HRvsDiRYVZbjfJD*zU1ijs9UHZF8O!Ws;Ho&fHqB+RM?3;k+x2}t;Hwi}sgq04(Zc*!CHA^EYwQCc8UK-OBAh@7FsJ)KD(+`dhw240DK(^>&_<)kE>_X z3cdNXb-M=U$fkDt$3x}#98iixS3XvbaF+PS;2u&*=me~LJ|5XU4x$quZs_xm2v%jk zm4lK%sQv@A#7ARY_WlW{ksO_XnbGPB8a&!AT`nEdgdTMXK0L7e+c1Nk**&f>0JxW4vu$xas zK>w60?7!+%`>(oS|Hb1Du>ZC&TK^@C)_)U$D55A)B=+}T3pTEq_FrRv|4j_`U%bz2 z(~N4RQ&Bdrn-bo4PmZ~|@4DKqYU9@0)BFk_d#B6GxXH&`X$$AOwR_ieG$-8Pf&}KK z?bEB0yPF)ms8YFKNbSbXL6HaYP8v`Wywxj1yDySThO=zYildRJ%|O&fEDTvOO1;T1 z5xU?R2?-&LBB0e0y674&ghqMDm;X+8EBi{$hMIrE6W`PP*FS;HpG=$os*9|tJkt*?Z4weEF4)ypGLBrKFy?vKI4gpJ`>4Yd`=^?=%0%eZ^BG$O8Jhg&K9xS7gfMF8cZezTQD!@fHFyk-nmF7a2=mU!W6O z^cC;hCWGkf4t!;3-V=)k95~2Nl_PBt^yCEK1ONB~-QUXEBIam5hpEq6&NkIGO5NK2 z2Kro)$R;`4Xp5My#rdV0irE&iK=Y|ped28qi!`4#s!yUVVu|LnRP{-+MHFj3_o_Y? zTSTemldfWuY@1r9VUrS$4M-c*9v1Ce`rht>k9NR6J$t z68#^^$J0je>|OT?XnOiheOz74UD+TE8txU&gY;>xOC&$RWa#aB=lnYd?8?Df(5$cF z50`XiGxhoyJRxwO&h&dW*?$gAc@8SzFE;AxBWX~x&a|CPUh|FI2>h}rd_EVr;sDWk zh?X06)nK8H>=;m}ydA+py%&_656O9E+bQ~bf{MK;^TvRXdl!^zG?dFfJoL%k8z%GW z>k^^JGL=_NAbxsXC~_|7SdWH$qshD-{q^v0aBGxW>4*FAn>Y}^oxcm>H#u18!=cho zP{Z)-=}r9=J)E5TU4I6R-?RPch<5ch*RzkBY|fDN({;imsMH&#FVzX-W7_#qjl?`X zLoW;m&%x7|8U(Z0$cp>en0Dc$tfV$HZ5`QgqD^ejHTCSH7H5g|dT1+1<|}9*h;*iB z9}1HEOUq>l!1RxTZ!@O<4y6B<*r@l{1@XZ%D^UHygY_yoxlul0Xtwo1kLfi%j1pz_ z1$q+yQXouzI8FvvqZ|boJSK zNVjg5UTijqEj0Bbq11scL$DM|CpPQF7Cl1!wjT!-1_&21Y|&w8U3ePzz#|RZWN;I} zS->TNGlSzE!&}#X-Y#W5+73?wPXf=g@H`98PIz|0vkRVG@a%r%b`4DRQg~w@mgKcs_ZIcvildi{Tn;`I37JepxbAhYRHjFz_H_IS?Lu>C_ zT6=#EOB!+0VEWtY8-S#(P!|TdH4F}b`rGUqgZM3?YLG;M40XB4BZzm zhHz+>-|skn^%ULvFVZQxH(wk$MVIxWI_q=bho|U-8_1Jt0uNo0fI&?_Jfz6`{0m*A z+&pk1FKK`s^($2LGfR#$QeK;X1i2-Y8kzc{I-Pfhp0E|1@uH`oI?l*>ZRGJ6wMnl( zm_w6Z>OFYW+J+2&35R?qCuQJFLaaF3$hBl7Vvv6@e6YTZcnAV7HF+1wqyEo=|2F&q z$>m<_Cxbb*&P5@q#wmq!|4t0@iEfCa$01a2BVll}i z&EFiRKL9}3j&M~7z}*{1H;xuB=ra z*>^)T?^bYc24Si|G#szv#sl{r6mW8TFcp1ctFoJKO0k7R4NIZ_P`?;&k z{c#gRR38)87I6^Fa;{OH zXSC*WLIf>ZlRNisPe5z?2Wc;OS3O!sWwO!(#=KnDf`Y<=h5J}WIUeFyI9JBuZ1&C? zx)h5$gK(>sUYcy{5hjuo&knTlD0r53gR072CTs?_qZMb-E8}4Rtc=%hJP5zZo10|k zS$F+tyn|Uvm{Wa}s@^UUx@&>L6oK-KwevEE>+0|s)&E6%pA@hx>A2Z9} zQg!JTAyRZE>irQ_mr?`+c*>4=V3b?#(dJKU?xHWrrbn$hdWXl&RhK67(JhX6yf4i^ zr9NuLdOmi>0_ugw!~4g=3trvjj}d##!cYJg;wTh5V}ZcV!YuxT=pa8-Qcv~>@uppe zO}mYAyBk@aGwnSrc1-q<>}fPWe*A6qhpRf4R$Ukl{_6~4hed2WXmiG|84gHuR!5-X zMuD{*T00g#S$g^JIN6bS?+#9|(DRE8pv2%{;a?~h22B567;pGcDhy!J<-NG`Y6mNf z+@TZF#Wp=3U0sRiDpakDhEk?jg}~Yy$mCxuO1C3Xryh92LsbP7zX^QwUSGea{q zS;0&9^imr7^M;sn9RYu05N7ffZQH*)AH<*#Q?^Fn#pFU%>H3jCa5@+H{bg-) z(~*IH{{{NW#@K7?E9`Hsp|2!9M`h#q->CY^)9|@<0{qMexBj^wsjpz_|FOP8ak!?w zqNQ;O@+9Eez_o%q4()bhFf&=fLMMTn0B*)_{-4lSUU)vFuehGSroQsh zZ)lq!@YdJiy%iku{C}XYyzu;w)mLb`|4aIcmiByjECN>yt_&OxZX>uFaKC*1ze-*zK3-2?6bxHHfH7wIdZ$+3J7d5hI!%Y2iG6w@soS2VEvD_vFc@Le3FM$vg#5u_bFXsj!`uZbt%C^K1A!Bs}zocW)RcyJON`qdFLtI ze+FU_mDtpi8BoeP^;DQqfbS_)<*0Znd;$IES8E)_Pf>;8?xzMS3@4xb(MAEu>_A;2 z4kd)c+G#+36Z!VZA6g{8?wNhsclK!SN$-YI*20ic-DY*h7zPD3BuY zn(S=0=!$L8RA>Xi)jIVxoKL)0Oy@^uFnvM<`3#1tZTLYKkYL<_!KvKib9SPcnUl+f z_J~*8<9;z6BkP5a`j;t=Ni;!^#~Xq6U}zP_xjagO`BQp`CADjbrKw*~_!m9Cyv}(p z1k6cQm_ zm)d|5I#pdeN%6+uc3@$Q3KX^6v?~t4!jHeklj;uP25-}@NEi8hzqTA)iHBy_y-FE~ zZqs9)}}?G&r3eB}8+=;f{l(y}E(9nQ9Tp|JRUVLQpY%w@rWu-`mxvyuTr9VU_<}hI&z9cvg~n{Q{+4z#wmiE z_pjF~>3cTl8yXQgA(>qNIJLs%9v`^7f9qo*eNHcHm&ep0pGpD1phd3SGvN9|?J%Cy z)7BzRm@5vA46^MG~fZbBtET#-G_5^QGHoDjH})JlUTX~i&6ZTW-_hdwM>J^*S}Qv;?k`{ zXsQQ(&pfT_u2N;IsMt+D+!7*Bc?*-p^)uY_fb&Ew^@*Sdzjc~KG>+@ehPquOZsHih z3K+UDq14lvP!-fKslP7hBmia{Ar+qS8=y8&+9eaHk;)lRfqX?qw_0#alppCX9GDJd$VjeU_&n{5$>PSCc+%63KAFsma)QSbRAk3Oyh z4@Kvf`iyT4xK~piT)mGLYTugcuDDxMY_LNl|34bPijXSXRa!VEembV{(_n)&XK}19 zpEO@qtCjt}!DIYZ+-E(A6CDjbl`r8lA{$=Be&!@E;Am6WJL~_uNCh9I|kx#qlmuJ}9-w=~~GRZ_xu;vTZ$^ z7FPGswQIL8YnrxpeJi1N4DJVkB28Pnz9kuN zJlrM)ZQ3f^t(EP3tB;+A<_PVi??F0i;K4(S!;=GKH_L@bY@hI>Fry?lLZC&KI{HEI z5~;8abgWVMX{~%$h(|dh1V!=TXL!6ivS_PDGJsABfVldBY%RE1jP{#0{~(}9 zg^!S($0Z%2x9&8xb!hXIG=!G6odUMmfboDsV>gqbapb{4jRhSaT|lE$%{MCOyZ?fs zHZzAEROm$&3U5I&H+Dq%BYnR{!E(82btJgCX87?~;HPM^c8Sxyc!^U!UgESEyjCx_ z!_O)g{H$F9Kby)S;C{T=X*FK#v<@$J+Fb6VtHip#OHt!dbbp69CS?gjYeiZO4SEJs*mVX35zetci9Ab8-gofY^EM z&<9c+?XG#b^d>Gf2mgprwaF(y5jg*{4EP#oqIeP>7O{)Y649YNM%@`h@N_ymkUv zbw%{<`m3VL&Hg2tEHw(mjeKgBYM?t45G*Tr4~Y%RW!lA{+~^{+aQ6k2v(vOIO7)pa zPZ}`KQk-U<11XNRb@G2t>4enZ2%lZ05-L^ityX~(#*icR17}g^s~FNk`ERreM*d87 zr5V50ohmBq=)m(?`=z2?s#H{jrvtKQ&ICk z1qLMmdRqRra#b?!_X(b9oQ?;JVH`X}j9RBG%f~a=ty3-F!MjPbfldkCtwPjx^LBbv z*K|Z|=^lC-wf{yJ@$8}eXYFt~vT8%j99rBvBr zv^C@G3&@_-S_r-lK^>BKMVnP_<`=lgA9v%C1GBs^^1M=}PM{hf{p-k0Qt)I1GFn0d zb>yEn1GCC^k^ODzWpmBJvuVqIrX66b=9wl5R~-@Jm2l{aBF{b=HgqK-TQ%Yd(myMw zCv4EWmuw%enGZcRIKvl@BM2TJ_sGjAbQ7H3i>JYNAExMCw3Y;pJvWA5#G0Wnx`W!pFm@1I>=hp~IV{A8B}b@&@%+UukE8)F*yabmMhY|%~ssv>gw=j-(PFQ>P_TNAuB zPj3UgyhA6PNIf{cjgQ8YeUu7)&xdm3!jNu{Oi1H9#?@G@W)#tdp#xQ^j=xa>6M53` zpABRx+a9?FPpYF)jQrm{lqK1Yt{p+nJTfqHu^QQbr|jrLbLV(KC0Fa+AQvJ}@lS(# zML%#{sSYKYawF<>5XTpo{d3KvV8`T2P2xUWtf&I90)31LF7%d04NAQVu}G#@DBF7l~%{d(nK zs}SJnv1=K)>;gH6Ei7gtY|}U-%4OXMU_k(XCtWI-lWZPz0B75UX!vG(KHX<#+&!Oa z$1oKq#~akQPYtIQLQqi8@<+|CN@Ms)d+kBtyV*e4DUCUyQD7E(+yC`auZptG8h&GFVR0l1kPUh84wp5sfZVqja_mqCL> z+ieGg_d%JkR-!Rs93HdbOoFUnu=&7L`zy>h&y2T$FX#{;G23y|qbv1zxTAR!>oxd0 zRM|5rcn=j{k7(WmLa4r?4X>K=IlkdPsCVgVPV&d=2TkWH*y)GX{>g5KN)(9yEo)`s zrZj}c+nMYgL-gteRT%4AH5LJ>p*|WSa?=l)9^s*sYUEG-M^%GO6duiP(Dng~_i;<~ zyS7hEH44z++bG%Ap5A0vZI#cXt@0FK)=19QvTi830nZlRk4v2Wwwf>PQdcs=W!g6N z<{>j|YIap$#`pKA10m9eTY>5mGIAld0W7Yd(4YI5muJBTwNmZI0H0 zj-7O>4m9D)aI7Hz#Ea-$mAe-FLT+zeww0&?GZ8W+8t zo||s=->H>%mgL=EVRCyLecsnYLsSRn1b@b@g-fdU} zTSO8HqA_GDwA6O$(Ht{ z)Fk+ir9?HpFcgA#8e~y}nxsUv{w1LkFnv7*uOJSP`|xDdUfZRDjq|Ld`MJI+dzERV z3@WYwG7(17qlKU*q(mx!%GoS_cFyum*<&3obkb8F?_A^cviaIsy`NO8LSz%4=buaQ z{EWeKP%HI4pZI3!Z7rrP(;yB##?>U^1dPkeYH_y*d%R zv%zt;F45le;mCtMC&nGfg^_WBI(u#som~nER0d_kd{R)YRtc^P1js$rbdjO}>eSKI zQHmll_)ZP^LI-yDX{S4C8|6^x$e_#U#QZAKWwwXB@>&S*>mk6CPwZDBOde7ZZqY1T z3d6Yw-7+_>gyxDn3WW(Ir*a^j9^ZHsw*W+Vk1TZIY~*yb%qMurRzZP3!?f!}ch>Er zSbl`P-aP#jKhw1PplR31#!tCHhpbMcFet}A%C!50HP6V$+LxPlaS*;7ct{I8F+2{l zxh|+>#tqE$>OFe52lwcKeC)eRS=baj;n8PqDryp89g%8hbQ>S05t;evQh!6QO5lvE*U zJUuM+6h3qUSN$cb7Q+6b#S8Hszq2B1UY86%;m+q*yC+i!I_trW3OnV!0ylerVlq1B+`+AP= z&;j57tWU}_H0(D^^W!GUCd1M03^s@7 z>t{z)U5Me!a5?M#I!-p(6{oqy(TSpSb5>kLOj=G7k_Hv(h8Q=_yy9*!IZBxlsU%GNRNX)S5DqU+VmoZwQf|O~ zb7s@e?nl2UowL)I70GrpRi+v|Hxlv%*?Sm@(1-b0+1XWPjS(WMIM#2dvRsl2yMU7$ znxsOrPvpFcFqd+G<(99$on*?~7vfFfYpbr58iUUu_P$h;!%9@DNt_Nq79 zMx(U}sUK?Eb;z_=!cWk`VoBS&;Mm~*X$I&stfAF!4-rgqCdl1&xe*(q>xaswy7_VA zGx4m`;MWbADXsn?J+04pb@Qk!)OU)O43w&r!mbl^W*w-q%gbm-4xFWXu{xphrUVbI ztX+re=gzah`@3uoBkn`l`BOTrd{*r3Gu6sE+Fl)^`joFrJqQEqlZ^%tLOP{6!zTNi zfhyvFDwc~sOcn}ld9!IZw_Lmcl<@&hDT^0kdDC)fP-dpx4vpXOI;EXXv9ZtAxMs93 zM^96Y6&patH+y5~nmv*cJ=e)$)@y{K$4z$EB9w)cQ1XI=GGVz`*&D59TOrKG;T1vU+&>q>IX9luG~nRzv80M-K$eH#)LFW3`0ulE=+%}D z(Z<25+Bm#HwF0MkC$IF8I2lxRL$Dr{|bC}w|5ivw*1 znYu#7=V)^gQ!Ks1Dkv45tkA?b^Bz3$u=ap3xTle^M=?T#)zQYYRZgV}Z%8wwG~w!G z13e6jpOwQ;%HeMyckpx_IZh!X_yN23x35um@8e{Zl-KJY-rdOY9Hh)Z%HOm&@Fqt) zE;secj(D#b?}51k+|A%dfisK5E^M<__EJf|(?42c=l%qZ`}>XBn1S1z6KyU0m~@_z`!_?QUbgmbE6L0UCH4JMp~=MgAg zUjw(dX-0{xG8Q$bc!$ZvzX?4Vuf;5?2Cb2)X?==o=ORHUNMvi3#QRb8cyBpzRc z)))Du42~>AET|yoe@=bMSrn%u$LFVuH2sD<5^x_t{x6F48MupH3rQ`IH{uzSEt&_& zn;qOjVkEAP{#49r_yiHK=PN%*b=PEl>3IThn&Y9F#rCoQmkV*fp%tm)l1&#v@W5#N z8UVYgZRibhnJ?013u(;3&?AvWFtVJ3S?R%p0Kpu~j{HXuBLb929yYu1L$r0Pg7(T; zyPzK(zkiD73m#*e0L}=jhPSwD*`OY>;Ogz;lu}YT?fJLzz)3DgSrI|&!YPLedNMlIzvqzlQ7N? zLuE=rMHNCEDj$$!Zcv;lt`}Y$0qn>gu*n)@;@o%L>{r;GsokqOr$|NWKg9e2>y4My+XgG%t)+t<(e!Ha$}%t zi@35aTnHCnV2=c++_v7=78eT0nj)$TsdW9&WA9K;LccQ6xbiPBzmrV!{m$GTp%ekX z1;YiV5CWhmCBZE?mNDq*_D5gHk;DVcUY~X81J`;@kb3%9?R#HQOrr$cuC8qBV9xWCxkr)Y9GzN1hB|FNACvN!^R`R5iD zzJpt1KmIfbN#jg44FS(Q(D)v)y~%rcd1QvLNUd!54NMNQR?{w%MgXoR>lceu!&9vYpw z!zMq{XD=XL?Y$xvKg}5;jV0^l*(4j42SV$~FwR|(KLQeI@HfpUDe17JdS!lVh5Adj zIzsug+ziF(wiSj!F2?df(pry_y)(;>PO@_f_p42Ddb(9TM%taO+i;RRzD2u{l6iTW zQHk7Z6T2SL+dmlWGwrgl!dK%H5bt{}K9j=>mChvIVwZTgp({}iIiB6G5D>5RFHP>) zN@Q(++S3Knmg!h!RzksCFL5z05XG-0DLPz)$NVQf`w9bmjI}@4FvY3WvkLI>Ix@v8 z3TxVe{CAbsqvioir4N|gLXn(25Hp8YO5`GQ)U`6E!I?062BI)U%}VKmDY`bUrs_C@ z)tlD@vR0j|TV`0vIDM3kP#=Sb2AVhLqf%DC)djDs#FD>Sl=ygyznKZzVRG`kv=**~ zHWOhwMwO>Lc<>8&HOB{xHC{l*d4;4tEm?AjS+5Wq&jB!bLbAe>R5>IJnP-^=M(oal zFmavG_I@IcqcJPJvWj%(OE?%HjCy(!T57>&I9r3SK96#0UW^<^ff(XD+{X4bjZ9`N z);#)sK?6ROcT{2MMyym=*tV^c9 z_?Mluf*HeQ^pQ|SPu!;IzqMPWvj{e!)@nU_|1oUX`%-vk_y4w@eO_r(giFkY$1W3Z2A@lr$TnXqi~sf%(ioVgvm@aD7*!2e2YI5$0L9^ zmg0LbSUP7ip6ruhPY$IL^QEBgm^&4*ZKZkO452?TXj#w65XaC|tXxZt>wGF*NsT9? z$sAJBwhew9s$$Xef?MbO%TJ=Y9dEzh9Kd#ITmA(jR)f;Dl%~+Rt9t{6@I~)Y$mk5p zFXW3ABOk9bUuE`3)hXJ3+IH+QsEWU;mb&5Ir-m3+$BN_RY#btdgx&mI1l)a9O#a<_{=tt^PJz`g3Iq;PU|b31L!Zt2dhR+7C%*(6k6Yu zsu-Mi1^WJ};FFBN46y9>*bqviSC99IQE zbmw`7yt&$&cD+Sej1zEnH?D7g_}aZ=%l^?Td2NhagY+*5VioOs;b);HY# zVT#EUE2YDpgh_CA_TOj`TGomkVQ*5w0#ZF@?Y?8V+~iH0C(^qZOlmt1Y#p z`a#kbYEVki5kR`nxi?|xgG2F0$?%$-#?F1&c7PsmNU8iZ<2`9f`D z$)2;n%I8q%DWdzS8dwNx^CL<@mk3@AnEv+v`H~DDfKfbo=EoQDfxxidhU7<)AWsHc zL$R}iGfsPA%n8hIgLr)Ws&nV-efF}pPT_)$VDM2T><&lleH$@#!9j6VL*^`>m zyqn*rG%HNI@W6Ox`fW%EUK*XgTrlOqq9C3u7h9ZemsLPNWSZ#5UrD*qTvy@W%nauq zmE`%XJg14ROGxIHd{Xh4kW8tLA76A}Ny(fI`tXP6?!?pJl2BKs{P zJl8J(n=&%@b8{lsh?!W3;uXe8Gb8Q?9C9MCX6ke@EONh@Ql{n3X_Xs;F9km>j76{L zI@+uO7#XZ-Bq!yB$V*wSzi*2U>r&I?)<|np*Dv?EiE+bgW+RMtD6;VY*f^PNjd{ zoEB{Jok80*UUVRxoD)n3x*NNq5d?{%3NL_6Cw>q#%A&(9R_ed z#lO()J?j6~c3 zLk{s95b{&hM*>kz%w0{PkjLxOVsVy6>o_eDB~-wDK^n$i4T??dS_p`DdL;)Uk_&k3 z>~DU&^_A+r%XD~k{JFv$x-(`ugOnE-qDXhs72W7WuNt5vePKrJ1ZQ8?!o0zm9UHw4=wAdLEJ_1k6e$D+9F}cfO@KT|)bmrY znOqnzqBvSWd7yymL`S*mCO3n9m}~ zsIO}(!Fl!j$qf9GLvg_d5rO*qt!TCU{8iyYP5qitFSHI_R|_=`@Zt5Btp0^CxB5-s z^Ex65_8z;<%)z|Z2b3N;c$w5expxY<6-r1?|nY7 zwE!I*f&=g?GY8F`qoDi1D&SVMP5a(Yq)ojaos*x{AQ(lAlTZ#QeN!qoHe#WF5jLqE zaQbY4pNZQ9f;J$pINN4^b|4Kh=L^!t>fpXGb{62LPqv;RV7{6`^}L!<1h|;I9ePq& z-PUVnkw<9NM>Bt&M>8cGLicSx{6gMRYV-xS*KBET8*J<}dX$p(96B>4vtE{ogbveI zQ*2CTfJXQetv}G~NABFLpk|}ljJ-gm8QQ(m>VoD)tKU$$y0_k&R;wol3hsOAV@d`T zXpSF^qb(;wE(9ggBXX;jmR4P;&|0mj)=-$8r_v34U*P~$NRI{@syS9|n95X@0aFV0 zC2JI!!TbVgJ63H3_U4O1cOI-NteNo^2|!8E2r(N*91}g8svg)4@9n8b!omP=DgKKt z>Nts)L~-0vm>-Xx%z

lFFLIQ{YPd^Zjhiac_c)5GBgK_COqm<99b4K_1Q&fb88 zxTx(UU1)ffGs*KNzTg&mpjH}}-^gUXe9oBGxQ-x=_bU{KV$;QWd{CSGANOm^hH{xq zj+;cLYrC!Z+a%8=mbJcj>{`!)@}hq~ZE70k$t-tGN3S`*`y9z;Wpk6UlN+a)T6%h}MVd;# zq6spWNUvz9(StYYzlka2B&XHY`o|}h(9lf)zot~tND;z$=>9S!uUM^o zDH$H#G#WdR5bG7Yf&CGzaQ8 zG}#QvTi!9(R(LF;y544&NSQQZCuKb8}cY+J5*Xj+3XcABcEH-eWky!^b zpU_XxO{Au#7@8?4hcD1gsMXPy>ALsVOpH_8HPT|J(G|H$-Ri8zEmpF5htx-h^$+-A zr>m+R>9h;e@ua@H(Q;gFRjC1<)3lb88FbZzs{l|2mTUenfV#Sk+VVPuHR;9SEDrq| z`)<^Dy)G-wv0?&!0-;TEWBhdFy_Gzn26W%w*r9+b$`!0|Vau_3Cp7Kgj(y1SHoKuS zn)MoittRVX?E#E$!OjZIIvxM{I$gy+fb_&04wQBx2=QjJb!m^sBels!tFRc+b7?eN z@|W#$z+veJ>V_AaH%3~uZUZf>T2)cvI6k!LNH&rzBkR&*Q z4z%B;*Bmh#!(keTNA>!Fy4zc1B4kJ+TRM``IB!joh>$-|jZOm$WFgw>mgH4GwIQ6^ zPJ79Bh%Wv(Z{ns%3!=@>PBJ`($7X1z4c6$YY%ET!&xUMeWce#1a2$qZaU z$S=a*%2erw*)*xD)p~!txa@DM^GhaWenBsd;HI1s>A(ugXR=0Q0Po*_qA4_~N&^dO zJoZ*DovTd+dpA?U+mtpiG0~&hw2LJ{3OZY17I(!3x~u*6qrUhDd7b_Ab^jw$J+Rdp z+9iPg^yRVo&d|R_QdNmxQCS-ZymlkGM1r6`Bq7=xuA{9DfRfGCIjpP~w;ep&Q#DZgl?IwP zkMLRbn(GHjR5|c<>U+?0^MVlex$r&e*VmT%eRcLtaO3WpmHH(h3*7$YC-7ts1b*`N zed>46;|udL^YtD#9{0VstN)_zu^LC;sCE^wEzr{WdDuNKA%Qkrc@{R5xh~fo_j$)v?iK)p0i6Ds>f18pWc^3%Tq*pkW8!-|=lk0& zJ|}y7ZG9rOX04WE7e|~}DdSiE{hqr6 zzva9SE7py^rc7QGVI5q)YISz27h7FyEZ28L0vZNwocr1wb1IiFWONgaV6@NCyW!j$ zbl$bq%+51p#1rr?WG$4R^Jec2iQ#TtbSsN}3;||08LjuQ3XgFfH{-|nhd>@bTon`v#fJb)E{rYYZ^F=huiFb9;BwLy02#`mli;g6*L!p0 zCaYs(Zm0V(aM(5W`|{-_TkmP$*4*x8_r^ufc`jN#Let0L_tjkS5B{$Y5V=zZ$;(H z*_!&^<&TtFiVE$aH1kqMqfB?hFV%~}=BCXL!Z zeYL{a=*c7*a$TCaUIUL0_n?ko1Zh_D)5<;Oc%1G5m7J=mkjBJ|pRmR`t(F$}Bn}gD zy5C%_dPkjBTkD9v;6Bj5)mLt8zL`w@RsTX>OqMgxP)WmG6M7VR<-B>0x2UZxa1XZt zpf5@_(w0%BUK*zXxaE%%mNY9N&6hFAQaS0|;kkz7cIG*-Y@x z(5&%(U|GRzC#@yYiK079O>6!(s&F-=1}XHDVBpM}Kj&8tT;mkOns>Ril!#2L@AO&8 z(E1{w!h$~V@lNqG8eQT~fT!DSl(Ihge8MOq@jY3ZHL?UC+=h^PR|jWwu0o^0tC4_4j7@W1KOLVM4nZzF7GPEwZl@ zxtS|65YwVYx#$VG`CE8`AMFVa55b{Z`iGXjnrf)&8ab7Lp#o_AOG$uY;ct@;9eL9r zrbs#cQ60P*qDX&1KK+H2Uq8czJ|cs2K0>dHLS|_cgH@Vww=j3#riiphPZ^n$NEN8M zDf3SlG1mtAN2~-L?i=<<-LT}Z`pyJ+ZmJ`Y3O`B&A44?2X0{F2EVHi-%YgV$nnp^v z>4%TfVJNz6M_x*hBH?1!sC4N!?;IL%Whl_g8u5Izc#H{^h7`*)c z`po<0c$R+O{$l;OtgaL45nrc%pPZ%z341D2W%~Xui?S@3(upUBTSr-$b$F-JqAau| z)_VxtfGO-P@S!Q=D{3~6MrWs_wMj?E$RnrI{d2^DxrsPc@U1cBSNW7v;A3vJO;0z? zJGEWIci;Q~XzH9`^~=_1@COYAG_nk+ShR^--Kb(uFRkAj(&;SrTQ|8lfD&fzeTctr zmG0gr{(!SszyD$TN;KafG~EnRHq!^XqF3MFP~7*N_|@EetG-x=eCNHJcOT_p+xf8j(YYx-2Ps%6nua8^EcF>T_TJu>lu|9pCWnerGJ9( zI>H|BMC80os=INc_rS;}Go0;kq2@;IL@>)T^M(zu+?3>C0ndEi;6l&P-H2)yVCEL> zW`NHy-PpYM%b7;t-H3AkuK6ct56&{+%twqMuhVh%u{mvUZ5c#?yn*GhSA2rxf&Y0J z=S=BWfE#jZlo5Caz8r_K{&jlqb_DI9{gWE1L)Jp*ptU{jjQ6DkYJ*LK(?f2;I#}+M z`e(t~5w}6_B=-G)90R1mFc79;r=eoOSKb*cP#g~Qsl9P{wfpcOTM0I^cJx4>k=rnO z`2cn_Z81Nl#QuER#@cd2pQEmOPsn~ZY*c?9TC^U@v$K{eblL%A+Rx`urAc7(vuP>*c#axs01>J z#6Q-kpVwq$0>j3~ju8Pvv8Hz!sC8g9e*_D+MYUxg_P#Wo7Ofdae;hUrrF2CJ!^C2N)twk?*qD)rYZ+@+?D*Bf z>qFRF`cVCg;iZvU=mJO+x@J&fwn$zr!XG}kmS6Mg41;~hX+v@mFbiOL;UYN)@yUwp zV@B2XJl5PzzUd_Hls2wZ8J~zBs;tU|FRzG$lw`}Eg!2*v74ZCW$6v$QYt)neFPFk)C@%b_unI#Mo?nA^ATnViMhw^v@5a zsURHEilgK}bPW(Ei2Kda?775P^J*@ZtZIV}TCkmN>9ci6uX}UlneU7b3o)8abp9_3Ul^A2Via+k3Ma=ZzJ z(yp5zCE$0^aC|L`mCKwX`N)eqqXlsSsL8dBN0N7$Y*`p~m?d6U>C!BwhjZYAEBsn2 zv#*tkKypokk6lubJenK+Uaq%&O@lTI-sQq8V#+`kKUybv9pXG(|1ASC?JI}cq2HJc zm80RUGlM0>2mDA)CVR`_6!-kmPQeP>^$H{Nz%JM!Y!XL0ejC8OKJcNaK65@nM2u~& zs!c&0YW)i}Q zUbDR@`8Jk0R@GE-5!Agy^SiM z4~N~s)7a41!c<@X|A!Ol`V3E_1P20g`Eep_|Et~q$DtTIc)D2F+tIOb{`eN-|H--d zs7~4Ah@s}KF>K&a(D9Kr39^Aij0K`hSq)K!Fi7mL?UeXPh>tquOMXVOEb&Y z76nJB7v$74`^mez9~2*dR*z5^|8^KSV@_|7;fCD4&mw5V`_%s-vvVqKcVmw~+i9+r z7a2V5?5jR`9Ey!A9E&&a59Bj`eO%qPfrz1!TB%u<={=bZ;qDYnE}FJXDtVGv=JEcc z`E>lwG!SiqnRa=X3_z{etavlCdKQ8^Flg+{uAPh(hmy-gN-7EURKexnRT`p)1NjdV zQ9wWs!c?-{FJagmFO~~W<(^LNk}&?VO`bag(jBn=dk$OD+@P5dThbK2oY@xiGEIGe zvAWgFzw{P3vT@!^0FFA!ufH8j&^GyE{0d0fwVA7gPvdo2J@)qLhJO{!4&Taqcfj$t$bz?>lvFFm|mgPtmYgQgl zBVY};gD_qT)tN+0Aj6x)@rep}SBQ7|4y@A*z40Se9$SH>O5i~2HPGzf;Na0{muPE% ztIgX1D5-9AYZnS>(P=7lIpYylBF1S=JQPC6x`NNRjfPorwb>CDgZ}9~^ie zVVHzNKyfE=U)? zc+q#bSiSy5;}$Jxz~>k`hL(LyWKo~>7SfpP$==C;R7>(G?hp`lYOeM5P=?7x^G2z6E-Os|y5VJl(vlb&j#+?2o7};?byjm8d#}tIkZx07k_rGvRW2t8 zsLoo+vpw{e4G)x>B~Xv_O>WTMU}(2H2#iays>to0tAYmSGei=F6Z*&=*_mc6OujU~(VDA(U?s1?;c}=1v#1y;O4l{XiaEUHw6Q`g@emYHd z17j{DNfM6cv`P?_N0Q~V5d6cXn(R7AA=fIj{S0>M-^{}EE*v}!?ZJXPhF+j^u|h<+ zvA;k-I3R?o{1;o`GG^-ms3wG$N+C~tCB=<%KztnR{nZEU3)NT5QW0J#Sre-|Lhp(d zgM`1YirMI3>s9ZZqX(j=p&#&_4t2}+s|YRdZTlHY9Z@^3VQjtdV?K5WuD6|ec@2-U zw_e#0>NvYtdi(!{Y7JczE&7viGn8x{WEsn;fS)`xn`i>N_{+F9tdprW;{c_Gmi$Gg zB4B~ijOxc#HvR)@6_n6|{@W%wm8`9fzFQm|=YHPZyucsW;{7bc;W&yrcLTZ~=ElfW zPzxl}-zEic(wcN|N;!4R5<|M%m`7^0_Di(Fgen<}N4UJT{%`0MWEr1!TUqDdK`RsQ zBnU%XFIKz3%Of5;__Mq^;CrD z6i=Huxwqk-Y?*7#;Gu+k7AL_3aEURztGx`b!n^T|>ZN>nX9dh6H{G(d23w_g`$4_0 za({#jHBstrQ|F;<>Ae&U_;x_kcU6wX)&s8TjHwBYqo@!8^&*JHP9YfUGUMu>hT)aRMYH37n9-}V zZ995d*A;}Y;4xgG%h-fNF^eqM6z(cn?lz5bxnMGEG4N5@xjvaG1=MdmNI~6MkJSRp zKQ)^!fza2mK9IIGMs%uxn0}23^aKseB#AkCZRkE>32ebz`=7SVA_RTD871RBYZ-gd z-w*7>sl?9E=pR!Vs{?Te0VC_?kap(l0spR@FoeeWu55U|AtC*+t7)(fHm>SS6EGuS zIQ4tzDDV5GM^@HTFK;8AO%ymCtXPgOG}mk$Htc@L81JNQKpWrH8UGmIATMT_@gzpN zvnA@6HsLRh@|kz(t7Nn*4_8{^-#*UaB(fjkY3|`db@-z@?a!(Tuf2TR(nyRNwK~ie*-Lm^Iny`SY?#Qzvi~)#RJAIA$9ZyS@Od3#6_PFcd`rd zpL>1`^|JgM{a5?dyZUQ06DCjQ~ zSSTb4nr;XsCqoWq>d+q#ttkogi!mD5=;X+pEPgd2OOA!6{p_r^mbg92{a@Er?MGWx zI-<;rw(n;|ztv(nTG&$kAZc&>*L1~IhKyh*|902R@9XzY`TWw3Dmm4hN^aM)>`GYFS8LpRuZQiCtGTJy_tn=Dnq`e~8ntcx2A2}k zwRzPlwfod}DO$9C>WN6z)au{=Qd6p;q{)Ydhe@q1QQO`-i|n?o;Mz}hea|i4zS7xn zav4;_wZaA#>Pfe(N@k#{BKX6!)aT2lGr?v&X;M>+K4=_WxG>FPr+Xi|$&a7*ZD--; z#aJeZUec@HeAw`PC$$RdA6{zB)1m0(ZpKz!txWp}7PZm9MOSB89`gNA7#Jsm2^7=5 z=k#?~&}`>R3!Q3uetD01;pc`xvIW;yUkG9X252)>6g!jkVHnWaWRJWYBp~~Rx}Sbg zWBw5UUs$NHbkhT0x!IR~@caIv`1rYA#?w9RI)myt`q5M6 zbVsF-^GB%!n>=FIPZxn}ame(YUk7@n8hqF&JWb}Auy&%gvSiB8rN)1iH! z>ABtWK*Si4g0h$PA1#I@Qz(prD+OX7tC*rc*ggj6CGZ+YpYoQ(w(w&sQ-*0U(FUe8 z1SquFZ>+S$-lnw-zR~Ecd|!-Wc8@HrU;GNOqhi@AI{3WR2s zot$LwEvY~(4|g%j1IUk%|EiM@v7@s)A1Zim#+)tOQ%mT1L$+a!O+FcHSfkR*7?;J0nW zix9A&2u-(fG{iT;x}82twY?eUh;Zv=lh?Sny>iA8&ZeF+lLY1Iuv!NA`ITC4jb)~) z?&F~oR*iq10*^Aq@v=hgwdl+RJuPop7<5Qj3!-fOdFU4q zS`uRIDIn-c_E~GW?~YMykC}>!I&g=^|JaTbIuhLM+yue!V zx)Fa!9UVILn|O~Io*UbTVazy<4H>?BWq7)BF_E6RUX0B88s!no1Uw+?mP7zam|-_P z;nkL*?oY6z3Q>$G2|^O!#NgoqR+H;e&7>Q_|E7lV-v8c7>gHIB7^QJrtg03bvrKos zXh~%|@`8U8lUWMEYQ6#i&hh2b-Bl=d#!8?B#qaSHcE)Pta-k&OI z^Dm?mbVNEsp4|vbuh3^&*$b>=kHJMtxkgD*s}qtWw0SwRT)|o>^mg_am*iwR&x{y8 zG-YHIs{xs9K}l$&W;E@`^cN>J-@-)!0Vu~PnK3;L%)#OTTdJEI@XrHvKy*7<0bjEa z{ecZZR<2Dw8vxx1^c&p_Gk?ENV4gKI7JU!6WdHg{WKM%oN#jemBHlUaxPTHo5%FZ2 zbv?w@&gq`=1^qXgZ}IBJ2traEhhB6%LU>-R=EL22No20g2=Lwy$M_zk)?dmTtSxW%LWq$ zyjw5CCSJc4ehMAdGiizrjxI3+2Oj|de+(Nx7I3T%#`OuW;tEW0Uv5IeejXzsMdhLhJ}u!2Dw95f!q4pPw^jlBL%H3jlW4ey`0 z2z8FCZ7$yzyi^2mlxCMlA#1xBg~^>jaNF&}#=I~N?8m=k6f}s;NaTL=k>VEh`@}fJ z_wA9tm+Vdm7XR{1`f1oT_ z+@%_V+8r+d#%Wmb@;88B9RUK-J={0vMjkZ_1N{drV=3g|tHFq*JhgCB^9G||6>(!l zD0;4^QM^Z^OVLuFethqz`u4^?mJqscRF>E-j}KvUgC<^9bu_b>eL%77a$ofO37Cwz z6Dcp6_#&f@UPXv7z$NB~V?Q}FY!)traj90Bj4qPR)>ceX zCD=oZQN;K+nvLCr$HjJpkkzPbS?<$;bV%2-aBN+2j`)Tl(YTfcI{t%1Z_u+AV1JH8 zQ6msP!aJau5t@&-zw5+s*SR`mtY5}@7tD~{C3_L#_qqi?GsVVoQ*DRUk&9vFC8L0F zH7kw`f*)ka%^5IsU83~xw&1H{3#r4`Ipb3|x }AznF!2&vCM2O0SU7|?j5Tub}n zs3wp*aKVgFoA3I!QLNUx1{U<&ITmtg+#A(+9rn}41#!UjI{ocFu)S~bX5!vXb?jhs z3VkNsBDiOYn!je{!N*)9$<{I$7uk3$Q0JztvjZADC80p}@Skc|uzfNly%@+6wk3be z-eM@=Dn`RgPJ?{lU`g_Om2h~1U?buzWw2>#jb*y9Y3K^$=Gqd^p(_1|GxfwbQ^lUd zr8?*rF)b7(GC9m6Jhg*i0ZV4hkgk4=t#d%WANyMpFOdoYxw7cuAYsm8 z=#Ury0b)(eXeNvV;i|8e`$~`=G5jK0g5V`SN04G2atAixD0evl&M1p$lve9xHC<=b zBuXro_GE^`wORtA(2*(5yOwJs9M=ac!;5FuhMnR#`In=UTm@@d%Dzp*AqfknZ#Zs; zDH!8dwi8h#ZXTFJf)l%S)G9YFNZ1%673y?CH4YOVx_8Irp%;}*Sp zERq&S)fC{+xWt^Uz4^Ndt(1sUQmmH@Mlcx45&8fSAO{E_4EBI4po%47esFNDG~^kr ze0fbkOh09!2i~aeOIhsjL5QIcQr~s(V7}|L2PtF%t}Q2O2a>HsR@KlPJhYviV|EvS z1g^*`M$@rnBImrwL_%A)Ft7jbSRxf?xbSXJjr89RZF<&~T=YUE9ByB5=!2-VRhYhK zg?u&54j3;^6CHbW9F2wq@Fx~~FFQep}P(;$i<%cVao^Xe{AMc?|U-yf~e4olu-L|EdqOO3Yy(U5@I@;tM1cYq81MdG zPNC1(-s)Hk2v2eec!Q|<4+@Y$BnFAElwc5$&h*57(h#|CLM~+FSrI+L4Hz9Ua|M_i z1-latA$`UP$7V?2Bd`!AwQRWl@YA}o9Z9ZE)I3rmSyOu^R`UmH!sjjE5>1do2TSaQy{|9>pl~}OG3$u@K(Es>P~H#5%T1~utD;dCd414c!=v?4tAcsOML~za_0TdQlBLTW{P_%{7?M&?7?imbW|xy0E=#s$p&o z*g|WeQ?HMs+jqSWc&R31g@kfemVU4Zbfj@UW3ZjbDSV(O2-6XR+#r8P%vn)>oXB-> zc1$@;LIY)jB_tS;ZtjOqky-T|O~RQ+%gkVSzR{Uxc}-x`U9;qNLDtp)AQ8R1*q&$D z;cfGi-*BIF(gWM!JU7oc7N_%dBSMbIcEjtETd|9JsHDZTl#%!*>tYpFVIGI{heORoV>(l;?eZZxGf<JXYz^p76LrCcYoJI>2gP%2Uz2{Fteh#xvP_!Q_PaLdOps5rs;kr-G6 zS2ODRwuPl5`&ZF(P;UbXPoQAkLWt{3Gl3(P@eEiTlMKNjQfX#P)e?{*)Gp9)FVsTx z%r&(Vt%!BEfdimm(hS05ZIp=Lx%LzgNzU-H_gE8iMx)KB}{-8vD4bu-V%4?vd3=P&QeSRXb2MErP8uaVxQPp%!`HU#|; zdKs`*iYW6jWy$1}70Tpn9d-%0(8{J=dLFTXn7yNQ-l?S|q{kWdQF{Y0LrR;JhMCG4-$yE-WABw1~_|fXDNQiw4i>BAsr9BrE+E;cFSdl#D zUy3NhJvF`+B-WuZJvYy7bL_TWjoI(E9u-%Z!R{ncb%y{&KWzGXq_@C=^t}0?(6OLb zXzNLAh^wC9nu*y5u{U*o&8~TLA*MLja{*<=S|PJ^g#qu1zFLj9+fj;y52lf!p`hz34sT9W}R>c z^Kx!V;KsW>t%ePi-M$rHVWz!cQ0WQX_5u_h23$CRRe~&K-*Bo3;ytJG2e|Co>tCtF z_s|Xnd$%OB2Mgj1h=Yz?Y{io!=5*zgrj}I#s$z;tg?EPJNN+6*?cHpXk%^l%5v)Oza(!hws}I9VQl{NLVHv-88B3wgd?+M)13b{Ba(^?@ z3c^oGd&8~LOo4{{^C#$_7Czufp-M6NjIS1jCy~e9DcV#tt51?%=<#-m{X1v3)a!=zmS$md5go4)>bET)86F3^tGGMAuC*W-Rtrj*F zJq#-0hSq&bx$)=JEc`A}oDb*hmrFV(ThFAoZTq)ZRMb2#^&5o9uBsPkqiZYWO90}s z?4LTNxg&={vx;SGPJ#@IZKVDTZwE*zq|!`n2I@%cseYWaiDpTUi4sYHvTmt_Pqc+w zZT8ir3oCS{at5WiT=5Iz(oA)SE=H+o^C9%weLmb_NOj##eM-f#2sQhFly3V-l{FzY zQ~V7glZ71Sl8Lh;VLU0%B1j?oQWL-hIu~bCl4cF1C52Mu=2@H~%J50Wzg6;V740yg zKOjn%sb6vx3c0YKk_DRODL~x}3W(9W5Q>&U$WXsdIX^3K)3*DaBHoiKd;0N*wHM_` zNUf;aQ!0j_@XG=*P*u7@%C{Iufsw+1>4frQnS=;8==u$6Wb@-QtVW#OF%|wV0Bt~$ zzoeo?!Df?uI4Jv*MY6_JvnxQ!yGFt`$FX6T4!b8p+{j$f=4Q$fRsdu@1z>ZVYv0A5 zSy%fWrDq(6aMhs0(MKE2j2-$OOu2>aZnW@;YRz;vg2-cfdse{DV&{1V1esX@^fWvJ zlGMq5ppmxsH($4rwKcC9+|w$aWO_d8FPzpHwgN?bB=-vX)YBquYo^i|Mh+uH%7J?* z9~wv+a?7A5A#yB5+9#Y>hZBV|mD+~Qkr>S1BGZCDGtcGDCsjbyV&i1-f>nBs5=gK7 z(WXcPt`PGNi?EweEOyxW+h4)j z;-l53y2YQkLl^u=@ekUe=Lf4F7Pa}X)?_+rr##n2f6-SZ1EX-ALWMgY?Y(ZVg_M6s zWqyTyLMQ3g!JCNmgZuvNN!_DE03PN#t2YIoP!I>znP2e}bJEd6S*l0PY=d z$H5H)|Ev@c7w4C{P}3{{-kGXMl>wjQS(lPv2Te~?p}cml1q5Ru5|s#Bi>U@z^R}aO zD^1-BzrH#gPyCac?JOg5O0zv8Mq1A`+mo4Q`}mk<`wj4!)@+}GYlCtu#;b0`7`DcW zBg?IoM@=;`NNtYem^Ny`a++@e>tk(_qkS(0?Axf9`&t}rv_CFHe8^W3n$G5toozlN z6}Bav7=Z{`d|N3-H-}*)F5#G}CCODml*A=zOc1BRhWBmzDo!enHfuV@-}szAQl@WW zNgGqEY+5Nh+GP&p1l}WF=;L$i4bTJb*}(~ea+QP`>a^4hS!k1+aRKPdF^ykF8m6f0 zT@aCxBB3#}+0qw4E%9X=U8L$}6?sz)+NLSl9Aup-I@(!lW!uJIq@I?~V+vDg0+Fa* z3_|rHvT80{<*#VYW~*yY3lZM#1^yVhDTmJbHhc$dmWCD%y&}+WX05{CnIFP!iZpXP zR;<{o7cdpOKU(ZH2rRsE{aAf{lUAj707m{8glmcHquSjigJ}yYFbZvOC1DDr3;OY3 z(1}q6*9ZkvDY8r-oPNO>=G1OmvoMOhrPEe7wW(EyE;O}jknQHMwYcprP^Ux6;sisu zvM9dX3L_2U_RjIuo`E+nsP1FFpuIGJoqPiAv6C;WQwX&aLtIVrQAP4eDla_u?&Xla zL$!_NTb}Ht58qk(c<} zFsF^qfaYKWI|JCeClKu2>Ky1)tTb{%qPE^rsI)=!f5Yg79e)l^ctGWX`pN#i6{?dT znjv1erQ)0~=bz$*!Rz9@u?wKi*}tC|f|VbUg`GaGz;<9{!?;GVfh%kx&km=PM3H;! z@fl1L_%#tJ=#`~<8MRpj@)=IMIJsPjBM;+*lH5t&M6Gi&wDXZ8M@o<1VP}e!shaJK zSt?65`@p5Nxjp%`wQq9-Qr~e&B}5T=Wk*1xF3HjBb95G?Bn1@a>@1dI@wH&_;-ZD} z7lpaOB~NW)KT(}qSi_}G#WeHf$YzHEEUk-5%MY2cN5#r>S;MhZV;cGJOTc-qQO@Sn z?}Pa5;JWSXa#QUvWKT}BFONv>fV|L%s{qck;-x-*v2QlxV;9PE9*Os5Jz|y|ozUAI zy|oAVc=-d83{3!;>S`M{+BeUV9ldfZ#{W~+k~6M^euGl)>4X3B909jcbVio&a0cJB%r^zpOc+N(lVK@ZCe)@ z`5~ohjhvDXkVC4s?Ch0tj8~%6^u<7w{_+J~qmgqsC|x1M{3|w$)onD@%!3y#*~3JD zppGOZIMtS)+KscE?_gHF1+|KBqcvhaknGwq9(D1+_Xw^T*i=sgum!mjC#w$0EsH}l z^pFTn=hBreM+ByX%iupct)?r|(o(vl;)F;|v^tFZk4&xcs?^L{g74hkj~b+C{;?^( zrKadLmX_ma`~j-k0$1D33u1Z=w4y=C^s;0)t4;cQ$OpIMJfou>P4GM}(u<#=dGkSZ z-n^X=?f{(pF%UDtfV1NssKTlIO~}HRsN7~4v0zr6O2Q)KG359q)Ts){ufey;YcAc2 z*vt;#RJ&Bz?$wc}Fd?Zh;596kD%))7XdqIVFZVQlsi&48hGuIbpCvQhcB9CfT*RBM zS&XIXTC!qy^~AYM(w z29wx!S;{v0qr|yJi+EUB3=zfUER5Sla?`@FC8FAHA=*Qba~1e+^^lE=yEG!HNUTC+}W}_B2 zCZ7nI(2DS}uUXUhBCSF_P>ig9;2J^d$-AVyfL52U$vMXEMv=eOn#T!)UF2@W3@d#! zRJwn-wUQI!yBqb`9=B>if+5;*2682+&t>~-Qi0yuw1#-iL!2~|reFgMp#;V0pb>b3 z>^MUnx~R6q9~ipSrXyo8U0g1K?(p^koD`q&-5eMhbi!yK`&|yaNoiEpP$r8liKKF@ zCTtk9#lGZ?Cqa@}T+}2cQ%IC8&dG{f9);B5*^7SAk|5L!6*sXuJ~m%Dl~0ZXF^D$+ zaW!+*eWeK?x1FJoi|Hy~G(rjnmvX8<{L7++AxT4-@(uzA?QNjrwPM>8UBI@P1&xz> z+ByomijYWNhoR0pn&=aQ%QRJ=W9Vt)qEXZt<`3CX#4e-;jH4mjn}e2k4-M zG17Txf37!%6fkP%v5pod(#psuyhW`D;kta%hjGcHp;*x4{DY*K{-}KN`K7RBv0!)T z?!`ukArrK^*Q73=S~PJcBMfzs>s2ZRnPM>EKf`65X(1CRD0MHEy0n)L*{O={*xE_n zwgsstd(PP$#*qznVGL1vg81a)ANg4iN?7r!4IS^HHvjKVqkK*hI9rckNbSz1d_wGN zTel*}xb6{~P2!iGl7Q>Wwuo}@Tz3bsq&bKfP$05R>{Q6jf+bvxB`j>WeZmih;Cwfk zcAAQHwoinm9xoSUV#O#BwSwmyYkC#<@Tng1_!ue&nQANO@{bv{3YQWrLWcwA;epnT zfB{N#1x*k=mcsFoDvS*B4wSKp$`LGJC|BYT+Sn1b-1KdOpVJIow=Oqr2A|Ed%=lx$ zpUL=R#~&B|EWw|0-`hApGg~+=LrO4|t7Z?Ftb=<-?oGXza#8%sgbx@qW`Lj}pAbLW zEai3C4)H@$4&}PY8WgT!7Hid=`&_H50&_HoF1i;X;+%%!F#nDc6t#P>K z#>h-M47d$^O!_E%7*ZRWG{GMi6+;Vc?PNJ55j3nwOl@$3&@MT;08jU`3*-Y+alei0 zxo3Zpa)KX|`&?>+=|v1JBvRg4$=ONG$H6NP;`A=;aRlI#<>SaAg-)zRK$gfy7anXP z&w$rK9upjiyI%rMxaOyE$@tw(N|T8*PVqd)jb*2IwhJTX{xc3<2B4H5=;9 zb;GjlX^8@H<&rJH_UoY&&$yL0&sfA8XW1%^Ydmzv2aV=Pgp7vxRsWgwTwNTE+Nqio z-B`~}Kg^GpMn6J=Bd3w-}=KG#uK~ z3_GJJrd=r6b=Bv^*UZzM=Il z?l%_>2=FqbdZ0fOGGn6#H+NEHZ-7#_{k7|1JcxZ2e-n1#@2HpXcj^oHoBk~PF5i-H zfIed1q>oWg(?`S;^f7)becZAI9?w1+(QrMg+RXOX>66{Q2cACACimlaZ5s>}EfEa7 zqq?>Y1Gm3EHiK!2*a5%MsG~)^Iu=7UbyK3s+qN3|dM2c^ZSMsj80zkY?q7hW8K}OM zzDtc&P4%S%vx{(6zH{BF7kJj!`3O^rMmYnZF5f4~7fJj2SZ7Ma@ zn+D3n2v9=GRl(n+%0zsWhy3h3O5F$~%_@~CG(-c?vi?axg4;j+KbM7e$Y4)*NZtU3 z*C&i_iNIH^Hzi>`B$QSd;2j!k@y`(ZE(=4#L3jZ1pBDQ9 zXu8)a+u8m=|9*@c1qw8s=4|d~c9yG63G%7k0Sv3%QYB~W6XIYr-;Mf9L&tNtMFY16 zSob_V9POnZ!<<1YX_%aj8#yb!s#eHlT%ah|p$S_DeJ{o(uH7xrfj82c16>z4cQ^1Nq_*M1FBKz4Q&h=C`d-4sU~NWx-e8w&|kbjU4$T1zHsN({Llq)Tt4 zlxg&3ntjrg)I$c#*`?`fA90ao zohYmpmAd70>=nuf-Pz@OQ|;Hdz!iZ#Q)jCE2ii=>622?g{W96@XP|s?CbzwfK8@Sk zlTm5`NmuNRs5CE^=VY3fOGd|W@V5I24M|4=sEn93_wD_ien;-Ln65$K_#14Fo8{>Yo?1#(#vzdAi< z6eM0MKk^zHjW_W{)U zRJQT$eHSStD!ncV3UQtFX~aqZefn=Rfrs2dGHIT^O|BLPheiq2n|rqcRq%u5C_rHl zpa5+#8iA~f10aLVV*9JLo#mNaR9?}csUa&Z1GX)hn6-h21dUL+=zWg&RF3M{z z{MZxz@p|}2L;r_waR{x4RJ5XHgBB(}6u?!aOg8x4MDc(Gu)q48DgJ{$$rW%}} zK-7@x{@c(hS}3hrFjps6$=> z_I z4A4qMNE@~IJ}$;$2*~MLcpT)v1?BKqnn1^2p(8=#K8=n0$XAMT1^Pe+QxJV_O3(!8 z0j`kzRAdrJdlUZ|oOe^FaFwZ8DRM7)45J>WH9WTzmux{R`4hpp-U93x(>*GrGBqBn z6qm3HXlo~W84q~}yHA0V@B~)pTvm}H{m~v$1oU2z+6_5v1%KRQPwk^OqrlZk`-Yhe zK2G~aQInS|ZNQp0eyL4mn`%%3lCzUlL*T)fn4CRP{W7RuQ`E2T2>qI&eto5W+10NP z)vqk|>#+Kjqkg@mel1GJrbLfd(F3Zh?QC#N-c$27fATD;O?bw0%VPZN0GJLF<9#3Cz7iRJ{?2|N!ZP<@mA~0g{y>?K{5sJoDyYhCe z&zWj)6jeL03%Q7?=5I)>?;OX)VvJ6PUcy%dpqLT^{if;BZjY6z_G^kS`TQasaA{`b z)ebuOQ&PGh7fG8Ykba4h>h>U8$O%&SsV_p*J!K$u$6N|h_eiAfuP$9l-8i`vMIOI| zdO}bm#x+DVNp=!)@DQY2$oVpLR0dmTk{v|djbz%*F7OLdA=g;Rai|mk!=r2ME;4JV zHpM-p-obhGb&lS;!VArgi?|Ur^QqJN=&s?9Q*X2V$5ErJQ z)@s2`DQS)_RDe2B0ZMJ~$D4LL0^=OUs>&`pU(<<7RcK!kT8?|jx;7kvjB>WIV8_G4 zbtLUG6y|X1m@ac1P&#gfqU^Bqv1Aktx*o@<&q15pq2q^1MeGiy{I3~YDYJ|HY4nemWoy_2is{KJ5w=KCBR z&2D8VJ8NZtkJjqR&js6b@xr2D9p{3+$>CZDwVAOcU9LlB5RLPLqH{gYYNn_jE9`2GK=0c!1XYKck*IK9LM6mhlYs+GIWVxl#e>x0e%k^RoKGgF z1&<<#RX2*aeoW^x=?N%%t>bZXH`5%EenSRo)A1??xuJ9cq*HoHPdBC95lq1pG>d;i zO~XTe7RNAlz;VXfG!OYH8q0rUGc1Cp*>~FWlT?*M&3cYeU~!Ltt32+gA-1PLRI(8RO_BkfRA%C)p{SJ z)w?jP6sw%v1k74p*cn5|z0jm`zP7>XP&e`@+}?!hXMp^*Tjeyi9@E1p2+JR*eB#Sw z#a^~zT|RklCf%@~$rjjp*W~P>CQQ9+^m2=##nw_`0#XZ*HJ@sG!-n~0nZegieG4^T z{mhH_0E&`>E5JEiZ5G($WkE!3X+sP>w zj;27NVVI8aCN3yy5^rE|n>`3f1c&JosD9FLKwSgCyn6do+33ner)mIfBF`TPPW2<~ zZU8_#q@LD-9Mls$d)m6}%wGJ-mwRo^YfN&Kw)3uqwe?k;qdeBLhaeRB51{f>72j@q z5^d$?E@}x{0F|Ijs2~7vB)G9&+a{&sS==orXUs4(R;SS|Qs1VY)HX@wB$}SsC+{l^ z+a7-;xNIip%rG1w%s}ZC$qEYLN@i9SRw^^rpV!3R$yA)Pf4%N^x5kxtUI< zqvn$bc-=y`dZ{5Ubs-2sY_dJMk&Nj%F1G1{D==X;F{;ssx?@V0dXlc+(4vQ#Yo#_^ z9Rq~634k}rKLagpK`OVehunryqB!o48ffrEemMjBOgX?dmBucFXgA_a;&$X2O+h~C zAxpkf#Y1%_M)oY)#wTS^byhy)wp#f(x%Gk5MzPUo_{es+;+qE=jD~%-18X>|Rbb^t zZFM3Bsvd?LZL2KKK#P|m1S6XD0ZtuXQx9OIAJYMAiRA2sK|-3lM9yKw3!JGI6;e62 z6f&06%kcMv;ezdh%H#(Q8s$xk#9}K40W^3N2H$1)1Q4>F+W47V7?45oD^CA8RG|>v zl3k1)-d~iyHTYeP-*eL+3x3z&_ssNP1i$Ig29wf#!S9FhdvyAv!S6@#J1+fk{EmX} zdX%Wv7JE76RDraq*dK+3%vDawj@|+(dkKt43l|5+AvBpwgX-Qs1ApxJlQkhD?5GMk z7AxChb+NojKKDSk(I9YQgVEMpaTbbhaB@Yq#x)TbtjBJnOvN zZjpS7?lhD;#b!>9^#4R|5{ZeQA(BWwB?px4pMMyfb_$MD@gJ&#%pdn6dfV{FKWs0S zc^m%tWA2tR<;3Uw1ThI(I!N}K=7}36vgUjM-8F54Rx9Z zv@g8G@i9<1K0>_23M1uvfr{RhW-S4K!7krhEIE(2%qreODUA~*snjGn&&aWqpc3%Y zaLDRBQ#o9Ao<`l;n|7o(RlWtZB)95gjG0M7Px02UZ;2#b(D_6Fn)eetq zYV$wACZJ&h5gRN!f>=e$j^om-;?xFmwl&C(ks{^{Ac5@*27WH0pI&omDK_rP)*#C_ z(w)pNz~Bj7-+!yN^b1v(dNBPu%0C+AM(q97m2LP9$_uAzf>$g9FCKu*lK$M4srW%Q zeydIznCK)yfws6?*hKkukZzgkG-~B`v$)=D5Rzqke7Ys#7sL64^s)GeOTQi;QR$5R z8J!S8GO6f}=L(eme6d|yn@ep7%~VE^98j}7@>JZj3L^?0pn~N20yM;obY3^hLqs$w z#uK~hBWoIjuf6Q7d{Xrxl5;_Ul#V-ALHj$brr`G9QLh<*~BU>`ra)NKx{?OfS(C26BCTUV8KJ&XsP z{@B!p)YDK5JTA`>IMGpikRLLeX0Bg!7Zm8Aa1P4?ZOG?Q963PYo*B{ntlHCjx@m8N z3xLNF>!)fVW9uWKcxvI4sQ!}rW63ZL!~g*hlxNKD@SrimNj|Ds&tQ#V1an6mrF*Vu zA;O9lM$v^9sEqW;7V9V^LZHF@1O!bgu$Mwd@VM(nl~Fqu6xX-mzG`Xe1ZZ45Rs_nH zmM9n`At2`kP}Ft1eU)7#2JLwrXkeHQx!$?vZrRxdy3m@txCGve!+GO@JFaAfYwus10>o*sZr?wj%TsTEz7NA_&B?L zxiwL^pg#U3PkjxNa=YCrE$$P&c2~aJEjhZB_a#R!)XJ?c^2&QuEX5;W#=1d2?*+lR z3!rfF0a;jp?0Fv{VAw7UJxan$5QAC{L4KZm@``%Iffj(4o55V^bQNd>MVAx67fofc6$z;l>%2)YBlcnr-KWc-y75X7xlEy_5*VOf^9I zZ4fyHjbW6{Ye$ln<7j~tIt$2kT(dv&dvKGUvy-gZL(QqJ3*t?+&q5l@Wk>uQsD>`L zHLjfoeb)pz4a#?WNZRXEizEDTY>%6Y_TOLWp&{?b5o5WH#o0eJJ;n z$7t>VZ>rg#s4QSf`Q?t4XhIaJVjtN;`!j_Z9|kiV*LR)9Tz9_5tMfVIbKO#*Q7LDY z1njF2G2U8eG}RWVcK^1+{9BUF|3;80{M1y78w#+y;T96xCDS8|;fcjs`WITPj(dZq z;#ZgsZKQ{A#P|0V?W~~byQysxH^7os3#xtLd@dvRK~n{uH4*G%ZkvRiQq||kX*4ep7wyO@nRqFynn5or=7E%}} zhNRzvJ+~%W%I$&Fqe zSv(o}4}>0sa7Fo&E{f*ksV$`~P%pXUm$?i>_3%8oESZ~^tMJM3U<|a(XlwuEw>e(d3vvIJ4y3jr6w-c|Qz_LR@V(&jK$%t2>uJ3AbYn@({OX zt2+$DQ(d-dH`{Ns{{h-F2$Q_VB5MS-c1=LSez8lFrU9XjhY;(zM{u_dnMEIq<)(%H zcn^69!ARa3-?nMi>_#`TuwlTtOVNHOEy8E|Iyi51l`G-K|K&3&UcbuSP zQQ2Orm}=if>07l%p6DU$dD=Rr+LL%N&FhCi@2qSS%KA54EIx!47U^G%ad9LekE%d? zsoGHf2Pr03BLEtR)etXyc6-JHCTm7M{DvrGC3iy9UD&f_FE2Wa6+Mp&+ez2fIOsj$mb z`zYF`2)*Fbc!~Ai2{d_6k?rHPdii66vsaA;(QWU8&-=EI_#!;d?LpS|ASc-NQk*YY z)?6naKJ`t{`(t^)caDJ-#v)R;`A7KfX`}wHtJq=?#rHv$rozdySv(SurYO(mq`4ea zvfqIEWn~v=ShkO}#T;j+&v-&E0B8=^hX8sm{BrPXo68AH>Y-BVoTk3UI(WfK9A8yw zVuU#P5Utize#kU>IDMzJo3$q^I?;a<1u{dmhCvmu@cmc%{k5-#;vEfASwM=EvL**W ztWr2r?Rgw8H&WqSodA+!H{zz+sc+&kDsIdci0;a0`}3<`@QK zE+-(pryTIj8GJU^mlL1sBL7UG!X@sIr=Ye7gk8&uE4g^uJGS$5pE0)`{iSq7kS9%xbLdwDWbx8z_9~{tP^L zZUAr1#$6LFUbd96(8+5v9tYS;LvVl95M`}7KfJX5UyE}&MVcvXVwDKYLe4gW$SgMp z*IaXRX(#4D;(pK!I;Y=YXvnN>sJtLIt!SXVxMni;VxWIV?@uHO!<}+J345~HA$Ps86;=9)<<*-r)=erwTI4Oe_ zi+__v%}L(;4bn?}c4qy7zQ&pcwBVncDHx*Hvy{Z3OMcyRa;%G!o5Jn*jVd=o)x(^R zD-a)~Y@Y$_b@VI+9NKL{QR^H4>8$eJurySKe12`XJ`uWS)5i0|@rAA@z_0730AS#sI zEtU(rd`Xw2LNhQ(j9+M$3OMN=7CFj29Q@h}I3d4&P84vFp~yv|SW&U8Nvf(Gid^Ja zI2Z9{ZOxL8`7Jce?7R00=21hD2Jc`$H`A%DfG_LzfW%32bOGRRc{uST-4&3sZtv}w zf$~m6M;h7#`*7_Xc==6`@?4#CPr$b*H2^Ku*vHO=(E~ihK3b%rZbtwbfHFrRfWg54 zs2tn9p#h~22b810^7zPLeaH0=D0At668XKA4Fd|)_d3dK*Kv?4@>{`d5CW2lPbfoY zm(O@k-hfq!X2}ru9{A<7kqxRfGRT}GSwtvFW6nq4rd9MU)|{1A>rt#$%9H1|g#~U1 zRqNcaYIT?;gOrsRpj-U<2|RuqWdKeNSdt+EIgHqNo%m@d4A4NG?%6Eukan5OVwNTVo{nP%AxEJwTua*w=)){wk$Yt}d?;&V*6i5e!U6_=AGTZ4GUDUN{r z7%nG?jjaDGg&|tPkf_(P82IMFS+xg&Zvx2t3#=TI0&>qejU1r6 zZ$gT&^_Xg?9(XrvyPFdhL0_WOSb2kd3_D7|w=oT9PAWV*Zc$y91g_5{q{_~-Fz}BZ z6?C?Gl#1IDIf`;?#*n3z_Q0RqxIQgfnw1I^T<)0#BFxB{|*bt=5 zyEzE}auGnvYX=d#~ zVT5fIjpCCVFmP*B(ig_qR>5*+Bq2Md#T(! zsL6jZbO}I+YO7>4cla0T;i5rRiH)`k8R7OBbK+M@mFzm*-$k9gB9X2IN zn~Zeupqu#)phEXcOxf9vYrJ?aH#GE<4KN^&BDe1iuC1w?Isf{Wx*l;r@f-07MBa#r zfy(ZJmPmih(B`qRfRNjoP%@^#PM2)|XA^teEw6DGqT)N=yY6mB4QLW+RVWHRoGtbYF{ z&8j04@}bs4gYghvbp~nKaP@3wczyqCRjaFc4mzV8*_{=|R+(zH;>H6%&b-^pQV&{l z;(fJAfPv|WMwc9^Oo@_wmM?HGS(~NGbF{W-0;vsB z?F_6hhuQSVT@iSYNY)p4f)hikkoZsQeH(ouSfaJf&w71bkJ~*ptj?-ly=9zNX;4}lTwjD4%@-m8AdS9*m3p{^} z%$T5FHPWk{hL@>OMEoPYI=2c0s(l!Yk5!j&y%9cVSFTs*^C3*GOWBFV(qgN#h^m3W zB8cE+e6+MK58^1-VxeRPs!uiS!HT;H&$pwIWgilfq0zc?2CXh6F4L9-JO}PAEI(ta z!QGyrGy#XOM4KI5u>%r5j_23Cg^)VamSgat)MEMyO_$E|&d~Af481Vcv^zER;Bv7K zs=6^VQ>4h~rJYzlwV5@*c?$I-hbF4m@Z@ju#x8J4G@SG%hXdOv z9%&Sh$@Bycvz6v&diVk;)EzgXZF*e&P!*Bd>arN{UJ#X%WFLBqFJo3r3Z)HSZ4Ug}oaQxF`N$YurWgMF<@&nytyS zWjgi4OjBq{Y|tkj#+~FHxa~*n7|`WSwI^^I28-m>hZiY}7HP)!6)9VOl7^~nY1%y` zBV)M;#Tq8kV(GoH3ztiYcDqQk*K3dElG$#rrZm%s<=gq=%Xgpd>hk?W7bNYl^4*E$ z!@CY?fi@z@)dj(RnsY%>im)s*)UrS!bUX3IaFiA$PA!9>Sx5Ve`U@p6G^-`p0c@}0 zZ8YsG&BH6+e4T#iuRb59o6<9_Ljng`AtLwvRU-_8Zl?CzbNSXHj_R)ecSTAO??HyA$&8VN|^CK-q~P%H&Y832J4E zFJn@S8h2p&;#=s)2xa116o$XW8&PDXJyeJ%!*&N(yU6I>I1>5q)OzprIC<;8O(P=8 z@9n%v?Mqc@BdG42Oy1vx@slwA$M7mz=pwyQrii3aB3itVp5IhNN`FIlxS2}{4%cKC zT|vf0w~^#UH7@ztu8_g5ro6&H-V$1W8%s6-fRsiShv3v9{i~g-vCKhw^^h-#uE5Ei z>bYd{Ak*GCx3S`&})apWO^ouxs>Zg`~Uv34JCis8D6G;!!n(=HHFGFf;=7qpc9N_gjSg2YGGy! zEQ|>X6Gscv>>_33)WbF8sP3#tD9mk$OWXC-EHt5A+p?lj1C+`j6}DRo+xg+-ww-jF zrNoi=e)PVlfIr)*74XGzq2p)N{jYfMM-qAe_0Y5^6()*a4^E4EaZ=KDUKm0CdD`pfcbmARHQ0|m-bLHmn zMZl2k89FQ}PYFN%9`r6WNdU18FN?wDOfz180Rw)=SHM?-=O>IN(XS6!y?p#H!P65O zkPkszwr;flAYBr@B#f>bOfN z>ea2C?%NpICsoEn8e`Qo;%ORZ_x7g|Zx!Mp4Tn)amg0=Z{p4)j7(ZLLC{jr)>_ub! zE?hkIx)#toW}t$0|9QZQto_g0ifliy-0Uxw52PFwFX%Tqed{$8Mu(%Y;%XG281XxF zd{W&QG9S{E4|s20An7pO>(Dp^w_C@B=Q7}i83!7Z4iO1go%WA^Fbr--Tn}X4e?dxo z*cNLKu7RJkj;cWoD9!Cg+xgPsukGqZf^H?DQ``L|r6Y(xAL~p8j6$!J+RPz#&2pW{&$`ri@ z$s%xaB;G3Hu*g%-Qj0HZVKSP9#Dl_vJ&ApXS_3MAMYTRL)jSFwn=;k)j2=k8;tpTd zom@Iz4ZLnB`8jlLdB3fRPikR~90AE;u!|Vmal20wAKk)W9f=K`P${dlnUdn%KQB9{>g1c39o|-QzG~*8EM@!X#4--5Tpm zGCle`v{ew2py!0g?AVIohc`L2dT7O&>u#Q0lSmCpci{vA`yMDne&fuk-I;? zvIKG`TI>U01~qBv&m-7|*Sp<#dlc(-`y*9E5YUZus39)-ch#z>pre2` zO_x;Ii9C_EPQ2vc1~e7D+R8%L`_AINW7Gl1VjDXwrkc}~^`n&mR3^3?nQ5WReNg96 zf_LSqgjOijwkudI)Hn!|>F(GKu{WiQy>08#ppd~@d1EZpO2BrB|3^y{t(6v9D^otZ zs#bdOj$QzK9SZBtCk>CQXVVJ3`LuPr2Ik17cKgRe<@g*>ibPjFR*rC%_{QKKQc36p ztb0Bl**y-T6CZBq^N$EtWxth!l0c~b1GL0PV_o+C38#@9oq(Cq>PSQ*)i0=5v#+EL z?X*#XAU8f0Ismf&(3i1Kp^4H2cvXaCip_xB$OJqxYrp0DtR!-C`#bu!I_P?8Z@&P= zoQ`%!somKg+SffwLT|8}Penlglq>AN>Qwu$x?ums;|{R@wlG@%C5+a86M-nAC{ZN# z_g@P(u9@~J2l7rDP!hb=D?__4l1hfN zY|x6Mk*Li;)J7}}Suskz$uAMQ;28-CA&erR)e^es8ZU%KdB~UlPIoK&O3sFwf5H>r z)BM*zfz6*xoByh|A4csVlD@C)J=*@vY8$>a|DoIq}+&xzzl`kYM0(B~9#9epMd6Md$UDEgd1ls_Vdc4e)d zbo~*%vdCHb%pvXcIftB~PZxQYKIfAo^tpiSr_V*?P5N9yUZ>Au@+y6nl9%YSj66%9 z<>U$a5{?Z>8`K^a?OWwaqwUhVk!0H| zRBV(ctMdNMuLP~+X2?`LW$P0CAIZnlM)2%i_X=ow`b~XYUCdqCAPgGr70!e7X|78o zKfz?^?Rw|@I|uB_!CKI)ui+1ubY?U4`WQSRaG%cfdp6mB4o!IuD&Q|R>gpqDP_xdo zolRczjob+QvM78$7r5d8(RqlL8+O%Tp^oerP^i2e!9u+kl$;OAd1l)w`g($jy(sg> zfRK9^lxsAU%RfBy$=w?!^Xlsop~y0oS4|*(dR-`TF6dZ~hJ2&RydC}Z@NjTzlv?SB z`|+DN5Wk(j3*t99Sn0!|(oays@a*YL{S`f&ocmpW294jd{ppBy^)}bDkD6@GkoD7b z!X&8F8>TPS3FBkh`B9C;JUv4%3IvwY|u6J z?4uTEiS>GDD@f)mXdsAmre_}tlKe}{WeC9ZkAiPArvDD4|CZRO_typS!80pR{lbIw zDml4PK4ECK^+Av6H9d?HW%UJm6Y7}YO{l~2J>pj;@k^7fuV}Hr6)i68m^dPIg=j)! zhhF^5AYR}qZa)9AlKkZS$L!2jx#h1IDt53HMzPIcIG`lgmTt8(O0usQ!{JHbbL)Ee zc?sMBaO1Fgqw2GDb+dH!*?LH~ZkAqbHi#`W^&_Fwfi6R^6iO#H>%|s5LjATM2Nebg z7cp$nVQ5`=8u!2>4cugK6Tn%(C4w`9;~v9X*MHtFWj)#sPXbQ@&$IA63(rn?cEYm@ zo?YY z2*UdK+XA?>tu;b&eT%YWju8X?cTfazSmA6l{~O$7q`%@KzRn zCV+E+tIsx!J5e{wAbvw@?^{}Xe-29;anoS>+v*#Dq^(dF2Dvp14uJaG>>GplEuw6C z7&j3NO#3BxybA7haBqU!5AF!Kcfo!2IBlCGsOuznCc-ljp7HREho>2yW_TLmX@n;S zPY#|eJlTP5qt+4g3utd}iQp#wBCKt)4S;o6ThQ-;?GWxapzXr?|BvIhvO*cHG014o z`LdNTPMe#Hi$(wkau?`{`5ur;N&H}F&SN0XwFraBitWLv8o5ROz<)OgIzDG0mu?71 zU_PZ18vqVfWm7y5)M;ZJWJ*Ho~kXoHc@?}kCt1OrCi0-@q8qav+ODEvu)x8iy zJgVT$h(en-iYU8LMRa3U{hfF1QKRP-}Tjx$nTn|}nkC6pSO`l33WcZQy@ z6`b*+r=U8{$a!t#@fWp8uRoYWlV0jQc+}d441WoSd?zPm;7mfSINQjzWF%sce=vNo zzKnPX0x#s)at0?ZWf@5qHXG&1C-=Rf?m-jNx6*~wR#WZI88j&B!kt{tYSxaXnw$HN z!00+pkHA1RJ6?y|{a)PzWnz=t(SJK8qr4B2j_P@wdOo3fKCF7aPCcL2JXh|)ovSZU zQ!zfi^jS4|7s;dk&w~Fp`~k`3Uh60X<7c_ZU-sa(aQu=x$#3`2Q>S`C+?rUc@Dr#O zG2G|u&Gj06&a=5*olE%uydt|DT{G8N~|*A$}WPL+PJD zA5tv+7)ge_FmOTiSI-C6UR8799PAa=7wGQcLR?w?B)GEN`uxC^nuh1o6%nItZ4sk zL|fa;u5DaMZ77!Mcl8DqaS+UMu2G(6wB~X`1T9*VJNIu-Kx_L4X)kzJJz7U)veE;_ zyj<6Ug2IA@`&dRf9^zLxSH|IN_Rbo*6pK59aI2PHnr!P4CXy4+4z%$oc$Rj9s>)s_ zYzDTY6=%^a<6!`-jMr~G2*1gjn`Gx%cl~I*gJ+XYd_%nm`#PNcHSKEhaxPNx2CfO5 zRWHMSjBb3{)nwYu-X*pn^Npw!tK5E8#K6b_e>V?O{`^UlyUft!75qr(TPyiR= zC=@$mfxynfEdGS(AU{-6Pxc7$rd@|kyNz?Z8(E$+?L91ZO!klLX*587{B8Azt2&le zT^J7j>kMLtMQl81bH=Y34oGuWN1) z#GnvUwnpH^iQk%52z1^UXy*lX)6>~F52uOvQ4W#jnYsQSv& z@VRvY{LBZp{<$BiuVCu`vA#laxTe0MrEv-JB;eY>wSqei?f|$3aC@HnuhLgAGg-kx zCxM#)ZpLr^pU_uccs``BxSqeJzVgy^6&&;Yf1t0t@cfU}S7^HbOZtkI z_I!9O0#^*K3>*(`Be)uHzkL3`N?%dy=r#D=1MUF0Gtd7Q=_{ehv3w7Ci`8x@ac!d- zK_5tG-Bmd2rxON=eR?6O+n%N4hkSbtrl802X>Jl^eDP3ZYQ8f;A zDZxWNMC+WZ6pn&s5YzEI0b@RS=PBHO24WJG*wm95P|7;>RG3kK?kDNSFX)zV+la<*}Y z$dBH^@gs0*dFV5WQoY>RLyv7JkRtJ#>}xGZ{mnn`(G(nHY8-eyJH%sZ_}MNnj_cajiy_6&r)p| zpg|mRnr$>ng(a;>$B&e&@PlsuEunjP=^8;t0XFZ&Uj%m^ha-bDIGr9PM03L7j)SDV zx`DZwY7xl)*N|aCP%(YCPrEoEZ2Zgh;pXcDBO7{-k2@gmAJ23uitRu}jNDl8gv>~6 za?>rSUDh)Gj?j%K`Lzuj3)C*KCYMq;CGDWOhzV$1oB?z^RXg|#4+|GYi-h6LcptGa z)a~u^b8hc~WP-ti8( zPA_Yh$J8O8N&MXua4;QB-DFrL)Y)*?=r20GV*XVkM9@Owo6)q|_w&`v``qZ}oh z3o@0-)LfvQA4L;at$Z~;>dQ(qy3~toknQ*%Lv8Rh-~qWLKCOh^hjVpNeOWq;tKIyQ zSh@p?QT&)@GOggXOoPbRzf||)(yc>ist110Jgw@kQe~^C*iAm%5+YA|3zNn5Gu-ol z^F%E5iJ%9+b(%ypj_b~bx?Lo0;uygS7`iZ_)YF+z71S@Ozb@z`0A?H^6`t`Mpf*t2 zB@?KT${A3Bd__jLT5wF1AL&+0A~xIo56hLUvd{(@Bp~)pG{Tq704ByMDJr6keUVU` zZ4rh}(6+_Oc174Qt0P5G@A)K;KCT20Mdz3LjBgFNS5qEby^j`Z-LxLZ?futOyO zKN`P^kSg0%S~wN2TrUDz_|lyH-D;C_jcqZL#mx8yi3Gakut z28bmen%{Xus%(=g-?cf6rkcfc&I!-?_c=)}9$`I7WomqpSV?rk0zC8+*%?mv+(W$_ zvT&xw@h(z6D7DDxTFDJ>(F0ksZ9SV7R`=1hYqu|JnznX*E1`D`?gxP)O!${Me*Thc)U8YXsbpt zfKCd4xcY%?Ex4h)jf{Vc_M0~UAfQNvkC2_mB^{!-?liS^X!DgcgqF6Q0=C(J@qj~P zH>o5~^Je!SReHD2tr4lj1vT<)W* z#KG&Gw#$%b*bPrfQe_vQK@Xxa%1zJ62k;8cLn()#B={J3^^<&J&>H2T~mEu6eoiCN4Dx|A-5FszH_*h;te$#QXg1ZnN9~xXd{eVVQP3!868VEX&96X#P zBw650!sd==kT2kxC4ZRe_Ey2Xb^=*-MfC3atD?)z{w10$H44Oyd}@|zpgR)~EGu{q zi4DqS+Qp#U=pwUl_XU)*)3hr}^_faf8ZggNoMxT_DUP*u@_$e1gw)>%pIxOADpl{T zR)G`7kR$a2XHn;?7}7%dZ?pa1N<+A zRP3d5=zMt6r+A_e2&YX{0QSgJQS(3r1|&Q(~@MHusT0#SLOfuL zL(cUa!|MFBccsJW4r5m{ij<8Iy4ZW;ODUUY%)| zqnD31?Q&jdY~uzs4mg||`%2jSmKzw%po6><6~jv7?u@_uWS0eX_#0x{>!bJ^V;cBz zVzW+c(M|uVB69lY>-73Br?kZzAm zNaH)k)mW`&6w!sD168Sxzfl1bdD8Ho4P+|Y9=Qfjs-sbi{NFv4CE1Ry9YM}KGB9$n z8rgrR?C3&s=XgLRSL@v%7a~vbPlI|zKX6>B4kem$BkFbJIhG##ZEF(DSFkjb*wA-P zWA7mMxE$1}f(KOtcgmO3v3uiTa#29RCF-b-r0rE)9*=Sg7fYM@`FQHMuTCA#1K^Pf zVM4FVt0;FM6j07IA1LH5@~L+HdgWlN5a8*tYZNr`W!(s1K>&Xz zT`HK9Y#wv~XWNBn_-1=P-DhUpJ)dgFFcl}q8`QT?4W|}DP*BhEN6oHEWB5pW?LpzY z*+AGSjX9xFXJWW`hwF-|iu{p$4y0)4+Sc?XxK}gHtJ{M{jL_d)AonCBtJ=J=B?5z~ z@;=aL8NI2|a;16G4N%E)6Irb?7#M>SZ69nJ4V`};S%~`b@d7C?(LY24&R+Q$5EmM$ zh!>TOU2-fYBVN#(YA#^^KW3^qM>mt(Z3l$+L7A{tqA_6{9<$+0f~;V$`M^~BE6g{~ zjJJU==nx<=+i}yQEA@D|qj?kSHTXMJ*)u744;5dJXx;=usJ@~NubT2XzTrQpcj;4(<-$!>>A6o~&VYh~i5G=#?6nd}`y^y&pw80%X#76GZDJ{lr&(+`;* z;h~gj zZYa3{&lcW~OPu|-nlJ5AS2Dw8+BWs(Av}`DRI>w;#Y1~2v7bRnHc4Fqew@MWN7xGz zL8=U4Q+t|!XwzL``A^gGA4YzQhY|;B75*m!OoGQ=g@QVd2Y|Ps4L40bm@j`Fdc8{# zQZ0FtsogZ}PvJ3bj@E*Xoph=WG~vo{vuN7xs#$arcHZdoR80W20klcb zlx#v0@4}M#9B2%E#)HPCw;)ifxIYnZw|auE10p~o0JKv8BRzx{0TevD>36kwcGCm6 zVhMc#HNHfu4w$J%pki*J%c@Xeac;5>;Pc6YwRAnZ*;jHPB%1$u#rIg9zPf^1oyvK@ z)Kx6HCB&lFRuAN|eO1?B(NA2#qTdG= zZM`CLqZ-+N553Ub3}ZtAa^HCx7rmXHn{M{ssg%PY+KJxtf{Ypj!wZzjB99(PKB)>W zeE(Q>t%+a$v3Sb?N38V53nN|#AV=1-Q8Uu{Q8f+x@Sp_sq1>Djfe{*e^*ya9OZ9&P zKc#FwU&hN|j{%)#Tch}Bv5~clRz~RY*uAWayz#JlUOlj9JowfdO}xO<{c$d`40lc9 ziSl@=Iv&3+_{T=djzHKz8n2pdN`+le+)<=+^T3K+zd1B7w8|q-&WAieQg(aOJ>)ur zdb_$*c@{)?J1UH+4QY#Y^yt>!ZCC_bL=p<3F=Q&V)OPCABrL(kOSX=pB54vyy+D`f z?0b|L^ZxJ6oPmfWKn~fq(rs;C7}~AeLV%Q zAP$iG@MP6q+oghy^Q@!!xxOiTm1(35Dy{%B5k}IZg`g&+L@I#F*(`o`&hky!V;wDY z(o-MrT;uh!`Px~%pH!5}_-5&CEv7BgAPzmo)g~C#5!6p3jwdrLk_$OjJd$>BFC%L6Sknb7lGXR zn&zKR&b_D67$2+Jd_J>L6=|Kla!X3H!Ev@O(cbgn$b&s6#vRCok#T}Ldu|e)T?z?Q z24%y1Qc$f{39btS$UW6`k)i{lX89#Ro*(JWgE!?_6EGB>V-=88KCg$X35av+@^-*^?b07Q6? zEOg;)frhxubQ2l-sh*w#O&HD7LO{M_sr)GEikjpw4ujdD-w zVMC|kf_P5BBT|p0HjDe%>QC{MR3T|RJuLMUK6CqaobT#`c<{KaJ_7hq#vjKSS}MQg(RuPy zz(ZbrXkgn+c__p~ENLV7Ph_Xjc9?IKb2w_-^kgf(xtK+iS;3zMJHqWk)adazx!$ExQW~d zZSgMus+s)y92U=#h$rWNN>lmpr@`#}-s+1~wRcH{owie^8V*wFZq%D<6;>UW?x?pX z>l=>u);ao2dmD1RYyqE?BgD!3dXDeV0pI_uPs%gny^DpE<0i@`!_n>xHizfyXGc_Bh~dj{IqUv9PBz&Ur@6(^iK26JR$N3( zT45hQS2oqpi5riAnFu&D2v}9wrvqTU3Oqgrqy~h%0U?JYWPDhX1{Lat7&p$m;%+cG zN|_R=BuxBN-9P^j4lhn(J8argZoqwWX4B8^N53eYv(uLq$#yeUrW!mq67mJvdl-t) zhxu69*;QqY5hAKM)^Dh?T#^gBfRh`Vq(Zag=(M$(M6~1tm9btoV}z;ZkMJ=gmN(WJ zGBcoZ=^i|Q&#@g?bDb|kSCtkc#AIMdvmwSWK)w4{Dh{)kQPp~%Lm7y7aDf=!93Xo$ z{GIBCGizUQ5#94-W>Ic;vTpyX)fj3cr zB4FBe5M-BLcJolkydv%%)2>1GsyEt3qqPaCA8Oil$h23&Ptd|*N!z;M*x>(Z2Iw=a zq1A5>5lnI>$lZ0h5gViHhsvh9`Elbj@vPI}*A1B|t^OfBtODJ(3YU*U4elYlNc5O?KBJ zl!cT~@`8jiVYyh@8^izE8@ph+WI$r+MPk913-B^tj%v<|ydlPaGZIgf3S3L6rw{A+ zS0`y5tNxstNM?wH@bFiEqHOZ5%hmWSZfS-Nld@3V2})s_v>#=)xEIJ`l%0;hT8!3<#Fx2vfo3ZctxUvrT$ zpR2POXatcq@MMHd7s5_P_>2z~`)eN4`MzbXxq@aBvEuWv$-&7m9(6m+Rd~U>RM=Km z*w^AXj?5X9Xg*phY;ATZW`9hJ18oJFx5Qo(8M_N9z5}|_JAo7)`OP+dGK~KdZ7uwmbex0%Wfx+k zGmw(0)(#ci;y6nayA@toe7ON$Xg;IT5p&*@&P2jviEW>$)}%(zseQNwcp2X-U z-C^dVR9`dM{wckzt5*?5kfRmBivCjt5=mBD(N_*k6cbYe_avI`W(lB^MNMa zi!}EEy)If2R)Rc<_ZT&dI{3~~x8XoGzJ0Y~= zLq+Mh2>lkv?0`#|R#zAxkAD|b%|}#K21W>=3zKJHq?$%vh@^=DaW;Y6G>v3)!SBCx zI}|`*G9d6a_QW^voY~q+Gj7*w8`mO4L_5uXL$m`=MjY2-Yvi-ik-Yeu(iuBEu7@wZ z`lVODSccwn!!p9CW=EgSe;xLA9nd+YgJ|&6`whT8dK_l#pQf6fcxdA?MOttgi(c&OVA3kU=>=;203!{~hc7%>FgZA+)Zt8I(cm!`>G}ZhZYuP|2 zFQ<`PyJ!{D0D%q}dj0_*5L4|RAl2$h^6lT=W`qJPdB+(hgeNY8fD?xTwjtm$WX zIhvOLp2J%HrkYHJO840OswbcUS=Bymatdu(9XD$XKTsw_o5Mu}-7Wh!e!omgWlUITKK>aUQ~s73-w>XKu>6sD}C zefazH0WL9(9Qz2TA)mekaMR?YVTGXFL}KH#18}|ZrREE0|F}{!$my1ZHeBW7)V0A; zWaY}>P^}L9-<5^b#|jv;@e~fbI#}b7>4Oni>Q$Ey9cO}L^ANhUe8$$t&mf~#qRpiL z?bL3o(8i}&g){sp7`Kt(Iok&qvG}q$S{k99Ja?Lo<&gO5mBIV2a&vJhSl|H1gJlDk zfOGqCyc-vQKc?8>U9SPnNSth>r{c%sx@{}v;7}6It0#F8$c+PXC;11iJqW$zz14J9 zRc+CQv+oL|maNcF4v<_-q}Nc{TR=YYs%yw+fz_t;7&<|UI6DT<3cJWt&3HQ=p*&g2!(&+Z0?Ir=O8sdwo+32v5VGqF z3ZFquLd+?hBQKijnxSGgb3h7@ya{iALvhHB*T79tEoapm7XmO|UPoG1gk~Gw#QA;o zPF8v_H|ByDM&LSQZ>_R1W;1I$U%|>ve!QSTC4BPg?}I#&pY{yqzCLpEsoL&!$7D^w z;Yc=31K_<(2n9T6JoPlyWl28Pa$1Bih)iD*6h!ED&MyC3wo98I+z8pOdBEK-+i!j+ ze4N62YtZ-CxKRy~o(wst*PP}&0}U{4pOn{yOzP8(O2IopW^kCKNF=NcZOg5B;DMfxKF1yj`Lv6P!^f-ksKRv+O>f-?QN+33Pr6G zz15dcyy0E&1P}f$c%m?K13p218I4bnT+*v%vsH48Z_aJW^@FQEtFAhvs~haUaiH(R zRfqI`Qni%b?2qjasTx~Vi?jVg6jgBwo3IJSGYxnSyPXNU*^rvJ0_&Z7|3KFJ{&L#a zyu%jwW8~Okv}ok$^(R{YC{-6Y@}XaVmIcf(0WSk(;oI-=W)*pSj;Gx&QhYb0B0MeA z*+`Te&+{q1Z0LCM@vyP+voVdIMW!tp%nFfnbAa2nLD$=YM?qHi-JS|!nTS_P%gqlo zM2HRSa>;SXw7UUU@mosORs18khG3>AyMZL*IO5A;eH$mUQep2VD{gnzWa|E_v+G@K z_dc`0)eQ!A7Uhqq8!m$8fm8YDo5(1@`RD<5Gwg9!V$TboWl}8 ziKFw$_7b!lSRht%ph39FlzGresL>NHCyc@=u`?j9poyjf)gSm^F}cFC{z!RlSE-QhcFidz*9ZnA4r%rv`M=eO+ zc$^wN%_@*8k6R1R;!4d~^3vldW}=tuco+9Edto32ri_@@q0M+RP)3waj-;4wo1ren zWs-kBswmsFuc?5wG7Wc&lX>@3(ODW@ASHH`=&ALQlqgpokfY>jC^DP_^s_ti=y_o6 zAYDwT=j6_+3+enA4@rESZW?d*&C%&-PQEFekRcYz`QQ6U&;%JwJcMZK#WrKeVt&CS8 zf{WgWH;r5up`E17JE6GN(ZW9rmB-OG?CBD%MPz719iop*G7#f|&I{) z*F(A?-IU69NZQaNSHA0?COaCStjZmbu@3S*@x~STZV2W30NVFz=vv1J&DO&G!u@jP zajesP5BcSlG4E7kmM;0+&Oo?+&lTZg)Nmxs(Lk60^2zQiKmv;?h@l6VBJ@CFn=BaW zMrYTJ*2og)cuy2#%Z!>qmqO2?^mCTHRZOKHAfdqGqSU`HB)Zulg9S}8PbPOQrSp9g zmJS>xURx3xCGvV4#tS&~pQ1x*nx^Xv3+g&Um!g9B)e;nH{1bMVh3j|d_|e@Cqn=MB zpD#g5!Ra9K&XUmV$BFO(2gN>MAU-FsiU29g(eBL?CXin&891hlTyoVRk*N*-2Vs!z z#6`>DXg@~0dX$0?CO>%KRE2uWm24G zx>kE)R(FiBWYcb3gV%Rwj571Fkb*P{Cq;H2^czgO4`CXzfTIP3L@N%X zia`hghn#1u9}>hNzaIw`l%kMBQOKbv{H^BTBjaA&}M11=JT)+BIKz|8@-1Y9Y&pMt9c_bYI( zf_oF(A#i8Fb%Emo5D#1$I1e~4xSxW11l;4`egke7xTD}&!L@_y2FG4z7&Exh;3j}e z12-4kPr!M>Jr3?waQnf146X}YTp#2G?q+aV;O2w#f~x_y72I#Y{Sn+=aL2*5gX;np zqcF?}a1+7JRPby?hPe;iDsUUYZ2|WpxIcs22ktny&%kwoO9Ih;0=P7Achkx0fq!2m z+L=FR*qJH!*qNgX?9B1S_E6a0UbQn%54T?xXZg|eg$t?wz{~) zvbSZNs)=Y{Chg()rvXn0g53`J4!@z$gbG1-bY+1D$(B>;kF9*i4XPD3U^2t&U^@m80YtfEl2tXWpEqMV;pz5(;8 zZ~&q%6$6G@$*f_PF{_yhrUd>?Vv3nE_y=vttYQTEeiJS0gjGUWnfi(g6OmYjX2uZ7 zMC#3~!{La)zp0ZM7X`MYxfVom%pH>_=eweykQS6T7;Z`F68K}7_2ui~j{^uMis3kT zaPSX5nH^&@80Pv6nvYIzU?U=Vuz*d-mK}VV_Laz0Qo;bNhYf zO`DuLB{n8wm1SvpdD)6(OZgQ*GNnt`SXM3tvRn%OJYTZ1oJUeDTfG!Wvb4mKX$j_C zw&K2ur4<`2E1=936(!5~vJI1BTxBIo*OUNZui}?3<7ter)Nfp4StFE}udaZQlBFvx z%K`b7t1C(%4R~EiVJ4~As`#bG#@u4b=to0Q33HQUdWy5NrA{^IAmf5@o zKv%9_!$VmgD1p?mI29#pgfi$Z%Pq^6mX%>&}!mZ27DsHkY7gjB! zbxQGE+K<$#HGGAzjEBO*e;SxoR_0u~LM=O%`*tih?cS?a3-^~=)|4+@Rzj-_2w-X1 zfC>w*uiLJuuTa@b)W(}PU#)Mx6p&uMYFWvoA739q+$Lilm=faGpFyz}etQ~*3#%yC z8Hhq@$~pkzj*a3WZSnwMIra5j5U=0ZPtP1ru-D!dNq6(m#kf}EDTnwqmuRI&~JcZux7&h zD#F}x1Su`ihbVg_1Rx5mL%Lt&>AR zfIF>Ru?h#G71-WL?!qcz4OZZ~rT>Lp9?CG;dd)JFtb$fsy=rC2DjuK_Htm|QODpad z5O7T>UD}_P0~6!1!hNmQ}1?vwAsi@vNYw%uGoM)yEu_=^PdilLtU^Y8a%wkAinr zdw(kI-3RZS_Wtv*_eaCtw}!nx7WV#l*!wTS-Xp839;vFXf&tm^NYx_`SH(v}z=&L1 zTMGzHo?PXss)NyW!i{OJ{3;l4VNiCta4V2yLRDQA#A0ArE-fwPxTy8z1&!wfF6Y#(hou-)U|+aPZLKBY!`7?D&b3 zr`~<<{SR6{{OI(Ve|-E&+ozv>-u}gxUy+Wl{b&FA&9|NB{&l|VyY8Oe3l}d1F83+_ zX@%(83eS&Hi2l3F|KFYe|8|A++Ts5r>OUuE`pT8lan^ugis5gf#R-2FeAxhhjMI5* zaq+Dis4V4jGE9b(>cpVOQFWM^yLxTt{a($<6g=O z6~#+w8rc;q=-d2Kp<<2ZmtRu6szm#kFQ{+M)vKt7ThN|Md5nwk5FX(W2E!Rp^0hgZ zd{D(!uXFQMFh>8pH6<1I-sc4!V0OR6j58h(HfQM?K4Tebm9Ew0LOJzQztv^ug_re+>Uvvw@=ENGl${?Spx=u2;c)~A$GKWpvX{ir~s%3s1B$Vs2r#xs4A#2 ztT_0~ym#)sdGnK*NucxMcW^#w(tR`;@LyR>pNk-`4WL!5oVR*4ua1s6|A~v@1Z2edhaN(fSFW?`qHB_Xmmg0pSO(2!C_j!0;ns;jfIhGjEL_7``Pe ze8yBeW1l)O{L1`4pFS}B_!Z%QvRylWeA?3Op)y9n`?d0EnEAtaoWJwh;iEF_j5Xtj z?V%xwz?hBsW1eqGVP@bGp`Tx@4AoK>=b%G& zX8wgxR!kgDUbivd`}cp>RQ_{oD)V%+N>-IrEagiw)tRzPzM{;rwqzBI70nRFH&RyMzx*G-v6m;xdpMzQa_V ztBZxQlI#^_C3BaqECJ|`7zfV6XI8A>S1emv<}RW0f`GSvPRY`>C0F@h>`z5aIGgotxitb*)25mz;x%+&&xeI};i=8IKN zXm5;z_|D%@Uc$^!LzhY2w4yrvZD(VV_3lMn!)euXRpaBxlg$N{*nq86c?NBE1f2r(5Wwm`K>;u zWNA5F++bd$@9ILvB8rI%i@?02pN%bm6PqQ)vsW#vC|OCVpfTJZq>rG#8{=kVx)>%N zYvW#r6W`ka8_&|R6~&ZhK=NT`vh%~%P-ftlwu*8mzK2#?((#L;*oCbThW#JI>T5oo zNu3R{%`e$}sB20?Ot*f{>ZQfn)F4pPUjgUfr1upqlCi4TUA|(K+RXRpFhfWG%%+>i z)e9is21@%^1u%225hI_eVe?lMmt>YMt(d>si8IA_ZQx6oeczuBQ0q&y9n@aKFiTmF zIwwwRpumtTlvHeRl~hoHbJa4HETOf%Sl9DcEPFts)8AiBOHes(N}p8ho4*43*BVN> z@W%YgFpn?GTeS|PQ|1+l!MqZ+If{Z9XsuJD_7b)KLd!lC_6;2maK1~IT_&t4#kB7d zmM<@<0NVaiKPS_}r3)FYI3sFLR&|z;sZWri(9X zmt(#{I>FpSOL)JhC2~Wn16O4-%T}+^xC66Ar4|kU4CYs1rMXw&%LSg6aR5|46Nx=9 zj0p6Kwe$U<_-lp#pZjON=ARmFx#r)0E872Mf7f1gP{Xf1DgNJ!_kZQz|JP|i`}==6DU>FF z9HwWvmteqJ^6-X-$7=q+{X~6kds%%}Ki`ITJ2Cc6RrI+7;2XDpwB2%zbgTQ+r(JvQ z{E_e(+H)7cAA7O=#SzRGFOnA*UOW9w+vppf9hLi0(MJ|$@kic|ZoeA-RO`oW7Z~QY zO=`@tf2wnLnOgY&F5bO$M8<#Vw~o0QSG=z}_*d$;Go9bsneuaXrY*!Iu^eQPn0j};5ihYi{ObeO)@-(!!z)u zof!eo{qP(K&n@soS)mx7qv4qa&oS_9`@&9Ti5>7nI(x0%PHzP>!*e|%4^LdX>ipc! zVDD*zClcEkc;ck!5qKW`<&SeHf1w0+6J>IK%17ux>m^LFM5a9hD`0apjE23!@m z_2A0Em4aIY&IK+9+zfDO;HH3^3~nO03E+~!S->TMO9U4W&J4~7js@5IFK82R8v;A$3Z8{0-6xw{tP5-gmto`L^x8+Q_ zf_|``ED^sL&RpZ~O8u&;T#es(PMxQAx#wRi>W}(!W&P*kABS?8N2_!l^b3E-KHjI% zJkp{K9CBWy3%n@=4~l&k+<9<=p{=WWrA_0Gpby?j-hsO44yfKJKO&S4mW$= z3eE|x?Ee4(@ISIs(O>ar(Eft)%ew4LF}OwG=7YPEe*S+@O9KQH0000803n%EQqGk$ zj#&!;04*T^02u%r0CQz@b#QcVZ)|ffb8~E8b9HcVZ*p`laCuc!2>=7l3@~8L3@~7I zcnbgl1n2_*00ig*006aGZFAc;68^4Vfw3ne(v_h)>BXt0?$zTsO=fa-&T`t!r8y2n zLK0$%U;)sQ?$_Tg0FodjCGB-ilSw3Cu~_Ur`vyd;N~sKydLZ04Ez<{X>R-(8jc9%; zUVoccMQWtX^Oz`{wCg)1@NiemBl{{G$cH7l~5tKoFlY&2zoVn0!I+zLTt0}g$@Lg# z;cs^8cA%*;jsWCsC-IAzixe!Q9Z99tSTC94UBZwHlH@XFxhHIhl$2(7BUC)9KrKZA11&-lv7uJ^qbkxEho|wNavsVyeqrm?#cx8JYkz<`6^` z|Gnbc&~UaTzmi44Eizz5fHm5it@$2H3_=9JFak?xQb=Rb zMSz1RwPT_nQOJ7K=L~0W5AXa6IXXmNwTAajuwo`%CQGSJ!B+er+#8M!*BMJ6kVsSD zpLE$A+V0PD=!u7G4~dAM{)V-S*7LnhY6li`tK0tS$-pj5bEfsqWb_NmEB7^S1t@`Z z&@k+7=hWVx+d-}H#1W|{t=kz=JY|yMk5bMc!?82+yW=^GAjF)DWkJUWIwa0$xsaqQC8Jx~w z)cN?S8Sw|ridIPcC!-@o{FLfE4e86ct%peZ8fU_SLIQch-D5N=*+wC_qP z-s57HtRNU2>U~HFhnOq2SYenV&DUeuGVR0mfR#LY0Z=&{Uqvyw zxM=*d9t(Fq;C}G4nhD5%0%_n5~`u6?Xm*nR59;zfDEUlt#P#}zyP{RNf z8UP@IssJN{Ue-&IE(3;U82}-L1PWCRP=Xpt1qRT-3bG5&i3CdJz=LZL)2G%q>@*G4 z)4I(C0kHRB{OghzIF6}`HNZpI3Zr>GA0cM!IqdcYgcUs9mSoc8Tq*f04LL!=6B5B;GoDHW7AOFi5vKjVFf`jX>mfHxZBIuR+(4LB$RLX2 z#?GkqlX~M5NI>XMPhXt9u=Q*0Tx5YQsSTxjMKX;%8 zdTGOEyS6Nhj$FtCc?uaOv!m9?z7FhFRhnUgVA~_mcQk|;gbl!DZf<}WAQJ`Nh+28z z+Yx!hoe{vWyek=q3=}q$Lmuq~b5GDKNiDOzSn3?vDr{$}K2_~5mRa1_U`^EzB^X%! ziP4a<$hQy;IlwQ&KxuOqK*KgkB)gfSP6+t8+V&WsDmt3$%%k35x-K+2nszGQJ@X!2 zSF`=9IVK-IeAunh(I*`GY<7j3B}G(_D_67ZNZGPmRX`6lSOu`AduakQyAsHvWxsfy z{(rK1{W)O$`tx-Z4Y&}PM@gs@ zvCM99gJElrcwL7gP|M^{tgpEZm_9AC?@FR ztTIbmh*`cIqqkUbSz%V^CZ!mi+txaP%x{t;a%E_9*%n|KXJ|8lk+%Nckc3jw4$C0> z+NL_e`#Hav;=c#m_ylfu%cP_0C^ToQS;nllL92W6u%7gEhPOJAo9@c&$YZ->!}5^k zEtmc+(P7P}4bfj#z7xGK^`xuiRw%l6xn1)|Y}ZKPPvFcIm>nt@ykK*MObWfL;YoYi zu5IjM8t5Kxn?T`^C7{GtUc#ZfV@`b00s#asl;Y4N_19zK;ACUJlL12@BN2GtW*ZYz zfh6|s&o>NVq+Bu`Zksq_=yI^U>dE9MZCO}L)C~sqK!G}TCq0iS?o1t9$WO-OS+&sA zUEtVzB!RaY=jZ3oC*++S{qf=%v`=SNydN)~(sO#=;{^RpvEZapv+bC;?@X;q>}3dd zU7Sz+Rwx9i=y#Aaj>9%LlFN*hXf{!#&`@z(NZLM#YukmnJu>(uTxZljByNbQ-lpkp zi5=Uvnn7O;NAIkIX02jQ>!{X1i+1b_v3bu*yJ9Z@bdIkC4!i(%R^*QerxPyv2)tyq~j_(u58$Xlt=&_!^XFSm^MOTaq(K}|a>ksk;` z<$DX8AE4#_?(c_j3&#qD*-2GSI{RD#QBq&vf~)Jh`{eHWpYPw?UB9%E$-Xr7G|*wy zo}qIGj-MVh8tJ-C(unNWh`Yw#y>s4sV5*mu$>h3-eE6Eaeh(*k`Rm;QbI~-Hn)m$I z76FhYFi5t~N>Ow0iy&4&T>lwD6vG!2o4R7+TX1{RWBbSo+q52jJx4&p;_rN~A^N3crLNP^FaJXZ4z5E%kPb6(08SSAVB1Aak5BXCw zZLy@?T$4y}tc2}Pm|AF;iSS$CX1WR}TjZQYJj}YZDiH(!m~FgaPhF=^s|hS(ve&@!zgfMH%lj`*^b{PkJ&9cd z-a@8Lc(BU#O7xG3%E1-2=p8gTt)xQeYuC}3bs!lmBrapOb2ov%H66nrfclna>9PK?9G=7iA_8H`1Oxym{q4Ka{@be?o7m|&J6Tx&9~$*w#i^J~285mml*UVc z0uy&XNzP}`=Q`d$mF7UeZLBSzUA-Moft_ceoAoOu_vG(H z+}D?u0{2}}7_hKK4f`{CjZxB5K$gW8z)WP6oECpsbL@3@>~_-Jp9IE3|A1Ow6aqPo zlwSEC|Hit&tRV^Qhzh{aD9uDPkhi=^fC}&dm!L@qW`le7iD_$tKfsc=)h1*&RcA;H zQf#-fgbndL1nwXkfhp3wJf4%Df>}dDQ7;^(Tc91&z9h@{Y@8W57o5)*?N15hru}{@@sC>PL@T1}_ zoouC6sntbif@Kpgd_mXbo}*W2eMNAZ4L{&|Al%@m?L+@}tF=)6#LNQ$0MtSN03iK$ ztMx2w?EVkiJf)&zwZVYm{ZiXzjIyzd)e!>=PHrnG*f= zq9f5_#I7MWfiV&3SX^1?7*kV2mKg3R0%xI;T0|sG8sPxeHDlS&ti>2>nc`BqNOA{ z^sgQ}=;`=X=3gb(S;IOkOD0tc>ln^Rdsn2|L}sN1h!V&Aob}tDgFRlh!RLDV@Z6QN zQ@th)JplPoReKW)Pcb(b-G;m3neC5xMBr=P4x3RTbrc62tV< zT=6oJItKZ81Z}rOjR9?wrau3yKEVrZ_@Oo?{XMRD`!QzE*Y_rS0tHDo4>kZbHVdl` zlJL=G?*^wY+Q2W%$1>i^1aeNq9PE)K1=JC@rqg&r{Zg+HeO~hcB@P}Y1;KitQqig> z>6NlIF~tzTi7@s)2mu>QrhBTxfNdqP1I+d!?sOH*DwZPBWu2=sZ>iYsS(Ig$2ETq!n)YfV1$9(N?SXIsuJS~*{s9T!P6fHxaw z3#WlS+zmt0#E-GM8Vttwjxft?0J_Mg)6@*1hpi%nW3rHs)rP+Q8dL#gq71;cA65W4 zQ_Zjb24}4|{nHmOA8LChyxmsA^fxEfdHpJItQRoNZaUkllRd4lwS3gCKZFN&*nc&< zZa#tji;gIz45Jx%0DvKO007kgqQlX^*4Xf`+y4n5*j9fxMDII&hI4dq%9Zzy{E0#V z=qyRD2?ZYf4zz3RU=2lTXhc!UuM--aWqv-UCi&W=6jK(C?Z^qxM5d>wKbocMw-*}> znln(|C9gJ3h?g@(6resjw;{$dHP?3{TgEdw=(Yk15SiKtx7Mp_u`0SAYt*JA$#fDbL-HUr7^ZaXyTJbeicN6tMjaoR-YBq+keph@Lfr6HTPa7W zur(o5Zdl{>&RV*F{R^P)ze%2%z#getgS=$7R+d?y@o$d2=VQi9kO46GPVp2W*OGhAkH z8(=g&sToFadoek!C@&q#XE!xPR=2Fg1_}kP#-7OC;s%)t78_y+XnWB?MR|oX%$+H{ zh?0JSC771Z;-zq*-I8P`Hs?+L-&FUWHZ?*1vi|=>^+n&sABSdzNH1Nyc&&9U@HcEzo~ zb`3L=Q7uW{azPa3IoqkA=53(2C$Q>4_Lc1;U>k~GER6+QgQi8$H}NsPpZN_T=k|=@ z-Nit=fUNKqcUmkl#S%X2MwXOXK_uHTch>uW_coFew9fkW0pLId2*!>})}VaIpMeaY z6mt|Jz{HcfsPW3=s!FelQ83FRi^Hgl^@pbjF|{VJO2xd@{l-7_9}g4_bVaH--31QV zrBs80aLVvVlK<^L%-9mm3uv?$2_p?2rTqIU3rHvfU7ol=grINDmcjG~py()!*r1j{ z*OcZ!<#2)7@s)wOPyubJP5U>ufpv_6)}QOvsBGRGi9`lbctOJre$5eD2F-~(gd!Hx z+!x+L9>A|MU=cJ8u((j)qBo6!fek+9Am}nKU4Huj$`<*}KEwd)J5Nq>-((##b?^}{ zO7>YgynB|fU)QR17R*uUcch!Kth%uoGmZ{g7wrekIbNv$o&XYh7R?~Ai`samj^dz1 zKUb*4qUulk?d0gKzbo+RMge0V^YJ7+-O0A5IIj8Jt-kaDvg=J6OoH-0#~Bfmb$rqC zf!I;*V^&^kOS(}|=Eq05OCVqQ^QA@FKY=wy*xM`3$0J8$(5m1s`Fo+gSe?*k^L;6j z`K~`CSax}|p#odNTx298cnrW#m3Lc3Rqi#WJxM&z`L9U<6cN0*8s(d<+6=)Ko00a* zH2$HPCV-eSoe*VXH2T_5xR%IM|AG&bg`kzQ?ehKz4F*z7W@IeJb9Nnvyf)Le;7I0| zlvZ@uWYK4;7w%v*m6}H9Q;1dpPy+E9!eUdD07qFJR4dMn#-8fgc>{f|cdn66B6O`#Ukxlu{Ds{}YZnD0=Tj?ukvO9QPXp<)2a=hw4?n><^DeEQ~0t1-u|d&MycAIa`HAROp=!Q09F z;Cut(`3&f?e9}Kh1@ns$A;N6OffBJ}^|L_%T?YbR%z8|PV^vbdMX2meO!0%V)&%0^ zvce~{tXj(`EQON;8Ph^aaF;-N>1plv!=j}0)(`Ck>K49(N=>PLG3EHfHm@LM7 zJje4RUc)_0<*69BRYVba{YVYr_)}c(!s1oYyNDVZ#S=)hnB&6izQSX|Cm_q5CuDK4SPPzkRBtX`yHTXLBU zh}Zd&AeSubT*L~INPy|EaduC!=yF0HpFsrJ7V(d^)9I+48oEX^RwJ&568m95BA%gK z3t4m?3LNgXf1H4K0|flEnoLAMt9!bHzLYu~ zE^2vz%9rK^xad8U-~YIwybvJ{Ic%1xdSqfwJ3lT5%~`|OUfSHal4Q5|y zC>Y|X(U$_J0fuqf%n>*p&npG1=yS-O!YcG-DXkQh&fc`xg&&hLxWPVQYYwOWhWrv6 z@x<+p%6GVnYhlhaqK77mO?n}2$6&ni713wj^v!?S=Se6Y89GsfQ5foVU#MgR4$Ak& z?PE9qw{KQ@-ziP(V{y~)7&9IxXhPo)VDAgVEDM>i8MOnc`T8jU_25<6mIT`EOZj4m z(jb|^DOSCKmC>>!f3#p8Y&9U>Xw2uTo*gK5?R_jC#TPM?@K{nuS_bb}ww6fI!vUEs zS8{6vf1WXyxOqr)v#gK#m;_-3qPXZp5Ux(%o#Ov_Qa+{gFQ=C$w|y>E4u|ltq^XeE zz!(pGy;$&0bxG|0u%TdoVBAlLoZvcHcqrijlhY7cIo|#OX1wtdO4^49pk*^On%egL2phB zNGtmG64!=`$&tnl$(z>%z6s+T>s`0~gX?^&R(;h6duY(DHUVzEj}Z2}TQs>Ce@l!0 z-6^H%eko}`d}9GvUS$_SR}P8W4Dy#;pM@40gv}(4CCW7c$l37VU~ zn?Un4hrGo@?BTaSdgNAgVscHra4E|F92NVGms(S*q&-aKz(p`j;*uQO%DhPSwRNTP z0Q1DBY7`9<{1cHp40WQtE;P6D^j1=C(n0$#3~uAv;LO)t<GmklW&ZZ+Gru5X&5-P{E~R~) zc3Y$L>FuTlT@(rk894@u+COzA*Q~S*O6yfd{6?jWxRl{f2_=5gbe6CPQ?>Wotsb2I z8dAMl&Y_4m@;H>pSbTo>&2lZ#G2lQl_gkp~bZ=x#k0zoa+I&&LeGY&Yfd{qs-?%(I zEKMlxNWOJuNV~w{bk|XjeT}ial0|pVfYL}f6gYs;6eQ;d@^S+=B zjR+q0c|RP_&kGyv4P_Td0hUCpMvXO^L+luGM3}f`*k>lRL- zKtdeMx9Y>)UPu*f$h-07tK1cE?D83z-PByXb52)MZQtuS@NKO1*95I8O8dJEr5$lt z_VKr4Hk_WMH;OZ2%wyX zaX=1k>hyg#EyP-VA+~p8;T*<}j)XNT1s3kW%=GnnLJ?9aM!a^f2tAf~_{&vAIuF`W zbg}P%DXdV7T_#J=d$y(y;HY2;#0J*OSLrR|UtS_zLx5sZL{vy^ZhqkhkZ3tb|4#at zdRv0)f{J)=?qQ>q|5R(@7D%bVX+C!%oyCHn#CF-!cX0PawNU-QvvzRW*cJF~m7XT` z%j6w@?{hL3HQx;fxU24&AbM*yQ*aXH8Q+)rJYTMT83U;t3@TcSgjdXi^Yf-aGJa5h zxP71R(|p~PF8FrgYl6x=z!hV5_s>BLha$xgUd?ul4Uyj$efaX}`?_aB;^JTafJs`W zPp_IVJnk|-n@a}l?ZRYFZkOQC?DV{ynLV@d`o7)a^vLdXb9+7@(dlO8X6yF748Mi4 z)8BqvK6SR9l%DY8lUgdF$?$Y%IML6-jhEc=w>VW#TiA`8PPp?T0W3!j$5>uoXR)}A z%@!f7JP0Jvo?W?r)I#j6QRxIyE;>+lXXh%tn%z;N|>vsQBPVSnQ33??u|KU%md2D2zZ&!ysTD&cVxK_;I;jo2{Pqd3cTZO>|V>Zlzog*X~xoSST7=bwf_qDYmilyJZz9SvRvfl-QyQs2de}ezt>;TlSqygZ6NgDpw#s9OQ|Cb%m)3b9o zGB7eX(bJ><-w7K2OE&>vOcRP3uJ36;=g*<^>YhSg$=M6Ojh zozm+8mjgL#v2Q3O-##^2ZpVY5>>5qXl+RD=-j}zBm+iar3fRL}jcty%e85|19*mBx zn>zl;W4zpnp1o4v<>yK@hq^5F9v`!rtcE0%xcprnZsZHelY=FH-Z3@h*gN zrurp1mgw)&W*<1ZwVQsm2xpSd4}V*T#lRgy;p>>g5C)9Mce6xGF-PFyu}krX=L_K? zDBw8r7b>#Nt`rhDfTtH+YbM%IGQ9em@Dn9iNy0xk2cyJ{CpV{BYpt56s%c$wToS;% z?Dk1852h(yIQR~hKKDNrMoTG8Rm$bBH!JR2sZ9(%e3HuUUwar%1P7G4{?*rsrp4HI zsXQznvOkloWP^GyKU9IHn6>adb8QjV&Yt4pu?CT5n)(=A;^DRY`QgvG-Z5CH+Z>Ld9T^Nz5+!H*U-3zKMlI26qPTjVbzpj@hdA*Xv_y$ z&8BnfaZV3fVF|Mt&ut1|M$|@QJk_}WI%Y+YA?)o-%?J9ygI!co1|;-N3ffuRCJUnNEiNi5EZXd!RTbI?Rb^JBZ^>xd zsm>-_B;C-rG4~((Vg!hz7XYgP4gkY@a)0)9nuKCpe&5u$sG1u`>Lc|UuAzAye7q4| zLOgc$S%g!Ou$33`P66uGsSJ@AQx7TiF&h`yUs43*_NGX#E;4}(ptI;B`*DLV8}I<% zGfRRVbFu+l?QEWpK2SUEll8myIPceVMX-RH3aLDcAggMMh~c7_ErY!ML>lT~HVqe+ z5(CE?=wy?ArUDq%ER%-uetnhd$%O26rACs{f6UI+_je^b;|-0f=(3q$1r)n?GywO~ z=bLY@LY#Y9PvO8QqV&npgCmnvgx=OFI$_#x7?P@kJ8Xa_ZinpPA-qt%h)znOZ4`N< zpXPQmY%(Sj)~jwQYKq=s&x|~G7sHFmPfg2Dx>mbnB>FcG+U16Sf8L(_RSUAdFTyP5 zUKWaU-7K{laiP9QlK2cchKmlkr$>vZ&F7hkC4CMDm^5foG?{_}Q7kT*&KkRo- zF#ky?s)V7UpdpizrGsFJUUA-Rt)~2$8nyXjCI!i<8vW^GCJo8i3I)bvCRNd{T6Ox9 z|A1eVw`H@FcO8THN4RDQpE5=TJbK6lad7;*xq&j;3@&w4f2}Td?O$r^N;wp=^9|^Y z3vMXxb8cwvi%zJ{^B2_X${oG7-fw|D|M%;G>-WH5@C()c3Vvm`uy^t0f9IZ1p5{Ac zSJnL5ZfVa-&E8L9P_eT;8XJ1KG}80m0<>DbO}7+RrB>kQ;LzX}zIALWGpG&?#`sh? zElW=$>ZZbUIQiX#S~@%(`6zg$g$5iyAXm|050P?cIfjK7a(~5x!xS8HJ98%9=ZUXllxFZo=4Iu-Xco&h$%ddb&pp9wzsMsm#1 zuzl6&vJ6jFg{|Q)vrSLdbe|b6vkfA;6Dd)XuZ)oGyi&UR@C-f-Zrs_%8ti^JvDOOv z!)7*4RsmgZbu47)x^BCMO4P4)!jG1d1|sd8!f-KtW`69hVewZ_6*E6p6T}n{Ydckl4;pdA9O5TwcvOm;~tzIxKSz5 zPH8}2_oT1U<@uY81&~73I#IJkm7FU1&@!As9j)0oR1y6ai`e{tKjvc?oT@3S`m9pw z!Cd+F&Q!Zp;rQJbaM2QRq`73<=F_ohtz7X?jpS;5UHPO)&3y`=!{vIs7)jsjQ0(^p zc|`5=?zCj@?rghO&4&Hm=Xml!PTx&PXM!c8OTScM)45934*lJCl&aV6bRN~lVOL^b zIG!2J#b@56Xj4ZN`E>Y7S*lzg8LhbWywK!1cnrroXoE(*lp&J}Mz^+-y60S;`FO@$ zo6~-KFLDQRF!?aEfY){8cd!^S?NGUNNY~?3%?ZzsiSz6Fa-6l-HMS=`epDQyMBUDY z12eT@Td!P+ihhX{7&=I4)Na6iqzFwlH{yce@`S)sv*{FZ`dEIGjV1oR)Z;aP-Z!rgRH8Ujp zOt?6`GP-iwzcO*w{65{tcBy)e{JG2N9nvcQkmfQ!Qp5fw^DnRCRo{|XO!7EH3-Yv( zW3jrK9FJl}YfR&L*Hs$>8-}t)g~QcVp%~XKMw@i(Xp5M^D!7B;;>tFkLtP^8vJb;a zikoeZ&D@Rl2gH?nyGt{u=YtKux5Dny8(8DtcVQMQnNoF&dm@5(e$i9KtigxjWXr;J zJ8fUB=Dqc`y2t6& zvSq!lruDrn_niy*iwk)rO4M!EUl(r53C5I|53tW{p_XqBKCUatiw1I=(OQXA|AWr) zgfai-J$`hIPI8q)NPWoMgq=97@!tqQzu6?Ok9x0#X31shR63ld%gkFo0S&Z*L&3^1 z+U;TS35&HOqh-FFrB@7|SvdqduZJZ?n>Dhc1MXcO{lpL%{)AUzJ2%hwIIX|9mMU6G z6R<^wnKIP`4KldDJ{@NjIu-a4{WJs*hNvgRE1FNO;h163h3fkcuLH6fyLqD)oWNQK zbh$wXcm$+CYhnWL602_W9ZiJJ0@pe!+>&Bf<~dz(Ocuh&{F0tjm%LXJ(njGoiY}74 z!DqPDbADD(QcOm|dyaOj!_plUic-YO_bg9L0KdkwEA#!$f^BRP-Nvg3kN1U{9+>AX zk0^3aO%YJYESr4xka>gH%ZJ)y_3$mKz&zvom(s_Xupb1r4QP2)OO{-+&NZf5oF64N zgsP@XUVOegd}VAqtT*McNg_UL7L?}%lt`~6Tp&j`Ub zgQBTv2WSY=os8vrDxhgjNw_@7B~}3LFYZJ;4@kTWeK>nhZP4 zXwJHhFzs~B#$b;s<{7ypW^NNulPpBPTf9yWIwAT9OWP+W*d|xIvaMEY{st*t9dO%y zwRF80d4*aB5Cc7QLr?;@1?ROMIvl(^EHr-wEmWv%S&ys5s}Qnw#ME*hff69UHn;mx zN>U@!0nPf`aQf`OH%zH{7Y;~0h|7K2f!soze>02%5)4Q(8wb}C0EC9`&)?Va2>OCq zzgZMPvS(V$$*?{rs!DefO=+S|Y2PL!x zu*|$I9fe}>5mCI(u+)h5$1N6Q`t$S?H7To`is0ro0BmeZ#fXtUZ8>_ZK9C4#lIs#q zz_X^rw&?!W&?Xm(#vX{qu7gS@4JKM#V}+gYu*@?Gmm%)V2qV0G_D@=wOK zA7e!slW2J*RH4nZJNyYVt$~IOe^0q7<~WI8b!*Bigzm$iUCA}<&5!(_Zjf=4*xretSA$>Vx4SSXd1gxDHXfE2$j3 zbNB*40BbtFF{FUoESg{0BWqn?tCST~-p>MoZ`^@DZBLG0Cz9@cr#Mi!5j~{`;I9AW z9TLr(PeR)+%yTO1dhb`)RvjnBhiW;PR}UbD%U}zUO0wN-eFmzZ7EYIpBC_;Cz>ffO zQ>?~P1S>YtRh5b}kN|gOjMWNp8h(>%<^-Dg=>&tX2?I@8=-S%yJP(D{KBR2Tih0K5 z^z{CuO8gg4pH1Dl{=VQ&5VI}vs^e0=t)FKAmL)$4oNmJVVh6%tR-CZMe6zwXLf#Kk zS_o_~0I=U5*w$>zYF!gGN42#RzegwBWC5r|0;3;sBN~7)rflXY1t|X ztC7*5Cu#S{&I1Z%hj!M5TnK(%spBux7>>3gN~A$RcxYe`YOB1w6GxYYjB604YW$hb zDI-Up06|k>d}#9YK;3$p{3*Dh3NYgAWm1X-NcdqS=?LDNdCSxfP*IL@8j=o~XPFSK zIFTo(+o1uZt=bhptA`q_iuSm{Y5ka~7{ah+;GQj~J3vy;9ofJiYeZmavGuJuTee1z z8o5?~@}$d2|Fwxm)o*thaDM~r(n#xomOxJ45Z&&CXaPyps0V39QE5{F-rOybdZN;x zpH}Mcwm^Knj_peHbS=hG2pi6d-~hG!Fb&uO<(Hr3#bDjHMU7VwM*4QOqhcL!EYTHq zf%5G0GAz!@J=fHWa#8t7*g$uI8t&)c&{)J>njX=+>7+CpD(QWB zO;OX%QJ3>f;)>ugk>}8Y##I05oJg9t)F>WuAzXxeL4f;6n%p@%!4Q|;lfTQc`?~$r zMkArPKdDhy1xRj5{!GJi;R0=a#d~O4sFaV{FjAp{Ed?hIZ-tgQiHD*dpbk>e;Hbr? z&M@%thRgvube;6P+tkV62v?(yzNhGk0WSyMosbfp;>pLoUzs|sEwHw!AC}T1i^VJr z^K63f7X%NQ42}YTwgDA%WN})D%aP3#jkKRd(B&)>+P3@Or2}%>u)AfrcOjAB zp#=1bdEZHyZ!619bMYXuVTXvi#DJ`((0-gL6bDyCC zKGW#;VJ=)<@d^K*aN%)jmI2 z+SMb{%vO3Ni<~B`i9WE2{R|Z}bkI3wY*8ETKc6IxRK*Q4*MOEGju@NdWnFr%!e}BL z*a@C}#j%P?pEp&o>uO^ez`qfgHb631gq=3`Cr1S-?m&lPQ1^?P!*a8TWRyd~W!QB0*1u=G~}X#lGeM`yzO*t4FsKKs{y{&pI(o^n>U1@1yN44}Dk1=9qW& z6LA1G9Vm?~BOjY9d+U#(rMThDu=u2Ea4r~x6hekAIcRzH7$`A83ktJ3l#h&Q1K=yJ zzC~J|pzkh@0B2DbI(cq8N3{O0X3-u^GS(`VH=fu3 z#ZMI?C34Din?^=umeZS{6Owlkfp=CCB!>=_lxbq_g%DMRA*Hw=gidRFU`*<@+?>P* z$(3>#> zqfK&>&gyADD|p#?w?i-=h=vad`V*P({8fU1C(iq!H%N>UiMdMCrN2sTf;Dsq$la*r zelRZ)M%pco@xUSPS^S*g)-9W(dmFr{?v5-4Yl@C*768Q`j8JL|Q{`2USTk^r5ORAx z03}WnFDgvl7XF3DlbWyG+UFYVn@URZRa=FJy;*+;1rg1kBzJ57O}xz0aOTGSg%&dx z4S$d#MzCK&I&TL15nmZ+n8J8qri#q&$+1n4cvJ0S+UtiQPUSKYSeD9v)h6~II8s9a z%a5-0mv`ISL|eP$soyj@gTWj8UOE1d67Uh0dcO09jycmeyO4k{a?9gaoy1tbR{RKv zHxZ-=n~X54az{_NphbTzGwsV606hY6f*`aT;vmosQD;Y=A8dclw60+w4X~#K+fax< zFQ#=+G|~o^(ZNtlOFg8amU~O~m0yZQOXAgUmgc1i6FI|W7M1ZTur+%Yt|2@Vv`;AI zA`Pl2#q96$+fYG##?(hz^JfP6{97Z}Na2O@-1sBj&d^^1wV@G%8}NmD$>0g&_fd&%hn<@3_8a0&CtH#yyKvgeA=Ju*FbLwo}W0sY~xq`e0ZfU_|o_xv74VM)?N zP^xXou^ho`mOp+H_dRGBQRe6gE*hF`6bjd@s%tgws4GLmg1bUlWQgm3r&(QvhFkit)(F|eqBu_5#hPnD ztQI1avS?-NPgr4I>%}9y530=aHC4o$Gim-9W^p$y9&!xH&Klk{8^Q2EtzJs-q;67Q z3pQvzdju37vF^#(!s#~%i))Nq0zwQErJp(NzWbi~iQ1keP%Rhw9Tm=*K5f7kSXwa` zY~2mkV-yL`fs$P<;0NVy{p3@KfY+~Z;;cnL$%be1sWIWe>~!pVaEA*Go)gj)S2r+hzj%_toUQDOP6h%1v|D3x(C*Dv zpWf0=c(?MWEgIU(jTp$AyF4=@ZT`6086Z$ihUd^av+sp#Jhw_gvf6T*#-e>p^KSHQ zuJ9Q`5w9{{Z?G+}LvE36{p8s*OwMBA7W+7uBM%E_xNfRGXKSarjyLM7New8{d~dhO z^^>M4DK?X`-ESx3?{y3!v7Zw@aLp^ns&dK;ri^jGG0xT2C3BZRC3t@}aMP7FZ`kVH*j@njbni4@#F?~P)!~WK>1_A2 zDE`g;sfH_#tuEy15NRiN1(sRe`u0QeG~QO8nIG9dkErJu(MUT2`+sZ+tV*t)r74hgTV4TUymn8nhnvJmdR($uK)}81Wu_H z%U61Wv+ww0H{5~`p!eq=63NDAiT!Pz@J|L^34bsF2VqB?YqR^_71`Uu)pPWJ`fw2W zbHW##>5EX$2}|CRTlfjR$`gtMI>?@okbjHg0mwp%8+1NDUIw#HG+cQ{lY{Kv)zk&- zi|T}2l58Lnnqsj!)Atr-J$8l5%R}*8z^g5uYDm~SBW@46*^YmUv%m+kWz+{(ONbx$ zrqx%tU0}42fx851i~L&Xf~bd3ZwI{9i4CPx7ke?&P6-8U==8iWqyqGP2-il?i3Z;N zr!QI_&EoBupdh*(A2qI5dsV-3a^*#DJg52rZ052q^0ZBR}bSM`WPxEO1=CNV7A zF5<_UB!mHD@CVV>rv_ZGv4g=fS#od%n?TB%3@<-lEAhvYC2-4PNH+Co*0E9^%AZM^ zlaw2UQRND}B`YeTz>Z5-#UV&X8mJk>hhj?vzfkUpQCCv{L0){*- z-y+I}8CJjgR*LRcm|lF_0-(r17ir6VitHY6?I5hC>7gX-fTtBpRLyTm8Ym;Nt|dJ< z;gN%DigwXY05GGnqka86pBVbntNSiQKG`p%f|WdzxsmdlnQ#nJY%@0W4^CtA?5}Nn zBR6QkBvNvM7El8aY(5phKVP><&R6$UFSRmhDFHBKf)rMf_R2DnxDk(CdX7ahVU~b* zM2R3A^kfkjEo$6xTW@r0_^3YTQ8DN`(X$d;r#qFYmo&Kwlt@NGrCWKBF~*Y{xV=vk z4xQ5w6{>+HuFYs30~U9vbTPb38ll&n1R!r1S?x#)0)GpP$}fG&0kCwAU?M=AJf#5d zyC;_#aGWw%R7S19u0*Y&!iJFANC@%NlQTjkC$jL`7K{(vpVMyG2R+K14g2pgmZ&pJk5{M2V36*dKnn>2NeC0wVjkcpO=;#k z#c6cj>{_EJ9F9U=1+t=20ce}FR`J2%v4CzT1{+p%XN~($!gqjN)?Ip$F%nODsB5~c zYM~3Lg5#w4C{+dcT!H04Xhu1m`93>Kx{=+Wmh>MVq#$Z1cS<&u{1j} zAie+pv9hb&5Re7x3ZgB{s01ZzEseWn)VPa9S z5b~a78`c#~n@mr}VE0_+=D&^uG_s2(lzG6?;X0|a)G+ErvJevM+o;7%H;&KCYsj+; zIqBYT#~2I3e5%53rX~sD8f&Q+nV%sG&5GVJ$)-NIcptsDcUOTsT>YvZ0!ofdJlF2X7*2Lj_LG7du?7!X4hY3@e}I;6KgaqY@t%xh$f||z#Rc6-q=dS~Lclz+THtWUA;QV&3nN1d zz8_6T`z@PmiaEpE*^K{o6qB-es-Xe=S+f?Z18Vq?&py!Whc&zv6D06QX}i$s+x_V~ zb|qrxVBdcyxmv?(D_o#2POO=AGI1MEwIVJFh~ zz7GYOg{%iFWCP4F{8GyxfnWT(!7j(A7J3FUkKmIz8CMd2>2b4R46qiw&zVlb0ElN# z8X=$$Cq_h4uCoPv3T6D2=Mq#SB_9#8q5*2R9lx1IPE%=C9dQ7;-UjD1nia5m)?LuO z&isJ%i=^a^z_SNg5VD$$e~-pU7X01LyPGp~jU)f&=OW=&C4fp3*wKG6J=U0Cg(e}h zM?J~_N0j8J2%3b)|G9jsAHlH>~ZP{ewZYcJNH;yGPlyLp*u zhwQ3)Z`lt@jurGaFeO=So}M)|6F~CdgLme)OTRF~xOQp5XuY8+Y>fwZJg^DrJA2=`~fq{%C;J0g#65&nuAeB%?KwA0!}uX=BA=@yK;t z2N}JQ$6`^8kSA8J&6J>AN=8)@NwTqI1)`-<`KZo_f*l3rgNq1L9~p^~CBB35mu(pj zIgkVz@oBGFwCruhh|hs|hNJ>4%T$8~Jaos6Y)W73OHpuu;~b7hDm~>_LlAS<>4QZgu72;ybF6KA6h)vF>q&3f6ejw3^!h3F(YjBB7#YE^I9+NR2U+o>?hP$uvfqpma~*KzL6fl zi?JyK;ib+CIpv}Hn0@*3v6p&e=ua#fQ)`@twEe=2;i(8s1;5RjRHnZ zMBf9E#Wrr1kk5L^+W!XIGPEHbha=t%)m2EDW9&l_&Wm^&poEtWH0sjcQ5j+n+hzHk zcMMXi*oTWY6G4D3AyjJ6(F;qpNH?MbYoPxbV7&`f+(no$WByFN)u&0S{nlsfikDVs z@abgxYq@QU0?BPe*S6CKi&cc96!4`G;rv1~4F)M&<%Ta|1qdE9ChZe|Vd>hf%J2HG zYlV_j*+o<);xuZ)LQ$CUy^u0w)9gKnUS9TJn`4`JeAA;Zc&3)aN=vom4y<8SqVcik zyyv~=xaYa2CaHhcqYg|)#V1ZvibCF2!r*O#*hLM4L7)4?g2mF3mfQ5g3PW2)5Hr}% zv=#xv+4@vn=(YFazObA#-)4nc$NPhwh*7u})emJ!t4~ILJSdxx5qk7?9{}}cqPBEj z?zG~Kl02r{kHAj4ZLnEVNPPF~kt3_qcWgFqk zjZVn?FX>=z4DZZl?ZlJxN@efXr$Z8;fg!q9vKXRKsR&FLF=XBe9ys|<=NVo}v+WQsAW zE*v=a(*ipjOz*)ac$8R|U768iwnSs2!e64l9N4fDMPPMw9j&4C$T48=5bAMnc&OZnpYd|o$frE% z5(0N;T1^C?GGO=Un+ViF+K<|~-K3mmyhms?Pw4<~e!9RSMOm8xstc#<;DJUGe|3vJ zn@HQ8pHebX#2<#Z`_#1-|5{+9pgkoSGR;yX50g|Is029YBIoaaj~*3UR*G;S0^?#? zARaO-)1;8WKY|PXj)|_cJdZOWjZ4=rgP*(cB&4EA4J7r>aOFuJW67fb znG7sEX4BN-iKj-fG!>d&s#NA~%fJMgoG@#tq{v0?K56>JUZ#7&lEHw-_53i6wJZUY zupX45-mBVqd&8LN*sRqaCyM1 zBE^Ya??$SG)K?FUB6k))?-^d^QZqyC8=FS~c=4WJ_Q`# zO3g^saYgYeiUXk^zi6Pi+=LGjYSEz4C zPFLvoD#Pzq6gmPC&72CjojLWR3mFpnGIhPfj8YNS_H-T53c4h{-lEMZtZWfv!N&{=PDGT>QVNL_$F*Ui+SAD%krxqVRvOS6TalJ-HUREK~;TxQY2fLfB|`9 zzCl$?`Bz*a63M|QwMq}L5fjLVy!kN$9*AQpy0g!ZO<^NsE2PrEJh+Y_gXno=IL{F% zXqGKm?-2=+^i5?&rYud~*`If;V`VppZs2cqBfo=fAnb_a_f{iC%Mn!+frh?<3qpgR z^C!f;Pq4Hfra8S>=HJ7%^N1lqr^e|H5UxkFWbiQRCHGg8XPHIdsVVp%cck#)jW+md zuZfVe*#Hj;xm<8tlWl#gh$`wbhS`R?>PhG)r>)J!b*89N}O6h2PoG|oqGN$5T)_6KMfwV;Izn&>ZN4;+<;)6bVWC@1S6hz2Q z{p!XM3-dE_tDuntC>%?bg93u&n_!Ed?G!jY2k(EoB4B`o&h4T-w-AJ;>7&OE9#Pb9^I4Paok5S z7NE#a4`788QWlGFpRoo)M?4a?2Tj~0@(+?LHyT^av%pl?M?}?0<2o|Af_kDyHkidl z>F?xYM(HlK;hj`QI|@(LtL>Q)+^);R7M`xMdkg2CpBO&+=q?whd>|v40f6sM`x=9EzZL*oC#02lG zC5&wo2#2q@d!Gwu0ljtQ3J6DCEUJ77ZSzg%*>;?#{N`*vZk+&F0-lqe>oU0gKf`W@FKUc<84FHiar?ROY@! zjCeu*19!3^!*DXuv2m|%$biA}$7JP{27|klUCEf%(A|M;9mfvg_1t&K-nO25Rs-`G z5z5|5V=%TKS^1g{da_xAX5)9dx}gB=p4B8OqTdK&;ZFOkb|$9OYYJJc(RRGiX^`8X z!#&q=zz3&l_co+vDJ4oi zTemI@`MfstJB;4o4E*#U6z8a?B&e2E#&CP1)a#0PD<2#cUbyodXKnSLZtS1$S6Do; zOc~lDwPOghq>Rt$%%kpqO0I32P(e|vM9T}gSHLENJz+fjExEd_&iSwVXR zK}%KRIZO6AjwZ`kb1lg9YO9WI@ab{6gO*Vriu6bLtKUxM)Gc*co|eM7!HaVyoDyl# z@+gr0g-WmwX&~eD_7x*~CdTQy8K*QP(nUlj+gJNv+VEKF$Got2StDdocyZeKD=W{6=)zA|`TOj4?W|!buGTUG#z*8VLC36nZ=92`x8mrKRckIk06Q3~xi? z+_du3yXATDhW0mtTVe|%+WD}4K+3T}n;0KddFT!s2njK@#$_vEdnr?|5=5E!d$#zV z;NAi9xhUA1kfH?JZNa0QF=nag;jfu zy8!)AK|x1LC>f>z7JsWa zN68GB7{rReNU~^Ym4$}A(?Iu&$f=%V1oIOyLD{PXDTT^n9wzc$_@x0W>BP)TO^u-g zZdS!&P5lS6Jdd~<-bTDtauFuT;rJs%(3k9?&8X}v5Wq95O9vzOxS;bgxVZRqRCxuX zV~dyvQ$Fd23T@GX=`X?8k5hoN-TXlhMM&*nc7_GjjT6TJ$(gBawr4{VLc)RrLtn z4N7~0J~xTFc_vWyo;%dm3wAd@#C7LEKG278W_0kg2lZ_f6arOoGhxMdEgrFKa&trX zR=E2%ggLB%(?poI`G=73E6s-=htU_y=TT~=sPFDP%<=4RpI05_L0FuR0QMi;^3niU z-ES&8r2_%n?}E{vmL|)Y1&~S&+*g`p&=Lk6b>8rSP{Xhjd_f#j$wWn$r^8R7=bqdD?R8N!kk zzcjj#v)|6)ai1@991@jSSXoWoClD0oJM-WiM4*{|7hKuTyGvp8{ec}M$4Ql|nNVA)57#51$(FGU zXqDx}F6#N&xXk6LmPBbmb|DsA*!Z^WRFp=%wGecF_AM8k)ca(GZ~ug_VAc>uupLR7 zV4z;a5DTAwN{m+YkUjK>sfod3ySqZakh(ryoZFmR)j{kE5|e8yDny}WT*)a?w$VBz zY!O>Z(Hn-s%TUA+r#!66+a%QS_=wMki|hSb3p81~c+=_l9ve@7|F-M$P2Hke z5%e^- zxOWz0e>ptZNBc3ibCW1_)a#B;BEDg_PN)^BHA19br$#01gpR4VMkg&@bKm@! zq0L5k`K%Nqv8UwSiW&jkFO{_RF$tv9=$7oC1PXomS9eruTW6R}O!joZnMwge+h}Lq zY|X_gBkdhxkim0bkMECfsoLHcsg64UL)b^$$&*VQOMD7i*5zc;{mP~HgtSi?QjIDR( zJqB36fd6sPeAyqvR7zA{B`rCL3vftw_6QD#LVpL_*pf`Qhl>LNe?h$^PX_K3m#ggN zXvOTJ`OVl({3ZwElS@UK<`+BjLcWR=7(`OLE*vIHN*+eRWhv5`7j{8rc4Qwq{OZs@2bSL4(-jOVXz^RaMtxN%Y$1#X#&-fF20PG$&r1o z9Gc@jK-8zHiNx%dGN57x?kR*)QgCRMfe$|=Liu7YCqQq7A8tON?e0cb{&XIuX;wyR zN7XvBtcG2!kuEB;;C)_EH+7hs*QsPCJvi^wO)eK~@<2SIsKhar7M63BltSx|497Q`IQtrFuBw627u5>KT~}f5CfG9v)=4&i{Yic5^8VfP zft%o&f{yd{+&PC5I}61>tExxNRTk+wkVF%|jCMb3?FHh2839~IQjaPgq4%;7xr=i| z@MyeB-~QV+Nhg9}GB&qkVHxuP>Seci_dlrCEiyzlI_o~5SYb+}1Gm<^X{UAsT7|R2lvk{z z%3~{ys!z>8un{eOWn|gHe^jx(_oxV2D=E!Diqb;wVU;SH@C=zXgm{ivj-XayIfSoC zs4vd=-5lrUBpzLhbzL5b;w5_fXw3K&G+6+*?dItmYa&dVH#ewEx8YmIofSZGx+d2L63`C{09;xK}*SiN^_x!;dF;!ISkWoB33vbu^5t(lqtt#* z8ZdFZ(u*ij`LqBOPBcbE0~ng$+3mf$Sa`ir`?Xrxh_F)s#>zBBkZ7f2)be|of@#6XyDy~VhR*S? zBu}%+o&LpDHjq*^pfapGdw=12<|>TpkA7oNw|)+NZ_fpwlnh**?kNg2xo}<|MT1bkW+j;=w!~LC zmY(rB6Uoi$DI)*8``H+)#OxGg@Py}R5kif(G%7^bmh$gY;xEW5hgBg4(Pqi%s|pkd z8?@#FcjR7E1dY!>1?*rUzOxtZ^g+J-Rg_k{wvDuo>37%K_q#vRD=_aD?iS{P9H-{{ z3k1IGN!U&-3k*5s7LG%~3e0STI1OL#hTfje+bD2eviBvioA(d?EsQ?xDY{+H*%(AP zk7Fko_D9zzJ&O>n7F16^W}YDyR@3CdUAb?d-*E#CJ#Uu&bfVkOP)*_7zFCXM$6}aq zIVG6;k6!w->%ywH1rD??#hAD!t_2!SRLGg={=8mF&2+cC*OpUU{4UD&gsuoTTqT1^ zO!Yl8xgRxS9~4$JVXd_#!{9_BY>*1(dPTVaC3$$W>gie$Les{37Is6(gNq*Y%TuK& zJN}Qu@Kt#=(Gpj&UZF#2Rn%}{Oq%unf!v7sy5T@Alx-R8pBO zWM6eRk#fh!ungtOZ^y9%8jNzh(VHX{28bMXNm|$4uLSVI4Ng0y58VGuqmqQZD5_E*P%S3P zaiAGAZz22>rf0lqk7vy9mqdONiq)}2DEn%^>vdn@wWG9B21)7WH zLia`uk%k*^un=ER2*{+Wy}kx$Y9Bl8g-5_@ZDAly8RUE9{f=gsu%dq^7z@1bCe!xQ z9vJhy-qL8p#E@yh9{Qw#b3D-*zrVQrnul`*cBEkEE50YRHE4mhM{j1M zqwQa#V3Hi;m2u+<2lrrC3E$Vn<2WDFVEzEXBg#o3G(-KCBI%(deFDK2+}qPQuXdD+ zVW(rI!ojPCDgHZB8bB4=@Ob4$LO=Sg45KfB_BbDIE?UAUJU)(39|Ynj!mcucVA?;K ziI^4MZX#e8j}w9o-+VmxFYGNMyiXM7huV5c3d`DcEORV2R)EEKOllDO>gWGSKb0NP zE^meg0)jvS0%H8{Mt5rmS2trjJ9C%+g~>fmbIWyO1bGx+7zs>JjN0XM4aa>;E-O1V zg#&-ZnMK}Y?Le-Q>pK!(j+JScS2s>asd}U$%RT~)5XVZZ#(fC z%}`Brdrk$)gfIA_~lUluof-ccg$6k3!%R8G5eyfPxSMSIdXAwnef?` zx^NY9n%Kimq$nVn6v+F2MAM33DiI0nYf;UfwkfYi^q`~LR+or`c`>m4T^p)bA@Y4A zAq=`8Q`G!lvp9^RMX{SoW)TD`4cWL0<4Mk4#aWe|;A(HljRM5nN?m5Y*8J&NyVn|6 zO$KNqUGwrP=oAeTL5U^T6o?0fxb4VPHx#KB!=Eqn**GP()|t8*M=}&Ogbrep_OD&hwGExdXEbsCTlw|FHMU9G^pS*x;}C#t7c)5=vauS!N9h+ z&BqX*C^$?wTo6T~D9NNOh1_|AxUn=|<}wNW`?H!_VOa$vb@@5jk|XK|NUz4rs}<3B zx)6Ok^C=_4W*P=-En<}b%VlY&vXuV3oKffL=_&f?M_Q^n4>P&S@oDNRL}>$agm!K8 ze27@5&ChD)1{YhMm253l-U$6Y7TtqibtwdCou^5-mSo0f%%;`j{FHy>G%Ft}e1Xz?9d;-wJf$(L^% zQED!tAL4B)v)_M$FEI|2C{m{yF}%#jOnVEWIrSIE1~UN|4Sm>smy++z-x%v7E9tib zd|$N6EKnqG7C(RI;cN1R0)S4$F=@xX^KA9YnC4)_O^0n+5k^w@RWG7Ib*)C{v&2Qt&cvB7ZYsFp~5d= zrq$)r6-^zt_IUq)$}x}y)<~NaV}J%&!08%NM6W-)v2En3%AvNN4tDJ7Lz~klubm&r z&Ed%@=MsW55gh*d=SVC4eE1#BK!0&4NVM{ns_8P$qwPdvRQs#%*nWDP*Vs3-#fW`a zQ2EeJKJtsaP&a<(MI`NTKjA)6(fDQsfwGAZ5)LDP z3j4~jnw|MTwYo<02X(L){gB#Z!kiEBtd;E{GejrQOAExverh;YL+Y~h`uaIM4J`7AknynY#@?0?Nw9%7 z?Z4qEM_`~aict9TRU)n5)9#u}56V{y1k~HF@$f#I&*cTK!8e_E2JImyN@Ufm3%QOd zWZQ&^yvx?ZQ}n}MH@IDu5}q%Z&pGb3dNGlEnF|&lP{f8u%I|QH!xP3a`m4QRVS%;d zUskW?-iX4Duj7iB+#hihIig<){{q@Rr$mE)InQ`b0qJrCEOZO@_1#o8Ei|nQI2c$` z#v28Apj`1-PnBzIXMY1-N>JKkQQtEX6y}7H5BoQfyxk(?$H2f*QD^vlyTGz6QU{Z?B z1_naGKM6E)n7yyU@8z?lzCncZ4eShb2oxezmf7J$9JzK_yIXXKJUfV`wl$81fz4We zfvH~e@jA$=lQH_q(DQ-QFzjqKLP%v406-N}q>O}o_-)=QV?hlw{@k?@MdeZ{aIj9<~gzoXjkC0SFL$|i+D3!j)ghUq$&g|L5Y5F z3Qk_R+CblPLu#>wEJoWH(isl4d=*I%7S&Pcz*f7voobj5C+1| zNl5i%l18El4lRuqmYR|A-k2RLIy4?SSBo)mhPZOWJpx9+r3H6MjEwPF3Ve}S6VtC` zrtm}93PuEpP1_k&Pag);0t_3<`)4bir{aJwh^j?UPwsdTW9&(XzaXTeO9?99=M zY$ilN*#m7@?m96=A^L;u!ujmIU)nmwv3^c1N=$ZQNFfJ_JwFe44Lo;y2--bKES^m| zcjhDuvs7c?LXcN#qsjg{hwxg};m09d>Jq}WHCx}GN>~kFTjjgG2k`?|Lz=S3jB$i4 z74^UFdwfB^c{zPm1F~lC3fLjGLEuoJh?#eE;k5g)Tk_1t#i_LFTXo+VA-r#?ptCSo zGKmRDfNEXMK}xqIRM4(LQtcpe_`J8kGcbZaMsTk?ZqsD%Iv_ED1O^9M(;G6(B0D=r zM15f+oJqK7tB&Fv)Ia5TziY~9FqYVml*aTI_EgT7$V))^eG2z6XMH&s_2P6OYb6&t zM~Az(05AGP4tr*pL5kz`YLb3EpS7t3B*sbv&VBuvQGl=7z6Zhl zx0-pv%v;e0*!nVrOh_a8zr#p{M6Mv~?Sl+P_PW=63}P2}*ZP^K*3<1f{$?Cwon0;d zWS34k$9T8+(`vuc`yu$BDM;ZfdL25DKtO2-KtMGA{c~t(=V`O!`*enjR(cYI`3QgcNW`P1g7bNpC&AGTk5Uo8BY1qpd> zKV1DxKOF10rv-Ce1u^pp2Tgl}C3tk>&5|kYVv-JZbBnuPUVhHH{Yao3v-w@C!#q)Qqb*DS7!V6uUJ^nxNJ>?CK{azKTAHP$b;5qF8k zsv{}gz=~Eir9SBUbfEt3ZP$j~b?<~pGD~2EDyT^kZvH5=75GO1U(bFJW>-R`7A6Ls z5?O}4#<|#yf`#52iIUh0TNzgv9ycBbIaD)^TRp7KJmHexi{GsQokg*C2k{vaG2(Niw$Y2cdBuCQ_QCNB?2cZ@Q!mh zzJrzQZbVy}%o;^Hk%aLz@F7UvcX>4c(Rh?9}63yy^`};4A=s!qW&woo-+4R-27UR;V2{U1p5KF zhH5*TRU-CnF&icQ0$A-l@Y`SEB3v60WpNMR@@VU(qkO*p?5#i67OAFi7i$2r1u z+QaGIs=n~Apl%{tfUu3Gir@)8M`b@$?HA?hNzR?X&g%JCz%wRp?B`6 z&=m)g5P!s}CX+>*tg~!{>XO9XmAUgelm&@;SY6_&!MlJQJ+Zg>Cvx$7sG8rQKn%KyO@b5%>i0p->3&Pf3cwGv38b#5=I-Z5^oZ zJ6`|iWW$mv93yX#_d~KHMw%kQj^As&GVS2%Fg2O;x`w#9rB<EL1#VtmKYgS}SV> zkbOT6`ci=a#XRPcGdq>96o=Gsc-0P()~J`ZTDeH>=oJf_;_QI=;FKw`E|47;5r`)< zPQcOY6J@z?U^$cP8yoxM2lqukajpSr9K!@T>cx4PGn5#IwJ*4U3+nQ6;iX3wX&;i}C!A0|X@s6U6HWq=45jUf?X^M2ff z`%T=8ppzL6XYw!oP~t_$BHbG!(YX%-jvJFE8S2`^By&0DWbc|-wn8`4Xq0$NJ5K`o z+)vuj-E-Ply<(cHCiG#%6MXeLL2LidL+c?UeC(H*!127SnEof0PjUb)P@b+xM)-2h zV-m_oi>kMRK7D%mY|Add?xu~36LzOuN_2W^3J%zj5eX(W{-mc1YKl;y1Benag09Om zAJ%U9lGAd^U^=MbLy1$!C3RToSBiu1)G@Ln$3Sq!61>L!eJ=Lcf#Cl7_iAil$~F3B zcN8)q&xwK%fH*&J8MLT&W4wWJPsM#ODA%3JvG?#u7hzr2Y=3U!<&=k!q#aj|k#tK+ z(w<7`plEwHT(P(P>2YibLm|@Ik4l8ctvEa-AUsIx2^O;!9;XS{w+`j~sM*!wVBe58 z#kH?dYO}HlqATHNLcC=uS-WeACWc`}NumMNrXG7S5=x)ov>C83g&vWdg{7^wprqN;QDRz&-H!?k(6pjIBnTiD;TD>t8x)S5~F`7t@uEs8cP9?UZUANK}+ zbnRuqg9FwYa4@YWZxA0Rm{hGyg%{>2@JeWeXBIsU~BXZ+{A!?7DW_7qvY|AUj& zi~Hy?$cTCW*>kZKOJ4@vdm=Gp>*|KT@m|z74C~%}@WS&%1R;pnLQvznQ@Df<;19pI z8@h4hH6BVBB)jGD=k3pL6Zk|hb4B!`0!e_>{Yr$q0+8+>rWDW_bh=zc(%;lBO@MFjQ1-D=^G?0tL|H^&QeGv)k0Kf4vXI zou(b01mE~7E_oWPO5l5L@7wlFxg)V(KYNiz8dfc7&qn&@*HT}<#Tm`1n$J|Bhg?a_ zqAp!jKERyl=O?T@{0To%?+b7{?S&%6Vq3)!j;PRx@j7r_y6cDMF%DL}UA_GTn!5d! z2z3<**G$~;+wbw_IO%|b`I1}s4)LJ8x*v6=@-4atxyeki^sDB1V#5n7ecHl z!etOEnCdnUEuAr}CEy16Q}~DW<;=mjjSHv9(=6762cjF(2o8mlauoM8Wbmb><{0A{ z(t6HbpoHl>rehd1Iz5`^pKcw6Y#umYaz-9HaOtOcmHQ!^A zyft93WGX}oJywJBa<^*TijerSes%=3I~}D1|-ZGSeONtxvREw0K9He>0)8kVqp#$zVzw|PTinJz}>Rf z+;!efSWk&RWVIu!ku2hzV+KQa$Cm=u>(zrZ(L4X#mBgLbQ_1#5lE(TgozA4Jm8e_3 zS|sQU9ABBb!Mtp-l%gp84@I*Tp11(NWG}oF$P{^?KUy0ylDH)gD-mbrU%D}Q3sy*% z7<4UUmmK*9ltTpCCYZx8z*yFehiLKHsGIiW-Un~Ut-UxR0%vW`EQ(f(^kK^)kHJZWJsHt zg+p_8$bLymuv@K>w1Z}x%Un^JVUh>33M%!b2MKtVLROY2981aaARSWxI~8_Oa#niy zsUMqmFR+AxxKSNL{2uzI9X+2WK6p5v16XxuE2ux_NX7nn@}g}zU4L>%ql`7^WRpO7 zAs2yswlgD4*rKu0*~0j;i`vkxJSuti=BGZFQ( zd*tp9$Fe?}CuX*ykjU-Y6Z)_+#)NAs83^IFKmR4XP9H7t%B@{<=0bBBc5Y?f`?i5~5JQb?{Hu+E7?ptmDF=E|2A7+Hrwd#2|L+*&%T5CTF0w z_RFc5wW8aV>ZZ5V+BuOqB@K|ZsV!gf%9|QLHa>=jMvf&rHs|&OE!oVnhIeH%1=I}- z#<}zyOcmT0V*g{&+%8*$o{m^!%x*|7qT{m9UBzbsO?t>xMpszU4Mc$N7nmeJKEqUF z3gxO8f>lCl!1RUoJGcP`Vtp-0pZebj+uBm2x|M?YeBj-C3L=;rX3k^u@-CFC){lJMgZdlt2EX++ScKXkph8Z)4 z0H$@=JmH|$loA%P^?a%ZuT@=8&ZZ}VRcg}6?|&||J7OABg)DjL!U)k^%SY^`7*bN6 z#qUIkIZBug3CtGeRD{2lu1LOYaAE*;0RKyK+raA1iomQ2qjaxV4`@~7Z#jN{IJ**< z4~;PP5PtVJ1wZue0fj*V2?Xmd;~N^Z`Bf(P!Sd^TLLV!0@6K0ljA4??S1TPY#E`p} z{G!nDz3aG!2Q?{{0`8eTiud6`W`C`>!5h&*r!^p0`uSp59IT}DtdxOMp$Ht+QzXqv z;9Z(}aoAqne!Rc^KqJr*WS(tFyfoqE_*|f{BwPf=Dvq*~ng=DC2gCmCwXBA(hFr8O zwec$Yl2|a{QK;^=gbM8 zvEJffAy$@zhMFoB;>dW>v=3zRzn4!_#Z)O7>63A1iC>XM zb5fuQrfKKG7;yp(6Qqnvu$mhps8~V}z>Y6N90P~ai3bN>vbrX~(Sdf_CttI4hj2QA zG#4`7tb_9Ql2SE6YRDvp#)}a|z4WfL&<#9mw~K$&(4a$@?}UQ>lRU7TsD4GI z-*;1XQbjeEUtWBy4?HSu6wx$`82QN&UdZb=2w581P8nH+4F&r%btyvdIB=&ot+{Cs z%qw@WsO6I#>wr6(6d>Snd{LXT79?*4XFBHD(f22reea^BDi#e(tNYq3ad8b*PMaT;Bq<;0-*-E7!EC`lrkLNqnj^n)}+CiBADuqku@LLNAf#?){j&{5$7zOgooG1`C z(;?aR6V4=>Q8)c5nr1D9N$Js7W!@{U_NL#GFEaYwr`(sg>bT5UzdP^`C{_mpvqWbD zQZ+&gN=f*n)h}_0FD?L)vpe7c*B|U)`{~FGrX=KF;2136rUstGgV-8xQZV%u;dyqu z2K5-oMi~>}F`(UMI%#D_;wXYb!uihOLJHgq&4vQFOClW;z=9VdSqxO1Pqq1ub=Zr8 z{fg;GpE3?*W>mA)fDOU#jXaW4P(;Pdhi}3}zB;$5$egAGq zoayFJyV>D;be}g7<$AG2$D_nvRZS(muSWK%*mSd#mI4IJ~M6%!>?9j zvA(+;)($`3eqCz+_4cKHZIodBsHh~j zal=&CwOlD*@?8g#6%4A!yQ6fjyv>D>c=X8cD!cO6U}qN*(2^5fPL-q!;WhG5)@pU{ z$u{aavxBR>3z>PC2opNwW);>8mO4R{sx<=#Fc1e2V-(_$|0zp9IE5`X!8X)VfL?Wo zO3lZCXbsy@J;*XYXu#aT^OP~<(QrAZojgYJ68-qaVi^-qS3(Koq-;-E|0Vt0ig*p{ z8&=7Q@0|NX;y6lliSVS4FGYxCj!t%$A5;0!MvE1TNN2l;F@2a_9z zD0fbFJ%@l#Q=TeE+|C+EVn1|BJd)zC>Udi&!RPc`MP=?Qt9X!eEOUmdp2Vv*kQ=Ze zFfl3RJ#>=Xg^4^j4o(+c;bh}uxc`W_6)s$=bIFBh_T~r~gdG+geebe87=pDsM9HV1ToKf4x z?6gh{hW>@T@k<>AjpAL)67>Qy)S}=mPAPcNso5^ioZvD6E^LK&MC+Ir_Bn}@=cE2T^ z8Rr4$6p%fW3g=XDiAZjv@9Br*qhaD(8EFpn!;Az+1lc$BJ9v6z`jU=P7urbL*GH~hk$YWx zH|(lbEDo%M->`v}WlJNNQR}O9mbf3EA>%eR!EM23f-q)tAzzkXP!r@c8|NR&?_mX_ z)=POX4n3W6QZw?uS}r|FWQ7RCR)H2bPaDx{1t-JuwEF+;2!g@#wC>O&cwQ}e(p5v7 zp|Jd+^D(KEuWWV_TTdDsK*_2AIlBP@`#hy*N0P>B6(WQ$%wD1siXKw&|U1PVrjS^B&3^jO%MKn{%3!_-xR?lg$o2!&j$oV|KI!b{|ll0 z|Hojo@Y>t`>(F_-e0+RHNyU{>#QjzcCK}0U=CxbxMy1h~qRA)`>~sprWP5qm7#!0N zlYH9B*7#NU2tz2;Y&zsG(d_3Fnt`(b_KS?o!VABp`&15#q)?lIlQC9Hh2}u0=LNs! z0)S1PdN}`GLFlFihVI_f<=VvRxc%bua6Nu%r5qHnLzDNJRoAVq{4IL+VL5n0{R$?o zuG~JDRi<{BrjDh*6fL7!^LtLc?$m8c-NlWa215TKjZc3nT6*OldQfwTc3F~!6z*iP zTg9)LMTf8|mbqgje!P7m-NQk_$uA~K{(M7yr-nwZ;-=6edA%o%x|B_Z$s?hP?rNh< zt#rM#tIuV(az1k&{bkoh**AsybyWMPKSoBhr?mY=?K%wGb=%Lq%49A&oYSDM&qZ+a zq~kAacRN56;SSX|G{d3sU(e%z#>DubEZ~u1Uq2r5*d3CvqqciS?7jY%^7IUf|7ySM z?Ci7)y*EN}TkW-&x2I4&e&E4C0DMLj*XD?x&4X}9(KO)!^mA9f#3k7KX75GCF)RQ2 z0E3@@^5!JMXj1wcNDyvC@-?IzYDLm`JHnITcxtG-Y;#mEjBrg!aC&$Jh%te&ejF9v zPq=~)_#oZ|btLPWI`E{Xw)d^LioPdK@xgTVBYmpPk^02Agudk-0m~;B6VSH%FZGPg zG9&dYA|P;+nRSYUzI-cFgVeQF{b5jtG_tvKA@-5n@=uWC==4f(J^FI@ZZJ}BV1AOi zA>9fNtjBKnTzr$OFjcON=U?kv?jH#@|6Ynso70$@~tJ+C$%&Qv^T02X|^(wN9T>y4gz?1gg z)Vt5!3%Zhkv0UP|o;#o4!DA3Y()4v)1 zE9uCm9kN0|Ar{tq1C9uZl5%vcqgIdVNhstNM-1Ygm$nMVif!=6|FohJ&R-aqs+_L! zbJ(jArGP(ww;d_F45W@>-+%7e> z=Qxq)J`jpDI;696&sk_pTUI+`SOp;y-YtUO-&kN$00CCGG%N6V16DaXI@4JDJ98R! zVQVp|gy_`rhIp+x6BIvCwglfBUBkMozv-GjFR-m9X3cC3XB6yR_)2Jt4lE}9aJeeE zKfgmq9DrO1s741$4t5`VmMue=L*Bdf>nQ6?k8NGgpgs)um0sCBq6#NgTQX8AP#TC}@gZcYvf%L?UsQNn07^*-Wr) zPmsPLbBwh%SObNQtjel(TD>;ud)gTvDl_I;&zjA4$$ZBBnD1pUu5v@ne!f=<*-}Nrl@iq(x{S>QDh-sOpXNN z42CO5vkqj$ja+TOsh5*E*QmOsvlroWO_|dbzojS~K+cJk4K3=0ye-B3psthdu~)-m z3*1lGDmLUow_VAp?|>h-m(x1fQVPqv-@exP1V=MpsqT&=*|@=#Kix)?OX1>BV+=2z z&yHw^oxX4fqHUEOC5gtS`8Jk#BgPFz7723}Gbg60nr4P5eMz+@jCf_bHdY_9HiJ7m6|2%&&zcR!fcuWLRE$7E;_mGyfr8@k{aGm~Z4*>B z6Mv5)0SO#Kjz8dc%DcS_=s}Noq-4k7!9oc^tOa30Zfy)O#vV(z)T*3phkQwa z46beOS`Xod|EXXQQXpAU3q=bFB{HQ(FYQd9BOWk-;xdlX_tCckH`*vnP`m)1oH&K! z-nOdKj0TCj@aF@2`m}Wb2-fYThDf<$gxKlVy;DZo6A6=yqPlcFmCzLU!2x2JMDIxp@}(j;-Ve>!)J#gu zp{u48ULF2z`(?;;o6dpIK#*;)d#E~1iDhPoI|~9+sq(aD=-ffoJUrmHGXZ`zEu%pk00vIuZZVW_d&hH zD$0T`g+D*H?h*Nxa04Pweu3*My~bXmxDupW@se}tpW4AM5>rUmnxf(DJQ)YSqCCbl z$n8pyR)6NA%s;|j;jWkV}gExo^HcX1RVb?39a-y_A z5o6zBOY}t2)(ElOcR(4EMmU{MVoW)7(;?YyphLdT5^rkbWJfQmj_o+w!WnLieB7Nn z&zsS$V&8JhgmAWoWehc};hL)4>roXN@Z6bJ5N;sioKqan@@v1w=IH}+@k3mcF}WYM z&jAdnJmF%*-Mbl?y#Mo?XH1z0yE>uiwp1k!1|QXSwBl-}pmobqRM zmX5jDi+>US9B(Sjv``Yt4T&wxC26ro$e2J;MuMb-1Ui~Ig&9o*T7WTmQ`IZ{;W4FQ z3#MhpD|q_Fh`)8&b`((Nzu|o0yv6mnd-o*3Y5pOYbvpG%e@__$dm&#VWQBjj1P(fa z+P!l=9)mQ_;|y$8Qp6je@QpH2)t1&U&&N4Y&en&9Af}(l6u#uH1ibQel5^pNh(*X_ z7c4QX4P-0=ImEhPh><9imyL4`3>q&O;1QPbmUxpxnb5J{Y$XXjT<#Is(+d>%i|jMV z5}=%fE=jEKf=CUCeOILo2d{)#lD;I4SfA=gE^+h4fAEQ@1=vo>%nXXa>8i@{995JN zP>v<`U{kTd{e~bmNQo`G`|{TEKY~$WaHJRQ?u$izK4CJ|A3y8|(v{;zSEL5#MpUF0 z>jBMa3{FLAJ&Nlf={r5$Cf3d5X(?r3a4}s^P%hB=OLC-IY32a29TP#`h8RQc+_%xP~7xtFGZ0K5)6N{u8 zSpqDE6!Zj~;W(uTPZ$tC@~#qwLWGhG#2;X*k_J-CHNzc6*FSQ^6yjJnF|4Ep6&oR` zO=3=B5XH0+CdbVwvtCQwA3Ca)WgPe?=5yzzN65!M9b0-|f}9iz>E%9w5CPgQ=6diG z9ULhI-^*(Qm0KsXG&V9ji9N&@MOZ%DDFM7I*svSC6$%ht+2L=T zakI9$odJx)vS*J;GQ19;B_T8C#}Xe#sEqgL%r!-)%FXz=MAtpIv0rq*{ zvDlO?FDH9?B;G8jD)azqc|h#y`P?GSjGEa~E~I(jfdzY(apqS}^98XvyHN%ap>EK^ zRj$eH*>Im)O4A_?$zzzPfs7x8f!dpA^r5i`{tBCW85r}eH0pE>dHV}Q(J?F`JgY;) znl@NitLkuiDj-W*%1p>PnoVXi0WKwtRL3ny^eVz;6uIGAVGQC(DUf%=8ZnNz|3vFy zOQKd;wpJUk{>y$eQtK(dnB#$lsy7a!ptotS-CmgRo+^}?Of=JA zGmh80HS;o&9@bd0fW#d-c!{OlsMKAIn_Q!aH;Zx#F(tX~E&w)$SO0Sv0xV|IqAj2a z^N*N#mC(?1B)8jXUo=DzP9Cm}Dn{sSxYEqvI1RY;d7?7=#pGkNCqbEY-w}C`+B44M zo{2is(fjyNN4`Kzh`>(j-6&x24OF$!OXmDIiO#Tn-v=O7(_Nw%K$|&gAKJ%vz_Q6W z$r8Crm}wf-OyG^8{QF`tE!<3`P3&_75k3?5`+boQ*`|r0qf?Eky3Y%oswaaN#PNHa zGTE1lOQyY!=Dl1o5E*;^jBpOrvX}^tTf43+N@UG_R7S62Kzu<=L}_Uf&V-zyAWQ_)8pAVvilgAgHj_7)A@oTu$+&)Zp(67aOH}G?pL&JW$sBDW4%Z zthXJatl;yGA0rt&=zY5MYsy7kYd@)DNqXQ#o^3%=^2=MiI4yigcXE`fDqck33-yud zS%IHZU45HIsD8~Rk3!mgxWF<3FE>Hp@p2kdYuLzJTj&C9yq0mWO$jB!MmtJ|p|v%I zuzwa(oIOq^oj*vnLJyUmA6AwbHS7jywhzG95QjFwddRG_EDV1+F~b;$6mRcle4F9- zWA<7?_oo(_n=ROg|3RblflM;w7r4zgZZ-p%jfg6-V0hk7VVq$bXvnBZM`cy%?+Y{h zZznS(miB+oI!Z98Lk5Ab2`NJsr^WvycTB? zDxo1-P%}()@m9^@JsxyTvfC^~g80W=4y}?tiZ}Wx{x*^WYyn}@uxjRkc;!H%s+0rT zJ_}uSPI8%FG(09uzfF1R$+pJJ{{H?Z>|*LC0P*7%ugHEm*TN{*s0zapFZ3xVlM6#@ zI$0RXa2>FMu#5hnD85cdnzA>3?v0+l{r&i{_6f}H(L(YKl`Sv=p+LOR zIXT+3u>~mfuk^VpX`n6OfSVUyuK1u(V z8#s*!C%Pss*(C@r60TT&a#eRBsfuv(zk{w9$o1(BCWlriD66jONM@ulW;}Y7c+C)P zPg!3SZCghAaI^FEk_Z{@UwK(63lzAK9NZ~N@b%;9evmDV>|t?0aF_QY{Qgc5E*NWI z^X*a2G~4Ja4V^Ax!6gH(n~P+SvL$kfAoFYgwKo;p#Q^~#4ewxtsC3F?TT3kK!L`|! zTnd`5A{)E8V+sB2KFDgJMe~uW8c+M*>(RA2HQ3!gTuYrVM1Yy9?$q*)4WgeQ?vxRs z;%eWG)uFrhFN=+9cr~?lQTAdi;_unK> zKfJ10RDy!u8*-NuK1UEb8WjrBA0|{W=pbQ=3$1rhlDB6r0o4elzKhbyRKkxRqeN5j zTFkZdQq}``Dv~0Keys^se>P>)3;^UaHs8K;pO!_iPqwJ`LHk6mWFn7?U}t{NXG31P zR-Q8J${&K@l=Xg!Q|?6QFl#<#>B3M)7>$BK3m-gNJGHg=t%oezgw#uW(x=IoQ#{S$ z#X@HZXXCfRDp(~@+odAEIm)jhcICK>jL=%-cl@j0dXonpY%O{M{=}fPqN;ttiKNq| z@!Q3B0rLeDEU;*zZxe;PuOm`0VT&^G1@Kh+^n+N^3JohS*Y@uC|?{ZtXf#Pc7dtGEJg%pkQs^7`RS4x?@HJToOz?nBq)+zF5SnT}j6Ck1sz zZmTwgLLF|Nw;`95xB zGN+Sx6d;J<1?KL=+C68rp!{MY2U~lVhsVK6wO(NNz|!-9Splin`aR+4dLn>Cb`V1& zm!_*)aFF=rVF9X?({6|Bt37p$lXc_J1WWjS40Z+rKMBmVyc_8dcyodtF^xSHnUWK&|fi2 zu;R3?`Ku?Z+271J{!G{ zm}dO)k2<7n>)xZ~?pI8J!kx6&wDyzHME>K#UYR>`AYXks`l+i+?9>mvlGmT?F$-YP zhzrKW+B_6?uHF2T!$pluXC7DuPUTWCcW3|uHq&)kqs7KWB*@X4rY9t?Oqb3Mg8bliNuL=hWAYMA0k&##Xn*e>IOxt1cy+aw$u~3{u1RUD9Bx_oN$@+447h^ zDeS1|dymw96VZ3`1;L9rxxz1xc689Jj{>)-=g-Tnc*OYB*dDz*&TkVB%w>+@-ouPr z`?9Dg((i2o#ByV@skOczcWD)AG*Ssm=uG@OG1Y=fa%#m-^H1zttUEjtPa?2KRYdx4 zl&pyvStN9y$YJyH3TjA*_er5^aV!Kp5KqadwsP6$rS8T`PlZF&iKX$sSmd`$b~&V* z6=0(OeTvYahKgwGfjdB2H(IJAv7!@I(go5J$Z}P;GFM!Gxr84fKr3=63sIu^kH0Hc zo)<1KR^Jy@Vq*3G(6akSPxq3wfG-|(g&y& zvcP^;kWKjtS@%nn5^4!BNC4R;%#;5!fT zGPY<73n=6G3z>HqF&@VGNpO5){LgXS^a3)S(k~z&C{!RI=Kp(K_uI+X!qUyuz}3a_ zKT*{-Yfi^+j-Z_;ph`J5cRsvZUzY+M4n0#RG>7ej1R8Tf9266T53{!*Nk|GhvH|pN zl#AWWmbTF-QOot7kca-l{IcDYVc>hwJR&%&ISVWU;cFj#IRSCq#YswXyDkkUMrOrz z3bWtodiCyo6^}>9(1YXmuiQTK@s(QqF3o*kyX%A$xQDbTUs<6n^b*|=)q8HKtrg!? z)M&J=v@X$8(x|fSUyiuyS#*Qyu@+zM*>o#3C`50r5UE-!f!TEP-iO4lnZHnpRnL4J zvRFMMcFnW87Hg4w&XZ5KIHs~>s2|2JoOA(xpR6<}Lw~xg^bgyZ6Bta>%FR8;x<;!M zn8T(4JWDXg2xBqtKO^7Ni;M@?!XDbzWj}pLU4eIXqI{?9TL>f^aM}3+gc?dd3KK*; zw0y=q2ll0MhmFQE6+~t_nD-^t7Z~xuw)uJ!n7Ros4=v<6Ik@xy*IRqUDWZgO9PWxT@X1Trwtt-@#A;i z39-akd&s-bEAzH~tDuYlfHy5NG7mo-=gfQZ+k18u&KL*$re9yfg;ZnKdK8jtZ-3+u zCkb`f7|cAQyB#;Cfq%?nSpTxDwDe#^>La7z=In#!GZzJAs= zaTgVtL3tJ5LxdX?+Fe#wNmuQk=<|0U6)m@WxAkH3_ds6A2jt8277Amt(EOH|{Yya1w9s@aTF+ZDg|If^OjzJ$nZmgJacEN5-wbHSA!MGSQUYL<1l_P+<6UZ7EUMk z$N&+Em4)RBrw85c>G9T%kz=5;_jzXBaa3PT{m=N-ttuI$=Vc4NO2(fHgy9rAv z39fxeNiS)T@Ck!h7*eEHgrM@)j7)WzHy(JOEYErB1W+69^0i}_frSJoG0e1U@UB9( z@#+Y03wd*>`!w|lRRtm)L52IWe{U&57$-KYLcqGF$PMdrDi$5d6Q*u(+G0DGv0Xxx z&nxaZiJ-y~bK;QddPOd%jZ@p+knxp_(RO5)ZvqE@0pcPx3eYJ+4QZJgq00+Rz>h-` zX2+Gt5o-oU!A*h42l6Pwf`w3-H>Recq9F8hhE}!w3FCSDU&3i2W`nHApacPkKB`uA zvXleYoIsGMBVco~M2#y5hrjLi&nHyw0y0y{(3qXC^`qsNP)Tt;S%I&M7qDwMN0&=Z zm5{`pjsMY^`&pi7h5_Ldn~lEk#s%2m;9DZhU>-$5(ztSjB6}B}xPkUq3q8Wp-}p`t z6Q#YfwK$IJYlNRewgUebpyi)mGL zH-0*Sup!MbMe`cqY3;5mDs(oH7JG=5K1nf2qnkp~YVnCG+;FQGp(Iy5W#u8k=?%Q< z4D#_Q6n9akkQrLW)1z3KtYsQqVUwjH)A<3%uDDKuX1rlSszR>JNb**J^T>F5N{E50 zkdw^;&iTHajj89Vjj36ZoR--ze_zAru>=>-I<&GXTaLzNqd!rmsYq6jFLaZNJ=hug z;Mw>_P=VR;;B+f{+%op^! z;B`4sS0NTZt&3WXG2MV^=$Ut5;X}%dyh>FQ1|Ix{m+6Tp>Ydr19l|8>W16L~LYc19@2B*d&ZT`SZ;!>x^0FDYtxCUx%{uFzd9r%PxA2+ zKe=YDkHJUeOZ|&xu&1lGrvYe$23IvdSF$#gDUhx+d$cwXulG}Ykvg!^-%_vRA0SO3 ztsQK`G-e=1(gI>48@#}3qb{_lr0o^#T=<3?&=E6K4MDt7r!&xP0{9}J1(-W4c?ZuP zzh(>SMICuRfb%2fXzXDTuFMFAS5@jcq|WT+g=Brw`f+<-ZbiEBj$L?gJZi&WTe_&j zgJRo^E)Z8bh_jPAQow9N#8-WQ(s}i7<&IxrT!x* zm8bgojUcmSTN!A03^NMGtSl?nPhOHZsOAr~%jV=DC$B2z`nq(b4(z-?<9GxB3oM8F+Dhm40c&)Ix_^Ka(5@wGPh^1Nk?6DAT)j5vG zU)-lx%mw_*Mql;ha)#1}89rip-N3HR^08$=?gX44Juj&*e__xJTYfQyXCWG9qkgDe z-LCtnbacXWHWPO(EfROhT3xICHBfPG@TiX59dJF@9Q@cmuGic8(pn+n7388WFWu!n~|V19qvj^4iee7Yrn15s3E;av2zd(TOQzC;2zsQmI%PL(V7 z+g(Tm)RU${hULShPqre1zR}@s{Gi=`M43o#P0p7)P{)u%JV8yd9cZW0zL5Ec zyEelA`hG)B(!_*7bFXhqSNn7*cU}hx6#cm!RN`BO(>S$1P;AB^p6otBv=@40ahbPm zYN-*~sRhO3V$d^|au1B6EhtxWPSqqWqex$Rnv5!99K7_(tv-Xd%sG~!y!nSk$jiOz z+3*jX;8*IE9TP~LwaxW8%p7oip{LF+zwU@yrxbr8NgK*sj)>Esg`)^ zb1~%G{31O*4eE>#3S?vynqF@$HNG$E5pDiqujx2f-McCIP`~DBu4-QK|6eQ^IpEsQ z0SpMJ;vdcZ|JeMPdbpU{Ia}J>{Rcdluj+K%mMG$loi{JbPUbq15K@99tBDw9=(9Lf zBrXsUcu>e3aUx+K#-Z!$mB)&I)8=|^;%ig;07=1B;^-c*M<6SsFCM%e$aQ>wH-W!9)Zgf?Ih!|u(B5hxC}IoYPc;SKji;&BtR4N=+*0$% zWVbJRvH@hb1(^>&f)TuZUa}q(5;lUVaPuVsUm;PAr#$5OWB|(~!9W*-ZbqjQ z)T6BsLE`v|^H8He;fVC$0aqw=OnA65q?&pNca{{AURWG9-x~qpCjufrAK4^M))LTd z!mmqn_OcWoiI6X-&!wv|HGHzSFG1!PzP?cF++)6Ukq_|;Y17a8O49hU&wkbWSBDci79vI8}PLjcrS*amfoj&QsfC1! zczxFI`T3#^bB=j(<-KTZ;!0$HW6Sv|KYjfb%7*okFgh`V&LpF@4>ME7Z@OOH<*tm6GkUnb}L>@%rmp43DKH>+9i2IH9Bx z!1+;78)ibl*PBD>xaUM_iG1{2jC^k&2HnPN&OSMOR8bc&yd^Vlj8Xl{RMyn}c#2v%pjv+tre@R&1=6SL&);`~yj0Ks2j;S*X#4 zkjt2ksG*|Y_J`Qj6EUnJ_T7Tf^UsCo8!(xf&M`Yv#+TN#GNc#j9;L+^Sl!CuWd`Ho zvSq8m(vq-)+hW%cN$bU3JZso4ZL7tfLa{GxB03O+lUW$Us_Vvc&{x5DO4xiyW(u?7 zGB%LhMnq3jEH5)_c$_6T*?3yz>9&`P8)uKxT&I38w-7swkXQ!r(PX>61A%pm>i=vj!R-pAJ5 zppPcjU=fQZeIxGqB5DNJtU;iP?fTo9S}nM+zkTOrWAP)5w&v_+yX0C-tlmVw>8jvl zX2=%P#tR3k6f~lk`O7j@Oin4o4v88sJo2|Rc2zZeOzd-c!tn)n4^xX5cU^wIZU6x zlbLYojY3c@N1u%Et(KlneuHA3PUWpmQoLVjea&(?*evtZ3=(hPhF~+W!iw^ZU^!5- zFZ93}zWy2L0X^UsHiCOGGiy~ zW3QrqoOm0Od8BBtY1`+q%)=WG9XPPHIO&{@)}~G2Wn$mi1XH!OC;Z7~D1Du$j?XvD znZ$_|xr~Qf>$|YsBpj{#`d=bi`!q834KW}f^^*VBqQb<|+2udD(}ug@5^y#A2v!VO z7I}C&HEGk{h@s%q!7xB?=mqZ%B@vI1BoIk&$H>3}MmxD4!WuXEqSteCvAS-+{|v5o zJ_eQrUu~V+j5bUtNx@VUL8WW998;%WlOB&bqEfXar_i*d){2%WhM*VK_@1 z{e1Mkz8jmNyHn)j1#NCGe!V|`y!HOP{`~A@W>8{3?e5a#zVEgEr2YQ1AL;Xl|LT_Y z?-!b69W z%4Jk)UCi2AQ`sI|ZC_a$*}2eH@pJCrmOJ&a-W`#34ZB6tMzFc6yE(OPbu~OReBK)= zyeNzvTpskXkGb&u^G;}hp(DYLU&%kTdRPO%LC_#LxkT1WuQKh)E4Y-XjK6y}v35J0 zzX0IGs}XE+s`H7zzIdqAjB=b*I)D1uU%rW#XzyR1uSCXDR4Uv(_pE%52)hQ>nQKSm zP*hQ@&!H$~$MqyqoKmGuPmWdIy@j_lR$Qdhze#PEf1l zX?l0^4i$I)W8Rbe;$M~>m7PTwzhUnY@3fiIFYsMGZ`bPqy2ken>#$d<*|!L@P57wYe;dknXLlPa>lW)+c3_?^!Tsa%diJ%_V<*j)g3KFL;jh_R`s z^7*xY`=z@t4@XR`-lX3=4Zu_>w*Lg5$g%e57--eiv2Rvc=u3F?+;wa3g)bp{19oB` zma6A4=G%BVE^7LINRm6`kK^w+L@qoXc5Z+9m&8Hz>R{Mv8SE$d+cr|&eerQ*+15Fe zl!Iq)+es9>qEz{5ZrZqC?oX)g0&qS$T#??IQ{_A7b+=J$NE!q%J%yaA&(>0X=?UriQ*RO;`6z&>|7Mw zvbVuu2PQgh>9*P~K59Z$%Ix`9pDuAIlIe4w$~T5@)LFGAV>UprZynsFODPw*7A0u5 zNAr*QU+QIJbzWN5%N{#uz6X2i%^*yg-1 zyWW_)5AS%&&fJO47Uz!-F$to5a4`g=j-7O8N~(Bk-_3T*Q{OR92b5Wx_rqQ5@K>y@ zI=o)ahbaJj+ckGqWqK&cX+iPV6c`GJcP8=hWz;B2fnmk?VZ>fgG&LtkbJ65=czw!e zt%KTa%g+_$^X)suqii6EN(e(>v68A=BZVt=z5%bx{(GKk7$depN_XIICD-NBh5a(kRh&mf-3>?59%7N1U0_m{ie$Rn5?)bww;4i?wR zt<0yFo&GOA-_7h3WEGd@__`O6FcD(O)+yIZo>Iz%WXQL1R=w-fDqk1ZfI72{#ZNWQ zt|pCe_9>J>%4*K+gl(!~!T?9Pzv&fr&C9Y=+YHQ=nSgtpf@ z$tm&BwPXJn4kIf7ggm*(57udEF^(y8LK^7FrfJ9j;ZM6}2f6w&Q0PnC2?jLf21-P0 zTWjUfHIxRsq)UWpUSyv2eby};Zq1GR3@(v>#6#7chwUN#81!Rdny`h!jd79MFTYpd zihTMgBAHEGFmev3FT<(grx)I*T3Pe~Q%35vR#EoTJMbz9!~7XYfS6CKl^-KdS_LAMP2_ z{m_;eXj}s0SK#h3&ZH9aVup`L&NY<2tr)yYY|CzQIClK6_^f$aa}mxh1^g#B=$~MA zhTb#YhI_VWpJ6C{V{4(!GkM7VzSuh33V#x9ZwAx2nmd`#;ssx1@3@_hr?j@--kdJ1 zev5I6-QJYAPhT?`)_h~$cz?K+o`3i7jNmzUt}!6@aEmCIzYohQIJxWsoLF=}mR>j= zwEb~SdyMrv|9L7PAolnPrnMUb*nG?da$n7Fa0?y-r*eZ`_%qs_BWA*na_{bJ7kPYO zGM)$)Gzg0I`OCe$LvFrQI^4llFLp$B>xWD{P&Ha*?W`lEd6yU}TKs0S35(sEUZ*;X zu-;>I82oOULpjpuyYwI&RtK36*Z;5t=trBrGk{vO(Zd$e$0u;Jfi!-xR+9(JE%2xg9?s z*zepTY59c70 zv`2~M$J^79mfKZmd#D`lJz_)lI-gJPyorr#-N%2{8|INyVhiN&2?EzPU--%YJ{{}E z1e|CXE#bDOvyzsC>nHLa44@q#c_()yg=+MZ zsNZelv!_N;P>MA-=MFNLbnVnZl%uC(LTYLl zqu7q9^Bz&BaU)4_L6}jGyx3EHlO=a3_sF?Z^uu+Ama6rvHU}}&RGlUYSr_?gMTaTJ zsM1k0a>!!IuMUvC4z%;Pmew12?d`yc9X+y~&US!9+m=rj%qhcKSXVLc zW*?u_qgCS~Wvpm&MqbwbT)BE-7A>DtGcrg&6$f+ZkXc0ZN zK6x<(Jo!B7Q@D}->cp@pAaf;XiUo`VtH;tNMM9e7Q6(8_tXNB3{@}B~$4t>WM~%1( z#JhdxxhnYhIuu_&Ng8K)kBZF6CGFv?(9vW-U)P~bc8e_hl7e07z~hbM$z*EvoT}S$ zpZf2{KZguw)A|~5gP2Ry`i>I|p>PRAhDORfPg+(A_b#nFcBL%h>;STyNIe$orjVw6 z-CN?I{i);%1w?K9etXm)J3Nrlz1lyErp}f(?ApWMc(@Da+_PG8en}Ybw}w9CnGc#T zP0jg`%^nI{__&IH8a??6@bTW!p@SiyRCaqzgCmI>zO{^UV2c`N@K`wUn0Z#+UvMBj z#@=V*uGihCUTqlFhGdV2VC$7$yo9DgX0+`nZjm;ZX9K(2*bk2_EFQZL&kMno;X0nt zdTE92Wio#d#P5bZN4~KD)U}mBMq{tn{_D8of-}Y_v7Z4_r-4S5Qx-w9!rvVbdK53|hXeA+pozi$Z0Iu zX})`wk$}Eb7Uc^*C|_SQGS9F1jnD`ZdBdVV+9ghPw_~Z;+%5u;`hU}mI3xe~*yNq# zc>?H02ki~)qvW$c6l4!O7-mvvJSk()wxY6SU9uZ|5iS|zLUbQ zXzFz_Ll+uDC=2S`DDVNG_Ja~-7L@|+tsd#fa!4;8Z*jT|lHvK1V2 z9FDVDIzdZRAA2~}EFEoRj;BVOI%1$p#?|4kdeC}fxaI#TT*va_$%J+c$57P2>K8;y zMpim+=;^r%pHC6iy`MHA9`ffk8hafhioXoD;vH#M@v83S`L%8mxxc5GUr?`p6hGQ7 zYHTw~Vr?d#_S~n%dK64l=h~kLNf?T0GE%&kkPa2h3~Pr~jcEca6N)^BBTik~3)586 z%Sr&yy7@|>`aUq6ZAJ?8_ERj>Dt{quq(g#MLAI`VC5((53bPYlX5su=60OFkQcXv# znuzvue<(KzEnX>`ZaThXh}A}BV)@YD(zLn|Vyxk5A@v<4EU1i*>vwiHlU%IdVQdeCK=8{bes5-I_FZ;!abS9ajy55u~Svq z-YU%E>>0SW)F)W8FSUcvMnYy5JDH&J=N9?8M6ie!T$&xz3q2u0J%6<&A-0Zz-dbzB-?bhq<<=>8S`T$5}5Ls^^9 zZ~#ChVYOs1=kr7U<+@Q*^Kby-xa+Ef;A?N_r@SCYhM_eO?}YPbBkBi;~Df@*@k=GZ& zOSx03+a!+bYe4IZas}2cFg@F~-ph+O1kZV|Gjo5LZozM9 zbK^Z3ycp*HI^HhsOuFPf&Uoe*K04l_-SXzr>{RW5bLZdbKkAn~qU_-8n4k0B`p$SK z&%o^H>>%f2bhma#yYP=Q&+ve(w7e^ztWQMLaAfT-H#`IxVm0rt4$2+GpG@}Ixm32I zC=MJ@Hb8v-lF0~B*$^eJ6?RNWkkhVnu19Pi>j62ppJCEI(Ebz;ZYwx(%@=IFp~5i- zfa1eI6<_aCTGQ!iRUk#8=xnFtU>D|ag`FR!wzD*79k&bd+t+seN!XtT@!C`IUi{1? z?bL}`CN(Fw2K=a&fkev8^E2@IG4XgFR_?CImflVqcaP5mw8mKjLN8L&TPK{cx>t)T zL*MHo3ZGj8cyy{|7uiPCmN*9C)z(8m$I?D&`HRaU!2O@$)n3E_UCZmm7eW6TqwjvY zO4V6=dBd=$$j`e0rH5j6caHl8J;JL7SGf2R(czAzDw31^(A ztNmd*@UW9q*#PFunEHojN}I2IR@GrNv2mvp6!IPuiIcDLIcsQrOHK>2S`7ut_?8$Z zCC>LEmYbw=R8xB&VTJ~IH@@Y$NQ1`OSBeQS zKd+zUg}#87sn9z02#s%9d^D=4su0cml|Gs7drr+*rlFWAmnO@`&Q076Pr6^G6qW8o zOvmggi6EMrS<`^3SaEFBIPLn-dS@Ze!4sIt$_#j5#aduvGJ9;FY5xoB&KTm0RgSKn(WwBSm>@o=S}>UZA&ZahMhY(1++TmIt@BHNu5k}Zupmc za7kSykSQsQ+pgs)lkK^-O_Asj!Yf!+7+Ru)bB2ma{wBw>(CMq5&WgqBL$i6o-O{kk)DN&OxB^eeIgqvsZ(fzs)oK@Io35o8wI zO}9dxG9Jeb7dq^-%ot7u2Af=E%EN3|mjR6B4pWmsQb5ZhM;OMg=PtL$_-5_u!=k!= zALruti!@vJ_s-vY34$K8y zK3?Kb`aMthF?o?=(10tYS|p>`-(xyXFtHcvFUo%Gnr&+Ua&K*S`qrCOQRx7T6{hjE zVU}?|GH@AsMLo8n!u4so70xseX2iCGV9IUA#t$KfG53j|^Fj{0`P2@;5^nh5%$)@V zxaK2cK?t&UIPR(yZnn$RR>zkn!*ZbxTTbTHVR4P!)99hU%lwcw51vjo+_JhTWzf{w zC-*j+6%BqX?>yama}6ulYnAnlKXv~@>^oJXcVuv3CPbqRlwMk4rm9^0In|nbA3m+>P*QCt1*3>v2;uF zFhhrOxfXX?d?u}o#x^nRZuTL ze(AGnk?#b%)bt|B2?I*p{m7AWPhcN6$#JZ+@E~;fNqG_+*wuuZy3i$jbODYdNADuQ{#z&uGg%M@ z)O-%x-B94WafR))0qi{ri%*y5XXKdXR@d`zda~I)jlS3U{$Mk`w#%#MWu;1ECRf1y zcuS9`0bL=oH-_v%@cL^PnQv>5xOS~>gi-=7dY5I@446kgm zyEkNdA7M)t-&}mVF=>~un#Ac2L$EI{Yn|uu;i#yXB}yu=0fzEWbTQ6~JaB4&;@iLC zcV#O;fe>4~OR>5l*oXn$?R0Y6OamFnq7i)(qhx}YQ2qO$3S&}1z?a%=mk4Bui7$0j z6a(@_IVf zbdB;+#;5-*lkOit{$G@xQ*16kyS8hs+O}=mw%fP1ZMUm#S8dz2ZQJ&$?f&ae_Q~GK zckm^1ItP=?Bs0%E_jSRCH9revsG7+f7f!kzS!8gpjJS+kqX-pK8lLuov~PGf`)$u+ zDh}oLdB4Tp^QdhHiI9irTWZu<_Eap|f>VWTyLx~R9_}s+QhgKQ`7Nuuu?*58ugqlD zaEbW`On3b@06v%G5^;Zc(RI(rT@bKN0FalS+1zzYrP&)~y$-dX9?6^teYQO8wqBz> zbVG^@zg`pBq(Pz$m~A%<`-RjHot2tZ%&~5Di@MvGE_uV|)ADf5wi^={LH7>v?r2Wl zppxeFiubzf?h$kUVUllHW4N+rvi4XFL+Q~2bHvA(EITRwjJB`b0A#+j`T%OyY+xX((mJw#a z!?ORz+Uv^3vcD}A=jP#25zeY2_b?e!Nq10VaquxDfwT@hYRVFrV;VLLqMO&^+#o98 z-p47L80!rN!~n=t)3bCxsP`9(Raf^7m%>e})+`sUr1pCQEjP^JQ~6%FbOO+>datr` z*!L)YE5;r_Uw#l2ksC1qT!Q!LRC@8R4(1`Z$Pw$H9}yK$;$TLpB!1O$nAPf`dO!Z4Qvd4i*7j z?l~eESi8S?x7)he@6;EwU^wQ$f1C_R(UjIWsS*<)x9v9cJuGke#ljtU8X1r9@{ZS{ zF@-k)jeL0O0m|gw^jnc?j+VeR4E0htBKRoFs5Zp!!8u zDz6>$YdS!2-ny?VP9X~xggB(1dP*NXel{B7qRFuaYtMx&Mcd=Xn2%io#%AUahC-l0 zQ_7h$uyKK~R>tR8hU`Hm`F_h!Ia6@L$F$4+DfuQrw+(O7YNeGG8GPq`de0!s_apT@ z0v1C3pthm`c0fG-C|&%l0Mn8A#A~|v!DJF2Zd7z-lJFc*zGm}$7rm(#ct*_r9eQh~ zF{h^cf=pM~{n@<%^GTuf`}GEPI=HAS^{|zugDW<fv29?zI^R%xhFX_pFeOiWK(pyH^OJ@R z51IfX^$JTyECNexHHX2-pHRxO^g=eH^8WkUa{F6GA&#U=!$_NzcFBT@ow;Y=f-tdXD|NG}+$_-oT}+y*CBIk+K|N+j&)m9isK? zcAX?;;IU){pp?u@Oh-d$ADvA+Fo#s)IZ5~oVl%Q!IK|VWesQ|@c~AGZG z*K*UJ+L3p9K5uBD!X411+}#@tu7QJ>@*&t{|2+LOj2ppi)*XiH%dpL9yeR3@_d~c! zffa@vwwkZ+=G~$M$i6E*lpUdg0?5?|(&iudnyz3`9C*iHJ#rT1lKx~BlbSrTt{CMz z5j(%X!IH1T5T0YcMLmiH{3dC!=7gI5s8qr`0t6-%qVA~#XvTRSH_a5Jzz%qaHiCNX zu{RShX*`<*us)>aZ58}Xl|Q8YM!TLnIK<*S+g@atB(onb08qs?)*XK!r;NCp!;`QZ zL%oX0mPhWBvc)Jq${N{FsNOFU@$A-=oV}pCO<}({VJuI>Klv@8Ga7Fi8na(%BS(SnCP89e+xC z8wmYH;RlXMAkC`B0*y?|IX*x~u04*YM%$ThwM=8h$`iEq2HJV2J#%Rcg33T;Fb zN5rb1>)R32n<)`K1iRJhISc&TQC>-F6Kv?&HxY|bNdkQ7bg1|Q90nq+Q)4GR5qlFhnrBHdS_Ncsy%Dn++f&y^zk%y zKBhM5#XL=_CpKiWv7Y5Pmg&4~Oq3)M;?MykNS4j%zP;Y7pFyILrzy7Bwq!y{GlYS? zMQsRDbw?yWL12HV8@VP4UD_BNRv`b)ZP`wJy2xU1UxyggeKR_cd%Rw*jz1Ovd`I^x zo0C`{ELMGCggaZ-unwxq@angiwD&a3s54y*)VafbxsTf?5%}J(o99H{sN$YW*nm<# zG|0?9@;K4z9p_TlCUY9Wv%q=FjZey8H6@w3uqV(x{u-y% z1?1p!2AeZF&&1qBYzW$s0cQ}J$4u`Tc!vrlerO3_lw>)4b1=Ni;*!>ni5*ajf*@i8 zSyRAN#+v36Q}oSJ2yvZ>dG;&X+Yp2j*-_%CCm8C`y9ONjdW)uEUhv?Uc$+4j5j-hv zOF=ta)a^#eGBf;>M8Khf9(I__R75bE4b<$_UT8(w2+er^_0tAYoyk_;q=%Q% z+zH;w9XsIcsl&pJJ=kfo_qtVihuop$f>1*9WP0g>*yt%>9Jx<6l&z9U6#Q1m1Jl_T zD!6l2Rr@iL?zeFl^+{MnHhhKL18=V#)%o@qkxZ5=gFT$ZmOoIg2^Lk%UnCJT;Y$(? za2$;xAwG*LOh#`70BSZGfxJiksd+G_YpinOyzgLa)Y7(poMms8B5M3|SJJqQMkOow zo-XLx83g(p@zXv>6{k)0n0N)iE62yygdYEz%ZM%?Xq}07vhhX}a_y(!C5RoIRhhnU zfrRYXt4c{wmcLDt4bs|D&L`-3hecB)qHU&A8uI=zoUKLUr8l%gangQxLb}r3r7wwD z(Zzi>`4o2ir$&pllQ{?u3tx`*7pG!eoj`CI6}6Bm{<&2zxI}27Z?|0gj^+i@c|Lw(4=Qjx^%}w5e5I%HEB(Bc^Q*%beEk?5Qpk3W8~<({1+@%sAMF zz^DTV2FmPrIG>Nn0u?sj!7u1}&fNyipX6W{Om|olw0M;Wh@w>VyY`V& zl7|Ln6h-ERXMxy_D5ov;Vtqq8dLk{zZ2~X|chAa^-~J56*Rxi#hi-6=!0&)}2;H23 zIxLqTe)v_zZcrG-aVgM@D2TpZ(JmmSk>^g}&7&}2m%XSTO7UHA$x*R{Ku96yy%-{6 z;jS?O>oe9Cn|IzuxG>gmoUA6a$*k>JLQT%Bm1U5aOJ{CAts47!3MHlAl99U!lE3C# zl7+2+Vl5wktI<}+nx44`PDp?sf$dadtMl~;M2#b+ZjQOC(Uc@yx2_RQ}6bY2D_tE$Ekb`JYAX`~3 z<50$@uzXoLV*j{su9o+9S^{5~yj1QZye+#AYVC5>GX}iUYw%(F1injHD=g06S9OUY0(Hc5S8;mFN+ebsN3KoG3H>gx~RHy5M_X>dIZss zB-VI1UXg@XX?Gn-vHZ(GJG}7NQ46y8AyNJ+IH6JK-)seZ)VZyPVMEz_@*_7$aWQ@a zbt_UuYA_z3ItHMKCF!rDs)DR{3-T6jjc|XVLI!k>)UflNzf(tg0CPd29aqaMf?97G z32zs4AZQQ4^@<;AM5#rY8HYy%LM3@V=<7(Ah~Q(Sk7H8NMXJwdV3}Bl>dn-#rSpO@ z#uQic`Hr}^7I_Q4frN8I_EgtU%c07Y@S5&Pp&|iaRA?@zqxMIpW4+DEV^#nAxQG7j z?WvdQ%D4!mIq}!UeV9n1`Qy~x9>oR4O0BbO zveFy8N29Mhv>EPYxxQzzo$8IwUgr5wyqEdYUXs#Az^<9@?96nf`-Swmakw^Col8lCHYo#B%uvXkjg1QhuXl$IUn+L>pNvK(OCve*G zhJn`rFI_rBD_y&{V662asS)xGjhS?EUMSE}QhhY{m*mAS9BCkQ1(+^2PdZ}#_h{81 zTw&dyDSl`#n&U1MW=OJ0{{-Nsc)+?+WMU(uB@eozQYsl4`z<}f>s^%SiaM7%U$Pfr z_4Pqo>S6MqQWW0;cw(en_I~ls_|ArX$97bKw}x^g8cxY_nl&EPdZU)Ypbi>6R<>L% zoWLZ3Ja6+$&2O3p{enqgsB6lM#J3em3`hJk7V*$YGlE4nLUYais0At{k?EPx$B;Oa zcsyk21TKR5*Ly;qFPE*~=7-k`Zeopi9Mo-@ClwM;=x~11@=SAc5J;e32I?dU<&V2+ z6vOuji-XYxsJt}Df8d@bOTF#?oUMv<&JZ;Ac2+>W;3yNG(X<01d8yGBmDWg>v@=!u z>lR%3i@bq#Q#J8ER3oY4+HXw*`$s_4x~wVQGerg`{7(7sU1v#*?{#)0;FFu=(h^^YZUg)&ACtDvDzkW#~<2d z>RRLNh|9)8Fn2UfI(yA8_v9J#qNJ9%5C`Og0o|3VI<#Yh;9*ud1qS5L$c8-voe|@Z zz0jh$M+$z;?747oXJZJ25PV!>aX*{2(nNg6_o5}x!t!w&jUQJ!rk-sdg5D5!3MCeC zB}o5rC;AdHi?a92*F>FrNo3H55@MfJ9c%B16QbN%`d_3D-1{wt&QDD-bz}Mih z5DYv%h*dVIXO_v*P{4a)RkyE)GuPsqE-y{-l6Jyy<|Y+{&RBpo+**O z%lxQ8L>%*4vk@*)wR`j6&;9jQpwtm&(`1(=-I12JY=H|*coFuzxE*eN)Ip|(gSl3_ zj}n$%(Viu_+kSe|a0(2=q1Yd{O?`qR&+>ba+Mr)ixq~Fm;C)C8>`&sQ5iu?ZyPIO8 zwaP@3w|c!qz99XGI4*LnfTwP@G4+w_gb-vKVk8mJ6WYOZ0VpnCTD`VpD^GMg`iDpK z24@$0P}F;(%PSTi^jdTttBoJ_6f%F((cH2H@H!|Ge&0ClKf&L|HoMEh`wnSKO)!Mb zrr)YXDjtbwN2DP4T)8D5zGZ#QBr+5Flv8pvwD zsT@q1i96!K(z4Z5e!ur<(!7oyG)@nv7@Eg!HPRXD6}DU-Wj3#u>H39tUvV&8*et#8 z=bi}lqI zGi@5<1TPh^1Yn1V@vXMe2qepr26R4TyNK<~_T1UQn`Q6A`A%N!a1`}pgZ4uz-;@kr z_dog=1vNqx1H$E;QvuliU1)gqK=H3epZT_Mq6gG~ zFYKOY%)@4-yu*xztFXS&bbOFp7oG3yNlyLZ6l!vbNUr+L%|CK;^Jn%NLK5fHM1P00 zl>A67DP}rTq_a@#It@x{h_o?E1BKYxW=2a)fYl7>lQ}FY0ms)}c~f^HY*te55@=1Y zd{h>W1#JYSMaQF{!>&I%Q953-KR?K=$Ojont&dj%v2AFTb^fpi>deV6D6NkeEC(rP znOVGEMRCPDm?jlH!nL1nv?g*_#3q&-{FElcm&aX2a%KtGUH0s#-Oxz-)`UFYbTm6; zgW4B#7r*ZY9cj^|TEq~-S$6P6ATVKApu_)0D-v8)!&M#ay&%h3#CMb9dCyVV+$O`C z(qmIiANZR|^2}tQqwZ5tarm+!^n>SQZ{MVa7+m!<=3u}Pu8V}aIFCL>U24ob)j1x> z*W`v}!0VCcJiz^}%KzK`+{R9dSZU`>n>k7UWW2BGAAQEc%i=dY`LYd>=7Tfa1=4-f z&^u9EWrU-Q5jsSsekKMUt9TboQ&m!lAItUygRbNdC)#mBrG$A0=Z-zw*(f560zNgVx>P0drqU*Fu2lsFc=^PAnBm-0h zdAhDMSo0w$)p}v80ee;L2|u5E6tR14baVB?cr!M2cLt^W`?~pWew18jgforO6+Pb% zea_Q^O+ZTqgixyUN}Jo`1}TqQ^m2a)rBtn6&PUwHv+SG5#Rt|v?&hX*S1<_f8}xa3 zyq4rgG5O=gl?%2;a#w8PjFfLZ1qbjdgt@$FmC^PII{HZi6|*b1Vl95(qR0}LA$fdL z%M>wYl}iY@q0}v??;yg4vmsYiZD|8?tMPTA&z8O}VCbdBmi^12rU1E5NhAGU65Kx$ zf`aR0;Rq)!|cp(q;SQXHs=D!enkl|eXW=NqfRTP$0gGpM(+%x)`V|? zh%PLTfR!SI?U}qFy6nYYBhzZ|CjoyJzhI!MaZICd50&??lr_S3Z`GZrAO)Ik4=2(m4*+96iRQ?1|eg z9f4Rn)UST;aFx}-vBknQ!qB_c^LivdeR)x*N3<;E> z>Kr@`j`H*J-a_1UN#>R=9o6qEAZz#Qm{b?w{yv8L6}uPoL!N|cDZ?HrE>B*U#{}k4 z_~B9s<^HagNs8&+T2odo3sj(ab>8`xtswf_QVCMVGBtsS)|w_i`ap?|SnN4bP8=Cm zrScMH@%HK^V9yAN^{h9AOJMIPnZ0Czy9`*?c3o+@NqiA0eN2I$f`^j~+dy>hYN%Tz*ql_?`^> z%oX5AJ$a2$pBP=ollbGz#!gxOdCstm7t7p;DS#o0P zY4IjVDTrEd_O~bujFTdPd4eS!@z~!G5EUqV-V)Q&4OGrqXY}9(?Ho>y#?=aNGbbG= zxYxHYRusr*GAK;%5@&f|79iQg$s8eU)!TqZ$ClcTN60&&C~wGysk0AN8~t8`6Rs)X zK`%v!hBp(}%7Z(G*h~}NCP|;tqo)R8iamnE+n3B{ynZEDvSL3RS7wG(aW;ZHsFgc` zQf;3uqCc7}hPr8qGa;Y~P#`h)7Czv~4Z4@#ur+sV4>?)RSjJHzFd=ipMelHxi z`<=hAdX{6UMG(zy51;O^;p|9o!=pDYImWwpX-F#qe>_Keg@awVtsOK?tpYdCU)9+{ za=28~r(Jwyf3CS_Bg4G@k@yL6&V;@m1I5bI2O_VmB63~Uu47yTn!FXov4cUF*yha- zzO|v_LBCTqKtV(sr~`fERSQzb=QOaKnwa6&22Fr@(qGjiu#_VqO0R`ez9W@E$k7w; ztyss+)-47`9^a~hspl^FL%*4^?jdScVlIc8>=A`YU!(e~*g4e&owpfU>g1!mS}gDV zu{qcl1bcn2aVaiuZB7u@ZmJxDXdR|JabS^36YHs7$=ERn{XXI`T+)w2Es@&004q!K zZN!nU-XKQkm=a*Gbk&3=kZ^}wK7KKzZD!}{C4DS8Qxh(aSY;F1nB_`n`P0R!UDB{J z3B{+Xl)5R8NO}%Y84{B97E0FaVGm<-+0$MX##l~Ew`HEkhZ%6m=`QF6gh(F0z91+v z=U9d`1A9{(kR8wYr*_Lb(>0G*+v^mFc0pBxr8Dmw&~)%MbRa5&JdkOqa&nQX13kP+ zFz$C=#}L}$VT)j|InpV(T5CLTTw^7jnWN`DSdy9q?a*rS-tjf)kWvy=eg%kQgsX6B zf5}+b<5*xXs-7{!{%gck(0#{_%}Bm%erld-zMGpE=|gHBfw7_Wf%__Ry zHKlr(IRyme*I29^0(fVJ@ebdX-x)yUOkCkTjmcx+K@ALkL#7>&v#0i#k1PAOuP*6o z);v7Bkf8fzmcEJm$`s#*8Aa7&*CN|i&aY%HxiMi2(s?+Ps!G-9 zmHysbrO)k^U+gzbf9s$l1IEp0rv3(>2b##xH^d_IGz_dEC_bb+UHSN-P1=vq5az(u zp1`tk8V6mW#UuWrF(6lbJxq!0(}Ssiu2xkNW{nA9dZp)r1??SuFX~?jPu2W|BXZ((@E&S@ z)}&^|;aI7ghaa%oFBo`T;L^d~C>qpSZPHUXSnwvg-n}wLi`SfEQ+W5H(S|sz(dPJ) z&ErR`u`Bpom%n=URu1ptCHtl}ip)jCor96q@Nyo)+Mo?n+8O0?U?U0|wChCI8{vqi z@V)O0*`!eWb#@yL0Xx_GkmhP6!C3Mnw*C2W!EjS-oq-fHt#TpQgiNa+iIPJ!tu{ODJMhNWs5~B3yz$^NyJxzX0Qgs2tS#Y|9)=RXHgO)6Z#qb-3`*8 zytIVSmc^JmNEvgqWH-S@&hjv2JO(C!C=7u{KGcEeFV{>g;!u}!T%)qG5YuN5P_XX} z4Z+rrIDM~K8Q77VeTqSH{^H;MfQ)@E!OJvRRInGHb>gOWw#a!%_cTLze=+xzUk~FP zYXlA7BI#T3yskM$19=5~ck;@7Nn@(1HAavk#TwqK$GMqSG!Mhgd3sDD^v}$SIYzoX z$#9{uG>Aw3vz0tvkwN9?Vqo6O5gtE6z7NaZ6Eg0RxTYyO3o(mm%$HlCKqk0nIcpQ} zFQdWPt&sbiOmaeL0PPeq#X);dcA&TQFpTs!Z~Tc&XE|0Eu70aDUS4b13Bg(%#rmDv z3-V?KdZ56HcL(Dm0L=41@UI`CLSWNy)UGrYNe#Sy)3dxEMGmN`r8n$WPj!>bss z-?%DoUDIU1%ETEvEz9?TqzvRGh`t+Y?n%asbBdM=nu-BtF6y5ScpE%jyD`;3VFn!P zI;Kt>z7?#83%)z)u33sU2laT`!5j6)LvGCBL>S1N4%Kf6MS<$YaU0W)bvw4zulu*6 z40qG7sI(|0V^%Amxe@=ubmY~e-Q?K;)X=HFZ0s1)n>+eqj`Ab@3z8;;<>JVA+ZRSNY2>K&8Z&1ijpm#Qwf zIbZv|XuZgFV7pUnTecpdpY4)n1H4*B@o3gn^w|>pRTA~t@IQb44;G74`j67ZKc=g} zKc*|)e`dOxm^zr+nK=I!0GXKo!MVax#TPW?y6KKus;oFt)2tzoNG0MTbHsMbM{{et zU#-E%tLJkT0<=-75G0AjkL0mt&_c>%_S|Dc+}bclEvI$cx5?;RRn1Ic z%(;nfo30qhFtED+&Nim0dJbxpv*L9~cCl#}Z*$&* z8puH46c6V3m>|f~q^%!K_F_DuBd&e}j`SDSh#kgLz4yiT^yGT=<$7zoJ$ZR=^r{=+ zURsTRbK}?O?hI+RIe7O$@Ns8wHa@j=s2~xzR{)aG==`CJUcl{#OSTYY(lUWieCxwy zeK*Uk&VcuUrrQ=e115p20l5gP4om{4E@s|_=7P9YX@j@57=VwW+c1=}KMs;wRj1}r z!GxDh=)glkuntSI zsQ5@u?S(^cnQZARlciud`@!a@XSG;iRT*Jz$yO|3BE1-i?Hm(tNw%C5XH5M>autF| zx7@>#24S_}rhem+bBwce-b5W#KvOLr)<5FPt>wyUl5?cR7VXO*%S^IwSZf;Tifbmi z6JTy_fv-SnUYu8zVIORbHw4Q6`0T0vU}A?GelcvcH{NS?Kn(S^DzWLrxP=cfIIYC` z_{ndcIg7xFz){=n|0>nj-S0MVY(aU*DcgcYa34;lGstv-DGGe%f$!T;;bfAGxkUVG zK4;3TMR#CaiF=Uf@etQ#JoLe*(?QHz*^^`4hr?1S&@0lJ8Zzl4>Fw=U?$HeHx0}N^Pni;$YZ1E^ zSz_}->^f8~J*IF}E%Q-#JJHH5HFb`FR7L{HfQ9~_+7gS5om$Goo$f@=Y2nS1#AvVX zJ_HZa!Fm>Ky9p1Jm!H(DDO|BHNS%4AEE&J(e z9)+17MlFWwOavr>P(6KtL?Cs`!y9xP)K&@&(v9Hf`J2abem24_*E_umg1;1XlT^N7 zIu;fSXPXEAXty^y;A(%^w3Jwc)FU6@l0`8=sL10xtQ98EuQ0t74D_^zm+roSksirX zrJ+$uUn@%w+LC}0UJUKE`&mn z5jwHXrKh6xAuUQn?6~ox`t7N_m0 zoa1pHLJWJd(_(M4T@FKdyHSe$^zN9cy0Ae|=sx&k!5*aM1ws9c=*WTa6f@D@0m?Aj zK||y5z-Z4t0_ZU0z|4jdL7vo_5QzEHChQ!!XS(1#T^3s#4&q8HgQ|XDEXp8ksJL}w50!dr16I0 zLD9TCnMkfhmBK%C(N>oW7wq{a*_c3vY7Mfq9r6rFnesEqQVooM(Gb(}*BhkcjOoZI z(!SYXSI6A~0m^+PfrU=A$MFK<1i*4+dn%AwS|LP?ZEf5NwvKOXX{L};rD>j!80y&b zp3<|O3RIQ7Fx~A9g4(L4PvGK6Zhxet6`anxzx~T^#B6|D(5u_w-14{%N-Yw53>G(k z1{wWH!NxwZlbc{zA8RZm+x35I6 zpR7f{(a2Zmoujw~+a|9Xr$~Aj^7ijB!tGrQ_$Kykvkb-;9DQOdnW#|(fs)9FeEl!o zN)=}-IqN@7XCREffX&`+VH@X`IEnqUfPOTUZ&dC!mpIumhwo+71EgTX-FUp9y2&4< zE%8=s7eXW=N_CfSNj|-uS9cKj+M0)3_<@qO4POX&iPee zS^5WNd#LgT<4=~u`6&FUqh=%j>45`pU7R|sJ9inCFKB~|Zy8Jacbvf8Ij2o{&qfS| z)V-q~gS9vlhm3M43l72*;ps?ojDGd)uLJdo=RuLxpyr^gXJJJ$joSo(ejaj}!u8e* zI!Vi~13S6p%kd&0^Pf&&b+zgnVVgq;9Qj$3jXvk@gOdoUs^#wCPfi6=B!DtZMKeC9 z^&N;T)p^71w^AHHhcOp_gnTGd#*^nrf|Pk&y%CYJ>|;@>8b~%{bH%7SM-B0?ytWst zh?xsfr09pG10#EwJsQ?BlZ1OYn(YOSH#=b;U(&)5BKiISj?yeiPwJ9ODKEaAAct!M zNse>%P1h|cov3&x#_tj&R9Ca#MV-VPsi*@n0iqRjSi#E1md#biM3;84lIHupqqAY( zlc8PyG?ccor=7lGNmniW+M&r?{G7S5G{7AF5O&js}!MEV-+3RKj#E6pG5JmUzym~5fIQ0b18Jf52bdE2{{}wJ(k>nC0;6Sy|>&sSRKmZfR zws_1h*)cBn{+s0ypv>Pt$p)Ln#``juFCaUSSn1_?urYWCNpNIUrl>jD4J#Bkq4&XJ4x(EU8)A8B7eU-$=h+ z{rlJdmL&X9AYeTN1_ELP1p=b|&lhS_CntNS|K>goNSL-mVL}}3CdfBTE|BgDP>_t5 zR3;)K3PewqC#C}cCh>Qx)1~;NheSYU(Rh)Thhs6U0Ndfr|^V5a5 z6`5mxh~kSl#&zVJJYZ&pIA*kQUKFYZlkEqZIWxF}DT`@qB(YbD=*Uuh!-%ko7oH1^ ztwl6_Pyo=<((}IR${)s3F(F65WCw_L3Xg=A^7&ao@`Q>?p^VM>>6vjHy(W zdQ^2kqeAtHEOo2JYSr^*-q0Mei_beZ2z2|3|y?tyot*=|_?L zoAz}(Eca7d4Yh<5MkO7+ELK`$dj70}hZ_J_D*CUKo083}`_y-#niUy&gDup|ayX^f zi@Lq1{~{w^~^)}|i3%3aG- zyV#w+=X4tBT-P4UgnP$#3^e|rnFn`|pX_-hrn>ppc{^+Da{zvCQnXt5e5kr! z1JPw>Lu#MC;pMqzb`PuX#R%+OTzlIl1B~qnDrY`!XCO;qE+sy6Evuey1bD+eDZeO_ z+;G?L;9LJrr8+V^gKD*I#@B%=*f`^GSC=iqy#~h2{_X`=*{j~obK}6VYIr5|znblQ zJ<3On5BO+SNA1}ocI(vZdWgxGY8s5iXm!)hIqC&ARy3HoKjpo4J*0#=0^LFDIwty^ z>q-1Lcomv*_Q&6kr+mL+zXgZDtvw{uY!ktV9=ZF_HBh{G4Vt%-4|AW1O5k6C3I*3J zS>SNio8NU>9`*Weu!z*rk?B`eIG07j{issu;cwZc+Z8UG2@n64t1#G>`HhE`c3Jv) z#z$`50X{umkA+;g&uSe)^ z>8@3RyGN$#hH4i&bGe3W7aD7{7I(VLADn;>B!?lfpT!C||J>WSUkoQL=8%MNJXV`} zh--fk4znqnob7~$yW`eB{JIXq7?T4Xv>i#|Bg6~XdzAz&FSIAq)_^0AjJJk)=7uH& zxs;4;fwB;i0NLlDSF0N|;2)r0$xao$s(~tlm1mLnSYtXNTsl8A3g8lMzW!mq^lFi< zUsJd1e5F!o3Mlc@dwLIB-2z}}>xON|`Q|tFqiwkL%Plu^N5Hw-QJz4=6TP?X_6AK9 zKyqp5kfb~daXgs1wzTSNKje0rdS5RoI81ynZ$o2RzVfd|o3w=xpiD;)l9+GqI{-+o zzyCx+7o=d!b++)r8sFq`HL&^3!FbVbXF+ZW+}za-D@9>Fu&3iMOqcjstgc?TP5yG+ z&pE0h6z>FD(VRq?f=DN(czox!K?^~>@u&ybODLgG#tkuNl;!06c^g20BKzxx3K2F8zcy#(Bxf$V76)_B z5re#;XJx%BVbTViL}$VJ{OK@c!PzC`#)!&vhMEV>=-LWNj{oZIQ#NOIXJvHPBXjn! zxsmbL4M7KAv+OTBt0R`uDNI3OJmwk2IJi5kpDqD9BKLkm=W_7xZB&GP@NTrRBGI1s zq(;+3r~^?c`%d-DMbO*2_B;H}Mr$@N z@yQ_?oFKDv3%-NOGpyvA{Z{ocK?}&`aX{fkRZ;xHBkn^2j5Y8Sk#C!y1wEfDOW)%i zRk{E5k3taM%Uro0mvvPi6?RVK!8WeNgWp(Ey!T;hmToBh79YuDRy0(_Q&o`mFkdx+ zh&IQZ+F&`x3n;tKbE=pKK6Qt9H#jM#)`Mg1n$QSN&lOh0O_Hb0gX;fy%RY6Mg&d=P zLipwTg+z&cWd~B)m+M4GEO6n)JY1N+UsR#h+OGj)b;iP4dHd+HGRL2z*cKf`xPkEL zpkNnC))X#XAjZt}+-<xZ>wziVjx?oRcEt7W4;tdPF`d9 z0Kw`XiR}+(+vg)!S9qatfCedM=X`s2SYPLA{;1Wr&ht zYa%ML^2p-NRT)@c1@uy2&ZJiG=QC!3yp*%W0MhHn{#WAbkbnPRe0UD%bO+si84MHI zZ3|G$7^X9Cl-QrrvGdknRu+DKYv4eoNwCFW7Q=i+c*w$~Cpk4ttWzwJf&{&cszY&K zwM&q3Ws0|}9HV+7QptPnIQk-OIFz&Ku}hk7(!hd>Ju7oWxgvTY+#xP^k8q< zD_vB6k{6P&(I6sfq{*F|aj&>8!+e2Ba0l`#?=KXp%#rESov4xj@XQ|BbSK+5?TLvZ z_+7V(K4~@9$42=$=NszZ-1J|&ZIje+vf&YJ^cx(aoM~eGs;%L**so z7X(YKRZ%93b(dWeEB?9>ul%ahciukbV;IXx0;G!3olP}?0M)~XHAP3XIuneb;xa#| zyY;3&upRt!2ev^?Lojy%#S~+QmaL?(HhY2l&6S>-D;v86eQ+rsl{1wV#3AbiGp*qF%uqy1>B!SVB;2S(3W(v%l z%Oy{h&OJKy(4v_Hy3cS*0NcGJgKRNN36iqNCoeV1FO!7lbz&05)Dk%f?V`FvQV(&T z8PXcVjMV=_F*W86?Mh$xrsi5nT*Qa&w3@@T!8bj(VOY)Z9{w|p2lBX3k&`(mk+cz4 zR}zZvi}wThhd>lwlU+oOfBg`#j<(TX&jl>?zqj;4to<4RXEM#&LKW~?P|Ozd=ZOY$ zC!uBo#5R}MXi62A0Z>ykwfBQWzjow;ZB{tF>1|A=pg7=+kI2@IN{WIj+Dsrj%Ex82THZndF?H|$;+3t&Ig13{eIm1d>n#}1omB~RlTuUiIiO+i0iO3>K`wZz+BP}^RB!3a-H8W>~SAqF*y ztEWT!b8wgW;0AJv)h3&XRX0JDTEP|f+P!qZ_EBun>v;f2cF8Y8BuBCbG{S*@`H4ce z0ZD?=;zno_N(%N@wMp>G4*D7q<`0p+cjZ$+ETHBV#x{3O$yAQ!u@V=Gl7M5V3VmDA}tL3R)+im|9_NyQ;%rjwrtzBwc56A+qP}n zwr$(CZDX~q)zC}$XVnit@>>e>{*eIr|m7Yj6s8RF^1GNNZ0Npv- zm6%*e#Hk3a#3!TMdUO%U-l6HznLk0(!WzMM)9}U#(7uBb0ecEnRiG^afos9oTPvRE z(EoBgZl+&H<5D_{9T&p_`18w3nKKbk(X8rP{_Rm8J8f_PVufZcDfl<|a@GMkmp5!O zEX*%OBQp7ihgtnx9RG|loW`^iAWbr*x?%gLE^OFP6~2sU;$oHiP_iS+xEhdoD+b5hzJO-bqs_=?Pc^;p}o~#)Dlznumf8@QWQ7|rM&c>H4D=aQbR`%X0{%3Wwj2o0?MCH*SkBJbQU z53^u^=fs4-Mot_BiJ&@+ZZ4SlD#aWtxhbZO$d>^m6aMj29DQQU=D38>1cNTZ1Nw^p zbcxK$SCF&}s47yVfGFoM5=e6&-Hmy1fOIZEeW(r|Q6j4!j|_pHMU#njox||aB>ny8 z226s2G?NGGD^XPiodx(E>oaT5at{u7pBgYg(e7MnJ`iCUPe8ujzB~pI6GF&kSbjKA z88q~j;-Q_KT`>L@)ED1K+cWkJy*(^1j@^sHE0MbRQD8cuXDRhy$npAFfL1yIh$9GF}b!qj;*x{!IWU9IhdeKUq zkrK_TJD-aqW%N}1HGh13QZ6H3$9Uh7H+g8qimzQN$ls5Q;N@|b$K1p+q4+ID!RE3E zQy8oOUyHTjhi|KJXa|pcgZ){p(f;j znJP@J{Yz zAQ`3%D#a60lj(F5Qs|+qcCkQ8(Mnui@g&>9IR&Ei($mD_E2%hsHG4E2*3ag{o3cIE zv!O^Q2lwgqBXD(Pwh}*rd3}hU94aL;X08Qj@!hJ9>gn_<}l- ze<@=eY!BgyUw@tEF;<%26aFcXD-3gc;QPi)niiCYaz|a9G$)Eax{ZKI5S^Nix-`{Z za!P3_pbRPMwv`ia5?!!I6{2^(evOA%$j6Ook1lFV@=|uZDoCJ!8!3w^0cNb8yF>j! zYbeMBoC2)G%+?qO*Wo@L3BnT%&j_T?Ai-0QPhm&R4A_MIx{NGsI$->!$#@@i$$o#)R<2uSbc3Ywtyz==O3hH-7_;ySn)O{JCAPm7Oo}&sNV% zfpQvMuMqz6Ksf};w;%3&+;`7?2>2}7en8~%1=XO}@dSSh-12~|n$-{UtdkeMV!5+JIkJ zs7oorS;0UaNcmGc*WOr~$|zpzNNAY!Q@d@!k4S*hoA zqb#$+ygG?_p!Kj_`B|v~Iw#+2_=kh-`K@mhyhzA-6kb6VF8)DA_mf5cUq8BiN}VQU zdkceSC@PM`$A$DAygIFXn&;ZM@f(879f;aB=LhLXyib^6$Y3o|yh)kk zQ6W$r)*(M3c8;scDQ`3F)nslXg)V6DX>n%N2}LDZe(etC&4Se3HKyJ?tt!uo(xZ`M z&>Ozx06iO7xdVD3oqsKlt8M-3rR+=Fg>0HM55uIFy{;;>{U3~g5I=k(z`Q&aTxe48 z&Sq#XX-TV}6imcxK3?zlv&*lsJU*XdY;=k5`&M1*KORV=8XEQ!?igbCkV~!N#9i-a z0uH&0-ZIZ|N!icGke5zqC11a_r&)*eFV0=$v?b1$r>FRq{r_bx}x{#3r|tVql-^9 z*SBs+XeL>K6OW2$B9yGKO)mVAa;%e5*SDn+@eT3CY@9qJ=fd$D1XPb4Ae>bTDyA$sq-{8H1rsf)}cq!fxo$oP}C?D>iR|kAat> z*=RtTLP_cmt~)c~ib?eQj%yIv<VI(&9yyvaR$*!wBf@Iqm+P@u8>J2{ zznPm~Oo5t>%;{%uSHcAarp7xuMCG%y zb(Tf3(lU=sc4jtKD+|nc=>HJtrXLL8eFAky<08caxH<4o=jh`f)rV_<%u=;0O+kLxE+IhJ!3i7$C=!hmmW6dvpKR%D@778Y ziakV5&3h6zj7mM|e^^%wQ)_Wjzu{n9<0%D^1+-|Jhc zKJ}*4 z45g0onn^% zrQyy?Haqm_;enPrCt%S$JN1}_u8E%Cz1|6NT(U|+zGvA3TC(MM%whi6x(^>S3hGy4 zh|#wF;da}Fulq3$Yecisi7&23W=rW(SCvF8iF?|cI5$|FCb~6s^9YOC)w?BC;)o3D zCa`$^+F)NqKN>4>)Qc_gm9z}|N$w~FD??jX1u_~tavX{*MN!<3$@z^8NtfcinN;DL z^whv{-!r=hu4us*%mIu`df(WUOD<;nmSantw$mD2^5BBeR$zj1G8F7kX<&=LwRBgI zh>LmYys?74NE70aN7f_Gu6#16OA45|W24r(rHfHVmgW#sbio3sWnX$BekZ)?6OOtuvM(#&QO{E=Hu2r{zRWhKmJteRktLA z5{q1FONQ7ZUbqj*`n*=MwG( zV3wR-Dn|sEDVhYF^P;TVbyCLo%*BXbO4Fi-;d?P~w0q#N72?2M+Jo8Z9o;HG^QfRN z*VUVdmtI5XecfkKJa{T<6jMhg(uP?B{x2By2OgRd{QDl1qiqv_XsUx|$Zwkn|D^4hY=F}^iyb3mz#+z_~!@I?&%$c|v)Td+-dkm+%1@XLp zZ}Dm{YxRD!t@vvCtKoXQG|ppO%$1ui(S~pRx!d}j@ZxMBJ=`rtQkfo;%>$DSy&xWJ zSn5w)3POamf#7HTGIKZ7t1#JTR}3x#E&O`_9l;eZvo6DOR+6g;LT#9032d%LMfBe_h zZrAS zC2*`zSwRRHzJY@3#pj^AeeAT(PK`GGq*ueDhXa7SMJm>fGQGg7fo^!WT!CLL1JQNS z@B^U_opk|*0j};p9(Wr2FZ`~52&jk5nqAZJ3dwg_#y}?zao+q8-Yht;fNhh-hI1dp z*yCpC8*R@|>W?jlrb|PWj8)^wD`X3hJWRpVlgjIPDq1Ahz-6|nc?RokOqphJcJsNqWc_KhNb2+1eq?4vO0>-li8_Bh&OryN^34FCEUCv!XBOQIC1=o$sT|=0n z6s`+$3_@mh@%AtWX0ZbK4lW{3>V-~dibFNgSN9-`V9l703_^hPqz==8>!kl6)=MN&CBa>zV45)Lq4>HS;;Z3zga#R$eR+vtxm15Q?(0k}cHhj&hmGB-0 z!BiU4@+Y|fK*}dqjJ}SIBZzJ0U-xu23Fp=il{4uEl%C&sl~(<~0{B|+P8fj(??J4Q zudM!51tTCTo7#{Xz^G1TsWCybouOK(c*E<)&`fm%5CD9(dOa$1G*%95EDHQ&hBZ)L zITO^rX?j}N)et8aNN2GXf`nUnHgRAbpsL*_)YgNYc5p5qtQBaKPMm z^{RbhL11|_i(W49UlXc*qbfg;y^Y>0zM={VL>8NT11&3!)fG8b@c*1*;i)L zvX%G50-CZxlD2&&D9u>fadh<;0x7^S^(3rww0GZJW51Vv48C=fLEmwC`=nAympwwE z4ZyA)hL(WhyRH&kEB)&RAEP*E+G(F&B}@vHEPh-nVA^UOB{kO=9eT>)PEiw72}f{7 z^0`Z`xaFeuIsB0fk~ZV{@N$wrtR_H&mh!DM`>&uoVx#fDu}?kSv@`7INih}!U4?pU#Vkze`v|hr>Kx0 zyN@gb3uEMFjiIZ5F0xBj%OCf#g$l15e4Qu^>?Uu1g_p^NZ-T`U3cOW5*nf}JA;T;M z`@Ql(iFzCoij6K29r~O_tfAfmbLtCFIftw(P zQfuL=bx14uDSyZNX8$mVIK5{p>vc~>fW|YzN)v!R*U8dLr0zVWPesmNV;NmuFPs1J zX+*`hh}`YUR4y>pZBTGHrl+Tqss7)Ht2T(Fe{d-5Et1hSBFVXT`M1^80Ib#f2SbRK z{!s4fSP1uZAwYgH4znxzK4Fb2~uT%CM;sZaQ0E#Z&8 zfc1RHtw!St+z}jho9QIcN-quO$+;M39sEr7d9emh|5dka4+^$n@Jl172$amop__uwDm+=z7skvMlp)x< zy~(DCy7t>w>7TK9X5uaP*Xmlfs*Q1(&pew(x}sWxw|H}t!d2?~w5V*mXR#-zaR+!I zZ?Ix&Z_%@o)S_gH>wMtTGaj?0@r8IcODIyN=KJYl+)3m#3u20UFdX6M4B7{rcs*|)F*Q%!>s$? zYI(3{;C)!nw`I<;(Kio|#)}&}{j(HAuk?X2&$s#RQXsx>C$+r`Iy_r%cZe%$=b(L9 zls6u}W!?WLZyo-M8VUGSk%G!e3hJt4@zPTF-a?u@iOYO_a_&_& z4(*GIGn*#$W)JMO7nc3zlKzK#zxLSftlsEz2nWyJTOr&0!`7kJ;Z;i0$yxlu@|_w9 z`kXJwKHe_~+UUJAl!^N#Wjt;qP^f8X0F(br^3A3Sn3!gU&xj{zU#Lv&h6f`PiH*B7 zpkwmU0n1({q>yHZr6Nx%1OJXJ!TvsY&F(NmUJMM|7pD~W9nSyO=B7feEP0KG1n)d`_0_kx2>Jex#t8cZJB~bqII0i{`o28B9zR8o+%;L@dV)lS)n8f0tIj-sZ|z$ zZ!mmwaq6{?@8vVyZS8Kxa3LZLN8Lc-bZ>%RWP8MkP(`*2pj>Q}AI=nKSU4Cq$MY@t zRBjzL?FJKou2L&cAA?`TWL5R6*%$o(B!iFS+005YN$>IMX()zW}=(#vsSpOFk zgN|ZP?62Oh^@R+l;|N6rMeLNeP0?4DjF22b5J(dWfj~rXpe>hJwR?BunbLleB^W#a z>Yl#4zg4*#h&kE~IeBO?`YK~?kB#ZM%C=3${_8Be?*k3#A?dRXsCmr%86}4xkTP+B zqC^;k=u^5hAY3<*`1`m4vL=?LdSDujlrD;yeLuqOdDw|&fuoU7D>B#ioRYaL7HZq4 z5ZVzpKZMpCLF+xayQe)?yPYuWjP`HO9++u6WUsKy71e4J9G2*o^e7y5?R%okx+f%<9WeG*=Mb#tta;LtdeKGeTK znxu9p2elSGCzU}aBS)o?&`VH^pGuV|bWrnz;iaUk9F;cLdD~@?}stH3Cs~aQULgD0q0{J8MIS^pGhh6EdJkjq_qGbo?qVnLOWqD~kd| z+c&?J7rvU6A~6HuKbu89o`PNh=Z610kW_sF><%=p+~?HXlz=Y^;k3uvJpR#7iB#+( zKK;YniueKgpRdkGiHU9SfrVc2Sq^Wh9PT0RpHWHc3S`8w4u3t>>m0`OcrRyKTfbc?tbpx_AD&Dy)}aQ`BiDZt*l99KEq!R z;|HA@xgX&ljIgL3a+)RFTqrZHJWMgu#Q<6hJQp1kZgH3Iv^0k5Dp zI4`U2TfZ~L%Q8KXq}B-Y>u@5i!nZedNIBtg`>vBOrOhEPq{PxC`cC8Wxe8Kz1SAd5 zmUUS|N9NS?@~uyYxpa5xm=2wZadq9o93dp0_*J9>VJhgdLQCu#AD z58;aUp|dk|W6gf4SN5N#*7}+eWje1Z?W*XbH0V$!kswx^ zz;JxJNU>VOCZ=d|Y+8oS$Pw)Yx_oYQqImMKA6J+UQt{dLQq8PRLlt|Ts^0bw2UuTd z%S;a{`d*7sS&>p(qVL&`Q|jA*eKn!?LeS}Tygr_xzw>JHxdfts`y9-#~&BfXy(Ug1~@m|hQJB+z+>&(=6s0K0bX0&L;;V7vJPVFVIh zc=wwvH=+!70qPGTe#<-5*XpExF~gIpeG>LaVY8_O7R9Ibt8FSFLX{ivviT56Dev9T zHTe%m%!VaExWj&xMA#=Y|1|VyWIK~%irlq^^O$r*?GhL`Px}Kd0EVEddovA-!ma(U3Wiqi{Xua6>}$>}0R%21D*(H1 z{$=PR%?wD!Z+2y zBd}E&g!z@kxQ>k#!=!bl-?A2q7Q;;bJ z+PvU3PCbekcwHV&#|?F-d&S3S5r6U5=c>Lm=(o>;*{CxN1Be#rGb1!cxLK_z|C-HB z4ctx^m@POE4sYPUa#c6UZ>cnc)RlxUy(m{xwqm0&)so8Fd0qXBgk z$I#HUZIC>i-_}%s-!kOd`g`G~=p*hn_Q*KO>V>!C@m~|!?x9y4p6#~Z!`(glh8AAH z?9f-ZeN$ZfgJ-})N8RW2ux&UVPp-E#2>Q~uOv$bH|mU@H0TijHu^9*e5$qP93& zn*-%TJ_9B@6wnLIEuK;Eqlp2Y zGT2F|Mh9ZsV3VB#8GJ$NY8aj@U^)WdGe;qF>CI@s86f^btxw6Lti$`qhm8^f%dy&n zy!X5Qnfi)I=Vikem4a_#83(~7FkfUnfLmn7KvFCqHR1Kx?vUH4#iu%LObV~Z1p*hO zg&446^50;LXmye#iJ)}&ye2;ScTU{=b{`x*hQkfFQKVeWZ1CoyznvE^X8R$i=zJhB z6?UZL9nGz8>cr&bJf#HMxG3B-jc4~noICYrEg)lJ_-Le2gK4;oEa<0!yEi)v2cRpC z)a23-wykK%lu(M21yGML`$YmBY3lBsB~qU_d2=iqXsuqXh(h~YU6Y>AFK(3E-&*b>^7an&2lx*%nGG%~HwjWkblW4ni0W%(`naOdAJmLTk znN@@+Db+DIq!FIH>tg`iBapF>IU~rVo_>ZMYur!cp2Oa`@y}Y8^=S3#xDox)U(Uj8UP>A<2BQp()gkCQyIkf(y&}}AVPTe@$~3}^0kgY6~`sdax zaae@J?GW@Y{;OH%=>-<3R>a}08zACvT@+hS2}yuz^a)cSV0lx4@-QzMS*+laYKRZT zdN)I$`$ukAkI*M@b0I3e$ZdW(vYVK;KsEDhXb{dU6#`b(6GAw~QA$p%slZKZiM{2t zroz+v;&YF`NH^vVl~3#|`Q?His8X-*IHxHOe*FH19h~C0HyN0D<4P)>`Z0>Q@WAZV zK^AB_j^w}gZ|MZmHFuBdS(u>TuJ8w#1J=dDVeV;W8=udhe`qLe85+%1t`oY=e&*=c zOs#MK%To`aLmdi`bK4tBd$&w(`zIv<@582We^X20xFC0h&LBKG({Qy#=2)z z!BFzuhE}2=(UT#ir!+863Y?k*J#asrfkOV1rRW))agy$F^=J&&-MA>|$)N%yrzUSW z>X-s6`BT0|y%}tt3MCjB9>092ZF2=j7{{UHQY-?&21#f)emy`b`Pv!Xv^=W1>03)9 zg$Hs=cPd!^efN4U43#>%m0Ci30-O?Svjn9HAo9`d zd9^`$==7+w_dmCOi^H+&Y7hVbtKZH4KZua5Eesi*?U?jT-2aOoR-&?Fi!Fk(yWwY- zJxo&&QCLc?Qqi39SNXVg*EM0 zFI$DCxf>1JT}p`ez>33s>WhK@dzCQF_cUV8KHc%T{rD-m?yVvp?+!S_TPrA8y=X$VOF z5@I(p4Rg7GjJb@Z0=8xpCqST9HBVFs&ICK6(~Ij9ha`-9@6eK3zqk!QX|WjT`|Z0O z7JpsO{Oq`FzLU19I!qAU^dJiLIjSh-d&tItkHXo9-5hf-MAWWNE6LKqDm|WUEMs)U z!c1Eoh7>D4FQ+?BlWZqRIu0xe`=8cCcX)@$bpbDTb!LDn@f`vu5lIAG)%Le&*^pCzHF z#vX;dz4k#G(9BHTkGcGcW3B+5c73wc$(LTX|$;?I$o$UUOGS3M){p+jP92@DU-k;dl_@h-VJSjBVRTARKrXzZF z%1o5;{d>H-1hWDzBx=DGDoYP33j6pmjRwRSN->n{n7_fPsDci}kxx-eSNU1LS7Ax< zgB&uI_Cc|XPJo*@OFb0)k-?EiZCwfA@w^-uyQ-al3Z%k%PlrL_vsE(G;JHUX^l31~ zhTo1zB&9Dk2y;NqEcc^Q-d>KbVx7GO5_EBq%$m&QdZH9B2v_{~1kwq9ztXR6M`3$Y zOL2mybb^vPy8&z~eI;0sJEM(0)8nMaBga>vcsCON`L8nu8p-= zSX74n;`nwxLZu=cssrSH<1g{Nv%A^twl`qwvQ^=kUf+D*|}vqD*7H7s;DV;Ck%0-^jg0j1oGx_uC9 z$FN+08*tXKBAI)FO`1{3d!kJaI=DihyS#NqyRdE4yaR#bExnzd4jH(hcaj;fUxb2_bckHrpr6;}V!N#J&F^v`Q`S~a761OCsc2sS4%F9Hq# zKmhk2r=qQajfs=Jfsx67*+X0di|>U8qoV$B|YN%U8n+2mE0@G=IIB`B?Yfyl1)X;=RK!kWX@)m zC$Hv9gR_c8%P~3gkWCprPz|0t5L@@F1~Ttfj%u8koH4&5UuXRkCJW?JGSGys8r!e* zRtB}r??JF+1t-PL>7f*1O?!z7RHh)WH3ir8W!H^s<_&1K{BO~$nqOHV{=$1`!3 ztg!ykLzEC3oeoyG4Ah>#jsA6OW@9NaHsZ%KU12w!EVt(;i<_+)qU-_+o)1osCg)?-_CS@sIW)rpBpR6wHk9OS0T{C%E&e_V)Z2!=_g?mfjCH0-L^m?#wWMAeT3EldZ zM58b6sdg>IPeJ_lR!2^@|4`#Orc+Uxq%?3V$f}e^9MP3*&QqCC=PS|p{6LIlji{#@ zX;g@6r*fMO`g>7PO@N2+HVtQ_LMkQz4IRct#WktqE_39{Rmr_fAiKF;cvYa_IUu^`MhwmwDlTz8{Z4 z#x;FKPB~CS5!F23XG5vpQKEWQVGuzt+5Z-6;C5 z%4^H?PavsH)o^Wl$xdchvau0iu}ZcomrPCyPDerJCU;mR8J6;va28~)qdbu)ZeF7Y zxb7n>_a%X^Lv7F*5Dy3tAv%)ycK0^2FrGL2{`-p-q=)WvBCI8t*#oKyeQcEDv9LTh zqR`f?gA`+m`1&=eCr>wHMUQZ9nx;#qJ1pxgHELC{m;#^l&r z4|5p?1nb@T!9W#w)P%a^td_z9*2t+^Y853{`FPqmPjcu33(B?}9N9 zMF5ZufXFn#md^fKwl+ZxKm~s%fZ#yJ?KIOzwZm%m=HC}3X(CtxoG8qATLK;N)9h~8 zw>R8kv`hJgeeicK5uLu0X-Oy(;DA!?4NlDPF87ESjw0Z<(n(Z+a%tk>L{B3dqRD>e zh(`Kw<)YAWH)mriWHbR_j?uxY(Ar)3Ca`!P z`Vfzieqe)LZa+_|-5}*v(|SQ-xv_BB_NHttlPyu7WJ@?jdzIWZi=`NOlb&rh%W-Oq zidvumkoV(3p$LbJD7(p)SD?sTx6Hd_kB4BdFQ9fZ@FvypH13FF#~*K(eOfU%IJk@7IIPv$ zrr_eOh@diozC*oDz=7Qw#78{dWj(Q+_N7Pr`|co~u__t4;dDB_VV=O0QVRN^@SaVH zD5UwlF*j_VPpnUTp`ZbE19zmgnx%sq8BY9nt;vXgUMK-RMI2mWmAE2%afi*h3mRJ6 z11G0b(%-zSJk~d~-FjNOEdsI9@0e+1pi7(87VW>Sz`%1g^c!5EChT0Xhv}=aCS0XW z2kT%fR<$atX9RhFMU~A}G?;)ZjgvB_7gt(f;TGh#{PyQOG?S;M^oo?65UsT``-oF{ zALo%U{CXj+`=tmu?+`h?*_W&RkYg+fLXAc8+v+6s4i|okKFg1lN#GnUa8b)`y#fahBrUvpGAIX^s=8uU=}(wh*j9=&Xg_ z)>>`@R2tJhtVOr*U-%YjM}26thlp_i`z<7bRlak;PMClz%QD<}iD>!rV9#HBisw@}=REF;&Dg-l+c_gnI^`Ru0)Y6{r2< zIT7D$&5y+rYvXtdcbLXd$JFA`MOsFNwXW*(ZY(T^n&Sz^LNd!%pPBzT;rR5+tAdJS zXXFRNce;=|Lct^&it}*E#v%H1cVgn09zFPll0hIg!SKomNE4fIIRDqd{GORRhk)$h zoS0i?FiB81uqsNKp8qr#1b>V_(&^<4dZHR>hfCq;6{sf;=HBiq}T<3IGjuY16dsWo(B! z>t?1_SYfFOXu416sy^#nSE342rN@9ws>~K4sY{Z)%Lc2Z$3%)Mb<@RUsZOBicCba$ zZM^bRB%q6z9k!IG!)1UNs_s92fw6p&v*LS9bqqLY8q8SLI-r%mjRM=nbP}&bcIhgX z)B>~?%4;%~DpA+Zk?>b57{p-Uu8~ThgH=S@NZOF?#)Cn#kj-&1wxUav zXccJ;c`MB<`@(m}Ia+LcYd3Ry*;#Jj8sG0<9UWOsFTWLFW4b%NPG6fg*F9Eidme7j zrt(+MEpKmGkDJ>$Tra!_X9ng;Bzb+D$I6yUEKRO>W18A5<8Lu0L*#jV_7;yWOY>Ap ztq03iaFL#shIQ!BEi|jgP3+vwQxv*}KUXyLBH2u-k>0_WknNuPov|#w5ReC2-pJ85 zNmP)3w57~p*tg;KP{P}(nuY0u_LAAf0GQhUW(7B4C!bp6d%b$XIbmNJjIs}PVahq<`>38Tu z^lz01A~wGqamm^A?BK3tPgQJ#9noM#*;=R)rqfahN`R^)kCN7VhC%!AJQ;YxjCx12 zzQ~By!GobqOb>t~k0M~b3Kp3mX@WvUk1_Gt35Ft=u+-{%eg}!vXu%N`)mxisg!4R2 z%3*9XG)sr>GMdYl{fLUu)J*@j)P;!Y;-bMDPe@5odba-&Rwc4& zyAV>|F{pw6Z4mR+p$~ujD-3)kMSWu}#B&F^a555CIPY2xKLxfC-09txH?(r`1j}3E zJj%DUc_jWLe1`{IinWM#0{=p(&>l!PDjA@iY2hvudDFIV3zBPMm$uf<-f4#_5DMq7 z*$UFy1pD_GmcMLej)H_w3e@ssU1ZDCqFB2E+ljg&shqCg%fO0T>6RxuuqV&Yw+@2$ zXi-1f4fw>vq{mPRmsL^SIi&pk*7BEwC6I!OhE^|zqMs)R2w?+!39zL`>5%`J(A1&s zczk`mYr}gJ_=XU^-6q;)sQ^TKgTH_4W;|wpWvB55;E+lhd3zdI8J2F(lQt%_u7 zMt+qIcGJx%Q&(@0F0(;{*%EGcvXN@AUI$VvmM z2*|vjJ`Y&u4B1!#UM;54h7L|F67ynsxK-)9Uu&I zmnn)Kf$Yx^@=gca!0|W$9i^!XaR2m)5}r4Bf)RSzpXx$nh=iqdX~V=ZkR6P7C{NnJ zOt=pjy3qDb;5BAqzhH<7gCP#UY3tYlO7Qy0yDP70WR$O{jrF$l!$W(j&r0dC2!97E zb|yn5b-=V?M9AW*c?fPY)uR+*&9S%vC{7Bp82*2`4-un!+_<8t(Uq#K=qyncN!JI( z##%2w<4=l%q2Y*KfN$8x- z|FtO;l{+-Sa*!WIKBr!j^2n{JB3HA^6kT~T&#-x9juw}e4wF$uP;(J8GHdRQaJYyBoTOwIsi8rWSbBA0KlSwsQmY5+h!g;m;~r@}z% z*hPo|*Ur|EvGmYfKluJYdemOG%%6GQYG1B ztU@Ozb5YI3p1yQ7isghzxAQNX{=w)e7Qh_JG!MI zoAp`Pm~d9l%^;$eC2O8Oxf`;H74Ywu%k*~~jvG~iCu@Ue&2*omHzlNJjn0ed+|&XQ z>Z?sDUHKbzq~>|Qea>trF%3}4l*8ZnwTh*InnlG2n2L$0y6Esy+4=BvkN)1*6J8TT zK%dyZD<=sPMT}) z)aJneUcq;5^rH%x72W%U&R)7mI)n;Uoy>`>5jiE)q^ra^c`b|$JZ>v>8omnP0*>`U zz_gX4eO+K?l$+7Mej19Jg2ce|4Fx3hx5yfx2b#(d?3*5qXxv@U$#p^6O-L2%nF*GF zO&f{?MX=MgC)y-ST@}cbx9{q!%7`s}Lt`8A>|=)&T2q0L7|tT$U+*dGLHrHj0bwG= z0Sh~E3;we%R$(Bft(|=c45!oQ)tB^V{sg9(1LPI`*fsc&|JTa$fHeXdw$Z&GgH!MV zDYtji9}+!uVKt)pbxMfO7&FAcdzG>=21&RtOqva+>OiAn{&~}zu*9i8nfUk00iYTW z#B{PMEm>r#0a|V*ScD#jf%b|F&9{`!tEex;=-U(=?ce(llMU>}57Cier$aL`dbi=VqII(6Y6k8qw~&lu=N zyNuJ1^S4zW9cQ3slSjl%sVY+nq<-(lNFit{nt2N$^_1&Hz~KoHEyP$gu^<^7UbapM zjE9ws8K(X@+-3bB(0@3Lutn*OOVH@a@x#EI#{Q8K=Se}+XU~mnFXmVT8Kf}Wvt^&j`zkSD?5Bj|%H2}l=@a)Oj5 zbQH?$GFbjU%FZcBw4h6~W!tuG+qP}nwr%T{ZCkf&`<89Hrh4Y7J7PNGe>j;D=Y41H z$joo82w1R6dcpVP#LP}y3nXu*hKAG!*G(GRF1_f&&y z@e)7?JW&3b^>16*p5#y>m6SCy2P700Gk*Yzh9GA`h#!L1 zlVCmodiVju-yh(^f7n!X18SkER>|_jK5?;_R1IOsikZGj#$nyz- zQz%a8g7^@leBF_q+ngpdpo11I>GQQ8R?RA)8wSX|Zh|?SED*?AxTlCs9 z9XRqb80d0T2#Q8%vRB#gv{haw2bZh5_S8z~=GsDP?5uipNw> z$J6P%7XpWQn<%*E-InbXnoiuo8&gUi}IrzJqQ(&S$W+ z$5d>Vyv%>Yb*|B14)h_8D|SO)D+j8)0&NC<6>0~H)w>jn%8RX6=MdtLYB+2WgP15Z zI~*qWpl$ek%xelp{tX*l+iO5pPHAC#jL0IC-qk>$%bK%57I$?+1cMRDNI-MHwdhsf z>^JFRV+v>H`XO35sL|XJ>fR$vxEs?D)X?ybV9Y<$I~lcD8%h1-xGgrs~_TDDU#uzj5$V=3)qlv`6;66 zTLKe1Q42!>`c{Wj@y-F?6MAhY<6=tIBQqcoc(x)+JL#H3;oA4WVY$}STbV8Ro+c;- z@{VMn)6W7%tR=$1)_Qg8s{@G|@&U;3myQ<2c0RvhRZ{xd8J-x9ExFE28>lXzYhS*Q zv4EEuUJw*NECmg0UyyYF-aQeNtTsSo8#(jQGKULNtcy?o0V=$%E&X&{Yr}sI$|&rs zdDulZkKVf?-X8XB`G)3{+bDTkIbEJtVcFfv%$031v|0l%kUR^V@bo7=O|0YYHy+}% zLSvol_InMuH=omHd@bR+>Vtk&lo+jIu({=uJQC65vmsGeQj;0UXoR+-EipM2tKYDK zyfXr{53j$}V84*rh7XFZkC0tiV+t_Ox^J3V792Zm%YuI+Afqzj3O`nQm@=44z{xJ8RPH9J@1V2!mqxYkP{&^@G-ynx& zW1wmLkZ;k4NR!lus!Xx`jscE6a(cw+_`$NuqmeLf2e9nSeWu)DZHXWGwpC;UGO^M_ zx#|iwYHyjV@<7%Hb@?KR-EDqIzMH*%Kyp8I?lZHgh7Rm96J|8*-sxJ>b96sxjb$qmq{L1r0-te6Wfl_5>~GpHpK zx4*ci;u_X^Ln7`jw%cZ-E?d2-pI6{~jm)ptjyKKJ_y63QZyg%+cT$JAjT8I&E1pL* zdu4VAO|gSS@?v+q`Va}Hisw7NJ}vK`2>3^x0l6@&Rrp&x@?l)&h5m7aIfLt z!DXvx3n{N9-d)hmI>X6$FwA>>Y#0?GMY({DOu$Wg9H`>yz#qOgCkx>a!SL_}?shOT zTH``sW=LJA3i$(@ra6IQ`~>C)Mx2I^^}fEbt2e`rre3fnlFL(`yY zQl$>3)rWxR-BJR|&Cd=wtnXz*y2RsnlD1H{m^dVi^eakoV;+~M z2#X&jooorzSLSAXE6(o0;ll6qg}=P!m`}zplD%gm zGYGi}VeZcMqMf0_s5t}zzh9Y0983W8GAgUk(`nKUxl)_et68I-5q~h@1-peIG)qwb zlio%hAA7)c<9u^@iy*q#NP=GiPgN*uPZ3#YqN-}Dj8-{phNGysH4QeAWG_h@Ps++% zTyn>xO4OwU-R_#rVz=0zu+iK)_xlFRBDWMh3hgwINHlR|ji`s7-5-@AO02xb@83&Y z=5{72Wp*{lOmD8IbI;56zZ>uDp)U*Co|v}l!;x7gJy;RA3^s}RAbK?x%f-HcQRe}s z4L-mzGA8LSWe?t-b9hsUqS>M2dO{GI1bz%&h++4E&vjWaMfkz{CqCQ;#qCb%e_p59 zc#+q#3=-5sYI4y)-bsJAogW{upAyC~P08 zQd1G`H`@ii!Ow_TEZa_jGJT*vlzFS=&VhM?FU8Xh2woj*Sn@EB=ICxzVp}3!7kw5sJ%hLk#ygM`K9X*QIyA0(hQtQofB z6aY7h@J6@|9V2_jFC^c2Ar`}98I&?))2I$af+P0k%<=oYE!c6OZmAGetC>de78!tw zopQc~XzQGb`@O%{@N(O~)VQlP0oS}qdzmJ~I}oIcQDUL#%nrrqA9;2@+QsRq0XcYo zA?7~{4MRwYYErpOYK1pNjm|xp9C(8&@@nmeZ{YUFWf;ngf4D&3TxAq95p3n^#nzEa0hrJ%NUA<)Hiap&^+nK1>R+^^}zsFF!3dLHi zOU@luw8dF;6DIex7X4YlGNCN82Tx8Sfn8JA)yS%oQyL@eGhg& zpRa7JOflb3;cDS?t+V%Jc^rJ@mcTZ^)JYu%Y67!Ig*(TQ-C#10Nc3M%2&}W6_mvbb zNG(-z#h^M>o!gI~u!+UpKnc5y&>aCJUiMI=5=j)dJ=8Gm?B>ardT`InMIe-Pfa^6G zlkpEP>T082_!&s(woZyjivx(doQzG_0~Th?}^kjz1yg= zQ**p}TqaZ0J0P;SdoYuj(`=IKxbuu3w5J|otQ_#-&f>;3d&U{b>6+OU>Oq{omRWzo zPwTz`f#c9^nXJKBdtIur*2Qh=2Py8ZhXZ$Hy{;GIX~k>C+q`Msr8z_k%}L zbQ(h@lxH4Gs35(U5Z-=D>(nv*;4wEx_BKnl4$`xsZ`!(vY1>5bGr@6uF@}mD-HmWN zsc+NXW)Vhlp*`oTTSmvew%^RNJd?eUF)o8)?!2|NNee?XI(E0l%&4F{1{n}Fohnk# z_h;y&^n*%IdK7!vRueG^F!6(eAqSH<^aqi3GlR}^d=lBFY9p_2GBb*(ezi63L zTWY6K`mjX-n!xVvTSu7f0T_TwmrQ4C`J5_|GqOXWVIfRG+^!8uzzNJ8@xlfWbN$ms zHQ4D!7+#G1Sj>`9fsVW0oo;)#pzvDc9tgA$e>LH1cNwya9%vl#IPx6wblZF{O&76X zJyIw4xBj8N;Qdv=nOu&&pmVlAwTP(WqS1GEv#3JT<<|!v@5l;%aBA)qwo~o9J#Z-D zM^%5fcPtTCgFW6`G|zjX<+{;!{Zi$1IBOr}dSymLUR@zfk!|&s5EVO~5STla<#NI) z&O&I!pbYzn|IqJ8#``$)4p?6nr-j$T+b^NK-=AY&cN2&g=VsT@A6)* z*wo;cJL-i~DC8`{56VL)Gt7tP#glj(YoaTD5vfZ*XL}moySvci9qkOv-s-&Q({%Tg zdmhZT!B()7cd^8ssL`pGp$$iY-?AaVlASN!~IDCi~sQrecx9w4WYu~CUwnyJzcb7VWe;#OQBqZQ!$7$ zRE%}Zk6gMq;|?^sVb(1?E^Qa>x+u{xQ;iLmgJtJe?E7<9o@4gK#RUtNkr03D;xl+C zpXp4FzvF^lo4px^+@7Iub~yA4<|OF9jXsG`>PlaJbdb*&>2YoLmXph&|B!BIQe`3C z7`(8Kt7(0f=`fADlOKt(FIonNu`9d3RnjTDs;``L z)t|(8(|ba?h0{ry$yj*4J}o(ncise|ioceh5_+$GF|05(96~bQ@b~IKQ$wfHHg9?B zD^wiYRcEdEJruPzUcR>TJP4V8G8z=Zw%`}LnrbGKFKG)kBOi7mDm?D+tY+E`zT2?M zzR^ZtJSO%ob||mU_rHvmdF_9u_{Tco9&7YL@Xs~jhHDJ`A$=33{)cr46YSVX> zG1k3kJMzv(5sY#~9VC2`m&9hfr=dohJ?m13*zhE-AXi#(^e7hgNi8G%FYefusm-3IjE2(q0zt@)QA=-Fr{>tSw<(hFu6bGdgA&7|O zXXr{tf6pt)PnD#cU0t%~Ym1Mq&R>3*tBZ)W8LPWCU@lH29{S_rUjOwwzF)ya*C;#Aeqi93c?9NDENV~#OOyo_K9VMO;huk^8kVl;%D>o-(L8Gu$u=#R*Km8#RlXhqF&Jwq zoB7LgMR5qmx9ohK)%-Qze0zVB?e&?8?mD<(WZ()2Df~w(0iTvRnUNfOl5HOgO8mX5 zPwJ1o(}6wV5BO;Zs?$*qayOjk z9}Mnetq@;gc4f#(!&B$vTPC}D3AN!SY&1A2M)A40DE-TXPnsg48nNk{p<{fRhWqGN zTk!G?K4f96ydC<3eE8A?)fy!tRU*4c`H3R^<=XQ_Fgo%Fq(QDn>kU*~LrDlvXvPII zJ;tdermi^D`_`ZBL`?xJWqq)ERr@9uA%4-F-qj z+O1;Kw9g5bC!=T0=$1F>PnG(VPXy$r4fySKTSrfKy-58!ZGQ{7wi}B16q9dQ*@a9IN4MN-W zmJ0+$0whP-5NvS*qCwV(dByXQ8Oi4;2zzg$BM(s^G-V;gVf2)|5}KrV3|`8}0}?;% z4iB!f@4kH{ko?2`(CiV@_x|AQ{sGziDKOKf!e{_rNH+Hwm;Fqh>TR7A4;CJI-svCp zALW0%dH3zRJ_0tu^L>H5;zsd;`s7}_q%SwazJ^cOAQjzj*j+kjv8tR}0+!a{l{>oi znyFf;(%cJZqmP{D(*EAlHJdj0;B7Q&>;$*cq}>Gk*AVhwL(nsvTRcGHrVaTfDb%g4 z)_k78m5=DhzT293)w=Rs&-7|z*}ivnor!$ETQ=_?7)brLnfF@w|DDzg09rRM6`wPH zCz}Xfx_~P->Uwx+gRbeYbv{6wwsk)@0f0?gwm~?k-+yB3gm5@ zdzK&6@Qvi_@D0X56LF-z^7Bc_NBFEEBB%>29k0hy>vcvs^r_%Fz#r19LIB-b%?A=c z%**3{zLi@l-b~dn2mcbyD#yQ_lSs)B##%Z)pB-W8&%vX&MxYy%nVxUdreV`9Xcanv z&QtbvqCCsLp$csU>(H)FJfs7mG~SUW)p3H_S-G06pCs^s1cBb#IO`-tp^EdXQlRk3 zTF1dX@v|sG=GWGsjG$roX=fIKwpc1U%@--GAyogsso8uG0DONdH*bmiD?o<7PfqR; zRfRb5+M?K;JIO};c%Uw>bn$7|sG_H#vnjAL$a!p1QV$%rrq!Q0VlE)Gz^4L+pv)Av zVj>*_9N>1t7_3xeJ7@XFoK>l1WV_a#T%ZXBSln?M^H9Yc1bwUKv1s6D^PSFn;qe&6 zvodcb2n{ST1W}1wHVZg|kOc(YyWpr=4pqPUshRfIlb&0!PC+RWCY6YDYop=q^kX5{ zk{O=dmU^+Q@+r(X!e>LY0SiCUvs#Lqf%e??BdZlIv_3sCF+5rKY+(g-ya4m8y<+>- zZe#BUmaX~>RV-n%Wwy6p!eF&Ak5FM~g>2M+A+LI<4HGpp139=HD-gl@M-h~1(TzO4 zwN-62%Ykax<;ECe)WuCH=rcovF{!)96wgBCli=jXHT(??{k!pJp#oW6T=yP&JF2kS zydPq?8I^RY&^L02bjR=ANTVXrKB1o=zXF7CmPzy_w;~1owJANX>NTXTR#x>j?=-L_ z4h|&Kj9%>?vD*p^_MaY$&l^s`*$49or~|#lihUMOl9);$8AdnMO0QEeQz=5P!HOad z!;T8v8AB#)7T`t8};>0)oBF8RXhBP&-J z7FmMWfa%gPF*zNMbHDp3=Gi

Ef{2Jhi`S&dy`clw z;ZZ<^PW{zO7WM229M3FY5M{|&M7;iikhX{Ki4$xu)RN{{CnoSJgm-A`!nm&n$7uga7>&OJ|+gTyl2kIJ?kvb zg+lg#kb%#=XU@urG|1LjN_9WQX%2jJ5jE7H7HasOJ7NYU^L?)O7ScKURdu5_$zi44 zQ6tA8J7xiPtT~AecaQk;3)H3*m4I8>BA{|SmyynwUxo~;X}jBW6xBJrr!2+IWtw^p zw=(ghb(z*oX3~~g3)1R6e+H4EhA;n-W9u^{J&)2IYsvBE0l4IYql(&h2S``T&Az*1 zT^TUA^N;xTq4?7D>B*N$BhqsX(r|uFI=@CVI8H6HrR;(&PS z_0!1YA-SewC*HA}ZIG1G^tRa<(s;k<8aOg&z(RmnubLxibyJNe?erJ0(*gIl5o|7{ z$&qR1%O8UpTW`nhr0G8sn++@+u1qhbndeE?P3whq6y$plN_`GI>#uBAt+=eOs1Ud! znF9X~1Gjh$n%qyffTXl(FYY64mwKpYf6+8tKOXk(UhMNPu+Sz$>m#IK&R0Z1Dy^3K zL(t{;3KSUFP*C|BYPDsWeU|6|s*zcJ77H0-eHIQ4`*FF=VUWN#ENIzjB$H)*AlOP*-vQ$*%MJD`LV>_gd(vr@D=p%J_oS?oF*p#&mDb`mD8doLODg>z*7fU@mL{heucuPpaRmR zPy>Ja90PwL;o(H}JE(Vc+EJ8Ekc|vj(x6&@5l}lVw4wkaNDj)Wxg@9FMQe86adF6U z%ZcmHp%UkD_^q?F9cKd;N$|tFu0e=O*>GyAgSbw&1o)N`6kr_H(mYY|(z-9W&-A8q z@^n#A?BviO_4a0}h63wUVQa@pCsJemHcbFBEQD0`}Tw1rb*pUN*8K<9jJ>DpT zc+GSWE*LM1HbmL(d?Vo|d(oOeY#&V)-azm@~N{E zZ}kaY=g}c6;_TGi^BD5Y&=X)rD+|`Dnayxz_Ad6MF80(;cE6CzwueQ(jrgyOoEDsd z;z8uXAV!1eT?{zFl#*i&bE89O1{q}ZGAwnAw-oEbKroOsjy=*Xz<60VbGOi`GeyI)H@(jmq z2NqQu_R%wRmH|xbpV80hDRBk+ars`8;xrrjd*dd9gGOq)+A+50+4XpX-*W3KIGUEd z1o_tq1CZeB%CJaisx8A!lFZt&HUtoObRz{`7aCkss7Q*J4aS^4TG^l+tVA*7@B65V zEi~Y^p5?`Tn249v0#$|@kDA9U#=&E3OCvR0mS8w*wpBoPO5ActKxx-(wNHl@nnk~8 z*ns)~s-Ol}d!#faZW89DG-|e&DeN|I?G60iZ@95$`wO~xCt5Y1DG;eX*Gvo+@H~%D z*zo-Tz0DucLMusDzZkEM*b&x5)GtVLIm8�TMUvx&bAPZN|V8MP?hxY`M&4XSUhQ z)|1(an9a;=iQ=w)xq7E_4R@bVmdDFYBHLEjs!6dZ(Ct6{i0W-_rsEJ~pLb2KZIa_oWsfn3j zeEScfcD`DPoBO%m&KsVjwbDya3uPOfr_gL0pA5A#(w!`6-(wKU&S0-tL@OvxeFcSIYhKcfhgFm|+S9B)Z*}r(cBewv-Ibin1dJSAz(}hK^aEZdxoGGX5I=JDb)6hthQTe{8E$26XZ?QS z3FCvh{5~-_U;tK!)HPpgnldp-%xh__epv3Ke)TOf9(YcHwibY&9*t~RwNr{yH<2GL zcYTwlwN@LXzP^X7t<~{-xsN)3X1w?7^Po0z0zCV`)~=@)Ok(U+O@CMlL*rKW8R zDWk)fI&5QyB6L0&KLX)WVEZ^#dx;>WaS&xuPj{ zQy>xuG^q~CDOl}NpR_&7P7t<@stpgx0HN~bztG0)#Q2raXqARQ?@tW6P?ZWnl`U!} zW$ie}S8Rch{2E-mqF$jCcI*P#JL~NOdtR7qrz@>eJ^pJdcS91V(hj?oT8CAN!L^#I zc<-4$#mC`?_kNCyIo`RbYPc}bZeTn)b2>Vf2qw-uE~6INXDGbs>(=PSbQ zBk8*5)p5<=adky4+bU5Y0rh&+id34wDxvkNHX700j?MhTOii%eopRRWUto26&sq70 z@k|fyFR!4ZXf1BXmXgUE=)j0$lgN*66itnyqp>&v!+hF=ley@qk^2Gbb{K?ayXe?g zd?Wh3f~9iQNEu?aW)l4a+EGREg;pxxiSICvo$6y`1>cEQ)yupZ$?GdjPTjmEw4xLy zVRgPmjr1aD9KcP{wgXx{tK%>p%s()bmVd{MeXYB*nqfK#;qm&jc!~efcr`HDe;Q4d z8>9a9Br7Cc&-9By4s_lG?sUIV^?G(_&nlVl1aO`>Ry5V8Rh4DnSv@&+13RF1YZCuN z)rp$zo;+bJ^a+o$$78A%__fZ&EPicn#00;GOUkM^EM2198Vj6wakL^>O`CwzF6ISX zQm!7J<=9sI4d%d@_+b7}mma0s70I}1-p|bZZ`_VtA3+qzx*rRa})B}7h7vr zepODXQ%|zRb)?@KzI-Kd|CPv$yuObf9OW%?E=Qv3da zK$&3np0e^4D&b+X?LhXq*A844+?uUybvbq~yTV=lwHY{gL{-3LYK9z|Cc2 z{t)I?fo@~U#`weB@ScLerDbCt3v)wFfI!c(F^{8LG;>4#N%;es=yZUfHTnpzKqOTT zbOj$(MDw@j*-}_H`xJ4vqPXviyN!WK3{3ulwpM`d;{-4^Kk+Nl!t`(znBdVyn6MnRPAIfv0yMG^n3qIYqoM_a$pc-+j5Aq zZ9Wv1t(tiphkg|Xc7q(5R@L0f;iU%0X4ZBj3<0cjP)3@a4A0Y>Z9-ZNIIxA#np zl;AyMmSR143eW`&SroY1qim!LWaw^4?_bc&L2$X3OId>iQTGV`u0qnVP!#mcP~z~M zwz8YfAy^Dsk;btzhG*1#kzS zA_Y2*$Z^V(q}IMm(Dnu_$~FLwBT_WtZ2`RHo*p0J3PB@XKEf`oDtK-)9e8l(g=aS7 z4ju$j1o(9)=slXQ*&Mlv1_$*Yzp%kGo{mi5(Tqo<)IJCDIIzW$x~prAZ)M)`E%z+}^;Ar`1 z6|o#5?>bQGurG=#b#PJ|G{WVjjv;bXT2+MxQ;*WluZd9?eob=&+lH?RG>(PfU|4A? zuaZx67VNvx*Yu7%j;E3Vi9K|-VBq2Hq?`aOPk-zqKnmR0aWLc7q3Cg*F58@LGEfdb z`foB22Zc8!{)4uj+F>5KeLGw7f}v=jAIyk)H+<(^pX-+`=GBTOs3J~&8FCuBot8b+PYDCb`0As0ov`DbIlNFI%pt84P@Zewz$F&xzbb_DQb26nl$v;ss8y0HEOS} z0q7pyR;fP>9)EL|p0`U8@Eaxn8N)=?-lTB>JSCOZidW#$^g3=0JkhfcZz%Mo!0*C4h28gB(EekZ!4Hm91m#(oJKdq)e!g>-dfJ>Sh!gAVPmU zk-icMm&%3_^Ho<|07B=<4X5-$aA8yzt&Q`kA|3>awM&RIG%{UaetyaSPo;&aQO6$P6rW%hHkC?1ci+}oP+U@C4L5pj^icM#XJuRy{EL2TSb53anZ56Sj0tI%jc{I zLGjZ)esfDlx}^K6r+Oc4Ceigv#W%HCbedU+Yxj{z5Y%;Kg$Xo8=hX zGJO7XWUPO~@!z(^i>TEGN*p_-C@4K&;h_=xHE*y4eEAqWvXpMeyYH$1%I!LANvQ!b zJ+B4RbQ3b|SmGX(@N`I^nImo3TD)!&2DIIm&r?~!xbnt!W({nwSGrC&4ZTyAJTN6 zoXUxxj(YjXh-XqztgMq_#kNM&5BdTD{A0K8?I2b>Fm}X#i+F{L>8)p9CVOokn zCWSdX`!LhtPxpX~u#V9^xC}iYu1nLi^Ei%pU~=>L2LA2?pqaMMz_jXvpum3-p)CA9 zu(G2EpupK_RoSS)0+fLlS`Am9yczvAqn{pGzwePM68M@VyvrxvU002hc)+TMS=|ws zr5`*$;yraXq0l%J)e3yb&p%aIXvAr`2&+m#D;NEA^;q<}qy*+xEEA zcDsjuCaI#5(+=@&g&FN8{VJ^tFkhvc2jdl6%ottXDzAsZ&;U#h{GO-ZbM$+be$UYF zY5F}yzwJ1yU;Vy*O}0VIi2E1>VVJWR|5f0^BQ;Z|(h_*uF?LLauC&@K_wqQlEbJjV zc1T9wxQz)`)>BRWpP0O>flFwUdYv8!#K`zr|Oc{`8{@dXhz z7mNz$OfO{X-yJL5VOkF}P~!p9%7nBQja8F(=(?B}BAWroQeu3$NLxM~3DVKd$_UZ% zCF;83V4?^7@jN4|;L3aRK6KER?|p9*5R{2#rqBb~q~h8>?W59$M%o^{$)4t6&E{DS zQoJJiQXwt1bfR%BxWc@TMlQ?S$J=RWek)29p`Q zG<;z}ugi%Iq!B*O&A)p97sagVz+r5K8fWO8YR&oJ0)f<9bet(k!23V_v5{B_HEP1^ z=-cJ^N~e9>RPQcLKT0xGeWwA@nBEx;I(oRdUejXg0yokrjxp-F?X+R2w5$9TOonmP z(J>QsI9-lqfm8#%L}lV|Qms(G+=g_TH=Oh4C2@?62x_2*^ie%JLVyj#hDNAp;Qv^K z7k#U}8$zouT_vj&KuoC%TndOer3mlLBrcGozVj+AWN%Y#cqFqOO)0NoILx?H9oWO} z(pi_Yw{kS{P1Z>BvZ*xJFSUdQn9ZS=)6cvT0yo1nDomqI#I1INxMv(L*k5qpL z$P7+b@2kH^Yf?2Xt7D5rA4Fi+I)m5P`7LKbz;Rcfw+P-J2Tf37TRcEAIoWfyTw$fe zr#p?U&c^c~HW^8HGRRSavZbx@4TH2=Xm#;cyA+qUN7+VOTz|TRE^hp#4Jn*2KTc;Y zEzd#v6BKg`1dp_q^5utcU#E_(!TTp8D_2=XgTAGB8!jd#A`)&Tmgk?S(QNN5VS2x> zLM#v=qClSG%bzkL%cg)A6w?E&I9?)@RdI|jUt~l^3pn{taF-ebS9pn+o}8SsGA0W| zy;ISme}r`#x$Wfy{)t+_yR=UZC)tISu0EbhPx4*t!G%g!@^ryF3%n4`=>a!h^|X!3 zCXIG0Tf~$aw`sG8yJx@KWniyN;^t2(~(B37g0A(C=NNI7d-n(WLdO!n}rP}HT0%K~w={9Ue7s?N$nyn`Tadjm&1 zPac;)>o?3Jl)Ppu)zkg~7uuj{3`-xHEpGdqH1*$ z6wgUKLe6_8C@wJ7xgzO~A51;)nr2H}h>sBjo+SI9fsEg(M}m)Sq5c5`zZEsQ54)A4 zM2?MAy+EpG@fDFtaV}bO_J5FUkEBD!TUZH7E?tRo{FbrNa!h4!L8}$@)@(M~-D zF{MS!!y^-pT7DI7KPy`{AVCDH^=25+nwk2=02#~O{1V;haNfvQd>$;>5GWbN>aJ{8 z^J}4S-YrHX0hurG^%lIfMv=bN^eym3khSd8c`W9Zix*R<`!|YtRAMwa0g&#tsE5v7 zP*mLVZ{7s%RHmCzVVVv^)7wQb<^>BgvQuGVfm1fHQf#7cfo?53{RWJ>#r5Gmozyf^ z>gnJC_U|c>zEZs&b+4aE*_5_tce@J&fgrxD*Jn#u0WDafQa}#ReRg#Gyq!?~SPY$o z`U!FN+KypBbfwg?8aY%#4Ig8I8QJA%UGYi43h9<$bApwBtRBc;Imb#1%9=KfW9f;Hhs^V|S#RHa`KQ*UmMI;GS}hJ^6)mA?hvLUSoR8mHkPK#mTet zh20%{GBme`-z=Y{G~sh!c?VIUe}Fm_vPsi?>FS8;kirVgl1R^Kn&Sw+>d&|^Kk%c? zz-@ck<0vO!?!-yc;~)1iID3B>B+hNkov4`G_>G=atM_YzoT8qu(lFKiRl!v0GTJci z;n=4%9|z_^^_&F0YBeU%>Pod5q=YPGvs>8<9(X^H(jKs>kA>1vU!|0RPr}GeH-Ex*4av`&k9V_Z|%XyF&qUzEgqDd9=PIT-&UU+~M7os)W6Gb%s8q*E~e_&I6pW+a%-W$royA5wh zy?z+o_dZm0cc1s&8$SCoYGnqDB@IGYao&C8@ZH#ZK%i z?D{75;?wLu>-9oA8QZcl=2~UDN7?03YSr8X81O(I6{Wv-s-ss#ucpa;R^oI>r_O{i zTcnY6^ehm#w6k+8I!h6x$?(0~aZZi^^zoGx$6mg|V!#YWqPJ#{Z}<3T;$o-A@ojNG zeoYTj%u+AIJE%bFwu;(L(Q%^W2SM4KQVU%06$#%BJQM zBsc@UAUd8iEWAbZODX3?e^5)yHJ|?L8(otgG}tM%8{XTfz8py@pU=4 z@$xhz?W!zH(E?w%DpS-sA74bWXKk|lBV3k+Wcc!#=h@Ol5XI&ka;OHT7C2ht(%VJ< z0~g{qxEuUZ06(?mqt11}mz(uF`GfdUE$DtPo$KQF7+y2%oDw!n&k+5n@aDTKNA$_L zqHoy@kcxiyA`bssL|;~tOR*(yAYJDln1QncH&#j#61?rqQnr8=crNZBGds+UE( z{G!3-%PtB;z-;czf|&dG^64n3IQH}9lkgEWB*Rh?U0x%N&Ni3hM>$edOfF@Hx$SxE zDA|yYvc3PF5a!-*tb%E;W_z^|^*7pG4iF{AqR9183tL0xg^gc+iF$hY+V1i@*)ec; zTN^fTv1g*+b3;7z?nNU-zrc%*>P03}S8i%i@0iYHP<;GT1ircad#JOz$nD$lz@eJ- zb7<2g(&bB~BmWqv3cC?hj7Q0er~NTN*A-UJXXj$YJF59|yi!k@!qKHYxU8sTTeGmQ z*J-vRbLoJvnAajWTKMw8l;#w?5b~So5{FWO>ve(yc%Mk{fe?@3iV?&orB@|uF-u2K z_UPQwV~}3+VT#nUd`9pjd@EJKtuXdnOI2{i1ywNZPQ40n1Kx2!8dPVZ;`dVf9@E(E zE(hF>U=7s7Ba#7=8yycw^Fsv!MCb+y6!kTmQLh2%238P2$4C1BJM}w@QXSQDOsHA{ zalukiVW2uS+b#FgBWM1JEv}5KWs7S12>Gd7blb@dFzD7c?;vro&7=J2a|g zTp_$2^+$l)M^arhTJ+xz&2ey1bO$Yq-fv-&s!=!Ijt%oIH4N@44$~VZUM&rTl)gJ! zCEJYq^5(R|0dIC*HBY% zGc*%6iLzh7OO}AD)fI!FJ(ht-Q(6^XLGEe~w#{($zV(_G7|depd0}j*A`j~k-^@lu zUsOdrfycFWs@Fgan0N5r(6f>i^$~}zXX{4UNn+X#b?~3Ch%g>1Fdix}9{Tg`LH_L` zZ`2gw5QJ z1jlx(ONsNW)0KkK4rePZF6FdGY4$HNAR&!|#z5uXzdgY4*`?Xm+=pjTC97{-BE$<^ ztJ#(opl6(AU2p{7>GH+3twr+N$(LWs=#VcTNQPZ}1?tl&@@&TmITCLxRf^1QcP)l? z%gt75`|n|N4P!3Rh-trOyYfCH?k1PxTQ(XApAbpU7T4)Cy8;Me(d`rQ-nk%UUlSZ? zqC=s08gG7_8X9s_VP<9b?}mol*Hkv-LIGo4zTr6J226Of35HZ?a@dTtjVj3MbH7LO zCbVf7R(8^!us#YeETDR_d6euKE>s=fPj5;rDnKThjU<=DNb=SiWZ#-AsloG$ATKDV zY{iO!DJijYJ>iMXAp`U~(1B^3;;5C9p@|R$7&JOY1T|*>TRa8~_Ir@)%$lL2Dj*`; z^-=rld>Z8(XRurBQZGSdYM~QYu@ekF=4qi35h|pSXmg1O`nOw~H9AI^` zMZT38Oj4o<{vvtOlYlMwT3|Nn@8QdE_#PnSK^fo+f%IHl0s92;3wtjRhWL{4n4m|Q z9Bsvi=tQ5;EI#tr%657*go!z#%f z%_q5{onl!v4vm1uQL(HUL#%UB{lv2TJbX=*2Ol2vD4ytebV>rNJ09JV(9Mo+!|_Ez zbZsYPYGrYXgZ|L$Hmg zfkbb!F|3iOfxyiiYNTKT<#aTVx7mtyN)>15XrM^eKwMZB|7QERqT8{=Es!!c5ODjq z#-l4#Tq4UxuzGw6@?L7560J*lseNEHTEyB1+M+bPnOOT&hqaGK&kyUj9qYFR-BfhL zMsTa>)`V^c(5(^hq87sDyEPu&2{YC}*vtw4tbI11WP<1CnxMmU=q9?YYQ+2OAdPzN z?_@|)e`5x_8eoRu>Nm`gsvaamjJlgSIMsS)5YJn>Qhm&@SS|f~=+vDmF*6RE>TG7l;X|Fy%s8y5Ie!lw%2Qp;Om|?XGc!)V>Xpol z^R#MbW}K_lL}td}Mzu0Ct|zN!-y`z@G`BEw6PmwcW>oQ34=^*nJ+5wNX1v}(tzu@B zi_{O884pUSZ!j|*vVM-4@u;r4nwjw!uUgK`bohEPGt;T*LT1Ku*Xj&rMpX)RGBe}h zYgJ@sTuWESzDFC$OqaBxK^ouD&QYQx?(&!D>Dt~DW1#~9xvXU_!@;GAxxB_)U`CGH$6WrvT++d1J98;xE>3XS z#9S6I7ZF_6F_*jE?I<48IZ5>>4Oq}PTqLq$_rKCrX;9yOyZZ~Ds@|dtpS+t>@2tUl zt)eg5ErMt2e(LykY7kn591q;gYQ!$gXIR zdx-3353T&%favu>^m?MF#Z?&l4a^FSpr&(|a79p`<^-9ASbF_RV;~>CI{#l>ebq?b=zV6q* z3KL!pfsE31P#)0%A?_3v0lG3wQ?dt)@o0>f$AK{kjY;xIdifT3m>oE81?SIagYo+Z zS)8A71`T-G)7tu1iA@msdXaAcW}D?6ezqzPg&|aNO9yeV9bbe&)-^#L@n*-`aJ?3o zrqC%{SMpeVmH=0sXWU7AVLAryrP=!4LAxGNO1(M?q6Ql1!iE}SL|^ck+pMn$i;FTPQ6 zr8?ye+Bq2cMt3_0E>z^eDtQ1ZY+_ueor<2Jor*uv8e)5(xBA`dp{&ss(u`CRz38qXNCa zV#ar-z=5{t>8aC9y6IF5-2~gQP9D_DKv`8lwTqwdh~je_No@g$Cu86TZ=&)Qofh-Q zX@#hf;L8o_{P5+gNF~6wuTbBx$e%_!sC;<|t8+6}Z%NtD9HP7QXBHfKK{_+VaXYGH3N~%8f2|K1)(JI}5xs1{F ziR?O3_9lZsC;Un6me#Zc|E(wS&L8b_T&8J-&R~!u_zlNwf$JgFIh5TlX_R`yC+y70 zaIH~a)42rvZ`J*Ks)KZYE1gMU4>b;b1K-orJ>p%;j%?hV+(#jTkAxMW_Aq-gQQs=0 z^D-3;i|yW1#^rI|Qzp5$Vo7=y>fvg|5)aT97mc=|D*sxyTRzFJvYjKkzfiwR{ZjR- zSG$dH;uXC^^<)qvH`_UJJ319r zqHP>US0&PpJ5e|a!=Gm)`%`*^eBLE{2QsS<2VhimEPr6ptbt zlg!yZnai$dm9J3WeWly#+Way}+#=VESF7NwnX!WRta0f!_)T81MOZl!?{G{_)7<{M z4MOk<;C@7R_+kc~xlu=LL}CS}KuH?y{KXwDdO&*RfSx8plV{D~BdZ}Zv6j$oVMHj>) zaH;SyzG#FO?wyU7lQ6X06GK@blnhwRHK007wz3*=Oxpu=BDDSHQtA=iEWmey&{}1d zqMZE39p2{DKtG|a3e`=eEB#q7qT|@Ui%cL3daD}*$M%xm-kny#ajJNTY<6s2IKaEp zjHl`PiP|=2Ypqr83pO{O^;Mb{xLx4iJ!?9pSHtf=!9^?xW0nWPuR$K8)OwqYlC=yM z-AflimC2Vm&Mh3Op8Rw0G6xJNk@{Vnb7gI^vGqWIt?h{E95uDucNYdQO2)P$7umgp zdEt@}NjTG&cHQn`=i$0+Cq6_E8343EOTPpUR%72wtIDEh=81ll-5C}KFyVNyeB5oT z>C{?-dTUT`HJm3nrR-9VS{N@N-40{mx32<;V<*II!6;|>Iuys`XvZmeV5@V6LF%J^ zV$p9L!Bg<>VO&RzbP1&Mszo35Z; zl9+|>UqNPJWsq6;)?IxTn1vBPyb{JNxW4DY)EX{(iKcGurS7Kg-Y+tIX9Dh*ScqAG z6d1P<18$F;Cyj<4>L)LTFeCQh8H=vUu=z#G;`tZ5%i#k&#lnAR@YyD$TYb zhuGC#1=y(q33V3X_xd@dW9#t92`y%#Zq52K>L0UfE^_`c2UP}If)85nm3n#{TckK= z`W5mZQu;5zGXQ$K6n1cKIY6*X3u3qWU>V!(Pesjsc^K)-^J^jtd?x2bHn|DGcS3v6 zhMk(`*us}T$1#LcU5YQ3hTv0%<*9<>_|g=`ZC18Gs{9|TJWAb$sNiBQ+uf0F(IYyx z$UVipGK?%bT8f7|(-#<|AqqJ-*)H{Ht;;s~P(1w~@qF-b!A0<;7br<_jj&0rLre z>l38A>Q-006}3wgb9~@R)vBk|^rvo*GM#)zmu+Yc>gJwJ6jM9K|Ku#4&OR!C95ogV0rYGCK{7pnnCB|cu%hRvS91@G&>;9Uo&8{b7y zj%KB`;=|^#>d=?ijrM}FxfyT7TOUJp1Fr1Fhh))jx#xMDex1DkS=^S+(`TEO5UEfQ=!RPG^7w{&{Fb+1XquP;c&>Xz z8M#4ySs5v|1wepwSD!PZ-gvcogU6&Qb=6H4mq~S@YEGc9i0^x0c`!jJcmX8RY^TSh zj`9`H*9qQb)Qm@p=+!R&gnD%j(i833!tgGMdHVs2Vb9S6%Z*-(5lp}_#Wvz9 zKGjooNxxdBmGk)Qwa%z$?~GWy*gTg~2<)r=(Snn$n70e{f%G+uxechpS5@n>S`EOz zi081{1m1PlrTl`SS=(j2fKSwK(MSKK$+MAyiaH*sXR?uEX?Q3!#}3D7%`VV|wHwU9 z7T3CxFNI0)XE!lU^qxpGJLdPSkqz9#af<5wkj}zwcTSnq=|N(4Z#-RsiWRd|CtK#WvqEjx>gppIpi*(RY{Cv6V0HMTZuqBx$zEBI*V4<#>UccUclp z6sdlKpMWodU!!}M>fZ8$by+l-0#mO^GX&*qg~tExO^gCH8QK#T9rgU9f1rdsQK5a| z!tVBkccpjep`g0MSY6%WW_nwtPSgC04S^@KlXRE5w&&jtrWf- z`O0iZo8(X`=z3nfa|3@;v5{S<4O0WMC+bbmDYi#$qIb>MOYLr@wHa9>SH?0Do4BQDmN&aAyZR~AX>KE7Ov6Du zJKkqNC62O;FWFraFFvK8V#-d%{paTv}3!mcM>Sn=PZ3ib&+oZdgaETMwyQ8!4#zvQ;LE7d@X%LiZT*U1vQxpFc zJbT%UYvSdf6Df%Ykgpnon1N_FPM!5cx1#itKj@-#7d8utllJ>@EoY-xM%23KLv|zi z;zUj!8hT$$9jFDdeRmH*IfaaTUBX;ikrK->xVTtASyXq%b~BWS=1 z5!5Ho2gedfTVzZ({0!%WbtbmFS9Ck+Q{sVrr;8DhKMN-y%f3fw!A8{Yhf?CUJfid9 zu_!1=5t_}BMa=oD7kCWG;(~Webv}RS9k-BOayIaWN(9HHd8o#8iI_3)dT@~LQB%w` zJWhom1272G=LBrHEF|fbHB4QEy}>g|eGu)Ax`j#LQaUzcoXoSPRKGNlKoEhqd<7cu zsxZGR-OwRth98l<=zB$}BnqHb^m^RKP}85m$-4^m0qN}ArRt&I>l-e5G6{rGx&pl9UOJZM-N06>l5i%>VJbVj)JNXJB7rw9$3Cpz zCc4<$WMCKZJd9hY{2Ft5Gw$t%w6I*sGlH)N)HQ$2>F2kC>tWX_ztEE!)#vaY(jDp= zVt%AS&dRrwaT>$RM)7{G+VW()YKz-|iyr~I+IzKLmAcRa!Ae;$49&zw5J;V@wpWp- zBAA7BSjymA7r3B?Ym27faw6V{uH2f)Y9;d^J2N;6@7ZiO@M~BEDUM&WDjBGRx+o3*P2qTExn6lvddo=~kLy@>ko7sUhXQ>C-Q~6}9QN1G}f#`ghlTXD<}8zzzm4wvY+Oj2wG+q%*w5?!Mj`2 zkqPuDJB4+Ic((2_oK&ZxBB-yf@>ZSi{+al??Sw({F-g+4an3WTS2q8sO%!@P`~*dV?%S0vv@E(ArGpc z?x20vj%nC?1C{6|qJXqL>NYCj5*u5FfRQUkO2pOgow`;*`+j4P!n86+% zqG;-`kD=%t_-1<-z7Q98NaawmOne~76vBA@3F=qI87+H5k6i<)eUsL`cu&*tx70DEl>fTCsNNZvx&R_%7gt@O69? z+wr;ll}q^>sfIcNsEyRarOZLST`3AO<15}m?%7d~@>)&vbQ4-OFDK#c7P4$#9!=9_ zvy+~ynG#QIa*uITE#9z_j`A*xHx_@EepheNpVeF1im!oe5mxeJti_fwqG6$xz5EgQ zp3c%X<1yll=dmcuQz+)DU`#K>KRg~RCttqj zER%X5@OxCGeVu}?WET{Q?75v?>T(76m=`Dx{8t6c7+3G6tc_XeN!-QJA{&o7Om+m7 zT;nm33)KhzRn(PSgPPr| zsR_4rD0go>{qO3ycEKe$-4Zgpak5qB{j_-NAN{QPr zj$?Nn|HI6bsqqmxH!g{z&Nv=ID1RF%FMYN_RIWMy5YATT1pbLS(Q!>X*kr)-XF=KG zcAUgcbTTjnpFG#9JQ*Y9lUh~idcwplu+17{PI3{IyGDa)`M=4b;Xk*98?pHsk2-Yzz z(uVHkNew^Jo8>qsp?didy2nzrK0>++11WC-J7 zU;Y$f2!*GYUGTZ+YaYjxQ_kbn(QQYdnepKCD!g6PlQ9osJWLhaCgObp>V!veY44m= z;K?XF$w>o&98W@827JxE8oCoMzH7DQDXU`M{@}%6cq3jT@1+$aCC>gJo=T^}J^di>ArRMXt&#L~Rq4 z#LZ{z)olH)#nNn%dw92L>Kt!ya|TD%Z!1_e$6$v0zyi3!RPxL@9Bj9%o0&`VU(SWj z$OiArVYkvqH>zVlU{kqYG^hjChR(i?5dBjPG_KUE{{7tujNg@F_`0A(-RTmX&iUm) zer(vJgTm7a=xD#=E7_$!^>Fz3Kn#LDKK!i=uWFJm+$is~FN#}lsL7U5Y?TMmy@)DF zdlYeRrv;okeoah)W2cnHufbi7fo32~t;U(2COyrsG4X2~s=v0z)H_bWyywr<0w42h zs~znUU6#3p%zOn55EsKqgjz2kG#!9*wKPIH7m=yog`i?)pcqHp?d6IT<&QU6(crQeQ7!;)j)9d;hsSS8`S@c z$F1{8od@V#;bXktLd>fclmp1BjK)b5??UXWURkE^shi4z+eFQSB56Y%`p_>Rz&I>V zl;ei_xAg3LiwFMwaeW0Kx9am2?+=3}Dyxo{W*Ru$SYPS7+WH1?uxlYKo4OYEQ5#BW z>-*)>(5&-U@K%0t9D#lXrZB2gCR@JBpjheu3+=aVkHq@St zQEKR>p0~W;p7$s}1!n2?XLkn##{q#Ke*j3Kx>RRo>g4|Fm8GF&5rK@@_nXHd0;`CN zphZrD`rbZ#A|Xz2l9t&-rJTy-@l8*41}$!7udojHQE=a1Wc#%%J*iQ`n0mhaF%EA! zW_Mi+mDyY{lHlE{38q7C{}hAZpWWuFbfreQ#%R*L!2pm#2BaX}>Np~0S4M~8nGT7# z%sRUrqhtW?26<#yoG}<@AjIk05r;)M1yM21m|(*ozmV#}ejR(Y&ZBO+nl1J3!U;ET za&oF;Kfh{|87~yT!T8a&W_n{H?FLOV{RGLkU^-arQoei%_yIabz8s|)XtN$d=`t=_ zjx6=0TFn7V>8w=i88HtgoG-JL@7<;?q>1HmsJwTKLBEYhSZPik+mA1g#*OJQTckL8 ze$}mQZVu>6JWf%ohnc^mzuWIhHk77E%TaFcW@9sB>zbNB0SEkoqn~pTUPaOXK zK)m;~c|{T+Tigr01=D^Q@y4fr%*Bs3aMHIhFplRpmK)FpRg$P0mIdb-!Mj~+{yknv zRprpCA0l02K}I~0u9@Tl zB;C^&Bi(f&(#0hLOiQQTJ|l@@duX<0S5l{~z$;3Se))2|mlDWnm7^;S-$;ck$YAM8 z6AOGPE7>90V8%$u;IzK8Q${eE%E_r?0@IMr6FVg(TMB%=K-ysKC)RDki3J8wle%Cx za7NJ#p)+GNEtI(}5F2#=7TtX*qzdTxk$?CdB>N#3CHq)b)2wQV@~K&a1Olys$BB2S zpHs`9J@4XO-wVp-z#PpsB?Z@|EHLbGqG4r~vbvJtN0#2Mi>37czP}eL$t!rPB z>R%GB$!4RI>5en}s&8;Q8P|UqPQ3ewZhrJAZMxd~fMwW4zZ;Z2_dC*ihi>e#lPcRt zb@~#zEasXe9eQS+t{+qds3{ZrISSnRgNq3Z#=#ExUJ1M`6s zwSA>&q%}Xj)n&&Eeq6ZUuorwv@PeNM0h{{H;!p$BEXJhS)ivI)=z7%4$sh82ba8js zKELQ+T=1j6-{tW+lSH3roziLJ9GSv2P57WxKoR~>o%4+(aPcoN_!d8hYyJl)$Hnhu zm2a1`DV)%9_S+_<=9BwbgRYNKTF}Tbeu> zuhf-HS<%1YVmGcFVh5-ahSuXYTd8B0G&yC5G{&(*x?25U5#4tbqp2$wU2x?L@`YPU*O$dQ8_j|rb5&l@ngl+(~3n{agcnAT*QshtiakJ`P{*maZ7b z;j_e-jKlRdv_U75E*-~3;OObtB=v8;N<$@yqk#m}9_0ejpCI=ZFbRqZRb&-D!Dc|E zkerfBR$4AA1O}>cNO>|Ye!WpD__NBO?~>9;4wTO+^%nRI$NIs~FY(?6Gr1#PkW_3* zH2PVCVeL{R+WQA$z!EQ!=K%6l-Cy9fp?Iieu=5%}JpK`>OSmrgOS=`<77mZzoY!pkUrN*8 zqd<-7c=%D$o41>FMcwnmXyV9b>8OkUSvo@~9p!*JPG;(XxteY2W%PE(>uR%vwT81_ z;7=$tLNFSJ>(Xc}m6jr?;wv6C5VQEm3R)sLy0C}$oOxlo_nZYpTikQqxQcRM zRiykPq<}bMr?B;W1s-OtgIdz9u{<>UmH-+A6uSx$&F<6|WFjH7GZc@0>Oen?xuU8pmP zLtE#{ndWb?poo?{lu!_q&(+5x^&3b};R^|RB{m}w1+gq*Ap#D^FAE=l+Tb5Ki!Y;} zGxLxBL};_p{kdLaFMEH*94YRqdR9U?ot9g$S`d5TV-sZnY$HU5Vw+vAlr8Gb@9AZp z2VqUB%klk+!@6{k7vo&{Hk*B@3ph)^UvXhKa9Rtk>0(~5&dP~y#j^$Iq;yt7`ig2b zzN#tG>Pkq*!v!9BFijBsyXjgUtJNM(EI=Bl2_}@c@a0c(Y}Xt5{oO;MFs|gB3kNQ` z>m@XJLGkS-CTVE4TZgh^2J*Fv?F_ zmqA2o9*-}pVllT;F;4}HxdU=FN8@VdbIG{kB9?8&nWW2|h{|SP4o&|apJ=Ds+;hF+ z0nIz(3%YixqCw#QScNwW4_EC)-QIe9%>u?1F+H~OErC7BDF!H6+Aqj{NyyiW3cbv7(RvLjS^lPRsRc~6*?Gn=T`T7#l6kIjh zOGnnQ`Ep75-mT!95$Y~08|n6WkOVyJ!Pn2|q=@>Xg;9nRPlOaapid9#bTa8@i-TuA zaVse4g3W=}Y~^ZpTh&i6`fG-XQ2$0DOBM!?(E)ULKZywe*?Wu}|75Dn_@X zR;qQSr%Kfureny3z?yBiis*KSsI;pEJwmduqn59DjtuAd3X;nG(=t%a>$ao%f^983 ztblGKU&NKu{h~kDgbRtk%-7ZKYWZ@!SOS`@a5Ts1?{~=0A~T3g)>T0IagNOs5zSm4o- z>d8V)%TD>hrKG$4=CL0Cu$+4tb5fM8n3F|(gK(!hySkf2;!p2KC3ak`zBPt4BJkzq z)|n{R9<_pKj0-$P%RUTTqWTN5+E{;MZ;rY^_Ugk*hY9?Kg>jr@w@LjtUkg4&xwz|I z%0D@;rynr*DNV!0zMBlnakY9ATO&lO&jB|hzG|z!wTTVz(l}B1QcO7@I*#zatLE?s z%S)Fab>YEV|1`j*o;Ezs(B(h0(s;GHX>MqxaqV1WF1vk-=pH)TwE?9C$aEnsSv0wn z8n@$!sO-(+v+Kb5-IrVKZt|xacj1d z1F_A46zlOI!7YGeV9K()=!Unw5U92~I8RT;%iMRW4fsL{a*Q89#I^%se@$#Vg7+cf z?T*9LpY9K4q-ytT>~j8J`@qteS0MfA&(FeoS3~c!BMqW9r;|?xM%k zI~@fGeIHApAUDiF*>kIMCn&Mo#;1AN&(hY&sF76ML zyD^XiHiLCVAU^0Hi~ff6(yWTZa^yP9E5HkFhx%6y<3MP!AQD(ItA19HsgGVer`ri( z;%rS@*PG-t#qvG~V?IOh4H^$l4z!6dX-c>l-9%!v((J#XVg(;T zKKh6+N!0I~^W+^C{i50JpKLNOpXO2O@J=oNz~yt1lwg3Y5_GmL8~B-QQ(}#AS$98KHq_(e`( z8UKae;5Vb){v=mDsH9mE)uFx(**L476fJrQ#Htj;7K0_@8o?X%p;6^?h%R z)xR{-ASx!9jb&A-)0JVV5!CVmd|WdUy@uckVRc1*XbO2EKe$#$(WxPp|W{QQq`uJlpT@Rdg3^~cmmgVgu`h_P*RA!?St&|+}sZ4v#k@hc6& zm|FSEEajv-Z%5!NXZiyMDYbNoag2OL`t2rpnBc$BEaugVrmbobOW|@#L5i@r^LB!B zdS7X)fI3HC3MpG$rY79zfaBVj%Tdba#oz7X{!Z%LYcn;j)&vaO4I;iIfV$XODbQBPzlkQ>bGbkXd0*k6{q?(4OQPwF2Wx+#pnTyW z0{aYurtEi{`ly4~cEgn}o`E=JbE-n8A+}gqDcdnAd7Uc*dK_QzI0@9#@v#K#A1H2p zrtVzRO_IZA5J!JUADyG$rQYyiH$hL|qjwtYE0@uw78IdJcM%#eg6T{EUjjkyzK7d! z176F0ov78}uM+2-hFxT*WKjp|B$e**T{AD_8aaz;%6VXLN`o;KW;__%Dmx3kce3-~ zsmdXo>qn^f&t#`F$IlGT`4?PZu1=jn3+_2>n@$0($lEmAfnMx(%ifx8SWlAIF}`{Z z19E}OV452IhCv$GT4R)w)X15^%@g&D8KK3%J;XPF_;(S#kI)72X_|VMi)qVUtGwlpzm^)+~e3n_Yc!^J;9UWIhn!x^6^IaUi2~~DX_F{1CA(*PHulGk5#36 zI;+TZsL-vvo4sb%^;9`&4$`COj&stdSQpw(C>T^nU#JejnVuqB3X~mziToN<=#a_%JvH+?b{0d?kA(=@mi%BetNi2&=EQ?7ji%FElrm!rYpeza; zyX7ki96O{a5tZ(eHNEtF`JeT-+(H+wuLg(yRo*6}R`0y<&iad=zQXeaqft{#!Ma|_ zuGg=UTScwG?P!q9=?U_0=?Na*RSgVXrwdTS?i2GKjraHxlRZce*?6_|JPs2nAQU#iKx6yZMu%p}W&AhN)$m6M*-PQ}8U|!TY zB4)&ndEGs;Q&vtYu8Whd^DYySPs*DDPFr!Aku6^S~{d71=hoTN==y0(PSLyHx9sWg!ALy`FhX-`{gAUtuXtgoe zTZbccI9`WSby%#!)jE7thwF5>M~6S?uvLe~-VFB8VLu%v>o8S^<8^qO4)4`rkq(#Z zuu_Ll>+l^NZqQ+^4)^KsybhE4==tezf(~cs@If7}*5L~}T&Kf&9e$<5b{$3}>Gh|> z;W`|vLyr#c)nTy?%XRpq4&Tt>1|8Pw@N*r0r^C}ajP9$~rw)hfaEuN;I+S!+s>9Vf zd|8M8>a(~XM<*OtPh#+mdlc`|>4w{^B{3 zJ#WFRe0xFhf_e6$;sts6B_$)H!^7nj=g*Y#!~N{TN;vqZPv!!-aF%`k0!%AE&mMH< zGH1?5$AUTYXW4U>NV6BrrvS1v^WMUI2o|k}8#=g%d`E&Wvv-QWpeTPng&t9oS3IXk z8dkRT$9S>Py~B=PHv=?yDl|#S`G}(c011NoOQ-8Ija?b75*ZvdiwF{25OJ@bZ9V|%$A5qYgBYhY+MgMKA~r?L|gAZNqzhEA29He zLH5Bzh9(cY^s?cXUy*X=&NUOg&p^flLBm!2`kF?QVbH#mjynXarGZxY=TCVH}O zz9r|@+a^t(GId(+?RVTc{jR(3nKAR;yjl4L_syPj|J=fP^A{97P+TI(3l}Y3^58>D zmn~mG+t2tZmgh@z=H=V-i;EW&+c_>yZ;;8JTP96nuH-byee+FWR?c-xw&1?G!{xSX zQ`1JrMGN!oGmDA}=j6?l=0H==o>^j_HxtNeCb&yd{=6ayNvUwbOdzS*`SwhEF#p0i z_ZH7AUSgj!KW{;CaekguxMXB>PGSDcl6)Y{`O?fhiDHDMep!jVL@p{?Pz*l#Gw0b0 zpaAn06z4-4V4O!`Mh44+_@%`~kFX0JXvmOu_9V9_jPj+~b4u(pOG@(R-CMZCK1(j1 zGygvOd`N0xJ_|Kx{v2t}%)&VjQu5K0F+9*VqLdFY?f1&}f!)4jfm|Gp>qxs>vO~~$ z3rZv?>)d=u9g9<(Um_O*c^BC8W)>D=W>8az(}=tU^NOhJ4ZkX{u=sL&fjmEt>Xh)D z*@4vj5~*0ulc4bMPoA#A!t9xISlO}Mqp;l6HRmso@0)EeDVmv=Pt{ep0J7~=Vd3?4 zb(i`Il|7#|-ffdveM_?e=>_xi@<;yr^%0&=D&~W!A&woH%+m26m5%=Md>S!2qcJ;w zW)VvX!(I1J%DHIHf-Y^>5%1b=}VuxO$vzNMt7V3 zJqzaJ(0dhB7LLF)D2CF%I-_&BX$-{nUI6x4`3vXd{Je_z#Eu8UM|{U|jou zclG}t@VT%}XaDb}07J*$zx(M#0fvr0`2SzkgMJ{7Zzta9gKnFh+rDGx zuEyPaKKp#{zWoOd9ynKy4tNpP8hn+2aM?b-0LqhSer z$UQszs#&wHVwRk2juWz3cvpTN$cXvH!T2{XSlG#a3rJ*Wos?fB1w91$KDk8VxCwG0 zr8fb1aD+lp@f=*E$evl8H(QT?WB$Fxvd;Ta*qQUm3i)DQm_DYBX<~Yq7Q|nIX<<4T zALDS7W=eALteKR~jm2|x6Ug_o<>Hc%jpL@}&zhef<}g`iw(JG-$#Igb!b12J&HqDc}l-{?N2B)|BUd+!IC!`;D^3wnOw@0nR533({h<}4_Z zi$dS%3hB$N|1nvXK9hb&hY#g_L$xyW&w-JRVBL~sMZJrUfk zvnF)*vl=<;+t(h!^)O82B3mp?rXpi1;*)CRxP$=~Zos`sRlSRBGZIrdt|^6G z=)I~h$KBqK6L@uU?;fT7@#w$3k#}zF8yWsW`d-`tn8OG$u7AHbnEXE*fZ`nL3GvNd+p^#@}>fEvTh)A1-vl!=Qne9ReB^?H}0 zxW15oU&y~Nfa!0Jg*;*)kLXbQ2J84v7sve>zVGVchk$t_e2)a%$!6tj5`1SxayG!t zHY%Yi;X=2@VE(V%$Z_Aow>=o2>NXncHVWz%%(p=qc%YwIF+fMr9A6A{6l>&S4GCP| zWTb@;fENA%wD2C$0@igA$dw61Ymr22!Mu9j%yDz!oA@outM4GFi_yTp6?e22#!nB` z1Jr>85bCWj-~x3K!n^D?j&n@vNGpNSXKK(tW*YQm_>KtrhtYnpF24f*X87KyhdB@C zVYwVv5RB8y%=LmY^cuy7;yipi$GvxZN1QESK6`sd99CEH96y=o`1hf%`dGO>fPbIK z03oeDqk0ul8+{%FZ4wRb0p{Bhny9?tWgTT}>eZMKqLUsoIBpkwR|NAh8#pu2PLvLV z;cmJY`Wt*-`j)}2{?CBh^Y=0{!h}B2fL}b|#&dm&d$lAq@r`j+F`+hd7I55W@U7PK zrS$IYNN@6e9G3^*FTZ8bFff)I2(&v8XlNkN&_F25z)^jh`ZPix38$mmpl+zlaZqNU z_sP)K;NG_w!dVTR6>w(bm6h6z${cCrA`Q=ShMo~XbMaiy_j?q@&4|rm=|(}iR+ers z-fa;@G;ZBy%t@eeFpB(xxbI)cabLq%3)16NfcNMJOal!Cri+as_Wn>`{iC`5vwCp- zN5^sfZ|l>-T8R&(8M}hx#=&>wcRCFvL~seCW4VOeuvVjI1j7v~h5CYTA3YqyIhKol z9B`(wBp${R9>$U$T+-ugEa^KUE^CmK2>JJd_Ug&?%Ixuebc?kqqS0Js)N#xW(O?3U z7wB+LOi|yfJo z?x}DZnw-Ez?}^aoNRX4EeiNa7ffr!o_~clqj~E)q`zA+U(>pC;Q&((4bcA#WG?a8( zVoOIWM(h184$^_N9>;zRb^3B=J|sHzU-y-xwH$XzT^QXAj^+lB?#m7SwO>n8Q}4#a zs-8s&Gvb3hO-@3hiA#JrzKEaEG5+k@1>-M#-wUUS+kpSM_&C(kF%EUmg~4LvETava zVL%i&0QkVLlH|ldIrFc2y~Fipyr!V(o{&Yx8X^7~0lHG9DbVn*IVc_SkGEXYZ z2U&iIQJ0>DS+j}>=Lkc%a>D}{H*>+fc@WVvXFg;<7Gr>jT`b8(C{zpF3#Qwo!YT6? zfwY{pnEMUO!t%*nAYoQj!Tq^VeZEE5 z$i>A_=Rrr0dCL6RlrrR=mtTaDA#n+pKZcqCmu|fqjqVax{=M>j_vIJoK;f|=U&OLZ zWm~JPNYIba&9h*^T)F5*eX|uB0M|)=k3N|*izK-iX+p|hEO9>?^mPT=7K72oDCW;B zy0JJPO8zpLg~GxGdE8x8mK>}?ZZevMOqlNyv94~(%0}}cz;Eiz!a1{ure@xk&+Uhn zN0opa+~0!|tjD#PFuT)mV_^v-0I}qJPC(nFpzQ{<5gP5-LSY!b8&<26X?N8PrM@1+ zGgP@}&C{TDhz7Y9qi4a)S^74ifOn_6L!0AW+EAE3Yf{mi`HT!a2FyIGW4CjXgqjXO z{?*iXF7V*8yNNN4t29rWGb=xH_RQkR3$k%1dHfP7pR2ieIza7zrFw@_hphs^_)M;> zFGBA&-74o7FUiR-rXch482Li2-j8iEc~0J3ou1#mkP4x~CJ~j>(#+&J&`(QV;W{vO( z@^Rd@;K(FMkkP%elwTrn|7D-1ET)Im)!u2BB>rEggFLq3Uxw-&-uNE~|39Dq`TWo4 z!q2FekBoQ*0OMgm_P!vplF-j8P@tU8R+VYKcS6Xw@jkBgAk(~Z~N65!iY|DyX~-TfNf zF6j15-JYYzxlMPUq{C@?`nT(O7wYb~31a7%+&=)m#X7DLdiYWu=Q15WtowU)|8hMY ze6j=8ZC}vsf7bDNRnPBr-F>Z&-%j0szwVzD$?76lXW{kUwH^N1=f67qe>DF8>h%Ak z@&D)Zzv2_$?T7i>yZ!vPqWxd?>0bGQ`FF1z@ZXE~f92=@?=;Zm^Z#{{7#=*gVW#Ql zRhZysJiO%L!MgWfjxhM=*BC5&vFR*A=kij5Z$S9!R}Q^m?Z+x)m6bTMylR$j;q!=>9{aE)4(Kfv=iQaop9*SFM5=MJwm+=3)<{9UR&T`xTY5oT8pVvjssEfyMIm_y|)S&yD7;H>sFh|cf7&mAS z(xs-iOYjrqgL6;o=f!mUaNQoI+uKhudyp-jq1%I^?{M9o5DeeW>^*gRqi*k|+h5Y{ zNxFTuZtttxow~iBZnx_8{=xLxn0PSG`~6 zSQs66bSUc3r9-C<$LcU$hp9Rou0y*H<8{dC@HaDqst&)?VUrHO(BT0cey+nt9d6fQ zy$(0)uu6v?>u{Y8-_zksI($NhtGc9LuEV7|lyo>-hck4TqeG_-({(snhr@LkuR~6U zQRdG5IoKaZc4-f%-meSC|JT43`X@ME1oI5y5|l54pVA`c*K(YV138l>bN`u7j_W@c zze&g2o_6u^sjL0GE}sV>ez4Cw;ENmp_E&uT2w$7R*N0EQ7q>4{;d?WD=NUTE#du>l zCd=X}QM@?y1Nh=QR=>hG9>QJ)-)#66{$C;>{VRQPW0#Lf{{-WwN9f~$4u|W|uEYQ9 z)+}K_{Sm&4BMe*%z}sO$djiZe0KV0WxxWYSbNJ4RF>p=2aPOJp-Uj!0fXCqbo7K=s zUou>u65%~C3H}D*5xxuGFTjj&Equ3w8R1^|ehlVzfb(Ed91C$51H1z!#MwOzc#fO% z_GdVh1N>HZ{|@zh1~79X!21WVFogjBpqrlnxK|G|879oNgP0k00`?AKVGaP);5(K# z&?NdAOq8<#hc^ITI~4jcxEBHJo6O=40Qe{PE`>190la1yjKN^GUJB+*S(tQy59nqI z;7Z;6D!~2lT?OF}08F@yfVA(jp2h$wK-oC^7*$lAxdYA*i{V2c(Zh*FnGH@RQ{Ne_N55lv$8R2**%hv_) zJtxZxVVVGOz&sk@dfognK-YLiR|w1C8w=@|0~`$ucOsY({tdn_!65b?z_v`5emlUU zF2EDQv;%xN3)%?d0*t(ofb@19*dZ7Qoly7pn)d<-Z&rH2+ShDC*bQucYrr70NxVJGXR#uHy6yC0j3o( z+87ORNfB%7r2uPm^Ggo^{g*&lAUwj&B`o}QfDcQot;+#UlbJae;IHs4g7CiqT(*$W zXDNK0Q;_IvkcP*$ZQHhO+qP}nwmoNT+qUP7ZO@#Y-Mjy0E9q3FDmR_(RFbc|-=|;g zjSuiQ>6O!gcLF%k3+zFcAv4qgeHu_U8Q~s4J;X7a5i`sIV<^KL131wNw!q)U4xo*2 zUSWNt2flFov(*80gE+zW1>fp`nR`_?|2h`nGmHUG`{q2$hK#wqq6J9*033sUr2}<8 zLz?BmI7Hj!!A_5NkZWoa2s`gA&G!-5aS0q-uEtdZr2RmiP%seNd?8m;hxFu|o|pt^ z?`MM;UI5B@0B&MW;{{0T8yF&#^^HFWWjrFa3uA=D_YOZ)fxKGbFx;T-69UR} z_v_X(Y+8e~KdC145WooCu=@4_yrIAG!QR9I#P`BI2YdtV!`k<202}52w0)u8fjkDZ zao7!S(R`}}Om5NSssdc@j%s_udiX<{e_$7DGxx9kjGi69288bgGC~jf1m5vx6c5DQ z&GrG)2K}Z+ zN$*i?zp$N&2OZdYE9f1#Gk5>zWkF1UHevs#yP$3{=Kgi80KP#U+?@xp^>2nv<~MY> zGWNgq1TeP~e@*H2!~me*1p5J$)A-)=iG2(Ft8 zF%BViVjji67H=ok^N9NU=;OOEU-+y4=4M5HY&+qyi+f0gbo32`_=Q=BW+x`$MVpaF zNc8VD?R=%#h`r_E;vQ(docI6I8UFoye24e{!B>z520;M;0Du4>%v4rdLc*^u{yp3L zHJsng+0@0=!NuO*#+lyP*vZntg@D4u)QytP#n!<_RRt0Ncm{^S;D6240~!Dj-P&HB-8(|<5@y$Svi0J07t(bVE@-~S365%dlOTAR~JhgXF3PZ|IhE-BtiQv z2AI&>4^$B^37~d9bYL&*pxkai?YTgMrAUTw77{DjmrL;tr>invn56+Ql82=wZ+N>bx`B+R#wCfxw>T34gfS%4|LG{7e@YEQC{D?k#(I>fgn`cu~)ZQR!JLbF031CU2&}t!fCt@cC1>kez>6)h{q?Q{1D=9*yA9c(MEgAFr=#OSKxN# zyku$~ylO<5v6{KL2C+Z&4@Q6X0>thui($b{t3^Ko9wL(Vh&=M@wrv7=P1eHlHkJM^ z`{EX#!cf?O6033}tu7RKsNK`Oace5SZSsx1@s*)}k<}WzbK(& zf72WQ5CHYR0XKKGq-AEJGxae2|3ZEJ4Qrq>vceFzx6>nOmn7>J2m%D6K|+BwYyp6r zb~b7vtboQ&vymVKBoSl?i;(R7ZUG5mZ{+N}5v8VW(;~Hy*4o-4e>|kdNXT+f{ctRf zVpS}b+pc09IRPYn^Dn2vogEtifA8O8ci-u&|37a_dv0R` zj4;r03YeyR#eX)_{y*aVBl2(3JdaXOd*nB3GoPQsp{UhXG^#7s_%(XHn~g^AS*+Hc zQ^3b*R)(>rD_GJu-*i(KEvCmyhlfT=%`BZdGq`hm_u!moe(RsD-O;`O6nkOj99u9S zpznD8T%mR3@zp-~&!5&lP=0i4??TRjR;#HPd|e(~G&4{0m zt+3@%QLTMukEYx2AH3HSV+m=fxlzP~8m7rs(`nDrn`b~pXOTGrx3h;23ih^IQeik# zpe`*{TE6H2uYK)EKl%UrA^!(;w2d-*xys$R(bY>+6^-O+}{!$rPg6AIf9y#qDQk0eMH*xnH^=k|W+)TfxS?~Tc}S*h zsZ(6YuWK2tlXSXNPW>Phg13N?nQZ<&R;C6JTV8NOKw)64w~6K{teqD}Nvo-|-TB;& zSmA2Eb7w>LouHCGIFPRGM@kBrC;DLhw1GmJUtxbD?lGm5akbF~X`|iRSR$#uN8@u` zE6)g&$knr@G(9g1-3_gbgy!L_jFcmKRPLBzDYR3D6358e4Gtr&8 zu(>s<3`<~^0x8P3>1ib;$@q((O>Hbr!n5JF>$8;wuqxrV=4pHuOtO|Z=t(<%ApRAc z_g8|NxH3epB1SJLKuBAVOCnNoPss?Y=Vv? z%2tj%6#CG#$S?`}=ZSnYkCA`s4Wti17dRLT#&MTXGyoJ!+APWxm791ilgILn*ncj! z6sQP2?mbE%rx3u|$tkyJ2ZLI0V@D8_8C3)TNk#*@3EXHOTJDq38+u`{3^fHYvlIRC#)v6P$Z~b7W;>B zKQ{+@SE>jTDd;O5!10enwInnT%y;>aemS^63;@s@nflew{AhwC1773|8#yLJ1#XKb zPjdxoRX}K*zNJzw6s_KH^e*zg?iQSW#74C&eD;~eLz_8 z*irpRn{qP3=6qIZIXMC3gGNdEd_cMBS+Y0^AeJbJP$dDxPOzKBdNk!HhO^BnLi1uP zgzNLLVtcTpSF}pd4kl2bdC=M?p3(z2z4VRCiGs%yReuVHSf&NPY*t^eoRPtOiOOz_ zVDJ^)8RhOgpKMXkk}DBgPIyfkotm#+EC`?kwW~OzJSvmkKLD>GF=&U4Lb$9u3t_tvJ6HlO zF{4S*m&$}9eQK;6kF*)j`7tf%mOBhYJ=Rr0p?rWPK^IW6F|Pf$%@eo?oX{(3_V17+ znPMF0YzM=~bE%xg-v}mNGPrk}2P~Wv>m1tOql7w}4^>|}6V8Ky^g2<)JNlQ%LO}jV zDTV>A=Nb6I=|19k6~*nMRlQQ7LAw)=ID}P4Mz!oPUhJ?xBG=ikDS!t{5tYnh%xhZ= z8s4cHMe}ttz(K`(%OdQa_BZAZ`mZyfWN#5g!iFI8Uq-d3Cm=jqWP&z6$ulYYG--}Y z@Urr(THByd9)O?gX^H-cSpTEPdzWzpc0p;N$9TF_fq@HLIAwzA{K;p+gD7BxM&TLDaO&eJ=?Yxks zo?KOtt(;^wp|P$kyinr{n73{X;Is{7`K6N+`vQQ(ZWDPJjQ6Lt!4Rss7ueH zS0eTk73kVDhk|aGqDO4me6KJmKp~g}QAfeFKMl>092j#opc>u2Qz2bV4ieZxxI zYah9v#eQsMIacwoTkd)-@<%`jH>WT(-}D^^m7j^l`RZdLx*s^?ScOAAF^i1T z+CC$AdMgg2Du1AfEz&;lZsNi|SXDa=j2R&s5@Rci0Qo&x*+ipkx(xDsD57gys*=0N zFT8%psgZctuLwbgfOh4l^AP{S_3m~TOKX4bphx21$czj3{Oh2Ad&kPC zdKM`gbH=&TpCT9-n>1or@)11J?*bmA^?iGcTsvz2x*rz)mfm>$J%5CVgoD^O6O@Al zmdW(yXW|^LfHn^g<1_4RzpOGSAjlGH8T+)NWu6c|ijYdf9x6-48cShnp(G*_iXhC* zjba07ZgS%_IVdEdKZ;VE@8wOrS z))XP)@Dd&=KuR9O$77yJ{qJIiSHahA{BQ(275Ks=zJD!br_u2t z9id2m-^TJb;&)w?41o#|G!g^)?hCsC|F$=Sm^-HR-rxWQGMZUmHJ;$ko-c z_1`Hr4$;%qcNVE;W{4^U1~_dqQ2+p#13O4kpTQ;kYNILZ)VNaKcY}VYm_;gL zh&zb~o`w2f2*||6!$^Vifs=sMI?vK>M4H?VE3SuHY;osaztBlINdJ}wcrniLs#Y^l z#nZQ&2&G!x*~s20a-wbWijkQ%Hp4BAMm zT?fu24ZL_1NC{}Mq&MEg&fPrxWFP4}g9XxQk&u)L9Du4)ll=XDS#^8bsiOJJFP9`XHOZKiv@nAGLxf&p#mX9yufd3W>`3Yu^?@6x znM(utAQOi(idOnA4;t|oFK#;^NQ=6AI~RwHs957F6@?C;pdwT!qQyX3DE!)AVTw#al^>Z2K2Yo@mg)WsI1B;+ zYJ*nNefEe=~gX3hn6^ z_RX2>-^Os?yYnCoo+cM?ylDSnQ*tA0Ne6?ZM2{*$CK_*bX%X&r?^=Z(msMA}Inq=~ z42$*kY_FOG>3+eT2Q32*^ae|lY6<*~yJei7oQBA;Mq_fD4I5kiehXas8kDUcyN;BY89hsxK?oA`wrY3*cJ(o!jDcWGCgqNKTp{D$#nls-;j23eTJ_ z#1oyjH1r_<;ee?)<}sd#1-$ZzvnM-0#I4H_<+JBHEf0glTAv9-!cgVM6p{nFN}>!UlYR7qZg( zv;@uxaI+=V7ZU7b53rBmZjYP_$@&u3P+sR}Puv4gBB<5&20`-#_ssI!+V{pRsS)|3 zfcWhxmLr0C(iPR+g#FMUzB}`UnhpaJ9X%W?0Llz?;TghCKTsTws1c<@a!fivaUPv~ zo5tq6sHxbSM=^8OGteA%=}lX%`|vIjQ3&T*FhNSbrwto$V{O6nFwee%^};4dIn(5D{mi zN(A0<3W30xb(M3-ki3<~C%|-q5F$FMw$LKU9O(98J-5JCT8g7hHMn7kPEVVNX=3DqiUojRw1GOI#u)V~D zAZQNyqF|~|k6)?`6dx`Rx$o0I67h!;u*V1C6j%lpUdXltzoFN>iaxNd3^Azd0dz;_Dl?m?vGZNsSYKr+J2mht=Ub)i2&3Cm~+a5I_}e5ET_jp?`E*(~)s zKe;VT?Fp}D_R19j_8u`jxJQiy%&$y>!_Uc|FCRj$EQ}~O$ZpMwdPv> zHwVwRUbu&d6s6==F6gyWx(z~E&{t_oa~J6koJ2h_8`-TWU5e4arn8lAOu56Q6aNa% zQJ4J+_H^#bB;i*_h@=;TiB4?})(z}>xwLr`f63%h*ZFVcEP@Uy!K_Jm3o7UL!A@yZ zAG@7WDZa{^MK9$cC^`*1u-#5{qKp z`;GyXKJff#ndiRv!3#mFJ2rz;r>qw|m#SEqb{Z}*7FL2|)JOJly(^DhUJ1`5(EWYc zFdWvc4>RR&=>DB>0UjWPoj8hAg)h^xF^D@+0?MMzN~Jz6#a5ZkoLzJ8gLFAd$vL+LzaJjkF`qlja@)|y^d0&^ zbAD3^15LIhB%>~4qR4U;618h;rD6-8`+lg%D~R?Ece zmcjlo${~GD$!_Tt|G;PYvEYi*{-gRaT<8nSC;C{+!paN(!v5~P0hBxVq=BISfQ;H|ATgA zT=ucIziE`BGaPlT^SZ?m17F?sRG?6ogj~CODD%%$>OsmGnYTI*Hqh!D<+jw;OIdC+bYt#`!9ivkbEkumjIJ_5L z+0Oh^i^eBOi`kc!;2~o-1Np9D-7^nN&`b`17gj!)#MKMIqUJf5wwSG9wKdD|8~4z% z?BDmmpk=Nhx5DseqyBt(KB}cQbIT}$69%yo+_wDtyuxC_ma%r|cqEEty@MdG9Ll5$ zR#uyc5rcoV4D`9&S)XkuOZIJD2lW8|qFGZf^bXrk+@68${eqS9&V}@5Ewo?Bhmrf`yWvH+ zs4ZU&Yi8VL<(%81{*&rNKShjEg~MrS&)RWALREdGTA2c(h@UUR{N;$qL}z_)BBw&d z3cDJH-qAxzrGrUUR?r()BaK+Cy`QP@;|cf?ui?;Wuf#|+y_|f>+AcJY8@SIA=i@jz zGYcKH%tT3Ex9CQbF#^0e{d*NUHMlYJ$RM76qeLk?=y+Uffb!50MF6UG&{i2i9nYcF z0s-Fnii4=%z#VZ4@0$<@3X)!l-v|?~LpDsTi;5UB!p0{_EjGzTS@I6PkY}G@k}77= z6$A~f?7vT=hhHW}T(cd1rj@bSj*an2fH&f{`aaP9O~=TnieQGh;Rw;P)Ks8*S@Fwp z3xBa?X%^CPgC`9EhJB0(>ENba)mUnuF2#-%bL&uj8{!zUzE*ausfe6qljyJnb~~Fk z)RI{?&XQRdA|Lan&5|RoV%(62wl+gpOX@%Z;?Mre78C%^ zB>*VSdPzF?=5=l}Kb@FQ1ijGG#&%=zl6A>oYY8$j0%5c}_sCfqL(H%#j&d7KDP2TT zJ54a;A+!7+ZGiDuN&48GE_l!7Uxs0h?~8HIrJ+*&1|4)C@Z92P_bD{WgJ`{&tP(d2T== zJ=nn}F?fZW`-Z`07*vc9wvOaN)Ug75Gq^`H*)WUmmXvK5Y2e-x0HqH(s|HbG%|) zt=1+z@GUv#ML_fACq;TFgNN+^D%BR{60rsuXKqn6NpuZ{Zpz4Lhtcpv?v&wBi!4FJ z@Dt~%RcbK{o!MgYIPL;YDh5zeM?Laf+L;Cw^7wX^B7{ZhnjB$n39q*CM} z@ndJCJO2=K?gA!3pOe46!BxoliL|>tte@3)zx*T7!)xPThiQYj%>Vh>aj5x;(7AoQ z8C@PU%p_|Ko7I)1^6+QL;fmh0k(w~q?ypI83)btbOjXQKCB!?>jSiqn;COu z3iK>DxP=ox5Q7C}7d1q~lvF%Zm0pL6Fpl&UFK}x!tEi1vn{snN&Ef(bTpdB zm?lAY!rK8NMf@HS&beYp%C;+?+Ru!R`MQH@5t|(kpP;R3ySkHpAFWpWxF;7@MB*>B z=5pc#FZJe)HT(&RO+IJJxOPIVhWs2o-3( zBx_$80lO`3A2m?rh3&^W!pr%?Mb$7V)0W)*;`k3#;9h~kN6H#wFR^`KL%~2#`_DF8o&Qz z!ct9()IO1W&aq~3E0oOJmP|7^H_ziulWTr!6v7Qit`9RD!?17DiCyIY=Fi-CZ%Q?W zDVfArjYsMT`GD#4#dM)Ma#X&*b-}29C17&}n3I(*)yc#4fGi_H1?d4JUAie}jkcMz zj5hI2n}1Qc5K&0W966Vo$(OBoBrE5{BF)^$Nby3aD7nrO8Z=>3VuhIqy`h9}>P6BK z6b)K+E$MWGvqxXY7PO#P<8mbDYk@l+>Kx&er^u)CT1fb9vm@GL@Ch5vWKH&TLiApz z!XI;}9Gzp=_$wB5Ly~{I2nuW6Wf0`?JcBK3bc#wjcNUFwicNdSXi6!9qTa~hmOfb< zJ(QM$^$}vhE_kDQ)ioo_Mi@SXN`o^^w(nC5+bHXR+=st%JmMB`c}sz}RU>=ng+%pY z?D`U@6@93duHp>`l^h)kcmTZy%2m6}F?NJXh^&RE_i{W9)2mXgz>Z@4#P1+W`2EDI zWGGNQm457FtRFqTm!>%mIh1pxHw;7V%cIh1?_x$vPV&@p*1&7G6a*sN{Ec%YrBFWg zxKa+><7x$a&ve$tlDujF3{ws=a$bPw5p2URzN)XJefSEaoAoP{ok2%eFW~NBj3^f~ z_v57pR2Lod+Nggzl$|1Y3`;6&BTv+V%o;e9K@L}9!v(uIytt^w7%EicbDvt%e&i^D zdjot1P74_{1L4SA{r7KF3bW`D2|}<3F@idFn`;3PqDh-GiW8+SYK)k~z`n{XOqjn` zCkKfw#nQj9e!(T2GmqSLw!N+hTV`-9@^70Hjw>o5Bu~&V?m3Slc__L|4*tcC3Zib&S_nfG zM9hLqGA9bOCl37@mvs872p=C#8%)}D+@I?)u?Rxt=FT+|`g$#vdpa?U0}}QM6)2|> zhNMr#y1Qu@O=-c(z&Z@2lky?AP9xq1yR33&#gFr!`Wm;t>t@*ufjT$vhsq)TB3I&+ z)P%naa<rO+Q{xIH@&+5=ne z*)?D%#|sf8=GCNgnU33o?iVfnz4Y;qvQ>DH_Y4-}wZI*|xmw494M&c*qkjk`VTOg) z1_~Cp01$eyzmX3jpwP6`QcAk3C;CD=*?}=GF_Q+vA^Sa}#_^4zguTsbuuo%mBt&h$ za~wE9WFCQ-vS$M{sLSLQlt*`tCJBD7-*XQ>Q2CLUKKMTvCC`*4vk>J-l?iCn6PQzH& zhQLiRnU^@S3yLDXC zvyoWPt^x0_EoSliMnScJEh<(ZBS=lU6&qV7w)n{gQxeD_4Z&&PHM<~ro-ek2UQY=7 zY{M#+^|nhmM68*7P)yjT%D=9x_E8V47I9Yo&dSJa*O+__cSo#z5yGS`qVi+Q`4d5l zUuY`KW-Vi+ihw2$yGwkymjw>KouSCJJx6ojI|^5fCB2kek8CL9Gqmg9kb4(fUk-#Y zn!;mPtwou}>;^S#i>A%q381l|MN{_#dyAgv@M%(EARd?vuH}5l%pSwFpCh}fJ6Odl zw;mth7;s1W1N%d}FWgt4pIHw)|E9daz0@rv_$Bde>nBD#a9nAoWlDPQgqIV$H z*6bJDH0_cZnmS5*wpJgDINN(WwtqM7ecq_yTvo>UIUgt37!8zyYZk3L^iSUSxZwHV z7#CxKdp?E!mX?1ElZeA;=FmK`$4OP>)*7UYK=*&ZMu#G!r(6WAYvTLk?3-HEU)flF z01Iqk&kQT=Ps%;>zaNkm_Y9Zxf}ig`5-Vxh%3miqU|u!Q5@OmYktZ#gj+WV>aTU@p zV|K#;L;|;S5}1LwDi21*5{ee*I{Wc`0`<{DgQ5wNqJ8MWC#cndAwq!XRZ*c>f`Lj6 zYHgd0*?eia_l>aKQW_KwT%*0k~C2f~tfZ#9Rfir26&Pez34$}ixwe8}z>&z|qk3<2ZkXk*Rt z3u6r%YsstN54UltUXi&JI>5_pgv)$tz`=%a87q{pO4K}^tKJ+B)1<=iN$cwYJX0Pu z#}xPr4@WPxtM=`cOo{j=W&Jz=OYK0C zPE^KGu!;aJj`u|f25gIZ@h61PP5$)Jlh^|cISM`!j2-NOt{86LqZIT80vh^wgY+8p zP)1@C6viY0*sp0s+qZH!h+^Qu4FX5p)^H#QDEHxQjKYC^z!`2+C={Hlm~Rm@HR)K( zDTvs@8)#f7TX9|nAix*D^DXOVb>)xf;yBK-IqPi4AC?OMu}j@ewd9KU($PBm{;?Pvb@!`xCB&P-B5WY0deYBbxg>zi(BctaZUhwc(@RN;Q_ra zTjv%;LbK-9lql%bwgX?@bXHI{8V@GW^&%?8DP|wLO3e#&>1|W$<@GL2NwaO*q1H*D zPjGkaamP;(+Tj`EST(cNTm!eX9|a9QZ@)`q{#gN}AsE{@fkHpVNrMqrWg4UC;K&!O zI$%jFb*jQAD1W$~%?Y%%`K93qm?H>3t{Lx^he>{PW>?kv87wLazaI73}Z>{Ift^&J9s zLg*J)VV#wpvc0~}0R`N-0&oS}(%+DjFvP-UCqMW{9(B`L*do4wmowzezJaL3@$6J- z7xu+W$Lz5bu<_pqyPN5r$ub13Hhp!2PRN*sh&$ehSx)P70|zdgiWpn4es#vP6IILP zvksx1)joP49v2rw$mMZ-Z zBXR%&elMKeN{hVB8xo>tu1a4>7RDHP9({$4QSW`)l7xzyQ4@;cifP=4RDh2s4FvlX zZb`VArLK()yVH3F!%MV(ZUs<&891O6!$45;XnzqYoGk%N{%~FuxTAOlAJuVi6z<4= z3EYfG3%e;RBr+!)MHR54Q{ImA4<8nFpA5%;AK=%A__M(Kd8CKUe*{LUHQUS&4&#G3 zkWz-j`n4(X5CGCRfRI7<2A>gN!A4c$ky9YBmURAOY?eZwx|WvK!bbU#+g>|OTdMi~ zN+F^QZYEG2j9_1ty;^RMr5q)+AH#4RrylL4Z%Yp%3O2UIZOkm)nP)6ph?2{@o zt$q`TgO1P}``ueOOLWKB|#8j_%9Md+s#GlY<^)Nb;wEy~74}>c>Vd0I9S*nKEV=nZmqStnt~L z0u@tw7pqESTW95sqFR~LDt;@R9Qo1>Wm4F$vF1~_0D`MDNLtzDkimd7hJNuBZo@9+ znaUy9giHy(o9deCQpU`(mmCp80VFjKbp}|M@C9RnB;l?64>iYKx!fTYQ-iWGpC?XH zei18AKX9tGAoVM9U&o%&Ek@H0RVgzuKs9PgW2CtynI|Uu3${zXA?b}o?bJstk;r$! zP6_HsFJ~8=(-z!+J6Zm^vaO(hMffu;)5jy|C3aB_UfmJHI`2~@dy;LX7=+}sw15&A zf;}T6hh6oXsX~8grM@2WJFC{ux6E&2x&C#zUg!BT<0G}+ucywBc4DwhBtCr}xT^Zm z$3bRS2XNa+Mll1YrXpAmaYJbEqFchYR6k$+yTWkjL@I*2GD4?4q-?gi_z_YYby6kf za3=;JlH%u&$SAV~wF`2Y^i@6u)C<6-&!tcE%KnZ7Pp<*Ao^%2AZb?(*xP!DKsuh@$ zvFPJi%Bfm+(46k*#JV!I+Y)@!$34%tL;=1Lnvj6bl|t7a;Ctc`8W58=4o2$0-um)1AR9t{i5+u3 zNX6Hu!ev}%PKh1k#7_P$A6D1DM@lH3hfEicg0UED2n#eDg5yi#gvUs;*~P_7>t4w= zt=l+-fBznENO3B zSLm5G5);MBRY)mRXs;n?9@l>5=-)Xek21?zwC$0kL%Y#X3h-0{=QF(^OMKo2NjnjekCfCH*DD#{t+hp`N-VhB_5RU$jID%DDamDxCA9h{q_}{Un)u)RhV;+ zVvRMd799BDO=3Bkzu`UN*$tB>@)TRDB=) zg4nn(3KGzeWKJYlCkI;}`49&dqj_HA%-r0zfiz9kz}_ur@xHekWYg*DVAcEunrG+K zxh!yFUOl3Y9fv7$^ixm~Q}qYrCv)UQSu!TL-8w_cm{sA|edaJywg&OqYdxsoT8v*v8W0N{AL9#fm_2yE7&J$EifQ-2hc)eQ$lB})Q!kgF zG^0WjBBBJ3&Jp=3$CVB)2_t>0yx>qF`Sx_~iz*l3jG9=Lsb1*S1Vy|BJo(gT8yp2x z@L30D)bfx)%T;CsRiYxobfe@BwR>>BLZib~gMUYPXd0ToZ)hQ(=?A)`Y?d?;;L@O+ zd9H-yzP}%$T%@p4>R#BR@hKZ$KtSW4@F8yxNByyJ@hoaGy5nN+52tPOymoY3ZYJ}C)w6B) z%hFTN4p;^%IT5y{-;lV)VSd}Ju#Y^M+S_%~gb&>k-2K7waU(=>fj(Pn=b~(mLlaqkksF?u%~QJmYXOCV6?P6GzgV=Wb}t6ze)N|RnnQ*@{DOQ7 zzSOtexFG%5tKafgFz5CNPxz(SFf8yy#@ZDg7^@XS%Cy9T{VZE82d*GPu+M9#v+a-}bUE1nQ zn_aDrb@E;8a^%9o6Vcpb&Z~p#1h2s}>N(d+$l6!J$;vA)5XzbViO1@;5m`Mt$3sqW ze0(JThuwU_RJ}VfloiJ&OP0*H@LLv826o%!S__Hx@ zP6gQ7LS)S-(gkUbVL1$wBRuB)gCrAjiS*Zs+}7VSQUOCwxt!#Jb!o$F%VJa8=(Apx(tkQ4(`&g zMaKEXAR+OXKJi}Tk;u$iAVf8$DlqD#M*5S-q|@B1o&7M6SlsOysgX7z2mp&0KJbe1 z0|}uyXY(OJ2RTmgo@)9HQKb-JH%C1LcS}99iTAY|wfESB2k*D`_f=PuAI@*77@^G6 zGk7n4|MjhAENCzO(A{Sh`3)CzPnJTlmip0QGSkS?Ig=g=TC*T0@%qPz(jGHLB03#x zjF2UJD&S(572DtDEt#8?`$`3x6OMW-_uRxY`D;bkS1hRSe`;wfL`TU9 zkX-NLbp;S_q$wwye8i#L*FCNBDt+Qy0#X%Igl!Ja`DflX6%sPPHc6t76(7Zx>@8?{ zZqVP9cV5?o_aQ(Ld-9(*F}!}J+hKhDX+WB1xvzyZx?GbZb(eTUN3SN0Ey$Dwz~0Ok zIYKC~pkROH6d7-HD+t@%iY1of*aOqJ_`tz?#6wdx4C+02m8UcobIdnrw)Y>V3CBiX zxeYcc%Nz#TQnCq0xwvAG)QJ4B;>>$~={*1P<55EdH>qahP-gldTmKcy_?v|Skq@dR9A(P?ZU zpe{7nZyh0i-jgUQn{8EG!8H34?)?1l0p#}HTQ=Ks^eTpLiB*b8eyt<4t8Z;ITgSGN)Q4+=9VTt&iqtLIL$D@6i9}mS z&9n&o_!HzNvO{9NOE4c1Q^wYE$4gr{)SY{rpeSHz+s#d!-00zZ;^bL%B8)SwhnUkA z$Gd*u0y0+7+18paT&%MANjORNm`Zb63_SCqg_)l zh+xs}5C5x%l8x^Uz_noNWjd5CSnol|s-*=p1KPoRB+sT)K?()xXp=TQXdJqdvUihK zeCRtCGUlF@6Ba*wvp52Ei%S&~IIZlu1RKcN&9Q|4dIwudp7Eq;oKq{pl6%xqHYxtW ztDIkF*==rH$rRsxQ>dLsltQs%2VK2kU=yWsGcKlsX9~Ewn0s)KXaN*^lie|e{+%V@ z)bfB+GTORP#3)gv$gJ$ep6_q{yRoq#WRiC~=(9J*0zm$Ydf&9*0f#_jq3(QY;yf4k z`RKmt>`J>sN8G~x)N&z!JdA2v$S$v*Y6lF<#?#mFa{kby0L$AohtIjN;~0d`mu6n0 z?*NB#5qX1}0YJN$y9d$nAomeo4(le)Gt-H8o3eQ1t!M&bwzKIdoAc?|8MPdOnO~LDnt!`4ptP1*OQ@5`e=b7`Y_?kpLwPBqF^hU6#`F zl@{sCGcN>)r-GvBU>bd7wCHoh^#4%WvXL8)_W44)eha8us3qwIV5~4i zIy$8z>QimeqXmE!4qgevg#iOEn1R~HJyt<_{c8e)C43O5JuYP1HGe_nf)|wum1ESA z?}nqkfc?nd^8H-z!PMB28*goKT>L42BP0yI$Hd-RoaBM?hyrvTq%X-6BhxINOEGXt z_%U3plQL`;()3!k<-O=#^DVR-_(^E0Z!-i+C}n4T&NB8QvHZ~a57!dROrg`|zFn?&98P`FB`e0jptq1&6=Sy?x$IsMDk^r7PLI2wq)CUeFfyg{Uq$ z4U+uOL=78Wf)ao9^vu=dD;A_B1!h!+O7_4KmFL&RHX7|{G#!y>bA-&1bNLH5*x$F? z5$6|#`F6!;TA0yEGqCakS=1(9Lev#!bS-T)*^#;GA)TUVojN9N_?2lBGvtkew}r~H z4^+*TL)~2$@{$OLJBPeHzf~S4AXx;Vj(f#saQ9`Ou~AdOX{tLHd$43vh*YnLw=BcU z7?Ot!#QuIX3~B6BIeEM2i3ejZ!{qTgS^HzY;iqlgS#lg_1K&#b zgU7o9XDIKK&*pu6sfb@87PkEh+6GpD1W3#_y7{;4P{p+i<#5?ym5gezCORh{8qn}N zUbr|nhz)K(`t$n9J^YIKUg0C=2meUPYhgA#;o7bmkQaVI7u1c=1j3Wl>=4*gP;hvx zTIh>8kSt2r!DPvF4cI|xS>OlwwEVQ-l&Xk>0r2f?IO%e~2*A+eU!Q%F+dJEJG-t-C zHpw2vZ-9Bg(PEU~%u)0|0AoO$zrUSf=qaoCkpLgQm&+cb-Ap``v=j|;u|H!u4`!t*f!w8a5Uwbn(nZ%IJVmCW z$YWy)$WIFxhU)o+a%Bp)paA5=1oDb@;LJe|531abvh=vWqb%KpbNtpB)Xwz=4@=74 z($*f_WO?jRGuPmp%FTbrg+!JtJu|pI2Z@LSou(h+?18ID&MKo8X2|N%BzYpPZH*^u zeZiTl*Y_g*?L_7eqoNSs(8sgD3(%_1=}X2fU$G!kYPP^5K|a;xsdl-8djj4?dkJBh z$5@&fL9J;Mk+ARS)ueSmsQU+q_2`A3|g6Vk~h@- zZow9xMupQ(Mz}q!2{2LD;MR<{=w3eGaHt%pG$?fbDM}W#U7(jVyn*7kYVADLOm?X*?0fc@*^8+D@Tza6`xCBUoXPzNHu!M-q~%0`V1UL-`)2m|TkhXz*^05T?6{ zRn3T>0Ijj^?{1Qc-{hZ12HTsgIEpia$HA)`w?;txk>tRU@ZBYAj?mpDa=Y)eHf@Iz zto7KsDW1;s(~HpP++34PBmmQnZo{O>up_~dKil+2hZz{yS9oM%EIlm@cP`2ucmN;q zUQyL4P^1#9AJmvrF92~H{^=rzUs8>p+Xw9!Kz#>t*;xrc4;@J`9QF;93%OLMaqA_# z0iZfsY)$}K*B8=BVRS%C>TENP)kX3^>PDc5K+BgV`NXOtEFRymO_z%#1Y<`0T*(mt z^}^I}1_E5(qx5Ohlw^ z_l@!1*Gc_fQL)7!itocLO@))^vUo%xO;Mi9N%J|VWS;>Q%-UX1v8?ZFi$#teukn;z z4A2~|KLPZ7_~qc&I-e7kH9@5`I!psCjqrk%IJvIY#0c^7QCh8Me2{7MX!=fTH+O$- zbdv983S@?A4TCCX;rlQ2`*UwS#XB0LvVasR<)#HdtWr2r!v!2KH&N+ZonVsVHsQwI z8L#0oEp7*D`Osv@H~tl62Uh`TC^Vc#(bA4~a`aQSnbkn?g~mfnFkSE+$j?z<^UZY| za~L67T*eMiA8`Yx2<6ysVR(Fpdci0;bc>fp<`@QKE+-zgK z!X@s)r=Zpdgk8sqtGNW)J9hDOFEh6b{iQ5Kk0-0_q2>gq zG6Ulkg>w^YJ3UlugBXFa%xbJ%wDa{P7$|(jp=>+|ZwPPA!(AEe9=3w9(8+N#9#7ao zLva7raAlpjD7>`3pNsQ3MY>Dc%qkI>g`8&wky&mFuIUyO&`!*O#Qm@tlun<)(45oI zTzgS&UDZr`aeW&0VxWJ!|9g^+lWeTm%-t*WdRX}~Rk~U}GZ{7-E3id1WYBg4Cwp-7 zfcK|N6)=Iqfc4V)9QkPKiI#4ocaAw*%=ar|<9XcwChh&E5m%u%3fgb#Hvh8&Q zUhpFV^O-9g1Kk>AwaH^WFSo9WzEz?*wVK;oo%x&ZLELY#S$?g>b_clf(!qrB7Hoq_hoUR;|8UVbyAJYOf> z7w|4g4?s(`46yTI^Z*ZWfEKB=&mMpVpv+MSU~n)1D#v<%Xh0dj0p(3#d3p4gj`K@3!2mwjOCzPS1*K7Pr-iTF+X3r4!KKSLdkqxRf zGRT}GSwtvVW6p2BL96IXthr2Dt#4wrQl31&Gc0gps9NWTRjb`B8Km5#0Np}3NZ<)O zDFbkDz>*9R$YI2mQR0U^FhB!!y5<56x{GRK#W$5RUx*IB;)?^a6OStCeP=$$VLFcT zz4t&aaIvy=QlWp+K2Qcpmi+!LHaZFgu9*B9n z7BhNC*n1H6o{&hM$L$0i5|x;7J}Vl<2r`RqExgYx>Es-D#$%wY2*OieKS&owck`v^}u^s>%E+?1o{%C z#@ZX@6WCD#-c1=mb5hCqNlO}YC2#{KAzgNyhk<`$tZypx9u;gG9THXOiK7Qh5JQN? z1rx{liTAOZpx}pmIQjdmw2_4jXc@*Wh&rbn9L@-n&sJ-PLeJ7-JoW<1AD+$XZk$5TeA%=%t;*Qwkb+v>ZgFV86Qce=^pgSbr5K@Lqp zlaTvg!;Q+mo3t}Tux>@ifDs<@w&?LVL*O2j? zaA@eKnqfd5N8WrrxOS&*7ImvA;BtZyk6Gl6m>8(MGa-dmH;H{-)#u!F)jM1_rW;P) zrbl%aKOa(y_jiqff@RzizEw%K8{O%BQp5C5@N|z1`kMy7nSz=2p6*D{4%>vANbc)Y zalPgB(8MCGrvG>?h-3GGNUChta&mi%KfbK*@1{tT`ZI$UqGV>F>4atCk>B$zS9H~r?lDw8raIadY zwkc&9zyloh<+=K^rg|rCh)O(%a^bVIwrB$B%~Hc`tS`IS^yobicvwm9CwNL1maiUk z%Lj48SgcG-o!(q`F$Nb$8ZcQIDn;Co!SIPq&gqSXy^W5q@pK)J9#2{F-Df(`;w0~$ zS2f33vKRAAJ!Wv2fmd4(n;v};MJ>Iz!S)HBaYklOQExx-YbWmIC=?OjSdY%70)c8D z2IFPbC1Ov6*U?+x(RsZHQ{YtgV6n8=>MWvafUpE2co;7&t<#M-$_-d3nStt44TrGe zZpJh8Xk^)ogk)&R+%ub27ZR6gTOyt{_d1rJG1cR4(omX!Ls+71_TIQ537^C>@?J+s zooU+%_)r=!eTAk==Xq!Acy_j4m}uIUo_=JdH~>}Ml9MA+Wc1P=ET7uU8sGwj`jN?# zK@DDMrIloAsK9(^qIwNa{$@|yBBw;di9aPA*h=xppm?Ow6F$tDG(XcL7eS%!z6ovL zXY-V?WYrIci|i8On? z_E;&IZMLnHW(Kf)d%k=59?)G|zVGRRq#ahiyRm$D=OQi8CIq>*AlOgyFDgnYmSwhD z7AS;n555@Qq(zBW%V22J(f*?TLJ16QY6*4&+pB&9O$RFq@ya=Gj}Q8**Nf?~NH;>xY5ZBB3f42=9u9hf&7_8_43gDuB=Ms@BL(@8l!6V)7hCI9&6|Y}V_8^Fo7D_fztxWMnOo~zC4ozQt9sL-gQhc4l@V9y* zN;7E>6%xpQ>^jfg0}xA7*mFV$s?p}KPlsiyIhG5+`A zRkYAmdZSDcNu@-zbTK_6s+4p*OLx$jD|&FauHQ?Ska5**EV)aKOD2WT2`aBJkhg~x z;3kqpL^6Y1-V=n=&VSgW8si+Hw;*|w=@OjWqn>>x$C?hzyPXw3)bVdPNoIj8xOCn?%}x`$v@J0jHQ4bm_L8p5k}iHU`THw$8>hsPmtP5?_YDP{v_~u8FDHeL zw^8@k;yonEr23W6v?vuOF8w(;E$YEZN$Uk+44How%sVQKFCtUms*#NDq9*Mphw@2I*h4M2|tb>^e(hX z0I>}(ufgR^GhW951Ag~sz*mCjGmIxM{&~pi<+MKsPiJUGJ_K>u#__%*bV>BGFurj- z;fF@J@*k=sg_pC@_0IF;!q2qzPEJUK{#K-*8T_so^e5`-@h1w&(!&3eYvfJ=ZG6YzBO1f4L$yMdZ~4^)r$+Rr;> zd%(1pagvh|-QR2tV0KK?)>Txcjciun+x&C9witM>R zX)CgWz;c_fOg^0Yrg%}m$>H6gp)fuih3IQhfMO)<*73=W6G#uFDIfOSvPjZlx}(rK z1h;d?hvzcn#v3~ts}2_lw>9G*|6my0?wAB*K6qhELf95=H?Dzyl{u~+HJ}Wa3vKf& z%09QL7aO{i#2#&TnUsYfzQi!gkoE}l!hLqoa+`0!(>v_uxfw}3XR{s?`otqZ8VRW_ z`Br;EtS|*FY$&q-=jol*8I8QCgGD}j> zE+hdI9_&f%->9{rB3M-O6I1n-qMzx_jn>c~NlpN}lY5~Td)gxreX))6jd7BDKfbyIau4nZ0KjZ&(=wPxunli; zx$rhC*5&d=s)!(<3kyfbeaY^3t6Q`oF8QNsR#et;Hwi~(2LYMoX&Y=Wv$ukJ8P^fKZuv(~f5G2#r zy$@n<&Jz8d>ocH`!CHBBBGgL2dYS)6dlapec3LaATB(o>0%f z75qiCb$f^A$fo!CCPU?T?NEv&XAxG8aGrQ4;2u>;=mD(zKN#CL38E7(ZW#2930CEx zm4lKkuf5mG2NLvkZi@JOyhmT$6>C@2{0=sO#s>#4o{A{28L8Xl$h<+*8JcPokhU^kzE zfWGNh8Gtpa24IcB{)@*cVE=7rwEm0NxYPcd1Vj-a!y zVw-1gReBU<%lhfzefRW)Yx}OV^O`p9XgJHS^0Ie3J&cRY-%eY&$fex_r=vOH1{x$V z7i}NEO71RlC6z#s6LK>Fx2iF|?2ndCG2X(9il&lK`5 zeNG`K=yNJ*r_VI<27OK^`{*;7{E2nb&qt7K|34Jaj3+c0r%%jf=l1rbJWHxf!g2G{j;n!VxH#n5cOHdS!X!M zXs ziTYTq5fz%xKd8^T6zhyi4Vz;xg<%8I1~rI916R4$XuZ6CEXn!}6&s~ARo-vg9ki00 zEmQH7ZA|jLFQ3d9!?X9?FQDz|7ftbvG56$wFle}6xB$|pxiN|K?MC4WZ~Obow`a(% zAFKt<{2KmnNoOw8q>sT92oLH^zhhH;U!f__5e59k7F|;$4QkVwcCjfnU&t-MFH6Jc zbAc-k5uJx?xnWlg7OGtLbY4oc2P-xNl;{&%Bv<2KRr$qITv+rKtsOqS5ra`6NIBU61m>ko^ zk82_3S=oAFG#THgP$i{RDr)4F*xpn*4=2M+wv#z!OAhkG4YSKenK{B5~ z13{#7{RdHy1RLjb1#Ciu2t`hSD;Ul&{SzQ!OvcqRs_UwCj|Eho3grwnb@0q8M) z(<3NRZoNovW}OhcnRR55Tl~x0VmDiD6gv%u!%9knf4hxQQoOww4$lqv?yd z=$i8MkZ$7~z1U_D+iB{@L#YE@hF~d_PHfYQ?Rtdz)gTTk3=l42*sjCS#_%-G!s9Tw zW^nt#y$o(QxaYy`cpPtm|52Be`&bt|2|Nir&%^UPJbU2T1J7P~_QKN-Pd_{Z@C2*ArPqA0UxwERR7Vij%ikWrrERSd zQU)6#?#hK11CVdsk1^l=_n@ZJeoV_7Y?F&>o1|i!)IUMn1cA3d3Ge&Cb%JZkGfX1L zmkVwlxP{=BfGY#H{>QX!lA*4X;h6-_BzPvkGXb7vc$(p9gr^an96ULAvhZYwwvAdx z+u?TyxZU7h`*B#?X~0WKN= z9LQauClItk2gOTBB4THBCUcj1ul;G}GvNr)5Y8oBoDBn6 z3p_ff@-BEq_St)NLiARL8P8kwW$t`ZO*hR+4ExoUxXE}lPXJz$ckWOFM>xr+`_w>C z4+1n?nSsS5Z)*PLF#Q1l!gidiLI7^xcyrTu@uGgSQM_mn5_aOXn7%3WA;r;;vE&cW z4P6kO`CM@ARW%oOVy}4nIl4Q!1Xq^-8C+TBpBuWe9QZ|OW!V)xYBI}R{dXq45-@q^>!AR(hrjx8mPU$S$0lY zAUjhQ;N7@*fx$KA{j)iGhs8Z-5ofKUYh^| zU~Pha(-HVh+0rUI&byk%<2^r{b>ge)#oVKC_Sdwx)x$Xn-h>A*>gC*z(~U2CTTT1e zd&Ev;z7b6m=J?v{F5fCdijE|`FQV>ps$c+5*`5H5a@&2{{Av9?^d-ggSf-BN6LL%4 z%n|6qTeix0B|9mLb0ivjZEZ*MwQ*S);%;%M++ZxFjJV#^V$ zBcWzAAkAgk1JySPto7)+iSWtN%ZMk*_N4oFbApAQk8A)X1_uk@V!0$>`eR9g;XSD& zfJK)N;LfYvtT1-BPRJ5F^?dZ!T0FO*ZhbVAGBr~OthCe$NLE!DV@LmCK`*Z(^zJk!-O<$qu{x9h(TH0NJ!+CJM-~!-S@HT== z0C&^#|6TfuT1Phc%?Gy#T;=osP5Me`a;(TrUT3u%P@FrdMlb-F5 z_t|oF{74WjoaJW2@1w9|%sCL%xeZHwdsPiguBt(L)xmh+6eMSlEljvs?l%YWXXC|g$= z`{}U|#Zn|*#hu5NUbQcp3T+^`X3lsS=M(Q2v-t7Z%zzLs3$a>-Z!DWgQ5>3$U_C%mP7+QsKPPdY1{*WG$N$pzVXzCXg z{+DiVVb2050v0HVMw%+`U5STasJ0x&O*j|d9)U^H9q}JuwQ<;bfltgVG4tk(@pyVR z?zN3bKeAHd(wk92r>biYdFuzk?ZCnW6)0+@X>UA$g&(htC*d8%9p0wBkxugQA#FLh z77yiae2Fp;-R8-e4)Z2U`svIP&h*s51<)J?ZcjAbvU{Ft!vGE9ki%@HQK~H&r8<7B zT!$ZY`)@hj%S+b?x{I-SfAZtt&f{=okOpVbql#!wINWiNv`05IH&X)w`Ti0zOb9Bb zZw+V{6NHU_1zy~IeRynh|H(;*Lq{$1}8p#qcn4VZ2Bf-i&u13nN^fULWW3eC;#1Jbg-H z5-J%{QgS4W=Dv~S=_f+^^3ErMhCQJRrql^m>oIrHrp4Acii1mT!5;sWceZMv8l_!4 z*w$x*4mAU9!_$IioQ+F8#+&Ez+}!J6AsQp0etn5##2^-9;Z;gfPiz>RTSrcjM3l!> zPSN#v7^evC-oHVsq;J@vZ)ic}gcNe%acYJ8!sA1?_fLI1q|fPP?Q)v!$fw#NAZU>* z_Yb*ZQ9JA>{cL6_C(Hz$%fCZCoB_Yb3|?<&dR04Z4UKY?JTAyo(x|yW7e9_Bu3GtO zeAJtpVRWh&R@u9-|LcsMt(i+!7*Be;t#>^)uY_fb&Ew^@*Sd%k`K+@b zgSuTJZsr&v6EN(-#M95_Kvht`^F1QhcE~~}WUvPZl~x+z(>4GT7V2QlsH^Vp6q{`j$@h{eeRy5iGU@bilXT#INs_$-R3n#UKPfYA$$k!qr3jkeaa^kHlxp9y z+Ks0ArF6~-?-B4iNC6&^Jx*n6e5qJVbiyJ$R2116PWRkLz3j4ZuHF6?Qa&iP$mu%B zjjz)aS@Nv?n-^~#pljDIZ|+QO?fN!C?=UQc4gLf@f}`vCYmF3ku?v~Spzp7iX5ICAiG5_Id1(YKMpfW zb|C~>WT~Sc1TT|HIzh)8ho70XZwUz~M}(j#KKyLAM@IsWX(R*aqymU@5Xjn&8_GM$ z-?r0!)9H%^id6Ur*>O_RA$sf2Qd@^kZ+UZQY5R2^+ib{qz@f35$@w#OU=PICRA{2AU|Iw1-9PrL#nID34Kh zMwq@DYGPh>8(~2GzywV=E_5jAWt;~4<`vp7C4izrTb~*3%F*< zAEUZ`reIz-g~VJH{fTR%%Wb}8nk+RA#El|qmTI6o6A&ync+ZIy%4OQipxo#rb8z% zS}5O5nSzl&x3$)cU+d45mUMSRHts>GXs;?2mEv(hPN&BJ|0^IBTg5y&AD;Xn9w`LE zX)6_g-SQ07JWzo_34or)zq3k}j0b&!XC`Oi$zm7>PZ6WmDJzQbjQ7kL7VzL*q|HF5 zgzi-#8v1w}J*#ULBDQ=#J?+|elasjjQ~tAVv>aJCJ0nXNhE?n&YYd?y&%`zsFZvVC zs9KE-qi%-I*9+QB2M)K7LzQ@<$Yk>!#QpcBg04{$oU4XSW5hL2n-WvHjm{-Kf9 zAn>>DM{tx)m+eMt8_vFf>`ASK;Oi*VAxTiQS>-l&?8m}} zt|VluMm(Xqe=R*>gWm0A{h($c^wi)CUjmLGcz)cCFQU**aC$FJ-Woi;TI|%((>=Bx zr}KSmQa4VVY9~vpCr-<)-Oo@oh`3)(^Y(8%@p_LYT7*u#4m6frX|oS7#UNh3^24Bn zkB46e+U!?ChhMYaLchnbpa2)x+)5Qim~5qIKBnLb%v$6hew}Hr-Oopx_Bt-MbaJsR zLk_>jz7jUS=u9N6z|q zyx5J3M`m^M(Ri|tQmyZQPi|Qp((RE6X?$nX8mv|`is-_K zp{i8(U#WnJJZaCPLzzm}qu1d{jWmjp|GS&ABVNW-Y_Lni(G5el%i){^kU^Cox6U=8f$U7)+J-p+?K-O^udo&6{t8 zN|sy6T9v`T7@TB%ck_7Y{0qop)R#{dONB|k;UaMM+K+&^&`3qRq-^Sy<1iWVqTW=0 z5&QoMQ~g(TGr7%rSa=7NiOgCwCXB~pHXO;26%01-ni_tF`4*b-#_>hn0wiWVX?kq6 z9#3~PZ)QCPU$-iICI|1i;+qi7n?VTGS9ju7R$luT{JTv~UHxhPWK--cu9}^7blsn9 zHmF2__+HPfP1>A+(0Kckt$Vm$y#NbieW}JGAT=~aLqu-YQPZO!m?>)H4}EW{2Ae26 znq8pn0~YV#mgu*v|1{MrK!b0fWZQ6dvrV;CzJRvM)4jQ4Icxj+5#&ZZyZ8_;aSqyQ zzOYwa$qbiiJJp+w@JJq0{ccDW5AC7EehwwsWOWJn2?nM`P%7 zZZs~v6@fa$LrHjh){}G{5CM_^po;<+=^?)epy1g}a~kmMriXCF68Zvad`VOtFjI{{ z#oR)dRiVP-U1Su%7m;BNbUnMxTYfksn%}VM8>~)~S5d1|xe&OVh1#B~hNsl(bQxW> zO!_9P(=ZnOUIidrh%EZdH7vS4#G;399m-{YR(Bm1{p3|F`W;}=Z`TctT%tzy-A6A> zH^bPFh}?I9#zpU-=dzo9cPmvei1wiOf*_*?!SEtwvdE*yk{{Fs7rwtMyVk@n-$cAc zfg_ppMhzogI3Pzhu~Dt7Oj0Ml1e@rvUBc>s@A^;<6& zZ(5K!o}cfXen6Q?j8JjKkclvs9xVhlAtg}(RL*1ZvuBQX`u@!ELJvLl@$MRrhb__$ z>)otLf?Ff=SK`4gj%cb|EG73-r8>3HWT8|b6ia#PQW-ltQI#X7}r!k97mSI zfY-QR8iq%9I5=rEEhN^_23ZJrbZ&ZnmaW+4Bvp0l30qLzOF(XYS@SOD+@9KIu%B;Cvh}|=_DKJ!NrwwyWSpYTo|{BRuR?az24%w{awatQAmAi!Nj zY*!;({{t1_cFnS-B%F)TEptCEqq*XaLSYK&+BB3-D>q%kEdUYTEepLk8#xOt^9dfZ zRb1@LHtjvtmwU%JmLFqlGS520-(}i&#I*Nx%ZFU-(M*R?h|TwnGwnN-S!m?rY%5KB zIS5|~Jft0-7#@$=j0$R*@k2Acc8}g2!998)AA9dn7PkhEI4w&7DWM4@A(z|%Lbbdw zXjjW8HpQS#>@ogC{Sm%EGq&}`b`;62EgzfRu^n>E8+b0N+#>gH@Hz)xk>K@~?byg zYxCdV4__&31c4QEzp#n3&Y(+WH<7o$kF)6HuipWW`J}(mK43b~obO?a z`Q&^dUOw1=a<>ln{zn5+p&9QTgD!=qC#wO%L^4UuEBgCEKB#t$$2Y2D*>w5fDIz({ z)|P4m2&kwHkJ&_pRb<`c$*GMYo%cQZ%4xMzLDw~1^xDl$cz}gT%8j3b77d5Y(!%(u zvdQpfUpAZ1^G$Oj>Mq9cmAIVsU?V4+Y>LC&Ztp?Sxh*$7A||6`fS)g$n&!n%M!*~d zyekM;S395sV7&@FIR>N#guD?UMc$us&b;DoFgZ$@9;qZw{ZQRM{{tLe z9K?Few5`g3`{vB1A3lhFQ94JDH#d^)W9m%xcy1)*3$ph}6rqptak8VgE;B}msN-0l zq0VwyF6jkMZfKQC%#yvw+F=sWk`q+MCf)2Yrusj?$Lu)X*l5VfhRUUT@BlvFdbnnk zH(OVi5hKK8V@R7J#wS3%`&KJig$2<7~bq4do%pq>W1ZfKB2BwiQ!*u zGsMYJO%A1TUSx!CvbCgFh@=6}dvqQJR556y4tk8dnR>GTpM!HeLoxY8P?F@vxNvIB?sj0#)61V z(M=;{Q{%$;$vJq|Y4GdDoYW5A@cxdcJ-P){78*E1O9o0+YDw=YI*tR1!25fxb|daXDf~X2Rz5HK2TTpJj<#2~s6ORU=|^B-eX7L( zLP(D^Z)BRU4X7d>sA8q~?PQ_QmN%RBaVy1(KpF4il(Kj+jyJ88VsmnAHfa3rS19fD zh%E!wmYVV2d_7GyPHYAl-|UH@YxYP+^js&qS+5a_9yi%tk5Cp6MYQqKU^@y|}vI#&HTHIbYU3E|T4DNFS4AGR=VKLvZRWT@(LJ zHV%Gm*${0UGF2OgSE*LuFpoWw4GjEEo~HH+AG%EUWha^Nu{xW9Mi3c8Pe#~$G3;c7 z&3vfXkJ5C$X<6%YUbBf<^>NtbU>b}^eRgvlULY@(bT*a@wA)W2a|R`vkCsY0+U$zi z7t?M>TS2C=MDf}?ox~JJ@5l;DMQf@xG0wanPdscmEDY;!VQf*15Rqx`ohQinIN z8B$wub+VZrhQ-gx=cncKH zPyGcFW+okc6(E%Yk;Eml4a#{a3-c78$@PQrk)3o)`7NXgV-g9>i9pQnl41}`kW z+z2l;pK)1;Id95hBH^*jdeGEhQX}ZpKHLtx5LsY5KT?k4K%54-*O3HlFbYBtX19$W zzSYqSZ|qhF6j#THjvn?mXnMdKqHBA1TY}-7F9Fh}$6@_yx0#Ppea&Rohx9Tqzaoqw zp6XylJF1ajk^q8o0$f+g!Wn(!a_af(ig4a*KM9-E&~yLpzO*Qh4i@NCdl zA@@H`0Pix}@i3kA=u%CgtQUlr$0}Ae&vBc6}hRwhN=lJ5`FZH3JWI;vEp${hp$9UxI#%V|Ku)%xo+P zkSD$ls^(+rY6D{g(1pp87Nc3e~aKH8Cx z6|A?mm>TLS%y}3VAKgf8gZ1m;K>%2nCi){x4J+})%LDd-bS2+Ze zQ_j%BpSD3Z%_d6?@;wdJgQ#mP3D8b$cY1TPXra-_BN)F9;v4*#wdc2-1tLE@XsLqa zPK{Mknz%b019cy6N#m{ufzqnErQ6*6VN~5mTVjqjav3F8go)4tIDRZf`UV>qwvMyN zwJJ-IPf%joM48IEP$$;dipPLlW$S0iX;dSDWOd1LPzw9`YTAdtIUnE>Gs%hfaT;>R zWq_M0zZq5t%1tCTUONESlTeX#5$zvWYX&)elF*5(e4M&AIF3ZG4i44o!2ft}wu5qTC<*7$lfnq(#sRs9)Z*HM;3vXbI;$$Tl@89*(PI(Q&*ITH zmjw&?NLSl?`r3!kR zdWX*i^?-WMtRj;2rFOyQ1)-*h%>9{qTbu#sqW-m7oqRS@OicCIi!1nE8{;k_54B!3 zsq@EG6f1Sgr=#Vn(8twK?|MBH%@;!#;M>;eAuC6Z;+f_q6|veCzEfQ|?S%Umis@SHav)vj5;!NChf1lmnyy z6Y(2r{l#RRM_ofc53Dw|-_Qe6#Q6z$E_bhz21TpBI+eX@DtLntDT&rfVG>vOvRi9= zJ0WK6A>Vjn@nCzKWl(Meqr@TblUIUe!LQ2I)b_5J-iM1QEncl29x`~F4_$>WNZ>V=tK++n{2$ za6k%=z6Ni9MRCZ5*UU{yF>X^?|@ zjcWeW&;XMTN`<}11aBtmL&=jZ6@xb_NRfc+B%znC=k%$oSJ0FM6HOSB)q7Mo>V7Xc zSL&t*tKNVaV-9ALSP`Za`5d_HMyC(8-LBB%6uOXu*=l!k8l5DfLbEL&d;LwX?IBB6 zG>fIS+6e1SP-ndK8niL3DLX~qTx8n2ku@D?-ufAeTBrP5FQa(FJK+f){5|kQVdh4B zg8VWbpCGwp)y-w=7VqF8y z_6t!|#VKjUCYa1L<2md$ChX=!YT^p4_w$uQS#R}9+SfcI7x`l3xH7b8+@9Q0x7WVIdk|WC!Y)(8$X)R z@=;{Ql3}b6IX@q`Z6|cSZFm&q)`2_HK`ayT%4)goq2>s&nO!N_kDB&1<0}4x73wPf zaa=<%)05pmlCdB6=Cj^SX{=P@-<*ltoi&+y@M`WRC);<>EO3p(fSpD8A{s}FpgGz7 z*;4v(n@1AbY~i ztzqoa7G_7_K%+Qdp9eO;0OqajdGW=SFG`NLs5yz`=#(7^FL?Bl{jltZ+Hw$FUoAN= zl^iPdnVsa0A1innGTtdEM-{`+avla7NjOf9uEbrSozOm!;5!KZA7c~HlU0sog7Iq-8oxbipwGAA5)ZF+Sd%gTA7Kv#mT={ zQqfr&Uo0hcm+PtZk(4CY9+soznJ6-R1?cB>7t-^?fg_%~&HN2v{K?Eng5^p9M6``G^%{!pDnd60j z7-~=Aq7Ko=B^ii;ow`^WPk!=1sC9mUbq!UZwovyfstFyUlNql#tDAvc@p#gg!PFtiUuUL+P z_5ksdG?prjlDE{ej?n}hD&a)x;R3aO42KKcqz}?ft?h!O4gGTMTfUjHy&1}? z+zA=$Am3B3UX^cRDBp+BL{CFEbAr&8S#n5tP_8|Rbz0;mKfOBU*`+jQ#j=lW420|V zUlsmWH5>_ZJP;;;{Bz$`AUjkLLq9M@=z+wVCKwvW=QWPk$P(vxA1=d|88@3Qg`P+0 z=R7GXqtXwMP+)0k`rj9mhx0=Q3z}q}LOxhV=lc#V8#+qNTNWB63j6KGi#YV3p+jnh zrt6Fh>N z)BoG=9rxFx`*z0-AsDzAjbZqjx528G1F%}w5@|LXSBw^}WeP)22<83qJ#J(I36OC0s>_-Jd z@XFF%V3}xo&NHv=p?{vTr{QPpFkh)+_9`&HCT*IuoNmGi7Pf5(SneG%P671-e_#}g z`T11EEODlWX-hqWs% z$UyqK;1}(XM|zGRl@u{b3Vd~}ZmN#rkBZS@qp&j_^EFEaT$6ScPYW5{8XsI3(mltF zUjq3=c{SdV8hi(Uvxl*j!ZrhHUsec!ibmzc;;$FHZa#BB5Skq`Ai~**%`yW-!CpEH?931d`|q;m z0${}y2a2e7l+drJ!Cn!9d?JKj-1&Z|os?2qP+er$)wMWY1Tyf&cw95l*67@iub49^ zBx%z%^~6~ZaGs3;Pnl)rY>}c#zFz`Xvyb29Kg%r}aB6#1JLrfbhQWNgHt^LvKxI|B z-mcRnVHZq)YT0iNO8WbBUn;QW|%^wUV}*aIX%OhJypp8;(acKjgE&~5uW zd|(&=b_c*6@VDO5{ad413Em2~0dLm>+=`)v(+257 zr83k+gh~V;g?fZ;msFB#^W|EXs>*bf2W2bQ+VJnnTR;kA&_F`eCl?r~)0(AN72&^1 z7>%V!KMd0-C$N9zU9-pfK$QN`vU?|3U$E#W@qPz4^s!Zi4d{ryqA*)2o4g~ zpvdqa?EO9IBmDtU5|S9)WEPK!l>_^Iay7Co21?_*Xm;t}uPF=Vtuh_7mrvYtrPFEd zroWD8&M&Guu3C(@6B8|`GZXorx89F9kG8LA)OIw!Gks_%eRK^C;}UTe_;OMbIf=; zfhTA99rO{qm#N8z%2wMzR@>f*n_J_s)zztxckS4})ksafT+`dO*pKbAc;+DK?)ZY{^-;78nU1LbIAcWLR@GYBenjj^CJWlQ{~D*vLTS_&H8OvWYjC!sY;QKt_B#j4A9D}&K^Q1L(KdpE`; zhVPUuR_ixh^?sW_>olsk)%7bVHhYP1R?`vq9VQD=(R6m(^i*^U8q=%d*!BrFcfUga z^tjAGJDl(K^aiz;9N=Lf{bS1z$VB@Q0}G3>Bv-?X8XR$Vs7%!Y>3ZCnWdFCKS+#jx zuQPo)T6G}RTe1@ivsS`yu2xfd5@wtl0tZqv0hnmx;k=~B=@Q#$y;VSj@VO+4HR%2*sUemnN( z+hc(UmF5&Z#0^LDXzkU*;voXeA!{0v!WeLMqL6?ecePG4I7ET+%9hwwKXyJiwcX#l zuOT`FW3lm08?3SApOw|xjqP4=2s4nG_S!3liwMw=YA6z^Po>Gdf7~wWlt&ze%=D2* zwv?bvFo!G9zF}CZIiS5#Zc5@TFVBBVD`nyhiUc|_pD$r-)c5kK!;WY%;RHZh;%hXz z{LSbf(4~#Q%QQETic$p2G@d;Gno-IyY<{-CnXtXv=m!am+xBcx)_r}#aQ{{tS8mPU`cl*&666^&0>$GRT zM*#Yz_VayuEcOd|NB2e5ZN-(YLFFocd%L+a@UVMLR1|Hfy*f7R5ia(#PTnG+)!p}D z@fwZ`4^+pRdIiEBO3yfxJbm6pwXL=KHD z$C_h<1Ky6*Izl|!Krer14Yy$;>>|PIGh_jg>Sh{J0xMfxdSJ+c89vZgQPy^U0U?|K z93e;#_iofj9;sF5N1+3tzr~yGt#HIs{0#xcf`qr8|xwwwLFn+0M5%8>93P~!3jOwMOsxnU8%lb0YXyEML z(_UhI@TD5zAp5*j+$@v9!P&yX^suZB!R7@%o49oscNxC4FtkNrv6VQ4Tx#B8>f>Si z+*RBl)I#(7D8C4)x5%kqPc&$==jL>D9ky6uO6zC3mThPOp1;+a*P8`KY)#s+`-_FTWYsQK|DSCqPk_cIgcyMfT`;r)mf4GGcR%&Fyhyu8KZ?&j^ZJZ|0Z zc~KP_sJ+TXajo2aQN6QVcfRL*4z(Q~@V!|df4whcGZ`I}Q<)IU`g3K}eS7^?Q~j~L zq=J5OlvGPut232)T*hp|>E&GPt^JCP$-G7oHLM(ln?;9EBV45)nNquVzogQkQte*X zpoK@6UYds6Zc^ai$M7l|Seb<&$>RH((I64`qkBjR&vHCy?59)%9rXSkheT%e>)pf>t!)!29u^%zq7 z#XtgWXi~kygH<@I)dJ3lAIGqFMt2fMnPbJ2nK!H}!(mDT$a0?!twicEC}U8m4itu6 zC7IdQ&qz^yN;mK%`=Wn`MyCwiSMnaCqB1`vFz3~3Hv>AuA>Dfb8nK0di9`m2f~?MO z+&OT2cDj0$*7v8|P2ZgbIVwix6>~OO;S4219+|h#>m615NZ&_7cO?wABn6oa4bwgQ zUo9)3tQ{Kq%nlO~=T{2}FxuTuf?&|U+L-Lz!=nsPYRu2;crRN}D{ZN&HB^NxAjpW0 z7#$2&w8m^c=9QGL`<`Zlq%b`c5nXD}`YT_ARo&=wSc|_2_CJzn1KLYi{ydx>S8MB( zNFxEW{spsxm+{eEBwDo`(^9TnDvS2Wg=cO;n6hhk(;5WaS(h~VN&}d$xfmnTJX*|@ z)!k(V@6LiP@i+{o0kt{pjBUy>$qA14ywKo3}$2y2u|f7okk>HYGiCYY<^Hahb75 z$sDd>M{_f*D_P9mOq=+it7N=`bxZ7+V}<@iV~k(9?|=LF6+NzBvKkc$M5fT(+0LV+ z@htbFw;jYD*3$R+?o7E&E`D;uRF`3!58)x8K|(HL2@@Tlt!QAfrLv#2*`x5cTb{qH zSnt)Z5yD-T4FQXn;O3BZb(@FpbGzs3wdZKzVnz|eW=^jg9sL<&FnXN{;qpx?Tc$wK>v|@?im*JLXZJQ{xz_X}` z^eO_(pA>dxvSa4cW|vrn!Gj^e(F=Qf^F_s$OCKTrI5nIPxn-}@Gu@5N*SMGK<%8;Z zuN_UM@hLv_DXzswu_)B&cD-h&n@@|_HSyS9*&+8Tm#<;ybQZgh8eDC=@Y41^`QFzH zH|_%C*UK4Sd~iMN%{Q*iH$@c9bOFxjRrfdK_dO@RT{mCKFXzEux$makSGm|Wzpu8x zDAvBLeV28e$xW5A;Rj!Q>-23ptH+qXjIRWUjEo`JE0@)_MZd4L{&m&CMo|d<@$71{Yyk z%T315^q8EDO7bFvd~S7Io6Q3z6)Oh^(cNutO?i5l4ct?foF{%|st<)+D0ZOHY1q|~ z!Z#l`_|zah;0$aj7Glk37!2p0fRScXR;HJZ+}E z))1{wT4-%%E_IXj(xv*@f|<4*ul%l>O+8+hE*a*kvj|IxqE|EX)w+wy<+q;Q z3dg0{HNne~Z`q$&zrUJa$n&+1ZmF~({`POz$0C@q#5S3Mg=S%#0^1(-2C8oZy8>-6 zP^e+Iz3$i0{2ZBY*Ab+dUdv@8#@O{`^4z_%wB)daL||UDIXo zF|LiK1Zf4`=+{|ieYpPul9L1hMFju=kO0DTMTM<#hP@yl0N@u00DuX=1vnZzIomne z+FCi%+qp9{8roXh={wQcxhpF{0YD~U8T9_`adv|N0D+!-zw)ofTVY&gfB~`dom%Bk zK`t3&BW?#2Sqo5(hKtxB)nHEh5w?V5_L<{67o>pSy|C(GYU29KazAUy4rrQQ!u&E` z`cz87JGuirSwU*^H!!E@&CD$scv~k2wamMM^ejlBt;IQFl`Rot6~h)!xwzXRsX$&zy}LcbVTiM=r^&~Mh5ybdsiiXmO_hzK|6`+}$%)lJO=`*{q2 zSCwN84Jo?Cv-zm11T1lAEO}*5&cL#=I-z#C@O-6HWj`AshYC3yF+fcCZGtpI9&D9! zP)1ga1~gFn>g;y^q8M)2)t~3cc7~qGEs1cuLli*%F1`tVFLdr;Pcs{fKcl}MY95Fl zO>zT_zc0z`y~m**q$3`q90IE>?A^8=ceHKNhn5{GBfU`+6*B+ogpqe>5wIV1p81n> zQ3-k#*Ajp7*D~l0^xsg0{zet>FI4~a^$pF8>Hh`f)HjI#_WTDR z|2Z^f&?;%mzm0eS0|4m%G@`3(Ze#AGtNZ^CjQ_%3@hmS)KLaB8&Ze&Y&I~PNI~Q6X zd;q}|VM!@1nJZ(s##h&4p=7b#9y%S*b075~oOfAzQ4pz-V?AP{6%(gN%MLzzwMx5S zzH~I|pa59V8rKujohy_c^dAh?UsmaGDf?Q*f{Wkr)>q{}LZW|RtaA&NvTfHUKVLu$ z!*xvmQR*sXzRh-MQIStyD`o(f9YZ~+8O^+yX+`>S7v&lr%8#jC;e2Rt1O8{nD|Z^$ z(!S@!Ht7GF6aUB8Gj=mHwsSJKwQ>A!x}KdlZPU*HJ9NzxJZPRcLFk6*CoB(py?xd0B2X`n8c8X2pn6`Ovhfga7v)B>Cny>tW@ zVhdhqY7f|q9oSEN%jD(=C9j>ku3HXk_dJ7U%ELntlWlXK^sVHjU8#aNZ&<6pC&!pT z*YwmJ=8veO^~~Sv5A_;2j43$ket#tSaToivd7n~o(so`c=oZr$A_qh`EGNHzDfh&u zo#P;rFObyR>6`mlf;~4QfJT#uR^+e;GNLZ%7BbYU$2E&RS7dv3Gx1exl6cC?y z>YQhwvqWOb5qwu9z{Lj_><0W3XhG+_t;APWTmK>6nocQke|GXC#CR+DsG=Roeh zSIs*Zlc-QI8)gormGzRtC6$j>bx_YDHX|Lc&VGv6>opze z9mI(+$tZOf3`fmBC-)4_S12fuN__}HifUjC7*PB|MJm!wmht!&L2o5W1dMfSX?8B>PJ2cA*E_o}bRHlZbCwoiEByv=< zDOJTQnGzLj{zjFO<;uxXk4Myzs9S(ovD;LFxqH#i@t3;evj!$%E3r!1pNrq%!r>zN zO)E)9BdW>vZHFxYk4VWS9QqZfS;HSgk*5YhnA;`e^!K%rPu5<({5iCxiC~%AjhU|( z`%awM(>LcRIMdyY+og@M#Na2CN+7YnTb>Hz`#q2h&Ktmbp*&$dne(8x z=9JygRII7TZRa=ZK9*FIN;@^5B656yZ0r7XCBk;<$+@M=F5h(td(XDa%{!jwS2uRn zR7&D>;=9E|HcnUeG@q(as?CYXXKly(r~%`vn)HXkBo%1`KfXG&@rEP5b_Y^91BB@N zhn|Z>_as3ijkRHDYu3l_syH9G8>LQuhw7*Zr7?Uj0K5z4C}w9Azg;}Cr+hkHF%lLm zZBHAwnL`bAB?69%i;IBKK>+*Q;pTBrnqs z*r>G`!x7Sk7>$1?LeM8%^ekqTEHufGBMpzeIlDO>G+%<>P+-jiih6G@qZ`Q90@o|c z3){C#+e4%3Gi`&O0sB@g>*tH{+v~WI|NZm*;fIM&WR;*>i-V_{^6+n}pN48-Uw-%> zegh+~?g#QJpQyF8^r0~|;$y8~vvWT2Zi71S*fS#xd8^DWje#c+WK<8R4gh?2BeANV zshqB;hap*kLTNmt4c9=OkenVM_+u#mV@JZ)7|{Inev-iBjRuJM^`VeP=5;>K3i}X& zwfJU2o1NL2pN&J-&)1eJ^W8ZPNu4g&h(<*Qm=BVPAC3H8DsbqH$GzSRt~Z{xd-$IF ze41@bI~~`lY}7d?Wz1ua8CC%=l&ph|h%v5@By;Sd;JT_rBtlAYbAgxD9 zmf6AjS|;uym5POUzruC}i9xR2;7S%6h?v!{Kmeq=5&kG!{CLKE$R1r=UGsrh~Y*(2yvl&gnGZs z+UA~oBO7EMen`{sb`eGGrmJxQ-`vji^&)bQ32r8*d`&iRrTCZ+<%Cq4#DEl%YKm@A zgLCk)B068o@n$lagUyF~yeEB^Y|*XE2dcs6GuG*%kV1>qWIW?egzAb@93FZxp+sep z5A3de(38~kHA=0y`17ccyLQstUQ!|%*^4F;+6ss!zk>Ea(S5*|)IC}CAuqslPKxtq z2|mZ?l`JRau~n1YmKF+_B+J)645e1^YMw$sTOEMphB5Dl8%Dni@u{V(hgSMdVy`*0 zLFLpJZGop!Vi1%MSB2%1RDSvMa$#=-8phcIt94Vl8BKM`3MGH9f0KwIJ~5kcmsXkB z>OCAeQvYde3lFz>by7tX)bu?cI5URDrZ0iLp3~TAU&0NvdueaePoo0@siOl@{TM!Y zXRDjEM%#kmEe1p_zYB_M{y)6P|~s^KjQ1xNB`!Ym%|k^A#t?(50$ijw_`|>psYh zU%I!DAnyncL^^HJLhfgVQ$>Gd^BA9t@`}-Cau;!z4nEglNkd7>?GX#9!HW2(Y`M*1 z61v5C5_j8haVgjre@YG4<3@jqXs9iA?Gok^eNmnM{AbZ_8TeLl-6M1h zFby(Be}{CvJqwywLx1Lly~>77718b|t_A0LcH` zknO&mlK*BuZdSFnU1vl5ywbIolUtzU;T)}_-{P5&RGd)TfvsOBf&}(Ykzr#`Ul6ls zc{}$^B27=oO4Y~fQA3TL=5_VDqR8z_mU0|i#sNt^#^CSeT^BnIby(*<&+damkT;7W zKtZBnzzH%R6MUmo4Y`3zK2qo{_J#Mh+)0+)+7T5TF$UL635)}0iU#dt{lg>B>m61O zMCaF83}s3rykg%-xsgP`C$N!<=wOVg&fFktj^5$YDM>z|%8X-nz1)%_>NnONBOuL!A7ZUl1 z*c3GxLrIbpW?A?`#T>1rd_ZBe?AI^|>NXEHfsX&dr9FWz)c?Yx`RVd*50zW$>N@}G z;L_!{&fV6Y-IGge+Ul6$?RWZt?~^;ZjQ~WccmV!f-tZAl(yIPvq{Pa9g#d9JgfQD+ z#1LOW%OJa+wO`{iP(qF)u3*i8h!v z3R&j-k=VXF$n|>X9fqB1-MH;Y5NBQbE%|YVYT~$Plr=w-M})Tyl66hiZVOg`QO5W_ zoD@rkTBLK^Be@=8T?$7{ewvWi;tcFh=O3SS=xfmXKzLvA^-VXwpDN4u`{P9-kJ=Pl z!3L;Uh-QUPD>}CniCmx6W+`ck7HUU$v-sgH_Yg3y4({rUbHK5lQP+kwH!_ARaB?Gh zoXreFqFBEw7b5lL;WQANv`#;Dq*Pzbwu(g%okjeKY2eX5T({S7qziuI z_^VX19V1-bEV1?|ZO%<;J|LAsOqBmW()MchsyMQdKZQ@j{u~J&2yxgL^JNfyhwe+<-(L(x^Ui9pbRqOXulhjA z{oZWb0s2?fJkDJLUYk_J;&Wpp%{E0S~-A#3K**T;eZKR_8hB&D8$+^i|; zQ^UbKc@0$cFOqm%XD*Q$NOd#o~k03CulY zwyPawH=Gh=X@#lNaoVMThfB+Z--L9BfeWgq`pHWZrqf) zVq*|0XxDeVp2G+Z<_*5g4rz)aB@yxvXY^+_h9^b7&ZES!!FcR-0aHcEmz9OtTh~1u zd}%`MgSFI?rrMaMnT`C3^>+qijWyCMN3~;%Z0>AS-v~Ilm@T*7AtMVBB}*W6s^?Wq z;tPoV>eXZ7f(}Xxj2sI8V=m-6f?_?LQDwTUn>-@Gh95d{W5=L_-eLTdJb?SB7_g5j zwET;+6|RUl$-PE95dQPPqt+MSU5mp2RGm484LjOgd;tcp|KP_Tgv13n-uT8p+oL## zM>6d=Fe^LxI1hu`l=|Y1PA4hx=i!j;+2Qqg+>f`xhp0OjEcTM7+ChSQaTvlfLeKoU zv_)NRgirhDe;Hi5X!~mUHxY^2eD0r~E*G{nG{amy3yyzpg{b`mni%f*eahi;QX0b? z%E%Mz#1yH~Bq*)1EVVe*%gW(NllMA{8ygeuUm=!cP?vh zftik+J2s9lyQiPn<1L@UkjUr;`Z)+2hL2R|Di3m>Jpi;{xS zUw-YDChMaq$(TY}XsfeH!ef#0C(3D(4mV0HQkVBAfg>z4IkwQvb-K6?qcBoogSKWK zl&stmNNiHnrkH1|j(erRfg)_qJ)+FcDN}GI9%_?AXV;uVaDt$XJBR@HA#Bm?? zv&Y3^4d#in&d8uV6a;$ESj_irV3v}Tb)!p5nOLGuZliT%9=QKfmP%YiwfIA};Kv*B zXr#E!bZ}hWH}0!_$s_;hujjm~Xy~sxs9C}boW4QApYVPlyMwrllW~pxSoWX_v(@~h zXG0osk%My;6LG})E@43L4b-BXxFlxI2_sx4T$8|ByL}y6zD=E=tx{jPH&hSlKD9?- zQy<_nelB_Hh6J1Pqg%Yalf}cLv$QBSJlwnjWcQ8wQaMSoEsRFh1l5yq%*DS-o1OrCeRKww1y?n|rg^A2}KR>;p)=v7SAQ+t?TidQ6{&7e_U;xa?T~mE2!W!D zYlZA(UJqj4kS1x(CmNDXM%a_2jg(+_jsr@9gfuMy7Gy+?i^%X+nhDWKK7eXC&-lCy z(>nmXK6RF!$mcPsZe7o(4}@*Jj(CI;?2gsXcD#((uP{pCR$Y_aGmZV>70%C34yXuN z^Th*7>j!pdQPEF#!`qVW1l`OuAt42$nJ0&rdJV@bZO7r$z8&hAyNDHWLTcz5B{D30 zzl1_q^Bro)lYAP3Qqob@09z%$rvigv(vYFD$?by|;F5!D;^ zaD>5`OQ>OgcA!#>TOU84P5YL28@a7=F8ElU;dqMPjVOTb(*5eW<_~@ zb;Tb-WSGW3oO8m3V?MU+l>wmZry0h_qTg_Ikg64+Z8bi;rixtQTPPK8un&})aw;T zEPz2G>Q50kbGjh&;!;cW)vWo>7BaHXO}M6L zf&_EDxL%C%^6wn}4dZlANr=lKR?YbV9Lj-P5R2 zT$|ja>1)Bj`qI({oDfA~DHeiIC$))H`j0>DhkBTY!WG-Z)C6C~Q9IB^%3!WOV52N# z1%3^`n-;Dz655e9#f8E>Q0BngMdwtj4&Iv-8D^2n&1Boc_87(2rilg3-VZKrtHg!} zzC(p&FiUu7zv=bH-`-OVMuMZk`8o-;{m+AEc@O@u1@=bO!{MR`D zAN2PB9O+`^ahnAOROzEx_tf|`X)t6RLaJswHZc)Fw1Nsb3@3rbNvi;y?Wr{Tiv<@h zJW%Qv6cz0|Vy|8+wHu78HhVJbk|YZaBUO{`!}RTL0^==^nixE<|W$ zUgI>jvbG!u_?Yld3bnYPKs0Atnbf%efjOuEgEhE7ks8t5vkPJtnbJh}LV#a610)@f z_CU|?n|G1vU-tAzwr7}S2Q+_@%7VHV1LXuZIPHnBD5+GdE z@CS}i%`-t(C z;~&$sZ&Th)?oP#US;L4LdL4r4tL}BowMZH2;^EnIoyUqInfnw%3FGE}4q6^k8F_9a zGCkKE>U471p6(QTFQ0Ab9WB?ewm5s`ok46eJT-jNv*oz29>gG=DmOJ;M>m`K|2flO zg!x#6AOV10L;!&Lzn*FT>w4jTKFOk0H67Q7(1w5spcED++d0COF}g%{7YgQ9%(dC2 z&qtaHm5O&=-b9z2;|8U8bl2IXf@z(rn_kPYP{uayfG{5tu`4YPAmxoMRvp@)raO@$zMV3g0*aGX?lme4u@+>F=p-YLIzJ}BMILw(JZi2D;_VJ-E4j=;z!%1Y ztd6{*JLy{-2S8AKuh!JNm&IYq0yU*`C%_6b!z zSz@sOqo%Ra$5JG5f?IqTh9^>TLdU<+_BCR~p3^)}bZ?d0pk&`kQ62I5Xwq?8R-a52 zo9mmDqP@L78N0S(#V0{7e1H44cFl&3JD-XU5`WN?M4DMj72P3FaoKP(<6x*lT|5SK zUJQ1dBx78g85$KDb6p%9V|f|!OT>)XRfIn#fP+b5wemx2kIU`tI(xAUrwUxA4%yS+ z_y*0Qf?pAbGVD@6(va$Ah!}E&82#4`wUg{P@pia}V=h08&0O;O5T;@+j zt@CI5$8ZT2W#R@cLhSM}?2!nbV1-$+cqOQZ@sChQ>;w?F(ZCXDq6DG@fKzw>VSKEu zZ9T?bkmo7@Kg#TSL?BjvZZ zKVd$Y_z^!oglE1i1kqKk00|Q*1XC?p5!fZ9TfjD`9tvp7Nql}OKBXG`o_g@HiP8%F z9Yo+(S<+?~{m)we&)i{2d3998-oH*n@>9Z;*(%dTr3x^}7}CJuAH2lzW){8~R7%Cc zwMIm|5LD*k(2Br0# z$geOD-SqUl@>7N|!W(9ptiS7!Au0b_0eUe4%_cL{{Ds)h3Wo8sE=H1b>SD}q)z)7x zLBKCmUjQz+ytk1_+0PUvO+#;mh;|NnLsBVlA!RC$+~TsZr)Dcp1@{i9)Y?QLI@iP**oH|V*zi^w5y@Z6FMpvPh2eZ<)!DF4#wlVf_QwujvhDM-E4CmPO5et?AfDyXjc% z3})&Eb7w*t$S_x$OntePb5B@i_Y*ltr_xlBRN4rJ)&`=x2zdG;R>SU%iltC9lvli( z5m(G~p)(h4+iOPpObGyI|Le`SG+8g)3+Zj7B!~9y=QV&sE30rD$)&|{s^z`%1yN!7 zQ9qv|l4dxV(=(Nk{m%;RiK!qxx=d*|o}s~@W#iz4$rg zQ4%rv<0AEONVaVJ`r6fS-VU--i;<0(ynB0v8L1r_a;8asc=rt4>0?KJw_RX+>ir*C z!d$^_cBL~3FQG4+1Rth$+^R34CsxABhCoT7eV>#Vef`O8^^01NXKs-3kOcBNRE3Cf zB~y#Hh&DP%!@}@}zEdI&f8jW+mRO{6AXp7E%m-PRq5WJIS$d*qTWcxP$@GA*BN4C> zuK8EZo?U5=eqd`>KTeYML=$>N?O|XHU=Izc3bL#>{Apx&X z1?Ck$p?=_jOrerFqCezjrw`d`1BJL;d}TIx^Q>oCd5*@qp&^Tx2d?yNxKhuVO!W z16CNZVs;U?>HXtLS{ff*^8KaJov4zbbf&)zQFJ7&k8 zstqhV2zCgSEHit2I~UEGu@M?*Zzhh}#)MsrU6o*KlA*jpgAjF0)rIjV9O8|T`2hW{dZjxDT|WC{E-7WGxSI~v&qGwBj^JLh3{ylkZvpuzMZ)uXEkF(TPJU_wVV09_DM(D#J7lx?)}zcR6`+Qg z4Od|yp2%h>_=TCUqeo#yAiAfwF6%^t zN!n)n2xhT5q^Y8UM%IGSk9^n}bv4FqSTZ7lmR?|WBav@cJ@KA?ON3Y@9YpN>5=#YQ zz|e?Ef5mkt)F}DTUwM}>>8A)x)8l>6|3JYDqK|TjCb7+++%;dkm1A9rG9>*Xkx5GH5OGAAGgN!FaIK`gognr4ULJ1% zkH5-A&vnWFEBcojH=B!o=}8|qUE9uXDTJ#Ylm`DQH{1&hO<-&xnN>fQTHh?PRUcK= zZW$OJ2h2H#Mu;^B#IgOs09acX-&8N@O7ApU8?5S$BU(*A>xWjL>kgV5nrTk3>n^Js zp6K}vz7|ACp`#tfmLCoW7XtgPbe1pBR%q)E`lkcZR>=CxIH}n_^WK(`HRI9@rO2sN zZ7Av~D@!_Si*Hlk*5iYR$(LU2Wjz{)9&f!4SL~Ohgy`eC4N;MJth8ih!ksH z%YbNH&S_h|DC7%@fOdm9W(_{8`rv}c{T9Q33>LwRsO^*pTbA)Z>S@MIrZXGahAv+3 zuY=Gg`@%@QrTT@SnM0Ef5|C^ws@1uaSW_!_o)9_K@)D@Q972Z%{#{n6X&c&%87xn3 zNs;1;UbzyaWRgk|<}4LN+9Hm*PfYD~xw*AF!mXu&u^?s5uUnx2y1dsLP(a(25`aej z<;ATU%pPfSm=qBQ4ROA?6u2l{mIY}!(H?3t5IIItnQ3BfewTPKFJ_?L|7aGp_n~I78QX1n_MWwB=cHCKTMnsGs5niW-s;~LA^>e;4=9(-xbEfiUv5rc1(gEp58>=7Bo2z*~ z-BRp;6G$|TeuYUKPc}FaV!i^qC7?5$j0*@r%L4|8rWqX&=$II-@4BF65r z#kILOHD*BSb*IH@rN1;-AM_@J`{==jvFc8AG$Lo-l|6U-9V&Vw;8#HsNPHDE`5s&Fr+phkZx@`%DDM(BvcU<&w1K#K?J)ZAdL$^1K#Jq?&0%~;9Wsc0)F zzT%3;!A^`5X}P`xuHLw{Q)R#vVY|9`kN4~9wMP9O6X8oz03aSF&yslMN;EMM-L6em z9UBqG&&OT3(ea7%Z#2SxerNa}gb;>S=EgQo{}0!Nqei{d|0d)O`X+ht{z*yvyRHAt z@BX{c`@hulPC^GVzyfwUWRY&JxUHDdLj4(@0QDw~D{R_p(%$cXJ?tU(YzTM95ybTs z(d$GOT_~IZgG+`B$!uKk;tuF7I}nm8`4$w4zY-(WgZ+PMP9qcgmI4&)yaq`NjM$Xu z9pOSuoZd}&Bw~k#IAQ$*bqOs@YUEH;49;fIIWgAAxDZqiYJbxnqtO;EV93kc)ovrWTwz5VH!o7 zY;`{KOu(LpOy%>frSC6#FxSqw}Qiz&z3&-_RnhM2yeQ&5B9Ucma~lDB5>M+d^w zVRYVI1JUWeZuM+zsi2Z)ECEv`usW#!d9Fw9G?e{3VhYh`(u$C;M^GM1Fh-1Z3Jn%f zg%hWs5aHww6v&Akh{XY{|LSJ!AQIM@e^MDQS}rnbjFnSY6mi~GhD;Obka7h*N4@li zU`afBwdgIpBJvcogpg-r(>K7h5a;t9vU}l(fYqvXJ^cjMQ4G1fSTdp4Ae~+S#c-Iu z$Q}xvG4eWvc9Epk`HbY$jis&irYl;usG8aNY(&^s%8X0InmBCtJ=VR`d~DYQht6p0 z7TElCP(aA`!W(4u%5fnbRE9E`%LsVt{CC^VMmc;}-;a1>aS)DM(}E7ur3QmQQEcBr zjPQy*LP(9Q`bYs0@{gb2)aL2V8`-ia%_aA8R2=$lCWWOJTZq(758?_JZMzQ4dX#nO z;Q%mKC)7D{JLMsJrxYdzPgJ<{D8YMI`;R^T;w3YVC9gqyA4jGym6gIxpEtCip_npo*e0)E+*8r!^pTZh$ogmjS^(IYxn8H5r05B?d6ERfGsu6=iw*Jjxa z3C0tP!gq&j_J6W}tOo*C6XXCueGdSD^`8zk1AWK;PF8%$Yw3v7+PwWpZFhJY=R~pQ zkjZw4=ln}m#b&WBK{O$;B*vtfM8IPIkglVnX~N`g``R4{<|44jYShJ}+T1V!1{W7_ z9Nh>JyCC1LW;}aQA~&6L#ji+TSTvJ971_s;ea*AxUZf*zn0??;kTNQ4TG2LpW``8B z`@?-sb^Dwqc21ZVheui4s*XC=#q$deQRP%&av)h^PLS3Sj-WtGx=@Y!uT2$3a0D_~ zA?+T8)R4yJuR%CC;-BDvJyD?em0_~?GhVqH1r^bk4@A;gO`KR%gajw5-kXG zHcw>7j*rpE#KQgg$bH`4RF6&xgY09f`7e!MSQAc73cJ8FSfRu}nc!`eGs^8!%-vLq z!mg~*(d3!VD|xcfTlGtT#z@8@X|QQwY^z}%7>rwis#Ma-HV0sw9qKDTk8k!43J@54 zIDUVeuU1Mv4(z_Z?w%fw-Uf4VtBRVIPRr8C{(qdkW00mn*QHywZQHhO+qP}nW|z9y zWgAb~Ho9!9%b1FoI490GF>&5+CgT2m|H<4LnR~5$tr>;A&9?K~N6CMG$Il*m7wT1* z;sV;nkOGBR2Go~O^%`Mo_`%AkNz)h~xpE{-vou+BBUo!J&UEw0nebcY*7+u!8C``O zL6r8b2+)m%`<5u!*MjdBs+D*qQTO*Bs}&^75=RW|mFZS09*_6ZmvXto3}k z#@sm?xePv&`U8MMFkdQGg8xJ*r5XIiFA3?B4JFk|DdC!FWV`T1G$40OdF0@h zIdRRh7Y$A2inu#SHEXatM?3{gw17JJfpnFQ3V}#E=h)gbEN-r^a|;T*3AA&)o;2_% z1$w=m2wwXIzU&`*J2`uM1mOK5H0<_q_6AN2Ahs%2sEwUL60E$g5RK3Ge7k)=TQ?^% z^!2yKRiMyqn|>rg7{%Fe1omv0gAU%_!k|*aadhBCc#!Z*{C0M6_BQVF_kB7~^ZA6C zgnZ1OX-S519Q68=Toh}b!6cfhH4&WlppVAkN^t|G?K3k3?gu}W_fr+i=SP+8zy$Of zuz5Ffk80qtOq1?RASv*L#+ebP@X+Q2lIem~-#ki+z*RPqhu>xxV&3%&-l$M-()f4) zv?B3QNapy(dS|1PejyGd4F@S&_R~infh^ol2l^-ffACN3?R?#E41s>$dMSTN|Ml_A zYh%&sNUhhl(R~_E2CYICQ$aVW2fpkn^%z2xr%d80^i-{JAr5d$S%qGdKtr?m+=fGtiwsJA32cD#-8y{QSq09E#r5ds$ zX$PRUPt}3U1mm|`M73uIKjfpa?c%*z<_pjEg(xdRDXv_>E!MZF^gt>XXvPNlYT5ps zF1Y1H-i%nM95Rh|uemgEvVrm~a9ib;S@e;h7E?jAcFi+akg)4hn5JBS78xNG9&k3- zZ~cZPe5Z*!c;wKcnCHr~^2>Qv?|6YMR*m&YV9@IaW}kUAy8#qiIEBLt-W$Y=WAjD zX)0Am_w-a;G`qRoKRpC<#;V*g?>hH4)N8nv7U1H^yq1?~pEF zwtc1AxZ%WAp_qP^o8?Yqzfh>_6XSfw{!=gi)MIhOq9gB84DC0LoI+@Z-T4b^EED+H zhsuD&&aBJ^(x;N_Ol(lhCeT=Fs%+#}S|P~|Ax9W61(Y6Kk8{=ivbsJ3gPOCCl9u8# zuvUoK#otz(z-EJDyLuf?6YQV@Y_W}f-*$n4spc7>U26TiXv`cQ-^Sg$jr3ccA9gb%1a=sV9&E$h!@=|#T@Dw+AoXKBOW6)kq< zaq7%Xj{Eg)v;3izf~0>-pYb0u`mBr)q7^q(Lt zI0(7k2ot$CM1XzSJSwH`SmFI(yaLqC#RVBW1rLHI(=8iaP%*cCf?gVrEc8qj-S-{0Jze5f(C$xu`<-`SIjkJdCS5|DxmGDsWp5 zf{(>xzYzF#QxUF0G9{J*H0C^N-QI3l)~Lt~(F=7Lz=V!-NKSAz6JW==r%TojWIs!E z`V=JBe~?p10Rr}r>xQiecM&dSj)y6u!mh}w5nV6DWUsUkQxkLtuQZVb1uhv;R;nW! zgC60$0Uw9HztBho^*(AbE#_|AW1t_<^(JLZ2DBQkZ99wHv!~ z3lazW8zA;G^vYx{p{$Xx>ioF@%nt;#dkx~8bHWoad594Lsppm2%&JM(Mduh^p&!I~ zOjQp=YlQ%6)Lyv|T0}fwRS)C~amj}johc^{zJR6JH>oQ_Uv9Kj$kwXR*@A$D=Wb9! z)YDG|(}X>o3)G-#cqRC*T8E}%HKUA`97Q5lgpoWglw(Q8d&|nOf`tV!oMM#0QXIQ> z&Y(=!m1~REauk_LeTUN-3Qf-}Jz)kuC_0NAg-fQ8WnVGmpP;lixT+1~3*y6*W3u5A@lj1+F>5cV+p zXCo`a@Mf>h<-VM1ub?yzql0DaJ5J$qvrU!b-8pMSeY{e$Y*>+FpxG5drEIEsQ4v0TN=yjeH;31$?cG2ea2w%l&y4?gBnduCFrTLEA!UJpI`NiDjzM6G z6j9YXx~>bl5z*Ng*^MstvNk{{w(kRveE|2BwZ5E4oCEHwIa446Ppnz8=uTi!PcN!0 zdEL$O(yNO$Px!6+bMlR=odRLyJXb=!S_#0W$rT2pvt>cKo^%rA>3X|te_;@SdFH<% zEHl3MT_cp89--^!7Xm>biOJcbjAFUvWUlRTyg2%R+GVXa6Lt^jh`bpj1j zQIk{MVq5?`{Ti{W_os^aP|i8Mn!r{BeM!smH)o)7l7$MLiJw3f++ zIhzNFc{_e^`AN^!kvT@p;8>0>gJ*6!6?Frg0QNBaAep4RLyQ!ogc%Bk&rj@Id=1!+ zj(Av)w^{U<6*?C>SFv8kBqs4^aR_6X=JqI2Fa)%CLP&vdl@5Go+p# zA9$Udyulp=2hh3%lBDW2<^sxtU|{W#_jS>eydw zZ-X=qu$~9DQ?Nyy_2=JpgrENK@;|5^PeybCh@Lj1x{_qZ=yii=#Q^IWD`98?;J!m^SEys`9Sz-29qP@@PWbAdvr zLkIw%D^zWhPQ2Jg1(LFkJ61}RT}|m(G8Gn_4S>lW*}~i-?6FWW-$vTGbt#E2qFPD*Pjcsv1smqkfyFLQaA3l?~ zar$@VP!R8(63~2<6n@2B3WB1$dflGR3`SQoDq)(Tm`nwWgu6E1xWFBBJdj#=C{v3o z!DFK#qoG1`UqJB{XES)bKPvWKJn(*D0B)=F8?!2+{Z9P*t!Q5Mz|Y84BDj4%o1qEF zrV7`iS}8FiEf8O-!eHNI5G_EDBG>dP+o(Zx%;fYJU;i@vxM#v%s#P^_R5|8h#(#&lb)Z>@Lu2}nmC# zN=k#Em72HJ1KeTtiP2}Wehnhs9xyE68mo+H% z9K^s!+_c{ih*_7J6CZjbBi@}m7xG2mI2cdDS8Rq^Zl)2z+=m{D-MX_!7o#c5$s3E1 zYqNb}kS-$^a1MW!V>nMj|4u}-?4EH}LLpdbzYaSZoamk^f6w2Tt=|G%%)&KfCK1m{ zKQuPJIj~FPHea6hJUS?v%kV7LIeLx?&G+Fk?2cxcn`m(tT=8)CNOCe+$&b0+#Jd!L zs3o-xz*g4uS$7 zU7=R|(WTMAf5^ina0t|9igJ}>Q>xoG$c~(2HkuDl}26OphchKlbI)$ znU=t7S^*gdGz->TiMN+XlPGEMj z)yfgUt-#Lv?b(TP{YR6*y~RD)_4 z)HTWhYXR}G%>njzh<||%XM*ifMlU2-h9+t8jw0lolo7l-CYNX3=bi3<@6a2CBji7& zM{_AB#VN9`fQK^la1AjCwLzcQhKQ#1OMQWi*iA6OL%Yv_KZ$U-q`5>A@DY#l_E+ns z)18pQVaeNjnPj6W%ZXv4`y}{I^HajhDb8RP3<2!kt!6^g^Cy@IJ@xL2O4gjxnL^ql z=o5HRvfC zw63qY3o<)#{aB9BnHLBY0n}0P5Zm_c6Ibg@GXX(YXHYG6H$bfXul0X+HH%r^Q_%5A zN)PT>Cg*@lioDNAAZ|9W!G|~c$MF;0^A$528YF5$xpgD7p(YgGr_ zfP$UIq`9R_m|M+7ibOOX_k(i=KS=p#GN)QRxQQc=iI$Ygk)JWO5fg9jFroLHK%#`V zFcIbTKE#du+=3gzhq&50NSMhp##d56M)_zGKogntV2aU?<6^#Xyn1OYnapj)>j|^s z&j442>B;^OwAyP2^Ob5|pAi|@)mLq33=okx6^N?f$KIKdm)NThHB6k$94}6#@BEl>*T1VKB&Cb@;-DeAMG&{0l+Wz+kvP_qM^gpFl?eIGsC8L!nA z5b3uNEdD~(ubL6F1Ix^)lH-}h#0{?&>&=`x;@LA{w!Z=^3Uxo9+2&WTaIlY^dkQi& z<IsT*yF0ql+vU<(%}^7=3Qm;dL{YMy;t4lLoFf@^s;>TUiq$adD=)=0_F zTEB0D{h#qb+ASRr7YcZ&u=+ewf7IUi1@fLfd#t6TMGBFYn->q+s`2T7pmi+YRo&a} zHt^PK2Cd@PLTsa}my+a&dliEuo9gJ;txU{UU)VVNnx0uP6D9g76a#USIfj#Edjncw zy%bloamsX}4s_z?*CPc*w%+J-8JJbqZHHOx5z)05!qwT2tE`G?U~N)GFTtEy7Y;1E z=fee%zkfh0U8QcgJ(o074DFgK?ZH_B)dJbT9?%Dv6M1=CBn8a{$?+p0U69kKARed) zQ8BwCzV-gm%iznNQNLQ$`p%FWN_2K zIm)!|Gs`jpnVsjn*pWG-R+5?Rbwr$F8ImUcGaFHdxTM{=DMg7=xQQ*&4-l>O@iz}F zf`hM)$zt0LnTB-PRwfORcMMJ|V*@K6mv zRdGqRprev}YsGM)HV5`TKso3LrJVtnT(xGVzM(T4i7&}dY{2(CGdvllE~awsiN<%z zs#7}H!xZ#BFtw2$I^lOS`)A))89+zt>v(;wR?E=um2u&Jhb{6Z<`*FvxYv|8YT3SB zfLcH-P{3V)e&*tLz@qa&eBn_o0U!uj4G4X%#&GtB*}0?Q(cp?}_~*)Mu04tg4uUaIis{{uLh#Y9j;7XJ_ZNPk z;>v1#a?A4|e5oq5ytip08}uuBXO*+RGUMX|X7!drg+KcKI++Cme(R!-d+nu>IJAt4 zqpx_9Nq$|V?JUEQfWtL0mk{_J4G=M}E12)&`U2`2r6ChV8E|xn=RC3j**5j5*@QFU;3iq&15K!y7 zUM{oNvq!$wDxXRq-?dzCF&0RIZs#oyDnrE1m{vi?igzAQ6Ir{6d+d_GK@(SjM!pOV zRX*ijYJj!df`XiWC$_x$5F);X%J>V*y;o46kBghPW+Q341<3(=$fv~eSufH3G2>c} z^$0=U-l#i{WOS26ud1mrKFqHpanUP#XV}s>srx#|K6eo+JOS0n62giy+}* zW0MzOlDp?qp6S}BE%x$6XSFe~-L~Cq_I>+7849@C-1HwIcQW#|KfftQpz+w1Gztbt zAPkBW7{qo5M_zhXF)mpp%ZwQ(cucb+Ug|Kb)&?^F*uRI-^By}b*NypTJ+U?CLf<;x3 z>rSqNKX>_@hgfXaZ1U+jH#L#Zy*DusuX%IHgdWPmY?wwl7=@yB8>H*tBRZz9?BRFS zhIb5cg^joAjEZ1^D7gMye-=H;Ba=o1F)XpHeH~Mk#$QnTV!}%eG}068)C7smVV_8q zT!9|Ge-eQx6`T-kU)ogyIa2Yo4V!b4R14?8;U@};*cjPl)O*SJ>(Uh?sn%ChQ)4lU zKb9iJ+Q8XLoI$|s^GDh3L@V6TD!r9j-V@V6n9XKtKz6&0cY8n}V4-%DErh=rOYD^_ zXAj)Hj!&xCHEZI9;T{w9wlIg&7iE3 z@?vt{d6?UJ*(Q3Ie4e5hxO9Mul8vbpuei4KThgI+>6Fg3avr&54)9^oo7qv=RjP1H zPz7yBq_iztBdP`B7T0aPDBnQN$Iwm02`X2wm!e18gr`i@xqME)I$a(qL~@d%ktg|m z%=g3Kc*+o2>@|p}QpREnvJaI~YO9jg=qhx0M*mAM!^ynclFtV6;xH0;!4iF%FKQ#k zcw7jx(ML?E|Mt*ea?q}We_;DrIJd*wqH%$X#k2%GVq=y^fm7&~-Ao5QpjU6)=Ra3cgK%IewS~lI-*ddMtC?lPt-u6(? zgJzSqVZkuqUqD|^zwhcFc=h|Neu;6MQw> zBgS2P4$X&$;=JW@KV0kS%I~k+;i`j5ZpSa05=VU#!yY!;3=a9m;T;be>sY}8GF^=6 zcmYjV+grj-4ymVRU_5C`!{7a~oqXMTO}~PZU28yk60n}Vdjj3b$-Q3Ro2n2+9uMzd zZtSB3RCaztD}Hi+#kG;R+fm;@=IT?+|MEttJ7?Ok)v1j(OY!9S_-vwmUUIh2lj79a z6<`XPq&7Fy?BK}mipVb(ozU#j!*47Cr1{)kWNnsX6n7o`slT$EZK??Kz2b^pZ4>!StTr^JD~7{@ z5vW5OBgNgD>DMFdV?GJ(t$o~82B|BN?QO`UOYrw-I&n9W{s4^iCN8dA+!Ix$(2p~L5x zl4_YwO@5b}{!4eLv4eyPQ3#n=Wqp>Ld8>+-)PjE0LCEIIGZ0Cy3TM@D@K3p2Mo@ zQ=8FCk5%F>0)D}=oxCRp#TqT@#WHO)mzWU5+o8Yi%OMjI16_a7?zvX}F2mv3@vv2= zBM4%xka9LOcCzW=VE5x?e>rwCc6IHdGP{)TJij3dJh+aY%yUM(M9B$&-ZJm6udfOAOACbv%#13)*@l%avv5u-b+@}>Jix!J2gJ?p zVYcXEy0H9%$U`^Mf;l$Fh$-~J>q1EhXQ)N5Co1igFb(`aL}9jsm9=sbCK|# zm$tqK{Y3dRNA-(Zj$m6C!YZQ=o|J%{mc_A+9lQ{9gXWjbg@oX(;-=+=-SiSYxRavm z$J-|35??P52jgZf8^z21z`$5~BVy9J%AN&L-){7f%2q(tE#Q!x=%p5m)*UbCE`O#x zZB2oOq9xp7Wjr_~QJEv3rZL%qxG^ad5I;+Io!-5#a1J@*}61v|37yBKZ> zl@L=`fo4ovlEu!m+=-Hyq@=3Bw-?MJr*S|)T;at=grqR@6${`$XKa_RfEb>9}Cu0)=@woJ>TkZwAN2d zp(+LBN}fY12n$sK`J1=0k@iB9NV0-I;1lq2%cXy1%@4VKf`!>9m(rfwZyS=fVyl_d z*``~G2d)g6^oj4QajrOOst3!nG!Hc1NC(tzS2d=I+QoaisvjZvtr%OV3K4z{P`muH z(K3o>+%-!w3_>uX$Hgy^4l)}^z}458BB>cq#-P@8w*c>&Kwjw2U>g=Sx(3?MTe|xoY5+pn8Hk8UmUwTHdEu?^7 ze*4eVQRqcT87tGS&aI0_{y3mBXj}DtSHqqP@a7NuX8Qr%mk|zf zC!?Ta*6G!TeH#S;qQ+ySEQ9vgEGcNzqI@J-=)0T#Wtrgfo6;9%$4_`$BT!i}()I}0 zldGP;6&-_67|m!>(r9)2cMNkh(yv(~%}O%N_!f3XYud92f~A}agpTIeG$;Qs?tw`Y zt*3Hbb(7RRX`irk;$@JcPTZvo9iAGnU)HoS^~kc62O^YMAi1U?l+S7LBPP?$<&ZWz zEewZlEx!-a3PkDsv~)CkGu&$6IN~RA&7>eDRia@tC%rWTQ_mmsE+o$#t&F%(IpLJf zPepRE)g+v$F8?V>y=4F4xT>)5TdK&b*{EMSrG@pG56OS>x&xxp(TwI1;O^n$^jk68 zU*3{SwKEf5P$~@uILD_pwPL>4&kYG#YNz~O79xZQ6Bnfl|Bdzy`CsjU({I)w)IUzt zoF6AD-v8DfXz%Xw^RfO1&{>a~zU?Lxn*VcMI~&vf6xwFY-;$+p0l24nW-R}UPGVUZ zvY)`uj7+n~(Hk8ZeoEQXd=KW4UY_S)@8RuQfX*`j?EmT4^E334}PPJzQqJk#jbvg zLr@B|p`*P_BpyExP#74}ysxsp(~sU3q# zKKXVgkDPBi4po(+7SuE(AJ{B>Qe&LH@AP&yiuKv=hEZ8#?eNE{!G z?RpNwF!j>_43+z^MuJ(e`k&gboSagu(fJ^bkh7w;ym%o~&K4l!_TLb0;@oQNnC^($ z?yvFlCoTahvwOq^NCrlHTtUxCa0oZoMk~U-|Kw&ANEQyF$ULhhk?t=Oezcn@YZapt z#grk>(d5^uTgN%B!@j=A!;ybC7n!4q?M_u>BDd7GIFAIsrk_DRMIq0n>O{K}_{v!c z&!v`#_n4u3DUyu6?-UN#*%%-Gtl|fk%0T+7H+X)RY}CzMhzt$AE)Ni*3pp@O+tsUC z@&qX9E7jD9ovI*2JICfPKt(zYeYqrmxq)w6D3Wl|Iz{xId>Q86u99?T6vHi_W42VX z^b-aVDkADs;m-)*0WsLgZktm4?O~o28@Dp(#g|F|)z&FfOS&vT`}8NZ)5YcL2kZO) z0Z|eBZ@1t79gm6{#{YO4`3Iv*1q8(WAOCA*>}vIYFizH@BWs7J=}{A?srhrfO2wp@ zci3GFW{^)jy%f(0THDR%m_^)4HIjSsQKMh*r^ssrzEtX<_{Jz0`7lF4j1c7l1v6Qh zBMSk5#z~}tz<@*SK;V*ofU6-Q7{HC=V8R^ZHW(h)J?hK)(>q)&0~$M;1?U0Fm*OENGrk>iPv@K41A4^m z5w0KZlHi})18bf~Z8ZLD3cH-YRulNQaqp(`YQCmt0l9V6y2a?C6PsnWj>yLO$S z`v#mC)5CJup>)K=!(=t6Q%mQ=v3Z#h4UHv+Q+O-Jo%1$F-jTv`*7UXp@T}i_RuEz( zlYA(p3|@k#E=)5ICdHlu_D38;ik}B$A&nnRTyyX#4hYxWkaOxU%sw%4;;G3@%V z!(83f%-1g7{2Xdf!|dCJ8Q1trwR8~`6TH5~HyEMi(=^Iw0M1Jc@F&hD1M4}8%NZ_V?j_I}RV6RXen8Dy&?&fN1I z?zk0u3AuZ@V|3BxeaXac`0AAyZlytT#$i^!&$&zCVZwU6)fd>a6G_%69oEa#vkk+l z7S{9Rf%&-hYX8xDrRQ&Ges~}F)srghmon!A(?Q02(8!N6Dd~Arc5y50Iz!{=x)*Y` z+i=o~cy5z@u%)$+xTk~KDSy&n#Ml`Cc#uWmL(@&bjp$y6|6#W2<`H;d>U6K~1HYoa z>ejEEy~6QAhPrkGAs%|L@>${BuEJer&~g-V9557@l0g_h#hf-viMOx3@}my)^Y+Z; z>)!D?Xc^W!_JekIc$tu<8$$&LQG0p#~ytSJFD0PbKf4w?on|Cys=Jtqbendxo^LLjA#sm|CR}rye*L3DV2;7C1Be)A|+UFp~;#vnnkL(ER1?0Mp4aWKd!}4xf8BI!Vh%JUD z1{y7uDxnZy9)(JkFLK8gqe_)8Y+USx0bZ+shl|U`ke zr=I-$`H{$NECS#Dwy-4cjZ*tADM@A`fZMO?s=Xalmt+1qD=Y?3=8V~QgYxD`TTRC& z=fbX(+fEitCFNGpNVE5TROrSS-?Z5@lOdax+N3eFmDfZ3*9xII(h8BSZ;-s#c^lqc zv$*N*hk6D;x!sOi;tWQt#)JfbG9|K}l|5?dpBMB=cedyPteEaQwOhe|n$DMd@MZh2 zhUb!l$kL1XaLZI^5QWVY>PRL&LgCNWSuLv9O7g(d2kB!25Utg3%zr zXt~DQmd3Jj5xjQ|j}YYDo{deE<+YP_RVlN_y#6w)qgH z2zRz)1_|+>XoXV~l4jtIVX;Zeh+yazybJlLjUfKEP4F)a+yF~=^nvo37Z=C$`pf|g zp>0$U<%CLy3V{a`SSvJJ6Fqp8s%~~Rz!(fUCJ zop8WwV17{K$u4;IzR?a25XwhYkbfsf`j6U$t0B2Kxx1u7*xq3{aJ4k@qF~< zy(E6}FJBZ-kA_5Vh@{^5%VdsN`>-lxTcJ2{V@CIPVD%|bdkE>OP|LwE?+qZr+MrZz zqDoAv4d}o>xn|fycBt<-Xs6r*Yu)e@32JFeBDk$W6_za$HGg_3!iU{$2T=qw$+M@p zso*bUE{=8`1w#ek&kjl)z-_*KHBh&|E>5rV$OKPik+NAQRAjIrMY;k*fFi%r_~haH zfE1PlgTwevY=nT2vtDWqGpsQ9mT+Ef4^|Va4L1vD<4z3U|!%gN&7AJ*Rr0c zvZPs31N41&o%fq|2TxethHxCN_Ekn)uR8*&$<-)J`B1G5=?OZe{DwWPwE96S`f&A9 z6?SW#0w?TNCVEwwCr|#thQ$HJ2f_tB zM%WoaH2G6W0+2n>q#Sn#d089;A%voeEKr2mc-+)9gQ9~oMMFpsGENmRW1$v6%=E_S zM7Aj61|33Tm9_?OEJRAx>V{Ly5*M+##ZsO!pJ*3=iwT_VA)c zJ?*VG8|rmsL>Z|MpG)-C^uc6eVMkaOeu&x_t;~2dUMoB>4p=Kg>0?+G%E4n7Y9)!a zj-YVFLe@#)g6XC9vKenJP@c9cFlKw3NHJeh9ngTyR)LmlfWB@A>7MV;`1?^xrcfrM z>I<+BP1Nrg-ikO{DyqgbiDYp#sqBtWp>Go>qP$?-djImugbkBaa_`%J2xb45acc2Q_(w;y2we4Og<(AaKq*TqlCb zL6ER!-&0|iCZX;0k2MyNzynl_m-AB0LCfxK=zt~Qw7p$@htEjQj)#MRr-k7N5BD$k zkW_h5tmz6s4jAAE{%aG6BfMkKOH3`7WN#DsIt|X{NZZMmo@Esl&_-kn=;2_3UU``7 zlzQJLsjlP-oti2E#ik7j0xlxaKe%8zKbB0+7n{H&ciV11boVQu6qJXPrnB`SrUEr{ z5vq>^F}2x$P7~NpUXV|H31%a~IzT3>ErVp4bU3X6KC*&yzJ$*^5ATUdn4anoU3$`9 z;JBmDUOXw2uf4~zItCDT(yA=o`5nG$kJc91>TPUQm~4-?WPz;5Or$>4{6LNo&8#p* z-jjUhbU|RN#g1v#iNXx<$f1aYh@Ix>yV-rBSeH9+2qAfQ$m~aLA}mHWB*2*`Bc+jv zSD2O~2`Dq6a=Ry@Hl&fcUv6$>v6x%_gxX$BG$$E?#y{P9d9sA$;sdA(hpIxIc>! zbv}15ElKYNJ~~(OxvxQ@~dI+Z2z5rT1%cYfSRq_BtRm*fi9+Ao3%r zp-t%HAFwH9{OHI^sU8$*La6WsSl;(OUh@YYQ4ru5%;GowJXdU+6~Q|8H3O2tHZQLn z3>P@a*3K>+d`>C#YyzRvQ6)b!13xF1n4%!qohRfjijDv?!yPBrD({pCa#R6f&}8$! z)P&l|y!{mKSf0O^*5J9;DfNu z+S9ka&xS=E_BC(Q4)C3#DeEMpt6hXH?nj%JU}E3uULb_?uQiv20GkR`TEtrG5>2jR5`%@W#FeB8vB#@!1f>eM*mN1^uJFcN>`n?^Y~T7v=7 zMFkt!wZ<)FmLtGO{%6f}Y@G{owDE@)$3S`dNMCpGmC!8`qvFrQKcHCMsDdhg*vxn2 zPLe!Z^lecE7SqBGw~WEw^B9#LoXUup!S8EJ!}eFL6_pmqd8Z(Loig%rYPPS(_xrNL&g+m ziB$GJwenV{x(-UDiue-MY|bJIcq8H*MGkhp85g5N2*n(piNC_gil~TbMvNz}VpTk( zw5L<+?w#Fjp+TPq-@44vzXh)Heo8SHR9{|1F$4x4`aauZ5~ZZGi^^CgNap&_;dL{a zEQ$sB>7e<>+dWb!%>KQ-t9ETj$JQZZky{O<;E3{$ejT%Z$u6ER-I%)rxFp>uaXC8c zYDKzM2L`JI?wG-Na!(Fs*d>*-%V9N}96=ed`D1{P>nVqlE%|62{SED|?C<;6E1!MI ze`E2L)=1hOvGeEAgISvTJ6zjRTN+ISE&j)w8CUh4R~>Xx=e?cdEjmjx)4|^+_UZw7 zUWQ-ooe=D1Lhv~CakYc51R<>a<5R+-dt@2Oz?jL4HjpC-3HfRpA z0f;xEw}Nz|K5v_HvV-OqzOge}`Ju#wUWl_6_C>~oK-DF4!M)!MB)2KDV&%QHI)REz zJ_*mEiN+VVi`XG-a=L%Br`b`#jb9@Y8H4&uw-#l${l$iGk?jBox1=Tnxq{HteabX&Tah=pAjD3}d`0`6lE$pM_>5NZF@TKY(Ux zX`Y8Pq>YYC{^toh9%zqMunRb0EDJu`!Ft*Z+V_~F@wk*;7(KioF93PoaTaN@gJbcXhmGpZd|8cGl;SVFRr?At~DBM5x2w)H(Zfqbl))}WABMRGJMZM#6t-!XS z>z5eS7>fY4rVYMB=z~;MWwUn!47sn?GZVZa>mk$pL+oi#h37$IK+`V*A81r&{{8yd zv(L{#(nyFxYzonHaZ%zyz9?(DM!)dGSS}1{wz3q&_OxH~dPp z=Pbkd5Kw)boRoHMq~Vw!$6LbAVzb?a;FP2F+!BQMQCRslk~T{>ia1Z<39Q_4=+{IM z{s&{{5Tpsvq~Wh^+qSJ~+qP}nwr$(C-P5)`ZQIkmv;S>3Vk7oYb;zh|WmIM6`@Dp8 zCJ)Ehsiae;2d6@AYT>*D^_jyk%K4PeRVlNB+gy2qQS=VCLMy<2zJ;oEXyon+q<;8O zCB#^#GD3re{`oGCoY!TBoAgP`kK#G4`d~TY*SBu+ZjTNw+p^!=%%??T`Pw3o%T+b4%lj)y0Sj5u89!OG_`( zDg71%+LnJ`bd=HHNKuN@SVL`UeZ)mX%GwO(Z2tuS>1)H}wL$JGgEhbj9UqfnvmK>r z{RH^*hN>B#fhAGb$Ehh-$uP(QeG4ULTS=q-aPj;}${o+B=G#`?cMUc8B(FcNMR@G; z|2>tGU;8MP#kDLG***{Z6Ne@(ekptN3_1hNUjUtUV^U>I8b3a+QZ>(DJeD zphxMultPnvPeiU7Ep4Lg@5rh_Q1^=I>+<&k%|Nm5SR-$;W$5D(m0!+vb{MSFZCn%X)UYc8j?u6Ko-v6HYMr;Ot?f2`@E+yYogYD{ z_qiuRXtB-Qnm9VeI>d$^`*&7XNB*@j%H4IKJhcr!&t29K{5pjFWpw!dJ0TC~T=>~L zBhNH`fD1wcLIcFX2ha;5%fSbs@@eYOQT95CGgzxND^4u6&Z}OFdd=bqn;lzr>c?cy zOs1}c+iRb}nv|O53ZHWAy6Y?MDcmmamAGDQ{TdF=GfS-2Ocl%hL&493P%E^i8pCon z-MelA){)=R39(ZT1q;%r0H*bx)h5}RnRyl5cv(9d?o^N)2b67weuvBP_C`17lXE(H z)L~7L>nP=ufL zONX{KzP(!3xYl!-s#g0(W31{{9lrO&a;&nQsqedob2Itpfk!0x{#(=WI?K$=jYOlR z<2XJ2@Esb_qh(EinCfA8LlMs^Gh86VeqWs;9G=Z;*|kFI8z?wL&^{sPPVhnzZaRnu zDvcac9~TnU(_MiOieF)IlXY8xbw*q5ju_?g>5Wm5CbT)U7KdUTJ8gS*5(rZRyQe0O z)Q3n3@JRvmnIBkF6R=D#-R58N7Z8HI$^}i$=_=oU#hwI7NEi}ObiklosiM2no9tAh z+Lh5%U`OHI#)gYd_sLaYhU%2&s2+#~xJn?s%Zp)~s&(gt?UW-m%`>t6%HN5!?v3(NUL{j-Z&Po&-}y-M zD&GLN?&>KF{9I9acc46mv%s>&ZRUb)8YjrevCsd!Q@IpFn+UI9>ar28B9B&*%u0!&=`Jo)# zJ(6`ev;0pkY21)|HJ4xA3DkHc*ydOfvJba{HmmW^sDP4fZG=3{R_V()C=jEe`78n1 zX$J?hF0m=P{0s5`2NmjTUgy}4#-&GddYu8*=9A*Dnf8M0P4E2hdYZU%c5Jg&Mg2k! z$N>?7&G36RSoj#59VQMnn!0PiXaf_LVf^AQhP0BsYV})F!mSw%{78pduZg>Bxl?tv zm*|_G`6Nbb@Ez|cHsTZ`2WZE0iZhCl zGA&eNz0hV#nagsV8b6@XGR@%J_SzKAcsm9Hw5iyW`Y17Q*&pMki53R3z^ke}H8JS; zWHX#>iWTp$+$@>HPAy}`VSfwi>|DFqp4iqyn)f@6`!nrB>Ui%LIG%Pv#av74T#wSk z{kTQXzu%6Pd#n{007w&xUryvs)I{B=rWqi_D1d|J-kJ^WMtPHzBbIfGQVg%KOnbId zQlYS>VarJ$g}Hr=x9l$u6F(&&U&FqoXB|678HaB>3Tt&5Wio}vh&Z4o3}2wqAWFBK?h`knrO7O1a(bG zNk@9?d=xg@m@rDPine=XY+bKoYNK=XSNHVT2A>DEQN9_94gWS=GtCu%2hyFyCJ)aj z{J<`SjuCNm-wvUB65j-2a0ioR140sZyPI=X&m{TEFk)vM-!NY23bcESZzL{Z!aY~E z5qKM~0f83ZgrTwciphg}1bu^*2i!e;!+af<2i_f_0p-dO`Bkn7A-Urf)El`Dp)q|! z`HCcA$fSH-oaiLjChae#4#mdOm9c|w2JbK*{F?ZB^A)QOfoZ;h`Thsd3pCHv>|nb1 zy61~zM5fVPBa8!GgM8!Zfme#I3B$lMQ<%g1hMm$x)T%vD{bbhNZ3|ThM)UT5nJF-r zR^?_H!v-T%AB(1xj|yb?36_B<;VV!$FST9c$@!FB^=w~0-LoX#tA zSXUM%IWuw6Wr{(MXj67NceJVY>1t<;y6hUo;PkR3faP3nB%6$xmJ1DA_kvSl=!9%q z+R$miDEx~1##k5gG#;s@Ce-A5%3cPk9XHDf1-q>W*{E%@DsB?+SCx)- z>!r$VX{lH7#8p)*6j*xoDzp;?rI}V=s2%03F1Pp1;dwe?AZ^=13ExJAN;NT0^#yA~ z-rWH#D@v2aa`gatwg9UQHpav$=41=)Vr86ub~Isx3ddh!QKC_;;MOX3Hw0$X@$Ha< zVS2!WA{7Zt7{r|_0uZUSHHmngGP%<^waf?)S*>Q$6&5LYAE|O(>6j=XLCRQ`1 zH-~jym!0#=+kI?oEY^G3pn9D4%;desP^N0TTIxQm%|>A&sn*5YfXqT`+MlfIRawvu z;;7ZpLlvNbWnEjwqXz{+^VWqb=HxBA=rtry9XsM`B&C~nttZE3B`t^q(mRObe>LE#R$`klKBQ&9Qf_Omg-*&fp-gvAD0arV z)@4d#iJO{gP#~dlvY~1m3y)6*YNo8L(l9y9Qd7}9Kkfj&qnYMI#xZzI$&xxRdc9tN z7P3tv1W@Tn@&G&pGPeM-WyUZ*@k&!nL|YG)sTih!qy#%Qa(IrWGu4~KLy<&qnwe3( zX!*dJlf}Cf%=ma_m?AtX2?6b$AR;R${Gd)DkwzQc*h=B-6_z&oU;Gb(twy2iLUgC< zKBH`kINs-@WCFj%oT5R2v11uvP-VHsk55&-<2Jm5nx>(pg(k{$jaJ_(YjLsB`uuqM zxeb9GYEY^qxh&vuJ~n^LIPfm`F2bUi{l#XYEy1r}Z8~6j%sem>K*NgZ43VrVf<)yy z6H**xVLgmEWdr^Lx5IVWz|b0bajZ2QY)lhPSXEKVO@9^o1ugIMk0hB7{``$J31TZ( z%r~snT0+VMzRI6|QDL$iNKS#Nifi+=K%6i^!%>K}q`zbtAInDY7(O7(<&?xfZPl@uIKy^%oQb;yL>Uskh9 zZOzh12^kPw>qV84r8sW?mS9kqkaH)MpYJ)|K}3}A+f(!v=J z%!p+RLu%6Q-U4iQ^K4laDp9c zIAIPsWxcSMugQz#fj_e$N;@(V z12R3rU?cnq`G%Sq8l?pn8*Phz;uy9dGmK)BmXZ@o>Y4@Cv$pAxrbk4_ovQVqk3~N) zQl*XcUm`Ms`>q?6M6v`?m^Iubh9ovN8>stcD8S#C(y&;jL2XWJ8q^fnlP9PN-H=mJ zkvB*=D(t|Wtmm0OYQ|v?r#6)ugKOA-Pv}Lso$y#C1Y;xW6#lV8ZYne^uGefrZ@L~* zLOERM-Nc-tx4He1$MH>;D@o+647Vi}-H6d}mC(9(uGK6E-dHiKkt3x6IFbPUs|z#R ztSDeR&Yz*$?s-;Utp9^+s0mE9M+?k+P&W@qY6aRT43cvBjk-~kpC8J|jZ+6YicnKYDAX!5MqKqMjOvT{+gnF6oUgY#V#lt z@jZaO1s!=eeLfNcK@L9uwj}GH>?@$z12XG8RtCGOwjfAg`{!s% z?HnaK@CQ=%0*^|hV;nc>n)36Eji3R%fCJHepwhKFomuQRh@VDXzywZd-|OI-X0XUo zL;OjEWWOsXXs&`5xpM}K^1ApE)mJj+nGroir;2+?_^!M1x9lbb`HoG*)J`F0kPDno z2^Be0wF_)87Oca$07rAfM#@qc=kHy-b0EHNq!`)H+`XAj)$#}skRUljP$vjB#pQRf ztUBloEe--xCm;AFouU1IYUQzgXmAbM{wN^yQT>tqti^s@LS0&5Yxn5UJt(sZIg=Gd zHmvtZ&nlO@ZG5DpmzW=0$><454+7eF%w(se@|uJEvE{XA&*Qi;0#%37=nCA`=Quf* ztVGCI{qfIoa20M8nLK>O!UR&ZY_-_-t>Pv#!Ju_isygC{cU5f#$IgkgrrHW9 z$nu(VdbyCi5uU6H8IKDs-f$myXNS_Sy;PZWk?%cDI zo@LGB)cU@hvl5<6xwhm>i|ghTee98etG3+*qIle&taAI~dz?2Mql-4VR;-i$07Ht~ z<25mX1{ua{SIVC(rF=G2cNgBNpYke~FqP830UV&Mf!wv`Z?A+5RtT#PSr4Ro;e7lq zx}K7qjV^eH_FsdsWOD;8_7yshG3qNX;rrRV3ajgF&}5g|-v8uRhF6@s!j)x|XnkIC zH8OY7UaEH3f&}5;LGWBFep1BP-u8S#qnSnku2FeB?66h7fjbKR^or<#yNgvbaa?elbb^3gc7l%rT8$5)7N6;~v zft%K5L^1gX{W;nPYt0nVQ=ww8o>EDHLR5EBN)Um2PZ~vsL6dY>G-ZszHSoL^WD$Rk z=L{!dFbx&hl1;1CD(&2;*yy+=SUrbrT~>%qF z2|kV&1Fpl^%d9RK$B^~n3~Bc*wQ>WNHCN_YhjtXvPScjOBHEdM`cy?N3Ah{t4Bi~s zRKxgp@~ja4ETu&W!|yY~?*~k&n1M1vA`%7&?}&BQC8!m(_6u0mCOknj2U|AHCUW&I zv|JYUVKjvV?0z~ETIBD)#HxiB_i|@7FaN|DswG@b>j;(u9ioF@N~oy_svYXe-PTt- zRc06c$@yaZYSQAlRYncczA8~-UbObefAGGhe8~dxO*>iE7a>X#3%Q8G)AL~SKCH37CWI`D3gvwkSR0mNNJtz4r092l0UhK z#0;owS@NP2*g_9xmFkmHmpMLVY~S6D2#q9yvOh&%oc0a>)DG~to!RDHJn9Z1@- z*wg{0G8;!REcqCL$RT49X-!&46L76hMyyBr-lb91$n!gbv>~4}6i{O~iBY}@5(0`B z)reHe z@tH=%A3J(TI>Dm0kSMm5oxhn!ZboMj>fcpnupnZ9M ztPXx8KzgmBYg(F*3wyZ(Q#1o_`^CiE=wz4RjD}W}38gco%v2wgd7`C}z5*1HoX(Ks zOl(xjp)ty=@B8T5UmFcMo2Voiou;8T_;CxX4RUJ>ofsF`P-EaTRcA8Zyi`D%?RvYSW7L|n@!*KUqGpaAN7&ef^-EC$1~?>v z#vPXX6Okn2aXwEI-l!-cI*7Vr$b!MS%-;GBS;MX=zDeqoB2bBz+~jVOrV;F9HCiz- ze#cESmT-B;PeF98!)w#T`Npi!?tq}@)QXLWTU86aG+Hw5BMpV$V@eXw>jv-Yj1k#t zUZor|4-kVTlbi{lrQ$%s^&ktjs~!Z?cmxU~pmfL~XxlpV_DGiNs}ZQbDsN<<)rg%b zmX*LUKXfZ9aMF>F* zb;g@7V^)Q0XdusF97vd5nhSp87lhC5Ep%-dZT!PPS(x2kAga#~JKmI;r1k#!00-ro zdBsbB5ku+Q^CSa&5Z|d#=puPXSgJV6Skm&l<{Ni@Vghjqf*hnYgx|8ObU)u&8j9C1 z9|z%WWE!bf^~VnD3-U(VlLy-psrae9S2io;B6Ce_aZ;f#<*CrijY_ZwN(U67(6@lg z+SE7vg|1Nn_*MELk^13%e0<@h{-hw+6rW*dl+B%;GcfZMykAm2gjt2KjDCM6Az`hF zxai2@s?RJ@^aci|Hcf@b*vVq?4zwoWJDjW%YJIU4#fs) z{t9Chc3?_T+v-F#${|RA_Bru0JmM7uM|_9SR26||os_#}yp=*PBE%p zsXwIro(4$rq0ln@ZN#@?#KzJVgfEie5rapMz!gzZhFewwlN@a8A}Cj2;{#*v{YL6p z%M?^Mg@J@bj0I(M$D4>4%Qyb*sp6;%ftE%d&WCl$;SPjg_D3&^AnfgDy!yM>y<~0B zO*sE4;vUoHjesy|I`I$DeWE9Zs!;#lE%7_%WYQ(|y^}rWw!4M2ckGHyqIdtl!O@(}5Pv8kKkZ&rcYaIC(TKY!a;eIC;VnGs- z`%dskVRW*ph0TxP5(dC+nhstK11j3#e-UYno$vkf__Z*Sn42~*5z62+GbyLiY!1d| z3qOFyG{x>iCdeHH(;_r;3S%e*p(#)!$yb^r0?z!v!LM%A{1ig9G_)g-ps$igd!W}` zHKR77He#T!A%SuFrZ1N8O@p~FNB->!`%TU4&1L>=N}&Fx9~}YkCmKKoX&AxkxM8RG z2+#N&L;cW_u{sQskUXz6myP2o~(GIs2(yIzFky|ya&*0 zszt&80yX3&{_V%=aq;!95OPESu7l!2CIZZt^yIQn0wv)bS_%L{p@s7yZLYgF^>K4W z5|(ytTAjNYQg?v+L0G5|5km+etOf^N7$r(w6bo)cNJv47g1>EII>Dbl(W@4p_hX7+ z>1YXZE}lb2BE~weUi@-IFinktTXfWk%sxVyMxBohkbR)&LxP9m>XPg-hLmH}L9HG* zcJm5ydpKQgFObP#>6YnSJh!O3qt7s$^8+TF_LDoV0 zmb#JN3V+sC*9Z1?Kn}1+zE)&7z-qVTx?h@PJ01fPc1*t1^xN1|bNn;l`t}$Cb=~eh z2=|o3Jvh@b&aY|KR04k<)(NH#70ZaHXb!PF!43@Pfk@4B6I3o;mm;>~BWWxdL2}5IqXp z6~Me~%igZ%EP9=2M1`7F>SxpArzJ^}s6?gpOOz-Mf9b72OTUyJ9VC0_B3Y%Nanhl{%WEXQNP)5*Zs@7urNp;hTIYIdE5mzH*AB* z>0mK8fgj>J30QcY$Y1K z%(HGCN8RPa`oeO9K4kf;Or}0N~o~)`j`PZz2D>_@>wddF>fyXN*_WfK7y6gQnh9*CUo7kv~LSZ zxx^209D=> zUZ|+Zi^A8#(^c*5l>i^{OMjOrmuPXJ?dAv<>gcpir_&`=%_XPP<6wJRD3LhiEN-js zeC4Z?M!;*7CP1ZzT3$hUDwX?>hHu;x)`$mD&j8`3F34-d<5&PbHZ^iK9W)08!K&|2 zR9s7I4L8y7OGp18S5}XGsN}r&Sp!fn3M9q%EC@YiH(^Y*sVpN0;vSredpoj#Px6+L z{G+8)G{Z@B?SzZuSv!*GSw_0b6l&ZlnY}gths9Z-njfoeT|tdC)1KV}B?J|t1LFc- z(s>Alx04uwBX{5p-d8D($^3`--&~27KYzM@F$*m`1mR!>t|M}!KmYa_6yjxAw7x4( zU&#I%eG##@cU4ia#KgA(P{+F9>=(V#tnkn8gLl_0BTV!#GXlfzT7P>#!S&a2wiC)B z{Bhv5{^a3_0oqlYzt?XjoA^vjI>u#+$9wcOh*pf^Y-fjfZ!a4aqKNZltrPprcJCB9 zfZ7hz_i9j1l#Z}|R6a)i&p1K9naI8MEQWNVwznTYCk=oG8{Xp!P4Fooe8h@(#0t>Z zln2unQ^)>@!rB(}1_#olKO8;c!Nk3Vpz}ip3F30HPpaaqX;O0ZEqX}>qRdX+2VL=k z4}?D@PC@0S%>cj&D<|8ZLV+d&f+#TuZ*8w_NfvfdAjEZu(RCqXU+QZRqWt402q56F zdKG(e&PaKv4(yA+b-Z=Pu>G#sO8t-r6u}(6YN}kEsuuAfJkb^TPK$qWG0k&#&Yjjt zw}aE$eUjzwOl_;#UzUuY@(xP_MamFW*q8RCq=&zrZ(XqWDZjTfj!mUG8pgmYVel>B zbtbKC{m{?e1yS*U9-3m>MU$#96Nl2YNK_{F`45@;SGa+824;{Aq_h}LI*;`P>~3c| z6l1+9P;a46(7d#0rbtE~4tLo$Gx9g~s(g%_oT&(MtJ~2f>(T))h1V~3(i~Nz$Y(Gm zmIYhH9zN?3&D=}iENZ+{fcotBAyO-MSP;gd@9fZ?5YyX13kM0Cgs#W!5A??(eK=Kb z;~l!eVN9_&UX3N(0h1C)ieXGL(wVd3x?~DBc(D+s^kS>^aHP5Jv4RqRb(B^98OWkw z+vm75sTkIh_+`8|YEvbgKBSiG}$c~^Rm?LPa{sH9Qb0< zrJ%yRAm3B~emR$ZptY6mAN}XWH3up=Gn$!2LP#HoMYCUcO6BwHt+{}|2)=72Jvr$w zP4YAxX$5YaGk5%F*|a{v?jGo}yHm~Ef?$isn%@P;Wxm44@d_7(wyL|zURFdtBqOo5 zY#*iB!PwL`n0thJyBfe(yg=*O6b!7@LAe69;U)~Q!dFgUsN3lUynX7}$U0&t;8Beo zi>V=on-jmb75hoeO^LTMV5l`QZ!Ny&2qSu;25ULhec^)U&KKqKL$jKHk z>UQf`yT`POl`uG41(&gNKLT^MXAmcev>yCp>?LVG)iDw6%0NKL?5WPArHt|sDJ;U? z@{R5o7~f8#7-qj&U?(1)t^t2S-l2G%p-}k|UGSc^X=DvU20_zD*~DYf*5 z-;WfVhRDxFPz~Vr<}NfPQp5V8=8FjcsHFMqcQ9CD^Lvf5;2m@n4j)e;VSjcc2MHvI zb7Rs;$0fxjV+AwGpbW}AfB%K1T)>*!mmh4Fd#&&YPKvcFnAi$ty!@swz$A=F2j8HO zj!Q-r5dXD6PNONjI<@f5!6lFYn)-sGSCs6&q&K@Faq&)U;WD`7sMeS z$bkUZ?3tjXx?IscgRG|zvKV@sClRI$by8nutKLJC5Zj?t=h3i^cy(#G{U##4yH-ru z1FP|6WJ+|kKqsWVSi)l-2(`rlfmrub-{@);Q@Q=ctI{@A%U%Fl?sOJFBybpZ1QxN# z`1Arf*7I;Iw~9B;(2GQ@K$5FC;h4`s4Ygds6S&2@8n}P|^Cwmc_yI5NIV=$%C=+Mo z7knI?K@{~~F9T&1MkMw}l3&($c?Y2p8s{Er66Ydz&U;vc=j<3nK!tTL8)^B(V7V0y zDRF_TF^f2-Xy85cW!QWna(8CpH{6+5T*zPJI92j3WFk)jC}0iU+lV^$1YhGmF<^4$t1yH zf7M%B*Z=@elT`@+oVgHz8<{|nc3acJ2RS%^@Lqp>e~t029g~pm;s(sg{h)^Pq`~8O z`)ef{=8+e*vVlS<#&3uqXyOIL=z8x-Qk6rHR+HA0V}9en2z{9N8U=}XKuw^pZ)b0& z<^CXhy}uqQQK-peo=Db{Is2%Ui4Ml=6my~;{CAT?ib7HD{P?nBBP95b%XK`f?^isl z@aOQEK6fUBQ+eWJog%51NyKmKVV7SjZ|N&zmcptj%V5Pg$*hY~BC^Alz?<@+4?`LD z>6Q#h|Hg*B0z)d1EnWSLLs2C9CAN}TjFl_z=`3dpUUwAF z1`++qcwI`6LHLu}O^*>yMTBh}~PBgdzOiF$7m2(~S?35gQonFM&+DK({O;|7pg2 zR|tUcm%ER|k^TEuRFr--t?~z1?3)&RIiEkg{_)$1N9w+v@f#l8A163}d>@19jSTi1 z2)rM;03YdFU)5(Jft;9^Aok7P_%5IEjp5!AX5rcsGQphF8WAv|k<~SP>u=7VC|6Rx z#3ek1KXDU&NBBj)-_FmIvI{a-e9nvbNVts`vy330B zKVX~Zi=(ICZUS!$=X74`>1k}k(!Ya>FHrx2_-g8zre2`@D%x73noU>zz;MEls2j?HtjX0x$f`vmr373Q7v^2qc!=AG*~fDb_b ziH#ilb8ZUR@1iH+&FzvOh-bIOSZExcZ>da}h$3aL$wlX0Y`J{8tX9%8pQl*{)+(Df z#fw_V9H{ZwvLYCuKaBFs_M*1OjI+8eNpU3zyM`T?X>iXRKV`M1W_O!}#W#35pUNIR zL)C3 zHnT_K5en{DW$)H5S9mVga7On@osRfrD3Ywa_XdDG%k}!+r!=C~QwEvwp~TE%J3enB zH3oxoJ^uVn(0@RQN?|bleU_Fz{XB`CYtjQQ(Gn)+B~ZX7kl#uxQOM<_sx+p=(GEJ_&zW)a7Tc&R1P~W zm(=_OL}lgemPCwPN_FcH~RZbi-N*NWtH#DfubMIuJ$m zpyC8u#mvSipCP6bz@<~i6AY03o4XeNoWePw3gM(;KyeAe95^qkEbF^R$B{(;**LfZ^USH zs8=PJAOf+_U@!!dps?tDH=4+Ou@-`>-_J(oPG+ueEGyC=E$qg|hVReb^p(H)cYaY& z!FGhIWA6qctdIfn2p&pnxpN~7ZRa2Y{87g}QrRotIuW?~DL33#-B}~{n;4Eq{kmE@ zdDDWiCX&s!bX4Te2^kNlY0MF_ZwKLiUaux36Jbpg(UGtg{Q=-4alY-u9ip>?G4b-A zK3GS+rrxylrIOgn(U4mFdIr2Tj!|w(>S{@J}AgspeMF0Jy6*vU&6+^WCSEe0tKjLj?=veh~GIK_T<3cD}$%dH8L zC5zwE=!R%oH*j>pWh6>y9}eejRTQw72*hU+aMb2Co4EC*8flw z_A=#f96lX3bBj-G%0& zs}84kEEx9T=VqWaYblP6lznh}R*{MV7JXkbkpZu+lUHh&7xv5^tJkJatTTSelo%&e zXg#OINND?3LdGMm4ly!|42v!(CaG|UZHSx18gyNs*rPiv;R!kU?NX@+`MV3+y^Mk9 zss7CLX7Q`{i^R`sM#W~b3gK1oLL{!v4P8l=Yyp)s6= z<4G*K?NP}`*k8>>d*QnmkEk9+^DUJfe68d^z@gInV4)ivw)6VwQqIk4hGz7gE1B+h z41%-jlzn3VW{XRB|L_+#xTGh@N=7%>E8+?REdc+(i)z!6{oscR^Z#b>y4bo|l-08O zEqaE_;CYvg==)hA&OM$QgJy;2_=UQMm0C1QX(Ff-CEZj)5@&=iQWT>(U6FTy$VN$1 zVmVTem0X;Zi+lR3i3x=Pywe!$6QmD}JQogpt5_^@HdsvaOW!g@F}xW_hJ3X`0Y_iv zZa;;eysX6lluw4`_um^#PfL-bv~kLJLfQpPEXS0Y?l)-{S!|Dp?&IX&<-^vgas%p1 z`EgpuD7%h73ZQEZTH=4PfUG=Pb`#pV9R`KT*{`Saj(k$9Fs#%$v|kM22{7${pRr!5 zja*v2?EK}X*FtuPN>O`C;ePm#!XS8iZ1M2T$?;|mbSku4kS{66WX;sG>~PV)b<1>A zD=%2Z5_0`GT#oRZo6hJUYHXueV>!OcUYyVOxOnZwC5+eiom7T|X^gZq%m!!(SSW>{~;5=2%#>Q;0$ zvEK{4KZ&u4zn=osCmKh;ft}wZ!7DrfyfaFQQ~c)tl&ohX#h*z#Gu&dW=oU;A#3?99 z3W^Bot4XZQW^u0hjH*WIKRFOCd&2*vy*R; zti#f!yxwG6-sJ0@Wz@*GyMX}t4=4W~hJSE|7Xv{ljg|@JyD;LrJcH_*C zjXH|vYn^#_v%=edOp*ZI;cf%Py)?PvH>>>-ecC@)2%49{+2hgiyZ^x$Q^NH22~ zk(IS62U7)KxN@!5Eu3T5(|dlC1(jIA5%tMiy|qMJQr>_JxO7PLgG39of&4;M7-*A?AtS)ReV>ifhD;#(!{D>$_Dpju`LcX zD<~s&HOKn7f2tUpc4V<+hJG7$n3kk;>DoB5)F!2NeOQAVx?|`ra2+-3=CFi; z6J)ZGjj1&hX*qyV4ZD}E9eHg*lL0vjUHIdX6zAr0^3Yf}T2TX`epUS& zp*Ew-2ff*5X@5TMpb%TzV1$(>7$GT;u(ZuqE;i+?OR8L|gTT2#+-3bF>46Crr0KB! zLq-456r%nZO`ndXFbh8tVU{{wuTtk$hGsPx4E+2~T+Ot~6*kQBTo!tjIySZuJvnWd z)r{4P;D8?%xF1cF0s5#bt;)B-$qyW?v|v|=0Q@)pQPW$};TNltlNzU5AvBuswz+bkXcwpga2Nx9xwnP(6fK~+W&0V+S>6r?Pz{$ z^@KK+rFZ_fTs_kXxKcE?n}P>k z_%<_l38zE1Iv$$4S3HFh8!K!yXt!Eie@>FGCbi49vk&2%`!DUfkFVVbk6xQM#9ZJu z2yj+YTDBWaHJw+hj^R>cG`f7m_C1Sn&_7=JyXwqRf55uZ+DGYl(0SBuGa2=_SJkdwyX(^9UKxhd^DDMxKN>%iu3KN~hWBij5QJQe*o9Lw z39ZXNou-!ep4xjTwKf}yGUm*ho63}sO$<{eyR-KOY93S7{%kaxfBdYCOh~fl0;V`* z_a2g{G1G86Hj$vOdsPPNw-70eMPqK5F)!YuYFL+6S`R#AV_3XI4*aZA2k&z_#u_pJmfx z_i()QuYlS@LGOv>*kTlIG^apSb!oc{q;O%XP_192>V9zBIS=|D;RLG>KK1qD;21l# zAO&P<(Ds6w8-M|L?ekqX@L)o<)tFrwF;oU8mipDe;_GYU&)N&#wKbt}6HLWTN88Pj zRi;2J#p}I|y><;5rCmnA~( z+K5j|7Kor>!gGQ^lm+O1N)L1SKOYSC9gaG@Qzr5&cIT})PjwRI#(>&dgvwll7@Ln( zP%$T8I6Z{b%Jt`G;9U#V&UR3iO*H`$jintX>9m3-_Vlyr;@5<)a{b+zR-L@mph*1# zm=VU)Z)yGvJ(Q?J7LH%%h9-&xOjZ=rLGk!zP{YDcb1&xqKLV?ggp5W;x0$90#N&=BEJ=5HWF6r>ogQm`H!py6ok z0$dFQsMEg;0Z0K5U>3~0j_!b=>j-9rzmt# z<{uwOZJ`h#!8an&s}lpfA|g^aGiy8f) zzy4ynQM0EA1E}P1n&zqVEW@Ex(j?X#E#L}yhV7Yh>+vy9wIfd4y0fHn`SUX!Up=p z)cpp)+&^qZIYxl9asrA!5Uzn{NIsEgx*hma-_; zxI5o@^TThLMh>10&JqTiX+I9$*wa4nt#$usQ^^LFPI1*IdCTp(8PL{A)8$GGETYvJ z7L*)v^qgFD47?Y0@yM;{xw!WjtpE%4hLG;ZnkrQ=%>_=fD}%6|fJwP@o=WlR0_c4e zIMHp(A)&Fc(IFcGrQy$m+sLMJ%^D1Jv#J^u#(9$;S4_shjumwO$-R34)6M#^8E`dI z4WNZ}SHG?ZkBz^_F;FcsXNuof@YYCQ;dl_{|K2kPr4J>9dDP4own!zKG8|omPEWwB z85Urn2l(AbAj>|W$6ZrsEjdpwl$~zIaaP>Va6pace0GiJ2!UM%@oCk`9ZReN-wOVv zA>^p9oNjg@^MNmUT%fX9`Cei8mj7#1aa?pk7NDTQNcXz4J9^IIy5ueFbgUjDY2igP z4w)NDCDqtHR%RaDgaO=p7<1*S%8em~ZiA1w$3!`OgV_-n>~z;-$p#-7gwJJz=ANMUm7SKwNu&L0H?DUMVp$yaZU68SQ& z6pT>ZPnmJn?8t$)vb__@xD7aBT;1_Fi#3~uN#xw34rY>o?d3L*$c5Xy_akW?uacG_ zh>Lv|fjl*q@>QU384rswSu~ci*p>)4gvEt4M(*LmWo~mMhSIW5as^_===WW;8gZMR z2jAsu2rLNKk~2=ME;w7LI=Jpwn!gU2SGVwYGXShi_?7!22FIKkOWudj)sLz66`s-qT&SDeLIIG>f%4B8n%_wg7e0M8^4)&3OC0Ynh`QDDRKxO zO*)hTuJ!^+YS-*q^-UPdwQtN48xDY^nE!12qh$NBd9a3p7#?icw*=v9%J7>_@tjTL z3-ml^Q6U_n$R=q*+1<`Sn6>I$1jP2SSvbNOCfEvm3}my)t#gKoc;%cRIY=S z573_pXLf3*)fkG{f>`tHLpr`(9pi*vT-Mx^-mr&p%hZ*5gQ6y6%wn~*QF{mG)wU;g zv@)je)*4RvdUie0a8t5GvpG?C0aS}mJnWSS-|8HeYcCy}Fu{4f5D^}9QEfgkfO=Vh z&cHeh9)BZLr+r9K>qmkk)G05dODPDZ@t!WG*0SZIvRQ|Qy$!Fix%bt zKJ*#50M7i}VeuV7r1(*3VouI)9q7_2ZTgc9zJLIpJ2IH#7YD%@H`u4qWW|&!epC$z z!BEU0jCaJ*Sxi^2m%k=c2grYl%+9SrCeAhhE|X{X9dsqw zK>KKyUjldTYtt}py8#SpVb3I;N6OgIYzLZP^-|duhQ&0}DjEBMq*|A?(Pf%`LtOkU z!@hNDzOOUA-Euj~3*>PSbOB<_b$-pE)O<~pJ4E%B&#%9tUfqXgOn=P{cz}k?G)_y{ zXXR@YTVy}b;QI~C>$9Z`w3Zh@URo32CJjTX=~M5}WC|YAPRfnY99lwTn(uMP-QIs* z&$@o7KAGuiCZZry`5DKUfrL_rth;1^SD@Cu~mdS3LhNup;L*yjmIR`=7Yd) z-09L$U$bimVpJ1z4nKf^m9VTTI$hZUMw2D<)A34MtGOo*gmu5ofY7dO>|vT%*y7~* zmLPEA|M@QhRE2cJU-plbbn%0G$jNJv^PW3X9>ku_?$g|Xpd&GzXS-`hmemjbpjW9jlrawdpfg7e4iD`Q=v8zSK&=*H0QB%fJG!}3=~d$V zW{?+20c^&_qNRoUdE-d{!gIXzH&_`Wu8E6!n1`GH&gfDvVin(fa4KJV0Sri-M?sw< zufDlTHQ$=W{9JopT<2NB;u=%6|CCLW}%FOEJ+fq9b zbAl1b0X_Uy3wVJ<0;!M*7T?y$xYTS)i_}E*PsR>qXT25WWI)hR1 z>2fiXdwFp<%_->WD7eLxX3}Zk^nvC>#GgC&nTJ7=E$*OH8-boN{g@pN^B0 z@p)LBV4D)#FHLd4;oZEq{&+PYf5Fr#+F+i`R$Wk93cp4z5z%~Jk=BYgH3{oXJGQgE zxP!jpkJKBnDqmTofW_V=!0>~~njJnC1xKI=ac}{~*rWO8R_h(h<{i1se;aA<@5=lW z+iNloYfmq^_;7qh3H9`k+OWCMyRnD8AEPk=b6s!*BYAh5Tfrv=am0H2pGDY|?V)V- z{`pZDApiiN{ipDdsiC#Ck)g5Gf9FP_Zun1E2;sX{-@(3@#J{L`=Y>>Qyi}Eqk{L&P;{CN$N zAlJEY<^~m~q}*A{Wbr*y+33-tqJ|XK3egb%&P2R#+AOuznT4lh84kl)ESMQTu%Qih z<#1*+?6Nx~#Bqg!R^nIU1Xny$uw{$d;GaY_DjMSqI1uCw~r({s6g!N0UMJOwpUl%c(gPej5KE?Q>vMAh2`|PR34kPq=ug3l^wd1h+YA3z*8r; zq`*`q<;6_TWZPMTjvH59cZ7qY#cJ8|g;NPO#YsA-pfE72nXI5x+2~vo7T4{e5lE2l z2IEy|#(O-D5Be3y!S@YTv8YHID~CP=!K>j{&@P1rA_758tUxq`8lp5y(*cCEmVkB% zMi};4_>6tp?eMEFjZzQr$VPQ=LV*w@21gmQfE3I|tCB1NETRz7Gvb_UdQTIH6s~DJ z%h!kAZhIy>Aga+`I}r>@9m|32EzH6#uf#k<2o~C2*~8 zRz#kzo~uHXC}-{ibRE+)7U^epIuj*s8tAV;42X)=W!Jo&IA&E5AgyD?+%~AshnSo{ z32%ARj-SD(1wt8!c&7%vn{?hIcwh)4^un| z9b=xbWy)Mi)Ug7(VH~f280J05-vzcOjq7IAb%ibH?;(oV<&5vC_C&}`EaGr=o7$m%DBgx=&oHzfS(vfKH|T%SUr+%5 zbrEJLEB%j$|L2DApV`{k#L1cd|HOLz?{~ufU+nb%$_M_RskHxO=T1iSe?=hwDcG?C z01*E#HvO-6)Hk-aFtK&k|Nq0&VcXbkwZC`yf$j?vay~jc0Bx%QgSnm^+xOQ_7|ON+ zdxr{4HP?tDu_{_7p}pUFy^$%Rm~cmUrPat{YamX9&3$5@y9g>L@0O9o*f*03CJ&QP z2ho~pqm*&dN#NaEC4So+JB=2I%(+_RoJ24h+Iq?N5x7w=~KsVcDn|iDukF zY9rGSC1zBNaEI|59yzL^al`uikObl($&WK zT7)b3&?L@fqfI5~(SUBFCG~0Hx_JE4Lp0x_)guTpC#|4ZHdmDz=!&XXoUt2iSqrQF z!J%ZDtR~Ps)DBa7e9=gNIyFNv^Bf9H`|jMO4zh^|J}IUq}S{c1Ls@G{m)ROSV3ZPv!n=iEY@xi6i9~k zL56Vq#9*Dp$0g7&@g_{iph`f=5dfwSL0PnyR>y^HPFY>D!&>6@EJ3x0*Lv;DfZk{C&UgCxOz(I5~y4Z&rr= zW?$zAN^{!L@Sw~V0U1w$ni&7=$sCDND&7H1m(^;wK5w#1V}^B^vB`ZpE{tSbNxGDtAV=Bh&CuM9v9CgocYy-{?4#bMG)r|rs^Ogo z#iV>bd({nw-iO{k{uZn>7l z3IXc#u`z=_(bv@u;n&$FAJBf(C|eVCtl2HvT!QdL-s3qBterSG{DKtM)!F|2a=y<{ zKr3`JoDTZBjeb1RG#7_7i3^{5tbGvLxDjuphSc^CCHxDA3fmm+Hn$myKMt13e?cx^ z*c=1{=f{o)ZZvN?;#b-3t(lF0@%iZb^A{WI*xo zUC$Tm5rKo+d+0&4qqsl582YLa(bVfuzjMM(4V@>EgBy{1@G2RIlD3~zTwZK0IS)le zsWO~p14;HaaKomC=^J+lLXWHzbw*5S4q*ZHcEvBD&?|mppGgjoP`X|ASbBYyagcS5}qPJ|3{J?oa~N zOGh@Y%(mc1KRqtBBX~d^+KtF*;6epms4!+a^dl0`);2@wi~z;O2{`Sw14J! zm%i@DMf2ANhQ8CRZ%(uC%!*J7^9Mw`b>k$KvE-we~s@2kGy&6WW3$0f*w8oPX~cQesB0;{&b=r~ zUFGVeOfZ*;_10-?mnW>T>2s?WN!ju(M&hSF(nb`*m%C!m_e!$O`8*gWVg2aGG$q!O-9QyO>VI39nC> z^o+$<14(Hl!#nKoT2whM(w3h3D6OI?Qqo;cru7+6j}*k5U}Y9>@J*tjkNPO4twpN+ ze{Lt?fOh3Z3yt}xc0Bf|O$*m|qQL^EbX^cfHX}JAcnhwp9HHUJqlH|jB78H}G|U-i z>@B3cL$+Ges$j&njiSwyQq&V~iP2XQP=4(Xe0n4^gd!tSnJ*$b9@mf8JxUbsh7CdB zhT?P^i$lHAGap(Ne+|>bOICQFbggEnFH=+Qw=TP-0pYN}w1gOlf1uj+=Rf032hSzN z?p$4tWDI10K1wo1-L}0wj}77wM7f?1+e|Y3tlID8J-R*bfX4fk zbUyCJqM792c;1OG1KmHV>QO>@jk#Q6c(2s54hzhU)|vA~EMeyW??WC-oPL%x7i@G{ z2Z1a^xtOlFO`5uNAUF0P1`i^w2<3g8Qzs8(LkY25Hg{zq91)!AU#+~HLrN}&S`5?4 ze2DnPc|bcS9LMeA-_Ry7BIwET8xLAU$b&3;(F)ewF#gyVN6pETRCJk9gF4N%CbB_G6L)owV?f}gXm4K)BbrE7b9s7&6Pu1-^2Yl^Ez`C`w9cbv`f{i zfz{smWe=*~&QPw9#gM3ZTI~eZ#v@d~7%DVe-cN)0!5MXSVhZ$zopPeouj&rj%X+t+ zy!IW0(Awx9Z6hcF93mFDhlP|&v`03$4S+7N@Q}=mNLbyWnQDk5A%PGFCo~I7Y$f)> z`Ojd8+n|(0W^FOO+s&atuTEIa5w=82r#L02w;dNY^l;)X`z;kuUo=uHXwVO;R^r?n znueSUF$;Mjxkix606K)lthl60ZQH&9LSSmRIzvb(qJu4R4!S9=DicT27F(e;9iWas zU|~2Y?t8)<31PHt;pyb(5~cSUAMfMv+?*re6C7hZjz6Zf=##O>C-mnH@dqo0AJjjY z5-KQ5NApJ{af`;tTA597n>cP*0&}mFD6VmmceV;d(e-KyD$^cVL+aDc z#5t!FWc!Z>SkUFAZvNzO#zxH6iHg6^;r>U!Pa6 z_c^bhy9fFr(oFijwv1o*3;b#OA9)=rS&6yah=+`L#!~Cc=gICqXDN6Y_(`ip=YQNy z>LEyG3Cby}fwzQ3lSXXv2lYt}(r+4bhD#^{~`ED~@RMbh_4i0u6|R6ci%pU2a84 z>DK4UCSONNEv&LynvHD1_oJ@B7P47u9`!|thM#An6Dd_d%o1-v?@!*@Z*-9>4z?h< ziD#;!!<%BT+kLk3$c-Chbu{oM#U@LjoYW~Kj$cA?W|*-L53psw`5k{q9YJ85Nogmm zDqqeLWJCdSwoAil{sV%DTO@2~O}SwzIeF^Bxk_bg2U zCXyTA!?+I&006B40D%9=OZ0ynME^f0z5j+jyym@j+~P?5{YIfUttBx*6>T1y81|~g zsykf1NR*(Io}E@98!MC;KS{^e@*Q3+emJz$H^M*6wa7c_1dKlbr$|5{CC99yY7hbX zhRt6vXTwimcI&;HuDbNcc}f9(m~{raP~<;5ukCpa=kfRoKC3n4QXeCMF_rfnruK^4 zo5fZxiEM$Z8No>nTH_Y1-P#Q*p~x_)v}uRh5I)x>M8<_ zF>u!b7x;d^RMytk#v8M+>C{tIhGuul@59W&jUPLg2hdYJR${EUOOE#~ZtmHC?kw2M z8DC_jOt83U8*zzvJy~Q=Z=bNOJqIJ8rhCxUw5Rq+A;2iZe>ZJ`QTzuL5uAn`+rOD5 z>?$vI!k}CJ$CV2&x(nd&bl~W=XbSTE{psMqnFBLBZsII3J0_GKJZZojqE9bjX}|91 z+2E~FnnD6bWFw0&hDgxEhDrP^xzJ$=Mt2l&mRaNkK-xTXLk$P&3Ub{ ze70XSt^AbJ_Q@EH%X6<&&HL4D*QM~*)_cYEIqQsjT+jP)p9;26zrYyGpDWy94*iRq z*rT_;qK0{CUeHKxKFhM4^zRdHyg&@IYmszeU+m>Zrpb?>YMv(n6RKzi@R&^|q>O;o zZGmhrDlA8{)0|U}?Zs$1V9Iv8vn|f+DyNeT_CJp;0Y@`{gWkpJ0A_g3$sRd50K^O@ z1FkXH$ZB-3QdFl$wBqa&6FWQkHWmhfZdOw%^RA^`!MPk`u^2%!5mi}*@XA&n%bCu6 z*6$=PSTkRA>p_S78m=W7>Zh}bc^3n@1=_W;3M(KCUj#9FFhRLQ*A-?1j3rm^wxpY5 z<*{&2pSSehF?%fg!xYnZ79V;Bn~TtZX6;NsF}aIK5a~vThc*-@=29L#+uKTRc@_g& z-%Kw$m}3J(X}{8q(iVe8`S5$hjA*^s*a=dtA06g@4%h3oh=a{;Ub47G0QsD=Fuok8 zz$m5(Zc%$!Cw0F>VLd|_shq!0GA3W{C~L`_)3-Kt&;0lw@_Od-repZO5BN1DR5JP_ zaPwMDXf_LNW>x{dJFEOp{H_>8xMiEw1gQc%Si!l(p+2`yDO?!2^0|mkXhCK9qto9# z8f4~>nI@1yU&We+v%^Nl0VaRocDK4$kieF7)vBWb(&2!0W;Z=@+$KCR6EV_A?P zXP+q;mLkv>NomdR12OT*DnQJ|SexbHv;J=9Xgi}dbAu)~*K;L)u;IyU<4bUUb^xU6awQ%L?WastDLg=Vcel!INcKq>DPCBQO z%}74U1-()(t2rXiGATlN=?ZqnxB8o+F94j!kZOSJIE|R9ueRG*;ZfsxSzErPJ?GVNE~VoU zS`ylnjkG=&*g|E&sgAOJ*&pR{YVMk-xFFw*WFT6#E-)*^Z*PRZ{BNP9>zF5SfTLCp(qa?^HcwLY+=>H)igreVIU zEG7s@j{Gx6)kd@CgLYCU@PvWsRJsAr^$*&sKF?>%m15-Ah>%lu?Fj8`3 z)}l%;Wv?sO2vf})8>DQ%z((14dSxHXANG0N`r?mRFDt9rSxu{rD8Jv!ye$J6aCOL1 z;uSX7p~6b;D(lj7i?+yt)>_JcG27sk2X|T>!TaiF>NhM`z4yiNn)m6SK%pwzAyq{?X1I6 z{=yQ69YWIGng=Xny474$j7od~yP{PCBVexU=2SDM{mY8O$N3Wjw{D(J%Tr7W0#2^A?LEq8IIbgO2oB)*ih*V$1e` zp}fKzMIjDwSfE$t{0a2v1GRZ^f4Nvo4iVrl}0mD@a35=CO6j*a9c^9E#Ei|v-rUq9 z`)QIlPkBU+l58re_Pd5CtXL>?c@>@{>TpC#8t7(Lu>#ChoGgSr@@;-$3HfP}n$xf! zu~;AJP1{u<$w*>Pn%Zw9XuZWbZCaz)@OaUs9~vjw*KR3@1y^U=^$3!~@HF-DM2biN zM#r-mETbU>sIsVI-5PyOj@DJcQ0cg;qKhI87ckYxQmB;{;-yupZiEqRrw_LX4(tXY zu^YLoyMkeAxlI_+GhWio97n^Ke0Iog41U>lgIK0~Q5p0sQRsWxRRgRSj!}|w7OR>0 zmqV1@9!AXrq?S|m$Y#3mTur4g!5iN50*O_Fkn;@q>p0NrmDp3mJ0pk!iD3ii7ECpU zgD7vc;hv5SdBX)_K^{e_+uj(#c%!_)FP7#3dA2`PGc|bFAMGa~U3s}Nvmijm>8jzT zf6W+B+P^=$zts6uCV1M|RgRsd6t%a8-E1>@Qj`mi4XT0LeK4a*_qNH6-`@Tt>|JY- zG_j$U8;!slF!vjW@1rhB`)02f2^`aBJK7g0E=3+>HEhm}gujg&I$;U)~U8du$zb26vvmOt`6x20S_f7acw` zsrK)zC_uykN6e*Kz8^>KPGYc>r16JnA<;!y{{jMa+RFgH?6BTAl9@eCFmTL@E z>(mm_OZ?QMMO6!#b0}c>8JCgtwURh?(0oL=A?a5}vM0|-rSvnGyE@>M0ONbJ->%Kh zK444EKCnr0{^W2MQamKD($*t!^Is>w7E#p5rB3z3K402^17aqMG5vCMtVrfW)6M<# z^7ZP+DMZ9Q#LZVfxKBVOVidas3{CGm|9~)s!h_pf7mNIhBze}XKeT1>nR8YL3fn10 z7kSCchbC>E2{T;t!^2c3nchPI9t6MFU9;()Vx^1bPy490oXO?MBns*DR$YIhRYQif zZg`2CPkYOYwv8L}uTxJhOCwg2KfE|)z-UKFCxdDPEjls@6^s&Pkc>NE%CGJo6xqn7 zDUUC&8#b|Ztn#$EX!K}{o=MBfhnG{UrG14OHzG9PqPnF%6McXSwJWwie4me5Q$;B&Wtan5u z{ADMJ9EuarXTa}aaha!%rin4UUwGMDLrFR^An&maR#nO#T?ys+M{BpUkxDt&=!-fW z>~jY3o!QsGDSwx!g2u6_UL}Y$h?Am9-`>Fzn-Zx1+1Q|<-sP|1&~#DM19{eRf`L|B zuWOn-gF=iL{J9^@v9MGuqfIdvPnEl3$2Fl=_pmC0GA13g6D?_LMHb$PKSiZM4^>5m znVcyu7XX3?XsaxEX<`q0+!ry~B*!2kV0-qtj$Ex|8!KsyAk1boPk|BWPAcQNJ$#IM zJw=DT|2xhg(G6MdecVAiV(7+xL46Nxt_m`78ED;CO3<#^oI5N_3)HBlG=}0X$o5<$4A6e zym!B~P{5W$Mb|q{LMoM7+!{H89kq>ki(NRw`*H>GtLf~I#ZiD7qoM&1XHGn(p0Q6v z;xv;cw-b{yHb@A@r1d&EFs+MHcQFb|;h(s$4cHs2y(xcJ+Hf>(Pw?sY;-E;P2mn@E ztQ{A=dv#8AM7hXe@uM2(q1>g3zk$OBU<+AEK`_EHwVgHwp+KA*N_r^CK}a5TG^=~;ER@&10wgokV=qGBycC}z;RXZ47e5Qiz7)3U znpuBCdHjC5+au5h6-wZsFjeZ_(KHqGH@!`0>vm?Pze+r>zN_Tc)e^O<3DBth0 zWqzeThJQ7Tzr!7x!ZP3eva}pvk|;zf8gl{IWq74y9U;$PS}m2cdPI8nuP$Nk{%PeA z!A5*($U%XEqODgor~;2tZ7KCLAluE_k}yW>#z8423{G#8V5(=uH}tw%^10DV|FNJ- zldNeumsLo4xq)7aAm&o{Jg7S_bpEhUqz=-0_MoJ&0%IuoH}nssyW*HrHF=Ca)s*9h5GkE=slMizy|5u*JI~vYqe8PQw>P& z`!5`lX`h?X2~UMo$HJg(sv~PhbSf`E+jY6L8n+T}lOL;N zYfHF~sTdxxmnAv4=A8S?ND9D-6n?y<207EwUsGAw&VMUARD=66mngcr*xG>l)i`Sd zjAMK~RJ%T?OuyTzjwdP9ns88Kt7e)2>Qzgv_B3W#{XWWp=4e-m1^bceo;s>gt5ZN* zGJ^(BN7Wq>Uxl7>l;&=TY$`u4o}N2A9r%3Nv0~>`TcElyv#Iw>JkSDKwd!KL{d^hm zqC-W_ai8Eul+*%u8g1(}&Oky!{|3yE&?VL9h{ zul+MMGO%fut!A|K%%x>+pAxvx(IlTBpInm+J0QRgTCT!vlm#}1xa@4`)9}RSxfp2c;Yu3q1$^ttwwiv_! zUxGk}z@mVW$py|NHh+-l;v22c^x(kzs#C$IjviIL8C02T81mk`vUgt2b4=%Gp^&3{ z^74+AT0yRzR#6I2!sWz_Pm+$W{dORvzO~MQp->##>ek&E{TM?;((RM`(k#r z*^y66{~qMh3^WS3xYxC2x^hbzYHTG2^_5_i}gk^{04L@W;pVfd!~7fmoF^d!AfZ>m{v-zn{2rD;4X zq9kmChC5S~LPbqd~0t;F4zqp35DnVR5FBL=VDvZCfwewVd+|d24XmS zwn4j1zM_ecYCV5AB&6+?Z|#|L<~WzALJ6RBqH$^}(4CuRpPUvslyeqT-lmTB-Hp>D z1m4gUIiXrcKcKiF(Z3(4Yh=*uvLaO#7DdEOEm5bk*Z|f^mB_27H1&A$x`l_u+ad6Q zn4WMPzzB0dd#y=?QgA{e9*s|jpAUsi03#L)SmYsG+A-L^p0u39+`-GH36Gq1)Uv95 zQJ+u{yb2=GKq9Pzhl}~v73VB*tervMYj&J7qxA;O52vlS2@}ub!`1BlOqFoUx64CH z?H=3pA*H8EQd%=ox`L$6R4G$eS8v8nRm-%t z9hUEt%?^pu^*#H9RQ#svQCc`HzH_oRNUO)2q6Mbqjldt-*d0*V?vZg$d>C?c>ZHpD zDa7qMJ>Mz1`V=%(Z(!MPkC-hl>D1-LLsigyzp-n^4CjfTe#ku`jxq5aQC2|Q(zS0n zSF$M?ckO-!(~87sIZ{@hlvS-N3?nG88!mUf5qG)g=ZrMDWy(s0bK|z?Ow)Wqiy@kC zW?Mc{dg=5Q=7}uuFn$~tt}juVckK5Y{D&GowX?s2%c+NDdS^T_59-lnIwQ1TrKEl2 z0m~2wQ=n0X1vmr44?^A`eT8d`hsv965&-zIaVc?%aVk`Lf?F(b3q=qgO5jW-DEkrE zB@U7(SZ=A=5ItjxgL44@Yz1ze=hNFV=bbNRc%0lP2#>6{-vFVUx0{EAfF!2+ILxB& zNKSL#f3TK0$S~bMVdE*%Y*hy_lD~U?!T+&IZSLdfSdp`>8VgM|K|b+7}#xT1ujac zmS+#DS2AFhLM2}ek1u%PnZm((8*Mcw-Di|p#*wExMEH>oCv(jKL5W0#aW;vU7VFDj z(>w5%yUCExGi=@zup>aphI;a$pRPhWluH8rMqrGl80AOHM%;nF*bY+MvMk06z$ zw)kM)b*`7jZlhU;Tei+hF{YA|=1Id4{X_gTt+rk_$~C1*A6aYe48vFZl^f!h$L&Wi zvd4uHiWM0_OUSaKWp(;!iesrZ3!EZ-dY<$f#CzQhGt`XOYJ8>@(nvnc->Q11O~n@5 z2tAC?0O$PSeZP05)-`u(u zJyF=@F%vMIhK+gsM-0g*7U_ZwG?z-M2@vtg`M0g4V|)z~?;U^6+wac0jv5 zho?x$gb3t(XDPs?gCGYf`ym|w2#k5eqKSF-Kt4#6?Z>jE_9{a_E~gkzK$=BVB;6#HNW>P`?0 z0SAIz;qF7G2PqATt5E1e`J)Gl{Z7D1~6rr90b^^wFNoG!zWi$V!a>lOdELzY}qJ#MNac`Zl^oEZ_TrgxS zZ0}kq%FS8&Jy{5lw2Jvj80T-XoV3mYWwg$4W0?!CAP-4m$Unn4(26_$(HNg%@*613dykTG9<82mb}J-$ zMV96KgA>ENORki(r>K^Hg-`WzwY?5~-m)*GVi+3lV<1;wARePysp^1hk;iN-`K$PL zxwbqv;EfelgoMfZ52+kg1R?2{y=f+mjB;#>&HSes)^gyj=%TmiEhoB4@Xd_Q4mrRy zI&mQYW&(iwVr}Pj&d7X@WlFj$($kV2PXb##cHH&iIQ_JgTH^*WnPeA*%QQz%hJbQL z2;&}v9f$ckk&T*y2Z8+G@(*o0SX&yt;3Z5Cc~}yv@Tztau62CAoS!ets^a`~eZCGa z4tKese*o}|)$GHVGrvAR?evK{9Z=pYIS%5jl?~|Cg#0apRxD;Fh0lkK&moJu)ifVs zCL=ewsD)h+Jy;3Pd$;;oT#D5ea)2-Y;?&zxHV!8Fl2$%%bhZK$23Vd5WhRn57|K@p zwsGOIEW$DyE!}CK|6#=TG=}W_Lvk}TdtX~PDx+q5#Uh0EcokKu379;Jg0SwnBbvj4 zjA~w$Vo&%tbwwp(A8N-@0$gs#($i|9u- zr*KD?B$OtKcn1wZ1gWJsVwp~J!;!jFUEICnL|b`VSKLO<4mzM$2rm4RCtbRqGOEBs zw{30ys-|c|OV4efm-bytwSw=ERQ>pmw3%s0thRe>O{mK%C;g~At-1&anPZju721CC zR7|7&PRax>r!(*pn|J4IE>TNhAQ@rUIK+FYgP|VFUo{a5cjiS)w3E)c`B|6mdNz*n zjatFdw^v{sz~9A|@}!75PH=wgo2 zzB9P;;SjIa$MOM=ryhd{z77Y?yVPK&v`@?23aJAqq}RvWU&p{vS*F7Xz9mcX4GPrS z1k0@FzDol{r3(Q3)@WI?^dY_6qL2?pyzr0;^Iew9OpPlo5hP|DO_IviqX3qvJ^Gv* z6)si9R(|q2%^yd%LzukY9-mtSGkDH`&E{ZxmlKiM_pq;d?@p{q_NuVer_g6l5wyXo zJEC?HX0`5Zz0yG>bKI)ZU~&cbeL696(I4a;K{VAL*%{oJk(-RtPiNC63YB+Jnz2x>aKDX0p?4LO&tkF+DLN;Rr#SRz#fCn^o9{ zU1slbqUZG)GF=u5DgsSSoY})HyHR3KzP!1=80)No8VspZycRU*+l~yE8&}T(*h&?R zhyr)D3X6A0EXl>Tt%2xA2d~m7Sw*Rsb(STx4c&oD;6wk=S7kd8ch+@trG!s)K9z=p zKkGJ%f_7}CWU@DAS}ru)V(+}x`O5iz2|~Tufzqn11{MWNzO=c^cjVy6J^aiCma*4y zDi}7Domr2`Ni!@yy807T>=QsC7;n}L)Ic;LJ!9l{U&!VUWQcC=9E2VmcVKHWA5r26>IS9kpjw!H*TimeJ#n(*1Z@d4uumS^uk&MZQFwWP$)C)*C18Vl3;R zQdte!*o@UqbOa;eve%}BUOAG^$xN|kJVlW8W;Ua;y)PSDHv@`8qdhW!fNOTJj^3If zDy0D1(a_jmBZE6Kk|Y9MF^%psq?XCW)@c{mL!ptOupIEXaqJBY3iUr*8cJ3wv^C_k z;&IQhsQxJBmZtBktdWQPZpCKycy{AHAn0PR71VFab&#m?cXVvXZiaU5Hz3hoa_KaX)Y5M9 zjI7+gO}5;zT`cQjQ-ZHrd)JoH`^YewWV4V4o7}0NPe@mSDZ_{%8mPm)ZaNJG6YpRd zovBT}xKCuEF9uz2>NYE_BTJSJ7}i8-a`l}3Tt5#vX^E3WhF+#~O;R!DqRKg7?G+uN z|0Yj>v_Ur@TiI(?k}BKGk8~|rt{yNW+xR^;J<;e>J1j^pYd&n9==pBBMz|<{<1dyU zag4PXGZ1D-d_$y$OqcoWS#R@2FmlZC0@xP{4-!wC;-v`41R=n|(_qskb;O%5gvC|$ zI`K=ZJb$OT;{@!Jt%1*lm^poj00}ut`>$b4iOsAJbu}o2{iufP|OKq)Q=y?mfxZK3TIay zH0A9-S#z?KV~$Ojdje#cTTB%;TwEtjHV_=j zY5kkf=^*#0e&n1w@z?g91HS%CPl$7=KE36-d6D0lq&X^mktb z2RcouvzhtD;D}gj19YwnjKYX9PI?gZ4?&4wx%2XYf8IMQt<+i}1c=+^-NzhdL=^T5 zO^-fW1sv?c6O`P?0LWsudYWLb1vf=;Gy$pN39Q2e-+mS)4(Jja19IDOW3gXTj|1mZ zb&G}w8a^!v-C-{DnJb*?K*q%Rda`@b0brXW$GWy`j0+kM)$ZQD9+ z+qUgKZQHhO+qN-%XMW~IOw4;9^^;k97a}TiXYE{TY1*4gWT-O&YnsX!PrD|ad2^=n z5TzCxs`-W7$)w&ztO7T@;x~`5(}p-Jhck!+@7;ocYQtBi$tag)`^Ma`K=>QQeHg0; zcSPT${W781X|}@g!U28739$EoS+^!UI5OhnsZKvMl(*TyYyc0fxJ6_8sPp0Kv55sD zUz85|rvo2_7}~^5iW4Vcaj<7%_cbd6GlkrcE=4CT)PLuVf!c9$Tz$Zl zcC~=F8wINz#BnROtj_^tf}&I?1}VE;v!WF&=o+i zOol%ujlrF~Y`v3vUb?&Px1_r3sJ__&&H{Af4?8L24YDAo)&+}(7m!#L2t8SZ&qb*UTE zq2etu6Nljsr4YCcZ2;#!8$Gk~GUEQ~bMs9`)te2Nx-VaCg@bM2AQP>_@aaeg;uXI< zMmc6Ve(eCY;{#_c^<-ce=eG^N%f^}|`zyrD{U>MrzY&l)|Bsxdr)TGGWMK5yL{IO( zMMI+eA}JyMH?9&o!cty<6##%^5CDMnznS&_Zf!NPb9ee{YeU1t{#)o8{r}LHlicQ3 zI491ISJ!rJ+`Ka{y$5lt_Rw}#)mJ&S8O)0`*Q1O*< z+QJhW|7xAn+vQTSpX!Vz-#D7dvkd{PhGi6t@JZ2|4L6AbNvt(1%v0m_` z?AfII3|Ca2zh3gBqGmx|@ulhOoZMW_nFm|z89sh~p2s@cO-^lDZrRk7f7=Q`DQ^pv zcYbkfV$Jh??Z^Br+pvRu>q>5X>l*U49oEy4hwbZn!Sm{wn3Imv-tb1tQv&XB=Rp^p ziQYuxW&--Sm(1%Oxy|9e)0qzoE?N`h)44KpJ^NbaW{nE7+XQI)$=cbB1$MWd=X&MS z*$lS4-_*3-bmeA^TRCER@pL7w!g`wnTZ>p@`?%deY-fuMv)4s)^-Q*iD0( zYi3lgS682p8LAe;(|FKaq&CJEh$^8vLKI7w&+Dmf#ro<71)Gc93KnPMaP#4L7CmKd|4|OQ?XD(9#~%|$1~LNa{G{YftK&B_ zF&94NRUZ4pw(J2KI)WKjKiyiqzN}mAAK1I!ca$bnrAfSrnu{j97cuxK$oSVL2BuQ8 zHX^klf#wRcZfHNCv}ioKBJ@6Fy3njrMBf#M=8WabV}M;W!jLKoQz8u)u9iokG=-YU zGe-4%NN|X|c_cGIW(}!Yzg)eBbsTjo1-c2-$PX{mX?adnE^9h>EIJ0iUg;AXiCvsn z(S%9vkiF6B9zv4SmP>e%B%QEmNWk7j1e!;Ll7v|9$TK~PtZhC~3=bJ?5U1N6)Klo+ z9KW|Sq=Yt&a&eouS6iWY5p?o6@gx5;nSC=IKXA`hqr72U*poDJ9L!w8F=;_;cNY<3 zM`D{vbb&|7glU_pX0WD$S-G`qlrG)5^hY$WqI0|gCK+9y)oCj^NpVv{7a-7@9~tJD z!95P<7OIVS3NyI|V*&>|c^A?2zg*UOc7h7}fd-{$kAi$T^koPc4y9sxftmnzcPI*T(RUOnOvvrIyz!avn?u6{jIn(CQT0xYH;BbcZC0V~Ce_mOx6bV8lM3gw>e&}* zUSE@TdHZXOi_<-efl@Z7feeP`1?VwUY+{hnUqvNIZt-1lCIdWYQFNgEb&^1ZAtz0w z1ql^ZWU9bRA1N;~w3vlL144w{ISr$rWC1Wx2GPIbM6&!)u&P5zfE=Cj)OxONE{f4; zRSKI;b^(2bZem2Z3}E#1qcP2sb+?wJ*CdsL#z;Sku9OhupU#TbWj2QW3bnKw5?>x` zgW?&?j}~84qSAOIXT=PY%HY`-!JFxkE+?yr4>!B4QU9W8*~*uo%`Z^#PY>EJn6L$Igcj z7!?d}6MQ$BB5X+99SkAryq%;$NKLT|Ov_N+7sw2v2l)_*lB;2%JS-$M46^MBPSNU= z7^FhLBDYc0NGifAaiL!|L?xMZBzt0r z$*u`d=MU#-%QylAy|fb_46{=`#;?Z=WiCt``@? zL6@+`+gmb>1*oa^ym%$8CkWclsBGEd6_=Wwq1Wj7+{{H&E;nQ53*~AIkb6f)44Cr( zbIE8L1&M@4Q*GjcS@ULS5(4T#qutTRvd%@ARbJjr%w+A#ohZgO`5hmMb zR7sz?bW6pCT>9}IAS6o6{evkjRrL+VGf>pi>We|piYrn7W8(UYS+bPp%y9);wP8;A zmq!*`;KF$wY#pjZB=4!ubTz<@bQ63a?8AWCN~ja+I`k?GoB)~&p(Z4|7W$6hGK42= zrB@e2pcC!6&u8#r7l7N(jRz-4D2%N)&<^8H)D0qrU>gK}Kw(hm76M186B94^AgrYq z(hcU$+YU*V5HCc5J=%?$8xEhp6Lz{69B~I;u2*AlV-KfXVfxxW#R|uA-0|q*NHei0 zfwSl~wkR8(UJBG*_C3i>sF^-eII~DmzV1+B95_MMA|}G&s2XVA+Fo|L!m)G@S`tpl zs&TNg)H%as_ThaHq}&LtA{{P}IfH{@UV5QEnJT6cwO+Tw$go|t@i(i7uX*;>jt4_6 zF;9juNZ)Zg5bm{x@@Ax;n1d>DPqG$QD})t9uDv_X1a?H|2xIzhG?@~y|{4p?G z&sg=wpeysJQV(^gdSpG4flg2$CnO`I3QlMvz)pOW62)!okV{hsQfTVqw1nnH&eNBZ zsOHcyr#$q~H~}L+nL0C6V4KprLnkDDj=*e79pJThq3DFz8@t>8iH5k-LK1%fIdW$p zSx1zLLAye7%$wqvnz-l47-B4s=&k>YRAL`(T(JCTS($F3U1G_En6Y^vq5peZtdBd0 zZp)(c*v1anhx3U(S%s}ATy1tLZq|Y!^dVp zf&HOD59*P%IbjJ}h2YJ?G!D?p4-Lw@Xvo~|&*RdXtsh~XsiHwZLK?7Ivi}{nf^ISyi$#6={NvUQpfBJInN z*=@Z97T=+gf14+6b&BuuPe9VbqATpFS~w$?y}Zw1`=ri1i*)Uuzg^r0-EWXHhiQWN z^2}7sx?kSCv?{G52pMdb&sWNW*H;ApTw5oKxPE__>O>v6n&~XEwpS+dE=EHg?tB)6 ziaz6R@+ItOaw8e6DUZyr^c_(kN@$Teo<3P^@ zu^e`&MBmVExB*+f^fxi-yMK3CF(vSLchy|ZBi)P6dG+zIJxC-JiFMvwV?{0Gee(8a zQy&ekkX3w~?NDwhGF)L_X-wE9{m40H~%*^af1xW}e|F;}3=Z++K^y%fji6|A= zn@kFNShB|5^qHg)=U{>)5R!?Gvw3)&g#E>g9OD4p zd%Fov6n$Ca$nDr0y%($ShSWW4> z60NMXTA3F!E@DE5@=StUWYZ{}LWu(E+w{|w;3pQe=!nms(>-S~#dn-WE<%UnAT``m z)hF@#I0t8@fsRBSElO052I<@)-li9@3y*v@Ip?p1b7Z6$|6vEZVBShXQdYoD50S)t zY(gb0y{BGf?^j7P#MVWHZ{85nP2TM-cDN9~y_J2CB(^pKv8+2#qT{g03U1p{zIOlY zgp&o8ESz`LKGH*}y3nc+s__J!YK54Fh&?K5vjg9Hk)Z*&~e&(kljFL>-v3j(XYk^5hXjyb~8~ zaE_RPbIqy9DU8oM={j=Mv*2}-+sTLWL_)_F!$`8BUGgS9j`nkyf>~FQ97u|;liAJBJUe@*Qkyp~r>trhwiavluj0Gncvt^LcGqvT$1{!Z{}2q{nf=EKI_m<;OC z3t(AlXw;%Fj?^vDWx?_A#mGkU$H(vnbWsVJ5YZ4gmm-bn)nu1vBS9OI%v(>rnBzaz zl3O|SX#}!ipRbVwRE@wd1%>kyla#O2qKTcMgO>9#;wOL(;T@s%yB0`^{`;q+L{nnd zFKv3y9d}|hG?_&(9*uR<1*$b?aLGo7yCjh1W6$cvg2+46&rv(5KpbM`Z&^msa)?sc zUJ0}zZezm_NEw(lcOx5%ZsKj1b6xdefAE}}R%t{gVFhTmLoK|*D(-mIVte?ZW&W_I zy31=LboTC+KHj)fZ4Db{K2e!HaLjF}J+rvKiM-$=?4bCrrzSS6Mvzn2h##~8o4{?` zCS?PalXrlapysB^dz|o`IXj%e(h_!=&RxTAZsMa<-G$~v>I*)Jbm0$-qi;?OqaO%& zv}-U1OAaAU28~9#&}zJY+A>O{i@Iw6)IU-39oYc$q&s7aliJjkbcku!E5H5h7VRp zT;kmY*ohJR(<4ddX7O-w@?s{sj_Jsh?UCH23o7bdj36M63QzqsISOfTr#w!D6xs+r zZT?k$&kz~V#Vcm7Lf8g#&J3P;$EbOSP9e)EfQ~%ocoB3Cr_teu4^(!n>)>1& z(_4^bM8JqJuFKAp3sMh{fks3=cw0j?*C1uk*MfAd$+%0J#BAI{qc62TsIbqfj3gM1 zKFfu~LPGQ6+R#7VzV|Ph8nf(d1v@$d9@c~O;WkUTKTb$toE4-bzHgX1p2uD>Fi*#r z*)qD~f{t1P{4NEyn{>o5-`4xE1lqO$oA?B6uGX{k)%n6XToJz6F}RigkY(({lAfr! zMM|Ia`~!S&5zqrFXIW{YEtn!}yTXQe#XQVi?#q?(q9b*W_sa+NFn7G}q%91QaUnRX z9X-+o>VjP=*`~_8pYHrg8GR?ThA!lSeI=K9(un@OfBzzp(!=HqO3L@yw#LN;-#QcR zo?kN&3;pl%6I)8tF;DpzIy&e5@ChX+-F=2w7RSYf4zpzUN`a?bKLfmE~ zx@Esr3sD;v?V=mWs{c{4Q3L^bCGeM56_w?ivNSf2t|pdwc%_PMV}9hAgAdl5`Fltw zr={rl2r}oB;kygg#CVXYzh}Fc@tw(G&Fb})(v#z&$t$QA76_mG7Rz4_A@9L{xCFv0 zqt^`L^S7;!=vD(Lm-yBls7GR#)_;eHA3QN?hx`^Cq+5757V;C*zlVe$Ts*3W@U{iy zJEnIB`4t@KM|?LI@{`)%m-to&XvZQYt|w8F3tl-f&1qRTd6C)2V^OzBNM^qz&|C4+ zg1jS9Rps+S3HkL*p6ONWXO^UoSAsRBww!D=@jz}DPU0IYA=Zga+q)3<(#vFrc&GcyF^dq} z+i+_z__533hIi*PIshF8&ksmT=mQV|5C$Irha3hk07*;igD_4X{z@+`0D31RAB?q6 zEFTKCAG!yH5f&Q&iMB7Mk5x^?3%0V$xi4k_W{QX(8rzGrk8B6b8}Z8EhNvs(g`^vz zhL9WJ-Wu+P!W;6vtHLF-?9TYUSbE}4OMAn%vs9+gA{@1@fNQ&^X!65Iw2jZ9pH-tH~bJI~JY_ktCQnZd!(i~%CUm+sas9V`O<y37GjQhq&YU1p<%M~4J@?K zXtU$_CS^m{1Jyk?3hLofLeI_b87F0`ixFtBu`rzgd9q`GHWcNZhOco^HKbRoT1b>7CfzqgM zv2E|nTgAmBlp&u&k-?ItZNi`fL*+TIP}C`1$J`>y$~M0K7Kyc=i=YJ5Q!3JwbYOpu zt)$sThLfjajLR|9HU_;`4KOO%FfBDx#2cN8L2P(?_K^01_WcK88c0zcyOJg0>M2KIe zbR6=u!9K{so*GY64^t19mqM;y6ZPsQE~c#qZ$00wucw!D6Pk-pk zC(I?*PLJ|7BoHbp=_aKcvYOPDyeBqrqv~B**F#VZ(B!KiKfr@T3AINT3g3oP#*-agW-8mVMZibuq zMn6tgT#Ctq%tPZGeW+L@PPif^^ z_SVtGF54!QJU7$`lw#gYF$GAa#O-RkCD{EG1xOOZGNs{O8v1E!Brpxq^TV}4Iz&kB zwd4CkynT%vZil0@@za-Hmu-$%CAZKFg(3$RrTnXw{TKlZO9ASgd7vvxUhl-n#m4uj zkoFw`S166OsBFK1yCHt=#M&MVMd98q`SF0#c1z}gg-vMXSy!NcSY%vF*6xabgs2&- zE{d-Q(AIBdP6TvIV6FXd!r;1k`Gp|?R%<6L8nSMf?0o6qIq3N8z9C@3P&L~pHws2@ zYUqHr)`E$=ac=+dlRfIwQtH`5UcUz0gnd~fqv?6|5Auj9_0g3I@uiE26vjUJ*Hpyh z*w_<5er2;lBaJ7oPaKxN?V2dedpp@(+Jtr-2;e87egBLk3UJ>DokVy}q4=xmT9Tiz zPzm?^Y@dn(aW1$rr+#K{7x-DzPXKuzXwD}IT*niV-4@yI;B3;&jht-RoN zNZU7W_yFM$%0dNz)XU4zfk!$#Q@$R7 z`V-Mt^eFyo_KG-r)BCD$MH3kQz1XOk;I5cz+U!FrfV*H&C;3>)+TK4;n;s+jQ*svR zZ#uY88$hz-bA$ljY#bks%Waa`5)f}obwjRdt2Mt3S7*f$Jzb3S%)=NBc>K!LR<&=j z1N|8S?%Uml?|?*=1%g~U_(0g$uE2JS)DlH~2bvg`I~AiyMBk_j5Hk^2#m;I@^|ORp z7NXS*eldEyYH#cnJ*R~O}H-851 zEp*YrW^u^-YqUVmO0Fx-r&1AV>I5*DZ+aSn*HOc24bCp5S#!C}bq3fLzi8n(JnH1x zwLCFfjKsz!(f&%c;!9DahY)pcSaBh6a(NB3{wV15CscveO(wlp&o0wKa}>lx8+hc9 z5%(1Kh(Z+{bxhO;vgL?k*y=n8o{3^{PX8{1_jZtAxP|-eZketN<&CYy+hjc$=}P^T;-dg&4hdOg&Skhdm5dA|%tmi2nSBz2pKv5nbJ( z8{B7^8OywNxk_|&BnMBdCL#{1BNiE)^=VPLP|t@K3K2{p4WaM6^aUCLKj6X*NPjov zjgk1pm`2#7c`GQbq4|SeL4YlSq{-}?$nsNOc1UAh+nhGvhfL9F8_LBkc|3UhUZ`K> zA4fg&Nys|C%x5zp9O%lJf#X;fJcc~^YL-Qk>nd1h$nQvLdlhWvaIC*cEk+sY9Kz9$T^2RLx^T1)JwOkH zP_&vi?_Yl2myND&^2~q7O$zeZYE6JMk$&Ure^UeQ52p%ave&uzP>LiP2YfWkZ%Tr_ z$JxjMV`)woP@d25YUFhIXmYg=Ig=A3t^94pV>BSOnCvGwIaFw)lX1W*uOqYs6 zW@8|9`pWODaPSu?5E)dGX!vW_L3^@6bR}|B<^-P@S4+$18d~K!-sF?eH0Dz8i>iyCw*DDfg{6{}Q2cYL z2Ndnhnos0_MgbwiAmMKNov_Uy*Z~%{d`@=seA@hpf^f>{Z4o9LL-tbnU)I!I(d0>u z1HI+fiQ0_L9VhgoudU?y2(rV@15oCUwxX|GhQKgt8k^PZoNkAKfnsQ-)a$!1R@D0s zOe*U{KIJTTL&u69T7&2nf3~f@@W+X!C?-Il#9;7TkORRdseUlU=92Hvw-6IVFR|k} zZ~7lqPiKKTM#A&62O43l=|V3+9i)`e;7m0=N)M%Lo#3yI+cZ&?d}V@m5rgF#=R4x} zxpVoOtp)XH5IpiIr&TTpN5i&g%T@-PYZ(MD!=Q9kuXLoZr<=#NsN=Nq$B}CBsOPU> zbr_%q9nK4{{&=c2TbWA*eXh)a$GO_GHPTt%ptKvfIv!V~PNbbyu^+4Nx$`umJ5*t< zqn&}2rC}*?)k9v|edrS{f`g-60uB`>aFk}t80Fr_Z{RIVf>7lojySz{+%P;T94S00 zT&2a#k(;vcKzrq&ezn6nP(?6$qFgToi~oflWYcxe4~j?5yLM%>2V? z?j=}JGtb(|KS8%wrqI&jLSRFOO)8slK`SQ?)rbNGsHkluwyW$gbY zH)+asF1XZBQ2wVs;11CO8Ra-q6tFXaJ@pdA(tgX^z^Y0S_cCJcykJA!a-O5OB0n}o zwJIL^63b-l>jAx1AlXiF23L{XU&~pNtt5lH`K6CCsue<52)7zY<~69=_+H#LZD(33aX#LD0f;N3Nq6SocK#eF|D85)mfCP?#LUO1#N zXRDL(7m;P%=Wkpo5?pzZIGsGNDydVjn5c~h{Hg1G`#zb80J`fs{KVW8E{pKWxQEcP z^ymIl;|hEXl>3?h&1fn;eO^<=b}R5Ab|v_xi#nX#wyFi5HP2C*q&AJVqwD0-w|sGp zPmI>Rw>JuBoB68$DUn*i1M!_=3E!D>sBzby(}2007>zRV7?4<{N;ez_``g3~KX)6o z%wBc4evF!N4OHN}uXZyt^>P{p{@jHkR{=)#?5_k{sDS9f*vCwiosKybA;%U_XT?mA zg1`tLO|Yyna3fT26PG^QYri|J*|XEz?Y&I~cC&t$h#1&+w-jX0)&~WT%xjrsyy%lX^w#d#4 zI|1|f@c3}u;a9+?(RvJTx<+=2Miq}zSDQff9*IYsVhhQHi|EiQq*Ms{gqmwX`**`SS9gD%vq>X+J$N4+K{|6{0h z>iE^Q;qlROXNTIURD*JL(3Z{RIv;tl6*4V z!=iBQOg#k?PnbG*k6yK+-S#bLI)zO^-PaEcR%oa9Ed8h;ISx4=5@tk<@ri*nrZqGgb>ykZFDXeq+A6xwDRShs0@ zDSVuKgZo^54~Vg}Cx9AZ)Z?{ZaHu@#%w}@z>UrGvexf zQ8{{c?jiI#1eQORN-sktT8sewj893cAdm0SL+nY$rsr(mZ*|ffCO+}XhzSqqEOvc_ zOxyWRS%RLZ$O00D+24A4u6c#Rurn~WjbwXoCdm7zTb2EN`;w@+k02~;tth^Gf-@N0 zSb~_adGbJJCyXN1MH^@I?y_02--gW-P+#vM?J{+LlPEvRMDwV3;-}tw7)mXACVv(^ zphE@9ilMCKi%B!6c--^+O3(N958uj9BK%NQ zyJbK_Wt{vQSNrMY;Ivv;nu!T2x_MRbmW933AJ_XuCvHyZL~sk&c66tRqVlOf4|L(> z{OJsQnkM$Mr9z_7&}KQEx1)*Z(_Ux&=@01BpDx^-mIbvcmMT$&uRec|I@>8lZL0VO zffwP9?z5FmopRz=?G`bCW6*Nva^z*nO_7SR#Nomg*(40N|8 z@Rk@<86a^kHpG!9a`LsDCe%oT7r}$&8-k6LWt(-M?63P_=7FZ~v7jSv=-()ulmR2a zNqnZMiRjr2ZNAt+oT@Qr<@XfzMVVr9aTlzhZph9qphc)2w2~=LlmTUveRx2=qpN!1 zmtxg5y9_|K3lNMBX7}#TlGA#WPbfncAKKadI=R3)4szJ{zg?~{KS410>d-nbaz1t5 z{&_xRYa}Qu9N|VVf&+wu22W026feN-OStaYo_fW?GDY|^d=G2sWPD8Bc8hc+lU5Ct z@VDv}&I9c7mVw8P1J9vJ17BlOA54nJxe3F{)0>m6IqEwhou*7DBE8oTJAO!%&VB-u zTu1~2x)5IaVDAKM1b2@U++(@LK&P$|FK^HSZ{AKzCH8hS4V4h`DwGPvI$0F{}V zd4?r)YvT`>acv%)%3Y(>YcXE07(65WB)GkoM#DgjDs{l>c6i$N&#St}HP4lrq%`0S z?~2!LNXmMghN3C~;dW#*5VwY{a|?)zhJ{8#7@-`Q&H!Hg_Mz~SmdqqK^?f}s_(}ge z&=VeaGj*fI)vYG-FY_ElwK4pN#5OfBfamZh;6P#s0UD)6Sj6J!%OyPci69#iyKVX> zFv?EwKK{Q~JQO;CJ2`nT{0MyhJ0S`mkfGRrZmEhW*-^+ZWljwR;h_1e-YD3O8ZxV%dt9o$Y}+evt*?{S)Y_<^k!Ab?;+#S|h#d z$kEk72K%EESR}xQ`JM`63^X&#CGpL$%h``|g9&+wh+h_)-iyqQ?3Q2#BzGshYu=E^ z=&NRwJQF20H*xl?*<=w78Z3ozt81eq9%a)Hmok(~b*;eMfE7iXVyiDI;(zb)XcRy# zLC%scszu>Od{#mk=R_>1m8XS>t0hs(T_Q-0*~$io$&OpPbm*5t94drh$2sK0|hd~5cEf}J> zoUpzQVTHcw8N1u-ZT!EzfBm;tq1d>M6o;YDuz2g9_*)ry?%v=itt_Ghyp(HgcYh^9 zVxT?D&j*`%z*>_1{c$%PQp%;ur2S69`QaFs+?dKrmX6$Nu%&OE6bu%eRfBEwiPikV zJq~m+XLNRKB0HqLlLNk1(D!OLYQxk1BqQ=LOBeN z3>^n!UZ?&*SLOKY|YpU4uC;Mlvu7TVH9~zHK$eGSwQBvFdZIiY3 z7>brPIUg=lLahi$`PvRGkvu-bYx=j~>&b~FA^xJ{1Tk3`eb{<5J8_6Mq!avwcYDTr z`W&2@*NY!_h0vu-lU?~fkAM@AP@MY~kBAlS7VB>8)agH@p$+=;iD@?gpdjJ;r~#ZU zA)q{u$pAW_mVm_StSZ8A7ne9JkjjW`nKT9i7Yz=yQvZzdd3;>UVckB!sZlANT(w=N z3A&aG^<4|wr?7j{aC*j1X8YUi#z@SHw3*ry_jn4J^^%4k3RnuVX+_1gX|68$Q(;nw zO}%0@LCc>KYFMUCzWmG0;!~Z_4D!_Dq^g`+vA{M{B1LpH9C^~xl=Uio=H2R`f07uF1bUhLl#?(;aGEzQB5vl4?eUYc%()yTrXALPzMBAPw*#c z&;60#> z)I0rT?kh2t4}b4)O@j!2(Vxx>fkT61DcTFWdGhJapb1$W&fmQHoPOL4x2f+#2y%G5 z%-@~;jIsGM9jw2(jTdzjHy0cQjFrgH&agS*yY_cQb{<)viN;cb-#!U_Zewv%6G@Pj zuq8H*QOny%hG4`{S-f=c)m!fw06SEFFKn7A(&~g@$+X;bvDvGtOtfw4TLXa@%)OSf zmO$U9fU=gY5&SX$lQL`zMSoWR%U#K@#x}7X+BlftsrWXa{;CE&pcmTIgaDoe6ayu2 z2W}O5fCNwB}~+y zc?0e5iD!FJiHUAu$j5{IN1)kR^bAmtWjy~`Qi+3XIF*?ftxrp>gt=J@Ks;?UE&sO- zmB7g8^DN@-dZ53ua`&Tb|`0eg}lfYjf zMq4*Ow}aJK{5bq6r~zZu1N+d)faWQ#YfQm<;7|ZI9z>uS`Y$#ECCKt-wnS03!oVIP z5N-#=*A1}+Eo`FCoH6UQWu_3*{-1Hcv<`qiT7FK`>!+!c&tG#T9A`W`1>3P*{4cgZbmdo1_DB71{ zAUf4(uWX z7O3lN)(BcB_-ak-} z3}Y1JKs1_I(WZ_tu?5*OdTR4)aEOf!vqSSsj8<|>Z&u zxBvaq4y;$===TQR&l|m7I!m00m&@DQ;o*Cr4Q? zYxF@59LidJ)0@rstiqwNkob}J??)}C`_U_>DPviG>M>ICZ_wTRva~>6hN={u2JPtn zDLn>>)efhEQwpuhq}ni`nUyI;v`XGTCVc?DRJxIS(x>xbV%~qqq*#g{<9Ri((-twi z$xIc=5uZ@YKboqc#4uNi(mD5MMue;7C5l+S63QF~)R%_HRRufAVfQBlh{f-wu{|0F zj6@;J76n6S)^hr{2_jH=2Sz~V0? zvYttB{SC3LwDZ4+t#vy+U2fIxGs|8Dv6H^S8;mqu41q+p4ALa#xkteGjDclu!$^iB zx-*1Mw=YQPkM5FAmLdezzUiK*ve604w#LdN1$`FC{)fpQELtCrtyRJ?P8CK`jL|)? zTJl-5RL!By@UU{pmCUABT%vR2c1zvZ$rN>p{`Gu4 zp*@9co$#GQge#)E_!NNpyEtDbUu+FuY+fVZQMjk(lzWbxBc@?I@suI|hRQ?x=m+`~ z!KW6&q(cM1W6g8y#vS)Ha+V4CaS}h=Z1^=DIpk3!W|15ByijSWo@Sd=_v`z$V9}Tz znQ!i&E0`{3GDqD)2K1&3>&YRn-A&_jJ>Pf&Yzno<$&4E^jC$AIt%HfrUfob+pUm{I zdzoUouZWl515R#eI4=xRxVMkY={}iK7+352tx7nMb^^dek@cKUL!HJ>WzsfpzMpy}JV>g9k>JW+!X*kk!~o$*KzvbZJbpqn~;*Mvr3cb$H`mnP>OzJ6o&f z%pK9HV!Q3D1Aq{73nFJ}(M@A%Jqe2b*ehj?oqCf} zIJaFcoGE`E=}$*(FEJA`1MBWxP=t+Wu!~YVrti=RUZAq{sZ9Bn^lTkc{>hy+G zn3dk6FZNS%MZPd`D&ty6#=CAH0hL8GT$ZR`Q zcV=9yXWDnBh)0*-`i1|gkG87X^EKs`d$8}XIMCdv+=$#D)@WlCJwUF!!~a+4Hg3~= z{RIdB!1}L{3(Nlmu=anj-2ZdDT9N9M&4wt#F|Dt(M*Zcw{RM#eoKS?a_16xVzX679 zBHAe-FS9kgAawGPjkRjh;GZ&P)(twx|7R7}AJ**cE<~ zOFNE^tZdukOv0Y*%uJTu7gv*m5zfhP1}Hw{Vcw`$I)r|NKg{Q6$xE2p?xR|!TgD;A zJ?bYeI|#+Kx|n8_*Tz^{?1kxL%uM~H(V6CwhAGTN(n@Hk^OL3-915f|91D|?p!3R% zQ(A`c%#P`%5}QOaDzzn|*6v}Ya2C>Zyl1ad3M-|=23VD;Ir?uRfTpa+QgJAm;R zX2WH3Ow;N5-o4vS2gyM_#(4~&$elB5#>s5%UifOkfF&8=HP*FuBm=cfmAzK_lyK?sohqrFpifwOKVbqK5XoFuiE8Lsz#rIpXM#C` zce46zaTl$DYU1Rerl?@TsQyuy0SOhT-N&%DU-iNVSur2o^^=xVh?KZ*pLJPgp?x|f zwc<^1Z5!>r%F@~&+DC~n{&ii4rF#za^Qy5AUVqmvwiyhk3TR^jHLZVYLw7m4sxt>N z)`TILLMPmND`F_zfr?{Xwoel}g8Z00XYv!Z1Ppj%X3(o2M2bmsHz9d$19qg-%Jwk32BrL<}6t%#CRhU;!fRS+VQoY4pKs<267oK@F zIP!$x$r_pd7n}E#`{v5uY=(2;*xMun$k_`NXWc`5*t_UuE!0qKIup4^bA>nF?1fm? zrNRv~Q=jH&uQ<`aeZM|};+a)>6@t41ebCi(*+!^n8Wz*faVgGJwgxG{f!V73OI@Vq zIx>v19MdekODXg zRzC!tI>Y#6ACD!QgXL?yh`amHorU!XyZg+lPL zvveiqx^OZVQRGHd*{Ub2+I!C!G6t}ko^;*j`HAL!B2@@^nt!dqY1?6p7MNF^f&0%# zHu>A2cXkojTxw$7>RETF#tNr#{WxXtwV>?3%UwCVt;rp$Bim*b*xZlP`q=kvSe|uJ z99KmL{+8aKG$Q(rUG!>D=C?xe#4_3MBNkla$L;n=37o2oR8_tiMXRFhyt3^9r2gHN z;Tje>h~UdY!?yZ~jv&luZxiVZf=8$G3+xp^H!nvBGz$mI)t?t8fZ44&>$o2lE}Ca& zl=O>rM8+if9W?<8bECT9mAR%AW2rH2UH@ACvU>`de!8l}>zbp-||MMw}I!dPZn$~Bo z63fd%NjAt#aZlxAbO<+|MH{pwQPD*hYn`TxOJse*1ExY?Uq7wq$Ma&#nj!vJpbxOs zTpJW-onqvc)5-BREz8%5>S<8ERHc+;tOwkr1o4)i5(n#EEcTXhhwl!;N8n}0KhUX> zc2vcjhB&|*VfjMzo6y$q_sz5yFhKuu0lPDgDA=$0{@2KgX@sUC^-GFT0t*1Z^xs5Q zBU>BO|G$HxQy5`K=feyABtcg)ffaBL+1ImICqptADj#US2Lx4-->=9} z`(}G6e8$D~C9f#~U9s%wU*~O%W_YR(Ca<5K`#(MZRK|wx&9*Z_kaD?>?GJZXAEt%| zrjMik0IA)#F8AvWvt!7&Kpf9Me{cAed<91!OBn7--I-$3TaGl2tvy-IHrpjSGxR&) zTHLSTj^Ju`NJ1AY)M~+UnbZpc+Pt>)9Z@UC&|!{MYejte^&e0xhf-mdEA`3Wl)$t~ z^(VZB^dnKNl5-hXA$>Ax{I6+bTO`cB0M~su3Q^^DSN)&yJPyQ8pT}rdqgk;vSbrg36mVilMpkrIgu{ z3X?XIP3s7FLZtb}iza2w`5Q^2^5 z1%=)!Bzx2Jah_B)t{n!Pl1_^rn5NwcQ6XvqV3W~}aex_x>zvjT3iD|EOga%Lp8Fvl zwbFPxVFa|8lylc5^*kW9!l>hL!bZLB8UJqKXtMsq<-L0oo$$}=X<>V$SsN=XUUq)@R?S2D;5AIVR_6RF~gS=VWwXdd(Sz&rqKiU12%Dpz1Xy51}i(TT7m zo}Ek6a-jeK0yDhONE(UrmvFi?D!dGHLgb8Yb zO2fw?1KNxG#kPAC`nL_UVE}5GOKtX)m*u-gIKN}4KtA+;QT7c{nnml9Y1_7K+qP}n zwpp2#wr$(4wDV8fwko?;4|=WJllSgm&(EIhh%df45$8b?N4DBX(kq)R zlLq=1@|Gq9zl2$ka$N-DM@#>)-%0l7uk9GaJkkDNrgJ4b{I(n>={D;T-EHT#fKJGO zu5qqz)elNTnDAvAQn)S_d3VMXoFxmar(!L)i||r4y_yIWFrBx+Du^Br()1wBFzgqr;=;554qtdSe1zXcMLlI9uv>QI1y>-mq$6qU{P*V;`p zBW!K0qwPOCAu@#nR)HB0%5-Fausr&Oujv8e6M8vK#QJ^Xs? zG331fEJzvQ9(F-R)wjDmVc2rNP@&gDq3e_%0$6a{FOEW@Y4Ul~b}FsGso?|d_JSy1 ztXqvfW(G&lBqMi*&_0wp)gt?OUW~*XDPK8H3motELGDO9Og+8=|E{?J^Uu|}7B{6# z6fCuVWr#JRsC266mRr&A#?+`!mr1iIAq2JktM4GkjBTDe5$4l$1fCeS-vS(kpJ{Qb z$Y~az#G#9^^!;yy@mKO})rDzT+kJ)|f4y{#x1PRji-{Qev2IL^Yt*R@ylSw?Vqhsi zjxJI8kvm-6a&Ql!n@YfsFWwyfSz(#q+;F`BebFfezAmin^KU%g%kY|8|wA$ zxEO$;FLd&%UfNor1+DaC5Bi8sm3dJ*io@nL>fRC}$EycU4*5$3-8(9Ipydr)$`Amp zNS>8?%+SNmeL>5*{f&*YP2iXyifz9j-Zi1OYQ_+kZMV@#O&TBhV83ipSy5gU=`GP` z)}su=UYEpZ6q!y_FYuDxxtZ}9(FvRpqi3=5ENwG7ZS4|ooRL|Iqgy(fes@%rw?XpQ zj8m?60r*+W=?DH#+$yH^hW7XuXp#Q!{7<;`|H{4p_qYXne0*#I6ynMU0ZsJ542oj} zW&%mXU;&Im4L1mv6&FB@9V0XZb&wt(AngzwAZ!urU~M35;^JWw?AtYW;EC8p9?ONdL2)O1_bHESVFZ8@U!uzUj>!Z91M* zylmg&WXtUw1x7cDE#1POrU%E*so^P>nyc$kSCS%cby4i$BaFru$fpzr;fRAW+Ct>nCj$zLH0! zkvsJ&{RfLK6H%mX^)(wAmXuM;@r88ml_W77wyd*hKYT_Z{l$MZENv5BB#~v-s(H=u znZMopat9ylMbWHdJNb99r}nt}7JS>0FJ08mVb7o6zr9cKcP%dy0x8d)mo(|Axj%s2 zIyVWO%hy6zZdnzu-4utNJePLNHeVnfedD?hKdg^F-Z7CRgc!lxK|Z|HC#bb)*sY#r zO{|wo*gGzt*mcU`y;KWTpP-(wrW>lB+<8PT3)f24&Xj%Nbl5dOzk7rem$E6@@RMdKDCxSm(3K9GA+^w5?|5ai6RKVXJh#()op_1@0*`TH|NlA9OVy zIent}#dD&!c)j9=1(*fyA$_vCPb4iT=dn-ZSnkONMX*kS;^}83y>N~SOSDfkPdSB* zOPYIsQyR9e&0ZYVw(->8_Nq3*`gLbu`6DIs4%@Q~oGOQT^!wmF+&Hss^>^gPi~OCP ze7(sRa^|1;JgW)}?P%|GMeqZmMo5_(rRiQRNU1eUo}=OBT=YPzMo^U4SA%RC5!4cC zg=iarm!qnLT zh;fF*A~o}w^YDVPfn7;?A9!ju6O(0jm_q90GjHuE%i0OtxSKc9U>}A2Fv#Pd9Lg&c z)coY&Fa}_P`b#k0ji;tHz~U;2AJ@F_y$;UmqM@rpb$WphgOEJ#MvxQnQpXaBG9_4G z!3u^}bNUE3CS>MzPuTt3;U=AlKEvjQuLT|HByx95<}URwAo(G+O40>(ji&pbE?URe zNE}_=8{4-h<9eg|x}p+r7@pcthueAwV(oAR(MX6T-Mn=c(e-h9A<8M4n}5xD9EZFg z(}6)h7Hc63lM061J;H|N^Ko^DG2n0v(#TU5$VaN!ZSv2q_SA-_k%8Gy>WL~hzu?g* z2OEo=rR0qCUCi$rj-!LqKJ3XscMk{GsqJY_c@aFo_9W|DCmJE4eF=D`i{t78t|F28 ziX4`nGlwy`*O_GWMd?74<21p+MnC=ktzgIK17Rj~!39qLyp6oqsq867=BGV&ka%r@ z*WO6;s#I;xz~m^GZg;6A@IePAk+_T3(bp#+(XQ5o84h9MSWe7DgC$B@#yt;6kYxD`K*UI3f8EmQgCF4(;KZtBt zCtxvc!!S4}83%o@oNy#Lg_^nh2Y^IB>>GNnwG)o@E)}W#AW6nmoLqr|ZTnC*xrs7J zTNOa;F9-5YjI+8`8*F^c|BmV{iNUl76#C)dpV*@yqzGdrt_$kVZ!@y!4*cZb*}Is9 zvKo1Z=_8EA9sCD{{HZP32g@1C#iM20)L2FL86?s%ma>6YLWtr(h2@hdzT-B!k1h7p zzkQ=2k#@L4i$5w%@pOO|gsyd*6~x9HkI&GA1iT0Nx4ajPc$!-J^v_fi+Ve7>p=)cYa{&$KU@xmwt3$s=wZs@%k0 zGkQ=3#hVX2E6@|aNxcRdUQ|u!M3<(YD(scymw-v`FT+twd>d?xc@6gPG6p?rw8ckS zso7WuDE>WX$O~z-*&^ua2yBqG*o@rN1mN0qQ;z)os>sniT=5PI1&F)Fw^6pHg6>=( zOfYjQl&#_FMvT6Qa~}WSw7}sT>EVPhldqI?0peO)*RBXT@bV}etPjeeOiIRzENBIM(`cy)z!>U0&{_0~H9 z8++|J$l&Dgr}QtY$6^Wl!LiD!g&^NvQ9^uV@njsNm>dD;oLC3q;g35 z)m^Qr{5TK~I*l8Og>YvZl6aGM2bm#9Pe7AksrA8fjJri4gP5K&D!+6Rvq?4uu`$9c zq@J;6e*~_S=0VIV>pu_{_<8>Na#FGQi}TAcFt*41O`&;O3O$Z|74BmKSh*nf)j9!f7`H>6WuW!j`9UppW*cD_H&TdtTd; zBV}>R#td=a1B!Y+Yr|;>eiPPsX(iMiI0bk0e%@2Vel~|G3_f$_Q#fcl3$mNeL4CtA z4|mW~w7PM&J6{s_CF@W^-vK`uK;DG-f)>4c%e7BoH>`c+)i(oTxnj9o)v3Vcm*Mr4gVEiJ|j9 ze0D#75%N2_+j43JtIoiEGw$4X(WAD2=uy>jjG2lR1<{X#j%M_Kflb^> z_r237YTutsBC`mOdD!r*br1YBd!au z1zRh(-#UC5>-{vVP)m&LMca3#{3(QioKsnWa)Ni#-@WugO&fl^t128nmr~Wp zW?@U{2M5nMiHC6VjI zx4xt^fYU6Hkxo584>(jOzU@udzyWk%VP%uP5}s#-T@wc08v6&4K=UrpWnIe@TTxSN z?k)gBu^yy+*p8R^`brG};Jz8K<@t3bKiX!!)@q-?uB#&e0~mYq#(wzj~<$Kc)paj2ShZRAS%}TKt)8VGddTF7b8qe*eG96Qh6;p{F z^X5}MC^(urlAxPnk?~o32niVuYxl>TKS@u#2Yn@zT_1}GL1(nEnqBkELshAU=Z*mO zMC`Usz{ElA?&d!J;(6JFbH45XOraL52{?fb{#Z``o$x=|whCiY*xkRV_jFVsAfEq$ zZU5g)JQs5ZGjksgM|ao%LJ#ZJnsLM(N6*jv-gA*wZlMbtZ942q&@E#xC382y4cR0^ z$l{@o9r=cW!etrNmbSf@ZKmy1nIs^|j{%bp%8McT1wduwf10xL;2Bv-g;OFm&kK9OpkfCIHcLD+K!&T!Lj% zw`S%t=g@Nj#eF}TaxAZNu7r5T(k^|i7Ok;FJ}Q@l`y44*HmS!A+F7N9C^qa!)l4Q0 z%30M+Ck>jqWP+MoREk+#;g7aRnaWWdpRAO0-tW`=#t%1utFVA1|1nx8)hQG=`6#GH zr(2MoS_eb#se4I#^U5~djsuu&t3?_u!c5o;#e+IHYLh+((5%RgrQ!&KA?D!w{9BOh zf~9X6+Y7RH5)y##XMOuVnEb+0Fd~4JH@>}l*CMRj`7_a-+LBlU{9 zj}1JYw$8>C8#1oTb=C4Xv8uS&-&oGmVGqZ?(^m&O51;sxE=or}{l}iw`0RELhw#52 z4}Ol_*R9#{Cs~|?KEhHK=T1d7j=FOwC!SwUl}q{;FL&<2;f(;S-iCKLP4YJmk(i0( zrYLE!eOc2LEFgY=ikZZJUkgihz%0HNjnq9CT!g3WMq4^jY28=wE}PZQcSIv;7p!b{ z#}0#!19PDQ&NjL%N1Xc31~UQ@>F3rNJDZQ~8DJ(}KOa-{xyN$ETSJ^q!Oevkvo2ii zu_sY!0+C0ld$wNhsirD+qYkH|lqwl|t8vpPaPZjtX2SZSoST1?pY+!L+XByf>{Ypx zBuvlO1gTL|^bs^bZg;z7u0ViwNt4i*VY5Bl-}$I2?lM@QQuPgpYI+If)lkogVusYenwuV-EU~Za=Zk$L<6N9yz!1J4Lpv#<>d-#@kY~p z7GeB5W!vnw>2>|HSdk8ul}l#c&ZF!W)7o%Ehhgb8JB7Wxtc>}_WhiS%3Vp1Gp+K02 zRzb`}*!%h>jWb%({AjKW?A9xY$)9qz>Xh8luU1J#3e z0};GjA1x(Kw?|GBDNN0`)J6!0pxBkxMif?i-4t>`pz{auOcN5?RfHD=g zwp@WFHKD4d2*)c`XSvxtYs*d&v;$gGjJyB-y+|zs^u=&sg=w`G^NR|=3B?Q*UG%No z)LdD=$CJHq;{-heTPa2{>f%h6RyrngR%ykKTid>{Vd6o~+*Y59wMp2w^&E>7`71JN zz)|!>H6a;0(8FxZkRbD3RpcQPJ22m&{l@HFPyA7xZEavVUZcJAoff(`a@v3|VW(62 zX(;08u<+GLjhgkoKg!ami)EH=)|OIEHqUNJ09VMG=$)Z|oIszzNSR2a7_pq_p#^4B z@yRyHetLjQ_^@uCixry_sO)15yv_2N8kF;9poSujBO!N1&QhP(Si{w9HL;Ys*0O^b z@OedmCIL!y1I4Tg);81E`ezW(GWkvFW|Zm@ipK^ycI>=W?29-$fORC=o*!wc_m+Q) z{_(HMERquu#-Ebz1=d&9-;>bGJAUvtw~(F?40H14TT%Wc@8y9h!SWeC!e4=LC~rBa z6N$burzC{G2$V;_3@*PdS4X0n^D$7{b&VqUvxM10(-H271(-Qva8E+zT;Sm8t6-n? z8alTgLX{q$??;?58;dvWUvK{Aj6R3Ms|>ffQcuyW`0MD~xo5{~IJNt5{q6Tu^nbLX zsrF|2cGf)8y00I`r75-gX;CX~zDOczK@N*iE4r4bhZHYpYrkWIZozj`Kbt(8X#ASD zg=7N2{u?$6Nu|3N4YltJ-0XaYNm7m6+t+N^dfV2ZL1+B!i^?ua6JFh@myCxJ2$u21 z?z7v39P*Ys&!Uo_MM$B(RutIQNyKe@H+0Ww99_P{_=@2|HKnWCnD&Ke?@=}$))~=m zYM45yr?&RZKhzH{o>5D`-U8{&&svK=NHJQa=Tad}#KtZJ)9xb|a^c9*WzBO)N92%s z-K548=nnhCy;HCz)`6KH_&vqO!nMZ0GYYv#Op&e(ti{HNY=jWZzvk4&UeEF0)#R^W?W*-0kVpjTQMKz{JYz zrofY8#L4(7rdNy^T*>e&$(*4~oJeDZVl>S`RM*bC>6n<01ni9ptE@CLQeih4LqFARR2$=zrO}{~L~BV(wsSWpC_a z`(IFuaJBzyW!NE4M-!inq32ETrQRZJan>EbAv8jhNE(q&0+GiVpk73RSId&sZ6S*> zs5ALf=;Iuer}H!q`75FCN%;fF_qwuPsX)jw4TGFlfyTsAv$?r>*N>HVcV@Z+EFe&0 zE%2*TWWw<1Un`U|s)SE2$`Ew9{lPKob44Ef99P~7?GkI}e&aZqfeBfQPF;sIbimfr zIw}h8?r&Dv&E~--HuFwHt+ZKf9s_K;ZR$U}u(F)(aPi+TmRkoed6TmJN;h{8ur4CK zG@jna;P(~-MI1TU$Ogx(KBqE;mG`tdth!bf?>Vc}=vh4ZYgs;p+IyO<7Jc({54JkZ z1Lqvt+8?-`zISJ|>M|eKR^_Nv<)|JYf>sez@*juKFzOx$u>HRwPSDQbBH&G7qkllf zBwm8!(ug_8)&=d5h%n_0n8{CgIL21y@}w2{P}2y zLJi1<+}`8D4;LSw2QlXa3B1s;$>KZy47cqDk}$0iaJj>0gGKNy(xKj~FF8~$p9!fuKcT;%{h6^c= zPNF@8qB;}2W#%d*HiTd~FgqG4Kk?N!a{pvVX=5yA9dV$;Ko=(r%!323pyq?J=iaNuzYFaV_s+tg0XDOKHNB)a5ycC2VMy7L*0 zbtO|1NovI3nFn3d-?HtndN|rYVH=@_1vBT8Y zu^)6>$x1$RR1;x+bM94fTG-oL!vqZ5_3-tzy% zT7f)O8RinNGIj&74Zly8SJn-T8~BP(jkUa6H|DuTD~3oirv{6{SY#Q+IXS}_1OYiA zFXy(Xon8olKj*BEIqI(cmezXy=!$CwBFXt@XkK#n*j>F@knKSr){FGIDf5!=H_Av9 zU7|*o80bBL4vQ>~NAlX9R>As1wAT`nO_W1DA#CArpHTsZUBBF|&&aHK*dnN}egozF z6X{<8`{|lU_xy4s;d4w%i#YC-w60Ai%LBKDn=a`&RigU15$+sX0)IjO^BFb8ISMTW z2Lh6Z`(L`jT+Lm~%>Rogv^H(#pKAeafd4SD)ic*DJEASBjYTOeje`)4SUspJ%}SbN zh{8rhyjEuHGLuZf?$(2E)1!E%^gNZ+62&=YZ!B&b>;Vmvzf+qcD>|7U0^)m&;)KEfJ($D$=sl!#Kv$b`65i*uOiin{5{ ziplnh=`j02h;EepS{(gavgvZg8OCw%QQBUexCh@!0;#z$F%NSd%}4?2XO(W*=rt?k z@5rKlA-OY7YJlczlCOu9X%dN5jQ-5>uQD;a`E~snT+u9M7KE((x|6M679lCZsy8;X zsP6KWIo`w``ofu=3aSFPXk#g?A3 zR2`k~h46Nq7Hh{yBOTxIe1@ZjOeGImUYNcB2=X~cMitEbuyi1V1c9Mp|Kug{( zPv{b}n`auhw`H=7;*-xMbyFmk2zR}lLL+&fH!OI|ocADg-88OrWBBY?XE{B;`u_iMe-W!GEd8Gk2j#a8C?+{0zgDG zX6cetSnNUECvq0}EgpwTV2g_FXd$Bt5O_vj@AJCK-CGcL2G7kC@`>s^)avXnKe@ic zY#}8i`Nbf?Ll778Xe_gsRIjZfFYfw_77{+5K;46`H}ah51yFkvLWO{APO4}g-z7r ze~Dz~d2S4QvquT?f|4u|cMQ(z4r#aXQT?7+ zwNo22Z{b~dy^F&`FGxZyeg5)O{&)w1!GUBf?umc&m{TR8O6F!Se7;PaML*s6oll#= z4I*Kch}6Aaj!T4L4p`ZA^6gJ|fN5H|Sq^e!ItmnSl4UA$N69B2*`%D`SahR>7O$uy zIOOFVTElnaG4>8qQrQQz8&^00nJDa_J=`n-eb$v%k1n>}_l z&{NP<1;f=8Za0%In=GFjWMBBk?;+vGT1I@yks1&9?yxF6?u4s-{(Uk=UoC;L*dagSW4;XobFi0+ym3r7Nv zk$)x`+Ce_hC*DC7!J~Q!M$$~ozGZEYMmqJ~ur`6uZmS$LWT#h61*FULHF(R)ahJoT z`ym(HBB2G`TNjw0e)>)r0z9c@3#De6_a{h?52)1`KQ9x zL93_6vJQ;2Z9VK|n@jXXKY|jmiZ9oG)l9;W+oo1r)-BlmK_AJ}hc%dFbv`7P&wR_U zB!sp=hbiZ)&cyh%qg)D8&-`MkHIpk9C0~{HotU2cS0|Jm!irA5Fs8|dn)$B;O&nF; zAY2w#@8|zpmRI@A_5S)N-R-gi0rCECsI{q`wYh_vp_Q?#)qjBuE4sRNc#rIGHP@E; zUswIr-^V7TWP$^Kvbg;px46aM5zY7Vf%9eWoCP6<&}VIAayR1kJzL9G*>$Tg+Z5Jx zW-7AVv=!H(yH;&A_^m1Ty9Z}Fp5t;0Eu#TZ{37>=taa-&fzj1^-E(&Fms=h6>pYy^AUdK==GlCsOY;<75s5;!_jH8e z9Fya31XikkIk({)Gn8)vR;+%4fnWe+fk{N6>|@CH;`xLJ(JyAJ@i*fDFaST_IANqm zj^JQ^mw*yH@o>G(Ue72*Ee!|!>82kHPA0O;&stK|E+`&jvV z=I0c@1!2rh&hgwr?)cl|7x#wK72zoynES#UNr*l*`jii% zokfAMb=VC$QQo5QV_b8BhB^K>ZmFHGr^}8byePKFr}V?q4j z#*P0ofVzH%XQir5fq_$pTnQxLVK(G&SwSH1@2Yow7n^5Qs|w=sMG7PxDs%)D1JI9Z zE&6U&W$J}%kDD`L+&j|gLf*}|WtD-B%g~w6L4qVneLaHK>QN54nEik_Fj_&8hEQ>N(P z!vYb=1a6YRkB@_Elv%~^NFvvWI?Wih#@`ILZK_5ROZtsScFn0E+sbOa>Vz5{$q`b` zNd1)P4#8L6`zKZXw=I5g@l5q+>WY}8w%J3K=@8_n4t{kpV^!`*97t_jnJ3DnQJs+e zlj~HKhiy~w?_{-SRHD_Rr%YGX@_ok-+QSOp{R&zq25-^55R62UZfI`XH4f#Ngu7al z(@}}vyzeFJiQ5!OctTIC$L7Rju|uek_wKEL2X~>hXY4P{G@}FwqcY#1LFcXEl3bpG zifRlM3zlbFb=AN!+$eh)dqTVfd%_wCpzCU`8+&Nl#}xKe5v0!vbh2};d|u;|6=urDOfTs!Eh2VQs+%% z4-^f}S}B-(|Bdi$gI4Sgu+XDROP_L!L=D_LQk+s9D?)^b1HzQ+Lo*P)ab1V-s=)FK zdLY;qu&Vee=agwJvU|F0rPpB?9MkJ1P?jB!3V})6;HO4+TOp&upr=k9*YyJvo5eIY|~ovcd$=~SDt#MiSVHC~rq3$%cbzlQ>qTy96a;Q?hO#K(_s09KQ62UT+8P@LggAQ7JsDSvY#nZ7SmC6xYDFaC~l@%Dk zL6K`a-)CSQ`Atxo-UfV}IQNo1%^xSzhh>F;+630TD`impqE!J(=NH{OCOuM~ZYK6` zfza|ay4U1#f2vzis3q4Qe(yl|=4ZDfRS71}a-mZO0ZMr6-#7;Z$`GJATTemT=eMle zYp3ZJUICUurL%Czk+Ki#Ne|O6891pof+LxV!{FA-ufL2^QaHOJqyTtvl2>L=u8ltF z*ZGT(p*R$+w#o7#9+lG{W#8**boPtnaGg~AJPJ_t%1^*3khR)o!ZszzU+nX7<^1fw zdX$}*zZvwh=?(fkLh)b`Ad6BPgmT31GxpijiO z8faOj5dn&0_nddLbAzP|u)?*j;lNGwDU&2f@C6!3cv1&qu>GiTidgy(74rMkY%Z*fM& zy&DC%Q|qPfVRCawJ$1CBNmHxC8`=TfFuBVq+bMpJ#Nd(vP51Sz#yX^Ym^*LaTW>9l z&8?r@iT3kwd1SoIWha04l-F@6876w!NzVbCZI#IhGv(izLYDo79~aBk_hxWLlbJC~ zKoX;){VE|i*$9FtgfJ<#^6lfQ;`KKs5vv1mqwr+6c6pftbcc>UrzxDrGAl&lg*|he zp*ri(Is`u0w7vC(SU$4w2 z82u4oqjX5N)Ta2B7_i#=w>>JGLAat-J!OvKh{7 z@9kYe!>HfSv*{vI4_!~{ZkYIK{34@@JG!X5M_mJEf9_`JS982?2~((OCxTox(A5|7 zGc9bQNO7@@Q4^HeT{#FO2asN~kjAOn@j%H|*h48l9wp|ktYV{m<8+Z0dyln&$0iNp z82{*)AW!1`dRa)fZPjBEwaWFGwLLk>!E@ZPJ`!tf+B?RX`G;v#l4tr74-hDshfpkaM9ED@!yPI*HlRDxe9Zk|uNWrRG zGt8)=R-eJxFeVE^%0h(bi(a%8;kV!cqW0yv-K9R&5Hf(8z;{MU5@R7OZ`AI>vQO=O zuRR&rywhb}q->Rib~G7Sm0c|6x3aDKJNQTrP@M_VT^C>4?gI_D97VWO z7Qgr1)ItrM6gMYNm(TkMP_|~%AgXhSpb8>afiTGqP$;F93teWyG`zo;m?M7XSdU4y zJ%mh&R{@2S_FRbTUv@FZ@S>vaqwzA!CitMh+RKAg6dlh(*PCgV-k@|2$>j|YtGj{f zk8ueQ2n_H<0ehK)B(rECK%P8Sb70pS@H1WvQ-n7FZ!Jc6p3nRCZqVW5S%lf zTPqc-?yhn5)%!VGYXAZmlH zG{$AYA>ohPAL)*tuP3hjizLAO8pb}-AzyR%nzc^J#yi;E>akjN#i~3p%Zb_7j-3So z=iEB;H#B@Xne)7^tw7143CHY1N6=np@`Y32bnd_u=_TfjK8C+CD|ZI*&;D29?!~q~ zT`FVwCMwQ7M@qMqv+(S&b=PVggp@FT3q20sERB|AVTeNmgA_*W&Z>blE`>DS5uGXZ znYs;Yq6BgvDpq0$M~$XF%1D;1^q#Aed1 zGyU%`xBOH8#QdrLs5hr>0sYLc;pnAAA`_;?O7Tc4PcH()758BR5`x2?WAoZ{{n&Y>wi!~tA#A7a72YQt~ zE$@E6-}KE$Nj32_=)UEUq8IRpg36h}09M!!rX}a)+cc1$0)mLzj*1T*7ntu2-e6eQv;6Vl`mXh{l`Q=EI4bbM$dswF-y zcJH$JuRQf;9chChMPnPJET+({cZb_Hd2eJQKd&6wz>DpKVjmt12s_?VC3prkDnyJ` z2)n^m8`M1TY7PvcUz5KDgdV7q1N>3*sr@&;Z^zfGzV9D90QGbm1n!d!&aM7#l3Q@~ zBnBW45hS*ede14oSdJnM{)nVvQui?xoLOwzc?dd2PTxRQ^ZalI(^iqBFVkcR^1#w= z6X=QF2$ggx>H78Bh-s>r-_^8(+DcJewI;}jq!_UQRa!Ni?=JBDmNBEce@e6b7DH_? zb!hQQ!i)}*8#4y3!{Jxf?xRRIy6RQlo=Q4|DNhRJw_j13E$QgwppU-BC z#2xsdZz%`{0ER1t?FuM{0|B6|Shk)`{VnwAEV3|FDa<_iT zF*B{732H*ZHrRgw@$~E}sFL1}V*J$83d8jT9si`z{rqV4mKvs4guYD@jidejK7unN z-ILSB3>*P*G&x8Rvumw2=#8alMV1QaRPM#iiS+RG6X!A#*w22HS7!9?1GxF4qCsR5 zO2PR|Lz*Fb>LSH+@vTN2wPg=qJJ_U^F3WMM0ZtSC{vDTVQ@l=Y-hbW-R2d>23a$@I zNtI!ObiPHaYe6V!f?KW_ektx^g3>VjHMi=4vaX(S^X?Z4mPmxt2fG*9mDmidHUnHXDF~uT83K4-0&&_ph**1 z!^wdpfUh5R-9?&Q&Tb#}sd>{ofBp<`@hBz#=}(@w_QTPR0}d7xEvn>BRq-y3qWtv< z!O*oLQw-)@_oz(fS>+@YH!!yUyHpW_ZbF#Ost<|s^%`=nS>!MD{Ww=;KG8cWnb*Aj zDzXB}pqqYy3>4jctfBY=Me;4_;4!rmsKggf@~+TO5*?8>39?jLQUN9^A=g5OU29v$`QAHDW9+B& zp#Bzi6u-q)0k5?1TRL`yd@{dX(c)vuF6}=2W=Rf60^tu-H{6%LJOX9*om5^vE#PL= zZG=U~FDz&Y$fth$b&MJ*L~@D%oJv$;mEv+LfaX0Vt0>W3EjBit{>X|PxtuqEp*X=< zS?;g(5A1&~hOEt-*uDS#$eK&}zZ3zj9o)<KMzcXV((9e5?7C7_P~9vU}4QE$Y^9JkP5> z+H?3&AT^v+#s0&{CP70QZ&E6C+a?IWs*YoCQ)?UWP2gQ?k(q49Y^!t7UGmDqth1)A zVX31c?U72kj$xS^k7^QCZo5NK_Mn;4=!>W7Ml;WGq?~dP-x%~nF&9zxxZf7rD5gU7 zLsWjDnKI~0r20fV<_O?bc2G^>eIrwLIQ@JF#@fZFIaLVwW>Q-!wy-y{?+ldZz zY2*IT>$sA00I0O4?n;+kJiV^IQnEPZI(AcaO*Q?Q{^|<%;m0L}Z0f~DtdEmQDoYmy zCrT-t_EeY(t8=9~D1ha}Efe(Gq?V`6wN}$aA=dR0M=3B|tq$1gc@Pz)&dibQRvS{vymxf_Y;f^JNWrftA@telqs#>Nwf z=RSDQcNfJNaD*a(APNUS67c-8uh6XTipd}FcF=SB9;wLpG$m^6?|dTVTS=TG2yy^R zUAdZF$Vq84F{$QDjU$Q?lz!23+RpC`q`VW~(F{U+Q7XnW)^-U_;USb~O97UWEf8$`RX=dgauRSgIm%BXB+RaJVY)rTY+}*~~B^?gD z4iiC8*(h(HC+If>ku&H@P(z3DSc)m<6~Xy>7s0XRw*r%4?Yn?;XI^3qbA|d^J-D#h zY`Z!W?O_yHOj@XHgCW5HQ8r>u|Gt{vIW(I>CAG0D3e7id z9h%|95cnzU&$NyP{U0aKwEf)y=GPyof?yRy1>*tLp^EXPh&wvSzRrH15%J!hHq+4v zd4tM!#m1N!e=}<-$^6&$=2ZnQhULk&*)f4&?gS{>fsmezIJ_DT3lRiH^}y@NzO#S@ zj^*S^aXQ7|QEjFzR?ntzC_Ig(WY@f8SDaA#9$%{@x)6^pw&DGc3KCzFWI$*}vZ&_u zqoAeo&?-Prp&#<139hrx7Mjp6i)`P0jR=-l=?pCo}?a7M{%66 ztVT*IiQgjTyc(e0s}8<1VH8m$m7=&K(NCh-EQE>X3h32MMp6Dd+0-w@Mfo^r{tV~c zIdjxL4*d=^8H6cJxGAyT5p39$UIN4?Zt}1$o0WQ&M6czQTVFyqn<_yRFn1u+^?%yj zzyoEMY2B{H_>azp#crf%Fm?Px!B3pfJAluuBuh!euFl5a7;Xl^t_?OibYV>k826%RtXtI6#AQ{N6 zSy+;Ah)WJ00vCL$b%tP8N{D)gwc<83o0*3HI$vY^fk|f!U5x{50W_l12BE)5_5r}M zI7|2Q9aBVz_l>CD6>OH~J4XC!9E6VnB{M8JL-pK$G^}a?#t!k{a0gp;tswk;6}j_y zOL=R3vHrY!%aEUci|uy*ttWCneVun~^2mbJa4QIj+>3h&)lG=1`+s_>;lGfY?(--_ znsFGOSKT_pSj#H$vyd!wYcsQgG8Sq$^@T%pEE}&W<9c~i53!2AK&#K!LA&{=4>2@@ zxb&Ib7acp<1-aN)Xyuv}?4-ei@kURcT2r{iJ#f>TiNlmzeSj{F%&JUGVoRituT~)6 zOY3PF2sLUFN;`cJu>}g$YL@eZo{E4y#evOvQ%mh^KHewkaj4!YnOLW;yFZ#U$D+7l zqw#o+hcaG8&68&(e*0CFI`Tp%5895jBqpP$I zo9lxglY0Bbj56*s%?ySpgE|UW5U#x9y1POLB_;ik< z=vJ8fN$U}A^%Z=#qf}Y0vQ5RtTn0MtQaI|Or6P9wzQah3sg2zOp#+nc74O#@MZ653 zgwJie4c~xuG=zB!W$RIbh}q0XYp2oh^783=bLLYbPK~w9)kASR$ADPuk~!>`RjanG z*NTl=#gsmp7lTH1y_-!y4r!i9Kwqwe0C2yJuH_;e-U-%$wwKl#X)MRZL<|WBDzm{V zsYYxDZoSLZgu@J-mqUir_z|YntOO^p?I5tJpN2MBrKrY;=ibSl(H6zwi%K6A>8r_= zr=b|C!VUe4Tn5E^zNiQ)BLGpZX9_aA0K=$0n}e{ld!^K4;%dB1pTp>3fQmgd9}W9DnBoEyFfjBQ7(;#J?8os1MpPf5VBQN)9jt{Hxa$uQs~ z9ryelDC?|#6}%Zb=xEnF0x0WAAH^19iU%PaOqcu3I_M)e9IKNIa`ZOYaq^*F4Ru0a zYctczW;Z_O4gO-2$Q{e<->mm47@7)+)%>7(3lfI;oKBe)-Ip~i6tAy_&tgE|HL__7 zK%=j$Tsc@{``?rqfW+mbe=RpBel#{exW$CU#?dqsjDf~w3H&T!)Skbn)kM%W&^Ybb zp8VmwNtmqf#4Mmt?W`t{2IL}v)DTX*V9=9~YvNou=7hPkr!t#za+Mhn_+2VpI^$fx z1wf8-)VL{&^^y`rI{m8j1oRa?cyv1LwN9xbBTb_4^YmtLRDxFBf*5QTbhCQ25Kk#X zJ!Zn$0|XZ%w2CWA{!eRH0v6-;#wQgik+QUJl0u6XSt3zcQmJSm(lRYtO^Y^5ghHYe zlBF9WQ4+FbNr_U36eWZx5s56N|2s{yoH5h)&F9~}pGWsT&-tDAJ@0NKz5V9?;#F=&gX?ecA5a_~sw#_`SahMxr{q?$tsA9Vip8cQR>xZ zfk&Mlx`k(}D(YLZT-U~bGnf>ZB%N|HU()%8`)bKEGLi?s7VX!%_rBg^$9L_f9S)ms zgppo{l?GnR5&Y&-|7nrjqy4*zy=LBQORxB8VV5-h)&L_zv4oWyCq8OgacS43QQx)q zm$(m=P)Hi6TA_CR^2q@$u!zMYS$h<__< zuvgCiRpZGuvxk~z{wXE3$I426+muzeYD>eh-1QD)7WsCM35*kp(OD#Ev?ccNF9nl) z{f}SQj~ssZ-Yk9%0grKf8M-od*M4PQNS>m#Uhv8_*fp3IVw7#bZ|w7NdYs=y!3o1h zkABEk;+mf$ZY~jWE$>{<@bbl7lS&^i6dm=V;KZ5MdF~N=opR(ZX6PNUSui4Y%|x}v z8@U^Rd!?jM5~%+%RXLt z$K;ieM$i1gLL2X`9re!r>Wm;^m!T^*96eFKOYGCwbMDh$51p{%&MBc90jJ2f`ocAK zKX5Ff@rq)_R-aMI{YM($p{ijnZuC}_FGzk;Y$_|Ch=De(OyaY zLc&Byd;;%bfZjhoI#~GB%@Qm8ZQp7ku0LBrtW-F^Fut9MQ78MpeX zo(9LYjyBl|V$(I!XYO-|_}y^z>C=a5GU_^cM&w;3dJP+8GKUm|j{PjKZszt)$`k8E zPTuYORc4TN;aq#mpQFajPkp~1`%zwTqW;pL%KVS_#B0TZCb|BY-l!}dSs`G5;cK|r z=SO0WAwO21H(qp%w8SuP>FyB)YgfFY?B1{{z3X%3u%gKO&eCE0mraYjf?l4rzIb|i zmqX>AeWzvxY3%rNvpsw2*{H809X?n~{JdOUKJV7`mvi}4Y{dftC%o`66`$DFZ7Mc# z)J=Wm^!ega7ax@$Nq5k?y?oX&kIP$*|BGlkeNe<^|oUte?30!!+AM zy^oT&Pn7A{{ZQR->zGo=!Wnz7Pe^ZR9XnV>ttGj7)#ZRMS1dEm8X9D`#*O~{Lr3Mf z(y14UlogKzch8N!AY*<%e67HnE#ePX7RBd^lxz)glgYX>bEMT5*YgK*D+UIRcFPUA zd3$4#!{GY?lOL8uWIo?e=9E4D>=Vhx=WqGrm$%#P`!aa_1gRH=>2gtN{tr6$Ij3}Y z+FUFUdzmNoyk}71JBe9nAY&;;bgI}!sR#8emEReztwoNxH2x>Gbf>N<~++T zZKoaA$J?EkeCylNC?<8_=a+|34^Pf{la~KSD|ftG$nmtKRXW=u$Bmi%O0Hn?ZSR3C zo7LA_Zk#$e$SQey+C?YX2lWo_2JPWD$+p3F0t|jB`?qxuI5y{1H(Ns%leqdXgF%^O zp<{^*2W@0D59?nIPuo3QRi`~-ZKr+gth39Vat22V3k-D2y(vHN`K=>EGRkV=Mmbig zT=JRxz3tKYw?{3f*T{c0SN?e@=+mXkiT8X??-*0olzMr2@s;$MQ*zHJIF@`5ly)3$ zYCU*K?07H7@gEBkQ$|z5QIu+q>uZ(+yUO>Sy>48asH8cZa?8y@-XBOHLYlzrLAQKJ~xmnC|r+M(eLC z1r5pg0dMI2%+r#-*fnm)d(9mCoVljMtrnXuXi}7D(Ad>KUCf?Koby zKDLhsN2tvqetsZ=oc>=kkT7cvS`laKQ$XwKhvZ-3&*7flD_t}bgj*;*@l z|6EXb)av6K_T6p%ZKv6^bk;pXnb;qrC(Q8AlWYBSNjY}^#0UN{mxMLE@&vv&ISCdo z9Q9z2%z+~xvq#Eo>)Q4$-6&aDWtsDyNtYC(EE=^YUGnv*_m|%JZfiP4WWM>=NXzLz zy5tNC+|@p{T}zWXGIU#RWUvuz)$Sv2%&Mdl|GTm8zj?ZOD_5qi zEqR}8T~a$>7)MGc=hIzq@$`@zmAuZ$N`8TWSC z$h00PsW{|Q@%DnJ)zNnGs%hf|_IRr;Fjt#6M16}HB}@N~j?__!p?*<2mwXvlpcSiI zpgx*^r)lVIsh18Os#B_Tj87l5d3(V<^H9a~sC9F@pUN-zF<-syi{EeMG0)q~f5@G` zBHz={Gwg(|jO)6DhWa1Rgy&gGH0N%qU1fT6>>AVE4q{72o$1=)WOMHPpLdiV{+@$; zb%I`c``$PWkuphcn)}RC>w2AK(+7!z;~r|AenrX+yK1>^M!@g(q1)FU`g*eS(R;QA zsB+5L8-22zBgG-)M_3K)vt?aYt*Sk|E7fNj|x{!FDd`#3w za>9s>zK2y-`KmimQhi%Ja`NhCl*p5<^2XdiN?EA~_+e>*&+MX#n{+@)>fsiJ{L&v7% zZCyTWMYoJYU7g=TqvdO-D6G9I^F82Vo~+ZMwbxqKJa1}`s5NR^ufE3Kpyu6MN^Q^N zAy@O-f0pH6X;8lw9ABk;@6CYf%eQKmh%Su&Q2q7l6!L|H~{ zq3*U%8#DtqPJLf3>oU>XcK10TQ-oFL3A$A}mR(O$mxzl`fuzs%%e}|hnL^vh?-%TH+x3wD_B7wc(=$U)obDW& zr0w=|qF&5<0rIIWqM`l=^|i{@$w^tJTk_{*dkitz8}=l<;r4Qe-25AwFDaJIlceHp zCtH*E=-4<$j&7AR)jzZ|z$N5)T$j|DE}fN&e%kJz_j>$tt7UOl%lxn3CLd9HD{w;e z*bt}TO0zPjR>U4pS22{%^4u4AyyD1^v?rHGB_tRtstQbdYOv+A+SmP}<@%?$@3Aa6 zG+>jgy8ZiG|1|RUY7sM6<1E~dLdbTdqnCNOY=M9S4gJB4|!acm~nGJS*w@C&nM+= zPl^@88a}U+>io2~RkGnmx48GuO5fMVPf1n3c;VjOR&&@+y*NbVUU|ug3fHtmL!XP5 z5B2<-#yEzJt+BQ(eO7sLMAC)Mnfq*aZB*N4ekPx?P$s)$vGDuk#ovQs2H6}xKg4mq zYw>08_^rQ_S5?oEtqETxIl172{?yv8m$9bFU3MP(#@F9I+1lk87*TrQx~QYKans{C z(`KJBe_rYK2z14iKI?gU`uc>AfmyL-R;To1>Xa!F^QV>1(ykbN?DNcaz0E?+w=O0o z`OfS_VG|o&b|qnC9lkXEsspCvHDeXDNX)U;(M>HCUdW-w0zuk z;-dL~A~W|_l}v8Va=g%f*)ME$__~MJ<#rBq_TOUQX<+}v@H6WbmHB&YZE8P-SKGo) z#Gk1ok~rwAuZy3nyNk0&h`(F!W<#HnW(jDoJOv+nEGkn+k-qzFx${G*8A4Zu%CCe6 zTA#8wD_OVL_l@G+Gb4_ruG(j|Q19NZOY`hT{F(8tgZxWJRQ$r^6s)pjoX-Z~p2<)wK#D<;hr5lz(BFHg8SbM$&IO&-o1JIl=#Mu%OmH?-$ z-E-SYd)r2NzOe2$Ne;F5ZNuDFz7jjY|7V;hIXP1}qryCG)I_a|U#gV6?QU-mvn-!t znD7mrX^Xt2(YD#k~cUr9&v_ciC}2uO1~YQEbubz8j{uZgiNn zQ+Q1_eXScF%HBI{rnvrcY|g1PpUp#3eAn4tjoKS6sh$`aZWnE?5qtASvUkFq z_6ce|Te2OjANZIx=HI)M+C;wTeE(ejy>kM=-s9Ix-+3o)U%4&2?A?$XZ?=0MIm9Ql zHGPd~f$LboH5sJL6;}M;v;>krq!_)i{KGq@M?T*$J^ZoO zPvvC?#U#XDp5PlUJo?5e>#FK!rj)y;PZi?g--=FX3cq@rENi7*X){nYeV6f_kf?H- zR~x?+<&V22_}S>7xIkO=p-UtE+&)IX)ezjUaHNl;<$F=VPF+KO`3=*(X17?x?h<=$ zsG{w!TGsPx{l`HvT3vdJoL(jFX~d z=eJa86^Wln_1}1Xxcz?nX3-w;z4J9>3Mk&uUk9~lytf~)VY;V5w4GOqN&0^$0&AoB z#rTu&>pj~N=`7^G@~3i`*UFET&C@i!#e24&e#ljqF{h^dRLsciD0RcvZ#T_%8lQe!-MVD=%b*MBCWR< zEgr198n>)v@4eyP?pC0}Y#QpKVrus;8+Z{8j} zC_nOaTEodUxvDp&RrWRsr>b|nb;xp&+x_9Q)}|=gXmRnBRJFPjqDmV`o2N9qch6D^ zx2*n<|J&udWM$ra`IN>r+J@(A56Qo(%QzKUSiD0fa!I^zM2B_0c)^(!Kk{c5EgX70 zCqg3r)dKM_=Rs3GmmRB0tT^#=yJz_X-SY-DbCMSq-Ibp%+^Ui@#AvtOWy^E2SLJ6H zMvF?!a#9?b7jsC9Py6#jS?S+zW_m4i*zJ*Km+d(0-ly_M$M(nXTXH^k-0P$9&#oTx zAG|wNydo)kTW-eX_%WYXn>^{E{84+SZhPoXq(MV@>x*v=m(R=*`IbFnv!{c?rD<>H z`AH5ft$r0VVqI-bf!f+A^YV12g1s16#K9>n~&VS~2 z{@wE8aO*^sa)0gXd(2foyExn&_E}DizrcRk9MypX^6Kqx?022l!S}-{aKI#|T(uEL zGru)O?A$cqvB}LTq3JhEN?DeS$m>^Us~B^y8#$!uTc)7aQCH|O+=lb_-GvB7{yvj=mXS6rR3 zu5gU_p!&4(f*7IZxlxvaW{dnyS54Ts%w@>kMXT}_jaDTusJ=j%(Ec$v!YbyDM~z&i z*Hq^%g1!@HZBwv%bLD7^*v*5Ahg&Ric3A4{ES7#a_jpZqNR^VL{u#SExna96TzYOi zKBUg5usv+c_Mog2osah_r0ShX8!)7>qENrv_V7zxi}CgEizbU4_--jN;GMf(g2*Hl z**_oidR`gk-k2PEQ}>w7x{|40%QR}InTx2d`TXpZPtt`3ieAadSv8aQ*lj&uq$Ao; zw$&{2c$dglj~4yr_0q4h#;bo*&B|RW9jH4Y$ZPZ!apiBZ-|nOttv;oHb$0Z{I+JT0WJ#>t@u(%m`rnJA0#4Vae3%+JUhHt_owGBRS;ZU=kq_0$ zz2vdxgJ)Cs#rKsu7R|B&^D?vU4$o1Y>*wq=LXr#*cHe=byjlkymGw zpvjilI|7rJXDfG=s|^tI+Isd#;Ekb5&hEvBvmO{^-Pm~h!Kckp^EMWW2E;8ndubv0 z+&$&xYw}Gfiq={)A9@YDE0p?iZ2lg-CAyM7EX?)qIXv96VpEAn=Ns8y_dBawwNj+U zTP(e+mML~6?8Bw-Tbn$jhkP|GpY+95m$G27#pZaSVfR-?swJFzmNUej|3&-5sg1!c zyZ7CH?kD;uaKVa?yX{r#s$y=GEKgH$2sQEllKWWFd*5xN(1M?v)57K&UT;@^8RN)T z{&VV>TVFJCT!tLelAb)=nW6-=b&fmAdU$?}8oUxr2tiQ)0ZJnlB5$p?(|uD=XLNn8A)5IKdu|@zg_8J{&{`S%OJnO z?G0h0Wq-_G9@+jxNa5H;y||2-YyQ*lOdfwIOj0RR*Q`aXaaDetq41>~_0qR1wBr+{>bm5?_*<`jRAioe_+xfr(YfiDuDui9WH9#%zp**rQ(ev0$zwMS zUS6RrEiC#@BXk1AJSC;oM}4Ybkhd}=IyJ;)ucFmS7h?mv-|Zh^)jFO0KxUYEOe_S~dM-^~VL*WMYH8!pX}nO@gixph@cuYQ+1-?BdC_jV}u5u>$dC64C%CWK6XLRr6kdETxEQem`hD^RNK({ zn^*nDr|U~E+?sUv>6>jsT9?h)@25eTYkDqbcf(bSj)KOtF6+aCmnA54O1~buZ0(vo zowj=EKg-TpRV7{?y<+F!(^fI$jGp`3mb_@2VVU}N^~a-U2A&DnH@h{_>}b1ZQt8Pd zzs=w5ZQ9l0H}3WFpNXTEZggByR=M|Nm9kZBXNdTnZriI_^-9L8B{p@M{y3jz`bqwI zweEE@cd~5AqjN7i%kCyVJnGa?F7wc)E^<(8&!_vHwVy67(2X=}SNd7h@^Ih6?Q6`n z-^q0yD;WLAZEco@)^Mq1MOSxti#J~TuWYsb#MIzhg8~=734FI>#DRJB<9ZtM$S)d> zUK(+rQ!)JLe}mL-`t+vDgJ1r6A^&Z4 zUg3=W0>i>StG^uXH+6r@^p3Z(zl=^5$!Z=pChK^~cP*{W%HJ~E^5@KFKYJ$WX-e+D zp(>mwsxT?PxaUrKoZ(vQnxhFND;2$pXB{zkUiu($SNf$mPv>{O%M+D)Hjzofq@Ys% z?HRw;CK!$w+Zt4NV9c8D?hk)%e7(`d&1plGY}cSg=6nO>`GuidG>N3N-`1x0FMWT= zlAyzK?~fR%+nD;7AaZa>U~oWyZ;*zbo~AbZJ}mt9c;f&PX*M)`8P|uv2md!e+71I@;ruzKmbRvv!C}GugE7e|RoGhuI3(&f z76F?IRipmMnQv*k*m&VWQ=9&wm~@%9FDK7|?hCgdy;VV=(lDSbOcxuQ7%w))i)8TB z`FRQu)CQk6f;0olVEqy0P7b7Y=ks?9clP!6_X)ygC6m6BZbh+s#*j!u7qhS14B&Tv zs6f~}D;ry0z%)GmOe+T=v4mC@6A==1H2VjG%gdB-=fD6s!pIYO*HRPo-VY~{j=}iK z2%_7h{t<0V=UCa8;9a~MnU5TtVd4DYQ$lbu=k$+bKhM;3VgE2p!Pj=;+pP)^)K49O zaWUy1CO9C_*_Rwj_QhT=CS20M8Xc+}h!8g46bSPU)1=mrz!Y)V%Val2PF9yqyg-Ycj4K9{ zzwN8H&sPD1#Sc9{p3G0PG63N*)Fx<_>&5P{pOmpuz=G<)*bJAiWiS*lx1WyUm0|=^n z?_wK~s;lfTPvFyA;hwN5Z(zn!zzli_L8T-=I{hFzYea`Rfbpo$0t|wv`rLGgL<;l{ z#2xu;Pk#Jm3{1HcKGfW(9Hx!Lc#)&ehVeK(F=TqXj?f2XTScy;G9_=%4F0)gFwGE< zK9s}HIE>1eHZL4zf?2nz2~P#E~*QpQ>0ha&tse6$aY zdi#Om@8XNGu$;#nfsFa?uQ7XHB*7S&$(mDJXH*6OTcW@Mpw?Lb82fB#Bl`uolYN6Q z{S_0!cG|<-Be2YOA$CQranEti5Fr#C0Gzp_z~By5TRTp224Kh&mKrdrc$XS3M~yzF z10{-mAn+@ISY&Yq@$mK~2ZsledEwR9;Ev{YaEx04m@Rla#T_LmJSdp#$HS5w7dZaX z8dkgx&WxbMbe!W16X@dR!WB`}pE zFqP@ZRK)LLPlehQmP~P`YWLp_=Oe>_K>du63Dj3&PvEbmCgv2KPhQhb z1vx$sA(S36iO6c~Nv!cALjp$(S@rkOfmy)&OCaI82=b;zY~)_&Knz$YahP&8q~N7v zNTkUKaB34auy258uK^^6Z97AJT?D9uG^GEN5bO&-u(3nD3G!O!09heK2vQ+2YRgX6 zX!(FBUvF>;8E9WLLi6ve%1v$3Mp(+<-$-=73$?2EquHU?kHUs_3-AkcA*$g*9xc|? zN9qp1XMj+BQ3V^C5gia)X#;zP|L z`%`n5z(99z3Q?xZEHS-Hy$&D&*wYZEFPwpm%^HXiqdn%>kfNnfm%cTO+T5Mh#I?`D z#_#pxwD_4A{P_jV2R{P&+2GJoKYD!uHoT{=x2qdLU5^^NXT~J(;0+_$3759QMh*&b z4WtA>oK1Ay&u)?9zdW8qYII_EzVXcKBctgcqd=EA{Yd%0s-X@MT_!JbLs5d1z#Ko8FA4*W^{9Ot& zwgR+)G`n}N&BTU>G(FH6Y%M|Xxn;+8+=F!w2UCkyYaZlt2JiFe_*2jFNe-d@0HFpD z^kNDv_56B~GXx`I!4EQKMR5FP@X-w_?DdDsmpOwlwH7~0!nFw9lQ8%3Ag>yIvPvUm ze+g$4E@>uy$V!#k3w3}I1~Cx5I8B2*2}M~>ewgli@ne{U2-Qvif44=Jy=Y&5moo+} zS;LQzu|Bno0_*<@quGP|L4mmk1U5Bu^>{16U?muKX_(nAAgHe38@0%wT6Y#KkrX0l$g4GiC` z!){HWbqGf)=rs!b7-BEgwouDJMXKzgb;y`A220?GALh~AvwtX{@V;_T0zpJ8$&wwW zw}9zPby8fW<1_Mm{KG$KlT=*}@-#?|U0|CW*@q{Gxsd~@ zmrZyn{7aSOT#JFIh61rXx=FInlN}(C9H^(GAM65YG8P4#tGwtI(rR$`sAuwqBRpXk zTS&~2=NOq+f*A*Y$8O87a~YYy0(1m2 z9f_QwSW9MjkC{Z&YP?GWj$MNftrA%#VWTiONGyh46O#}PVn$kMz@9@a+k*}67U1g( z)%XCSQS6|2n<0}SaZGk+FBDbeV576GD=`LmH152#brgy8#*{q(jd;d+3QVH0bdI^_ zG5dRQM=hj@OEgHNQHar7_Jtj#_ZS4GlrqO2@G^P#2T;QK3hbL}o4VP@4kG({I0u9T zySoIF-JRjMg_{p15>vlHKp8)D(@onSx+lcXW;uvx!kG24hUB48y8_ps)5j$$V1BeB z+-pZI6YKa)H$hAWy7}^Cg@DW*up@xtei_{#u5SQsKaXhLL^Z;v-U}8oS)ILBM^^3+ zmwJ)k+cShq*F=0fPdVbZKFouNqDzTH(nNSY!=PVm>LDG1NvrdY&Zb&$&BwttqdOlT z&HBUqM;rIps%vg5R4GzGw9w_%p5GsAU^tY;sJo2>$-S{?>%2X%Z(F3zUKWeB?hltG zY#=7jB{%f#)DWNZU0AKS>PxdG@w$Cx{|LAbdf~LZLzZVRN!f z#AYDVylon_@J@o|MmH7bZRl?XEWs2p;3U;UbC1G$XF&jsI`XNp{Q>)uJze0KH1)WH zZzxgS>JZ4)ECAht7?DxppxI7KI26v^c2Z9`@wC*O-2uHgKywFvhu9&h2`|Ol74~%? z8pa4HnXZkLDv{y|L|uov4SM?F76t;tWZ?JF*)Qh|SAjI{J6J{Zkji#AAAoWYB`1jb zE2bZ1k~M$bO~IwGPP+jO&8|g{_mAZ25=6!X;=Dp?3?olHP*{ATe;`)(iZ_s5Z&=tx z?T{e}*$b-rsweTI{mXfRZOx)6RH|k% zrh*GZ5ZQ&|=H(pZ77$3(iqmVpG(WrG5f>yP=36WOPC@~g?(-16p?2#S9vFl;VrIkA zDbXneX5bGqK#xs4dWM70fAJg*E}txKg7!v$z@X3Y{m=1RKDCL2N!S$^J7`nHhIoRD|Tp*aLgrAbP zX`vse+bo&DI&^<~yEqq^K3Tz!AuZ^;wGzmvflMCVSCt#V1p`$H{7}oMi{~VRD6WQu zQSGw^G_Ea>;sV8H0q|paJ{|C3fjE@?AO=DYRv5{#W3kl+us}EmiS%tSTF}s_#SQ}D z2(6ZgKQoVgprben%I1~U>?y3ic0a>|q6WH9{y)Lb3A28H`XYGTfv+$5^|hg3hMqtP zcs#QH{Bv=@(3XjZ=+WUo!T4#QIuF1D(Th|xc?+??fk$@t4t8<%CByY;YV8OUm?;;p zo{xysg-Ct5;k$(7wCW+_qA@Y8w&_7Fcvo>h+DB!L+;@f56vJ+a$ zVG(}1(6BltJa@=>G~(2c_U@%{+)x&`c)p8cuxL zRxB~{>m9$DMuHF>fe%gGXO`lGX9yUv8SE;P-*_CnXETJMXw0c~r=J=8%lwO(3`^MC!~+i=@9Jvx>lnEK9OEFM*^B{5 zCD7&pCKp+iw%7R4BM@SOp8eJ%tm0lA~UB%JxDcF&p8ucY(I9EZ;X~&!w1KC2Fr<*!qA0JwJXs8Ub1_sU<|6_k0yo*X zMhP@EV-*lOKmJWdUet?TIRo+$0)L?rwLNU69xf0;Z+ZMFs@}yO- zK>#*F$b$ASxB^KNs#FXnG3*M~VlV}5QMXZ2E(mo3oQptleu1oW!Ep~*PP4OaZF7y!p zzT}=D`PT;q3jG4MTZ0oqQ;bb;>jMY*44Edj^k-M58!7?o*MVxGXN$gA;=-qSBx2yL z^TqTwKroOa#U7|Ut|A(}CJQNb!17xupyyqOW+7GGf9OJLp6qJr`TT=3LuRM7T{)4T5Yb|zzH z50%gb#%IC|=q{ZWqsCq3Is>Mi#~-6Sw~1S-3ak7I$fcJRXh2doxdP#V4AXuy$sWHn=1xgOz^|hKHHZr3Ni2isGFkv zssU~gXRaWqGs6$2 z_A4V{7>LH&={4$A}-LYEax$*nlM+ z2F;{bv1tl3j(;FG0bsEQ_>sC!dc`IK(tgNOQF`_d;)?W78KXFoF~$yIM+tSqpDcdZ zd{oIEWSCmHK(F#W<~XjaON5IH_60SjQTfW}eCjb|Z~}0{09BF=;+!T97dAu5lpv~2 z#=i#6pKe-P!17XiwxMShPAhQ&VK{vJ5d47(bHu9fOu3UQ*|T!J50^O%8oT{T%oJQWEGu)f@&RTp*oc9?^SObu=l1-c@K$R{0mSBSKqZh-Vo6kH4_Mq?Q9!{gPk%S*;;*&(% zeL%)excEvp2Q)Is(7%a2h+(~NhaY3Lg_On!81y`R^n={UWgv+Hk#+!3gZitm22KzRYe0-Ubm5`-65~eB5WH{GRf#;By%#tY zsm7lF?Z?Cb4TtMiA=I1MM2|(9`M=H-h1ew#j5}&yGk#!^$lxe36X&$EeQ+?q-i5FU zt@J4T!GfmB3v`8bgT|}`^X`E8OX5;si(;uQJG$VYL2QPBD*3E&0u`N}PZ6Vib`$?( zT_tFtXTn}?5!J$j&dh&_;m7|H>2`uL-=RtD%bvdo4?eZ47(vE+J`n4Pg^Xe|n1A#n z`ubIPprIQsLFDPS6fYA9KZD>^N?|-nc#8*nPjYe1%jz31~peSFIe!bqNU$ zAe19lu4&Qpf&eTAKGfeCKI23H!#ZQ}h$*_S>a(`*29^zh)kcNtH%AES)j_x#(Yv>b zx#XOe0(GnJ-g2gdcena1rI_zK?A>`;u?O!)O;{Lie(nK%{d|a7*V96evx{JvTH!;T z>TzKqHs3;(HCErkSTaV@JqM z(XBgAIV@l{oghZJMdo+KnGneYKuCdx6NYM76X<>aI0d zv1Y(?Zvv*pS}!Vf-42R|HE<*pJ(Bs`6blxyUc~tR-DgSBc*w`7*N;*7Vp}YDcm*st zBna5ntDxcc3gW--eYS$)EI$NoXxMbxl@ki9GT}$5 z%U<(+EeK2+e5miS^W=nrun#}X@PxysN`a7JW7%u9nqHh>`iug80J*kX5uqRs_dyxZ zqWJMy^uTx}>mOV~0)YbXnj zvSTn?Jz>!R15zcG?Sa!#$hJb>8TRr0$-!#^C_Wg`C3Ebd3egLo7bNsEV%LfRIo!r( zL=adcFj=I(z;_2kCZu3E_JAs10#_KuNf-Pu1>zllpz{fd+Ps|}_|YV`<03a|cx{tb zu&8GV^^|WW#N;SO`xR~&z0VL33}ES}-Dq_otLxk_SYtfA`wVZ}Tn~pqJe8!(9#ovd zg%bq5-idF_FS1GVw}O=thj0>gZpn}EP{|MwV!m~qxb5L5;M!+H+d?#mwttQX9)e1u zhv2T{3?WnPH}%OL^e{@=2RzVWe!i4IqRsCAD;3#HJ&e2wtN^;XRNsaNoTf0uc>bwt zeCAm&HILy#mwfPdJlG7=LkwQfC&63*!q_7CP|`Iz@xascm>Bk`VBLgBh@}E1u&3AQ zKe=J|iWq+Lr$KUSC;-xCfLNj1xIqI4vxNq9N6{xr_(6U(6)%1THp71^d$blam>US) zPT)sbHvK;(b1>auKo0uwfyBnG)!Il*O-jy6I%uP<{NDlRv%%X zGNiZg3@7fHe?8cKb0@fgB5;Ce;&X%B(EmsPJ@%pzaN;Nz0*J`dwC>MsV?mxgfEctq z!hZ}041=(L7c6=VP9rikiyfT^b;9TL%TFAF6Ed-UY~_bf{fzEvL1gDDLE^{jduN;#70o%+7ybpzqtV>&V6oHUDe_d?rn8FM>=`SCWg3{P<1sAeZ0;ixY0Wl%wo57TTw!1n9jc&so;~GE z4w??^pDDsF1$~RbDh+tkfqMrWQ=-5_9)u5#&c5NoVX%-F9cHpKy{vK5LD;mDU&L-f z-WcH_lm74tF?6G!xr0B#GlKs~@UtCI|7wp1ow=~Y@GFEoM(k9BxXPJ*+j4Qh5FCrl z4I7kU74UO) zXxr^{7f8)jG}yUneFGbi_oJyLE#rm_2a1lthj#cJRf&!FFV!7->l~UU#NEe6BVyR) zv=+@V28}2ONky;fxABPROgj$*ZzdBx5Y%}*yOjDqyb=i093=0^eZ(8}48bC1aO*X0 zS3ZWCq$(T_nu|>2NHuR0LDY)aWK_aZXA8sj-ZpjiJNw@nc$*Ae`iafs?d$A`cCb2C z@XbP)64}PvJpQFta(&0%Pt>xUxdr>v-sWF;n?+C{+0EO-8xE@z+;$#mdvqD~Y42)K zpVqM(9!X`rC;4g#i^zX zE)24DJ0Ok4fyiPy@nc4rZrYImyC&g&%zpedD(h6SFQ-N=080I3$qA3pS4-93LSB>Q=$rVINA zVu}Wg&-g(Lh_L|xwR)Ts6gx<-HMut`x7l_`c#GL~Jys7yTrZr$n@xm3Z zr7mz@bLBjC3tGkvin#F7%bhe@HY9SPg(sP1HD~mS6K#CmBrf9z2LwWYrckmkHlsM} z2Hn-rJV6o_C)|(h*Sp=Qp{uF)w;QM&qP;RCOoYTI@E)SG-ai(Z^9_*aXRbtke&ZHD z2=G@-WH*)X`v+jx6RucHVpy4m+OG2%{St#}3s)p2Rg$~cd~t;ezU-vW03x$Zy$FdyoZB>H=s zw6&;12lRCb@ptp$p@=oerS?B~bd;n6D^1^Mq>Wr~4VfxLd%8TA$c}9#Tj#)GnHyjb zQCsD96B(WQsD*bZ*_oO-@-X|M+2RYf1FN6GhuSKSyU6&??qui>N_%S0d5sGNTKRZl z;xNUBv6}D~31mSn$`G8s6L9AvfGWaN{(nD zfz(D_&h7zjyc8zCBpOYqfI2~o8~a(T7quK=$ex~XvC1QW2gZ$RlM)mH#!Ugnq0x`P zH;x#LvJ_TA#AMgpktKpj5R7U$^RbDr`*)5QWS5|D#tkw2I8tSgkB$KILA@1+-nOx| z8_H^v=psxBfJ4OCZPuBTjFXO+;R89Qc2`0zd7&dm1lpUMa7n?Hhc$Un@pZ;#5U(F_ zj|7btC7n52%1uYfbjqlxNY*FD_~*v0Uh-4 zhh})o*Kq{l^@X@uX0z)hz~4oUWf$JMIF10cO;GOIyifantj)FjsUc^p<^>P&&31@rn(klwa7=)(~1ni*t`OBHiO}jsTIJ&o0zzCDWppVu_@%qsHE7# ze%xYEvYE&f0!wjEfuRV*=CC2yLY?|ZU>EG2qucgIm6&s2b-cvj)#d-3{|1Tz*SXma zvl`c9!ZSk|V&ESPw-?la;UPnCi5}w3e2EE8_X@4=uUS02VGZeq2fG!b9p-P<{opr!Mg^S(d{ zta=@sGeuQAVJzkZ=$4KeV-e%M*}6+d*1?G_4`_0No>w2EjS0^TjEI42d03WGPacQ? z^HGr#x5NaenKy!Dzr8U>;1X~=6T}WBJ9-f&GSgcVBm2Y2gBMMJ>~J6()$&vBnBYM! zp=7vXOmx#TG|!}PBxv|0aOx<_ojtL!$xtsL>e6#2sXUVhcRm2lBcZ2A8v`+sp*%6U zuRKAF=ePIXIx!S@KH)E(Q^GOPDP&Jb%L(6a-n;I=nP*U`JO@|eP+M4&K?8ML)xeU+FglN$PlpIapr;X!?PUkdM-os2vL#tZO3qp+a7(TRWGewgl z1VelAV?0kuyYCNi|HiTGh0SCwju^eE4*v0b-hbb{6Xp-kKC>l=_R~3z&y))MAZvqG zUQYl?hyXu_7HnqD;0VHEWbvaYla`zJK;4x3s5)AB8aIa{N}u1xkD$<^r{N7Ubr|SC zcPgSxI3ln{MfhP9cZ7_fwqjcgnv3qd%rfT)gGPV&fdrzT=$QdfA^@QRe0Cv6Aco7w zk8vQdyp&pWehxfCSH;SbGX~AI<44$P{o%iLK*4jU|D!t#af=ZIh)s2Z19Y9qVVK1Y zrjmC{Efd}hBgaFXj=r-FEQ9>t(H>mF?-@sr@hM?85>NjCOM4Ue;I~zt%o@-b;l|BJ2Ebh*OW?C ze3PiHH>$u{pyv7&$8mA9g!9zt(oQQ=RsP~Mb=Lf zMm1~hIj)04K?E-F2QikGm}Z@-IwEZd&{F`Keh8E%pyn62LicTu6GJ3zey;3W*$!Acm`&@o`-sY}B2E z^+W}z(1OWNQ|!uRtkEr!A?`()=xnos8OB|q9M1OXVrX~LSxFY^z z3^QZNCsGGcSOg)IHX^mZGPz>1#52TryGd$taT}1P0{lgn(;=HHDm~62208zH$kpG# zTrDMbLeHG$3Q4PpP+w3aD7Ud|b7oOXkGjBObV((yaYbdsF2pEZ>)4`S4IV`W>M*F_ z#@*nG=@;PdLk=fM<;W91wdTT7Qk$?$LxiZfj4L9?b6dnH_I_RZF&j*v4^WK?@%npQ z@mX?HVyFY}&wpSFMpqG>D2kf=kSnUciyt`%;s(MO?R2DH#mlWtarFP@y+MCdSo=kqb(8gSKq=%OF*Z;EKm`f{_^N zXS-t_g&@6|Kqs5=&4D%D8_7lokFOYHjc!s|YaY8r$+A5guHu%tN zp3;GgOgqh^84Pd6;jIhZKA-1S1civTW7&%{6Tcy2v-o)YGryFz`_og<+?%k%^u!x< z3G$0sd?Q%x1vAjbKlmZR+W0h0XxMRx{fycw0c3DA|HKdA8dzCpw;!ep@fW=!0l&fQ zm+2w^)cVh4JznZRxh19>hC!e{NQrrzn#LGX1u`_RFTVW|G|F~CrteZrE{vj}P^mM<_(2n$^ANu&9jkj_+4@|s?53?prl|2s)j`L6DnGQlL@m&@h#VSGcb!LrF z@EXgFF9)l;z;=u5EcSy)62mb;SeZx6Lx0!Qw+aWjhLD!+tin50On8QT5W{{{?0WDM zGzdBj7jV!G`v>DNv6%}>3|w&N9E)9Qkhs7t0W>1gG8&DwxV*Lo;w)42tsk09jrZaR z%WQpsSE4+&J$qdN%HRT_JbH6F8ViEnQ2|RwnEI|YwK4BESQZ(Mvu{qc9K|%7Gv4i!SBEIyiS+ z1`!Clau3#GpwTNd_`zIeoIbb}$b$D&*-rlFY{vlmm;OBT)&Vr3Pu__EMZ~1unt$%v zauCt!9;M&W)-jlU5`Jnd6);?ZxNe>`oQ0kaCnCFLYaLMWlcOxg6_|VO+wM$P~t0S z>J8wAF(R3JJ9(JIzxDvyRpcsiL~PLoyOyxs-&JbHpEg4bJ-#y_r`$m=INprW=OE(M|4|LFzD zxGeQ`{G*R>n^(RN>f5`(U!z(2b}MA`zFiXhBmXS_BpM71F9S)YN7^+0kF`feW+!&yT5;WOI&3sxe7_Z|-5VO+Zh zCL2JbzrlyDXPXByE=$oF|LCszYq^{tzp$mmcB<*~l?NL=Am28>K?OMo7( z{KO~4s=>69rJ@?#MpNghaG5&0CN&Ls{06)cdPDWy00aTu2*A%B);cj-{i_u~0I1yI z?eteexprd=%-sy;jxMWCA~H0~)(O_cIj5~??+u|nQY>v{Xe}DJHuGTSjSohi(l`kV z83o#j)}JlV0ol_i9Alq)nKyYKu;K++EtC~z$;f2MVQ%EUX9N3Kfn#*%Ic_6OK;d{c#Lz8f#%12UAXj@)@e|HxD5L2SS$<`k`K~<8od*x|O13 zUnv>LxPRqZTnA^aKGP^&wz>gb-5R5n*k7TF?(Dq=EIZw{P?yaACZJzxQafkI%x*2?bmMJzRW!UEx({PTO@{my@$>(q*0|n`PG#OxO;A-eI`S z%U$;y6R74T<}c?z3cBVn+hA$+jmwY_{C0qRQ|*E{3_lK}pI#lN*@00vIYCh1z&tr3 zG$4d=YMv{9nChkf#@P4XIA~0Go&8L2^es*x)E5#lO#^fIieKIX)PaUnpaFHMM?P>G z-Y2t;ga@r8AP4re3a+*h+oCG91v+UO}#9(a|r&#=f?8n}ST?t>$ z;so0(Q}_*uZJ@CK3Q#~-F!X3Bqz4Zmvd9s`)?$s#S^dNy7^3}9)vwVO8Jl{O4#T=~ z9+e&^Q%BB^p1An$Q5h14HEpI{YASK=F@b`i0i4@MFNH;O0HDs@nP$kHdE~uu+|86v zAkJGMd_ga{DX;jOl3pNJGW3F@)_O3lAd{X?{I3&!0r!{QWWRgnWlFpxSv4vVK7VOAUn5yIE;?91Y|jtc}d`XqZ&T!N{O8scAna!*L4 zD_EGPP@+U5cP!B9;tX5Uqv7T-Sti!AdL zQZZ#s?tE3=2XINxK%`OU@ZlB?Y_3&h9P%OMHfo7EEL$e*VWEfWOz-v&O+CLvC7mG6 z856<>hk^mx3m*#HeZPNThH)b18pe1;4i^AMe*xu2Q-hZe`Un0OKHF&J#e4=m+zTlv zdg#}(zJJtS@%m>!T<}6r<1vWXPB77E^OU?dIPjSklo-?9q~B~h1`g8#d@?HGKbvvD z|4WXP6>-0C7jXTBK6~F9(a$)bS)CLy+P%qn`r)8n2O%jy8|R1%$gl}Lt z0p> S3 > Bucket > Approved\\\"}},\\\"turbot\\\":{\\\"id\\\":\\\"1\\\"},\\\"resource\\\":{\\\"akas\\\":[\\\"arn:aws:s3:::raj-switch-role-bucket\\\"],\\\"metadata\\\":{\\\"aws\\\":{\\\"accountId\\\":\\\"688720832404\\\",\\\"partition\\\":\\\"aws\\\",\\\"regionName\\\":\\\"us-east-2\\\"},\\\"createTimestamp\\\":\\\"2021-01-18T16:35:52.000Z\\\"},\\\"title\\\":null,\\\"turbot\\\":{\\\"id\\\":\\\"213971924734526\\\"}}},\\\"oldControl\\\":{\\\"state\\\":\\\"alarm\\\",\\\"turbot\\\":{\\\"id\\\":\\\"1000000\\\"}}}\",\n \"Timestamp\" : \"2021-02-11T00:36:29.844Z\",\n \"SignatureVersion\" : \"1\",\n \"Signature\" : \"tXPOjoPlElJtiKWX5EIXMwLs7JRXKnj+xj1n4KL19w2tbgqbzmvV+ncRAogYoxdhI72oFvo1vaz2edOBB8O/9l9+8TvlLwx3MXw3fJidwOA6cXJMpux9ah+Fs/D137ebg7W24ibChWb+4CLDDAIyQUn5b1dtwdkN9ayein6uwIF7Bxr+N9M35homuEkDAZyVjvAPGd5TIn/EB+5WdLxa9UxpVHaTvJDXMvfjopdV37YzYgjYqupIhGmjRfE7JjXPqgnrONdoVQdbPxulQTKe1L4B0DsH1xORMSl+ZjLa2WacMLRIMJfFxM5qRcK/QJ6uhLpt+XUuDdqZSqirq4/0WQ==\",\n \"SigningCertURL\" : \"https://sns.eu-west-2.amazonaws.com/SimpleNotificationService-010a507c1833636cd94bdb98bd93083a.pem\",\n \"UnsubscribeURL\" : \"https://sns.eu-west-2.amazonaws.com/?Action=Unsubscribe&SubscriptionArn=arn:aws:sns:eu-west-2:210125595713:turbot-firehose-user-sns-topic:a036479e-e982-4824-ad26-96f36636a384\"\n}", -# "attributes": { -# "ApproximateReceiveCount": "1", -# "SentTimestamp": "1613003789875", -# "SenderId": "AIDAIVEA3AGEU7NF6DRAG", -# "ApproximateFirstReceiveTimestamp": "1613003789876" -# }, -# "messageAttributes": {}, -# "md5OfMessageAttributes": None, -# "md5OfBody": "2e8279f5dd14f0c58de655e94a1ab551", -# "eventSource": "aws:sqs", -# "eventSourceARN": "arn:aws:sqs:eu-west-2:210125595713:turbot-firehose-notification-queue", -# "awsRegion": "eu-west-2" -# } -# ] -# } - -event = { - "Records": [ - { - "messageId": "7df58378-3163-4b8b-b077-3de9131349ed", - "receiptHandle": "AQEBukY2yqFumYbmEAqev46naZH819Xr2SJY0+Ne+Umh1KIXAjavY5Mbe9i4f9DNjB69HpMpnxLxFIkSjZGhQwnM2nIIXiC4reyJdxpo/HmvkXO9LhS4orX5o+XbaSRLmuTij693/finqbP1na9qvvaS4vsifEetRsKykbReSEhD/O3Cn/gxOe2CofBHEkgWX9+0jh4omEXoIhwZNmAtyCjSRfHM+0bycXnJhjyBA8re3lywt+ZRs4G3sHdm6vAVwgLDujUC8Lr8jZJw7HzWP7E3PXruO+XBeW6+5UCAmbNYneWjk+CKe9mFfo9nNa7V8rQ+O8OyqgmQ/ybsJJ3cdiMknm4vIHAdVmYhT4GdMnFUxIj5KB0+5Z/Vyq+zYnpn+DW+epc3JkVfPyIO/0fBaOMt+1a5UtfzkOJ/ydqqQSeUeMU=", - "body": "{\n \"Type\" : \"Notification\",\n \"MessageId\" : \"9b2c3e73-ac08-569b-83ed-66edd243057e\",\n \"TopicArn\" : \"arn:aws:sns:eu-west-2:210125595713:turbot-firehose-user-sns-topic\",\n \"Subject\" : \"[punisher-turbot] Control Approved updated by Turbot Identity\",\n \"Message\" : \"{\\\"notificationType\\\":\\\"control_updated\\\",\\\"actor\\\":{\\\"identity\\\":{\\\"picture\\\":\\\"https://www.gravatar.com/avatar/cb9ff8606c24daf9cda1d82615bd7a8e\\\",\\\"turbot\\\":{\\\"title\\\":\\\"Turbot Identity\\\",\\\"id\\\":\\\"173249891011852\\\"}}},\\\"turbot\\\":{\\\"type\\\":null,\\\"controlId\\\":\\\"21212\\\",\\\"controlOldVersionId\\\":\\\"216036328690947\\\",\\\"controlNewVersionId\\\":\\\"216036333047576\\\",\\\"createTimestamp\\\":\\\"2021-02-11T00:36:21.489Z\\\"},\\\"control\\\":{\\\"state\\\":\\\"alarm\\\",\\\"reason\\\":\\\"Not approved\\\",\\\"details\\\":[{\\\"key\\\":\\\"Usage\\\",\\\"value\\\":\\\"Not approved\\\"},{\\\"key\\\":\\\"Regions\\\",\\\"value\\\":\\\"Approved\\\"},{\\\"key\\\":\\\"Budget\\\",\\\"value\\\":\\\"Skipped\\\"},{\\\"key\\\":\\\"RESULT\\\",\\\"value\\\":\\\"Not approved\\\"}],\\\"type\\\":{\\\"trunk\\\":{\\\"title\\\":\\\"AWS > S3 > Bucket > Approved\\\"}},\\\"turbot\\\":{\\\"id\\\":\\\"12121212\\\"},\\\"resource\\\":{\\\"akas\\\":[\\\"arn:aws:s3:::raj-switch-role-bucket\\\"],\\\"metadata\\\":{\\\"aws\\\":{\\\"accountId\\\":\\\"210125595713\\\",\\\"partition\\\":\\\"aws\\\",\\\"regionName\\\":\\\"us-east-2\\\"},\\\"createTimestamp\\\":\\\"2021-01-18T16:35:52.000Z\\\"},\\\"title\\\":null,\\\"turbot\\\":{\\\"id\\\":\\\"213971924734526\\\"}}},\\\"oldControl\\\":{\\\"state\\\":\\\"ok\\\",\\\"turbot\\\":{\\\"id\\\":\\\"213971925119603\\\"}}}\",\n \"Timestamp\" : \"2021-02-11T00:36:27.806Z\",\n \"SignatureVersion\" : \"1\",\n \"Signature\" : \"jltPaywEJtOXY3DFqyZc5I4Xud2sSUbaRlzmDtw/VoO0lFOtyJpPFICOjkZ1diEhByS0cFXToMELtQ9JUGdzcPqATkWbouVA5CtldP1uqBctRpI6UhWkwq33LEmkP798j6IfwPevNa7r5EiITPlBogkbtung5OYOSMKGgQtsW713mBDgMkKXDypb75y/teYBIjiNRjcnodb2TLYFz2aaOjm7yGQgGiRq8hQPTjxSeR1k3KwinH+a6+rhFx/rTymCLeY8CCqidgjiFP61FOv7l4SOIbaqj1HbaiTWk1rl1exIYMtSpGLQz00lA1HwGiE2mG7iPEBTDvIbv5p7IqMRCw==\",\n \"SigningCertURL\" : \"https://sns.eu-west-2.amazonaws.com/SimpleNotificationService-010a507c1833636cd94bdb98bd93083a.pem\",\n \"UnsubscribeURL\" : \"https://sns.eu-west-2.amazonaws.com/?Action=Unsubscribe&SubscriptionArn=arn:aws:sns:eu-west-2:210125595713:turbot-firehose-user-sns-topic:a036479e-e982-4824-ad26-96f36636a384\"\n}", - "attributes": { - "ApproximateReceiveCount": "1", - "SentTimestamp": "1613003787831", - "SenderId": "AIDAIVEA3AGEU7NF6DRAG", - "ApproximateFirstReceiveTimestamp": "1613003787832" - }, - "messageAttributes": {}, - "md5OfMessageAttributes": None, - "md5OfBody": "497fbcfef2d2b1aa318975f4d5d6628c", - "eventSource": "aws:sqs", - "eventSourceARN": "arn:aws:sqs:eu-west-2:210125595713:turbot-firehose-notification-queue", - "awsRegion": "eu-west-2" - }, - { - "messageId": "a93fef48-d66b-443c-bb03-6a01032258fa", - "receiptHandle": "AQEBh8u2Gu6qE/2GQA2NiDIPLgKvbPoTtfOU429sFRm/wODF+8ZEb8QR3Cl86l2SD66wdTXHewS8N7TTwU0uKLo3aXEHdlGQrV68x0C88PVQZ0eunaEsBrjxYqe2fN5uPsxuwFXvF8Kw05mehePKu5Z9e/vYiTWUEsAGMZ7OCQ1ZiEUKUHLLKOX4tpX5mXxTaJsau+BQLxNz2wA50taYuBPm8UxbPo8kjSiKuAKDJ5SRY0DudJZjtsJP+Dh05+IpptNXC1ZVuDBScO5G+b/O3MRo4b1qYF9iLT4YFXY9LZExc7xbF7FC1lQ2E+5aZ/7eL7ZBK/pkQ1NFVADNXYc2opgjnWQqw/zr8W6vkXM/Pr0A+lMQ2vbf7L3oCNLuPMsMmYegdR2rYAUNoytBUg9PzFjsz6HqLlcP3CxPc68OcAM/+9s=", - "body": "{\n \"Type\" : \"Notification\",\n \"MessageId\" : \"0363b33e-e862-5424-bb9a-eba0962e6f00\",\n \"TopicArn\" : \"arn:aws:sns:eu-west-2:210125595713:turbot-firehose-user-sns-topic\",\n \"Subject\" : \"[punisher-turbot] Control Approved updated by Turbot Identity\",\n \"Message\" : \"{\\\"notificationType\\\":\\\"control_updated\\\",\\\"actor\\\":{\\\"identity\\\":{\\\"picture\\\":\\\"https://www.gravatar.com/avatar/cb9ff8606c24daf9cda1d82615bd7a8e\\\",\\\"turbot\\\":{\\\"title\\\":\\\"Turbot Identity\\\",\\\"id\\\":\\\"173249891011852\\\"}}},\\\"turbot\\\":{\\\"type\\\":null,\\\"controlId\\\":\\\"21214\\\",\\\"controlOldVersionId\\\":\\\"216036317180248\\\",\\\"controlNewVersionId\\\":\\\"216036328690947\\\",\\\"createTimestamp\\\":\\\"2021-02-11T00:36:17.236Z\\\"},\\\"control\\\":{\\\"state\\\":\\\"ok\\\",\\\"reason\\\":\\\"Approved\\\",\\\"details\\\":[{\\\"key\\\":\\\"Usage\\\",\\\"value\\\":\\\"Approved\\\"},{\\\"key\\\":\\\"Regions\\\",\\\"value\\\":\\\"Approved\\\"},{\\\"key\\\":\\\"Budget\\\",\\\"value\\\":\\\"Skipped\\\"},{\\\"key\\\":\\\"RESULT\\\",\\\"value\\\":\\\"Approved\\\"}],\\\"type\\\":{\\\"trunk\\\":{\\\"title\\\":\\\"AWS > S3 > Bucket > Approved\\\"}},\\\"turbot\\\":{\\\"id\\\":\\\"213971925119603\\\"},\\\"resource\\\":{\\\"akas\\\":[\\\"arn:aws:s3:::raj-switch-role-bucket\\\"],\\\"metadata\\\":{\\\"aws\\\":{\\\"accountId\\\":\\\"210125595713\\\",\\\"partition\\\":\\\"aws\\\",\\\"regionName\\\":\\\"us-east-2\\\"},\\\"createTimestamp\\\":\\\"2021-01-18T16:35:52.000Z\\\"},\\\"title\\\":null,\\\"turbot\\\":{\\\"id\\\":\\\"213971924734526\\\"}}},\\\"oldControl\\\":{\\\"state\\\":\\\"alarm\\\",\\\"turbot\\\":{\\\"id\\\":\\\"213971925119603\\\"}}}\",\n \"Timestamp\" : \"2021-02-11T00:36:28.017Z\",\n \"SignatureVersion\" : \"1\",\n \"Signature\" : \"rqLLoN4vVAbX5XCz2YOxKVIx8HUBZJDFcs3zHHE+kDtKlA2jpPo87swuUgn8d2s2JBgnwRDAzjjWCFtHUtvW0uIHHmEFGchM0f4c3nN+5DBYs9axrpTmX/WRd3klr5ejOQKGyFfR85qj+BfWeMPtIjx0AEhaL06T+Mvhs6ASXuihcqgUbXiT280Xmd6K5POYq6oZ2dLk2H7Gwf8XvRl3gRgA0ETTjiDsPDIgCWixbHyVJQfyOa0KyeRtvBdZhTf4beblo6SYkKC4KVGqYMvlgZz1l4VYxH+GqcXA52zstXW0RTb4+TKsu+E4VB4MHpHOlmG4SNKq4QHUexDdOrjDWg==\",\n \"SigningCertURL\" : \"https://sns.eu-west-2.amazonaws.com/SimpleNotificationService-010a507c1833636cd94bdb98bd93083a.pem\",\n \"UnsubscribeURL\" : \"https://sns.eu-west-2.amazonaws.com/?Action=Unsubscribe&SubscriptionArn=arn:aws:sns:eu-west-2:210125595713:turbot-firehose-user-sns-topic:a036479e-e982-4824-ad26-96f36636a384\"\n}", - "attributes": { - "ApproximateReceiveCount": "1", - "SentTimestamp": "1613003788047", - "SenderId": "AIDAIVEA3AGEU7NF6DRAG", - "ApproximateFirstReceiveTimestamp": "1613003788048" - }, - "messageAttributes": {}, - "md5OfMessageAttributes": None, - "md5OfBody": "f6a2486aaa3b534c1b2602c595e3e02d", - "eventSource": "aws:sqs", - "eventSourceARN": "arn:aws:sqs:eu-west-2:210125595713:turbot-firehose-notification-queue", - "awsRegion": "eu-west-2" - }, - { - "messageId": "8ea8ffb7-aaae-429f-96f8-ea1851a6e913", - "receiptHandle": "AQEBcmDgMgSuhmp0ZOopycdusSdBtMjW/Y0wzDLSSfunnFpGQ4qVOrv9twvW6hjwpikfaSsAigdMfGxkLYmHxTvCkePH55ct8nSFa/Y/ARabd81MX63Zz7CrB0F/aigxDMr04/fYOPLGOTU6ikJgfxGqPq7LykoSWE5uzU5Yn4YgfWv+ODOgH8kF/jaYRXROF1HvwUwijNv7bQbqg53J6f1rewahEEI90DvUSwF7TYjFbgR644qMQCQJmYHpI8mFKe5hsNlpQwtxE3dgVlevwPlNQfxcGic0JA/iIsu3Zgr6ywJoy56rXoQO+APlgfU55o91T9+6mHUxOctsDAbEFCjZqoAjOX/AQnPmpm4QnfXVM/BW3qu1LAZ4b+enVvfwoNBNxHmcGgjK5GMXVdjXdUazvTfd4CHjBrgIu+ECF81h6A8=", - "body": "{\n \"Type\" : \"Notification\",\n \"MessageId\" : \"bd8b6d21-6b79-57b3-a66b-35bf153581b7\",\n \"TopicArn\" : \"arn:aws:sns:eu-west-2:210125595713:turbot-firehose-user-sns-topic\",\n \"Subject\" : \"[punisher-turbot] Control Approved updated by Turbot Identity\",\n \"Message\" : \"{\\\"notificationType\\\":\\\"control_updated\\\",\\\"actor\\\":{\\\"identity\\\":{\\\"picture\\\":\\\"https://www.gravatar.com/avatar/cb9ff8606c24daf9cda1d82615bd7a8e\\\",\\\"turbot\\\":{\\\"title\\\":\\\"Turbot Identity\\\",\\\"id\\\":\\\"173249891011852\\\"}}},\\\"turbot\\\":{\\\"type\\\":null,\\\"controlId\\\":\\\"21397\\\",\\\"controlOldVersionId\\\":\\\"216036328690947\\\",\\\"controlNewVersionId\\\":\\\"216036333047576\\\",\\\"createTimestamp\\\":\\\"2021-02-11T00:36:21.489Z\\\"},\\\"control\\\":{\\\"state\\\":\\\"alarm\\\",\\\"reason\\\":\\\"Not approved\\\",\\\"details\\\":[{\\\"key\\\":\\\"Usage\\\",\\\"value\\\":\\\"Not approved\\\"},{\\\"key\\\":\\\"Regions\\\",\\\"value\\\":\\\"Approved\\\"},{\\\"key\\\":\\\"Budget\\\",\\\"value\\\":\\\"Skipped\\\"},{\\\"key\\\":\\\"RESULT\\\",\\\"value\\\":\\\"Not approved\\\"}],\\\"type\\\":{\\\"trunk\\\":{\\\"title\\\":\\\"AWS > S3 > Bucket > Approved\\\"}},\\\"turbot\\\":{\\\"id\\\":\\\"213971925119603\\\"},\\\"resource\\\":{\\\"akas\\\":[\\\"arn:aws:s3:::raj-switch-role-bucket\\\"],\\\"metadata\\\":{\\\"aws\\\":{\\\"accountId\\\":\\\"210125595713\\\",\\\"partition\\\":\\\"aws\\\",\\\"regionName\\\":\\\"us-east-2\\\"},\\\"createTimestamp\\\":\\\"2021-01-18T16:35:52.000Z\\\"},\\\"title\\\":null,\\\"turbot\\\":{\\\"id\\\":\\\"213971924734526\\\"}}},\\\"oldControl\\\":{\\\"state\\\":\\\"ok\\\",\\\"turbot\\\":{\\\"id\\\":\\\"213971925119603\\\"}}}\",\n \"Timestamp\" : \"2021-02-11T00:36:28.808Z\",\n \"SignatureVersion\" : \"1\",\n \"Signature\" : \"sjqj3IEDmz2UYnJr92fsurNTttLO1LEl1tqqeb40CbiN+L0D4Ft60Bz4J2GO1NGWu6nexBTsPs0PA9x7EVZTucZjkDcDR8gRrLJ1Jwkv86ojp0n5Ruu5zg+a4pVNZan6vrbAuUUtz48hh2YAGxSWKtAglT+3waBB+QvuYYRwrFvwPCkCrx7amfFPmCsKYdnUMBgYVG6bdxGwKGlhPfgOh5fOxn4POfQLX1YdDNcYSuOqq3xMn1GaZ8uoIPIi8e1R9tlXCCjvx0bB6/VlWWfe0supG62Hj9O/qy/IARfj4Ae5/FM/0BEYFUKUg43uevOtWPlsh3KxixoOhrsfvh6n4Q==\",\n \"SigningCertURL\" : \"https://sns.eu-west-2.amazonaws.com/SimpleNotificationService-010a507c1833636cd94bdb98bd93083a.pem\",\n \"UnsubscribeURL\" : \"https://sns.eu-west-2.amazonaws.com/?Action=Unsubscribe&SubscriptionArn=arn:aws:sns:eu-west-2:210125595713:turbot-firehose-user-sns-topic:a036479e-e982-4824-ad26-96f36636a384\"\n}", - "attributes": { - "ApproximateReceiveCount": "1", - "SentTimestamp": "1613003788832", - "SenderId": "AIDAIVEA3AGEU7NF6DRAG", - "ApproximateFirstReceiveTimestamp": "1613003788833" - }, - "messageAttributes": {}, - "md5OfMessageAttributes": None, - "md5OfBody": "ec171637d6f30f8a7da63afabec428fa", - "eventSource": "aws:sqs", - "eventSourceARN": "arn:aws:sqs:eu-west-2:210125595713:turbot-firehose-notification-queue", - "awsRegion": "eu-west-2" - }, - { - "messageId": "5f6ed1c4-8d50-47f7-802c-994d52f82550", - "receiptHandle": "AQEBsUVoPOzW5KaHW1k9vLppGaJ0HcXjDro5QHeHij6fOxilvbGYok3a+3BcrhOlgDuRzYplNZcj3sy8zZPvUNwT5/Gr5gNa3YGi1Dl8l6di+3HU9u9FX8lrlZ7I1EEc+lIOUuE6o5cbgqlR2mYW0UAQooWs/YqKZorsECHzSTS2Jve+d5WQs1mQAgQEpzU+lx8sLzWnKnl60GvCSGeixywv+w9ddJvHHyCcG+j4rAG3rmAcCoeXb5FgE54xa5EwHLQuU5WcWHUPM0NNlXuH3uJOBBozA3Kk/NQQzJE6hiX+6gLKJB3xx8cdHnecPclFQK9wiDqgS9pFZ1wDxzTc6hy7i15uYlDZYZNeMTqklZMBtaWPb5hugOjy4gjdh4m/rlj5ATfi2scKGu2cB8Xfw0ezDHzjjwlp+71EtVmLJ+vcJEY=", - "body": "{\n \"Type\" : \"Notification\",\n \"MessageId\" : \"1c700edf-e1cf-5381-a621-56419f828b41\",\n \"TopicArn\" : \"arn:aws:sns:eu-west-2:210125595713:turbot-firehose-user-sns-topic\",\n \"Subject\" : \"[punisher-turbot] Control Approved updated by Turbot Identity\",\n \"Message\" : \"{\\\"notificationType\\\":\\\"control_updated\\\",\\\"actor\\\":{\\\"identity\\\":{\\\"picture\\\":\\\"https://www.gravatar.com/avatar/cb9ff8606c24daf9cda1d82615bd7a8e\\\",\\\"turbot\\\":{\\\"title\\\":\\\"Turbot Identity\\\",\\\"id\\\":\\\"173249891011852\\\"}}},\\\"turbot\\\":{\\\"type\\\":null,\\\"controlId\\\":\\\"213971925119603\\\",\\\"controlOldVersionId\\\":\\\"216036333047576\\\",\\\"controlNewVersionId\\\":\\\"216036336629722\\\",\\\"createTimestamp\\\":\\\"2021-02-11T00:36:24.987Z\\\"},\\\"control\\\":{\\\"state\\\":\\\"ok\\\",\\\"reason\\\":\\\"Approved\\\",\\\"details\\\":[{\\\"key\\\":\\\"Usage\\\",\\\"value\\\":\\\"Approved\\\"},{\\\"key\\\":\\\"Regions\\\",\\\"value\\\":\\\"Approved\\\"},{\\\"key\\\":\\\"Budget\\\",\\\"value\\\":\\\"Skipped\\\"},{\\\"key\\\":\\\"RESULT\\\",\\\"value\\\":\\\"Approved\\\"}],\\\"type\\\":{\\\"trunk\\\":{\\\"title\\\":\\\"AWS > S3 > Bucket > Approved\\\"}},\\\"turbot\\\":{\\\"id\\\":\\\"213971925119603\\\"},\\\"resource\\\":{\\\"akas\\\":[\\\"arn:aws:s3:::raj-switch-role-bucket\\\"],\\\"metadata\\\":{\\\"aws\\\":{\\\"accountId\\\":\\\"210125595713\\\",\\\"partition\\\":\\\"aws\\\",\\\"regionName\\\":\\\"us-east-2\\\"},\\\"createTimestamp\\\":\\\"2021-01-18T16:35:52.000Z\\\"},\\\"title\\\":null,\\\"turbot\\\":{\\\"id\\\":\\\"213971924734526\\\"}}},\\\"oldControl\\\":{\\\"state\\\":\\\"alarm\\\",\\\"turbot\\\":{\\\"id\\\":\\\"213971925119603\\\"}}}\",\n \"Timestamp\" : \"2021-02-11T00:36:29.800Z\",\n \"SignatureVersion\" : \"1\",\n \"Signature\" : \"jwL93HhFs8S8tP+NAS61W2bkH2HVerh71gXCPVvTfb5WA55GnL6n1xVXg2Yu3vS9Eh6l+c1fuMvGkc0bmJcw4/XFoSQAx8BtbtCPGX+qiu9bawJu01Pdpvd9T7BYBXOEF2OeVHDz1ulL+tpI5/LIv/TGieZNgLcFZJBsiOkaDyQptFPPnBKXRQnLIy7sBSdlNQBgYTOFcORZth8lKZYlNPXS/ciSeh85QEQWhkWQzcI4u4p+2Z7OA3dyDAO1+MoRljKV5Y7wVCm0MsYlrPfJghFjoDsOLtZfvo0CO+ewLJLknQ4y4tjzqJ4yTyIJhAWwCcP3zAbC8NA87FEgn4KrTQ==\",\n \"SigningCertURL\" : \"https://sns.eu-west-2.amazonaws.com/SimpleNotificationService-010a507c1833636cd94bdb98bd93083a.pem\",\n \"UnsubscribeURL\" : \"https://sns.eu-west-2.amazonaws.com/?Action=Unsubscribe&SubscriptionArn=arn:aws:sns:eu-west-2:210125595713:turbot-firehose-user-sns-topic:a036479e-e982-4824-ad26-96f36636a384\"\n}", - "attributes": { - "ApproximateReceiveCount": "1", - "SentTimestamp": "1613003789825", - "SenderId": "AIDAIVEA3AGEU7NF6DRAG", - "ApproximateFirstReceiveTimestamp": "1613003789826" - }, - "messageAttributes": {}, - "md5OfMessageAttributes": None, - "md5OfBody": "221ce000191dd0d02c15917f65cedccc", - "eventSource": "aws:sqs", - "eventSourceARN": "arn:aws:sqs:eu-west-2:210125595713:turbot-firehose-notification-queue", - "awsRegion": "eu-west-2" - }, - { - "messageId": "1f6fd4df-5b11-4d11-acf6-957b6e99fa6e", - "receiptHandle": "AQEBfcsRZ9mv0NoPLwd2Jdhtok3Kf1Dae0jzYo9k1lu0wRlZUZJ7siZt6ffv3/+xA5gH70/8GvOzYLHwNtbmPdt5mcT/mXIXvb2rAH1AYZAIfkI0iVEfGHEOxhaxHhbKNQk2KBHY1cJNojTzhMJi5DDiY0twE3/1cN+tOJZr0OKl2Ai8Hw51UzmV4cWrGqI1Hijsuz05rTfOGWUY4IN8Olw9WI44Nu/qeNrNJHwJlbGV6AKv55/JzDDUxkiCuXEZSPVnSVvWFJZnDpkwudvMC6gJ80G6DCJfOIU4QiqwootN1C0tvvqslO0yhr9BdXzxzZlyMpSbq33ObJLqFR2pKbDw/ftZAkPsRQlXtXXI+EapImMA494WIkYM4467dPIZInfXmaZnloTQNBhZuejqGazRB8fskGU5ynRsi5o8Zvsla08=", - "body": "{\n \"Type\" : \"Notification\",\n \"MessageId\" : \"cb145d6d-93e3-55d0-943a-05f3edaeaa77\",\n \"TopicArn\" : \"arn:aws:sns:eu-west-2:210125595713:turbot-firehose-user-sns-topic\",\n \"Subject\" : \"[punisher-turbot] Control Approved updated by Turbot Identity\",\n \"Message\" : \"{\\\"notificationType\\\":\\\"control_updated\\\",\\\"actor\\\":{\\\"identity\\\":{\\\"picture\\\":\\\"https://www.gravatar.com/avatar/cb9ff8606c24daf9cda1d82615bd7a8e\\\",\\\"turbot\\\":{\\\"title\\\":\\\"Turbot Identity\\\",\\\"id\\\":\\\"173249891011852\\\"}}},\\\"turbot\\\":{\\\"type\\\":null,\\\"controlId\\\":\\\"213971925119603\\\",\\\"controlOldVersionId\\\":\\\"216036333047576\\\",\\\"controlNewVersionId\\\":\\\"216036336629722\\\",\\\"createTimestamp\\\":\\\"2021-02-11T00:36:24.987Z\\\"},\\\"control\\\":{\\\"state\\\":\\\"ok\\\",\\\"reason\\\":\\\"Approved\\\",\\\"details\\\":[{\\\"key\\\":\\\"Usage\\\",\\\"value\\\":\\\"Approved\\\"},{\\\"key\\\":\\\"Regions\\\",\\\"value\\\":\\\"Approved\\\"},{\\\"key\\\":\\\"Budget\\\",\\\"value\\\":\\\"Skipped\\\"},{\\\"key\\\":\\\"RESULT\\\",\\\"value\\\":\\\"Approved\\\"}],\\\"type\\\":{\\\"trunk\\\":{\\\"title\\\":\\\"AWS > S3 > Bucket > Approved\\\"}},\\\"turbot\\\":{\\\"id\\\":\\\"213971925119603\\\"},\\\"resource\\\":{\\\"akas\\\":[\\\"arn:aws:s3:::raj-switch-role-bucket\\\"],\\\"metadata\\\":{\\\"aws\\\":{\\\"accountId\\\":\\\"210125595713\\\",\\\"partition\\\":\\\"aws\\\",\\\"regionName\\\":\\\"us-east-2\\\"},\\\"createTimestamp\\\":\\\"2021-01-18T16:35:52.000Z\\\"},\\\"title\\\":null,\\\"turbot\\\":{\\\"id\\\":\\\"213971924734526\\\"}}},\\\"oldControl\\\":{\\\"state\\\":\\\"alarm\\\",\\\"turbot\\\":{\\\"id\\\":\\\"213971925119603\\\"}}}\",\n \"Timestamp\" : \"2021-02-11T00:36:29.844Z\",\n \"SignatureVersion\" : \"1\",\n \"Signature\" : \"tXPOjoPlElJtiKWX5EIXMwLs7JRXKnj+xj1n4KL19w2tbgqbzmvV+ncRAogYoxdhI72oFvo1vaz2edOBB8O/9l9+8TvlLwx3MXw3fJidwOA6cXJMpux9ah+Fs/D137ebg7W24ibChWb+4CLDDAIyQUn5b1dtwdkN9ayein6uwIF7Bxr+N9M35homuEkDAZyVjvAPGd5TIn/EB+5WdLxa9UxpVHaTvJDXMvfjopdV37YzYgjYqupIhGmjRfE7JjXPqgnrONdoVQdbPxulQTKe1L4B0DsH1xORMSl+ZjLa2WacMLRIMJfFxM5qRcK/QJ6uhLpt+XUuDdqZSqirq4/0WQ==\",\n \"SigningCertURL\" : \"https://sns.eu-west-2.amazonaws.com/SimpleNotificationService-010a507c1833636cd94bdb98bd93083a.pem\",\n \"UnsubscribeURL\" : \"https://sns.eu-west-2.amazonaws.com/?Action=Unsubscribe&SubscriptionArn=arn:aws:sns:eu-west-2:210125595713:turbot-firehose-user-sns-topic:a036479e-e982-4824-ad26-96f36636a384\"\n}", - "attributes": { - "ApproximateReceiveCount": "1", - "SentTimestamp": "1613003789875", - "SenderId": "AIDAIVEA3AGEU7NF6DRAG", - "ApproximateFirstReceiveTimestamp": "1613003789876" - }, - "messageAttributes": {}, - "md5OfMessageAttributes": None, - "md5OfBody": "2e8279f5dd14f0c58de655e94a1ab551", - "eventSource": "aws:sqs", - "eventSourceARN": "arn:aws:sqs:eu-west-2:210125595713:turbot-firehose-notification-queue", - "awsRegion": "eu-west-2" - } - ] - - -} - - -class Context: - def __init__(self) -> None: - self.invoked_function_arn = "arn:aws:lambda:eu-west-2:210125595713:function:LambdaFunctionName" - pass - - -context = Context() - -lambda_function.lambda_handler(event, context) diff --git a/baselines/notifications/security-hub/locals.tf b/baselines/notifications/security-hub/locals.tf deleted file mode 100644 index e4a0f8837..000000000 --- a/baselines/notifications/security-hub/locals.tf +++ /dev/null @@ -1,11 +0,0 @@ -locals { - access_key = aws_iam_access_key.turbot_firehose_user_access_key.id - secret_access_key = aws_iam_access_key.turbot_firehose_user_access_key.secret - account_id = data.aws_caller_identity.current_identity.account_id - function_name = var.enabled_caching ? aws_lambda_function.lambda_function_for_cache[0].function_name : aws_lambda_function.lambda_function_no_cache[0].function_name - function_arn = var.enabled_caching ? aws_lambda_function.lambda_function_for_cache[0].arn : aws_lambda_function.lambda_function_no_cache[0].arn - environment_variables = var.enabled_caching ? { - SECURITY_HUB_PRODUCT_ARN = "arn:aws:securityhub:${var.aws_region}:${local.account_id}:product/${local.account_id}/default" - MEMCACHED_CONFIGURATION_ENDPOINT = aws_elasticache_cluster.latest_notification_cache[0].configuration_endpoint - } : { SECURITY_HUB_PRODUCT_ARN = "arn:aws:securityhub:${var.aws_region}:${local.account_id}:product/${local.account_id}/default" } -} diff --git a/baselines/notifications/security-hub/logic/__init__.py b/baselines/notifications/security-hub/logic/__init__.py deleted file mode 100644 index 74c9db7bf..000000000 --- a/baselines/notifications/security-hub/logic/__init__.py +++ /dev/null @@ -1,3 +0,0 @@ -from .security_hub import SecurityHub -from .raw_record_processor import RawRecordProcessor -from .cache import Cache diff --git a/baselines/notifications/security-hub/logic/account_record_collection.py b/baselines/notifications/security-hub/logic/account_record_collection.py deleted file mode 100644 index 9c4ebf483..000000000 --- a/baselines/notifications/security-hub/logic/account_record_collection.py +++ /dev/null @@ -1,58 +0,0 @@ -class AccountRecordCollection: - def __init__(self) -> None: - self.accounts = {} - self.record_count = 0 - pass - - def __iter__(self): - self.index = 0 - self.account_keys = list(self.accounts.keys()) - self.account_keys_len = len(self.account_keys) - return self - - def __next__(self): - index = self.index - self.index += 1 - - if self.index > self.account_keys_len: - raise StopIteration - - account_id = self.account_keys[index] - return account_id - - def add_record(self, account_id, finding_id, record): - if not account_id: - raise ValueError("Parameter `account_id` for method `AccountRecordCollection.add_record` is missing") - - if not finding_id: - raise ValueError("Parameter `finding_id` for method `AccountRecordCollection.add_record` is missing") - - if not record: - raise ValueError("Parameter `record` for method `AccountRecordCollection.add_record` is missing") - - if account_id in self.accounts: - if finding_id not in self.accounts[account_id]: - self.record_count += 1 - - self.accounts[account_id][finding_id] = record - else: - self.record_count += 1 - self.accounts[account_id] = {finding_id: record} - - def get_account_record(self, account_id, finding_id): - if account_id in self.accounts and finding_id in self.accounts[account_id]: - return self.accounts[account_id][finding_id] - - return None - - def get_record_count(self): - return self.record_count - - def get_accounts_list(self): - return list(self.accounts.keys()) - - def get_records(self, account_id): - if account_id in self.accounts: - return self.accounts[account_id] - - return [] diff --git a/baselines/notifications/security-hub/logic/cache.py b/baselines/notifications/security-hub/logic/cache.py deleted file mode 100644 index d31dd99a5..000000000 --- a/baselines/notifications/security-hub/logic/cache.py +++ /dev/null @@ -1,67 +0,0 @@ -import os -from pymemcache.client.base import Client - - -class Cache: - def __init__(self, client) -> None: - if client: - self.__get_findings_strategy = self.__get_findings_cache_strategy - self.__get_strategy = self.__get_cache_strategy - self.__set_strategy = self.__set_cache_strategy - else: - self.__get_findings_strategy = self.__get_findings_no_cache_strategy - self.__get_strategy = self.__get_no_cache_strategy - self.__set_strategy = self.__set_no_cache_strategy - - self.client = client - - @staticmethod - def create(): - endpoint = os.getenv("MEMCACHED_CONFIGURATION_ENDPOINT") - client = None - if endpoint: - client = Client(endpoint) - - return Cache(client) - - def get(self, key): - return self.__get_strategy(key) - - def set(self, key, value): - return self.__set_strategy(key, value) - - def get_findings(self, ids): - return self.__get_findings_strategy(ids) - - def __get_no_cache_strategy(self, key): - return None - - def __set_no_cache_strategy(self, key, value): - return None - - def __get_cache_strategy(self, key): - value = self.client.get(key) - if value: - return value.decode("UTF-8") - - return None - - def __set_cache_strategy(self, key, value): - return self.client.set(key, value) - - def __get_findings_cache_strategy(self, ids): - cache_found_id_map = {} - cache_missed_id_list = [] - - for id in ids: - last_updated_ts = self.client.get(id) - if last_updated_ts == None: - cache_missed_id_list.append(id) - else: - print(f"[INFO] Cache found id - {id} - {last_updated_ts}") - cache_found_id_map[id] = last_updated_ts.decode("UTF-8") - - return cache_found_id_map, cache_missed_id_list - - def __get_findings_no_cache_strategy(self, ids): - return {}, ids diff --git a/baselines/notifications/security-hub/logic/raw_record_processor.py b/baselines/notifications/security-hub/logic/raw_record_processor.py deleted file mode 100644 index a47de2b09..000000000 --- a/baselines/notifications/security-hub/logic/raw_record_processor.py +++ /dev/null @@ -1,120 +0,0 @@ -import json -import datetime as dt -from .record import Record -from .account_record_collection import AccountRecordCollection - - -class RawRecordProcessor: - def __init__(self, raw_records) -> None: - self.raw_records = raw_records - - def create_account_record_collection(self): - print("[INFO] Started - Create account record collection") - print(f"[INFO] Number of raw records received: {len(self.raw_records)}") - - account_record_collection = AccountRecordCollection() - - for raw_record in self.raw_records: - json_body = json.loads(raw_record['body']) - notification = json.loads(json_body['Message']) - - control = notification["control"] - control_id = control["turbot"]["id"] - - new_record_timestamp = notification["turbot"]["createTimestamp"] - print(f"[INFO] Processing raw record") - - notification_type = notification["notificationType"] - if notification_type != "control_updated": - print( - f"[INFO] Ignore record - Notification type `{notification_type}` is not handled currently") - continue - - resource_metadata = control["resource"]["metadata"] - if "aws" not in resource_metadata: - print(f"[INFO] Ignore record - Cloud provider not AWS") - continue - - account_id = resource_metadata["aws"]["accountId"] - - if "regionName" in resource_metadata["aws"]: - region = resource_metadata["aws"]["regionName"] - else: - region = "global" - - finding_id = self.__create_finding_id(control_id, account_id, region) - - previous_record = account_record_collection.get_account_record(account_id, finding_id) - - if previous_record: - previous_record_timestamp = previous_record.updated_timestamp - - previous_record_dt = dt.datetime.fromisoformat(previous_record_timestamp[:-1]) - new_record_dt = dt.datetime.fromisoformat(new_record_timestamp[:-1]) - - if previous_record_dt <= new_record_dt: - account_record_collection.add_record( - account_id, finding_id, self.__create_record(finding_id, notification)) - print(f"[INFO] Updated existing entry in sorted records - {finding_id} - {new_record_timestamp}") - else: - print( - f"[INFO] Ignore record - {finding_id} - More recent update `{previous_record_timestamp}` exists compared to record `{new_record_timestamp}`") - else: - account_record_collection.add_record( - account_id, finding_id, self.__create_record(finding_id, notification)) - print(f"[INFO] Created new entry in sorted records - {finding_id} - {new_record_timestamp}") - - print(f"[INFO] Process record count: {account_record_collection.get_record_count()}") - print("[INFO] Completed - Create account record collection") - - return account_record_collection - - def __create_record(self, id, notification): - record = {} - - control_type = notification["control"]["type"]["trunk"]["title"] - aws_metadata = notification["control"]["resource"]["metadata"]["aws"] - control_reason = notification["control"]["reason"] - - record["id"] = id - record["control_type"] = control_type - - partition = aws_metadata["partition"] if "partition" in aws_metadata else None - region_name = aws_metadata["regionName"] if "regionName" in aws_metadata else None - description = control_reason if control_reason else "No reason given" - title = "" - - control_state = notification["control"]["state"] - if control_state == "ok": - old_control_state = notification["oldControl"]["state"] - title = f"{old_control_state.capitalize()} - {control_type}" - else: - title = f"{control_state.capitalize()} - {control_type}" - - tags = {} - if "tags" in notification["control"]["resource"]["turbot"]: - tags = notification["control"]["resource"]["turbot"]["tags"] - - # TODO: Remove - tags = { - "including-tags": "hey-its-a-tag", - "itau-hyphens-in-key": "Hyphens make nunjucks complicated" - } - - return Record( - id, - control_type, - aws_metadata["accountId"], - notification["turbot"]["createTimestamp"], - partition, - region_name, - notification["control"]["resource"]["turbot"]["id"], - title, - description, - notification["control"]["resource"]["akas"], - control_state, - tags - ) - - def __create_finding_id(self, control_id, account_id, region): - return f"arn:aws:securityhub:{region}:{account_id}:turbot/{control_id}" diff --git a/baselines/notifications/security-hub/logic/record.py b/baselines/notifications/security-hub/logic/record.py deleted file mode 100644 index 0b6ca1bbe..000000000 --- a/baselines/notifications/security-hub/logic/record.py +++ /dev/null @@ -1,14 +0,0 @@ -class Record: - def __init__(self, id, control_type, account_id, updated_timestamp, partition, region_name, resource_id, title, description, akas, control_state, tags) -> None: - self.id = id - self.control_type = control_type - self.account_id = account_id - self.updated_timestamp = updated_timestamp - self.partition = partition - self.region_name = region_name - self.resource_id = resource_id - self.title = title - self.description = description - self.akas = akas - self.control_state = control_state - self.tags = tags diff --git a/baselines/notifications/security-hub/logic/security_hub.py b/baselines/notifications/security-hub/logic/security_hub.py deleted file mode 100644 index f9fa28407..000000000 --- a/baselines/notifications/security-hub/logic/security_hub.py +++ /dev/null @@ -1,299 +0,0 @@ -import time -import os -import boto3 -import datetime as dt - - -class SecurityHub: - def __init__(self, client, cache, product_arn) -> None: - if not client: - raise ValueError("Parameter `client` for class `SecurityHub` is missing") - if not cache: - raise ValueError("Parameter `cache` for class `SecurityHub` is missing") - if not client: - raise ValueError("Parameter `product_arn` for class `SecurityHub` is missing") - - self.client = client - self.product_arn = product_arn - self.cache = cache - self.insert_findings = [] - self.reopen_findings = {} - self.resolve_findings = {} - - @staticmethod - def create(cache, account_id): - start_time = time.perf_counter() - print(f"[INFO] Started - Security Hub create client") - product_arn = os.getenv("SECURITY_HUB_PRODUCT_ARN") - if product_arn is None: - raise RuntimeError("Environment variable `SECURITY_HUB_PRODUCT_ARN` is missing") - - role = os.getenv("SECURITY_HUB_ROLE") - external_id = os.getenv("SECURITY_HUB_EXTERNAL_ID") - - if role: - role_arn = f"arn:aws:iam::{account_id}:role/{role}" - - sts_connection = boto3.client('sts') - if external_id: - acct_b = sts_connection.assume_role( - RoleArn=role_arn, - ExternalId=external_id, - RoleSessionName="Turbot_Security_Hub_Integration" - ) - else: - acct_b = sts_connection.assume_role( - RoleArn=role_arn, - RoleSessionName="Turbot_Security_Hub_Integration" - ) - - access_key_id = acct_b['Credentials']['AccessKeyId'] - secret_access_key = acct_b['Credentials']['SecretAccessKey'] - session_token = acct_b['Credentials']['SessionToken'] - else: - access_key_id = os.getenv("AWS_ACCESS_KEY_ID") - secret_access_key = os.getenv("AWS_SECRET_ACCESS_KEY") - session_token = os.getenv("AWS_SESSION_TOKEN") - - aws_client = boto3.client( - 'securityhub', - aws_access_key_id=access_key_id, - aws_secret_access_key=secret_access_key, - aws_session_token=session_token, - ) - - end_time = time.perf_counter() - print(f"[INFO] Completed - Security Hub create client - {end_time - start_time:0.4f} seconds") - return SecurityHub(aws_client, cache, product_arn) - - def get_findings(self, ids): - start_time = time.perf_counter() - print(f"[INFO] Started - Get findings") - batch_size = 20 - cache_found_id_map = {} - - for index in range(0, len(ids), batch_size): - filter = {"Id": []} - for id in ids[index:index+batch_size]: - entry = { - "Value": f"{id}", - "Comparison": "EQUALS" - } - - filter["Id"].append(entry) - - response = self.client.get_findings(Filters=filter) - findings = response["Findings"] - print(f"[INFO] Get Findings API result: {findings}") - - map_findings = {findings[i]["Id"]: findings[i]["UpdatedAt"] for i in range(0, len(findings))} - cache_found_id_map = {**cache_found_id_map, **map_findings} - - end_time = time.perf_counter() - print(f"[INFO] Completed - Get findings - {end_time - start_time:0.4f} seconds") - - return cache_found_id_map - - def process_findings(self): - # We need to update when we want to resolve a resolved finding - partial_failure = False - if len(self.insert_findings): - partial_failure = partial_failure | self.__batch_import_findings() - - print(f"[INFO] Importing {len(self.insert_findings)} findings") - - if len(self.reopen_findings): - partial_failure = partial_failure | self.__batch_reopen_findings() - - print(f"[INFO] Reopened {len(self.reopen_findings)} findings") - - if len(self.resolve_findings): - partial_failure = partial_failure | self.__batch_resolve_findings() - - print(f"[INFO] Resolved {len(self.resolve_findings)} findings") - - return partial_failure - - def reopen_finding(self, record): - if not record: - raise ValueError("Parameter `record` for class `SecurityHub` is missing") - - self.reopen_findings[record.id] = record.updated_timestamp - print(f"[INFO] Adding record to reopen findings queue - {record.id} - {record.updated_timestamp}") - - self.insert_finding(record) - - def resolve_finding(self, record): - if not record: - raise ValueError("Parameter `record` for class `SecurityHub` is missing") - - self.reopen_findings[record.id] = record.updated_timestamp - print(f"[INFO] Adding record to resolved findings queue - {record.id} - {record.updated_timestamp}") - - self.insert_finding(record) - - def insert_finding(self, record): - if not record: - raise ValueError("Parameter `record` for class `SecurityHub` is missing") - - finding = self.__create_insert_finding(record) - - self.insert_findings.append(finding) - print(f"[INFO] Adding record to insert findings queue - {record.id} - {record.updated_timestamp}") - - def __create_update_finding(self, id): - finding = { - "Id": id, - "ProductArn": self.product_arn - } - - return finding - - def __create_insert_finding(self, record): - print("[INFO] Starting - Create finding") - # Common format - finding = { - "SchemaVersion": "2018-10-08", - "Severity": { - "Label": "HIGH", - "Product": 80 - }, - "Compliance": { - "Status": "WARNING" - }, - "Types": ["Software and Configuration Checks/Governance/Out of Compliance"] - } - - # Get update time - update_time = dt.datetime.utcnow() - update_time = update_time.isoformat() - - finding["Id"] = record.id - finding["ProductArn"] = self.product_arn - finding["AwsAccountId"] = record.account_id - finding["CreatedAt"] = record.updated_timestamp - finding["UpdatedAt"] = record.updated_timestamp - finding["Description"] = record.description - finding["Title"] = record.title - - resources = [] - - for aka in record.akas: - - resource_aka = { - "Type": "Resource AKA", - "Id": aka, - "Tags": record.tags - } - - if record.partition: - resource_aka["Partition"] = record.partition - - if record.region_name: - resource_aka["Region"] = record.region_name - - resources.append(resource_aka) - - resource_id = { - "Type": "Resource ID", - "Id": record.resource_id - } - resources.append(resource_id) - - finding["Resources"] = resources - - generator_id = record.control_type.replace(" > ", "-").lower() - finding["GeneratorId"] = f"arn:aws:securityhub:::ruleset/turbot/{generator_id}" - - print(f"[INFO] Completed - Create finding - {finding}") - - return finding - - def __batch_import_findings(self): - start_time = time.perf_counter() - print(f"[INFO] Started - Batch import findings") - response = self.client.batch_import_findings(Findings=self.insert_findings) - - # update cache - for finding in self.insert_findings: - self.cache.set(finding["Id"], finding["UpdatedAt"]) - print(f"[INFO] Cache update - {finding['Id']} - {finding['UpdatedAt']}") - pass - - failed_count = response["FailedCount"] - handled_count = 0 - - # Is this an account that is not managed by Sec Hub? - for failed_finding in response["FailedFindings"]: - if failed_finding["ErrorCode"] == "InvalidAccess": - print(f"[WARN] Finding will not be processed - {failed_finding['ErrorMessage']}") - handled_count += 1 - else: - print(f"[WARN] Finding failed - will retry - {failed_finding}") - - end_time = time.perf_counter() - if failed_count - handled_count > 0: - print(f"[WARN] Completed with errors - Batch import findings - {end_time - start_time:0.4f} seconds") - return True - - print(f"[INFO] Completed - Batch import findings - {end_time - start_time:0.4f} seconds") - return False - - def __batch_update_findings(self, findings, status): - start_time = time.perf_counter() - status_lower = status.lower() - print(f"[INFO] Started - Batch update findings with status {status_lower}") - - workflow = {"Status": status.upper()} - batch = [] - - for id in self.reopen_findings: - cached_date = self.cache.get(id) - if cached_date == None: - batch.append(self.__create_update_finding(id)) - print(f"[INFO] Update finding with status {status_lower} - {id} - {findings[id]}") - else: - print(f"[INFO] Found cached entry - {id} - {cached_date}") - - findings_timestamp = dt.datetime.fromisoformat(findings[id][:-1]) - cache_findings_timestamp = dt.datetime.fromisoformat(cached_date[:-1]) - - if cache_findings_timestamp <= findings_timestamp: - batch.append(self.__create_update_finding(id)) - print(f"[INFO] Update finding with status {status_lower} - {id} - {findings[id]}") - else: - print( - f"[INFO] Ignore finding with status {status_lower} - {id} - Cache date {cached_date} is more recent than finding {findings[id]}") - - failed_count = 0 - handled_count = 0 - - if len(batch): - response = self.client.batch_update_findings(FindingIdentifiers=batch, Workflow=workflow) - - failed_count = len(response["UnprocessedFindings"]) - - # Is this an account that is not managed by Sec Hub? - for unprocessed_finding in response["UnprocessedFindings"]: - if unprocessed_finding["ErrorCode"] == "FindingNotFound": - print( - f"[WARN] Batch update failed - Finding not found - {unprocessed_finding} - {unprocessed_finding['ErrorMessage']}") - handled_count += 1 - else: - print(f"[WARN] Batch update failed - Will retry - {unprocessed_finding}") - - end_time = time.perf_counter() - if failed_count - handled_count > 0: - print( - f"[WARN] Completed with errors - Batch update findings with status {status_lower} - {end_time - start_time:0.4f} seconds") - return True - - print( - f"[INFO] Completed - Batch update findings with status {status_lower} - {end_time - start_time:0.4f} seconds") - return False - - def __batch_reopen_findings(self): - return self.__batch_update_findings(self.reopen_findings, "new") - - def __batch_resolve_findings(self): - return self.__batch_update_findings(self.reopen_findings, "resolved") diff --git a/baselines/notifications/security-hub/package-lambda.sh b/baselines/notifications/security-hub/package-lambda.sh deleted file mode 100755 index 6229dd570..000000000 --- a/baselines/notifications/security-hub/package-lambda.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/usr/bin/env bash - -python3 -m venv .packaging -source .packaging/bin/activate -pip3 install pymemcache -deactivate - -rm deployment-package.zip -cd .packaging/lib/python3.8/site-packages -zip -r ../../../../deployment-package.zip . -cd - -zip -g deployment-package.zip lambda_function.py logic/* -rm -rf .packaging \ No newline at end of file diff --git a/baselines/notifications/security-hub/providers.tf b/baselines/notifications/security-hub/providers.tf deleted file mode 100644 index 44ee59dd0..000000000 --- a/baselines/notifications/security-hub/providers.tf +++ /dev/null @@ -1,21 +0,0 @@ -terraform { - required_providers { - turbot = { - source = "turbot/turbot" - } - aws = { - source = "hashicorp/aws" - version = "~> 3.0" - } - } - required_version = ">= 0.13" -} - -provider "turbot" { - profile = var.turbot_profile -} - -provider "aws" { - profile = var.aws_profile - region = var.aws_region -} diff --git a/baselines/notifications/security-hub/requirements.txt b/baselines/notifications/security-hub/requirements.txt deleted file mode 100644 index 5e428d9f5..000000000 --- a/baselines/notifications/security-hub/requirements.txt +++ /dev/null @@ -1,2 +0,0 @@ -boto3==1.17.3 -pymemcache==3.4.0 \ No newline at end of file diff --git a/baselines/notifications/security-hub/turbot_policies.tf b/baselines/notifications/security-hub/turbot_policies.tf deleted file mode 100644 index b2516b224..000000000 --- a/baselines/notifications/security-hub/turbot_policies.tf +++ /dev/null @@ -1,91 +0,0 @@ -# Turbot > Firehose > AWS SNS > Notification Template > Control Updated -# https://turbot.com/v5/mods/turbot/firehose-aws-sns/inspect#/policy/types/notificationTemplateControlUpdated -resource "turbot_policy_setting" "firehose_aws_sns_notification_template_control_updated" { - resource = "tmod:@turbot/turbot#/" - type = "tmod:@turbot/firehose-aws-sns#/policy/types/notificationTemplateControlUpdated" - value = <<-EOT - {% input %} - query notificationGet($id: ID!) { - notification(id: $id) { - notificationType - actor { - identity { - picture - turbot { - title - id - } - } - } - turbot { - type - controlId - controlOldVersionId - controlNewVersionId - createTimestamp - } - control { - state - reason - details - type { - trunk { - title - } - } - turbot { - id - } - resource { - akas - metadata - title - turbot { - id - } - } - } - oldControl { - state - turbot { - id - } - } - } - } - {% endinput %} - - notification: {{ $.notification | dump | safe }} - EOT -} - -# Turbot > Firehose > AWS SNS > Notification Access Key -# https://turbot.com/v5/mods/turbot/firehose-aws-sns/inspect#/policy/types/notificationAccessKey -resource "turbot_policy_setting" "firehose_aws_sns_notification_access_key" { - resource = "tmod:@turbot/turbot#/" - type = "tmod:@turbot/firehose-aws-sns#/policy/types/notificationAccessKey" - value = local.access_key -} - -# Turbot > Firehose > AWS SNS > Notification Secret Key -# https://turbot.com/v5/mods/turbot/firehose-aws-sns/inspect#/policy/types/notificationSecretKey -resource "turbot_policy_setting" "firehose_aws_sns_notification_secret_key" { - resource = "tmod:@turbot/turbot#/" - type = "tmod:@turbot/firehose-aws-sns#/policy/types/notificationSecretKey" - value = local.secret_access_key -} - -# Turbot > Firehose > AWS SNS > Notification Topic -# https://turbot.com/v5/mods/turbot/firehose-aws-sns/inspect#/policy/types/notificationTopic -resource "turbot_policy_setting" "firehose_aws_sns_notification_topic" { - resource = "tmod:@turbot/turbot#/" - type = "tmod:@turbot/firehose-aws-sns#/policy/types/notificationTopic" - value = aws_sns_topic.turbot_firehose_user_sns_topic.arn -} - -resource "null_resource" "turbot_mutation_example" { - # Get notified on all the actions taken by Turbot for the resources at Turbot Root level and its descendant, which have turbot.tag as `Environment:Development`. - provisioner "local-exec" { - command = "turbot graphql --query create-watch-mutation.graphql --variables create-watch-mutation-input.json --profile ${var.turbot_profile}" - } -} diff --git a/baselines/notifications/security-hub/variables.tf b/baselines/notifications/security-hub/variables.tf deleted file mode 100644 index 3f769e6e2..000000000 --- a/baselines/notifications/security-hub/variables.tf +++ /dev/null @@ -1,45 +0,0 @@ -variable "aws_profile" { - description = "AWS profile used to install the SecurityHub baseline on the account managed by the profile" - type = string -} - -variable "aws_region" { - description = "Configures which AWS region SecurityHub baseline resources are created" - type = string -} - -variable "enabled_caching" { - type = bool - description = <<-DESC - If the variable is set to false then the script installs the notification queue only and Lambda handler only. - If the variable is set to trye then the script installs the notification queue, Lambda handler only and memcache to - cache the last results to manage network race conditions. - DESC - default = true -} - -variable "batch_size" { - description = "Maximum notification batch size to process to SecurityHub findings" - default = "100" -} - -variable "batch_window" { - description = "Maximum notification batch waiting winding to collect notification in order to process to SecurityHub findings" - default = "30" -} - -variable "turbot_profile" { - description = "Turbot profile used to install policies for a workspace managed by the profile" - type = string - default = "default" -} - -variable "rebuild" { - description = <<-DESC - This setting will rebuild the deployment package to be uploaded to lambda and requires bash. - - Useful in development phase. - DESC - type = bool - default = false -} diff --git a/baselines/todo_policy_packs/aws/aws_account_import/README.md b/baselines/todo_policy_packs/aws/aws_account_import/README.md deleted file mode 100644 index e5743e3c4..000000000 --- a/baselines/todo_policy_packs/aws/aws_account_import/README.md +++ /dev/null @@ -1,28 +0,0 @@ -# AWS Account Import Baseline - -The AWS account import baseline terraform configuration lets you import an AWS Account into turbot with the necessary roles and permissions. - - - It is recommended that you import accounts into Turbot Folders, as it provides greater flexibility and ease of management. - - Give the role a purposeful name such as `turbot-readonly` (read only) or `turbot-superuser` (for full access). - - By default, Turbot is installed with administrator access to enable full functionality. However, You may change this if required. - - -## Prerequisites - -To run the account import baseline, you must have: - - - [Terraform](https://www.terraform.io) Version 12 - - [Turbot Terraform Provider](https://github.com/turbotio/terraform-provider-turbot) - - Terraform [AWS Provider](https://www.terraform.io/docs/providers/aws/index.html) - - [Credentials](https://turbot.com/v5/docs/reference/cli/installation#setup-your-turbot-credentials) Configured to connect to your Turbot workspace and AWS account - - CloudTrail set up in every region of your account. - - -## Running the Baseline - -To run the aws account import baseline: - - - Go to the aws account import baseline directory in the repository with `cd aws_account_import` - - Update `default.tfvars` with appropriate values - - Run `terraform plan -var-file=default.tfvars` and review the plan for import - - Run `terraform apply -var-file=default.tfvars` to import the account diff --git a/baselines/todo_policy_packs/aws/aws_account_import/default.tfvars b/baselines/todo_policy_packs/aws/aws_account_import/default.tfvars deleted file mode 100644 index 8935f479a..000000000 --- a/baselines/todo_policy_packs/aws/aws_account_import/default.tfvars +++ /dev/null @@ -1,14 +0,0 @@ -# Variable definitions are defined in variables.tf -aws_account_id = "<12 digit aws account id to be imported>" - -parent_resource = "<15 digit tubot folder id under which the aws account to be imported>" - -turbot_account_id = "<12 digit master account id>" - -turbot_external_id = "<8 digit sts:ExternalId>" - -aws_region = "" - -aws_profile = "" - -role_name = "turbot_service_role" diff --git a/baselines/todo_policy_packs/aws/aws_account_import/main.tf b/baselines/todo_policy_packs/aws/aws_account_import/main.tf deleted file mode 100644 index e5bf5f380..000000000 --- a/baselines/todo_policy_packs/aws/aws_account_import/main.tf +++ /dev/null @@ -1,94 +0,0 @@ -#### Configures the provider to use a specific profile, otherwise the provider will use the default profile -provider "aws" { - profile = var.aws_profile - region = var.aws_region -} - -#### Create the AWS IAM role for Turbot -resource "aws_iam_role" "turbot_service_role" { - name = var.role_name - assume_role_policy = jsonencode({ - "Version" : "2012-10-17", - "Statement" : [ - { - "Action" : "sts:AssumeRole", - "Principal" : { - "AWS" : "arn:aws:iam::${var.turbot_account_id}:root" - }, - "Effect" : "Allow", - "Sid" : "", - "Condition" : { - "StringEquals" : { - "sts:ExternalId" : "${var.turbot_external_id}" - } - } - } - ] - }) -} - -#### Attach the AdministratorAccess policy to the Turbot Role -resource "aws_iam_role_policy_attachment" "role_admin_policy" { - role = aws_iam_role.turbot_service_role.name - policy_arn = "arn:aws:iam::aws:policy/AdministratorAccess" - count = var.read_only_access ? 0 : 1 -} - -#### Attach the ReadOnlyAccess policy to the Turbot Role -resource "aws_iam_role_policy_attachment" "role_readonly_policy" { - role = aws_iam_role.turbot_service_role.name - policy_arn = "arn:aws:iam::aws:policy/ReadOnlyAccess" - count = var.read_only_access ? 1 : 0 -} - -#### Attach the CloudWatchFullAccess policy to the Turbot Role -resource "aws_iam_role_policy_attachment" "role_cloudwatch_admin_policy" { - role = aws_iam_role.turbot_service_role.name - policy_arn = "arn:aws:iam::aws:policy/CloudWatchFullAccess" - count = var.read_only_access ? 1 : 0 -} - -#### Attach the CloudWatchEventsFullAccess policy to the Turbot Role -resource "aws_iam_role_policy_attachment" "role_events_admin_policy" { - role = aws_iam_role.turbot_service_role.name - policy_arn = "arn:aws:iam::aws:policy/CloudWatchEventsFullAccess" - count = var.read_only_access ? 1 : 0 -} - -#### Attach the AmazonSNSFullAccess policy to the Turbot Role -resource "aws_iam_role_policy_attachment" "role_sns_admin_policy" { - role = aws_iam_role.turbot_service_role.name - policy_arn = "arn:aws:iam::aws:policy/AmazonSNSFullAccess" - count = var.read_only_access ? 1 : 0 -} - -#### Create the AWS > Account resource in Turbot -resource "turbot_resource" "account_resource" { - parent = var.parent_resource - type = "tmod:@turbot/aws#/resource/types/account" - metadata = jsonencode({ - "aws" : { - "accountId" : "${var.aws_account_id}", - "partition" : "aws" - } - }) - data = jsonencode({ - "Id" : "${var.aws_account_id}" - }) -} - -#### Set the credentials (Role, exteranl id) for the account via Turbot policies - -# AWS > Account > Turbot IAM Role > External ID -resource "turbot_policy_setting" "turbotIamRoleExternalId" { - resource = turbot_resource.account_resource.id - type = "tmod:@turbot/aws#/policy/types/turbotIamRoleExternalId" - value = var.turbot_external_id -} - -# AWS > Account > Turbot IAM Role -resource "turbot_policy_setting" "turbotIamRole" { - resource = turbot_resource.account_resource.id - type = "tmod:@turbot/aws#/policy/types/turbotIamRole" - value = aws_iam_role.turbot_service_role.arn -} diff --git a/baselines/todo_policy_packs/aws/aws_account_import/turbot_service_readonly.cf.yaml b/baselines/todo_policy_packs/aws/aws_account_import/turbot_service_readonly.cf.yaml deleted file mode 100644 index 0ffd8dd76..000000000 --- a/baselines/todo_policy_packs/aws/aws_account_import/turbot_service_readonly.cf.yaml +++ /dev/null @@ -1,53 +0,0 @@ ---- -AWSTemplateFormatVersion: "2010-09-09" - -Parameters: - RoleName: - Type: String - Default: turbot_service_readonly - Description: The role that Turbot uses to connect to this account - - TurbotAccountId: - Type: String - Default: 287590803701 - Description: | - The AWS Account ID where Turbot is installed. - This will be added to the trust policy of the role to allow access for Turbot - TurbotExternalId: - Type: String - NoEcho: True - MinLength: 1 - Description: | - The AWS External ID to add to the trust policy of the Turbot role - -Resources: - - TurbotReadOnlyRole: - Type: AWS::IAM::Role - Properties: - AssumeRolePolicyDocument: - Version: "2012-10-17" - Statement: - - - Effect: Allow - Principal: - AWS: !Sub arn:aws:iam::${TurbotAccountId}:root - Action: - - sts:AssumeRole - Condition: - StringEquals: - sts:ExternalId: !Ref TurbotExternalId - Path: /turbot/core/ - ManagedPolicyArns: - - "arn:aws:iam::aws:policy/ReadOnlyAccess" - - "arn:aws:iam::aws:policy/CloudWatchFullAccess" - - "arn:aws:iam::aws:policy/AmazonSNSFullAccess" - - "arn:aws:iam::aws:policy/CloudWatchEventsFullAccess" - - RoleName: !Ref RoleName - -Outputs: - - RoleARN: - Description: Turbot Role ARN for Import - Value: !GetAtt TurbotReadOnlyRole.Arn diff --git a/baselines/todo_policy_packs/aws/aws_account_import/turbot_service_superuser.cf.yaml b/baselines/todo_policy_packs/aws/aws_account_import/turbot_service_superuser.cf.yaml deleted file mode 100644 index e7eaee38b..000000000 --- a/baselines/todo_policy_packs/aws/aws_account_import/turbot_service_superuser.cf.yaml +++ /dev/null @@ -1,49 +0,0 @@ ---- -AWSTemplateFormatVersion: "2010-09-09" - -Parameters: - RoleName: - Type: String - Default: turbot_service_superuser - Description: The role that Turbot uses to connect to this account - - TurbotAccountId: - Type: String - Default: 287590803701 - Description: | - The AWS Account ID where Turbot is installed. - This will be added to the trust policy of the role to allow access for Turbot - TurbotExternalId: - Type: String - NoEcho: True - MinLength: 1 - Description: | - The AWS External ID to add to the trust policy of the Turbot role - -Resources: - - TurbotSuperuserRole: - Type: AWS::IAM::Role - Properties: - AssumeRolePolicyDocument: - Version: "2012-10-17" - Statement: - - - Effect: Allow - Principal: - AWS: !Sub arn:aws:iam::${TurbotAccountId}:root - Action: - - sts:AssumeRole - Condition: - StringEquals: - sts:ExternalId: !Ref TurbotExternalId - Path: /turbot/core/ - ManagedPolicyArns: - - "arn:aws:iam::aws:policy/AdministratorAccess" - RoleName: !Ref RoleName - -Outputs: - - RoleARN: - Description: Turbot Role ARN for Import - Value: !GetAtt TurbotSuperuserRole.Arn diff --git a/baselines/todo_policy_packs/aws/aws_account_import/variables.tf b/baselines/todo_policy_packs/aws/aws_account_import/variables.tf deleted file mode 100644 index 42afd5024..000000000 --- a/baselines/todo_policy_packs/aws/aws_account_import/variables.tf +++ /dev/null @@ -1,40 +0,0 @@ -variable "aws_account_id" { - description = "Enter the Account ID that you wish to import. Note that you must set your AWS credentials for this account either in your environment variables or default profile." - type = string -} - -variable "parent_resource" { - description = "Enter the Turbot Resource ID for the folder into which to import the AWS account, or `tmod:@turbot/turbot#/` to import at the Turbot root." - type = string - default = "tmod:@turbot/turbot#/" -} - -variable "role_name" { - description = "Enter the name of the AWS role that will be created. Turbot will use this role to connect to your AWS account." - type = string -} - -variable "turbot_account_id" { - description = "Enter the AWS account id from which Turbot will connect - This will be added to the trust policy for the Turbot role. Leave the default of'525041748188' for turbot-dev.com, or enter the account ID where you have installed Turbot if you are running Turbot Enterprise." - type = string -} - -variable "turbot_external_id" { - description = "Enter the External ID to be used in the AWS Trust Policy for the Turbot role." - type = string -} - -variable "aws_region" { - description = "The region where AWS operations will take place." - type = string -} - -variable "aws_profile" { - description = "The AWS profile which will when running the script. Leaving this value blank will use the default profile." - type = string -} - -# By default, Turbot is installed with administrator access to enable full functionlity. If you wish to install Turbot in readonly mode (plus limited admin access to set up event routing) change this value to `true` -variable "read_only_access" { - default = false -} diff --git a/baselines/todo_policy_packs/aws/aws_baseline/README.md b/baselines/todo_policy_packs/aws/aws_baseline/README.md deleted file mode 100644 index f502d80d5..000000000 --- a/baselines/todo_policy_packs/aws/aws_baseline/README.md +++ /dev/null @@ -1,134 +0,0 @@ -# Baseline - AWS Baseline Policies - -AWS Baseline Policies focuses on base minimum set of example policies & services to start with. - -## Overview - -Baseline policies are initial set of policies recommended to start with while using Turbot. These policies mostly focuses on enabling services, frequently used policies to run in check mode & enabling security features such as various encryption standards. Baseline TF scripts allows you to toggle the value to apply or ignore. See the below sections for more information. - -Some of these policies overlap with other set of baselines. Hence Turbot provided set of baseline TF files are executed in separate [Smart Folder](https://turbot.com/v5/docs/getting-started/smart_folder). The advantage of setting up of each baseline in their own Smart Folder prevents conflicting with the policy settings created by other baseline scripts. - -This baseline will not attach to a resource by default. This needs to be done manually using the Turbot UI. - -## Requirements - -- Terraform v0.13 or greater installed -- Valid Turbot configuration credentials - -For further information on configuring Turbot credentials can be found [here](https://turbot.com/v5/docs/reference/cli/installation#setup-your-turbot-credentials). - -## Applying baseline - -The baseline is defined by a set of files which together define the configuration of the baseline. - -### Initialize baseline - -If not previously run, Initialize Terraform to get all necessary providers for the baseline. - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform init - ``` -### Profile name as input - -The baseline example set requires you to provide `turbot_profile` name as input. This is to help in case you are having more profiles than only `default`. In case it's default, specify name as default. - -```shell -var.turbot_profile - Enter profile matching your turbot cli credentials. - Enter a value: -``` - -### Deploying demo example - -1. Navigate to the folder of the baseline -2. Initialize Terraform -3. Apply the baseline using the demo input variable file [demo.tfvars](demo.tfvars) - -On the terminal this will look like: - -```shell -cd -terraform init -terraform apply --var-file demo.tfvars -``` -**Note** -- Most of the variables in demo.tfvars are marked as `false`, as they are not part of required initial policies. This can be made `true` based on need. - -- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default variable file. - -### Input variable files - -Input variable files allow for the user to configure configuration definitions for multiple environments in different files. - -This baseline comes with an example input variable file called [demo.tfvars](demo.tfvars). - -It will be used to define which parts of the baseline to apply and which to ignore. - -The variables that can be overwritten by the input variable files i.e. [demo.tfvars](demo.tfvars) are defined in the [variables.tf](variables.tf) file. - -Further details found in official [Terraform documentation](https://www.terraform.io/docs/language/values/variables.html). - -### Apply baseline using input variable files - -If seeking to apply the baseline using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform apply --var-file=demo.tfvars - ``` -### Apply baseline without input variable file - -The baseline can be applied without an input variable file. - -1. By this time Terraform initialization is done as mentioned above. -3. Prefer to check the outcome by running the Terraform plan -3. Apply the Terraform -4. Run the command: - -```shell -cd -terraform plan -terraform apply -``` - -`This may prompt the user applying the baseline to enter values for variables that do not have default values.` - -### Destroy baseline without input variable file - -If seeking to apply the baseline without using an input variable file. - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform destroy - ``` - -### Destroy using input variable files - -If seeking to destoy the baseline configuration using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform destroy --var-file=demo.tfvars - ``` - -## Commenting strategy - -All Turbot policies used by the baselines will have a link to the official Turbot Mods documentation. - -Opening the links will give you further details about: - -- The purpose of the policy -- Policy URI name -- Parent information -- Category information -- Target information -- All valid values diff --git a/baselines/todo_policy_packs/aws/aws_baseline/aws_service_enable.tf b/baselines/todo_policy_packs/aws/aws_baseline/aws_service_enable.tf deleted file mode 100644 index 8c5d47e2b..000000000 --- a/baselines/todo_policy_packs/aws/aws_baseline/aws_service_enable.tf +++ /dev/null @@ -1,10 +0,0 @@ -# Enable all AWS Services within the Variables file -# More Info: https://turbot.com/v5/docs/integrations/aws/services - -#Loop through var.service_status and set enable policies -resource "turbot_policy_setting" "aws_enable" { - for_each = var.enabled_policy_map - resource = turbot_smart_folder.aws_baseline.id - type = "tmod:@turbot/${each.key}#/policy/types/${each.value}" - value = "Enabled" -} diff --git a/baselines/todo_policy_packs/aws/aws_baseline/demo.tfvars b/baselines/todo_policy_packs/aws/aws_baseline/demo.tfvars deleted file mode 100644 index a04e567ae..000000000 --- a/baselines/todo_policy_packs/aws/aws_baseline/demo.tfvars +++ /dev/null @@ -1,141 +0,0 @@ -# List of services to set as Enabled -# Note: there is no aws-neptune enabled policy -# Note: smaller subset to start with, enable more overtime -# See file, aws_service_enable.tf -enabled_policy_map = { - # aws-acm = "acmEnabled" - # aws-amplify = "amplifyEnabled" - # aws-apigateway = "apiGatewayEnabled" - # aws-appflow = "appFlowEnabled" - # aws-appmesh = "appMeshEnabled" - # aws-appstream = "appStreamEnabled" - # aws-appsync = "appSyncEnabled" - # aws-artifact = "artifactEnabled" - # aws-athena = "athenaEnabled" - # aws-backup = "backupEnabled" - # aws-batch = "batchEnabled" - # aws-chime = "chimeEnabled" - # aws-cloud9 = "cloud9Enabled" - # aws-cloudformation = "cloudFormationEnabled" - # aws-cloudfront = "cloudFrontEnabled" - # aws-cloudhsm = "cloudHsmEnabled" - # aws-cloudsearch = "cloudSearchEnabled" - aws-cloudtrail = "cloudTrailEnabled" - aws-cloudwatch = "cloudWatchEnabled" - # aws-codebuild = "codeBuildEnabled" - # aws-codecommit = "codeCommitEnabled" - # aws-codedeploy = "codeDeployEnabled" - # aws-codepipeline = "codePipelineEnabled" - # aws-codestar = "codeStarEnabled" - # aws-comprehend = "comprehendEnabled" - aws-config = "configEnabled" - # aws-datapipeline = "dataPipelineEnabled" - # aws-dax = "daxEnabled" - # aws-directoryservice = "directoryServiceEnabled" - # aws-dms = "dmsEnabled" - # aws-docdb = "docDbEnabled" - # aws-dynamodb = "dynamodbEnabled" - aws-ec2 = "ec2Enabled" - # aws-ecr = "ecrEnabled" - # aws-ecs = "ecsEnabled" - # aws-efs = "efsEnabled" - # aws-eks = "eksEnabled" - # aws-elasticache = "elastiCacheEnabled" - # aws-elasticbeanstalk = "elasticBeanstalkEnabled" - # aws-elasticsearch = "esEnabled" - # aws-elastictranscoder = "elasticTranscoderEnabled" - # aws-emr = "emrEnabled" - aws-events = "eventsEnabled" - # aws-fsx = "fsxEnabled" - # aws-gamelift = "gameLiftEnabled" - # aws-glacier = "glacierEnabled" - # aws-glue = "glueEnabled" - # aws-greengrass = "greengrassEnabled" - # aws-guardduty = "guardDutyEnabled" - # aws-health = "healthEnabled" - aws-iam = "iamEnabled" - # aws-inspector = "inspectorEnabled" - # aws-iot = "iotEnabled" - # aws-iot1click = "iot1ClickEnabled" - # aws-iotanalytics = "iotAnalyticsEnabled" - # aws-iotevents = "iotEventsEnabled" - # aws-iotsitewise = "iotSiteWiseEnabled" - # aws-iotthingsgraph = "iotThingsGraphEnabled" - # aws-kinesis = "kinesisEnabled" - aws-kms = "kmsEnabled" - aws-lambda = "lambdaEnabled" - # aws-lex = "lexEnabled" - # aws-lightsail = "lightsailEnabled" - aws-logs = "logsEnabled" - # aws-machinelearning = "machineLearningEnabled" - # aws-macie = "macieEnabled" - # aws-mediaconnect = "mediaConnectEnabled" - # aws-mediaconvert = "mediaConvertEnabled" - # aws-medialive = "mediaLiveEnabled" - # aws-mediapackage = "mediaPackageEnabled" - # aws-mediastore = "mediaStoreEnabled" - # aws-mediatailor = "mediaTailorEnabled" - # aws-mq = "mqEnabled" - # aws-msk = "mskEnabled" - # aws-outposts = "outpostsEnabled" - # aws-qldb = "qldbEnabled" - # aws-ram = "ramEnabled" - # aws-rds = "rdsEnabled" - # aws-redshift = "redshiftEnabled" - # aws-resourcegroups = "resourceGroupsEnabled" - # aws-robomaker = "roboMakerEnabled" - # aws-route53 = "route53Enabled" - # aws-route53domains = "route53DomainsEnabled" - # aws-route53resolver = "route53ResolverEnabled" - aws-s3 = "s3Enabled" - # aws-sagemaker = "sageMakerEnabled" - # aws-secretsmanager = "secretsManagerEnabled" - # aws-securityhub = "securityHubEnabled" - # aws-serverlessapplicationrepository = "serverlessApplicationRepositoryEnabled" - # aws-servermigration = "serverMigrationServiceEnabled" - # aws-servicecatalog = "serviceCatalogEnabled" - # aws-shield = "shieldEnabled" - # aws-simpledb = "simpleDbEnabled" - # aws-snowball = "snowballEnabled" - aws-sns = "snsEnabled" - # aws-sqs = "sqsEnabled" - # aws-ssm = "ssmEnabled" - # aws-stepfunctions = "stepFunctionsEnabled" - # aws-storagegateway = "storageGatewayEnabled" - # aws-swf = "swfEnabled" - # aws-textract = "textractEnabled" - # aws-transcribe = "transcribeEnabled" - # aws-transfer = "transferEnabled" - # aws-trustedadvisor = "trustedAdvisorEnabled" - aws-vpc-core = "vpcServiceEnabled" - # aws-waf = "wafEnabled" - # aws-wafregional = "wafRegionalEnabled" - # aws-wellarchitected = "wellarchitectedEnabled" - # aws-workdocs = "workDocsEnabled" - # aws-workspaces = "workSpacesEnabled" - # aws-xray = "xrayEnabled" -} - -# NOTE: For full list of values, which can be enabled for more than the default region. -# Look in variables.tf at the default value. -# This deafult value can be overridden. Uncomment the respective region list to enable Turbot Event Handlers. -# See this file, regions.tf -aws_account_default_regions = [ - "us-east-1", - "us-east-2", - # "us-east-2", - # "us-west-1", - # "us-west-2", - # "ap-northeast-1", - # "ap-northeast-2", - # "ap-south-1", - # "ap-southeast-1", - # "ap-southeast-2", - # "ca-central-1", - # "eu-central-1", - # "eu-north-1", - # "eu-west-1", - # "eu-west-2", - # "eu-west-3", - # "sa-east-1", -] \ No newline at end of file diff --git a/baselines/todo_policy_packs/aws/aws_baseline/ec2_attribute_policies.tf b/baselines/todo_policy_packs/aws/aws_baseline/ec2_attribute_policies.tf deleted file mode 100644 index c1d989d62..000000000 --- a/baselines/todo_policy_packs/aws/aws_baseline/ec2_attribute_policies.tf +++ /dev/null @@ -1,8 +0,0 @@ -#Restrict Turbot to only describing DisableApiTermination on EC2 Instances. -resource "turbot_policy_setting" "aws_ec2_instance_cmdb_attributes" { - resource = turbot_smart_folder.aws_baseline.id - type = "tmod:@turbot/aws-ec2#/policy/types/instanceCmdbAttributes" - value = < CIS v1 -# https://turbot.com/v5/mods/turbot/aws-cisv1/inspect#/policy/types/cis -resource "turbot_policy_setting" "enable_cis_checks" { - resource = turbot_smart_folder.aws_baseline.id - type = "tmod:@turbot/aws-cisv1#/policy/types/cis" - value = "Check: Level 1 & Level 2 (Scored)" - # Skip - # Check: Level 1 (Scored) - # Check: Level 1 (Scored & Not Scored) - # Check: Level 1 & Level 2 (Scored) - # Check: Level 1 & Level 2 (Scored & Not Scored) -} - -# AWS > CIS v1 > Maximum Attestation Duration -# https://turbot.com/v5/mods/turbot/aws-cisv1/inspect#/policy/types/attestation -resource "turbot_policy_setting" "aws_cis_max_attestation_period" { - resource = turbot_smart_folder.aws_baseline.id - type = "tmod:@turbot/aws-cisv1#/policy/types/attestation" - value = "1 year" - # Skip - # 30 days - # 60 days - # 90 days - # 1 year - # 2 years - # 3 years -} diff --git a/baselines/todo_policy_packs/aws/aws_baseline/outputs.tf b/baselines/todo_policy_packs/aws/aws_baseline/outputs.tf deleted file mode 100644 index 4fee22792..000000000 --- a/baselines/todo_policy_packs/aws/aws_baseline/outputs.tf +++ /dev/null @@ -1,23 +0,0 @@ -output "turbot_profile" { - value = var.turbot_profile -} - -output "smart_folder_name" { - value = var.smart_folder_name -} - -output "smart_folder_description" { - value = var.smart_folder_description -} - -output "smart_folder_parent_resource" { - value = var.smart_folder_parent_resource -} - -output "enabled_policy_map" { - value = var.enabled_policy_map -} - -output "aws_account_default_regions" { - value = var.aws_account_default_regions -} diff --git a/baselines/todo_policy_packs/aws/aws_baseline/providers.tf b/baselines/todo_policy_packs/aws/aws_baseline/providers.tf deleted file mode 100644 index 0353d61cb..000000000 --- a/baselines/todo_policy_packs/aws/aws_baseline/providers.tf +++ /dev/null @@ -1,12 +0,0 @@ -terraform { - required_providers { - turbot = { - source = "turbot/turbot" - } - } - required_version = ">= 0.13" -} - -provider "turbot" { - profile = var.turbot_profile -} diff --git a/baselines/todo_policy_packs/aws/aws_baseline/real_time_events.tf b/baselines/todo_policy_packs/aws/aws_baseline/real_time_events.tf deleted file mode 100644 index 3038dce29..000000000 --- a/baselines/todo_policy_packs/aws/aws_baseline/real_time_events.tf +++ /dev/null @@ -1,9 +0,0 @@ -# Create Event Handlers as per the Region Defaults - -# AWS > Turbot > Event Handlers -# More information: https://turbot.com/v5/docs/integrations/aws/event-handlers -resource "turbot_policy_setting" "eventHandlers" { - resource = turbot_smart_folder.aws_baseline.id - type = "tmod:@turbot/aws#/policy/types/eventHandlers" - value = "Enforce: Configured" -} diff --git a/baselines/todo_policy_packs/aws/aws_baseline/regions.tf b/baselines/todo_policy_packs/aws/aws_baseline/regions.tf deleted file mode 100644 index fa839203e..000000000 --- a/baselines/todo_policy_packs/aws/aws_baseline/regions.tf +++ /dev/null @@ -1,18 +0,0 @@ -# Limiting Turbot Event Handlers to specific regions. Default to us-east-1 only -# More Info: https://turbot.com/v5/docs/guides/regions#discovering-regions - -# Limit Available Regions -# "*" allows Turbot to run in all available regions. -# Other wildcarding is allowed e.g. us*, us-east-* -# Remove the comment next to the region to include additional regions to the scope -# Note: us-east-1 is required since it is an AWS global region for specific services - -# https://turbot.com/v5/mods/turbot/aws/inspect#/policy/types/regionsDefault -resource "turbot_policy_setting" "aws_account_available_regions" { - count = length(var.aws_account_default_regions) > 0 ? 1 : 0 - resource = turbot_smart_folder.aws_baseline.id - type = "tmod:@turbot/aws#/policy/types/regionsDefault" - value = <<-DEFAULTREGIONS - ${yamlencode([for region in var.aws_account_default_regions : region])} - DEFAULTREGIONS -} diff --git a/baselines/todo_policy_packs/aws/aws_baseline/smart_folder.tf b/baselines/todo_policy_packs/aws/aws_baseline/smart_folder.tf deleted file mode 100644 index 3b9f03712..000000000 --- a/baselines/todo_policy_packs/aws/aws_baseline/smart_folder.tf +++ /dev/null @@ -1,5 +0,0 @@ -resource "turbot_smart_folder" "aws_baseline" { - parent = var.smart_folder_parent_resource - title = var.smart_folder_name - description = var.smart_folder_description -} diff --git a/baselines/todo_policy_packs/aws/aws_baseline/variables.tf b/baselines/todo_policy_packs/aws/aws_baseline/variables.tf deleted file mode 100644 index 9f4e2a31a..000000000 --- a/baselines/todo_policy_packs/aws/aws_baseline/variables.tf +++ /dev/null @@ -1,176 +0,0 @@ -# Baseline Configuration - -variable "enabled_policy_map" { - description = "List of services to set as Enabled" - type = map(string) - default = { - # aws-acm = "acmEnabled" - # aws-amplify = "amplifyEnabled" - # aws-apigateway = "apiGatewayEnabled" - # aws-appflow = "appFlowEnabled" - # aws-appmesh = "appMeshEnabled" - # aws-appstream = "appStreamEnabled" - # aws-appsync = "appSyncEnabled" - # aws-artifact = "artifactEnabled" - # aws-athena = "athenaEnabled" - # aws-backup = "backupEnabled" - # aws-batch = "batchEnabled" - # aws-chime = "chimeEnabled" - # aws-cloud9 = "cloud9Enabled" - # aws-cloudformation = "cloudFormationEnabled" - # aws-cloudfront = "cloudFrontEnabled" - # aws-cloudhsm = "cloudHsmEnabled" - # aws-cloudsearch = "cloudSearchEnabled" - aws-cloudtrail = "cloudTrailEnabled" - aws-cloudwatch = "cloudWatchEnabled" - # aws-codebuild = "codeBuildEnabled" - # aws-codecommit = "codeCommitEnabled" - # aws-codedeploy = "codeDeployEnabled" - # aws-codepipeline = "codePipelineEnabled" - # aws-codestar = "codeStarEnabled" - # aws-comprehend = "comprehendEnabled" - aws-config = "configEnabled" - # aws-datapipeline = "dataPipelineEnabled" - # aws-dax = "daxEnabled" - # aws-directoryservice = "directoryServiceEnabled" - # aws-dms = "dmsEnabled" - # aws-docdb = "docDbEnabled" - # aws-dynamodb = "dynamodbEnabled" - aws-ec2 = "ec2Enabled" - # aws-ecr = "ecrEnabled" - # aws-ecs = "ecsEnabled" - # aws-efs = "efsEnabled" - # aws-eks = "eksEnabled" - # aws-elasticache = "elastiCacheEnabled" - # aws-elasticbeanstalk = "elasticBeanstalkEnabled" - # aws-elasticsearch = "esEnabled" - # aws-elastictranscoder = "elasticTranscoderEnabled" - # aws-emr = "emrEnabled" - aws-events = "eventsEnabled" - # aws-fsx = "fsxEnabled" - # aws-gamelift = "gameLiftEnabled" - # aws-glacier = "glacierEnabled" - # aws-glue = "glueEnabled" - # aws-greengrass = "greengrassEnabled" - # aws-guardduty = "guardDutyEnabled" - # aws-health = "healthEnabled" - aws-iam = "iamEnabled" - # aws-inspector = "inspectorEnabled" - # aws-iot = "iotEnabled" - # aws-iot1click = "iot1ClickEnabled" - # aws-iotanalytics = "iotAnalyticsEnabled" - # aws-iotevents = "iotEventsEnabled" - # aws-iotsitewise = "iotSiteWiseEnabled" - # aws-iotthingsgraph = "iotThingsGraphEnabled" - # aws-kinesis = "kinesisEnabled" - aws-kms = "kmsEnabled" - aws-lambda = "lambdaEnabled" - # aws-lex = "lexEnabled" - # aws-lightsail = "lightsailEnabled" - aws-logs = "logsEnabled" - # aws-machinelearning = "machineLearningEnabled" - # aws-macie = "macieEnabled" - # aws-mediaconnect = "mediaConnectEnabled" - # aws-mediaconvert = "mediaConvertEnabled" - # aws-medialive = "mediaLiveEnabled" - # aws-mediapackage = "mediaPackageEnabled" - # aws-mediastore = "mediaStoreEnabled" - # aws-mediatailor = "mediaTailorEnabled" - # aws-mq = "mqEnabled" - # aws-msk = "mskEnabled" - # aws-outposts = "outpostsEnabled" - # aws-qldb = "qldbEnabled" - # aws-ram = "ramEnabled" - # aws-rds = "rdsEnabled" - # aws-redshift = "redshiftEnabled" - # aws-resourcegroups = "resourceGroupsEnabled" - # aws-robomaker = "roboMakerEnabled" - # aws-route53 = "route53Enabled" - # aws-route53domains = "route53DomainsEnabled" - # aws-route53resolver = "route53ResolverEnabled" - aws-s3 = "s3Enabled" - # aws-sagemaker = "sageMakerEnabled" - # aws-secretsmanager = "secretsManagerEnabled" - # aws-securityhub = "securityHubEnabled" - # aws-serverlessapplicationrepository = "serverlessApplicationRepositoryEnabled" - # aws-servermigration = "serverMigrationServiceEnabled" - # aws-servicecatalog = "serviceCatalogEnabled" - # aws-shield = "shieldEnabled" - # aws-simpledb = "simpleDbEnabled" - # aws-snowball = "snowballEnabled" - aws-sns = "snsEnabled" - # aws-sqs = "sqsEnabled" - # aws-ssm = "ssmEnabled" - # aws-stepfunctions = "stepFunctionsEnabled" - # aws-storagegateway = "storageGatewayEnabled" - # aws-swf = "swfEnabled" - # aws-textract = "textractEnabled" - # aws-transcribe = "transcribeEnabled" - # aws-transfer = "transferEnabled" - # aws-trustedadvisor = "trustedAdvisorEnabled" - aws-vpc-core = "vpcServiceEnabled" - # aws-waf = "wafEnabled" - # aws-wafregional = "wafRegionalEnabled" - # aws-wellarchitected = "wellarchitectedEnabled" - # aws-workdocs = "workDocsEnabled" - # aws-workspaces = "workSpacesEnabled" - # aws-xray = "xrayEnabled" - } -} - -# More Info: https://turbot.com/v5/docs/guides/regions#discovering-regions -variable "aws_account_default_regions" { - description = < VPC > Default VPC > Approved -# https://turbot.com/v5/mods/turbot/aws-vpc-core/inspect#/policy/types/defaultVpcApproved -resource "turbot_policy_setting" "defaultVpcApproved" { - resource = turbot_smart_folder.aws_baseline.id - type = "tmod:@turbot/aws-vpc-core#/policy/types/defaultVpcApproved" - value = "Check: Approved" -} - -# AWS > VPC > Default VPC > Approved > Usage -# https://turbot.com/v5/mods/turbot/aws-vpc-core/inspect#/policy/types/defaultVpcApprovedUsage -resource "turbot_policy_setting" "defaultVpcApprovedUsage" { - resource = turbot_smart_folder.aws_baseline.id - type = "tmod:@turbot/aws-vpc-core#/policy/types/defaultVpcApprovedUsage" - value = "Not approved" -} diff --git a/baselines/todo_policy_packs/aws/aws_check_cost_controls/README.md b/baselines/todo_policy_packs/aws/aws_check_cost_controls/README.md deleted file mode 100644 index 90adfb101..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_cost_controls/README.md +++ /dev/null @@ -1,133 +0,0 @@ -# Baseline - AWS Check Cost Controls - -This baseline will allow you to check the infrastructure over X days/unattached volumes and to set resource scheduling and make it inactive to reduce the cost. - -Few important links - -- [Budget Guardrails](https://turbot.com/v5/docs/concepts/guardrails/budget) -- [Scheduling in Turbot](https://turbot.com/v5/docs/concepts/guardrails/scheduling) -- [Active Guardrails](https://turbot.com/v5/docs/concepts/guardrails/active) - -## Overview - -Baseline policies are initial set of policies recommended to start with while using Turbot. These policies mostly focuses on enabling services, frequently used policies to run in check mode & enabling security & cost control features e.g. encryption standards, public access, cost control etc. Baseline TF scripts allows you to toggle the value to apply or ignore. See the below sections for more information. - -Some of these policies overlap with other set of baselines. Hence Turbot provided set of baseline TF files are executed in separate [Smart Folder](https://turbot.com/v5/docs/getting-started/smart_folder).The advantage of setting up of each baseline in their own Smart Folder prevents conflicting with the policy settings created by other baseline scripts. - -This baseline will not attach to a resource by default. This needs to be done manually using the Turbot UI. - -## Requirements - -- Terraform v0.13 or greater installed -- Valid Turbot configuration credentials - -For further information on configuring Turbot credentials can be found [here](https://turbot.com/v5/docs/reference/cli/installation#setup-your-turbot-credentials). - -## Applying baseline - -The baseline is defined by a set of files which together define the configuration of the baseline. - -### Initialize baseline - -If not previously run, Initialize Terraform to get all necessary providers for the baseline. - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform init - ``` - -### Deploying demo example - -1. Navigate to the folder of the baseline -2. Initialize Terraform -3. Apply the baseline using the demo input variable file [demo.tfvars](demo.tfvars) - -On the terminal this will look like: - -```shell -cd -terraform init -terraform apply --var-file demo.tfvars -``` - -**Note** - -- Most of the variables in demo.tfvars are marked as `false`, as they are not part of required initial policies. This can be made `true` based on need. - -- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default variable file. - -### Input variable files - -Input variable files allow for the user to configure configuration definitions for multiple environments in different files. - -This baseline comes with an example input variable file called [demo.tfvars](demo.tfvars). - -It will be used to define which parts of the baseline to apply and which to ignore. - -The variables that can be overwritten by the input variable files i.e. [demo.tfvars](demo.tfvars) are defined in the [variables.tf](variables.tf) file. - -Further details found in official [Terraform documentation](https://www.terraform.io/docs/language/values/variables.html). - -### Apply baseline using input variable files - -If seeking to apply the baseline using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform apply --var-file=demo.tfvars - ``` -### Apply baseline without input variable file - -The baseline can be applied without an input variable file. - -1. By this time Terraform initialization is done as mentioned above. -3. Prefer to check the outcome by running the Terraform plan -3. Apply the Terraform -4. Run the command: - -```shell -cd -terraform plan -terraform apply -``` - -`This may prompt the user applying the baseline to enter values for variables that do not have default values.` - -### Destroy baseline without input variable file - -If seeking to apply the baseline without using an input variable file. - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform destroy - ``` - -### Destroy using input variable files - -If seeking to destoy the baseline configuration using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform destroy --var-file=demo.tfvars - ``` - -## Commenting strategy - -All Turbot policies used by the baselines will have a link to the official Turbot Mods documentation. - -Opening the links will give you further details about: - -- The purpose of the policy -- Policy URI name -- Parent information -- Category information -- Target information -- All valid values diff --git a/baselines/todo_policy_packs/aws/aws_check_cost_controls/aws_active.tf b/baselines/todo_policy_packs/aws/aws_check_cost_controls/aws_active.tf deleted file mode 100644 index 6ebd83c0c..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_cost_controls/aws_active.tf +++ /dev/null @@ -1,50 +0,0 @@ -# Simple cost control to check for aging infrastructure over X days -# Defaulting to 60 days as an example. -# Other use cases can be used for Last Modified, Attached, etc. -# More Info: https://turbot.com/v5/docs/concepts/guardrails/active - -# AWS > EC2 > Instance > Active -# https://turbot.com/v5/mods/turbot/aws-ec2/inspect#/policy/types/instanceActive -# Loop through var.service_status to enable the Age policies -resource "turbot_policy_setting" "set_resource_active_policies" { - for_each = var.resource_active - resource = turbot_smart_folder.aws_cost_controls.id - type = local.policy_map[each.key] - value = each.value -} - -# AWS > EC2 > Instance > Active > Age -# https://turbot.com/v5/mods/turbot/aws-ec2/inspect#/policy/types/instanceActiveAge -resource "turbot_policy_setting" "set_resource_age_policies" { - for_each = var.resource_active - resource = turbot_smart_folder.aws_cost_controls.id - type = local.policy_map_age[each.key] - value = "Force inactive if age > 60 days" - # Skip - # Force inactive if age > 1 day - # Force inactive if age > 3 days - # Force inactive if age > 7 days - # Force inactive if age > 14 days - # Force inactive if age > 30 days - # Force inactive if age > 60 days - # Force inactive if age > 90 days - # Force inactive if age > 180 days - # Force inactive if age > 365 days -} - -# AWS > EC2 > Volume > Active -# https://turbot.com/v5/mods/turbot/aws-ec2/inspect#/policy/types/volumeActive -# Specific EC2 Volume Active controls focused on unnatached vs Age -resource "turbot_policy_setting" "aws_ec2_volume_active" { - resource = turbot_smart_folder.aws_cost_controls.id - type = "tmod:@turbot/aws-ec2#/policy/types/volumeActive" - value = "Check: Active" -} - -# AWS > EC2 > Volume > Active > Attached -# https://turbot.com/v5/mods/turbot/aws-ec2/inspect#/policy/types/volumeActiveAttached -resource "turbot_policy_setting" "aws_ec2_volume_active_attached" { - resource = turbot_smart_folder.aws_cost_controls.id - type = "tmod:@turbot/aws-ec2#/policy/types/volumeActiveAttached" - value = "Force inactive if unattached" -} \ No newline at end of file diff --git a/baselines/todo_policy_packs/aws/aws_check_cost_controls/demo.tfvars b/baselines/todo_policy_packs/aws/aws_check_cost_controls/demo.tfvars deleted file mode 100644 index 8633d0e36..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_cost_controls/demo.tfvars +++ /dev/null @@ -1,194 +0,0 @@ -# List of services and resources to be Check: Active. -# Started with a few resource types to get started aligned with the initial mods installed -# You can remove the comment per row to include the resource type. Make sure you have the related service mod installed - -# Acceptable Values: - # "Skip" - # "Check: Active" - # "Enforce: Delete inactive with 1 day warning" - # "Enforce: Delete inactive with 3 days warning" - # "Enforce: Delete inactive with 7 days warning" - # "Enforce: Delete inactive with 14 days warning" - # "Enforce: Delete inactive with 30 days warning" - # "Enforce: Delete inactive with 60 days warning" - # "Enforce: Delete inactive with 90 days warning" - # "Enforce: Delete inactive with 180 days warning" - # "Enforce: Delete inactive with 365 days warning" - - -resource_active = { - # aws-acm-certificate = "Check: Active" - # aws-mq-broker = "Check: Active" - # aws-mq-configuration = "Check: Active" - # aws-amplify-app = "Check: Active" - # aws-apigateway-api = "Check: Active" - # aws-apigateway-apiKey = "Check: Active" - # aws-apigateway-apiV2 = "Check: Active" - # aws-apigateway-authorizer = "Check: Active" - # aws-apigateway-authorizerV2 = "Check: Active" - # aws-apigateway-domainNameV2 = "Check: Active" - # aws-apigateway-stage = "Check: Active" - # aws-apigateway-stageV2 = "Check: Active" - # aws-apigateway-usagePlan = "Check: Active" - # aws-appmesh-mesh = "Check: Active" - # aws-athena-namedQuery = "Check: Active" - # aws-athena-workgroup = "Check: Active" - # aws-backup-backupPlan = "Check: Active" - # aws-backup-backupVault = "Check: Active" - # aws-batch-jobDefinition = "Check: Active" - # aws-cloudformation-stack = "Check: Active" - # aws-cloudformation-stackSet = "Check: Active" - # aws-cloudfront-cloudFrontOriginAccessIdentity = "Check: Active" - # aws-cloudfront-distribution = "Check: Active" - # aws-cloudfront-streamingDistribution = "Check: Active" - # aws-cloudsearch-domain = "Check: Active" - # aws-cloudtrail-trail = "Check: Active" - # aws-cloudwatch-alarm = "Check: Active" - # aws-codebuild-build = "Check: Active" - # aws-codebuild-project = "Check: Active" - # aws-codecommit-repository = "Check: Active" - # aws-config-configurationRecorder = "Check: Active" - # aws-config-deliveryChannel = "Check: Active" - # aws-config-rule = "Check: Active" - # aws-dax-cluster = "Check: Active" - # aws-directoryservice-directory = "Check: Active" - # aws-dms-endpoint = "Check: Active" - # aws-docdb-dbCluster = "Check: Active" - # aws-docdb-dbClusterParameterGroup = "Check: Active" - # aws-docdb-dbInstance = "Check: Active" - # aws-dynamodb-backup = "Check: Active" - # aws-dynamodb-globalTable = "Check: Active" - # aws-dynamodb-table = "Check: Active" - aws-ec2-ami = "Check: Active" - # aws-ec2-applicationLoadBalancer = "Check: Active" - # aws-ec2-autoScalingGroup = "Check: Active" - # aws-ec2-classicLoadBalancer = "Check: Active" - aws-ec2-instance = "Check: Active" - # aws-ec2-keyPair = "Check: Active" - # aws-ec2-launchConfiguration = "Check: Active" - # aws-ec2-launchTemplate = "Check: Active" - # aws-ec2-launchTemplateVersion = "Check: Active" - # aws-ec2-listenerRule = "Check: Active" - # aws-ec2-loadBalancerListener = "Check: Active" - # aws-ec2-networkInterface = "Check: Active" - # aws-ec2-networkLoadBalancer = "Check: Active" - aws-ec2-snapshot = "Check: Active" - # aws-ec2-targetGroup = "Check: Active" - ##Have Unattached Policy Set instead## aws-ec2-volume = "Check: Active" - # aws-ecr-repository = "Check: Active" - # aws-ecs-cluster = "Check: Active" - # aws-ecs-containerInstance = "Check: Active" - # aws-ecs-taskDefinition = "Check: Active" - # aws-efs-fileSystem = "Check: Active" - # aws-efs-mountTarget = "Check: Active" - # aws-eks-cluster = "Check: Active" - # aws-eks-nodeGroup = "Check: Active" - # aws-elasticbeanstalk-application = "Check: Active" - # aws-elasticbeanstalk-environment = "Check: Active" - # aws-elasticache-cacheCluster = "Check: Active" - # aws-elasticache-cacheParameterGroup = "Check: Active" - # aws-elasticache-replicationGroup = "Check: Active" - # aws-elasticache-snapshot = "Check: Active" - # aws-elasticsearch-domain = "Check: Active" - # aws-emr-cluster = "Check: Active" - # aws-emr-securityConfiguration = "Check: Active" - # aws-events-rule = "Check: Active" - # aws-events-target = "Check: Active" - # aws-fsx-backup = "Check: Active" - # aws-fsx-fileSystem = "Check: Active" - # aws-glacier-vault = "Check: Active" - # aws-glue-database = "Check: Active" - # aws-guardduty-detector = "Check: Active" - # aws-guardduty-ipSet = "Check: Active" - # aws-guardduty-threatIntelSet = "Check: Active" - # aws-iam-accessKey = "Check: Active" - # aws-iam-group = "Check: Active" - # aws-iam-iamPolicy = "Check: Active" - # aws-iam-role = "Check: Active" - # aws-iam-user = "Check: Active" - # aws-inspector-assessmentTarget = "Check: Active" - # aws-inspector-assessmentTemplate = "Check: Active" - # aws-kinesis-consumer = "Check: Active" - # aws-kinesis-stream = "Check: Active" - # aws-kms-key = "Check: Active" - aws-lambda-function = "Check: Active" - # aws-logs-logGroup = "Check: Active" - # aws-logs-logStream = "Check: Active" - # aws-logs-metricFilter = "Check: Active" - # aws-msk-cluster = "Check: Active" - # aws-neptune-dbCluster = "Check: Active" - # aws-neptune-dbInstance = "Check: Active" - # aws-qldb-ledger = "Check: Active" - # aws-rds-dbCluster = "Check: Active" - # aws-rds-dbClusterParameterGroup = "Check: Active" - # aws-rds-dbClusterSnapshotManual = "Check: Active" - # aws-rds-dbInstance = "Check: Active" - # aws-rds-dbParameterGroup = "Check: Active" - # aws-rds-dbSnapshotManual = "Check: Active" - # aws-rds-optionGroup = "Check: Active" - # aws-rds-subnetGroup = "Check: Active" - # aws-redshift-cluster = "Check: Active" - # aws-redshift-clusterParameterGroup = "Check: Active" - # aws-redshift-clusterSubnetGroup = "Check: Active" - # aws-redshift-clusterSnapshotManual = "Check: Active" - # aws-robomaker-fleet = "Check: Active" - # aws-robomaker-robot = "Check: Active" - # aws-robomaker-robotApplication = "Check: Active" - # aws-route53-hostedZone = "Check: Active" - # aws-route53resolver-resolverEndpoint = "Check: Active" - # aws-route53resolver-resolverRule = "Check: Active" - aws-s3-bucket = "Check: Active" - # aws-secretsmanager-secret = "Check: Active" - # aws-shield-protection = "Check: Active" - # aws-sns-subscription = "Check: Active" - # aws-sns-topic = "Check: Active" - # aws-sqs-queue = "Check: Active" - # aws-ssm-association = "Check: Active" - # aws-ssm-document = "Check: Active" - # aws-ssm-maintenanceWindow = "Check: Active" - # aws-ssm-ssmParameter = "Check: Active" - # aws-stepfunctions-stateMachine = "Check: Active" - # aws-swf-domain = "Check: Active" - # aws-vpc-connect-customerGateway = "Check: Active" - # aws-vpc-core-dhcpOptions = "Check: Active" - # aws-vpc-internet-egressOnlyInternetGateway = "Check: Active" - # aws-vpc-internet-elasticIp = "Check: Active" - # aws-vpc-internet-vpcEndpoint = "Check: Active" - # aws-vpc-internet-vpcEndpointService = "Check: Active" - # aws-vpc-security-flowLog = "Check: Active" - # aws-vpc-internet-internetGateway = "Check: Active" - # aws-vpc-internet-natGateway = "Check: Active" - # aws-vpc-security-networkAcl = "Check: Active" - # aws-vpc-connect-vpcPeeringConnection = "Check: Active" - # aws-vpc-core-routeTable = "Check: Active" - # aws-vpc-security-securityGroup = "Check: Active" - # aws-vpc-core-subnet = "Check: Active" - # aws-vpc-connect-transitGateway = "Check: Active" - # aws-vpc-connect-transitGatewayRouteTable = "Check: Active" - # aws-vpc-core-vpc = "Check: Active" - # aws-vpc-connect-vpnConnection = "Check: Active" - # aws-vpc-connect-vpnGateway = "Check: Active" - # aws-waf-ipSet = "Check: Active" - # aws-waf-ipSetV2Global = "Check: Active" - # aws-waf-ipSetV2Regional = "Check: Active" - # aws-waf-rateBasedRule = "Check: Active" - # aws-waf-regexPatternSetV2Global = "Check: Active" - # aws-waf-regexPatternSetV2Regional = "Check: Active" - # aws-waf-rule = "Check: Active" - # aws-waf-ruleGroupV2Global = "Check: Active" - # aws-waf-ruleGroupV2Regional = "Check: Active" - # aws-waf-webacl = "Check: Active" - # aws-waf-webAclV2Global = "Check: Active" - # aws-waf-webAclV2Regional = "Check: Active" - # aws-wafregional-rule = "Check: Active" - # aws-wellarchitected-workload = "Check: Active" -} -# See file schedules.tf -enable_rds_db_cluster_schedule_policies = false -enable_rds_cluster_schedule_tag_policies = false -enable_rds_db_instance_schedule_policies = false -enable_rds_db_instance_schedule_tag_policies = false -enable_redshift_cluster_schedule_policies = false -enable_redshift_cluster_schedule_tag_policies = false -enable_workspace_schedule_policies = false -enable_workspace_schedule_tag_policies = false \ No newline at end of file diff --git a/baselines/todo_policy_packs/aws/aws_check_cost_controls/locals.tf b/baselines/todo_policy_packs/aws/aws_check_cost_controls/locals.tf deleted file mode 100644 index 625bbbaf9..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_cost_controls/locals.tf +++ /dev/null @@ -1,339 +0,0 @@ -locals { - -policy_map = { - aws-acm-certificate : "tmod:@turbot/aws-acm#/policy/types/certificateActive" - aws-mq-broker : "tmod:@turbot/aws-mq#/policy/types/brokerActive" - aws-mq-configuration : "tmod:@turbot/aws-mq#/policy/types/configurationActive" - aws-amplify-app : "tmod:@turbot/aws-amplify#/policy/types/appActive" - aws-apigateway-api : "tmod:@turbot/aws-apigateway#/policy/types/apiActive" - aws-apigateway-apiKey : "tmod:@turbot/aws-apigateway#/policy/types/apiKeyActive" - aws-apigateway-apiV2 : "tmod:@turbot/aws-apigateway#/policy/types/apiV2Active" - aws-apigateway-authorizer : "tmod:@turbot/aws-apigateway#/policy/types/authorizerActive" - aws-apigateway-authorizerV2 : "tmod:@turbot/aws-apigateway#/policy/types/authorizerV2Active" - aws-apigateway-domainNameV2 : "tmod:@turbot/aws-apigateway#/policy/types/domainNameV2Active" - aws-apigateway-stage : "tmod:@turbot/aws-apigateway#/policy/types/stageActive" - aws-apigateway-stageV2 : "tmod:@turbot/aws-apigateway#/policy/types/stageV2Active" - aws-apigateway-usagePlan : "tmod:@turbot/aws-apigateway#/policy/types/usagePlanActive" - aws-appmesh-mesh : "tmod:@turbot/aws-appmesh#/policy/types/meshActive" - aws-athena-namedQuery : "tmod:@turbot/aws-athena#/policy/types/namedQueryActive" - aws-athena-workgroup : "tmod:@turbot/aws-athena#/policy/types/workgroupActive" - aws-backup-backupPlan : "tmod:@turbot/aws-backup#/policy/types/backupPlanActive" - aws-backup-backupVault : "tmod:@turbot/aws-backup#/policy/types/backupVaultActive" - aws-batch-jobDefinition : "tmod:@turbot/aws-batch#/policy/types/jobDefinitionActive" - aws-cloudformation-stack : "tmod:@turbot/aws-cloudformation#/policy/types/stackActive" - aws-cloudformation-stackSet : "tmod:@turbot/aws-cloudformation#/policy/types/stackSetActive" - aws-cloudfront-cloudFrontOriginAccessIdentity : "tmod:@turbot/aws-cloudfront#/policy/types/cloudFrontOriginAccessIdentityActive" - aws-cloudfront-distribution : "tmod:@turbot/aws-cloudfront#/policy/types/distributionActive" - aws-cloudfront-streamingDistribution : "tmod:@turbot/aws-cloudfront#/policy/types/streamingDistributionActive" - aws-cloudsearch-domain : "tmod:@turbot/aws-cloudsearch#/policy/types/domainActive" - aws-cloudtrail-trail : "tmod:@turbot/aws-cloudtrail#/policy/types/trailActive" - aws-cloudwatch-alarm : "tmod:@turbot/aws-cloudwatch#/policy/types/alarmActive" - aws-codebuild-build : "tmod:@turbot/aws-codebuild#/policy/types/buildActive" - aws-codebuild-project : "tmod:@turbot/aws-codebuild#/policy/types/projectActive" - aws-codecommit-repository : "tmod:@turbot/aws-codecommit#/policy/types/repositoryActive" - aws-config-configurationRecorder : "tmod:@turbot/aws-config#/policy/types/configurationRecorderActive" - aws-config-deliveryChannel : "tmod:@turbot/aws-config#/policy/types/deliveryChannelActive" - aws-config-rule : "tmod:@turbot/aws-config#/policy/types/ruleActive" - aws-dax-cluster : "tmod:@turbot/aws-dax#/policy/types/clusterActive" - aws-directoryservice-directory : "tmod:@turbot/aws-directoryservice#/policy/types/directoryActive" - aws-dms-endpoint : "tmod:@turbot/aws-dms#/policy/types/endpointActive" - aws-docdb-dbCluster : "tmod:@turbot/aws-docdb#/policy/types/dbClusterActive" - aws-docdb-dbClusterParameterGroup : "tmod:@turbot/aws-docdb#/policy/types/dbClusterParameterGroupActive" - aws-docdb-dbInstance : "tmod:@turbot/aws-docdb#/policy/types/dbInstanceActive" - aws-dynamodb-backup : "tmod:@turbot/aws-dynamodb#/policy/types/backupActive" - aws-dynamodb-globalTable : "tmod:@turbot/aws-dynamodb#/policy/types/globalTableActive" - aws-dynamodb-table : "tmod:@turbot/aws-dynamodb#/policy/types/tableActive" - aws-ec2-ami : "tmod:@turbot/aws-ec2#/policy/types/amiActive" - aws-ec2-applicationLoadBalancer : "tmod:@turbot/aws-ec2#/policy/types/applicationLoadBalancerActive" - aws-ec2-autoScalingGroup : "tmod:@turbot/aws-ec2#/policy/types/autoScalingGroupActive" - aws-ec2-classicLoadBalancer : "tmod:@turbot/aws-ec2#/policy/types/classicLoadBalancerActive" - aws-ec2-instance : "tmod:@turbot/aws-ec2#/policy/types/instanceActive" - aws-ec2-keyPair : "tmod:@turbot/aws-ec2#/policy/types/keyPairActive" - aws-ec2-launchConfiguration : "tmod:@turbot/aws-ec2#/policy/types/launchConfigurationActive" - aws-ec2-launchTemplate : "tmod:@turbot/aws-ec2#/policy/types/launchTemplateActive" - aws-ec2-launchTemplateVersion : "tmod:@turbot/aws-ec2#/policy/types/launchTemplateVersionActive" - aws-ec2-listenerRule : "tmod:@turbot/aws-ec2#/policy/types/listenerRuleActive" - aws-ec2-loadBalancerListener : "tmod:@turbot/aws-ec2#/policy/types/loadBalancerListenerActive" - aws-ec2-networkInterface : "tmod:@turbot/aws-ec2#/policy/types/networkInterfaceActive" - aws-ec2-networkLoadBalancer : "tmod:@turbot/aws-ec2#/policy/types/networkLoadBalancerActive" - aws-ec2-snapshot : "tmod:@turbot/aws-ec2#/policy/types/snapshotActive" - aws-ec2-targetGroup : "tmod:@turbot/aws-ec2#/policy/types/targetGroupActive" - aws-ec2-volume : "tmod:@turbot/aws-ec2#/policy/types/volumeActive" - aws-ecr-repository : "tmod:@turbot/aws-ecr#/policy/types/repositoryActive" - aws-ecs-cluster : "tmod:@turbot/aws-ecs#/policy/types/clusterActive" - aws-ecs-containerInstance : "tmod:@turbot/aws-ecs#/policy/types/containerInstanceActive" - aws-ecs-taskDefinition : "tmod:@turbot/aws-ecs#/policy/types/taskDefinitionActive" - aws-efs-fileSystem : "tmod:@turbot/aws-efs#/policy/types/fileSystemActive" - aws-efs-mountTarget : "tmod:@turbot/aws-efs#/policy/types/mountTargetActive" - aws-eks-cluster : "tmod:@turbot/aws-eks#/policy/types/clusterActive" - aws-eks-nodeGroup : "tmod:@turbot/aws-eks#/policy/types/nodeGroupActive" - aws-elasticbeanstalk-application : "tmod:@turbot/aws-elasticbeanstalk#/policy/types/applicationActive" - aws-elasticbeanstalk-environment : "tmod:@turbot/aws-elasticbeanstalk#/policy/types/environmentActive" - aws-elasticache-cacheCluster : "tmod:@turbot/aws-elasticache#/policy/types/cacheClusterActive" - aws-elasticache-cacheParameterGroup : "tmod:@turbot/aws-elasticache#/policy/types/cacheParameterGroupActive" - aws-elasticache-replicationGroup : "tmod:@turbot/aws-elasticache#/policy/types/replicationGroupActive" - aws-elasticache-snapshot : "tmod:@turbot/aws-elasticache#/policy/types/snapshotActive" - aws-elasticsearch-domain : "tmod:@turbot/aws-elasticsearch#/policy/types/domainActive" - aws-emr-cluster : "tmod:@turbot/aws-emr#/policy/types/clusterActive" - aws-emr-securityConfiguration : "tmod:@turbot/aws-emr#/policy/types/securityConfigurationActive" - aws-events-rule : "tmod:@turbot/aws-events#/policy/types/ruleActive" - aws-events-target : "tmod:@turbot/aws-events#/policy/types/targetActive" - aws-fsx-backup : "tmod:@turbot/aws-fsx#/policy/types/backupActive" - aws-fsx-fileSystem : "tmod:@turbot/aws-fsx#/policy/types/fileSystemActive" - aws-glacier-vault : "tmod:@turbot/aws-glacier#/policy/types/vaultActive" - aws-glue-database : "tmod:@turbot/aws-glue#/policy/types/databaseActive" - aws-guardduty-detector : "tmod:@turbot/aws-guardduty#/policy/types/detectorActive" - aws-guardduty-ipSet : "tmod:@turbot/aws-guardduty#/policy/types/ipSetActive" - aws-guardduty-threatIntelSet : "tmod:@turbot/aws-guardduty#/policy/types/threatIntelSetActive" - aws-iam-accessKey : "tmod:@turbot/aws-iam#/policy/types/accessKeyActive" - aws-iam-group : "tmod:@turbot/aws-iam#/policy/types/groupActive" - aws-iam-iamPolicy : "tmod:@turbot/aws-iam#/policy/types/iamPolicyActive" - aws-iam-role : "tmod:@turbot/aws-iam#/policy/types/roleActive" - aws-iam-user : "tmod:@turbot/aws-iam#/policy/types/userActive" - aws-inspector-assessmentTarget : "tmod:@turbot/aws-inspector#/policy/types/assessmentTargetActive" - aws-inspector-assessmentTemplate : "tmod:@turbot/aws-inspector#/policy/types/assessmentTemplateActive" - aws-kinesis-consumer : "tmod:@turbot/aws-kinesis#/policy/types/consumerActive" - aws-kinesis-stream : "tmod:@turbot/aws-kinesis#/policy/types/streamActive" - aws-kms-key : "tmod:@turbot/aws-kms#/policy/types/keyActive" - aws-lambda-function : "tmod:@turbot/aws-lambda#/policy/types/functionActive" - aws-logs-logGroup : "tmod:@turbot/aws-logs#/policy/types/logGroupActive" - aws-logs-logStream : "tmod:@turbot/aws-logs#/policy/types/logStreamActive" - aws-logs-metricFilter : "tmod:@turbot/aws-logs#/policy/types/metricFilterActive" - aws-msk-cluster : "tmod:@turbot/aws-msk#/policy/types/clusterActive" - aws-neptune-dbCluster : "tmod:@turbot/aws-neptune#/policy/types/dbClusterActive" - aws-neptune-dbInstance : "tmod:@turbot/aws-neptune#/policy/types/dbInstanceActive" - aws-qldb-ledger : "tmod:@turbot/aws-qldb#/policy/types/ledgerActive" - aws-rds-dbCluster : "tmod:@turbot/aws-rds#/policy/types/dbClusterActive" - aws-rds-dbClusterParameterGroup : "tmod:@turbot/aws-rds#/policy/types/dbClusterParameterGroupActive" - aws-rds-dbClusterSnapshotManual : "tmod:@turbot/aws-rds#/policy/types/dbClusterSnapshotManualActive" - aws-rds-dbInstance : "tmod:@turbot/aws-rds#/policy/types/dbInstanceActive" - aws-rds-dbParameterGroup : "tmod:@turbot/aws-rds#/policy/types/dbParameterGroupActive" - aws-rds-dbSnapshotManual : "tmod:@turbot/aws-rds#/policy/types/dbSnapshotManualActive" - aws-rds-optionGroup : "tmod:@turbot/aws-rds#/policy/types/optionGroupActive" - aws-rds-subnetGroup : "tmod:@turbot/aws-rds#/policy/types/subnetGroupActive" - aws-redshift-cluster : "tmod:@turbot/aws-redshift#/policy/types/clusterActive" - aws-redshift-clusterParameterGroup : "tmod:@turbot/aws-redshift#/policy/types/clusterParameterGroupActive" - aws-redshift-clusterSubnetGroup : "tmod:@turbot/aws-redshift#/policy/types/clusterSubnetGroupActive" - aws-redshift-clusterSnapshotManual : "tmod:@turbot/aws-redshift#/policy/types/clusterSnapshotManualActive" - aws-robomaker-fleet : "tmod:@turbot/aws-robomaker#/policy/types/fleetActive" - aws-robomaker-robot : "tmod:@turbot/aws-robomaker#/policy/types/robotActive" - aws-robomaker-robotApplication : "tmod:@turbot/aws-robomaker#/policy/types/robotApplicationActive" - aws-route53-hostedZone : "tmod:@turbot/aws-route53#/policy/types/hostedZoneActive" - aws-route53resolver-resolverEndpoint : "tmod:@turbot/aws-route53resolver#/policy/types/resolverEndpointActive" - aws-route53resolver-resolverRule : "tmod:@turbot/aws-route53resolver#/policy/types/resolverRuleActive" - aws-s3-bucket : "tmod:@turbot/aws-s3#/policy/types/bucketActive" - aws-secretsmanager-secret : "tmod:@turbot/aws-secretsmanager#/policy/types/secretActive" - aws-shield-protection : "tmod:@turbot/aws-shield#/policy/types/protectionActive" - aws-sns-subscription : "tmod:@turbot/aws-sns#/policy/types/subscriptionActive" - aws-sns-topic : "tmod:@turbot/aws-sns#/policy/types/topicActive" - aws-sqs-queue : "tmod:@turbot/aws-sqs#/policy/types/queueActive" - aws-ssm-association : "tmod:@turbot/aws-ssm#/policy/types/associationActive" - aws-ssm-document : "tmod:@turbot/aws-ssm#/policy/types/documentActive" - aws-ssm-maintenanceWindow : "tmod:@turbot/aws-ssm#/policy/types/maintenanceWindowActive" - aws-ssm-ssmParameter : "tmod:@turbot/aws-ssm#/policy/types/ssmParameterActive" - aws-stepfunctions-stateMachine : "tmod:@turbot/aws-stepfunctions#/policy/types/stateMachineActive" - aws-swf-domain : "tmod:@turbot/aws-swf#/policy/types/domainActive" - aws-vpc-connect-customerGateway : "tmod:@turbot/aws-vpc-connect#/policy/types/customerGatewayActive" - aws-vpc-core-dhcpOptions : "tmod:@turbot/aws-vpc-core#/policy/types/dhcpOptionsActive" - aws-vpc-internet-egressOnlyInternetGateway : "tmod:@turbot/aws-vpc-internet#/policy/types/egressOnlyInternetGatewayActive" - aws-vpc-internet-elasticIp : "tmod:@turbot/aws-vpc-internet#/policy/types/elasticIpActive" - aws-vpc-internet-vpcEndpoint : "tmod:@turbot/aws-vpc-internet#/policy/types/vpcEndpointActive" - aws-vpc-internet-vpcEndpointService : "tmod:@turbot/aws-vpc-internet#/policy/types/vpcEndpointServiceActive" - aws-vpc-security-flowLog : "tmod:@turbot/aws-vpc-security#/policy/types/flowLogActive" - aws-vpc-internet-internetGateway : "tmod:@turbot/aws-vpc-internet#/policy/types/internetGatewayActive" - aws-vpc-internet-natGateway : "tmod:@turbot/aws-vpc-internet#/policy/types/natGatewayActive" - aws-vpc-security-networkAcl : "tmod:@turbot/aws-vpc-security#/policy/types/networkAclActive" - aws-vpc-connect-vpcPeeringConnection : "tmod:@turbot/aws-vpc-connect#/policy/types/vpcPeeringConnectionActive" - aws-vpc-core-routeTable : "tmod:@turbot/aws-vpc-core#/policy/types/routeTableActive" - aws-vpc-security-securityGroup : "tmod:@turbot/aws-vpc-security#/policy/types/securityGroupActive" - aws-vpc-core-subnet : "tmod:@turbot/aws-vpc-core#/policy/types/subnetActive" - aws-vpc-connect-transitGateway : "tmod:@turbot/aws-vpc-connect#/policy/types/transitGatewayActive" - aws-vpc-connect-transitGatewayRouteTable : "tmod:@turbot/aws-vpc-connect#/policy/types/transitGatewayRouteTableActive" - aws-vpc-core-vpc : "tmod:@turbot/aws-vpc-core#/policy/types/vpcActive" - aws-vpc-connect-vpnConnection : "tmod:@turbot/aws-vpc-connect#/policy/types/vpnConnectionActive" - aws-vpc-connect-vpnGateway : "tmod:@turbot/aws-vpc-connect#/policy/types/vpnGatewayActive" - aws-waf-ipSet : "tmod:@turbot/aws-waf#/policy/types/ipSetActive" - aws-waf-ipSetV2Global : "tmod:@turbot/aws-waf#/policy/types/ipSetV2GlobalActive" - aws-waf-ipSetV2Regional : "tmod:@turbot/aws-waf#/policy/types/ipSetV2RegionalActive" - aws-waf-rateBasedRule : "tmod:@turbot/aws-waf#/policy/types/rateBasedRuleActive" - aws-waf-regexPatternSetV2Global : "tmod:@turbot/aws-waf#/policy/types/regexPatternSetV2GlobalActive" - aws-waf-regexPatternSetV2Regional : "tmod:@turbot/aws-waf#/policy/types/regexPatternSetV2RegionalActive" - aws-waf-rule : "tmod:@turbot/aws-waf#/policy/types/ruleActive" - aws-waf-ruleGroupV2Global : "tmod:@turbot/aws-waf#/policy/types/ruleGroupV2GlobalActive" - aws-waf-ruleGroupV2Regional : "tmod:@turbot/aws-waf#/policy/types/ruleGroupV2RegionalActive" - aws-waf-webacl : "tmod:@turbot/aws-waf#/policy/types/webaclActive" - aws-waf-webAclV2Global : "tmod:@turbot/aws-waf#/policy/types/webAclV2GlobalActive" - aws-waf-webAclV2Regional : "tmod:@turbot/aws-waf#/policy/types/webAclV2RegionalActive" - aws-wafregional-rule : "tmod:@turbot/aws-wafregional#/policy/types/ruleActive" - aws-wellarchitected-workload : "tmod:@turbot/aws-wellarchitected#/policy/types/workloadActive" - } - -# Note: the resource map above dictates the applicable use of each line item below. You do not need to comment out these items to reduce scope -policy_map_age = { - aws-acm-certificate : "tmod:@turbot/aws-acm#/policy/types/certificateActiveAge" - aws-mq-broker : "tmod:@turbot/aws-mq#/policy/types/brokerActiveAge" - aws-mq-configuration : "tmod:@turbot/aws-mq#/policy/types/configurationActiveAge" - aws-amplify-app : "tmod:@turbot/aws-amplify#/policy/types/appActiveAge" - aws-apigateway-api : "tmod:@turbot/aws-apigateway#/policy/types/apiActiveAge" - aws-apigateway-apiKey : "tmod:@turbot/aws-apigateway#/policy/types/apiKeyActiveAge" - aws-apigateway-apiV2 : "tmod:@turbot/aws-apigateway#/policy/types/apiV2ActiveAge" - aws-apigateway-authorizer : "tmod:@turbot/aws-apigateway#/policy/types/authorizerActiveAge" - aws-apigateway-authorizerV2 : "tmod:@turbot/aws-apigateway#/policy/types/authorizerV2ActiveAge" - aws-apigateway-domainNameV2 : "tmod:@turbot/aws-apigateway#/policy/types/domainNameV2ActiveAge" - aws-apigateway-stage : "tmod:@turbot/aws-apigateway#/policy/types/stageActiveAge" - aws-apigateway-stageV2 : "tmod:@turbot/aws-apigateway#/policy/types/stageV2ActiveAge" - aws-apigateway-usagePlan : "tmod:@turbot/aws-apigateway#/policy/types/usagePlanActiveAge" - aws-appmesh-mesh : "tmod:@turbot/aws-appmesh#/policy/types/meshActiveAge" - aws-athena-namedQuery : "tmod:@turbot/aws-athena#/policy/types/namedQueryActiveAge" - aws-athena-workgroup : "tmod:@turbot/aws-athena#/policy/types/workgroupActiveAge" - aws-backup-backupPlan : "tmod:@turbot/aws-backup#/policy/types/backupPlanActiveAge" - aws-backup-backupVault : "tmod:@turbot/aws-backup#/policy/types/backupVaultActiveAge" - aws-batch-jobDefinition : "tmod:@turbot/aws-batch#/policy/types/jobDefinitionActiveAge" - aws-cloudformation-stack : "tmod:@turbot/aws-cloudformation#/policy/types/stackActiveAge" - aws-cloudformation-stackSet : "tmod:@turbot/aws-cloudformation#/policy/types/stackSetActiveAge" - aws-cloudfront-cloudFrontOriginAccessIdentity : "tmod:@turbot/aws-cloudfront#/policy/types/cloudFrontOriginAccessIdentityActiveAge" - aws-cloudfront-distribution : "tmod:@turbot/aws-cloudfront#/policy/types/distributionActiveAge" - aws-cloudfront-streamingDistribution : "tmod:@turbot/aws-cloudfront#/policy/types/streamingDistributionActiveAge" - aws-cloudsearch-domain : "tmod:@turbot/aws-cloudsearch#/policy/types/domainActiveAge" - aws-cloudtrail-trail : "tmod:@turbot/aws-cloudtrail#/policy/types/trailActiveAge" - aws-cloudwatch-alarm : "tmod:@turbot/aws-cloudwatch#/policy/types/alarmActiveAge" - aws-codebuild-build : "tmod:@turbot/aws-codebuild#/policy/types/buildActiveAge" - aws-codebuild-project : "tmod:@turbot/aws-codebuild#/policy/types/projectActiveAge" - aws-codecommit-repository : "tmod:@turbot/aws-codecommit#/policy/types/repositoryActiveAge" - aws-config-configurationRecorder : "tmod:@turbot/aws-config#/policy/types/configurationRecorderActiveAge" - aws-config-deliveryChannel : "tmod:@turbot/aws-config#/policy/types/deliveryChannelActiveAge" - aws-config-rule : "tmod:@turbot/aws-config#/policy/types/ruleActiveAge" - aws-dax-cluster : "tmod:@turbot/aws-dax#/policy/types/clusterActiveAge" - aws-directoryservice-directory : "tmod:@turbot/aws-directoryservice#/policy/types/directoryActiveAge" - aws-dms-endpoint : "tmod:@turbot/aws-dms#/policy/types/endpointActiveAge" - aws-docdb-dbCluster : "tmod:@turbot/aws-docdb#/policy/types/dbClusterActiveAge" - aws-docdb-dbClusterParameterGroup : "tmod:@turbot/aws-docdb#/policy/types/dbClusterParameterGroupActiveAge" - aws-docdb-dbInstance : "tmod:@turbot/aws-docdb#/policy/types/dbInstanceActiveAge" - aws-dynamodb-backup : "tmod:@turbot/aws-dynamodb#/policy/types/backupActiveAge" - aws-dynamodb-globalTable : "tmod:@turbot/aws-dynamodb#/policy/types/globalTableActiveAge" - aws-dynamodb-table : "tmod:@turbot/aws-dynamodb#/policy/types/tableActiveAge" - aws-ec2-ami : "tmod:@turbot/aws-ec2#/policy/types/amiActiveAge" - aws-ec2-applicationLoadBalancer : "tmod:@turbot/aws-ec2#/policy/types/applicationLoadBalancerActiveAge" - aws-ec2-autoScalingGroup : "tmod:@turbot/aws-ec2#/policy/types/autoScalingGroupActiveAge" - aws-ec2-classicLoadBalancer : "tmod:@turbot/aws-ec2#/policy/types/classicLoadBalancerActiveAge" - aws-ec2-instance : "tmod:@turbot/aws-ec2#/policy/types/instanceActiveAge" - aws-ec2-keyPair : "tmod:@turbot/aws-ec2#/policy/types/keyPairActiveAge" - aws-ec2-launchConfiguration : "tmod:@turbot/aws-ec2#/policy/types/launchConfigurationActiveAge" - aws-ec2-launchTemplate : "tmod:@turbot/aws-ec2#/policy/types/launchTemplateActiveAge" - aws-ec2-launchTemplateVersion : "tmod:@turbot/aws-ec2#/policy/types/launchTemplateVersionActiveAge" - aws-ec2-listenerRule : "tmod:@turbot/aws-ec2#/policy/types/listenerRuleActiveAge" - aws-ec2-loadBalancerListener : "tmod:@turbot/aws-ec2#/policy/types/loadBalancerListenerActiveAge" - aws-ec2-networkInterface : "tmod:@turbot/aws-ec2#/policy/types/networkInterfaceActiveAge" - aws-ec2-networkLoadBalancer : "tmod:@turbot/aws-ec2#/policy/types/networkLoadBalancerActiveAge" - aws-ec2-snapshot : "tmod:@turbot/aws-ec2#/policy/types/snapshotActiveAge" - aws-ec2-targetGroup : "tmod:@turbot/aws-ec2#/policy/types/targetGroupActiveAge" - aws-ec2-volume : "tmod:@turbot/aws-ec2#/policy/types/volumeActiveAge" - aws-ecr-repository : "tmod:@turbot/aws-ecr#/policy/types/repositoryActiveAge" - aws-ecs-cluster : "tmod:@turbot/aws-ecs#/policy/types/clusterActiveAge" - aws-ecs-containerInstance : "tmod:@turbot/aws-ecs#/policy/types/containerInstanceActiveAge" - aws-ecs-taskDefinition : "tmod:@turbot/aws-ecs#/policy/types/taskDefinitionActiveAge" - aws-efs-fileSystem : "tmod:@turbot/aws-efs#/policy/types/fileSystemActiveAge" - aws-efs-mountTarget : "tmod:@turbot/aws-efs#/policy/types/mountTargetActiveAge" - aws-eks-cluster : "tmod:@turbot/aws-eks#/policy/types/clusterActiveAge" - aws-eks-nodeGroup : "tmod:@turbot/aws-eks#/policy/types/nodeGroupActiveAge" - aws-elasticbeanstalk-application : "tmod:@turbot/aws-elasticbeanstalk#/policy/types/applicationActiveAge" - aws-elasticbeanstalk-environment : "tmod:@turbot/aws-elasticbeanstalk#/policy/types/environmentActiveAge" - aws-elasticache-cacheCluster : "tmod:@turbot/aws-elasticache#/policy/types/cacheClusterActiveAge" - aws-elasticache-cacheParameterGroup : "tmod:@turbot/aws-elasticache#/policy/types/cacheParameterGroupActiveAge" - aws-elasticache-replicationGroup : "tmod:@turbot/aws-elasticache#/policy/types/replicationGroupActiveAge" - aws-elasticache-snapshot : "tmod:@turbot/aws-elasticache#/policy/types/snapshotActiveAge" - aws-elasticsearch-domain : "tmod:@turbot/aws-elasticsearch#/policy/types/domainActiveAge" - aws-emr-cluster : "tmod:@turbot/aws-emr#/policy/types/clusterActiveAge" - aws-emr-securityConfiguration : "tmod:@turbot/aws-emr#/policy/types/securityConfigurationActiveAge" - aws-events-rule : "tmod:@turbot/aws-events#/policy/types/ruleActiveAge" - aws-events-target : "tmod:@turbot/aws-events#/policy/types/targetActiveAge" - aws-fsx-backup : "tmod:@turbot/aws-fsx#/policy/types/backupActiveAge" - aws-fsx-fileSystem : "tmod:@turbot/aws-fsx#/policy/types/fileSystemActiveAge" - aws-glacier-vault : "tmod:@turbot/aws-glacier#/policy/types/vaultActiveAge" - aws-glue-database : "tmod:@turbot/aws-glue#/policy/types/databaseActiveAge" - aws-guardduty-detector : "tmod:@turbot/aws-guardduty#/policy/types/detectorActiveAge" - aws-guardduty-ipSet : "tmod:@turbot/aws-guardduty#/policy/types/ipSetActiveAge" - aws-guardduty-threatIntelSet : "tmod:@turbot/aws-guardduty#/policy/types/threatIntelSetActiveAge" - aws-iam-accessKey : "tmod:@turbot/aws-iam#/policy/types/accessKeyActiveAge" - aws-iam-group : "tmod:@turbot/aws-iam#/policy/types/groupActiveAge" - aws-iam-iamPolicy : "tmod:@turbot/aws-iam#/policy/types/iamPolicyActiveAge" - aws-iam-role : "tmod:@turbot/aws-iam#/policy/types/roleActiveAge" - aws-iam-user : "tmod:@turbot/aws-iam#/policy/types/userActiveAge" - aws-inspector-assessmentTarget : "tmod:@turbot/aws-inspector#/policy/types/assessmentTargetActiveAge" - aws-inspector-assessmentTemplate : "tmod:@turbot/aws-inspector#/policy/types/assessmentTemplateActiveAge" - aws-kinesis-consumer : "tmod:@turbot/aws-kinesis#/policy/types/consumerActiveAge" - aws-kinesis-stream : "tmod:@turbot/aws-kinesis#/policy/types/streamActiveAge" - aws-kms-key : "tmod:@turbot/aws-kms#/policy/types/keyActiveAge" - aws-lambda-function : "tmod:@turbot/aws-lambda#/policy/types/functionActiveAge" - aws-logs-logGroup : "tmod:@turbot/aws-logs#/policy/types/logGroupActiveAge" - aws-logs-logStream : "tmod:@turbot/aws-logs#/policy/types/logStreamActiveAge" - aws-logs-metricFilter : "tmod:@turbot/aws-logs#/policy/types/metricFilterActiveAge" - aws-msk-cluster : "tmod:@turbot/aws-msk#/policy/types/clusterActiveAge" - aws-neptune-dbCluster : "tmod:@turbot/aws-neptune#/policy/types/dbClusterActiveAge" - aws-neptune-dbInstance : "tmod:@turbot/aws-neptune#/policy/types/dbInstanceActiveAge" - aws-qldb-ledger : "tmod:@turbot/aws-qldb#/policy/types/ledgerActiveAge" - aws-rds-dbCluster : "tmod:@turbot/aws-rds#/policy/types/dbClusterActiveAge" - aws-rds-dbClusterParameterGroup : "tmod:@turbot/aws-rds#/policy/types/dbClusterParameterGroupActiveAge" - aws-rds-dbClusterSnapshotManual : "tmod:@turbot/aws-rds#/policy/types/dbClusterSnapshotManualActiveAge" - aws-rds-dbInstance : "tmod:@turbot/aws-rds#/policy/types/dbInstanceActiveAge" - aws-rds-dbParameterGroup : "tmod:@turbot/aws-rds#/policy/types/dbParameterGroupActiveAge" - aws-rds-dbSnapshotManual : "tmod:@turbot/aws-rds#/policy/types/dbSnapshotManualActiveAge" - aws-rds-optionGroup : "tmod:@turbot/aws-rds#/policy/types/optionGroupActiveAge" - aws-rds-subnetGroup : "tmod:@turbot/aws-rds#/policy/types/subnetGroupActiveAge" - aws-redshift-cluster : "tmod:@turbot/aws-redshift#/policy/types/clusterActiveAge" - aws-redshift-clusterParameterGroup : "tmod:@turbot/aws-redshift#/policy/types/clusterParameterGroupActiveAge" - aws-redshift-clusterSubnetGroup : "tmod:@turbot/aws-redshift#/policy/types/clusterSubnetGroupActiveAge" - aws-redshift-clusterSnapshotManual : "tmod:@turbot/aws-redshift#/policy/types/clusterSnapshotManualActiveAge" - aws-robomaker-fleet : "tmod:@turbot/aws-robomaker#/policy/types/fleetActiveAge" - aws-robomaker-robot : "tmod:@turbot/aws-robomaker#/policy/types/robotActiveAge" - aws-robomaker-robotApplication : "tmod:@turbot/aws-robomaker#/policy/types/robotApplicationActiveAge" - aws-route53-hostedZone : "tmod:@turbot/aws-route53#/policy/types/hostedZoneActiveAge" - aws-route53resolver-resolverEndpoint : "tmod:@turbot/aws-route53resolver#/policy/types/resolverEndpointActiveAge" - aws-route53resolver-resolverRule : "tmod:@turbot/aws-route53resolver#/policy/types/resolverRuleActiveAge" - aws-s3-bucket : "tmod:@turbot/aws-s3#/policy/types/bucketActiveAge" - aws-secretsmanager-secret : "tmod:@turbot/aws-secretsmanager#/policy/types/secretActiveAge" - aws-shield-protection : "tmod:@turbot/aws-shield#/policy/types/protectionActiveAge" - aws-sns-subscription : "tmod:@turbot/aws-sns#/policy/types/subscriptionActiveAge" - aws-sns-topic : "tmod:@turbot/aws-sns#/policy/types/topicActiveAge" - aws-sqs-queue : "tmod:@turbot/aws-sqs#/policy/types/queueActiveAge" - aws-ssm-association : "tmod:@turbot/aws-ssm#/policy/types/associationActiveAge" - aws-ssm-document : "tmod:@turbot/aws-ssm#/policy/types/documentActiveAge" - aws-ssm-maintenanceWindow : "tmod:@turbot/aws-ssm#/policy/types/maintenanceWindowActiveAge" - aws-ssm-ssmParameter : "tmod:@turbot/aws-ssm#/policy/types/ssmParameterActiveAge" - aws-stepfunctions-stateMachine : "tmod:@turbot/aws-stepfunctions#/policy/types/stateMachineActiveAge" - aws-swf-domain : "tmod:@turbot/aws-swf#/policy/types/domainActiveAge" - aws-vpc-connect-customerGateway : "tmod:@turbot/aws-vpc-connect#/policy/types/customerGatewayActiveAge" - aws-vpc-core-dhcpOptions : "tmod:@turbot/aws-vpc-core#/policy/types/dhcpOptionsActiveAge" - aws-vpc-internet-egressOnlyInternetGateway : "tmod:@turbot/aws-vpc-internet#/policy/types/egressOnlyInternetGatewayActiveAge" - aws-vpc-internet-elasticIp : "tmod:@turbot/aws-vpc-internet#/policy/types/elasticIpActiveAge" - aws-vpc-internet-vpcEndpoint : "tmod:@turbot/aws-vpc-internet#/policy/types/vpcEndpointActiveAge" - aws-vpc-internet-vpcEndpointService : "tmod:@turbot/aws-vpc-internet#/policy/types/vpcEndpointServiceActiveAge" - aws-vpc-security-flowLog : "tmod:@turbot/aws-vpc-security#/policy/types/flowLogActiveAge" - aws-vpc-internet-internetGateway : "tmod:@turbot/aws-vpc-internet#/policy/types/internetGatewayActiveAge" - aws-vpc-internet-natGateway : "tmod:@turbot/aws-vpc-internet#/policy/types/natGatewayActiveAge" - aws-vpc-security-networkAcl : "tmod:@turbot/aws-vpc-security#/policy/types/networkAclActiveAge" - aws-vpc-connect-vpcPeeringConnection : "tmod:@turbot/aws-vpc-connect#/policy/types/vpcPeeringConnectionActiveAge" - aws-vpc-core-routeTable : "tmod:@turbot/aws-vpc-core#/policy/types/routeTableActiveAge" - aws-vpc-security-securityGroup : "tmod:@turbot/aws-vpc-security#/policy/types/securityGroupActiveAge" - aws-vpc-core-subnet : "tmod:@turbot/aws-vpc-core#/policy/types/subnetActiveAge" - aws-vpc-connect-transitGateway : "tmod:@turbot/aws-vpc-connect#/policy/types/transitGatewayActiveAge" - aws-vpc-connect-transitGatewayRouteTable : "tmod:@turbot/aws-vpc-connect#/policy/types/transitGatewayRouteTableActiveAge" - aws-vpc-core-vpc : "tmod:@turbot/aws-vpc-core#/policy/types/vpcActiveAge" - aws-vpc-connect-vpnConnection : "tmod:@turbot/aws-vpc-connect#/policy/types/vpnConnectionActiveAge" - aws-vpc-connect-vpnGateway : "tmod:@turbot/aws-vpc-connect#/policy/types/vpnGatewayActiveAge" - aws-waf-ipSet : "tmod:@turbot/aws-waf#/policy/types/ipSetActiveAge" - aws-waf-ipSetV2Global : "tmod:@turbot/aws-waf#/policy/types/ipSetV2GlobalActiveAge" - aws-waf-ipSetV2Regional : "tmod:@turbot/aws-waf#/policy/types/ipSetV2RegionalActiveAge" - aws-waf-rateBasedRule : "tmod:@turbot/aws-waf#/policy/types/rateBasedRuleActiveAge" - aws-waf-regexPatternSetV2Global : "tmod:@turbot/aws-waf#/policy/types/regexPatternSetV2GlobalActiveAge" - aws-waf-regexPatternSetV2Regional : "tmod:@turbot/aws-waf#/policy/types/regexPatternSetV2RegionalActiveAge" - aws-waf-rule : "tmod:@turbot/aws-waf#/policy/types/ruleActiveAge" - aws-waf-ruleGroupV2Global : "tmod:@turbot/aws-waf#/policy/types/ruleGroupV2GlobalActiveAge" - aws-waf-ruleGroupV2Regional : "tmod:@turbot/aws-waf#/policy/types/ruleGroupV2RegionalActiveAge" - aws-waf-webacl : "tmod:@turbot/aws-waf#/policy/types/webaclActiveAge" - aws-waf-webAclV2Global : "tmod:@turbot/aws-waf#/policy/types/webAclV2GlobalActiveAge" - aws-waf-webAclV2Regional : "tmod:@turbot/aws-waf#/policy/types/webAclV2RegionalActiveAge" - aws-wafregional-rule : "tmod:@turbot/aws-wafregional#/policy/types/ruleActiveAge" - aws-wellarchitected-workload : "tmod:@turbot/aws-wellarchitected#/policy/types/workloadActiveAge" - } -} \ No newline at end of file diff --git a/baselines/todo_policy_packs/aws/aws_check_cost_controls/outputs.tf b/baselines/todo_policy_packs/aws/aws_check_cost_controls/outputs.tf deleted file mode 100644 index eac8f0ae6..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_cost_controls/outputs.tf +++ /dev/null @@ -1,53 +0,0 @@ -output "turbot_profile" { - value = var.turbot_profile -} - -output "smart_folder_name" { - value = var.smart_folder_name -} - -output "smart_folder_description" { - value = var.smart_folder_description -} - -output "smart_folder_parent_resource" { - value = var.smart_folder_parent_resource -} - -output "resource_active" { - value = var.resource_active -} - -output "enable_rds_db_cluster_schedule_policies" { - value = var.enable_rds_db_cluster_schedule_policies -} - -output "enable_rds_cluster_schedule_tag_policies" { - value = var.enable_rds_cluster_schedule_tag_policies -} - -output "enable_rds_db_instance_schedule_policies" { - value = var.enable_rds_db_instance_schedule_policies -} - -output "enable_rds_db_instance_schedule_tag_policies" { - value = var.enable_rds_db_instance_schedule_tag_policies -} - -output "enable_redshift_cluster_schedule_policies" { - value = var.enable_redshift_cluster_schedule_policies -} - -output "enable_redshift_cluster_schedule_tag_policies" { - value = var.enable_redshift_cluster_schedule_tag_policies -} - -output "enable_workspace_schedule_policies" { - value = var.enable_redshift_cluster_schedule_policies -} - -output "enable_workspace_schedule_tag_policies" { - value = var.enable_redshift_cluster_schedule_tag_policies -} - - diff --git a/baselines/todo_policy_packs/aws/aws_check_cost_controls/providers.tf b/baselines/todo_policy_packs/aws/aws_check_cost_controls/providers.tf deleted file mode 100644 index 715fb0f92..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_cost_controls/providers.tf +++ /dev/null @@ -1,12 +0,0 @@ -terraform { - required_providers { - turbot = { - source = "turbot/turbot" - } - } - required_version = ">= 0.13" -} - -provider "turbot" { - profile = var.turbot_profile -} \ No newline at end of file diff --git a/baselines/todo_policy_packs/aws/aws_check_cost_controls/schedules.tf b/baselines/todo_policy_packs/aws/aws_check_cost_controls/schedules.tf deleted file mode 100644 index 64b366f87..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_cost_controls/schedules.tf +++ /dev/null @@ -1,101 +0,0 @@ - -# Scheduling in Turbot - https://turbot.com/v5/docs/concepts/guardrails/scheduling - -# Setting Resource Schedules to start/stop based on schedule -# Set to Skip to avoid accidently Enforcement. - -# Policy Setting Options: -# Skip -# Enforce: Business hours (8:00am - 6:00pm on weekdays) -# Enforce: Extended business hours (7:00am - 11:00pm on weekdays) -# Enforce: Stop for night (stop at 10:00pm every day) -# Enforce: Stop for weekend (stop at 10:00pm on Friday) - -# AWS > EC2 > Instance > Schedule -# https://turbot.com/v5/mods/turbot/aws-ec2/inspect#/policy/types/instanceSchedule -resource "turbot_policy_setting" "ec2_instance_schedule" { - resource = turbot_smart_folder.aws_cost_controls.id - type = "tmod:@turbot/aws-ec2#/policy/types/instanceSchedule" - value = "Skip" -} - -# AWS EC2 Instance Schedule Tag -# AWS > EC2 > Instance > Schedule -# https://turbot.com/v5/docs/concepts/guardrails/scheduling#scheduling-with-a-tag -resource "turbot_policy_setting" "aws_ec2_instance_schedule_tag" { -resource = turbot_smart_folder.aws_cost_controls.id - type = "tmod:@turbot/aws-ec2#/policy/types/instanceScheduleTag" - value = "Skip" -} - -# AWS > RDS > DB Cluster > Schedule -# https://turbot.com/v5/mods/turbot/aws-rds/inspect#/policy/types/dbClusterSchedule -resource "turbot_policy_setting" "aws_rds_db_cluster_schedule" { - count = var.enable_rds_db_cluster_schedule_policies ? 1 : 0 - resource = turbot_smart_folder.aws_cost_controls.id - type = "tmod:@turbot/aws-rds#/policy/types/dbClusterSchedule" - value = "Skip" -} - -# AWS > RDS > DB Cluster > Schedule Tag -# https://turbot.com/v5/mods/turbot/aws-rds/inspect#/policy/types/dbClusterScheduleTag -resource "turbot_policy_setting" "aws_rds_cluster_schedule_tag" { -count = var.enable_rds_cluster_schedule_tag_policies ? 1 : 0 -resource = turbot_smart_folder.aws_cost_controls.id - type = "tmod:@turbot/aws-rds#/policy/types/dbClusterScheduleTag" - value = "Skip" -} - -# AWS > RDS > DB Instance > Schedule -# https://turbot.com/v5/mods/turbot/aws-rds/inspect#/policy/types/instanceSchedule -resource "turbot_policy_setting" "aws_rds_db_instance_schedule" { - count = var.enable_rds_db_instance_schedule_policies ? 1 : 0 - resource = turbot_smart_folder.aws_cost_controls.id - type = "tmod:@turbot/aws-rds#/policy/types/instanceSchedule" - value = "Skip" -} - -# AWS > RDS > DB Instance > Schedule Tag -# https://turbot.com/v5/mods/turbot/aws-rds/inspect#/policy/types/instanceScheduleTag -resource "turbot_policy_setting" "aws_rds_db_instance_schedule_tag" { -count = var.enable_rds_db_instance_schedule_tag_policies ? 1 : 0 -resource = turbot_smart_folder.aws_cost_controls.id - type = "tmod:@turbot/aws-rds#/policy/types/instanceScheduleTag" - value = "Skip" -} - -# AWS > Redshift > Cluster > Schedule -# https://turbot.com/v5/mods/turbot/aws-redshift/inspect#/policy/types/clusterSchedule -resource "turbot_policy_setting" "aws_redshift_cluster_schedule" { - count = var.enable_redshift_cluster_schedule_policies ? 1 : 0 - resource = turbot_smart_folder.aws_cost_controls.id - type = "tmod:@turbot/aws-redshift#/policy/types/clusterSchedule" - value = "Skip" -} - -# AWS > Redshift > Cluster > Schedule Tag -# https://turbot.com/v5/mods/turbot/aws-redshift/inspect#/policy/types/clusterScheduleTag -resource "turbot_policy_setting" "aws_redshift_cluster_schedule_tag" { - count = var.enable_redshift_cluster_schedule_tag_policies ? 1 : 0 - resource = turbot_smart_folder.aws_cost_controls.id - type = "tmod:@turbot/aws-redshift#/policy/types/clusterScheduleTag" - value = "Skip" -} - -# AWS > WorkSpaces > WorkSpace > Schedule -# https://turbot.com/v5/mods/turbot/aws-workspaces/inspect#/policy/types/workspaceSchedule -resource "turbot_policy_setting" "aws_workspace_schedule" { - count = var.enable_workspace_schedule_policies ? 1 : 0 - resource = turbot_smart_folder.aws_cost_controls.id - type = "tmod:@turbot/aws-workspaces#/policy/types/workspaceSchedule" - value = "Skip" -} - -# AWS > WorkSpaces > WorkSpace > Schedule Tag -# https://turbot.com/v5/mods/turbot/aws-workspaces/inspect#/policy/types/workspaceScheduleTag -resource "turbot_policy_setting" "aws_workspace_schedule_tag" { - count = var.enable_workspace_schedule_tag_policies ? 1 : 0 - resource = turbot_smart_folder.aws_cost_controls.id - type = "tmod:@turbot/aws-workspaces#/policy/types/workspaceScheduleTag" - value = "Skip" -} diff --git a/baselines/todo_policy_packs/aws/aws_check_cost_controls/smart_folder.tf b/baselines/todo_policy_packs/aws/aws_check_cost_controls/smart_folder.tf deleted file mode 100644 index 8d9ca60a8..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_cost_controls/smart_folder.tf +++ /dev/null @@ -1,5 +0,0 @@ -resource "turbot_smart_folder" "aws_cost_controls" { - parent = var.smart_folder_parent_resource - title = var.smart_folder_name - description = var.smart_folder_description -} \ No newline at end of file diff --git a/baselines/todo_policy_packs/aws/aws_check_cost_controls/variables.tf b/baselines/todo_policy_packs/aws/aws_check_cost_controls/variables.tf deleted file mode 100644 index 68f7a4e4a..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_cost_controls/variables.tf +++ /dev/null @@ -1,263 +0,0 @@ -variable "resource_active" { - description = < -terraform init -terraform apply --var-file demo.tfvars -``` - -**Note** - -- Most of the variables in demo.tfvars are marked as `false`, as they are not part of required initial policies. This can be made `true` based on need. - -- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default variable file. - -### Input variable files - -Input variable files allow for the user to configure configuration definitions for multiple environments in different files. - -This baseline comes with an example input variable file called [demo.tfvars](demo.tfvars). - -It will be used to define which parts of the baseline to apply and which to ignore. - -The variables that can be overwritten by the input variable files i.e. [demo.tfvars](demo.tfvars) are defined in the [variables.tf](variables.tf) file. - -Further details found in official [Terraform documentation](https://www.terraform.io/docs/language/values/variables.html). - -### Apply baseline using input variable files - -If seeking to apply the baseline using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform apply --var-file=demo.tfvars - ``` -### Apply baseline without input variable file - -The baseline can be applied without an input variable file. - -1. By this time Terraform initialization is done as mentioned above. -3. Prefer to check the outcome by running the Terraform plan -3. Apply the Terraform -4. Run the command: - -```shell -cd -terraform plan -terraform apply -``` - -`This may prompt the user applying the baseline to enter values for variables that do not have default values.` - -### Destroy baseline without input variable file - -If seeking to apply the baseline without using an input variable file. - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform destroy - ``` - -### Destroy using input variable files - -If seeking to destoy the baseline configuration using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform destroy --var-file=demo.tfvars - ``` - -## Commenting strategy - -All Turbot policies used by the baselines will have a link to the official Turbot Mods documentation. - -Opening the links will give you further details about: - -- The purpose of the policy -- Policy URI name -- Parent information -- Category information -- Target information -- All valid values diff --git a/baselines/todo_policy_packs/aws/aws_check_encryption/backup_policies.tf b/baselines/todo_policy_packs/aws/aws_check_encryption/backup_policies.tf deleted file mode 100644 index 304349857..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_encryption/backup_policies.tf +++ /dev/null @@ -1,20 +0,0 @@ -## Ensure encryption on Backup Vault Resources -# Commented out since these services are not associated to the initial mod install list - -# AWS > Backup > Backup Vault > Approved -# https://turbot.com/v5/mods/turbot/aws-backup/inspect#/policy/types/backupVaultApproved -resource "turbot_policy_setting" "aws_backup_vault_approved" { - count = var.enable_backup_vault_approved_policies ? 1 : 0 - resource = turbot_smart_folder.aws_encryption.id - type = "tmod:@turbot/aws-backup#/policy/types/backupVaultApproved" - value = "Check: Approved" -} - -# AWS > Backup > Backup Vault > Approved > Encryption at Rest -# https://turbot.com/v5/mods/turbot/aws-backup/inspect#/policy/types/backupVaultEncryptionAtRest -resource "turbot_policy_setting" "aws_backup_vault_encryption_at_rest" { - count = var.enable_backup_vault_encryption_policies ? 1 : 0 - resource = turbot_smart_folder.aws_encryption.id - type = "tmod:@turbot/aws-backup#/policy/types/backupVaultEncryptionAtRest" - value = "AWS managed key or higher" -} diff --git a/baselines/todo_policy_packs/aws/aws_check_encryption/cloudtrail_policies.tf b/baselines/todo_policy_packs/aws/aws_check_encryption/cloudtrail_policies.tf deleted file mode 100644 index 5fac19cf8..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_encryption/cloudtrail_policies.tf +++ /dev/null @@ -1,10 +0,0 @@ -# Encryption at Rest Guardrails - https://turbot.com/v5/docs/concepts/guardrails/encryption-at-rest - -# AWS > CloudTrail > Trail > Encryption at Rest -# https://turbot.com/v5/mods/turbot/aws-cloudtrail/inspect#/policy/types/trailEncryptionAtRest -resource "turbot_policy_setting" "aws_cloudtrail_trail_encryption_at_rest" { - resource = turbot_smart_folder.aws_encryption.id - type = "tmod:@turbot/aws-cloudtrail#/policy/types/trailEncryptionAtRest" - value = "Check: Customer managed key" - # Note: no Check: AWS managed key or higher available at the moment -} \ No newline at end of file diff --git a/baselines/todo_policy_packs/aws/aws_check_encryption/demo.tfvars b/baselines/todo_policy_packs/aws/aws_check_encryption/demo.tfvars deleted file mode 100644 index 5ed0bbcfd..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_encryption/demo.tfvars +++ /dev/null @@ -1,32 +0,0 @@ -# See file, backup_policies.tf -enable_backup_vault_approved_policies = false -enable_backup_vault_encryption_policies = false - -# See file, dynamodb_policies.tf -enable_dynamodb_table_encryption_policies = false - -# See file, efs_policies.tf -enable_efs_filesystem_approved_policies = false -enable_efs_filesystem_encryption_policies = false - -# See file, elasticsearch_policies.tf -enable_elasticsearch_domain_approved_policies = false -enable_elasticsearch_domain_encryption_policies = false - -# See file, redshift_policies.tf -enable_redshift_cluster_encryption_policies = false - -# See file, rds_policies.tf -enable_rds_instance_approved_policies = false -enable_rds_instance_encryption_policies = false -enable_rds_manualsnapshot_approved_policies = false -enable_rds_manualsnapshot_encryption_policies = false - -# See file, ssm_policies.tf -enable_ssm_parameter_encryption_policies = false - -# See file, secretmanager_policies.tf -enable_secretmanager_secret_encryption_policies = false - -# See file, sqs_policies.tf -enable_sqs_queue_encryption_policies = false diff --git a/baselines/todo_policy_packs/aws/aws_check_encryption/dynamodb_policies.tf b/baselines/todo_policy_packs/aws/aws_check_encryption/dynamodb_policies.tf deleted file mode 100644 index ea9d07ef4..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_encryption/dynamodb_policies.tf +++ /dev/null @@ -1,10 +0,0 @@ -# Encryption at Rest Guardrails - https://turbot.com/v5/docs/concepts/guardrails/encryption-at-rest - -# AWS > DynamoDB > Table > Encryption at Rest -# https://turbot.com/v5/mods/turbot/aws-dynamodb/inspect#/policy/types/tableEncryptionAtRest -resource "turbot_policy_setting" "aws_dynamodb_table_encryption_at_rest" { - count = var.enable_dynamodb_table_encryption_policies ? 1 : 0 - resource = turbot_smart_folder.aws_encryption.id - type = "tmod:@turbot/aws-dynamodb#/policy/types/tableEncryptionAtRest" - value = "Check: AWS managed key or higher" -} \ No newline at end of file diff --git a/baselines/todo_policy_packs/aws/aws_check_encryption/ec2_policies.tf b/baselines/todo_policy_packs/aws/aws_check_encryption/ec2_policies.tf deleted file mode 100644 index c76348fd4..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_encryption/ec2_policies.tf +++ /dev/null @@ -1,70 +0,0 @@ -# Encryption at Rest Guardrails - https://turbot.com/v5/docs/concepts/guardrails/encryption-at-rest - -# AWS > EC2 > Instance > Approved -# https://turbot.com/v5/mods/turbot/aws-ec2/inspect#/policy/types/instanceApproved -resource "turbot_policy_setting" "ec2_instance_approved" { - resource = turbot_smart_folder.aws_encryption.id - type = "tmod:@turbot/aws-ec2#/policy/types/instanceApproved" - value = "Check: Approved" -} -# AWS > EC2 > Instance > Approved > Root Volume Encryption at Rest -# https://turbot.com/v5/mods/turbot/aws-ec2/inspect#/policy/types/rootVolumeEncryptionAtRest -resource "turbot_policy_setting" "ec2_instance_root_volume_encryption" { - resource = turbot_smart_folder.aws_encryption.id - type = "tmod:@turbot/aws-ec2#/policy/types/rootVolumeEncryptionAtRest" - value = "AWS managed key or higher" -} - -# Enable if you want to check for existence of a specific KMS key -# resource "turbot_policy_setting" "ec2_root_volume_encryption_kms_key" { -# resource = turbot_smart_folder.aws_encryption.id -# type = "tmod:@turbot/aws-ec2#/policy/types/rootVolumeEncryptionAtRestCustomerManagedKey" -# value = "arn:aws:kms:us-east-1:000000000000:alias/aws/ebs" ### key id, alias name or full ARN of alias/key -# } - -# AWS > EC2 > Volume > Approved -# https://turbot.com/v5/mods/turbot/aws-ec2/inspect#/policy/types/volumeApproved -resource "turbot_policy_setting" "ec2_volume_approved" { - resource = turbot_smart_folder.aws_encryption.id - type = "tmod:@turbot/aws-ec2#/policy/types/volumeApproved" - value = "Check: Approved" -} - -# AWS > EC2 > Volume > Approved > Encryption at Rest -# https://turbot.com/v5/mods/turbot/aws-ec2/inspect#/policy/types/volumeEncryptionAtRest -resource "turbot_policy_setting" "ec2_volume_encryption" { - resource = turbot_smart_folder.aws_encryption.id - type = "tmod:@turbot/aws-ec2#/policy/types/volumeEncryptionAtRest" - value = "AWS managed key or higher" -} - -# Enable if you want to check for existence of a specific kms key -# resource "turbot_policy_setting" "ec2_volume_encryption_kms_key" { -# resource = turbot_smart_folder.aws_encryption.id -# type = "tmod:@turbot/aws-ec2#/policy/types/volumeEncryptionAtRestCustomerManagedKey" -# value = "arn:aws:kms:us-east-1:000000000000:alias/aws/ebs" ### key id, alias name or full ARN of alias/key -# } - -# AWS > EC2 > Snapshot > Approved -# https://turbot.com/v5/mods/turbot/aws-ec2/inspect#/policy/types/snapshotApproved -resource "turbot_policy_setting" "ec2_snapshot_approved" { - resource = turbot_smart_folder.aws_encryption.id - type = "tmod:@turbot/aws-ec2#/policy/types/snapshotApproved" - value = "Check: Approved" -} - -# AWS > EC2 > Snapshot > Approved > Encryption at Rest -# https://turbot.com/v5/mods/turbot/aws-ec2/inspect#/policy/types/snapshotEncryptionAtRest -resource "turbot_policy_setting" "ec2_snapshot_approved_encryption" { - resource = turbot_smart_folder.aws_encryption.id - type = "tmod:@turbot/aws-ec2#/policy/types/snapshotEncryptionAtRest" - value = "AWS managed key or higher" -} - -# Enable if you want to check for existance of a specific kms key - -# resource "turbot_policy_setting" "ec2_snapshot_encryption_kms_key" { -# resource = turbot_smart_folder.aws_encryption.id -# type = "tmod:@turbot/aws-ec2#/policy/types/snapshotEncryptionAtRestCustomerManagedKey" -# value = "arn:aws:kms:us-east-1:000000000000:alias/aws/ebs" ### key id, alias name or full ARN of alias/key -# } diff --git a/baselines/todo_policy_packs/aws/aws_check_encryption/efs_policies.tf b/baselines/todo_policy_packs/aws/aws_check_encryption/efs_policies.tf deleted file mode 100644 index 23ede10f2..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_encryption/efs_policies.tf +++ /dev/null @@ -1,19 +0,0 @@ -# Encryption at Rest Guardrails - https://turbot.com/v5/docs/concepts/guardrails/encryption-at-rest - -# AWS > EFS > FileSystem > Approved -# https://turbot.com/v5/mods/turbot/aws-efs/inspect#/policy/types/fileSystemApproved -resource "turbot_policy_setting" "aws_efs_file_system_approved" { - count = var.enable_efs_filesystem_approved_policies ? 1 : 0 - resource = turbot_smart_folder.aws_encryption.id - type = "tmod:@turbot/aws-efs#/policy/types/fileSystemApproved" - value = "Check: Approved" -} - -# AWS > EFS > FileSystem > Approved > Encryption at Rest -# https://turbot.com/v5/mods/turbot/aws-efs/inspect#/policy/types/fileSystemEncryptionAtRest -resource "turbot_policy_setting" "aws_efs_file_system_encryption_at_rest" { - count = var.enable_efs_filesystem_encryption_policies ? 1 : 0 - resource = turbot_smart_folder.aws_encryption.id - type = "tmod:@turbot/aws-efs#/policy/types/fileSystemEncryptionAtRest" - value = "AWS managed key or higher" -} diff --git a/baselines/todo_policy_packs/aws/aws_check_encryption/elasticsearch_policies.tf b/baselines/todo_policy_packs/aws/aws_check_encryption/elasticsearch_policies.tf deleted file mode 100644 index 5d6a72282..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_encryption/elasticsearch_policies.tf +++ /dev/null @@ -1,19 +0,0 @@ -# Encryption at Rest Guardrails - https://turbot.com/v5/docs/concepts/guardrails/encryption-at-rest - -# AWS > Elasticsearch > Domain > Approved -# https://turbot.com/v5/mods/turbot/aws-elasticsearch/inspect#/policy/types/domainApproved -resource "turbot_policy_setting" "aws_elasticsearch_approved" { - count = var.enable_elasticsearch_domain_approved_policies ? 1 : 0 - resource = turbot_smart_folder.aws_encryption.id - type = "tmod:@turbot/aws-elasticsearch#/policy/types/domainApproved" - value = "Check: Approved" -} - -# AWS > Elasticsearch > Domain > Approved > Encryption at Rest -# https://turbot.com/v5/mods/turbot/aws-elasticsearch/inspect#/policy/types/domainEncryptionAtRest -resource "turbot_policy_setting" "aws_elasticsearch_encryption_at_rest" { - count = var.enable_elasticsearch_domain_encryption_policies ? 1 : 0 - resource = turbot_smart_folder.aws_encryption.id - type = "tmod:@turbot/aws-elasticsearch#/policy/types/domainEncryptionAtRest" - value = "AWS managed key or higher" -} diff --git a/baselines/todo_policy_packs/aws/aws_check_encryption/kinesis_policies.tf b/baselines/todo_policy_packs/aws/aws_check_encryption/kinesis_policies.tf deleted file mode 100644 index 830bba9d5..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_encryption/kinesis_policies.tf +++ /dev/null @@ -1,32 +0,0 @@ -# Policies delete unapproved Streams that are unencrypted -# Commented out since these services are not associated to the initial mod install list - - -# resource "turbot_policy_setting" "aws_kinesis_stream_approved" { -# resource = turbot_smart_folder.aws_encryption.id -# type = "tmod:@turbot/aws-kinesis#/policy/types/streamApproved" -# value = "Check: Approved" -# } - - -# resource "turbot_policy_setting" "aws_kinesis_approved_usage" { -# resource = turbot_smart_folder.aws_encryption.id -# type = "tmod:@turbot/aws-kinesis#/policy/types/streamApprovedUsage" -# template_input = <<-QUERY -# { -# stream { -# EncryptionType -# KeyId -# } -# } -# QUERY - -# # Nunjucks template evaluate metadata. -# template = <<-TEMPLATE -# {%- if $.stream.EncryptionType == "KMS" -%} -# "Approved" -# {%- else -%} -# "Not approved" -# {%- endif -%} -# TEMPLATE -# } diff --git a/baselines/todo_policy_packs/aws/aws_check_encryption/kms_policies.tf b/baselines/todo_policy_packs/aws/aws_check_encryption/kms_policies.tf deleted file mode 100644 index babfa3c67..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_encryption/kms_policies.tf +++ /dev/null @@ -1,9 +0,0 @@ -# Related: KMS related to AWS CIS 2.08 Ensure rotation for customer created CMKs is enabled - -# AWS > KMS > Key > Rotation -# https://turbot.com/v5/mods/turbot/aws-kms/inspect#/policy/types/keyRotation -resource "turbot_policy_setting" "keyRotation" { - resource = turbot_smart_folder.aws_encryption.id - type = "tmod:@turbot/aws-kms#/policy/types/keyRotation" - value = "Check: Enabled" -} diff --git a/baselines/todo_policy_packs/aws/aws_check_encryption/lambda_policies.tf b/baselines/todo_policy_packs/aws/aws_check_encryption/lambda_policies.tf deleted file mode 100644 index d0f43316f..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_encryption/lambda_policies.tf +++ /dev/null @@ -1,9 +0,0 @@ -# Encryption at Rest Guardrails - https://turbot.com/v5/docs/concepts/guardrails/encryption-at-rest - -# AWS > Lambda > Function > Encryption at Rest -# https://turbot.com/v5/mods/turbot/aws-lambda/inspect#/policy/types/functionEncryptionAtRest -resource "turbot_policy_setting" "lambda_function_ennvar_encryption_at_rest" { - resource = turbot_smart_folder.aws_encryption.id - type = "tmod:@turbot/aws-lambda#/policy/types/functionEncryptionAtRest" - value = "Check: AWS managed key or higher" -} diff --git a/baselines/todo_policy_packs/aws/aws_check_encryption/logs_policies.tf b/baselines/todo_policy_packs/aws/aws_check_encryption/logs_policies.tf deleted file mode 100644 index 17b237e8d..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_encryption/logs_policies.tf +++ /dev/null @@ -1,9 +0,0 @@ -# Encryption at Rest Guardrails - https://turbot.com/v5/docs/concepts/guardrails/encryption-at-rest - -# AWS > Logs > Log Group > Encryption at Rest -# https://turbot.com/v5/mods/turbot/aws-logs/inspect#/policy/types/logGroupEncryptionAtRest -resource "turbot_policy_setting" "cloudwatch_logs_encryption_at_rest" { - resource = turbot_smart_folder.aws_encryption.id - type = "tmod:@turbot/aws-logs#/policy/types/logGroupEncryptionAtRest" - value = "Check: AWS SSE or higher" -} diff --git a/baselines/todo_policy_packs/aws/aws_check_encryption/outputs.tf b/baselines/todo_policy_packs/aws/aws_check_encryption/outputs.tf deleted file mode 100644 index f8dc61af7..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_encryption/outputs.tf +++ /dev/null @@ -1,75 +0,0 @@ -output "turbot_profile" { - value = var.turbot_profile -} - -output "smart_folder_name" { - value = var.smart_folder_name -} - -output "smart_folder_description" { - value = var.smart_folder_description -} - -output "smart_folder_parent_resource" { - value = var.smart_folder_parent_resource -} - -output "enable_backup_vault_approved_policies" { - value = var.enable_backup_vault_approved_policies -} - -output "enable_backup_vault_encryption_policies" { - value = var.enable_backup_vault_encryption_policies -} - -output "enable_dynamodb_table_encryption_policies" { - value = var.enable_dynamodb_table_encryption_policies -} - -output "enable_efs_filesystem_approved_policies" { - value = var.enable_efs_filesystem_approved_policies -} - -output "enable_efs_filesystem_encryption_policies" { - value = var.enable_efs_filesystem_encryption_policies -} - -output "enable_elasticsearch_domain_approved_policies" { - value = var.enable_elasticsearch_domain_approved_policies -} - -output "enable_elasticsearch_domain_encryption_policies" { - value = var.enable_elasticsearch_domain_encryption_policies -} - -output "enable_redshift_cluster_encryption_policies" { - value = var.enable_redshift_cluster_encryption_policies -} - -output "enable_rds_instance_approved_policies" { - value = var.enable_rds_instance_approved_policies -} - -output "enable_rds_instance_encryption_policies" { - value = var.enable_rds_instance_encryption_policies -} - -output "enable_rds_manualsnapshot_approved_policies" { - value = var.enable_rds_manualsnapshot_approved_policies -} - -output "enable_rds_manualsnapshot_encryption_policies" { - value = var.enable_rds_manualsnapshot_encryption_policies -} - -output "enable_ssm_parameter_encryption_policies" { - value = var.enable_ssm_parameter_encryption_policies -} - -output "enable_secretmanager_secret_encryption_policies" { - value = var.enable_secretmanager_secret_encryption_policies -} - -output "enable_sqs_queue_encryption_policies" { - value = var.enable_sqs_queue_encryption_policies -} diff --git a/baselines/todo_policy_packs/aws/aws_check_encryption/providers.tf b/baselines/todo_policy_packs/aws/aws_check_encryption/providers.tf deleted file mode 100644 index 0353d61cb..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_encryption/providers.tf +++ /dev/null @@ -1,12 +0,0 @@ -terraform { - required_providers { - turbot = { - source = "turbot/turbot" - } - } - required_version = ">= 0.13" -} - -provider "turbot" { - profile = var.turbot_profile -} diff --git a/baselines/todo_policy_packs/aws/aws_check_encryption/rds_policies.tf b/baselines/todo_policy_packs/aws/aws_check_encryption/rds_policies.tf deleted file mode 100644 index 971cd68ed..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_encryption/rds_policies.tf +++ /dev/null @@ -1,37 +0,0 @@ -# Encryption at Rest Guardrails - https://turbot.com/v5/docs/concepts/guardrails/encryption-at-rest - -# AWS > RDS > DB Instance > Approved -# https://turbot.com/v5/mods/turbot/aws-rds/inspect#/policy/types/dbInstanceApproved -resource "turbot_policy_setting" "db_instancce_approved" { - count = var.enable_rds_instance_approved_policies ? 1 : 0 - resource = turbot_smart_folder.aws_encryption.id - type = "tmod:@turbot/aws-rds#/policy/types/dbInstanceApproved" - value = "Check: Approved" -} -# AWS > RDS > DB Instance > Approved > Encryption at Rest -# https://turbot.com/v5/mods/turbot/aws-rds/inspect#/policy/types/dbInstanceEncryptionAtRest -resource "turbot_policy_setting" "db_instance_approved_encryption" { - count = var.enable_rds_instance_encryption_policies ? 1 : 0 - resource = turbot_smart_folder.aws_encryption.id - type = "tmod:@turbot/aws-rds#/policy/types/dbInstanceEncryptionAtRest" - value = "AWS managed key or higher" -} - -# AWS > RDS > DB Snapshot [Manual] > Approved -# https://turbot.com/v5/mods/turbot/aws-rds/inspect#/policy/types/dbSnapshotManualEncryptionAtRest -resource "turbot_policy_setting" "db_snapshot_approved" { - count = var.enable_rds_manualsnapshot_approved_policies ? 1 : 0 - resource = turbot_smart_folder.aws_encryption.id - type = "tmod:@turbot/aws-rds#/policy/types/dbSnapshotManualApproved" - value = "Check: Approved" -} - -# AWS > RDS > DB Instance > Approved > Encryption at Rest -# https://turbot.com/v5/mods/turbot/aws-rds/inspect#/policy/types/dbInstanceEncryptionAtRest -resource "turbot_policy_setting" "db_snapshot_approved_encryption" { - count = var.enable_rds_manualsnapshot_encryption_policies ? 1 : 0 - resource = turbot_smart_folder.aws_encryption.id - type = "tmod:@turbot/aws-rds#/policy/types/dbSnapshotManualEncryptionAtRest" - value = "AWS managed key or higher" -} - diff --git a/baselines/todo_policy_packs/aws/aws_check_encryption/redshift_policies.tf b/baselines/todo_policy_packs/aws/aws_check_encryption/redshift_policies.tf deleted file mode 100644 index cb89b83c1..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_encryption/redshift_policies.tf +++ /dev/null @@ -1,10 +0,0 @@ -# Encryption at Rest Guardrails - https://turbot.com/v5/docs/concepts/guardrails/encryption-at-rest - -# AWS > Redshift > Cluster > Encryption at Rest -# https://turbot.com/v5/mods/turbot/aws-redshift/inspect#/policy/types/clusterEncryptionAtRest -resource "turbot_policy_setting" "redshift_cluster_encryption_at_rest" { - count = var.enable_redshift_cluster_encryption_policies ? 1 : 0 - resource = turbot_smart_folder.aws_encryption.id - type = "tmod:@turbot/aws-redshift#/policy/types/clusterEncryptionAtRest" - value = "Check: AWS managed key or higher" -} diff --git a/baselines/todo_policy_packs/aws/aws_check_encryption/s3_policies.tf b/baselines/todo_policy_packs/aws/aws_check_encryption/s3_policies.tf deleted file mode 100644 index cdeee1084..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_encryption/s3_policies.tf +++ /dev/null @@ -1,20 +0,0 @@ -# Encryption at Rest Guardrails - https://turbot.com/v5/docs/concepts/guardrails/encryption-at-rest -# Encryption in Transit Guardrails - https://turbot.com/v5/docs/concepts/guardrails/encryption-in-transit - -# Encryption at Rest and In Transit. Also in the Encryption Baseline - -# AWS > S3 > Bucket > Encryption at Rest -# https://turbot.com/v5/mods/turbot/aws-s3/inspect#/policy/types/bucketEncryptionAtRest -resource "turbot_policy_setting" "s3_encryption_at_rest" { - resource = turbot_smart_folder.aws_encryption.id - type = "tmod:@turbot/aws-s3#/policy/types/bucketEncryptionAtRest" - value = "Check: AWS SSE or higher" -} - -# AWS > S3 > Bucket > Encryption in Transit -# https://turbot.com/v5/mods/turbot/aws-s3/inspect#/policy/types/encryptionInTransit -resource "turbot_policy_setting" "s3_encryption_in_transit" { - resource = turbot_smart_folder.aws_encryption.id - type = "tmod:@turbot/aws-s3#/policy/types/encryptionInTransit" - value = "Check: Enabled" -} diff --git a/baselines/todo_policy_packs/aws/aws_check_encryption/secretmanager_policies.tf b/baselines/todo_policy_packs/aws/aws_check_encryption/secretmanager_policies.tf deleted file mode 100644 index e5f06fa53..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_encryption/secretmanager_policies.tf +++ /dev/null @@ -1,10 +0,0 @@ -# Encryption at Rest Guardrails - https://turbot.com/v5/docs/concepts/guardrails/encryption-at-rest - -# AWS > SSM > Parameter > Encryption at Rest -# https://turbot.com/v5/mods/turbot/aws-ssm/inspect#/policy/types/ssmParameterEncryptionAtRest -resource "turbot_policy_setting" "secrets_manager_encryption_at_rest" { - count = var.enable_secretmanager_secret_encryption_policies ? 1 : 0 - resource = turbot_smart_folder.aws_encryption.id - type = "tmod:@turbot/aws-secretsmanager#/policy/types/secretEncryptionAtRest" - value = "Check: AWS managed key or higher" -} \ No newline at end of file diff --git a/baselines/todo_policy_packs/aws/aws_check_encryption/smart_folder.tf b/baselines/todo_policy_packs/aws/aws_check_encryption/smart_folder.tf deleted file mode 100644 index 714197787..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_encryption/smart_folder.tf +++ /dev/null @@ -1,6 +0,0 @@ - -resource "turbot_smart_folder" "aws_encryption" { - parent = var.smart_folder_parent_resource - title = var.smart_folder_name - description = var.smart_folder_description -} \ No newline at end of file diff --git a/baselines/todo_policy_packs/aws/aws_check_encryption/sns_policies.tf b/baselines/todo_policy_packs/aws/aws_check_encryption/sns_policies.tf deleted file mode 100644 index 8b266cb80..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_encryption/sns_policies.tf +++ /dev/null @@ -1,9 +0,0 @@ -# Encryption at Rest Guardrails - https://turbot.com/v5/docs/concepts/guardrails/encryption-at-rest - -# AWS > SNS > Topic > Encryption at Rest -# https://turbot.com/v5/mods/turbot/aws-sns/inspect#/policy/types/topicEncryptionAtRest -resource "turbot_policy_setting" "aws_sns_topic_encrypted" { - resource = turbot_smart_folder.aws_encryption.id - type = "tmod:@turbot/aws-sns#/policy/types/topicEncryptionAtRest" - value = "Check: AWS managed key or higher" -} diff --git a/baselines/todo_policy_packs/aws/aws_check_encryption/sqs_policies.tf b/baselines/todo_policy_packs/aws/aws_check_encryption/sqs_policies.tf deleted file mode 100644 index 3e2a0be81..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_encryption/sqs_policies.tf +++ /dev/null @@ -1,10 +0,0 @@ -# Encryption at Rest Guardrails - https://turbot.com/v5/docs/concepts/guardrails/encryption-at-rest - -# AWS > SQS > Queue > Encryption at Rest -# https://turbot.com/v5/mods/turbot/aws-sqs/inspect#/policy/types/queueEncryptionAtRest -resource "turbot_policy_setting" "aws_sqs_queue_encrypted" { - count = var.enable_sqs_queue_encryption_policies ? 1 : 0 - resource = turbot_smart_folder.aws_encryption.id - type = "tmod:@turbot/aws-sqs#/policy/types/queueEncryptionAtRest" - value = "Check: AWS managed key or higher" -} diff --git a/baselines/todo_policy_packs/aws/aws_check_encryption/ssm_policies.tf b/baselines/todo_policy_packs/aws/aws_check_encryption/ssm_policies.tf deleted file mode 100644 index 42b3be0ca..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_encryption/ssm_policies.tf +++ /dev/null @@ -1,10 +0,0 @@ -# Encryption at Rest Guardrails - https://turbot.com/v5/docs/concepts/guardrails/encryption-at-rest - -# AWS > SSM > Parameter > Encryption at Rest -# https://turbot.com/v5/mods/turbot/aws-ssm/inspect#/policy/types/ssmParameterEncryptionAtRest -resource "turbot_policy_setting" "aws_ssm_param_encryption_at_rest" { - count = var.enable_ssm_parameter_encryption_policies ? 1 : 0 - resource = turbot_smart_folder.aws_encryption.id - type = "tmod:@turbot/aws-ssm#/policy/types/ssmParameterEncryptionAtRest" - value = "Check: AWS managed key or higher" -} diff --git a/baselines/todo_policy_packs/aws/aws_check_encryption/variables.tf b/baselines/todo_policy_packs/aws/aws_check_encryption/variables.tf deleted file mode 100644 index b1910b500..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_encryption/variables.tf +++ /dev/null @@ -1,117 +0,0 @@ -# Baseline Configuration - -variable "enable_backup_vault_approved_policies" { - type = bool - description = "Enable the Backup Vault approved policies for baseline" - default = false -} - -variable "enable_backup_vault_encryption_policies" { - type = bool - description = "Enabling will ensure encryption on Backup Vault Resources, by default this is disabled" - default = false -} - -variable "enable_dynamodb_table_encryption_policies" { - type = bool - description = "Enabling will ensure encryption on DynamoDB Table Resources, by default this is disabled" - default = false -} - -variable "enable_redshift_cluster_encryption_policies" { - type = bool - description = "Enabling will ensure encryption on Redshift Cluster Resources, by default this is disabled" - default = false -} - -variable "enable_ssm_parameter_encryption_policies" { - type = bool - description = "Enabling will ensure encryption on SSM Parameter Resources, by default this is disabled" - default = false -} - -variable "enable_secretmanager_secret_encryption_policies" { - type = bool - description = "Enabling will ensure encryption on Secret Manager Secret Resources, by default this is disabled" - default = false -} - -variable "enable_rds_instance_approved_policies" { - type = bool - description = "Enable the RDS Instance approved policies for baseline" - default = false -} - -variable "enable_rds_instance_encryption_policies" { - type = bool - description = "Enabling will ensure encryption on RDS Instance Resources, by default this is disabled" - default = false -} - -variable "enable_rds_manualsnapshot_approved_policies" { - type = bool - description = "Enable the RDS Instance approved policies for baseline" - default = false -} - -variable "enable_rds_manualsnapshot_encryption_policies" { - type = bool - description = "Enabling will ensure encryption on RDS Manual Snapshot, by default this is disabled" - default = false -} - -variable "enable_efs_filesystem_approved_policies" { - type = bool - description = "Enable the EFS Filesystem approved policies for baseline" - default = false -} - -variable "enable_sqs_queue_encryption_policies" { - type = bool - description = "Enable the SQS Queue approved policies for baseline" - default = false -} - -variable "enable_efs_filesystem_encryption_policies" { - type = bool - description = "Enabling will ensure encryption on EFS Filesystem Resources, by default this is disabled" - default = false -} - -variable "enable_elasticsearch_domain_approved_policies" { - type = bool - description = "Enable the Elasticsearch Domain approved policies for baseline" - default = false -} - -variable "enable_elasticsearch_domain_encryption_policies" { - type = bool - description = "Enabling will ensure encryption on Elasticsearch Domain Resources, by default this is disabled" - default = false -} - -# None - -# Optional Common Baseline Configuration - -variable "turbot_profile" { - description = "Enter profile matching your turbot cli credentials." -} - -variable "smart_folder_name" { - description = "Smart folder name for the baseline" - type = string - default = "AWS Check Encryption Policies" -} - -variable "smart_folder_description" { - description = "Enter a description for the smart folder" - type = string - default = "Defines sets of policies for the baseline AWS Check Encryption" -} - -variable "smart_folder_parent_resource" { - description = "Enter the resource ID or AKA for the parent of the smart folder" - type = string - default = "tmod:@turbot/turbot#/" -} diff --git a/baselines/todo_policy_packs/aws/aws_check_iam/README.md b/baselines/todo_policy_packs/aws/aws_check_iam/README.md deleted file mode 100644 index 30760e6c8..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_iam/README.md +++ /dev/null @@ -1,131 +0,0 @@ -# Baseline - AWS Check IAM Policies - -AWS Check IAM Policies focuses on enabling all IAM resources baseline policies. Some policies are enabled with industry standard best practices and some are enabled with check mode to validate. - -## Overview - -Baseline policies are initial set of policies recommended to start with while using Turbot. These policies mostly focuses on enabling services, frequently used policies to run in check mode & enabling security features such as various encryption standards. Baseline TF scripts allows you to toggle the value to apply or ignore. See the below sections for more information. - -Some of these policies overlap with other set of baselines. Hence Turbot provided set of baseline TF files are executed in separate [Smart Folder](https://turbot.com/v5/docs/getting-started/smart_folder). The advantage of setting up of each baseline in their own Smart Folder prevents conflicting with the policy settings created by other baseline scripts. - -This baseline will not attach to a resource by default. This needs to be done manually using the Turbot UI. - -## Requirements - -- Terraform v0.13 or greater installed -- Valid Turbot configuration credentials - -For further information on configuring Turbot credentials can be found [here](https://turbot.com/v5/docs/reference/cli/installation#setup-your-turbot-credentials). - -## Applying baseline - -The baseline is defined by a set of files which together define the configuration of the baseline. - -### Initialize baseline - -If not previously run, Initialize Terraform to get all necessary providers for the baseline. - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform init - ``` -### Profile name as input - -The baseline example set requires you to provide `turbot_profile` name as input. This is to help in case you are having more profiles than only `default`. In case it's default, specify name as default. - -```shell -var.turbot_profile - Enter profile matching your turbot cli credentials. - Enter a value: -``` - -### Deploying demo example - -1. Navigate to the folder of the baseline -2. Initialize Terraform -3. Apply the baseline using the demo input variable file [demo.tfvars](demo.tfvars) - -On the terminal this will look like: - -```shell -cd -terraform init -terraform apply --var-file demo.tfvars -``` -**Note** Most of the variables in demo.tfvars are marked as `false`, as they are not part of required initial policies. This can be made `true` based on need. - -### Input variable files - -Input variable files allow for the user to configure configuration definitions for multiple environments in different files. - -This baseline comes with an example input variable file called [demo.tfvars](demo.tfvars). - -It will be used to define which parts of the baseline to apply and which to ignore. - -The variables that can be overwritten by the input variable files i.e. [demo.tfvars](demo.tfvars) are defined in the [variables.tf](variables.tf) file. - -Further details found in official [Terraform documentation](https://www.terraform.io/docs/language/values/variables.html). - -### Apply baseline using input variable files - -If seeking to apply the baseline using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform apply --var-file=demo.tfvars - ``` -### Apply baseline without input variable file - -The baseline can be applied without an input variable file. - -1. By this time Terraform initialization is done as mentioned above. -3. Prefer to check the outcome by running the Terraform plan -3. Apply the Terraform -4. Run the command: - -```shell -cd -terraform plan -terraform apply -``` - -`This may prompt the user applying the baseline to enter values for variables that do not have default values.` - -### Destroy baseline without input variable file - -If seeking to apply the baseline without using an input variable file. - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform destroy - ``` - -### Destroy using input variable files - -If seeking to destoy the baseline configuration using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform destroy --var-file=demo.tfvars - ``` - -## Commenting strategy - -All Turbot policies used by the baselines will have a link to the official Turbot Mods documentation. - -Opening the links will give you further details about: - -- The purpose of the policy -- Policy URI name -- Parent information -- Category information -- Target information -- All valid values diff --git a/baselines/todo_policy_packs/aws/aws_check_iam/access_key_rotation.tf b/baselines/todo_policy_packs/aws/aws_check_iam/access_key_rotation.tf deleted file mode 100644 index 548f289ca..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_iam/access_key_rotation.tf +++ /dev/null @@ -1,22 +0,0 @@ -# IAM users must rotate keys every 90 days -# Relates to AWS CIS 1.04 Ensure access keys are rotated every 90 days or less (Scored) - - -# AWS > IAM > Access Key > Active -# https://turbot.com/v5/mods/turbot/aws-iam/inspect#/policy/types/accessKeyActive -resource "turbot_policy_setting" "iam_user_access_key_active" { - count = var.enable_iam_user_access_key_active ? 1 : 0 - resource = turbot_smart_folder.aws_iam.id - type = "tmod:@turbot/aws-iam#/policy/types/accessKeyActive" - value = "Check: Active" -} - - -# AWS > IAM > Access Key > Active > Age -# https://turbot.com/v5/mods/turbot/aws-iam/inspect#/policy/types/accessKeyActiveAge -resource "turbot_policy_setting" "iam_user_access_key_active_age" { - count = var.enable_iam_user_access_key_active_age ? 1 : 0 - resource = turbot_smart_folder.aws_iam.id - type = "tmod:@turbot/aws-iam#/policy/types/accessKeyActiveAge" - value = "Force inactive if age > 90 days" -} diff --git a/baselines/todo_policy_packs/aws/aws_check_iam/account_password_policy.tf b/baselines/todo_policy_packs/aws/aws_check_iam/account_password_policy.tf deleted file mode 100644 index 6da90ca60..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_iam/account_password_policy.tf +++ /dev/null @@ -1,73 +0,0 @@ -## IAM Account Password Policy CIS Controls - -#Enforces CIS 1.05 to 1.10 Account Password Policy Setting Conditions below -# https://turbot.com/v5/mods/turbot/aws-iam/inspect#/policy/types/accountPasswordPolicySettings -resource "turbot_policy_setting" "account_Password_PolicySettings" { - count = var.enable_account_password_policysettings ? 1 : 0 - resource = turbot_smart_folder.aws_iam.id - type = "tmod:@turbot/aws-iam#/policy/types/accountPasswordPolicySettings" - value = "Check: Configured" -} - -#1.05 Ensure IAM password policy requires at least one uppercase letter (Scored) -# https://turbot.com/v5/mods/turbot/aws-iam/inspect#/policy/types/accountPasswordPolicySettingsRequireUppercaseCharacters -resource "turbot_policy_setting" "account_Password_PolicySettings_RequireUppercaseCharacters" { - count = var.enable_account_password_policysettings_require_uppercasecharacters ? 1 : 0 - resource = turbot_smart_folder.aws_iam.id - type = "tmod:@turbot/aws-iam#/policy/types/accountPasswordPolicySettingsRequireUppercaseCharacters" - value = "Enabled" -} - -#1.06 Ensure IAM password policy require at least one lowercase letter (Scored) -# https://turbot.com/v5/mods/turbot/aws-iam/inspect#/policy/types/accountPasswordPolicySettingsRequireLowercaseCharacters -resource "turbot_policy_setting" "account_Password_PolicySettings_RequireLowercaseCharacters" { - count = var.enable_account_password_policysettings_require_lowercasecharacters ? 1 : 0 - resource = turbot_smart_folder.aws_iam.id - type = "tmod:@turbot/aws-iam#/policy/types/accountPasswordPolicySettingsRequireLowercaseCharacters" - value = "Enabled" -} - -#1.07 Ensure IAM password policy require at least one symbol (Scored) -# https://turbot.com/v5/mods/turbot/aws-iam/inspect#/policy/types/accountPasswordPolicySettingsRequireSymbols -resource "turbot_policy_setting" "account_Password_PolicySettings_RequireSymbols" { - count = var.enable_account_password_policysettings_requiresymbols ? 1 : 0 - resource = turbot_smart_folder.aws_iam.id - type = "tmod:@turbot/aws-iam#/policy/types/accountPasswordPolicySettingsRequireSymbols" - value = "Enabled" -} - -#1.08 Ensure IAM password policy require at least one number (Scored) -# https://turbot.com/v5/mods/turbot/aws-iam/inspect#/policy/types/accountPasswordPolicySettingsRequireNumbers -resource "turbot_policy_setting" "account_Password_PolicySettings_RequireNumbers" { - count = var.enable_account_password_policysettings_requireNumbers ? 1 : 0 - resource = turbot_smart_folder.aws_iam.id - type = "tmod:@turbot/aws-iam#/policy/types/accountPasswordPolicySettingsRequireNumbers" - value = "Enabled" -} - -#1.09 Ensure IAM password policy requires minimum length of 14 or greater (Scored) -# https://turbot.com/v5/mods/turbot/aws-iam/inspect#/policy/types/accountPasswordPolicySettingsMinimumLength -resource "turbot_policy_setting" "account_Password_PolicySettings_MinimumLength" { - count = var.enable_account_password_policysettings_minimumLength ? 1 : 0 - resource = turbot_smart_folder.aws_iam.id - type = "tmod:@turbot/aws-iam#/policy/types/accountPasswordPolicySettingsMinimumLength" - value = "14" -} - -#1.10 Ensure IAM password policy prevents password reuse (Scored) -# https://turbot.com/v5/mods/turbot/aws-iam/inspect#/policy/types/accountPasswordPolicySettingsReusePrevention -resource "turbot_policy_setting" "account_Password_PolicySettings_ReusePrevention" { - count = var.enable_account_password_policysettings_reuseprevention ? 1 : 0 - resource = turbot_smart_folder.aws_iam.id - type = "tmod:@turbot/aws-iam#/policy/types/accountPasswordPolicySettingsReusePrevention" - value = "24" -} - -#1.11 Ensure IAM password policy expires passwords within 90 days or less (Scored) -# https://turbot.com/v5/mods/turbot/aws-iam/inspect#/policy/types/accountPasswordPolicySettingsMaxAge -resource "turbot_policy_setting" "account_Password_PolicySettings_MaxAge" { - count = var.enable_account_password_policysettings_maxage ? 1 : 0 - resource = turbot_smart_folder.aws_iam.id - type = "tmod:@turbot/aws-iam#/policy/types/accountPasswordPolicySettingsMaxAge" - value = "90" -} diff --git a/baselines/todo_policy_packs/aws/aws_check_iam/demo.tfvars b/baselines/todo_policy_packs/aws/aws_check_iam/demo.tfvars deleted file mode 100644 index 37a73e340..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_iam/demo.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# See file, role_trust_policy.tf -trusted_accounts = [ - "{{ $.account.Id }}", # Self - current AWS Account - "287590803701", # Turbot SaaS US Prod - "255798382450", # Turbot SaaS EU Account - "525041748188", #Turbot SaaS Dev Account -] - -# See file, role_trust_policy.tf -enable_iam_role_policy_trusted_access = false -enable_iam_role_trusted_accounts = false diff --git a/baselines/todo_policy_packs/aws/aws_check_iam/deny_star_policy_stmt.tf b/baselines/todo_policy_packs/aws/aws_check_iam/deny_star_policy_stmt.tf deleted file mode 100644 index 3e7dae4fb..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_iam/deny_star_policy_stmt.tf +++ /dev/null @@ -1,50 +0,0 @@ -# CHeck for * Access except for List/Get - -# AWS > IAM > Policy > Approved -# https://turbot.com/v5/mods/turbot/aws-iam/inspect#/policy/types/iamPolicyApproved -resource "turbot_policy_setting" "iam_policy_approved" { - count = var.enable_iam_policy_approved ? 1 : 0 - resource = turbot_smart_folder.aws_iam.id - type = "tmod:@turbot/aws-iam#/policy/types/iamPolicyApproved" - value = "Check: Approved" - ## "Enforce: Delete unapproved if new" -} - -# AWS > IAM > Policy > Approved > Usage -# https://turbot.com/v5/mods/turbot/aws-iam/inspect#/policy/types/iamPolicyApprovedUsage -resource "turbot_policy_setting" "iam_policy_approved_statements" { - count = var.enable_iam_policy_approved_statements ? 1 : 0 - resource = turbot_smart_folder.aws_iam.id - type = "tmod:@turbot/aws-iam#/policy/types/iamPolicyApprovedUsage" - # GraphQL to pull policy Statements - template_input = <<-QUERY - { - policy: resource { - statements: get(path: "PolicyVersion.Document.Statement") - } - } -QUERY - - # Nunjucks template to set usage approval based on policy content - template = <<-TEMPLATE - {%- set anyStar = r/\*/g -%} - {%- set goodStar = r/(Get|List)\*/g -%} - {%- set approved = true -%} - {%- for statement in $.policy.statements -%} - {%- set actions_string = statement.Action | string -%} - {%- set actions = actions_string.split(",") -%} - {%- for action in actions -%} - {%- if anyStar.test(action) -%} - {%- if not goodStar.test(action) -%} - {%- set approved = false -%} - {%- endif -%} - {%- endif -%} - {%- endfor -%} - {%- endfor -%} - {%- if approved -%} - "Approved" - {%- else -%} - "Not approved" - {%- endif -%} -TEMPLATE -} diff --git a/baselines/todo_policy_packs/aws/aws_check_iam/group_inline_star_policy_stmt.tf b/baselines/todo_policy_packs/aws/aws_check_iam/group_inline_star_policy_stmt.tf deleted file mode 100644 index b0ed7170c..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_iam/group_inline_star_policy_stmt.tf +++ /dev/null @@ -1,23 +0,0 @@ -# Check IAM Group inline policy for AdministratorAccess - -# AWS > IAM > Group > Inline Policy > Statements > Approved -# https://turbot.com/v5/mods/turbot/aws-iam/inspect#/policy/types/groupInlinePolicyStatementsApproved -resource "turbot_policy_setting" "iam_group_inline_policy_approved" { - count = var.enable_iam_group_inline_policy_approved ? 1 : 0 - resource = turbot_smart_folder.aws_iam.id - type = "tmod:@turbot/aws-iam#/policy/types/groupInlinePolicyStatementsApproved" - value = "Check: Approved" - ## "Enforce: Delete Unapproved" -} - -# AWS > IAM > Group > Inline Policy > Statements > Approved > Administrator Access -# https://turbot.com/v5/mods/turbot/aws-iam/inspect#/policy/types/groupInlinePolicyStatementsApprovedAdminAccess -resource "turbot_policy_setting" "iam_group_inline_policy_approved_admin_access" { - count = var.enable_iam_group_inline_policy_approved_admin_access ? 1 : 0 - resource = turbot_smart_folder.aws_iam.id - type = "tmod:@turbot/aws-iam#/policy/types/groupInlinePolicyStatementsApprovedAdminAccess" - value = < IAM > Group > Policy Attachments > Approved -# https://turbot.com/v5/mods/turbot/aws-iam/inspect#/policy/types/groupPolicyAttachmentsApproved -resource "turbot_policy_setting" "aws_iam_group_policy_attachement_approved" { - count = var.enable_aws_iam_group_policy_attachement_approved ? 1 : 0 - resource = turbot_smart_folder.aws_iam.id - type = "tmod:@turbot/aws-iam#/policy/types/groupPolicyAttachmentsApproved" - value = "Check: Approved" - ## "Enforce: Delete unapproved" -} - -# Identify policy names that are unapproved -# AWS > IAM > Group > Policy Attachments > Approved > Rules -# https://turbot.com/v5/mods/turbot/aws-iam/inspect#/policy/types/groupPolicyAttachmentsApprovedRules -resource "turbot_policy_setting" "aws_iam_group_policy_attachement_rules" { - count = var.enable_aws_iam_group_policy_attachement_rules ? 1 : 0 - resource = turbot_smart_folder.aws_iam.id - type = "tmod:@turbot/aws-iam#/policy/types/groupPolicyAttachmentsApprovedRules" - value = <<-POLICY - REJECT $.PolicyName:/^.+FullAccess.*$/ - REJECT $.PolicyName:AdministratorAccess - APPROVE * - POLICY -} diff --git a/baselines/todo_policy_packs/aws/aws_check_iam/output.tf b/baselines/todo_policy_packs/aws/aws_check_iam/output.tf deleted file mode 100644 index 3ae38c74b..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_iam/output.tf +++ /dev/null @@ -1,130 +0,0 @@ -output "enable_iam_user_access_key_active" { - value = var.enable_iam_user_access_key_active -} - -output "enable_iam_user_access_key_active_age" { - value = var.enable_iam_user_access_key_active_age -} - -output "enable_account_password_policysettings" { - value = var.enable_account_password_policysettings -} - -output "enable_account_password_policysettings_require_uppercasecharacters" { - value = var.enable_account_password_policysettings_require_uppercasecharacters -} - -output "enable_account_password_policysettings_require_lowercasecharacters" { - value = var.enable_account_password_policysettings_require_lowercasecharacters -} - -output "enable_account_password_policysettings_requiresymbols" { - value = var.enable_account_password_policysettings_requiresymbols -} - -output "enable_account_password_policysettings_requireNumbers" { - value = var.enable_account_password_policysettings_requireNumbers -} - -output "enable_account_password_policysettings_minimumLength" { - value = var.enable_account_password_policysettings_minimumLength -} - -output "enable_account_password_policysettings_reuseprevention" { - value = var.enable_account_password_policysettings_reuseprevention -} - -output "enable_account_password_policysettings_maxage" { - value = var.enable_account_password_policysettings_maxage -} - -output "enable_iam_policy_approved" { - value = var.enable_iam_policy_approved -} - -output "enable_iam_policy_approved_statements" { - value = var.enable_iam_policy_approved_statements -} - -output "enable_iam_group_inline_policy_approved" { - value = var.enable_iam_group_inline_policy_approved -} - -output "enable_iam_group_inline_policy_approved_admin_access" { - value = var.enable_iam_group_inline_policy_approved_admin_access -} - -output "enable_aws_iam_group_policy_attachement_approved" { - value = var.enable_aws_iam_group_policy_attachement_approved -} - -output "enable_aws_iam_group_policy_attachement_rules" { - value = var.enable_aws_iam_group_policy_attachement_rules -} - -output "enable_iam_role_inline_policy_approved" { - value = var.enable_iam_role_inline_policy_approved -} - -output "enable_iam_role_inline_policy_approved_admin_access" { - value = var.enable_iam_role_inline_policy_approved_admin_access -} - -output "enable_iam_role_policy_attachement_approved" { - value = var.enable_iam_role_policy_attachement_approved -} - -output "enable_iam_role_policy_attachement_rules" { - value = var.enable_iam_role_policy_attachement_rules -} - -output "enable_iam_role_policy_trusted_access" { - value = var.enable_iam_role_policy_trusted_access -} - -output "enable_iam_role_trusted_accounts" { - value = var.enable_iam_role_trusted_accounts -} - -output "enable_iam_user_inline_policy_approved" { - value = var.enable_iam_user_inline_policy_approved -} - -output "enable_iam_user_inline_policy_approved_admin_access" { - value = var.enable_iam_user_inline_policy_approved_admin_access -} - -output "enable_iam_user_mfa_approved" { - value = var.enable_iam_user_mfa_approved -} - -output "enable_iam_user_mfa_approved_usage" { - value = var.enable_iam_user_mfa_approved_usage -} - -output "enable_aws_iam_user_policy_attachement_approved" { - value = var.enable_aws_iam_user_policy_attachement_approved -} - -output "enable_aws_iam_user_policy_attachement_rules" { - value = var.enable_aws_iam_user_policy_attachement_rules -} - - -# Turbot profile and smart folder - -output "turbot_profile" { - value = var.turbot_profile -} - -output "smart_folder_name" { - value = var.smart_folder_name -} - -output "smart_folder_description" { - value = var.smart_folder_description -} - -output "smart_folder_parent_resource" { - value = var.smart_folder_parent_resource -} diff --git a/baselines/todo_policy_packs/aws/aws_check_iam/provider.tf b/baselines/todo_policy_packs/aws/aws_check_iam/provider.tf deleted file mode 100644 index 6c39803db..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_iam/provider.tf +++ /dev/null @@ -1,13 +0,0 @@ -terraform { - required_providers { - turbot = { - source = "turbot/turbot" - } - } - required_version = ">= 0.13" -} - -provider "turbot" { - profile = var.turbot_profile -} - diff --git a/baselines/todo_policy_packs/aws/aws_check_iam/role_inline_star_policy_stmt.tf b/baselines/todo_policy_packs/aws/aws_check_iam/role_inline_star_policy_stmt.tf deleted file mode 100644 index cb1ac1a50..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_iam/role_inline_star_policy_stmt.tf +++ /dev/null @@ -1,23 +0,0 @@ -# Check IAM Role inline policy for AdministratorAccess - -# AWS > IAM > Role > Inline Policy > Statements > Approved -# https://turbot.com/v5/mods/turbot/aws-iam/inspect#/policy/types/roleInlinePolicyStatementsApproved -resource "turbot_policy_setting" "iam_role_inline_policy_approved" { - count = var.enable_iam_role_inline_policy_approved ? 1 : 0 - resource = turbot_smart_folder.aws_iam.id - type = "tmod:@turbot/aws-iam#/policy/types/roleInlinePolicyStatementsApproved" - value = "Check: Approved" - ## "Enforce: Delete Unapproved" -} - -# AWS > IAM > Role > Inline Policy > Statements > Approved > Administrator Access -# https://turbot.com/v5/mods/turbot/aws-iam/inspect#/policy/types/roleInlinePolicyStatementsApprovedAdminAccess -resource "turbot_policy_setting" "iam_role_inline_policy_approved_admin_access" { - count = var.enable_iam_role_inline_policy_approved_admin_access ? 1 : 0 - resource = turbot_smart_folder.aws_iam.id - type = "tmod:@turbot/aws-iam#/policy/types/roleInlinePolicyStatementsApprovedAdminAccess" - value = < IAM > Role > Policy Attachments > Approved -# https://turbot.com/v5/mods/turbot/aws-iam/inspect#/policy/types/rolePolicyAttachmentsApproved -resource "turbot_policy_setting" "iam_role_policy_attachement_approved" { - count = var.enable_iam_role_policy_attachement_approved ? 1 : 0 - resource = turbot_smart_folder.aws_iam.id - type = "tmod:@turbot/aws-iam#/policy/types/rolePolicyAttachmentsApproved" - value = "Check: Approved" - ## "Enforce: Delete unapproved" -} - -# Identify policy names that are unapproved -# AWS > IAM > Role > Policy Attachments > Approved > Rules -# https://turbot.com/v5/mods/turbot/aws-iam/inspect#/policy/types/rolePolicyAttachmentsApprovedRules -resource "turbot_policy_setting" "iam_role_policy_attachement_rules" { - count = var.enable_iam_role_policy_attachement_rules ? 1 : 0 - resource = turbot_smart_folder.aws_iam.id - type = "tmod:@turbot/aws-iam#/policy/types/rolePolicyAttachmentsApprovedRules" - value = <<-POLICY - REJECT $.PolicyName:/^.+FullAccess.*$/ - REJECT $.PolicyName:AdministratorAccess - APPROVE * - POLICY -} diff --git a/baselines/todo_policy_packs/aws/aws_check_iam/role_trust_policy.tf b/baselines/todo_policy_packs/aws/aws_check_iam/role_trust_policy.tf deleted file mode 100644 index 1b49a0f6b..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_iam/role_trust_policy.tf +++ /dev/null @@ -1,58 +0,0 @@ -# IAM Roles trusted only to Trusted Accounts defined in Public Access Baseline -# AWS > IAM > Role > Policy > Trusted Access -# https://turbot.com/v5/mods/turbot/aws-iam/inspect#/policy/types/rolePolicyTrustedAccess -resource "turbot_policy_setting" "iam_role_policy_trusted_access" { - count = var.enable_iam_role_policy_trusted_access ? 1 : 0 - resource = turbot_smart_folder.aws_iam.id - type = "tmod:@turbot/aws-iam#/policy/types/rolePolicyTrustedAccess" - value = "Check: Trusted Access" - ## "Enforce: Revoke untrusted access" -} - -# ## Already Set globally in the Public Access Smart Folder Baseline, commenting out incase needed to enable here -# #List of Trusted Accounts for cross-account roles -# AWS > IAM > Role > Policy > Trusted Access > Accounts -# https://turbot.com/v5/mods/turbot/aws-iam/inspect#/policy/types/rolePolicyTrustedAccounts -resource "turbot_policy_setting" "iam_role_trusted_accounts" { - count = var.enable_iam_role_trusted_accounts ? 1 : 0 - resource = turbot_smart_folder.aws_iam.id - type = "tmod:@turbot/aws-iam#/policy/types/rolePolicyTrustedAccounts" - # GraphQL to pull current account info and list other accounts - template_input = <<-QUERY - { - account{ - Id - } - } -QUERY - - # set trustedAccounts from terraform.tfvars - template = <<-TEMPLATE - ${yamlencode([for account in var.trusted_accounts : account])} - TEMPLATE -} - -# AWS > IAM > Role > Trust Relationship Statements [Deprecated] > Approved [Deprecated] > Rules [Deprecated] -# https://turbot.com/v5/mods/turbot/aws-iam/inspect#/policy/types/trustRelationshipStatementsApprovedRules -# resource "turbot_policy_setting" "iam_role_trusted_accounts_rules" { -# count = var.enable_iam_role_trusted_accounts_rules ? 1 : 0 -# resource = turbot_smart_folder.aws_iam.id -# type = "tmod:@turbot/aws-iam#/policy/types/trustRelationshipStatementsApprovedRules" -# value = <<-VALUE -# APPROVE $.AssumeRolePolicyDocument.Statement.*.Action:null -# APPROVE !$.AssumeRolePolicyDocument.Statement.*.Condition.StringEquals.'sts:ExternalId':null -# REJECT * -# VALUE -# } - - - -# Removing from standard baseline to simplify just for trusted access -# OCL Rules for approval -# List of Trusted Accounts for cross-account roles -# Stmt 1: APPROVE Trust Relationships without STS Assume Role -# Stmt 2: APPROVE Trust Relationships with STS AND External ID -# Stmt 3: REJECT all others - - - diff --git a/baselines/todo_policy_packs/aws/aws_check_iam/smart_folder.tf b/baselines/todo_policy_packs/aws/aws_check_iam/smart_folder.tf deleted file mode 100644 index a1cc4074c..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_iam/smart_folder.tf +++ /dev/null @@ -1,5 +0,0 @@ -resource "turbot_smart_folder" "aws_iam" { - parent = var.smart_folder_parent_resource - title = var.smart_folder_name - description = var.smart_folder_description -} diff --git a/baselines/todo_policy_packs/aws/aws_check_iam/user_inline_star_policy_stmt.tf b/baselines/todo_policy_packs/aws/aws_check_iam/user_inline_star_policy_stmt.tf deleted file mode 100644 index 91fa7b114..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_iam/user_inline_star_policy_stmt.tf +++ /dev/null @@ -1,23 +0,0 @@ -# Check IAM User inline policy for AdministratorAccess -# AWS > IAM > User > Inline Policy > Statements > Approved -# https://turbot.com/v5/mods/turbot/aws-iam/inspect#/policy/types/userInlinePolicyStatementsApproved - -resource "turbot_policy_setting" "iam_user_inline_policy_approved" { - count = var.enable_iam_user_inline_policy_approved ? 1 : 0 - resource = turbot_smart_folder.aws_iam.id - type = "tmod:@turbot/aws-iam#/policy/types/userInlinePolicyStatementsApproved" - value = "Check: Approved" - ## "Enforce: Delete Unapproved" -} - -# AWS > IAM > Role > Policy Attachments > Approved > Administrator Access -# https://turbot.com/v5/mods/turbot/aws-iam/inspect#/policy/types/userInlinePolicyStatementsApprovedAdminAccess -resource "turbot_policy_setting" "iam_user_inline_policy_approved_admin_access" { - count = var.enable_iam_user_inline_policy_approved_admin_access ? 1 : 0 - resource = turbot_smart_folder.aws_iam.id - type = "tmod:@turbot/aws-iam#/policy/types/userInlinePolicyStatementsApprovedAdminAccess" - value = < IAM > User > Approved -# https://turbot.com/v5/mods/turbot/aws-iam/inspect#/policy/types/userApproved -resource "turbot_policy_setting" "iam_user_mfa_approved" { - count = var.enable_iam_user_mfa_approved ? 1 : 0 - resource = turbot_smart_folder.aws_iam.id - type = "tmod:@turbot/aws-iam#/policy/types/userApproved" - value = "Check: Approved" -} - -# AWS > IAM > User > Approved > Usage -# https://turbot.com/v5/mods/turbot/aws-iam/inspect#/policy/types/userApprovedUsage -resource "turbot_policy_setting" "iam_user_mfa_approved_usage" { - count = var.enable_iam_user_mfa_approved_usage ? 1 : 0 - resource = turbot_smart_folder.aws_iam.id - type = "tmod:@turbot/aws-iam#/policy/types/userApprovedUsage" - # GraphQL to pull info from IAM User and MFA virtual keys - template_input = <<-QUERY - { - user{ - Arn - UserName - } - resources(filter:"resourceType:'tmod:@turbot/aws-iam#/resource/types/mfaVirtual'") { - items { - usertest: get(path:"User.UserName") - trunk { - title - } - } - } - } -QUERY - # Nunjucks template to set usage approval based on user and MFA key matching - template = <<-TEMPLATE - {%- set matches = false -%} - {%- for v in $.resources.items -%} - {%- if v.usertest == $.user.UserName -%} - {%- set matches = true -%} - {%- endif -%} - {%- endfor -%} - {%- if matches -%} - "Approved" - {%- else -%} - "Not approved" - {%- endif -%} -TEMPLATE -} diff --git a/baselines/todo_policy_packs/aws/aws_check_iam/user_policy_attachment.tf b/baselines/todo_policy_packs/aws/aws_check_iam/user_policy_attachment.tf deleted file mode 100644 index a97338da5..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_iam/user_policy_attachment.tf +++ /dev/null @@ -1,26 +0,0 @@ -# Check unapproved IAM User policy attachments based on name (e.g. FullAccess) - -## Set policy to check unapproved policy attachments -# AWS > IAM > User > Policy Attachments > Approved -# https://turbot.com/v5/mods/turbot/aws-iam/inspect#/policy/types/userPolicyAttachmentsApproved -resource "turbot_policy_setting" "aws_iam_user_policy_attachement_approved" { - count = var.enable_aws_iam_user_policy_attachement_approved ? 1 : 0 - resource = turbot_smart_folder.aws_iam.id - type = "tmod:@turbot/aws-iam#/policy/types/userPolicyAttachmentsApproved" - value = "Check: Approved" - ## "Enforce: Delete unapproved" -} - -# Identify policy names that are unapproved -# AWS > IAM > User > Policy Attachments > Approved > Rules -# https://turbot.com/v5/mods/turbot/aws-iam/inspect#/policy/types/userPolicyAttachmentsApprovedRules -resource "turbot_policy_setting" "aws_iam_user_policy_attachement_rules" { - count = var.enable_aws_iam_user_policy_attachement_rules ? 1 : 0 - resource = turbot_smart_folder.aws_iam.id - type = "tmod:@turbot/aws-iam#/policy/types/userPolicyAttachmentsApprovedRules" - value = <<-POLICY - REJECT $.PolicyName:/^.+FullAccess.*$/ - REJECT $.PolicyName:AdministratorAccess - APPROVE * - POLICY -} diff --git a/baselines/todo_policy_packs/aws/aws_check_iam/variable.tf b/baselines/todo_policy_packs/aws/aws_check_iam/variable.tf deleted file mode 100644 index 8fb43d46c..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_iam/variable.tf +++ /dev/null @@ -1,198 +0,0 @@ - -# Baseline Configuration -variable "trusted_accounts" { - type = list(string) - default = [] -} - -variable "enable_iam_user_access_key_active" { - type = bool - description = "Enable the IAM user access key policies for baseline" - default = true -} - -variable "enable_iam_user_access_key_active_age" { - type = bool - description = "Enable the IAM user access key age policies for baseline" - default = true -} - -variable "enable_account_password_policysettings" { - type = bool - description = "Enable the IAM user account password policies for baseline" - default = true -} - -variable "enable_account_password_policysettings_require_uppercasecharacters" { - type = bool - description = "Enable the IAM user account password uppercase character policies for baseline" - default = true -} - -variable "enable_account_password_policysettings_require_lowercasecharacters" { - type = bool - description = "Enable the IAM user account password lowercase character policies for baseline" - default = true -} - -variable "enable_account_password_policysettings_requiresymbols" { - type = bool - description = "Enable the IAM user account password symbol setting policies for baseline" - default = true -} - -variable "enable_account_password_policysettings_requireNumbers" { - type = bool - description = "Enable the IAM user account password number setting policies for baseline" - default = true -} - -variable "enable_account_password_policysettings_minimumLength" { - type = bool - description = "Enable the IAM user account password number setting policies for baseline" - default = true -} - -variable "enable_account_password_policysettings_reuseprevention" { - type = bool - description = "Enable the IAM user account password reuse setting policies for baseline" - default = true -} - -variable "enable_account_password_policysettings_maxage" { - type = bool - description = "Enable the IAM user account password maximum age setting policies for baseline" - default = true -} - -variable "enable_iam_policy_approved" { - type = bool - description = "Enable the IAM approved policies for baseline" - default = true -} - -variable "enable_iam_policy_approved_statements" { - type = bool - description = "Enable the IAM approved statement policies for baseline" - default = true -} - -variable "enable_iam_group_inline_policy_approved" { - type = bool - description = "Enable the IAM group inline policies for baseline" - default = true -} - -variable "enable_iam_group_inline_policy_approved_admin_access" { - type = bool - description = "Enable the IAM group inline admin access policies for baseline" - default = true -} - -variable "enable_aws_iam_group_policy_attachement_approved" { - type = bool - description = "Enable the IAM group attachment policies for baseline" - default = true -} - -variable "enable_aws_iam_group_policy_attachement_rules" { - type = bool - description = "Enable the IAM group attachment rules policies for baseline" - default = true -} - -variable "enable_iam_role_inline_policy_approved" { - type = bool - description = "Enable the IAM role inline policies for baseline" - default = true -} - -variable "enable_iam_role_inline_policy_approved_admin_access" { - type = bool - description = "Enable the IAM approved statement policies for baseline" - default = true -} - -variable "enable_iam_role_policy_attachement_approved" { - type = bool - description = "Enable the IAM role policy attachment for baseline" - default = true -} - -variable "enable_iam_role_policy_attachement_rules" { - type = bool - description = "Enable the IAM role policy attachment rules for baseline" - default = true -} - -variable "enable_iam_role_policy_trusted_access" { - type = bool - description = "Enable the IAM role policy trusted access for baseline" - default = false -} - -variable "enable_iam_role_trusted_accounts" { - type = bool - description = "Enable the IAM role policy trusted account for baseline" - default = false -} - -variable "enable_iam_user_inline_policy_approved" { - type = bool - description = "Enable the IAM user inline policy for baseline" - default = true -} - -variable "enable_iam_user_inline_policy_approved_admin_access" { - type = bool - description = "Enable the IAM user inline policy admin access for baseline" - default = true -} - -variable "enable_iam_user_mfa_approved" { - type = bool - description = "Enable the IAM user mfa approved policy for baseline" - default = true -} - -variable "enable_iam_user_mfa_approved_usage" { - type = bool - description = "Enable the IAM user mfa approved usage policy for baseline" - default = true -} - -variable "enable_aws_iam_user_policy_attachement_approved" { - type = bool - description = "Enable the IAM user approved policy attachment for baseline" - default = true -} - -variable "enable_aws_iam_user_policy_attachement_rules" { - type = bool - description = "Enable the IAM user policy attachment for baseline" - default = true -} - -# Optional Common Baseline Configuration - -variable "turbot_profile" { - description = "Enter profile matching your turbot cli credentials." -} - -variable "smart_folder_name" { - description = "Smart folder name for the baseline" - type = string - default = "AWS Check IAM Policies" -} - -variable "smart_folder_description" { - description = "Enter a description for the smart folder" - type = string - default = "Defines sets of policies for the AWS check S3 baseline" -} - -variable "smart_folder_parent_resource" { - description = "Enter the resource ID or AKA for the parent of the smart folder" - type = string - default = "tmod:@turbot/turbot#/" -} diff --git a/baselines/todo_policy_packs/aws/aws_check_logging/README.md b/baselines/todo_policy_packs/aws/aws_check_logging/README.md deleted file mode 100644 index 6595d3af5..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_logging/README.md +++ /dev/null @@ -1,137 +0,0 @@ -# Baseline - AWS Check Logging Policies - -AWS Check Logging Policies focuses on setting various logging policies in some most used services. - -Turbot AWS Logging Configurations to automatically setup Flow Logs, Config Recording, Global Trail. Optional if you are using Turbot to enforce the configuration - -More info - -- [Audit Logging Guardrails](https://turbot.com/v5/docs/concepts/guardrails/audit-logging) - -## Overview - -Baseline policies are initial set of policies recommended to start with while using Turbot. These policies mostly focuses on enabling services, frequently used policies to run in check mode & enabling security features such as various encryption standards. Baseline TF scripts allows you to toggle the value to apply or ignore. See the below sections for more information. - -Some of these policies overlap with other set of baselines. Hence Turbot provided set of baseline TF files are executed in separate [Smart Folder](https://turbot.com/v5/docs/getting-started/smart_folder). The advantage of setting up of each baseline in their own Smart Folder prevents conflicting with the policy settings created by other baseline scripts. - -This baseline will not attach to a resource by default. This needs to be done manually using the Turbot UI. - -## Requirements - -- Terraform v0.13 or greater installed -- Valid Turbot configuration credentials - -For further information on configuring Turbot credentials can be found [here](https://turbot.com/v5/docs/reference/cli/installation#setup-your-turbot-credentials). - -## Applying baseline - -The baseline is defined by a set of files which together define the configuration of the baseline. - -### Initialize baseline - -If not previously run, Initialize Terraform to get all necessary providers for the baseline. - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform init - ``` -### Profile name as input - -The baseline example set requires you to provide `turbot_profile` name as input. This is to help in case you are having more profiles than only `default`. In case it's default, specify name as default. - -```shell -var.turbot_profile - Enter profile matching your turbot cli credentials. - Enter a value: -``` - -### Deploying demo example - -1. Navigate to the folder of the baseline -2. Initialize Terraform -3. Apply the baseline using the demo input variable file [demo.tfvars](demo.tfvars) - -On the terminal this will look like: - -```shell -cd -terraform init -terraform apply --var-file demo.tfvars -``` -**Note** Most of the variables in demo.tfvars are marked as `false`, as they are not part of required initial policies. This can be made `true` based on need. - -### Input variable files - -Input variable files allow for the user to configure configuration definitions for multiple environments in different files. - -This baseline comes with an example input variable file called [demo.tfvars](demo.tfvars). - -It will be used to define which parts of the baseline to apply and which to ignore. - -The variables that can be overwritten by the input variable files i.e. [demo.tfvars](demo.tfvars) are defined in the [variables.tf](variables.tf) file. - -Further details found in official [Terraform documentation](https://www.terraform.io/docs/language/values/variables.html). - -### Apply baseline using input variable files - -If seeking to apply the baseline using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform apply --var-file=demo.tfvars - ``` -### Apply baseline without input variable file - -The baseline can be applied without an input variable file. - -1. By this time Terraform initialization is done as mentioned above. -3. Prefer to check the outcome by running the Terraform plan -3. Apply the Terraform -4. Run the command: - -```shell -cd -terraform plan -terraform apply -``` - -`This may prompt the user applying the baseline to enter values for variables that do not have default values.` - -### Destroy baseline without input variable file - -If seeking to apply the baseline without using an input variable file. - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform destroy - ``` - -### Destroy using input variable files - -If seeking to destoy the baseline configuration using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform destroy --var-file=demo.tfvars - ``` - -## Commenting strategy - -All Turbot policies used by the baselines will have a link to the official Turbot Mods documentation. - -Opening the links will give you further details about: - -- The purpose of the policy -- Policy URI name -- Parent information -- Category information -- Target information -- All valid values diff --git a/baselines/todo_policy_packs/aws/aws_check_logging/cloudtrail_policies.tf b/baselines/todo_policy_packs/aws/aws_check_logging/cloudtrail_policies.tf deleted file mode 100644 index fcf1bbd31..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_logging/cloudtrail_policies.tf +++ /dev/null @@ -1,54 +0,0 @@ -# AWS CloudTrail Global Trail can be setup by Turbot -# more info: https://turbot.com/v5/docs/integrations/aws/event-handlers#configuring-cloudtrail - -# You are not required to use the Turbot Audit Trail to configure CloudTrail in order to configure Turbot real time events -# But there must be a CloudTrail configured in each region. -# AWS > Turbot > Audit Trail - -# resource "turbot_policy_setting" "auditTrail" { -# resource = turbot_smart_folder.aws_logging.id -# type = "tmod:@turbot/aws#/policy/types/auditTrail" -# value = "Check: Configured" -# Skip -# Check: Configured -# Check: Not configured -# Enforce: Configured -# Enforce: Not configured -# } - -# CloudTrail Best Practices - -# Related to AWS CIS 2.02 Ensure CloudTrail log file validation is enabled (Scored) -# https://turbot.com/v5/mods/turbot/aws-cloudtrail/inspect#/policy/types/trailLogFileValidation -resource "turbot_policy_setting" "aws_cloudtrail_trail_log_validation" { - count = var.enable_cloudtrail_trail_log_validation ? 1 : 0 - resource = turbot_smart_folder.aws_logging.id - type = "tmod:@turbot/aws-cloudtrail#/policy/types/trailLogFileValidation" - value = "Check: Enabled" -} - -# Trail Status Check -# https://turbot.com/v5/mods/turbot/aws-cloudtrail/inspect#/policy/types/trailStatus -resource "turbot_policy_setting" "aws_cloudtrail_trail_status" { - count = var.enable_cloudtrail_trail_status ? 1 : 0 - resource = turbot_smart_folder.aws_logging.id - type = "tmod:@turbot/aws-cloudtrail#/policy/types/trailStatus" - value = "Check: No delivery errors" -} - -# Trail Encryption -# https://turbot.com/v5/mods/turbot/aws-cloudtrail/inspect#/policy/types/trailEncryptionAtRest -resource "turbot_policy_setting" "aws_cloudtrail_trail_encryption_at_rest" { - count = var.enable_cloudtrail_trail_encryption ? 1 : 0 - resource = turbot_smart_folder.aws_logging.id - type = "tmod:@turbot/aws-cloudtrail#/policy/types/trailEncryptionAtRest" - value = "Check: Customer managed key" - # "Skip" - # "Check: None" - # "Check: None or higher" - # "Check: Customer managed key" - # "Check: Encryption at Rest > Customer Managed Key" - # "Enforce: None" - # "Enforce: Customer managed key" - # "Enforce: Encryption at Rest > Customer Managed Key" -} \ No newline at end of file diff --git a/baselines/todo_policy_packs/aws/aws_check_logging/config_policies.tf b/baselines/todo_policy_packs/aws/aws_check_logging/config_policies.tf deleted file mode 100644 index 5a1b8f0ae..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_logging/config_policies.tf +++ /dev/null @@ -1,18 +0,0 @@ -# AWS Config Recording setup by Turbot -# Commented out since it will always error without Turbot Enforcing its own configs -# 2.05 Ensure AWS Config is enabled in all regions (Scored) - -# AWS > Config > Configuration Recording -# https://turbot.com/v5/mods/turbot/aws-config/inspect#/policy/types/configurationRecording -resource "turbot_policy_setting" "configurationRecording" { - count = var.enable_configuration_recording ? 1 : 0 - resource = turbot_smart_folder.aws_logging.id - type = "tmod:@turbot/aws-config#/policy/types/configurationRecording" - value = "Check: Configured" - # Skip - # Check: Configured - # Check: Not Configured - # Enforce: Configured - # Enforce: Not Configured -} - diff --git a/baselines/todo_policy_packs/aws/aws_check_logging/demo.tfvars b/baselines/todo_policy_packs/aws/aws_check_logging/demo.tfvars deleted file mode 100644 index f878aef70..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_logging/demo.tfvars +++ /dev/null @@ -1,10 +0,0 @@ -# See file, redshift_cluster.tf -enable_redshift_cluster_access_logging = false -enable_redshift_cluster_user_logging = false -enable_aws_s3_bucket_access_logging = true - -# See file, config_policies.tf -enable_configuration_recording = false - -# See file, vpc_policies.tf -enable_aws_vpc_flowlogging = false \ No newline at end of file diff --git a/baselines/todo_policy_packs/aws/aws_check_logging/loadbalancer_policies.tf b/baselines/todo_policy_packs/aws/aws_check_logging/loadbalancer_policies.tf deleted file mode 100644 index 6271ff468..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_logging/loadbalancer_policies.tf +++ /dev/null @@ -1,26 +0,0 @@ -# Application Load Balancer (ALB) Access Logging Check -# https://turbot.com/v5/mods/turbot/aws-ec2/inspect#/policy/types/applicationLoadBalancerAccessLogging -resource "turbot_policy_setting" "aws_alb_access_logging" { - count = var.enable_alb_access_logging ? 1 : 0 - resource = turbot_smart_folder.aws_logging.id - type = "tmod:@turbot/aws-ec2#/policy/types/applicationLoadBalancerAccessLogging" - value = "Check: Enabled" -} - -# Classic Load Balancer (ELB) Access Logging Check -# https://turbot.com/v5/mods/turbot/aws-ec2/inspect#/policy/types/classicLoadBalancerAccessLogging -resource "turbot_policy_setting" "aws_elb_access_logging" { - count = var.enable_elb_access_logging ? 1 : 0 - resource = turbot_smart_folder.aws_logging.id - type = "tmod:@turbot/aws-ec2#/policy/types/classicLoadBalancerAccessLogging" - value = "Check: Enabled" -} - -# Network Load Balancer (NLB) Access Logging Check -# https://turbot.com/v5/mods/turbot/aws-ec2/inspect#/policy/types/networkLoadBalancerAccessLogging -resource "turbot_policy_setting" "aws_nlb_access_logging" { - count = var.enable_nlb_access_logging ? 1 : 0 - resource = turbot_smart_folder.aws_logging.id - type = "tmod:@turbot/aws-ec2#/policy/types/networkLoadBalancerAccessLogging" - value = "Check: Enabled" -} diff --git a/baselines/todo_policy_packs/aws/aws_check_logging/output.tf b/baselines/todo_policy_packs/aws/aws_check_logging/output.tf deleted file mode 100644 index 67b510a33..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_logging/output.tf +++ /dev/null @@ -1,61 +0,0 @@ -output "enable_cloudtrail_trail_log_validation" { - value = var.enable_cloudtrail_trail_log_validation -} - -output "enable_cloudtrail_trail_status" { - value = var.enable_cloudtrail_trail_status -} - -output "enable_cloudtrail_trail_encryption" { - value = var.enable_cloudtrail_trail_encryption -} - -output "enable_alb_access_logging" { - value = var.enable_alb_access_logging -} - -output "enable_elb_access_logging" { - value = var.enable_elb_access_logging -} - -output "enable_nlb_access_logging" { - value = var.enable_elb_access_logging -} - -output "enable_redshift_cluster_access_logging" { - value = var.enable_redshift_cluster_access_logging -} - -output "enable_redshift_cluster_user_logging" { - value = var.enable_redshift_cluster_user_logging -} - -output "enable_aws_s3_bucket_access_logging" { - value = var.enable_aws_s3_bucket_access_logging -} - -output "enable_configuration_recording" { - value = var.enable_configuration_recording -} - -output "enable_aws_vpc_flowlogging" { - value = var.enable_aws_vpc_flowlogging -} - -# Turbot profile and smart folder - -output "turbot_profile" { - value = var.turbot_profile -} - -output "smart_folder_name" { - value = var.smart_folder_name -} - -output "smart_folder_description" { - value = var.smart_folder_description -} - -output "smart_folder_parent_resource" { - value = var.smart_folder_parent_resource -} diff --git a/baselines/todo_policy_packs/aws/aws_check_logging/provider.tf b/baselines/todo_policy_packs/aws/aws_check_logging/provider.tf deleted file mode 100644 index 715fb0f92..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_logging/provider.tf +++ /dev/null @@ -1,12 +0,0 @@ -terraform { - required_providers { - turbot = { - source = "turbot/turbot" - } - } - required_version = ">= 0.13" -} - -provider "turbot" { - profile = var.turbot_profile -} \ No newline at end of file diff --git a/baselines/todo_policy_packs/aws/aws_check_logging/redshift_policies.tf b/baselines/todo_policy_packs/aws/aws_check_logging/redshift_policies.tf deleted file mode 100644 index bdfd27f4b..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_logging/redshift_policies.tf +++ /dev/null @@ -1,29 +0,0 @@ -# AWS Logging Policies for various services -# More Info: https://turbot.com/v5/docs/concepts/guardrails/audit-logging - -# Policy Settings: -# Skip -# Check: Disabled -# Check: Enabled -# Check: Enabled to Audit Logging > Bucket -# Enforce: Disabled -# Enforce: Enabled to Audit Logging > Bucket - - -# AWS > Redshift > Cluster > Audit Logging -# https://turbot.com/v5/mods/turbot/aws-redshift/inspect#/policy/types/clusterAuditLogging -resource "turbot_policy_setting" "aws_redshift_cluster_access_logging" { - count = var.enable_redshift_cluster_access_logging ? 1 : 0 - resource = turbot_smart_folder.aws_logging.id - type = "tmod:@turbot/aws-redshift#/policy/types/clusterAuditLogging" - value = "Check: Enabled" -} - -# AWS > Redshift > Cluster > Audit Logging > User Activity Logging -# https://turbot.com/v5/mods/turbot/aws-redshift/inspect#/policy/types/clusterAuditLoggingUserActivityLogging -resource "turbot_policy_setting" "aws_redshift_cluster_user_activity_logging" { - count = var.enable_redshift_cluster_user_logging ? 1 : 0 - resource = turbot_smart_folder.aws_logging.id - type = "tmod:@turbot/aws-redshift#/policy/types/clusterAuditLoggingUserActivityLogging" - value = "Enabled" -} diff --git a/baselines/todo_policy_packs/aws/aws_check_logging/s3_policies.tf b/baselines/todo_policy_packs/aws/aws_check_logging/s3_policies.tf deleted file mode 100644 index 38543ca90..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_logging/s3_policies.tf +++ /dev/null @@ -1,9 +0,0 @@ -# S3 Bucket Access Logging Check -# AWS > S3 > Bucket > Access Logging -# https://turbot.com/v5/mods/turbot/aws-s3/inspect#/policy/types/bucketAccessLogging -resource "turbot_policy_setting" "aws_s3_bucket_access_logging" { - count = var.enable_aws_s3_bucket_access_logging ? 1 : 0 - resource = turbot_smart_folder.aws_logging.id - type = "tmod:@turbot/aws-s3#/policy/types/bucketAccessLogging" - value = "Check: Enabled" -} diff --git a/baselines/todo_policy_packs/aws/aws_check_logging/smart_folder.tf b/baselines/todo_policy_packs/aws/aws_check_logging/smart_folder.tf deleted file mode 100644 index 851f85f27..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_logging/smart_folder.tf +++ /dev/null @@ -1,6 +0,0 @@ - -resource "turbot_smart_folder" "aws_logging" { - parent = var.smart_folder_parent_resource - title = var.smart_folder_name - description = var.smart_folder_description -} \ No newline at end of file diff --git a/baselines/todo_policy_packs/aws/aws_check_logging/variable.tf b/baselines/todo_policy_packs/aws/aws_check_logging/variable.tf deleted file mode 100644 index 4d09ce329..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_logging/variable.tf +++ /dev/null @@ -1,89 +0,0 @@ -variable "enable_configuration_recording" { - type = bool - description = "Enable the Configuration Recording policies for baseline" - default = false -} - -variable "enable_aws_vpc_flowlogging" { - type = bool - description = "Enable the Configuration Recording policies for baseline" - default = false -} - -variable "enable_cloudtrail_trail_log_validation" { - type = bool - description = "Enable the Cloudtrail logfile validation policies for baseline" - default = true -} - -variable "enable_cloudtrail_trail_status" { - type = bool - description = "Enable the Cloudtrail status policies for baseline" - default = true -} - -variable "enable_cloudtrail_trail_encryption" { - type = bool - description = "Enable the Cloudtrail trail encryption policies for baseline" - default = true -} - -variable "enable_alb_access_logging" { - type = bool - description = "Enable the Application loadbalancer access logging policies for baseline" - default = true -} - -variable "enable_elb_access_logging" { - type = bool - description = "Enable the Classic loadbalancer access logging policies for baseline" - default = true -} - -variable "enable_nlb_access_logging" { - type = bool - description = "Enable the Network loadbalancer access logging policies for baseline" - default = true -} - -variable "enable_redshift_cluster_access_logging" { - type = bool - description = "Enable the Redshift cluster access logging policies for baseline" - default = false -} - -variable "enable_redshift_cluster_user_logging" { - type = bool - description = "Enable the Redshift cluster access logging policies for baseline" - default = false -} - -variable "enable_aws_s3_bucket_access_logging" { - type = bool - description = "Enable the Redshift cluster access logging policies for baseline" - default = false -} - -# Optional Common Baseline Configuration - -variable "turbot_profile" { - description = "Enter profile matching your turbot cli credentials." -} - -variable "smart_folder_name" { - description = "Smart folder name for the baseline" - type = string - default = "AWS Check Logging Policies" -} - -variable "smart_folder_description" { - description = "Enter a description for the smart folder" - type = string - default = "Defines sets of policies for the AWS check logging baseline" -} - -variable "smart_folder_parent_resource" { - description = "Enter the resource ID or AKA for the parent of the smart folder" - type = string - default = "tmod:@turbot/turbot#/" -} diff --git a/baselines/todo_policy_packs/aws/aws_check_logging/vpc_policies.tf b/baselines/todo_policy_packs/aws/aws_check_logging/vpc_policies.tf deleted file mode 100644 index 169f05490..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_logging/vpc_policies.tf +++ /dev/null @@ -1,17 +0,0 @@ -# AWS VPC Flow Logs Setup by Turbot -# Commented out since it will always error without Turbot Enforcing its own configs -# 2.09 Ensure VPC flow logging is enabled in all VPCs (Scored) - -# AWS > VPC > VPC > Flow Logging -# https://turbot.com/v5/mods/turbot/aws-vpc-core/inspect#/policy/types/vpcFlowLogging -resource "turbot_policy_setting" "vpcFlowLogging" { - count = var.enable_aws_vpc_flowlogging ? 1 : 0 - resource = turbot_smart_folder.aws_logging.id - type = "tmod:@turbot/aws-vpc-core#/policy/types/vpcFlowLogging" - value = "Check: Configured per `Flow Logging > *`" - # Skip - # Check: Configured per `Flow Logging > *` - # Check: Not configured - # Enforce: Configured per `Flow Logging > *` - # Enforce: Not configured` - } diff --git a/baselines/todo_policy_packs/aws/aws_check_public_access/README.md b/baselines/todo_policy_packs/aws/aws_check_public_access/README.md deleted file mode 100644 index 508d0fed0..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_public_access/README.md +++ /dev/null @@ -1,132 +0,0 @@ -# Baseline - AWS Check Public Access Policies - -AWS Check Public Access Policies focuses enabling some commonly used AWS resource public access status. - -More details on -- [Public Access Guardrails](https://turbot.com/v5/docs/concepts/guardrails/public-access) - -- [Trusted Access Guardrails](https://turbot.com/v5/docs/concepts/guardrails/trusted-access) - -## Overview - -Baseline policies are initial set of policies recommended to start with while using Turbot. These policies mostly focuses on enabling services, frequently used policies to run in check mode & enabling security features e.g. various encryption, public access standards etc. Baseline TF scripts allows you to toggle the value to apply or ignore. See the below sections for more information. - -Some of these policies overlap with other set of baselines. Hence Turbot provided set of baseline TF files are executed in separate [Smart Folder](https://turbot.com/v5/docs/getting-started/smart_folder). The advantage of setting up of each baseline in their own Smart Folder prevents conflicting with the policy settings created by other baseline scripts. - -This baseline will not attach to a resource by default. This needs to be done manually using the Turbot UI. - -## Requirements - -- Terraform v0.13 or greater installed -- Valid Turbot configuration credentials - -For further information on configuring Turbot credentials can be found [here](https://turbot.com/v5/docs/reference/cli/installation#setup-your-turbot-credentials). - -## Applying baseline - -The baseline is defined by a set of files which together define the configuration of the baseline. - -### Initialize baseline - -If not previously run, Initialize Terraform to get all necessary providers for the baseline. - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform init - ``` - -### Deploying demo example - -1. Navigate to the folder of the baseline -2. Initialize Terraform -3. Apply the baseline using the demo input variable file [demo.tfvars](demo.tfvars) - -On the terminal this will look like: - -```shell -cd -terraform init -terraform apply --var-file demo.tfvars -``` - -**Note** - -- Most of the variables in demo.tfvars are marked as `false`, as they are not part of required initial policies. This can be made `true` based on need. - -- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default variable file. - -### Input variable files - -Input variable files allow for the user to configure configuration definitions for multiple environments in different files. - -This baseline comes with an example input variable file called [demo.tfvars](demo.tfvars). - -It will be used to define which parts of the baseline to apply and which to ignore. - -The variables that can be overwritten by the input variable files i.e. [demo.tfvars](demo.tfvars) are defined in the [variables.tf](variables.tf) file. - -Further details found in official [Terraform documentation](https://www.terraform.io/docs/language/values/variables.html). - -### Apply baseline using input variable files - -If seeking to apply the baseline using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform apply --var-file=demo.tfvars - ``` -### Apply baseline without input variable file - -The baseline can be applied without an input variable file. - -1. By this time Terraform initialization is done as mentioned above. -3. Prefer to check the outcome by running the Terraform plan -3. Apply the Terraform -4. Run the command: - -```shell -cd -terraform plan -terraform apply -``` - -`This may prompt the user applying the baseline to enter values for variables that do not have default values.` - -### Destroy baseline without input variable file - -If seeking to apply the baseline without using an input variable file. - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform destroy - ``` - -### Destroy using input variable files - -If seeking to destoy the baseline configuration using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform destroy --var-file=demo.tfvars - ``` - -## Commenting strategy - -All Turbot policies used by the baselines will have a link to the official Turbot Mods documentation. - -Opening the links will give you further details about: - -- The purpose of the policy -- Policy URI name -- Parent information -- Category information -- Target information -- All valid values diff --git a/baselines/todo_policy_packs/aws/aws_check_public_access/apigateway_policies.tf b/baselines/todo_policy_packs/aws/aws_check_public_access/apigateway_policies.tf deleted file mode 100644 index 4991295b8..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_public_access/apigateway_policies.tf +++ /dev/null @@ -1,30 +0,0 @@ -# Public Access Guardrails - https://turbot.com/v5/docs/concepts/guardrails/public-access - -# AWS > API Gateway > API > Approved -# https://turbot.com/v5/mods/turbot/aws-apigateway/inspect#/policy/types/apiApproved -resource "turbot_policy_setting" "aws_apigateway_api_approved" { - resource = turbot_smart_folder.aws_public_access.id - type = "tmod:@turbot/aws-apigateway#/policy/types/apiApproved" - value = "Check: Approved" -} - -# AWS > API Gateway > API > Approved > Usage -# https://turbot.com/v5/mods/turbot/aws-apigateway/inspect#/policy/types/apiApprovedUsage -resource "turbot_policy_setting" "aws_apigateway_api_approved_usage" { - resource = turbot_smart_folder.aws_public_access.id - type = "tmod:@turbot/aws-apigateway#/policy/types/apiApprovedUsage" - template_input = < EC2 > Application Load Balancer > Approved -# https://turbot.com/v5/mods/turbot/aws-ec2/inspect#/policy/types/applicationLoadBalancerApproved -resource "turbot_policy_setting" "aws_ec2_alb_approved" { - resource = turbot_smart_folder.aws_public_access.id - type = "tmod:@turbot/aws-ec2#/policy/types/applicationLoadBalancerApproved" - value = "Check: Approved" - #value = "Enforce: Delete unapproved if new" -} - -# AWS > EC2 > Application Load Balancer > Approved > Usage -# https://turbot.com/v5/mods/turbot/aws-ec2/inspect#/policy/types/applicationLoadBalancerApprovedUsage -resource "turbot_policy_setting" "aws_ec2_alb_approved_usage" { - resource = turbot_smart_folder.aws_public_access.id - type = "tmod:@turbot/aws-ec2#/policy/types/applicationLoadBalancerApprovedUsage" - # GraphQL to pull public scheme - template_input = <<-QUERY - { - resource { - scheme: get(path: "Scheme") - } - } - QUERY - - # Nunjucks template - template = <<-TEMPLATE - {%- if $.resource.scheme == "internal" -%} - Approved - {%- else -%} - Not approved - {%- endif -%} - TEMPLATE -} - -# Public Classic Load Balancer (ELB) -# AWS > EC2 > Classic Load Balancer > Approved -# https://turbot.com/v5/mods/turbot/aws-ec2/inspect#/policy/types/classicLoadBalancerApproved -resource "turbot_policy_setting" "aws_ec2_elb_approved" { - resource = turbot_smart_folder.aws_public_access.id - type = "tmod:@turbot/aws-ec2#/policy/types/classicLoadBalancerApproved" - value = "Check: Approved" - #value = "Enforce: Delete unapproved if new" -} - -# AWS > EC2 > Classic Load Balancer > Approved > Usage -# https://turbot.com/v5/mods/turbot/aws-ec2/inspect#/policy/types/classicLoadBalancerApprovedUsage -resource "turbot_policy_setting" "aws_ec2_elb_approved_usage" { - resource = turbot_smart_folder.aws_public_access.id - type = "tmod:@turbot/aws-ec2#/policy/types/classicLoadBalancerApprovedUsage" - # GraphQL to pull public scheme - template_input = <<-QUERY - { - resource { - scheme: get(path: "Scheme") - } - } - QUERY - # Nunjucks template - template = <<-TEMPLATE - {%- if $.resource.scheme == "internal" -%} - Approved - {%- else -%} - Not approved - {%- endif -%} - TEMPLATE -} - -# Public Network Load Balancer (NLB) -# AWS > EC2 > Network Load Balancer > Approved -# https://turbot.com/v5/mods/turbot/aws-ec2/inspect#/policy/types/networkLoadBalancerApproved -resource "turbot_policy_setting" "aws_ec2_nlb_approved" { - resource = turbot_smart_folder.aws_public_access.id - type = "tmod:@turbot/aws-ec2#/policy/types/networkLoadBalancerApproved" - value = "Check: Approved" - #value = "Enforce: Delete unapproved if new" -} - -# AWS > EC2 > Network Load Balancer > Approved > Usage -# https://turbot.com/v5/mods/turbot/aws-ec2/inspect#/policy/types/networkLoadBalancerApprovedUsage -resource "turbot_policy_setting" "aws_ec2_nlb_approved_usage" { - resource = turbot_smart_folder.aws_public_access.id - type = "tmod:@turbot/aws-ec2#/policy/types/networkLoadBalancerApprovedUsage" - # GraphQL to pull public scheme - template_input = <<-QUERY - { - resource { - scheme: get(path: "Scheme") - } - } - QUERY - # Nunjucks template - template = <<-TEMPLATE - {%- if $.resource.scheme == "internal" -%} - Approved - {%- else -%} - Not approved - {%- endif -%} - TEMPLATE -} diff --git a/baselines/todo_policy_packs/aws/aws_check_public_access/ec2_policies.tf b/baselines/todo_policy_packs/aws/aws_check_public_access/ec2_policies.tf deleted file mode 100644 index a11dd7589..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_public_access/ec2_policies.tf +++ /dev/null @@ -1,115 +0,0 @@ -# Public Access Guardrails - https://turbot.com/v5/docs/concepts/guardrails/public-access - - -# AWS > EC2 > Instance > Approved > Public IP -# https://turbot.com/v5/mods/turbot/aws-ec2/inspect#/policy/types/instanceApprovedPublicIp -resource "turbot_policy_setting" "aws_ec2_instance_approved_public_ip" { - resource = turbot_smart_folder.aws_public_access.id - type = "tmod:@turbot/aws-ec2#/policy/types/instanceApprovedPublicIp" - value = "Approved if not assigned" -} - -# EC2 Metadata security best practices is to enable v2 for session based authentication -# AWS > EC2 > Instance > Metadata Service -# https://turbot.com/v5/mods/turbot/aws-ec2/inspect#/policy/types/instanceMetadataService -resource "turbot_policy_setting" "aws_ec2_instance_metadata_service" { - resource = turbot_smart_folder.aws_public_access.id - type = "tmod:@turbot/aws-ec2#/policy/types/instanceMetadataService" - value = "Check: Enabled for V2 only" -} - -# EC2 Metadata security best practices. -# 1 Hop limit ensures the packet is dropped leaving the EC2 instance -# AWS > EC2 > Instance > Metadata Service > HTTP Token Hop Limit -# https://turbot.com/v5/mods/turbot/aws-ec2/inspect#/policy/types/instanceMetadataServiceTokenHopLimit -resource "turbot_policy_setting" "aws_ec2_instance_metadata_service_token_hop_limit" { - resource = turbot_smart_folder.aws_public_access.id - type = "tmod:@turbot/aws-ec2#/policy/types/instanceMetadataServiceTokenHopLimit" - value = "1" -} - -# Restrict Public and Cross Account AMI Sharing - -# Check on shared AMI to untrusted AWS Account; Account Trust set in variables -# AWS > EC2 > AMI > Trusted Access -# https://turbot.com/v5/mods/turbot/aws-ec2/inspect#/policy/types/amiTrustedAccess -resource "turbot_policy_setting" "aws_ec2_ami_trusted_access" { - resource = turbot_smart_folder.aws_public_access.id - type = "tmod:@turbot/aws-ec2#/policy/types/amiTrustedAccess" - value = "Check: Trusted Access > Accounts" - #value = "Enforce: Trusted Access > Accounts" -} - -# Original Calc Policy on LaunchPermissions and Public -# resource "turbot_policy_setting" "aws_ec2_ami_approved_usage" { -# resource = turbot_smart_folder.aws_public_access.id -# type = "tmod:@turbot/aws-ec2#/policy/types/amiApprovedUsage" -# # GraphQL to pull policy Statements -# template_input = <<-QUERY -# { -# ami: resource { -# permissions: get(path: "LaunchPermissions") -# public: get(path: "Public") -# } -# } -# QUERY -# -# # Nunjucks template to set usage approval based on if the resource is shared to approved accounts. -# # set trustedAccounts in terraform.tfvars -# template = <<-TEMPLATE -# {%- set trustedAccounts = ${jsonencode([for account in var.trusted_accounts : account])} -%} -# {%- set approved = "Approved" -%} -# {%- for permission in $.ami.permissions -%} -# {%- if permission.UserId not in trustedAccounts -%} -# {%- set approved = "Not approved" -%} -# {%- endif -%} -# {%- endfor -%} -# {%- if $.resource.public -%} -# {%- set approved = "Not approved" -%} -# {%- endif -%} -# {{approved}} -# TEMPLATE -# } - -# Check for Cross Account EC2 Snapshot Sharing - -# AWS > EC2 > Snapshot > Trusted Access -# https://turbot.com/v5/mods/turbot/aws-ec2/inspect#/policy/types/snapshotTrustedAccess -resource "turbot_policy_setting" "ec2_snapshot_trusted_access" { - resource = turbot_smart_folder.aws_public_access.id - type = "tmod:@turbot/aws-ec2#/policy/types/snapshotTrustedAccess" - value = "Check: Trusted Access > Accounts" - #value = "Enforce: Trusted Access > Accounts" -} - -# Original Calc Policy on LaunchPermissions and Public -# AWS > EC2 > Snapshot > Approved > Usage -# https://turbot.com/v5/mods/turbot/aws-ec2/inspect#/policy/types/snapshotApprovedUsage -resource "turbot_policy_setting" "ec2_snapshot_approved_usage" { - resource = turbot_smart_folder.aws_public_access.id - type = "tmod:@turbot/aws-ec2#/policy/types/snapshotApprovedUsage" - # GraphQL to pull metadata - template_input = <<-QUERY - { - snapshot: resource { - permissions: get(path: "snapshotAttributes.CreateVolumePermissions") - public: get(path: "Public") - } - } - QUERY - # Nunjucks template to set usage approval based on if the resource is shared to approved accounts. - # set trustedAccounts in demo.tfvars - template = <<-TEMPLATE - {%- set trustedAccounts = ${jsonencode([for account in var.trusted_accounts : account])} -%} - {%- set approved = "Approved" -%} - {%- for permission in $.snapshot.permissions -%} - {%- if permission.UserId not in trustedAccounts -%} - {%- set approved = "Not approved" -%} - {%- endif -%} - {%- endfor -%} - {%- if $.snapshot.public -%} - {%- set approved = "Not approved" -%} - {%- endif -%} - {{approved}} - TEMPLATE -} diff --git a/baselines/todo_policy_packs/aws/aws_check_public_access/lambda_policies.tf b/baselines/todo_policy_packs/aws/aws_check_public_access/lambda_policies.tf deleted file mode 100644 index 5549e8c06..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_public_access/lambda_policies.tf +++ /dev/null @@ -1,35 +0,0 @@ -# Check if Lambda Functions are not in VPC -# Set policy to check unapproved Functions - -# AWS > Lambda > Function > Approved -# https://turbot.com/v5/mods/turbot/aws-lambda/inspect#/policy/types/functionApproved -resource "turbot_policy_setting" "aws_lambda_function_approved" { - resource = turbot_smart_folder.aws_public_access.id - type = "tmod:@turbot/aws-lambda#/policy/types/functionApproved" - value = "Check: Approved" -} - -# Calculated policy to check if VpcConfig details are defined on the Function -# If there are no VpcConfig details, the Function is not within a VPC -# AWS > Lambda > Function > Approved > Usage -# https://turbot.com/v5/mods/turbot/aws-lambda/inspect#/policy/types/functionApprovedUsage -resource "turbot_policy_setting" "aws_lambda_function_approved_usage" { - resource = turbot_smart_folder.aws_public_access.id - type = "tmod:@turbot/aws-lambda#/policy/types/functionApprovedUsage" - template_input = <<-QUERY - { - resource{ - object - } - } - QUERY - - # Nunjucks template evaluate metadata. - template = <<-TEMPLATE - {% if 'VpcConfig' in $.resource.object %} - Approved - {% else %} - Not approved - {% endif %} - TEMPLATE -} diff --git a/baselines/todo_policy_packs/aws/aws_check_public_access/output.tf b/baselines/todo_policy_packs/aws/aws_check_public_access/output.tf deleted file mode 100644 index 14638172c..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_public_access/output.tf +++ /dev/null @@ -1,39 +0,0 @@ -output "trusted_accounts" { - value = var.trusted_accounts -} - -output "enable_aws_redshift_cluster_public" { - value = var.enable_aws_redshift_cluster_public -} - -output "enable_aws_rds_db_instance_public" { - value = var.enable_aws_rds_db_instance_public -} - -output "enable_aws_redshift_cluster_snapshot_manual_trusted_access" { - value = var.enable_aws_redshift_cluster_snapshot_manual_trusted_access -} - -output "enable_aws_rds_db_snapshot_manual_trusted_access" { - value = var.enable_aws_rds_db_snapshot_manual_trusted_access -} - -output "enable_aws_rds_db_cluster_snapshot_manual_trusted_access" { - value = var.enable_aws_rds_db_cluster_snapshot_manual_trusted_access -} - -output "enable_aws_route53_hostedzone_approved" { - value = var.enable_aws_route53_hostedzone_approved -} - -output "enable_aws_route53_hostedzone_approved_usage" { - value = var.enable_aws_route53_hostedzone_approved_usage -} - -output "enable_aws_sqs_queue_trusted_access" { - value = var.enable_aws_sqs_queue_trusted_access -} - -output "enable_aws_trusted_accounts_template" { - value = var.enable_aws_trusted_accounts_template -} diff --git a/baselines/todo_policy_packs/aws/aws_check_public_access/provider.tf b/baselines/todo_policy_packs/aws/aws_check_public_access/provider.tf deleted file mode 100644 index 0353d61cb..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_public_access/provider.tf +++ /dev/null @@ -1,12 +0,0 @@ -terraform { - required_providers { - turbot = { - source = "turbot/turbot" - } - } - required_version = ">= 0.13" -} - -provider "turbot" { - profile = var.turbot_profile -} diff --git a/baselines/todo_policy_packs/aws/aws_check_public_access/rds_policies.tf b/baselines/todo_policy_packs/aws/aws_check_public_access/rds_policies.tf deleted file mode 100644 index ccb2f7009..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_public_access/rds_policies.tf +++ /dev/null @@ -1,78 +0,0 @@ -# Public Access Guardrails - https://turbot.com/v5/docs/concepts/guardrails/public-access -# Check for RDS Instance, Redshift Cluster Public Access, and Cross Account DB Snapshot Sharing - -# AWS > Redshift > Cluster > Cluster Publicly Accessible -# https://turbot.com/v5/mods/turbot/aws-redshift/inspect#/policy/types/clusterPubliclyAccessible -resource "turbot_policy_setting" "aws_redshift_cluster_public" { - count = var.enable_aws_redshift_cluster_public ? 1 : 0 - resource = turbot_smart_folder.aws_public_access.id - type = "tmod:@turbot/aws-redshift#/policy/types/clusterPubliclyAccessible" - value = "Check: Cluster is not publicly accessible" -} - -# AWS > RDS > DB Instance > DB Instance Publicly Accessible -# https://turbot.com/v5/mods/turbot/aws-rds/inspect#/policy/types/dbInstancePubliclyAccessible -resource "turbot_policy_setting" "aws_rds_db_instance_public" { - count = var.enable_aws_rds_db_instance_public ? 1 : 0 - resource = turbot_smart_folder.aws_public_access.id - type = "tmod:@turbot/aws-rds#/policy/types/dbInstancePubliclyAccessible" - value = "Check: DB Instance is not publicly accessible" -} - -# AWS > Redshift > Manual Cluster Snapshot > Trusted Access -# https://turbot.com/v5/mods/turbot/aws-redshift/inspect#/policy/types/clusterSnapshotManualTrustedAccess -resource "turbot_policy_setting" "aws_redshift_cluster_snapshot_manual_trusted_access" { - count = var.enable_aws_redshift_cluster_snapshot_manual_trusted_access ? 1 : 0 - resource = turbot_smart_folder.aws_public_access.id - type = "tmod:@turbot/aws-redshift#/policy/types/clusterSnapshotManualTrustedAccess" - value = "Check: Trusted Access > Accounts" -} - -# AWS > RDS > DB Snapshot [Manual] > Trusted Access -# https://turbot.com/v5/mods/turbot/aws-rds/inspect#/policy/types/dbSnapshotManualTrustedAccess -resource "turbot_policy_setting" "aws_rds_db_snapshot_manual_trusted_access" { - count = var.enable_aws_rds_db_snapshot_manual_trusted_access ? 1 : 0 - resource = turbot_smart_folder.aws_public_access.id - type = "tmod:@turbot/aws-rds#/policy/types/dbSnapshotManualTrustedAccess" - value = "Check: Trusted Access > Accounts" -} - -# AWS > RDS > DB Cluster Snapshot [Manual] > Trusted Access -# https://turbot.com/v5/mods/turbot/aws-rds/inspect#/policy/types/dbClusterSnapshotManualTrustedAccess -resource "turbot_policy_setting" "aws_rds_db_cluster_snapshot_manual_trusted_access" { - count = var.enable_aws_rds_db_cluster_snapshot_manual_trusted_access ? 1 : 0 - resource = turbot_smart_folder.aws_public_access.id - type = "tmod:@turbot/aws-rds#/policy/types/dbClusterSnapshotManualTrustedAccess" - value = "Check: Trusted Access > Accounts" -} - -## Older Calc policy example for RDS DB Snapshot Public - -# Check public RDS DB Snapshot accessibility -# resource "turbot_policy_setting" "aws_rds_snapshot_approved" { -# resource = turbot_smart_folder.aws_public_access.id -# type = "tmod:@turbot/aws-rds#/policy/types/dbSnapshotManualApproved" -# value = "Check: Approved" -# } - -# Check public RDS DB Snapshot accessibility usage conditions -# resource "turbot_policy_setting" "aws_rds_snapshot_approved_usage" { -# resource = turbot_smart_folder.aws_public_access.id -# type = "tmod:@turbot/aws-rds#/policy/types/dbSnapshotManualApprovedUsage" -# # GraphQL to get metadata -# template_input = <<-QUERY -# { -# resource { -# public: get(path: "Public") -# } -# } -# QUERY -# # Nunjucks template evaluate metadata. -# template = <<-TEMPLATE -# {%- if $.resource.public -%} -# Not approved -# {%- else -%} -# Approved -# {%- endif -%} -# TEMPLATE -# } diff --git a/baselines/todo_policy_packs/aws/aws_check_public_access/route53_policies.tf b/baselines/todo_policy_packs/aws/aws_check_public_access/route53_policies.tf deleted file mode 100644 index 830005049..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_public_access/route53_policies.tf +++ /dev/null @@ -1,40 +0,0 @@ -# Check Public Route53 Hosted Zone. Check for VPC Configurations -# Commented out since these services are not associated to the initial mod install list - -# Check on Route53 Hosted Zone that is not internal by evaluating VPC Configurations - -# AWS > Route 53 > Hosted Zone > Approved -# https://turbot.com/v5/mods/turbot/aws-route53/inspect#/policy/types/hostedZoneApproved -resource "turbot_policy_setting" "aws_route53_hostedzone_approved" { - count = var.enable_aws_route53_hostedzone_approved ? 1 : 0 - resource = turbot_smart_folder.aws_public_access.id - type = "tmod:@turbot/aws-route53#/policy/types/hostedZoneApproved" - value = "Check: Approved" - #value = "Enforce: Delete unapproved if new" -} - -# AWS > Route 53 > Hosted Zone > Approved > Usage -# https://turbot.com/v5/mods/turbot/aws-route53/inspect#/policy/types/hostedZoneApprovedUsage -resource "turbot_policy_setting" "aws_route53_hostedzone_approved_usage" { - count = var.enable_aws_route53_hostedzone_approved_usage ? 1 : 0 - resource = turbot_smart_folder.aws_public_access.id - type = "tmod:@turbot/aws-route53#/policy/types/hostedZoneApprovedUsage" - # GraphQL to pull VPC info on the hosted zone - template_input = <<-QUERY - { - hostedZone { - VPCs { - VPCId - } - } - } - QUERY - # Nunjucks template - template = <<-TEMPLATE - {%- if $.hostedZone.VPCs.VPCId == null -%} - "Approved" - {%- else -%} - "Not approved" - {%- endif -%} - TEMPLATE -} diff --git a/baselines/todo_policy_packs/aws/aws_check_public_access/s3_policies.tf b/baselines/todo_policy_packs/aws/aws_check_public_access/s3_policies.tf deleted file mode 100644 index e09809c78..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_public_access/s3_policies.tf +++ /dev/null @@ -1,51 +0,0 @@ -# S3 Bucket level shouldn't be public or shared with unauthorized accounts -# Also set in the S3 Baseline as well. -# Note: this is for the Bucket level; another setting is for the Account level - -# Set policy to check public access block settings -# AWS > S3 > Bucket > Public Access Block -# https://turbot.com/v5/mods/turbot/aws-s3/inspect#/policy/types/s3BucketPublicAccessBlock -resource "turbot_policy_setting" "aws_s3_public_access_block" { - resource = turbot_smart_folder.aws_public_access.id - type = "tmod:@turbot/aws-s3#/policy/types/s3BucketPublicAccessBlock" - value = "Check: Per `Public Access Block > Settings`" -} - -## Set policy to apply public access block settings -# AWS > S3 > Bucket > Public Access Block > Settings -# https://turbot.com/v5/mods/turbot/aws-s3/inspect#/policy/types/s3BucketPublicAccessBlockSettings -resource "turbot_policy_setting" "aws_s3_public_access_block_settings" { - resource = turbot_smart_folder.aws_public_access.id - type = "tmod:@turbot/aws-s3#/policy/types/s3BucketPublicAccessBlockSettings" - value = <<-VALUE - - Block Public ACLs - - Block Public Bucket Policies - - Ignore Public ACLs - - Restrict Public Bucket Policies - VALUE -} - -# S3 Account level shouldn't be public or shared with unauthorized accounts -# Also set in the S3 Baseline as well. -# Note: this is for the Account level; another setting is for the Bucket level - -# AWS > S3 > Account > Public Access Block -# https://turbot.com/v5/mods/turbot/aws-s3/inspect#/policy/types/s3AccountPublicAccessBlock -resource "turbot_policy_setting" "aws_s3_account_public_access_block" { - resource = turbot_smart_folder.aws_public_access.id - type = "tmod:@turbot/aws-s3#/policy/types/s3AccountPublicAccessBlock" - value = "Check: Per `Public Access Block > Settings`" -} - -# AWS > S3 > Account > Public Access Block > Settings -# https://turbot.com/v5/mods/turbot/aws-s3/inspect#/policy/types/s3AccountPublicAccessBlockSettings -resource "turbot_policy_setting" "aws_s3_account_public_access_block_settings" { - resource = turbot_smart_folder.aws_public_access.id - type = "tmod:@turbot/aws-s3#/policy/types/s3AccountPublicAccessBlockSettings" - value = <<-VALUE - - Block Public ACLs - - Block Public Bucket Policies - - Ignore Public ACLs - - Restrict Public Bucket Policies - VALUE -} diff --git a/baselines/todo_policy_packs/aws/aws_check_public_access/smart_folder.tf b/baselines/todo_policy_packs/aws/aws_check_public_access/smart_folder.tf deleted file mode 100644 index 91c4ea730..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_public_access/smart_folder.tf +++ /dev/null @@ -1,5 +0,0 @@ -resource "turbot_smart_folder" "aws_public_access" { - parent = var.smart_folder_parent_resource - title = var.smart_folder_name - description = var.smart_folder_description -} diff --git a/baselines/todo_policy_packs/aws/aws_check_public_access/sns_policies.tf b/baselines/todo_policy_packs/aws/aws_check_public_access/sns_policies.tf deleted file mode 100644 index 2bb21018c..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_public_access/sns_policies.tf +++ /dev/null @@ -1,19 +0,0 @@ -# Trusted Access Guardrails - https://turbot.com/v5/docs/concepts/guardrails/trusted-access - -# Restrict Public and Cross Account SNS Topics -# Assumes the default set of Trusted Accounts already set in this baseline. - -# AWS > SNS > Topic > Policy > Trusted Access -# https://turbot.com/v5/mods/turbot/aws-sns/inspect#/policy/types/topicPolicyTrustedAccess -resource "turbot_policy_setting" "aws_sns_topic_trusted_access" { - resource = turbot_smart_folder.aws_public_access.id - type = "tmod:@turbot/aws-sns#/policy/types/topicPolicyTrustedAccess" - value = "Check: Trusted Access" - #value = "Enforce: Revoke untrusted access" -} - -## tmod:@turbot/aws-sns#/policy/types/topicPolicyTrustedAccounts already inherits from: -## tmod:@turbot/aws-sns#/policy/types/snsPolicyTrustedAccounts already inherits from: -## tmod:@turbot/aws#/policy/types/trustedAccounts is the global list set in this baseline - -## Note: SNS Trusted Access also accepts default Organization Restrictions, Identity Providers, and Services diff --git a/baselines/todo_policy_packs/aws/aws_check_public_access/sqs_policies.tf b/baselines/todo_policy_packs/aws/aws_check_public_access/sqs_policies.tf deleted file mode 100644 index 5f18fc607..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_public_access/sqs_policies.tf +++ /dev/null @@ -1,18 +0,0 @@ -# Restrict Public and Cross Account SQS Queues -# Assumes the default set of Trusted Accounts already set in this baseline. - -# AWS > SQS > Queue > Policy > Trusted Access -# https://turbot.com/v5/mods/turbot/aws-sqs/inspect#/policy/types/queuePolicyTrustedAccess -resource "turbot_policy_setting" "aws_sqs_queue_trusted_access" { - count = var.enable_aws_sqs_queue_trusted_access ? 1 : 0 - resource = turbot_smart_folder.aws_public_access.id - type = "tmod:@turbot/aws-sqs#/policy/types/queuePolicyTrustedAccess" - value = "Check: Trusted Access" - #value = "Enforce: Revoke untrusted access" -} - -## tmod:@turbot/aws-sqs#/policy/types/queuePolicyTrustedAccounts already inherits from: -## tmod:@turbot/aws-sqs#/policy/types/sqsPolicyTrustedAccounts already inherits from: -## tmod:@turbot/aws#/policy/types/trustedAccounts is the global list set in this baseline - -## Note: SQS Trusted Access also accepts default Organization Restrictions, Identity Providers and Services diff --git a/baselines/todo_policy_packs/aws/aws_check_public_access/trusted_account_template.tf b/baselines/todo_policy_packs/aws/aws_check_public_access/trusted_account_template.tf deleted file mode 100644 index ddfba8b40..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_public_access/trusted_account_template.tf +++ /dev/null @@ -1,24 +0,0 @@ -# Trusted Access Guardrails - https://turbot.com/v5/docs/concepts/guardrails/trusted-access - -# Trusted Account Template - sets the global template for all services, pulls trusted list from tfvars file -# Individual services can have their own set of trusted accounts as well - -# AWS > Account > Trusted Accounts [Default] -# https://turbot.com/v5/mods/turbot/aws/inspect#/policy/types/trustedAccounts -resource "turbot_policy_setting" "aws_trusted_accounts_template" { - count = var.enable_aws_trusted_accounts_template ? 1 : 0 - resource = turbot_smart_folder.aws_public_access.id - type = "tmod:@turbot/aws#/policy/types/trustedAccounts" - template_input = <<-QUERY - { - account{ - Id - } - } - QUERY - - # set trustedAccounts from demo.tfvars - template = <<-TEMPLATE - ${yamlencode([for account in var.trusted_accounts : account])} - TEMPLATE -} diff --git a/baselines/todo_policy_packs/aws/aws_check_public_access/variable.tf b/baselines/todo_policy_packs/aws/aws_check_public_access/variable.tf deleted file mode 100644 index 54d6ff31f..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_public_access/variable.tf +++ /dev/null @@ -1,83 +0,0 @@ -# Baseline Configuration -variable "trusted_accounts" { - type = list(string) - default = [] -} - -variable "enable_aws_redshift_cluster_public" { - type = bool - description = "Enable the Redshift cluster public access policies for baseline" - default = false -} - -variable "enable_aws_rds_db_instance_public" { - type = bool - description = "Enable the RDS DB instance public access policies for baseline" - default = false -} - -variable "enable_aws_redshift_cluster_snapshot_manual_trusted_access" { - type = bool - description = "Enable the Redshift cluster manual snapshot trusted access policies for baseline" - default = false -} - -variable "enable_aws_rds_db_snapshot_manual_trusted_access" { - type = bool - description = "Enable the RDS DB manual snapshot trusted access policies for baseline" - default = false -} - -variable "enable_aws_rds_db_cluster_snapshot_manual_trusted_access" { - type = bool - description = "Enable the RDS DB cluster manual snapshot trusted access policies for baseline" - default = false -} - -variable "enable_aws_route53_hostedzone_approved" { - type = bool - description = "Enable the Route53 hostedzone approved policies for baseline" - default = false -} - -variable "enable_aws_route53_hostedzone_approved_usage" { - type = bool - description = "Enable the Route53 hostedzone approved usage policies for baseline" - default = false -} - -variable "enable_aws_sqs_queue_trusted_access" { - type = bool - description = "Enable the SQS queue trusted access policies for baseline" - default = false -} - -variable "enable_aws_trusted_accounts_template" { - type = bool - description = "Enable the AWS trusted account policies for baseline" - default = true -} - -# Optional Common Baseline Configuration - -variable "turbot_profile" { - description = "Enter profile matching your turbot cli credentials." -} - -variable "smart_folder_name" { - description = "Smart folder name for the baseline" - type = string - default = "AWS Check Public Access Policies" -} - -variable "smart_folder_description" { - description = "Enter a description for the smart folder" - type = string - default = "Defines sets of policies for the AWS check S3 baseline" -} - -variable "smart_folder_parent_resource" { - description = "Enter the resource ID or AKA for the parent of the smart folder" - type = string - default = "tmod:@turbot/turbot#/" -} diff --git a/baselines/todo_policy_packs/aws/aws_check_public_access/vpc_core_policies.tf b/baselines/todo_policy_packs/aws/aws_check_public_access/vpc_core_policies.tf deleted file mode 100644 index 91230f1ce..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_public_access/vpc_core_policies.tf +++ /dev/null @@ -1,34 +0,0 @@ -# Subnets should not allow automatic public IP assignment - -# AWS > VPC > Subnet > Approved -# https://turbot.com/v5/mods/turbot/aws-vpc-core/inspect#/policy/types/subnetApproved -resource "turbot_policy_setting" "aws_vpc_subnet_approved" { - resource = turbot_smart_folder.aws_public_access.id - type = "tmod:@turbot/aws-vpc-core#/policy/types/subnetApproved" - value = "Check: Approved" -} - - -# AWS > VPC > Subnet > Approved > Usage -# https://turbot.com/v5/mods/turbot/aws-vpc-core/inspect#/policy/types/subnetApprovedUsage -resource "turbot_policy_setting" "aws_vpc_subnet_approved_usage" { - resource = turbot_smart_folder.aws_public_access.id - type = "tmod:@turbot/aws-vpc-core#/policy/types/subnetApprovedUsage" - # GraphQL to pull resource metadata - template_input = <<-QUERY - { - resource { - publicIp: get(path: "MapPublicIpOnLaunch") - } - } - QUERY - - # Nunjucks template evaluate metadata. - template = <<-TEMPLATE - {%- if $.resource.publicIp -%} - Not approved - {%- else -%} - Approved - {%- endif -%} - TEMPLATE -} diff --git a/baselines/todo_policy_packs/aws/aws_check_public_access/vpc_internet_policies.tf b/baselines/todo_policy_packs/aws/aws_check_public_access/vpc_internet_policies.tf deleted file mode 100644 index 504755de0..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_public_access/vpc_internet_policies.tf +++ /dev/null @@ -1,36 +0,0 @@ -# No Elastic IPs (EIPs) should exist in the account, unless approved for use - -# AWS > VPC > Elastic IP > Approved -# https://turbot.com/v5/mods/turbot/aws-vpc-internet/inspect#/policy/types/elasticIpApproved -resource "turbot_policy_setting" "aws_vpc_elastic_ip_approved" { - resource = turbot_smart_folder.aws_public_access.id - type = "tmod:@turbot/aws-vpc-internet#/policy/types/elasticIpApproved" - value = "Check: Approved" -} - -# AWS > VPC > Elastic IP > Approved > Usage -# https://turbot.com/v5/mods/turbot/aws-vpc-internet/inspect#/policy/types/elasticIpApprovedUsage -resource "turbot_policy_setting" "aws_vpc_elastic_ip_approved_usage" { - resource = turbot_smart_folder.aws_public_access.id - type = "tmod:@turbot/aws-vpc-internet#/policy/types/elasticIpApprovedUsage" - value = "Not approved" -} - -# No IGWs should exist in the account, unless approved for use - -# AWS > VPC > Internet Gateway > Approved -# https://turbot.com/v5/mods/turbot/aws-vpc-internet/inspect#/policy/types/internetGatewayApproved -resource "turbot_policy_setting" "aws_vpc_igw_approved" { - resource = turbot_smart_folder.aws_public_access.id - type = "tmod:@turbot/aws-vpc-internet#/policy/types/internetGatewayApproved" - value = "Check: Approved" - # value = "Enforce: Detach and delete unapproved if new" -} - -# AWS > VPC > Internet Gateway > Approved > Usage -# https://turbot.com/v5/mods/turbot/aws-vpc-internet/inspect#/policy/types/internetGatewayApprovedUsage -resource "turbot_policy_setting" "aws_vpc_igw_approved_usage" { - resource = turbot_smart_folder.aws_public_access.id - type = "tmod:@turbot/aws-vpc-internet#/policy/types/internetGatewayApprovedUsage" - value = "Not approved" -} diff --git a/baselines/todo_policy_packs/aws/aws_check_public_access/vpc_security_policies.tf b/baselines/todo_policy_packs/aws/aws_check_public_access/vpc_security_policies.tf deleted file mode 100644 index 3ba6b07ff..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_public_access/vpc_security_policies.tf +++ /dev/null @@ -1,46 +0,0 @@ -# AWS > VPC > Security Group > Ingress Rules > Approved > Rules - https://turbot.com/v5/docs/guides/managing-policies/OCL#aws--vpc--security-group--ingress-rules--approved--rules -# OCL - https://turbot.com/v5/docs/reference/ocl - -# Approve / Reject Security Group Ingress/Egress Rules - -# AWS > VPC > Security Group > Ingress Rules > Approved -# https://turbot.com/v5/mods/turbot/aws-vpc-security/inspect#/policy/types/securityGroupIngressRulesApproved -resource "turbot_policy_setting" "aws_vpc_security_group_ingress_rule_approved" { - resource = turbot_smart_folder.aws_public_access.id - type = "tmod:@turbot/aws-vpc-security#/policy/types/securityGroupIngressRulesApproved" - value = "Check: Approved" - # "Skip" - # "Check: Approved" - # "Enforce: Delete unapproved" -} - -# Example of a friendly Security Group Ingress policy to set approved CIDR Ranges -# Example is of internal IP ranges, RFC 1918 - -# AWS > VPC > Security Group > Ingress Rules > Approved > CIDR Ranges -# https://turbot.com/v5/mods/turbot/aws-vpc-security/inspect#/policy/types/securityGroupIngressRulesApprovedCidrRanges -resource "turbot_policy_setting" "aws_vpc_security_group_ingress_rule_approved_cidr_ranges" { - resource = turbot_smart_folder.aws_public_access.id - type = "tmod:@turbot/aws-vpc-security#/policy/types/securityGroupIngressRulesApprovedCidrRanges" - value = <<-VALUE - # RFC 1918 - - 10.0.0.0/8 - - 172.16.0.0/12 - - 192.168.0.0/16 - VALUE -} - -# Mostly used are the Rules. This provides an APPROVE REJECT syntax for granular policies -# Below REJECTS Port 22 and 3389 from IPv4 & V6 0.0.0.0/0 and ::/0. APPROVES everything else -# Example below aligns to AWS CIS 4.01 and 4.02 - -# AWS > VPC > Security Group > Ingress Rules > Approved > Rules -# https://turbot.com/v5/mods/turbot/aws-vpc-security/inspect#/policy/types/securityGroupIngressRulesApprovedRules -resource "turbot_policy_setting" "security_Group_IngressRules_ApprovedRules" { - resource = turbot_smart_folder.aws_public_access.id - type = "tmod:@turbot/aws-vpc-security#/policy/types/securityGroupIngressRulesApprovedRules" - value = < Account > Approved Regions [Default]` policy contains a list of AWS regions in which -cloud resources are approved for use. - -The policy `AWS > Account > Regions` contains a list of AWS region where a resource can be recorded (discovered). - -If the [AWS Baseline](../aws_baseline/) has only one region enabled then the approving regions policy will not be -effective as Turbot will only discovers resources for that one region. - -This baseline needs to be considered carefully in conjunction with the `AWS > Account > Regions` policy set in -the [AWS Baseline](../aws_baseline/). - -Turbot also supports AWS Lockdown / Boundary policies to limit access to regions which are not part of this baseline. - -The advantage of setting up of each baseline in their own Smart Folder prevents conflicting with the policy settings -created by other baselines. - -This baseline will not attach to a resource and will need to be done manually using the Turbot UI. - -## Important - -Running the baseline without an input variable file assumes that you have **ALL** AWS mods installed. -To limit the baseline, look at the example input variable file [demo.tfvars](demo.tfvars). - -## Requirements - -- Terraform v0.13 or greater installed -- Valid Turbot configuration credentials - -For further information on configuring Turbot credentials can be found [here](https://turbot.com/v5/docs/reference/cli/installation#setup-your-turbot-credentials). - -## Applying baseline - -The baseline is defined by a set of files which together define the configuration of the baseline. - -### Deploying demo example - -The demo baseline expects that the following mods are installed: - -- aws_lambda -- aws_ec2 -- aws_s3 -- aws-vpc-core -- aws-vpc-connect -- aws-vpc-internet -- aws-vpc-security - -To run the baseline: - -1. Navigate to the folder of the baseline -2. Initialise Terraform -3. Apply the baseline using the demo input variable file [demo.tfvars](demo.tfvars) - -TODO: Omero clean up -From the workspace root folder using the the terminal, to apply the install the demo run the following commands: - -```shell -cd ./baselines/getting_started/aws/aws_check_encryption -terraform init -terraform apply --var-file demo.tfvars -``` - -**Note** - -- Most of the variables in demo.tfvars are marked as `false`, as they are not part of required initial policies. This can be made `true` based on need. - -- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default variable file. - -### Input variable files - -Input variable files allow for the user to configure configuration definitions for multiple environments in different files. - -It will be used to define which parts of the baseline to apply and which to ignore. - -The variables that can be overwritten by the input variable files are defined in the [variables.tf](variables.tf) file. - -This baseline comes with an example input variable file called [demo.tfvars](demo.tfvars). - -Further details found in official [Terraform documentation](https://www.terraform.io/docs/language/values/variables.html). - -### Initialise baseline - -If not previously run, initialise Terraform to get all necessary providers for the baseline. - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform init - ``` - -### Apply baseline without input variable file - -The baseline can be applied without an input variable file. - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform apply - ``` - -This may prompt the user applying the baseline to enter values for variables that do not have default values. - -### Apply baseline using input variable files - -If seeking to apply the baseline using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform apply --var-file=demo.tfvars - ``` - -### Destroy baseline without input variable file - -If seeking to apply the baseline without using an input variable file. - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform destroy - ``` - -### Destroy using input variable files - -If seeking to destoy the baseline configuration using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform destroy --var-file=demo.tfvars - ``` - -## Commenting strategy - -All Turbot policies used by the baselines will have a link to the official Turbot Mods documentation. - -Opening the links will give you further details about: - -- The purpose of the policy -- Policy URI name -- Parent information -- Category information -- Target information -- All valid values diff --git a/baselines/todo_policy_packs/aws/aws_check_regions/approved_regions_policies.tf b/baselines/todo_policy_packs/aws/aws_check_regions/approved_regions_policies.tf deleted file mode 100644 index bfdb3746a..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_regions/approved_regions_policies.tf +++ /dev/null @@ -1,25 +0,0 @@ -# Approved Regions is a list of AWS regions in which cloud resources are approved for use. -# Only effective when the AWS > Account > Regions policies has multiple regions. -# The regions policy contains a list of AWS regions in which resources can are recorded, - -# AWS > Account > Approved Regions [Default] -# https://turbot.com/v5/mods/turbot/aws/inspect#/policy/types/approvedRegionsDefault -resource "turbot_policy_setting" "aws_account_approved_regions" { - count = length(var.resource_approved_regions) > 0 ? 1 : 0 - resource = turbot_smart_folder.aws_regions.id - type = "tmod:@turbot/aws#/policy/types/approvedRegionsDefault" - value = <<-ALLOWEDREGIONS - ${yamlencode([for region in var.resource_approved_regions_region_list : region])} - ALLOWEDREGIONS -} - -## Sets approved region policy for each resource type in the resource_approved_regions map. - -# AWS > **Service** > **Resource** > Approved -# Example policy: https://turbot.com/v5/mods/turbot/aws-ec2/inspect#/policy/types/instanceApproved -resource "turbot_policy_setting" "set_resource_approved_regions_policies" { - for_each = var.resource_approved_regions - resource = turbot_smart_folder.aws_regions.id - type = local.policy_map[each.key] - value = each.value -} diff --git a/baselines/todo_policy_packs/aws/aws_check_regions/demo.tfvars b/baselines/todo_policy_packs/aws/aws_check_regions/demo.tfvars deleted file mode 100644 index 8d9f11f3a..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_regions/demo.tfvars +++ /dev/null @@ -1,25 +0,0 @@ -# List of services and resources to be Check: Approved. -# Started with a few resource types to get started aligned with the initial mods installed -# You can remove the comment per row to include the resource type. Make sure you have the related service mod installed - -# NOTE: For full list of values, look in variables.tf at the default value -resource_approved_regions = { - aws-ec2-ami = "Check: Approved" - aws-ec2-applicationLoadBalancer = "Check: Approved" - aws-ec2-classicLoadBalancer = "Check: Approved" - aws-ec2-instance = "Check: Approved" - aws-ec2-keyPair = "Check: Approved" - aws-ec2-networkLoadBalancer = "Check: Approved" - aws-ec2-snapshot = "Check: Approved" - aws-ec2-volume = "Check: Approved" - aws-lambda-function = "Check: Approved" - aws-s3-bucket = "Check: Approved" - aws-vpc-security-securityGroup = "Check: Approved" - aws-vpc-core-vpc = "Check: Approved" -} - -# NOTE: For full list of values, look in variables.tf at the default value -resource_approved_regions_region_list = [ - "us-east-1", - "us-east-2", -] diff --git a/baselines/todo_policy_packs/aws/aws_check_regions/locals.tf b/baselines/todo_policy_packs/aws/aws_check_regions/locals.tf deleted file mode 100644 index 964076294..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_regions/locals.tf +++ /dev/null @@ -1,151 +0,0 @@ -locals { - policy_map = { - aws-acm-certificate : "tmod:@turbot/aws-acm#/policy/types/certificateApproved" - aws-mq-broker : "tmod:@turbot/aws-mq#/policy/types/brokerApproved" - aws-mq-configuration : "tmod:@turbot/aws-mq#/policy/types/configurationApproved" - aws-amplify-app : "tmod:@turbot/aws-amplify#/policy/types/appApproved" - aws-apigateway-api : "tmod:@turbot/aws-apigateway#/policy/types/apiApproved" - aws-apigateway-apiKey : "tmod:@turbot/aws-apigateway#/policy/types/apiKeyApproved" - aws-apigateway-apiV2 : "tmod:@turbot/aws-apigateway#/policy/types/apiV2Approved" - aws-apigateway-authorizer : "tmod:@turbot/aws-apigateway#/policy/types/authorizerApproved" - aws-apigateway-authorizerV2 : "tmod:@turbot/aws-apigateway#/policy/types/authorizerV2Approved" - aws-apigateway-domainNameV2 : "tmod:@turbot/aws-apigateway#/policy/types/domainNameV2Approved" - aws-apigateway-stage : "tmod:@turbot/aws-apigateway#/policy/types/stageApproved" - aws-apigateway-stageV2 : "tmod:@turbot/aws-apigateway#/policy/types/stageV2Approved" - aws-apigateway-usagePlan : "tmod:@turbot/aws-apigateway#/policy/types/usagePlanApproved" - aws-appmesh-mesh : "tmod:@turbot/aws-appmesh#/policy/types/meshApproved" - aws-athena-namedQuery : "tmod:@turbot/aws-athena#/policy/types/namedQueryApproved" - aws-athena-workgroup : "tmod:@turbot/aws-athena#/policy/types/workgroupApproved" - aws-backup-backupPlan : "tmod:@turbot/aws-backup#/policy/types/backupPlanApproved" - aws-backup-backupVault : "tmod:@turbot/aws-backup#/policy/types/backupVaultApproved" - aws-batch-jobDefinition : "tmod:@turbot/aws-batch#/policy/types/jobDefinitionApproved" - aws-cloudformation-stack : "tmod:@turbot/aws-cloudformation#/policy/types/stackApproved" - aws-cloudformation-stackSet : "tmod:@turbot/aws-cloudformation#/policy/types/stackSetApproved" - aws-cloudsearch-domain : "tmod:@turbot/aws-cloudsearch#/policy/types/domainApproved" - aws-cloudtrail-trail : "tmod:@turbot/aws-cloudtrail#/policy/types/trailApproved" - aws-cloudwatch-alarm : "tmod:@turbot/aws-cloudwatch#/policy/types/alarmApproved" - aws-codebuild-build : "tmod:@turbot/aws-codebuild#/policy/types/buildApproved" - aws-codebuild-project : "tmod:@turbot/aws-codebuild#/policy/types/projectApproved" - aws-codecommit-repository : "tmod:@turbot/aws-codecommit#/policy/types/repositoryApproved" - aws-config-configurationRecorder : "tmod:@turbot/aws-config#/policy/types/configurationRecorderApproved" - aws-config-deliveryChannel : "tmod:@turbot/aws-config#/policy/types/deliveryChannelApproved" - aws-config-rule : "tmod:@turbot/aws-config#/policy/types/ruleApproved" - aws-dax-cluster : "tmod:@turbot/aws-dax#/policy/types/clusterApproved" - aws-directoryservice-directory : "tmod:@turbot/aws-directoryservice#/policy/types/directoryApproved" - aws-dms-endpoint : "tmod:@turbot/aws-dms#/policy/types/endpointApproved" - aws-docdb-dbCluster : "tmod:@turbot/aws-docdb#/policy/types/dbClusterApproved" - aws-docdb-dbClusterParameterGroup : "tmod:@turbot/aws-docdb#/policy/types/dbClusterParameterGroupApproved" - aws-docdb-dbInstance : "tmod:@turbot/aws-docdb#/policy/types/dbInstanceApproved" - aws-dynamodb-backup : "tmod:@turbot/aws-dynamodb#/policy/types/backupApproved" - aws-dynamodb-table : "tmod:@turbot/aws-dynamodb#/policy/types/tableApproved" - aws-ec2-ami : "tmod:@turbot/aws-ec2#/policy/types/amiApproved" - aws-ec2-applicationLoadBalancer : "tmod:@turbot/aws-ec2#/policy/types/applicationLoadBalancerApproved" - aws-ec2-autoScalingGroup : "tmod:@turbot/aws-ec2#/policy/types/autoScalingGroupApproved" - aws-ec2-classicLoadBalancer : "tmod:@turbot/aws-ec2#/policy/types/classicLoadBalancerApproved" - aws-ec2-instance : "tmod:@turbot/aws-ec2#/policy/types/instanceApproved" - aws-ec2-keyPair : "tmod:@turbot/aws-ec2#/policy/types/keyPairApproved" - aws-ec2-launchConfiguration : "tmod:@turbot/aws-ec2#/policy/types/launchConfigurationApproved" - aws-ec2-launchTemplate : "tmod:@turbot/aws-ec2#/policy/types/launchTemplateApproved" - aws-ec2-launchTemplateVersion : "tmod:@turbot/aws-ec2#/policy/types/launchTemplateVersionApproved" - aws-ec2-listenerRule : "tmod:@turbot/aws-ec2#/policy/types/listenerRuleApproved" - aws-ec2-loadBalancerListener : "tmod:@turbot/aws-ec2#/policy/types/loadBalancerListenerApproved" - aws-ec2-networkInterface : "tmod:@turbot/aws-ec2#/policy/types/networkInterfaceApproved" - aws-ec2-networkLoadBalancer : "tmod:@turbot/aws-ec2#/policy/types/networkLoadBalancerApproved" - aws-ec2-snapshot : "tmod:@turbot/aws-ec2#/policy/types/snapshotApproved" - aws-ec2-targetGroup : "tmod:@turbot/aws-ec2#/policy/types/targetGroupApproved" - aws-ec2-volume : "tmod:@turbot/aws-ec2#/policy/types/volumeApproved" - aws-ecr-repository : "tmod:@turbot/aws-ecr#/policy/types/repositoryApproved" - aws-ecs-cluster : "tmod:@turbot/aws-ecs#/policy/types/clusterApproved" - aws-ecs-containerInstance : "tmod:@turbot/aws-ecs#/policy/types/containerInstanceApproved" - aws-ecs-taskDefinition : "tmod:@turbot/aws-ecs#/policy/types/taskDefinitionApproved" - aws-efs-fileSystem : "tmod:@turbot/aws-efs#/policy/types/fileSystemApproved" - aws-efs-mountTarget : "tmod:@turbot/aws-efs#/policy/types/mountTargetApproved" - aws-eks-cluster : "tmod:@turbot/aws-eks#/policy/types/clusterApproved" - aws-eks-nodeGroup : "tmod:@turbot/aws-eks#/policy/types/nodeGroupApproved" - aws-elasticbeanstalk-application : "tmod:@turbot/aws-elasticbeanstalk#/policy/types/applicationApproved" - aws-elasticbeanstalk-environment : "tmod:@turbot/aws-elasticbeanstalk#/policy/types/environmentApproved" - aws-elasticache-cacheCluster : "tmod:@turbot/aws-elasticache#/policy/types/cacheClusterApproved" - aws-elasticache-cacheParameterGroup : "tmod:@turbot/aws-elasticache#/policy/types/cacheParameterGroupApproved" - aws-elasticache-replicationGroup : "tmod:@turbot/aws-elasticache#/policy/types/replicationGroupApproved" - aws-elasticache-snapshot : "tmod:@turbot/aws-elasticache#/policy/types/snapshotApproved" - aws-elasticsearch-domain : "tmod:@turbot/aws-elasticsearch#/policy/types/domainApproved" - aws-emr-cluster : "tmod:@turbot/aws-emr#/policy/types/clusterApproved" - aws-emr-securityConfiguration : "tmod:@turbot/aws-emr#/policy/types/securityConfigurationApproved" - aws-events-rule : "tmod:@turbot/aws-events#/policy/types/ruleApproved" - aws-events-target : "tmod:@turbot/aws-events#/policy/types/targetApproved" - aws-fsx-backup : "tmod:@turbot/aws-fsx#/policy/types/backupApproved" - aws-fsx-fileSystem : "tmod:@turbot/aws-fsx#/policy/types/fileSystemApproved" - aws-glacier-vault : "tmod:@turbot/aws-glacier#/policy/types/vaultApproved" - aws-glue-database : "tmod:@turbot/aws-glue#/policy/types/databaseApproved" - aws-guardduty-detector : "tmod:@turbot/aws-guardduty#/policy/types/detectorApproved" - aws-guardduty-ipSet : "tmod:@turbot/aws-guardduty#/policy/types/ipSetApproved" - aws-guardduty-threatIntelSet : "tmod:@turbot/aws-guardduty#/policy/types/threatIntelSetApproved" - aws-inspector-assessmentTarget : "tmod:@turbot/aws-inspector#/policy/types/assessmentTargetApproved" - aws-inspector-assessmentTemplate : "tmod:@turbot/aws-inspector#/policy/types/assessmentTemplateApproved" - aws-kinesis-consumer : "tmod:@turbot/aws-kinesis#/policy/types/consumerApproved" - aws-kinesis-stream : "tmod:@turbot/aws-kinesis#/policy/types/streamApproved" - aws-kms-key : "tmod:@turbot/aws-kms#/policy/types/keyApproved" - aws-lambda-function : "tmod:@turbot/aws-lambda#/policy/types/functionApproved" - aws-logs-logGroup : "tmod:@turbot/aws-logs#/policy/types/logGroupApproved" - aws-logs-logStream : "tmod:@turbot/aws-logs#/policy/types/logStreamApproved" - aws-logs-metricFilter : "tmod:@turbot/aws-logs#/policy/types/metricFilterApproved" - aws-msk-cluster : "tmod:@turbot/aws-msk#/policy/types/clusterApproved" - aws-neptune-dbCluster : "tmod:@turbot/aws-neptune#/policy/types/dbClusterApproved" - aws-neptune-dbInstance : "tmod:@turbot/aws-neptune#/policy/types/dbInstanceApproved" - aws-qldb-ledger : "tmod:@turbot/aws-qldb#/policy/types/ledgerApproved" - aws-rds-dbCluster : "tmod:@turbot/aws-rds#/policy/types/dbClusterApproved" - aws-rds-dbClusterParameterGroup : "tmod:@turbot/aws-rds#/policy/types/dbClusterParameterGroupApproved" - aws-rds-dbClusterSnapshotManual : "tmod:@turbot/aws-rds#/policy/types/dbClusterSnapshotManualApproved" - aws-rds-dbInstance : "tmod:@turbot/aws-rds#/policy/types/dbInstanceApproved" - aws-rds-dbParameterGroup : "tmod:@turbot/aws-rds#/policy/types/dbParameterGroupApproved" - aws-rds-dbSnapshotManual : "tmod:@turbot/aws-rds#/policy/types/dbSnapshotManualApproved" - aws-rds-optionGroup : "tmod:@turbot/aws-rds#/policy/types/optionGroupApproved" - aws-rds-subnetGroup : "tmod:@turbot/aws-rds#/policy/types/subnetGroupApproved" - aws-redshift-cluster : "tmod:@turbot/aws-redshift#/policy/types/clusterApproved" - aws-redshift-clusterParameterGroup : "tmod:@turbot/aws-redshift#/policy/types/clusterParameterGroupApproved" - aws-redshift-clusterSubnetGroup : "tmod:@turbot/aws-redshift#/policy/types/clusterSubnetGroupApproved" - aws-redshift-clusterSnapshotManual : "tmod:@turbot/aws-redshift#/policy/types/clusterSnapshotManualApproved" - aws-robomaker-fleet : "tmod:@turbot/aws-robomaker#/policy/types/fleetApproved" - aws-robomaker-robot : "tmod:@turbot/aws-robomaker#/policy/types/robotApproved" - aws-robomaker-robotApplication : "tmod:@turbot/aws-robomaker#/policy/types/robotApplicationApproved" - aws-route53resolver-resolverEndpoint : "tmod:@turbot/aws-route53resolver#/policy/types/resolverEndpointApproved" - aws-route53resolver-resolverRule : "tmod:@turbot/aws-route53resolver#/policy/types/resolverRuleApproved" - aws-s3-bucket : "tmod:@turbot/aws-s3#/policy/types/bucketApproved" - aws-secretsmanager-secret : "tmod:@turbot/aws-secretsmanager#/policy/types/secretApproved" - aws-securityhub-hub : "tmod:@turbot/aws-securityhub#/policy/types/hubApproved" - aws-sns-subscription : "tmod:@turbot/aws-sns#/policy/types/subscriptionApproved" - aws-sns-topic : "tmod:@turbot/aws-sns#/policy/types/topicApproved" - aws-sqs-queue : "tmod:@turbot/aws-sqs#/policy/types/queueApproved" - aws-ssm-association : "tmod:@turbot/aws-ssm#/policy/types/associationApproved" - aws-ssm-document : "tmod:@turbot/aws-ssm#/policy/types/documentApproved" - aws-ssm-maintenanceWindow : "tmod:@turbot/aws-ssm#/policy/types/maintenanceWindowApproved" - aws-ssm-ssmParameter : "tmod:@turbot/aws-ssm#/policy/types/ssmParameterApproved" - aws-stepfunctions-stateMachine : "tmod:@turbot/aws-stepfunctions#/policy/types/stateMachineApproved" - aws-swf-domain : "tmod:@turbot/aws-swf#/policy/types/domainApproved" - aws-vpc-connect-customerGateway : "tmod:@turbot/aws-vpc-connect#/policy/types/customerGatewayApproved" - aws-vpc-core-dhcpOptions : "tmod:@turbot/aws-vpc-core#/policy/types/dhcpOptionsApproved" - aws-vpc-internet-egressOnlyInternetGateway : "tmod:@turbot/aws-vpc-internet#/policy/types/egressOnlyInternetGatewayApproved" - aws-vpc-internet-elasticIp : "tmod:@turbot/aws-vpc-internet#/policy/types/elasticIpApproved" - aws-vpc-internet-vpcEndpoint : "tmod:@turbot/aws-vpc-internet#/policy/types/vpcEndpointApproved" - aws-vpc-internet-vpcEndpointService : "tmod:@turbot/aws-vpc-internet#/policy/types/vpcEndpointServiceApproved" - aws-vpc-security-flowLog : "tmod:@turbot/aws-vpc-security#/policy/types/flowLogApproved" - aws-vpc-internet-internetGateway : "tmod:@turbot/aws-vpc-internet#/policy/types/internetGatewayApproved" - aws-vpc-internet-natGateway : "tmod:@turbot/aws-vpc-internet#/policy/types/natGatewayApproved" - aws-vpc-security-networkAcl : "tmod:@turbot/aws-vpc-security#/policy/types/networkAclApproved" - aws-vpc-connect-vpcPeeringConnection : "tmod:@turbot/aws-vpc-connect#/policy/types/vpcPeeringConnectionApproved" - aws-vpc-core-routeTable : "tmod:@turbot/aws-vpc-core#/policy/types/routeTableApproved" - aws-vpc-security-securityGroup : "tmod:@turbot/aws-vpc-security#/policy/types/securityGroupApproved" - aws-vpc-core-subnet : "tmod:@turbot/aws-vpc-core#/policy/types/subnetApproved" - aws-vpc-connect-transitGateway : "tmod:@turbot/aws-vpc-connect#/policy/types/transitGatewayApproved" - aws-vpc-connect-transitGatewayRouteTable : "tmod:@turbot/aws-vpc-connect#/policy/types/transitGatewayRouteTableApproved" - aws-vpc-core-vpc : "tmod:@turbot/aws-vpc-core#/policy/types/vpcApproved" - aws-vpc-connect-vpnConnection : "tmod:@turbot/aws-vpc-connect#/policy/types/vpnConnectionApproved" - aws-vpc-connect-vpnGateway : "tmod:@turbot/aws-vpc-connect#/policy/types/vpnGatewayApproved" - aws-waf-ipSetV2Regional : "tmod:@turbot/aws-waf#/policy/types/ipSetV2RegionalApproved" - aws-waf-regexPatternSetV2Regional : "tmod:@turbot/aws-waf#/policy/types/regexPatternSetV2RegionalApproved" - aws-waf-ruleGroupV2Regional : "tmod:@turbot/aws-waf#/policy/types/ruleGroupV2RegionalApproved" - aws-waf-webAclV2Regional : "tmod:@turbot/aws-waf#/policy/types/webAclV2RegionalApproved" - aws-wafregional-rule : "tmod:@turbot/aws-wafregional#/policy/types/ruleApproved" - aws-wellarchitected-workload : "tmod:@turbot/aws-wellarchitected#/policy/types/workloadApproved" - } -} diff --git a/baselines/todo_policy_packs/aws/aws_check_regions/outputs.tf b/baselines/todo_policy_packs/aws/aws_check_regions/outputs.tf deleted file mode 100644 index 98b1c4e85..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_regions/outputs.tf +++ /dev/null @@ -1,23 +0,0 @@ -output "resource_approved_regions" { - value = var.resource_approved_regions -} - -output "resource_approved_regions_region_list" { - value = var.resource_approved_regions_region_list -} - -output "turbot_profile" { - value = var.turbot_profile -} - -output "smart_folder_name" { - value = var.smart_folder_name -} - -output "smart_folder_description" { - value = var.smart_folder_description -} - -output "smart_folder_parent_resource" { - value = var.smart_folder_parent_resource -} diff --git a/baselines/todo_policy_packs/aws/aws_check_regions/providers.tf b/baselines/todo_policy_packs/aws/aws_check_regions/providers.tf deleted file mode 100644 index 0353d61cb..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_regions/providers.tf +++ /dev/null @@ -1,12 +0,0 @@ -terraform { - required_providers { - turbot = { - source = "turbot/turbot" - } - } - required_version = ">= 0.13" -} - -provider "turbot" { - profile = var.turbot_profile -} diff --git a/baselines/todo_policy_packs/aws/aws_check_regions/smart_folder.tf b/baselines/todo_policy_packs/aws/aws_check_regions/smart_folder.tf deleted file mode 100644 index 2359e6547..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_regions/smart_folder.tf +++ /dev/null @@ -1,5 +0,0 @@ -resource "turbot_smart_folder" "aws_regions" { - parent = var.smart_folder_parent_resource - title = var.smart_folder_name - description = var.smart_folder_description -} diff --git a/baselines/todo_policy_packs/aws/aws_check_regions/variables.tf b/baselines/todo_policy_packs/aws/aws_check_regions/variables.tf deleted file mode 100644 index 850c0d7cc..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_regions/variables.tf +++ /dev/null @@ -1,224 +0,0 @@ -# Baseline Configuration - -variable "resource_approved_regions" { - description = < -``` - -### Deploying demo example - -1. Navigate to the folder of the baseline -2. Initialize Terraform -3. Apply the baseline using the demo input variable file [demo.tfvars](demo.tfvars) - -On the terminal this will look like: - -```shell -cd -terraform init -terraform apply --var-file demo.tfvars -``` -**Note** -- Most of the variables in demo.tfvars are marked as `false`, as they are not part of required initial policies. This can be made `true` based on need. -- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default variable file. - -### Input variable files - -Input variable files allow for the user to configure configuration definitions for multiple environments in different files. - -This baseline comes with an example input variable file called [demo.tfvars](demo.tfvars). - -It will be used to define which parts of the baseline to apply and which to ignore. - -The variables that can be overwritten by the input variable files i.e. [demo.tfvars](demo.tfvars) are defined in the [variables.tf](variables.tf) file. - -Further details found in official [Terraform documentation](https://www.terraform.io/docs/language/values/variables.html). - -### Apply baseline using input variable files - -If seeking to apply the baseline using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform apply --var-file=demo.tfvars - ``` -### Apply baseline without input variable file - -The baseline can be applied without an input variable file. - -1. By this time Terraform initialization is done as mentioned above. -3. Prefer to check the outcome by running the Terraform plan -3. Apply the Terraform -4. Run the command: - -```shell -cd -terraform plan -terraform apply -``` - -`This may prompt the user applying the baseline to enter values for variables that do not have default values.` - -### Destroy baseline without input variable file - -If seeking to apply the baseline without using an input variable file. - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform destroy - ``` - -### Destroy using input variable files - -If seeking to destoy the baseline configuration using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform destroy --var-file=demo.tfvars - ``` - -## Commenting strategy - -All Turbot policies used by the baselines will have a link to the official Turbot Mods documentation. - -Opening the links will give you further details about: - -- The purpose of the policy -- Policy URI name -- Parent information -- Category information -- Target information -- All valid values diff --git a/baselines/todo_policy_packs/aws/aws_check_s3/demo.tfvars b/baselines/todo_policy_packs/aws/aws_check_s3/demo.tfvars deleted file mode 100644 index a45c205c2..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_s3/demo.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# List of trusted accounts for cross account access -# More Info: https://turbot.com/v5/docs/concepts/guardrails/trusted-access -trusted_accounts = [ - "{{ $.account.Id }}", # Self - current AWS Account - "287590803701", # Turbot SaaS US Prod - "255798382450", # Turbot SaaS EU Account -] - -# Uses the more complex calculated policy for the version control. -# See file, s3_versioning_policies.tf -use_simple_s3_bucket_versioning = false diff --git a/baselines/todo_policy_packs/aws/aws_check_s3/outputs.tf b/baselines/todo_policy_packs/aws/aws_check_s3/outputs.tf deleted file mode 100644 index cd437fe7f..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_s3/outputs.tf +++ /dev/null @@ -1,59 +0,0 @@ -output "trusted_accounts" { - value = var.trusted_accounts -} - -output "enable_s3_access_logging_policies" { - value = var.enable_s3_access_logging_policies -} - -output "enable_s3_active_policies" { - value = var.enable_s3_active_policies -} - -output "enable_s3_approved_policies" { - value = var.enable_s3_approved_policies -} - -output "enable_s3_enabled_policies" { - value = var.enable_s3_enabled_policies -} - -output "enable_s3_encryption_policies" { - value = var.enable_s3_encryption_policies -} - -output "enable_s3_permission_policies" { - value = var.enable_s3_permission_policies -} - -output "enable_s3_public_access_policies" { - value = var.enable_s3_public_access_policies -} - -output "enable_s3_tag_policies" { - value = var.enable_s3_tag_policies -} - -output "enable_s3_trusted_access_policies" { - value = var.enable_s3_trusted_access_policies -} - -output "use_simple_s3_bucket_versioning" { - value = var.use_simple_s3_bucket_versioning -} - -output "turbot_profile" { - value = var.turbot_profile -} - -output "smart_folder_name" { - value = var.smart_folder_name -} - -output "smart_folder_description" { - value = var.smart_folder_description -} - -output "smart_folder_parent_resource" { - value = var.smart_folder_parent_resource -} diff --git a/baselines/todo_policy_packs/aws/aws_check_s3/providers.tf b/baselines/todo_policy_packs/aws/aws_check_s3/providers.tf deleted file mode 100644 index 0353d61cb..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_s3/providers.tf +++ /dev/null @@ -1,12 +0,0 @@ -terraform { - required_providers { - turbot = { - source = "turbot/turbot" - } - } - required_version = ">= 0.13" -} - -provider "turbot" { - profile = var.turbot_profile -} diff --git a/baselines/todo_policy_packs/aws/aws_check_s3/s3_access_logging_policies.tf b/baselines/todo_policy_packs/aws/aws_check_s3/s3_access_logging_policies.tf deleted file mode 100644 index 887c8b4bf..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_s3/s3_access_logging_policies.tf +++ /dev/null @@ -1,8 +0,0 @@ -# AWS > S3 > Bucket > Access Logging -# https://turbot.com/v5/mods/turbot/aws-s3/inspect#/policy/types/bucketAccessLogging -resource "turbot_policy_setting" "aws_s3_bucket_access_logging" { - count = var.enable_s3_access_logging_policies ? 1 : 0 - resource = turbot_smart_folder.aws_all_s3.id - type = "tmod:@turbot/aws-s3#/policy/types/bucketAccessLogging" - value = "Check: Enabled" -} diff --git a/baselines/todo_policy_packs/aws/aws_check_s3/s3_active_policies.tf b/baselines/todo_policy_packs/aws/aws_check_s3/s3_active_policies.tf deleted file mode 100644 index fbfe22018..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_s3/s3_active_policies.tf +++ /dev/null @@ -1,19 +0,0 @@ -# Active Guardrails - https://turbot.com/v5/docs/concepts/guardrails/active - -# AWS > S3 > Bucket > Active -# https://turbot.com/v5/mods/turbot/aws-s3/inspect#/policy/types/bucketActive -resource "turbot_policy_setting" "aws_s3_bucket_active" { - count = var.enable_s3_active_policies ? 1 : 0 - resource = turbot_smart_folder.aws_all_s3.id - type = "tmod:@turbot/aws-s3#/policy/types/bucketActive" - value = "Check: Active" -} - -# AWS > S3 > Bucket > Active > Age -# https://turbot.com/v5/mods/turbot/aws-s3/inspect#/policy/types/bucketActiveAge -resource "turbot_policy_setting" "aws_s3_bucket_active_age" { - count = var.enable_s3_active_policies ? 1 : 0 - resource = turbot_smart_folder.aws_all_s3.id - type = "tmod:@turbot/aws-s3#/policy/types/bucketActiveAge" - value = "Force inactive if age > 60 days" -} diff --git a/baselines/todo_policy_packs/aws/aws_check_s3/s3_approved_policies.tf b/baselines/todo_policy_packs/aws/aws_check_s3/s3_approved_policies.tf deleted file mode 100644 index fd9c31db0..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_s3/s3_approved_policies.tf +++ /dev/null @@ -1,34 +0,0 @@ -# Approved Guardrails -# https://turbot.com/v5/docs/concepts/guardrails/approved - -# Simple policy to check if S3 is Approved for Usage -- can adjust for testing per bucket -# Will inherit the Approved Regions list if using the Approved Regions baseline or can keep the Regions setting below. - -# AWS > S3 > Bucket > Approved -# https://turbot.com/v5/mods/turbot/aws-s3/inspect#/policy/types/bucketApproved -resource "turbot_policy_setting" "aws_s3_bucket_approved" { - count = var.enable_s3_approved_policies ? 1 : 0 - resource = turbot_smart_folder.aws_all_s3.id - type = "tmod:@turbot/aws-s3#/policy/types/bucketApproved" - value = "Check: Approved" -} - -# AWS > S3 > Bucket > Approved > Usage -# https://turbot.com/v5/mods/turbot/aws-s3/inspect#/policy/types/bucketApprovedUsage -resource "turbot_policy_setting" "aws_s3_bucket_approved_usage" { - count = var.enable_s3_approved_policies ? 1 : 0 - resource = turbot_smart_folder.aws_all_s3.id - type = "tmod:@turbot/aws-s3#/policy/types/bucketApprovedUsage" - value = "Approved" -} - -# AWS > S3 > Bucket > Approved > Regions -# https://turbot.com/v5/mods/turbot/aws-s3/inspect#/policy/types/bucketApprovedRegions -resource "turbot_policy_setting" "aws_s3_bucket_approved_regions" { - count = var.enable_s3_approved_policies ? 1 : 0 - resource = turbot_smart_folder.aws_all_s3.id - type = "tmod:@turbot/aws-s3#/policy/types/bucketApprovedRegions" - value = < S3 > Enabled -# https://turbot.com/v5/mods/turbot/aws-s3/inspect#/policy/types/s3Enabled -resource "turbot_policy_setting" "aws_s3_s3_enabled" { - count = var.enable_s3_enabled_policies ? 1 : 0 - resource = turbot_smart_folder.aws_all_s3.id - type = "tmod:@turbot/aws-s3#/policy/types/s3Enabled" - value = "Enabled" -} - -# AWS > S3 > API Enabled -# https://turbot.com/v5/mods/turbot/aws-s3/inspect#/policy/types/s3ApiEnabled -resource "turbot_policy_setting" "aws_s3_s3_api_enabled" { - count = var.enable_s3_enabled_policies ? 1 : 0 - resource = turbot_smart_folder.aws_all_s3.id - type = "tmod:@turbot/aws-s3#/policy/types/s3ApiEnabled" - value = "Enabled" -} diff --git a/baselines/todo_policy_packs/aws/aws_check_s3/s3_encryption_policies.tf b/baselines/todo_policy_packs/aws/aws_check_s3/s3_encryption_policies.tf deleted file mode 100644 index 0800444fb..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_s3/s3_encryption_policies.tf +++ /dev/null @@ -1,25 +0,0 @@ -# Encryption at Rest Guardrails -# https://turbot.com/v5/docs/concepts/guardrails/encryption-at-rest - -# Encryption in Transit Guardrails -# https://turbot.com/v5/docs/concepts/guardrails/encryption-in-transit - -# Encryption at Rest and In Transit. Also in the Encryption Baseline - -# AWS > S3 > Bucket > Encryption in Transit -# https://turbot.com/v5/mods/turbot/aws-s3/inspect#/policy/types/encryptionInTransit -resource "turbot_policy_setting" "aws_s3_encryption_in_transit" { - count = var.enable_s3_encryption_policies ? 1 : 0 - resource = turbot_smart_folder.aws_all_s3.id - type = "tmod:@turbot/aws-s3#/policy/types/encryptionInTransit" - value = "Check: Enabled" -} - -# AWS > S3 > Bucket > Encryption at Rest -# https://turbot.com/v5/mods/turbot/aws-s3/inspect#/policy/types/bucketEncryptionAtRest -resource "turbot_policy_setting" "aws_s3_bucket_encryption_at_rest" { - count = var.enable_s3_encryption_policies ? 1 : 0 - resource = turbot_smart_folder.aws_all_s3.id - type = "tmod:@turbot/aws-s3#/policy/types/bucketEncryptionAtRest" - value = "Check: AWS SSE or higher" -} diff --git a/baselines/todo_policy_packs/aws/aws_check_s3/s3_permission_policies.tf b/baselines/todo_policy_packs/aws/aws_check_s3/s3_permission_policies.tf deleted file mode 100644 index 1601727d6..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_s3/s3_permission_policies.tf +++ /dev/null @@ -1,54 +0,0 @@ -# This is an example of IAM Lockdown Permissions and Turbot AWS RBAC that can be set -# Assumes your use of Turbot AWS RBAC; setting these policies will only set conditions, nothing will action or check. -# If you are not using Turbot AWS RBAC controls you can ignore this part of the baseline - -# AWS > S3 > Permissions > Levels -# https://turbot.com/v5/mods/turbot/aws-s3/inspect#/policy/types/s3PermissionsLevels -resource "turbot_policy_setting" "aws_s3_s3_permissions_levels" { - count = var.enable_s3_permission_policies ? 1 : 0 - resource = turbot_smart_folder.aws_all_s3.id - type = "tmod:@turbot/aws-s3#/policy/types/s3PermissionsLevels" - value = < S3 > Permissions > Levels > Cross Replication Administration -# https://turbot.com/v5/mods/turbot/aws-s3/inspect#/policy/types/s3PermissionsLevelsCrossReplicationAdministration -resource "turbot_policy_setting" "aws_s3_s3_permissions_levels_cross_replication_administration" { - count = var.enable_s3_permission_policies ? 1 : 0 - resource = turbot_smart_folder.aws_all_s3.id - type = "tmod:@turbot/aws-s3#/policy/types/s3PermissionsLevelsCrossReplicationAdministration" - value = "None" -} - -# AWS > S3 > Permissions > Levels > CORS Administration -# https://turbot.com/v5/mods/turbot/aws-s3/inspect#/policy/types/s3PermissionsLevelsCorsAdministration -resource "turbot_policy_setting" "aws_s3_s3_permissions_levels_cors_administration" { - count = var.enable_s3_permission_policies ? 1 : 0 - resource = turbot_smart_folder.aws_all_s3.id - type = "tmod:@turbot/aws-s3#/policy/types/s3PermissionsLevelsCorsAdministration" - value = "None" -} - -# AWS > S3 > Permissions > Levels > ACL Administration -# https://turbot.com/v5/mods/turbot/aws-s3/inspect#/policy/types/s3PermissionsLevelsAclAdministration -resource "turbot_policy_setting" "aws_s3_s3_permissions_levels_acl_administration" { - count = var.enable_s3_permission_policies ? 1 : 0 - resource = turbot_smart_folder.aws_all_s3.id - type = "tmod:@turbot/aws-s3#/policy/types/s3PermissionsLevelsAclAdministration" - value = "None" -} - -# AWS > S3 > Permissions > Levels > Access Logging Administration -# https://turbot.com/v5/mods/turbot/aws-s3/inspect#/policy/types/s3PermissionsLevelsAccessLoggingAdministration -resource "turbot_policy_setting" "aws_s3_s3_permissions_levels_access_logging_administration" { - count = var.enable_s3_permission_policies ? 1 : 0 - resource = turbot_smart_folder.aws_all_s3.id - type = "tmod:@turbot/aws-s3#/policy/types/s3PermissionsLevelsAccessLoggingAdministration" - value = "None" -} diff --git a/baselines/todo_policy_packs/aws/aws_check_s3/s3_public_access_policies.tf b/baselines/todo_policy_packs/aws/aws_check_s3/s3_public_access_policies.tf deleted file mode 100644 index 1ee5b1a22..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_s3/s3_public_access_policies.tf +++ /dev/null @@ -1,52 +0,0 @@ -# Public Access Guardrails -# https://turbot.com/v5/docs/concepts/guardrails/public-access - -### S3 Account Level Public Access Block Policies ### - -# AWS > S3 > Account > Public Access Block -# https://turbot.com/v5/mods/turbot/aws-s3/inspect#/policy/types/s3AccountPublicAccessBlock -resource "turbot_policy_setting" "aws_s3_s3_account_public_access_block" { - count = var.enable_s3_public_access_policies ? 1 : 0 - resource = turbot_smart_folder.aws_all_s3.id - type = "tmod:@turbot/aws-s3#/policy/types/s3AccountPublicAccessBlock" - value = "Check: Per `Public Access Block > Settings`" -} - -# AWS > S3 > Account > Public Access Block > Settings -# https://turbot.com/v5/mods/turbot/aws-s3/inspect#/policy/types/s3AccountPublicAccessBlockSettings -resource "turbot_policy_setting" "aws_s3_s3_account_public_access_block_settings" { - count = var.enable_s3_public_access_policies ? 1 : 0 - resource = turbot_smart_folder.aws_all_s3.id - type = "tmod:@turbot/aws-s3#/policy/types/s3AccountPublicAccessBlockSettings" - value = < S3 > Bucket > Public Access Block -# https://turbot.com/v5/mods/turbot/aws-s3/inspect#/policy/types/s3BucketPublicAccessBlock -resource "turbot_policy_setting" "aws_s3_s3_bucket_public_access_block" { - count = var.enable_s3_public_access_policies ? 1 : 0 - resource = turbot_smart_folder.aws_all_s3.id - type = "tmod:@turbot/aws-s3#/policy/types/s3BucketPublicAccessBlock" - value = "Check: Per `Public Access Block > Settings`" -} - -# AWS > S3 > Bucket > Public Access Block > Settings -# https://turbot.com/v5/mods/turbot/aws-s3/inspect#/policy/types/s3BucketPublicAccessBlockSettings -resource "turbot_policy_setting" "aws_s3_s3_bucket_public_access_block_settings" { - count = var.enable_s3_public_access_policies ? 1 : 0 - resource = turbot_smart_folder.aws_all_s3.id - type = "tmod:@turbot/aws-s3#/policy/types/s3BucketPublicAccessBlockSettings" - value = < S3 > Bucket > Tags -# https://turbot.com/v5/mods/turbot/aws-s3/inspect#/policy/types/bucketTags -resource "turbot_policy_setting" "aws_s3_bucket_tags" { - count = var.enable_s3_tag_policies ? 1 : 0 - resource = turbot_smart_folder.aws_all_s3.id - type = "tmod:@turbot/aws-s3#/policy/types/bucketTags" - value = "Check: Tags are correct" -} - -# AWS > S3 > Bucket > Tags > Template -# https://turbot.com/v5/mods/turbot/aws-s3/inspect#/policy/types/bucketTagsTemplate -resource "turbot_policy_setting" "aws_s3_bucket_tags_template" { - count = var.enable_s3_tag_policies ? 1 : 0 - resource = turbot_smart_folder.aws_all_s3.id - type = "tmod:@turbot/aws-s3#/policy/types/bucketTagsTemplate" - template_input = <<-QUERY - { - resource { - turbot { - title - tags - } - creator: notifications(filter: "sort:version_id limit:1") { - items { - actor { - alternatePersona - identity { - turbot { - title - } - } - } - turbot { - createTimestamp - } - } - } - } - } - QUERY - # Nunjucks template to set tags and check for tag validity. - template = <<-TEMPLATE - # Bring in environment metadata / attributes - Name: "{{ $.resource.turbot.title }}" - # Enforce selection of values, set to "Non-Compliant" if out of bounds - Environment: "{% if $.resource.turbot.tags['Environment'] in ['Dev', 'QA', 'Prod', 'Temp'] %}{{ $.resource.turbot.tags['Environment'] }}{% else %}Non-Compliant Tag{% endif %}" - # Actor who created the resource - CreatedByActor: "{% if $.resource.creator.items[0].actor.identity.turbot.title == 'Unidentified Identity' %}{{ $.resource.creator.items[0].actor.alternatePersona }}{% else %}{{ $.resource.creator.items[0].actor.identity.turbot.title }}{% endif %}" - # Creation Timestamp - CreatedByTime: "{{ $.resource.creator.items[0].turbot.createTimestamp }}" - TEMPLATE -} diff --git a/baselines/todo_policy_packs/aws/aws_check_s3/s3_trusted_access_policies.tf b/baselines/todo_policy_packs/aws/aws_check_s3/s3_trusted_access_policies.tf deleted file mode 100644 index 9a88b2ba9..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_s3/s3_trusted_access_policies.tf +++ /dev/null @@ -1,38 +0,0 @@ -# Trusted Access Guardrails -# https://turbot.com/v5/docs/concepts/guardrails/trusted-access - -# Trusted Accounts Access controls -# Will inherit the trusted accounts from Public Access baseline or from what is set in this baseline - -# AWS > S3 > Bucket > Policy > Trusted Access -# https://turbot.com/v5/mods/turbot/aws-s3/inspect#/policy/types/bucketPolicyTrustedAccess -resource "turbot_policy_setting" "aws_s3_bucket_policy_trusted_access" { - count = var.enable_s3_trusted_access_policies ? 1 : 0 - resource = turbot_smart_folder.aws_all_s3.id - type = "tmod:@turbot/aws-s3#/policy/types/bucketPolicyTrustedAccess" - value = "Check: Trusted Access" -} - -# Trusted account calculated policy sets the global template for S3 Buckets specifically. -# It will add trusted accounts which are provided externally by the user of the Terraform script. -# The global template from the Public Access baseline can be used as well. - -# AWS > S3 > Bucket > Policy > Trusted Access > Accounts -# https://turbot.com/v5/mods/turbot/aws-s3/inspect#/policy/types/bucketPolicyTrustedAccounts -resource "turbot_policy_setting" "aws_s3_trusted_accounts_template" { - count = var.enable_s3_trusted_access_policies ? 1 : 0 - resource = turbot_smart_folder.aws_all_s3.id - type = "tmod:@turbot/aws-s3#/policy/types/bucketPolicyTrustedAccounts" - template_input = <<-QUERY - { - account { - Id - } - } - QUERY - - # set trustedAccounts from terraform.tfvars - template = <<-TEMPLATE - ${yamlencode([for account in var.trusted_accounts : account])} - TEMPLATE -} diff --git a/baselines/todo_policy_packs/aws/aws_check_s3/s3_versioning_policies.tf b/baselines/todo_policy_packs/aws/aws_check_s3/s3_versioning_policies.tf deleted file mode 100644 index 5f1f1dbf8..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_s3/s3_versioning_policies.tf +++ /dev/null @@ -1,49 +0,0 @@ -# Simple Policy setting for bucket versioning. - -# This is the default version policy that will be created when applying the Terraform configuration as -# use_simple_s3_bucket_versioning defaults to true. - -# AWS > S3 > Bucket > Versioning -# https://turbot.com/v5/mods/turbot/aws-s3/inspect#/policy/types/bucketVersioning -resource "turbot_policy_setting" "aws_s3_bucket_versioning_simple" { - count = var.use_simple_s3_bucket_versioning ? 1 : 0 - resource = turbot_smart_folder.aws_all_s3.id - type = "tmod:@turbot/aws-s3#/policy/types/bucketVersioning" - value = "Check: Enabled" -} - -# Using a calculated policy here as an example for getting started with calculated policies -# Shows an example of setting different checks based on naming syntax and tag key:value pair - -# To enable this policy set the variable use_simple_s3_bucket_versioning to false which will not apply the simple -# versioning version. - -# AWS > S3 > Bucket > Versioning -# https://turbot.com/v5/mods/turbot/aws-s3/inspect#/policy/types/bucketVersioning -resource "turbot_policy_setting" "aws_s3_bucket_versioning" { - count = var.use_simple_s3_bucket_versioning ? 1 : 0 - resource = turbot_smart_folder.aws_all_s3.id - type = "tmod:@turbot/aws-s3#/policy/types/bucketVersioning" - template_input = <<-QUERY - { - bucket { - Name - turbot { - tags - } - } - } - QUERY - - # Nunjucks template evaluate metadata. - template = <<-TEMPLATE - {%- set result = "Check: Enabled" -%} - {%- set regExp = r/turbot-demo.*/g -%} - - {%- if regExp.test($.bucket.Name) or $.bucket.turbot.tags.Test == "Temp"-%} - {%- set result = "Check: Disabled" -%} - {%- endif -%} - - {{ result }} - TEMPLATE -} diff --git a/baselines/todo_policy_packs/aws/aws_check_s3/smart_folder.tf b/baselines/todo_policy_packs/aws/aws_check_s3/smart_folder.tf deleted file mode 100644 index 9c0609692..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_s3/smart_folder.tf +++ /dev/null @@ -1,5 +0,0 @@ -resource "turbot_smart_folder" "aws_all_s3" { - parent = var.smart_folder_parent_resource - title = var.smart_folder_name - description = var.smart_folder_description -} diff --git a/baselines/todo_policy_packs/aws/aws_check_s3/variables.tf b/baselines/todo_policy_packs/aws/aws_check_s3/variables.tf deleted file mode 100644 index bd4151427..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_s3/variables.tf +++ /dev/null @@ -1,90 +0,0 @@ -# Baseline Configuration -variable "trusted_accounts" { - type = list(string) - default = [] -} - -variable "enable_s3_access_logging_policies" { - type = bool - description = "Enable the S3 access logging policies for baseline" - default = true -} - -variable "enable_s3_active_policies" { - type = bool - description = "Enable the S3 active policies for baseline" - default = true -} - -variable "enable_s3_approved_policies" { - type = bool - description = "Enable the S3 approved policies for baseline" - default = true -} - -variable "enable_s3_enabled_policies" { - type = bool - description = "Enable the S3 enabled policies for baseline" - default = true -} - -variable "enable_s3_encryption_policies" { - type = bool - description = "Enable the S3 encryption policies for baseline" - default = true -} - -variable "enable_s3_permission_policies" { - type = bool - description = "Enable the S3 permission policies for baseline" - default = true -} - -variable "enable_s3_public_access_policies" { - type = bool - description = "Enable the S3 public access policies for baseline" - default = true -} - -variable "enable_s3_tag_policies" { - type = bool - description = "Enable the S3 tag policies for baseline" - default = true -} - -variable "enable_s3_trusted_access_policies" { - type = bool - description = "Enable the S3 trusted access policies for baseline" - default = true -} - -variable "use_simple_s3_bucket_versioning" { - type = bool - description = "Enable the S3 versioning policies for baseline" - default = true -} - - -# Optional Common Baseline Configuration - -variable "turbot_profile" { - description = "Enter profile matching your turbot cli credentials." -} - -variable "smart_folder_name" { - description = "Smart folder name for the baseline" - type = string - default = "AWS Check S3 Policies" -} - -variable "smart_folder_description" { - description = "Enter a description for the smart folder" - type = string - default = "Defines sets of policies for the AWS check S3 baseline" -} - -variable "smart_folder_parent_resource" { - description = "Enter the resource ID or AKA for the parent of the smart folder" - type = string - default = "tmod:@turbot/turbot#/" -} diff --git a/baselines/todo_policy_packs/aws/aws_check_stack/README.md b/baselines/todo_policy_packs/aws/aws_check_stack/README.md deleted file mode 100644 index 70f9ba4bd..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_stack/README.md +++ /dev/null @@ -1,137 +0,0 @@ -# Baseline - AWS Check Stack - -AWS Check Stack will allow you to set policy to deploy AWS Account IAM Stack , Terraform version for you source and also to apply the Stack Source policy. - -More info - -- [Stacks and the Configured Guardrails](https://turbot.com/v5/docs/concepts/guardrails/configured) - -## Overview - -Baseline policies are initial set of policies recommended to start with while using Turbot. These policies mostly focuses on enabling services, frequently used policies to run in check mode & enabling security features such as various encryption standards. Baseline TF scripts allows you to toggle the value to apply or ignore. See the below sections for more information. - -Some of these policies overlap with other set of baselines. Hence Turbot provided set of baseline TF files are executed in separate [Smart Folder](https://turbot.com/v5/docs/getting-started/smart_folder). The advantage of setting up of each baseline in their own Smart Folder prevents conflicting with the policy settings created by other baseline scripts. - -This baseline will not attach to a resource by default. This needs to be done manually using the Turbot UI. - -## Requirements - -- Terraform v0.13 or greater installed -- Valid Turbot configuration credentials - -For further information on configuring Turbot credentials can be found [here](https://turbot.com/v5/docs/reference/cli/installation#setup-your-turbot-credentials). - -## Applying baseline - -The baseline is defined by a set of files which together define the configuration of the baseline. - -### Initialize baseline - -If not previously run, Initialize Terraform to get all necessary providers for the baseline. - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform init - ``` -### Profile name as input - -The baseline example set requires you to provide `turbot_profile` name as input. This is to help in case you are having more profiles than only `default`. In case it's default, specify name as default. - -```shell -var.turbot_profile - Enter profile matching your turbot cli credentials. - Enter a value: -``` - -### Deploying demo example - -1. Navigate to the folder of the baseline -2. Initialize Terraform -3. Apply the baseline using the demo input variable file [demo.tfvars](demo.tfvars) - -On the terminal this will look like: - -```shell -cd -terraform init -terraform apply --var-file demo.tfvars -``` -**Note** -- Most of the variables in demo.tfvars are marked as `false`, as they are not part of required initial policies. This can be made `true` based on need. -- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default variable file. - -### Input variable files - -Input variable files allow for the user to configure configuration definitions for multiple environments in different files. - -This baseline comes with an example input variable file called [demo.tfvars](demo.tfvars). - -It will be used to define which parts of the baseline to apply and which to ignore. - -The variables that can be overwritten by the input variable files i.e. [demo.tfvars](demo.tfvars) are defined in the [variables.tf](variables.tf) file. - -Further details found in official [Terraform documentation](https://www.terraform.io/docs/language/values/variables.html). - -### Apply baseline using input variable files - -If seeking to apply the baseline using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform apply --var-file=demo.tfvars - ``` -### Apply baseline without input variable file - -The baseline can be applied without an input variable file. - -1. By this time Terraform initialization is done as mentioned above. -3. Prefer to check the outcome by running the Terraform plan -3. Apply the Terraform -4. Run the command: - -```shell -cd -terraform plan -terraform apply -``` - -`This may prompt the user applying the baseline to enter values for variables that do not have default values.` - -### Destroy baseline without input variable file - -If seeking to apply the baseline without using an input variable file. - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform destroy - ``` - -### Destroy using input variable files - -If seeking to destoy the baseline configuration using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform destroy --var-file=demo.tfvars - ``` - -## Commenting strategy - -All Turbot policies used by the baselines will have a link to the official Turbot Mods documentation. - -Opening the links will give you further details about: - -- The purpose of the policy -- Policy URI name -- Parent information -- Category information -- Target information -- All valid values diff --git a/baselines/todo_policy_packs/aws/aws_check_stack/aws_account_iam_stack_policies.tf b/baselines/todo_policy_packs/aws/aws_check_stack/aws_account_iam_stack_policies.tf deleted file mode 100644 index 0a24e4f7c..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_stack/aws_account_iam_stack_policies.tf +++ /dev/null @@ -1,40 +0,0 @@ -# AWS > Account > Stack -# https://turbot.com/v5/mods/turbot/aws/inspect#/policy/types/accountStack -resource "turbot_policy_setting" "aws_account_iam_stack" { - count = var.aws_account_iam_stack ? 1 : 0 - resource = turbot_smart_folder.aws_stack.id - type = "tmod:@turbot/aws#/policy/types/accountStack" - value = "Check: Configured" - #value = "Enforce: Configured" -} - -# AWS > Account > Stack > Terraform Version -# https://turbot.com/v5/mods/turbot/aws/inspect#/policy/types/accountStackTerraformVersion -resource "turbot_policy_setting" "aws_account_iam_stack_tfversion" { - count = var.aws_account_iam_stack_tfversion ? 1 : 0 - resource = turbot_smart_folder.aws_stack.id - type = "tmod:@turbot/aws#/policy/types/accountStackTerraformVersion" - value = "0.13.*" -} - -# AWS > Account > Stack > Source -# https://turbot.com/v5/mods/turbot/aws/inspect#/policy/types/accountStackSource -resource "turbot_policy_setting" "aws_account_iam_stack_source" { - count = var.aws_account_iam_stack_source ? 1 : 0 - resource = turbot_smart_folder.aws_stack.id - type = "tmod:@turbot/aws#/policy/types/accountStackSource" - value = <<-SOURCE - ${file("./tf_includes/sourcestack_policies.tf")} - SOURCE -} - -# AWS > Turbot > Permissions > Custom Levels [Account] -# https://turbot.com/v5/mods/turbot/aws-iam/inspect#/policy/types/permissionsCustomLevelsAccount -resource "turbot_policy_setting" "aws_iam_permissions_custom_levels_account" { - count = var.aws_iam_permissions_custom_levels_account ? 1 : 0 - resource = turbot_smart_folder.aws_stack.id - type = "tmod:@turbot/aws-iam#/policy/types/permissionsCustomLevelsAccount" - value = < -terraform init -terraform apply --var-file demo.tfvars -``` - -### Input variable files - -Input variable files allow for the user to configure configuration definitions for multiple environments in different files. - -This baseline comes with an example input variable file called [demo.tfvars](demo.tfvars). - -It will be used to define which parts of the baseline to apply and which to ignore. - -The variables that can be overwritten by the input variable files i.e. [demo.tfvars](demo.tfvars) are defined in the [variables.tf](variables.tf) file. - -Further details found in official [Terraform documentation](https://www.terraform.io/docs/language/values/variables.html). - -### Apply baseline using input variable files - -If seeking to apply the baseline using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform apply --var-file=demo.tfvars - ``` -### Apply baseline without input variable file - -The baseline can be applied without an input variable file. - -1. By this time Terraform initialization is done as mentioned above. -3. Prefer to check the outcome by running the Terraform plan -3. Apply the Terraform -4. Run the command: - -```shell -cd -terraform plan -terraform apply -``` - -`This may prompt the user applying the baseline to enter values for variables that do not have default values.` - -### Destroy baseline without input variable file - -If seeking to apply the baseline without using an input variable file. - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform destroy - ``` - -### Destroy using input variable files - -If seeking to destoy the baseline configuration using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform destroy --var-file=demo.tfvars - ``` - -## Commenting strategy - -All Turbot policies used by the baselines will have a link to the official Turbot Mods documentation. - -Opening the links will give you further details about: - -- The purpose of the policy -- Policy URI name -- Parent information -- Category information -- Target information -- All valid values diff --git a/baselines/todo_policy_packs/aws/aws_check_tagging/aws_tagging.tf b/baselines/todo_policy_packs/aws/aws_check_tagging/aws_tagging.tf deleted file mode 100644 index e48b51f92..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_tagging/aws_tagging.tf +++ /dev/null @@ -1,81 +0,0 @@ -# More Info: https://turbot.com/v5/docs/concepts/guardrails/tagging - -# AWS > EC2 > Instance > Tags -# https://turbot.com/v5/mods/turbot/aws-ec2/inspect#/policy/types/instanceTags -# AWS > EC2 > Snapshot > Tags -# https://turbot.com/v5/mods/turbot/aws-ec2/inspect#/policy/types/snapshotTags -# AWS > EC2 > Volume > Tags -# https://turbot.com/v5/mods/turbot/aws-ec2/inspect#/policy/types/volumeTags -# AWS > Lambda > Function > Tags -# https://turbot.com/v5/mods/turbot/aws-lambda/inspect#/policy/types/functionTags -# AWS > S3 > Bucket > Tags -# https://turbot.com/v5/mods/turbot/aws-s3/inspect#/policy/types/bucketTags -# AWS > VPC > Security Group > Tags -# https://turbot.com/v5/mods/turbot/aws-vpc-security/inspect#/policy/types/securityGroupTags -# AWS > VPC > VPC > Tags -# https://turbot.com/v5/mods/turbot/aws-vpc-core/inspect#/policy/types/vpcTags - -resource "turbot_policy_setting" "set_resource_tag_policies" { - for_each = var.resource_tags - resource = turbot_smart_folder.aws_tagging.id - type = local.policy_map[each.key] - value = each.value -} - -## Sets the default tag template for all resources. -resource "turbot_policy_setting" "default_tag_template" { - for_each = var.resource_tags - resource = turbot_smart_folder.aws_tagging.id - type = local.policy_map_template[each.key] - # GraphQL to pull metadata - template_input = <<-QUERY - { - resource { - turbot { - title - tags - } - creator: notifications(filter: "sort:version_id limit:1") { - items { - actor { - alternatePersona - identity { - turbot { - title - } - } - } - turbot { - createTimestamp - } - } - } - } - } - QUERY - # Nunjucks template to set tags and check for tag validity. - template = <<-TEMPLATE - # Bring in environment metadata / attributes - Name: "{{ $.resource.turbot.title }}" - # Enforce selection of values, set to "Non-Compliant" if out of bounds - Environment: "{% if $.resource.turbot.tags['Environment'] in ['Dev', 'QA', 'Prod', 'Temp'] %}{{ $.resource.turbot.tags['Environment'] }}{% else %}Non-Compliant Tag{% endif %}" - # Actor who created the resource - CreatedByActor: "{% if $.resource.creator.items[0].actor.identity.turbot.title == 'Unidentified Identity' %}{{ $.resource.creator.items[0].actor.alternatePersona }}{% else %}{{ $.resource.creator.items[0].actor.identity.turbot.title }}{% endif %}" - # Creation Timestamp - CreatedByTime: "{{ $.resource.creator.items[0].turbot.createTimestamp }}" - TEMPLATE -} - -# Missing Tag on folder use case: -## {%- set missingTag = "__MissingTag__" -%} -## {%- set required_tags = ${jsonencode([for tag_name in var.required_tags : tag_name])} -%} -## # If Resource has a required tag, will accept the resource tag, else will tag with Folder tag value. -## {%- for tag_name in required_tags %} -## {%- if tag_name in $.resource.turbot.tags %} -## {{tag_name}}: "{{ $.resource.turbot.tags[tag_name] }}" -## {%- elif tag_name in $.folder.turbot.tags %} -## {{tag_name}}: "{{ $.folder.turbot.tags[tag_name] }}" -## {%- else %} -## {{tag_name}}: {{missingTag}} -## {%- endif %} -## {%- endfor %} diff --git a/baselines/todo_policy_packs/aws/aws_check_tagging/demo.tfvars b/baselines/todo_policy_packs/aws/aws_check_tagging/demo.tfvars deleted file mode 100644 index 4dc869ea4..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_tagging/demo.tfvars +++ /dev/null @@ -1,9 +0,0 @@ -resource_tags = { - aws-ec2-instance = "Check: Tags are correct" - aws-ec2-snapshot = "Check: Tags are correct" - aws-ec2-volume = "Check: Tags are correct" - aws-lambda-function = "Check: Tags are correct" - aws-s3-bucket = "Check: Tags are correct" - aws-vpc-security-securityGroup = "Check: Tags are correct" - aws-vpc-core-vpc = "Check: Tags are correct" -} diff --git a/baselines/todo_policy_packs/aws/aws_check_tagging/locals.tf b/baselines/todo_policy_packs/aws/aws_check_tagging/locals.tf deleted file mode 100644 index 48d246565..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_tagging/locals.tf +++ /dev/null @@ -1,268 +0,0 @@ -locals { - # Note: the resource map above dictates the applicable use of each line item below. You do not need to comment out these items to reduce scope - policy_map = { - aws-acm-certificate : "tmod:@turbot/aws-acm#/policy/types/certificateTags" - aws-mq-broker : "tmod:@turbot/aws-mq#/policy/types/brokerTags" - aws-mq-configuration : "tmod:@turbot/aws-mq#/policy/types/configurationTags" - aws-amplify-app : "tmod:@turbot/aws-amplify#/policy/types/appTags" - aws-apigateway-api : "tmod:@turbot/aws-apigateway#/policy/types/apiTags" - aws-apigateway-apiKey : "tmod:@turbot/aws-apigateway#/policy/types/apiKeyTags" - aws-apigateway-apiV2 : "tmod:@turbot/aws-apigateway#/policy/types/apiV2Tags" - aws-apigateway-domainNameV2 : "tmod:@turbot/aws-apigateway#/policy/types/domainNameV2Tags" - aws-apigateway-stage : "tmod:@turbot/aws-apigateway#/policy/types/stageTags" - aws-apigateway-stageV2 : "tmod:@turbot/aws-apigateway#/policy/types/stageV2Tags" - aws-apigateway-usagePlan : "tmod:@turbot/aws-apigateway#/policy/types/usagePlanTags" - aws-appmesh-mesh : "tmod:@turbot/aws-appmesh#/policy/types/meshTags" - aws-athena-namedQuery : "tmod:@turbot/aws-athena#/policy/types/namedQueryTags" - aws-athena-workgroup : "tmod:@turbot/aws-athena#/policy/types/workgroupTags" - aws-backup-backupPlan : "tmod:@turbot/aws-backup#/policy/types/backupPlanTags" - aws-backup-backupVault : "tmod:@turbot/aws-backup#/policy/types/backupVaultTags" - aws-cloudformation-stack : "tmod:@turbot/aws-cloudformation#/policy/types/stackTags" - aws-cloudformation-stackSet : "tmod:@turbot/aws-cloudformation#/policy/types/stackSetTags" - aws-cloudfront-distribution : "tmod:@turbot/aws-cloudfront#/policy/types/distributionTags" - aws-cloudfront-streamingDistribution : "tmod:@turbot/aws-cloudfront#/policy/types/streamingDistributionTags" - aws-cloudtrail-trail : "tmod:@turbot/aws-cloudtrail#/policy/types/trailTags" - aws-cloudwatch-alarm : "tmod:@turbot/aws-cloudwatch#/policy/types/alarmTags" - aws-codebuild-project : "tmod:@turbot/aws-codebuild#/policy/types/projectTags" - aws-codecommit-repository : "tmod:@turbot/aws-codecommit#/policy/types/repositoryTags" - aws-config-rule : "tmod:@turbot/aws-config#/policy/types/ruleTags" - aws-dax-cluster : "tmod:@turbot/aws-dax#/policy/types/clusterTags" - aws-directoryservice-directory : "tmod:@turbot/aws-directoryservice#/policy/types/directoryTags" - aws-dms-endpoint : "tmod:@turbot/aws-dms#/policy/types/endpointTags" - aws-docdb-dbCluster : "tmod:@turbot/aws-docdb#/policy/types/dbClusterTags" - aws-docdb-dbClusterParameterGroup : "tmod:@turbot/aws-docdb#/policy/types/dbClusterParameterGroupTags" - aws-docdb-dbInstance : "tmod:@turbot/aws-docdb#/policy/types/dbInstanceTags" - aws-dynamodb-table : "tmod:@turbot/aws-dynamodb#/policy/types/tableTags" - aws-ec2-ami : "tmod:@turbot/aws-ec2#/policy/types/amiTags" - aws-ec2-applicationLoadBalancer : "tmod:@turbot/aws-ec2#/policy/types/applicationLoadBalancerTags" - aws-ec2-autoScalingGroup : "tmod:@turbot/aws-ec2#/policy/types/autoScalingGroupTags" - aws-ec2-classicLoadBalancer : "tmod:@turbot/aws-ec2#/policy/types/classicLoadBalancerTags" - aws-ec2-instance : "tmod:@turbot/aws-ec2#/policy/types/instanceTags" - aws-ec2-keyPair : "tmod:@turbot/aws-ec2#/policy/types/keyPairTags" - aws-ec2-launchTemplate : "tmod:@turbot/aws-ec2#/policy/types/launchTemplateTags" - aws-ec2-networkInterface : "tmod:@turbot/aws-ec2#/policy/types/networkInterfaceTags" - aws-ec2-networkLoadBalancer : "tmod:@turbot/aws-ec2#/policy/types/networkLoadBalancerTags" - aws-ec2-snapshot : "tmod:@turbot/aws-ec2#/policy/types/snapshotTags" - aws-ec2-targetGroup : "tmod:@turbot/aws-ec2#/policy/types/targetGroupTags" - aws-ec2-volume : "tmod:@turbot/aws-ec2#/policy/types/volumeTags" - aws-ecr-repository : "tmod:@turbot/aws-ecr#/policy/types/repositoryTags" - aws-ecs-cluster : "tmod:@turbot/aws-ecs#/policy/types/clusterTags" - aws-ecs-taskDefinition : "tmod:@turbot/aws-ecs#/policy/types/taskDefinitionTags" - aws-efs-fileSystem : "tmod:@turbot/aws-efs#/policy/types/fileSystemTags" - aws-eks-cluster : "tmod:@turbot/aws-eks#/policy/types/clusterTags" - aws-eks-nodeGroup : "tmod:@turbot/aws-eks#/policy/types/nodeGroupTags" - aws-elasticbeanstalk-application : "tmod:@turbot/aws-elasticbeanstalk#/policy/types/applicationTags" - aws-elasticbeanstalk-environment : "tmod:@turbot/aws-elasticbeanstalk#/policy/types/environmentTags" - aws-elasticache-cacheCluster : "tmod:@turbot/aws-elasticache#/policy/types/cacheClusterTags" - aws-elasticache-snapshot : "tmod:@turbot/aws-elasticache#/policy/types/snapshotTags" - aws-elasticsearch-domain : "tmod:@turbot/aws-elasticsearch#/policy/types/domainTags" - aws-emr-cluster : "tmod:@turbot/aws-emr#/policy/types/clusterTags" - aws-fsx-backup : "tmod:@turbot/aws-fsx#/policy/types/backupTags" - aws-fsx-fileSystem : "tmod:@turbot/aws-fsx#/policy/types/fileSystemTags" - aws-glacier-vault : "tmod:@turbot/aws-glacier#/policy/types/vaultTags" - aws-guardduty-detector : "tmod:@turbot/aws-guardduty#/policy/types/detectorTags" - aws-guardduty-ipSet : "tmod:@turbot/aws-guardduty#/policy/types/ipSetTags" - aws-guardduty-threatIntelSet : "tmod:@turbot/aws-guardduty#/policy/types/threatIntelSetTags" - aws-iam-role : "tmod:@turbot/aws-iam#/policy/types/roleTags" - aws-iam-user : "tmod:@turbot/aws-iam#/policy/types/userTags" - aws-inspector-assessmentTemplate : "tmod:@turbot/aws-inspector#/policy/types/assessmentTemplateTags" - aws-kinesis-stream : "tmod:@turbot/aws-kinesis#/policy/types/streamTags" - aws-kms-key : "tmod:@turbot/aws-kms#/policy/types/keyTags" - aws-lambda-function : "tmod:@turbot/aws-lambda#/policy/types/functionTags" - aws-logs-logGroup : "tmod:@turbot/aws-logs#/policy/types/logGroupTags" - aws-msk-cluster : "tmod:@turbot/aws-msk#/policy/types/clusterTags" - aws-neptune-dbCluster : "tmod:@turbot/aws-neptune#/policy/types/dbClusterTags" - aws-neptune-dbInstance : "tmod:@turbot/aws-neptune#/policy/types/dbInstanceTags" - aws-qldb-ledger : "tmod:@turbot/aws-qldb#/policy/types/ledgerTags" - aws-rds-dbCluster : "tmod:@turbot/aws-rds#/policy/types/dbClusterTags" - aws-rds-dbClusterParameterGroup : "tmod:@turbot/aws-rds#/policy/types/dbClusterParameterGroupTags" - aws-rds-dbClusterSnapshotManual : "tmod:@turbot/aws-rds#/policy/types/dbClusterSnapshotManualTags" - aws-rds-dbInstance : "tmod:@turbot/aws-rds#/policy/types/dbInstanceTags" - aws-rds-dbParameterGroup : "tmod:@turbot/aws-rds#/policy/types/dbParameterGroupTags" - aws-rds-dbSnapshotManual : "tmod:@turbot/aws-rds#/policy/types/dbSnapshotManualTags" - aws-rds-optionGroup : "tmod:@turbot/aws-rds#/policy/types/optionGroupTags" - aws-rds-subnetGroup : "tmod:@turbot/aws-rds#/policy/types/subnetGroupTags" - aws-redshift-cluster : "tmod:@turbot/aws-redshift#/policy/types/clusterTags" - aws-redshift-clusterParameterGroup : "tmod:@turbot/aws-redshift#/policy/types/clusterParameterGroupTags" - aws-redshift-clusterSubnetGroup : "tmod:@turbot/aws-redshift#/policy/types/clusterSubnetGroupTags" - aws-redshift-clusterSnapshotManual : "tmod:@turbot/aws-redshift#/policy/types/clusterSnapshotManualTags" - aws-robomaker-fleet : "tmod:@turbot/aws-robomaker#/policy/types/fleetTags" - aws-robomaker-robot : "tmod:@turbot/aws-robomaker#/policy/types/robotTags" - aws-robomaker-robotApplication : "tmod:@turbot/aws-robomaker#/policy/types/robotApplicationTags" - aws-route53-hostedZone : "tmod:@turbot/aws-route53#/policy/types/hostedZoneTags" - aws-route53resolver-resolverEndpoint : "tmod:@turbot/aws-route53resolver#/policy/types/resolverEndpointTags" - aws-route53resolver-resolverRule : "tmod:@turbot/aws-route53resolver#/policy/types/resolverRuleTags" - aws-s3-bucket : "tmod:@turbot/aws-s3#/policy/types/bucketTags" - aws-secretsmanager-secret : "tmod:@turbot/aws-secretsmanager#/policy/types/secretTags" - aws-securityhub-hub : "tmod:@turbot/aws-securityhub#/policy/types/hubTags" - aws-sns-topic : "tmod:@turbot/aws-sns#/policy/types/topicTags" - aws-sqs-queue : "tmod:@turbot/aws-sqs#/policy/types/queueTags" - aws-ssm-document : "tmod:@turbot/aws-ssm#/policy/types/documentTags" - aws-ssm-maintenanceWindow : "tmod:@turbot/aws-ssm#/policy/types/maintenanceWindowTags" - aws-ssm-ssmParameter : "tmod:@turbot/aws-ssm#/policy/types/ssmParameterTags" - aws-stepfunctions-stateMachine : "tmod:@turbot/aws-stepfunctions#/policy/types/stateMachineTags" - aws-swf-domain : "tmod:@turbot/aws-swf#/policy/types/domainTags" - aws-vpc-connect-customerGateway : "tmod:@turbot/aws-vpc-connect#/policy/types/customerGatewayTags" - aws-vpc-core-dhcpOptions : "tmod:@turbot/aws-vpc-core#/policy/types/dhcpOptionsTags" - aws-vpc-internet-egressOnlyInternetGateway : "tmod:@turbot/aws-vpc-internet#/policy/types/egressOnlyInternetGatewayTags" - aws-vpc-internet-elasticIp : "tmod:@turbot/aws-vpc-internet#/policy/types/elasticIpTags" - aws-vpc-internet-vpcEndpoint : "tmod:@turbot/aws-vpc-internet#/policy/types/vpcEndpointTags" - aws-vpc-internet-vpcEndpointService : "tmod:@turbot/aws-vpc-internet#/policy/types/vpcEndpointServiceTags" - aws-vpc-security-flowLog : "tmod:@turbot/aws-vpc-security#/policy/types/flowLogTags" - aws-vpc-internet-internetGateway : "tmod:@turbot/aws-vpc-internet#/policy/types/internetGatewayTags" - aws-vpc-internet-natGateway : "tmod:@turbot/aws-vpc-internet#/policy/types/natGatewayTags" - aws-vpc-security-networkAcl : "tmod:@turbot/aws-vpc-security#/policy/types/networkAclTags" - aws-vpc-connect-vpcPeeringConnection : "tmod:@turbot/aws-vpc-connect#/policy/types/vpcPeeringConnectionTags" - aws-vpc-core-routeTable : "tmod:@turbot/aws-vpc-core#/policy/types/routeTableTags" - aws-vpc-security-securityGroup : "tmod:@turbot/aws-vpc-security#/policy/types/securityGroupTags" - aws-vpc-core-subnet : "tmod:@turbot/aws-vpc-core#/policy/types/subnetTags" - aws-vpc-connect-transitGateway : "tmod:@turbot/aws-vpc-connect#/policy/types/transitGatewayTags" - aws-vpc-connect-transitGatewayRouteTable : "tmod:@turbot/aws-vpc-connect#/policy/types/transitGatewayRouteTableTags" - aws-vpc-core-vpc : "tmod:@turbot/aws-vpc-core#/policy/types/vpcTags" - aws-vpc-connect-vpnConnection : "tmod:@turbot/aws-vpc-connect#/policy/types/vpnConnectionTags" - aws-vpc-connect-vpnGateway : "tmod:@turbot/aws-vpc-connect#/policy/types/vpnGatewayTags" - aws-waf-ipSetV2Global : "tmod:@turbot/aws-waf#/policy/types/ipSetV2GlobalTags" - aws-waf-ipSetV2Regional : "tmod:@turbot/aws-waf#/policy/types/ipSetV2RegionalTags" - aws-waf-regexPatternSetV2Global : "tmod:@turbot/aws-waf#/policy/types/regexPatternSetV2GlobalTags" - aws-waf-regexPatternSetV2Regional : "tmod:@turbot/aws-waf#/policy/types/regexPatternSetV2RegionalTags" - aws-waf-ruleGroupV2Global : "tmod:@turbot/aws-waf#/policy/types/ruleGroupV2GlobalTags" - aws-waf-ruleGroupV2Regional : "tmod:@turbot/aws-waf#/policy/types/ruleGroupV2RegionalTags" - aws-waf-webacl : "tmod:@turbot/aws-waf#/policy/types/webaclTags" - aws-waf-webAclV2Global : "tmod:@turbot/aws-waf#/policy/types/webAclV2GlobalTags" - aws-waf-webAclV2Regional : "tmod:@turbot/aws-waf#/policy/types/webAclV2RegionalTags" - } - - # Mapping of resource name to resource tag map policy - # Note: the resource map above dictates the applicable use of each line item below. You do not need to comment out these items to reduce scope - policy_map_template = { - aws-acm-certificate : "tmod:@turbot/aws-acm#/policy/types/certificateTagsTemplate" - aws-mq-broker : "tmod:@turbot/aws-mq#/policy/types/brokerTagsTemplate" - aws-mq-configuration : "tmod:@turbot/aws-mq#/policy/types/configurationTagsTemplate" - aws-amplify-app : "tmod:@turbot/aws-amplify#/policy/types/appTagsTemplate" - aws-apigateway-api : "tmod:@turbot/aws-apigateway#/policy/types/apiTagsTemplate" - aws-apigateway-apiKey : "tmod:@turbot/aws-apigateway#/policy/types/apiKeyTagsTemplate" - aws-apigateway-apiV2 : "tmod:@turbot/aws-apigateway#/policy/types/apiV2TagsTemplate" - aws-apigateway-domainNameV2 : "tmod:@turbot/aws-apigateway#/policy/types/domainNameV2TagsTemplate" - aws-apigateway-stage : "tmod:@turbot/aws-apigateway#/policy/types/stageTagsTemplate" - aws-apigateway-stageV2 : "tmod:@turbot/aws-apigateway#/policy/types/stageV2TagsTemplate" - aws-apigateway-usagePlan : "tmod:@turbot/aws-apigateway#/policy/types/usagePlanTagsTemplate" - aws-appmesh-mesh : "tmod:@turbot/aws-appmesh#/policy/types/meshTagsTemplate" - aws-athena-namedQuery : "tmod:@turbot/aws-athena#/policy/types/namedQueryTagsTemplate" - aws-athena-workgroup : "tmod:@turbot/aws-athena#/policy/types/workgroupTagsTemplate" - aws-backup-backupPlan : "tmod:@turbot/aws-backup#/policy/types/backupPlanTagsTemplate" - aws-backup-backupVault : "tmod:@turbot/aws-backup#/policy/types/backupVaultTagsTemplate" - aws-cloudformation-stack : "tmod:@turbot/aws-cloudformation#/policy/types/stackTagsTemplate" - aws-cloudformation-stackSet : "tmod:@turbot/aws-cloudformation#/policy/types/stackSetTagsTemplate" - aws-cloudfront-distribution : "tmod:@turbot/aws-cloudfront#/policy/types/distributionTagsTemplate" - aws-cloudfront-streamingDistribution : "tmod:@turbot/aws-cloudfront#/policy/types/streamingDistributionTagsTemplate" - aws-cloudtrail-trail : "tmod:@turbot/aws-cloudtrail#/policy/types/trailTagsTemplate" - aws-cloudwatch-alarm : "tmod:@turbot/aws-cloudwatch#/policy/types/alarmTagsTemplate" - aws-codebuild-project : "tmod:@turbot/aws-codebuild#/policy/types/projectTagsTemplate" - aws-codecommit-repository : "tmod:@turbot/aws-codecommit#/policy/types/repositoryTagsTemplate" - aws-config-rule : "tmod:@turbot/aws-config#/policy/types/ruleTagsTemplate" - aws-dax-cluster : "tmod:@turbot/aws-dax#/policy/types/clusterTagsTemplate" - aws-directoryservice-directory : "tmod:@turbot/aws-directoryservice#/policy/types/directoryTagsTemplate" - aws-dms-endpoint : "tmod:@turbot/aws-dms#/policy/types/endpointTagsTemplate" - aws-docdb-dbCluster : "tmod:@turbot/aws-docdb#/policy/types/dbClusterTagsTemplate" - aws-docdb-dbClusterParameterGroup : "tmod:@turbot/aws-docdb#/policy/types/dbClusterParameterGroupTagsTemplate" - aws-docdb-dbInstance : "tmod:@turbot/aws-docdb#/policy/types/dbInstanceTagsTemplate" - aws-dynamodb-table : "tmod:@turbot/aws-dynamodb#/policy/types/tableTagsTemplate" - aws-ec2-ami : "tmod:@turbot/aws-ec2#/policy/types/amiTagsTemplate" - aws-ec2-applicationLoadBalancer : "tmod:@turbot/aws-ec2#/policy/types/applicationLoadBalancerTagsTemplate" - aws-ec2-autoScalingGroup : "tmod:@turbot/aws-ec2#/policy/types/autoScalingGroupTagsTemplate" - aws-ec2-classicLoadBalancer : "tmod:@turbot/aws-ec2#/policy/types/classicLoadBalancerTagsTemplate" - aws-ec2-instance : "tmod:@turbot/aws-ec2#/policy/types/instanceTagsTemplate" - aws-ec2-keyPair : "tmod:@turbot/aws-ec2#/policy/types/keyPairTagsTemplate" - aws-ec2-launchTemplate : "tmod:@turbot/aws-ec2#/policy/types/launchTemplateTagsTemplate" - aws-ec2-networkInterface : "tmod:@turbot/aws-ec2#/policy/types/networkInterfaceTagsTemplate" - aws-ec2-networkLoadBalancer : "tmod:@turbot/aws-ec2#/policy/types/networkLoadBalancerTagsTemplate" - aws-ec2-snapshot : "tmod:@turbot/aws-ec2#/policy/types/snapshotTagsTemplate" - aws-ec2-targetGroup : "tmod:@turbot/aws-ec2#/policy/types/targetGroupTagsTemplate" - aws-ec2-volume : "tmod:@turbot/aws-ec2#/policy/types/volumeTagsTemplate" - aws-ecr-repository : "tmod:@turbot/aws-ecr#/policy/types/repositoryTagsTemplate" - aws-ecs-cluster : "tmod:@turbot/aws-ecs#/policy/types/clusterTagsTemplate" - aws-ecs-taskDefinition : "tmod:@turbot/aws-ecs#/policy/types/taskDefinitionTagsTemplate" - aws-efs-fileSystem : "tmod:@turbot/aws-efs#/policy/types/fileSystemTagsTemplate" - aws-eks-cluster : "tmod:@turbot/aws-eks#/policy/types/clusterTagsTemplate" - aws-eks-nodeGroup : "tmod:@turbot/aws-eks#/policy/types/nodeGroupTagsTemplate" - aws-elasticbeanstalk-application : "tmod:@turbot/aws-elasticbeanstalk#/policy/types/applicationTagsTemplate" - aws-elasticbeanstalk-environment : "tmod:@turbot/aws-elasticbeanstalk#/policy/types/environmentTagsTemplate" - aws-elasticache-cacheCluster : "tmod:@turbot/aws-elasticache#/policy/types/cacheClusterTagsTemplate" - aws-elasticache-snapshot : "tmod:@turbot/aws-elasticache#/policy/types/snapshotTagsTemplate" - aws-elasticsearch-domain : "tmod:@turbot/aws-elasticsearch#/policy/types/domainTagsTemplate" - aws-emr-cluster : "tmod:@turbot/aws-emr#/policy/types/clusterTagsTemplate" - aws-fsx-backup : "tmod:@turbot/aws-fsx#/policy/types/backupTagsTemplate" - aws-fsx-fileSystem : "tmod:@turbot/aws-fsx#/policy/types/fileSystemTagsTemplate" - aws-glacier-vault : "tmod:@turbot/aws-glacier#/policy/types/vaultTagsTemplate" - aws-guardduty-detector : "tmod:@turbot/aws-guardduty#/policy/types/detectorTagsTemplate" - aws-guardduty-ipSet : "tmod:@turbot/aws-guardduty#/policy/types/ipSetTagsTemplate" - aws-guardduty-threatIntelSet : "tmod:@turbot/aws-guardduty#/policy/types/threatIntelSetTagsTemplate" - aws-iam-role : "tmod:@turbot/aws-iam#/policy/types/roleTagsTemplate" - aws-iam-user : "tmod:@turbot/aws-iam#/policy/types/userTagsTemplate" - aws-inspector-assessmentTemplate : "tmod:@turbot/aws-inspector#/policy/types/assessmentTemplateTagsTemplate" - aws-kinesis-stream : "tmod:@turbot/aws-kinesis#/policy/types/streamTagsTemplate" - aws-kms-key : "tmod:@turbot/aws-kms#/policy/types/keyTagsTemplate" - aws-lambda-function : "tmod:@turbot/aws-lambda#/policy/types/functionTagsTemplate" - aws-logs-logGroup : "tmod:@turbot/aws-logs#/policy/types/logGroupTagsTemplate" - aws-msk-cluster : "tmod:@turbot/aws-msk#/policy/types/clusterTagsTemplate" - aws-neptune-dbCluster : "tmod:@turbot/aws-neptune#/policy/types/dbClusterTagsTemplate" - aws-neptune-dbInstance : "tmod:@turbot/aws-neptune#/policy/types/dbInstanceTagsTemplate" - aws-qldb-ledger : "tmod:@turbot/aws-qldb#/policy/types/ledgerTagsTemplate" - aws-rds-dbCluster : "tmod:@turbot/aws-rds#/policy/types/dbClusterTagsTemplate" - aws-rds-dbClusterParameterGroup : "tmod:@turbot/aws-rds#/policy/types/dbClusterParameterGroupTagsTemplate" - aws-rds-dbClusterSnapshotManual : "tmod:@turbot/aws-rds#/policy/types/dbClusterSnapshotManualTagsTemplate" - aws-rds-dbInstance : "tmod:@turbot/aws-rds#/policy/types/dbInstanceTagsTemplate" - aws-rds-dbParameterGroup : "tmod:@turbot/aws-rds#/policy/types/dbParameterGroupTagsTemplate" - aws-rds-dbSnapshotManual : "tmod:@turbot/aws-rds#/policy/types/dbSnapshotManualTagsTemplate" - aws-rds-optionGroup : "tmod:@turbot/aws-rds#/policy/types/optionGroupTagsTemplate" - aws-rds-subnetGroup : "tmod:@turbot/aws-rds#/policy/types/subnetGroupTagsTemplate" - aws-redshift-cluster : "tmod:@turbot/aws-redshift#/policy/types/clusterTagsTemplate" - aws-redshift-clusterParameterGroup : "tmod:@turbot/aws-redshift#/policy/types/clusterParameterGroupTagsTemplate" - aws-redshift-clusterSubnetGroup : "tmod:@turbot/aws-redshift#/policy/types/clusterSubnetGroupTagsTemplate" - aws-redshift-clusterSnapshotManual : "tmod:@turbot/aws-redshift#/policy/types/clusterSnapshotManualTagsTemplate" - aws-robomaker-fleet : "tmod:@turbot/aws-robomaker#/policy/types/fleetTagsTemplate" - aws-robomaker-robot : "tmod:@turbot/aws-robomaker#/policy/types/robotTagsTemplate" - aws-robomaker-robotApplication : "tmod:@turbot/aws-robomaker#/policy/types/robotApplicationTagsTemplate" - aws-route53-hostedZone : "tmod:@turbot/aws-route53#/policy/types/hostedZoneTagsTemplate" - aws-route53resolver-resolverEndpoint : "tmod:@turbot/aws-route53resolver#/policy/types/resolverEndpointTagsTemplate" - aws-route53resolver-resolverRule : "tmod:@turbot/aws-route53resolver#/policy/types/resolverRuleTagsTemplate" - aws-s3-bucket : "tmod:@turbot/aws-s3#/policy/types/bucketTagsTemplate" - aws-secretsmanager-secret : "tmod:@turbot/aws-secretsmanager#/policy/types/secretTagsTemplate" - aws-securityhub-hub : "tmod:@turbot/aws-securityhub#/policy/types/hubTagsTemplate" - aws-sns-topic : "tmod:@turbot/aws-sns#/policy/types/topicTagsTemplate" - aws-sqs-queue : "tmod:@turbot/aws-sqs#/policy/types/queueTagsTemplate" - aws-ssm-document : "tmod:@turbot/aws-ssm#/policy/types/documentTagsTemplate" - aws-ssm-maintenanceWindow : "tmod:@turbot/aws-ssm#/policy/types/maintenanceWindowTagsTemplate" - aws-ssm-ssmParameter : "tmod:@turbot/aws-ssm#/policy/types/ssmParameterTagsTemplate" - aws-stepfunctions-stateMachine : "tmod:@turbot/aws-stepfunctions#/policy/types/stateMachineTagsTemplate" - aws-swf-domain : "tmod:@turbot/aws-swf#/policy/types/domainTagsTemplate" - aws-vpc-connect-customerGateway : "tmod:@turbot/aws-vpc-connect#/policy/types/customerGatewayTagsTemplate" - aws-vpc-core-dhcpOptions : "tmod:@turbot/aws-vpc-core#/policy/types/dhcpOptionsTagsTemplate" - aws-vpc-internet-egressOnlyInternetGateway : "tmod:@turbot/aws-vpc-internet#/policy/types/egressOnlyInternetGatewayTagsTemplate" - aws-vpc-internet-elasticIp : "tmod:@turbot/aws-vpc-internet#/policy/types/elasticIpTagsTemplate" - aws-vpc-internet-vpcEndpoint : "tmod:@turbot/aws-vpc-internet#/policy/types/vpcEndpointTagsTemplate" - aws-vpc-internet-vpcEndpointService : "tmod:@turbot/aws-vpc-internet#/policy/types/vpcEndpointServiceTagsTemplate" - aws-vpc-security-flowLog : "tmod:@turbot/aws-vpc-security#/policy/types/flowLogTagsTemplate" - aws-vpc-internet-internetGateway : "tmod:@turbot/aws-vpc-internet#/policy/types/internetGatewayTagsTemplate" - aws-vpc-internet-natGateway : "tmod:@turbot/aws-vpc-internet#/policy/types/natGatewayTagsTemplate" - aws-vpc-security-networkAcl : "tmod:@turbot/aws-vpc-security#/policy/types/networkAclTagsTemplate" - aws-vpc-connect-vpcPeeringConnection : "tmod:@turbot/aws-vpc-connect#/policy/types/vpcPeeringConnectionTagsTemplate" - aws-vpc-core-routeTable : "tmod:@turbot/aws-vpc-core#/policy/types/routeTableTagsTemplate" - aws-vpc-security-securityGroup : "tmod:@turbot/aws-vpc-security#/policy/types/securityGroupTagsTemplate" - aws-vpc-core-subnet : "tmod:@turbot/aws-vpc-core#/policy/types/subnetTagsTemplate" - aws-vpc-connect-transitGateway : "tmod:@turbot/aws-vpc-connect#/policy/types/transitGatewayTagsTemplate" - aws-vpc-connect-transitGatewayRouteTable : "tmod:@turbot/aws-vpc-connect#/policy/types/transitGatewayRouteTableTagsTemplate" - aws-vpc-core-vpc : "tmod:@turbot/aws-vpc-core#/policy/types/vpcTagsTemplate" - aws-vpc-connect-vpnConnection : "tmod:@turbot/aws-vpc-connect#/policy/types/vpnConnectionTagsTemplate" - aws-vpc-connect-vpnGateway : "tmod:@turbot/aws-vpc-connect#/policy/types/vpnGatewayTagsTemplate" - aws-waf-ipSetV2Global : "tmod:@turbot/aws-waf#/policy/types/ipSetV2GlobalTagsTemplate" - aws-waf-ipSetV2Regional : "tmod:@turbot/aws-waf#/policy/types/ipSetV2RegionalTagsTemplate" - aws-waf-regexPatternSetV2Global : "tmod:@turbot/aws-waf#/policy/types/regexPatternSetV2GlobalTagsTemplate" - aws-waf-regexPatternSetV2Regional : "tmod:@turbot/aws-waf#/policy/types/regexPatternSetV2RegionalTagsTemplate" - aws-waf-ruleGroupV2Global : "tmod:@turbot/aws-waf#/policy/types/ruleGroupV2GlobalTagsTemplate" - aws-waf-ruleGroupV2Regional : "tmod:@turbot/aws-waf#/policy/types/ruleGroupV2RegionalTagsTemplate" - aws-waf-webacl : "tmod:@turbot/aws-waf#/policy/types/webaclTagsTemplate" - aws-waf-webAclV2Global : "tmod:@turbot/aws-waf#/policy/types/webAclV2GlobalTagsTemplate" - aws-waf-webAclV2Regional : "tmod:@turbot/aws-waf#/policy/types/webAclV2RegionalTagsTemplate" - } -} diff --git a/baselines/todo_policy_packs/aws/aws_check_tagging/outputs.tf b/baselines/todo_policy_packs/aws/aws_check_tagging/outputs.tf deleted file mode 100644 index 57c5d3e66..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_tagging/outputs.tf +++ /dev/null @@ -1,19 +0,0 @@ -output "turbot_profile" { - value = var.turbot_profile -} - -output "smart_folder_name" { - value = var.smart_folder_name -} - -output "smart_folder_description" { - value = var.smart_folder_description -} - -output "smart_folder_parent_resource" { - value = var.smart_folder_parent_resource -} - -output "resource_tags" { - value = var.resource_tags -} \ No newline at end of file diff --git a/baselines/todo_policy_packs/aws/aws_check_tagging/providers.tf b/baselines/todo_policy_packs/aws/aws_check_tagging/providers.tf deleted file mode 100644 index 715fb0f92..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_tagging/providers.tf +++ /dev/null @@ -1,12 +0,0 @@ -terraform { - required_providers { - turbot = { - source = "turbot/turbot" - } - } - required_version = ">= 0.13" -} - -provider "turbot" { - profile = var.turbot_profile -} \ No newline at end of file diff --git a/baselines/todo_policy_packs/aws/aws_check_tagging/smart_folder.tf b/baselines/todo_policy_packs/aws/aws_check_tagging/smart_folder.tf deleted file mode 100644 index d8fd5b3a3..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_tagging/smart_folder.tf +++ /dev/null @@ -1,5 +0,0 @@ -resource "turbot_smart_folder" "aws_tagging" { - parent = var.smart_folder_parent_resource - title = var.smart_folder_name - description = var.smart_folder_description -} diff --git a/baselines/todo_policy_packs/aws/aws_check_tagging/variables.tf b/baselines/todo_policy_packs/aws/aws_check_tagging/variables.tf deleted file mode 100644 index 53e22684c..000000000 --- a/baselines/todo_policy_packs/aws/aws_check_tagging/variables.tf +++ /dev/null @@ -1,182 +0,0 @@ -# Baseline Configuration - -variable "resource_tags" { -description = < Make sure you have a [local directory user](https://turbot-dev.com/v5/docs/api/terraform/resources/turbot_local_directory_user) available. - -## Prerequisites - -To run the AWS Permission baseline, you must have: - - - [Terraform](https://www.terraform.io) Version 12 - - [Turbot Terraform Provider](https://github.com/turbotio/terraform-provider-turbot) - - [Credentials](https://turbot.com/v5/docs/reference/cli/installation#setup-your-turbot-credentials) Configured to connect to your Turbot workspace and AWS account - -## Running the Baseline - -To execute the AWS Permission baseline: - - - Go to the AWS permissions directory with `cd aws_permission` - - Update `default.tfvars` with appropriate values - - Run `terraform plan -var-file=default.tfvars` to review the plan for aws permissions - - Run `terraform apply -var-file=default.tfvars` to apply the changes \ No newline at end of file diff --git a/baselines/todo_policy_packs/aws/aws_permission/default.tfvars b/baselines/todo_policy_packs/aws/aws_permission/default.tfvars deleted file mode 100644 index f79a362d0..000000000 --- a/baselines/todo_policy_packs/aws/aws_permission/default.tfvars +++ /dev/null @@ -1,7 +0,0 @@ -local_directory_name = "" - -user_details = { - "" = "<(1)firstname lastname>" - "" = "<(2)firstname lastname>" -} -grant_scope_id = "tmod:@turbot/turbot#/" \ No newline at end of file diff --git a/baselines/todo_policy_packs/aws/aws_permission/main.tf b/baselines/todo_policy_packs/aws/aws_permission/main.tf deleted file mode 100644 index 79100a8ea..000000000 --- a/baselines/todo_policy_packs/aws/aws_permission/main.tf +++ /dev/null @@ -1,40 +0,0 @@ -resource "turbot_local_directory" "test_dir" { - parent = var.grant_scope_id - title = var.local_directory_name - description = "Enter the name for the local directory to be created:" - profile_id_template = "{{profile.email}}" -} - -resource "turbot_local_directory_user" "test_user" { - count = length(var.user_details) - title = var.user_details[keys(var.user_details)[count.index]] - email = keys(var.user_details)[count.index] - display_name = var.user_details[keys(var.user_details)[count.index]] - parent = turbot_local_directory.test_dir.id -} - -resource "turbot_profile" "test_user_profile" { - count = length(var.user_details) - title = turbot_local_directory_user.test_user[count.index].title - email = keys(var.user_details)[count.index] - status = "Active" - given_name = split(" ", var.user_details[keys(var.user_details)[count.index]])[0] - family_name = split(" ", var.user_details[keys(var.user_details)[count.index]])[1] - display_name = var.user_details[keys(var.user_details)[count.index]] - parent = turbot_local_directory.test_dir.id - profile_id = keys(var.user_details)[count.index] -} - -resource "turbot_grant" "test" { - count = length(var.user_details) - resource = var.grant_scope_id - type = "tmod:@turbot/aws#/permission/types/aws" - level = "tmod:@turbot/turbot-iam#/permission/levels/superuser" - identity = turbot_profile.test_user_profile[count.index].id -} - -resource "turbot_grant_activation" "activate_admin_grant" { - count = length(var.user_details) - resource = var.grant_scope_id - grant = turbot_grant.test[count.index].id -} diff --git a/baselines/todo_policy_packs/aws/aws_permission/variables.tf b/baselines/todo_policy_packs/aws/aws_permission/variables.tf deleted file mode 100644 index ff7a45d8d..000000000 --- a/baselines/todo_policy_packs/aws/aws_permission/variables.tf +++ /dev/null @@ -1,16 +0,0 @@ -variable "local_directory_name" { - description = "Enter the name for the local directory to be created:" - type = string -} - -variable "user_details" { - description = "Enter the user details (``=``):" - type = map(string) -} - -# It is the turbot id of turbot folder or resource. -# The Admin and Owner grants will be activated at this level -variable "grant_scope_id" { - type = string - default = "tmod:@turbot/turbot#/" -} diff --git a/baselines/todo_policy_packs/azure/azure-cis-v1-section5.2/README.md b/baselines/todo_policy_packs/azure/azure-cis-v1-section5.2/README.md deleted file mode 100644 index 393e01690..000000000 --- a/baselines/todo_policy_packs/azure/azure-cis-v1-section5.2/README.md +++ /dev/null @@ -1,54 +0,0 @@ -# Azure CIS V1 Section 5.2 Baseline - -This baseline applies the Azure CIS v1 section 5.2 recommended settings to Azure subscriptions - -## Prerequisites - -- Setup Turbot [credentials](https://turbot.com/v5/docs/reference/cli/installation#setup-your-turbot-credentials) -- Installed [Terraform](https://www.terraform.io/downloads.html) -- Installed [Turbot Terraform Provider](https://github.com/turbotio/terraform-provider-turbot) - -## Running the Baseline - -Scripts can be run in the folder that contains the script. - -### Configure the script - -Update default.tfvars or create a new Terraform configuration file. - -Variables that are exposed by this script are: - -- resource_group_name -- scopes - -Open the file `variables.tf` for further details. - -### Initialize Terraform - -If not previously run then initialize Terraform to get all necessary providers. - -Command: `terraform init` - -### Apply using default configuration - -If seeking to apply the configuration using the configuration file `defaults.tfvars`. - -Command: `terraform apply -var-file=default.tfvars` - -### Apply using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform apply -var-file=.tfvars` - -### Destroy using default configuration - -If seeking to apply the configuration using the configuration file `defaults.tfvars`. - -Command: `terraform destroy -var-file=default.tfvars` - -### Destroy using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform destroy -var-file=.tfvars` diff --git a/baselines/todo_policy_packs/azure/azure-cis-v1-section5.2/default.tfvars b/baselines/todo_policy_packs/azure/azure-cis-v1-section5.2/default.tfvars deleted file mode 100644 index 069c15282..000000000 --- a/baselines/todo_policy_packs/azure/azure-cis-v1-section5.2/default.tfvars +++ /dev/null @@ -1,10 +0,0 @@ -# Required - The resource_group_name where resources will be created -resource_group_name = "" -# Examples for resource_group_name: -# resource_group_name = "default_rg" -# resource_group_name = "turbot_rg" - -# Required - A list of scope -scopes = [""] -# Examples for resource_group_name: -# scopes = ["/subscriptions/85d03036-00bf-41c0-a45a-5e4c210d81b5"] diff --git a/baselines/todo_policy_packs/azure/azure-cis-v1-section5.2/main.tf b/baselines/todo_policy_packs/azure/azure-cis-v1-section5.2/main.tf deleted file mode 100644 index 4e2f659f6..000000000 --- a/baselines/todo_policy_packs/azure/azure-cis-v1-section5.2/main.tf +++ /dev/null @@ -1,130 +0,0 @@ -provider azurerm { - features {} -} - -# 5.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment (Scored) -resource "azurerm_monitor_activity_log_alert" "setting_5_2_1" { - name = "policy-alert" - resource_group_name = var.resource_group_name - scopes = var.scopes - description = "This alert will monitor all policy attachments" - - criteria { - operation_name = "Microsoft.Authorization/policyassignments/write" - resource_type = "microsoft.authorization/policyassignments" - resource_provider = "microsoft.authorization/policyassignments" - category = "Administrative" - } -} - -# 5.2.2 Ensure that Activity Log Alert exists for Create or Update Network Security Group (Scored) -resource "azurerm_monitor_activity_log_alert" "setting_5_2_2" { - name = "nsg-alert" - resource_group_name = var.resource_group_name - scopes = var.scopes - description = "This alert will monitor all nsgs" - - criteria { - operation_name = "Microsoft.Network/networkSecurityGroups/write" - resource_type = "microsoft.network/networksecuritygroups" - category = "Administrative" - } -} - -# 5.2.3 Ensure that Activity Log Alert exists for Delete Network Security Group (Scored) -resource "azurerm_monitor_activity_log_alert" "setting_5_2_3" { - name = "nsg-delete-alert" - resource_group_name = var.resource_group_name - scopes = var.scopes - description = "This alert will monitor all nsgs" - - criteria { - operation_name = "Microsoft.Network/networkSecurityGroups/delete" - resource_type = "microsoft.network/networksecuritygroups" - category = "Administrative" - } -} - -# 5.2.4 Ensure that Activity Log Alert exists for Create or Update Network Security Group Rule (Scored) -resource "azurerm_monitor_activity_log_alert" "setting_5_2_4" { - name = "nsg-rules-alert" - resource_group_name = var.resource_group_name - scopes = var.scopes - description = "This alert will monitor all nsgs" - - criteria { - operation_name = "Microsoft.Network/networkSecurityGroups/securityRules/write" - resource_type = "microsoft.network/networkSecurityGroups/securityRules" - category = "Administrative" - } -} - -# 5.2.5 Ensure that activity log alert exists for the Delete Network Security Group Rule (Scored) -resource "azurerm_monitor_activity_log_alert" "setting_5_2_5" { - name = "nsg-rules-delete-alert" - resource_group_name = var.resource_group_name - scopes = var.scopes - description = "This alert will monitor all nsgs" - - criteria { - operation_name = "Microsoft.Network/networkSecurityGroups/securityRules/delete" - resource_type = "microsoft.network/networkSecurityGroups/securityRules" - category = "Administrative" - } -} - -# 5.2.6 Ensure that Activity Log Alert exists for Create or Update Security Solution (Scored) -resource "azurerm_monitor_activity_log_alert" "setting_5_2_6" { - name = "security-solutions-alert" - resource_group_name = var.resource_group_name - scopes = var.scopes - description = "This alert will monitor all nsgs" - - criteria { - operation_name = "Microsoft.Security/securitySolutions/write" - resource_type = "microsoft.security/securitySolutions" - category = "Administrative" - } -} - -# 5.2.7 Ensure that Activity Log Alert exists for Delete Security Solution (Scored) -resource "azurerm_monitor_activity_log_alert" "setting_5_2_7" { - name = "security-solutions-delete-alert" - resource_group_name = var.resource_group_name - scopes = var.scopes - description = "This alert will monitor all nsgs" - - criteria { - operation_name = "Microsoft.Security/securitySolutions/delete" - resource_type = "microsoft.security/securitySolutions" - category = "Administrative" - } -} - -# 5.2.8 Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall Rule (Scored) -resource "azurerm_monitor_activity_log_alert" "setting_5_2_8" { - name = "sql-servers-firewall-rules-alert" - resource_group_name = var.resource_group_name - scopes = var.scopes - description = "This alert will monitor all nsgs" - - criteria { - operation_name = "Microsoft.Sql/servers/firewallRules/write" - resource_type = "microsoft.sql/servers/firewallRules" - category = "Administrative" - } -} - -# 5.2.9 Ensure that Activity Log Alert exists for Update Security Policy (Scored) -resource "azurerm_monitor_activity_log_alert" "setting_5_2_9" { - name = "security-policies-alert" - resource_group_name = var.resource_group_name - scopes = var.scopes - description = "This alert will monitor all nsgs" - - criteria { - operation_name = "Microsoft.Security/policies/write" - resource_type = "microsoft.security/policies" - category = "Administrative" - } -} diff --git a/baselines/todo_policy_packs/azure/azure-cis-v1-section5.2/variables.tf b/baselines/todo_policy_packs/azure/azure-cis-v1-section5.2/variables.tf deleted file mode 100644 index bd4289638..000000000 --- a/baselines/todo_policy_packs/azure/azure-cis-v1-section5.2/variables.tf +++ /dev/null @@ -1,9 +0,0 @@ -variable "resource_group_name" { - description = "Enter the resource_group_name where resources will be created" - type = string -} - -variable "scopes" { - description = "Enter a list of scope" - type = list(string) -} diff --git a/baselines/todo_policy_packs/azure/azure-cis-v1/README.md b/baselines/todo_policy_packs/azure/azure-cis-v1/README.md deleted file mode 100644 index 2bf12fba1..000000000 --- a/baselines/todo_policy_packs/azure/azure-cis-v1/README.md +++ /dev/null @@ -1,56 +0,0 @@ -# Azure CIS V1 Baseline - -Turbot CIS V1 baseline to configure CIS policies centrally. - -## Prerequisites - -- Setup Turbot [credentials](https://turbot.com/v5/docs/reference/cli/installation#setup-your-turbot-credentials) -- Installed [Terraform](https://www.terraform.io/downloads.html) -- Installed [Turbot Terraform Provider](https://github.com/turbotio/terraform-provider-turbot) - -## Running the Baseline - -Scripts can be run in the folder that contains the script. - -### Configure the script - -Update default.tfvars or create a new Terraform configuration file. - -Variables that are exposed by this script are: - -- target_resource -- smart_folder_title -- folder_parent (Optional) -- cis_policy_setting (Optional) - -Open the file `variables.tf` for further details. - -### Initialize Terraform - -If not previously run then initialize Terraform to get all necessary providers. - -Command: `terraform init` - -### Apply using default configuration - -If seeking to apply the configuration using the configuration file `defaults.tfvars`. - -Command: `terraform apply -var-file=default.tfvars` - -### Apply using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform apply -var-file=.tfvars` - -### Destroy using default configuration - -If seeking to apply the configuration using the configuration file `defaults.tfvars`. - -Command: `terraform destroy -var-file=default.tfvars` - -### Destroy using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform destroy -var-file=.tfvars` diff --git a/baselines/todo_policy_packs/azure/azure-cis-v1/default.tfvars b/baselines/todo_policy_packs/azure/azure-cis-v1/default.tfvars deleted file mode 100644 index f62a72bc4..000000000 --- a/baselines/todo_policy_packs/azure/azure-cis-v1/default.tfvars +++ /dev/null @@ -1,14 +0,0 @@ -target_resource = "" -# Examples for target_resource -# target_resource = "tmod:@turbot/turbot#/" -# target_resource = "187486019045335" - -smart_folder_title = "" - -# Optional - leaving unchanged will default to the Turbot level -# folder_parent = "" - -# Optional - leaving unchanged will use the default map which will set the controls to Skip -# cis_policy_setting = { -# r0104 = "Per AZURE > CIS v1 using attestation" -# } diff --git a/baselines/todo_policy_packs/azure/azure-cis-v1/main.tf b/baselines/todo_policy_packs/azure/azure-cis-v1/main.tf deleted file mode 100644 index 0fa7f7c09..000000000 --- a/baselines/todo_policy_packs/azure/azure-cis-v1/main.tf +++ /dev/null @@ -1,17 +0,0 @@ -resource "turbot_smart_folder" "azure_folder" { - parent = var.folder_parent - title = var.smart_folder_title - description = "Folder to import the Azure Subscription:" -} - -resource "turbot_smart_folder_attachment" "azure_folder" { - resource = var.target_resource - smart_folder = turbot_smart_folder.azure_folder.id -} - -resource "turbot_policy_setting" "cis_policies" { - count = length(var.cis_policy_setting) - resource = turbot_smart_folder.azure_folder.id - type = "tmod:@turbot/azure-cisv1#/policy/types/${element(keys(var.cis_policy_setting), count.index)}" - value = lookup(var.cis_policy_setting, "${element(keys(var.cis_policy_setting), count.index)}") -} diff --git a/baselines/todo_policy_packs/azure/azure-cis-v1/variables.tf b/baselines/todo_policy_packs/azure/azure-cis-v1/variables.tf deleted file mode 100644 index e22a8de1a..000000000 --- a/baselines/todo_policy_packs/azure/azure-cis-v1/variables.tf +++ /dev/null @@ -1,130 +0,0 @@ -variable "target_resource" { - description = "Enter a target_resource to set the policies on a specific resource. This can be an AKA or resource id:" - type = string -} - -# The title of the smart folder -variable "smart_folder_title" { - description = "Folder to import the Azure Subscription:" - type = string -} - -# Defaults to the Turbot Resource level using the AKA which identifies the Turbot level. -variable "folder_parent" { - type = string - default = "tmod:@turbot/turbot#/" -} - -# Configure the value for the CIS policy. Depending on the policy there are a varying acceptable values. -variable "cis_policy_setting" { - description = "Choose the subset of CIS policies that should be configured. For possible values, you can use the GraphQL query `list-cis-policy-types-by-cloud-provider.graphql`" - type = map - - default = { - r0104 = "Per AZURE > CIS v1 using attestation" - r0105 = "Per AZURE > CIS v1 using attestation" - r0106 = "Per AZURE > CIS v1 using attestation" - r0107 = "Per AZURE > CIS v1 using attestation" - r0108 = "Per AZURE > CIS v1 using attestation" - r0109 = "Per AZURE > CIS v1 using attestation" - r0110 = "Per AZURE > CIS v1 using attestation" - r0111 = "Per AZURE > CIS v1 using attestation" - r0112 = "Per AZURE > CIS v1 using attestation" - r0113 = "Per AZURE > CIS v1 using attestation" - r0114 = "Per AZURE > CIS v1 using attestation" - r0115 = "Per AZURE > CIS v1 using attestation" - r0116 = "Per AZURE > CIS v1 using attestation" - r0117 = "Per AZURE > CIS v1 using attestation" - r0118 = "Per AZURE > CIS v1 using attestation" - r0119 = "Per AZURE > CIS v1 using attestation" - r0120 = "Per AZURE > CIS v1 using attestation" - r0121 = "Per AZURE > CIS v1 using attestation" - r0122 = "Per AZURE > CIS v1 using attestation" - r0201 = "Per Azure > CIS v1" - r0202 = "Per Azure > CIS v1" - r0203 = "Per Azure > CIS v1" - r0204 = "Per Azure > CIS v1" - r0205 = "Per Azure > CIS v1" - r0206 = "Per Azure > CIS v1" - r0207 = "Per Azure > CIS v1" - r0208 = "Per Azure > CIS v1" - r0209 = "Per Azure > CIS v1" - r0210 = "Per Azure > CIS v1" - r0211 = "Per Azure > CIS v1" - r0212 = "Per Azure > CIS v1" - r0213 = "Per Azure > CIS v1" - r0214 = "Per Azure > CIS v1" - r0215 = "Per Azure > CIS v1" - r0216 = "Per Azure > CIS v1" - r0217 = "Per Azure > CIS v1" - r0218 = "Per Azure > CIS v1" - r0219 = "Per Azure > CIS v1" - r0301 = "Per AZURE > CIS v1" - r0302 = "Per AZURE > CIS v1 using attestation" - r0303 = "Per Azure > CIS v1" - r0304 = "Per AZURE > CIS v1 using attestation" - r0305 = "Per AZURE > CIS v1 using attestation" - r0306 = "Per AZURE > CIS v1" - r0307 = "Per AZURE > CIS v1" - r0308 = "Per AZURE > CIS v1" - r0401 = "Per AZURE > CIS v1" - r0402 = "Per Azure > CIS v1" - r0403 = "Per AZURE > CIS v1" - r0404 = "Per AZURE > CIS v1" - r0405 = "Per Azure > CIS v1" - r0406 = "Per Azure > CIS v1" - r0407 = "Per AZURE > CIS v1" - r0408 = "Per Azure > CIS v1" - r0409 = "Per AZURE > CIS v1" - r0410 = "Per AZURE > CIS v1" - r0411 = "Per AZURE > CIS v1" - r0412 = "Per Azure > CIS v1" - r0413 = "Per AZURE > CIS v1" - r0414 = "Per Azure > CIS v1" - r0415 = "Per Azure > CIS v1" - r0416 = "Per Azure > CIS v1" - r0417 = "Per Azure > CIS v1" - r0418 = "Per Azure > CIS v1" - r050101 = "Per Azure > CIS v1" - r050102 = "Per Azure > CIS v1" - r050103 = "Per Azure > CIS v1" - r050104 = "Per Azure > CIS v1" - r050105 = "Per Azure > CIS v1" - r050106 = "Per Azure > CIS v1" - r050107 = "Per Azure > CIS v1" - r050201 = "Per Azure > CIS v1" - r050202 = "Per Azure > CIS v1" - r050203 = "Per Azure > CIS v1" - r050204 = "Per Azure > CIS v1" - r050205 = "Per Azure > CIS v1" - r050206 = "Per Azure > CIS v1" - r050207 = "Per Azure > CIS v1" - r050208 = "Per Azure > CIS v1" - r050209 = "Per Azure > CIS v1" - r0601 = "Per Azure > CIS v1" - r0602 = "Per Azure > CIS v1" - r0603 = "Per Azure > CIS v1" - r0604 = "Per Azure > CIS v1" - r0605 = "Per Azure > CIS v1" - r0701 = "Per Azure > CIS v1" - r0702 = "Per Azure > CIS v1" - r0703 = "Per Azure > CIS v1" - r0704 = "Per AZURE > CIS v1 using attestation" - r0705 = "Per AZURE > CIS v1 using attestation" - r0706 = "Per AZURE > CIS v1 using attestation" - r0801 = "Per Azure > CIS v1" - r0802 = "Per Azure > CIS v1" - r0803 = "Per AZURE > CIS v1 using attestation" - r0804 = "Per Azure > CIS v1" - r0805 = "Per AZURE > CIS v1" - r0901 = "Per AZURE > CIS v1" - r0902 = "Per AZURE > CIS v1" - r0903 = "Per AZURE > CIS v1" - r0904 = "Per AZURE > CIS v1" - r0905 = "Per Azure > CIS v1" - r0906 = "Per Azure > CIS v1" - r0907 = "Per Azure > CIS v1" - r0909 = "Per Azure > CIS v1" - r0910 = "Per AZURE > CIS v1" - } -} diff --git a/baselines/todo_policy_packs/azure/azure_active_directory_import/README.md b/baselines/todo_policy_packs/azure/azure_active_directory_import/README.md deleted file mode 100644 index b2a86672c..000000000 --- a/baselines/todo_policy_packs/azure/azure_active_directory_import/README.md +++ /dev/null @@ -1,61 +0,0 @@ -# Azure Active Directory Import Baseline - -The Azure active directory import baseline terraform configuration lets you import an Azure active directory into your turbot environment, with the necessary roles and permissions. - -## Prerequisites - -To run the Azure active directory import baseline, you must have: - -- [Terraform](https://www.terraform.io) Version 12 -- Terraform [Azure Provider](https://www.terraform.io/docs/providers/azurerm/index.html) -- [Turbot Terraform Provider](https://github.com/turbotio/terraform-provider-turbot) -- [Credentials](https://turbot.com/v5/docs/reference/cli/installation#setup-your-turbot-credentials) Configured to connect to your Turbot workspace - -## Running the Baseline - -Scripts can be run in the folder that contains the script. - -### Configure the script - -Update default.tfvars or create a new Terraform configuration file. - -Variables that are exposed by this script are: - -- azure_active_directory_id -- parent_resource -- azure_environment_type -- azure_client_id -- azure_tenant_id -- azure_client_secret - -Open the file `variables.tf` for further details. - -### Initialize Terraform - -If not previously run then initialize Terraform to get all necessary providers. - -Command: `terraform init` - -### Apply using default configuration - -If seeking to apply the configuration using the configuration file `defaults.tfvars`. - -Command: `terraform apply -var-file="default.tfvars"` - -### Apply using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform apply -var-file=.tfvars` - -### Destroy using default configuration - -If seeking to apply the configuration using the configuration file `defaults.tfvars`. - -Command: `terraform destroy -var-file=default.tfvars` - -### Destroy using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform destroy -var-file=.tfvars` diff --git a/baselines/todo_policy_packs/azure/azure_active_directory_import/default.tfvars b/baselines/todo_policy_packs/azure/azure_active_directory_import/default.tfvars deleted file mode 100644 index 930ea63a0..000000000 --- a/baselines/todo_policy_packs/azure/azure_active_directory_import/default.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -azure_environment_type = "" - -azure_active_directory_id = "" - -parent_resource = "<15 digit tubot folder id under which the azure active directory to be imported>" - -azure_client_id = "" - -azure_tenant_id = "" - -azure_client_secret = "" \ No newline at end of file diff --git a/baselines/todo_policy_packs/azure/azure_active_directory_import/main.tf b/baselines/todo_policy_packs/azure/azure_active_directory_import/main.tf deleted file mode 100644 index 54d1b2ab3..000000000 --- a/baselines/todo_policy_packs/azure/azure_active_directory_import/main.tf +++ /dev/null @@ -1,51 +0,0 @@ -provider azurerm { - version = "=2.0.0" - features {} - active_directory_id = var.azure_active_directory_id - client_id = var.azure_client_id - environment = "public" - tenant_id = var.azure_tenant_id - client_secret = var.azure_client_secret -} - -# Create the Azure > Active Directory resource in Turbot -resource "turbot_resource" "active_directory_resource" { - parent = var.parent_resource - type = "tmod:@turbot/azure-activedirectory#/resource/types/directory" - akas = ["azure:///directory/${var.azure_active_directory_id}"] - metadata = jsonencode({ - "azure" : { - "tenantId" : "${var.azure_tenant_id}" - } - }) - data = jsonencode({ - "id" : "${var.azure_active_directory_id}" - "tenantId": "${var.azure_tenant_id}" - }) -} - -# Set the credentials for the Active Directory via Turbot policies - -resource "turbot_policy_setting" "environment" { - resource = turbot_resource.active_directory_resource.id - type = "tmod:@turbot/azure#/policy/types/environment" - value = var.azure_environment_type -} - -resource "turbot_policy_setting" "clientKey" { - resource = turbot_resource.active_directory_resource.id - type = "tmod:@turbot/azure#/policy/types/clientKey" - value = var.azure_client_secret -} - -resource "turbot_policy_setting" "clientId" { - resource = turbot_resource.active_directory_resource.id - type = "tmod:@turbot/azure#/policy/types/clientId" - value = var.azure_client_id -} - -resource "turbot_policy_setting" "tenantId" { - resource = turbot_resource.active_directory_resource.id - type = "tmod:@turbot/azure#/policy/types/tenantId" - value = var.azure_tenant_id -} diff --git a/baselines/todo_policy_packs/azure/azure_active_directory_import/variables.tf b/baselines/todo_policy_packs/azure/azure_active_directory_import/variables.tf deleted file mode 100644 index 9ee3085f1..000000000 --- a/baselines/todo_policy_packs/azure/azure_active_directory_import/variables.tf +++ /dev/null @@ -1,29 +0,0 @@ -variable "azure_active_directory_id" { - description = "Enter the Azure Active Directory ID that you wish to import: " - type = string -} - -variable "parent_resource" { - description = "Enter the Turbot Resource ID for the folder into which to import the active directory:" - type = string -} - -variable "azure_environment_type" { - description = "Enter the Azure Active Directory environment type ('Global Cloud' or 'US Government'):" - type = string -} - -variable "azure_client_id" { - description = "Enter the Azure Client ID: " - type = string -} - -variable "azure_tenant_id" { - description = "Enter the Azure Tenant ID: " - type = string -} - -variable "azure_client_secret" { - description = "Enter the Azure Client Secret Key: " - type = string -} diff --git a/baselines/todo_policy_packs/azure/azure_baseline/README.md b/baselines/todo_policy_packs/azure/azure_baseline/README.md deleted file mode 100644 index 46eba75cc..000000000 --- a/baselines/todo_policy_packs/azure/azure_baseline/README.md +++ /dev/null @@ -1,152 +0,0 @@ -# Baseline - Azure Baseline Policies - -Azure Baseline Policies focuses on base minimum set of example policies & services to start with. - -This baseline turns on Azure services that are provided by an input variable file. -If none are provided then all services will be enabled. -Enabling / disabling a service consists of enabling / disabling the service and API access to that service. -The variable to use is `service_status`. - -The baseline will configure GCP to use polling unless specified to use event handling in the input variable file. -The variable to use is `use_event_polling`. - -Additionally the baseline will enable CIS and set attestation of CIS to be a year. -Currently there is no variable to control this behavior. - -## Important - -Running the baseline without an input variable file assumes that you have **ALL** GCP mods installed. -To limit the baseline, look at the example input variable file [demo.tfvars](demo.tfvars). - -## Overview - -Baseline policies are initial set of policies recommended to start with while using Turbot. These policies mostly focuses on enabling services, frequently used policies to run in check mode & enabling security features such as various encryption standards. Baseline TF scripts allows you to toggle the value to apply or ignore. See the below sections for more information. - -Some of these policies overlap with other set of baselines. Hence Turbot provided set of baseline TF files are executed in separate [Smart Folder](https://turbot.com/v5/docs/getting-started/smart_folder). The advantage of setting up of each baseline in their own Smart Folder prevents conflicting with the policy settings created by other baseline scripts. - -This baseline will not attach to a resource by default. This needs to be done manually using the Turbot UI. - -## Requirements - -- Terraform v0.13 or greater installed -- Valid Turbot configuration credentials - -For further information on configuring Turbot credentials can be found [here](https://turbot.com/v5/docs/reference/cli/installation#setup-your-turbot-credentials). - -## Applying baseline - -The baseline is defined by a set of files which together define the configuration of the baseline. - -### Initialize baseline - -If not previously run, Initialize Terraform to get all necessary providers for the baseline. - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform init - ``` -### Profile name as input - -The baseline example set requires you to provide `turbot_profile` name as input. This is to help in case you are having more profiles than only `default`. In case it's default, specify name as default. - -```shell -var.turbot_profile - Enter profile matching your turbot cli credentials. - Enter a value: -``` - -### Deploying demo example - -1. Navigate to the folder of the baseline -2. Initialize Terraform -3. Apply the baseline using the demo input variable file [demo.tfvars](demo.tfvars) - -On the terminal this will look like: - -```shell -cd -terraform init -terraform apply --var-file demo.tfvars -``` -`Prefer this baseline script to run with demo.tfvar file to avoid providing provider_status, provider_registration_map, enabled_policy_map` - -**Note** -- Most of the variables in demo.tfvars are marked as `false`, as they are not part of required initial policies. This can be made `true` based on need. - -- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default variable file. - -### Input variable files - -Input variable files allow for the user to configure configuration definitions for multiple environments in different files. - -This baseline comes with an example input variable file called [demo.tfvars](demo.tfvars). - -It will be used to define which parts of the baseline to apply and which to ignore. - -The variables that can be overwritten by the input variable files i.e. [demo.tfvars](demo.tfvars) are defined in the [variables.tf](variables.tf) file. - -Further details found in official [Terraform documentation](https://www.terraform.io/docs/language/values/variables.html). - -### Apply baseline using input variable files - -If seeking to apply the baseline using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform apply --var-file=demo.tfvars - ``` -### Apply baseline without input variable file - -The baseline can be applied without an input variable file. - -1. By this time Terraform initialization is done as mentioned above. -3. Prefer to check the outcome by running the Terraform plan -3. Apply the Terraform -4. Run the command: - -```shell -cd -terraform plan -terraform apply -``` - -`This may prompt the user applying the baseline to enter values for variables that do not have default values.` - -### Destroy baseline without input variable file - -If seeking to apply the baseline without using an input variable file. - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform destroy - ``` - -### Destroy using input variable files - -If seeking to destoy the baseline configuration using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform destroy --var-file=demo.tfvars - ``` - -## Commenting strategy - -All Turbot policies used by the baselines will have a link to the official Turbot Mods documentation. - -Opening the links will give you further details about: - -- The purpose of the policy -- Policy URI name -- Parent information -- Category information -- Target information -- All valid values diff --git a/baselines/todo_policy_packs/azure/azure_baseline/azure_provider_enable.tf b/baselines/todo_policy_packs/azure/azure_baseline/azure_provider_enable.tf deleted file mode 100644 index 49ef5085d..000000000 --- a/baselines/todo_policy_packs/azure/azure_baseline/azure_provider_enable.tf +++ /dev/null @@ -1,9 +0,0 @@ -# Enable all Azure Services Providers within the Variables file -# More Info: https://turbot.com/v5/docs/integrations/azure/services#registering-service-providers - -resource "turbot_policy_setting" "provider_registration_enable" { - for_each = var.provider_status - resource = turbot_smart_folder.azure_baseline.id - type = var.provider_registration_map[each.key] - value = each.value -} \ No newline at end of file diff --git a/baselines/todo_policy_packs/azure/azure_baseline/azure_service_enable.tf b/baselines/todo_policy_packs/azure/azure_baseline/azure_service_enable.tf deleted file mode 100644 index 1cdf9c415..000000000 --- a/baselines/todo_policy_packs/azure/azure_baseline/azure_service_enable.tf +++ /dev/null @@ -1,10 +0,0 @@ -# Enable all Azure Services within the Variables file -# More Info: https://turbot.com/v5/docs/integrations/azure/services#enabling-services - -#Loop through var.service_status and set enable policies -resource "turbot_policy_setting" "azure_enable" { - for_each = var.enabled_policy_map - resource = turbot_smart_folder.azure_baseline.id - type = "tmod:@turbot/${each.key}#/policy/types/${each.value}" - value = "Enabled" -} diff --git a/baselines/todo_policy_packs/azure/azure_baseline/demo.tfvars b/baselines/todo_policy_packs/azure/azure_baseline/demo.tfvars deleted file mode 100644 index 12c59bfdf..000000000 --- a/baselines/todo_policy_packs/azure/azure_baseline/demo.tfvars +++ /dev/null @@ -1,90 +0,0 @@ -# List of services and providers to set as Enabled -# Enabling all by default, can comment out the providers and services to reduce scope -# Make sure you have the mods installed if enabling / registering. The default mod install baseline assumes all - -# For Providers, change the options per service; assuming enforce to ensure API access is possible: - # "Skip" - # "Check: Not Registered" - # "Check: Registered" - # "Enforce: Not Registered" - # "Enforce: Registered" - -provider_status = { - ApiManagement = "Enforce: Registered" - Compute = "Enforce: Registered" - ContainerService = "Enforce: Registered" - Databricks = "Enforce: Registered" - DataFactory = "Enforce: Registered" - DBforMySQL = "Enforce: Registered" - DBforPostgreSQL = "Enforce: Registered" - DocumentDB = "Enforce: Registered" - DomainRegistration = "Enforce: Registered" - Insights = "Enforce: Registered" - KeyVault = "Enforce: Registered" - Network = "Enforce: Registered" - OperationalInsights = "Enforce: Registered" - RecoveryServices = "Enforce: Registered" - Resources = "Enforce: Registered" - Search = "Enforce: Registered" - Security = "Enforce: Registered" - ServiceBus = "Enforce: Registered" - Sql = "Enforce: Registered" - Storage = "Enforce: Registered" - Synapse = "Enforce: Registered" - Web = "Enforce: Registered" -} - -provider_registration_map = { - ApiManagement = "tmod:@turbot/azure-provider#/policy/types/apiManagementRegistered" - Compute = "tmod:@turbot/azure-provider#/policy/types/computeRegistered" - ContainerService = "tmod:@turbot/azure-provider#/policy/types/containerServiceRegistered" - Databricks = "tmod:@turbot/azure-provider#/policy/types/databricksRegistered" - DataFactory = "tmod:@turbot/azure-provider#/policy/types/dataFactoryRegistered" - DBforMySQL = "tmod:@turbot/azure-provider#/policy/types/dbforMySqlRegistered" - DBforPostgreSQL = "tmod:@turbot/azure-provider#/policy/types/dbForPostgreSqlRegistered" - DocumentDB = "tmod:@turbot/azure-provider#/policy/types/documentDbRegistered" - DomainRegistration = "tmod:@turbot/azure-provider#/policy/types/domainRegistrationRegistered" - Insights = "tmod:@turbot/azure-provider#/policy/types/insightsRegistered" - KeyVault = "tmod:@turbot/azure-provider#/policy/types/keyVaultRegistered" - Network = "tmod:@turbot/azure-provider#/policy/types/networkRegistered" - OperationalInsights = "tmod:@turbot/azure-provider#/policy/types/operationalInsightsRegistered" - RecoveryServices = "tmod:@turbot/azure-provider#/policy/types/recoveryServicesRegistered" - Resources = "tmod:@turbot/azure-provider#/policy/types/resourcesRegistered" - Search = "tmod:@turbot/azure-provider#/policy/types/searchRegistered" - Security = "tmod:@turbot/azure-provider#/policy/types/securityRegistered" - Sql = "tmod:@turbot/azure-provider#/policy/types/sqlRegistered" - ServiceBus = "tmod:@turbot/azure-provider#/policy/types/serviceBusRegistered" - Storage = "tmod:@turbot/azure-provider#/policy/types/storageRegistered" - Synapse = "tmod:@turbot/azure-provider#/policy/types/synapseRegistered" - Web = "tmod:@turbot/azure-provider#/policy/types/webRegistered" -} - -enabled_policy_map = { - azure-aks = "aksEnabled" - azure-apimanagement = "apiManagementEnabled" - azure-applicationgateway = "applicationGatewayServiceEnabled" - azure-applicationinsights = "applicationInsightsEnabled" - azure-appservice = "appServiceEnabled" - azure-compute = "computeEnabled" - azure-cosmosdb = "cosmosDbEnabled" - azure-databricks = "databricksEnabled" - azure-datafactory = "dataFactoryEnabled" - azure-dns = "dnsEnabled" - azure-firewall = "firewallServiceEnabled" - azure-frontdoorservice = "frontDoorServiceEnabled" - azure-iam = "iamEnabled" - azure-keyvault = "keyVaultEnabled" - azure-loadbalancer = "loadBalancerServiceEnabled" - azure-loganalytics = "logAnalyticsEnabled" - azure-monitor = "monitorEnabled" - azure-mysql = "mySqlEnabled" - azure-network = "networkEnabled" - azure-networkwatcher = "networkWatcherServiceEnabled" - azure-postgresql = "postgreSqlEnabled" - azure-recoveryservice = "recoveryServiceEnabled" - azure-searchmanagement = "searchManagementEnabled" - azure-securitycenter = "securityCenterServiceEnabled" - azure-sql = "sqlEnabled" - azure-storage = "storageEnabled" - azure-synapseanalytics = "synapseAnalyticsEnabled" -} diff --git a/baselines/todo_policy_packs/azure/azure_baseline/enable_cis.tf b/baselines/todo_policy_packs/azure/azure_baseline/enable_cis.tf deleted file mode 100644 index 40b51cecd..000000000 --- a/baselines/todo_policy_packs/azure/azure_baseline/enable_cis.tf +++ /dev/null @@ -1,31 +0,0 @@ -# Enabled CIS Checks and setting the default attestation to 1 year - -# Azure > CIS v1 -# https://turbot.com/v5/mods/turbot/azure-cisv1/inspect#/policy/types/cis -resource "turbot_policy_setting" "enable_cis_checks" { - count = var.enable_cis_checks_policies ? 1 : 0 - resource = turbot_smart_folder.azure_baseline.id - type = "tmod:@turbot/azure-cisv1#/policy/types/cis" - value = "Check: Level 1 & Level 2 (Scored)" - # Skip - # Check: Level 1 (Scored) - # Check: Level 1 (Scored & Not Scored) - # Check: Level 1 & Level 2 (Scored) - # Check: Level 1 & Level 2 (Scored & Not Scored) -} - -# Azure > CIS v1 > Maximum Attestation Duration -# https://turbot.com/v5/mods/turbot/azure-cisv1/inspect#/policy/types/attestation -resource "turbot_policy_setting" "azure_cis_max_attestation_period" { - count = var.enable_azure_cis_max_attestation_period_policies ? 1 : 0 - resource = turbot_smart_folder.azure_baseline.id - type = "tmod:@turbot/azure-cisv1#/policy/types/attestation" - value = "1 year" - # Skip - # 30 days - # 60 days - # 90 days - # 1 year - # 2 years - # 3 years -} diff --git a/baselines/todo_policy_packs/azure/azure_baseline/event_polling.tf b/baselines/todo_policy_packs/azure/azure_baseline/event_polling.tf deleted file mode 100644 index e5aa820e1..000000000 --- a/baselines/todo_policy_packs/azure/azure_baseline/event_polling.tf +++ /dev/null @@ -1,30 +0,0 @@ -# Create Event Pollers per subscription -# Note: You can consider event handlers, however for getting started, event pollers are the simplest setup -# More Info: https://turbot.com/v5/docs/integrations/azure/real-time-events/event-pollers - -# Azure > Turbot > Event Poller -# https://turbot.com/v5/mods/turbot/azure/inspect#/policy/types/eventPoller -resource "turbot_policy_setting" "azure_event_polling" { - count = var.enable_azure_event_polling ? 1 : 0 - resource = turbot_smart_folder.azure_baseline.id - type = "tmod:@turbot/azure#/policy/types/eventPoller" - value = "Enabled" -} - -# Azure > Turbot > Event Poller > Interval -# https://turbot.com/v5/mods/turbot/azure/inspect#/policy/types/eventPollerInterval -resource "turbot_policy_setting" "azure_event_polling_interval" { - count = var.enable_azure_event_polling_interval ? 1 : 0 - resource = turbot_smart_folder.azure_baseline.id - type = "tmod:@turbot/azure#/policy/types/eventPollerInterval" - value = "Every 1 minute" -} - -# Azure > Turbot > Event Poller > Window -# https://turbot.com/v5/mods/turbot/azure/inspect#/policy/types/eventPollerWindow -resource "turbot_policy_setting" "azure_event_polling_window" { - count = var.enable_azure_event_polling_window ? 1 : 0 - resource = turbot_smart_folder.azure_baseline.id - type = "tmod:@turbot/azure#/policy/types/eventPollerWindow" - value = "10 minutes" -} diff --git a/baselines/todo_policy_packs/azure/azure_baseline/outputs.tf b/baselines/todo_policy_packs/azure/azure_baseline/outputs.tf deleted file mode 100644 index 0fd12c7eb..000000000 --- a/baselines/todo_policy_packs/azure/azure_baseline/outputs.tf +++ /dev/null @@ -1,47 +0,0 @@ -output "provider_status" { - value = var.provider_status -} - -output "provider_registration_map" { - value = var.provider_registration_map -} - -output "enabled_policy_map" { - value = var.enabled_policy_map -} - -output "turbot_profile" { - value = var.turbot_profile -} - -output "smart_folder_name" { - value = var.smart_folder_name -} - -output "smart_folder_description" { - value = var.smart_folder_description -} - -output "smart_folder_parent_resource" { - value = var.smart_folder_parent_resource -} - -output "enable_cis_checks_policies" { - value = var.enable_cis_checks_policies -} - -output "enable_azure_cis_max_attestation_period_policies" { - value = var.enable_azure_cis_max_attestation_period_policies -} - -output "enable_azure_event_polling" { - value = var.enable_azure_event_polling -} - -output "enable_azure_event_polling_interval" { - value = var.enable_azure_event_polling_interval -} - -output "enable_azure_event_polling_window" { - value = var.enable_azure_event_polling_window -} \ No newline at end of file diff --git a/baselines/todo_policy_packs/azure/azure_baseline/providers.tf b/baselines/todo_policy_packs/azure/azure_baseline/providers.tf deleted file mode 100644 index 0353d61cb..000000000 --- a/baselines/todo_policy_packs/azure/azure_baseline/providers.tf +++ /dev/null @@ -1,12 +0,0 @@ -terraform { - required_providers { - turbot = { - source = "turbot/turbot" - } - } - required_version = ">= 0.13" -} - -provider "turbot" { - profile = var.turbot_profile -} diff --git a/baselines/todo_policy_packs/azure/azure_baseline/smart_folder.tf b/baselines/todo_policy_packs/azure/azure_baseline/smart_folder.tf deleted file mode 100644 index c77ad691c..000000000 --- a/baselines/todo_policy_packs/azure/azure_baseline/smart_folder.tf +++ /dev/null @@ -1,5 +0,0 @@ -resource "turbot_smart_folder" "azure_baseline" { - parent = var.smart_folder_parent_resource - title = var.smart_folder_name - description = var.smart_folder_description -} diff --git a/baselines/todo_policy_packs/azure/azure_baseline/variables.tf b/baselines/todo_policy_packs/azure/azure_baseline/variables.tf deleted file mode 100644 index f94fdc89b..000000000 --- a/baselines/todo_policy_packs/azure/azure_baseline/variables.tf +++ /dev/null @@ -1,70 +0,0 @@ -# Baseline Configuration - -variable "provider_status" { - description = "Choose the subset of providers that should be configured. Possible values for each service are: [\"Skip\", \"Check: Not Registered\", \"Check: Registered\", \"Enforce: Not Registered\", \"Enforce: Registered\"]" - type = map -} - -variable "provider_registration_map" { - description = "A map of all the registered policies currently exposed by Turbot" - type = map -} - -variable "enabled_policy_map" { - description = "Enter the list of services that you would like to Enable" - type = map -} - -variable "enable_cis_checks_policies" { - type = bool - description = "Enable the Azure CIS check policies for baseline" - default = true -} - -variable "enable_azure_cis_max_attestation_period_policies" { - type = bool - description = "Enable the Azure CIS Max Attestation policies for baseline" - default = true -} - -variable "enable_azure_event_polling" { - type = bool - description = "Enable the Azure Event polling policies for baseline" - default = true -} - -variable "enable_azure_event_polling_interval" { - type = bool - description = "Enable the Azure Event polling interval policies for baseline" - default = true -} - -variable "enable_azure_event_polling_window" { - type = bool - description = "Enable the Azure Event polling windows policies for baseline" - default = true -} - -# Optional Common Baseline Configuration - -variable "turbot_profile" { - description = "Enter profile matching your turbot cli credentials." -} - -variable "smart_folder_name" { - description = "Smart folder name for the baseline" - type = string - default = "Azure Baseline Policies" -} - -variable "smart_folder_description" { - description = "Enter a description for the smart folder" - type = string - default = "Defines sets of policies for the Azure baseline" -} - -variable "smart_folder_parent_resource" { - description = "Enter the resource ID or AKA for the parent of the smart folder" - type = string - default = "tmod:@turbot/turbot#/" -} diff --git a/baselines/todo_policy_packs/azure/azure_check_cost_controls/README.md b/baselines/todo_policy_packs/azure/azure_check_cost_controls/README.md deleted file mode 100644 index cdb023823..000000000 --- a/baselines/todo_policy_packs/azure/azure_check_cost_controls/README.md +++ /dev/null @@ -1,141 +0,0 @@ -# Baseline - Azure Check Cost Control Policies - -This baseline will allow you to check the infrastructure over X days/unattached volumes and to set resource scheduling and make it inactive to reduce the cost. - -Few important links - -- [Budget Guardrails](https://turbot.com/v5/docs/concepts/guardrails/budget) -- [Scheduling in Turbot](https://turbot.com/v5/docs/concepts/guardrails/scheduling) -- [Active Guardrails](https://turbot.com/v5/docs/concepts/guardrails/active) - -## Overview - -Baseline policies are initial set of policies recommended to start with while using Turbot. These policies mostly focuses on enabling services, frequently used policies to run in check mode & enabling security features such as various encryption standards. Baseline TF scripts allows you to toggle the value to apply or ignore. See the below sections for more information. - -Some of these policies overlap with other set of baselines. Hence Turbot provided set of baseline TF files are executed in separate [Smart Folder](https://turbot.com/v5/docs/getting-started/smart_folder). The advantage of setting up of each baseline in their own Smart Folder prevents conflicting with the policy settings created by other baseline scripts. - -This baseline will not attach to a resource by default. This needs to be done manually using the Turbot UI. - -## Requirements - -- Terraform v0.13 or greater installed -- Valid Turbot configuration credentials - -For further information on configuring Turbot credentials can be found [here](https://turbot.com/v5/docs/reference/cli/installation#setup-your-turbot-credentials). - -## Applying baseline - -The baseline is defined by a set of files which together define the configuration of the baseline. - -### Initialize baseline - -If not previously run, Initialize Terraform to get all necessary providers for the baseline. - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform init - ``` -### Profile name as input - -The baseline example set requires you to provide `turbot_profile` name as input. This is to help in case you are having more profiles than only `default`. In case it's default, specify name as default. - -```shell -var.turbot_profile - Enter profile matching your turbot cli credentials. - Enter a value: -``` - -### Deploying demo example - -1. Navigate to the folder of the baseline -2. Initialize Terraform -3. Apply the baseline using the demo input variable file [demo.tfvars](demo.tfvars) - -On the terminal this will look like: - -```shell -cd -terraform init -terraform apply --var-file demo.tfvars -``` -**Note** - -- Most of the variables in demo.tfvars are marked as `false`, as they are not part of required initial policies. This can be made `true` based on need. - -- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default variable file. - -### Input variable files - -Input variable files allow for the user to configure configuration definitions for multiple environments in different files. - -This baseline comes with an example input variable file called [demo.tfvars](demo.tfvars). - -It will be used to define which parts of the baseline to apply and which to ignore. - -The variables that can be overwritten by the input variable files i.e. [demo.tfvars](demo.tfvars) are defined in the [variables.tf](variables.tf) file. - -Further details found in official [Terraform documentation](https://www.terraform.io/docs/language/values/variables.html). - -### Apply baseline using input variable files - -If seeking to apply the baseline using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform apply --var-file=demo.tfvars - ``` -### Apply baseline without input variable file - -The baseline can be applied without an input variable file. - -1. By this time Terraform initialization is done as mentioned above. -3. Prefer to check the outcome by running the Terraform plan -3. Apply the Terraform -4. Run the command: - -```shell -cd -terraform plan -terraform apply -``` - -`This may prompt the user applying the baseline to enter values for variables that do not have default values.` - -### Destroy baseline without input variable file - -If seeking to apply the baseline without using an input variable file. - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform destroy - ``` - -### Destroy using input variable files - -If seeking to destroy the baseline configuration using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform destroy --var-file=demo.tfvars - ``` - -## Commenting strategy - -All Turbot policies used by the baselines will have a link to the official Turbot Mods documentation. - -Opening the links will give you further details about: - -- The purpose of the policy -- Policy URI name -- Parent information -- Category information -- Target information -- All valid values diff --git a/baselines/todo_policy_packs/azure/azure_check_cost_controls/active_policies.tf b/baselines/todo_policy_packs/azure/azure_check_cost_controls/active_policies.tf deleted file mode 100644 index 18405714e..000000000 --- a/baselines/todo_policy_packs/azure/azure_check_cost_controls/active_policies.tf +++ /dev/null @@ -1,48 +0,0 @@ -# Simple cost control to check for aging infrastructure over X days -# Defaulting to 60 days as an example. -# Other use cases can be used for Last Modified, Attached, etc. -# More Info: https://turbot.com/v5/docs/concepts/guardrails/active - -# Azure > Compute > Virtual Machine > Active -# https://turbot.com/v5/mods/turbot/azure-compute/inspect#/policy/types/virtualMachineActive -resource "turbot_policy_setting" "set_resource_active_policies" { - for_each = var.resource_active - resource = turbot_smart_folder.azure_cost_controls.id - type = local.policy_map[each.key] - value = each.value -} - -# Azure > Compute > Virtual Machine > Active > Age -# https://turbot.com/v5/mods/turbot/azure-compute/inspect#/policy/types/virtualMachineActiveAge -resource "turbot_policy_setting" "set_resource_age_policies" { - for_each = var.resource_active - resource = turbot_smart_folder.azure_cost_controls.id - type = local.policy_map_age[each.key] - value = "Force inactive if age > 60 days" - # Skip - # Force inactive if age > 1 day - # Force inactive if age > 3 days - # Force inactive if age > 7 days - # Force inactive if age > 14 days - # Force inactive if age > 30 days - # Force inactive if age > 60 days - # Force inactive if age > 90 days - # Force inactive if age > 180 days - # Force inactive if age > 365 days -} - -# Azure > Compute > Disk > Active -# https://turbot.com/v5/mods/turbot/azure-compute/inspect#/policy/types/diskActive -resource "turbot_policy_setting" "azure_disk_active" { - resource = turbot_smart_folder.azure_cost_controls.id - type = "tmod:@turbot/azure-compute#/policy/types/diskActive" - value = "Check: Active" -} - -# Azure > Compute > Disk > Active > Attached -# https://turbot.com/v5/mods/turbot/azure-compute/inspect#/policy/types/diskActiveAttached -resource "turbot_policy_setting" "azure_disk_active_attached" { - resource = turbot_smart_folder.azure_cost_controls.id - type = "tmod:@turbot/azure-compute#/policy/types/diskActiveAttached" - value = "Force inactive if unattached" -} diff --git a/baselines/todo_policy_packs/azure/azure_check_cost_controls/demo.tfvars b/baselines/todo_policy_packs/azure/azure_check_cost_controls/demo.tfvars deleted file mode 100644 index e8d2d99eb..000000000 --- a/baselines/todo_policy_packs/azure/azure_check_cost_controls/demo.tfvars +++ /dev/null @@ -1,81 +0,0 @@ -# List of services and resources to be Check: Approved. -# You can remove the comment per row to include the resource type. Make sure you have the related service mod installed - -# Acceptable Values: - # "Skip" - # "Check: Active" - # "Enforce: Delete inactive with 1 day warning" - # "Enforce: Delete inactive with 3 days warning" - # "Enforce: Delete inactive with 7 days warning" - # "Enforce: Delete inactive with 14 days warning" - # "Enforce: Delete inactive with 30 days warning" - # "Enforce: Delete inactive with 60 days warning" - # "Enforce: Delete inactive with 90 days warning" - # "Enforce: Delete inactive with 180 days warning" - # "Enforce: Delete inactive with 365 days warning" - -resource_active = { - azure-aks-managedCluster = "Check: Active" - # azure-applicationgateway-applicationGateway = "Check: Active" - # azure-applicationinsights-applicationInsight = "Check: Active" - # azure-apimanagement-apiManagementService = "Check: Active" - # azure-appservice-appServicePlan = "Check: Active" - # azure-appservice-functionApp = "Check: Active" - # azure-appservice-webApp = "Check: Active" - # azure-compute-availabilitySet = "Check: Active" - ##Have Unattached Policy Set instead##azure-compute-disk = "Check: Active" - # azure-compute-diskEncryptionSet = "Check: Active" - azure-compute-image = "Check: Active" - azure-compute-snapshot = "Check: Active" - azure-compute-virtualMachine = "Check: Active" - azure-cosmosdb-databaseAccount = "Check: Active" - # azure-cosmosdb-mongoDbCollection = "Check: Active" - azure-cosmosdb-mongoDbDatabase = "Check: Active" - azure-cosmosdb-sqlContainer = "Check: Active" - azure-cosmosdb-sqlDatabase = "Check: Active" - azure-databricks-databricksWorkspace = "Check: Active" - # azure-datafactory-dataset = "Check: Active" - # azure-datafactory-factory = "Check: Active" - # azure-datafactory-pipeline = "Check: Active" - # azure-dns-recordSet = "Check: Active" - # azure-dns-zone = "Check: Active" - # azure-firewall-firewall = "Check: Active" - # azure-frontdoorservice-frontDoor = "Check: Active" - # azure-iam-roleAssignment = "Check: Active" - # azure-iam-roleDefinition = "Check: Active" - # azure-keyvault-key = "Check: Active" - # azure-keyvault-secret = "Check: Active" - # azure-keyvault-vault = "Check: Active" - # azure-loadbalancer-loadBalancer = "Check: Active" - # azure-loganalytics-logAnalyticsWorkspace = "Check: Active" - # azure-monitor-actionGroup = "Check: Active" - # azure-monitor-alerts = "Check: Active" - # azure-monitor-logProfile = "Check: Active" - azure-mysql-server = "Check: Active" - # azure-network-applicationSecurityGroup = "Check: Active" - # azure-network-networkInterface = "Check: Active" - # azure-network-networkSecurityGroup = "Check: Active" - # azure-network-publicIpAddress = "Check: Active" - # azure-network-routeTable = "Check: Active" - # azure-network-subnet = "Check: Active" - # azure-network-virtualNetwork = "Check: Active" - # azure-networkwatcher-flowLog = "Check: Active" - # azure-networkwatcher-networkWatcher = "Check: Active" - azure-postgresql-database = "Check: Active" - azure-postgresql-server = "Check: Active" - # azure-recoveryservice-vault = "Check: Active" - # azure-searchmanagement-searchService = "Check: Active" - azure-sql-database = "Check: Active" - # azure-sql-elasticPool = "Check: Active" - azure-sql-server = "Check: Active" - azure-storage-container = "Check: Active" - azure-storage-fileShare = "Check: Active" - azure-storage-storageAccount = "Check: Active" - # azure-synapseanalytics-sqlPool = "Check: Active" - azure-synapseanalytics-synapseWorkspace = "Check: Active" -} - -# See file schedules_policies.tf -# The variable with value false, as this is not part of initial recommended policy. -# You can enable it by changing the value to true. -azure_vm_instance_schedule_tag_policies = false diff --git a/baselines/todo_policy_packs/azure/azure_check_cost_controls/locals.tf b/baselines/todo_policy_packs/azure/azure_check_cost_controls/locals.tf deleted file mode 100644 index 7fa38de06..000000000 --- a/baselines/todo_policy_packs/azure/azure_check_cost_controls/locals.tf +++ /dev/null @@ -1,124 +0,0 @@ -locals { - - policy_map = { - azure-aks-managedCluster : "tmod:@turbot/azure-aks#/policy/types/managedClusterActive" - azure-apimanagement-apiManagementService : "tmod:@turbot/azure-apimanagement#/policy/types/apiManagementServiceActive" - azure-applicationgateway-applicationGateway : "tmod:@turbot/azure-applicationgateway#/policy/types/applicationGatewayActive" - azure-applicationinsights-applicationInsight : "tmod:@turbot/azure-applicationinsights#/policy/types/applicationInsightActive" - azure-appservice-appServicePlan : "tmod:@turbot/azure-appservice#/policy/types/appServicePlanActive" - azure-appservice-functionApp : "tmod:@turbot/azure-appservice#/policy/types/functionAppActive" - azure-appservice-webApp : "tmod:@turbot/azure-appservice#/policy/types/webAppActive" - azure-compute-availabilitySet : "tmod:@turbot/azure-compute#/policy/types/availabilitySetActive" - azure-compute-disk : "tmod:@turbot/azure-compute#/policy/types/diskActive" - azure-compute-diskEncryptionSet : "tmod:@turbot/azure-compute#/policy/types/diskEncryptionSetActive" - azure-compute-image : "tmod:@turbot/azure-compute#/policy/types/imageActive" - azure-compute-snapshot : "tmod:@turbot/azure-compute#/policy/types/snapshotActive" - azure-compute-virtualMachine : "tmod:@turbot/azure-compute#/policy/types/virtualMachineActive" - azure-cosmosdb-databaseAccount : "tmod:@turbot/azure-cosmosdb#/policy/types/databaseAccountActive" - azure-cosmosdb-mongoDbCollection : "tmod:@turbot/azure-cosmosdb#/policy/types/mongoDbCollectionActive" - azure-cosmosdb-mongoDbDatabase : "tmod:@turbot/azure-cosmosdb#/policy/types/mongoDbDatabaseActive" - azure-cosmosdb-sqlContainer : "tmod:@turbot/azure-cosmosdb#/policy/types/sqlContainerActive" - azure-cosmosdb-sqlDatabase : "tmod:@turbot/azure-cosmosdb#/policy/types/sqlDatabaseActive" - azure-databricks-databricksWorkspace : "tmod:@turbot/azure-databricks#/policy/types/databricksWorkspaceActive" - azure-datafactory-dataset : "tmod:@turbot/azure-datafactory#/policy/types/datasetActive" - azure-datafactory-factory : "tmod:@turbot/azure-datafactory#/policy/types/factoryActive" - azure-datafactory-pipeline : "tmod:@turbot/azure-datafactory#/policy/types/pipelineActive" - azure-dns-recordSet : "tmod:@turbot/azure-dns#/policy/types/recordSetActive" - azure-dns-zone : "tmod:@turbot/azure-dns#/policy/types/zoneActive" - azure-firewall-firewall : "tmod:@turbot/azure-firewall#/policy/types/firewallActive" - azure-frontdoorservice-frontDoor : "tmod:@turbot/azure-frontdoorservice#/policy/types/frontDoorActive" - azure-iam-roleAssignment : "tmod:@turbot/azure-iam#/policy/types/roleAssignmentActive" - azure-iam-roleDefinition : "tmod:@turbot/azure-iam#/policy/types/roleDefinitionActive" - azure-keyvault-key : "tmod:@turbot/azure-keyvault#/policy/types/keyActive" - azure-keyvault-secret : "tmod:@turbot/azure-keyvault#/policy/types/secretActive" - azure-keyvault-vault : "tmod:@turbot/azure-keyvault#/policy/types/vaultActive" - azure-loadbalancer-loadBalancer : "tmod:@turbot/azure-loadbalancer#/policy/types/loadBalancerActive" - azure-loganalytics-logAnalyticsWorkspace : "tmod:@turbot/azure-loganalytics#/policy/types/logAnalyticsWorkspaceActive" - azure-monitor-actionGroup : "tmod:@turbot/azure-monitor#/policy/types/actionGroupActive" - azure-monitor-alerts : "tmod:@turbot/azure-monitor#/policy/types/alertsActive" - azure-monitor-logProfile : "tmod:@turbot/azure-monitor#/policy/types/logProfileActive" - azure-mysql-server : "tmod:@turbot/azure-mysql#/policy/types/serverActive" - azure-network-applicationSecurityGroup : "tmod:@turbot/azure-network#/policy/types/applicationSecurityGroupActive" - azure-network-networkInterface : "tmod:@turbot/azure-network#/policy/types/networkInterfaceActive" - azure-network-networkSecurityGroup : "tmod:@turbot/azure-network#/policy/types/networkSecurityGroupActive" - azure-network-publicIpAddress : "tmod:@turbot/azure-network#/policy/types/publicIpAddressActive" - azure-network-routeTable : "tmod:@turbot/azure-network#/policy/types/routeTableActive" - azure-network-subnet : "tmod:@turbot/azure-network#/policy/types/subnetActive" - azure-network-virtualNetwork : "tmod:@turbot/azure-network#/policy/types/virtualNetworkActive" - azure-networkwatcher-flowLog : "tmod:@turbot/azure-networkwatcher#/policy/types/flowLogActive" - azure-networkwatcher-networkWatcher : "tmod:@turbot/azure-networkwatcher#/policy/types/networkWatcherActive" - azure-postgresql-database : "tmod:@turbot/azure-postgresql#/policy/types/databaseActive" - azure-postgresql-server : "tmod:@turbot/azure-postgresql#/policy/types/serverActive" - azure-recoveryservice-vault : "tmod:@turbot/azure-recoveryservice#/policy/types/vaultActive" - azure-searchmanagement-searchService : "tmod:@turbot/azure-searchmanagement#/policy/types/searchServiceActive" - azure-sql-database : "tmod:@turbot/azure-sql#/policy/types/databaseActive" - azure-sql-elasticPool : "tmod:@turbot/azure-sql#/policy/types/elasticPoolActive" - azure-sql-server : "tmod:@turbot/azure-sql#/policy/types/serverActive" - azure-storage-container : "tmod:@turbot/azure-storage#/policy/types/containerActive" - azure-storage-fileShare : "tmod:@turbot/azure-storage#/policy/types/fileShareActive" - azure-storage-storageAccount : "tmod:@turbot/azure-storage#/policy/types/storageAccountActive" - azure-synapseanalytics-sqlPool : "tmod:@turbot/azure-synapseanalytics#/policy/types/sqlPoolActive" - azure-synapseanalytics-synapseWorkspace : "tmod:@turbot/azure-synapseanalytics#/policy/types/synapseWorkspaceActive" - } - - policy_map_age = { - azure-aks-managedCluster : "tmod:@turbot/azure-aks#/policy/types/managedClusterActiveAge" - azure-apimanagement-apiManagementService : "tmod:@turbot/azure-apimanagement#/policy/types/apiManagementServiceActiveAge" - azure-applicationgateway-applicationGateway : "tmod:@turbot/azure-applicationgateway#/policy/types/applicationGatewayActiveAge" - azure-applicationinsights-applicationInsight : "tmod:@turbot/azure-applicationinsights#/policy/types/applicationInsightActiveAge" - azure-appservice-appServicePlan : "tmod:@turbot/azure-appservice#/policy/types/appServicePlanActiveAge" - azure-appservice-functionApp : "tmod:@turbot/azure-appservice#/policy/types/functionAppActiveAge" - azure-appservice-webApp : "tmod:@turbot/azure-appservice#/policy/types/webAppActiveAge" - azure-compute-availabilitySet : "tmod:@turbot/azure-compute#/policy/types/availabilitySetActiveAge" - azure-compute-disk : "tmod:@turbot/azure-compute#/policy/types/diskActiveAge" - azure-compute-diskEncryptionSet : "tmod:@turbot/azure-compute#/policy/types/diskEncryptionSetActiveAge" - azure-compute-image : "tmod:@turbot/azure-compute#/policy/types/imageActiveAge" - azure-compute-snapshot : "tmod:@turbot/azure-compute#/policy/types/snapshotActiveAge" - azure-compute-virtualMachine : "tmod:@turbot/azure-compute#/policy/types/virtualMachineActiveAge" - azure-cosmosdb-databaseAccount : "tmod:@turbot/azure-cosmosdb#/policy/types/databaseAccountActiveAge" - azure-cosmosdb-mongoDbCollection : "tmod:@turbot/azure-cosmosdb#/policy/types/mongoDbCollectionActiveAge" - azure-cosmosdb-mongoDbDatabase : "tmod:@turbot/azure-cosmosdb#/policy/types/mongoDbDatabaseActiveAge" - azure-cosmosdb-sqlContainer : "tmod:@turbot/azure-cosmosdb#/policy/types/sqlContainerActiveAge" - azure-cosmosdb-sqlDatabase : "tmod:@turbot/azure-cosmosdb#/policy/types/sqlDatabaseActiveAge" - azure-databricks-databricksWorkspace : "tmod:@turbot/azure-databricks#/policy/types/databricksWorkspaceActiveAge" - azure-datafactory-dataset : "tmod:@turbot/azure-datafactory#/policy/types/datasetActiveAge" - azure-datafactory-factory : "tmod:@turbot/azure-datafactory#/policy/types/factoryActiveAge" - azure-datafactory-pipeline : "tmod:@turbot/azure-datafactory#/policy/types/pipelineActiveAge" - azure-dns-recordSet : "tmod:@turbot/azure-dns#/policy/types/recordSetActiveAge" - azure-dns-zone : "tmod:@turbot/azure-dns#/policy/types/zoneActiveAge" - azure-firewall-firewall : "tmod:@turbot/azure-firewall#/policy/types/firewallActiveAge" - azure-frontdoorservice-frontDoor : "tmod:@turbot/azure-frontdoorservice#/policy/types/frontDoorActiveAge" - azure-iam-roleAssignment : "tmod:@turbot/azure-iam#/policy/types/roleAssignmentActiveAge" - azure-iam-roleDefinition : "tmod:@turbot/azure-iam#/policy/types/roleDefinitionActiveAge" - azure-keyvault-key : "tmod:@turbot/azure-keyvault#/policy/types/keyActiveAge" - azure-keyvault-secret : "tmod:@turbot/azure-keyvault#/policy/types/secretActiveAge" - azure-keyvault-vault : "tmod:@turbot/azure-keyvault#/policy/types/vaultActiveAge" - azure-loadbalancer-loadBalancer : "tmod:@turbot/azure-loadbalancer#/policy/types/loadBalancerActiveAge" - azure-loganalytics-logAnalyticsWorkspace : "tmod:@turbot/azure-loganalytics#/policy/types/logAnalyticsWorkspaceActiveAge" - azure-monitor-actionGroup : "tmod:@turbot/azure-monitor#/policy/types/actionGroupActiveAge" - azure-monitor-alerts : "tmod:@turbot/azure-monitor#/policy/types/alertsActiveAge" - azure-monitor-logProfile : "tmod:@turbot/azure-monitor#/policy/types/logProfileActiveAge" - azure-mysql-server : "tmod:@turbot/azure-mysql#/policy/types/serverActiveAge" - azure-network-applicationSecurityGroup : "tmod:@turbot/azure-network#/policy/types/applicationSecurityGroupActiveAge" - azure-network-networkInterface : "tmod:@turbot/azure-network#/policy/types/networkInterfaceActiveAge" - azure-network-networkSecurityGroup : "tmod:@turbot/azure-network#/policy/types/networkSecurityGroupActiveAge" - azure-network-publicIpAddress : "tmod:@turbot/azure-network#/policy/types/publicIpAddressActiveAge" - azure-network-routeTable : "tmod:@turbot/azure-network#/policy/types/routeTableActiveAge" - azure-network-subnet : "tmod:@turbot/azure-network#/policy/types/subnetActiveAge" - azure-network-virtualNetwork : "tmod:@turbot/azure-network#/policy/types/virtualNetworkActiveAge" - azure-networkwatcher-flowLog : "tmod:@turbot/azure-networkwatcher#/policy/types/flowLogActiveAge" - azure-networkwatcher-networkWatcher : "tmod:@turbot/azure-networkwatcher#/policy/types/networkWatcherActiveAge" - azure-postgresql-database : "tmod:@turbot/azure-postgresql#/policy/types/databaseActiveAge" - azure-postgresql-server : "tmod:@turbot/azure-postgresql#/policy/types/serverActiveAge" - azure-recoveryservice-vault : "tmod:@turbot/azure-recoveryservice#/policy/types/vaultActiveAge" - azure-searchmanagement-searchService : "tmod:@turbot/azure-searchmanagement#/policy/types/searchServiceActiveAge" - azure-sql-database : "tmod:@turbot/azure-sql#/policy/types/databaseActiveAge" - azure-sql-elasticPool : "tmod:@turbot/azure-sql#/policy/types/elasticPoolActiveAge" - azure-sql-server : "tmod:@turbot/azure-sql#/policy/types/serverActiveAge" - azure-storage-container : "tmod:@turbot/azure-storage#/policy/types/containerActiveAge" - azure-storage-fileShare : "tmod:@turbot/azure-storage#/policy/types/fileShareActiveAge" - azure-storage-storageAccount : "tmod:@turbot/azure-storage#/policy/types/storageAccountActiveAge" - azure-synapseanalytics-sqlPool : "tmod:@turbot/azure-synapseanalytics#/policy/types/sqlPoolActiveAge" - azure-synapseanalytics-synapseWorkspace : "tmod:@turbot/azure-synapseanalytics#/policy/types/synapseWorkspaceActiveAge" - } -} \ No newline at end of file diff --git a/baselines/todo_policy_packs/azure/azure_check_cost_controls/outputs.tf b/baselines/todo_policy_packs/azure/azure_check_cost_controls/outputs.tf deleted file mode 100644 index d26172796..000000000 --- a/baselines/todo_policy_packs/azure/azure_check_cost_controls/outputs.tf +++ /dev/null @@ -1,27 +0,0 @@ -output "turbot_profile" { - value = var.turbot_profile -} - -output "smart_folder_name" { - value = var.smart_folder_name -} - -output "smart_folder_description" { - value = var.smart_folder_description -} - -output "smart_folder_parent_resource" { - value = var.smart_folder_parent_resource -} - -output "resource_active" { - value = var.resource_active -} - -output "azure_vm_instance_schedule_policies" { - value = var.azure_vm_instance_schedule_policies -} - -output "azure_vm_instance_schedule_tag_policies" { - value = var.azure_vm_instance_schedule_tag_policies -} diff --git a/baselines/todo_policy_packs/azure/azure_check_cost_controls/providers.tf b/baselines/todo_policy_packs/azure/azure_check_cost_controls/providers.tf deleted file mode 100644 index 0353d61cb..000000000 --- a/baselines/todo_policy_packs/azure/azure_check_cost_controls/providers.tf +++ /dev/null @@ -1,12 +0,0 @@ -terraform { - required_providers { - turbot = { - source = "turbot/turbot" - } - } - required_version = ">= 0.13" -} - -provider "turbot" { - profile = var.turbot_profile -} diff --git a/baselines/todo_policy_packs/azure/azure_check_cost_controls/schedules_policies.tf b/baselines/todo_policy_packs/azure/azure_check_cost_controls/schedules_policies.tf deleted file mode 100644 index e3529e561..000000000 --- a/baselines/todo_policy_packs/azure/azure_check_cost_controls/schedules_policies.tf +++ /dev/null @@ -1,30 +0,0 @@ -# Setting Resource Schedules to start/stop based on schedule -# Set to Skip to avoid accidently Enforcement. -# More Info: https://turbot.com/v5/docs/concepts/guardrails/scheduling - - -# Policy Setting Options: -# Skip -# Enforce: Business hours (8:00am - 6:00pm on weekdays) -# Enforce: Extended business hours (7:00am - 11:00pm on weekdays) -# Enforce: Stop for night (stop at 10:00pm every day) -# Enforce: Stop for weekend (stop at 10:00pm on Friday) - -# Azure > Compute > Virtual Machine > Schedule -# https://turbot.com/v5/mods/turbot/azure-compute/inspect#/policy/types/virtualMachineSchedule -resource "turbot_policy_setting" "vm_instance_schedule" { - count = var.azure_vm_instance_schedule_policies ? 1 : 0 - resource = turbot_smart_folder.azure_cost_controls.id - type = "tmod:@turbot/azure-compute#/policy/types/virtualMachineSchedule" - value = "Skip" -} - -# Azure > Compute > Virtual Machine > Schedule Tag -# https://turbot.com/v5/mods/turbot/azure-compute/inspect#/policy/types/virtualMachineScheduleTag -resource "turbot_policy_setting" "vm_instance_schedule_tag" { - count = var.azure_vm_instance_schedule_tag_policies ? 1 : 0 - resource = turbot_smart_folder.azure_cost_controls.id - type = "tmod:@turbot/azure-compute#/policy/types/virtualMachineScheduleTag" - value = "Skip" - # "Enforce: Schedule per turbot_custom_schedule tag" -} diff --git a/baselines/todo_policy_packs/azure/azure_check_cost_controls/smartfolder.tf b/baselines/todo_policy_packs/azure/azure_check_cost_controls/smartfolder.tf deleted file mode 100644 index ff1e80219..000000000 --- a/baselines/todo_policy_packs/azure/azure_check_cost_controls/smartfolder.tf +++ /dev/null @@ -1,5 +0,0 @@ -resource "turbot_smart_folder" "azure_cost_controls" { - parent = var.smart_folder_parent_resource - title = var.smart_folder_name - description = var.smart_folder_description -} \ No newline at end of file diff --git a/baselines/todo_policy_packs/azure/azure_check_cost_controls/storage_tier_policies.tf b/baselines/todo_policy_packs/azure/azure_check_cost_controls/storage_tier_policies.tf deleted file mode 100644 index 58df97745..000000000 --- a/baselines/todo_policy_packs/azure/azure_check_cost_controls/storage_tier_policies.tf +++ /dev/null @@ -1,7 +0,0 @@ -# Check for Storage access tier to be cool for a cost savings - -resource "turbot_policy_setting" "azure_storage_access_tier" { - resource = turbot_smart_folder.azure_cost_controls.id - type = "tmod:@turbot/azure-storage#/policy/types/storageAccountAccessTier" - value = "Check: Cool" -} diff --git a/baselines/todo_policy_packs/azure/azure_check_cost_controls/variables.tf b/baselines/todo_policy_packs/azure/azure_check_cost_controls/variables.tf deleted file mode 100644 index 6a4643f1c..000000000 --- a/baselines/todo_policy_packs/azure/azure_check_cost_controls/variables.tf +++ /dev/null @@ -1,116 +0,0 @@ -variable "resource_active" { - description = < -``` - -### Deploying demo example - -1. Navigate to the folder of the baseline -2. Initialize Terraform -3. Apply the baseline using the demo input variable file [demo.tfvars](demo.tfvars) - -On the terminal this will look like: - -```shell -cd -terraform init -terraform apply --var-file demo.tfvars -``` -**Note** -- Most of the variables in demo.tfvars are marked as `false`, as they are not part of required initial policies. This can be made `true` based on need. -- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default variable file. - -### Input variable files - -Input variable files allow for the user to configure configuration definitions for multiple environments in different files. - -This baseline comes with an example input variable file called [demo.tfvars](demo.tfvars). - -It will be used to define which parts of the baseline to apply and which to ignore. - -The variables that can be overwritten by the input variable files i.e. [demo.tfvars](demo.tfvars) are defined in the [variables.tf](variables.tf) file. - -Further details found in official [Terraform documentation](https://www.terraform.io/docs/language/values/variables.html). - -### Apply baseline using input variable files - -If seeking to apply the baseline using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform apply --var-file=demo.tfvars - ``` -### Apply baseline without input variable file - -The baseline can be applied without an input variable file. - -1. By this time Terraform initialization is done as mentioned above. -3. Prefer to check the outcome by running the Terraform plan -3. Apply the Terraform -4. Run the command: - -```shell -cd -terraform plan -terraform apply -``` - -`This may prompt the user applying the baseline to enter values for variables that do not have default values.` - -### Destroy baseline without input variable file - -If seeking to apply the baseline without using an input variable file. - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform destroy - ``` - -### Destroy using input variable files - -If seeking to destoy the baseline configuration using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform destroy --var-file=demo.tfvars - ``` - -## Commenting strategy - -All Turbot policies used by the baselines will have a link to the official Turbot Mods documentation. - -Opening the links will give you further details about: - -- The purpose of the policy -- Policy URI name -- Parent information -- Category information -- Target information -- All valid values diff --git a/baselines/todo_policy_packs/azure/azure_check_encryption/appservice_policies.tf b/baselines/todo_policy_packs/azure/azure_check_encryption/appservice_policies.tf deleted file mode 100644 index 0e5bd8ba6..000000000 --- a/baselines/todo_policy_packs/azure/azure_check_encryption/appservice_policies.tf +++ /dev/null @@ -1,45 +0,0 @@ -# Note: App Service Approved > Usage is validated for httpsOnly for securing the custom domain. - -# Azure > App Service > Function App > Approved > Usage -# https://turbot.com/v5/mods/turbot/azure-appservice/inspect#/policy/types/functionAppApprovedUsage -resource "turbot_policy_setting" "azure_appservice_function_app_approved_usage" { - count = var.appservice_function_app_approved_usage_policies ? 1 : 0 - resource = turbot_smart_folder.azure_encryption.id - type = "tmod:@turbot/azure-appservice#/policy/types/functionAppApprovedUsage" - template_input = < App Service > Web App > Approved > Usage -# https://turbot.com/v5/mods/turbot/azure-appservice/inspect#/policy/types/webAppApprovedUsage -resource "turbot_policy_setting" "azure_appservice_web_app_approved_usage" { - count = var.azure_appservice_web_app_approved_usage_policies ? 1 : 0 - resource = turbot_smart_folder.azure_encryption.id - type = "tmod:@turbot/azure-appservice#/policy/types/webAppApprovedUsage" - template_input = < Compute > Disk > Approved > Usage -# https://turbot.com/v5/mods/turbot/azure-compute/inspect#/policy/types/diskApprovedUsage -resource "turbot_policy_setting" "azure_compute_disk_approved_usage" { - count = var.azure_compute_disk_approved_usage_policies ? 1 : 0 - resource = turbot_smart_folder.azure_encryption.id - type = "tmod:@turbot/azure-compute#/policy/types/diskApprovedUsage" - template_input = < MySQL > Server > Encryption in Transit -# https://turbot.com/v5/mods/turbot/azure-mysql/inspect#/policy/types/serverEncryptionInTransit -resource "turbot_policy_setting" "azure_mysql_server_encryption_in_transit" { - count = var.azure_mysql_server_encryption_in_transit_policies ? 1 : 0 - resource = turbot_smart_folder.azure_encryption.id - type = "tmod:@turbot/azure-mysql#/policy/types/serverEncryptionInTransit" - value = "Check: Enabled" -} diff --git a/baselines/todo_policy_packs/azure/azure_check_encryption/outputs.tf b/baselines/todo_policy_packs/azure/azure_check_encryption/outputs.tf deleted file mode 100644 index 5cd4b98e6..000000000 --- a/baselines/todo_policy_packs/azure/azure_check_encryption/outputs.tf +++ /dev/null @@ -1,52 +0,0 @@ -output "turbot_profile" { - value = var.turbot_profile -} - -output "smart_folder_name" { - value = var.smart_folder_name -} - -output "smart_folder_description" { - value = var.smart_folder_description -} - -output "smart_folder_parent_resource" { - value = var.smart_folder_parent_resource -} - -output "appservice_function_app_approved_usage_policies" { - value = var.appservice_function_app_approved_usage_policies -} - -output "azure_appservice_web_app_approved_usage_policies" { - value = var.azure_appservice_web_app_approved_usage_policies -} - -output "azure_compute_disk_approved_usage_policies" { - value = var.azure_compute_disk_approved_usage_policies -} - -output "azure_mysql_server_encryption_in_transit_policies" { - value = var.azure_mysql_server_encryption_in_transit_policies -} - -output "azure_postgresql_server_encryption_in_transit_policies" { - value = var.azure_postgresql_server_encryption_in_transit_policies -} - -output "azure_sql_database_encryption_at_rest_policies" { - value = var.azure_sql_database_encryption_at_rest_policies -} - -output "azure_storage_storage_account_encryption_in_transit_policies" { - value = var.azure_storage_storage_account_encryption_in_transit_policies -} - -output "azure_storage_storage_account_approved_usage_policies" { - value = var.azure_storage_storage_account_approved_usage_policies -} - - - - - diff --git a/baselines/todo_policy_packs/azure/azure_check_encryption/postgresql_policies.tf b/baselines/todo_policy_packs/azure/azure_check_encryption/postgresql_policies.tf deleted file mode 100644 index fa3db8177..000000000 --- a/baselines/todo_policy_packs/azure/azure_check_encryption/postgresql_policies.tf +++ /dev/null @@ -1,10 +0,0 @@ -# Encryption in Transit Guardrails - https://turbot.com/v5/docs/concepts/guardrails/encryption-in-transit - -# Azure > PostgreSQL > Server > Encryption in Transit -# https://turbot.com/v5/mods/turbot/azure-postgresql/inspect#/policy/types/serverEncryptionInTransit -resource "turbot_policy_setting" "azure_postgresql_server_encryption_in_transit" { - count = var.azure_postgresql_server_encryption_in_transit_policies ? 1 : 0 - resource = turbot_smart_folder.azure_encryption.id - type = "tmod:@turbot/azure-postgresql#/policy/types/serverEncryptionInTransit" - value = "Check: Enabled" -} diff --git a/baselines/todo_policy_packs/azure/azure_check_encryption/providers.tf b/baselines/todo_policy_packs/azure/azure_check_encryption/providers.tf deleted file mode 100644 index 0353d61cb..000000000 --- a/baselines/todo_policy_packs/azure/azure_check_encryption/providers.tf +++ /dev/null @@ -1,12 +0,0 @@ -terraform { - required_providers { - turbot = { - source = "turbot/turbot" - } - } - required_version = ">= 0.13" -} - -provider "turbot" { - profile = var.turbot_profile -} diff --git a/baselines/todo_policy_packs/azure/azure_check_encryption/smart_folder.tf b/baselines/todo_policy_packs/azure/azure_check_encryption/smart_folder.tf deleted file mode 100644 index 0e0ad7792..000000000 --- a/baselines/todo_policy_packs/azure/azure_check_encryption/smart_folder.tf +++ /dev/null @@ -1,5 +0,0 @@ -resource "turbot_smart_folder" "azure_encryption" { - parent = var.smart_folder_parent_resource - title = var.smart_folder_name - description = var.smart_folder_description -} diff --git a/baselines/todo_policy_packs/azure/azure_check_encryption/sql_policies.tf b/baselines/todo_policy_packs/azure/azure_check_encryption/sql_policies.tf deleted file mode 100644 index b01ac646f..000000000 --- a/baselines/todo_policy_packs/azure/azure_check_encryption/sql_policies.tf +++ /dev/null @@ -1,10 +0,0 @@ -# Encryption at Rest Guardrails - https://turbot.com/v5/docs/concepts/guardrails/encryption-at-rest - -# Azure > SQL > Database > Encryption at Rest -# https://turbot.com/v5/mods/turbot/azure-sql/inspect#/policy/types/databaseEncryptionAtRest -resource "turbot_policy_setting" "azure_sql_database_encryption_at_rest" { - count = var.azure_sql_database_encryption_at_rest_policies ? 1 : 0 - resource = turbot_smart_folder.azure_encryption.id - type = "tmod:@turbot/azure-sql#/policy/types/databaseEncryptionAtRest" - value = "Check: Enabled" -} diff --git a/baselines/todo_policy_packs/azure/azure_check_encryption/storage_policies.tf b/baselines/todo_policy_packs/azure/azure_check_encryption/storage_policies.tf deleted file mode 100644 index e1c13c308..000000000 --- a/baselines/todo_policy_packs/azure/azure_check_encryption/storage_policies.tf +++ /dev/null @@ -1,36 +0,0 @@ -# Encryption in Transit Guardrails - https://turbot.com/v5/docs/concepts/guardrails/encryption-in-transit - -# Azure > Storage > Storage Account > Encryption in Transit -# https://turbot.com/v5/mods/turbot/azure-storage/inspect#/policy/types/storageAccountEncryptionInTransit -resource "turbot_policy_setting" "azure_storage_storage_account_encryption_in_transit" { - count = var.azure_storage_storage_account_encryption_in_transit_policies ? 1 : 0 - resource = turbot_smart_folder.azure_encryption.id - type = "tmod:@turbot/azure-storage#/policy/types/storageAccountEncryptionInTransit" - value = "Check: Enabled" -} - -# Azure > Storage > Storage Account > Approved > Usage -# https://turbot.com/v5/mods/turbot/azure-storage/inspect#/policy/types/storageAccountApprovedUsage -resource "turbot_policy_setting" "azure_storage_storage_account_approved_usage" { - count = var.azure_storage_storage_account_approved_usage_policies ? 1 : 0 - resource = turbot_smart_folder.azure_encryption.id - type = "tmod:@turbot/azure-storage#/policy/types/storageAccountApprovedUsage" - template_input = < -``` - -### Deploying demo example - -1. Navigate to the folder of the baseline -2. Initialize Terraform -3. Apply the baseline using the demo input variable file [demo.tfvars](demo.tfvars) - -On the terminal this will look like: - -```shell -cd -terraform init -terraform apply --var-file demo.tfvars -``` -**Note** -- Most of the variables in demo.tfvars are marked as `false`, as they are not part of required initial policies. This can be made `true` based on need. - -- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default variable file. - -### Input variable files - -Input variable files allow for the user to configure configuration definitions for multiple environments in different files. - -This baseline comes with an example input variable file called [demo.tfvars](demo.tfvars). - -It will be used to define which parts of the baseline to apply and which to ignore. - -The variables that can be overwritten by the input variable files i.e. [demo.tfvars](demo.tfvars) are defined in the [variables.tf](variables.tf) file. - -Further details found in official [Terraform documentation](https://www.terraform.io/docs/language/values/variables.html). - -### Apply baseline using input variable files - -If seeking to apply the baseline using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform apply --var-file=demo.tfvars - ``` -### Apply baseline without input variable file - -The baseline can be applied without an input variable file. - -1. By this time Terraform initialization is done as mentioned above. -3. Prefer to check the outcome by running the Terraform plan -3. Apply the Terraform -4. Run the command: - -```shell -cd -terraform plan -terraform apply -``` - -`This may prompt the user applying the baseline to enter values for variables that do not have default values.` - -### Destroy baseline without input variable file - -If seeking to apply the baseline without using an input variable file. - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform destroy - ``` - -### Destroy using input variable files - -If seeking to destroy the baseline configuration using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform destroy --var-file=demo.tfvars - ``` - -## Commenting strategy - -All Turbot policies used by the baselines will have a link to the official Turbot Mods documentation. - -Opening the links will give you further details about: - -- The purpose of the policy -- Policy URI name -- Parent information -- Category information -- Target information -- All valid values \ No newline at end of file diff --git a/baselines/todo_policy_packs/azure/azure_check_logging/db_threat_protection_policies.tf b/baselines/todo_policy_packs/azure/azure_check_logging/db_threat_protection_policies.tf deleted file mode 100644 index ee4020940..000000000 --- a/baselines/todo_policy_packs/azure/azure_check_logging/db_threat_protection_policies.tf +++ /dev/null @@ -1,32 +0,0 @@ -## Azure > SQL > Server > Advanced Data Security > Threat Protection > Types -# https://turbot.com/v5/mods/turbot/azure-sql/inspect#/policy/types/serverThreatProtection -resource "turbot_policy_setting" "azure_sql_server_threat_protection_types" { - count = var.azure_sql_server_threat_protection_types_polices ? 1 : 0 - resource = turbot_smart_folder.azure_logging.id - type = "tmod:@turbot/azure-sql#/policy/types/serverThreatProtectionTypes" - value = < SQL > Database > Advanced Data Security > Threat Protection > Types -# https://turbot.com/v5/mods/turbot/azure-sql/inspect#/policy/types/databaseThreatProtection -resource "turbot_policy_setting" "azure_sql_database_threat_protection_types" { - count = var.azure_sql_database_threat_protection_types_polices ? 1 : 0 - resource = turbot_smart_folder.azure_logging.id - type = "tmod:@turbot/azure-sql#/policy/types/databaseThreatProtectionTypes" - value = < PostgreSQL > Server > Audit Logging -# https://turbot.com/v5/mods/turbot/azure-postgresql/inspect#/policy/types/serverAuditLogging -resource "turbot_policy_setting" "azure_postgresql_server_auditing" { - count = var.azure_postgresql_server_auditing_polices ? 1 : 0 - resource = turbot_smart_folder.azure_logging.id - type = "tmod:@turbot/azure-postgresql#/policy/types/serverAuditLogging" - value = "Check: Audit Logging > *" -} - -# Azure > PostgreSQL > Server > Audit Logging > Log Checkpoints -# https://turbot.com/v5/mods/turbot/azure-postgresql/inspect#/policy/types/serverAuditLoggingLogCheckpoints -resource "turbot_policy_setting" "azure_postgresql_server_auditing_checkpoints" { - count = var.azure_postgresql_server_auditing_checkpoints_polices ? 1 : 0 - resource = turbot_smart_folder.azure_logging.id - type = "tmod:@turbot/azure-postgresql#/policy/types/serverAuditLoggingLogCheckpoints" - value = "On" -} - -# Azure > PostgreSQL > Server > Audit Logging > Log Connections -# https://turbot.com/v5/mods/turbot/azure-postgresql/inspect#/policy/types/serverAuditLoggingLogConnections -resource "turbot_policy_setting" "azure_postgresql_server_auditing_connections" { - count = var.azure_postgresql_server_auditing_connections_polices ? 1 : 0 - resource = turbot_smart_folder.azure_logging.id - type = "tmod:@turbot/azure-postgresql#/policy/types/serverAuditLoggingLogConnections" - value = "On" -} - -# Azure > PostgreSQL > Server > Audit Logging > Log Disconnections -# https://turbot.com/v5/mods/turbot/azure-postgresql/inspect#/policy/types/serverAuditLoggingLogDisconnections -resource "turbot_policy_setting" "azure_postgresql_server_auditing_disconnections" { - count = var.azure_postgresql_server_auditing_disconnections_polices ? 1 : 0 - resource = turbot_smart_folder.azure_logging.id - type = "tmod:@turbot/azure-postgresql#/policy/types/serverAuditLoggingLogDisconnections" - value = "On" -} - -# Azure > PostgreSQL > Server > Audit Logging > Log Duration -# https://turbot.com/v5/mods/turbot/azure-postgresql/inspect#/policy/types/serverAuditLoggingLogDuration -resource "turbot_policy_setting" "azure_postgresql_server_auditing_duration" { - count = var.azure_postgresql_server_auditing_duration_polices ? 1 : 0 - resource = turbot_smart_folder.azure_logging.id - type = "tmod:@turbot/azure-postgresql#/policy/types/serverAuditLoggingLogDuration" - value = "On" -} - -# Azure > PostgreSQL > Server > Audit Logging > Log Retention Days -# https://turbot.com/v5/mods/turbot/azure-postgresql/inspect#/policy/types/serverAuditLoggingLogRetentionDays -resource "turbot_policy_setting" "azure_postgresql_server_auditing_duration_days" { - count = var.azure_postgresql_server_auditing_duration_days_polices ? 1 : 0 - resource = turbot_smart_folder.azure_logging.id - type = "tmod:@turbot/azure-postgresql#/policy/types/serverAuditLoggingLogRetentionDays" - value = ">= 1 Day" -} diff --git a/baselines/todo_policy_packs/azure/azure_check_logging/providers.tf b/baselines/todo_policy_packs/azure/azure_check_logging/providers.tf deleted file mode 100644 index db6e1f7b4..000000000 --- a/baselines/todo_policy_packs/azure/azure_check_logging/providers.tf +++ /dev/null @@ -1,12 +0,0 @@ -terraform { - required_providers { - turbot = { - source = "turbot/turbot" - } - } - required_version = ">= 0.13" -} - -provider "turbot" { - profile = var.turbot_profile -} \ No newline at end of file diff --git a/baselines/todo_policy_packs/azure/azure_check_logging/smartfolder.tf b/baselines/todo_policy_packs/azure/azure_check_logging/smartfolder.tf deleted file mode 100644 index b7b920390..000000000 --- a/baselines/todo_policy_packs/azure/azure_check_logging/smartfolder.tf +++ /dev/null @@ -1,5 +0,0 @@ -resource "turbot_smart_folder" "azure_logging" { - parent = var.smart_folder_parent_resource - title = var.smart_folder_name - description = var.smart_folder_description -} \ No newline at end of file diff --git a/baselines/todo_policy_packs/azure/azure_check_logging/sql_logging_policies.tf b/baselines/todo_policy_packs/azure/azure_check_logging/sql_logging_policies.tf deleted file mode 100644 index f23296f03..000000000 --- a/baselines/todo_policy_packs/azure/azure_check_logging/sql_logging_policies.tf +++ /dev/null @@ -1,35 +0,0 @@ -# Azure > SQL > Server > Auditing -# https://turbot.com/v5/mods/turbot/azure-sql/inspect#/policy/types/serverAuditing -resource "turbot_policy_setting" "azure_sql_server_auditing" { - count = var.azure_sql_server_auditing_policies ? 1 : 0 - resource = turbot_smart_folder.azure_logging.id - type = "tmod:@turbot/azure-sql#/policy/types/serverAuditing" - value = "Check: Enabled" -} - -# Azure > SQL > Server > Advanced Data Security -# https://turbot.com/v5/mods/turbot/azure-sql/inspect#/policy/types/serverDataSecurity -resource "turbot_policy_setting" "azure_sql_server_data_security" { - count = var.azure_sql_server_data_security_polices ? 1 : 0 - resource = turbot_smart_folder.azure_logging.id - type = "tmod:@turbot/azure-sql#/policy/types/serverDataSecurity" - value = "Check: Enabled" -} - -# Azure > SQL > Database > Auditing -# https://turbot.com/v5/mods/turbot/azure-sql/inspect#/policy/types/databaseAuditing -resource "turbot_policy_setting" "azure_sql_database_auditing" { - count = var.azure_sql_database_auditing_polices ? 1 : 0 - resource = turbot_smart_folder.azure_logging.id - type = "tmod:@turbot/azure-sql#/policy/types/databaseAuditing" - value = "Check: Enabled" -} - -# Azure > SQL > Database > Advanced Data Security -# https://turbot.com/v5/mods/turbot/azure-sql/inspect#/policy/types/databaseDataSecurity -resource "turbot_policy_setting" "azure_sql_database_data_security" { - count = var.azure_sql_database_data_security_polices ? 1 : 0 - resource = turbot_smart_folder.azure_logging.id - type = "tmod:@turbot/azure-sql#/policy/types/databaseDataSecurity" - value = "Check: Enabled" -} diff --git a/baselines/todo_policy_packs/azure/azure_check_logging/storage_logging_policies.tf b/baselines/todo_policy_packs/azure/azure_check_logging/storage_logging_policies.tf deleted file mode 100644 index 41e03fd7d..000000000 --- a/baselines/todo_policy_packs/azure/azure_check_logging/storage_logging_policies.tf +++ /dev/null @@ -1,30 +0,0 @@ -# Azure > Storage > Storage Account > Queue > Logging -# https://turbot.com/v5/mods/turbot/azure-storage/inspect#/policy/types/queueServiceLogging -resource "turbot_policy_setting" "azure_storage_queue_service_logging" { - count = var.azure_storage_queue_service_logging_polices ? 1 : 0 - resource = turbot_smart_folder.azure_logging.id - type = "tmod:@turbot/azure-storage#/policy/types/queueServiceLogging" - value = "Check: Per Logging > Properties" -} - -# Azure > Storage > Storage Account > Queue > Logging > Properties -# https://turbot.com/v5/mods/turbot/azure-storage/inspect#/policy/types/queueServiceLoggingProperties -resource "turbot_policy_setting" "azure_storage_queue_service_logging_properties" { - count = var.azure_storage_queue_service_logging_properties_polices ? 1 : 0 - resource = turbot_smart_folder.azure_logging.id - type = "tmod:@turbot/azure-storage#/policy/types/queueServiceLoggingProperties" - value = < Storage > Storage Account > Queue > Logging > Properties > Retention Days -# https://turbot.com/v5/mods/turbot/azure-storage/inspect#/policy/types/queueServiceLoggingPropertiesRetentionDays -resource "turbot_policy_setting" "azure_storage_queue_service_logging_properties_retention_days" { - count = var.azure_storage_queue_service_logging_properties_retention_days_polices ? 1 : 0 - resource = turbot_smart_folder.azure_logging.id - type = "tmod:@turbot/azure-storage#/policy/types/queueServiceLoggingPropertiesRetentionDays" - value = 7 -} diff --git a/baselines/todo_policy_packs/azure/azure_check_logging/variables.tf b/baselines/todo_policy_packs/azure/azure_check_logging/variables.tf deleted file mode 100644 index 6248be468..000000000 --- a/baselines/todo_policy_packs/azure/azure_check_logging/variables.tf +++ /dev/null @@ -1,115 +0,0 @@ -# Baseline Configuration - -variable "azure_sql_server_auditing_policies" { - type = bool - description = "Azure Sql server auditing policies for baseline" - default = true -} - -variable "azure_sql_server_data_security_polices" { - type = bool - description = "Azure Sql server data security policies for baseline" - default = true -} - -variable "azure_postgresql_server_auditing_disconnections_polices" { - type = bool - description = "Azure Postgresql server auditing disconnections policies for baseline" - default = true -} - -variable "azure_sql_database_auditing_polices" { - type = bool - description = "Azure Sql database auditing policies for baseline" - default = true -} - -variable "azure_sql_database_data_security_polices" { - type = bool - description = "Azure Sql database data security policies for baseline" - default = true -} - -variable "azure_postgresql_server_auditing_polices" { - type = bool - description = "Azure Postgresql server auditing policies for baseline" - default = true -} - -variable "azure_postgresql_server_auditing_checkpoints_polices" { - type = bool - description = "Azure Postgresql server auditing checkpoints policies for baseline" - default = true -} - -variable "azure_postgresql_server_auditing_connections_polices" { - type = bool - description = "Azure Postgresql server auditing connections policies for baseline" - default = true -} - -variable "azure_postgresql_server_auditing_duration_polices" { - type = bool - description = "Azure Postgresql server auditing duration policies for baseline" - default = true -} - -variable "azure_postgresql_server_auditing_duration_days_polices" { - type = bool - description = "Azure postgresql server auditing duration policies for baseline" - default = true -} - -variable "azure_sql_server_threat_protection_types_polices" { - type = bool - description = "Azure Sql server threat protection types policies for baseline" - default = true -} - -variable "azure_sql_database_threat_protection_types_polices" { - type = bool - description = "Azure Sql database threat protection types policies for baseline" - default = true -} - -variable "azure_storage_queue_service_logging_polices" { - type = bool - description = "Azure storage queue service logging policies for baseline" - default = true -} - -variable "azure_storage_queue_service_logging_properties_polices" { - type = bool - description = "Azure storage queue service logging properties policies for baseline" - default = true -} - -variable "azure_storage_queue_service_logging_properties_retention_days_polices" { - type = bool - description = "Azure storage queue service logging properties retention days policies for baseline" - default = true -} - -# Optional Common Baseline Configuration - -variable "turbot_profile" { - description = "Enter profile matching your turbot cli credentials." -} - -variable "smart_folder_name" { - description = "Smart folder name for the baseline" - type = string - default = "Azure Check Logging Policies" -} - -variable "smart_folder_description" { - description = "Enter a description for the smart folder" - type = string - default = "Defines sets of policies for the Azure check logging baseline" -} - -variable "smart_folder_parent_resource" { - description = "Enter the resource ID or AKA for the parent of the smart folder" - type = string - default = "tmod:@turbot/turbot#/" -} diff --git a/baselines/todo_policy_packs/azure/azure_check_public_access/README.md b/baselines/todo_policy_packs/azure/azure_check_public_access/README.md deleted file mode 100644 index dcc82c869..000000000 --- a/baselines/todo_policy_packs/azure/azure_check_public_access/README.md +++ /dev/null @@ -1,144 +0,0 @@ -# Baseline - Azure Check Public Access Policies - -Azure Check Public Access Policies focuses enabling some commonly used Azure resource public access status. - -More info - -- [Public Access Guardrails](https://turbot.com/v5/docs/concepts/guardrails/public-access) - -- [Trusted Access Guardrails](https://turbot.com/v5/docs/concepts/guardrails/trusted-access) - -- [Sample OCL Implementation Example](https://turbot.com/v5/docs/guides/managing-policies/OCL) - -- [Object Control List (OCL)](https://turbot.com/v5/docs/reference/ocl) - -## Overview - -Baseline policies are initial set of policies recommended to start with while using Turbot. These policies mostly focuses on enabling services, frequently used policies to run in check mode & enabling security features such as various encryption standards. Baseline TF scripts allows you to toggle the value to apply or ignore. See the below sections for more information. - -Some of these policies overlap with other set of baselines. Hence Turbot provided set of baseline TF files are executed in separate [Smart Folder](https://turbot.com/v5/docs/getting-started/smart_folder). The advantage of setting up of each baseline in their own Smart Folder prevents conflicting with the policy settings created by other baseline scripts. - -This baseline will not attach to a resource by default. This needs to be done manually using the Turbot UI. - -## Requirements - -- Terraform v0.13 or greater installed -- Valid Turbot configuration credentials - -For further information on configuring Turbot credentials can be found [here](https://turbot.com/v5/docs/reference/cli/installation#setup-your-turbot-credentials). - -## Applying baseline - -The baseline is defined by a set of files which together define the configuration of the baseline. - -### Initialize baseline - -If not previously run, Initialize Terraform to get all necessary providers for the baseline. - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform init - ``` -### Profile name as input - -The baseline example set requires you to provide `turbot_profile` name as input. This is to help in case you are having more profiles than only `default`. In case it's default, specify name as default. - -```shell -var.turbot_profile - Enter profile matching your turbot cli credentials. - Enter a value: -``` - -### Deploying demo example - -1. Navigate to the folder of the baseline -2. Initialize Terraform -3. Apply the baseline using the demo input variable file [demo.tfvars](demo.tfvars) - -On the terminal this will look like: - -```shell -cd -terraform init -terraform apply --var-file demo.tfvars -``` -**Note** -- Most of the variables in demo.tfvars are marked as `false`, as they are not part of required initial policies. This can be made `true` based on need. - -- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default variable file. - -### Input variable files - -Input variable files allow for the user to configure configuration definitions for multiple environments in different files. - -This baseline comes with an example input variable file called [demo.tfvars](demo.tfvars). - -It will be used to define which parts of the baseline to apply and which to ignore. - -The variables that can be overwritten by the input variable files i.e. [demo.tfvars](demo.tfvars) are defined in the [variables.tf](variables.tf) file. - -Further details found in official [Terraform documentation](https://www.terraform.io/docs/language/values/variables.html). - -### Apply baseline using input variable files - -If seeking to apply the baseline using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform apply --var-file=demo.tfvars - ``` -### Apply baseline without input variable file - -The baseline can be applied without an input variable file. - -1. By this time Terraform initialization is done as mentioned above. -3. Prefer to check the outcome by running the Terraform plan -3. Apply the Terraform -4. Run the command: - -```shell -cd -terraform plan -terraform apply -``` - -`This may prompt the user applying the baseline to enter values for variables that do not have default values.` - -### Destroy baseline without input variable file - -If seeking to apply the baseline without using an input variable file. - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform destroy - ``` - -### Destroy using input variable files - -If seeking to destoy the baseline configuration using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform destroy --var-file=demo.tfvars - ``` - -## Commenting strategy - -All Turbot policies used by the baselines will have a link to the official Turbot Mods documentation. - -Opening the links will give you further details about: - -- The purpose of the policy -- Policy URI name -- Parent information -- Category information -- Target information -- All valid values diff --git a/baselines/todo_policy_packs/azure/azure_check_public_access/applicationgateway_policies.tf b/baselines/todo_policy_packs/azure/azure_check_public_access/applicationgateway_policies.tf deleted file mode 100644 index 875b11d4a..000000000 --- a/baselines/todo_policy_packs/azure/azure_check_public_access/applicationgateway_policies.tf +++ /dev/null @@ -1,23 +0,0 @@ -# Azure > Application Gateway Service > Application Gateway > Approved > Usage -# https://turbot.com/v5/mods/turbot/azure-applicationgateway/inspect#/policy/types/applicationGatewayApprovedUsage -resource "turbot_policy_setting" "azure_applicationgateway_application_gateway_approved_usage" { - count = var.enable_application_gateway_approved_policies ? 1 : 0 - resource = turbot_smart_folder.azure_public_access.id - type = "tmod:@turbot/azure-applicationgateway#/policy/types/applicationGatewayApprovedUsage" - template_input = < Network > Network Security Group > Ingress Rules > Approved -# https://turbot.com/v5/mods/turbot/azure-network/inspect#/policy/types/networkSecurityGroupIngressRulesApproved -resource "turbot_policy_setting" "azure_network_network_security_group_ingress_rules_approved" { - count = var.enable_network_security_group_ingress_rules_approved_policies ? 1 : 0 - resource = turbot_smart_folder.azure_public_access.id - type = "tmod:@turbot/azure-network#/policy/types/networkSecurityGroupIngressRulesApproved" - value = "Check: Approved" - # "Skip" - # "Check: Approved" - # "Enforce: Delete unapproved" -} - -# Azure > Network > Network Security Group > Ingress Rules > Approved > Rules -# https://turbot.com/v5/mods/turbot/azure-network/inspect#/policy/types/networkSecurityGroupIngressRulesApprovedRules -resource "turbot_policy_setting" "azure_network_network_security_group_ingress_rules_approved_rules" { - count = var.enable_network_security_group_ingress_rules_approved_rules_policies ? 1 : 0 - resource = turbot_smart_folder.azure_public_access.id - type = "tmod:@turbot/azure-network#/policy/types/networkSecurityGroupIngressRulesApprovedRules" - value = < Network > Public IP Address > Approved > Usage -# https://turbot.com/v5/mods/turbot/azure-network/inspect#/policy/types/publicIpAddressApprovedUsage -resource "turbot_policy_setting" "azure_network_public_ip_address_approved_usage" { - count = var.enable_network_public_ip_address_approved_usage_policies ? 1 : 0 - resource = turbot_smart_folder.azure_public_access.id - type = "tmod:@turbot/azure-network#/policy/types/publicIpAddressApprovedUsage" - value = "Not approved" -} diff --git a/baselines/todo_policy_packs/azure/azure_check_public_access/outputs.tf b/baselines/todo_policy_packs/azure/azure_check_public_access/outputs.tf deleted file mode 100644 index 123414951..000000000 --- a/baselines/todo_policy_packs/azure/azure_check_public_access/outputs.tf +++ /dev/null @@ -1,39 +0,0 @@ -output "enable_application_gateway_approved_policies" { - value = var.enable_application_gateway_approved_policies -} - -output "enable_network_security_group_ingress_rules_approved_policies" { - value = var.enable_network_security_group_ingress_rules_approved_policies -} - -output "enable_network_security_group_ingress_rules_approved_rules_policies" { - value = var.enable_network_security_group_ingress_rules_approved_rules_policies -} - -output "enable_network_public_ip_address_approved_usage_policies" { - value = var.enable_network_public_ip_address_approved_usage_policies -} - -output "enable_storage_account_public_access_policies" { - value = var.enable_storage_account_public_access_policies -} - -output "enable_azure_storage_container_public_access_policies" { - value = var.enable_azure_storage_container_public_access_policies -} - -output "turbot_profile" { - value = var.turbot_profile -} - -output "smart_folder_name" { - value = var.smart_folder_name -} - -output "smart_folder_description" { - value = var.smart_folder_description -} - -output "smart_folder_parent_resource" { - value = var.smart_folder_parent_resource -} diff --git a/baselines/todo_policy_packs/azure/azure_check_public_access/providers.tf b/baselines/todo_policy_packs/azure/azure_check_public_access/providers.tf deleted file mode 100644 index 0353d61cb..000000000 --- a/baselines/todo_policy_packs/azure/azure_check_public_access/providers.tf +++ /dev/null @@ -1,12 +0,0 @@ -terraform { - required_providers { - turbot = { - source = "turbot/turbot" - } - } - required_version = ">= 0.13" -} - -provider "turbot" { - profile = var.turbot_profile -} diff --git a/baselines/todo_policy_packs/azure/azure_check_public_access/smart_folder.tf b/baselines/todo_policy_packs/azure/azure_check_public_access/smart_folder.tf deleted file mode 100644 index fd2d32645..000000000 --- a/baselines/todo_policy_packs/azure/azure_check_public_access/smart_folder.tf +++ /dev/null @@ -1,5 +0,0 @@ -resource "turbot_smart_folder" "azure_public_access" { - parent = var.smart_folder_parent_resource - title = var.smart_folder_name - description = var.smart_folder_description -} diff --git a/baselines/todo_policy_packs/azure/azure_check_public_access/storage_policies.tf b/baselines/todo_policy_packs/azure/azure_check_public_access/storage_policies.tf deleted file mode 100644 index 5c150b3bd..000000000 --- a/baselines/todo_policy_packs/azure/azure_check_public_access/storage_policies.tf +++ /dev/null @@ -1,20 +0,0 @@ -# Azure > Storage > Storage Account > Public Access -# https://turbot.com/v5/mods/turbot/azure-storage/inspect#/policy/types/storageAccountPublicAccess -resource "turbot_policy_setting" "azure_storage_account_public_access" { - count = var.enable_storage_account_public_access_policies ? 1 : 0 - resource = turbot_smart_folder.azure_public_access.id - type = "tmod:@turbot/azure-storage#/policy/types/storageAccountPublicAccess" - value = "Check: Enabled" -} - -# Azure > Storage > Container > Public Access Level -# https://turbot.com/v5/mods/turbot/azure-storage/inspect#/policy/types/containerPublicAccessLevel -resource "turbot_policy_setting" "azure_storage_container_public_access" { - count = var.enable_azure_storage_container_public_access_policies ? 1 : 0 - resource = turbot_smart_folder.azure_public_access.id - type = "tmod:@turbot/azure-storage#/policy/types/containerPublicAccessLevel" - value = "Check: Private (No anonymous access)" - # "Check: Blob (Anonymous read access for blobs only)" - # "Check: Container (Anonymous read access for containers and blobs)" - # "Check: Private (No anonymous access)" -} diff --git a/baselines/todo_policy_packs/azure/azure_check_public_access/variables.tf b/baselines/todo_policy_packs/azure/azure_check_public_access/variables.tf deleted file mode 100644 index e63e8c3aa..000000000 --- a/baselines/todo_policy_packs/azure/azure_check_public_access/variables.tf +++ /dev/null @@ -1,60 +0,0 @@ -# Baseline Configuration -variable "enable_application_gateway_approved_policies" { - type = bool - description = "Enable the Application Gateway approved policies for baseline" - default = true -} - -variable "enable_network_security_group_ingress_rules_approved_policies" { - type = bool - description = "Enable the Azure Network Security Group Ingress approved policies for baseline" - default = true -} - -variable "enable_network_security_group_ingress_rules_approved_rules_policies" { - type = bool - description = "Enable the Azure Network Security Group Ingress Rule approved policies for baseline" - default = true -} - -variable "enable_network_public_ip_address_approved_usage_policies" { - type = bool - description = "Enable the Azure Network Public IP Address approved usage policies for baseline" - default = true -} - -variable "enable_storage_account_public_access_policies" { - type = bool - description = "Enable the Azure Storage Account Public Access policies for baseline" - default = true -} - -variable "enable_azure_storage_container_public_access_policies" { - type = bool - description = "Enable the Azure Storage Container Public Access policies for baseline" - default = true -} - -# Optional Common Baseline Configuration - -variable "turbot_profile" { - description = "Enter profile matching your turbot cli credentials." -} - -variable "smart_folder_name" { - description = "Smart folder name for the baseline" - type = string - default = "Azure Check Public Access Policies" -} - -variable "smart_folder_description" { - description = "Enter a description for the smart folder" - type = string - default = "Defines sets of policies for the Azure Public Access checks" -} - -variable "smart_folder_parent_resource" { - description = "Enter the resource ID or AKA for the parent of the smart folder" - type = string - default = "tmod:@turbot/turbot#/" -} diff --git a/baselines/todo_policy_packs/azure/azure_check_regions/README.md b/baselines/todo_policy_packs/azure/azure_check_regions/README.md deleted file mode 100644 index 270db75d0..000000000 --- a/baselines/todo_policy_packs/azure/azure_check_regions/README.md +++ /dev/null @@ -1,187 +0,0 @@ -# Baseline - Azure Check Regions - -This baseline will allow you to discover resources in multiple regions and not approve usage of resource that are not -in an allowable region. - -This baseline is only effective when the account regions policies have multiple regions set. - -The account approved regions `Azure > Subscription > Approved Regions [Default]` policy contains a list of Azure regions in which -cloud resources are approved for use. - -The policy `Azure > Subscription > Regions [Default]` contains a list of Azure region where a resource can be recorded (discovered). - -If the [Azure Baseline](../azure_baseline/) has only one region enabled then the approving regions policy will not be -effective as Turbot will only discovers resources for that one region. - -This baseline needs to be considered carefully in conjunction with the `Azure > Subscription > Regions [Default]` policy set in -the [Azure Baseline](../azure_baseline/). - -Turbot also supports Azure Lockdown / Boundary policies to limit access to regions which are not part of this baseline. - -The advantage of setting up of each baseline in their own Smart Folder prevents conflicting with the policy settings -created by other baselines. - -This baseline will not attach to a resource and will need to be done manually using the Turbot UI. - -More Info - -- [Approved Regions](https://turbot.com/v5/docs/guides/regions#approved-regions) - -## Overview - -Baseline policies are initial set of policies recommended to start with while using Turbot. These policies mostly focuses on enabling services, frequently used policies to run in check mode & enabling security features such as various encryption standards. Baseline TF scripts allows you to toggle the value to apply or ignore. See the below sections for more information. - -Some of these policies overlap with other set of baselines. Hence Turbot provided set of baseline TF files are executed in separate [Smart Folder](https://turbot.com/v5/docs/getting-started/smart_folder). The advantage of setting up of each baseline in their own Smart Folder prevents conflicting with the policy settings created by other baseline scripts. - -This baseline will not attach to a resource by default. This needs to be done manually using the Turbot UI. - -## Requirements - -- Terraform v0.13 or greater installed -- Valid Turbot configuration credentials - -For further information on configuring Turbot credentials can be found [here](https://turbot.com/v5/docs/reference/cli/installation#setup-your-turbot-credentials). - -## Applying baseline - -The baseline is defined by a set of files which together define the configuration of the baseline. - -### Initialize baseline - -If not previously run, Initialize Terraform to get all necessary providers for the baseline. - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform init - ``` -### Profile name as input - -The baseline example set requires you to provide `turbot_profile` name as input. This is to help in case you are having more profiles than only `default`. In case it's default, specify name as default. - -```shell -var.turbot_profile - Enter profile matching your turbot cli credentials. - Enter a value: -``` - -### Deploying demo example - -The demo baseline expects that the following mods are installed: - -- azure-akz -- azure-apimanagement -- azure-application -- azure-appservice -- azure-compute -- azure-cosmosdb -- azure-databricks -- azure-datafactory -- azure-firewall -- azure-keyvault -- azure-loganalytics -- azure-loadbalancer -- azure-mysql-server -- azure-network -- azure-networkwatcher -- azure-postgresql -- azure-recoveryservice -- azure-searchmanagement -- azure-sql -- azure-storage -- azure-synapseanalytics - -To run the baseline: - -1. Navigate to the folder of the baseline -2. Initialise Terraform -3. Apply the baseline using the demo input variable file [demo.tfvars](demo.tfvars) - -TODO: Omero clean up -From the workspace root folder using the the terminal, to apply the install the demo run the following commands: - -```shell -cd ./baselines/getting_started/Azure/Azure_check_encryption -terraform init -terraform apply --var-file demo.tfvars -``` - -**Note** -- Most of the variables in demo.tfvars are marked as `false`, as they are not part of required initial policies. This can be made `true` based on need. - -- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default variable file. - -### Input variable files - -Input variable files allow for the user to configure configuration definitions for multiple environments in different files. - -This baseline comes with an example input variable file called [demo.tfvars](demo.tfvars). - -It will be used to define which parts of the baseline to apply and which to ignore. - -The variables that can be overwritten by the input variable files i.e. [demo.tfvars](demo.tfvars) are defined in the [variables.tf](variables.tf) file. - -Further details found in official [Terraform documentation](https://www.terraform.io/docs/language/values/variables.html). - -### Apply baseline using input variable files - -If seeking to apply the baseline using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform apply --var-file=demo.tfvars - ``` -### Apply baseline without input variable file - -The baseline can be applied without an input variable file. - -1. By this time Terraform initialization is done as mentioned above. -3. Prefer to check the outcome by running the Terraform plan -3. Apply the Terraform -4. Run the command: - -```shell -cd -terraform plan -terraform apply -``` - -`This may prompt the user applying the baseline to enter values for variables that do not have default values.` - -### Destroy baseline without input variable file - -If seeking to apply the baseline without using an input variable file. - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform destroy - ``` - -### Destroy using input variable files - -If seeking to destoy the baseline configuration using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform destroy --var-file=demo.tfvars - ``` - -## Commenting strategy - -All Turbot policies used by the baselines will have a link to the official Turbot Mods documentation. - -Opening the links will give you further details about: - -- The purpose of the policy -- Policy URI name -- Parent information -- Category information -- Target information -- All valid values \ No newline at end of file diff --git a/baselines/todo_policy_packs/azure/azure_check_regions/approved_regions_policies.tf b/baselines/todo_policy_packs/azure/azure_check_regions/approved_regions_policies.tf deleted file mode 100644 index 1b7955966..000000000 --- a/baselines/todo_policy_packs/azure/azure_check_regions/approved_regions_policies.tf +++ /dev/null @@ -1,21 +0,0 @@ -# Approved Regions cloud resources are allowed to reside in. Starting with eastus and eastus2 - -# Azure > Subscription > Approved Regions [Default -# https://turbot.com/v5/mods/turbot/azure/inspect#/policy/types/approvedRegionsDefault -resource "turbot_policy_setting" "azure_approved_regions" { - resource = turbot_smart_folder.azure_regions.id - type = "tmod:@turbot/azure#/policy/types/approvedRegionsDefault" - value = <<-ALLOWEDREGIONS - ${yamlencode([for region in var.resource_approved_regions_region_list : region])} - ALLOWEDREGIONS -} - -# Azure > Subscription > Regions [Default] -# https://turbot.com/v5/mods/turbot/azure/inspect#/policy/types/regionsDefault -## Sets approved region policy for each resource type in the resource_approved_regions map. -resource "turbot_policy_setting" "set_resource_approved_regions_policies" { - for_each = var.resource_approved_regions - resource = turbot_smart_folder.azure_regions.id - type = local.policy_map[each.key] - value = each.value -} diff --git a/baselines/todo_policy_packs/azure/azure_check_regions/demo.tfvars b/baselines/todo_policy_packs/azure/azure_check_regions/demo.tfvars deleted file mode 100644 index aaaef2a6c..000000000 --- a/baselines/todo_policy_packs/azure/azure_check_regions/demo.tfvars +++ /dev/null @@ -1,54 +0,0 @@ -# List of services and resources to be Check: Approved. -# Started with a few resource types to get started aligned with the initial mods installed -# You can remove the comment per row to include the resource type. Make sure you have the related service mod installed - -# Acceptable Values: -# "Skip" -# "Check: Approved" -# "Enforce: Delete unapproved if new" - -resource_approved_regions = { - azure-aks-managed-cluster = "Check: Approved" - azure-apimanagement-service = "Check: Approved" - azure-application-gateway = "Check: Approved" - azure-application-insights-insight = "Check: Approved" - azure-appservice-plan = "Check: Approved" - azure-appservice-function-app = "Check: Approved" - azure-compute-availability-set = "Check: Approved" - azure-compute-disk = "Check: Approved" - azure-compute-disk-encryption-set = "Check: Approved" - azure-compute-image = "Check: Approved" - azure-compute-snapshot = "Check: Approved" - azure-compute-virtual-machine = "Check: Approved" - azure-cosmosdb-database = "Check: Approved" - azure-databricks-workspace = "Check: Approved" - azure-datafactory-factory = "Check: Approved" - azure-firewall = "Check: Approved" - azure-keyvault-key = "Check: Approved" - azure-keyvault-secret = "Check: Approved" - azure-keyvault-vault = "Check: Approved" - azure-loganalytics-workspace = "Check: Approved" - azure-loadbalancer = "Check: Approved" - azure-mysql-server = "Check: Approved" - azure-network-application-security-group = "Check: Approved" - azure-network-network-interface = "Check: Approved" - azure-network-network-security-groups = "Check: Approved" - azure-network-public-ip-address = "Check: Approved" - azure-network-route-table = "Check: Approved" - azure-network-virtual-network = "Check: Approved" - azure-networkwatcher = "Check: Approved" - azure-postgresql-server = "Check: Approved" - azure-recoveryservice-vault = "Check: Approved" - azure-searchmanagement-search-service = "Check: Approved" - azure-sql-database = "Check: Approved" - azure-sql-elastic-pool = "Check: Approved" - azure-sql-server = "Check: Approved" - azure-storage-storage-account = "Check: Approved" - azure-synapseanalytics-workspace = "Check: Approved" -} - -# NOTE: For full list of values, look in variables.tf at the default value -resource_approved_regions_region_list = [ - "eastus", - "eastus2" -] diff --git a/baselines/todo_policy_packs/azure/azure_check_regions/locals.tf b/baselines/todo_policy_packs/azure/azure_check_regions/locals.tf deleted file mode 100644 index 5b9af3ec7..000000000 --- a/baselines/todo_policy_packs/azure/azure_check_regions/locals.tf +++ /dev/null @@ -1,41 +0,0 @@ -locals { - policy_map = { - azure-aks-managed-cluster : "tmod:@turbot/azure-aks#/policy/types/managedClusterApproved" - azure-apimanagement-service : "tmod:@turbot/azure-apimanagement#/policy/types/apiManagementServiceApproved" - azure-application-gateway : "tmod:@turbot/azure-applicationgateway#/policy/types/applicationGatewayApproved" - azure-application-insights-insight : "tmod:@turbot/azure-applicationinsights#/policy/types/applicationInsightApproved" - azure-appservice-plan : "tmod:@turbot/azure-appservice#/policy/types/appServicePlanApproved" - azure-appservice-function-app : "tmod:@turbot/azure-appservice#/policy/types/functionAppApproved" - azure-compute-availability-set : "tmod:@turbot/azure-compute#/policy/types/availabilitySetApproved" - azure-compute-disk : "tmod:@turbot/azure-compute#/policy/types/diskApproved" - azure-compute-disk-encryption-set : "tmod:@turbot/azure-compute#/policy/types/diskEncryptionSetApproved" - azure-compute-image : "tmod:@turbot/azure-compute#/policy/types/imageApproved" - azure-compute-snapshot : "tmod:@turbot/azure-compute#/policy/types/snapshotApproved" - azure-compute-virtual-machine : "tmod:@turbot/azure-compute#/policy/types/virtualMachineApproved" - azure-cosmosdb-database : "tmod:@turbot/azure-cosmosdb#/policy/types/databaseAccountApproved" - azure-databricks-workspace : "tmod:@turbot/azure-databricks#/policy/types/databricksWorkspaceApproved" - azure-datafactory-factory : "tmod:@turbot/azure-datafactory#/policy/types/factoryApproved" - azure-firewall : "tmod:@turbot/azure-firewall#/policy/types/firewallApproved" - azure-keyvault-key : "tmod:@turbot/azure-keyvault#/policy/types/keyApproved" - azure-keyvault-secret : "tmod:@turbot/azure-keyvault#/policy/types/secretApproved" - azure-keyvault-vault : "tmod:@turbot/azure-keyvault#/policy/types/vaultApproved" - azure-loadbalancer : "tmod:@turbot/azure-loadbalancer#/policy/types/loadBalancerApproved" - azure-loganalytics-workspace : "tmod:@turbot/azure-loganalytics#/policy/types/logAnalyticsWorkspaceApproved" - azure-mysql-server : "tmod:@turbot/azure-mysql#/policy/types/serverApproved" - azure-network-application-security-group : "tmod:@turbot/azure-network#/policy/types/applicationSecurityGroupApproved" - azure-network-network-interface : "tmod:@turbot/azure-network#/policy/types/networkInterfaceApproved" - azure-network-network-security-groups : "tmod:@turbot/azure-network#/policy/types/networkSecurityGroupApproved" - azure-network-public-ip-address : "tmod:@turbot/azure-network#/policy/types/publicIpAddressApproved" - azure-network-route-table : "tmod:@turbot/azure-network#/policy/types/routeTableApproved" - azure-network-virtual-network : "tmod:@turbot/azure-network#/policy/types/virtualNetworkApproved" - azure-networkwatcher : "tmod:@turbot/azure-networkwatcher#/policy/types/networkWatcherApproved" - azure-postgresql-server : "tmod:@turbot/azure-postgresql#/policy/types/serverApproved" - azure-recoveryservice-vault : "tmod:@turbot/azure-recoveryservice#/policy/types/vaultApproved" - azure-searchmanagement-search-service : "tmod:@turbot/azure-searchmanagement#/policy/types/searchServiceApproved" - azure-sql-database : "tmod:@turbot/azure-sql#/policy/types/databaseApproved" - azure-sql-elastic-pool : "tmod:@turbot/azure-sql#/policy/types/elasticPoolApproved" - azure-sql-server : "tmod:@turbot/azure-sql#/policy/types/serverApproved" - azure-storage-storage-account : "tmod:@turbot/azure-storage#/policy/types/storageAccountApproved" - azure-synapseanalytics-workspace : "tmod:@turbot/azure-synapseanalytics#/policy/types/synapseWorkspaceApproved" - } -} diff --git a/baselines/todo_policy_packs/azure/azure_check_regions/outputs.tf b/baselines/todo_policy_packs/azure/azure_check_regions/outputs.tf deleted file mode 100644 index 98b1c4e85..000000000 --- a/baselines/todo_policy_packs/azure/azure_check_regions/outputs.tf +++ /dev/null @@ -1,23 +0,0 @@ -output "resource_approved_regions" { - value = var.resource_approved_regions -} - -output "resource_approved_regions_region_list" { - value = var.resource_approved_regions_region_list -} - -output "turbot_profile" { - value = var.turbot_profile -} - -output "smart_folder_name" { - value = var.smart_folder_name -} - -output "smart_folder_description" { - value = var.smart_folder_description -} - -output "smart_folder_parent_resource" { - value = var.smart_folder_parent_resource -} diff --git a/baselines/todo_policy_packs/azure/azure_check_regions/providers.tf b/baselines/todo_policy_packs/azure/azure_check_regions/providers.tf deleted file mode 100644 index 0353d61cb..000000000 --- a/baselines/todo_policy_packs/azure/azure_check_regions/providers.tf +++ /dev/null @@ -1,12 +0,0 @@ -terraform { - required_providers { - turbot = { - source = "turbot/turbot" - } - } - required_version = ">= 0.13" -} - -provider "turbot" { - profile = var.turbot_profile -} diff --git a/baselines/todo_policy_packs/azure/azure_check_regions/smart_folder.tf b/baselines/todo_policy_packs/azure/azure_check_regions/smart_folder.tf deleted file mode 100644 index 7f54ab648..000000000 --- a/baselines/todo_policy_packs/azure/azure_check_regions/smart_folder.tf +++ /dev/null @@ -1,6 +0,0 @@ - -resource "turbot_smart_folder" "azure_regions" { - parent = var.smart_folder_parent_resource - title = var.smart_folder_name - description = var.smart_folder_description -} \ No newline at end of file diff --git a/baselines/todo_policy_packs/azure/azure_check_regions/vaiables.tf b/baselines/todo_policy_packs/azure/azure_check_regions/vaiables.tf deleted file mode 100644 index 1d1cb9379..000000000 --- a/baselines/todo_policy_packs/azure/azure_check_regions/vaiables.tf +++ /dev/null @@ -1,131 +0,0 @@ -# Baseline Configuration - -variable "resource_approved_regions" { - description = < -``` - -### Deploying demo example - -1. Navigate to the folder of the baseline -2. Initialize Terraform -3. Apply the baseline using the demo input variable file [demo.tfvars](demo.tfvars) - -On the terminal this will look like: - -```shell -cd -terraform init -terraform apply --var-file demo.tfvars -``` -**Note** -- Most of the variables in demo.tfvars are marked as `false`, as they are not part of required initial policies. This can be made `true` based on need. -- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default variable file. - -### Input variable files - -Input variable files allow for the user to configure configuration definitions for multiple environments in different files. - -This baseline comes with an example input variable file called [demo.tfvars](demo.tfvars). - -It will be used to define which parts of the baseline to apply and which to ignore. - -The variables that can be overwritten by the input variable files i.e. [demo.tfvars](demo.tfvars) are defined in the [variables.tf](variables.tf) file. - -Further details found in official [Terraform documentation](https://www.terraform.io/docs/language/values/variables.html). - -### Apply baseline using input variable files - -If seeking to apply the baseline using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform apply --var-file=demo.tfvars - ``` -### Apply baseline without input variable file - -The baseline can be applied without an input variable file. - -1. By this time Terraform initialization is done as mentioned above. -3. Prefer to check the outcome by running the Terraform plan -3. Apply the Terraform -4. Run the command: - -```shell -cd -terraform plan -terraform apply -``` - -`This may prompt the user applying the baseline to enter values for variables that do not have default values.` - -### Destroy baseline without input variable file - -If seeking to apply the baseline without using an input variable file. - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform destroy - ``` - -### Destroy using input variable files - -If seeking to destroy the baseline configuration using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform destroy --var-file=demo.tfvars - ``` - -## Commenting strategy - -All Turbot policies used by the baselines will have a link to the official Turbot Mods documentation. - -Opening the links will give you further details about: - -- The purpose of the policy -- Policy URI name -- Parent information -- Category information -- Target information -- All valid values \ No newline at end of file diff --git a/baselines/todo_policy_packs/azure/azure_check_stack/outputs.tf b/baselines/todo_policy_packs/azure/azure_check_stack/outputs.tf deleted file mode 100644 index 77584c214..000000000 --- a/baselines/todo_policy_packs/azure/azure_check_stack/outputs.tf +++ /dev/null @@ -1,27 +0,0 @@ -output "turbot_profile" { - value = var.turbot_profile -} - -output "smart_folder_name" { - value = var.smart_folder_name -} - -output "smart_folder_description" { - value = var.smart_folder_description -} - -output "smart_folder_parent_resource" { - value = var.smart_folder_parent_resource -} - -output "azure_subscription_monitor_stack_policies" { - value = var.azure_subscription_monitor_stack_policies -} - -output "azure_subscription_monitor_stack_tfversion_policies" { - value = var.azure_subscription_monitor_stack_tfversion_policies -} - -output "azure_subscription_monitor_stack_source_policies" { - value = var.azure_subscription_monitor_stack_source_policies -} \ No newline at end of file diff --git a/baselines/todo_policy_packs/azure/azure_check_stack/providers.tf b/baselines/todo_policy_packs/azure/azure_check_stack/providers.tf deleted file mode 100644 index 715fb0f92..000000000 --- a/baselines/todo_policy_packs/azure/azure_check_stack/providers.tf +++ /dev/null @@ -1,12 +0,0 @@ -terraform { - required_providers { - turbot = { - source = "turbot/turbot" - } - } - required_version = ">= 0.13" -} - -provider "turbot" { - profile = var.turbot_profile -} \ No newline at end of file diff --git a/baselines/todo_policy_packs/azure/azure_check_stack/smartfolder.tf b/baselines/todo_policy_packs/azure/azure_check_stack/smartfolder.tf deleted file mode 100644 index 52e652e2f..000000000 --- a/baselines/todo_policy_packs/azure/azure_check_stack/smartfolder.tf +++ /dev/null @@ -1,5 +0,0 @@ -resource "turbot_smart_folder" "azure_stack" { - parent = var.smart_folder_parent_resource - title = var.smart_folder_name - description = var.smart_folder_description -} \ No newline at end of file diff --git a/baselines/todo_policy_packs/azure/azure_check_stack/sub_monitor_stack_policies.tf b/baselines/todo_policy_packs/azure/azure_check_stack/sub_monitor_stack_policies.tf deleted file mode 100644 index 755c5080c..000000000 --- a/baselines/todo_policy_packs/azure/azure_check_stack/sub_monitor_stack_policies.tf +++ /dev/null @@ -1,33 +0,0 @@ -## Set policy to deploy example Azure Subscription Stack - -# Azure > Subscription > Stack -# https://turbot.com/v5/mods/turbot/azure/inspect#/policy/types/subscriptionStack -resource "turbot_policy_setting" "azure_subscription_monitor_stack" { - count = var.azure_subscription_monitor_stack_policies ? 1 : 0 - resource = turbot_smart_folder.azure_stack.id - type = "tmod:@turbot/azure#/policy/types/subscriptionStack" - value = "Check: Configured" - #value = "Enforce: Configured" -} - -# Azure > Subscription > Stack > Terraform Version -# https://turbot.com/v5/mods/turbot/azure/inspect#/policy/types/subscriptionStackTerraformVersion -# Sets the Terraform version for your Source -resource "turbot_policy_setting" "azure_subscription_monitor_stack_tfversion" { - count = var.azure_subscription_monitor_stack_tfversion_policies ? 1 : 0 - resource = turbot_smart_folder.azure_stack.id - type = "tmod:@turbot/azure#/policy/types/subscriptionStackTerraformVersion" - value = "0.13.*" -} - -# Azure > Subscription > Stack > Source -# https://turbot.com/v5/mods/turbot/azure/inspect#/policy/types/subscriptionStackSource -## Set policy to apply the Stack Source policy, the TF file source -resource "turbot_policy_setting" "azure_subscription_monitor_stack_source" { - count = var.azure_subscription_monitor_stack_source_policies ? 1 : 0 - resource = turbot_smart_folder.azure_stack.id - type = "tmod:@turbot/azure#/policy/types/subscriptionStackSource" - value = <<-SOURCE - ${file("./tf_includes/sourcestack_policies.tf")} - SOURCE -} \ No newline at end of file diff --git a/baselines/todo_policy_packs/azure/azure_check_stack/tf_includes/sourcestack_policies.tf b/baselines/todo_policy_packs/azure/azure_check_stack/tf_includes/sourcestack_policies.tf deleted file mode 100644 index ebaed3693..000000000 --- a/baselines/todo_policy_packs/azure/azure_check_stack/tf_includes/sourcestack_policies.tf +++ /dev/null @@ -1,36 +0,0 @@ -resource "azurerm_resource_group" "demo_rg" { - name = "turbot_stack_demo" - location = "East US" - - tags = { - environment = "demo" - } -} - -resource "azurerm_monitor_action_group" "demo_rg" { - name = "turbot_monitor_action_group_demo" - resource_group_name = "${azurerm_resource_group.demo_rg.name}" - short_name = "eventHandler" - tags = { - environment = "demo" - } - } - resource "azurerm_monitor_activity_log_alert" "turbot_azure_event_handler_activity_Log_Alert" { - name = "turbot_monitor_log_alert_demo" - resource_group_name = "${azurerm_resource_group.demo_rg.name}" - scopes = ["${azurerm_resource_group.demo_rg.id}"] - - criteria { - category = "Administrative" - status = "Succeeded" - level = "Informational" - } - - tags = { - environment = "demo" - } - - action { - action_group_id = "${azurerm_monitor_action_group.demo_rg.id}" - } - } \ No newline at end of file diff --git a/baselines/todo_policy_packs/azure/azure_check_stack/variables.tf b/baselines/todo_policy_packs/azure/azure_check_stack/variables.tf deleted file mode 100644 index 80574f40d..000000000 --- a/baselines/todo_policy_packs/azure/azure_check_stack/variables.tf +++ /dev/null @@ -1,43 +0,0 @@ -# Baseline configuration - -variable "azure_subscription_monitor_stack_policies" { - type = bool - description = "Azure subscription monitor stack policies for baseline" - default = true -} - -variable "azure_subscription_monitor_stack_tfversion_policies" { - type = bool - description = "Azure subscription monitor stack TFversion policies for baseline" - default = true -} - -variable "azure_subscription_monitor_stack_source_policies" { - type = bool - description = "Azure subscription monitor stack source policies for baseline" - default = true -} - -# Smartfolder configuration - -variable "turbot_profile" { - description = "Enter profile matching your turbot cli credentials." -} - -variable "smart_folder_name" { - description = "Smart folder name for the baseline" - type = string - default = "Azure Stack Example Policies" -} - -variable "smart_folder_description" { - description = "Enter a description for the smart folder" - type = string - default = "Defines sets of policies for the Azure Stack baseline" -} - -variable "smart_folder_parent_resource" { - description = "Enter the resource ID or AKA for the parent of the smart folder" - type = string - default = "tmod:@turbot/turbot#/" -} \ No newline at end of file diff --git a/baselines/todo_policy_packs/azure/azure_check_tagging/README.md b/baselines/todo_policy_packs/azure/azure_check_tagging/README.md deleted file mode 100644 index 3da0938fe..000000000 --- a/baselines/todo_policy_packs/azure/azure_check_tagging/README.md +++ /dev/null @@ -1,138 +0,0 @@ -# Baseline - GCP Check Tagging - -This baseline will allow you to check for adherence to the tagging templates, make sure that the Tag Templates are updated with the specific use case to validate. - -More info - -- [Tags in Turbot](https://turbot.com/v5/docs/concepts/guardrails/tagging) - -## Overview - -Baseline policies are initial set of policies recommended to start with while using Turbot. These policies mostly focuses on enabling services, frequently used policies to run in check mode & enabling security features such as various encryption standards. Baseline TF scripts allows you to toggle the value to apply or ignore. See the below sections for more information. - -Some of these policies overlap with other set of baselines. Hence Turbot provided set of baseline TF files are executed in separate [Smart Folder](https://turbot.com/v5/docs/getting-started/smart_folder). The advantage of setting up of each baseline in their own Smart Folder prevents conflicting with the policy settings created by other baseline scripts. - -This baseline will not attach to a resource by default. This needs to be done manually using the Turbot UI. - -## Requirements - -- Terraform v0.13 or greater installed -- Valid Turbot configuration credentials - -For further information on configuring Turbot credentials can be found [here](https://turbot.com/v5/docs/reference/cli/installation#setup-your-turbot-credentials). - -## Applying baseline - -The baseline is defined by a set of files which together define the configuration of the baseline. - -### Initialize baseline - -If not previously run, Initialize Terraform to get all necessary providers for the baseline. - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform init - ``` -### Profile name as input - -The baseline example set requires you to provide `turbot_profile` name as input. This is to help in case you are having more profiles than only `default`. In case it's default, specify name as default. - -```shell -var.turbot_profile - Enter profile matching your turbot cli credentials. - Enter a value: -``` - -### Deploying demo example - -1. Navigate to the folder of the baseline -2. Initialize Terraform -3. Apply the baseline using the demo input variable file [demo.tfvars](demo.tfvars) - -On the terminal this will look like: - -```shell -cd -terraform init -terraform apply --var-file demo.tfvars -``` -**Note** -- Most of the variables in demo.tfvars are marked as `false`, as they are not part of required initial policies. This can be made `true` based on need. - -- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default variable file. - -### Input variable files - -Input variable files allow for the user to configure configuration definitions for multiple environments in different files. - -This baseline comes with an example input variable file called [demo.tfvars](demo.tfvars). - -It will be used to define which parts of the baseline to apply and which to ignore. - -The variables that can be overwritten by the input variable files i.e. [demo.tfvars](demo.tfvars) are defined in the [variables.tf](variables.tf) file. - -Further details found in official [Terraform documentation](https://www.terraform.io/docs/language/values/variables.html). - -### Apply baseline using input variable files - -If seeking to apply the baseline using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform apply --var-file=demo.tfvars - ``` -### Apply baseline without input variable file - -The baseline can be applied without an input variable file. - -1. By this time Terraform initialization is done as mentioned above. -3. Prefer to check the outcome by running the Terraform plan -3. Apply the Terraform -4. Run the command: - -```shell -cd -terraform plan -terraform apply -``` - -`This may prompt the user applying the baseline to enter values for variables that do not have default values.` - -### Destroy baseline without input variable file - -If seeking to apply the baseline without using an input variable file. - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform destroy - ``` - -### Destroy using input variable files - -If seeking to destoy the baseline configuration using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform destroy --var-file=demo.tfvars - ``` - -## Commenting strategy - -All Turbot policies used by the baselines will have a link to the official Turbot Mods documentation. - -Opening the links will give you further details about: - -- The purpose of the policy -- Policy URI name -- Parent information -- Category information -- Target information -- All valid values diff --git a/baselines/todo_policy_packs/azure/azure_check_tagging/demo.tfvars b/baselines/todo_policy_packs/azure/azure_check_tagging/demo.tfvars deleted file mode 100644 index 777a55b27..000000000 --- a/baselines/todo_policy_packs/azure/azure_check_tagging/demo.tfvars +++ /dev/null @@ -1,56 +0,0 @@ -# List of services and resources to be Check: Tags are correct. -# Started with a few resource types to get started aligned with the initial mods installed -# You can remove the comment per row to include the resource type. Make sure you have that related service mod install - -# Acceptable Values: -# "Skip" -# "Check: Tags are correct" -# "Enforce: Set tags" - -### These tags must exist for Missing Tag use case if enabled -### required_tags = [ -### "Owner", -### "Contact", -### "Cost Center", -### "Project ID", -### "Department", -### ] - -resource_tags = { - azure-aks-managed-cluster = "Check: Tags are correct" - # azure-apimanagement-service = "Check: Tags are correct" - # azure-application-gateway = "Check: Tags are correct" - # azure-application-insights-insight = "Check: Tags are correct" - # azure-compute-availability-set = "Check: Tags are correct" - # azure-compute-disk = "Check: Tags are correct" - # azure-compute-disk-encryption-set = "Check: Tags are correct" - # azure-compute-image = "Check: Tags are correct" - # azure-compute-snapshot = "Check: Tags are correct" - azure-compute-virtual-machine = "Check: Tags are correct" - azure-cosmosdb-database = "Check: Tags are correct" - # azure-databricks-workspace = "Check: Tags are correct" - # azure-datafactory-factory = "Check: Tags are correct" - # azure-dns-record-set = "Check: Tags are correct" - # azure-dns-zone = "Check: Tags are correct" - # azure-firewall = "Check: Tags are correct" - # azure-keyvault-vault = "Check: Tags are correct" - # azure-loadbalancer = "Check: Tags are correct" - azure-mysql-server = "Check: Tags are correct" - azure-network-application-security-group = "Check: Tags are correct" - # azure-network-network-interface = "Check: Tags are correct" - # azure-network-network-security-groups = "Check: Tags are correct" - # azure-network-public-ip-address = "Check: Tags are correct" - # azure-network-route-table = "Check: Tags are correct" - # azure-network-virtual-network = "Check: Tags are correct" - # azure-networkwatcher = "Check: Tags are correct" - azure-postgresql-server = "Check: Tags are correct" - # azure-recoveryservice-vault = "Check: Tags are correct" - azure-resourcegroup = "Check: Tags are correct" - # azure-searchmanagement-search-service = "Check: Tags are correct" - azure-sql-database = "Check: Tags are correct" - # azure-sql-elastic-pool = "Check: Tags are correct" - azure-sql-server = "Check: Tags are correct" - azure-storage-storage-account = "Check: Tags are correct" - # azure-synapseanalytics-sql-pool = "Check: Tags are correct" - azure-synapseanalytics-workspace = "Check: Tags are correct" -} diff --git a/baselines/todo_policy_packs/azure/azure_check_tagging/locals.tf b/baselines/todo_policy_packs/azure/azure_check_tagging/locals.tf deleted file mode 100644 index e54cbfc03..000000000 --- a/baselines/todo_policy_packs/azure/azure_check_tagging/locals.tf +++ /dev/null @@ -1,84 +0,0 @@ -locals { - - # Mapping of resource name for the policy - # Note: the resource map above dictates the applicable use of each line item below. You do not need to comment out these items to reduce scope - policy_map = { - azure-aks-managed-cluster : "tmod:@turbot/azure-aks#/policy/types/managedClusterTags" - azure-apimanagement-service : "tmod:@turbot/azure-apimanagement#/policy/types/apiManagementServiceTags" - azure-application-gateway : "tmod:@turbot/azure-applicationgateway#/policy/types/applicationGatewayTags" - azure-application-insights-insight : "tmod:@turbot/azure-applicationinsights#/policy/types/applicationInsightTags" - azure-compute-availability-set : "tmod:@turbot/azure-compute#/policy/types/availabilitySetTags" - azure-compute-disk : "tmod:@turbot/azure-compute#/policy/types/diskTags" - azure-compute-disk-encryption-set : "tmod:@turbot/azure-compute#/policy/types/diskEncryptionSetTags" - azure-compute-image : "tmod:@turbot/azure-compute#/policy/types/imageTags" - azure-compute-snapshot : "tmod:@turbot/azure-compute#/policy/types/snapshotTags" - azure-compute-virtual-machine : "tmod:@turbot/azure-compute#/policy/types/virtualMachineTags" - azure-cosmosdb-database : "tmod:@turbot/azure-cosmosdb#/policy/types/databaseAccountTags" - azure-databricks-workspace : "tmod:@turbot/azure-databricks#/policy/types/databricksWorkspaceTags" - azure-datafactory-factory : "tmod:@turbot/azure-datafactory#/policy/types/factoryTags" - azure-dns-record-set : "tmod:@turbot/azure-dns#/policy/types/recordSetTags" - azure-dns-zone : "tmod:@turbot/azure-dns#/policy/types/zoneTags" - azure-firewall : "tmod:@turbot/azure-firewall#/policy/types/firewallTags" - azure-keyvault-vault : "tmod:@turbot/azure-keyvault#/policy/types/vaultTags" - azure-loadbalancer : "tmod:@turbot/azure-loadbalancer#/policy/types/loadBalancerTags" - azure-mysql-server : "tmod:@turbot/azure-mysql#/policy/types/serverTags" - azure-network-application-security-group : "tmod:@turbot/azure-network#/policy/types/applicationSecurityGroupTags" - azure-network-network-interface : "tmod:@turbot/azure-network#/policy/types/networkInterfaceTags" - azure-network-network-security-groups : "tmod:@turbot/azure-network#/policy/types/networkSecurityGroupTags" - azure-network-public-ip-address : "tmod:@turbot/azure-network#/policy/types/publicIpAddressTags" - azure-network-route-table : "tmod:@turbot/azure-network#/policy/types/routeTableTags" - azure-network-virtual-network : "tmod:@turbot/azure-network#/policy/types/virtualNetworkTags" - azure-networkwatcher : "tmod:@turbot/azure-networkwatcher#/policy/types/networkWatcherTags" - azure-postgresql-server : "tmod:@turbot/azure-postgresql#/policy/types/serverTags" - azure-recoveryservice-vault : "tmod:@turbot/azure-recoveryservice#/policy/types/vaultTags" - azure-resourcegroup : "tmod:@turbot/azure#/policy/types/resourceGroupTags" - azure-searchmanagement-search-service : "tmod:@turbot/azure-searchmanagement#/policy/types/searchServiceTags" - azure-sql-database : "tmod:@turbot/azure-sql#/policy/types/databaseTags" - azure-sql-elastic-pool : "tmod:@turbot/azure-sql#/policy/types/elasticPoolTags" - azure-sql-server : "tmod:@turbot/azure-sql#/policy/types/serverTags" - azure-storage-storage-account : "tmod:@turbot/azure-storage#/policy/types/storageAccountTags" - azure-synapseanalytics-sql-pool : "tmod:@turbot/azure-synapseanalytics#/policy/types/sqlPoolTags" - azure-synapseanalytics-workspace : "tmod:@turbot/azure-synapseanalytics#/policy/types/synapseWorkspaceTags" - } - - # Mapping of resource name to the policy map - # Note: the resource map above dictates the applicable use of each line item below. You do not need to comment out these items to reduce scope - policy_map_template = { - azure-aks-managed-cluster : "tmod:@turbot/azure-aks#/policy/types/managedClusterTagsTemplate" - azure-apimanagement-service : "tmod:@turbot/azure-apimanagement#/policy/types/apiManagementServiceTagsTemplate" - azure-application-gateway : "tmod:@turbot/azure-applicationgateway#/policy/types/applicationGatewayTagsTemplate" - azure-application-insights-insight : "tmod:@turbot/azure-applicationinsights#/policy/types/applicationInsightTagsTemplate" - azure-compute-availability-set : "tmod:@turbot/azure-compute#/policy/types/availabilitySetTagsTemplate" - azure-compute-disk : "tmod:@turbot/azure-compute#/policy/types/diskTagsTemplate" - azure-compute-disk-encryption-set : "tmod:@turbot/azure-compute#/policy/types/diskEncryptionSetTagsTemplate" - azure-compute-image : "tmod:@turbot/azure-compute#/policy/types/imageTagsTemplate" - azure-compute-snapshot : "tmod:@turbot/azure-compute#/policy/types/snapshotTagsTemplate" - azure-compute-virtual-machine : "tmod:@turbot/azure-compute#/policy/types/virtualMachineTagsTemplate" - azure-cosmosdb-database : "tmod:@turbot/azure-cosmosdb#/policy/types/databaseAccountTagsTemplate" - azure-databricks-workspace : "tmod:@turbot/azure-databricks#/policy/types/databricksWorkspaceTagsTemplate" - azure-datafactory-factory : "tmod:@turbot/azure-datafactory#/policy/types/factoryTagsTemplate" - azure-dns-record-set : "tmod:@turbot/azure-dns#/policy/types/recordSetTagsTemplate" - azure-dns-zone : "tmod:@turbot/azure-dns#/policy/types/zoneTagsTemplate" - azure-firewall : "tmod:@turbot/azure-firewall#/policy/types/firewallTagsTemplate" - azure-keyvault-vault : "tmod:@turbot/azure-keyvault#/policy/types/vaultTagsTemplate" - azure-loadbalancer : "tmod:@turbot/azure-loadbalancer#/policy/types/loadBalancerTagsTemplate" - azure-mysql-server : "tmod:@turbot/azure-mysql#/policy/types/serverTagsTemplate" - azure-network-application-security-group : "tmod:@turbot/azure-network#/policy/types/applicationSecurityGroupTagsTemplate" - azure-network-network-interface : "tmod:@turbot/azure-network#/policy/types/networkInterfaceTagsTemplate" - azure-network-network-security-groups : "tmod:@turbot/azure-network#/policy/types/networkSecurityGroupTagsTemplate" - azure-network-public-ip-address : "tmod:@turbot/azure-network#/policy/types/publicIpAddressTagsTemplate" - azure-network-route-table : "tmod:@turbot/azure-network#/policy/types/routeTableTagsTemplate" - azure-network-virtual-network : "tmod:@turbot/azure-network#/policy/types/virtualNetworkTagsTemplate" - azure-networkwatcher : "tmod:@turbot/azure-networkwatcher#/policy/types/networkWatcherTagsTemplate" - azure-postgresql-server : "tmod:@turbot/azure-postgresql#/policy/types/serverTagsTemplate" - azure-recoveryservice-vault : "tmod:@turbot/azure-recoveryservice#/policy/types/vaultTagsTemplate" - azure-resourcegroup : "tmod:@turbot/azure#/policy/types/resourceGroupTagsTemplate" - azure-searchmanagement-search-service : "tmod:@turbot/azure-searchmanagement#/policy/types/searchServiceTagsTemplate" - azure-sql-database : "tmod:@turbot/azure-sql#/policy/types/databaseTagsTemplate" - azure-sql-elastic-pool : "tmod:@turbot/azure-sql#/policy/types/elasticPoolTagsTemplate" - azure-sql-server : "tmod:@turbot/azure-sql#/policy/types/serverTagsTemplate" - azure-storage-storage-account : "tmod:@turbot/azure-storage#/policy/types/storageAccountTagsTemplate" - azure-synapseanalytics-sql-pool : "tmod:@turbot/azure-synapseanalytics#/policy/types/sqlPoolTagsTemplate" - azure-synapseanalytics-workspace : "tmod:@turbot/azure-synapseanalytics#/policy/types/synapseWorkspaceTagsTemplate" - } -} diff --git a/baselines/todo_policy_packs/azure/azure_check_tagging/outputs.tf b/baselines/todo_policy_packs/azure/azure_check_tagging/outputs.tf deleted file mode 100644 index 7dc826d3c..000000000 --- a/baselines/todo_policy_packs/azure/azure_check_tagging/outputs.tf +++ /dev/null @@ -1,19 +0,0 @@ -output "resource_tags" { - value = var.resource_tags -} - -output "turbot_profile" { - value = var.turbot_profile -} - -output "smart_folder_name" { - value = var.smart_folder_name -} - -output "smart_folder_description" { - value = var.smart_folder_description -} - -output "smart_folder_parent_resource" { - value = var.smart_folder_parent_resource -} \ No newline at end of file diff --git a/baselines/todo_policy_packs/azure/azure_check_tagging/providers.tf b/baselines/todo_policy_packs/azure/azure_check_tagging/providers.tf deleted file mode 100644 index 715fb0f92..000000000 --- a/baselines/todo_policy_packs/azure/azure_check_tagging/providers.tf +++ /dev/null @@ -1,12 +0,0 @@ -terraform { - required_providers { - turbot = { - source = "turbot/turbot" - } - } - required_version = ">= 0.13" -} - -provider "turbot" { - profile = var.turbot_profile -} \ No newline at end of file diff --git a/baselines/todo_policy_packs/azure/azure_check_tagging/smartfolder.tf b/baselines/todo_policy_packs/azure/azure_check_tagging/smartfolder.tf deleted file mode 100644 index a08bfb5ad..000000000 --- a/baselines/todo_policy_packs/azure/azure_check_tagging/smartfolder.tf +++ /dev/null @@ -1,5 +0,0 @@ -resource "turbot_smart_folder" "azure_tagging" { - parent = var.smart_folder_parent_resource - title = var.smart_folder_name - description = var.smart_folder_description -} \ No newline at end of file diff --git a/baselines/todo_policy_packs/azure/azure_check_tagging/tagging_policies.tf b/baselines/todo_policy_packs/azure/azure_check_tagging/tagging_policies.tf deleted file mode 100644 index a18c396a6..000000000 --- a/baselines/todo_policy_packs/azure/azure_check_tagging/tagging_policies.tf +++ /dev/null @@ -1,73 +0,0 @@ -# Simple tagging controls to check for adhernece to the tagging template example -# Tag template should be updated per your specific use case -# More Info: https://turbot.com/v5/docs/concepts/guardrails/tagging - - -# -## Sets tagging policy for each resource type in the resource_tags map. -resource "turbot_policy_setting" "set_resource_tag_policies" { - for_each = var.resource_tags - resource = turbot_smart_folder.azure_tagging.id - type = local.policy_map[each.key] - value = each.value -} - -## Sets the default tag template for all resources. -resource "turbot_policy_setting" "default_tag_template" { - for_each = var.resource_tags - resource = turbot_smart_folder.azure_tagging.id - type = local.policy_map_template[each.key] - # GraphQL to pull metadata - template_input = <<-QUERY - { - resource { - turbot { - title - tags - } - creator: notifications(filter: "sort:version_id limit:1") { - items { - actor { - alternatePersona - identity { - turbot { - title - } - } - } - turbot { - createTimestamp - } - } - } - } - } - QUERY - - # Nunjucks template to set tags and check for tag validity. - template = <<-TEMPLATE - # Bring in environment metadata / attributes - Name: "{{ $.resource.turbot.title }}" - # Enforce selection of values, set to "Non-Compliant" if out of bounds - Environment: "{% if $.resource.turbot.tags['Environment'] in ['Dev', 'QA', 'Prod', 'Temp'] %}{{ $.resource.turbot.tags['Environment'] }}{% else %}Non-Compliant Tag{% endif %}" - # Actor who created the resource - CreatedByActor: "{% if $.resource.creator.items[0].actor.identity.turbot.title == 'Unidentified Identity' %}{{ $.resource.creator.items[0].actor.alternatePersona }}{% else %}{{ $.resource.creator.items[0].actor.identity.turbot.title }}{% endif %}" - # Creation Timestamp - CreatedByTime: "{{ $.resource.creator.items[0].turbot.createTimestamp }}" - TEMPLATE -} - -## Missing Tag on folder use case: -## {%- set missingTag = "__MissingTag__" -%} -# {%- set required_tags = ${jsonencode([for tag_name in var.required_tags : tag_name])} -%} -# # If Resource has a required tag, will accept the resource tag, else will tag with Folder tag value. -# {%- for tag_name in required_tags %} -# {%- if tag_name in $.resource.turbot.tags %} -# {{tag_name}}: "{{ $.resource.turbot.tags[tag_name] }}" -# {%- elif tag_name in $.folder.turbot.tags %} -# {{tag_name}}: "{{ $.folder.turbot.tags[tag_name] }}" -# {%- else %} -# {{tag_name}}: {{missingTag}} -# {%- endif %} -# {%- endfor %} - diff --git a/baselines/todo_policy_packs/azure/azure_check_tagging/variables.tf b/baselines/todo_policy_packs/azure/azure_check_tagging/variables.tf deleted file mode 100644 index 07b9b296b..000000000 --- a/baselines/todo_policy_packs/azure/azure_check_tagging/variables.tf +++ /dev/null @@ -1,92 +0,0 @@ -variable "resource_tags" { - description = <.tfvars`. - -Command: `terraform apply -var-file=.tfvars` - -### Destroy using default configuration - -If seeking to apply the configuration using the configuration file `defaults.tfvars`. - -Command: `terraform destroy -var-file=default.tfvars` - -### Destroy using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform destroy -var-file=.tfvars` diff --git a/baselines/todo_policy_packs/azure/azure_eventing/default.tfvars b/baselines/todo_policy_packs/azure/azure_eventing/default.tfvars deleted file mode 100644 index da66cabbd..000000000 --- a/baselines/todo_policy_packs/azure/azure_eventing/default.tfvars +++ /dev/null @@ -1,19 +0,0 @@ -# Required - Target resource to attach to smart folder -target_resource = "" -# Examples for target_resource -# target_resource = "tmod:@turbot/turbot#/" -# target_resource = "191238958290468" - -# Required - Target resource to attach to smart folder -# Setting to `true` will configure that the Event Poller to handle event routing. -# Setting to `false` will configure that the Event Handler to handle event routing. -enable_poller = true - -# Optional - Default value: "Azure - Event Router" -# smart_folder_title = "Custom Smart Folder Title" - -# Optional - Default value: "Contains the policy settings to configure the Azure Event Router" -# smart_folder_description = "Custom Description" - -# Optional - Default value: tmod:@turbot/turbot#/ -# smart_folder_parent_resource = "" diff --git a/baselines/todo_policy_packs/azure/azure_eventing/main.tf b/baselines/todo_policy_packs/azure/azure_eventing/main.tf deleted file mode 100644 index 217e4b2b1..000000000 --- a/baselines/todo_policy_packs/azure/azure_eventing/main.tf +++ /dev/null @@ -1,42 +0,0 @@ -resource "turbot_smart_folder" "azure_folder" { - title = var.smart_folder_title - description = var.smart_folder_description - parent = var.smart_folder_parent_resource -} - -# Create Event through Event Poller -# Azure > Turbot > Event Poller -resource "turbot_policy_setting" "eventPoller" { - resource = turbot_smart_folder.azure_folder.id - type = "tmod:@turbot/azure#/policy/types/eventPoller" - value = var.enable_poller ? "Enabled" : "Disabled" -} - -# Create the resource group for the event handler -# Azure > Turbot > Resource Group Handlers -resource "turbot_policy_setting" "resourceGroupStack" { - resource = turbot_smart_folder.azure_folder.id - type = "tmod:@turbot/azure#/policy/types/resourceGroupStack" - value = var.enable_poller ? "Skip" : "Enforce: Configured" -} - -# Create Event through Event Handler -# Azure > Turbot > Event Handlers -resource "turbot_policy_setting" "eventHandlers" { - resource = turbot_smart_folder.azure_folder.id - type = "tmod:@turbot/azure#/policy/types/eventHandlers" - value = var.enable_poller ? "Skip" : "Enforce: Configured" -} - -# Create the Resource Group and set the policy -# Azure > Turbot > Resource Group -resource "turbot_policy_setting" "turbotResourceGroup" { - resource = turbot_smart_folder.azure_folder.id - type = "tmod:@turbot/azure#/policy/types/turbotResourceGroup" - value = var.enable_poller ? "Skip" : "Enforce: Configured" -} - -resource "turbot_smart_folder_attachment" "azure_folder" { - resource = var.target_resource - smart_folder = turbot_smart_folder.azure_folder.id -} diff --git a/baselines/todo_policy_packs/azure/azure_eventing/variables.tf b/baselines/todo_policy_packs/azure/azure_eventing/variables.tf deleted file mode 100644 index 96cb70633..000000000 --- a/baselines/todo_policy_packs/azure/azure_eventing/variables.tf +++ /dev/null @@ -1,31 +0,0 @@ -variable "target_resource" { - description = "Enter the resource ID or AKA for the resource to apply the calculated policy" - type = string -} - -variable "enable_poller" { - description = <.tfvars`. - -Command: `terraform apply -var-file=.tfvars` - -### Destroy using default configuration - -If seeking to apply the configuration using the configuration file `defaults.tfvars`. - -Command: `terraform destroy -var-file=default.tfvars` - -### Destroy using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform destroy -var-file=.tfvars` diff --git a/baselines/todo_policy_packs/azure/azure_management_group_import/default.tfvars b/baselines/todo_policy_packs/azure/azure_management_group_import/default.tfvars deleted file mode 100644 index 4759f767d..000000000 --- a/baselines/todo_policy_packs/azure/azure_management_group_import/default.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -azure_environment_type = "" - -azure_management_group_id = "" - -parent_resource = "<15 digit tubot folder id under which the azure management group to be imported>" - -azure_client_id = "" - -azure_tenant_id = "" - -azure_client_secret = "" \ No newline at end of file diff --git a/baselines/todo_policy_packs/azure/azure_management_group_import/main.tf b/baselines/todo_policy_packs/azure/azure_management_group_import/main.tf deleted file mode 100644 index 2791d8783..000000000 --- a/baselines/todo_policy_packs/azure/azure_management_group_import/main.tf +++ /dev/null @@ -1,52 +0,0 @@ -provider azurerm { - version = "=2.0.0" - features {} - management_group_id = var.azure_management_group_id - client_id = var.azure_client_id - environment = "public" - tenant_id = var.azure_tenant_id - client_secret = var.azure_client_secret -} - -# Create the Azure > Management Group resource in Turbot -resource "turbot_resource" "management_group_resource" { - parent = var.parent_resource - type = "tmod:@turbot/azure#/resource/types/managementGroup" - akas = ["azure:///tenants/${var.azure_tenant_id}/microsoft.management/managementgroups/${var.azure_management_group_id}"] - metadata = jsonencode({ - "azure" : { - "tenantId" : "${var.azure_tenant_id}" - "managementGroupId" : "${var.azure_management_group_id}" - } - }) - data = jsonencode({ - "id" : "/providers/Microsoft.Management/managementGroups/${var.azure_management_group_id}" - "name" : "${var.azure_management_group_id}", - }) -} - -# Set the credentials for the Management Group via Turbot policies - -resource "turbot_policy_setting" "environment" { - resource = turbot_resource.management_group_resource.id - type = "tmod:@turbot/azure#/policy/types/environment" - value = var.azure_environment_type -} - -resource "turbot_policy_setting" "clientKey" { - resource = turbot_resource.management_group_resource.id - type = "tmod:@turbot/azure#/policy/types/clientKey" - value = var.azure_client_secret -} - -resource "turbot_policy_setting" "clientId" { - resource = turbot_resource.management_group_resource.id - type = "tmod:@turbot/azure#/policy/types/clientId" - value = var.azure_client_id -} - -resource "turbot_policy_setting" "tenantId" { - resource = turbot_resource.management_group_resource.id - type = "tmod:@turbot/azure#/policy/types/tenantId" - value = var.azure_tenant_id -} diff --git a/baselines/todo_policy_packs/azure/azure_management_group_import/variables.tf b/baselines/todo_policy_packs/azure/azure_management_group_import/variables.tf deleted file mode 100644 index 9e156fd20..000000000 --- a/baselines/todo_policy_packs/azure/azure_management_group_import/variables.tf +++ /dev/null @@ -1,29 +0,0 @@ -variable "azure_management_group_id" { - description = "Enter the Azure Management Group ID that you wish to import: " - type = string -} - -variable "parent_resource" { - description = "Enter the Turbot Resource ID for the folder into which to import the management group:" - type = string -} - -variable "azure_environment_type" { - description = "Enter the Azure Management Group environment type ('Global Cloud' or 'US Government'):" - type = string -} - -variable "azure_client_id" { - description = "Enter the Azure Client ID: " - type = string -} - -variable "azure_tenant_id" { - description = "Enter the Azure Tenant ID: " - type = string -} - -variable "azure_client_secret" { - description = "Enter the Azure Client Secret Key: " - type = string -} diff --git a/baselines/todo_policy_packs/azure/azure_provider_registration/README.md b/baselines/todo_policy_packs/azure/azure_provider_registration/README.md deleted file mode 100644 index 9008fce62..000000000 --- a/baselines/todo_policy_packs/azure/azure_provider_registration/README.md +++ /dev/null @@ -1,61 +0,0 @@ -# Azure Provider Registration Baseline - -Turbot Azure Services baseline provides a Terraform configuration to registration status or check current registration status for Azure services in Turbot. - -**NOTE:** `provider_status` must match values found in the `provider_registration_map` map. - -**NOTE:** It is advised not to modify the `provider_registration_map` map. - -## Prerequisites - -- Setup Turbot [credentials](https://turbot.com/v5/docs/reference/cli/installation#setup-your-turbot-credentials) -- Installed [Terraform](https://www.terraform.io/downloads.html) -- Installed [Turbot Terraform Provider](https://github.com/turbotio/terraform-provider-turbot) - -## Running the Baseline - -Scripts can be run in the folder that contains the script. - -### Configure the script - -Update default.tfvars or create a new Terraform configuration file. - -Variables that are exposed by this script are: - -- target_resource -- smart_folder_title -- folder_parent (Optional) -- provider_status (Optional) -- provider_registration_map (Optional) - -Open the file `variables.tf` for further details. - -### Initialize Terraform - -If not previously run then initialize Terraform to get all necessary providers. - -Command: `terraform init` - -### Apply using default configuration - -If seeking to apply the configuration using the configuration file `defaults.tfvars`. - -Command: `terraform apply -var-file=default.tfvars` - -### Apply using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform apply -var-file=.tfvars` - -### Destroy using default configuration - -If seeking to apply the configuration using the configuration file `defaults.tfvars`. - -Command: `terraform destroy -var-file=default.tfvars` - -### Destroy using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform destroy -var-file=.tfvars` diff --git a/baselines/todo_policy_packs/azure/azure_provider_registration/default.tfvars b/baselines/todo_policy_packs/azure/azure_provider_registration/default.tfvars deleted file mode 100644 index 28e7c1d2d..000000000 --- a/baselines/todo_policy_packs/azure/azure_provider_registration/default.tfvars +++ /dev/null @@ -1,24 +0,0 @@ -target_resource = "" -# Examples for target_resource -# target_resource = "tmod:@turbot/turbot#/" -# target_resource = "187486019045335" - -smart_folder_title = "" - -# Optional - leaving unchanged will default to the Turbot level -# folder_parent = "" - -# Optional - leaving unchanged will use the default map which will set the controls to Skip -# provider_status = { -# ApiManagement = "Skip" -# Compute = "Check: Not Registered" -# ContainerService = "Check: Registered" -# Databricks = "Enforce: Not Registered" -# DataFactory = "Enforce: Registered" -# } - -# Optional - leaving unchanged will use the default map -# provider_registration_map = { -# ApiManagement = "apiManagementRegistered" -# Compute = "computeRegistered" -# } diff --git a/baselines/todo_policy_packs/azure/azure_provider_registration/main.tf b/baselines/todo_policy_packs/azure/azure_provider_registration/main.tf deleted file mode 100644 index 098d7640e..000000000 --- a/baselines/todo_policy_packs/azure/azure_provider_registration/main.tf +++ /dev/null @@ -1,17 +0,0 @@ -resource "turbot_smart_folder" "azure_folder" { - parent = var.folder_parent - title = var.smart_folder_title - description = "Folder to import the Azure Subscription:" -} - -resource "turbot_smart_folder_attachment" "azure_folder" { - resource = var.target_resource - smart_folder = turbot_smart_folder.azure_folder.id -} - -resource "turbot_policy_setting" "provider_registration_enable" { - count = length(var.provider_status) - resource = turbot_smart_folder.azure_folder.id - type = "tmod:@turbot/azure-provider#/policy/types/${lookup(var.provider_registration_map, "${element(keys(var.provider_status), count.index)}")}" - value = lookup(var.provider_status, "${element(keys(var.provider_status), count.index)}") -} diff --git a/baselines/todo_policy_packs/azure/azure_provider_registration/variables.tf b/baselines/todo_policy_packs/azure/azure_provider_registration/variables.tf deleted file mode 100644 index 9c7b1c116..000000000 --- a/baselines/todo_policy_packs/azure/azure_provider_registration/variables.tf +++ /dev/null @@ -1,74 +0,0 @@ -variable "target_resource" { - description = "Enter a target_resource to set the policies on a specific resource. This can be an AKA or resource id:" - type = string -} - -variable "smart_folder_title" { - description = "Folder to import the Azure Subscription:" - type = string -} - -# Defaults to the Turbot Resource level using the AKA which identifies the Turbot level. -variable "folder_parent" { - type = string - default = "tmod:@turbot/turbot#/" -} - -# Enter the list of providers that you would like to "Skip", "Check: Not Registered", "Check: Registered", "Enforce: Not Registered" or "Enforce: Registered". -# Service names must match the "policy_map" below. -variable "provider_status" { - description = "Choose the subset of providers that should be configured. Possible values for each service are: [\"Skip\", \"Check: Not Registered\", \"Check: Registered\", \"Enforce: Not Registered\", \"Enforce: Registered\"]" - type = map - - default = { - ApiManagement = "Skip" - Compute = "Skip" - ContainerService = "Skip" - Databricks = "Skip" - DataFactory = "Skip" - DBforMySQL = "Skip" - DBforPostgreSQL = "Skip" - DocumentDB = "Skip" - DomainRegistration = "Skip" - Insights = "Skip" - KeyVault = "Skip" - Network = "Skip" - OperationalInsights = "Skip" - RecoveryServices = "Skip" - Resources = "Skip" - Search = "Skip" - Security = "Skip" - Sql = "Skip" - Storage = "Skip" - Web = "Skip" - } -} - -#This is a map of Turbot policy types to service names which should not be modified -variable "provider_registration_map" { - description = "A map of all the registered policies currently exposed by Turbot" - type = map - - default = { - ApiManagement = "apiManagementRegistered" - Compute = "computeRegistered" - ContainerService = "containerServiceRegistered" - Databricks = "databricksRegistered" - DataFactory = "dataFactoryRegistered" - DBforMySQL = "dbforMySqlRegistered" - DBforPostgreSQL = "dbForPostgreSqlRegistered" - DocumentDB = "documentDbRegistered" - DomainRegistration = "domainRegistrationRegistered" - Insights = "insightsRegistered" - KeyVault = "keyVaultRegistered" - Network = "networkRegistered" - OperationalInsights = "operationalInsightsRegistered" - RecoveryServices = "recoveryServicesRegistered" - Resources = "resourcesRegistered" - Search = "searchRegistered" - Security = "securityRegistered" - Sql = "sqlRegistered" - Storage = "storageRegistered" - Web = "webRegistered" - } -} diff --git a/baselines/todo_policy_packs/azure/azure_services/README.md b/baselines/todo_policy_packs/azure/azure_services/README.md deleted file mode 100644 index 0d9724db1..000000000 --- a/baselines/todo_policy_packs/azure/azure_services/README.md +++ /dev/null @@ -1,61 +0,0 @@ -# Azure Services Baseline - -Turbot Azure Services baseline provides a Terraform configuration to enable or disable Azure services in Turbot. - -**NOTE:** `service_status` must match values found in the `policy_map` map. - -**NOTE:** It is advised not to modify the `policy_map` map. - -## Prerequisites - -- Setup Turbot [credentials](https://turbot.com/v5/docs/reference/cli/installation#setup-your-turbot-credentials) -- Installed [Terraform](https://www.terraform.io/downloads.html) -- Installed [Turbot Terraform Provider](https://github.com/turbotio/terraform-provider-turbot) - -## Running the Baseline - -Scripts can be run in the folder that contains the script. - -### Configure the script - -Update default.tfvars or create a new Terraform configuration file. - -Variables that are exposed by this script are: - -- target_resource -- smart_folder_title -- folder_parent (Optional) -- service_status (Optional) -- policy_map (Optional) - -Open the file `variables.tf` for further details. - -### Initialize Terraform - -If not previously run then initialize Terraform to get all necessary providers. - -Command: `terraform init` - -### Apply using default configuration - -If seeking to apply the configuration using the configuration file `defaults.tfvars`. - -Command: `terraform apply -var-file=default.tfvars` - -### Apply using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform apply -var-file=.tfvars` - -### Destroy using default configuration - -If seeking to apply the configuration using the configuration file `defaults.tfvars`. - -Command: `terraform destroy -var-file=default.tfvars` - -### Destroy using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform destroy -var-file=.tfvars` diff --git a/baselines/todo_policy_packs/azure/azure_services/default.tfvars b/baselines/todo_policy_packs/azure/azure_services/default.tfvars deleted file mode 100644 index ed96955a3..000000000 --- a/baselines/todo_policy_packs/azure/azure_services/default.tfvars +++ /dev/null @@ -1,21 +0,0 @@ -target_resource = "" -# Examples for target_resource -# target_resource = "tmod:@turbot/turbot#/" -# target_resource = "187486019045335" - -smart_folder_title = "" - -# Optional - leaving unchanged will default to the Turbot level -# folder_parent = "" - -# Optional - leaving unchanged will use the default map which will set the controls to Enabled -# service_status = { -# azure-aks = "Enabled" -# azure-apimanagement = "Disable" -# } - -# Optional - leaving unchanged will use the default map -# provider_registration_map = { -# azure-aks = "aksEnabled" -# azure-apimanagement = "apiManagementEnabled" -# } diff --git a/baselines/todo_policy_packs/azure/azure_services/main.tf b/baselines/todo_policy_packs/azure/azure_services/main.tf deleted file mode 100644 index 6d61f4b4d..000000000 --- a/baselines/todo_policy_packs/azure/azure_services/main.tf +++ /dev/null @@ -1,17 +0,0 @@ -resource "turbot_smart_folder" "azure_folder" { - parent = var.folder_parent - title = var.smart_folder_title - description = "Folder to import the Azure Subscription:" -} - -resource "turbot_smart_folder_attachment" "azure_folder" { - resource = var.target_resource - smart_folder = turbot_smart_folder.azure_folder.id -} - -resource "turbot_policy_setting" "azure_enable" { - count = length(var.service_status) - resource = turbot_smart_folder.azure_folder.id - type = "tmod:@turbot/${element(keys(var.service_status), count.index)}#/policy/types/${lookup(var.policy_map, "${element(keys(var.service_status), count.index)}")}" - value = lookup(var.service_status, "${element(keys(var.service_status), count.index)}") -} diff --git a/baselines/todo_policy_packs/azure/azure_services/variables.tf b/baselines/todo_policy_packs/azure/azure_services/variables.tf deleted file mode 100644 index ab824f2a4..000000000 --- a/baselines/todo_policy_packs/azure/azure_services/variables.tf +++ /dev/null @@ -1,86 +0,0 @@ -variable "target_resource" { - description = "Enter a target_resource to set the policies on a specific resource. This can be an AKA or resource id:" - type = string -} - -variable "smart_folder_title" { - description = "Folder to import the Azure Subscription:" - type = string -} - -# Defaults to the Turbot Resource level using the AKA which identifies the Turbot level. -variable "folder_parent" { - type = string - default = "tmod:@turbot/turbot#/" -} - -# Enter the list of services that you would like to "Enable" or "Disable" -# Service names must match the key names for the "policy_map" below -variable "service_status" { - description = "Choose the subset of services that should be configured. Possible values for each service are: [\"Enabled\", \"Disabled\"]" - type = map - - default = { - azure-aks = "Enabled" - azure-apimanagement = "Enabled" - azure-applicationgateway = "Enabled" - azure-applicationinsights = "Enabled" - azure-appservice = "Enabled" - azure-compute = "Enabled" - azure-cosmosdb = "Enabled" - azure-databricks = "Enabled" - azure-datafactory = "Enabled" - azure-dns = "Enabled" - azure-firewall = "Enabled" - azure-frontdoorservice = "Enabled" - azure-iam = "Enabled" - azure-keyvault = "Enabled" - azure-loadbalancer = "Enabled" - azure-loganalytics = "Enabled" - azure-monitor = "Enabled" - azure-mysql = "Enabled" - azure-network = "Enabled" - azure-networkwatcher = "Enabled" - azure-postgresql = "Enabled" - azure-recoveryservice = "Enabled" - azure-searchmanagement = "Enabled" - azure-securitycenter = "Enabled" - azure-sql = "Enabled" - azure-storage = "Enabled" - } -} - -# This is a map of Turbot policy types to service names. It is advised not to modify the below list. -variable "policy_map" { - description = "A map of all the enabled policies currently exposed by Turbot" - type = map - - default = { - azure-aks = "aksEnabled" - azure-apimanagement = "apiManagementEnabled" - azure-applicationgateway = "applicationGatewayServiceEnabled" - azure-applicationinsights = "applicationInsightsEnabled" - azure-appservice = "appServiceEnabled" - azure-compute = "computeEnabled" - azure-cosmosdb = "cosmosDbEnabled" - azure-databricks = "databricksEnabled" - azure-datafactory = "dataFactoryEnabled" - azure-dns = "dnsEnabled" - azure-firewall = "firewallServiceEnabled" - azure-frontdoorservice = "frontDoorServiceEnabled" - azure-iam = "iamEnabled" - azure-keyvault = "keyVaultEnabled" - azure-loadbalancer = "loadBalancerServiceEnabled" - azure-loganalytics = "logAnalyticsEnabled" - azure-monitor = "monitorEnabled" - azure-mysql = "mySqlEnabled" - azure-network = "networkEnabled" - azure-networkwatcher = "networkWatcherServiceEnabled" - azure-postgresql = "postgreSqlEnabled" - azure-recoveryservice = "recoveryServiceEnabled" - azure-searchmanagement = "searchManagementEnabled" - azure-securitycenter = "securityCenterServiceEnabled" - azure-sql = "sqlEnabled" - azure-storage = "storageEnabled" - } -} diff --git a/baselines/todo_policy_packs/azure/azure_sub_create_then_import/README.md b/baselines/todo_policy_packs/azure/azure_sub_create_then_import/README.md deleted file mode 100644 index 08ed08d5c..000000000 --- a/baselines/todo_policy_packs/azure/azure_sub_create_then_import/README.md +++ /dev/null @@ -1,65 +0,0 @@ -# Azure Subscription Import Baseline - -The Azure subscription import baseline terraform configuration lets you import an Azure subscription into your turbot environment, with the necessary roles and permissions. - -- It is recommended that you import accounts into Turbot Folders, as it provides greater flexibility and ease of management. -- Give the role a purposeful name such as `turbot-readonly` (read only) or `turbot-superuser` (for full access). -- By default, Turbot is installed with administrator access to enable full functionality. However, You may change this if required. - -## Prerequisites - -To run the Azure subscription import baseline, you must have: - -- [Terraform](https://www.terraform.io) Version 12 -- Terraform [Azure Provider](https://www.terraform.io/docs/providers/azurerm/index.html) -- [Turbot Terraform Provider](https://github.com/turbotio/terraform-provider-turbot) -- [Credentials](https://turbot.com/v5/docs/reference/cli/installation#setup-your-turbot-credentials) Configured to connect to your Turbot workspace and AWS account - -## Running the Baseline - -Scripts can be run in the folder that contains the script. - -### Configure the script - -Update default.tfvars or create a new Terraform configuration file. - -Variables that are exposed by this script are: - -- azure_app_password_expiration -- azure_app_name -- azure_app_password -- azure_environment_type -- azure_subscription_id -- parent_resource - -Open the file `variables.tf` for further details. - -### Initialize Terraform - -If not previously run then initialize Terraform to get all necessary providers. - -Command: `terraform init` - -### Apply using default configuration - -If seeking to apply the configuration using the configuration file `defaults.tfvars`. - -Command: `terraform apply -var-file="default.tfvars"` - -### Apply using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform apply -var-file=.tfvars` - -### Destroy using default configuration - -If seeking to apply the configuration using the configuration file `defaults.tfvars`. - -Command: `terraform destroy -var-file=default.tfvars` - -### Destroy using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform destroy -var-file=.tfvars` diff --git a/baselines/todo_policy_packs/azure/azure_sub_create_then_import/default.tfvars b/baselines/todo_policy_packs/azure/azure_sub_create_then_import/default.tfvars deleted file mode 100644 index c4543ba78..000000000 --- a/baselines/todo_policy_packs/azure/azure_sub_create_then_import/default.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -azure_app_password_expiration = "<'YYYY-MM-DD'T'HH:MM:SS'Z>" - -azure_app_name = "" - -azure_app_password = "" - -azure_environment_type = "" - -azure_subscription_id = "" - -parent_resource = "<15 digit tubot folder id under which the aws account to be imported>" diff --git a/baselines/todo_policy_packs/azure/azure_sub_create_then_import/main.tf b/baselines/todo_policy_packs/azure/azure_sub_create_then_import/main.tf deleted file mode 100644 index c1b29b58e..000000000 --- a/baselines/todo_policy_packs/azure/azure_sub_create_then_import/main.tf +++ /dev/null @@ -1,72 +0,0 @@ -provider azuread { - version = "~> 0.7" -} - -# Create the Azure AD App and Service Principal for Turbot to use, and set a password -resource "azuread_application" "turbot_azure_ad_app" { - name = var.azure_app_name -} - -resource "azuread_service_principal" "turbot_azure_ad_app_sp" { - application_id = azuread_application.turbot_azure_ad_app.application_id -} - -resource "azuread_service_principal_password" "turbot_azure_ad_app_sp_password" { - service_principal_id = azuread_service_principal.turbot_azure_ad_app_sp.id - value = var.azure_app_password - end_date = var.azure_app_password_expiration -} - -provider azurerm { - version = "=2.0.0" - features {} - subscription_id = var.azure_subscription_id -} - -# Grant "owner" to the service principal for turbot -resource "azurerm_role_assignment" "turbot_azuread_role_assignment" { - scope = "/subscriptions/${var.azure_subscription_id}" - role_definition_name = "Owner" - principal_id = azuread_service_principal.turbot_azure_ad_app_sp.id -} - -# Create the Azure > Subscription resource in Turbot -resource "turbot_resource" "subscription_resource" { - parent = var.parent_resource - type = "tmod:@turbot/azure#/resource/types/subscription" - metadata = jsonencode({ - "azure" : { - "subscriptionId" : "${var.azure_subscription_id}", - "tenantId" : "${data.azurerm_subscription.subscription_to_import.tenant_id}" - } - }) - data = jsonencode({ - "subscriptionId" : "${var.azure_subscription_id}" - }) -} - -# Set the credentials for the subscription via Turbot policies -# Azure > Environment -resource "turbot_policy_setting" "environment" { - resource = turbot_resource.subscription_resource.id - type = "tmod:@turbot/azure#/policy/types/environment" - value = var.azure_environment_type -} - -resource "turbot_policy_setting" "clientKey" { - resource = turbot_resource.subscription_resource.id - type = "tmod:@turbot/azure#/policy/types/clientKey" - value = var.azure_app_password -} - -resource "turbot_policy_setting" "clientId" { - resource = turbot_resource.subscription_resource.id - type = "tmod:@turbot/azure#/policy/types/clientId" - value = azuread_application.turbot_azure_ad_app.application_id -} - -resource "turbot_policy_setting" "tenantId" { - resource = turbot_resource.subscription_resource.id - type = "tmod:@turbot/azure#/policy/types/tenantId" - value = data.azurerm_subscription.subscription_to_import.tenant_id -} diff --git a/baselines/todo_policy_packs/azure/azure_sub_create_then_import/outputs.tf b/baselines/todo_policy_packs/azure/azure_sub_create_then_import/outputs.tf deleted file mode 100644 index de348a35f..000000000 --- a/baselines/todo_policy_packs/azure/azure_sub_create_then_import/outputs.tf +++ /dev/null @@ -1,13 +0,0 @@ -#### Get the subscription info - -data "azurerm_subscription" "subscription_to_import" { - subscription_id = "${var.azure_subscription_id}" -} - -output "subscription_display_name" { - value = "${data.azurerm_subscription.subscription_to_import.display_name}" -} - -output "tennant_id" { - value = "${data.azurerm_subscription.subscription_to_import.tenant_id}" -} diff --git a/baselines/todo_policy_packs/azure/azure_sub_create_then_import/variables.tf b/baselines/todo_policy_packs/azure/azure_sub_create_then_import/variables.tf deleted file mode 100644 index ddaba8143..000000000 --- a/baselines/todo_policy_packs/azure/azure_sub_create_then_import/variables.tf +++ /dev/null @@ -1,29 +0,0 @@ -variable "azure_subscription_id" { - description = "Enter the Azure Subscription ID that you wish to import: " - type = string -} - -variable "parent_resource" { - description = "Enter the Turbot Resource ID for the folder into which to import the subscription:" - type = string -} - -variable "azure_app_password" { - description = "Enter an Azure AD app password:" - type = string -} - -variable "azure_app_password_expiration" { - description = "Enter an expiration date for the Azure AD app password:" - type = string -} - -variable "azure_app_name" { - description = "Enter the Azure AD app name:" - type = string -} - -variable "azure_environment_type" { - description = "Enter the Azure subscription environment type ('Global Cloud' or 'US Government'):" - type = string -} diff --git a/baselines/todo_policy_packs/azure/azure_sub_create_then_import_ro/README.md b/baselines/todo_policy_packs/azure/azure_sub_create_then_import_ro/README.md deleted file mode 100644 index ce721fd90..000000000 --- a/baselines/todo_policy_packs/azure/azure_sub_create_then_import_ro/README.md +++ /dev/null @@ -1,66 +0,0 @@ -# Azure Subscription ReadOnly Import Baseline - -The Azure subscription read-only import baseline terraform configuration lets you import an Azure subscription into your turbot environment, with the azure event setup and read-only permissions. - -- It is recommended that you import accounts into Turbot Folders, as it provides greater flexibility and ease of management. -- Give the role a purposeful name such as `turbot-readonly` (read only) or `turbot-superuser` (for full access). -- By default, Turbot is installed with administrator access to enable full functionality. However, You may change this if required. - -## Prerequisites - -To run the Azure subscription read-only import baseline, you must have: - -- [Terraform](https://www.terraform.io) Version 12 -- Terraform [Azure Provider](https://www.terraform.io/docs/providers/azurerm/index.html) -- [Turbot Terraform Provider](https://github.com/turbotio/terraform-provider-turbot) -- [Credentials](https://turbot.com/v5/docs/reference/cli/installation#setup-your-turbot-credentials) Configured to connect to your Turbot workspace and Azure subscription - -## Running the Baseline - -Scripts can be run in the folder that contains the script. - -### Configure the script - -Update default.tfvars or create a new Terraform configuration file. - -Variables that are exposed by this script are: - -- azure_app_password_expiration -- azure_app_name -- azure_app_password -- azure_environment_type -- azure_subscription_id -- parent_resource - -Open the file `variables.tf` for further details. - -### Initialize Terraform - -If not previously run then initialize Terraform to get all necessary providers. - -Command: `terraform init` - -### Apply using default configuration - -If seeking to apply the configuration using the configuration file `defaults.tfvars`. - -Command: `terraform apply -var-file="default.tfvars"` - -### Apply using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform apply -var-file=.tfvars` - -### Destroy using default configuration - -If seeking to apply the configuration using the configuration file `defaults.tfvars`. - -Command: `terraform destroy -var-file=default.tfvars` - -### Destroy using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform destroy -var-file=.tfvars` - diff --git a/baselines/todo_policy_packs/azure/azure_sub_create_then_import_ro/default.tfvars b/baselines/todo_policy_packs/azure/azure_sub_create_then_import_ro/default.tfvars deleted file mode 100644 index c4543ba78..000000000 --- a/baselines/todo_policy_packs/azure/azure_sub_create_then_import_ro/default.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -azure_app_password_expiration = "<'YYYY-MM-DD'T'HH:MM:SS'Z>" - -azure_app_name = "" - -azure_app_password = "" - -azure_environment_type = "" - -azure_subscription_id = "" - -parent_resource = "<15 digit tubot folder id under which the aws account to be imported>" diff --git a/baselines/todo_policy_packs/azure/azure_sub_create_then_import_ro/main.tf b/baselines/todo_policy_packs/azure/azure_sub_create_then_import_ro/main.tf deleted file mode 100644 index 693783be2..000000000 --- a/baselines/todo_policy_packs/azure/azure_sub_create_then_import_ro/main.tf +++ /dev/null @@ -1,117 +0,0 @@ -provider azuread { - version = "~> 0.7" -} - -#### Create the Azure AD App and Service Principal for Turbot to use, and set a password -resource "azuread_application" "turbot_azure_ad_app" { - name = var.azure_app_name -} - -resource "azuread_service_principal" "turbot_azure_ad_app_sp" { - application_id = azuread_application.turbot_azure_ad_app.application_id -} - -resource "azuread_service_principal_password" "turbot_azure_ad_app_sp_password" { - service_principal_id = azuread_service_principal.turbot_azure_ad_app_sp.id - value = var.azure_app_password - end_date = var.azure_app_password_expiration -} - -provider azurerm { - version = "=2.0.0" - features {} - subscription_id = var.azure_subscription_id -} - -resource "azurerm_role_definition" "event_handler_role" { - name = "Turbot/EventHandlerRole" - scope = "/subscriptions/${var.azure_subscription_id}" - description = "This is a custom role required by turbot to setup event handler to import subscription in read only mod." - - permissions { - actions = [ - "Microsoft.HDInsight/register/action", - "Microsoft.HDInsight/unregister/action", - "microsoft.insights/actiongroups/delete", - "microsoft.insights/actionGroups/write", - "Microsoft.Insights/ActivityLogAlerts/Activated/action", - "microsoft.insights/activityLogAlerts/delete", - "microsoft.insights/activityLogAlerts/write", - "Microsoft.Kusto/register/action", - "Microsoft.Kusto/unregister/action", - "Microsoft.Maps/register/action", - "Microsoft.Media/register/action", - "Microsoft.Media/unregister/action", - "microsoft.resources/register/action", - "Microsoft.Resources/subscriptions/resourcegroups/delete", - "Microsoft.Resources/subscriptions/resourcegroups/write", - "Microsoft.StreamAnalytics/register/action" - ] - not_actions = [] - data_actions = [] - not_data_actions = [] - } - - assignable_scopes = [ - "/subscriptions/${var.azure_subscription_id}" - ] -} - -#### Grant "owner" to the service principal for turbot -resource "azurerm_role_assignment" "turbot_azuread_role_assignment" { - scope = "/subscriptions/${var.azure_subscription_id}" - role_definition_name = "Reader" - principal_id = azuread_service_principal.turbot_azure_ad_app_sp.id -} - -#### Grant "owner" to the service principal for turbot -resource "azurerm_role_assignment" "turbot_events_role_assignment" { - depends_on = [azurerm_role_definition.event_handler_role] - scope = "/subscriptions/${var.azure_subscription_id}" - role_definition_name = "Turbot/EventHandlerRole" - principal_id = azuread_service_principal.turbot_azure_ad_app_sp.id -} - -#### Create the Azure > Subscription resource in Turbot -resource "turbot_resource" "subscription_resource" { - parent = var.parent_resource - type = "tmod:@turbot/azure#/resource/types/subscription" - metadata = jsonencode({ - "azure" : { - "subscriptionId" : "${var.azure_subscription_id}", - "tenantId" : "${data.azurerm_subscription.subscription_to_import.tenant_id}" - } - }) - data = jsonencode({ - "subscriptionId" : "${var.azure_subscription_id}" - }) -} - -#### Set the credentials for the subscription via Turbot policies -# Azure > Environment -resource "turbot_policy_setting" "environment" { - resource = turbot_resource.subscription_resource.id - type = "tmod:@turbot/azure#/policy/types/environment" - value = var.azure_environment_type -} - -# Azure > Client ID -resource "turbot_policy_setting" "clientId" { - resource = turbot_resource.subscription_resource.id - type = "tmod:@turbot/azure#/policy/types/clientId" - value = azuread_application.turbot_azure_ad_app.application_id -} - -# Azure > Client Key -resource "turbot_policy_setting" "clientKey" { - resource = turbot_resource.subscription_resource.id - type = "tmod:@turbot/azure#/policy/types/clientKey" - value = var.azure_app_password -} - -# Azure > Tenant ID -resource "turbot_policy_setting" "tenantId" { - resource = turbot_resource.subscription_resource.id - type = "tmod:@turbot/azure#/policy/types/tenantId" - value = data.azurerm_subscription.subscription_to_import.tenant_id -} diff --git a/baselines/todo_policy_packs/azure/azure_sub_create_then_import_ro/outputs.tf b/baselines/todo_policy_packs/azure/azure_sub_create_then_import_ro/outputs.tf deleted file mode 100644 index f31d605e2..000000000 --- a/baselines/todo_policy_packs/azure/azure_sub_create_then_import_ro/outputs.tf +++ /dev/null @@ -1,13 +0,0 @@ -#### Get the subscription info - -data "azurerm_subscription" "subscription_to_import" { - subscription_id = "${var.azure_subscription_id}" -} - -output "subscription_display_name" { - value = "${data.azurerm_subscription.subscription_to_import.display_name}" -} - -output "tenant_id" { - value = "${data.azurerm_subscription.subscription_to_import.tenant_id}" -} diff --git a/baselines/todo_policy_packs/azure/azure_sub_create_then_import_ro/variables.tf b/baselines/todo_policy_packs/azure/azure_sub_create_then_import_ro/variables.tf deleted file mode 100644 index ddaba8143..000000000 --- a/baselines/todo_policy_packs/azure/azure_sub_create_then_import_ro/variables.tf +++ /dev/null @@ -1,29 +0,0 @@ -variable "azure_subscription_id" { - description = "Enter the Azure Subscription ID that you wish to import: " - type = string -} - -variable "parent_resource" { - description = "Enter the Turbot Resource ID for the folder into which to import the subscription:" - type = string -} - -variable "azure_app_password" { - description = "Enter an Azure AD app password:" - type = string -} - -variable "azure_app_password_expiration" { - description = "Enter an expiration date for the Azure AD app password:" - type = string -} - -variable "azure_app_name" { - description = "Enter the Azure AD app name:" - type = string -} - -variable "azure_environment_type" { - description = "Enter the Azure subscription environment type ('Global Cloud' or 'US Government'):" - type = string -} diff --git a/baselines/todo_policy_packs/azure/azure_sub_import/README.md b/baselines/todo_policy_packs/azure/azure_sub_import/README.md deleted file mode 100644 index ad5e407a7..000000000 --- a/baselines/todo_policy_packs/azure/azure_sub_import/README.md +++ /dev/null @@ -1,63 +0,0 @@ -# Azure Subscription Import Baseline - -The Azure subscription import baseline terraform configuration lets you import an Azure subscription into your turbot environment, with the necessary roles and permissions. - -- It is recommended that you import subscriptions into Turbot Folders, as it provides greater flexibility and ease of management. - -## Prerequisites - -To run the Azure subscription import baseline, you must have: - -- [Terraform](https://www.terraform.io) Version 12 -- Terraform [Azure Provider](https://www.terraform.io/docs/providers/azurerm/index.html) -- [Turbot Terraform Provider](https://github.com/turbotio/terraform-provider-turbot) -- [Credentials](https://turbot.com/v5/docs/reference/cli/installation#setup-your-turbot-credentials) Configured to connect to your Turbot workspace and AWS account - -## Running the Baseline - -Scripts can be run in the folder that contains the script. - -### Configure the script - -Update default.tfvars or create a new Terraform configuration file. - -Variables that are exposed by this script are: - -- azure_environment_type -- azure_subscription_id -- parent_resource -- azure_client_id -- azure_tenant_id -- azure_client_secret - -Open the file `variables.tf` for further details. - -### Initialize Terraform - -If not previously run then initialize Terraform to get all necessary providers. - -Command: `terraform init` - -### Apply using default configuration - -If seeking to apply the configuration using the configuration file `defaults.tfvars`. - -Command: `terraform apply -var-file="default.tfvars"` - -### Apply using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform apply -var-file=.tfvars` - -### Destroy using default configuration - -If seeking to apply the configuration using the configuration file `defaults.tfvars`. - -Command: `terraform destroy -var-file=default.tfvars` - -### Destroy using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform destroy -var-file=.tfvars` diff --git a/baselines/todo_policy_packs/azure/azure_sub_import/default.tfvars b/baselines/todo_policy_packs/azure/azure_sub_import/default.tfvars deleted file mode 100644 index 82925c854..000000000 --- a/baselines/todo_policy_packs/azure/azure_sub_import/default.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -azure_environment_type = "" - -azure_subscription_id = "" - -parent_resource = "<15 digit tubot folder id under which the azure subscription to be imported>" - -azure_client_id = "" - -azure_tenant_id = "" - -azure_client_secret = "" \ No newline at end of file diff --git a/baselines/todo_policy_packs/azure/azure_sub_import/main.tf b/baselines/todo_policy_packs/azure/azure_sub_import/main.tf deleted file mode 100644 index 3545a4cb7..000000000 --- a/baselines/todo_policy_packs/azure/azure_sub_import/main.tf +++ /dev/null @@ -1,50 +0,0 @@ -provider azurerm { - version = "=2.0.0" - features {} - subscription_id = var.azure_subscription_id - client_id = var.azure_client_id - environment = "public" - tenant_id = var.azure_tenant_id - client_secret = var.azure_client_secret -} - -# Create the Azure > Subscription resource in Turbot -resource "turbot_resource" "subscription_resource" { - parent = var.parent_resource - type = "tmod:@turbot/azure#/resource/types/subscription" - metadata = jsonencode({ - "azure" : { - "subscriptionId" : "${var.azure_subscription_id}", - "tenantId" : "${data.azurerm_subscription.subscription_to_import.tenant_id}" - } - }) - data = jsonencode({ - "subscriptionId" : "${var.azure_subscription_id}" - }) -} - -# Set the credentials for the subscription via Turbot policies -# Azure > Environment -resource "turbot_policy_setting" "environment" { - resource = turbot_resource.subscription_resource.id - type = "tmod:@turbot/azure#/policy/types/environment" - value = var.azure_environment_type -} -# Azure > Client Key -resource "turbot_policy_setting" "clientKey" { - resource = turbot_resource.subscription_resource.id - type = "tmod:@turbot/azure#/policy/types/clientKey" - value = var.azure_client_secret -} -# Azure > Client ID -resource "turbot_policy_setting" "clientId" { - resource = turbot_resource.subscription_resource.id - type = "tmod:@turbot/azure#/policy/types/clientId" - value = var.azure_client_id -} -# Azure > Tenant ID -resource "turbot_policy_setting" "tenantId" { - resource = turbot_resource.subscription_resource.id - type = "tmod:@turbot/azure#/policy/types/tenantId" - value = data.azurerm_subscription.subscription_to_import.tenant_id -} diff --git a/baselines/todo_policy_packs/azure/azure_sub_import/outputs.tf b/baselines/todo_policy_packs/azure/azure_sub_import/outputs.tf deleted file mode 100644 index de348a35f..000000000 --- a/baselines/todo_policy_packs/azure/azure_sub_import/outputs.tf +++ /dev/null @@ -1,13 +0,0 @@ -#### Get the subscription info - -data "azurerm_subscription" "subscription_to_import" { - subscription_id = "${var.azure_subscription_id}" -} - -output "subscription_display_name" { - value = "${data.azurerm_subscription.subscription_to_import.display_name}" -} - -output "tennant_id" { - value = "${data.azurerm_subscription.subscription_to_import.tenant_id}" -} diff --git a/baselines/todo_policy_packs/azure/azure_sub_import/variables.tf b/baselines/todo_policy_packs/azure/azure_sub_import/variables.tf deleted file mode 100644 index a73404f7d..000000000 --- a/baselines/todo_policy_packs/azure/azure_sub_import/variables.tf +++ /dev/null @@ -1,29 +0,0 @@ -variable "azure_subscription_id" { - description = "Enter the Azure Subscription ID that you wish to import: " - type = string -} - -variable "parent_resource" { - description = "Enter the Turbot Resource ID for the folder into which to import the subscription:" - type = string -} - -variable "azure_environment_type" { - description = "Enter the Azure subscription environment type ('Global Cloud' or 'US Government'):" - type = string -} - -variable "azure_client_id" { - description = "Enter the Azure Client ID: " - type = string -} - -variable "azure_tenant_id" { - description = "Enter the Azure Tenant ID: " - type = string -} - -variable "azure_client_secret" { - description = "Enter the Azure Client Secret Key: " - type = string -} diff --git a/baselines/todo_policy_packs/azure/azure_tenant_import/README.md b/baselines/todo_policy_packs/azure/azure_tenant_import/README.md deleted file mode 100644 index 9fa5615d3..000000000 --- a/baselines/todo_policy_packs/azure/azure_tenant_import/README.md +++ /dev/null @@ -1,60 +0,0 @@ -# Azure Tenant Import Baseline - -The Azure tenant import baseline terraform configuration lets you import an Azure tenant into your turbot environment, with the necessary roles and permissions. - -## Prerequisites - -To run the Azure tenant import baseline, you must have: - -- [Terraform](https://www.terraform.io) Version 12 -- Terraform [Azure Provider](https://www.terraform.io/docs/providers/azurerm/index.html) -- [Turbot Terraform Provider](https://github.com/turbotio/terraform-provider-turbot) -- [Credentials](https://turbot.com/v5/docs/reference/cli/installation#setup-your-turbot-credentials) Configured to connect to your Turbot workspace - -## Running the Baseline - -Scripts can be run in the folder that contains the script. - -### Configure the script - -Update default.tfvars or create a new Terraform configuration file. - -Variables that are exposed by this script are: - -- azure_environment_type -- parent_resource -- azure_client_id -- azure_tenant_id -- azure_client_secret - -Open the file `variables.tf` for further details. - -### Initialize Terraform - -If not previously run then initialize Terraform to get all necessary providers. - -Command: `terraform init` - -### Apply using default configuration - -If seeking to apply the configuration using the configuration file `defaults.tfvars`. - -Command: `terraform apply -var-file="default.tfvars"` - -### Apply using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform apply -var-file=.tfvars` - -### Destroy using default configuration - -If seeking to apply the configuration using the configuration file `defaults.tfvars`. - -Command: `terraform destroy -var-file=default.tfvars` - -### Destroy using custom configuration - -If seeking to apply the configuration using a custom configuration file `.tfvars`. - -Command: `terraform destroy -var-file=.tfvars` diff --git a/baselines/todo_policy_packs/azure/azure_tenant_import/default.tfvars b/baselines/todo_policy_packs/azure/azure_tenant_import/default.tfvars deleted file mode 100644 index 92bab9949..000000000 --- a/baselines/todo_policy_packs/azure/azure_tenant_import/default.tfvars +++ /dev/null @@ -1,9 +0,0 @@ -azure_environment_type = "" - -parent_resource = "<15 digit tubot folder id under which the azure tenant to be imported>" - -azure_client_id = "" - -azure_tenant_id = "" - -azure_client_secret = "" \ No newline at end of file diff --git a/baselines/todo_policy_packs/azure/azure_tenant_import/main.tf b/baselines/todo_policy_packs/azure/azure_tenant_import/main.tf deleted file mode 100644 index 007d4feef..000000000 --- a/baselines/todo_policy_packs/azure/azure_tenant_import/main.tf +++ /dev/null @@ -1,49 +0,0 @@ -provider azurerm { - version = "=2.0.0" - features {} - client_id = var.azure_client_id - environment = "public" - tenant_id = var.azure_tenant_id - client_secret = var.azure_client_secret -} - -# Create the Azure > Tenant resource in Turbot -resource "turbot_resource" "tenant_resource" { - parent = var.parent_resource - type = "tmod:@turbot/azure#/resource/types/tenant" - akas = ["azure:///tenants/${var.azure_tenant_id}"] - metadata = jsonencode({ - "azure" : { - "tenantId" : "${var.azure_tenant_id}" - } - }) - data = jsonencode({ - "id" : "${var.azure_tenant_id}" - }) -} - -# Set the credentials for the Tenant via Turbot policies - -resource "turbot_policy_setting" "environment" { - resource = turbot_resource.tenant_resource.id - type = "tmod:@turbot/azure#/policy/types/environment" - value = var.azure_environment_type -} - -resource "turbot_policy_setting" "clientKey" { - resource = turbot_resource.tenant_resource.id - type = "tmod:@turbot/azure#/policy/types/clientKey" - value = var.azure_client_secret -} - -resource "turbot_policy_setting" "clientId" { - resource = turbot_resource.tenant_resource.id - type = "tmod:@turbot/azure#/policy/types/clientId" - value = var.azure_client_id -} - -resource "turbot_policy_setting" "tenantId" { - resource = turbot_resource.tenant_resource.id - type = "tmod:@turbot/azure#/policy/types/tenantId" - value = var.azure_tenant_id -} diff --git a/baselines/todo_policy_packs/azure/azure_tenant_import/variables.tf b/baselines/todo_policy_packs/azure/azure_tenant_import/variables.tf deleted file mode 100644 index 8b1bec3d6..000000000 --- a/baselines/todo_policy_packs/azure/azure_tenant_import/variables.tf +++ /dev/null @@ -1,25 +0,0 @@ - -variable "parent_resource" { - description = "Enter the Turbot Resource ID for the folder into which to import the tenant:" - type = string -} - -variable "azure_environment_type" { - description = "Enter the Azure tenant environment type ('Global Cloud' or 'US Government'):" - type = string -} - -variable "azure_client_id" { - description = "Enter the Azure Client ID: " - type = string -} - -variable "azure_tenant_id" { - description = "Enter the Azure Tenant ID: " - type = string -} - -variable "azure_client_secret" { - description = "Enter the Azure Client Secret Key: " - type = string -} diff --git a/baselines/todo_policy_packs/gcp/gcp_baseline/README.md b/baselines/todo_policy_packs/gcp/gcp_baseline/README.md deleted file mode 100644 index 702621d55..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_baseline/README.md +++ /dev/null @@ -1,154 +0,0 @@ -# Baseline - GCP Baseline - -GCP Baseline Policies focuses on base minimum set of example policies & services to start with such as - -- Sevice Enablement -- Service API Enablement -- Event Polling -- Enable CIS - -This baseline turns on GCP services that are provided by an input variable file. -If none are provided then all services will be enabled. -Enabling / disabling a service consists of enabling / disabling the service and API access to that service. -The variable to use is `service_status`. - -The baseline will configure GCP to use polling unless specified to use event handling in the input variable file. -The variable to use is `use_event_polling`. - -Additionally the baseline will enable CIS and set attestation of CIS to be a year. -Currently there is no variable to control this behavior. - -## Important - -Running the baseline without an input variable file assumes that you have **ALL** GCP mods installed. -To limit the baseline, look at the example input variable file [demo.tfvars](demo.tfvars). - -## Overview - -Baseline policies are initial set of policies recommended to start with while using Turbot. These policies mostly focuses on enabling services, frequently used policies to run in check mode & enabling security features such as various encryption standards. Baseline TF scripts allows you to toggle the value to apply or ignore. See the below sections for more information. - -Some of these policies overlap with other set of baselines. Hence Turbot provided set of baseline TF files are executed in separate [Smart Folder](https://turbot.com/v5/docs/getting-started/smart_folder). The advantage of setting up of each baseline in their own Smart Folder prevents conflicting with the policy settings created by other baseline scripts. - -This baseline will not attach to a resource by default. This needs to be done manually using the Turbot UI. - -## Requirements - -- Terraform v0.13 or greater installed -- Valid Turbot configuration credentials - -For further information on configuring Turbot credentials can be found [here](https://turbot.com/v5/docs/reference/cli/installation#setup-your-turbot-credentials). - -## Applying baseline - -The baseline is defined by a set of files which together define the configuration of the baseline. - -### Deploying demo example - -The demo baseline expects that the following mods are installed: - -- gcp-iam -- gcp-pubsub -- gcp-storage -- gcp-logging - -To run the baseline: - -1. Navigate to the folder of the baseline -2. Initialise Terraform -3. Apply the baseline using the demo input variable file [demo.tfvars](demo.tfvars) - -On the terminal this will look like: - -```shell -cd -terraform init -terraform apply --var-file demo.tfvars -``` - -**Note** - -- Most of the variables in demo.tfvars are marked as `false`, as they are not part of required initial policies. This can be made `true` based on need. - -- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default variable file. - -### Input variable files - -Input variable files allow for the user to configure configuration definitions for multiple environments in different files. - -It will be used to define which parts of the baseline to apply and which to ignore. - -The variables that can be overwritten by the input variable files are defined in the [variables.tf](variables.tf) file. - -This baseline comes with an example input variable file called [demo.tfvars](demo.tfvars). - -Further details found in official [Terraform documentation](https://www.terraform.io/docs/language/values/variables.html). - -### Initialise baseline - -If not previously run, initialise Terraform to get all necessary providers for the baseline. - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform init - ``` - -### Apply baseline without input variable file - -The baseline can be applied without an input variable file. - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform apply - ``` - -This may prompt the user applying the baseline to enter values for variables that do not have default values. - -### Apply baseline using input variable files - -If seeking to apply the baseline using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform apply --var-file=demo.tfvars - ``` - -### Destroy baseline without input variable file - -If seeking to apply the baseline without using an input variable file. - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform destroy - ``` - -### Destroy using input variable files - -If seeking to destoy the baseline configuration using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform destroy --var-file=demo.tfvars - ``` - -## Commenting strategy - -All Turbot policies used by the baselines will have a link to the official Turbot Mods documentation. - -Opening the links will give you further details about: - -- The purpose of the policy -- Policy URI name -- Parent information -- Category information -- Target information -- All valid values diff --git a/baselines/todo_policy_packs/gcp/gcp_baseline/demo.tfvars b/baselines/todo_policy_packs/gcp/gcp_baseline/demo.tfvars deleted file mode 100644 index 0486df201..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_baseline/demo.tfvars +++ /dev/null @@ -1,17 +0,0 @@ -# List of services and providers to set as Enabled -# Enabling all by default, can comment out the services and APIs to reduce scope -# Make sure you have the mods installed if enabling / registering. The default mod install baseline assumes all - -# For Service Status, change the options per service: -# "Enabled" -# "Disabled" - -service_status = { - gcp-iam = "Enabled" - gcp-logging = "Enabled" ### Enabled in Real-Time events if turned on - gcp-pubsub = "Enabled" ### Enabled in Real-Time events if turned on - gcp-storage = "Enabled" -} - -# Set up the demo to use event handling -use_event_polling = false diff --git a/baselines/todo_policy_packs/gcp/gcp_baseline/enable_cis_policies.tf b/baselines/todo_policy_packs/gcp/gcp_baseline/enable_cis_policies.tf deleted file mode 100644 index ef4035570..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_baseline/enable_cis_policies.tf +++ /dev/null @@ -1,17 +0,0 @@ -# Enabled CIS Checks and setting the default attestation to 1 year - -# GCP > CIS v1 -# https://turbot.com/v5/mods/turbot/gcp-cisv1/inspect#/policy/types/cis -resource "turbot_policy_setting" "enable_cis_checks" { - resource = turbot_smart_folder.gcp_baseline.id - type = "tmod:@turbot/gcp-cisv1#/policy/types/cis" - value = "Check: Level 1 & Level 2 (Scored)" -} - -# GCP > CIS v1 > Maximum Attestation Duration -# https://turbot.com/v5/mods/turbot/gcp-cisv1/inspect#/policy/types/attestation -resource "turbot_policy_setting" "gcp_cis_max_attestation_period" { - resource = turbot_smart_folder.gcp_baseline.id - type = "tmod:@turbot/gcp-cisv1#/policy/types/attestation" - value = "1 year" -} diff --git a/baselines/todo_policy_packs/gcp/gcp_baseline/enable_policies.tf b/baselines/todo_policy_packs/gcp/gcp_baseline/enable_policies.tf deleted file mode 100644 index 1667e371e..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_baseline/enable_policies.tf +++ /dev/null @@ -1,22 +0,0 @@ -# Enabling GCP Services in Turbot -# https://turbot.com/v5/docs/integrations/gcp/services - -# Loop through var.service_status and set enable policies - -# GCP > **Service** > Enabled -# Example policy: https://turbot.com/v5/mods/turbot/gcp-iam/inspect#/policy/types/iamEnabled -resource "turbot_policy_setting" "gcp_enable" { - for_each = var.service_status - resource = turbot_smart_folder.gcp_baseline.id - type = "tmod:@turbot/${each.key}#/policy/types/${local.policy_map[each.key]}" - value = each.value -} - -# GCP > **Service** > API Enabled -# Example policy: https://turbot.com/v5/mods/turbot/gcp-iam/inspect#/policy/types/iamApiEnabled -resource "turbot_policy_setting" "gcp_api_enable" { - for_each = var.service_status - resource = turbot_smart_folder.gcp_baseline.id - type = "tmod:@turbot/${each.key}#/policy/types/${local.api_policy_map[each.key]}" - value = "Enforce: ${each.value}" -} diff --git a/baselines/todo_policy_packs/gcp/gcp_baseline/event_poller_policies.tf b/baselines/todo_policy_packs/gcp/gcp_baseline/event_poller_policies.tf deleted file mode 100644 index e1d563843..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_baseline/event_poller_policies.tf +++ /dev/null @@ -1,77 +0,0 @@ -# GCP Real-Time Events(Pollers) -# https://turbot.com/v5/docs/integrations/gcp/real-time-events - -# Configuring Real-Time Event Handlers -# https://turbot.com/v5/docs/integrations/gcp/real-time-events/event-handlers - -# Create Event Pollers per Project -# Note: Setting variable `use_event_polling` to false will cause the baseline to use event handlers -# by default the baseline will use event pollers are they are the simplest setup. - -# GCP > Turbot > Event Poller -# https://turbot.com/v5/mods/turbot/gcp/inspect#/policy/types/eventPoller -resource "turbot_policy_setting" "gcp_event_polling" { - count = var.use_event_polling ? 1 : 0 - resource = turbot_smart_folder.gcp_baseline.id - type = "tmod:@turbot/gcp#/policy/types/eventPoller" - value = "Enabled" -} - -# GCP > Turbot > Event Poller > Interval -# https://turbot.com/v5/mods/turbot/gcp/inspect#/policy/types/eventPollerInterval -resource "turbot_policy_setting" "gcp_event_polling_interval" { - count = var.use_event_polling ? 1 : 0 - resource = turbot_smart_folder.gcp_baseline.id - type = "tmod:@turbot/gcp#/policy/types/eventPollerInterval" - value = "Every 1 minute" -} - -# GCP > Turbot > Event Poller > Window -# https://turbot.com/v5/mods/turbot/gcp/inspect#/policy/types/eventPollerWindow -resource "turbot_policy_setting" "gcp_event_polling_window" { - count = var.use_event_polling ? 1 : 0 - resource = turbot_smart_folder.gcp_baseline.id - type = "tmod:@turbot/gcp#/policy/types/eventPollerWindow" - value = "10 minutes" -} - -# Sets the policy for Logging - -# GCP > Turbot > Event Handlers > Logging -# https://turbot.com/v5/mods/turbot/gcp/inspect#/policy/types/eventHandlersLogging -resource "turbot_policy_setting" "event_handlers_logging" { - count = var.use_event_polling ? 0 : 1 - resource = turbot_smart_folder.gcp_baseline.id - type = "tmod:@turbot/gcp#/policy/types/eventHandlersLogging" - value = "Enforce: Configured" -} - -# Sets the policy for Pub/Sub -# GCP > Turbot > Event Handlers > Pub/Sub -# https://turbot.com/v5/mods/turbot/gcp/inspect#/policy/types/eventHandlersPubSub -resource "turbot_policy_setting" "event_handlers_pub_sub" { - count = var.use_event_polling ? 0 : 1 - resource = turbot_smart_folder.gcp_baseline.id - type = "tmod:@turbot/gcp#/policy/types/eventHandlersPubSub" - value = "Enforce: Configured" -} - -# Sets the policy Enable for API Enabled in Pub/Sub -# GCP > Pub/Sub > API Enabled -# https://turbot.com/v5/mods/turbot/gcp-pubsub/inspect#/policy/types/pubsubApiEnabled -resource "turbot_policy_setting" "pub_sub_api_enabled" { - count = var.use_event_polling ? 0 : 1 - resource = turbot_smart_folder.gcp_baseline.id - type = "tmod:@turbot/gcp-pubsub#/policy/types/pubsubApiEnabled" - value = "Enforce: Enabled" -} - -# Sets the policy Enable for API Enabled in Logging -# GCP > Logging > API Enabled -# https://turbot.com/v5/mods/turbot/gcp-logging/inspect#/policy/types/loggingApiEnabled -resource "turbot_policy_setting" "logging_api_enabled" { - count = var.use_event_polling ? 0 : 1 - resource = turbot_smart_folder.gcp_baseline.id - type = "tmod:@turbot/gcp-logging#/policy/types/loggingApiEnabled" - value = "Enforce: Enabled" -} diff --git a/baselines/todo_policy_packs/gcp/gcp_baseline/locals.tf b/baselines/todo_policy_packs/gcp/gcp_baseline/locals.tf deleted file mode 100644 index 6543c4d81..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_baseline/locals.tf +++ /dev/null @@ -1,58 +0,0 @@ - -locals { - policy_map = { - gcp-appengine = "appEngineEnabled" - gcp-bigquery = "bigQueryEnabled" - gcp-bigtable = "bigtableEnabled" - gcp-build = "buildServiceEnabled" - gcp-composer = "composerEnabled" - gcp-computeengine = "computeEngineEnabled" - gcp-datacatalog = "dataCatalogEnabled" - gcp-dataflow = "dataflowEnabled" - gcp-dataproc = "dataprocEnabled" - gcp-dns = "dnsEnabled" - gcp-functions = "functionsEnabled" - gcp-iam = "iamEnabled" - gcp-kms = "kmsEnabled" - gcp-kubernetesengine = "kubernetesEngineEnabled" - gcp-logging = "loggingEnabled" - gcp-memorystore = "memorystoreEnabled" - gcp-monitoring = "monitoringEnabled" - gcp-network = "networkServiceEnabled" - gcp-notebooks = "notebooksEnabled" - gcp-pubsub = "pubsubEnabled" - gcp-scheduler = "schedulerEnabled" - gcp-spanner = "spannerEnabled" - gcp-sql = "sqlEnabled" - gcp-storage = "storageEnabled" - ##gcp-orgpolicy = "" ## Note: OrgPolicy does not have an Enabled - } - - api_policy_map = { - gcp-appengine = "appEngineApiEnabled" - gcp-bigquery = "bigQueryApiEnabled" - gcp-bigtable = "bigtableApiEnabled" - gcp-build = "buildServiceApiEnabled" - gcp-composer = "composerApiEnabled" - gcp-computeengine = "computeEngineApiEnabled" - gcp-datacatalog = "dataCatalogApiEnabled" - gcp-dataflow = "dataflowApiEnabled" - gcp-dataproc = "dataprocApiEnabled" - gcp-dns = "dnsApiEnabled" - gcp-functions = "functionsApiEnabled" - gcp-iam = "iamApiEnabled" - gcp-kms = "kmsApiEnabled" - gcp-kubernetesengine = "kubernetesEngineApiEnabled" - gcp-logging = "loggingApiEnabled" - gcp-memorystore = "memorystoreApiEnabled" - gcp-monitoring = "monitoringApiEnabled" - gcp-network = "networkServiceApiEnabled" - gcp-notebooks = "notebooksApiEnabled" - gcp-pubsub = "pubsubApiEnabled" - gcp-scheduler = "schedulerApiEnabled" - gcp-spanner = "spannerApiEnabled" - gcp-sql = "sqlApiEnabled" - gcp-storage = "storageApiEnabled" - ##gcp-orgpolicy = "" ## Note: OrgPolicy does not have an API Enabled - } -} diff --git a/baselines/todo_policy_packs/gcp/gcp_baseline/outputs.tf b/baselines/todo_policy_packs/gcp/gcp_baseline/outputs.tf deleted file mode 100644 index 5f3d803e1..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_baseline/outputs.tf +++ /dev/null @@ -1,25 +0,0 @@ -# Baseline Configuration - -output "service_status" { - value = var.service_status -} - -output "use_event_polling" { - value = var.use_event_polling -} - -output "turbot_profile" { - value = var.turbot_profile -} - -output "smart_folder_name" { - value = var.smart_folder_name -} - -output "smart_folder_description" { - value = var.smart_folder_description -} - -output "smart_folder_parent_resource" { - value = var.smart_folder_parent_resource -} diff --git a/baselines/todo_policy_packs/gcp/gcp_baseline/providers.tf b/baselines/todo_policy_packs/gcp/gcp_baseline/providers.tf deleted file mode 100644 index 0353d61cb..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_baseline/providers.tf +++ /dev/null @@ -1,12 +0,0 @@ -terraform { - required_providers { - turbot = { - source = "turbot/turbot" - } - } - required_version = ">= 0.13" -} - -provider "turbot" { - profile = var.turbot_profile -} diff --git a/baselines/todo_policy_packs/gcp/gcp_baseline/regions.tf b/baselines/todo_policy_packs/gcp/gcp_baseline/regions.tf deleted file mode 100644 index ff13c84b2..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_baseline/regions.tf +++ /dev/null @@ -1,52 +0,0 @@ -# Commented out as the initial baseline assumes event polling vs event handlers in each region. -# If using Turbot Event Handlers, this baseline would be relevant if reducing Turbot Event Handlers to specific regions only -# Default to us and global regions only -# More Info: https://turbot.com/v5/docs/guides/regions#discovering-regions - -# Limit Available Regions -# "*" allows Turbot to run in all available regions. -# Other wildcarding is allowed e.g. us*, us-east-* -# Remove the comment next to the region to include additional regions to the scope -# Note: global is required since the global region is used for specific services - - -#resource "turbot_policy_setting" "gcp_project_available_regions" { -# resource = turbot_smart_folder.gcp_baseline.id -# type = "tmod:@turbot/gcp#/policy/types/RegionsDefault" -# value = <<-REGIONS -# # - asia-east1 -# # - asia-east2 -# # - asia-northeast1 -# # - asia-northeast2 -# # - asia-northeast3 -# # - asia-south1 -# # - asia-southeast1 -# # - australia-southeast1 -# # - europe-north1 -# # - europe-west1 -# # - europe-west2 -# # - europe-west3 -# # - europe-west4 -# # - europe-west6 -# # - northamerica-northeast1 -# # - southamerica-east1 -# - us-central1 -# - us-east1 -# - us-east4 -# - us-west1 -# - us-west2 -# - us-west3 -# # - asia -# # - eu -# # - eur3 -# # - eur4 -# # - nam-eur-asia1 -# # - nam3 -# # - nam4 -# # - nam5 -# # - nam6 -# - us -# - global -# REGIONS -#} - diff --git a/baselines/todo_policy_packs/gcp/gcp_baseline/smart_folder.tf b/baselines/todo_policy_packs/gcp/gcp_baseline/smart_folder.tf deleted file mode 100644 index f0b38a5b7..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_baseline/smart_folder.tf +++ /dev/null @@ -1,6 +0,0 @@ -resource "turbot_smart_folder" "gcp_baseline" { - parent = var.smart_folder_parent_resource - title = var.smart_folder_name - description = var.smart_folder_description -} - diff --git a/baselines/todo_policy_packs/gcp/gcp_baseline/variables.tf b/baselines/todo_policy_packs/gcp/gcp_baseline/variables.tf deleted file mode 100644 index 981e187e1..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_baseline/variables.tf +++ /dev/null @@ -1,37 +0,0 @@ -# Baseline Configuration - -variable "service_status" { - description = "Choose the subset of services that should be configured. Possible values for each service are: [\"Enabled\", \"Disabled\"]" - type = map(any) -} - -variable "use_event_polling" { - description = "GCP events will be retrieved by polling set to true or using an event handler if set to false." - default = true -} - - -# Optional Common Baseline Configuration - -variable "turbot_profile" { - description = "Enter profile matching your turbot cli credentials." -} - -variable "smart_folder_name" { - description = "Smart folder name for the baseline" - type = string - default = "GCP Check Baseline Policies" -} - -variable "smart_folder_description" { - description = "Enter a description for the smart folder" - type = string - default = "Defines sets of policies for the GCP baseline" -} - -variable "smart_folder_parent_resource" { - description = "Enter the resource ID or AKA for the parent of the smart folder" - type = string - default = "tmod:@turbot/turbot#/" -} - diff --git a/baselines/todo_policy_packs/gcp/gcp_check_cost_controls/README.md b/baselines/todo_policy_packs/gcp/gcp_check_cost_controls/README.md deleted file mode 100644 index b73183a29..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_cost_controls/README.md +++ /dev/null @@ -1,140 +0,0 @@ -# Baseline - GCP Check Cost Controls - -This baseline will allow you to check the infrastructure over X days/unattached volumes and to set resource scheduling and make it inactive to reduce the cost. - -Few important links - -- [Budget Guardrails](https://turbot.com/v5/docs/concepts/guardrails/budget) -- [Scheduling in Turbot](https://turbot.com/v5/docs/concepts/guardrails/scheduling) -- [Active Guardrails](https://turbot.com/v5/docs/concepts/guardrails/active) - -## Overview - -Baseline policies are initial set of policies recommended to start with while using Turbot. These policies mostly focuses on enabling services, frequently used policies to run in check mode & enabling security features such as various encryption standards. Baseline TF scripts allows you to toggle the value to apply or ignore. See the below sections for more information. - -Some of these policies overlap with other set of baselines. Hence Turbot provided set of baseline TF files are executed in separate [Smart Folder](https://turbot.com/v5/docs/getting-started/smart_folder). The advantage of setting up of each baseline in their own Smart Folder prevents conflicting with the policy settings created by other baseline scripts. - -This baseline will not attach to a resource by default. This needs to be done manually using the Turbot UI. - -## Requirements - -- Terraform v0.13 or greater installed -- Valid Turbot configuration credentials - -For further information on configuring Turbot credentials can be found [here](https://turbot.com/v5/docs/reference/cli/installation#setup-your-turbot-credentials). - -## Applying baseline - -The baseline is defined by a set of files which together define the configuration of the baseline. - -### Initialize baseline - -If not previously run, Initialize Terraform to get all necessary providers for the baseline. - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform init - ``` -### Profile name as input - -The baseline example set requires you to provide `turbot_profile` name as input. This is to help in case you are having more profiles than only `default`. In case it's default, specify name as default. - -```shell -var.turbot_profile - Enter profile matching your turbot cli credentials. - Enter a value: -``` - -### Deploying demo example - -1. Navigate to the folder of the baseline -2. Initialize Terraform -3. Apply the baseline using the demo input variable file [demo.tfvars](demo.tfvars) - -On the terminal this will look like: - -```shell -cd -terraform init -terraform apply --var-file demo.tfvars -``` -**Note** -- Most of the variables in demo.tfvars are marked as `false`, as they are not part of required initial policies. This can be made `true` based on need. - -- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default variable file. - -### Input variable files - -Input variable files allow for the user to configure configuration definitions for multiple environments in different files. - -This baseline comes with an example input variable file called [demo.tfvars](demo.tfvars). - -It will be used to define which parts of the baseline to apply and which to ignore. - -The variables that can be overwritten by the input variable files i.e. [demo.tfvars](demo.tfvars) are defined in the [variables.tf](variables.tf) file. - -Further details found in official [Terraform documentation](https://www.terraform.io/docs/language/values/variables.html). - -### Apply baseline using input variable files - -If seeking to apply the baseline using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform apply --var-file=demo.tfvars - ``` -### Apply baseline without input variable file - -The baseline can be applied without an input variable file. - -1. By this time Terraform initialization is done as mentioned above. -3. Prefer to check the outcome by running the Terraform plan -3. Apply the Terraform -4. Run the command: - -```shell -cd -terraform plan -terraform apply -``` - -`This may prompt the user applying the baseline to enter values for variables that do not have default values.` - -### Destroy baseline without input variable file - -If seeking to apply the baseline without using an input variable file. - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform destroy - ``` - -### Destroy using input variable files - -If seeking to destroy the baseline configuration using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform destroy --var-file=demo.tfvars - ``` - -## Commenting strategy - -All Turbot policies used by the baselines will have a link to the official Turbot Mods documentation. - -Opening the links will give you further details about: - -- The purpose of the policy -- Policy URI name -- Parent information -- Category information -- Target information -- All valid values diff --git a/baselines/todo_policy_packs/gcp/gcp_check_cost_controls/active_policies.tf b/baselines/todo_policy_packs/gcp/gcp_check_cost_controls/active_policies.tf deleted file mode 100644 index 84077aa47..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_cost_controls/active_policies.tf +++ /dev/null @@ -1,32 +0,0 @@ -# Simple cost control to check for aging infrastructure over X days -# Defaulting to 60 days as an example. -# Other use cases can be used for Last Modified, Attached, etc. -# More Info: https://turbot.com/v5/docs/concepts/guardrails/active - -# GCP > **Service** > **Resource** > Active -# Example policy: https://turbot.com/v5/mods/turbot/gcp-computeengine/inspect#/policy/types/instanceActive -resource "turbot_policy_setting" "set_resource_active_policies" { - for_each = var.resource_active - resource = turbot_smart_folder.gcp_cost_controls.id - type = local.policy_map[each.key] - value = each.value -} - -# GCP > **Service** > **Resource** > Active > Age -# Example policy: https://turbot.com/v5/mods/turbot/gcp-computeengine/inspect#/policy/types/instanceActiveAge -resource "turbot_policy_setting" "set_resource_age_policies" { - for_each = var.resource_active - resource = turbot_smart_folder.gcp_cost_controls.id - type = local.policy_map_age[each.key] - value = "Force inactive if age > 60 days" - # Skip - # Force inactive if age > 1 day - # Force inactive if age > 3 days - # Force inactive if age > 7 days - # Force inactive if age > 14 days - # Force inactive if age > 30 days - # Force inactive if age > 60 days - # Force inactive if age > 90 days - # Force inactive if age > 180 days - # Force inactive if age > 365 days -} diff --git a/baselines/todo_policy_packs/gcp/gcp_check_cost_controls/compute_engine_active_policies.tf b/baselines/todo_policy_packs/gcp/gcp_check_cost_controls/compute_engine_active_policies.tf deleted file mode 100644 index d99825803..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_cost_controls/compute_engine_active_policies.tf +++ /dev/null @@ -1,19 +0,0 @@ -# More Info: https://turbot.com/v5/docs/concepts/guardrails/active - -# GCP > Compute Engine > Disk > Active -# https://turbot.com/v5/mods/turbot/gcp-computeengine/inspect#/policy/types/diskActive -resource "turbot_policy_setting" "gcp_computeengine_disk_active" { - count = var.enable_compute_engine_active_policies ? 1 : 0 - resource = turbot_smart_folder.gcp_cost_controls.id - type = "tmod:@turbot/gcp-computeengine#/policy/types/diskActive" - value = "Check: Active" -} - -# GCP > Compute Engine > Disk > Active > Attached -# https://turbot.com/v5/mods/turbot/gcp-computeengine/inspect#/policy/types/diskActiveAttached -resource "turbot_policy_setting" "gcp_computeengine_disk_active_attached" { - count = var.enable_compute_engine_active_policies ? 1 : 0 - resource = turbot_smart_folder.gcp_cost_controls.id - type = "tmod:@turbot/gcp-computeengine#/policy/types/diskActiveAttached" - value = "Force inactive if unattached" -} diff --git a/baselines/todo_policy_packs/gcp/gcp_check_cost_controls/compute_engine_schedule_policies.tf b/baselines/todo_policy_packs/gcp/gcp_check_cost_controls/compute_engine_schedule_policies.tf deleted file mode 100644 index c4dbee2df..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_cost_controls/compute_engine_schedule_policies.tf +++ /dev/null @@ -1,32 +0,0 @@ -# Setting Resource Schedules to start/stop based on schedule -# Set to Skip to avoid accidently Enforcement. -# More Info: https://turbot.com/v5/docs/concepts/guardrails/scheduling - - -# Policy Setting Options: -# Skip -# Enforce: Business hours (8:00am - 6:00pm on weekdays) -# Enforce: Extended business hours (7:00am - 11:00pm on weekdays) -# Enforce: Stop for night (stop at 10:00pm every day) -# Enforce: Stop for weekend (stop at 10:00pm on Friday) - -## Compute Engine Instance Instances -# GCP > Compute Engine > Instance > Schedule -# https://turbot.com/v5/mods/turbot/gcp-computeengine/inspect#/policy/types/instanceSchedule -resource "turbot_policy_setting" "gcp_computeengine_instance_schedule" { - count = var.enable_compute_engine_schedule_policies ? 1 : 0 - resource = turbot_smart_folder.gcp_cost_controls.id - type = "tmod:@turbot/gcp-computeengine#/policy/types/instanceSchedule" - value = "Skip" -} - -# GCP > Compute Engine > Instance > Schedule > Tag -# https://turbot.com/v5/mods/turbot/gcp-computeengine/inspect#/policy/types/instanceScheduleTag -# # Schedule Tag Option, more information https://turbot.com/v5/docs/concepts/guardrails/scheduling#scheduling-with-a-tag -resource "turbot_policy_setting" "gcp_computeengine_instance_schedule_tag" { - count = var.enable_compute_engine_schedule_policies ? 1 : 0 - resource = turbot_smart_folder.gcp_cost_controls.id - type = "tmod:@turbot/gcp-computeengine#/policy/types/instanceScheduleTag" - value = "Skip" - # "Enforce: Schedule per turbot_custom_schedule tag" -} diff --git a/baselines/todo_policy_packs/gcp/gcp_check_cost_controls/demo.tfvars b/baselines/todo_policy_packs/gcp/gcp_check_cost_controls/demo.tfvars deleted file mode 100644 index e0a759dad..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_cost_controls/demo.tfvars +++ /dev/null @@ -1,96 +0,0 @@ -# List of services and resources to be Check: Approved. -# Started with a few resource types to get started aligned with the initial mods installed -# You can remove the comment per row to include the resource type. Make sure you have the related service mod installed - -# Acceptable Values: - # "Skip" - # "Check: Active" - # "Enforce: Delete inactive with 1 day warning" - # "Enforce: Delete inactive with 3 days warning" - # "Enforce: Delete inactive with 7 days warning" - # "Enforce: Delete inactive with 14 days warning" - # "Enforce: Delete inactive with 30 days warning" - # "Enforce: Delete inactive with 60 days warning" - # "Enforce: Delete inactive with 90 days warning" - # "Enforce: Delete inactive with 180 days warning" - # "Enforce: Delete inactive with 365 days warning" - -resource_active = { - # gcp-bigquery-dataset = "Check: Active" - # gcp-bigquery-table = "Check: Active" - # gcp-bigtable-cluster = "Check: Active" - # gcp-bigtable-instance = "Check: Active" - # gcp-bigtable-table = "Check: Active" - # gcp-composer-environment = "Check: Active" - ##Have Unattached Policy Set instead## gcp-computeengine-disk = "Check: Active" - # gcp-computeengine-healthCheck = "Check: Active" - # gcp-computeengine-httpHealthCheck = "Check: Active" - # gcp-computeengine-httpsHealthCheck = "Check: Active" - gcp-computeengine-image = "Check: Active" - gcp-computeengine-instance = "Check: Active" - # gcp-computeengine-instanceTemplate = "Check: Active" - # gcp-computeengine-nodeGroup = "Check: Active" - # gcp-computeengine-nodeTemplate = "Check: Active" - gcp-computeengine-regionDisk = "Check: Active" - # gcp-computeengine-regionHealthCheck = "Check: Active" - gcp-computeengine-snapshot = "Check: Active" - # gcp-dataflow-job = "Check: Active" - # gcp-dataproc-cluster = "Check: Active" - # gcp-dataproc-job = "Check: Active" - # gcp-dataproc-workflowTemplate = "Check: Active" - # gcp-dns-managedZone = "Check: Active" - gcp-functions-function = "Check: Active" - # gcp-iam-projectUser = "Check: Active" - # gcp-iam-projectUserAdminActivity = "Check: Active" - # gcp-iam-serviceAccount = "Check: Active" - # gcp-iam-serviceAccountKey = "Check: Active" - gcp-kubernetesengine-regionCluster = "Check: Active" - # gcp-kubernetesengine-regionNodePool = "Check: Active" - gcp-kubernetesengine-zoneCluster = "Check: Active" - # gcp-kubernetesengine-zoneNodePool = "Check: Active" - # gcp-logging-exclusion = "Check: Active" - # gcp-logging-metric = "Check: Active" - # gcp-logging-sink = "Check: Active" - # gcp-monitoring-alertPolicy = "Check: Active" - # gcp-monitoring-group = "Check: Active" - # gcp-monitoring-notificationChannel = "Check: Active" - # gcp-network-address = "Check: Active" - # gcp-network-backendBucket = "Check: Active" - # gcp-network-backendService = "Check: Active" - # gcp-network-firewall = "Check: Active" - # gcp-network-forwardingRule = "Check: Active" - # gcp-network-globalAddress = "Check: Active" - # gcp-network-globalForwardingRule = "Check: Active" - # gcp-network-interconnect = "Check: Active" - # gcp-network-network = "Check: Active" - # gcp-network-packetMirroring = "Check: Active" - # gcp-network-regionBackendService = "Check: Active" - # gcp-network-regionSslCertificate = "Check: Active" - # gcp-network-regionTargetHttpsProxy = "Check: Active" - # gcp-network-regionUrlMap = "Check: Active" - # gcp-network-route = "Check: Active" - # gcp-network-router = "Check: Active" - # gcp-network-sslCertificate = "Check: Active" - # gcp-network-sslPolicy = "Check: Active" - # gcp-network-subnetwork = "Check: Active" - # gcp-network-targetHttpsProxy = "Check: Active" - # gcp-network-targetPool = "Check: Active" - # gcp-network-targetSslProxy = "Check: Active" - # gcp-network-targetTcpProxy = "Check: Active" - # gcp-network-targetVpnGateway = "Check: Active" - # gcp-network-urlMap = "Check: Active" - # gcp-network-vpnTunnel = "Check: Active" - # gcp-pubsub-snapshot = "Check: Active" - # gcp-pubsub-subscription = "Check: Active" - # gcp-pubsub-topic = "Check: Active" - # gcp-scheduler-job = "Check: Active" - # gcp-spanner-instance = "Check: Active" - gcp-sql-backup = "Check: Active" - gcp-sql-database = "Check: Active" - gcp-sql-instance = "Check: Active" - gcp-storage-bucket = "Check: Active" - # gcp-storage-object = "Check: Active" # turned off by default to reduce noise -} - -# See file schedules_policies.tf -gcp_computeengine_instance_schedule_tag_policies = false diff --git a/baselines/todo_policy_packs/gcp/gcp_check_cost_controls/locals.tf b/baselines/todo_policy_packs/gcp/gcp_check_cost_controls/locals.tf deleted file mode 100644 index 381f2a32c..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_cost_controls/locals.tf +++ /dev/null @@ -1,158 +0,0 @@ -locals { - -# Note: the resource map above dictates the applicable use of each line item below. You do not need to comment out these items to reduce scope -policy_map = { - gcp-bigquery-dataset : "tmod:@turbot/gcp-bigquery#/policy/types/datasetActive" - gcp-bigquery-table : "tmod:@turbot/gcp-bigquery#/policy/types/tableActive" - gcp-bigtable-cluster : "tmod:@turbot/gcp-bigtable#/policy/types/clusterActive" - gcp-bigtable-instance : "tmod:@turbot/gcp-bigtable#/policy/types/instanceActive" - gcp-bigtable-table : "tmod:@turbot/gcp-bigtable#/policy/types/tableActive" - gcp-composer-environment : "tmod:@turbot/gcp-composer#/policy/types/environmentActive" - gcp-computeengine-disk : "tmod:@turbot/gcp-computeengine#/policy/types/diskActive" - gcp-computeengine-healthCheck : "tmod:@turbot/gcp-computeengine#/policy/types/healthCheckActive" - gcp-computeengine-httpHealthCheck : "tmod:@turbot/gcp-computeengine#/policy/types/httpHealthCheckActive" - gcp-computeengine-httpsHealthCheck : "tmod:@turbot/gcp-computeengine#/policy/types/httpsHealthCheckActive" - gcp-computeengine-image : "tmod:@turbot/gcp-computeengine#/policy/types/imageActive" - gcp-computeengine-instance : "tmod:@turbot/gcp-computeengine#/policy/types/instanceActive" - gcp-computeengine-instanceTemplate : "tmod:@turbot/gcp-computeengine#/policy/types/instanceTemplateActive" - gcp-computeengine-nodeGroup : "tmod:@turbot/gcp-computeengine#/policy/types/nodeGroupActive" - gcp-computeengine-nodeTemplate : "tmod:@turbot/gcp-computeengine#/policy/types/nodeTemplateActive" - gcp-computeengine-regionDisk : "tmod:@turbot/gcp-computeengine#/policy/types/regionDiskActive" - gcp-computeengine-regionHealthCheck : "tmod:@turbot/gcp-computeengine#/policy/types/regionHealthCheckActive" - gcp-computeengine-snapshot : "tmod:@turbot/gcp-computeengine#/policy/types/snapshotActive" - gcp-dataflow-job : "tmod:@turbot/gcp-dataflow#/policy/types/jobActive" - gcp-dataproc-cluster : "tmod:@turbot/gcp-dataproc#/policy/types/clusterActive" - gcp-dataproc-job : "tmod:@turbot/gcp-dataproc#/policy/types/jobActive" - gcp-dataproc-workflowTemplate : "tmod:@turbot/gcp-dataproc#/policy/types/workflowTemplateActive" - gcp-dns-managedZone : "tmod:@turbot/gcp-dns#/policy/types/managedZoneActive" - gcp-functions-function : "tmod:@turbot/gcp-functions#/policy/types/functionActive" - gcp-iam-projectUser : "tmod:@turbot/gcp-iam#/policy/types/projectUserActive" - gcp-iam-projectUserAdminActivity : "tmod:@turbot/gcp-iam#/policy/types/projectUserActiveAdminActivity" - gcp-iam-serviceAccount : "tmod:@turbot/gcp-iam#/policy/types/serviceAccountActive" - gcp-iam-serviceAccountKey : "tmod:@turbot/gcp-iam#/policy/types/serviceAccountKeyActive" - gcp-kubernetesengine-regionCluster : "tmod:@turbot/gcp-kubernetesengine#/policy/types/regionClusterActive" - gcp-kubernetesengine-regionNodePool : "tmod:@turbot/gcp-kubernetesengine#/policy/types/regionNodePoolActive" - gcp-kubernetesengine-zoneCluster : "tmod:@turbot/gcp-kubernetesengine#/policy/types/zoneClusterActive" - gcp-kubernetesengine-zoneNodePool : "tmod:@turbot/gcp-kubernetesengine#/policy/types/zoneNodePoolActive" - gcp-logging-exclusion : "tmod:@turbot/gcp-logging#/policy/types/exclusionActive" - gcp-logging-metric : "tmod:@turbot/gcp-logging#/policy/types/metricActive" - gcp-logging-sink : "tmod:@turbot/gcp-logging#/policy/types/sinkActive" - gcp-monitoring-alertPolicy : "tmod:@turbot/gcp-monitoring#/policy/types/alertPolicyActive" - gcp-monitoring-group : "tmod:@turbot/gcp-monitoring#/policy/types/groupActive" - gcp-monitoring-notificationChannel : "tmod:@turbot/gcp-monitoring#/policy/types/notificationChannelActive" - gcp-network-address : "tmod:@turbot/gcp-network#/policy/types/addressActive" - gcp-network-backendBucket : "tmod:@turbot/gcp-network#/policy/types/backendBucketActive" - gcp-network-backendService : "tmod:@turbot/gcp-network#/policy/types/backendServiceActive" - gcp-network-firewall : "tmod:@turbot/gcp-network#/policy/types/firewallActive" - gcp-network-forwardingRule : "tmod:@turbot/gcp-network#/policy/types/forwardingRuleActive" - gcp-network-globalAddress : "tmod:@turbot/gcp-network#/policy/types/globalAddressActive" - gcp-network-globalForwardingRule : "tmod:@turbot/gcp-network#/policy/types/globalForwardingRuleActive" - gcp-network-interconnect : "tmod:@turbot/gcp-network#/policy/types/interconnectActive" - gcp-network-network : "tmod:@turbot/gcp-network#/policy/types/networkActive" - gcp-network-packetMirroring : "tmod:@turbot/gcp-network#/policy/types/packetMirroringActive" - gcp-network-regionBackendService : "tmod:@turbot/gcp-network#/policy/types/regionBackendServiceActive" - gcp-network-regionSslCertificate : "tmod:@turbot/gcp-network#/policy/types/regionSslCertificateActive" - gcp-network-regionTargetHttpsProxy : "tmod:@turbot/gcp-network#/policy/types/regionTargetHttpsProxyActive" - gcp-network-regionUrlMap : "tmod:@turbot/gcp-network#/policy/types/regionUrlMapActive" - gcp-network-route : "tmod:@turbot/gcp-network#/policy/types/routeActive" - gcp-network-router : "tmod:@turbot/gcp-network#/policy/types/routerActive" - gcp-network-sslCertificate : "tmod:@turbot/gcp-network#/policy/types/sslCertificateActive" - gcp-network-sslPolicy : "tmod:@turbot/gcp-network#/policy/types/sslPolicyActive" - gcp-network-subnetwork : "tmod:@turbot/gcp-network#/policy/types/subnetworkActive" - gcp-network-targetHttpsProxy : "tmod:@turbot/gcp-network#/policy/types/targetHttpsProxyActive" - gcp-network-targetPool : "tmod:@turbot/gcp-network#/policy/types/targetPoolActive" - gcp-network-targetSslProxy : "tmod:@turbot/gcp-network#/policy/types/targetSslProxyActive" - gcp-network-targetTcpProxy : "tmod:@turbot/gcp-network#/policy/types/targetTcpProxyActive" - gcp-network-targetVpnGateway : "tmod:@turbot/gcp-network#/policy/types/targetVpnGatewayActive" - gcp-network-urlMap : "tmod:@turbot/gcp-network#/policy/types/urlMapActive" - gcp-network-vpnTunnel : "tmod:@turbot/gcp-network#/policy/types/vpnTunnelActive" - gcp-pubsub-snapshot : "tmod:@turbot/gcp-pubsub#/policy/types/snapshotActive" - gcp-pubsub-subscription : "tmod:@turbot/gcp-pubsub#/policy/types/subscriptionActive" - gcp-pubsub-topic : "tmod:@turbot/gcp-pubsub#/policy/types/topicActive" - gcp-scheduler-job : "tmod:@turbot/gcp-scheduler#/policy/types/jobActive" - gcp-spanner-instance : "tmod:@turbot/gcp-spanner#/policy/types/instanceActive" - gcp-sql-backup : "tmod:@turbot/gcp-sql#/policy/types/backupActive" - gcp-sql-database : "tmod:@turbot/gcp-sql#/policy/types/databaseActive" - gcp-sql-instance : "tmod:@turbot/gcp-sql#/policy/types/instanceActive" - gcp-storage-bucket : "tmod:@turbot/gcp-storage#/policy/types/bucketActive" - gcp-storage-object : "tmod:@turbot/gcp-storage#/policy/types/objectActive" - } - -# Note: the resource map above dictates the applicable use of each line item below. You do not need to comment out these items to reduce scope -policy_map_age = { - gcp-bigquery-dataset : "tmod:@turbot/gcp-bigquery#/policy/types/datasetActiveAge" - gcp-bigquery-table : "tmod:@turbot/gcp-bigquery#/policy/types/tableActiveAge" - gcp-bigtable-cluster : "tmod:@turbot/gcp-bigtable#/policy/types/clusterActiveAge" - gcp-bigtable-instance : "tmod:@turbot/gcp-bigtable#/policy/types/instanceActiveAge" - gcp-bigtable-table : "tmod:@turbot/gcp-bigtable#/policy/types/tableActiveAge" - gcp-composer-environment : "tmod:@turbot/gcp-composer#/policy/types/environmentActiveAge" - gcp-computeengine-disk : "tmod:@turbot/gcp-computeengine#/policy/types/diskActiveAge" - gcp-computeengine-healthCheck : "tmod:@turbot/gcp-computeengine#/policy/types/healthCheckActiveAge" - gcp-computeengine-httpHealthCheck : "tmod:@turbot/gcp-computeengine#/policy/types/httpHealthCheckActiveAge" - gcp-computeengine-httpsHealthCheck : "tmod:@turbot/gcp-computeengine#/policy/types/httpsHealthCheckActiveAge" - gcp-computeengine-image : "tmod:@turbot/gcp-computeengine#/policy/types/imageActiveAge" - gcp-computeengine-instance : "tmod:@turbot/gcp-computeengine#/policy/types/instanceActiveAge" - gcp-computeengine-instanceTemplate : "tmod:@turbot/gcp-computeengine#/policy/types/instanceTemplateActiveAge" - gcp-computeengine-nodeGroup : "tmod:@turbot/gcp-computeengine#/policy/types/nodeGroupActiveAge" - gcp-computeengine-nodeTemplate : "tmod:@turbot/gcp-computeengine#/policy/types/nodeTemplateActiveAge" - gcp-computeengine-regionDisk : "tmod:@turbot/gcp-computeengine#/policy/types/regionDiskActiveAge" - gcp-computeengine-regionHealthCheck : "tmod:@turbot/gcp-computeengine#/policy/types/regionHealthCheckActiveAge" - gcp-computeengine-snapshot : "tmod:@turbot/gcp-computeengine#/policy/types/snapshotActiveAge" - gcp-dataflow-job : "tmod:@turbot/gcp-dataflow#/policy/types/jobActiveAge" - gcp-dataproc-cluster : "tmod:@turbot/gcp-dataproc#/policy/types/clusterActiveAge" - gcp-dataproc-job : "tmod:@turbot/gcp-dataproc#/policy/types/jobActiveAge" - gcp-dataproc-workflowTemplate : "tmod:@turbot/gcp-dataproc#/policy/types/workflowTemplateActiveAge" - gcp-dns-managedZone : "tmod:@turbot/gcp-dns#/policy/types/managedZoneActiveAge" - gcp-functions-function : "tmod:@turbot/gcp-functions#/policy/types/functionActiveAge" - gcp-iam-projectUser : "tmod:@turbot/gcp-iam#/policy/types/projectUserActiveAge" - gcp-iam-projectUserAdminActivity : "tmod:@turbot/gcp-iam#/policy/types/projectUserActiveAgeAdminActivity" - gcp-iam-serviceAccount : "tmod:@turbot/gcp-iam#/policy/types/serviceAccountActiveAge" - gcp-iam-serviceAccountKey : "tmod:@turbot/gcp-iam#/policy/types/serviceAccountKeyActiveAge" - gcp-kubernetesengine-regionCluster : "tmod:@turbot/gcp-kubernetesengine#/policy/types/regionClusterActiveAge" - gcp-kubernetesengine-regionNodePool : "tmod:@turbot/gcp-kubernetesengine#/policy/types/regionNodePoolActiveAge" - gcp-kubernetesengine-zoneCluster : "tmod:@turbot/gcp-kubernetesengine#/policy/types/zoneClusterActiveAge" - gcp-kubernetesengine-zoneNodePool : "tmod:@turbot/gcp-kubernetesengine#/policy/types/zoneNodePoolActiveAge" - gcp-logging-exclusion : "tmod:@turbot/gcp-logging#/policy/types/exclusionActiveAge" - gcp-logging-metric : "tmod:@turbot/gcp-logging#/policy/types/metricActiveAge" - gcp-logging-sink : "tmod:@turbot/gcp-logging#/policy/types/sinkActiveAge" - gcp-monitoring-alertPolicy : "tmod:@turbot/gcp-monitoring#/policy/types/alertPolicyActiveAge" - gcp-monitoring-group : "tmod:@turbot/gcp-monitoring#/policy/types/groupActiveAge" - gcp-monitoring-notificationChannel : "tmod:@turbot/gcp-monitoring#/policy/types/notificationChannelActiveAge" - gcp-network-address : "tmod:@turbot/gcp-network#/policy/types/addressActiveAge" - gcp-network-backendBucket : "tmod:@turbot/gcp-network#/policy/types/backendBucketActiveAge" - gcp-network-backendService : "tmod:@turbot/gcp-network#/policy/types/backendServiceActiveAge" - gcp-network-firewall : "tmod:@turbot/gcp-network#/policy/types/firewallActiveAge" - gcp-network-forwardingRule : "tmod:@turbot/gcp-network#/policy/types/forwardingRuleActiveAge" - gcp-network-globalAddress : "tmod:@turbot/gcp-network#/policy/types/globalAddressActiveAge" - gcp-network-globalForwardingRule : "tmod:@turbot/gcp-network#/policy/types/globalForwardingRuleActiveAge" - gcp-network-interconnect : "tmod:@turbot/gcp-network#/policy/types/interconnectActiveAge" - gcp-network-network : "tmod:@turbot/gcp-network#/policy/types/networkActiveAge" - gcp-network-packetMirroring : "tmod:@turbot/gcp-network#/policy/types/packetMirroringActiveAge" - gcp-network-regionBackendService : "tmod:@turbot/gcp-network#/policy/types/regionBackendServiceActiveAge" - gcp-network-regionSslCertificate : "tmod:@turbot/gcp-network#/policy/types/regionSslCertificateActiveAge" - gcp-network-regionTargetHttpsProxy : "tmod:@turbot/gcp-network#/policy/types/regionTargetHttpsProxyActiveAge" - gcp-network-regionUrlMap : "tmod:@turbot/gcp-network#/policy/types/regionUrlMapActiveAge" - gcp-network-route : "tmod:@turbot/gcp-network#/policy/types/routeActiveAge" - gcp-network-router : "tmod:@turbot/gcp-network#/policy/types/routerActiveAge" - gcp-network-sslCertificate : "tmod:@turbot/gcp-network#/policy/types/sslCertificateActiveAge" - gcp-network-sslPolicy : "tmod:@turbot/gcp-network#/policy/types/sslPolicyActiveAge" - gcp-network-subnetwork : "tmod:@turbot/gcp-network#/policy/types/subnetworkActiveAge" - gcp-network-targetHttpsProxy : "tmod:@turbot/gcp-network#/policy/types/targetHttpsProxyActiveAge" - gcp-network-targetPool : "tmod:@turbot/gcp-network#/policy/types/targetPoolActiveAge" - gcp-network-targetSslProxy : "tmod:@turbot/gcp-network#/policy/types/targetSslProxyActiveAge" - gcp-network-targetTcpProxy : "tmod:@turbot/gcp-network#/policy/types/targetTcpProxyActiveAge" - gcp-network-targetVpnGateway : "tmod:@turbot/gcp-network#/policy/types/targetVpnGatewayActiveAge" - gcp-network-urlMap : "tmod:@turbot/gcp-network#/policy/types/urlMapActiveAge" - gcp-network-vpnTunnel : "tmod:@turbot/gcp-network#/policy/types/vpnTunnelActiveAge" - gcp-pubsub-snapshot : "tmod:@turbot/gcp-pubsub#/policy/types/snapshotActiveAge" - gcp-pubsub-subscription : "tmod:@turbot/gcp-pubsub#/policy/types/subscriptionActiveAge" - gcp-pubsub-topic : "tmod:@turbot/gcp-pubsub#/policy/types/topicActiveAge" - gcp-scheduler-job : "tmod:@turbot/gcp-scheduler#/policy/types/jobActiveAge" - gcp-spanner-instance : "tmod:@turbot/gcp-spanner#/policy/types/instanceActiveAge" - gcp-sql-backup : "tmod:@turbot/gcp-sql#/policy/types/backupActiveAge" - gcp-sql-database : "tmod:@turbot/gcp-sql#/policy/types/databaseActiveAge" - gcp-sql-instance : "tmod:@turbot/gcp-sql#/policy/types/instanceActiveAge" - gcp-storage-bucket : "tmod:@turbot/gcp-storage#/policy/types/bucketActiveAge" - gcp-storage-object : "tmod:@turbot/gcp-storage#/policy/types/objectActiveAge" - } -} \ No newline at end of file diff --git a/baselines/todo_policy_packs/gcp/gcp_check_cost_controls/network_approved_policies.tf b/baselines/todo_policy_packs/gcp/gcp_check_cost_controls/network_approved_policies.tf deleted file mode 100644 index 08df92728..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_cost_controls/network_approved_policies.tf +++ /dev/null @@ -1,27 +0,0 @@ -# Check for GCP Address Network Service tiers for cost savings -# Note: GCP Address Approved may already be set by another baseline -# Since the baselines are set in seperate Smart Folders there will not be a conflict - -# GCP > Network > Address > Approved -# https://turbot.com/v5/mods/turbot/gcp-network/inspect#/policy/types/addressApproved -resource "turbot_policy_setting" "gcp_network_address_approved" { - count = var.enable_network_approved_policies ? 1 : 0 - resource = turbot_smart_folder.gcp_cost_controls.id - type = "tmod:@turbot/gcp-network#/policy/types/addressApproved" - value = "Check: Approved" - # Skip - # Check: Approved - # Enforce: Delete unapproved if new -} - -# GCP > Network > Address > Approved > Network Tier -# https://turbot.com/v5/mods/turbot/gcp-network/inspect#/policy/types/addressApprovedNetworkTier -resource "turbot_policy_setting" "gcp_address_approved_network_tier" { - count = var.enable_network_approved_policies ? 1 : 0 - resource = turbot_smart_folder.gcp_cost_controls.id - type = "tmod:@turbot/gcp-network#/policy/types/addressApprovedNetworkTier" - value = "Approved if standard" - # Skip - # Approved if standard - # Approved if premium -} diff --git a/baselines/todo_policy_packs/gcp/gcp_check_cost_controls/outputs.tf b/baselines/todo_policy_packs/gcp/gcp_check_cost_controls/outputs.tf deleted file mode 100644 index 6b949c37e..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_cost_controls/outputs.tf +++ /dev/null @@ -1,31 +0,0 @@ -output "turbot_profile" { - value = var.turbot_profile -} - -output "smart_folder_name" { - value = var.smart_folder_name -} - -output "smart_folder_description" { - value = var.smart_folder_description -} - -output "smart_folder_parent_resource" { - value = var.smart_folder_parent_resource -} - -output "resource_active" { - value = var.resource_active -} - -output "enable_compute_engine_active_policies" { - value = var.enable_compute_engine_active_policies -} - -output "enable_network_approved_policies" { - value = var.enable_network_approved_policies -} - -output "enable_compute_engine_schedule_policies" { - value = var.enable_compute_engine_schedule_policies -} diff --git a/baselines/todo_policy_packs/gcp/gcp_check_cost_controls/providers.tf b/baselines/todo_policy_packs/gcp/gcp_check_cost_controls/providers.tf deleted file mode 100644 index db6e1f7b4..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_cost_controls/providers.tf +++ /dev/null @@ -1,12 +0,0 @@ -terraform { - required_providers { - turbot = { - source = "turbot/turbot" - } - } - required_version = ">= 0.13" -} - -provider "turbot" { - profile = var.turbot_profile -} \ No newline at end of file diff --git a/baselines/todo_policy_packs/gcp/gcp_check_cost_controls/smart_folder.tf b/baselines/todo_policy_packs/gcp/gcp_check_cost_controls/smart_folder.tf deleted file mode 100644 index f45916c78..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_cost_controls/smart_folder.tf +++ /dev/null @@ -1,5 +0,0 @@ -resource "turbot_smart_folder" "gcp_cost_controls" { - parent = var.smart_folder_parent_resource - title = var.smart_folder_name - description = var.smart_folder_description -} \ No newline at end of file diff --git a/baselines/todo_policy_packs/gcp/gcp_check_cost_controls/variables.tf b/baselines/todo_policy_packs/gcp/gcp_check_cost_controls/variables.tf deleted file mode 100644 index 32b9944d9..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_cost_controls/variables.tf +++ /dev/null @@ -1,142 +0,0 @@ -# Required - -variable "turbot_profile" { - description = "Enter profile matching your turbot cli credentials." -} - -# Optional - -variable "resource_active" { - description = < -``` - -### Deploying demo example - -1. Navigate to the folder of the baseline -2. Initialize Terraform -3. Apply the baseline using the demo input variable file [demo.tfvars](demo.tfvars) - -On the terminal this will look like: - -```shell -cd -terraform init -terraform apply --var-file demo.tfvars -``` -**Note** -- Most of the variables in demo.tfvars are marked as `false`, as they are not part of required initial policies. This can be made `true` based on need. - -- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default variable file. - -### Input variable files - -Input variable files allow for the user to configure configuration definitions for multiple environments in different files. - -This baseline comes with an example input variable file called [demo.tfvars](demo.tfvars). - -It will be used to define which parts of the baseline to apply and which to ignore. - -The variables that can be overwritten by the input variable files i.e. [demo.tfvars](demo.tfvars) are defined in the [variables.tf](variables.tf) file. - -Further details found in official [Terraform documentation](https://www.terraform.io/docs/language/values/variables.html). - -### Apply baseline using input variable files - -If seeking to apply the baseline using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform apply --var-file=demo.tfvars - ``` -### Apply baseline without input variable file - -The baseline can be applied without an input variable file. - -1. By this time Terraform initialization is done as mentioned above. -3. Prefer to check the outcome by running the Terraform plan -3. Apply the Terraform -4. Run the command: - -```shell -cd -terraform plan -terraform apply -``` - -`This may prompt the user applying the baseline to enter values for variables that do not have default values.` - -### Destroy baseline without input variable file - -If seeking to apply the baseline without using an input variable file. - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform destroy - ``` - -### Destroy using input variable files - -If seeking to destoy the baseline configuration using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform destroy --var-file=demo.tfvars - ``` - -## Commenting strategy - -All Turbot policies used by the baselines will have a link to the official Turbot Mods documentation. - -Opening the links will give you further details about: - -- The purpose of the policy -- Policy URI name -- Parent information -- Category information -- Target information -- All valid values diff --git a/baselines/todo_policy_packs/gcp/gcp_check_encryption/bigquery_encryption_policies.tf b/baselines/todo_policy_packs/gcp/gcp_check_encryption/bigquery_encryption_policies.tf deleted file mode 100644 index 0ce95c750..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_encryption/bigquery_encryption_policies.tf +++ /dev/null @@ -1,49 +0,0 @@ -### Big Query Dataset Unencrypted -# GCP > BigQuery > Dataset > Approved -# https://turbot.com/v5/mods/turbot/gcp-bigquery/inspect#/policy/types/datasetApproved -resource "turbot_policy_setting" "gcp_bigquery_dataset_approved" { - count = var.enable_bigquery_encryption_policies ? 1 : 0 - resource = turbot_smart_folder.gcp_encryption.id - type = "tmod:@turbot/gcp-bigquery#/policy/types/datasetApproved" - value = "Check: Approved" - # "Enforce: Delete unapproved if new" -} - -# GCP > BigQuery > Dataset > Approved > Encryption at Rest -# https://turbot.com/v5/mods/turbot/gcp-bigquery/inspect#/policy/types/datasetApprovedEncryptionAtRest -resource "turbot_policy_setting" "gcp_bigquery_dataset_approved_encryption_at_rest" { - count = var.enable_bigquery_encryption_policies ? 1 : 0 - resource = turbot_smart_folder.gcp_encryption.id - type = "tmod:@turbot/gcp-bigquery#/policy/types/datasetApprovedEncryptionAtRest" - value = "Google managed key" - # "Google managed key" - # "Google managed key or higher" - # "Customer managed key" - # "Customer managed key or higher" - # "Encryption at Rest > Customer Managed Key" -} - -# GCP > BigQuery > Table > Approved -# https://turbot.com/v5/mods/turbot/gcp-bigquery/inspect#/policy/types/tableApproved -### Big Query Table Unencrypted -resource "turbot_policy_setting" "gcp_bigquery_table_approved" { - count = var.enable_bigquery_encryption_policies ? 1 : 0 - resource = turbot_smart_folder.gcp_encryption.id - type = "tmod:@turbot/gcp-bigquery#/policy/types/tableApproved" - value = "Check: Approved" - # "Enforce: Delete unapproved if new" -} - -# GCP > BigQuery > Table > Approved > Encryption at Rest -# https://turbot.com/v5/mods/turbot/gcp-bigquery/inspect#/policy/types/tableApprovedEncryptionAtRest -resource "turbot_policy_setting" "gcp_bigquery_table_approved_encryption_at_rest" { - count = var.enable_bigquery_encryption_policies ? 1 : 0 - resource = turbot_smart_folder.gcp_encryption.id - type = "tmod:@turbot/gcp-bigquery#/policy/types/tableApprovedEncryptionAtRest" - value = "Google managed key" - # "Google managed key" - # "Google managed key or higher" - # "Customer managed key" - # "Customer managed key or higher" - # "Encryption at Rest > Customer Managed Key" -} diff --git a/baselines/todo_policy_packs/gcp/gcp_check_encryption/compute_engine_encryption_policies.tf b/baselines/todo_policy_packs/gcp/gcp_check_encryption/compute_engine_encryption_policies.tf deleted file mode 100644 index 541199b40..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_encryption/compute_engine_encryption_policies.tf +++ /dev/null @@ -1,49 +0,0 @@ -# Compute Engine Disk Unencrypted - -# GCP > Compute Engine > Disk > Approved -# https://turbot.com/v5/mods/turbot/gcp-computeengine/inspect#/policy/types/diskApproved -resource "turbot_policy_setting" "gcp_computeengine_disk_approved" { - count = var.enable_compute_engine_encryption_policies ? 1 : 0 - resource = turbot_smart_folder.gcp_encryption.id - type = "tmod:@turbot/gcp-computeengine#/policy/types/diskApproved" - value = "Check: Approved" - # "Enforce: Delete unapproved if new" -} - -# GCP > Compute Engine > Disk > Approved > Encryption at Rest -# https://turbot.com/v5/mods/turbot/gcp-computeengine/inspect#/policy/types/diskApprovedEncryptionAtRest -resource "turbot_policy_setting" "gcp_computeengine_disk_approved_encryption_at_rest" { - count = var.enable_compute_engine_encryption_policies ? 1 : 0 - resource = turbot_smart_folder.gcp_encryption.id - type = "tmod:@turbot/gcp-computeengine#/policy/types/diskApprovedEncryptionAtRest" - value = "Google managed key" - # "Google managed key" - # "Google managed key or higher" - # "Customer managed key" - # "Customer managed key or higher" - # "Encryption at Rest > Customer Managed Key" -} - -# GCP > Compute Engine > Image > Approved -# https://turbot.com/v5/mods/turbot/gcp-computeengine/inspect#/policy/types/imageApproved -resource "turbot_policy_setting" "gcp_computeengine_image_approved" { - count = var.enable_compute_engine_encryption_policies ? 1 : 0 - resource = turbot_smart_folder.gcp_encryption.id - type = "tmod:@turbot/gcp-computeengine#/policy/types/imageApproved" - value = "Check: Approved" - # "Enforce: Delete unapproved if new" -} - -# GCP > Compute Engine > Image > Approved > Encryption at Rest -# https://turbot.com/v5/mods/turbot/gcp-computeengine/inspect#/policy/types/imageApprovedEncryptionAtRest -resource "turbot_policy_setting" "gcp_computeengine_image_approved_encryption_at_rest" { - count = var.enable_compute_engine_encryption_policies ? 1 : 0 - resource = turbot_smart_folder.gcp_encryption.id - type = "tmod:@turbot/gcp-computeengine#/policy/types/imageApprovedEncryptionAtRest" - value = "Google managed key" - # "Google managed key" - # "Google managed key or higher" - # "Customer managed key" - # "Customer managed key or higher" - # "Encryption at Rest > Customer Managed Key" -} diff --git a/baselines/todo_policy_packs/gcp/gcp_check_encryption/dataflow_encryption_policies.tf b/baselines/todo_policy_packs/gcp/gcp_check_encryption/dataflow_encryption_policies.tf deleted file mode 100644 index f556522a0..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_encryption/dataflow_encryption_policies.tf +++ /dev/null @@ -1,25 +0,0 @@ -# Dataflow Jobs Unencrypted - -# GCP > Dataflow > Job > Approved -# https://turbot.com/v5/mods/turbot/gcp-dataflow/inspect#/policy/types/jobApproved -resource "turbot_policy_setting" "gcp_dataflow_job_approved" { - count = var.enable_dataflow_encryption_policies ? 1 : 0 - resource = turbot_smart_folder.gcp_encryption.id - type = "tmod:@turbot/gcp-dataflow#/policy/types/jobApproved" - value = "Check: Approved" - # No Enforcement alternative available -} - -# GCP > Dataflow > Job > Approved > Encryption at Rest -# https://turbot.com/v5/mods/turbot/gcp-dataflow/inspect#/policy/types/jobApprovedEncryptionAtRest -resource "turbot_policy_setting" "gcp_dataflow_job_approved_encryption_at_rest" { - count = var.enable_dataflow_encryption_policies ? 1 : 0 - resource = turbot_smart_folder.gcp_encryption.id - type = "tmod:@turbot/gcp-dataflow#/policy/types/jobApprovedEncryptionAtRest" - value = "Google managed key" - # "Google managed key" - # "Google managed key or higher" - # "Customer managed key" - # "Customer managed key or higher" - # "Encryption at Rest > Customer Managed Key" -} diff --git a/baselines/todo_policy_packs/gcp/gcp_check_encryption/dataproc_encryption_policies.tf b/baselines/todo_policy_packs/gcp/gcp_check_encryption/dataproc_encryption_policies.tf deleted file mode 100644 index 20c4e985a..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_encryption/dataproc_encryption_policies.tf +++ /dev/null @@ -1,25 +0,0 @@ -# Dataproc Cluster Unencrypted - -# GCP > Dataproc > Cluster > Approved -# https://turbot.com/v5/mods/turbot/gcp-dataproc/inspect#/policy/types/clusterApproved -resource "turbot_policy_setting" "gcp_dataproc_cluster_approved" { - count = var.enable_dataproc_encryption_policies ? 1 : 0 - resource = turbot_smart_folder.gcp_encryption.id - type = "tmod:@turbot/gcp-dataproc#/policy/types/clusterApproved" - value = "Check: Approved" - # "Enforce: Delete unapproved if new" -} - -# GCP > Dataproc > Cluster > Approved > Encryption at Rest -# https://turbot.com/v5/mods/turbot/gcp-dataproc/inspect#/policy/types/clusterApprovedEncryptionAtRest -resource "turbot_policy_setting" "gcp_dataproc_cluster_approved_encryption_at_rest" { - count = var.enable_dataproc_encryption_policies ? 1 : 0 - resource = turbot_smart_folder.gcp_encryption.id - type = "tmod:@turbot/gcp-dataproc#/policy/types/clusterApprovedEncryptionAtRest" - value = "Google managed key" - # "Google managed key" - # "Google managed key or higher" - # "Customer managed key" - # "Customer managed key or higher" - # "Encryption at Rest > Customer Managed Key" -} diff --git a/baselines/todo_policy_packs/gcp/gcp_check_encryption/kubernetes_engine_encryption_policies.tf b/baselines/todo_policy_packs/gcp/gcp_check_encryption/kubernetes_engine_encryption_policies.tf deleted file mode 100644 index 2dfd04492..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_encryption/kubernetes_engine_encryption_policies.tf +++ /dev/null @@ -1,50 +0,0 @@ -# Kubernetes Engine Region Cluster Unencrypted - -# GCP > Kubernetes Engine > Region Cluster > Approved -# https://turbot.com/v5/mods/turbot/gcp-kubernetesengine/inspect#/policy/types/regionClusterApproved -resource "turbot_policy_setting" "gcp_kubernetesengine_region_cluster_approved" { - count = var.enable_kubernetes_engine_encryption_policies ? 1 : 0 - resource = turbot_smart_folder.gcp_encryption.id - type = "tmod:@turbot/gcp-kubernetesengine#/policy/types/regionClusterApproved" - value = "Check: Approved" - # "Enforce: Delete unapproved if new" -} - -# GCP > Kubernetes Engine > Region Cluster > Approved > Encryption at Rest -# https://turbot.com/v5/mods/turbot/gcp-kubernetesengine/inspect#/policy/types/regionClusterApprovedEncryptionAtRest -resource "turbot_policy_setting" "gcp_kubernetesengine_region_cluster_approved_encryption_at_rest" { - count = var.enable_kubernetes_engine_encryption_policies ? 1 : 0 - resource = turbot_smart_folder.gcp_encryption.id - type = "tmod:@turbot/gcp-kubernetesengine#/policy/types/regionClusterApprovedEncryptionAtRest" - value = "Google managed key" - # "Google managed key" - # "Google managed key or higher" - # "Customer managed key" - # "Customer managed key or higher" - # "Encryption at Rest > Customer Managed Key" -} - -### Kubernetes Engine Zone Cluster Unencrypted -# GCP > Kubernetes Engine > Zone Cluster > Approved -# https://turbot.com/v5/mods/turbot/gcp-kubernetesengine/inspect#/policy/types/zoneClusterApproved -resource "turbot_policy_setting" "gcp_kubernetesengine_zone_cluster_approved" { - count = var.enable_kubernetes_engine_encryption_policies ? 1 : 0 - resource = turbot_smart_folder.gcp_encryption.id - type = "tmod:@turbot/gcp-kubernetesengine#/policy/types/zoneClusterApproved" - value = "Check: Approved" - # "Enforce: Delete unapproved if new" -} - -# GCP > Kubernetes Engine > Zone Cluster > Approved > Encryption at Rest -# https://turbot.com/v5/mods/turbot/gcp-kubernetesengine/inspect#/policy/types/zoneClusterApprovedEncryptionAtRest -resource "turbot_policy_setting" "gcp_kubernetesengine_zone_cluster_approved_encryption_at_rest" { - count = var.enable_kubernetes_engine_encryption_policies ? 1 : 0 - resource = turbot_smart_folder.gcp_encryption.id - type = "tmod:@turbot/gcp-kubernetesengine#/policy/types/zoneClusterApprovedEncryptionAtRest" - value = "Google managed key" - # "Google managed key" - # "Google managed key or higher" - # "Customer managed key" - # "Customer managed key or higher" - # "Encryption at Rest > Customer Managed Key" -} diff --git a/baselines/todo_policy_packs/gcp/gcp_check_encryption/outputs.tf b/baselines/todo_policy_packs/gcp/gcp_check_encryption/outputs.tf deleted file mode 100644 index 65f9aef84..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_encryption/outputs.tf +++ /dev/null @@ -1,67 +0,0 @@ -output "turbot_profile" { - value = var.turbot_profile -} - -output "smart_folder_name" { - value = var.smart_folder_name -} - -output "smart_folder_description" { - value = var.smart_folder_description -} - -output "smart_folder_parent_resource" { - value = var.smart_folder_parent_resource -} - -output "enable_bigquery_dataset_approved_policies" { - value = var.enable_bigquery_dataset_approved_policies -} - -output "enable_bigquery_encryption_policies" { - value = var.enable_bigquery_encryption_policies -} - -output "enable_computeengine_image_approved_policies" { - value = var.enable_computeengine_image_approved_policies -} - -output "enable_compute_engine_encryption_policies" { - value = var.enable_compute_engine_encryption_policies -} - -output "enable_dataflow_job_approved_policies" { - value = var.enable_dataflow_job_approved_policies -} - -output "enable_dataflow_encryption_policies" { - value = var.enable_dataflow_encryption_policies -} - -output "enable_dataproc_cluster_approved_policies" { - value = var.enable_dataproc_cluster_approved_policies -} - -output "enable_dataproc_encryption_policies" { - value = var.enable_dataproc_encryption_policies -} - -output "enable_kubernetesengine_region_cluster_approved_policies" { - value = var.enable_kubernetesengine_region_cluster_approved_policies -} - -output "enable_kubernetes_engine_encryption_policies" { - value = var.enable_kubernetes_engine_encryption_policies -} - -output "enable_pubsub_topic_approved_policies" { - value = var.enable_pubsub_topic_approved_policies -} - -output "enable_pub_sub_encryption_policies" { - value = var.enable_pub_sub_encryption_policies -} - -output "enable_storage_encryption_policies" { - value = var.enable_storage_encryption_policies -} diff --git a/baselines/todo_policy_packs/gcp/gcp_check_encryption/providers.tf b/baselines/todo_policy_packs/gcp/gcp_check_encryption/providers.tf deleted file mode 100644 index 715fb0f92..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_encryption/providers.tf +++ /dev/null @@ -1,12 +0,0 @@ -terraform { - required_providers { - turbot = { - source = "turbot/turbot" - } - } - required_version = ">= 0.13" -} - -provider "turbot" { - profile = var.turbot_profile -} \ No newline at end of file diff --git a/baselines/todo_policy_packs/gcp/gcp_check_encryption/pub_sub_encryption_policies.tf b/baselines/todo_policy_packs/gcp/gcp_check_encryption/pub_sub_encryption_policies.tf deleted file mode 100644 index 3480e8fb9..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_encryption/pub_sub_encryption_policies.tf +++ /dev/null @@ -1,24 +0,0 @@ -### Pub/Sub Topic Unencrypted -# GCP > Pub/Sub > Topic > Approved -# https://turbot.com/v5/mods/turbot/gcp-pubsub/inspect#/policy/types/topicApproved -resource "turbot_policy_setting" "gcp_pubsub_topic_approved" { - count = var.enable_pub_sub_encryption_policies ? 1 : 0 - resource = turbot_smart_folder.gcp_encryption.id - type = "tmod:@turbot/gcp-pubsub#/policy/types/topicApproved" - value = "Check: Approved" - # "Enforce: Delete unapproved if new" -} - -# GCP > Pub/Sub > Topic > Approved > Encryption at Rest -# https://turbot.com/v5/mods/turbot/gcp-pubsub/inspect#/policy/types/topicApprovedEncryptionAtRest -resource "turbot_policy_setting" "gcp_pubsub_topic_approved_encryption_at_rest" { - count = var.enable_pub_sub_encryption_policies ? 1 : 0 - resource = turbot_smart_folder.gcp_encryption.id - type = "tmod:@turbot/gcp-pubsub#/policy/types/topicApprovedEncryptionAtRest" - value = "Google managed key" - # "Google managed key" - # "Google managed key or higher" - # "Customer managed key" - # "Customer managed key or higher" - # "Encryption at Rest > Customer Managed Key" -} diff --git a/baselines/todo_policy_packs/gcp/gcp_check_encryption/smartfolder.tf b/baselines/todo_policy_packs/gcp/gcp_check_encryption/smartfolder.tf deleted file mode 100644 index 7a09143c5..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_encryption/smartfolder.tf +++ /dev/null @@ -1,5 +0,0 @@ -resource "turbot_smart_folder" "gcp_encryption" { - parent = var.smart_folder_parent_resource - title = var.smart_folder_name - description = var.smart_folder_description -} diff --git a/baselines/todo_policy_packs/gcp/gcp_check_encryption/storage_encryption_policies.tf b/baselines/todo_policy_packs/gcp/gcp_check_encryption/storage_encryption_policies.tf deleted file mode 100644 index 93f790935..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_encryption/storage_encryption_policies.tf +++ /dev/null @@ -1,19 +0,0 @@ -# Storage Bucket Unencrypted -- can be repaired without having to terminate the resource (direct policy vs under Approved) - -# GCP > Storage > Bucket > Encryption at Rest -# https://turbot.com/v5/mods/turbot/gcp-storage/inspect#/policy/types/bucketEncryptionAtRest -resource "turbot_policy_setting" "gcp_storage_bucket_encryption_at_rest" { - count = var.enable_storage_encryption_policies ? 1 : 0 - resource = turbot_smart_folder.gcp_encryption.id - type = "tmod:@turbot/gcp-storage#/policy/types/bucketEncryptionAtRest" - value = "Check: Google managed key" - # "Skip", - # "Check: Google managed key", - # "Check: Google managed key or higher", - # "Check: Customer managed key", - # "Check: Encryption at Rest > Customer Managed Key", - # "Enforce: Google managed key", - # "Enforce: Google managed key or higher", - # "Enforce: Customer managed key", - # "Enforce: Encryption at Rest > Customer Managed Key" -} diff --git a/baselines/todo_policy_packs/gcp/gcp_check_encryption/variables.tf b/baselines/todo_policy_packs/gcp/gcp_check_encryption/variables.tf deleted file mode 100644 index 4e2015939..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_encryption/variables.tf +++ /dev/null @@ -1,103 +0,0 @@ -# Baseline Configuration - -variable "enable_bigquery_dataset_approved_policies" { - type = bool - description = "Enable the Bigquery Dataset approved policies for baseline" - default = true -} - -variable "enable_bigquery_encryption_policies" { - type = bool - description = "Enabling will ensure encryption on Bigquery Resources" - default = true -} - -variable "enable_computeengine_image_approved_policies" { - type = bool - description = "Enable the Compute Engine Image approved policies for baseline" - default = true -} - -variable "enable_compute_engine_encryption_policies" { - type = bool - description = "Enabling will ensure encryption on Compute Engine Resources" - default = true -} - -variable "enable_dataflow_job_approved_policies" { - type = bool - description = "Enable the Dataflow Job approved policies for baseline" - default = true -} - -variable "enable_dataflow_encryption_policies" { - type = bool - description = "Enabling will ensure encryption on Dataflow resources" - default = true -} - -variable "enable_dataproc_cluster_approved_policies" { - type = bool - description = "Enable the Dataproc Cluster approved policies for baseline" - default = true -} - -variable "enable_dataproc_encryption_policies" { - type = bool - description = "Enabling will ensure encryption on Dataproc resources" - default = true -} - -variable "enable_kubernetesengine_region_cluster_approved_policies" { - type = bool - description = "Enable the Kubernetes Engine Region Cluster approved policies for baseline" - default = true -} - -variable "enable_kubernetes_engine_encryption_policies" { - type = bool - description = "Enabling will ensure encryption on Kubernetes Engine resources" - default = true -} - -variable "enable_pubsub_topic_approved_policies" { - type = bool - description = "Enable the PubSub Topic approved policies for baseline" - default = true -} - -variable "enable_pub_sub_encryption_policies" { - type = bool - description = "Enabling will ensure encryption on PubSub resources" - default = true -} - -variable "enable_storage_encryption_policies" { - type = bool - description = "Enabling will ensure encryption on Storage resources" - default = true -} - -# Optional Common Baseline Configuration - -variable "turbot_profile" { - description = "Enter profile matching your turbot cli credentials." -} - -variable "smart_folder_name" { - description = "Smart folder name for the baseline" - type = string - default = "GCP Check Encryption Policies" -} - -variable "smart_folder_description" { - description = "Enter a description for the smart folder" - type = string - default = "Defines sets of policies for the GCP Check Encryption" -} - -variable "smart_folder_parent_resource" { - description = "Enter the resource ID or AKA for the parent of the smart folder" - type = string - default = "tmod:@turbot/turbot#/" -} diff --git a/baselines/todo_policy_packs/gcp/gcp_check_iam/README.md b/baselines/todo_policy_packs/gcp/gcp_check_iam/README.md deleted file mode 100644 index 0fd718372..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_iam/README.md +++ /dev/null @@ -1,134 +0,0 @@ -# Baseline - GCP Check IAM Policies - -GCP Check IAM Policies focuses on enabling all IAM resources baseline policies. Some policies are enabled with industry standard best practices and some are enabled with check mode to validate. - -## Overview - -Baseline policies are initial set of policies recommended to start with while using Turbot. These policies mostly focuses on enabling services, frequently used policies to run in check mode & enabling security features such as various encryption standards. Baseline TF scripts allows you to toggle the value to apply or ignore. See the below sections for more information. - -Some of these policies overlap with other set of baselines. Hence Turbot provided set of baseline TF files are executed in separate [Smart Folder](https://turbot.com/v5/docs/getting-started/smart_folder). The advantage of setting up of each baseline in their own Smart Folder prevents conflicting with the policy settings created by other baseline scripts. - -This baseline will not attach to a resource by default. This needs to be done manually using the Turbot UI. - -## Requirements - -- Terraform v0.13 or greater installed -- Valid Turbot configuration credentials - -For further information on configuring Turbot credentials can be found [here](https://turbot.com/v5/docs/reference/cli/installation#setup-your-turbot-credentials). - -## Applying baseline - -The baseline is defined by a set of files which together define the configuration of the baseline. - -### Initialize baseline - -If not previously run, Initialize Terraform to get all necessary providers for the baseline. - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform init - ``` -### Profile name as input - -The baseline example set requires you to provide `turbot_profile` name as input. This is to help in case you are having more profiles than only `default`. In case it's default, specify name as default. - -```shell -var.turbot_profile - Enter profile matching your turbot cli credentials. - Enter a value: -``` - -### Deploying demo example - -1. Navigate to the folder of the baseline -2. Initialize Terraform -3. Apply the baseline using the demo input variable file [demo.tfvars](demo.tfvars) - -On the terminal this will look like: - -```shell -cd -terraform init -terraform apply --var-file demo.tfvars -``` -**Note** -- Most of the variables in demo.tfvars are marked as `false`, as they are not part of required initial policies. This can be made `true` based on need. - -- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default variable file. - -### Input variable files - -Input variable files allow for the user to configure configuration definitions for multiple environments in different files. - -This baseline comes with an example input variable file called [demo.tfvars](demo.tfvars). - -It will be used to define which parts of the baseline to apply and which to ignore. - -The variables that can be overwritten by the input variable files i.e. [demo.tfvars](demo.tfvars) are defined in the [variables.tf](variables.tf) file. - -Further details found in official [Terraform documentation](https://www.terraform.io/docs/language/values/variables.html). - -### Apply baseline using input variable files - -If seeking to apply the baseline using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform apply --var-file=demo.tfvars - ``` -### Apply baseline without input variable file - -The baseline can be applied without an input variable file. - -1. By this time Terraform initialization is done as mentioned above. -3. Prefer to check the outcome by running the Terraform plan -3. Apply the Terraform -4. Run the command: - -```shell -cd -terraform plan -terraform apply -``` - -`This may prompt the user applying the baseline to enter values for variables that do not have default values.` - -### Destroy baseline without input variable file - -If seeking to apply the baseline without using an input variable file. - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform destroy - ``` - -### Destroy using input variable files - -If seeking to destoy the baseline configuration using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform destroy --var-file=demo.tfvars - ``` - -## Commenting strategy - -All Turbot policies used by the baselines will have a link to the official Turbot Mods documentation. - -Opening the links will give you further details about: - -- The purpose of the policy -- Policy URI name -- Parent information -- Category information -- Target information -- All valid values diff --git a/baselines/todo_policy_packs/gcp/gcp_check_iam/demo.tfvars b/baselines/todo_policy_packs/gcp/gcp_check_iam/demo.tfvars deleted file mode 100644 index 19ac07472..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_iam/demo.tfvars +++ /dev/null @@ -1,11 +0,0 @@ -# This file contains policies which are not decided to enable part of initial baseline policies. -# If you want to enable them, change the vale to true and execute terraform apply by passing the demo.tfvar file. -# See README for more details. - -# See file service_account_key_policies.tf -enable_service_account_key_policies = false - -enable_service_account_key_approved_policies = false - -# See file service_account_policy_trust_policies.tf -enable_service_account_trusted_access_policies = false diff --git a/baselines/todo_policy_packs/gcp/gcp_check_iam/outputs.tf b/baselines/todo_policy_packs/gcp/gcp_check_iam/outputs.tf deleted file mode 100644 index 4f7a66b23..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_iam/outputs.tf +++ /dev/null @@ -1,31 +0,0 @@ -# Baseline configuration - -output "enable_service_account_key_active_policies" { - value = var.enable_service_account_key_active_policies -} - -output "enable_service_account_key_approved_policies" { - value = var.enable_service_account_key_approved_policies -} - -output "enable_service_account_policy_trusted_domains_policies" { - value = var.enable_service_account_trusted_access_policies -} - -# Turbot profile and smart folder - -output "turbot_profile" { - value = var.turbot_profile -} - -output "smart_folder_name" { - value = var.smart_folder_name -} - -output "smart_folder_description" { - value = var.smart_folder_description -} - -output "smart_folder_parent_resource" { - value = var.smart_folder_parent_resource -} diff --git a/baselines/todo_policy_packs/gcp/gcp_check_iam/providers.tf b/baselines/todo_policy_packs/gcp/gcp_check_iam/providers.tf deleted file mode 100644 index 715fb0f92..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_iam/providers.tf +++ /dev/null @@ -1,12 +0,0 @@ -terraform { - required_providers { - turbot = { - source = "turbot/turbot" - } - } - required_version = ">= 0.13" -} - -provider "turbot" { - profile = var.turbot_profile -} \ No newline at end of file diff --git a/baselines/todo_policy_packs/gcp/gcp_check_iam/service_account_key_active_policies.tf b/baselines/todo_policy_packs/gcp/gcp_check_iam/service_account_key_active_policies.tf deleted file mode 100644 index 85698bcc9..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_iam/service_account_key_active_policies.tf +++ /dev/null @@ -1,38 +0,0 @@ -# GCP > IAM > Service Account Key > Active -# https://turbot.com/v5/mods/turbot/gcp-iam/inspect#/policy/types/serviceAccountKeyActive -resource "turbot_policy_setting" "service_account_key_active" { - count = var.enable_service_account_key_active_policies ? 1 : 0 - resource = turbot_smart_folder.gcp_iam.id - type = "tmod:@turbot/gcp-iam#/policy/types/serviceAccountKeyActive" - value = "Check: Active" - # "Skip" - # "Check: Active" - # "Enforce: Delete inactive with 1 day warning" - # "Enforce: Delete inactive with 3 days warning" - # "Enforce: Delete inactive with 7 days warning" - # "Enforce: Delete inactive with 14 days warning" - # "Enforce: Delete inactive with 30 days warning" - # "Enforce: Delete inactive with 60 days warning" - # "Enforce: Delete inactive with 90 days warning" - # "Enforce: Delete inactive with 180 days warning" - # "Enforce: Delete inactive with 365 days warning" -} - -# GCP > IAM > Service Account Key > Active > Age -# https://turbot.com/v5/mods/turbot/gcp-iam/inspect#/policy/types/serviceAccountKeyActiveAge -resource "turbot_policy_setting" "service_account_key_active_age" { - count = var.enable_service_account_key_active_policies ? 1 : 0 - resource = turbot_smart_folder.gcp_iam.id - type = "tmod:@turbot/gcp-iam#/policy/types/serviceAccountKeyActiveAge" - value = "Force inactive if age > 90 days" - # "Skip" - # "Force inactive if age > 1 day" - # "Force inactive if age > 3 days" - # "Force inactive if age > 7 days" - # "Force inactive if age > 14 days" - # "Force inactive if age > 30 days" - # "Force inactive if age > 60 days" - # "Force inactive if age > 90 days" - # "Force inactive if age > 180 days" - # "Force inactive if age > 365 days" -} diff --git a/baselines/todo_policy_packs/gcp/gcp_check_iam/service_account_key_approved_policies.tf.tf b/baselines/todo_policy_packs/gcp/gcp_check_iam/service_account_key_approved_policies.tf.tf deleted file mode 100644 index 9b2ed4783..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_iam/service_account_key_approved_policies.tf.tf +++ /dev/null @@ -1,24 +0,0 @@ -# GCP > IAM > Service Account Key > Approved -# https://turbot.com/v5/mods/turbot/gcp-iam/inspect#/policy/types/serviceAccountKeyApproved -# Alternative is to mark Service Account Keys unapproved -resource "turbot_policy_setting" "service_account_key_approved" { - count = var.enable_service_account_key_approved_policies ? 1 : 0 - resource = turbot_smart_folder.gcp_iam.id - type = "tmod:@turbot/gcp-iam#/policy/types/serviceAccountKeyApproved" - value = "Check: Approved" - # "Skip" - # "Check: Approved" - # "Enforce: Delete unapproved if new" -} - -## GCP > IAM > Service Account Key > Approved > Usage -## https://turbot.com/v5/mods/turbot/gcp-iam/inspect#/policy/types/serviceAccountKeyApprovedUsage -resource "turbot_policy_setting" "service_account_key_approved_usage" { - count = var.enable_service_account_key_approved_policies ? 1 : 0 - resource = turbot_smart_folder.gcp_iam.id - type = "tmod:@turbot/gcp-iam#/policy/types/serviceAccountKeyApprovedUsage" - value = "Not approved" - # "Not approved" - # "Approved" - # "Approved if GCP > IAM > Enabled" -} diff --git a/baselines/todo_policy_packs/gcp/gcp_check_iam/service_account_trust_access_policies.tf b/baselines/todo_policy_packs/gcp/gcp_check_iam/service_account_trust_access_policies.tf deleted file mode 100644 index ea9cf6efb..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_iam/service_account_trust_access_policies.tf +++ /dev/null @@ -1,28 +0,0 @@ -# IAM Service Account Policy Trusted Access only trusts specific domains. -# Trusted Domains are defined in Public Access Baseline. - -# GCP > IAM > Service Account > Policy > Trusted Access -# https://turbot.com/v5/mods/turbot/gcp-iam/inspect#/policy/types/serviceAccountPolicyTrustedAccess -resource "turbot_policy_setting" "iam_service_account_policy_trusted_access" { - count = var.enable_service_account_trusted_access_policies ? 1 : 0 - resource = turbot_smart_folder.gcp_iam.id - type = "tmod:@turbot/gcp-iam#/policy/types/serviceAccountPolicyTrustedAccess" - value = "Check: Trusted Access > *" - # Enforce: Trusted Access > *" -} - -# # Already Set globally in the Public Access Smart Folder Baseline, commenting out incase needed to enable here -# # List of Trusted Domains -# Could also consider Trusted Groups, Service Accounts, and Users - -# GCP > IAM > Service Account > Policy > Trusted Access > Domains -# https://turbot.com/v5/mods/turbot/gcp-iam/inspect#/policy/types/serviceAccountPolicyTrustedDomains -resource "turbot_policy_setting" "iam_service_account_policy_trusted_domains" { - count = var.enable_service_account_trusted_access_policies ? 1 : 0 - resource = turbot_smart_folder.gcp_iam.id - type = "tmod:@turbot/gcp-iam#/policy/types/serviceAccountPolicyTrustedDomains" - value = <<-EOT - - "*" # allows all, adjust for specific domains (e.g. turbot.com) - - "turbot.com" -EOT -} diff --git a/baselines/todo_policy_packs/gcp/gcp_check_iam/smart_folder.tf b/baselines/todo_policy_packs/gcp/gcp_check_iam/smart_folder.tf deleted file mode 100644 index 1bf8a0987..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_iam/smart_folder.tf +++ /dev/null @@ -1,5 +0,0 @@ -resource "turbot_smart_folder" "gcp_iam" { - parent = var.smart_folder_parent_resource - title = var.smart_folder_name - description = var.smart_folder_description -} \ No newline at end of file diff --git a/baselines/todo_policy_packs/gcp/gcp_check_iam/variables.tf b/baselines/todo_policy_packs/gcp/gcp_check_iam/variables.tf deleted file mode 100644 index b1211af9d..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_iam/variables.tf +++ /dev/null @@ -1,43 +0,0 @@ -# Baseline Configuration - -variable "enable_service_account_key_active_policies" { - type = bool - description = "Enable the IAM user access service account key active policies for baseline" - default = true -} - -variable "enable_service_account_key_approved_policies" { - type = bool - description = "Enable the IAM user access service account key approved policies for baseline" - default = true -} - -variable "enable_service_account_trusted_access_policies" { - type = bool - description = "Enable the IAM Service Account Trusted policies for baseline" - default = false -} - -# Optional Common Baseline Configuration - -variable "turbot_profile" { - description = "Enter profile matching your turbot cli credentials." -} - -variable "smart_folder_name" { - description = "Smart folder name for the baseline" - type = string - default = "GCP Check IAM Policies" -} - -variable "smart_folder_description" { - description = "Enter a description for the smart folder" - type = string - default = "Defines sets of policies for the GCP Check IAM baseline" -} - -variable "smart_folder_parent_resource" { - description = "Enter the resource ID or AKA for the parent of the smart folder" - type = string - default = "tmod:@turbot/turbot#/" -} diff --git a/baselines/todo_policy_packs/gcp/gcp_check_labeling/README.md b/baselines/todo_policy_packs/gcp/gcp_check_labeling/README.md deleted file mode 100644 index b5f2b3c37..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_labeling/README.md +++ /dev/null @@ -1,139 +0,0 @@ -# Baseline - GCP Check Tagging - -This baseline will allow you to check for adhernece to the labeling templates, make sure that the Tag Templates are updated with the specific use case to validate. - -More info - -- [Tags in Turbot](https://turbot.com/v5/docs/concepts/guardrails/tagging) - - -## Overview - -Baseline policies are initial set of policies recommended to start with while using Turbot. These policies mostly focuses on enabling services, frequently used policies to run in check mode & enabling security features such as various encryption standards. Baseline TF scripts allows you to toggle the value to apply or ignore. See the below sections for more information. - -Some of these policies overlap with other set of baselines. Hence Turbot provided set of baseline TF files are executed in separate [Smart Folder](https://turbot.com/v5/docs/getting-started/smart_folder). The advantage of setting up of each baseline in their own Smart Folder prevents conflicting with the policy settings created by other baseline scripts. - -This baseline will not attach to a resource by default. This needs to be done manually using the Turbot UI. - -## Requirements - -- Terraform v0.13 or greater installed -- Valid Turbot configuration credentials - -For further information on configuring Turbot credentials can be found [here](https://turbot.com/v5/docs/reference/cli/installation#setup-your-turbot-credentials). - -## Applying baseline - -The baseline is defined by a set of files which together define the configuration of the baseline. - -### Initialize baseline - -If not previously run, Initialize Terraform to get all necessary providers for the baseline. - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform init - ``` -### Profile name as input - -The baseline example set requires you to provide `turbot_profile` name as input. This is to help in case you are having more profiles than only `default`. In case it's default, specify name as default. - -```shell -var.turbot_profile - Enter profile matching your turbot cli credentials. - Enter a value: -``` - -### Deploying demo example - -1. Navigate to the folder of the baseline -2. Initialize Terraform -3. Apply the baseline using the demo input variable file [demo.tfvars](demo.tfvars) - -On the terminal this will look like: - -```shell -cd -terraform init -terraform apply --var-file demo.tfvars -``` -**Note** -- Most of the variables in demo.tfvars are marked as `false`, as they are not part of required initial policies. This can be made `true` based on need. - -- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default variable file. - -### Input variable files - -Input variable files allow for the user to configure configuration definitions for multiple environments in different files. - -This baseline comes with an example input variable file called [demo.tfvars](demo.tfvars). - -It will be used to define which parts of the baseline to apply and which to ignore. - -The variables that can be overwritten by the input variable files i.e. [demo.tfvars](demo.tfvars) are defined in the [variables.tf](variables.tf) file. - -Further details found in official [Terraform documentation](https://www.terraform.io/docs/language/values/variables.html). - -### Apply baseline using input variable files - -If seeking to apply the baseline using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform apply --var-file=demo.tfvars - ``` -### Apply baseline without input variable file - -The baseline can be applied without an input variable file. - -1. By this time Terraform initialization is done as mentioned above. -3. Prefer to check the outcome by running the Terraform plan -3. Apply the Terraform -4. Run the command: - -```shell -cd -terraform plan -terraform apply -``` - -`This may prompt the user applying the baseline to enter values for variables that do not have default values.` - -### Destroy baseline without input variable file - -If seeking to apply the baseline without using an input variable file. - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform destroy - ``` - -### Destroy using input variable files - -If seeking to destoy the baseline configuration using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform destroy --var-file=demo.tfvars - ``` - -## Commenting strategy - -All Turbot policies used by the baselines will have a link to the official Turbot Mods documentation. - -Opening the links will give you further details about: - -- The purpose of the policy -- Policy URI name -- Parent information -- Category information -- Target information -- All valid values diff --git a/baselines/todo_policy_packs/gcp/gcp_check_labeling/demo.tfvars b/baselines/todo_policy_packs/gcp/gcp_check_labeling/demo.tfvars deleted file mode 100644 index 0a8d77036..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_labeling/demo.tfvars +++ /dev/null @@ -1,36 +0,0 @@ -# List of services and resources to be Check: Labels are correct. -# Started with a few resource types to get started aligned with the initial mods installed -# You can remove the comment per row to include the resource type. Make sure you have that related service mod install - -# Acceptable Values: -# "Skip" -# "Check: Labels are correct -# "Enforce: Set labels" - -resource_tags = { - # gcp-project = "Check: Labels are correct" - # gcp-bigquery-dataset = "Check: Labels are correct" - gcp-bigquery-table = "Check: Labels are correct" - # gcp-bigtable-instance = "Check: Labels are correct" - # gcp-composer-environment = "Check: Labels are correct" - gcp-computeengine-disk = "Check: Labels are correct" - # gcp-computeengine-image = "Check: Labels are correct" - gcp-computeengine-instance = "Check: Labels are correct" - # gcp-computeengine-regionDisk = "Check: Labels are correct" - gcp-computeengine-snapshot = "Check: Labels are correct" - # gcp-dataproc-cluster = "Check: Labels are correct" - # gcp-dataproc-job = "Check: Labels are correct" - # gcp-dataproc-workflowTemplate = "Check: Labels are correct" - # gcp-dns-managedZone = "Check: Labels are correct" - # gcp-kms-cryptoKey = "Check: Labels are correct" - # gcp-kubernetesengine-regionCluster = "Check: Labels are correct" - # gcp-kubernetesengine-zoneCluster = "Check: Labels are correct" - # gcp-network-forwardingRule = "Check: Labels are correct" - # gcp-network-globalForwardingRule = "Check: Labels are correct" - # gcp-network-vpnTunnel = "Check: Labels are correct" - # gcp-pubsub-snapshot = "Check: Labels are correct" - # gcp-pubsub-subscription = "Check: Labels are correct" - # gcp-spanner-instance = "Check: Labels are correct" - gcp-sql-instance = "Check: Labels are correct" - gcp-storage-bucket = "Check: Labels are correct" -} \ No newline at end of file diff --git a/baselines/todo_policy_packs/gcp/gcp_check_labeling/labeling_policies.tf b/baselines/todo_policy_packs/gcp/gcp_check_labeling/labeling_policies.tf deleted file mode 100644 index c35a34d21..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_labeling/labeling_policies.tf +++ /dev/null @@ -1,59 +0,0 @@ -# Simple labeling/tagging controls to check for adhernece to the tagging template example -# Tag template should be updated per your specific use case -# More Info: https://turbot.com/v5/docs/concepts/guardrails/tagging - -## Sets tagging policy for each resource type in the resource_tags map. -# GCP > Project > Labels -# https://turbot.com/v5/mods/turbot/gcp/inspect#/policy/types/projectLabels -resource "turbot_policy_setting" "set_resource_tag_policies" { - for_each = var.resource_tags - resource = turbot_smart_folder.gcp_labeling.id - type = local.policy_map[each.key] - value = each.value -} - -## Sets the default tag template for all resources. -# GCP > Project > Labels > Template -# https://turbot.com/v5/mods/turbot/gcp/inspect#/policy/types/projectLabelsTemplate -resource "turbot_policy_setting" "default_tag_template" { - for_each = var.resource_tags - resource = turbot_smart_folder.gcp_labeling.id - type = local.policy_map_template[each.key] - # GraphQL to pull metadata - template_input = <<-QUERY - { - resource { - turbot { - title - tags - } - creator: notifications(filter: "sort:version_id limit:1") { - items { - actor { - alternatePersona - identity { - turbot { - title - } - } - } - turbot { - createTimestamp - } - } - } - } - } - QUERY - - # Nunjucks template to set tags and check for tag validity. - template = <<-TEMPLATE -# Actor who created the resource -{%- set owner = $.resource.creator.items[0].actor.identity.turbot.title -%} -created_by: "{{ owner | lower | replace(" ", "_") }}" - -# Creation Timestamp -{%- set create_time = $.resource.creator.items[0].turbot.createTimestamp -%} -created_time: "{{ create_time | lower | replace(".", "_") | replace(":", "-") }}" - TEMPLATE -} \ No newline at end of file diff --git a/baselines/todo_policy_packs/gcp/gcp_check_labeling/locals.tf b/baselines/todo_policy_packs/gcp/gcp_check_labeling/locals.tf deleted file mode 100644 index 452815021..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_labeling/locals.tf +++ /dev/null @@ -1,61 +0,0 @@ -locals { -# Mapping of resource name for the policy -# Note: the resource map above dictates the applicable use of each line item below. You do not need to comment out these items to reduce scope -policy_map = { - gcp-project : "tmod:@turbot/gcp#/policy/types/projectLabels" - gcp-bigquery-dataset : "tmod:@turbot/gcp-bigquery#/policy/types/datasetLabels" - gcp-bigquery-table : "tmod:@turbot/gcp-bigquery#/policy/types/tableLabels" - gcp-bigtable-instance : "tmod:@turbot/gcp-bigtable#/policy/types/instanceLabels" - gcp-composer-environment : "tmod:@turbot/gcp-composer#/policy/types/environmentLabels" - gcp-computeengine-disk : "tmod:@turbot/gcp-computeengine#/policy/types/diskLabels" - gcp-computeengine-image : "tmod:@turbot/gcp-computeengine#/policy/types/imageLabels" - gcp-computeengine-instance : "tmod:@turbot/gcp-computeengine#/policy/types/instanceLabels" - gcp-computeengine-regionDisk : "tmod:@turbot/gcp-computeengine#/policy/types/regionDiskLabels" - gcp-computeengine-snapshot : "tmod:@turbot/gcp-computeengine#/policy/types/snapshotLabels" - gcp-dataproc-cluster : "tmod:@turbot/gcp-dataproc#/policy/types/clusterLabels" - gcp-dataproc-job : "tmod:@turbot/gcp-dataproc#/policy/types/jobLabels" - gcp-dataproc-workflowTemplate : "tmod:@turbot/gcp-dataproc#/policy/types/workflowTemplateLabels" - gcp-dns-managedZone : "tmod:@turbot/gcp-dns#/policy/types/managedZoneLabels" - gcp-kms-cryptoKey : "tmod:@turbot/gcp-kms#/policy/types/cryptoKeyLabels" - gcp-kubernetesengine-regionCluster : "tmod:@turbot/gcp-kubernetesengine#/policy/types/regionClusterLabels" - gcp-kubernetesengine-zoneCluster : "tmod:@turbot/gcp-kubernetesengine#/policy/types/zoneClusterLabels" - gcp-network-forwardingRule : "tmod:@turbot/gcp-network#/policy/types/forwardingRuleLabels" - gcp-network-globalForwardingRule : "tmod:@turbot/gcp-network#/policy/types/globalForwardingRuleLabels" - gcp-network-vpnTunnel : "tmod:@turbot/gcp-network#/policy/types/vpnTunnelLabels" - gcp-pubsub-snapshot : "tmod:@turbot/gcp-pubsub#/policy/types/snapshotLabels" - gcp-pubsub-subscription : "tmod:@turbot/gcp-pubsub#/policy/types/subscriptionLabels" - gcp-spanner-instance : "tmod:@turbot/gcp-spanner#/policy/types/instanceLabels" - gcp-sql-instance : "tmod:@turbot/gcp-sql#/policy/types/instanceLabels" - gcp-storage-bucket : "tmod:@turbot/gcp-storage#/policy/types/bucketLabels" - } - -# Mapping of resource name to the policy map -# Note: the resource map above dictates the applicable use of each line item below. You do not need to comment out these items to reduce scope -policy_map_template = { - gcp-project : "tmod:@turbot/gcp#/policy/types/projectLabelsTemplate" - gcp-bigquery-dataset : "tmod:@turbot/gcp-bigquery#/policy/types/datasetLabelsTemplate" - gcp-bigquery-table : "tmod:@turbot/gcp-bigquery#/policy/types/tableLabelsTemplate" - gcp-bigtable-instance : "tmod:@turbot/gcp-bigtable#/policy/types/instanceLabelsTemplate" - gcp-composer-environment : "tmod:@turbot/gcp-composer#/policy/types/environmentLabelsTemplate" - gcp-computeengine-disk : "tmod:@turbot/gcp-computeengine#/policy/types/diskLabelsTemplate" - gcp-computeengine-image : "tmod:@turbot/gcp-computeengine#/policy/types/imageLabelsTemplate" - gcp-computeengine-instance : "tmod:@turbot/gcp-computeengine#/policy/types/instanceLabelsTemplate" - gcp-computeengine-regionDisk : "tmod:@turbot/gcp-computeengine#/policy/types/regionDiskLabelsTemplate" - gcp-computeengine-snapshot : "tmod:@turbot/gcp-computeengine#/policy/types/snapshotLabelsTemplate" - gcp-dataproc-cluster : "tmod:@turbot/gcp-dataproc#/policy/types/clusterLabelsTemplate" - gcp-dataproc-job : "tmod:@turbot/gcp-dataproc#/policy/types/jobLabelsTemplate" - gcp-dataproc-workflowTemplate : "tmod:@turbot/gcp-dataproc#/policy/types/workflowTemplateLabelsTemplate" - gcp-dns-managedZone : "tmod:@turbot/gcp-dns#/policy/types/managedZoneLabelsTemplate" - gcp-kms-cryptoKey : "tmod:@turbot/gcp-kms#/policy/types/cryptoKeyLabelsTemplate" - gcp-kubernetesengine-regionCluster : "tmod:@turbot/gcp-kubernetesengine#/policy/types/regionClusterLabelsTemplate" - gcp-kubernetesengine-zoneCluster : "tmod:@turbot/gcp-kubernetesengine#/policy/types/zoneClusterLabelsTemplate" - gcp-network-forwardingRule : "tmod:@turbot/gcp-network#/policy/types/forwardingRuleLabelsTemplate" - gcp-network-globalForwardingRule : "tmod:@turbot/gcp-network#/policy/types/globalForwardingRuleLabelsTemplate" - gcp-network-vpnTunnel : "tmod:@turbot/gcp-network#/policy/types/vpnTunnelLabelsTemplate" - gcp-pubsub-snapshot : "tmod:@turbot/gcp-pubsub#/policy/types/snapshotLabelsTemplate" - gcp-pubsub-subscription : "tmod:@turbot/gcp-pubsub#/policy/types/subscriptionLabelsTemplate" - gcp-spanner-instance : "tmod:@turbot/gcp-spanner#/policy/types/instanceLabelsTemplate" - gcp-sql-instance : "tmod:@turbot/gcp-sql#/policy/types/instanceLabelsTemplate" - gcp-storage-bucket : "tmod:@turbot/gcp-storage#/policy/types/bucketLabelsTemplate" - } -} \ No newline at end of file diff --git a/baselines/todo_policy_packs/gcp/gcp_check_labeling/outputs.tf b/baselines/todo_policy_packs/gcp/gcp_check_labeling/outputs.tf deleted file mode 100644 index 8d4e68480..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_labeling/outputs.tf +++ /dev/null @@ -1,19 +0,0 @@ -output "resource_tags" { - value = var.resource_tags -} - -output "turbot_profile" { - value = var.turbot_profile -} - -output "smart_folder_name" { - value = var.smart_folder_name -} - -output "smart_folder_description" { - value = var.smart_folder_description -} - -output "smart_folder_parent_resource" { - value = var.smart_folder_parent_resource -} \ No newline at end of file diff --git a/baselines/todo_policy_packs/gcp/gcp_check_labeling/providers.tf b/baselines/todo_policy_packs/gcp/gcp_check_labeling/providers.tf deleted file mode 100644 index db6e1f7b4..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_labeling/providers.tf +++ /dev/null @@ -1,12 +0,0 @@ -terraform { - required_providers { - turbot = { - source = "turbot/turbot" - } - } - required_version = ">= 0.13" -} - -provider "turbot" { - profile = var.turbot_profile -} \ No newline at end of file diff --git a/baselines/todo_policy_packs/gcp/gcp_check_labeling/smartfolder.tf b/baselines/todo_policy_packs/gcp/gcp_check_labeling/smartfolder.tf deleted file mode 100644 index 703b3a7ad..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_labeling/smartfolder.tf +++ /dev/null @@ -1,5 +0,0 @@ -resource "turbot_smart_folder" "gcp_labeling" { - parent = var.smart_folder_parent_resource - title = var.smart_folder_name - description = var.smart_folder_description -} \ No newline at end of file diff --git a/baselines/todo_policy_packs/gcp/gcp_check_labeling/vaiables.tf b/baselines/todo_policy_packs/gcp/gcp_check_labeling/vaiables.tf deleted file mode 100644 index 26ed5eee2..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_labeling/vaiables.tf +++ /dev/null @@ -1,73 +0,0 @@ -# Baseline Configuration - -variable "resource_tags" { - description = < -``` - -### Deploying demo example - -1. Navigate to the folder of the baseline -2. Initialize Terraform -3. Apply the baseline using the demo input variable file [demo.tfvars](demo.tfvars) - -On the terminal this will look like: - -```shell -cd -terraform init -terraform apply --var-file demo.tfvars -``` -**Note** -- Most of the variables in demo.tfvars are marked as `false`, as they are not part of required initial policies. This can be made `true` based on need. - -- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default variable file. - -### Input variable files - -Input variable files allow for the user to configure configuration definitions for multiple environments in different files. - -This baseline comes with an example input variable file called [demo.tfvars](demo.tfvars). - -It will be used to define which parts of the baseline to apply and which to ignore. - -The variables that can be overwritten by the input variable files i.e. [demo.tfvars](demo.tfvars) are defined in the [variables.tf](variables.tf) file. - -Further details found in official [Terraform documentation](https://www.terraform.io/docs/language/values/variables.html). - -### Apply baseline using input variable files - -If seeking to apply the baseline using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform apply --var-file=demo.tfvars - ``` -### Apply baseline without input variable file - -The baseline can be applied without an input variable file. - -1. By this time Terraform initialization is done as mentioned above. -3. Prefer to check the outcome by running the Terraform plan -3. Apply the Terraform -4. Run the command: - -```shell -cd -terraform plan -terraform apply -``` - -`This may prompt the user applying the baseline to enter values for variables that do not have default values.` - -### Destroy baseline without input variable file - -If seeking to apply the baseline without using an input variable file. - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform destroy - ``` - -### Destroy using input variable files - -If seeking to destoy the baseline configuration using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform destroy --var-file=demo.tfvars - ``` - -## Commenting strategy - -All Turbot policies used by the baselines will have a link to the official Turbot Mods documentation. - -Opening the links will give you further details about: - -- The purpose of the policy -- Policy URI name -- Parent information -- Category information -- Target information -- All valid values diff --git a/baselines/todo_policy_packs/gcp/gcp_check_logging/kubernetes_engine_policies.tf b/baselines/todo_policy_packs/gcp/gcp_check_logging/kubernetes_engine_policies.tf deleted file mode 100644 index 9219ef69b..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_logging/kubernetes_engine_policies.tf +++ /dev/null @@ -1,13 +0,0 @@ -# GCP > Kubernetes Engine > Region Cluster > Logging -# https://turbot.com/v5/mods/turbot/gcp-kubernetesengine/inspect#/policy/types/regionClusterLogging -resource "turbot_policy_setting" "gcp_kubernetes_engine_region_cluster_logging" { - count = var.enable_kubernetes_engine_region_cluster_logging_policies ? 1 : 0 - resource = turbot_smart_folder.gcp_logging.id - type = "tmod:@turbot/gcp-kubernetesengine#/policy/types/regionClusterLogging" - value = "Check: Enabled" - # "Skip" - # "Check: Disabled" - # "Check: Enabled" - # "Enforce: Disabled" - # "Enforce: Enabled" -} diff --git a/baselines/todo_policy_packs/gcp/gcp_check_logging/network_logging_policies.tf b/baselines/todo_policy_packs/gcp/gcp_check_logging/network_logging_policies.tf deleted file mode 100644 index 1d25e4d35..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_logging/network_logging_policies.tf +++ /dev/null @@ -1,62 +0,0 @@ -# GCP > Network > Firewall > Logging -# https://turbot.com/v5/mods/turbot/gcp-network/inspect#/policy/types/firewallLogging -resource "turbot_policy_setting" "gcp_network_firewall_logging" { - resource = turbot_smart_folder.gcp_logging.id - type = "tmod:@turbot/gcp-network#/policy/types/firewallLogging" - value = "Check: Enabled" - # "Skip" - # "Check: Disabled" - # "Check: Enabled" - # "Enforce: Disabled" - # "Enforce: Enabled" -} - -# GCP > Network > Backend Service > Logging -# https://turbot.com/v5/mods/turbot/gcp-network/inspect#/policy/types/regionBackendServiceLogging -resource "turbot_policy_setting" "gcp_network_backend_service_logging" { - resource = turbot_smart_folder.gcp_logging.id - type = "tmod:@turbot/gcp-network#/policy/types/backendServiceLogging" - value = "Check: Enabled" - # "Skip" - # "Check: Disabled" - # "Check: Enabled" - # "Enforce: Disabled" - # "Enforce: Enabled" -} - -# GCP > Network > Backend Service > Logging > Sample Rate -# https://turbot.com/v5/mods/turbot/gcp-network/inspect#/policy/types/regionBackendServiceLoggingSampleRate -# Sampling rate of requests to the load balancer -# Where 1 means all logged requests are reported -# Where 0 means no logged requests are reported -resource "turbot_policy_setting" "gcp_network_backend_service_logging_sammple_rate" { - resource = turbot_smart_folder.gcp_logging.id - type = "tmod:@turbot/gcp-network#/policy/types/backendServiceLoggingSampleRate" - value = "1" -} - -# GCP > Network > Region Backend Service > Logging -# https://turbot.com/v5/mods/turbot/gcp-network/inspect#/policy/types/regionBackendServiceLogging -resource "turbot_policy_setting" "gcp_network_region_backend_service_logging" { - count = var.enable_network_region_backend_service_logging_policies ? 1 : 0 - resource = turbot_smart_folder.gcp_logging.id - type = "tmod:@turbot/gcp-network#/policy/types/regionBackendServiceLogging" - value = "Check: Enabled" - # "Skip" - # "Check: Disabled" - # "Check: Enabled" - # "Enforce: Disabled" - # "Enforce: Enabled" -} - -# GCP > Network > Region Backend Service > Logging > Sample Rate -# https://turbot.com/v5/mods/turbot/gcp-network/inspect#/policy/types/regionBackendServiceLoggingSampleRate -# Sampling rate of requests to the load balancer -# Where 1 means all logged requests are reported -# Where 0 means no logged requests are reported -resource "turbot_policy_setting" "gcp_network_region_backend_service_logging_sammple_rate" { - count = var.enable_network_region_backend_service_logging_sammple_rate_policies ? 1 : 0 - resource = turbot_smart_folder.gcp_logging.id - type = "tmod:@turbot/gcp-network#/policy/types/regionBackendServiceLoggingSampleRate" - value = "1" -} diff --git a/baselines/todo_policy_packs/gcp/gcp_check_logging/outputs.tf b/baselines/todo_policy_packs/gcp/gcp_check_logging/outputs.tf deleted file mode 100644 index 41634e99a..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_logging/outputs.tf +++ /dev/null @@ -1,31 +0,0 @@ -output "enable_kubernetes_engine_region_cluster_logging_policies" { - value = var.enable_kubernetes_engine_region_cluster_logging_policies -} - -output "enable_instance_binary_log_policies" { - value = var.enable_instance_binary_log_policies -} - -output "enable_network_region_backend_service_logging_policies" { - value = var.enable_network_region_backend_service_logging_policies -} - -output "enable_network_region_backend_service_logging_sammple_rate_policies" { - value = var.enable_network_region_backend_service_logging_sammple_rate_policies -} - -output "turbot_profile" { - value = var.turbot_profile -} - -output "smart_folder_name" { - value = var.smart_folder_name -} - -output "smart_folder_description" { - value = var.smart_folder_description -} - -output "smart_folder_parent_resource" { - value = var.smart_folder_parent_resource -} diff --git a/baselines/todo_policy_packs/gcp/gcp_check_logging/providers.tf b/baselines/todo_policy_packs/gcp/gcp_check_logging/providers.tf deleted file mode 100644 index 7205cf6a7..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_logging/providers.tf +++ /dev/null @@ -1,12 +0,0 @@ -terraform { - required_providers { - turbot = { - source = "turbot/turbot" - } - } - required_version = ">= 0.13" -} - -provider "turbot" { - profile = var.turbot_profile -} diff --git a/baselines/todo_policy_packs/gcp/gcp_check_logging/smartfolder.tf b/baselines/todo_policy_packs/gcp/gcp_check_logging/smartfolder.tf deleted file mode 100644 index 6c7fcd04e..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_logging/smartfolder.tf +++ /dev/null @@ -1,5 +0,0 @@ -resource "turbot_smart_folder" "gcp_logging" { - parent = var.smart_folder_parent_resource - title = var.smart_folder_name - description = var.smart_folder_description -} \ No newline at end of file diff --git a/baselines/todo_policy_packs/gcp/gcp_check_logging/sql_policies.tf b/baselines/todo_policy_packs/gcp/gcp_check_logging/sql_policies.tf deleted file mode 100644 index 6d965096c..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_logging/sql_policies.tf +++ /dev/null @@ -1,13 +0,0 @@ -# GCP > SQL > Instance > Binary Log -# https://turbot.com/v5/mods/turbot/gcp-sql/inspect#/control/types/binaryLogEnabled -resource "turbot_policy_setting" "gcp_instance_binary_log" { - count = var.enable_instance_binary_log_policies ? 1 : 0 - resource = turbot_smart_folder.gcp_logging.id - type = "tmod:@turbot/gcp-sql#/policy/types/binaryLogEnabled" - value = "Check: Enabled" - # "Skip" - # "Check: Disabled" - # "Check: Enabled" - # "Enforce: Disabled" - # "Enforce: Enabled" -} diff --git a/baselines/todo_policy_packs/gcp/gcp_check_logging/variables.tf b/baselines/todo_policy_packs/gcp/gcp_check_logging/variables.tf deleted file mode 100644 index d20b24766..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_logging/variables.tf +++ /dev/null @@ -1,49 +0,0 @@ -# Baseline Configuration - -variable "enable_kubernetes_engine_region_cluster_logging_policies" { - type = bool - description = "Enable the Kubernetes Engine Region Cluster policies for baseline" - default = true -} - -variable "enable_instance_binary_log_policies" { - type = bool - description = "Enable the Instatnce Binary Log policies for baseline" - default = true -} - -variable "enable_network_region_backend_service_logging_policies" { - type = bool - description = "Enable the Network Region Backend Service Logging policies for baseline" - default = true -} - -variable "enable_network_region_backend_service_logging_sammple_rate_policies" { - type = bool - description = "Enable the Network Region Backend Service Logging Sample Rate policies for baseline" - default = true -} - -# Optional Common Baseline Configuration - -variable "turbot_profile" { - description = "Enter profile matching your turbot cli credentials." -} - -variable "smart_folder_name" { - description = "Smart folder name for the baseline" - type = string - default = "GCP Check Logging Policies" -} - -variable "smart_folder_description" { - description = "Enter a description for the smart folder" - type = string - default = "Defines sets of policies for the GCP check logging baseline" -} - -variable "smart_folder_parent_resource" { - description = "Enter the resource ID or AKA for the parent of the smart folder" - type = string - default = "tmod:@turbot/turbot#/" -} diff --git a/baselines/todo_policy_packs/gcp/gcp_check_public_access/README.md b/baselines/todo_policy_packs/gcp/gcp_check_public_access/README.md deleted file mode 100644 index ca913fd79..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_public_access/README.md +++ /dev/null @@ -1,143 +0,0 @@ -# Baseline - GCP Check Public Access - -GCP Check Public Access Policies focuses enabling some commonly used GCP resource public access status. - -More details on -- [Public Access Guardrails](https://turbot.com/v5/docs/concepts/guardrails/public-access) - -- [Trusted Access Guardrails](https://turbot.com/v5/docs/concepts/guardrails/trusted-access) - -- [Sample OCL Implementation Example](https://turbot.com/v5/docs/guides/managing-policies/OCL) - -- [Object Control List (OCL)](https://turbot.com/v5/docs/reference/ocl) - -## Overview - -Baseline policies are initial set of policies recommended to start with while using Turbot. These policies mostly focuses on enabling services, frequently used policies to run in check mode & enabling security features such as various encryption standards. Baseline TF scripts allows you to toggle the value to apply or ignore. See the below sections for more information. - -Some of these policies overlap with other set of baselines. Hence Turbot provided set of baseline TF files are executed in separate [Smart Folder](https://turbot.com/v5/docs/getting-started/smart_folder). The advantage of setting up of each baseline in their own Smart Folder prevents conflicting with the policy settings created by other baseline scripts. - -This baseline will not attach to a resource by default. This needs to be done manually using the Turbot UI. - -## Requirements - -- Terraform v0.13 or greater installed -- Valid Turbot configuration credentials - -For further information on configuring Turbot credentials can be found [here](https://turbot.com/v5/docs/reference/cli/installation#setup-your-turbot-credentials). - -## Applying baseline - -The baseline is defined by a set of files which together define the configuration of the baseline. - -### Initialize baseline - -If not previously run, Initialize Terraform to get all necessary providers for the baseline. - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform init - ``` -### Profile name as input - -The baseline example set requires you to provide `turbot_profile` name as input. This is to help in case you are having more profiles than only `default`. In case it's default, specify name as default. - -```shell -var.turbot_profile - Enter profile matching your turbot cli credentials. - Enter a value: -``` - -### Deploying demo example - -1. Navigate to the folder of the baseline -2. Initialize Terraform -3. Apply the baseline using the demo input variable file [demo.tfvars](demo.tfvars) - -On the terminal this will look like: - -```shell -cd -terraform init -terraform apply --var-file demo.tfvars -``` -**Note** -- Most of the variables in demo.tfvars are marked as `false`, as they are not part of required initial policies. This can be made `true` based on need. - -- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default variable file. - -### Input variable files - -Input variable files allow for the user to configure configuration definitions for multiple environments in different files. - -This baseline comes with an example input variable file called [demo.tfvars](demo.tfvars). - -It will be used to define which parts of the baseline to apply and which to ignore. - -The variables that can be overwritten by the input variable files i.e. [demo.tfvars](demo.tfvars) are defined in the [variables.tf](variables.tf) file. - -Further details found in official [Terraform documentation](https://www.terraform.io/docs/language/values/variables.html). - -### Apply baseline using input variable files - -If seeking to apply the baseline using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform apply --var-file=demo.tfvars - ``` -### Apply baseline without input variable file - -The baseline can be applied without an input variable file. - -1. By this time Terraform initialization is done as mentioned above. -3. Prefer to check the outcome by running the Terraform plan -3. Apply the Terraform -4. Run the command: - -```shell -cd -terraform plan -terraform apply -``` - -`This may prompt the user applying the baseline to enter values for variables that do not have default values.` - -### Destroy baseline without input variable file - -If seeking to apply the baseline without using an input variable file. - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform destroy - ``` - -### Destroy using input variable files - -If seeking to destoy the baseline configuration using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform destroy --var-file=demo.tfvars - ``` - -## Commenting strategy - -All Turbot policies used by the baselines will have a link to the official Turbot Mods documentation. - -Opening the links will give you further details about: - -- The purpose of the policy -- Policy URI name -- Parent information -- Category information -- Target information -- All valid values diff --git a/baselines/todo_policy_packs/gcp/gcp_check_public_access/compute_engine_policies.tf b/baselines/todo_policy_packs/gcp/gcp_check_public_access/compute_engine_policies.tf deleted file mode 100644 index ddee2b6d6..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_public_access/compute_engine_policies.tf +++ /dev/null @@ -1,39 +0,0 @@ -# GCP > Compute Engine > Instance > Block Project Wide SSH Keys -# https://turbot.com/v5/mods/turbot/gcp-computeengine/inspect#/policy/types/instanceBlockProjectWideSshKeys -resource "turbot_policy_setting" "instance_block_project_wide_ssh_keys" { - count = var.enable_compute_engine_policies ? 1 : 0 - resource = turbot_smart_folder.gcp_public_access.id - type = "tmod:@turbot/gcp-computeengine#/policy/types/instanceBlockProjectWideSshKeys" - value = "Check: Enabled" - # "Skip" - # "Check: Disabled" - # "Check: Enabled" - # "Enforce: Disabled" - # "Enforce: Enabled" -} - -# GCP > Compute Engine > Instance > External IP Addresses -# https://turbot.com/v5/mods/turbot/gcp-computeenginxe/inspect#/policy/types/instanceExternalIpAddresses -resource "turbot_policy_setting" "instance_external_ip_addresses" { - count = var.enable_compute_engine_policies ? 1 : 0 - resource = turbot_smart_folder.gcp_public_access.id - type = "tmod:@turbot/gcp-computeengine#/policy/types/instanceExternalIpAddresses" - value = "Check: None" - # "Skip" - # "Check: None" - # "Enforce: None" -} - -# GCP > Compute Engine > Instance > Serial Port Access -# https://turbot.com/v5/mods/turbot/gcp-computeengine/inspect#/policy/types/instanceSerialPortAccess -resource "turbot_policy_setting" "instance_serial_port_access" { - count = var.enable_compute_engine_policies ? 1 : 0 - resource = turbot_smart_folder.gcp_public_access.id - type = "tmod:@turbot/gcp-computeengine#/policy/types/instanceSerialPortAccess" - value = "Check: Enabled" - # "Skip" - # "Check: Disabled" - # "Check: Enabled" - # "Enforce: Disabled" - # "Enforce: Enabled" -} diff --git a/baselines/todo_policy_packs/gcp/gcp_check_public_access/locals.tf b/baselines/todo_policy_packs/gcp/gcp_check_public_access/locals.tf deleted file mode 100644 index 1f65ecb66..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_public_access/locals.tf +++ /dev/null @@ -1,24 +0,0 @@ -locals { - policy_map = { - "gcp-bigtable-instance" : "tmod:@turbot/gcp-bigtable#/policy/types/instancePolicyTrustedAccess" - "gcp-computeengine-disk" : "tmod:@turbot/gcp-computeengine#/policy/types/diskPolicyTrustedAccess" - "gcp-computeengine-image" : "tmod:@turbot/gcp-computeengine#/policy/types/imagePolicyTrustedAccess" - "gcp-computeengine-instance" : "tmod:@turbot/gcp-computeengine#/policy/types/instancePolicyTrustedAccess" - "gcp-computeengine-instanceTemplate" : "tmod:@turbot/gcp-computeengine#/policy/types/instanceTemplatePolicyTrustedAccess" - "gcp-computeengine-nodeGroup" : "tmod:@turbot/gcp-computeengine#/policy/types/nodeGroupPolicyTrustedAccess" - "gcp-computeengine-nodeTemplate" : "tmod:@turbot/gcp-computeengine#/policy/types/nodeTemplatePolicyTrustedAccess" - "gcp-dataproc-cluster" : "tmod:@turbot/gcp-dataproc#/policy/types/clusterPolicyTrustedAccess" - "gcp-dataproc-job" : "tmod:@turbot/gcp-dataproc#/policy/types/jobPolicyTrustedAccess" - "gcp-dataproc-workflowTemplate" : "tmod:@turbot/gcp-dataproc#/policy/types/workflowTemplatePolicyTrustedAccess" - "gcp-functions-function" : "tmod:@turbot/gcp-functions#/policy/types/functionPolicyTrustedAccess" - "gcp-iam-projectIam" : "tmod:@turbot/gcp-iam#/policy/types/projectIamPolicyTrustedAccess" - "gcp-iam-serviceAccountPolicy" : "tmod:@turbot/gcp-iam#/policy/types/serviceAccountPolicyTrustedAccess" - "gcp-kms-cryptoKey" : "tmod:@turbot/gcp-kms#/policy/types/cryptoKeyPolicyTrustedAccess" - "gcp-kms-keyRing" : "tmod:@turbot/gcp-kms#/policy/types/keyRingPolicyTrustedAccess" - "gcp-network-subnetwork" : "tmod:@turbot/gcp-network#/policy/types/subnetworkPolicyTrustedAccess" - "gcp-pubsub-subscription" : "tmod:@turbot/gcp-pubsub#/policy/types/subscriptionPolicyTrustedAccess" - "gcp-pubsub-topic" : "tmod:@turbot/gcp-pubsub#/policy/types/topicPolicyTrustedAccess" - "gcp-spanner-instance" : "tmod:@turbot/gcp-spanner#/policy/types/instancePolicyTrustedAccess" - "gcp-storage-bucket" : "tmod:@turbot/gcp-storage#/policy/types/bucketPolicyTrustedAccess" - } -} diff --git a/baselines/todo_policy_packs/gcp/gcp_check_public_access/network_policies.tf b/baselines/todo_policy_packs/gcp/gcp_check_public_access/network_policies.tf deleted file mode 100644 index eae7c9492..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_public_access/network_policies.tf +++ /dev/null @@ -1,29 +0,0 @@ -# Approve / Reject Security Group Ingress Rules -# Can also apply to Egress rules, focus of baseline is on inbound -# Examples are just a starting point, -# More Info: https://turbot.com/v5/docs/guides/managing-policies/OCL -# More Info on OCL: https://turbot.com/v5/docs/reference/ocl - -# GCP > Network > Firewall > Ingress Rules > Approved -# https://turbot.com/v5/mods/turbot/gcp-network/inspect#/policy/types/firewallIngressRulesApproved -resource "turbot_policy_setting" "gcp_network_firewall_ingress_rules_approved" { - count = var.enable_network_policies ? 1 : 0 - resource = turbot_smart_folder.gcp_public_access.id - type = "tmod:@turbot/gcp-network#/policy/types/firewallIngressRulesApproved" - value = "Check: Approved" - # "Skip" - # "Check: Approved" - # "Enforce: Delete unapproved" -} - -# GCP > Network > Firewall > Ingress Rules > Approved > Rules -# https://turbot.com/v5/mods/turbot/gcp-network/inspect#/policy/types/firewallIngressRulesApprovedRules -resource "turbot_policy_setting" "gcp_network_firewall_ingress_rules_approved_rules" { - count = var.enable_network_policies ? 1 : 0 - resource = turbot_smart_folder.gcp_public_access.id - type = "tmod:@turbot/gcp-network#/policy/types/firewallIngressRulesApprovedRules" - value = < Project > Trusted Domains [Default] -# https://turbot.com/v5/mods/turbot/gcp/inspect#/policy/types/trustedDomains -resource "turbot_policy_setting" "project_trusted_domains_template" { - resource = turbot_smart_folder.gcp_public_access.id - type = "tmod:@turbot/gcp#/policy/types/trustedDomains" - value = <<-EOT - - "*" # allows all, adjust for specific domains (e.g. gmail.com, turbot.com) - - "turbot.com" #example of setting a specific domain -EOT -} - -#Loop through var.service_status and set enable policies -# GCP > **Service** > **Resource** > Policy > Trusted Access -# Example policy: https://turbot.com/v5/mods/turbot/gcp-computeengine/inspect#/control/types/diskPolicyTrustedAccess -resource "turbot_policy_setting" "gcp_service_trusted_access" { - for_each = local.policy_map - resource = turbot_smart_folder.gcp_public_access.id - type = each.value - value = "Check: Trusted Access > *" -} diff --git a/baselines/todo_policy_packs/gcp/gcp_check_public_access/variables.tf b/baselines/todo_policy_packs/gcp/gcp_check_public_access/variables.tf deleted file mode 100644 index 047f21dec..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_public_access/variables.tf +++ /dev/null @@ -1,52 +0,0 @@ -# Baseline Configuration - -variable "enable_compute_engine_policies" { - type = bool - description = "Enable Compute Engine public access policies for the baseline" - default = true -} - -variable "enable_network_policies" { - type = bool - description = "Enable GCP Network public access policies for baseline" - default = true -} - -# Optional Common Baseline Configuration - -variable "turbot_profile" { - description = "Enter profile matching your turbot cli credentials." -} - -variable "smart_folder_name" { - description = "Smart folder name for the baseline" - type = string - default = "GCP Check Public Access Policies" -} - -variable "smart_folder_description" { - description = "Enter a description for the smart folder" - type = string - default = "Defines sets of policies for GCP Check Public Access baseline" -} - -variable "smart_folder_parent_resource" { - description = "Enter the resource ID or AKA for the parent of the smart folder" - type = string - default = "tmod:@turbot/turbot#/" -} - -variable "instance_serial_port_access" { - type = string - default = "Check: Enabled" -} - -variable "gcp_network_firewall_ingress_rules_approved" { - type = string - default = "Check: Approved" -} - -variable "gcp_service_trusted_access" { - type = string - default = "Check: Trusted Access > *" -} diff --git a/baselines/todo_policy_packs/gcp/gcp_check_regions/README.md b/baselines/todo_policy_packs/gcp/gcp_check_regions/README.md deleted file mode 100644 index a16f6676f..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_regions/README.md +++ /dev/null @@ -1,188 +0,0 @@ -# Baseline - GCP Check Regions - -This baseline will allow you to discover resources in multiple regions and not approve usage of resource that are not in an allowable region. - -This baseline is only effective when the account regions policies have multiple regions set. - -The account approved regions `GCP > Account > Approved Regions [Default]` policy contains a list of GCP regions in which cloud resources are approved for use. - -If the [GCP Baseline](../gcp_baseline/) has only one region enabled then the approving regions policy will not be -effective as Turbot will only discovers resources for that one region. - -Turbot also supports GCP Lockdown / Boundary policies to limit access to regions which are not part of this baseline. - -More Info - -- [Approved Regions](https://turbot.com/v5/docs/guides/regions#approved-regions) - - -## Overview - -Baseline policies are initial set of policies recommended to start with while using Turbot. These policies mostly focuses on enabling services, frequently used policies to run in check mode & enabling security features such as various encryption standards. Baseline TF scripts allows you to toggle the value to apply or ignore. See the below sections for more information. - -Some of these policies overlap with other set of baselines. Hence Turbot provided set of baseline TF files are executed in separate [Smart Folder](https://turbot.com/v5/docs/getting-started/smart_folder). The advantage of setting up of each baseline in their own Smart Folder prevents conflicting with the policy settings created by other baseline scripts. - -This baseline will not attach to a resource by default. This needs to be done manually using the Turbot UI. - -## Requirements - -- Terraform v0.13 or greater installed -- Valid Turbot configuration credentials - -For further information on configuring Turbot credentials can be found [here](https://turbot.com/v5/docs/reference/cli/installation#setup-your-turbot-credentials). - -## Applying baseline - -The baseline is defined by a set of files which together define the configuration of the baseline. - -### Initialize baseline - -If not previously run, Initialize Terraform to get all necessary providers for the baseline. - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform init - ``` -### Profile name as input - -The baseline example set requires you to provide `turbot_profile` name as input. This is to help in case you are having more profiles than only `default`. In case it's default, specify name as default. - -```shell -var.turbot_profile - Enter profile matching your turbot cli credentials. - Enter a value: -``` - -### Deploying demo example - -The demo baseline expects that the following mods are installed: - - - gcp-bigtable-cluster - - gcp-composer-environment - - gcp-computeengine-disk - - gcp-computeengine-instance - - gcp-computeengine-node-group - - gcp-computeengine-node-template - - gcp-computeengine-region-disk - - gcp-computeengine-region-health-check - - gcp-dataflow-job - - gcp-dataproc-cluster - - gcp-dataproc-job - - gcp-dataproc-workflowtemplate - - gcp-functions-function - - gcp-kms-cryptokey - - gcp-kubernetesengine-region-cluster - - gcp-kubernetesengine-region-node-pool - - gcp-kubernetesengine-zone-cluster - - gcp-kubernetesengine-zone-node-pool - - gcp-network-address - - gcp-network-forwarding-rule - - gcp-network-router - - gcp-network-region-backend-service - - gcp-network-region-url-map - - gcp-network-subnetwork - - gcp-network-target-pool - - gcp-network-target-vpn-gateway - - gcp-network-vpn-tunnel - - gcp-scheduler-job - - gcp-spanner-instance - - gcp-sql-backup - - gcp-sql-database - - gcp-sql-instance - - gcp-storage-bucket - -To run the baseline: - -1. Navigate to the folder of the baseline -2. Initialise Terraform -3. Apply the baseline using the demo input variable file [demo.tfvars](demo.tfvars) - -On the terminal this will look like: - -```shell -cd -terraform init -terraform apply --var-file demo.tfvars -``` - -**Note** -- Most of the variables in demo.tfvars are marked as `false`, as they are not part of required initial policies. This can be made `true` based on need. - -- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default variable file. - - -### Input variable files - -Input variable files allow for the user to configure configuration definitions for multiple environments in different files. - -This baseline comes with an example input variable file called [demo.tfvars](demo.tfvars). - -It will be used to define which parts of the baseline to apply and which to ignore. - -The variables that can be overwritten by the input variable files i.e. [demo.tfvars](demo.tfvars) are defined in the [variables.tf](variables.tf) file. - -Further details found in official [Terraform documentation](https://www.terraform.io/docs/language/values/variables.html). - -### Apply baseline using input variable files - -If seeking to apply the baseline using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform apply --var-file=demo.tfvars - ``` -### Apply baseline without input variable file - -The baseline can be applied without an input variable file. - -1. By this time Terraform initialization is done as mentioned above. -3. Prefer to check the outcome by running the Terraform plan -3. Apply the Terraform -4. Run the command: - -```shell -cd -terraform plan -terraform apply -``` - -`This may prompt the user applying the baseline to enter values for variables that do not have default values.` - -### Destroy baseline without input variable file - -If seeking to apply the baseline without using an input variable file. - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform destroy - ``` - -### Destroy using input variable files - -If seeking to destoy the baseline configuration using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform destroy --var-file=demo.tfvars - ``` - -## Commenting strategy - -All Turbot policies used by the baselines will have a link to the official Turbot Mods documentation. - -Opening the links will give you further details about: - -- The purpose of the policy -- Policy URI name -- Parent information -- Category information -- Target information -- All valid values diff --git a/baselines/todo_policy_packs/gcp/gcp_check_regions/approved_regions_policies.tf b/baselines/todo_policy_packs/gcp/gcp_check_regions/approved_regions_policies.tf deleted file mode 100644 index cf7495597..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_regions/approved_regions_policies.tf +++ /dev/null @@ -1,50 +0,0 @@ -# Approved Regions cloud resources are allowed to reside in. Starting with us regions and global -# GCP > Project > Approved Regions [Default]P -# https://turbot.com/v5/mods/turbot/gcp/inspect#/policy/types/approvedRegionsDefault -resource "turbot_policy_setting" "gcp_project_approved_regions" { - resource = turbot_smart_folder.gcp_regions.id - type = "tmod:@turbot/gcp#/policy/types/approvedRegionsDefault" - value = <<-ALLOWEDREGIONS - # - asia-east1 - # - asia-east2 - # - asia-northeast1 - # - asia-northeast2 - # - asia-northeast3 - # - asia-south1 - # - asia-southeast1 - # - australia-southeast1 - # - europe-north1 - # - europe-west1 - # - europe-west2 - # - europe-west3 - # - europe-west4 - # - europe-west6 - # - northamerica-northeast1 - # - southamerica-east1 - - us-central1 - - us-east1 - - us-east4 - - us-west1 - - us-west2 - - us-west3 - # - asia - # - eu - # - eur3 - # - eur4 - # - nam-eur-asia1 - # - nam3 - # - nam4 - # - nam5 - # - nam6 - - us - - global - ALLOWEDREGIONS -} - -## Sets approved region policy for each resource type in the resource_approved_regions map. -resource "turbot_policy_setting" "set_resource_approved_regions_policies" { - for_each = var.resource_approved_regions - resource = turbot_smart_folder.gcp_regions.id - type = local.policy_map[each.key] - value = each.value -} diff --git a/baselines/todo_policy_packs/gcp/gcp_check_regions/demo.tfvars b/baselines/todo_policy_packs/gcp/gcp_check_regions/demo.tfvars deleted file mode 100644 index 40be3cc9d..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_regions/demo.tfvars +++ /dev/null @@ -1,73 +0,0 @@ -# List of services and resources to be Check: Approved. -# Started with a few resource types to get started aligned with the initial mods installed -# You can comment per row to exclude the resource type. For any included, make sure you have that related service mod install -# See notes per row for nuance conditions for specific service policy settings - -# Acceptable Values: -# "Skip" -# "Check: Approved" -# "Enforce: Delete unapproved if new" - -resource_approved_regions = { - gcp-bigtable-cluster = "Check: Approved" - gcp-composer-environment = "Check: Approved" - gcp-computeengine-disk = "Check: Approved" - gcp-computeengine-instance = "Check: Approved" # note: "Enforce: Stop unapproved", "Enforce: Stop unapproved if new", "Enforce: Delete unapproved if new" - gcp-computeengine-node-group = "Check: Approved" - gcp-computeengine-node-template = "Check: Approved" - gcp-computeengine-region-disk = "Check: Approved" - gcp-computeengine-region-health-check = "Check: Approved" - gcp-dataflow-job = "Check: Approved" # note: does not have an enforce value - gcp-dataproc-cluster = "Check: Approved" - gcp-dataproc-job = "Check: Approved" - gcp-dataproc-workflowtemplate = "Check: Approved" - gcp-functions-function = "Check: Approved" - gcp-kms-cryptokey = "Check: Approved" # note: does not have an enforce value - gcp-kubernetesengine-region-cluster = "Check: Approved" - gcp-kubernetesengine-region-node-pool = "Check: Approved" - gcp-kubernetesengine-zone-cluster = "Check: Approved" - gcp-kubernetesengine-zone-node-pool = "Check: Approved" - gcp-network-address = "Check: Approved" - gcp-network-forwarding-rule = "Check: Approved" - gcp-network-router = "Check: Approved" - gcp-network-region-backend-service = "Check: Approved" - gcp-network-region-url-map = "Check: Approved" - gcp-network-subnetwork = "Check: Approved" - gcp-network-target-pool = "Check: Approved" - gcp-network-target-vpn-gateway = "Check: Approved" - gcp-network-vpn-tunnel = "Check: Approved" - gcp-scheduler-job = "Check: Approved" # note: does not have an enforce value - gcp-spanner-instance = "Check: Approved" - gcp-sql-backup = "Check: Approved" - gcp-sql-database = "Check: Approved" - gcp-sql-instance = "Check: Approved" - gcp-storage-bucket = "Check: Approved" - # gcp-storage-object = "Check: Approved" # turned off by default to reduce noise -} - -# For reference, resources that do not reside in a specific region, therefore cannot limit which regions the resource resides in: - # gcp-appengine - # gcp-bigquery-dataset - # gcp-bigquery-table - # gcp-build - # gcp-datacatalog - # gcp-dns-managed-zone - # gcp-iam-login-names - # gcp-iam-member - # gcp-iam-project-role - # gcp-iam-project-user - # gcp-iam-service-account - # gcp-iam-service-account-key - # gcp-logging-exclusion - # gcp-logging-metric - # gcp-logging-sink - # gcp-memorystore - # gcp-monitoring-alert-policy - # gcp-monitoring-group - # gcp-monitoring-notification-channel - # gcp-notebooks - # gcp-orgpolicy - # gcp-pubsub-snapshot - # gcp-pubsub-subscription - # gcp-pubsub- - \ No newline at end of file diff --git a/baselines/todo_policy_packs/gcp/gcp_check_regions/locals.tf b/baselines/todo_policy_packs/gcp/gcp_check_regions/locals.tf deleted file mode 100644 index e28b034df..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_regions/locals.tf +++ /dev/null @@ -1,40 +0,0 @@ -locals { -## Mapping of resource name to resource tag policy -# Note: the resource map above dictates the applicable use of each line item below. You do not need to comment out these items to reduce scope -policy_map = { - gcp-bigtable-cluster : "tmod:@turbot/gcp-bigtable#/policy/types/clusterApproved" - gcp-composer-environment : "tmod:@turbot/gcp-composer#/policy/types/environmentApproved" - gcp-computeengine-disk : "tmod:@turbot/gcp-computeengine#/policy/types/diskApproved" - gcp-computeengine-instance : "tmod:@turbot/gcp-computeengine#/policy/types/instanceApproved" - gcp-computeengine-node-group : "tmod:@turbot/gcp-computeengine#/policy/types/nodeGroupApproved" - gcp-computeengine-node-template : "tmod:@turbot/gcp-computeengine#/policy/types/nodeTemplateApproved" - gcp-computeengine-region-disk : "tmod:@turbot/gcp-computeengine#/policy/types/regionDiskApproved" - gcp-computeengine-region-health-check : "tmod:@turbot/gcp-computeengine#/policy/types/regionHealthCheckApproved" - gcp-dataflow-job : "tmod:@turbot/gcp-dataflow#/policy/types/jobApproved" - gcp-dataproc-cluster : "tmod:@turbot/gcp-dataproc#/policy/types/clusterApproved" - gcp-dataproc-job : "tmod:@turbot/gcp-dataproc#/policy/types/jobApproved" - gcp-dataproc-workflowtemplate : "tmod:@turbot/gcp-dataproc#/policy/types/workflowTemplateApproved" - gcp-functions-function : "tmod:@turbot/gcp-functions#/policy/types/functionApproved" - gcp-kms-cryptokey : "tmod:@turbot/gcp-kms#/policy/types/cryptoKeyApproved" - gcp-kubernetesengine-region-cluster : "tmod:@turbot/gcp-kubernetesengine#/policy/types/regionClusterApproved" - gcp-kubernetesengine-region-node-pool : "tmod:@turbot/gcp-kubernetesengine#/policy/types/regionNodePoolApproved" - gcp-kubernetesengine-zone-cluster : "tmod:@turbot/gcp-kubernetesengine#/policy/types/zoneClusterApproved" - gcp-kubernetesengine-zone-node-pool : "tmod:@turbot/gcp-kubernetesengine#/policy/types/zoneNodePoolApproved" - gcp-network-address : "tmod:@turbot/gcp-network#/policy/types/addressApproved" - gcp-network-forwarding-rule : "tmod:@turbot/gcp-network#/policy/types/forwardingRuleApproved" - gcp-network-region-backend-service : "tmod:@turbot/gcp-network#/policy/types/regionBackendServiceApproved" - gcp-network-region-url-map : "tmod:@turbot/gcp-network#/policy/types/regionUrlMapApproved" - gcp-network-router : "tmod:@turbot/gcp-network#/policy/types/routerApproved" - gcp-network-subnetwork : "tmod:@turbot/gcp-network#/policy/types/subnetworkApproved" - gcp-network-target-pool : "tmod:@turbot/gcp-network#/policy/types/targetPoolApproved" - gcp-network-target-vpn-gateway : "tmod:@turbot/gcp-network#/policy/types/targetVpnGatewayApproved" - gcp-network-vpn-tunnel : "tmod:@turbot/gcp-network#/policy/types/vpnTunnelApproved" - gcp-scheduler-job : "tmod:@turbot/gcp-scheduler#/policy/types/jobApproved" - gcp-spanner-instance : "tmod:@turbot/gcp-spanner#/policy/types/instanceApproved" - gcp-sql-backup : "tmod:@turbot/gcp-sql#/policy/types/backupApproved" - gcp-sql-database : "tmod:@turbot/gcp-sql#/policy/types/databaseApproved" - gcp-sql-instance : "tmod:@turbot/gcp-sql#/policy/types/instanceApproved" - gcp-storage-bucket : "tmod:@turbot/gcp-storage#/policy/types/bucketApproved" - gcp-storage-object : "tmod:@turbot/gcp-storage#/policy/types/objectApproved" - } -} \ No newline at end of file diff --git a/baselines/todo_policy_packs/gcp/gcp_check_regions/outputs.tf b/baselines/todo_policy_packs/gcp/gcp_check_regions/outputs.tf deleted file mode 100644 index 587f6db19..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_regions/outputs.tf +++ /dev/null @@ -1,19 +0,0 @@ -output "resource_approved_regions" { - value = var.resource_approved_regions -} - -output "turbot_profile" { - value = var.turbot_profile -} - -output "smart_folder_name" { - value = var.smart_folder_name -} - -output "smart_folder_description" { - value = var.smart_folder_description -} - -output "smart_folder_parent_resource" { - value = var.smart_folder_parent_resource -} diff --git a/baselines/todo_policy_packs/gcp/gcp_check_regions/providers.tf b/baselines/todo_policy_packs/gcp/gcp_check_regions/providers.tf deleted file mode 100644 index 715fb0f92..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_regions/providers.tf +++ /dev/null @@ -1,12 +0,0 @@ -terraform { - required_providers { - turbot = { - source = "turbot/turbot" - } - } - required_version = ">= 0.13" -} - -provider "turbot" { - profile = var.turbot_profile -} \ No newline at end of file diff --git a/baselines/todo_policy_packs/gcp/gcp_check_regions/smartfolder.tf b/baselines/todo_policy_packs/gcp/gcp_check_regions/smartfolder.tf deleted file mode 100644 index 857b4c5fe..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_regions/smartfolder.tf +++ /dev/null @@ -1,5 +0,0 @@ -resource "turbot_smart_folder" "gcp_regions" { - parent = var.smart_folder_parent_resource - title = var.smart_folder_name - description = var.smart_folder_description -} \ No newline at end of file diff --git a/baselines/todo_policy_packs/gcp/gcp_check_regions/variables.tf b/baselines/todo_policy_packs/gcp/gcp_check_regions/variables.tf deleted file mode 100644 index ae49de00e..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_regions/variables.tf +++ /dev/null @@ -1,80 +0,0 @@ -# Baseline Configuration -variable "resource_approved_regions" { - description = < -``` - -### Deploying demo example - -1. Navigate to the folder of the baseline -2. Initialize Terraform -3. Apply the baseline using the demo input variable file [demo.tfvars](demo.tfvars) - -On the terminal this will look like: - -```shell -cd -terraform init -terraform apply --var-file demo.tfvars -``` -**Note** -- Most of the variables in demo.tfvars are marked as `false`, as they are not part of required initial policies. This can be made `true` based on need. -- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default variable file. - -### Input variable files - -Input variable files allow for the user to configure configuration definitions for multiple environments in different files. - -This baseline comes with an example input variable file called [demo.tfvars](demo.tfvars). - -It will be used to define which parts of the baseline to apply and which to ignore. - -The variables that can be overwritten by the input variable files i.e. [demo.tfvars](demo.tfvars) are defined in the [variables.tf](variables.tf) file. - -Further details found in official [Terraform documentation](https://www.terraform.io/docs/language/values/variables.html). - -### Apply baseline using input variable files - -If seeking to apply the baseline using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform apply --var-file=demo.tfvars - ``` -### Apply baseline without input variable file - -The baseline can be applied without an input variable file. - -1. By this time Terraform initialization is done as mentioned above. -3. Prefer to check the outcome by running the Terraform plan -3. Apply the Terraform -4. Run the command: - -```shell -cd -terraform plan -terraform apply -``` - -`This may prompt the user applying the baseline to enter values for variables that do not have default values.` - -### Destroy baseline without input variable file - -If seeking to apply the baseline without using an input variable file. - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform destroy - ``` - -### Destroy using input variable files - -If seeking to destoy the baseline configuration using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform destroy --var-file=demo.tfvars - ``` - -## Commenting strategy - -All Turbot policies used by the baselines will have a link to the official Turbot Mods documentation. - -Opening the links will give you further details about: - -- The purpose of the policy -- Policy URI name -- Parent information -- Category information -- Target information -- All valid values \ No newline at end of file diff --git a/baselines/todo_policy_packs/gcp/gcp_check_stack/outputs.tf b/baselines/todo_policy_packs/gcp/gcp_check_stack/outputs.tf deleted file mode 100644 index 2c48a0db7..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_stack/outputs.tf +++ /dev/null @@ -1,27 +0,0 @@ -output "turbot_profile" { - value = var.turbot_profile -} - -output "smart_folder_name" { - value = var.smart_folder_name -} - -output "smart_folder_description" { - value = var.smart_folder_description -} - -output "smart_folder_parent_resource" { - value = var.smart_folder_parent_resource -} - -output "gcp_project_pubsub_stack_policies" { - value = var.gcp_project_pubsub_stack_policies -} - -output "gcp_project_pubsub_stack_tfversion_policies" { - value = var.gcp_project_pubsub_stack_tfversion_policies -} - -output "gcp_project_pubsub_stack_source_policies" { - value = var.gcp_project_pubsub_stack_source_policies -} \ No newline at end of file diff --git a/baselines/todo_policy_packs/gcp/gcp_check_stack/project_stack_policies.tf b/baselines/todo_policy_packs/gcp/gcp_check_stack/project_stack_policies.tf deleted file mode 100644 index a72f475bc..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_stack/project_stack_policies.tf +++ /dev/null @@ -1,32 +0,0 @@ -## Set policy to deploy example GCP Project Stack -# GCP > Project > Stack -# https://turbot.com/v5/mods/turbot/gcp/inspect#/policy/types/projectStack -resource "turbot_policy_setting" "gcp_project_pubsub_stack" { - count = var.gcp_project_pubsub_stack_policies ? 1 : 0 - resource = turbot_smart_folder.gcp_stack.id - type = "tmod:@turbot/gcp#/policy/types/projectStack" - value = "Check: Configured" - # "Enforce: Configured" -} - -# Sets the Terraform version for your Source -# GCP > Project > Stack > Terraform Version -# https://turbot.com/v5/mods/turbot/gcp/inspect#/policy/types/projectStackTerraformVersion -resource "turbot_policy_setting" "gcp_project_pubsub_stack_tfversion" { - count = var.gcp_project_pubsub_stack_tfversion_policies ? 1 : 0 - resource = turbot_smart_folder.gcp_stack.id - type = "tmod:@turbot/gcp#/policy/types/projectStackTerraformVersion" - value = "0.12.*" -} - -## Set policy to apply the Stack Source policy, the TF file source -# GCP > Project > Stack > Source -# https://turbot.com/v5/mods/turbot/gcp/inspect#/policy/types/projectStackSource -resource "turbot_policy_setting" "gcp_project_pubsub_stack_source" { - count = var.gcp_project_pubsub_stack_source_policies ? 1 : 0 - resource = turbot_smart_folder.gcp_stack.id - type = "tmod:@turbot/gcp#/policy/types/projectStackSource" - value = <<-SOURCE - ${file("./tf_includes/sourcestack_policies.tf")} - SOURCE -} diff --git a/baselines/todo_policy_packs/gcp/gcp_check_stack/providers.tf b/baselines/todo_policy_packs/gcp/gcp_check_stack/providers.tf deleted file mode 100644 index 0353d61cb..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_stack/providers.tf +++ /dev/null @@ -1,12 +0,0 @@ -terraform { - required_providers { - turbot = { - source = "turbot/turbot" - } - } - required_version = ">= 0.13" -} - -provider "turbot" { - profile = var.turbot_profile -} diff --git a/baselines/todo_policy_packs/gcp/gcp_check_stack/smartfolder.tf b/baselines/todo_policy_packs/gcp/gcp_check_stack/smartfolder.tf deleted file mode 100644 index 97dcb1f11..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_stack/smartfolder.tf +++ /dev/null @@ -1,5 +0,0 @@ -resource "turbot_smart_folder" "gcp_stack" { - parent = var.smart_folder_parent_resource - title = var.smart_folder_name - description = var.smart_folder_description -} \ No newline at end of file diff --git a/baselines/todo_policy_packs/gcp/gcp_check_stack/tf_includes/sourcestack_policies.tf b/baselines/todo_policy_packs/gcp/gcp_check_stack/tf_includes/sourcestack_policies.tf deleted file mode 100644 index cd52106f8..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_stack/tf_includes/sourcestack_policies.tf +++ /dev/null @@ -1,21 +0,0 @@ -resource "google_pubsub_topic" "turbot_test_demo" { - name = "turbot_test_demo_topic" -} - -resource "google_pubsub_subscription" "turbot_test_demo" { - name = "turbot_test_demo_subscription" - topic = google_pubsub_topic.turbot_test_demo.name - message_retention_duration = "1000s" - retain_acked_messages = true - ack_deadline_seconds = 20 - - expiration_policy { - ttl = "300000.5s" - } -} - -resource "google_pubsub_topic_iam_member" "pubsubpublisher" { - topic = google_pubsub_topic.turbot_test_demo.name - role = "roles/pubsub.publisher" - member = "allAuthenticatedUsers" -} diff --git a/baselines/todo_policy_packs/gcp/gcp_check_stack/variables.tf b/baselines/todo_policy_packs/gcp/gcp_check_stack/variables.tf deleted file mode 100644 index bb83324e1..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_check_stack/variables.tf +++ /dev/null @@ -1,42 +0,0 @@ -# Smartfolder configuration - -variable "turbot_profile" { - description = "Enter profile matching your turbot cli credentials." -} - -variable "smart_folder_name" { - description = "Smart folder name for the baseline" - type = string - default = "GCP Stack Example Policies" -} - -variable "smart_folder_description" { - description = "Enter a description for the smart folder" - type = string - default = "Defines sets of policies for the GCP Stack baseline" -} - -variable "smart_folder_parent_resource" { - description = "Enter the resource ID or AKA for the parent of the smart folder" - type = string - default = "tmod:@turbot/turbot#/" -} - -# Baseline configuration -variable "gcp_project_pubsub_stack_policies" { - type = bool - description = "Enable the GCP Project PubSub Stack policies for baseline" - default = true -} - -variable "gcp_project_pubsub_stack_tfversion_policies" { - type = bool - description = "Enable the GCP Project PubSub Stack TFversion policies for baseline" - default = true -} - -variable "gcp_project_pubsub_stack_source_policies" { - type = bool - description = "Enable the GCP Project PubSub Stack Source policies for baseline" - default = true -} diff --git a/baselines/todo_policy_packs/gcp/gcp_permission/README.md b/baselines/todo_policy_packs/gcp/gcp_permission/README.md deleted file mode 100644 index 463d7416d..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_permission/README.md +++ /dev/null @@ -1,22 +0,0 @@ -# GCP Permission Baseline - -GCP Permission baseline provides a Terraform configuration to assign GCP level permissions to a Turbot user. - -> Make sure you have a [local directory user](https://turbot-dev.com/v5/docs/api/terraform/resources/turbot_local_directory_user) available. - -## Prerequisites - -To run the GCP Permission baseline, you must have: - - - [Terraform](https://www.terraform.io) Version 12 - - [Turbot Terraform Provider](https://github.com/turbotio/terraform-provider-turbot) - - [Credentials](https://turbot.com/v5/docs/reference/cli/installation#setup-your-turbot-credentials) Configured to connect to your Turbot workspace and AWS account - -## Running the Baseline - -To execute the AWS Permission baseline: - - - Go to the GCP permission directory with `cd gcp_permission` - - Update `default.tfvars` with appropriate values - - Run `terraform plan -var-file=default.tfvars` to review the changes to be applied - - Run `terraform apply -var-file=default.tfvars` to apply the changes \ No newline at end of file diff --git a/baselines/todo_policy_packs/gcp/gcp_permission/default.tfvars b/baselines/todo_policy_packs/gcp/gcp_permission/default.tfvars deleted file mode 100644 index 174a0799a..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_permission/default.tfvars +++ /dev/null @@ -1,7 +0,0 @@ -local_directory_name = "" - -user_details = { - "" = "<(1)firstname lastname>" - "" = "<(2)firstname lastname>" -} -grant_scope_id = "tmod:@turbot/turbot#/" \ No newline at end of file diff --git a/baselines/todo_policy_packs/gcp/gcp_permission/main.tf b/baselines/todo_policy_packs/gcp/gcp_permission/main.tf deleted file mode 100644 index 1f33d8d58..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_permission/main.tf +++ /dev/null @@ -1,40 +0,0 @@ -resource "turbot_local_directory" "test_dir" { - parent = var.grant_scope_id - title = var.local_directory_name - description = "Enter the name for the local directory to be created:" - profile_id_template = "{{profile.email}}" -} - -resource "turbot_local_directory_user" "test_user" { - count = length(var.user_details) - title = var.user_details[keys(var.user_details)[count.index]] - email = keys(var.user_details)[count.index] - display_name = var.user_details[keys(var.user_details)[count.index]] - parent = turbot_local_directory.test_dir.id -} - -resource "turbot_profile" "test_user_profile" { - count = length(var.user_details) - title = turbot_local_directory_user.test_user[count.index].title - email = keys(var.user_details)[count.index] - status = "Active" - given_name = split(" ", var.user_details[keys(var.user_details)[count.index]])[0] - family_name = split(" ", var.user_details[keys(var.user_details)[count.index]])[1] - display_name = var.user_details[keys(var.user_details)[count.index]] - parent = turbot_local_directory.test_dir.id - profile_id = keys(var.user_details)[count.index] -} - -resource "turbot_grant" "test" { - count = length(var.user_details) - resource = var.grant_scope_id - type = "tmod:@turbot/gcp#/permission/types/gcp" - level = "tmod:@turbot/turbot-iam#/permission/levels/superuser" - identity = turbot_profile.test_user_profile[count.index].id -} - -resource "turbot_grant_activation" "activate_admin_grant" { - count = length(var.user_details) - resource = var.grant_scope_id - grant = turbot_grant.test[count.index].id -} \ No newline at end of file diff --git a/baselines/todo_policy_packs/gcp/gcp_permission/variables.tf b/baselines/todo_policy_packs/gcp/gcp_permission/variables.tf deleted file mode 100644 index 09fa868c0..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_permission/variables.tf +++ /dev/null @@ -1,15 +0,0 @@ -variable "local_directory_name" { - description = "Enter the name for the local directory to be created:" - type = string -} - -variable "user_details" { - type = map(string) -} - -# It should be the turbot id of turbot, folder or resource -# The Admin and Owner grants will be activated at this level -variable "grant_scope_id" { - type = string - default = "tmod:@turbot/turbot#/" -} \ No newline at end of file diff --git a/baselines/todo_policy_packs/gcp/gcp_project_import/README.md b/baselines/todo_policy_packs/gcp/gcp_project_import/README.md deleted file mode 100644 index 005680574..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_project_import/README.md +++ /dev/null @@ -1,29 +0,0 @@ -# GCP Project Import Baseline - -The GCP project import baseline terraform configuration lets you import GCP Project into turbot with the necessary roles and permissions. - - - It is recommended that you import accounts into Turbot Folders, as it provides greater flexibility and ease of management. - - Give the role a purposeful name such as `turbot-readonly` (read only) or `turbot-superuser` (for full access). - - By default, Turbot is installed with administrator access to enable full functionality. However, You may change this if required. - - -## Prerequisites - -To run the account import baseline, you must have: - - - [Terraform](https://www.terraform.io) Version 12 - - [Turbot Terraform Provider](https://github.com/turbotio/terraform-provider-turbot) - - Terraform [Google Cloud Platform Provider](https://www.terraform.io/docs/providers/google/index.html) - - [Credentials](https://turbot.com/v5/docs/reference/cli/installation#setup-your-turbot-credentials) Configured to connect to your Turbot workspace and GCP project. - - CloudTrail set up in every region of your account. - - - -## Running the Baseline - -To run the gcp project import baseline: - - - Go to the gcp project import baseline directory in the repository with `cd gcp_project_import` - - Update `default.tfvars` with appropriate values - - Run `terraform plan -var-file=default.tfvars` and review the plan for import - - Run `terraform apply -var-file=default.tfvars` to import the account \ No newline at end of file diff --git a/baselines/todo_policy_packs/gcp/gcp_project_import/default.tfvars b/baselines/todo_policy_packs/gcp/gcp_project_import/default.tfvars deleted file mode 100755 index 9afc41614..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_project_import/default.tfvars +++ /dev/null @@ -1,35 +0,0 @@ -gcp_project_id = "" - -client_email = "" - -private_key = < Project resource in Turbot -resource "turbot_resource" "project_resource" { - parent = var.parent_resource - type = "tmod:@turbot/gcp#/resource/types/project" - metadata = jsonencode({ - "gcp" : { - "projectId" : var.gcp_project_id # This is the GCP project id for the account that will be imported, defined in the var file - } - }) - data = jsonencode({ - "projectId" : var.gcp_project_id # This is the GCP project id for the account that will be imported, defined in the var file - }) -} - -# policy to define client email of imported project -resource "turbot_policy_setting" "clientEmail" { - resource = turbot_resource.project_resource.id - type = "tmod:@turbot/gcp#/policy/types/clientEmail" - value = var.client_email -} - -# this is client_id in the pem that GCP gives you in your service account's JSON private key -resource "turbot_policy_setting" "privateKey" { - resource = turbot_resource.project_resource.id - type = "tmod:@turbot/gcp#/policy/types/privateKey" - value = var.private_key -} diff --git a/baselines/todo_policy_packs/gcp/gcp_project_import/variables.tf b/baselines/todo_policy_packs/gcp/gcp_project_import/variables.tf deleted file mode 100644 index d32ebcb85..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_project_import/variables.tf +++ /dev/null @@ -1,20 +0,0 @@ -variable "gcp_project_id" { - description = "Enter the GCP Project Id that you wish to import: Note that you must set your GCP credentials for this account either in your environment variables or default profile:" - type = string -} - -variable "client_email" { - description = "Enter the GCP service account email id: " - type = string -} - -variable "private_key" { - # description = "Enter the private key. (Must match pattern ^< Pub/Sub > API Enabled -resource "turbot_policy_setting" "pubsubApiEnabled" { - resource = turbot_smart_folder.gcp_folder.id - type = "tmod:@turbot/gcp-pubsub#/policy/types/pubsubApiEnabled" - value = "Enforce: Enabled" -} - -# Sets the policy Enable for API Enabled in Logging -# GCP > Logging > API Enabled -resource "turbot_policy_setting" "loggingApiEnabled" { - resource = turbot_smart_folder.gcp_folder.id - type = "tmod:@turbot/gcp-logging#/policy/types/loggingApiEnabled" - value = "Enforce: Enabled" -} - -# Sets the policy for Logging -# GCP > Turbot > Event Handlers > Logging -resource "turbot_policy_setting" "eventHandlersLogging" { - resource = turbot_smart_folder.gcp_folder.id - type = "tmod:@turbot/gcp#/policy/types/eventHandlersLogging" - value = "Enforce: Configured" -} - -# Sets the policy for Pub/Sub -# GCP > Turbot > Event Handlers > Pub/Sub -resource "turbot_policy_setting" "eventHandlersPubSub" { - resource = turbot_smart_folder.gcp_folder.id - type = "tmod:@turbot/gcp#/policy/types/eventHandlersPubSub" - value = "Enforce: Configured" -} \ No newline at end of file diff --git a/baselines/todo_policy_packs/gcp/gcp_setup/variables.tf b/baselines/todo_policy_packs/gcp/gcp_setup/variables.tf deleted file mode 100644 index 5dfa8109d..000000000 --- a/baselines/todo_policy_packs/gcp/gcp_setup/variables.tf +++ /dev/null @@ -1,9 +0,0 @@ -variable "smart_folder_title" { - description = "Enter Smart folder name for importing the gcp account:" - type = string -} - -variable "folder_parent" { - type = string - default = "tmod:@turbot/turbot#/" -} \ No newline at end of file From 0474dc82399c10958c1ca9e788b312a026de1a61 Mon Sep 17 00:00:00 2001 From: Venu Date: Mon, 19 Aug 2024 16:25:13 +0530 Subject: [PATCH 11/17] update README --- baselines/README.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/baselines/README.md b/baselines/README.md index 0d48a1f4b..5b54631c1 100644 --- a/baselines/README.md +++ b/baselines/README.md @@ -4,6 +4,28 @@ Turbot Guardrails Baselines provide best-practice configurations and examples fo ## Current Baselines +## Mods +A common list of mods to install +- [AWS](./aws/aws_mods) +- [Azure](./azure/azure_mods) +- [GCP](./gcp/gcp_mods) +- [Guardrails](./guardrails/guardrails_mods) + +## Service Enabled +Enable or disable, Register or Deregister services and APIs in Guardrails +- [AWS](./aws/aws_service_enabled) +- [Azure](./azure/azure_service_enabled) +- [GCP](./gcp/gcp_service_enabled) + +## Directories +Create Local/Turbot directory and users in your workspace +- [Local](./guardrails/local_directory) +- [Turbot](./guardrails/turbot_profiles) + +## Others +- [Workspace Settings](./guardrails/workspace_settings) +- [Folder Hierarchy](./guardrails/folder_hierarchy) + | Baseline | Path | Description | |-----------------------|--------------------------------------------------------|----------------------------------------------------------------------------------| | AWS Mods | [aws_mods](./aws/aws_mods) | A common list of AWS mods to install | From 6d37ff97f9f5865e45eb12bddf2d1fac7a3b78bf Mon Sep 17 00:00:00 2001 From: Venu Date: Tue, 27 Aug 2024 11:51:38 +0530 Subject: [PATCH 12/17] use table of links only --- baselines/README.md | 22 ---------------------- 1 file changed, 22 deletions(-) diff --git a/baselines/README.md b/baselines/README.md index 5b54631c1..0d48a1f4b 100644 --- a/baselines/README.md +++ b/baselines/README.md @@ -4,28 +4,6 @@ Turbot Guardrails Baselines provide best-practice configurations and examples fo ## Current Baselines -## Mods -A common list of mods to install -- [AWS](./aws/aws_mods) -- [Azure](./azure/azure_mods) -- [GCP](./gcp/gcp_mods) -- [Guardrails](./guardrails/guardrails_mods) - -## Service Enabled -Enable or disable, Register or Deregister services and APIs in Guardrails -- [AWS](./aws/aws_service_enabled) -- [Azure](./azure/azure_service_enabled) -- [GCP](./gcp/gcp_service_enabled) - -## Directories -Create Local/Turbot directory and users in your workspace -- [Local](./guardrails/local_directory) -- [Turbot](./guardrails/turbot_profiles) - -## Others -- [Workspace Settings](./guardrails/workspace_settings) -- [Folder Hierarchy](./guardrails/folder_hierarchy) - | Baseline | Path | Description | |-----------------------|--------------------------------------------------------|----------------------------------------------------------------------------------| | AWS Mods | [aws_mods](./aws/aws_mods) | A common list of AWS mods to install | From 869a7dc451b370e58fc890325c7db4cf3ef685cf Mon Sep 17 00:00:00 2001 From: Venu Date: Tue, 27 Aug 2024 11:56:59 +0530 Subject: [PATCH 13/17] update README.md --- baselines/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/baselines/README.md b/baselines/README.md index 0d48a1f4b..0e1698ba9 100644 --- a/baselines/README.md +++ b/baselines/README.md @@ -49,7 +49,7 @@ Clone: ```sh git clone https://github.com/turbot/guardrails-samples.git -cd guardrails-samples/baselines/aws/aws_mods +cd guardrails-samples/baselines/guardrails/local_directory ``` Run the Terraform to create the policy pack in your workspace: From 2f17243491b8e316c024df999c5d90440a60e1f5 Mon Sep 17 00:00:00 2001 From: Venu Date: Tue, 27 Aug 2024 14:41:23 +0530 Subject: [PATCH 14/17] update README for mods --- baselines/README.md | 2 +- baselines/aws/aws_mods/README.md | 79 +++++++++------------------- baselines/azure/azure_mods/README.md | 79 +++++++++------------------- baselines/gcp/gcp_mods/README.md | 79 +++++++++------------------- 4 files changed, 73 insertions(+), 166 deletions(-) diff --git a/baselines/README.md b/baselines/README.md index 0e1698ba9..759cdb1e2 100644 --- a/baselines/README.md +++ b/baselines/README.md @@ -28,7 +28,7 @@ Turbot Guardrails Baselines provide best-practice configurations and examples fo To create a policy pack through Terraform: -- Ensure you have `Turbot/Admin` permissions (or higher) in Guardrails +- Ensure you have `Turbot/Owner` permissions in Guardrails - [Create access keys](https://turbot.com/guardrails/docs/guides/iam/access-keys#generate-a-new-guardrails-api-access-key) in Guardrails And then set your credentials: diff --git a/baselines/aws/aws_mods/README.md b/baselines/aws/aws_mods/README.md index ab5395654..949e178d8 100644 --- a/baselines/aws/aws_mods/README.md +++ b/baselines/aws/aws_mods/README.md @@ -18,7 +18,7 @@ More information can be found [here](https://turbot.com/guardrails/docs/mods). To install AWS mods using Terraform: -- Ensure you have `Turbot/Owner` permissions (or higher) in Guardrails. +- Ensure you have `Turbot/Owner` permissions in Guardrails. - [Create access keys](https://turbot.com/guardrails/docs/guides/iam/access-keys#generate-a-new-guardrails-api-access-key) in Guardrails. Then set your credentials: @@ -42,76 +42,45 @@ Please see [Turbot Guardrails Provider authentication](https://registry.terrafor terraform init ``` -### Deploying Default Example +### Install -1. Navigate to the `aws_mods` folder. -2. Initialize Terraform. -3. Apply the installation using the default input variable file [default.tfvars](default.tfvars). +After initializing Terraform, you can apply the mods in one of two ways, depending on your needs: + +### 1. Using an Input Variable File -On the terminal, this will look like: +By default, the `default.tfvars` file is configured to install all the mods necessary for CIS (Center for Internet Security) compliance. You can further customize this file to include additional mods as needed. To apply the mods using this specific input variable file, run the following command: ```sh -cd -terraform init -terraform apply --var-file=default.tfvars +terraform apply --var-file=default.tfvars -parallelism=1 ``` -### Input Variable Files - -Input variable files allow users to configure settings for multiple environments in different files. - -This script comes with an example input variable file called [default.tfvars](default.tfvars). - -The variables that can be overridden by the input variable files (e.g., [default.tfvars](default.tfvars)) are defined in the [variables.tf](variables.tf) file. - -For more details, see the official [Terraform documentation](https://www.terraform.io/docs/language/values/variables.html). - -### Apply Installation Using Input Variable Files - -If you want to apply the installation using an input variable file, such as [default.tfvars](default.tfvars): - -1. Navigate to the folder containing the installation configuration. -2. Run the command: - - ```sh - terraform apply --var-file=default.tfvars - ``` - -### Apply Installation Without Input Variable File - -The installation can also be applied without an input variable file. +### 2. Without an Input Variable File -1. Ensure Terraform initialization is done as mentioned above. -2. Optionally, check the outcome by running `terraform plan`. -3. Apply the Terraform configuration: +If you choose not to use an input variable file, the command will install **all** available AWS mods. To proceed with this option, run: - ```sh - cd - terraform plan - terraform apply - ``` +```sh +terraform apply -parallelism=1 +``` -### Destroy Installation Without Input Variable File +### Destroy -To destroy the installation without using an input variable file: +You can destroy the mods in one of two ways: -1. Navigate to the folder containing the installation configuration. -2. Run the command: +### 1. Using an Input Variable File - ```sh - terraform destroy - ``` +Run the following command to destroy the mods using a specific input variable file: -### Destroy Using Input Variable Files +```sh +terraform destroy --var-file=default.tfvars -parallelism=1 +``` -If you want to destroy the installation configuration using an input variable file, such as [default.tfvars](default.tfvars): +### 2. Without an Input Variable File -1. Navigate to the folder containing the installation configuration. -2. Run the command: +Run the following command to destroy the mods without using an input variable file: - ```sh - terraform destroy --var-file=default.tfvars - ``` +```sh +terraform destroy -parallelism=1 +``` ## Commenting Strategy diff --git a/baselines/azure/azure_mods/README.md b/baselines/azure/azure_mods/README.md index be7dcf526..6f79be749 100644 --- a/baselines/azure/azure_mods/README.md +++ b/baselines/azure/azure_mods/README.md @@ -18,7 +18,7 @@ More information can be found [here](https://turbot.com/guardrails/docs/mods). To install Azure mods using Terraform: -- Ensure you have `Turbot/Owner` permissions (or higher) in Guardrails. +- Ensure you have `Turbot/Owner` permissions in Guardrails. - [Create access keys](https://turbot.com/guardrails/docs/guides/iam/access-keys#generate-a-new-guardrails-api-access-key) in Guardrails. Then set your credentials: @@ -42,76 +42,45 @@ Please see [Turbot Guardrails Provider authentication](https://registry.terrafor terraform init ``` -### Deploying Default Example +### Install -1. Navigate to the `azure_mods` folder. -2. Initialize Terraform. -3. Apply the installation using the default input variable file [default.tfvars](default.tfvars). +After initializing Terraform, you can apply the mods in one of two ways, depending on your needs: + +### 1. Using an Input Variable File -On the terminal, this will look like: +By default, the `default.tfvars` file is configured to install all the mods necessary for CIS (Center for Internet Security) compliance. You can further customize this file to include additional mods as needed. To apply the mods using this specific input variable file, run the following command: ```sh -cd -terraform init -terraform apply --var-file=default.tfvars +terraform apply --var-file=default.tfvars -parallelism=1 ``` -### Input Variable Files - -Input variable files allow users to configure settings for multiple environments in different files. - -This script comes with an example input variable file called [default.tfvars](default.tfvars). - -The variables that can be overridden by the input variable files (e.g., [default.tfvars](default.tfvars)) are defined in the [variables.tf](variables.tf) file. - -For more details, see the official [Terraform documentation](https://www.terraform.io/docs/language/values/variables.html). - -### Apply Installation Using Input Variable Files - -If you want to apply the installation using an input variable file, such as [default.tfvars](default.tfvars): - -1. Navigate to the folder containing the installation configuration. -2. Run the command: - - ```sh - terraform apply --var-file=default.tfvars - ``` - -### Apply Installation Without Input Variable File - -The installation can also be applied without an input variable file. +### 2. Without an Input Variable File -1. Ensure Terraform initialization is done as mentioned above. -2. Optionally, check the outcome by running `terraform plan`. -3. Apply the Terraform configuration: +If you choose not to use an input variable file, the command will install **all** available AWS mods. To proceed with this option, run: - ```sh - cd - terraform plan - terraform apply - ``` +```sh +terraform apply -parallelism=1 +``` -### Destroy Installation Without Input Variable File +### Destroy -To destroy the installation without using an input variable file: +You can destroy the mods in one of two ways: -1. Navigate to the folder containing the installation configuration. -2. Run the command: +### 1. Using an Input Variable File - ```sh - terraform destroy - ``` +Run the following command to destroy the mods using a specific input variable file: -### Destroy Using Input Variable Files +```sh +terraform destroy --var-file=default.tfvars -parallelism=1 +``` -If you want to destroy the installation configuration using an input variable file, such as [default.tfvars](default.tfvars): +### 2. Without an Input Variable File -1. Navigate to the folder containing the installation configuration. -2. Run the command: +Run the following command to destroy the mods without using an input variable file: - ```sh - terraform destroy --var-file=default.tfvars - ``` +```sh +terraform destroy -parallelism=1 +``` ## Commenting Strategy diff --git a/baselines/gcp/gcp_mods/README.md b/baselines/gcp/gcp_mods/README.md index 38464fd8b..362f3f622 100644 --- a/baselines/gcp/gcp_mods/README.md +++ b/baselines/gcp/gcp_mods/README.md @@ -18,7 +18,7 @@ More information can be found [here](https://turbot.com/guardrails/docs/mods). To install GCP mods using Terraform: -- Ensure you have `Turbot/Owner` permissions (or higher) in Guardrails. +- Ensure you have `Turbot/Owner` permissions in Guardrails. - [Create access keys](https://turbot.com/guardrails/docs/guides/iam/access-keys#generate-a-new-guardrails-api-access-key) in Guardrails. Then set your credentials: @@ -42,76 +42,45 @@ Please see [Turbot Guardrails Provider authentication](https://registry.terrafor terraform init ``` -### Deploying Default Example +### Install -1. Navigate to the `gcp_mods` folder. -2. Initialize Terraform. -3. Apply the installation using the default input variable file [default.tfvars](default.tfvars). +After initializing Terraform, you can apply the mods in one of two ways, depending on your needs: + +### 1. Using an Input Variable File -On the terminal, this will look like: +By default, the `default.tfvars` file is configured to install all the mods necessary for CIS (Center for Internet Security) compliance. You can further customize this file to include additional mods as needed. To apply the mods using this specific input variable file, run the following command: ```sh -cd -terraform init -terraform apply --var-file=default.tfvars +terraform apply --var-file=default.tfvars -parallelism=1 ``` -### Input Variable Files - -Input variable files allow users to configure settings for multiple environments in different files. - -This script comes with an example input variable file called [default.tfvars](default.tfvars). - -The variables that can be overridden by the input variable files (e.g., [default.tfvars](default.tfvars)) are defined in the [variables.tf](variables.tf) file. - -For more details, see the official [Terraform documentation](https://www.terraform.io/docs/language/values/variables.html). - -### Apply Installation Using Input Variable Files - -If you want to apply the installation using an input variable file, such as [default.tfvars](default.tfvars): - -1. Navigate to the folder containing the installation configuration. -2. Run the command: - - ```sh - terraform apply --var-file=default.tfvars - ``` - -### Apply Installation Without Input Variable File - -The installation can also be applied without an input variable file. +### 2. Without an Input Variable File -1. Ensure Terraform initialization is done as mentioned above. -2. Optionally, check the outcome by running `terraform plan`. -3. Apply the Terraform configuration: +If you choose not to use an input variable file, the command will install **all** available AWS mods. To proceed with this option, run: - ```sh - cd - terraform plan - terraform apply - ``` +```sh +terraform apply -parallelism=1 +``` -### Destroy Installation Without Input Variable File +### Destroy -To destroy the installation without using an input variable file: +You can destroy the mods in one of two ways: -1. Navigate to the folder containing the installation configuration. -2. Run the command: +### 1. Using an Input Variable File - ```sh - terraform destroy - ``` +Run the following command to destroy the mods using a specific input variable file: -### Destroy Using Input Variable Files +```sh +terraform destroy --var-file=default.tfvars -parallelism=1 +``` -If you want to destroy the installation configuration using an input variable file, such as [default.tfvars](default.tfvars): +### 2. Without an Input Variable File -1. Navigate to the folder containing the installation configuration. -2. Run the command: +Run the following command to destroy the mods without using an input variable file: - ```sh - terraform destroy --var-file=default.tfvars - ``` +```sh +terraform destroy -parallelism=1 +``` ## Commenting Strategy From 496ea3a039c997c9b9d8ecf266c1f3595083d9cb Mon Sep 17 00:00:00 2001 From: Venu Date: Tue, 27 Aug 2024 15:32:43 +0530 Subject: [PATCH 15/17] update README for service enabled --- baselines/aws/aws_mods/README.md | 6 +- baselines/aws/aws_service_enabled/README.md | 103 ++++++----------- baselines/azure/azure_mods/README.md | 6 +- .../azure/azure_service_enabled/README.md | 105 ++++++------------ baselines/gcp/gcp_mods/README.md | 6 +- baselines/gcp/gcp_service_enabled/README.md | 103 ++++++----------- 6 files changed, 118 insertions(+), 211 deletions(-) diff --git a/baselines/aws/aws_mods/README.md b/baselines/aws/aws_mods/README.md index 949e178d8..ec0489cf5 100644 --- a/baselines/aws/aws_mods/README.md +++ b/baselines/aws/aws_mods/README.md @@ -38,9 +38,9 @@ Please see [Turbot Guardrails Provider authentication](https://registry.terrafor 1. Navigate to the `aws_mods` folder. 2. Run the command: - ```sh - terraform init - ``` +```sh +terraform init +``` ### Install diff --git a/baselines/aws/aws_service_enabled/README.md b/baselines/aws/aws_service_enabled/README.md index d2cb40e20..35b85da80 100644 --- a/baselines/aws/aws_service_enabled/README.md +++ b/baselines/aws/aws_service_enabled/README.md @@ -2,20 +2,25 @@ The AWS Baseline Policies provide a minimal set of example policies and services to get started with AWS in Turbot Guardrails. These policies focus on enabling essential services and APIs. +## Documentation + +- **[Review Policies Documentation →](https://hub.guardrails.turbot.com/mods/aws/policies)** + ## Getting Started ### Requirements - [Terraform](https://developer.hashicorp.com/terraform/install) +- [Guardrails AWS mods](../aws_mods/) ### Credentials -To install AWS mods using Terraform: +To create AWS Service Enabled Baseline policy pack through Terraform: -- Ensure you have `Turbot/Owner` permissions (or higher) in Guardrails. +- Ensure you have `Turbot/Admin` permissions (or higher) in Guardrails. - [Create access keys](https://turbot.com/guardrails/docs/guides/iam/access-keys#generate-a-new-guardrails-api-access-key) in Guardrails. -Then set your credentials: +And then set your credentials: ```sh export TURBOT_WORKSPACE=myworkspace.acme.com @@ -32,90 +37,54 @@ Please see [Turbot Guardrails Provider authentication](https://registry.terrafor 1. Navigate to the `aws_service_enabled` folder. 2. Run the command: - ```sh - terraform init - ``` - -### Deploying Default Example - -1. Navigate to the `aws_service_enabled` folder. -2. Initialize Terraform. -3. Apply the installation using the default input variable file [default.tfvars](default.tfvars). - -On the terminal, this will look like: - ```sh -cd terraform init -terraform apply --var-file=default.tfvars ``` -### Input Variable Files - -Input variable files allow users to configure settings for multiple environments in different files. - -This script comes with an example input variable file called [default.tfvars](default.tfvars). +### Install -The variables that can be overridden by the input variable files (e.g., [default.tfvars](default.tfvars)) are defined in the [variables.tf](variables.tf) file. +After initializing Terraform, you can apply the Enabled policies in one of two ways, depending on your needs: -For more details, see the official [Terraform documentation](https://www.terraform.io/docs/language/values/variables.html). +### 1. Using an Input Variable File -### Apply Installation Using Input Variable Files - -If you want to apply the installation using an input variable file, such as [default.tfvars](default.tfvars): - -1. Navigate to the folder containing the installation configuration. -2. Run the command: +By default, the `default.tfvars` file is configured to install all the Enabled policies for the mods necessary for CIS (Center for Internet Security) compliance. You can further customize this file to include additional services as needed provided the mods are installed prior. To apply the Enabled policies using this specific input variable file, run the following command: - ```sh - terraform apply --var-file=default.tfvars - ``` - -### Apply Installation Without Input Variable File +```sh +terraform apply --var-file=default.tfvars +``` -The installation can also be applied without an input variable file. +### 2. Without an Input Variable File -1. Ensure Terraform initialization is done as mentioned above. -2. Optionally, check the outcome by running `terraform plan`. -3. Apply the Terraform configuration: +If you choose not to use an input variable file, the command will install **all** available Enabled policies. Please ensure, you have installed the necessary mods for this. To proceed with this option, run: - ```sh - cd - terraform plan - terraform apply - ``` +```sh +terraform apply +``` -### Destroy Installation Without Input Variable File +### Destroy -To destroy the installation without using an input variable file: +You can destroy the mods in one of two ways: -1. Navigate to the folder containing the installation configuration. -2. Run the command: +### 1. Using an Input Variable File - ```sh - terraform destroy - ``` +Run the following command to destroy the mods using a specific input variable file: -### Destroy Using Input Variable Files +```sh +terraform destroy --var-file=default.tfvars +``` -If you want to destroy the installation configuration using an input variable file, such as [default.tfvars](default.tfvars): +### 2. Without an Input Variable File -1. Navigate to the folder containing the installation configuration. -2. Run the command: +Run the following command to destroy the mods without using an input variable file: - ```sh - terraform destroy --var-file=default.tfvars - ``` +```sh +terraform destroy +``` -## Commenting Strategy +### Apply Policy Pack -All Turbot policies used in the installation include links to the official Turbot Mods documentation. +By default, this Policy Pack is attached to the Base Folder created as part of [Folder Hierarchy](../../guardrails/folder_hierarchy/). If you wish to attach to a different resource, then log into your Guardrails workspace and [attach the policy pack to a resource](https://turbot.com/guardrails/docs/guides/policy-packs#attach-a-policy-pack-to-a-resource). -These links provide further details about: +If this policy pack is attached to a Guardrails folder, its policies will be applied to all accounts and resources in that folder. The policy pack can also be attached to multiple resources. -- The purpose of the policy -- Policy URI name -- Parent information -- Category information -- Target information -- All valid values +For more information, please see [Policy Packs](https://turbot.com/guardrails/docs/concepts/policy-packs). diff --git a/baselines/azure/azure_mods/README.md b/baselines/azure/azure_mods/README.md index 6f79be749..d7ad4d4f3 100644 --- a/baselines/azure/azure_mods/README.md +++ b/baselines/azure/azure_mods/README.md @@ -38,9 +38,9 @@ Please see [Turbot Guardrails Provider authentication](https://registry.terrafor 1. Navigate to the `azure_mods` folder. 2. Run the command: - ```sh - terraform init - ``` +```sh +terraform init +``` ### Install diff --git a/baselines/azure/azure_service_enabled/README.md b/baselines/azure/azure_service_enabled/README.md index 9f5f5d1c6..c95ebce30 100644 --- a/baselines/azure/azure_service_enabled/README.md +++ b/baselines/azure/azure_service_enabled/README.md @@ -1,21 +1,26 @@ # Azure Service Enabled Policies -The Azure Baseline Policies provide a minimal set of example policies and services to get started with Azure in Turbot Guardrails. These policies focus on enabling essential services and APIs. +The Azure Baseline Policies provide a minimal set of example policies and services to get started with Microsoft Azure in Turbot Guardrails. These policies focus on enabling essential services and APIs. + +## Documentation + +- **[Review Policies Documentation →](https://hub.guardrails.turbot.com/mods/azure/policies)** ## Getting Started ### Requirements - [Terraform](https://developer.hashicorp.com/terraform/install) +- [Guardrails Azure mods](../azure_mods/) ### Credentials -To install Azure mods using Terraform: +To create Azure Service Enabled Baseline policy pack through Terraform: -- Ensure you have `Turbot/Owner` permissions (or higher) in Guardrails. +- Ensure you have `Turbot/Admin` permissions (or higher) in Guardrails. - [Create access keys](https://turbot.com/guardrails/docs/guides/iam/access-keys#generate-a-new-guardrails-api-access-key) in Guardrails. -Then set your credentials: +And then set your credentials: ```sh export TURBOT_WORKSPACE=myworkspace.acme.com @@ -32,90 +37,54 @@ Please see [Turbot Guardrails Provider authentication](https://registry.terrafor 1. Navigate to the `azure_service_enabled` folder. 2. Run the command: - ```sh - terraform init - ``` - -### Deploying Default Example - -1. Navigate to the `azure_service_enabled` folder. -2. Initialize Terraform. -3. Apply the installation using the default input variable file [default.tfvars](default.tfvars). - -On the terminal, this will look like: - ```sh -cd terraform init -terraform apply --var-file=default.tfvars ``` -### Input Variable Files - -Input variable files allow users to configure settings for multiple environments in different files. - -This script comes with an example input variable file called [default.tfvars](default.tfvars). +### Install -The variables that can be overridden by the input variable files (e.g., [default.tfvars](default.tfvars)) are defined in the [variables.tf](variables.tf) file. +After initializing Terraform, you can apply the Enabled policies in one of two ways, depending on your needs: -For more details, see the official [Terraform documentation](https://www.terraform.io/docs/language/values/variables.html). +### 1. Using an Input Variable File -### Apply Installation Using Input Variable Files - -If you want to apply the installation using an input variable file, such as [default.tfvars](default.tfvars): - -1. Navigate to the folder containing the installation configuration. -2. Run the command: +By default, the `default.tfvars` file is configured to install all the Enabled policies for the mods necessary for CIS (Center for Internet Security) compliance. You can further customize this file to include additional services as needed provided the mods are installed prior. To apply the Enabled policies using this specific input variable file, run the following command: - ```sh - terraform apply --var-file=default.tfvars - ``` - -### Apply Installation Without Input Variable File +```sh +terraform apply --var-file=default.tfvars +``` -The installation can also be applied without an input variable file. +### 2. Without an Input Variable File -1. Ensure Terraform initialization is done as mentioned above. -2. Optionally, check the outcome by running `terraform plan`. -3. Apply the Terraform configuration: +If you choose not to use an input variable file, the command will install **all** available Enabled policies. Please ensure, you have installed the necessary mods for this. To proceed with this option, run: - ```sh - cd - terraform plan - terraform apply - ``` +```sh +terraform apply +``` -### Destroy Installation Without Input Variable File +### Destroy -To destroy the installation without using an input variable file: +You can destroy the mods in one of two ways: -1. Navigate to the folder containing the installation configuration. -2. Run the command: +### 1. Using an Input Variable File - ```sh - terraform destroy - ``` +Run the following command to destroy the mods using a specific input variable file: -### Destroy Using Input Variable Files +```sh +terraform destroy --var-file=default.tfvars +``` -If you want to destroy the installation configuration using an input variable file, such as [default.tfvars](default.tfvars): +### 2. Without an Input Variable File -1. Navigate to the folder containing the installation configuration. -2. Run the command: +Run the following command to destroy the mods without using an input variable file: - ```sh - terraform destroy --var-file=default.tfvars - ``` +```sh +terraform destroy +``` -## Commenting Strategy +### Apply Policy Pack -All Turbot policies used in the installation include links to the official Turbot Mods documentation. +By default, this Policy Pack is attached to the Base Folder created as part of [Folder Hierarchy](../../guardrails/folder_hierarchy/). If you wish to attach to a different resource, then log into your Guardrails workspace and [attach the policy pack to a resource](https://turbot.com/guardrails/docs/guides/policy-packs#attach-a-policy-pack-to-a-resource). -These links provide further details about: +If this policy pack is attached to a Guardrails folder, its policies will be applied to all accounts and resources in that folder. The policy pack can also be attached to multiple resources. -- The purpose of the policy -- Policy URI name -- Parent information -- Category information -- Target information -- All valid values +For more information, please see [Policy Packs](https://turbot.com/guardrails/docs/concepts/policy-packs). diff --git a/baselines/gcp/gcp_mods/README.md b/baselines/gcp/gcp_mods/README.md index 362f3f622..bf27def07 100644 --- a/baselines/gcp/gcp_mods/README.md +++ b/baselines/gcp/gcp_mods/README.md @@ -38,9 +38,9 @@ Please see [Turbot Guardrails Provider authentication](https://registry.terrafor 1. Navigate to the `gcp_mods` folder. 2. Run the command: - ```sh - terraform init - ``` +```sh +terraform init +``` ### Install diff --git a/baselines/gcp/gcp_service_enabled/README.md b/baselines/gcp/gcp_service_enabled/README.md index 4c846154c..6c98d3150 100644 --- a/baselines/gcp/gcp_service_enabled/README.md +++ b/baselines/gcp/gcp_service_enabled/README.md @@ -2,20 +2,25 @@ The GCP Baseline Policies provide a minimal set of example policies and services to get started with Google Cloud Platform (GCP) in Turbot Guardrails. These policies focus on enabling essential services and APIs. +## Documentation + +- **[Review Policies Documentation →](https://hub.guardrails.turbot.com/mods/gcp/policies)** + ## Getting Started ### Requirements - [Terraform](https://developer.hashicorp.com/terraform/install) +- [Guardrails GCP mods](../gcp_mods/) ### Credentials -To install GCP mods using Terraform: +To create GCP Service Enabled Baseline policy pack through Terraform: -- Ensure you have `Turbot/Owner` permissions (or higher) in Guardrails. +- Ensure you have `Turbot/Admin` permissions (or higher) in Guardrails. - [Create access keys](https://turbot.com/guardrails/docs/guides/iam/access-keys#generate-a-new-guardrails-api-access-key) in Guardrails. -Then set your credentials: +And then set your credentials: ```sh export TURBOT_WORKSPACE=myworkspace.acme.com @@ -32,90 +37,54 @@ Please see [Turbot Guardrails Provider authentication](https://registry.terrafor 1. Navigate to the `gcp_service_enabled` folder. 2. Run the command: - ```sh - terraform init - ``` - -### Deploying Default Example - -1. Navigate to the `gcp_service_enabled` folder. -2. Initialize Terraform. -3. Apply the installation using the default input variable file [default.tfvars](default.tfvars). - -On the terminal, this will look like: - ```sh -cd terraform init -terraform apply --var-file=default.tfvars ``` -### Input Variable Files - -Input variable files allow users to configure settings for multiple environments in different files. - -This script comes with an example input variable file called [default.tfvars](default.tfvars). +### Install -The variables that can be overridden by the input variable files (e.g., [default.tfvars](default.tfvars)) are defined in the [variables.tf](variables.tf) file. +After initializing Terraform, you can apply the Enabled policies in one of two ways, depending on your needs: -For more details, see the official [Terraform documentation](https://www.terraform.io/docs/language/values/variables.html). +### 1. Using an Input Variable File -### Apply Installation Using Input Variable Files - -If you want to apply the installation using an input variable file, such as [default.tfvars](default.tfvars): - -1. Navigate to the folder containing the installation configuration. -2. Run the command: +By default, the `default.tfvars` file is configured to install all the Enabled policies for the mods necessary for CIS (Center for Internet Security) compliance. You can further customize this file to include additional services as needed provided the mods are installed prior. To apply the Enabled policies using this specific input variable file, run the following command: - ```sh - terraform apply --var-file=default.tfvars - ``` - -### Apply Installation Without Input Variable File +```sh +terraform apply --var-file=default.tfvars +``` -The installation can also be applied without an input variable file. +### 2. Without an Input Variable File -1. Ensure Terraform initialization is done as mentioned above. -2. Optionally, check the outcome by running `terraform plan`. -3. Apply the Terraform configuration: +If you choose not to use an input variable file, the command will install **all** available Enabled policies. Please ensure, you have installed the necessary mods for this. To proceed with this option, run: - ```sh - cd - terraform plan - terraform apply - ``` +```sh +terraform apply +``` -### Destroy Installation Without Input Variable File +### Destroy -To destroy the installation without using an input variable file: +You can destroy the mods in one of two ways: -1. Navigate to the folder containing the installation configuration. -2. Run the command: +### 1. Using an Input Variable File - ```sh - terraform destroy - ``` +Run the following command to destroy the mods using a specific input variable file: -### Destroy Using Input Variable Files +```sh +terraform destroy --var-file=default.tfvars +``` -If you want to destroy the installation configuration using an input variable file, such as [default.tfvars](default.tfvars): +### 2. Without an Input Variable File -1. Navigate to the folder containing the installation configuration. -2. Run the command: +Run the following command to destroy the mods without using an input variable file: - ```sh - terraform destroy --var-file=default.tfvars - ``` +```sh +terraform destroy +``` -## Commenting Strategy +### Apply Policy Pack -All Turbot policies used in the installation include links to the official Turbot Mods documentation. +By default, this Policy Pack is attached to the Base Folder created as part of [Folder Hierarchy](../../guardrails/folder_hierarchy/). If you wish to attach to a different resource, then log into your Guardrails workspace and [attach the policy pack to a resource](https://turbot.com/guardrails/docs/guides/policy-packs#attach-a-policy-pack-to-a-resource). -These links provide further details about: +If this policy pack is attached to a Guardrails folder, its policies will be applied to all accounts and resources in that folder. The policy pack can also be attached to multiple resources. -- The purpose of the policy -- Policy URI name -- Parent information -- Category information -- Target information -- All valid values +For more information, please see [Policy Packs](https://turbot.com/guardrails/docs/concepts/policy-packs). From f897d20b3f4d9d279db09ecaaca464add3906b6e Mon Sep 17 00:00:00 2001 From: Venu Date: Tue, 27 Aug 2024 16:14:39 +0530 Subject: [PATCH 16/17] update README for guardrails --- baselines/aws/aws_mods/README.md | 10 +- baselines/aws/aws_service_enabled/README.md | 8 +- baselines/azure/azure_mods/README.md | 10 +- .../azure/azure_service_enabled/README.md | 8 +- baselines/gcp/gcp_mods/README.md | 10 +- baselines/gcp/gcp_service_enabled/README.md | 8 +- .../guardrails/folder_hierarchy/README.md | 79 ++++++++++++ .../guardrails/guardrails_mods/README.md | 116 ++++++++++++------ .../guardrails/guardrails_mods/mod_install.tf | 2 +- .../guardrails/local_directory/README.md | 77 ++++++++++++ .../guardrails/turbot_profiles/README.md | 94 ++++++++++++++ .../guardrails/turbot_profiles/default.tfvars | 4 - baselines/guardrails/turbot_profiles/main.tf | 12 +- .../guardrails/workspace_settings/README.md | 109 ++++++++++++++++ 14 files changed, 462 insertions(+), 85 deletions(-) create mode 100644 baselines/guardrails/folder_hierarchy/README.md create mode 100644 baselines/guardrails/local_directory/README.md create mode 100644 baselines/guardrails/turbot_profiles/README.md create mode 100644 baselines/guardrails/workspace_settings/README.md diff --git a/baselines/aws/aws_mods/README.md b/baselines/aws/aws_mods/README.md index ec0489cf5..055d25c67 100644 --- a/baselines/aws/aws_mods/README.md +++ b/baselines/aws/aws_mods/README.md @@ -2,8 +2,6 @@ Turbot provides numerous AWS mods, covering a wide range of AWS resources with thousands of policies and controls. By default, mods are installed with the top Turbot resource as the parent, meaning administrators must have Turbot/Owner permissions at the Turbot resource level to install, uninstall, or update mods in the environment. -More information can be found [here](https://turbot.com/guardrails/docs/mods). - ## Documentation - **[Review Mods Documentation →](https://turbot.com/guardrails/docs/mods)** @@ -46,7 +44,7 @@ terraform init After initializing Terraform, you can apply the mods in one of two ways, depending on your needs: -### 1. Using an Input Variable File +#### 1. Using an Input Variable File By default, the `default.tfvars` file is configured to install all the mods necessary for CIS (Center for Internet Security) compliance. You can further customize this file to include additional mods as needed. To apply the mods using this specific input variable file, run the following command: @@ -54,7 +52,7 @@ By default, the `default.tfvars` file is configured to install all the mods nece terraform apply --var-file=default.tfvars -parallelism=1 ``` -### 2. Without an Input Variable File +#### 2. Without an Input Variable File If you choose not to use an input variable file, the command will install **all** available AWS mods. To proceed with this option, run: @@ -66,7 +64,7 @@ terraform apply -parallelism=1 You can destroy the mods in one of two ways: -### 1. Using an Input Variable File +#### 1. Using an Input Variable File Run the following command to destroy the mods using a specific input variable file: @@ -74,7 +72,7 @@ Run the following command to destroy the mods using a specific input variable fi terraform destroy --var-file=default.tfvars -parallelism=1 ``` -### 2. Without an Input Variable File +#### 2. Without an Input Variable File Run the following command to destroy the mods without using an input variable file: diff --git a/baselines/aws/aws_service_enabled/README.md b/baselines/aws/aws_service_enabled/README.md index 35b85da80..701d9e475 100644 --- a/baselines/aws/aws_service_enabled/README.md +++ b/baselines/aws/aws_service_enabled/README.md @@ -45,7 +45,7 @@ terraform init After initializing Terraform, you can apply the Enabled policies in one of two ways, depending on your needs: -### 1. Using an Input Variable File +#### 1. Using an Input Variable File By default, the `default.tfvars` file is configured to install all the Enabled policies for the mods necessary for CIS (Center for Internet Security) compliance. You can further customize this file to include additional services as needed provided the mods are installed prior. To apply the Enabled policies using this specific input variable file, run the following command: @@ -53,7 +53,7 @@ By default, the `default.tfvars` file is configured to install all the Enabled p terraform apply --var-file=default.tfvars ``` -### 2. Without an Input Variable File +#### 2. Without an Input Variable File If you choose not to use an input variable file, the command will install **all** available Enabled policies. Please ensure, you have installed the necessary mods for this. To proceed with this option, run: @@ -65,7 +65,7 @@ terraform apply You can destroy the mods in one of two ways: -### 1. Using an Input Variable File +#### 1. Using an Input Variable File Run the following command to destroy the mods using a specific input variable file: @@ -73,7 +73,7 @@ Run the following command to destroy the mods using a specific input variable fi terraform destroy --var-file=default.tfvars ``` -### 2. Without an Input Variable File +#### 2. Without an Input Variable File Run the following command to destroy the mods without using an input variable file: diff --git a/baselines/azure/azure_mods/README.md b/baselines/azure/azure_mods/README.md index d7ad4d4f3..3e409d836 100644 --- a/baselines/azure/azure_mods/README.md +++ b/baselines/azure/azure_mods/README.md @@ -2,8 +2,6 @@ Turbot provides numerous Azure mods, covering a wide range of Azure resources with thousands of policies and controls. By default, mods are installed with the top Turbot resource as the parent, meaning administrators must have Turbot/Owner permissions at the Turbot resource level to install, uninstall, or update mods in the environment. -More information can be found [here](https://turbot.com/guardrails/docs/mods). - ## Documentation - **[Review Mods Documentation →](https://turbot.com/guardrails/docs/mods)** @@ -46,7 +44,7 @@ terraform init After initializing Terraform, you can apply the mods in one of two ways, depending on your needs: -### 1. Using an Input Variable File +#### 1. Using an Input Variable File By default, the `default.tfvars` file is configured to install all the mods necessary for CIS (Center for Internet Security) compliance. You can further customize this file to include additional mods as needed. To apply the mods using this specific input variable file, run the following command: @@ -54,7 +52,7 @@ By default, the `default.tfvars` file is configured to install all the mods nece terraform apply --var-file=default.tfvars -parallelism=1 ``` -### 2. Without an Input Variable File +#### 2. Without an Input Variable File If you choose not to use an input variable file, the command will install **all** available AWS mods. To proceed with this option, run: @@ -66,7 +64,7 @@ terraform apply -parallelism=1 You can destroy the mods in one of two ways: -### 1. Using an Input Variable File +#### 1. Using an Input Variable File Run the following command to destroy the mods using a specific input variable file: @@ -74,7 +72,7 @@ Run the following command to destroy the mods using a specific input variable fi terraform destroy --var-file=default.tfvars -parallelism=1 ``` -### 2. Without an Input Variable File +#### 2. Without an Input Variable File Run the following command to destroy the mods without using an input variable file: diff --git a/baselines/azure/azure_service_enabled/README.md b/baselines/azure/azure_service_enabled/README.md index c95ebce30..1a9c08196 100644 --- a/baselines/azure/azure_service_enabled/README.md +++ b/baselines/azure/azure_service_enabled/README.md @@ -45,7 +45,7 @@ terraform init After initializing Terraform, you can apply the Enabled policies in one of two ways, depending on your needs: -### 1. Using an Input Variable File +#### 1. Using an Input Variable File By default, the `default.tfvars` file is configured to install all the Enabled policies for the mods necessary for CIS (Center for Internet Security) compliance. You can further customize this file to include additional services as needed provided the mods are installed prior. To apply the Enabled policies using this specific input variable file, run the following command: @@ -53,7 +53,7 @@ By default, the `default.tfvars` file is configured to install all the Enabled p terraform apply --var-file=default.tfvars ``` -### 2. Without an Input Variable File +#### 2. Without an Input Variable File If you choose not to use an input variable file, the command will install **all** available Enabled policies. Please ensure, you have installed the necessary mods for this. To proceed with this option, run: @@ -65,7 +65,7 @@ terraform apply You can destroy the mods in one of two ways: -### 1. Using an Input Variable File +#### 1. Using an Input Variable File Run the following command to destroy the mods using a specific input variable file: @@ -73,7 +73,7 @@ Run the following command to destroy the mods using a specific input variable fi terraform destroy --var-file=default.tfvars ``` -### 2. Without an Input Variable File +#### 2. Without an Input Variable File Run the following command to destroy the mods without using an input variable file: diff --git a/baselines/gcp/gcp_mods/README.md b/baselines/gcp/gcp_mods/README.md index bf27def07..57479a47b 100644 --- a/baselines/gcp/gcp_mods/README.md +++ b/baselines/gcp/gcp_mods/README.md @@ -2,8 +2,6 @@ Turbot provides numerous GCP mods, covering a wide range of GCP resources with thousands of policies and controls. By default, mods are installed with the top Turbot resource as the parent, meaning administrators must have Turbot/Owner permissions at the Turbot resource level to install, uninstall, or update mods in the environment. -More information can be found [here](https://turbot.com/guardrails/docs/mods). - ## Documentation - **[Review Mods Documentation →](https://turbot.com/guardrails/docs/mods)** @@ -46,7 +44,7 @@ terraform init After initializing Terraform, you can apply the mods in one of two ways, depending on your needs: -### 1. Using an Input Variable File +#### 1. Using an Input Variable File By default, the `default.tfvars` file is configured to install all the mods necessary for CIS (Center for Internet Security) compliance. You can further customize this file to include additional mods as needed. To apply the mods using this specific input variable file, run the following command: @@ -54,7 +52,7 @@ By default, the `default.tfvars` file is configured to install all the mods nece terraform apply --var-file=default.tfvars -parallelism=1 ``` -### 2. Without an Input Variable File +#### 2. Without an Input Variable File If you choose not to use an input variable file, the command will install **all** available AWS mods. To proceed with this option, run: @@ -66,7 +64,7 @@ terraform apply -parallelism=1 You can destroy the mods in one of two ways: -### 1. Using an Input Variable File +#### 1. Using an Input Variable File Run the following command to destroy the mods using a specific input variable file: @@ -74,7 +72,7 @@ Run the following command to destroy the mods using a specific input variable fi terraform destroy --var-file=default.tfvars -parallelism=1 ``` -### 2. Without an Input Variable File +#### 2. Without an Input Variable File Run the following command to destroy the mods without using an input variable file: diff --git a/baselines/gcp/gcp_service_enabled/README.md b/baselines/gcp/gcp_service_enabled/README.md index 6c98d3150..cbfeafe74 100644 --- a/baselines/gcp/gcp_service_enabled/README.md +++ b/baselines/gcp/gcp_service_enabled/README.md @@ -45,7 +45,7 @@ terraform init After initializing Terraform, you can apply the Enabled policies in one of two ways, depending on your needs: -### 1. Using an Input Variable File +#### 1. Using an Input Variable File By default, the `default.tfvars` file is configured to install all the Enabled policies for the mods necessary for CIS (Center for Internet Security) compliance. You can further customize this file to include additional services as needed provided the mods are installed prior. To apply the Enabled policies using this specific input variable file, run the following command: @@ -53,7 +53,7 @@ By default, the `default.tfvars` file is configured to install all the Enabled p terraform apply --var-file=default.tfvars ``` -### 2. Without an Input Variable File +#### 2. Without an Input Variable File If you choose not to use an input variable file, the command will install **all** available Enabled policies. Please ensure, you have installed the necessary mods for this. To proceed with this option, run: @@ -65,7 +65,7 @@ terraform apply You can destroy the mods in one of two ways: -### 1. Using an Input Variable File +#### 1. Using an Input Variable File Run the following command to destroy the mods using a specific input variable file: @@ -73,7 +73,7 @@ Run the following command to destroy the mods using a specific input variable fi terraform destroy --var-file=default.tfvars ``` -### 2. Without an Input Variable File +#### 2. Without an Input Variable File Run the following command to destroy the mods without using an input variable file: diff --git a/baselines/guardrails/folder_hierarchy/README.md b/baselines/guardrails/folder_hierarchy/README.md new file mode 100644 index 000000000..dd816b243 --- /dev/null +++ b/baselines/guardrails/folder_hierarchy/README.md @@ -0,0 +1,79 @@ +# Folder Hierarchy Installation + +This script sets up a foundational folder hierarchy within Turbot Guardrails to organize your cloud resources across AWS, Azure, and GCP. By default, it creates a base folder for your workspace and subfolders for AWS, Azure, and GCP resources. This structure helps in managing policies, controls, and resources more efficiently within your Turbot environment. + +## Documentation + +- **[Review Folder Hierarchy Documentation →](https://turbot.com/guardrails/docs/concepts/resources/hierarchy)** + +## Getting Started + +### Requirements + +- [Terraform](https://developer.hashicorp.com/terraform/install) + +### Credentials + +To create a folder hierarchy using Terraform: + +- Ensure you have `Turbot/Admin` permissions (or higher) in Guardrails. +- [Create access keys](https://turbot.com/guardrails/docs/guides/iam/access-keys#generate-a-new-guardrails-api-access-key) in Guardrails. + +Then set your credentials: + +```sh +export TURBOT_WORKSPACE=myworkspace.acme.com +export TURBOT_ACCESS_KEY=acce6ac5-access-key-here +export TURBOT_SECRET_KEY=a8af61ec-secret-key-here +``` + +Please see [Turbot Guardrails Provider authentication](https://registry.terraform.io/providers/turbot/turbot/latest/docs#authentication) for additional authentication methods. + +## Usage + +### Initialize Terraform + +1. Navigate to the `folder_hierarchy` folder. +2. Run the command: + +```sh +terraform init +``` + +### Install + +After initializing Terraform, you can apply the folder hierarchy configuration: + +```sh +terraform apply +``` + +### Destroy + +You can destroy the folder hierarchy setup in one of two ways: + +```sh +terraform destroy +``` + +## Folder Hierarchy Structure + +The following folder structure will be created within your Turbot environment: + +``` +Turbot/ +└── Company/ + │ + ├── AWS/ + │ + ├── Azure/ + │ + └── GCP/ +``` + +- **Base Folder (`Company`)**: The root folder for your workspace. Example: Acme +- **AWS**: A subfolder dedicated to organizing AWS resources. +- **Azure**: A subfolder dedicated to organizing Azure resources. +- **GCP**: A subfolder dedicated to organizing GCP resources. + +This structure helps keep your cloud resources organized, allowing for easy management and application of policies across different cloud providers. diff --git a/baselines/guardrails/guardrails_mods/README.md b/baselines/guardrails/guardrails_mods/README.md index dc215443b..762136a2e 100644 --- a/baselines/guardrails/guardrails_mods/README.md +++ b/baselines/guardrails/guardrails_mods/README.md @@ -1,69 +1,105 @@ -# CIS - Mods install +# Guardrails Mods Installation -Turbot provides CIS mod, covering CIS policies and controls definition, mods are installed with the top Turbot resource as the parent. This means that administrators must be at the Turbot resource level with Turbot/Owner permissions to make modifications, installing, uninstalling, or updating, to mods in the environment. +Turbot Guardrails provides a set of mods that enforce best practices, security controls, and compliance frameworks across your cloud environment. This README guides you through the process of installing Guardrails mods using Terraform. The example provided installs the CIS (Center for Internet Security) mod, which is designed to help you achieve and maintain CIS compliance across your resources. -More information can be found [here](https://turbot.com/v5/docs/mods) +## Documentation -## Requirements +- **[Review Guardrails Mods Documentation →](https://hub.guardrails.turbot.com/mods/turbot/mods/cis)** -- Terraform v0.13 or greater installed -- Valid Turbot configuration credentials +## Getting Started -For further information on configuring Turbot credentials can be found [here](https://turbot.com/v5/docs/reference/cli/installation#setup-your-turbot-credentials). +### Requirements -### Initialize +- [Terraform](https://developer.hashicorp.com/terraform/install) -1. Navigate to the cis_mod folder. +### Credentials + +To install Guardrails mods using Terraform: + +- Ensure you have `Turbot/Owner` permissions in Guardrails. +- [Create access keys](https://turbot.com/guardrails/docs/guides/iam/access-keys#generate-a-new-guardrails-api-access-key) in Guardrails. + +Then set your credentials: + +```sh +export TURBOT_WORKSPACE=myworkspace.acme.com +export TURBOT_ACCESS_KEY=acce6ac5-access-key-here +export TURBOT_SECRET_KEY=a8af61ec-secret-key-here +``` + +Please see [Turbot Guardrails Provider authentication](https://registry.terraform.io/providers/turbot/turbot/latest/docs#authentication) for additional authentication methods. + +## Usage + +### Initialize Terraform + +1. Navigate to the `guardrails_mods` folder. 2. Run the command: - ```shell - terraform init - ``` +```sh +terraform init +``` + +### Install + +After initializing Terraform, you can apply the Guardrails mod: -### Profile name as input +#### 1. Using an Input Variable File (If Applicable) -This set requires you to provide `turbot_profile` name as input. This is to help in case you are having more profiles than only `default`. In case it's default, specify name as default. +If you have customized a `default.tfvars` file with specific parameters for the CIS mod or additional mods, you can apply the configuration as follows: -```shell -var.turbot_profile - Enter profile matching your turbot cli credentials. - Enter a value: +```sh +terraform apply --var-file=default.tfvars -parallelism=1 ``` -### Apply installation +#### 2. Without an Input Variable File -The installation can be applied without an input variable file. +To install the guardrails mods mod without using an input variable file, run: -1. By this time Terraform initialization is done as mentioned above. -3. Prefer to check the outcome by running the Terraform plan -3. Apply the Terraform -4. Run the command: +```sh +terraform apply -parallelism=1 +``` + +### Destroy + +You can remove the Guardrails mod in one of two ways: -```shell -cd -terraform plan -terraform apply +#### 1. Using an Input Variable File + +Run the following command to destroy the Guardrails mod configuration using a specific input variable file: + +```sh +terraform destroy --var-file=default.tfvars -parallelism=1 ``` -### Destroy installation +#### 2. Without an Input Variable File -If seeking to apply the installation without using an input variable file. +Run the following command to destroy the Guardrails mod configuration without using an input variable file: -1. Navigate to the folder containing the installation configuration. -2. Run the command: +```sh +terraform destroy -parallelism=1 +``` + +## Overview of Guardrails Mods Configuration + +This setup installs the CIS mod within your Turbot Guardrails environment: + +### 1. CIS Mod Installation + +- **Mod**: `turbot_mod.cis` +- **Description**: This mod applies CIS (Center for Internet Security) benchmarks to your cloud resources, ensuring they meet rigorous security and compliance standards. +- **Version**: `>=5.0.0` - ```shell - terraform destroy - ``` +This mod helps you automate compliance with the CIS benchmarks, providing continuous monitoring and enforcement across your AWS environment. -## Commenting strategy +## Commenting Strategy -All Turbot policies used by the installation will have a link to the official Turbot Mods documentation. +All Turbot policies and mods include links to the official Turbot Mods documentation. -Opening the links will give you further details about: +These links provide further details about: -- The purpose of the policy -- Policy URI name +- The purpose of the policy or mod +- Policy URI name or Mod details - Parent information - Category information - Target information diff --git a/baselines/guardrails/guardrails_mods/mod_install.tf b/baselines/guardrails/guardrails_mods/mod_install.tf index 1903be46b..81acf8812 100644 --- a/baselines/guardrails/guardrails_mods/mod_install.tf +++ b/baselines/guardrails/guardrails_mods/mod_install.tf @@ -1,4 +1,4 @@ -# https://turbot.com/v5/mods/turbot/cis +# https://hub.guardrails.turbot.com/mods/turbot/mods/cis resource "turbot_mod" "cis" { parent = "tmod:@turbot/turbot#/" org = "turbot" diff --git a/baselines/guardrails/local_directory/README.md b/baselines/guardrails/local_directory/README.md new file mode 100644 index 000000000..c682e5892 --- /dev/null +++ b/baselines/guardrails/local_directory/README.md @@ -0,0 +1,77 @@ +# Local Directory Installation + +This script sets up a local directory "Turbot Support Team Login" within Turbot Guardrails and creates two users: **Guardrails Admin** and **Guardrails Support**. The Guardrails Admin user is granted `Turbot/Owner` permissions, and the Guardrails Support user is granted `Turbot/Operator` permissions. These roles ensure that the necessary administrative and support tasks can be performed within the Turbot environment. + +## Documentation + +- **[Review Local Directory Documentation →](https://turbot.com/guardrails/docs/guides/directories/local)** + +## Getting Started + +### Requirements + +- [Terraform](https://developer.hashicorp.com/terraform/install) + +### Credentials + +To create a local directory and users using Terraform: + +- Ensure you have `Turbot/Owner` permissions in Guardrails. +- [Create access keys](https://turbot.com/guardrails/docs/guides/iam/access-keys#generate-a-new-guardrails-api-access-key) in Guardrails. + +Then set your credentials: + +```sh +export TURBOT_WORKSPACE=myworkspace.acme.com +export TURBOT_ACCESS_KEY=acce6ac5-access-key-here +export TURBOT_SECRET_KEY=a8af61ec-secret-key-here +``` + +Please see [Turbot Guardrails Provider authentication](https://registry.terraform.io/providers/turbot/turbot/latest/docs#authentication) for additional authentication methods. + +## Usage + +### Initialize Terraform + +1. Navigate to the `local_directory` folder. +2. Run the command: + +```sh +terraform init +``` + +### Install + +After initializing Terraform, you can apply the configuration to set up the local directory and users: + +```sh +terraform apply +``` + +### Destroy + +You can remove the local directory setup in one of two ways: + +```sh +terraform destroy +``` + +## Overview of Local Directory Configuration + +This setup creates a local directory within Turbot Guardrails and adds two users with distinct roles: + +### 1. Guardrails Admin + +- **User Details**: + - Email: `admin@turbot.com` + - Role: Guardrails Admin +- **Permissions**: Granted `Turbot/Owner` permissions, enabling full control over the Turbot environment. + +### 2. Guardrails Support + +- **User Details**: + - Email: `support@turbot.com` + - Role: Guardrails Support +- **Permissions**: Granted `Turbot/Operator` permissions, allowing for operational tasks within the Turbot environment. + +This structure ensures that both administrative and support functions are covered with appropriate access levels. diff --git a/baselines/guardrails/turbot_profiles/README.md b/baselines/guardrails/turbot_profiles/README.md new file mode 100644 index 000000000..ca486cc00 --- /dev/null +++ b/baselines/guardrails/turbot_profiles/README.md @@ -0,0 +1,94 @@ +# Turbot Directory Installation + +This script sets up a new Turbot.com directory within Turbot Guardrails and adds additional profiles with `Turbot/Owner` permissions at the root level. This allows designated users to have full administrative access to the Turbot environment through the new SAML-integrated directory. + +## Documentation + +- **[Review Turbot Directory Documentation →](https://turbot.com/guardrails/docs/guides/directories/local#create-a-turbot-directory)** + +## Getting Started + +### Requirements + +- [Terraform](https://developer.hashicorp.com/terraform/install) + +### Credentials + +To create a Turbot.com directory and configure profiles using Terraform: + +- Ensure you have `Turbot/Owner` permissions in Guardrails. +- [Create access keys](https://turbot.com/guardrails/docs/guides/iam/access-keys#generate-a-new-guardrails-api-access-key) in Guardrails. + +Then set your credentials: + +```sh +export TURBOT_WORKSPACE=myworkspace.acme.com +export TURBOT_ACCESS_KEY=acce6ac5-access-key-here +export TURBOT_SECRET_KEY=a8af61ec-secret-key-here +``` + +Please see [Turbot Guardrails Provider authentication](https://registry.terraform.io/providers/turbot/turbot/latest/docs#authentication) for additional authentication methods. + +## Usage + +### Initialize Terraform + +1. Navigate to the `turbot_directory` folder. +2. Run the command: + +```sh +terraform init +``` + +### Install + +After initializing Terraform, you can apply the configuration to set up the Turbot directory and profiles: + +The `default.tfvars` file should be customized with the list of profiles to be created. Apply the configuration as follows: + +```sh +terraform apply --var-file=default.tfvars +``` + +### Destroy + +You can remove the Turbot directory and profiles setup in one of two ways: + +Run the following command to destroy the Turbot directory configuration using a specific input variable file: + +```sh +terraform destroy --var-file=default.tfvars +``` + +## Overview of Turbot Directory Configuration + +This setup creates a new Turbot.com directory and configures profiles with `Turbot/Owner` permissions: + +### 1. Directory Creation + +- **Directory**: The script creates a new Turbot.com directory for SAML authentication. This allows users to log in to Turbot workspaces through the new directory. + +### 2. Profile Creation + +- **Profiles**: Profiles are created based on the entries in the `default.tfvars` file. Each profile is configured with: + - **Name**: Full name of the user (e.g., "First Last"). + - **Email**: The email address associated with the Turbot.com account. + +### 3. Permissions + +- **Turbot/Owner Role**: Each profile is granted `Turbot/Owner` permissions, providing full administrative access to the Turbot environment. +- **Grant Activation**: The owner grants are activated for each profile, ensuring they have the necessary permissions to manage the Turbot environment. + +## Example `default.tfvars` Configuration + +Here's an example configuration in the `default.tfvars` file: + +```hcl +user_profile = { + "profileId1" = { name = "First Last", email = "email@email.com" }, + "profileId2" = { name = "First Last", email = "email@email.com" }, + "profileId3" = { name = "First Last", email = "email@email.com" } +} +``` + +Update this file with the list of profiles to be added. diff --git a/baselines/guardrails/turbot_profiles/default.tfvars b/baselines/guardrails/turbot_profiles/default.tfvars index c7bfeb782..7d6e7e16d 100644 --- a/baselines/guardrails/turbot_profiles/default.tfvars +++ b/baselines/guardrails/turbot_profiles/default.tfvars @@ -1,7 +1,3 @@ -# Exisiting directory id which profiles are being created in -# e.g. "123456789012345" -# directory_id = "123456789012345" # replace with the Directory Id you are using - # Update this profile list to add in profiles into the directory # For a turbot.com directory, the profileId would be the turbot.com username # Name is the Full Name, the profile logic just assumes a First and Last Name separated by a space diff --git a/baselines/guardrails/turbot_profiles/main.tf b/baselines/guardrails/turbot_profiles/main.tf index 8ec70946c..bc37d3ae4 100644 --- a/baselines/guardrails/turbot_profiles/main.tf +++ b/baselines/guardrails/turbot_profiles/main.tf @@ -1,11 +1,4 @@ -# Adding additional Profiles to the Turbot.com Directory -# This baseline is specifically to create profiles in an existing turbot.com -# Will grant the Turbot/Owner role to each profile at the Turbot root level -# Will activate each Turbot/Owner grant to each profile -###################### -# Directory Creation # -###################### - +# Directory Creation resource "turbot_turbot_directory" "turbot_dir" { parent = "tmod:@turbot/turbot#/" title = "Turbot SAML" @@ -14,7 +7,7 @@ resource "turbot_turbot_directory" "turbot_dir" { server = "turbot.com" } -# Creates profiles in an exisiting turbot.com defined in terraform.tfvars +# Creates profiles defined in terraform.tfvars # Will grant the Turbot/Owner role to each profile at the Turbot root level # Will activate each Turbot/Owner grant to each profile resource "turbot_profile" "create_profile" { @@ -42,4 +35,3 @@ resource "turbot_grant_activation" "activate_turbot_owner_grant" { resource = "tmod:@turbot/turbot#/" grant = turbot_grant.profile_grant_turbot_owner[each.key].id } - diff --git a/baselines/guardrails/workspace_settings/README.md b/baselines/guardrails/workspace_settings/README.md new file mode 100644 index 000000000..f935eae45 --- /dev/null +++ b/baselines/guardrails/workspace_settings/README.md @@ -0,0 +1,109 @@ +# Workspace Settings Installation + +This script configures essential workspace settings within Turbot Guardrails, covering policies related to quick actions, retention, resource limits, Terraform versioning, and mod updates. These settings ensure that your Turbot environment is managed efficiently and adheres to your organization's best practices. + +## Documentation + +- **[Review Workspace Settings Documentation →](https://hub.guardrails.turbot.com/mods/turbot/policies)** + +## Getting Started + +### Requirements + +- [Terraform](https://developer.hashicorp.com/terraform/install) + +### Credentials + +To apply workspace settings using Terraform: + +- Ensure you have `Turbot/Owner` permissions in Guardrails. +- [Create access keys](https://turbot.com/guardrails/docs/guides/iam/access-keys#generate-a-new-guardrails-api-access-key) in Guardrails. + +Then set your credentials: + +```sh +export TURBOT_WORKSPACE=myworkspace.acme.com +export TURBOT_ACCESS_KEY=acce6ac5-access-key-here +export TURBOT_SECRET_KEY=a8af61ec-secret-key-here +``` + +Please see [Turbot Guardrails Provider authentication](https://registry.terraform.io/providers/turbot/turbot/latest/docs#authentication) for additional authentication methods. + +## Usage + +### Initialize Terraform + +1. Navigate to the `workspace_settings` folder. +2. Run the command: + +```sh +terraform init +``` + +### Install + +After initializing Terraform, you can apply the configuration to set up the workspace settings: + +```sh +terraform apply +``` + +### Destroy + +You can remove the workspace settings configuration: + +```sh +terraform destroy +``` + +## Overview of Workspace Settings + +This setup configures the following key policies within your Turbot workspace: + +### 1. Quick Actions Enabled + +- **Policy**: `turbot_quick_actions_enabled` +- **Description**: Enables or disables quick actions in the Turbot console. +- **Setting**: `"Enabled"` + +### 2. Retention Policy + +- **Policy**: `turbot_retention` +- **Description**: Enforces smart retention policies for resource data within Turbot. +- **Setting**: `"Enforce: Enable purging via Smart Retention"` + +### 3. Maximum Retention + +- **Policy**: `turbot_maximum_retention` +- **Description**: Sets the maximum retention period for resource data in days. +- **Setting**: `90 days` + +### 4. Resource Purge Limit + +- **Policy**: `turbot_resource_purge_limit` +- **Description**: Sets the limit on the number of resources that can be purged at once. +- **Setting**: `500 resources` + +### 5. Stack Terraform Version + +- **Policy**: `turbot_stack_terraform_version` +- **Description**: Specifies the Terraform version to be used for stack deployments. +- **Setting**: `"0.15.*"` + +### 6. Mod Auto-Update + +- **Policy**: `turbot_mod_auto_update` +- **Description**: Controls the automatic update of mods within the defined change window. +- **Setting**: `"Enforce within Mod Change Window"` + +### 7. Mod Change Window Schedule + +- **Policy**: `turbot_mod_change_window_schedule` +- **Description**: Defines the schedule for when mod updates can occur. +- **Setting**: + ```yaml + - name: Weekly + description: 'Weekly, Saturday 09:00 AM to Saturday 09:00 PM UTC' + cron: '0 9 * * SAT' + duration: 12 hours + ``` From f0bafbd035131ffd5eea0469d45e3df544f55038 Mon Sep 17 00:00:00 2001 From: Venu Date: Thu, 19 Sep 2024 17:39:32 +0530 Subject: [PATCH 17/17] remove defaults in variables --- baselines/aws/aws_mods/default.tfvars | 155 +++++++++++++++- baselines/aws/aws_mods/variables.tf | 175 ------------------ .../aws/aws_service_enabled/default.tfvars | 168 +++++++++++++++-- .../aws/aws_service_enabled/variables.tf | 157 ---------------- baselines/azure/azure_mods/default.tfvars | 22 ++- baselines/azure/azure_mods/mod_install.tf | 2 +- baselines/azure/azure_mods/variables.tf | 40 ---- .../azure_service_enabled/default.tfvars | 60 +++--- .../azure/azure_service_enabled/variables.tf | 98 ---------- baselines/gcp/gcp_mods/default.tfvars | 20 ++ baselines/gcp/gcp_mods/variables.tf | 36 ---- .../gcp/gcp_service_enabled/default.tfvars | 116 +++++++++--- .../gcp/gcp_service_enabled/variables.tf | 95 ---------- .../azure/azure_check_tagging/README.md | 139 -------------- .../guardrails/turbot_profiles/variables.tf | 2 +- 15 files changed, 467 insertions(+), 818 deletions(-) delete mode 100644 baselines/getting_started/azure/azure_check_tagging/README.md diff --git a/baselines/aws/aws_mods/default.tfvars b/baselines/aws/aws_mods/default.tfvars index c4f9c051d..6e3a93255 100644 --- a/baselines/aws/aws_mods/default.tfvars +++ b/baselines/aws/aws_mods/default.tfvars @@ -1,22 +1,175 @@ mod_list = [ "aws", + # "aws-acm", + # "aws-amplify", + # "aws-apigateway", + # "aws-appconfig", + # "aws-appfabric", + # "aws-appflow", + # "aws-appmesh", + # "aws-appstream", + # "aws-appsync", + # "aws-artifact", + # "aws-athena", + # "aws-auditmanager", + # "aws-backup", + # "aws-batch", + # "aws-bedrock", + # "aws-billing", + # "aws-braket", + # "aws-chatbot", + # "aws-chime", + # "aws-cisv1", + # "aws-cisv1-4", + # "aws-cisv2-0", "aws-cisv3-0", + # "aws-cleanrooms", + # "aws-cloud9", + # "aws-clouddirectory", + # "aws-cloudformation", + # "aws-cloudfront", + # "aws-cloudhsm", + # "aws-cloudmap", + # "aws-cloudsearch", + # "aws-cloudshell", "aws-cloudtrail", "aws-cloudwatch", + # "aws-codebuild", + # "aws-codecommit", + # "aws-codedeploy", + # "aws-codepipeline", + # "aws-codestar", + # "aws-codewhisperer", + # "aws-cognito", + # "aws-comprehend", + # "aws-computeoptimizer", "aws-config", + # "aws-connect", + # "aws-datapipeline", + # "aws-datasync", + # "aws-dax", + # "aws-devicefarm", + # "aws-directconnect", + # "aws-directoryservice", + # "aws-dms", + # "aws-docdb", + # "aws-dynamodb", "aws-ec2", + # "aws-ec2imagebuilder", + # "aws-ecr", + # "aws-ecs", "aws-efs", + # "aws-eks", + # "aws-elasticache", + # "aws-elasticbeanstalk", + # "aws-elasticinference", + # "aws-elasticsearch", + # "aws-elastictranscoder", + # "aws-emr", + # "aws-eventbridgepipes", + # "aws-eventbridgescheduler", "aws-events", + # "aws-fms", + # "aws-fsx", + # "aws-gamelift", + # "aws-glacier", + # "aws-globalaccelerator", + # "aws-glue", + # "aws-gluedatabrew", + # "aws-greengrass", + # "aws-guardduty", + # "aws-health", + # "aws-hipaa", "aws-iam", + # "aws-inspector", + # "aws-iot", + # "aws-iot1click", + # "aws-iotanalytics", + # "aws-iotevents", + # "aws-iotsitewise", + # "aws-iotthingsgraph", + # "aws-kendra", + # "aws-kinesis", "aws-kms", + # "aws-lakeformation", "aws-lambda", + # "aws-lex", + # "aws-lightsail", + # "aws-location", "aws-logs", + # "aws-machinelearning", + # "aws-macie", + # "aws-mediaconnect", + # "aws-mediaconvert", + # "aws-medialive", + # "aws-mediapackage", + # "aws-mediastore", + # "aws-mediatailor", + # "aws-mq", + # "aws-msk", + # "aws-mwaa", + # "aws-neptune", + # "aws-nist-800-53", + # "aws-omics", + # "aws-opensearch", + # "aws-organizations", + # "aws-os", + # "aws-outposts", + # "aws-pciv3-2-1", + # "aws-pinpoint", + # "aws-polly", + # "aws-qldb", + # "aws-quicksight", + # "aws-ram", "aws-rds", + # "aws-redshift", + # "aws-redshiftserverless", + # "aws-rekognition", + # "aws-resourcegroups", + # "aws-robomaker", + # "aws-route53", + # "aws-route53domains", + # "aws-route53recoverycontrolconfig", + # "aws-route53recoveryreadiness", + # "aws-route53resolver", "aws-s3", + # "aws-s3multiregionaccesspoint", + # "aws-sagemaker", + # "aws-savingsplans", + # "aws-scheduler", + # "aws-secretsmanager", "aws-securityhub", + # "aws-serverlessapplicationrepository", + # "aws-servermigration", + # "aws-servicecatalog", + # "aws-servicequotas", + # "aws-ses", + # "aws-shield", + # "aws-signer", + # "aws-simpledb", + # "aws-snowball", "aws-sns", + # "aws-sqs", + # "aws-ssm", + # "aws-stepfunctions", + # "aws-storagegateway", + # "aws-swf", + # "aws-tagging", + # "aws-textract", + # "aws-transcribe", + # "aws-transfer", + # "aws-translate", + # "aws-trustedadvisor", "aws-vpc-connect", "aws-vpc-core", "aws-vpc-internet", - "aws-vpc-security" + "aws-vpc-security", + # "aws-vpclattice", + # "aws-waf", + # "aws-wafregional", + # "aws-wellarchitected", + # "aws-wellarchitected-framework", + # "aws-workdocs", + # "aws-workspaces", + # "aws-xray" ] diff --git a/baselines/aws/aws_mods/variables.tf b/baselines/aws/aws_mods/variables.tf index 97f4fab8a..309a71665 100644 --- a/baselines/aws/aws_mods/variables.tf +++ b/baselines/aws/aws_mods/variables.tf @@ -1,179 +1,4 @@ variable "mod_list" { type = list(string) description = "The list of AWS Mods to install." - default = [ - "aws", - "aws-acm", - "aws-amplify", - "aws-apigateway", - "aws-appconfig", - "aws-appfabric", - "aws-appflow", - "aws-appmesh", - "aws-appstream", - "aws-appsync", - "aws-artifact", - "aws-athena", - "aws-auditmanager", - "aws-backup", - "aws-batch", - "aws-bedrock", - "aws-billing", - "aws-braket", - "aws-chatbot", - "aws-chime", - "aws-cisv1", - "aws-cisv1-4", - "aws-cisv2-0", - "aws-cisv3-0", - "aws-cleanrooms", - "aws-cloud9", - "aws-clouddirectory", - "aws-cloudformation", - "aws-cloudfront", - "aws-cloudhsm", - "aws-cloudmap", - "aws-cloudsearch", - "aws-cloudshell", - "aws-cloudtrail", - "aws-cloudwatch", - "aws-codebuild", - "aws-codecommit", - "aws-codedeploy", - "aws-codepipeline", - "aws-codestar", - "aws-codewhisperer", - "aws-cognito", - "aws-comprehend", - "aws-computeoptimizer", - "aws-config", - "aws-connect", - "aws-datapipeline", - "aws-datasync", - "aws-dax", - "aws-devicefarm", - "aws-directconnect", - "aws-directoryservice", - "aws-dms", - "aws-docdb", - "aws-dynamodb", - "aws-ec2", - "aws-ec2imagebuilder", - "aws-ecr", - "aws-ecs", - "aws-efs", - "aws-eks", - "aws-elasticache", - "aws-elasticbeanstalk", - "aws-elasticinference", - "aws-elasticsearch", - "aws-elastictranscoder", - "aws-emr", - "aws-eventbridgepipes", - "aws-eventbridgescheduler", - "aws-events", - "aws-fms", - "aws-fsx", - "aws-gamelift", - "aws-glacier", - "aws-globalaccelerator", - "aws-glue", - "aws-gluedatabrew", - "aws-greengrass", - "aws-guardduty", - "aws-health", - "aws-hipaa", - "aws-iam", - "aws-inspector", - "aws-iot", - "aws-iot1click", - "aws-iotanalytics", - "aws-iotevents", - "aws-iotsitewise", - "aws-iotthingsgraph", - "aws-kendra", - "aws-kinesis", - "aws-kms", - "aws-lakeformation", - "aws-lambda", - "aws-lex", - "aws-lightsail", - "aws-location", - "aws-logs", - "aws-machinelearning", - "aws-macie", - "aws-mediaconnect", - "aws-mediaconvert", - "aws-medialive", - "aws-mediapackage", - "aws-mediastore", - "aws-mediatailor", - "aws-mq", - "aws-msk", - "aws-mwaa", - "aws-neptune", - "aws-nist-800-53", - "aws-omics", - "aws-opensearch", - "aws-organizations", - "aws-os", - "aws-outposts", - "aws-pciv3-2-1", - "aws-pinpoint", - "aws-polly", - "aws-qldb", - "aws-quicksight", - "aws-ram", - "aws-rds", - "aws-redshift", - "aws-redshiftserverless", - "aws-rekognition", - "aws-resourcegroups", - "aws-robomaker", - "aws-route53", - "aws-route53domains", - "aws-route53recoverycontrolconfig", - "aws-route53recoveryreadiness", - "aws-route53resolver", - "aws-s3", - "aws-s3multiregionaccesspoint", - "aws-sagemaker", - "aws-savingsplans", - "aws-scheduler", - "aws-secretsmanager", - "aws-securityhub", - "aws-serverlessapplicationrepository", - "aws-servermigration", - "aws-servicecatalog", - "aws-servicequotas", - "aws-ses", - "aws-shield", - "aws-signer", - "aws-simpledb", - "aws-snowball", - "aws-sns", - "aws-sqs", - "aws-ssm", - "aws-stepfunctions", - "aws-storagegateway", - "aws-swf", - "aws-tagging", - "aws-textract", - "aws-transcribe", - "aws-transfer", - "aws-translate", - "aws-trustedadvisor", - "aws-vpc-connect", - "aws-vpc-core", - "aws-vpc-internet", - "aws-vpc-security", - "aws-vpclattice", - "aws-waf", - "aws-wafregional", - "aws-wellarchitected", - "aws-wellarchitected-framework", - "aws-workdocs", - "aws-workspaces", - "aws-xray" - ] } diff --git a/baselines/aws/aws_service_enabled/default.tfvars b/baselines/aws/aws_service_enabled/default.tfvars index cb73c7031..e46892740 100644 --- a/baselines/aws/aws_service_enabled/default.tfvars +++ b/baselines/aws/aws_service_enabled/default.tfvars @@ -1,18 +1,158 @@ # List of services to set as Enabled enabled_policy_map = { - aws-cloudtrail = "cloudTrailEnabled" - aws-cloudwatch = "cloudWatchEnabled" - aws-config = "configEnabled" - aws-ec2 = "ec2Enabled" - aws-efs = "efsEnabled" - aws-events = "eventsEnabled" - aws-iam = "iamEnabled" - aws-kms = "kmsEnabled" - aws-lambda = "lambdaEnabled" - aws-logs = "logsEnabled" - aws-rds = "rdsEnabled" - aws-s3 = "s3Enabled" + # aws-acm = "acmEnabled" + # aws-amplify = "amplifyEnabled" + # aws-apigateway = "apiGatewayEnabled" + # aws-appconfig = "appConfigEnabled" + # aws-appfabric = "appFabricEnabled" + # aws-appflow = "appFlowEnabled" + # aws-appmesh = "appMeshEnabled" + # aws-appstream = "appStreamEnabled" + # aws-appsync = "appSyncEnabled" + # aws-artifact = "artifactEnabled" + # aws-athena = "athenaEnabled" + # aws-auditmanager = "auditManagerEnabled" + # aws-backup = "backupEnabled" + # aws-batch = "batchEnabled" + # aws-bedrock = "bedrockEnabled" + # aws-billing = "billingEnabled" + # aws-braket = "braketEnabled" + # aws-chatbot = "chatbotEnabled" + # aws-chime = "chimeEnabled" + # aws-cleanrooms = "cleanRoomsEnabled" + # aws-cloud9 = "cloud9Enabled" + # aws-clouddirectory = "cloudDirectoryEnabled" + # aws-cloudformation = "cloudFormationEnabled" + # aws-cloudfront = "cloudFrontEnabled" + # aws-cloudhsm = "cloudHsmEnabled" + # aws-cloudmap = "cloudMapEnabled" + # aws-cloudsearch = "cloudSearchEnabled" + # aws-cloudshell = "cloudShellEnabled" + aws-cloudtrail = "cloudTrailEnabled" + aws-cloudwatch = "cloudWatchEnabled" + # aws-codebuild = "codeBuildEnabled" + # aws-codecommit = "codeCommitEnabled" + # aws-codedeploy = "codeDeployEnabled" + # aws-codepipeline = "codePipelineEnabled" + # aws-codestar = "codeStarEnabled" + # aws-codewhisperer = "codeWhispererEnabled" + # aws-cognito = "cognitoEnabled" + # aws-comprehend = "comprehendEnabled" + # aws-computeoptimizer = "computeOptimizerEnabled" + aws-config = "configEnabled" + # aws-connect = "connectEnabled" + # aws-datapipeline = "dataPipelineEnabled" + # aws-datasync = "datasyncEnabled" + # aws-dax = "daxEnabled" + # aws-devicefarm = "deviceFarmEnabled" + # aws-directconnect = "directConnectEnabled" + # aws-directoryservice = "directoryServiceEnabled" + # aws-dms = "dmsEnabled" + # aws-dynamodb = "dynamodbEnabled" + aws-ec2 = "ec2Enabled" + # aws-ec2imagebuilder = "ec2ImageBuilderEnabled" + # aws-ecr = "ecrEnabled" + # aws-ecs = "ecsEnabled" + aws-efs = "efsEnabled" + # aws-eks = "eksEnabled" + # aws-elasticache = "elastiCacheEnabled" + # aws-elasticbeanstalk = "elasticBeanstalkEnabled" + # aws-elasticinference = "elasticInferenceEnabled" + # aws-elasticsearch = "esEnabled" + # aws-elastictranscoder = "elasticTranscoderEnabled" + # aws-emr = "emrEnabled" + # aws-eventbridgepipes = "eventBridgePipesEnabled" + # aws-eventbridgescheduler = "eventBridgeSchedulerEnabled" + aws-events = "eventsEnabled" + # aws-fms = "fmsEnabled" + # aws-fsx = "fsxEnabled" + # aws-gamelift = "gameLiftEnabled" + # aws-glacier = "glacierEnabled" + # aws-globalaccelerator = "globalAcceleratorEnabled" + # aws-glue = "glueEnabled" + # aws-gluedatabrew = "glueDataBrewEnabled" + # aws-greengrass = "greengrassEnabled" + # aws-guardduty = "guardDutyEnabled" + # aws-health = "healthEnabled" + aws-iam = "iamEnabled" + # aws-inspector = "inspectorEnabled" + # aws-iot = "iotEnabled" + # aws-iot1click = "iot1ClickEnabled" + # aws-iotanalytics = "iotAnalyticsEnabled" + # aws-iotevents = "iotEventsEnabled" + # aws-iotsitewise = "iotSiteWiseEnabled" + # aws-iotthingsgraph = "iotThingsGraphEnabled" + # aws-kendra = "kendraEnabled" + # aws-kinesis = "kinesisEnabled" + aws-kms = "kmsEnabled" + # aws-lakeformation = "lakeFormationEnabled" + aws-lambda = "lambdaEnabled" + # aws-lex = "lexEnabled" + # aws-lightsail = "lightsailEnabled" + # aws-location = "locationEnabled" + aws-logs = "logsEnabled" + # aws-machinelearning = "machineLearningEnabled" + # aws-macie = "macieEnabled" + # aws-mediaconnect = "mediaConnectEnabled" + # aws-mediaconvert = "mediaConvertEnabled" + # aws-medialive = "mediaLiveEnabled" + # aws-mediapackage = "mediaPackageEnabled" + # aws-mediastore = "mediaStoreEnabled" + # aws-mediatailor = "mediaTailorEnabled" + # aws-mq = "mqEnabled" + # aws-msk = "mskEnabled" + # aws-mwaa = "mwaaEnabled" + # aws-omics = "omicsEnabled" + # aws-opensearch = "openSearchEnabled" + # aws-outposts = "outpostsEnabled" + # aws-polly = "pollyEnabled" + # aws-qldb = "qldbEnabled" + # aws-quicksight = "quickSightEnabled" + # aws-ram = "ramEnabled" + aws-rds = "rdsEnabled" + # aws-redshift = "redshiftEnabled" + # aws-redshiftserverless = "redshiftServerlessEnabled" + # aws-rekognition = "rekognitionEnabled" + # aws-resourcegroups = "resourceGroupsEnabled" + # aws-robomaker = "roboMakerEnabled" + # aws-route53 = "route53Enabled" + # aws-route53domains = "route53DomainsEnabled" + # aws-route53recoverycontrolconfig = "route53RecoveryControlConfigEnabled" + # aws-route53recoveryreadiness = "route53RecoveryReadinessEnabled" + # aws-route53resolver = "route53ResolverEnabled" + aws-s3 = "s3Enabled" + # aws-sagemaker = "sageMakerEnabled" + # aws-savingsplans = "savingsPlansEnabled" + # aws-scheduler = "schedulerEnabled" + # aws-secretsmanager = "secretsManagerEnabled" aws-securityhub = "securityHubEnabled" - aws-sns = "snsEnabled" - aws-vpc-core = "vpcServiceEnabled" + # aws-serverlessapplicationrepository = "serverlessApplicationRepositoryEnabled" + # aws-servermigration = "serverMigrationServiceEnabled" + # aws-servicecatalog = "serviceCatalogEnabled" + # aws-servicequotas = "serviceQuotasEnabled" + # aws-ses = "sesEnabled" + # aws-shield = "shieldEnabled" + # aws-signer = "signerEnabled" + # aws-simpledb = "simpleDbEnabled" + # aws-snowball = "snowballEnabled" + aws-sns = "snsEnabled" + # aws-sqs = "sqsEnabled" + # aws-ssm = "ssmEnabled" + # aws-stepfunctions = "stepFunctionsEnabled" + # aws-storagegateway = "storageGatewayEnabled" + # aws-swf = "swfEnabled" + # aws-tagging = "taggingEnabled" + # aws-textract = "textractEnabled" + # aws-transcribe = "transcribeEnabled" + # aws-transfer = "transferEnabled" + # aws-translate = "translateEnabled" + # aws-trustedadvisor = "trustedAdvisorEnabled" + aws-vpc-core = "vpcServiceEnabled" + # aws-vpclattice = "vpcLatticeEnabled" + # aws-waf = "wafEnabled" + # aws-wafregional = "wafRegionalEnabled" + # aws-wellarchitected = "wellarchitectedEnabled" + # aws-workdocs = "workDocsEnabled" + # aws-workspaces = "workSpacesEnabled" + # aws-xray = "xrayEnabled" } diff --git a/baselines/aws/aws_service_enabled/variables.tf b/baselines/aws/aws_service_enabled/variables.tf index 869f46c7c..3555b7142 100644 --- a/baselines/aws/aws_service_enabled/variables.tf +++ b/baselines/aws/aws_service_enabled/variables.tf @@ -1,161 +1,4 @@ variable "enabled_policy_map" { description = "Enter the list of services that you would like to Enable" type = map(string) - default = { - aws-acm = "acmEnabled" - aws-amplify = "amplifyEnabled" - aws-apigateway = "apiGatewayEnabled" - aws-appconfig = "appConfigEnabled" - aws-appfabric = "appFabricEnabled" - aws-appflow = "appFlowEnabled" - aws-appmesh = "appMeshEnabled" - aws-appstream = "appStreamEnabled" - aws-appsync = "appSyncEnabled" - aws-artifact = "artifactEnabled" - aws-athena = "athenaEnabled" - aws-auditmanager = "auditManagerEnabled" - aws-backup = "backupEnabled" - aws-batch = "batchEnabled" - aws-bedrock = "bedrockEnabled" - aws-billing = "billingEnabled" - aws-braket = "braketEnabled" - aws-chatbot = "chatbotEnabled" - aws-chime = "chimeEnabled" - aws-cleanrooms = "cleanRoomsEnabled" - aws-cloud9 = "cloud9Enabled" - aws-clouddirectory = "cloudDirectoryEnabled" - aws-cloudformation = "cloudFormationEnabled" - aws-cloudfront = "cloudFrontEnabled" - aws-cloudhsm = "cloudHsmEnabled" - aws-cloudmap = "cloudMapEnabled" - aws-cloudsearch = "cloudSearchEnabled" - aws-cloudshell = "cloudShellEnabled" - aws-cloudtrail = "cloudTrailEnabled" - aws-cloudwatch = "cloudWatchEnabled" - aws-codebuild = "codeBuildEnabled" - aws-codecommit = "codeCommitEnabled" - aws-codedeploy = "codeDeployEnabled" - aws-codepipeline = "codePipelineEnabled" - aws-codestar = "codeStarEnabled" - aws-codewhisperer = "codeWhispererEnabled" - aws-cognito = "cognitoEnabled" - aws-comprehend = "comprehendEnabled" - aws-computeoptimizer = "computeOptimizerEnabled" - aws-config = "configEnabled" - aws-connect = "connectEnabled" - aws-datapipeline = "dataPipelineEnabled" - aws-datasync = "datasyncEnabled" - aws-dax = "daxEnabled" - aws-devicefarm = "deviceFarmEnabled" - aws-directconnect = "directConnectEnabled" - aws-directoryservice = "directoryServiceEnabled" - aws-dms = "dmsEnabled" - aws-dynamodb = "dynamodbEnabled" - aws-ec2 = "ec2Enabled" - aws-ec2imagebuilder = "ec2ImageBuilderEnabled" - aws-ecr = "ecrEnabled" - aws-ecs = "ecsEnabled" - aws-efs = "efsEnabled" - aws-eks = "eksEnabled" - aws-elasticache = "elastiCacheEnabled" - aws-elasticbeanstalk = "elasticBeanstalkEnabled" - aws-elasticinference = "elasticInferenceEnabled" - aws-elasticsearch = "esEnabled" - aws-elastictranscoder = "elasticTranscoderEnabled" - aws-emr = "emrEnabled" - aws-eventbridgepipes = "eventBridgePipesEnabled" - aws-eventbridgescheduler = "eventBridgeSchedulerEnabled" - aws-events = "eventsEnabled" - aws-fms = "fmsEnabled" - aws-fsx = "fsxEnabled" - aws-gamelift = "gameLiftEnabled" - aws-glacier = "glacierEnabled" - aws-globalaccelerator = "globalAcceleratorEnabled" - aws-glue = "glueEnabled" - aws-gluedatabrew = "glueDataBrewEnabled" - aws-greengrass = "greengrassEnabled" - aws-guardduty = "guardDutyEnabled" - aws-health = "healthEnabled" - aws-iam = "iamEnabled" - aws-inspector = "inspectorEnabled" - aws-iot = "iotEnabled" - aws-iot1click = "iot1ClickEnabled" - aws-iotanalytics = "iotAnalyticsEnabled" - aws-iotevents = "iotEventsEnabled" - aws-iotsitewise = "iotSiteWiseEnabled" - aws-iotthingsgraph = "iotThingsGraphEnabled" - aws-kendra = "kendraEnabled" - aws-kinesis = "kinesisEnabled" - aws-kms = "kmsEnabled" - aws-lakeformation = "lakeFormationEnabled" - aws-lambda = "lambdaEnabled" - aws-lex = "lexEnabled" - aws-lightsail = "lightsailEnabled" - aws-location = "locationEnabled" - aws-logs = "logsEnabled" - aws-machinelearning = "machineLearningEnabled" - aws-macie = "macieEnabled" - aws-mediaconnect = "mediaConnectEnabled" - aws-mediaconvert = "mediaConvertEnabled" - aws-medialive = "mediaLiveEnabled" - aws-mediapackage = "mediaPackageEnabled" - aws-mediastore = "mediaStoreEnabled" - aws-mediatailor = "mediaTailorEnabled" - aws-mq = "mqEnabled" - aws-msk = "mskEnabled" - aws-mwaa = "mwaaEnabled" - aws-omics = "omicsEnabled" - aws-opensearch = "openSearchEnabled" - aws-outposts = "outpostsEnabled" - aws-polly = "pollyEnabled" - aws-qldb = "qldbEnabled" - aws-quicksight = "quickSightEnabled" - aws-ram = "ramEnabled" - aws-rds = "rdsEnabled" - aws-redshift = "redshiftEnabled" - aws-redshiftserverless = "redshiftServerlessEnabled" - aws-rekognition = "rekognitionEnabled" - aws-resourcegroups = "resourceGroupsEnabled" - aws-robomaker = "roboMakerEnabled" - aws-route53 = "route53Enabled" - aws-route53domains = "route53DomainsEnabled" - aws-route53recoverycontrolconfig = "route53RecoveryControlConfigEnabled" - aws-route53recoveryreadiness = "route53RecoveryReadinessEnabled" - aws-route53resolver = "route53ResolverEnabled" - aws-s3 = "s3Enabled" - aws-sagemaker = "sageMakerEnabled" - aws-savingsplans = "savingsPlansEnabled" - aws-scheduler = "schedulerEnabled" - aws-secretsmanager = "secretsManagerEnabled" - aws-securityhub = "securityHubEnabled" - aws-serverlessapplicationrepository = "serverlessApplicationRepositoryEnabled" - aws-servermigration = "serverMigrationServiceEnabled" - aws-servicecatalog = "serviceCatalogEnabled" - aws-servicequotas = "serviceQuotasEnabled" - aws-ses = "sesEnabled" - aws-shield = "shieldEnabled" - aws-signer = "signerEnabled" - aws-simpledb = "simpleDbEnabled" - aws-snowball = "snowballEnabled" - aws-sns = "snsEnabled" - aws-sqs = "sqsEnabled" - aws-ssm = "ssmEnabled" - aws-stepfunctions = "stepFunctionsEnabled" - aws-storagegateway = "storageGatewayEnabled" - aws-swf = "swfEnabled" - aws-tagging = "taggingEnabled" - aws-textract = "textractEnabled" - aws-transcribe = "transcribeEnabled" - aws-transfer = "transferEnabled" - aws-translate = "translateEnabled" - aws-trustedadvisor = "trustedAdvisorEnabled" - aws-vpc-core = "vpcServiceEnabled" - aws-vpclattice = "vpcLatticeEnabled" - aws-waf = "wafEnabled" - aws-wafregional = "wafRegionalEnabled" - aws-wellarchitected = "wellarchitectedEnabled" - aws-workdocs = "workDocsEnabled" - aws-workspaces = "workSpacesEnabled" - aws-xray = "xrayEnabled" - } } diff --git a/baselines/azure/azure_mods/default.tfvars b/baselines/azure/azure_mods/default.tfvars index 873f0425d..b13fc2057 100644 --- a/baselines/azure/azure_mods/default.tfvars +++ b/baselines/azure/azure_mods/default.tfvars @@ -1,20 +1,40 @@ mod_list = [ "azure", "azure-activedirectory", + # "azure-aks", + # "azure-apimanagement", + # "azure-applicationgateway", + # "azure-applicationinsights", "azure-appservice", + # "azure-automation", + # "azure-cisv1", + # "azure-cisv1-2", "azure-cisv2-0", "azure-compute", "azure-cosmosdb", + # "azure-databricks", + # "azure-datafactory", + # "azure-dns", + # "azure-firewall", + # "azure-frontdoorservice", "azure-iam", "azure-keyvault", "azure-loadbalancer", + # "azure-loganalytics", "azure-monitor", "azure-mysql", "azure-network", "azure-networkwatcher", "azure-postgresql", "azure-provider", + # "azure-recoveryservice", + # "azure-relay", + # "azure-searchmanagement", "azure-securitycenter", + # "azure-servicebus", + # "azure-signalr", "azure-sql", - "azure-storage" + # "azure-sqlvirtualmachine", + "azure-storage", + # "azure-synapseanalytics" ] diff --git a/baselines/azure/azure_mods/mod_install.tf b/baselines/azure/azure_mods/mod_install.tf index c06dfc222..0802bec4e 100644 --- a/baselines/azure/azure_mods/mod_install.tf +++ b/baselines/azure/azure_mods/mod_install.tf @@ -231,7 +231,7 @@ resource "turbot_mod" "azure-frontdoorservice" { # https://hub.guardrails.turbot.com/mods/azure/mods/azure-iam resource "turbot_mod" "azure-iam" { parent = "tmod:@turbot/turbot#/" - depends_on = [turbot_mod.azure] + depends_on = [turbot_mod.azure, turbot_mod.azure-provider] org = "turbot" mod = "azure-iam" version = ">=5.0.0" diff --git a/baselines/azure/azure_mods/variables.tf b/baselines/azure/azure_mods/variables.tf index 91cd25c95..d01cd3f34 100644 --- a/baselines/azure/azure_mods/variables.tf +++ b/baselines/azure/azure_mods/variables.tf @@ -1,44 +1,4 @@ variable "mod_list" { type = list(string) description = "The list of Azure Mods to install." - default = [ - "azure", - "azure-activedirectory", - "azure-aks", - "azure-apimanagement", - "azure-applicationgateway", - "azure-applicationinsights", - "azure-appservice", - "azure-automation", - "azure-cisv1", - "azure-cisv1-2", - "azure-cisv2-0", - "azure-compute", - "azure-cosmosdb", - "azure-databricks", - "azure-datafactory", - "azure-dns", - "azure-firewall", - "azure-frontdoorservice", - "azure-iam", - "azure-keyvault", - "azure-loadbalancer", - "azure-loganalytics", - "azure-monitor", - "azure-mysql", - "azure-network", - "azure-networkwatcher", - "azure-postgresql", - "azure-provider", - "azure-recoveryservice", - "azure-relay", - "azure-searchmanagement", - "azure-securitycenter", - "azure-servicebus", - "azure-signalr", - "azure-sql", - "azure-sqlvirtualmachine", - "azure-storage", - "azure-synapseanalytics" - ] } diff --git a/baselines/azure/azure_service_enabled/default.tfvars b/baselines/azure/azure_service_enabled/default.tfvars index 5295942cb..74c283e1a 100644 --- a/baselines/azure/azure_service_enabled/default.tfvars +++ b/baselines/azure/azure_service_enabled/default.tfvars @@ -5,11 +5,11 @@ provider_status = { # ApiManagement = "Enforce: Registered" # Automation = "Enforce: Registered" # Billing = "Enforce: Registered" - Compute = "Enforce: Registered" + Compute = "Enforce: Registered" # ContainerService = "Enforce: Registered" # CostManagement = "Enforce: Registered" - DBforMySQL = "Enforce: Registered" - DBforPostgreSQL = "Enforce: Registered" + DBforMySQL = "Enforce: Registered" + DBforPostgreSQL = "Enforce: Registered" # DataFactory = "Enforce: Registered" # DataLakeAnalytics = "Enforce: Registered" # Databricks = "Enforce: Registered" @@ -17,19 +17,19 @@ provider_status = { # DomainRegistration = "Enforce: Registered" # HDInsight = "Enforce: Registered" # Insights = "Enforce: Registered" - KeyVault = "Enforce: Registered" - Network = "Enforce: Registered" + KeyVault = "Enforce: Registered" + Network = "Enforce: Registered" # OperationalInsights = "Enforce: Registered" # RecoveryServices = "Enforce: Registered" # Relay = "Enforce: Registered" # Resources = "Enforce: Registered" # Search = "Enforce: Registered" - Security = "Enforce: Registered" + Security = "Enforce: Registered" # ServiceBus = "Enforce: Registered" # SignalRService = "Enforce: Registered" - Sql = "Enforce: Registered" + Sql = "Enforce: Registered" # SqlVirtualMachine = "Enforce: Registered" - Storage = "Enforce: Registered" + Storage = "Enforce: Registered" # Synapse = "Enforce: Registered" # Web = "Enforce: Registered" } @@ -38,11 +38,11 @@ provider_registration_map = { # ApiManagement = "apiManagementRegistered" # Automation = "automationRegistered" # Billing = "billingRegistered" - Compute = "computeRegistered" + Compute = "computeRegistered" # ContainerService = "containerServiceRegistered" # CostManagement = "costManagementRegistered" - DBforMySQL = "dbforMySqlRegistered" - DBforPostgreSQL = "dbForPostgreSqlRegistered" + DBforMySQL = "dbforMySqlRegistered" + DBforPostgreSQL = "dbForPostgreSqlRegistered" # DataFactory = "dataFactoryRegistered" # DataLakeAnalytics = "dataLakeAnalyticsRegistered" # Databricks = "databricksRegistered" @@ -50,54 +50,54 @@ provider_registration_map = { # DomainRegistration = "domainRegistrationRegistered" # HDInsight = "hdInsightRegistered" # Insights = "insightsRegistered" - KeyVault = "keyVaultRegistered" - Network = "networkRegistered" + KeyVault = "keyVaultRegistered" + Network = "networkRegistered" # OperationalInsights = "operationalInsightsRegistered" # RecoveryServices = "recoveryServicesRegistered" # Relay = "relayRegistered" # Resources = "resourcesRegistered" # Search = "searchRegistered" - Security = "securityRegistered" + Security = "securityRegistered" # ServiceBus = "serviceBusRegistered" # SignalRService = "signalRServiceRegistered" - Sql = "sqlRegistered" + Sql = "sqlRegistered" # SqlVirtualMachine = "sqlVirtualMachineRegistered" - Storage = "storageRegistered" + Storage = "storageRegistered" # Synapse = "synapseRegistered" # Web = "webRegistered" } enabled_policy_map = { - azure-aks = "aksEnabled" + # azure-aks = "aksEnabled" # azure-apimanagement = "apiManagementEnabled" # azure-applicationgateway = "applicationGatewayServiceEnabled" # azure-applicationinsights = "applicationInsightsEnabled" - azure-appservice = "appServiceEnabled" + azure-appservice = "appServiceEnabled" # azure-automation = "automationEnabled" - azure-compute = "computeEnabled" - azure-cosmosdb = "cosmosDbEnabled" + azure-compute = "computeEnabled" + azure-cosmosdb = "cosmosDbEnabled" # azure-databricks = "databricksEnabled" # azure-datafactory = "dataFactoryEnabled" # azure-dns = "dnsEnabled" # azure-firewall = "firewallServiceEnabled" # azure-frontdoorservice = "frontDoorServiceEnabled" - azure-iam = "iamEnabled" - azure-keyvault = "keyVaultEnabled" - azure-loadbalancer = "loadBalancerServiceEnabled" + azure-iam = "iamEnabled" + azure-keyvault = "keyVaultEnabled" + azure-loadbalancer = "loadBalancerServiceEnabled" # azure-loganalytics = "logAnalyticsEnabled" - azure-monitor = "monitorEnabled" - azure-mysql = "mySqlEnabled" - azure-network = "networkEnabled" - azure-networkwatcher = "networkWatcherServiceEnabled" - azure-postgresql = "postgreSqlEnabled" + azure-monitor = "monitorEnabled" + azure-mysql = "mySqlEnabled" + azure-network = "networkEnabled" + azure-networkwatcher = "networkWatcherServiceEnabled" + azure-postgresql = "postgreSqlEnabled" # azure-recoveryservice = "recoveryServiceEnabled" # azure-relay = "relayEnabled" # azure-searchmanagement = "searchManagementEnabled" # azure-securitycenter = "securityCenterServiceEnabled" # azure-servicebus = "serviceBusEnabled" # azure-signalr = "signalRServiceEnabled" - azure-sql = "sqlEnabled" + azure-sql = "sqlEnabled" # azure-sqlvirtualmachine = "sqlVirtualMachineServiceEnabled" - azure-storage = "storageEnabled" + azure-storage = "storageEnabled" # azure-synapseanalytics = "synapseAnalyticsEnabled" } diff --git a/baselines/azure/azure_service_enabled/variables.tf b/baselines/azure/azure_service_enabled/variables.tf index 7c39f5a12..201636f17 100644 --- a/baselines/azure/azure_service_enabled/variables.tf +++ b/baselines/azure/azure_service_enabled/variables.tf @@ -1,40 +1,6 @@ variable "enabled_policy_map" { description = "Enter the list of services that you would like to Enable" type = map(string) - default = { - azure-aks = "aksEnabled" - azure-apimanagement = "apiManagementEnabled" - azure-applicationgateway = "applicationGatewayServiceEnabled" - azure-applicationinsights = "applicationInsightsEnabled" - azure-appservice = "appServiceEnabled" - azure-automation = "automationEnabled" - azure-compute = "computeEnabled" - azure-cosmosdb = "cosmosDbEnabled" - azure-databricks = "databricksEnabled" - azure-datafactory = "dataFactoryEnabled" - azure-dns = "dnsEnabled" - azure-firewall = "firewallServiceEnabled" - azure-frontdoorservice = "frontDoorServiceEnabled" - azure-iam = "iamEnabled" - azure-keyvault = "keyVaultEnabled" - azure-loadbalancer = "loadBalancerServiceEnabled" - azure-loganalytics = "logAnalyticsEnabled" - azure-monitor = "monitorEnabled" - azure-mysql = "mySqlEnabled" - azure-network = "networkEnabled" - azure-networkwatcher = "networkWatcherServiceEnabled" - azure-postgresql = "postgreSqlEnabled" - azure-recoveryservice = "recoveryServiceEnabled" - azure-relay = "relayEnabled" - azure-searchmanagement = "searchManagementEnabled" - azure-securitycenter = "securityCenterServiceEnabled" - azure-servicebus = "serviceBusEnabled" - azure-signalr = "signalRServiceEnabled" - azure-sql = "sqlEnabled" - azure-sqlvirtualmachine = "sqlVirtualMachineServiceEnabled" - azure-storage = "storageEnabled" - azure-synapseanalytics = "synapseAnalyticsEnabled" - } } variable "provider_status" { @@ -48,73 +14,9 @@ variable "provider_status" { - "Enforce: Registered" EOF type = map(string) - default = { - ApiManagement = "Enforce: Registered" - Automation = "Enforce: Registered" - Billing = "Enforce: Registered" - Compute = "Enforce: Registered" - ContainerService = "Enforce: Registered" - CostManagement = "Enforce: Registered" - DBforMySQL = "Enforce: Registered" - DBforPostgreSQL = "Enforce: Registered" - DataFactory = "Enforce: Registered" - DataLakeAnalytics = "Enforce: Registered" - Databricks = "Enforce: Registered" - DocumentDB = "Enforce: Registered" - DomainRegistration = "Enforce: Registered" - HDInsight = "Enforce: Registered" - Insights = "Enforce: Registered" - KeyVault = "Enforce: Registered" - Network = "Enforce: Registered" - OperationalInsights = "Enforce: Registered" - RecoveryServices = "Enforce: Registered" - Relay = "Enforce: Registered" - Resources = "Enforce: Registered" - Search = "Enforce: Registered" - Security = "Enforce: Registered" - ServiceBus = "Enforce: Registered" - SignalRService = "Enforce: Registered" - Sql = "Enforce: Registered" - SqlVirtualMachine = "Enforce: Registered" - Storage = "Enforce: Registered" - Synapse = "Enforce: Registered" - Web = "Enforce: Registered" - } } variable "provider_registration_map" { description = "A map of all the registered policies currently exposed by Turbot" type = map(string) - default = { - ApiManagement = "apiManagementRegistered" - Automation = "automationRegistered" - Billing = "billingRegistered" - Compute = "computeRegistered" - ContainerService = "containerServiceRegistered" - CostManagement = "costManagementRegistered" - DBforMySQL = "dbforMySqlRegistered" - DBforPostgreSQL = "dbForPostgreSqlRegistered" - DataFactory = "dataFactoryRegistered" - DataLakeAnalytics = "dataLakeAnalyticsRegistered" - Databricks = "databricksRegistered" - DocumentDB = "documentDbRegistered" - DomainRegistration = "domainRegistrationRegistered" - HDInsight = "hdInsightRegistered" - Insights = "insightsRegistered" - KeyVault = "keyVaultRegistered" - Network = "networkRegistered" - OperationalInsights = "operationalInsightsRegistered" - RecoveryServices = "recoveryServicesRegistered" - Relay = "relayRegistered" - Resources = "resourcesRegistered" - Search = "searchRegistered" - Security = "securityRegistered" - ServiceBus = "serviceBusRegistered" - SignalRService = "signalRServiceRegistered" - Sql = "sqlRegistered" - SqlVirtualMachine = "sqlVirtualMachineRegistered" - Storage = "storageRegistered" - Synapse = "synapseRegistered" - Web = "webRegistered" - } } diff --git a/baselines/gcp/gcp_mods/default.tfvars b/baselines/gcp/gcp_mods/default.tfvars index b2dd0fd39..eef03d05d 100644 --- a/baselines/gcp/gcp_mods/default.tfvars +++ b/baselines/gcp/gcp_mods/default.tfvars @@ -1,16 +1,36 @@ mod_list = [ "gcp", + "gcp-appengine", + "gcp-bigquery", + # "gcp-bigquerydatatransfer", + # "gcp-bigtable", + # "gcp-build", + # "gcp-cisv1", "gcp-cisv2-0", + # "gcp-composer", "gcp-computeengine", + # "gcp-datacatalog", + # "gcp-dataflow", + # "gcp-datapipeline", + "gcp-dataproc", "gcp-dns", + # "gcp-firebase", "gcp-functions", "gcp-iam", "gcp-kms", + # "gcp-kubernetesengine", "gcp-logging", + # "gcp-memorystore", "gcp-monitoring", "gcp-network", + # "gcp-notebooks", + # "gcp-oauth", "gcp-orgpolicy", "gcp-pubsub", + # "gcp-run", + # "gcp-scheduler", + # "gcp-secretmanager", + # "gcp-spanner", "gcp-sql", "gcp-storage" ] diff --git a/baselines/gcp/gcp_mods/variables.tf b/baselines/gcp/gcp_mods/variables.tf index 31ff8b6f6..563aa0c3b 100644 --- a/baselines/gcp/gcp_mods/variables.tf +++ b/baselines/gcp/gcp_mods/variables.tf @@ -1,40 +1,4 @@ variable "mod_list" { type = list(string) description = "The list of GCP Mods to install." - default = [ - "gcp", - "gcp-appengine", - "gcp-bigquery", - "gcp-bigquerydatatransfer", - "gcp-bigtable", - "gcp-build", - "gcp-cisv1", - "gcp-cisv2-0", - "gcp-composer", - "gcp-computeengine", - "gcp-datacatalog", - "gcp-dataflow", - "gcp-datapipeline", - "gcp-dataproc", - "gcp-dns", - "gcp-firebase", - "gcp-functions", - "gcp-iam", - "gcp-kms", - "gcp-kubernetesengine", - "gcp-logging", - "gcp-memorystore", - "gcp-monitoring", - "gcp-network", - "gcp-notebooks", - "gcp-oauth", - "gcp-orgpolicy", - "gcp-pubsub", - "gcp-run", - "gcp-scheduler", - "gcp-secretmanager", - "gcp-spanner", - "gcp-sql", - "gcp-storage" - ] } diff --git a/baselines/gcp/gcp_service_enabled/default.tfvars b/baselines/gcp/gcp_service_enabled/default.tfvars index cd0943f1b..dfaa2f5b0 100644 --- a/baselines/gcp/gcp_service_enabled/default.tfvars +++ b/baselines/gcp/gcp_service_enabled/default.tfvars @@ -1,45 +1,101 @@ # This is list of services that you would like to Enable or Disable, Service names must match the policy_map service_status = { + gcp-appengine = "Enabled" + gcp-bigquery = "Enabled" + # gcp-bigquerydatatransfer = "Enabled" + # gcp-bigtable = "Enabled" + # gcp-build = "Enabled" + # gcp-run = "Enabled" + # gcp-composer = "Enabled" gcp-computeengine = "Enabled" - gcp-dns = "Enabled" - gcp-functions = "Enabled" - gcp-iam = "Enabled" - gcp-kms = "Enabled" - gcp-logging = "Enabled" - gcp-monitoring = "Enabled" - gcp-network = "Enabled" - gcp-pubsub = "Enabled" - gcp-sql = "Enabled" - gcp-storage = "Enabled" + # gcp-datacatalog = "Enabled" + # gcp-datapipeline = "Enabled" + # gcp-dataflow = "Enabled" + gcp-dataproc = "Enabled" + gcp-dns = "Enabled" + # gcp-firebase = "Enabled" + gcp-functions = "Enabled" + gcp-iam = "Enabled" + gcp-kms = "Enabled" + # gcp-kubernetesengine = "Enabled" + gcp-logging = "Enabled" + # gcp-memorystore = "Enabled" + gcp-monitoring = "Enabled" + gcp-network = "Enabled" + # gcp-notebooks = "Enabled" + gcp-pubsub = "Enabled" + # gcp-scheduler = "Enabled" + # gcp-secretmanager = "Enabled" + # gcp-spanner = "Enabled" + gcp-sql = "Enabled" + gcp-storage = "Enabled" } # This is a map of Turbot policy types to service names. It is advised not to modify the below list. enabled_policy_map = { + + gcp-appengine = "appEngineEnabled" + gcp-bigquery = "bigQueryEnabled" + # gcp-bigquerydatatransfer = "bigQueryDataTransferEnabled" + # gcp-bigtable = "bigtableEnabled" + # gcp-build = "buildServiceEnabled" + # gcp-run = "runEnabled" + # gcp-composer = "composerEnabled" gcp-computeengine = "computeEngineEnabled" - gcp-dns = "dnsEnabled" - gcp-functions = "functionsEnabled" - gcp-iam = "iamEnabled" - gcp-kms = "kmsEnabled" - gcp-logging = "loggingEnabled" - gcp-monitoring = "monitoringEnabled" - gcp-network = "networkServiceEnabled" - gcp-pubsub = "pubsubEnabled" - gcp-sql = "sqlEnabled" - gcp-storage = "storageEnabled" + # gcp-datacatalog = "dataCatalogEnabled" + # gcp-datapipeline = "datapipelineEnabled" + # gcp-dataflow = "dataflowEnabled" + gcp-dataproc = "dataprocEnabled" + gcp-dns = "dnsEnabled" + # gcp-firebase = "firebaseEnabled" + gcp-functions = "functionsEnabled" + gcp-iam = "iamEnabled" + gcp-kms = "kmsEnabled" + # gcp-kubernetesengine = "kubernetesEngineEnabled" + gcp-logging = "loggingEnabled" + # gcp-memorystore = "memorystoreEnabled" + gcp-monitoring = "monitoringEnabled" + gcp-network = "networkServiceEnabled" + # gcp-notebooks = "notebooksEnabled" + gcp-pubsub = "pubsubEnabled" + # gcp-scheduler = "schedulerEnabled" + # gcp-secretmanager = "secretManagerEnabled" + # gcp-spanner = "spannerEnabled" + gcp-sql = "sqlEnabled" + gcp-storage = "storageEnabled" } # This is a map of service API enabled policy types to service names. It is advised not to modify the below list. api_policy_map = { + + gcp-appengine = "appEngineApiEnabled" + gcp-bigquery = "bigQueryApiEnabled" + # gcp-bigquerydatatransfer = "bigQueryDataTransferApiEnabled" + # gcp-bigtable = "bigtableApiEnabled" + # gcp-build = "buildServiceApiEnabled" + # gcp-run = "runApiEnabled" + # gcp-composer = "composerApiEnabled" gcp-computeengine = "computeEngineApiEnabled" - gcp-dns = "dnsApiEnabled" - gcp-functions = "functionsApiEnabled" - gcp-iam = "iamApiEnabled" - gcp-kms = "kmsApiEnabled" - gcp-logging = "loggingApiEnabled" - gcp-monitoring = "monitoringApiEnabled" - gcp-network = "networkServiceApiEnabled" - gcp-pubsub = "pubsubApiEnabled" - gcp-sql = "sqlApiEnabled" - gcp-storage = "storageApiEnabled" + # gcp-datacatalog = "dataCatalogApiEnabled" + # gcp-datapipeline = "datapipelineApiEnabled" + # gcp-dataflow = "dataflowApiEnabled" + gcp-dataproc = "dataprocApiEnabled" + gcp-dns = "dnsApiEnabled" + # gcp-firebase = "firebaseApiEnabled" + gcp-functions = "functionsApiEnabled" + gcp-iam = "iamApiEnabled" + gcp-kms = "kmsApiEnabled" + # gcp-kubernetesengine = "kubernetesEngineApiEnabled" + gcp-logging = "loggingApiEnabled" + # gcp-memorystore = "memorystoreApiEnabled" + gcp-monitoring = "monitoringApiEnabled" + gcp-network = "networkServiceApiEnabled" + # gcp-notebooks = "notebooksApiEnabled" + gcp-pubsub = "pubsubApiEnabled" + # gcp-scheduler = "schedulerApiEnabled" + # gcp-secretmanager = "secretManagerApiEnabled" + # gcp-spanner = "spannerApiEnabled" + gcp-sql = "sqlApiEnabled" + gcp-storage = "storageApiEnabled" } diff --git a/baselines/gcp/gcp_service_enabled/variables.tf b/baselines/gcp/gcp_service_enabled/variables.tf index 9d1012fb3..5c6573c76 100644 --- a/baselines/gcp/gcp_service_enabled/variables.tf +++ b/baselines/gcp/gcp_service_enabled/variables.tf @@ -1,111 +1,16 @@ variable "service_status" { description = "Enter the list of services that you would like to Enable or Disable, Service names must match the policy_map:" type = map(any) - default = { - gcp-appengine = "Enabled" - gcp-bigquery = "Enabled" - gcp-bigquerydatatransfer = "Enabled" - gcp-bigtable = "Enabled" - gcp-build = "Enabled" - gcp-run = "Enabled" - gcp-composer = "Enabled" - gcp-computeengine = "Enabled" - gcp-datacatalog = "Enabled" - gcp-datapipeline = "Enabled" - gcp-dataflow = "Enabled" - gcp-dataproc = "Enabled" - gcp-dns = "Enabled" - gcp-firebase = "Enabled" - gcp-functions = "Enabled" - gcp-iam = "Enabled" - gcp-kms = "Enabled" - gcp-kubernetesengine = "Enabled" - gcp-logging = "Enabled" - gcp-memorystore = "Enabled" - gcp-monitoring = "Enabled" - gcp-network = "Enabled" - gcp-notebooks = "Enabled" - gcp-pubsub = "Enabled" - gcp-scheduler = "Enabled" - gcp-secretmanager = "Enabled" - gcp-spanner = "Enabled" - gcp-sql = "Enabled" - gcp-storage = "Enabled" - } } variable "enabled_policy_map" { description = "This is a map of Turbot policy types to service names. You probably should not modify this." type = map(any) - default = { - gcp-appengine = "appEngineEnabled" - gcp-bigquery = "bigQueryEnabled" - gcp-bigquerydatatransfer = "bigQueryDataTransferEnabled" - gcp-bigtable = "bigtableEnabled" - gcp-build = "buildServiceEnabled" - gcp-run = "runEnabled" - gcp-composer = "composerEnabled" - gcp-computeengine = "computeEngineEnabled" - gcp-datacatalog = "dataCatalogEnabled" - gcp-datapipeline = "datapipelineEnabled" - gcp-dataflow = "dataflowEnabled" - gcp-dataproc = "dataprocEnabled" - gcp-dns = "dnsEnabled" - gcp-firebase = "firebaseEnabled" - gcp-functions = "functionsEnabled" - gcp-iam = "iamEnabled" - gcp-kms = "kmsEnabled" - gcp-kubernetesengine = "kubernetesEngineEnabled" - gcp-logging = "loggingEnabled" - gcp-memorystore = "memorystoreEnabled" - gcp-monitoring = "monitoringEnabled" - gcp-network = "networkServiceEnabled" - gcp-notebooks = "notebooksEnabled" - gcp-pubsub = "pubsubEnabled" - gcp-scheduler = "schedulerEnabled" - gcp-secretmanager = "secretManagerEnabled" - gcp-spanner = "spannerEnabled" - gcp-sql = "sqlEnabled" - gcp-storage = "storageEnabled" - ##gcp-orgpolicy = "" ## Note: OrgPolicy does not have an Enabled - } } variable "api_policy_map" { description = "This is a map of service API enabled policy types to service names. It is advised not to modify the below list." type = map(any) - default = { - gcp-appengine = "appEngineApiEnabled" - gcp-bigquery = "bigQueryApiEnabled" - gcp-bigquerydatatransfer = "bigQueryDataTransferApiEnabled" - gcp-bigtable = "bigtableApiEnabled" - gcp-build = "buildServiceApiEnabled" - gcp-run = "runApiEnabled" - gcp-composer = "composerApiEnabled" - gcp-computeengine = "computeEngineApiEnabled" - gcp-datacatalog = "dataCatalogApiEnabled" - gcp-datapipeline = "datapipelineApiEnabled" - gcp-dataflow = "dataflowApiEnabled" - gcp-dataproc = "dataprocApiEnabled" - gcp-dns = "dnsApiEnabled" - gcp-firebase = "firebaseApiEnabled" - gcp-functions = "functionsApiEnabled" - gcp-iam = "iamApiEnabled" - gcp-kms = "kmsApiEnabled" - gcp-kubernetesengine = "kubernetesEngineApiEnabled" - gcp-logging = "loggingApiEnabled" - gcp-memorystore = "memorystoreApiEnabled" - gcp-monitoring = "monitoringApiEnabled" - gcp-network = "networkServiceApiEnabled" - gcp-notebooks = "notebooksApiEnabled" - gcp-pubsub = "pubsubApiEnabled" - gcp-scheduler = "schedulerApiEnabled" - gcp-secretmanager = "secretManagerApiEnabled" - gcp-spanner = "spannerApiEnabled" - gcp-sql = "sqlApiEnabled" - gcp-storage = "storageApiEnabled" - ##gcp-orgpolicy = "" ## Note: OrgPolicy does not have an API Enabled - } } diff --git a/baselines/getting_started/azure/azure_check_tagging/README.md b/baselines/getting_started/azure/azure_check_tagging/README.md deleted file mode 100644 index 7a7d69d65..000000000 --- a/baselines/getting_started/azure/azure_check_tagging/README.md +++ /dev/null @@ -1,139 +0,0 @@ -# Baseline - Azure Check Tagging - -This baseline will allow you to check for adherence to the tagging templates, make sure that the Tag Templates are updated with the specific use case to validate. - -More info - -- [Tags in Turbot](https://turbot.com/v5/docs/concepts/guardrails/tagging) - -## Overview - -Baseline policies are initial set of policies recommended to start with while using Turbot. These policies mostly focuses on enabling services, frequently used policies to run in check mode & enabling security features such as various encryption standards. Baseline TF scripts allows you to toggle the value to apply or ignore. See the below sections for more information. - -Some of these policies overlap with other set of baselines. Hence Turbot provided set of baseline TF files are executed in separate [Smart Folder](https://turbot.com/v5/docs/getting-started/smart_folder). The advantage of setting up of each baseline in their own Smart Folder prevents conflicting with the policy settings created by other baseline scripts. - -This baseline will not attach to a resource by default. This needs to be done manually using the Turbot UI. - -## Requirements - -- Terraform v0.13 or greater installed -- Valid Turbot configuration credentials - -For further information on configuring Turbot credentials can be found [here](https://turbot.com/v5/docs/reference/cli/installation#setup-your-turbot-credentials). - -## Applying baseline - -The baseline is defined by a set of files which together define the configuration of the baseline. - -### Initialize baseline - -If not previously run, Initialize Terraform to get all necessary providers for the baseline. - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform init - ``` -### Profile name as input - -The baseline example set requires you to provide `turbot_profile` name as input. This is to help in case you are having more profiles than only `default`. In case it's default, specify name as default. - -```shell -var.turbot_profile - Enter profile matching your turbot cli credentials. - Enter a value: -``` - -### Deploying demo example - -1. Navigate to the folder of the baseline -2. Initialize Terraform -3. Apply the baseline using the demo input variable file [demo.tfvars](demo.tfvars) - -On the terminal this will look like: - -```shell -cd -terraform init -terraform apply --var-file demo.tfvars -``` -**Note** -- Most of the variables in demo.tfvars are marked as `false`, as they are not part of required initial policies. This can be made `true` based on need. - -- Some of the baseline scripts may not have the `demo.tfvars`, you may execute only with default varialble file. - -### Input variable files - -Input variable files allow for the user to configure configuration definitions for multiple environments in different files. - -This baseline comes with an example input variable file called [demo.tfvars](demo.tfvars). - -It will be used to define which parts of the baseline to apply and which to ignore. - -The variables that can be overwritten by the input variable files i.e. [demo.tfvars](demo.tfvars) are defined in the [variables.tf](variables.tf) file. - -Further details found in official [Terraform documentation](https://www.terraform.io/docs/language/values/variables.html). - -### Apply baseline using input variable files - -If seeking to apply the baseline using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform apply --var-file=demo.tfvars - ``` -### Apply baseline without input variable file - -The baseline can be applied without an input variable file. - -1. By this time Terraform initialization is done as mentioned above. -3. Prefer to check the outcome by running the Terraform plan -3. Apply the Terraform -4. Run the command: - -```shell -cd -terraform plan -terraform apply -``` - -`This may prompt the user applying the baseline to enter values for variables that do not have default values.` - -### Destroy baseline without input variable file - -If seeking to apply the baseline without using an input variable file. - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform destroy - ``` - -### Destroy using input variable files - -If seeking to destoy the baseline configuration using an input variable file such as [demo.tfvars](demo.tfvars). - -1. Navigate to the folder containing the baseline configuration. -2. Run the command: - - ```shell - terraform destroy --var-file=demo.tfvars - ``` - -## Commenting strategy - -All Turbot policies used by the baselines will have a link to the official Turbot Mods documentation. - -Opening the links will give you further details about: - -- The purpose of the policy -- Policy URI name -- Parent information -- Category information -- Target information -- All valid values - diff --git a/baselines/guardrails/turbot_profiles/variables.tf b/baselines/guardrails/turbot_profiles/variables.tf index 79c2fff72..a8c29e786 100644 --- a/baselines/guardrails/turbot_profiles/variables.tf +++ b/baselines/guardrails/turbot_profiles/variables.tf @@ -1,4 +1,4 @@ variable "user_profile" { - description = "Map of the list of turbot.com profileIds. Update in terraform.tfvars" + description = "Map of the list of turbot.com profileIds. Update in default.tfvars" type = map(any) }

c|_}#Wyc(GJB7Rh4wtjJAhY82z2kM@MAsS z|8|dmIbKgcSZws{ccC^w!h!s-pRzFfbKa{S zQO^wuI&T`q>nwfVU^WF9u%JE@Ll^3+WN=tFehv%NexTN*tuX|zI4>2Pbbnt`D*nOV zQotO8o$LvnyJ~$eWVvRHJJkVz*KOR#bkcgS(kc6+bA0ii zzIR|}{fMT8b9+_Ao!`u*>a;73QhP1-RIl^cGD>~)(SGHwe7ER5P34|rQOtA^`P(wB zLje~;0I8#4DoQ*~jcY$EFJ~oyfB)M%?vh~DOGP%CQfSsAu zG-{BZb`B`<9@uDm#0>$y5GGrV-3&84OIvZ?Wc7C0xv$=#dE!Y^o0YBDd(Z-cQA?=I zbb%J?ic~VU)d>up{R&a~XJCFFi5C~(%UwmbvfH4uJ*>Z;Xs*b@pP%_h8mOgJ#sop} z)j!nu>!p1lldM_z5C&ut8hC(XN~eiK4kD3V!eAGRf6y*T^0@8DG-}4j6^T%-M(NlX z`8>CGo}}@K51DydF05HHC%F+4B@5h~&QjxUpD>Bp`y67Tj3^2-&y+C})M<}l2KAQi z72;Lc_>|b8oVvw1vUPHknQTf2&unJ$5hjV5JSIc7ZK(3IlO+(=*o?2XHexG~fJ6V8 znx@eKu4qdjpidV)PI@jii<_^>LP7#Jy02OMbvlOgfsc()wz01sMF|`C+HOh}11(kF zr8m9xXdhYmVTJbO>S?Ka+5!@{p-iq(W8DAoI&Sr?T0=Gq(AiEuY^Sp`i`YD=LtVz| zNOcmKb|)DP;0S{2mb7cVmAV5{eEc@g!nMdpYM^Zz{iG~atPBM04^5GGM;&`wOl|52 z_2eJ@V-v;8cM;fUUTw%p4Mh;yB8>VvDO4lMs3 zHk7X$Mp1T|`k>nvBJ!rWY)>Rgk3)T0MIQ*18f}3^ym$BJ%2+^^Sid}Bs8VJ3fy&UH z8_a+1T!p%sLRJ;1^_d;#*l63jdw`h+xPu!|7Xbd`K;CRTNxM3f=9wYaAlXIWW9yO2 z*IN2IZWGnXgES(y{91!qc!g+<&vJ&}XHdSNm;Pz$eSw@F!q8HKYe2406U)0qm?)K( z_LbiS3MV)}olK8v8h9Yy@m&AR@cy)LH`Xb5O9h^PD{8)%_6L#X1;n+h$Qm@xbgHtq zOQFjfP91;!?B}{M)tOcz6)TZEm^A`b(2bzXo zwB+xd|Kzhs#p0{xQgp5IL4oqp9_9^SV-T0AhWv?AQ0u_Kz(|)`WAKHLGV}|Dnj*!kfZ4zF>CWy#2I_a zx(!0>w<>-`83RE8gMKm!fTq~D`eLT){B6;EWBZ2=og1!`I1o}i#8g0)97*h^SGV^m z_@$`ql&^}~fF;{7i&Ta~wqw|>8(u>fl1zg^_N|!F6ZM9RC5yFmiiX@BVka@{lKiV< zDYi?Dq?;xttf`lxZ)tDE z5jRG&9PlVsmWYjIX%oph`XAX_I7DI~va-4Iw~l|cl9ET|Rg3d`$>^J6;p}^ekU+P- zTU%26>pJ)2U=KP}Ba-d99|T zQQ^yqc%IX{=6~v9_#SQTIuFb@l+ji#;)Qr|ph0O*kKA19fkT67{EzQ6s4NO~WGe=qd?8y9@{%nhfzh=;EP!Z6<-^H+Rp0xj5 z8vmON?JN!L*R-Oct{;O%aH3M*?(lwv7wWT`kO<8xCQhp%{fnG!5zAA8pV*B!3&Ast z)}=7x9X*1}q0H{*BLdAaz@?S@v1u?|T{&?~v07KsleGRU93!DeRHj}>%&*R`S+Ret z|7Dh`d87Y59S=)7J0O3{N`mq^V}U6meGwrpuURE-LSH=hW`s9DWrI^hw5-Ea2ohn6 zdRmPes!|P$$$Zbc;nr#v(Qvn@$9o9R$z)BAN$WiNc~m0-T*}kr@vFXtNebwd;34E# zZQp~^!am?-^~p8-eT|z)16VW9Vf8T{u);Qs1cn{M_CiO(3(Y$-Tsz?2pL6k;?Hp~l zZ}p~V(4tMSJe+ZH1%GQNP-qKnO}E14=47gZV>+YiPbM?<3jIKicA)*X6uEM6TWz6z ztsCsTxN6qyHlGYZ8(93eNM&z4vWx%|nB5A>F3wl2x`Cmz5jR&XMdL5_&`=FcQI(vI zB*rGr2qluGz8fnf=0+@cau};3klo3)8~1^`^N#cK4PtWKj&G0qv|`#TD? zGpN_M7rNkXTo@+{*;JJaY@~u;)#ilxUBcxGeJi50O|q23dIWI;lJ!A;s(B&(`EQJQ3c#* zy%ciWed3Ugs=PQLl2r?KNYrFq&1v*y9S?`}$#TxSs2O@=w>5E(ix5`;gJy|K(RCe5 zioR2cHnwul$o*HUrq^Yi!Fe9_v1zRC)Gng6qG~p;p1%V^T=pC&)>xKbl@@$vH&>?B zDK%Sy>w@fZxsC=TYI$J>YJxFYFK8O<7z8*%5PnMImee3etfcu-{}A)o7=Rdb@slCZ zl>hxw_c0?A1ez{4g~doX1QZ@oWtQ?tN@kmr**E^?`uK5gtali1kFU8F&fwS~vC(Ld zU&DknN?lqAjv2wKrk7=p&7D2Xm!SyxzDZ=|51CHR$g02y7qK3i|k@p zw=>*Mx}Bp^%S}(V;CIv$+HBTXUDR}zv-rX7N8d1rcjC`*;x~z?T&10nRbZ9%wqvYB znKsy=JNg9$P{>T|d|1xd8$-aAQ=VKM?5f`E&3jMSzZzF(Zs`vV3MR`3Cn+n{lGKtE zJwWnCmYp4Xah6RqkH2!z21mvPTMg25kE3(!=FiA{0Hc6&u3q10+-~u6EH^ek0V|Wx zl+bhZ%ihsz>dWteYxc|CH3cxL?6nRtla&GHqLJ8I_KDO#R~jx&!AUR%e}HTCCbF^^ zB<-V+kTY66r(F(=hrTymrmD=mqOs;r=$VbbEx!-Z+<-*bOrX*^X_VdH)#8KGhov-_ zNjW7q$OZ+GirP4;BOKRlxCw#4xd{o9+@KwEx6(@DLM(^zY&rzEm#5RZGVMx&Ndd?< z*C!Fk^f;cSYI%3=Il4`vGCZ?pk|DR*8f-^$wI(0T;K8oWsFZ@}$PdUsvcSrP(YXhb zx29(+3O#CcuG#SmV)H;}PzexqB%z{jOiL8u)2m#mqP6wQ)%8KwKhTGcygWF-q=ptJ z8={7sWBXUH=HXFBY8t-zD>j=#ktdh?Pr8H{gkke9(!Y{GNG+CDKCceWl9)4jIISSM zfMUWD@spioIR+?rkKTHFcaVA$*Ft+CaTW4jb^Gf1CCGBAQtQ};T#<4#f%lz`aAf_= zahNs2Fhpwbir2fQFzP>2@lTnTu~dx|Hyr6$vLAg3_WgQk4wcaWa_RRXn<-K`#*=}8 zYuzw#csZ$Hr7+LC&2%(?G$$Y_&kNz(CG^Fjz%r!sV5ou0fXVB^&LRJT%OmCQ?CkvT0R8!6kQnhR|C}Gh=>es+Sx>;K!O`XL zz&Pa6w(dTz`fgQJ7CGt|o>+A%DeQNXlu2cUhMG7k+`KcQ3V~W`a12cf_s!gJS$NOm z8hIO#%x5f66stGV_z`txLJ-yF8&XRi$fnE+qNBo!1~4HbX6*9x(zx!ygdVpyYIxVB z;q{Lpy`gV_2sKZ~O(l}i{A@hz!Hd=+Mysbu*R;}Z=nhRWMVu(E<%_@OM+|@z*}=KJL0f?Id8<=fP$&rDzi>VnAxc?Oh@i~!hQD!8IL)?n&vya zVukH>o8PrDLhO7>fZ6BH&}-UAD8Do#PC#fkV9RwO&M*ZoLcTz)?rCEBk%)42fCWL} zOA9}DCahiw(nO;JY${pk1@My@m_vlVQ_Yo&MlIB+LKgKA*Xdrs9byeW|GU0Cl7-Lk zCv9sP%t@jGhgnFngP0RHLsza4+jzE?4Vx-OMwL;X=8CQk%$hoWUfL5`-cBKnFU_p8 z=NRgCS~c>1+13IIxJ*ck=ZV4X_sR4}gK-Sz(Bw+dnQYceoV!V?o|zS&lBsmNx;HwJ z`cW*e*rUjy%r}6vnS6V#?Z&k#cQ6hda+tN}uXU_Dh&`{zohZYD_X)!GKJy#>zh}!Q zhbjiT7%mNqA$Y!p!i z^+dpMN}Lf_gM?7^DDJ3=g%U;`LPo)zOM)|RkdSlIay>^|{B!*EtIvgf3DR7`9c&jN z3o}vwc%C=c*XOUda!UFi)UV#_{4=8N+nmnl4L>1>zd%7$aY8FqpjE}E&8O!dGW)BQ zkl4IJv|xW>L%JT5L-?9O}(^ zji?7GAlD;A2ayGF)*WZBK@nZW8F9m>o{6mZ4F|98UIRq!ws0BrHE!7&Mf2BFNORuu z43@$;o~JCAv-ah7{%(jiR`7u_z`8d}(8%`9A&64~ z-=!u~WPEF6n`Mg5=MMFua)I3BI92?WnQa9YTor+G{mSp2wuTBoZkgWa7C@BP2?s?) zRNz`5*WhTZU|Lj6NWX;0** z$}aVZ%F?NR@V>~xG%#p-xsoyKRJA%F(AKBiEiG>S%TXxED4r-8>6(@|0bT3o zGMq~_p$Sq@bF$LlYwXOt*vJ{xS$Ws<>Q18>$|eU%hi%SD)xq#iakRvlR!aa=r0O0s zPm1^okt9AING1@1y&Qz^VM$F*Jb4L@xbxNgH#R}Q@bl(%hui7-PqWrSq##kH=W zCaAULX>n*8{L0&@p{H%}+Q#0_6$*^@1tXP2PGhNB!q^S2F(mpoplxmfah6<+9x}zK z)P2eK1H^1se4t0~K?dp3zz)?1xZ9;|ZIn_?D%i*rcYBDb>$zc0qtoH{u$~*>S=5pe z=}5HCA+xGOlVhT<2K~1wg#CqY$F!#QSNCdL4jWre@*|3Jz&rl0TG_tT3ZSug*`W3$ zIKUsaxpc%n*A972aLnI!zw+KNTY^6r?GKvvaFtSNw^~~&yH6kL4@ekMfC-t-3~R~Vl#u&cGa~#=OKGPeqJ=EaTMVKvDEu9Ta!KmdFg24q_ow`! zI=SnQbmV1No=F+?Aks4?^cT4ZN8v+O#7s~qZwFPRgQ@+%5Osm`JSxf~YX{lsuqwaw zi_2F`%&O4qci3Z(^ORScJZ#;fafTY4Yo4fTwN*vTmuX9p7`dJ%X-R@$wb=Mk(7Ncr zO<)2@G)!heP!Aa)x{d~eaG^trajg&6A`-EvWTtw9+**kM2j7qZgp)8flHk#<6r&(C z@5huz%M@G+Ft;B$)ZO>Rfo-n(rmB{$Y&4Y|nUc+y1BGd;>&woacty;^mDags$s|)% zTh;p4$K(O{^3*S$2dyHm(AvW$8=kkrk#ct6Z)u2L;YLtk!ct%0+#$-T^;kySI%c-= zbozVHOs0V|+>n*W5Shpq)Ze>o6Fc_S){*C7HU2`;+lxaoOIB!BL;Hk_VnE;PfN4*G zDtk0I4^=MI~(dQQ%&x+DQ7S7Mf5LgcVbDH4HfE zrI{(C)z_w*W)z*6z%%P`+>Rg|ut{p2V!q~*5nVSPG=;>uV!qZE&{s{*eAwF6CPrO^ zGp6WBbYVBjB8)44R9vZJtB&H@#`#L0=O;fgs5?|g)VRSPI#*9?#_PWoBe`gea{E%x zb(OG>8lz9C#ZyeX;22f0p?&q5Z#;EUCE-%3R60L5;1~oFl@{}`|9pq|0;~-Z(*FUk zjFmPZurCHX6~`sh)LK`=StIUdj;AG>Cgmd9%xhI_T6p2h?kx70>-#M0k=awPw!^1W z@D7Sq+S6KtWncpIO7R{OV@{n^wfSBHWBtzz{;gVxSNYwbBf)zYZrcw)itAg$|v4}@QMcc5h40UGu@ADyC_yY zBQt2N)!s}tkFl;Eh)1S1j6by_(>oD5)3N6yPz(ZzitLUdi+Ge#6b40QEwb)KcP{oq z;EW`J^^LcQacI|-;Dwtep-F|A!C^;n+F_hzCK4l;@*Mb9w9VqeBb5jp(8%CHRTL)@ z-e6Y5cc8Hky$B=Y1%s-a;*ovPtTJs~gz+E;q*2t)5=+)N>xOx<#U>xF{QI-nthu^Jv8n>be<*g#77%J>eIF*nvFycx8q#(w;(dOrrcsICP22qrq>4D9R6HP@6F zx`ABo7VYw^z4U&xH%Bt@&c&)V5!GCCf zjj9?~ppxBR^UlmTaN+TEzaV$TUBks8{DIj7JF=hygPNm`@xgFt<)&;dbI54yg~^~U zpwpqT@65DpzX*b-Pz|8WUl6G7>uNxUpgtj5oRDqHC1UAO?V;Iu+S1Xd>j#!2tBSbY z4Ke}tQtERvB$84!M4w4!qi2sdW`-@E@k4p`s8-!k$4EfePdKdQpj&eGW4#Pt92 z-TxD~lx~Wk{UQTOfGzp-0v)z7HjrZ@0#a3TEpizyS;+8213_#<4NxkD8++3dWb4pI zCGP;dX8b3{w?M7K9{uI8^Fr;WO^^Ac-`&HARg ziZF~g#WEa6@F5AK1$Qnuu_?oA`6WlqP)`Q6HKYf_M+`oZr*nR9wXQg4@o2#id(L`i z{KHt+d&Cq$W0PC;``~i&kq#$Jydp|Yk)ji07ga-(C~}JiKEMm=Ivrjyr$te-v%=CH zW0Mccq(cyzT`0M(gXVvDI_gY|)|bm)-DJ%P8zD^l6JnX_u=p9Zn58`WGsO`|BbpY2 z-BifS@Wzb$9i#2KGrV-sj2u)~T2iD?h0cp}IX^;F0S~n=*`@hx%86`DnPKyw=CPB` zGY2ErlLL9XhJ6(s<4VaS4R$j)Zp_3+J;`tnm9ES3$kVjAJ$m&}1;{$UJy6?2R;X$> zyDoy2&N=zl`#MboG@X=E`Aj?m##0XQGGiGy1+(19=FMh^@wt?IVZ+AtU^#fZpA4gK zwv!W(5X5Nbr_Ex2T8d{-%8q$h3OIO?|8*3jfuUxl&8@i^ZuqU*Dee+f$WY)H^DyPi z2bCq5KQbwzcQUBRDKbeOSjE~cP;!Z;S#XEqx~LOS@Nt?P9Zc-|C$E9_px!Fe^0oQePw(*6|L^sGs1WSGS|x>k$)bb5-~Ya= zu>8lnithj8iSlxjrLe_vG28>1SSSMmOF#r7084`-6q-O<+K6nBwBm>>43CBPkB!~} z>t((IppjjQ2%)xKZ?F5g-?;RizjPU_gtPa4v3(@GmfL6bk@=@&CWHIXm0vJG(kK*gO3v-G7PZtUb=S z>viRI-kIf0j2Mb&WRlvZmUdhiS$J!=9!-j_CRB;;xTZ2(#nZLh%9*X)asuz=8J_AY z&G#Fy~dpyRXf<9pW6Sb=&yCw^UX$szw&JtaNi+*WGQ28qJnc1wPR$b zQhH_8_4&C~JD858g&UOJA7z(l+{qR$(l!x?JiLuuO7}`-w@HzU^yQc+ZBO}VIxMU@ zyLBNX*dGi>YJ3YsUwvaRX3ap<%of8=a}7%k?zu2?coz3g{%Pnd=POM2F!arn?FWJ* zD2Yr^O8)8MTj;Rknf4QA$?m~1HOg;uzrfks2ii_m7y4&&0dVeWm*cID8PXS|d4UP5 z(nLXT`9O`O~U{`MNmQ{NR5jHp@O&9r#HmPqwkD8c!7?m7f#6 z*E4t0bDL)LO<3F?Ded$PmTuP-$9h4I%u@l5VEKWL>U(cI*`X(zet3EMW^i5oG#PvK z(Kc{qItQz3q;78&t@2yyYp7;I|I*i_FR66;rpB_=`ktX5Po%abpm`C)2E4dhC{0(b z!vNz=D&0Trv@AgX92UwgGFS0L4&}k@pY|d&NX%~iOB}S9RyUT{kA_#X8`c)z$cVed%LTTRcFv>MgLbKGk&+EW%t?-@3A zuINIg8E4QO44iw9&dd>09@R=en&&!9g04<(~qN z1CQiLBS*J#@f_9D+LR@^q3J=chStBN;|1DYUD?5$#)bdjH>DSobdvejV9tSctD}{7 zOIh#OxHENL+>AlSe8bfvF9h-nkw&GPKDd(-yVD8_v&JYw$UpV3Jg!-KTDs>+IrOZ! z^32V666&V+-bv2GH?z;PHo_9CI%aQ6Gb!s@g6)j%DZgNE0ZR>x0shUo z=zov<$O4jbz@FV;;6ZL|{#0Xn(o*;D^EfEk0o8xTI#wO~U%f5)Pq<;umX?+hoCSzZ zD^|mr#zso6gJg3S$BXpa(qEf%i(_p{ONhs?3_+V>liof6rJOkYE3Qq!v8-N$NMw0?mYX)Cpb^n4ym_MG*wYntqlTH5MtY zCBv667JP(gB3SaLl2OA#G=+m|rl36vlQf@JM|E2G@gzn02PY~6GZj?xl*Ni`%xMpB z>y+p{{R1H}E8ZWI)#rME==3}R>yN)Po8oW|pzhy~%jW=6ii;?)_H~Cbml(5VJS1OV z+ijfe5CCL9cNO=HBqvDYejv7)V#h(%X4n6DzksV><(M0}2Qe8L4rGD52!l{<-K~Bp zez@(5o6XpjOzMj>ie#MZVp_brB}(St&D+QYXx#&coC++k0~CJ-vFC^WS}$buoA2xA*6p|mIHlmjX|!ZLt7#(y-GV)WvM4FYIY$_ywq*1N z-NJF_axC64<~sE^ZH7GQbkLYeK7BDUlL{A(aM~NDJ@Hy7gO>Z5K#%XCQ;9n3gX9t{ zh;F9_k|9n$QrIhk;;IPUc*?M zB9ui_2EHPwJ)oeD-ym5==9hY+?aj`@FH$%?t-+6W60K((*_Vxxn+zymlfe9@F-iu~ zf$b5S;NsIPj+%9OcZP8e-pJP;IRlXu2f4x_w4lf%tpB5-yac9BKmid|Sf6sX5+uid zI5S$5G`T)CQKNlo(MQgXJ{K@OCoTbG69gCUjdWcwXMrQhL=8y_13fZBW1%+LlQ(2p92jUop4i2xlN#JZ_@1`a_`X^l@FH$c4{clWM=!j zD0_Bc(oMr#FqjR9UM+!B)LV)bPc`eQZ)lyU#uc6>Z8Ix9nm^OXWmXLOilC+08JL%M z`k#U0EwgCr#dnnOq8BIYXH+1Ubo-2hk`0oS-)5 z5MlpOa+$Us@VAjLsM&6|uDXRrnR1qY;VEG~l4BQkRGnY>llLhanobd3cy|b##3Ie| za;^-(_Eg4U9*N6hDwVR%^`O9duNEXB+EHcIazm?Ah%(jha}wBGAc-loRM#U!UU{R3 zlM_gWtEoA%9+p3bM^OAt%ePqZY}q%yP_a2w>QXj_dX8@adE^G1=-I=zllew|O`3Fv_ehO$4EG@)7X5%9TV!L@0iZR=mbe8g3#Z-o z&(o#{=FqXIe$UgcPDWsuwBr7N?g{0NlFJ^a6Uf)PtU>YIASFysEkIR}PGuZUD)FM{MLwcS# z)tY*BK`(Wr`e`Yr%O@wlYt&Pg&SMZI2XL*YNCvJLW&x8`>c`Nh;`zZVvf}3i*T}&W z=jLuXA{PvX%YQB|T53%%m_4P3wVkn}9H3Ir@aKtLyzDmjWO{mqLOZZ| zB$DG+9`E@rVLE0C!w{!vyN0Jd5n5t6JcwoElcs7xT8tu1TVqCh2>yp-du4k%g0OAC zgtw&8@3W>?{T*-Jt&Cl)n4purp`#fTioU9>{|By#LX3J_m}EdQOHu?8Y%VG)lpGXZ@bEYkmM1aUka4To0 zx1`J#Q?c_xs6NAX8u{^9ecS$LQ(l26tgSpR@n4If#WMac0O2<)TUI~YQ<3Ydy-k&% z_XAFrI+O-R->BA&>zOgM48;a|tQ%uq>qT}#UDAu%1(R2y*IJmzFsV9UcTa!>WQoS6 za>OEC-N}VIXnl*qU@l?!6O0XAlfSlzLL!&ldA#On4%L)j^?MWpf_hkB$DSY?+vQA6 zg)Nwr9<*bMbX8}{HLsWAkV753Cx~t&dADjyNckj+<&G@Zf@pkR3D`He@F_$lWR7B` zfq(Zy^DYI9?PX4=y-?!z0s8f=dUV^%iq4mlYN3X7^D?|_%=Zt}{wJ$kY2QzqCsYWP z7orPTRvP0KM#6Z{eI7K{I4qZ~-bgMZ{U6i!BxCs%CV+M$G;|3CzU=cSm*BWtZAcT1 zE|3CTH|=sm?0{HPV$*ww%+%Ub5-296?g*}420if@idAdZy*RG|9=SZ~2A2vp&*F|I zP-~&e>_oA3VnC2rev-@Z-)oSHk8W3CgDPh zaI-4?P5N_x7kI`bj+?^ExtYm5d>%!@TFe--Ir<89T0>BgHnp__4)lIw+V@6Ze5cB? zUb0u>F6m!CfOgq7XK}MLhz3DrkoGpb|5cnq8XZTeXap z;*oxR_22*F8Gf`q0%nI01mr~Gf33SSb+EUv{{OU;9O~)X60CUTxE$3tOdKW_(43h_ z5E&j=>8B^|%OPm0Txca`59XWe-kRH5a;)Pf%3V$Wot~6Eut>wm*Qpe~r0Rl@FfKAn zDnQ9N%J-rP;_w?4gNKlbhN4+VS}(zVAVp>bdr*+B{`wBEu&8l8SaiVbauIMj%KEyW&?Vol?eqq+<@+aJi~2^;J@~c=kC61Sht~&W zvG>b}bON1H$)=of9%c)c(S}lkazXrt70M1YrkDcv_^`&=U3u}wYWhSR-bkL zWmMS}mwl~x58b9a%nH@vy<)?m8=l|;zfTE~WOms$Os<{Oqo$)~M2fV~;U@ZuRFOcz=k?abt?JzIt@K#!nWNnV!4Zwv6?W zJ(D*dw6zaJGj{N1&`jNUZXWquBcL zfo^F#*;R{h*5da_tu0lqn6yZ_x;lZnLI_{&HHJZ1JuUi($JSc?;b!^Brlqmf2>6^Q zDwv<@fu^QzbVoT~CGFPTMf?Ru*LAUWhMEPZtD7dhSOWsnn1^0Fk5z|nm_oHS)kfvr zo2X2xvpQgj+V(*0{y1JTm})E)uErGcO6w)^2}H&fQL3p_S*#CT5Ycu8_%f_g+hW0W z`^I{s?C@&Lrs2-uoS^_mkF_``1NPPXV$Dj>xPQlTlqSFjep!xQkZ89s|2k?ts%a4o zYm4x{ge72U=?`yXbrUb*O#6YZV-JzmPdya}H_^&1$6x+DM@x@~d6d3VNVB&pSz*H< z%&-N+lIv^%`n<*aH&K!!(6UU3ze%hlc;I$}o%L=7&eMc?_#M0miQgYqes%luUn32l zErl9J1AgUWy62GtA*UU8TMs1@0NKP#N0s-lpQEnzqcjgIYwf zzj&=c2rON&Y2M%mP1{M*7WdiC{*)P>8A**5Ed;C!yd9L`5F#?xK$;Gvzn#x|6FpQ% zw1Bmo7D~>bl*VkGz+UWy4l|T`gK~BSgup~uNfJQk~PT> z{5iYq5XBc0oqYk+r$EVd$RJBn5ZgzonjB&@mK=8j4L?$HA-gXkL*N)qdh?@{e3^_vQi<@elO8}4Re{u z)s#D|jRVvjO>#uX=*zOqy9n^+@=Tp7J6eEvXNSVwBSv5RFNwb-6s?VLjU)((X3fhV zG5Zi`b5WV3kf4wPNXdl07>jvKZY~myyc2m;FSYmDCl(7fLF>(VmLfA~Wo@A4$g=gh z6-O0$g=QU|>eXqZGT)Ifya z*}?Tzsmyjfuk-C;syAan#Sf-@!Oou_}q$pRHBNt3Rv`( z$t%}82dsvNj;;`%`TccJoxsuPw7ztI<;W$q@x!)>L!4@ebN~0(MGyqCiepJ(MeI}f z6DMnOPO|i}D+?k#lBF8i2u~d@KY;*?e*-HYyiCHG-AZ)#O(-Cpll5;wqROivEe)|e z>acP3=)_2tQd4PH^d0~=J*mk*A)4-s+~Z>f)0Ieemb5W|h_T329^uuu06hh{PFAbd z3+dEAQZbDR`Vo|B%CVgtD2Pyds$zm(Aw4O=x~R2f!3T%qLPTFlXAs)eTuhpIKxmZO z9rraiM|0HK(b-|#v(qusf&BzcQ&dis z1dg-pr%V*0ISdk??B1aQt+_JdwY>YW*Osv?Mc+V-BnY0_4mSR`O4Js`McqsI;&tVv z1QZoeH#L`ueBHqhK4MelV;k=9izr+gd=CTw1&-oN6-F~K2g;8z0{9iBrUez@B#&(O zw>^ypHnRq6D3}JC7s6dMSB~Z!R77))E)^7~POa-lu61H)NUdXD1hm<&5Q!r~?G*?qR1&vt zAMDn~DI_4-$-^Js5Z?QGYiZf5U^ZsWC9`W2`Zv#pt(#1MdN+09JQ+gWZdm?4Q2kaR zR?U1*UNMx27S6iVux}2Zhxkv!eDzg#UwUb^WPuuc=8NI%AZdoW(;3B2U{atNVAHl< zdfoqF^g%0biBpXqFL0B@%S1m*((6{aK3OA~D?(8O3VtuO-8`NXDF-q@29`k~67Cn} z?T->*?nrqTu6s{jCs@Mygsg4E`6_xh;+`Q_sV7|L+;0)0-I$$-sCn=;)pWF8jSJk# zta_dGoCsPnsJmc6^g6q_4!*T(i@pFDMm#{@~J~ z23(TT6Kq+bm;)`6(Llj0(*4|ZLbEu}v~~BOraU*!Jdd@c^Z`Z5;T)KivrF|nbg?_~ zK9yLvV}jN|lOrBOv8yZ!5y%8hdSFoIJ7sP%F$ z=up28o|yMk*=ssKX9PrbRuMr)UJR_p?T=dH+EL-sRt_S+fe)O>BgpYa)X7z$G0k)P zzVaf@Dng+mlD((f;^)vQrv`i*6!E#$rT_pcMWQ~36mIFUkJ8VkB6a8;q*-1N!14{05w~jQD0F1%+7Yl(t<#S>mlM{cK z0hKRzMV`yU-BV*+BUmXvlqIWs$AlheUtP1wP zkc|+@H%hyHh;QXB#%^2bKT7<0Rod|T(rzy>o;8wFJCW=y2f~?V z8o_ea?+YRRp$X#zxlVF}IDn$(35dR(yluAYm}^^*OF|Ou zO$RO}ofOG(7NrnWQVW66D{L&C(P)wRJ{TlF=gitDO2hH~k&taPGsDvMoZ=L+)p8im zU`s^Iu6>40{xVKXc1#OKA3raZrsNT1L=o(~=Gig9nK2MK3sJ4Dg*RETRocY44jc1X z<|6$9PdgxQx_FsavLnz^-wu-aH_3%ND*%bB08>^0kQn%!C6rq##E2lmFm5v4!u_`G z=)NTp&U;}Efru4uCJ^ux$)3y0$J~F?`gpLQ#31PQlx~@u;SiJ@R^Se{F)76|fJ#k< z)?tjlIbIWqRcq%YJ{4a{`o#hPMQw~kVB=UHn2MmVg5-m`xjR9Sy@GFxiU0%Fu^OJ) zHtD(v-23x!hQfoT#P}ZAvyD|6SFaAidUr)c3?IWWmNODBKxfeZWuO_R8j35=UsM#S zi}UT5dEpI*vFkc$mIsmt>R4C3tHMj1%{d!3a<4AKZ@AV3E zJYMwmh|vX}`R-_+*1W9y4#N4@{w$WjTacL<3K202wX@F5dh#n{OH~7{H3lph`Gw&TTj6{h;+j3 zdX1AIEHofVQBd?ye5aCPshs9O%ffJrH*g=-k@k-CIKmr%4EXP%Kwugct$r(m)zZ(No zG!2t|pMb2mW=JmwltC=3-Ol6)ZtsLlyjB9_qCbPG8x0qw<*YuuHKICS0yGxxCfVt= zqpr;wLaKLXh^U8e7O&H2jW+{OX|5EP?@{7aVU?oHA5StdWmtHdjwP%uP<>G9EECeYgg&$vAilAQ@B;)LiLwICPvz_r z7iCuYW_q4jqMTJqeyMY!Y6^*Vsn;slAIA?6B~jL(ZF@h@LsTkhb9;G%VYcaYuaCe? zTjJ^%XjuXkdrjF3%N73P)Uw3idVSnN8p;#NeIrP4FYzG? z%(HCd;Z0K&)NxTQ7(lTTL@m-sZvmDMclZqH1UT})npXV9>M-YFkH#=-5DV5FX4a`J%^Q4Iz zR2UB+XLorYvWW)?2??6`DW3QV^gPU`5AE>+hl9ba3bL@PSyAk{TER|bk{m(f@UiMT z0i=|yEM34&mEH_4CW?*{o-AFQSri+qjE{`-WJUIR5)N=${mFHg{HfdBy^uZbn&3qmcm^nC-8@<6g&5q z`FZ+taWcy#i~;ibwhvz+L8Oy2`fvD|woza|WO#0Sx!VLQCP)?-@m_s-piiSF8uCQZ zExqHR`HRd>{ktBWwCP#mym9AGZ7ql%aBCWtACOo3>A&M6B_p?YrV)Elwy2;j0tBd2 z1v4$I!Ud`VpU5ZfLx0PrO8?gU;~IGEm4`YQI`4++G2yye5>?rogIDQt(rENCA|RHc zkW3+OX1699a=Tix~1l-r9Y{L&PU2L)GHYEwbFC_`4A- z@jm03MuTc@Jgj9Noxj3>X6ceonAAUIdyoqZM0h)R^=9HPnY(wQ{<$fYX8qQ!TN*zh zwAQ32l#N83q$UpTydBo?RIpdZw|LX~b`2a?;lceuIfmw1Soca{9{`PUvR;dkm9vfA z*nuC0mMcHn+g8fq_Npg|etMad4E!4z!~vs@;CR@V|L%Q-WmxegP$lC__2NvqE1R&jl+!pDPGLg%Pcd%`pAHZOoj&o1TfvVs|69X)&J47%s^ zIJT1KL>*go8f!mTP?-~Gbq2qYqLk<`0HtpAu}R5<$Ic^mqY@)UKpun2Bc7sv=$wrH z<>2Hpi}jLxXT%CsL|!==scj^$J=iA9<{(`4gCvPpQzPzh0mf`3x6?g->noeRKed|B z?UG3CB`x)O+>Ch`1cBjST%CN5DQy|m;R>P)ZyI723M zS!u#Nguqs~68%6iERk`QWoOKvHAvm(l2HLB@8Vw)bn3l{5ZYzJkg)Ezh$xmF5Oe~J zvo2`FlB#8dbG5j+(oW{6-2RJi38zbY`e?=@=1NXE_)Q|9tx zo$}FT=U$(P&ZByJl_AMaU0Q0A*LnXV8#Bj73qlKutwC}n9Hiuv*LK$m= z5SV{b3}I>Z3~Y$qx)tqmW4Z$8naqx~K2Y7+x2!+`k8+B;vN}};Vg7aXbD+C$l_lzf zJS&n3?%k(l-H=V!KVl&`Y?kj~({f#;=%!&~|{Yy$77}@<*60EuCgb)!GrD()UV^O$fK@UK64R8w zONUM82n#hz=ElFEL432I8{#RlrKg-O`htL$It&IRBIAQTY%nM=r0K~OXMHcySV0Z4 zx6nb2zLMH-n*^dX5dWNC%JYXm_*H)a#_(J5&?(ApbdRSaK4m!FU@TL3LTu+8a4FNX zk}ln|Lc6fS3t-x2klq)(l@2>4N9pvy2$~D3D#6_${fDtL2OnI-l>#fra46V7f-Ie3 zy2t!cFQEU1|FpDi&~@O;?>N|?GOE7MFMEs^$TYvYkCHH|nCw+Bj{$LB4y<|l`Vd8q zK7m@^G3-m`+JdNoGU9^k%RmbYdrC$YfQPOWLi_IE6qpOyMTN>%oSZgC#(YEi->xKWiMkE;e+cMxqAiR?gU8+s0pO}rNiO+ z_|s(}dCyhoXxAqv)dQfdIX1-XVR|wib>JtZ!ggC#nZEe3w?xvmM-~W#`dy2WOGdt} z(Yn7YeLVHF&$Nn$c~(X#5E4L(ZPG2rD5_jyUv)$_5nrN*tkR0Y>2ti5wF?tnop|?l zPht4k+LXH#*qZG;z4g~b4wmv`!q?|$IHnYWX+?0S<$37$v=O9<&mG1>Jh8wHCu!bX zg6@P5m4A-R@M5*AJ-A6RiNc$}&pp=VSNcux0|Q;(z)W$5ywKp!lOJb4#J0w4%_@k_Ljcv#Of*XXR+l{INFvc<;nT5CfNbRB7&$ zgWDL7H!6QaNuWGhpckNNqgnz#N#qZHGP9`{8iY}z{t6ZvWWV@le0NDDp({MW-?NYT z<6vDeT+72W@I|_YKcAdXrB0M=sLbX7N~qBINQBwOSlLq{p7r4?u7~~sjmgfYn?|f@ zy_7xn&zq)2A9Y{L3=Bsj;wx5OU%2QNV9+0Ijc!TpY8UQf$6TFo-d!?K1etu9{fO1r z`L#zsSF`7VCqp{4UKGD~EM3oEgC~Ndvb15Go*cF2Wx!xdJNHd`xe(aEt&c)HuwrfF2YAbM^O5Qh`*+? zahHf6AYv`o@gHXNaY^Gh=K5_B zc4*b!p|lAF>Vr;TS)ZhO{j~=|l{EJi&T1=ItNZPMw3-gRy|9W^`KN9y$UqZ>P{SEY zJP1ET?6#)$m3tHT4J!UI0<`i;9su!0R!Zf&c}JR-4WAk~5?tVrvjA zwx3*Qb}NXzA(YCSgf%PZ{oPt+_lmjs!DL?nSA47+Bl)C(l_-3M1Z5SDR`Y(F({@m-3lx)@dI zJPOP(%nA@?=PO}PcC7YIT7c^xM`G)q zB=Nx3&XQi0PkaB*MDuQ~A(psBm(4P9WU#uU^4fXlby&E-{Kfp=BhRE$KUW$4ksM1< z|3^HXjr;!{PmfVo_$R=@$w}X8TKUCSXW9a$W5i6UC7VSD4F;njZ9iYq81ttns46}s z#*)CH({M7j+-?o~Bs~`}Z|aYb#go_Oe3p(6J;;aO;ZzM*x7>YS$3AmE%|3H(c~~C` zd~I@l?hrx<`4X3lgS}3@Dd`c*8x_G&L;Gg{XLN#T)X58NFEkZ*v*{F$?R&T<_zpR; zAa_m(h_vcf+7oyjVoe|0s6sg`lYy`8$8%7Q#tJska+Wn-qYbB@mTf(&0xOV^V=;81 zGhQk;dEks9I*q7)WcWuWUf^!z|?^(fzvPKw5p`0A=@F5 zjaA+s_S~=;GTwvzUPSg~t&f9}L31(oFtu-yD!`U{a(5Z|M~Ab=K@09L(-%)IK&9xM zA@iAuuq>?r?P%wco6%hZsa`0d==lAu)^7O!MZHmhYshhN8%kOk-j=olNAd_f^3Z`> zrbOoaO=3!}-u|u@K2O@sr8AOK2w-LRmh!E&Z;7M6o{(gmT8@#PM4sPYwsIk3ntRll z!8EtLev;g|&p7a0*Y?OlkLlR<#l2|}JV^7^W{q77W9n8^vQ zsGhsDk5^k^bB1uCHNu|7j(F`1?w=9u#`4ghNkdPO8@!(L+X0_3ogs3YjYMjh%q&^NN#8bhFCJi6*I_=g6NS!(rRp^oqVL& zKvNv+AU!K|!~=5PH_gm5HEeutX}tF&*M1~On2aOde>FBjLYr`G50d}zu|0c?t6hHeJ&vG;-Lb9!rnQ{ z`n28u0DgsVMaQ5KsR`a zBaZbf7TP}HHHn`xIW@@L>(-^tsaK@>GiFeK2~{9n4tndaP%HXtE@Hm}?Fs(RPh|D)ffgJsznwNN zN3JU?c=2_zIUn4)A1H3OAs?dtP?iH-Hs}vmn~R77`lBg%bdTRQsxf=`_fRzK= zYFP3@s+dKYj_H(BlgG8z$+cg|taQA6*Fau_KB~Xyl_oa-lfp)M{h)=90r~fVf}s6( z5W~{Vn#tVLTtgie1bhmC#ppkOH&1vFP>7R%*!F*Im!F76>O)H`u{&E`GWLlI?tu_s z5Ly&8c!O3T=qV?|W@5@%+ze~+qF~ZN#)v3MKCf1=5Dq3TE^ASmy0%TSb1BWuO-hFY znyjQ8yOno`QW!RclG&~5rjcV{a#!D3Z64hCD8xJ8_nke*&jH^KMo-&(E*3|Vlj-co zlUeCbz7Bk*MmS-Rr8Ec)xhmhblL22+y+cYba{TwQ4?EOXD^u_9gQ1v}HVhg|zlf_0 zy4UMXUNbmrD~P?A${CIPqV7Z|;ol z{#NNmm~m>ty@S8uuf4!(%Mq-;3z$8wzN3BX)ZK=ifvnV2H~Ki=J!@p2rl6wgF{-XYdJJ`gSK40W?YJMZ{m-v~__h^(L-`UoJ z$InZ>hBCnN&&8}SBSe2#lD3hC->K0a7GTG8C*d6sdwb|bE2Ch0aX}em96Q7I4rMGK zT)(DwpuI<>Ypqw9FQjiBt(SPbP)dI%8bUOOlb&SxIZ~nt5>uLYMM7g_YOs#wC8nDb zOUtOOx7q&KiCX4nxpiYp^%<|8+uxU}>rY7untPLpGPlg(NXm0UHSJ=p1=d!# zxxPr|=MIDKVYLz~SORa?hU(<30(>XD8XA_TiyB&%#6hW3nziUw2}Ud{XD3K#;Lm+D zwa&HoLR;K z4>M)k7tD9wX>U2CnHx()92$3V8m_+qIz^;e;yxd^8C!de1~r0`!?bus5X$g_8N2Fg z`2?b+R|9+`S*BX#p6HvlRhn7Yw-@@sEKcsR511hcQ(%7#6wggsK_6HQWupXJRCdCp zd=AGaYVWDyLZAx#sLwEoqB7t|`wzu=dj!n9D|?cl^r!+5SSkj{b?|zJ&{E&{?$9#_ zHMj|w0S~qmTPU=sCl*D@gwsaW_XOA$(N88>ho=MHdkrnc1VUY4@8!MKMju zxdIX0l9*anV0IS#wrl||TF^%-h*Pa}r3^ej!e{A#VJWomZxFB-s-G8Mv%~Q+EJTr0 zT-3NMWrR)I{EcOp6@buK>jxV6BA!8YnFAJc>7|Jh9{6N&O$Ew|0wmSj%hWZD-_VB( z5#)hr;T}wdbKwXO@!mHY426#Z4uAabtGBUFP>@!s#%v2cf)x*;6)bc=t@BEsY|mMl ziOV-0KueD1+QzCAR!wDwj7RI@KS;3lnhlqNk!Bx+;y*JjNevUwzZ!cdwl$q#OnAmN zwZ`pK&7PE$-B6}1aR!+mjdC7?Jk*ly)i&l;UmYl;gAtn_eG>(<0w{V@^>R%Dr67X^ z5bkJiSXSj_O~4l6+@~G0^2De~R%(g#QbAsq%;ooER@3Xgb##{l)+D_|M7uSK6<&FN zpQNIf`a*CLabx;ZHe{uR&G;@e{`di+6f{iH;|s~h%#p#92eUv+hA9Igd4%66*`=*C zHkfHi6PgoKCRUS!7t@6&x1>{qwL69Z&yUqQ_K*tr;caMIN)|ktpz)PIz%eQEVY~c< z=YkIHM^n80 zAD+RdZU@JY*HSDml8ja22v5?7AOD;1Jk(dmpuIz+z!p}uHLd>M8#kduRI)L|=if++yw9pYaq}bl8Elh++ z6P3haDqvR#8Q!iP#qe>}$3rJ@%^~KIvj6)Ae%}RDrn`V9eocgZpH=hW0gT8Fouoxj z=0w&ZMULkjx}-Ft+Ab)RALQ$DQo466Cg9-y)^!vGnSLt(TFGcAD53w(L54CbnjiX* zHYG&ZFm{fr$|E7j>4xzQ)4%G37$`MPt;-}a8a{+f-RO&B%_8{t!MOIDd2fkucJ8fS ztr>=!{KN`EAs)F!?>7n`b)%~!o>mQ9YcANj>e-8#v*(BMWEP%9EEA>L2^v+KG~#cn z`ki0gd|OdQt_jb3fqNJFf64AR2`v*hE(1YO4ro-ly&n{xi$b8YspKnR5S@?%1geNwQh7h$*`-#Otd#4!MPqfw&NAG$noL zomUHkW25hK&KZ6)5<_t3N?gK@eDR-c6DE=YYH-9U?t)m=i)hph275|YSRQ@r$P9q( zv3P*!rF7le1x0R=5hPyAQRNMY33t>KRw(eULHq& zaFUfPr@gb59yGOqJV5=Il$8@rqEI)IXP_1lNR9Rpb6fPh`MrFM zhgTnixo)ZDxrf@{3K&yfidQ)3p1oR){ssu)`ymD|IC;ZE=Wk|px_qC2?GFt*Qs$UT zPGDBsi0Q9g-D85xY{O$x5db!}LD};!$&}xNs9}$TGbPGEVQOOqP})&YNHED{N~6w& zBfGStE4qpNAnJvk7>Yyuh!9}`w5mOvh6LoVcDA}&{|ev>x+f2gOgr=FZ8@X&{Y%wf z8HiHt;8Y$}!y#*H$vSiVRe*qCn?jCAJw!zLna7W|3Ut89wx6MzyC zzZ>&nhOryZF`nA^NS?(DXz}zkJ;BfP&nSTdgDv_c?~qck$R8p|6H;#6MQ5#2Wi3W8 znn*@L6NJ0IR%j&0M{T;I2!|#bNdH;YAx(E{nd0bMeZis=2dk1!X|Zc;2*K~EWFZ6Q zO#wSGOCHHQ%^)L*9PKFNt@ZLTnTWCbcQTQ-Uw_teKGP0&|8?|(|JV6jcYB8gEPK_+ z3#&=>nvwUxFPac3WNFW2FjY_T!x68<-d9QEi{MLlAtaKmGGZ|bzkMrtr36{9c$557 z;i4o*lyaPi`S@e}HH;tcT!QvbXoB8P9D(2|aO6uC`UbEPYeaxlpKABN>qw9XQVX6bZcj#?W_Lk&$g;mG zz6tZv=pfiaY0s%ZuMtSZ;k?8{Po6|+sOl*-fNYQxZ+~W)N!_ZJ-8gC>9_eL1Wi@*k z&VEL{aYFXM@ZqWLg(T!86f=D!%}bjmRwOsR+K(~Z!smM0(}ew9+mmw-SMEv^MO8r$ zcAd{mO<@v5JHU|nyp9p5C+;{a8h{igsV4{Z1B$tWWLpsf*da3B`G&cov%^SotxCa7 zWo0Tkk=E++dS=(V@V&x^dpGZX+IdNu9nnj_5(+nXWn~%C4o$pb&iiV{whU{;Oj*3_ zI&U_!_TJxDhS2nHLj4O~5dDf-6~qIR8b_hUm`44gk`IU65!C%-AdPZg`4AsDjZN+n zUmr8n+dQ8bToo1ONmRadenLuL$G7S;_({^o+CD|z`9xG2KH$vHoh^$l*r4ZulO7h# zerb9?r1r8iJ zp95KhLcb1fYhjo7mUnHxV329D&iC{7ux|sT6Y<4jU<1>$W3K~z8|((_MnT2pK0RYH zUber=IA|@UdKEmKGVttPI2q7n&1|}kpS`~K&OOv~f(WM9BrPK!*augkDf93Cvh4n_ zRl)F{WxQNi^4h0bT|d^qj=K(#t2Cn0iE5R2(TRCrXO=cDV`YL^ONL!!!^s(utHnxq z=tSuh^+p(|oy`DyCm%~Nj8*)q1R1eU6uSus(xLC%%qF0scz7{6l$I7o_6oG6cU%$> z0qs?2%b$Vp>th(yHI?u_ZJ zgd6;oN+Yc&Oqv3ehh6Hbzkn37ICpA{AQcoWvHZ({=k9kV(zSy7J+q1x+OL?rMWJX+ z{(VY$K|4C}q)$~lso;JGWs3{RnYzUWDYR*sCjG=&TK~TOj;5aWh=)?JpV0^3ki^e) z>|;O6X~Ghb)e;bCu5BW7io11897^V|GPE}+#m(0FUOnX-n!(=?r$qi<-U$3ufgIW~ z40Ef+C|cf&LVTIpfBt+S#IT^wBUAZh5kiZ`NS55;i~x+9A_94WG9NL@2?oK2YD|2A zSY)d0bLNnhY ze6oB9i0&BX_sp09uYdF1dhnz5A1CGUJn7bQsk)Okr9#2dVn-FAlZ`gJHi>n5bS%S< zD*RNxI?z^62#fLaYONTD=zJoag)9LN^npr|Z3_I1y=I*ppM=T!g~jGR9X7K3`4YJB z(XUW5e8z$^ObkQBcy+vs+cTZzPjPP!R#Q@{Lm`zq1K^!sBf$RQ#7)VIlax3{R-|)x zQB9)~6rMhrPb4vGZR|_rSSS?nrJ{I;{6MOkk9RJIbemA(7ds#rOkL92d-}JR4fSd#@6S4) z3O3l734bGE-2n1putS)w5VMPO;{gx!IItUc)J*r#nQUW51fi}ux{rqUHyf%y$2i#Z z1wQBov;IZ)s1A*lQ?Umub z0rbHwsuHhNM*Z}X%o4{u>WJ!Wz`v`L+MfErOhtf*jvkB=hGd63^9tc+?kfyO)r!)i zIHc^OIgL)bPT_Ky*H^VpR38s|D7o!i1S6&I}4+2-2P$3jhg^N z;90El3WlPSJ{ZBxwkI1)8^+_eCW%i>Yab#_JFe$0R>fbXQgb5jlj$e95O@SeecFu) z596I~6cKByK?dD+41@9`<05O1B~f6s^-7h563DD82v4@aJ!0hoTJ}K{5Z)SU8dAoDN|wjmY}w_qq5pftZ@@#cf$FB6bk0Qlkv z=8+d!;_F(A3^i=E*lA- zf&+#CHW%1XL@Xhnl+6v9iHp_1;==!_H+*}CB5G+tyL?fO!Q~N=MeT}+>$)u~m;+l% zP!n6gS)bkKcUFKcx8=;cEnki0{$Ri)^6prW-wzk0o@vcPL52%`(QM52+nLx zw(53)M%m}t@l7#$FJw)NXWj^?*NDOX9eOlyAvFpDp&vrIN+HZ@VyKE!KBzh8-OLZu z?mL9uD{iIxSwwy{VqIjE7)95LLC@`SEih^#eySVV+i0~&(lz84jdRN*cPAeC#1TZSTvo9mPIm zif8y1GZ@25pTgYwIDgQ8>tILmg3KRXxWYL?LwcfuI!cOwzd(Z}r=RT%AJeIQ?%cLv zK|uP#mAtLow)Ls^K<7rwKla4+pNZJqa2XvtXFL(PR>a7+GVn@raFQHi-gA!{TzGB^ zNP8VX0)Yx)1e_ah7HXgHy<6eJ{9q_su{3{_Kg>%;U~VMTJ|(lx?mOh;J~R82Y<&~V z?kz}iB!I0SzG?&LEaOXrjg8zSv<2(ssy#X?&GPG6+m=4NsfyMzGwyT#U;K6>zBksT zcA@vFTg?5ILgpye$~`4eS%fgZs3T#Ku}q+X&1B*CBqSm{G0$wq7Y%pvyr8%-=Q?*N~U8TWYm5%O0OWscFuK7qQen72>&4Ua@gJ?XY|^ ztaq{i4PXT~A5WiRz(cUK%HVg{CkTd)_2qhT5>AsBTdctza-c~a3a>8o`GyJlnxWbco zCz_UfttUiZr%|TOG@;8i$kVO^M(yzKzjO_KEnqb~KHH+X&{S9Uz)DgRAGuioC1f9w9CY7VVSd%p@vnt7c< zt8Z^dKbJ4=DaP<%A=}(*pAam@m%bF0_(W1XPS}mZY5Y59JKU~c1~CSQgPMfX7XKm{ z?r>~24kIH}2Nw9w57~#qRLW+m!ZvEW#$#QXm25cT92uV2;vXjPyQM5!QhHw1m6m-R z#kUpCKu_<3)N5qJx_EuoKKroOTtg z5J`5^@NQ%^d&_qn2H!*-c0WdvyR_{z^qaa>uN){53q=qCM5SN~H*XZHs>f``Law^y z<_zOc!aeJf@6Wz|>uh5_<-zxQ!`aeYOlw{CrePLm9CB5pO{Lda<@xvxQ{B+fNDS*5 zM-f6rjB$0mj23Z|{{Tfmy1y`gt4s_2^a7`=h;)GtA-1H67c-@2DS`Oq_cuoxXl*ve z&-cCVwO>eW%hM1;zDFZVduT^pj_c0yn{}CKyj!7tSEj#hx-^^buDL70KhkEizA5yk zQX)L%_f4S;Yx`9U%NI4bE`#AC5cX>oR?SF!9s3g0_!8_U6pP(9{*K>ZZSm1+Q{C!I z+N}$Ir21la>-k~ohed5ZtTmaA+NsZW(qHsd$-pR#QmAm}rM=hXv5=~-saB>?5k!7{ zFwpD8M9I3ZgONE-mCo?oID@@6xp1eibvttksM=$xR7b^#2GsVIlU$RK0HwDO!wt!Q^ zD6#We!=h~ls))DI200Iq<+OR9dMfrjdWB-6A;<^B&{1H z>ZX(3A3}M*L6TJ&qU;DPElvOXV)DLEQI523ADL=nM%`><=74(<+*jZN;O@D_##BL= zXJN%6)Jn^Ncc!EE<+VSfX{DMH<*|7zAQ*3qL?y!7ZmP$Xzg;NZN;9^@ueTA$6JJ`J zjb%hmX|qMdNE^5|TME-=n;g?-yAeJ!+HBKt9Z`o_{z-MH%;|1NNx6$ zm^LbGa)x&i>t(Hyz3Tu49N46n2ionOv_CFJe26bX)7jjzqtk1o!nULnBM>2rcRR)C zmN1OOWgJttETt}plDI5`3F0)&@Q(Fh^=So^(JYL==~-W-Oy9)vPNqTGyjr$*$sEWD zyj#3Dz!x+bpaFTl=L}a8$Xv{pe;(1U@ zym>|^slP=<-c*nFYf2smS?7rME;h5abJLI0&&n4tg&8z~NK`LkQN4()o6pwys@w9| ztqo^|2v6T4UyR(EPiKgmzlJuOjn)u;5$HFkLE-N%3gI?gx@$64tmxMZn2OC8E&2@t z3$NTDR$tt#Rq368kuL_}+9L<3c6Zre+J*{@LK|F3%z$)3KOQzz+XhvNtk4IiYH&6> zz0cYvj3ck>v_(*D8rH50O~V>wn>lRBZkH3(>5#HG#SpG6iZ6D+NW-{1^Slk`;0>(} zE_Bge8o*9Ih4$DqIw%^YhN&U0CV8nM`4p8Go_*^|NZ+B_#>#C^`RT)Zo<5#EOdk!0 z=;Os^`uII|&1W8?9a^@tUI*JwbJ784)bvp=3SjcwfGSnBQ=~?*OmjO$7D*RaFuW;= zi*Uw=kvo*cg=m^V5r^h;s@5w;Xk5;tCyqOyIVvy(C2?LSoh{AB26hCncLzSh-mT7; z&cI3|wD*6yg{#A)yt^ODv*zG zF2=zXNE~?trFXD zQaMosziba^)Fs*dUVBd&N>V^!j-E0p4quCxE-hUwe^OE~XbpD!xV8|Gq|PtYaOpEJ z-6A=%&8`4j>!lL&56sxB;^g_P;Y7MIgZ$=GzqE|%v#n&8cS)GXP1pvT+&4M+F{`CU?fJHtSxx`yUW zwk>mHyI<~rT!lC5YJqvDVDAn`;YJMwH$`C<8A(y-RZG|kh+~O;N1%4MX0E7N-6`BG zW^JQuy_O1m5^-YC7|bLWavt3RB@z9_L!9g|lACU)%ix)djQsElwMNd!hsiCfx9sps z`NpeJ`tc`2Q4&9)YdUg12c>&GjbZ+Rjg#pzn(7z8in6C>#Rl)AxW-^rJq^Gb4bA97A~^j^SHkQOm=dm- zf9JGXuS!cxX|akEA~iMBZsfmXYAx5KX4Vp%oIZ#eq-g%GDZZ|z=rLAoz!CWjs@nqB z(8mj6Rz0+$LCEp2WHhTS61d5o={VPD??RJ3x05Ww&(J)3ES+cXVuU*ZCtnQ2j4_BYn0i2qbO1eBc@)Jx* zDhYTDOQqUQYZls))E3G8EuZSC(TJffGl|cYnLe9Q#54wr_n{&EY~4k@ zVEYY+GHWLE<|6s7R6mU3Q;VE#viu^X?j)b((gh7`yI_KN_01biV&@ep&*+O1=Nm2J zF=Z)46j!n^c9+Vni^G+dKY+pJCSdJ-!3V|Dg{T8rXVmsEQW3X_Y40pSbR1v;(NILG7_Aro2=UiRh848ByW zP&X7~^gnP-A^r3{Qei-=%a`SRV_%EN-=&?O+ z(}Dy;wEZ09N>HcE^VO#Vy>)60@iOSQG?Ug~0}Q7G#p$3Cc!O*|N7i3bTjKW&U7FL8 z379S}uRwQrV-Ze_&;EK|0rM!6E%Uum?sXTY&s3n#M07M zF@-{+eDRg6xa4t29qt3@2Q3ML%?NQbtK;K}lru%-BoKpmBM?^`w{@T*5oEV>6mltD z6^uqm!QfQR42FMNx;P|lDAWIjz(La-=y;vjHs8C5Z8HZNC;e>ZIP5Ay5_tuNJI{Ec zPYN#UI6ubP0gCWWrwC_`=UKVkx5kr1qH*m*_FFFtCei|Q(9Rg?T(qyi6GMs_wew_- z7pBt6C?dQ?tq5UM5gDNCCUPhi^f+IvbeAuxh%yTNWwJqUtEdb3>XmmR$qev3=})B67@wnM@_=nWY6pmz_nt6XR{ z98NvCz{3=f%``1+3Jo2g0SnT=vOWlap=G6MN=v)Fi|SjGa50XNnJgG^oB5cmariK# zH@9lSzgXVIgjV3X$ODi>&=4ajz1anVyJYVLJYCN$k`K?oeL2o&pZQ+uDSkr1v+2#I zUt(wpkqXaCjvi`m4qk;2$G^DW9)M4lk0(nMI=L1BSt1`@e592;4PLv@&J8e8O)uyu zkbbtvdV!C~EHSRP5IZQ!o{`1W0tD!jBgd)soglYS<4|aDp!QaNbQ3eHl^@~JFU_nq znjXcK^~T7&w#Zp|vLiumu^!`X8Ke2xpsPS_6&ist1gw{8Ha3|XN9Nfwk_6%`Am@SY zH$f+!eH(9{y@WT;vDO-E+;oQsjb=}RjE4JE|GS#F#&{aFM>RjXsfn9)jGtI{aT=dQ zA(Go7r{!tT=0RxuUN;QdtucvIKv_IDbdQI6XdEAIVMOh3IJCd{6grG)FG_a3O@#^d z3w7g!@pNr{I1q*`q2&!)(oC|Ou~r*sv)aDN0>{JBWp|KoXuXSv%q2qtJPg@7)Sn5N zyfNy?g_V2XQaqZ{lwJ9rptM&UhYwvz~$9mD>^z(?{HE^f7J+eMCG- zACtG!$F1Ao@yufp%{QRB&Fp%GKG|LS;pqj9@(_MEbizQ<9>Ksns%$$kaMvpnvzhjY z-S8WYdRoLw6ERd%IVGyV?X0J-=R$hhF8@TdQ6_(c?q7_i9H_!oyhV*$P=OP(5P*Ry z(GeM8Dx$B};EuH3`T~@nzdc@fKe4&47X|Q3EBZe%`7I_=UB~(t=u}WeE;Qj{2!-)He$qP?zhB-i81~f!v&sGXgrP;l@UgqSDX0z#n{pUl)afiy)GVd@l#dD^~*u zgago36$&(i0;OQBZL?!GeJwgZzHVORICIms2u#*D4CSLl^s=BAB-FSq606I{wbj!X z+-XpKz~@$LvAv-S(s_=q?A}b@<)`r1TOW_XhLhg!S;Whu*Bk5R#X~Nq>JD0bCh^kf z_3`Lo0gulujb@*rjbXB_C#nzP+#M?S6FN}22c~R8rhKdi2E!dOs8j5uR(W%(_;KQv zN`@aLude`kl=E1~n)gxUXd@r@pg0gmF7%^_2do@GB%#YXgPQiu1Z83jC?Qp<;BQi8 zB0kDZes}?;ZUmC%RLB$>q5){-;6xz7ZKA#($wC)ou)i-PZvew_LGvKT;ok+-VchW) zpuT|tVSIZ8zGA&8i5noHjFJFv*I0{hwm5J_7#Hsxf9364Rr8$fBOc%U1?{HTJ3$f_Ydcv;pt@Ub2h`egP*Y;agCJdcBBdOoH^=Oio`H0}w^F`6 zd!>|?ZL{4gT#zr2cX7RUACN-bJi|EFW^Gy52WfA{1%v6h@R2kA)d4IZ$Jyoz7v&t5 z3`bQm$0)ftpFyhOG?t}usvjVy^6k!?fo*JRSTsOq5JU6VW8S8nAfaLzc7nElL8zls zA&*62M*yvfAXAo?RzQ0b0Vm)0k(yUs!Rr#yw)L?%9S&4R zHiKWQnDufhwaWEeA#Q5m7l9r+IxvLm<&VCGULcpX@@up5$3fy1@}n=Kk$Ed$nwcbg zPkwa2`ZWr^KwG)|1)#SVW09X{Qv=&aUl{`M{vf~%3ZU%8^vJ3ZHy0`I$Uns5qP*tBkNx2vuY`Xz4}N%;hS2(f zidM92(89zY1aKuOhYfzWQam65EN}!S3BH5qAQ}ydsU9aN5H+N_|1q>m7t8HSOIjNg z{!ZN2=a$o~{rr?7DTA~iRlR6js1#;SE7;BSBB6?R}YyrJRLU_GA^EweA|y z-&z2)mhvT`OPf?uX4C_;JfjYI$~#boi974Ys^({-oNA!*j&c$LIJpkDX!veAz<+FG z+(C0{A=XXqI<3w_B~_Gt9Bx_7QOj!Jji5B3vd@qo4o(#OuVo#$PS&lbf?03>wyc%J zdhn;41hjmWM9f$2ff^mF%rH-eDl1nP3_<{n2+&sA8bWI%pp}G>R%#)BQjEh8kkhsB zc*uVn%HeS|f$qORM}o$E9vkvG~bhmj3@$1&wxE^#iQrssF?NhuZWU6Qk$_c-%UH#zMkLuYSF*el5wu zrbLgI&;zQg^L%hj-dq9PVoXt(9IU8=UJ=v=ID|XWlv-*@$VE)`e??+_ z>Le~0V{|g&GQJ`J#grK6H%*Urd#p^gUsHU^$Cv1UOEV)cb<@e8@`}a+ByE~N)@4en zyMk;XKSfuqe_Di-&I7I^J`rx*R4Wb;haS}nMVCBxo}3Q!L!Kv1=!>BJGpDCZfAcRwPGBGW%YVGgH`=`zP*rTaE0 z%5EDUM@G}28*q&J7__7%I-Fs>VJr2Kc5pj2c&o@4-*qRzZ4Ja;T<5PlE81M zIs8;o*{T`O^G33)HE1{=hqFeUS>22PrmWqc9%C_C&kP2lT!V2 zt(T?w?B;Prxa*C~R`;HOdgpV9hb@pRF12iw9Y!?B7>foOBjpycbAo)T<&tW8{nU`% z*sO(5@aSEx0@4I*chW&1EF_u9kZY5JYvg<*fuk0A?HtYS@3#cA%d8FX(ONzExL}(u zU0fQh;{wn(Ib7?Yb~D!GD~-quqH%suR7O>Q0Y4^jJrvVpAn)7g5}3|ZKV9`WVpD4b zdf&F;s5;b-MTPS+Dj}x&Y#eB+fPwur0i+Js8y2A8BC~$G#@;(~O ze_=JWc?_>kpOVc~EQCZ-4;MIz`%XHS2T2S|?^Drms7d(r>3tPWfO8d*s+m`zdb0{6 z+XKqD4S;I;>f5_jO>gj1qW)unfwy|#V8V#T**|}nz!_{Vi-5wT1)b>uq&`q9F?c-<)6dH!<2v5?Y(pK?C26yD+ zAqzN6FNf+U+YhU20GOA5K$VTIUUaGjz*e&MaB!+0VfO(5+9LIL6z8L!;NIWaYhw=J zPm%1mw$+&AC~c=+J8K=N{)+Ng_kMy<{x5Y{|5h+j^-rXfafRGNqaT!13T7 zd~FAnj%RUqot!<}(6Tjy?wy$NOEd=o`DK;KlD6m z@3IqDi=22)QOL-}pZ+&z$f8A}R#f<=?vA>JPN$>hQwVt7N_T;&Ax?E62tur~Ev1D_ z=sziT>VhjUVRkX9(TKX0N|%0`uHVq2hnZ}pH(whAgtj!mo4C$Fi(8P&Z5trBk(4M- z`l5y!eUbjz&}S+EwzVQ_F+{rwXA*ZI&u9(uNjF*cwJIK}GcmGz$xc2wo2s+&QCDUr zA1`-2bk-=g7!B`Rk5zy1P_xl+(0aIr%ghv5xkX!@h=Hny;YQn9i!;#TqH zSw9Yb)1wfkWqE_&kKp(CtjB`ikK%WH))V+01>a35QLQWUaLSotX>*w`3JY1FoRRJR zVkvJKj7W=@2FD>Zo6CUe-ZdM4Z1|HqB|Gd?3poxe+nwoTd6WFrLw!brz=_R9Yg_es zD7wMHm0DYBA~0Bw-A0*#X^{87qS}R}!imI?_kPG;p#w%e@p9~zd3>VW>d_acw(vKA z((R}MJ&9#G4o`^UPW+$s_iKU*Y` zd}=-@+fDBUr=5c1l=(e%kom&_L~kel_(mSUGVjD6U(5k4^-lcJmM)!SRv0Va4^;G)G-nz3 z3pV-wGRbkWeNNdnN@<)hO{FHuaZZk-1eJ)NhNGE|bG4&o$2ladq9s!9Fix?b^PMG| zd+3IRFpUmVnV_sMb18+L#lF!{vvO?*TJ7+-rnc~(*aS3eC}P88dl0Kg*?v-*Q0>cA5&9s`R;KO7h1V>(xwlJY z;j+W*N^f>cQS!g#LSsA5PD4lH_-Nz>c8--sKjuG`-kfO<{P_mclg)W3vd>nc z8cy?EQ)Hw59;wjSG~Tqg)tN`$_)x9T5lR$pHwD)2Fg8Uhc4MP14>Ex4>d*3bh_wMm z_)Xnq3m;K;Ia+uQQexZgQ5d9ED4D6g8_>YEC7 zG%LFFvpMNUeEPiXy1SO}7ZKYV`&x7$3F3;k(VM5M%eVoCn;u_WdUN_&CFS!Q_bVT?H%K~l47g8KKK;gdG(fpi-vwW86K(iBoCz1C%)k4NKMMCk^ z!YNUMCH2LTeHw@X0wAc+nAhz_TZhwpRGXf`8p8T^5ReN4C`r3q-r8Og zgC@gvv|r4ET<@;AS9bJ*s#SB3>~Hx@?`2Kamg<>KlJX9ff2|kzo3-eMfg(31aO6rb zf&5)~q?a@UkM{zV6-^xn?G$!a0b+6hNtJ!0{K&t<1V{xX zfg&aGCDck~Yo@b!|k0^<|>BOe>f~g)YkTS;eF=)SW8Grgx+iXtAi+ubR?f8JM z(XAxD05Pax66EJDBEMC&UM&C(Lxa_Z9SjBspv?;09pzLK_v2&?8bjfMTgXCfyU^+? zbRLSC3Y=oOpLQHq(HrwWwf*(4crvoJosVm1<)iyg?m|Nc-!eD0qmpC6x@u1LxcF-oW^Hgw30$D%ZF|diV(tRA&$wY)uZRY@jkl0h2-I;GpaI>|nZvFtp z-*g~X$BLb{(vnuS#D{h1M=~QeK+UM*)}VYoFNN)Ip{GivH0i_^Tt}U+dI(?A!;m%m zuHbo)I(meZc7T-Fq8%Sa>%yraI0Px%c!Kx)KqP;le*zQ23370e~IrPZ4~5PG{3 zdJAZ8p%rwTu}MD*BC*+eK}fJ(UT0QMsL@MFK+ROcq~8XSQ_$E(*|KgdS#c6AoI+<4 zoj;-3H~HMS5zx^?KHf*owKEqbm>QmeG*-&?gjZ3`U1@DuHxoLq337@pa=FRwKT|D{ zm``GZ+(M_D;ZoNXy zN#}bt$Q8bCYQRkk*xzuQiuJPT(WUUjVx9UATCDE-gQn(bhk_&wb{6gIqTlYN zwo}{?OR34YiS!!{q^P?5s&)?1aW@{f8rv*PfkrmNyAh2ko#g1iv31U!V^!wPKKSIHJFuVdyEV_>lk~zL(1$quoqAl(ZBLag<;M@N>XAp?TYBM`1ApVCFwB0NQ= zqR3-o3dm0j7>4Tkg>q#Ix1a#z#02t+cHqoG4iBo_j(GY8Pv}81`kWh z-qO|{++=y|P&3!yoXX9A$Av_eEIl*0J_m`21D&QH;_QK|NX{yw7G}um(Ij~yu5FDc zYkk3)tJn7;{q02N52KD8olK&bl%i1p{ka7PdMm_C-ut&4pLZZa0Z$cbZv7SE+r$#@wn zhCNQ_&mr}AoM#=2XmlS(3K8(sL!*lraM`GPA8rm)&4x`4Kh~+c61!+MG~v`KOGceh zSIt~xCN-P4ccOjoFHi(fYkV$B#z|2@$v6USsAsszXVGfS!>D(YoD;|g1z0b);jv#` zWESvw7x@&|^X#1v+o-3+i6G`xZ0w`%P?)lFXb zH*FnL!)ZJb$9WX=+S*Q`a&SY(Ok-nuE7e^A3ssiy9YD4)RrkGrd0BG=TjS!~0 ziB-*rp8&0~?(c4rir?g)M+V!QtT>7@gU7+E8@EP4{E_6qk?`FmYmU&}C33s(v^H&r z60G&ux+$K{^wW#b=-gbBOe6r)j&8%G$*?2Akw4q?M~4|0*jIRDVk|u^40kTd9e4mA z@m^8YDNv*mtRK{vQ!fB<8~*7chhI{Sp4$iQ7(jgoa@ko4KMx&AFdX&`lMA_2r*Z2g zyaAv(T5L`LS=SfRNnvzAOX_Shj@3o-K<&nUez~w0hPS?hI)QJw#NI1jx_h0$bNBb;`&jFJoNx~= zpVf(%EH$I$qi1~Hd3v`0%)}-8a|fb@Nr1q_(Y|Ewy`7|U1-}b8$;AO$xKa|9Yl&a{SSOYAni?KM+ZVwPJ}sA7&)q2YlYKzR#E9`En1l)`vO4dVu15*-|q~K6d7d{&yzwfbTp5D@;VB zZugDx-q%U}Us18eAd2t9EKP-z=dyT2Ax%-9%SrP&sAQi370lXRP_eA%?Tb*E%<2K>O z-5IapGA(WgYWdJ)$T$8KWd~OQXeczCM$yuac5?JnwwcvH@rA}iOfX&W9mvm7U-Qj% z8*>;TT3p5sP#WG*Kny{8`b&Kq{Vz?+{?;3WS_ zrNSld!l$6t2!vh7imSN<+BWP+aqj!!uTg>+>V&i$-|K!~sfQMv;=a;}eZGj&Abh7Pr z1YYnX0`r+G90T1NWaJ36Jn`Odl=4|AoAcfaFPxOkiemogO z7vpsNQr5bZ6LM7kcF|HZ2K$-cJ5NU$+;(JeH>wP7g4og-9{9}mt9ab~9Hb`U3oCEo zq>Uh`n^WJ^IRZE#WBSpH*b!?3xMfFS@AuBTJs>KS-7S?%dcDb)r4lnRNQ_@%mWny) zJ{CF3eH{E+i#egFXU%w9w(B`a75S}THV6Sp#V3@Zqt|QvO5TW7iDu6b_dfXLw2=*} zH8RMYBUwZ!S!2#`zCo+#ORTv}TCHzlwNjouzcVawW2jo^hgGZHEE%NSqyXJQI7r|L zJ1GNjaKMrb5y)Z0mQmt|JupB6b-LyP4Z4eJW5qX>Ghc`fzv7DnvJ;Og>3wHD$6-2- z^1b&!E^x83byA^!(m?FHLX6m&AeC^|j%s4<5VpwUFyZUKyazDv35$K85^+pe%pQn& zyB0HgNZ5N2_MVVPp2zJ39TJt8aXu>=#RxKsZY{jeEa~JNvzVdqpGe~D`y7rj92Ud`EgvX5?ff`XUJ`??fLVz=cX%@ z-V}yw2}7bD%TnN*N9Hsf0lo$2?9cTfn zMB=QSR973z2(gs(px1mEZ4D#RK=h`@Tof7rByNyEqkn)hm-n?sjXL>OZohvO_%H^^F49uT6$$>^n? z1Mj_u9VBvUV+~`kcuWC3C7Bc)P!zgHQ#)(pz1OMS9NX%czMHf&aB3qUB_QU!WEgg1KwNJ@-C=XGwAn}p54u_KBr0_22hb$H3)hhG zoN#F9rMj- z-lj)&7C#?Si}!bpfr4e+624VQwj15)eNw~pPw;e)4Emb}znOxW_MYxY&<@*#n@H~K zRB^rK_0Ys3t)~BYEr?_Hfk>)s*K%@ui$B7v9pn6vhybZ~Kf$7N>ryQwFkCMEWPjIhV zr?x3&8NdS^_2s$xv!;3{Ziq@ehjQVww6CIBZY^*Q4+4Sf=5qMZh?k9Lk7nZLc zbjt^E!&t0LOP$_acQFPRM;b6$87f8GkiqbYP0s0!g}sfAukmypj~-81^4(`T(BdTT zo>w);S+W=NOg(0Bn1NSY51Sr+5k)P%x54%ao^eKIPf>3_@oOjUI! z9|q%P)g@w2gxAqq;L&-#2vgux_F%EJ*y=2zYJji=B6t`tEv?gyILZxJD4BukQw@i( z;%>$>^k`(+i-cro$=oxWRu>YNXv(pyUYKawm!5uPr8odp-I9|dQe^bf9xR{Q%o^YVh5C`n zlR*t$X{D89YN)_`Xrg)zPyS|4+#;t$!-+p79N0?n$e?(n(Gxz*nKVDsBNsuT?!F0a z-{YG`s4$HSP1EIgDc6+I9dAJTLJ|N{2KsyhiB;`|v>|}v8gL~>qb>(fm&Jfrl&F*> zd(m5b5wl`aDQ$Qg^5NI&FxOG)PG?kXb3Vq@c+^OD;+lthV z0bSnIa0;hkut*Mlc#(2xk!F8Wk@DoHXsFtjrhUV+vsa2xtdSxumfjP$c%_tNvxzi& zz4llsnQgYMlx7C7e0#oo`5w?+TfXn915F1j3h~N0Z;uc9tJjO^rnb?uI#E5p;COE!tl3x zB1$u94;2!~f9wq|cagvB#gWK&x7K?P;N-3Ec8!QAzqj!wwJ+6WjG?-73aO^?lQI7H z;Z?NIReGaL5lN*)v~)2&BdU~iJWF@bnJap5xUSzzmymJQZ7jJD;lj#zi+@qd-CdZl%%)6ZxKh*JWI7w!TdbEjb z=*vxGb^OS|wU=pr^{g&?mv1E55z2x*zXvl#+2ZO+au(2`Hz0{A^vn@+h1m~f+r1}L zwh`q1J>g~gEtcu5wKY_xF=Sc@fKD)yy|1W+IjI(A_RzwZpfK^YFl|m!IY~XdLyqdp zjfBG7j<|H*K+R4QyRD0k{t^X0biMZl2k89I!qPzgVdAM`G? zNdU18FR#JnOfz1`0Rw*bXTVp2=QE5aFaCMR>gBXQ2Tx~cMm_{_*~am{BXmjhvM|1J zJmH5%xbh#WB!!o=(e=*r}5CubHlFfR?)PPHX858hy^aPzS!@Gf+d=FHQ_u9`p zWqZK1mvNGl2Q<@NPH_Y>g+R?mcmYmeHz?<=jGDFZJ-m9#uUj|EyD4%&s!f12CaP&9 z&@{G%rIC;+BtRN=qkJOOk%0Tv*~SSzwsA?Ml2PKv%>cc)cQGjA3?AGzgjT1-@q$wZv+_Fg0VY;Kx zIs~_K$A{-KKpF|D zE%{b^Laojw*%NlwQv(vcss1G-%vMwV3rHepQGzQ|^jap1z{!z#%Z=S4&p1yl$}&q* z&@Lna6dvqJ?BA%hp(0pR^Al73W8kqlM_te8hxDuO^yc2pW#JXY>qn3uLD!ZKSzGz! zcINnTkQ|0NiLnc}6SeZu?F`nD*vv`xUgRIWnI*lZ`nzzmgd+5+OV@bYg+<+I^D**` z89mgXMFpTHeDBDIK>@cOQ@57)+l`nte{*I@vZ%p;9{V-gDhSEYbHZbGZ^!Us zo9)_i45FXu&5hR3A4yICyOVpN7kk7}cdJ{pAujo&YF1R-T}+#%S1Rd2o=96KL9%m0nhLp+ z#X{Hn&f~sj)Bz`A8`~|W`m>bvqm=7%R-m?pw6KLZ^<(Vtx%|KXRunRbr2-e z*S!y7Z_X0^o$E88kilAcbt2SCzFK!t0jR{ue zpp}D?NT~h;w8TeaUGDf3P9xcS05fBzJqe9q8>m;Cx4aYWz)^xAKYc26$mHOmGLJun zHcC_ARS{AsHbZhFQ}9TxLzZu{k|-z`?C3iiq3fx={UQ`|78)L<_vN{1Uw12s{$Mws zfq=g0R~djcss><A=MTsJ5u>V@Ham}><8VCDtQn3Hx z{bHMEZ&i8}Wy|{M;eGe?glqe*v-6rZ?r1p6ukx~YJ3Wkx%->F1xX7j51E-@o;RYHc zFc)nfze?^da^#Xq_a+NJ;RPv25+?N-7!7u|g}3N1`?ZQ5&%^WYswJ zQo$tXg6AY8gfNPLR!i)qYrGH|B9ZN?35f6IdNIZQSNhE!m$-p1*nLzsJGl_hG&za;i`e`Bmq|X%c zE`3fRC+Kr3X{XOL@&`6TO?!^gMVxX^hN(J%%9$(SUocxQvB2y+G(bp&O^XU4ZDARnt ze2My4tPvHO&p)Wox)ke-N)4N1FNI+P(grn%MFUs4)@Z%Fek{rQ4HX-uG*#Yj+a0u$ zn=MoElx-Z*QyPM93i z#gA(t=2_W#VKjISo3-2^n8g-WJjlj$38!Txy}5P!*ydB6VzaKb{~)zEOKQ?XTR}3P zK?6agbNvTVkmO%jDMJ9J|0ejhVfufA^j{ZS^uER*K6oYus$Y0;Uo9uM$fpc#)&b}- ze$yi;QEt6RZ)TkkyqR@mkz4%CBz|hL4wNnxxYDI1-BZVet~5<->DG%M8N`cR^(_}( zR8pSmdfdirm)rk>p<*{%Z4^5VhQmrqgMYh?QBu6U7!J=3_~hVcI=DsPCSmnPHRb6V z=jfX9^pI}j9KG0P5Zh_$$3v+DU4~#Olum5Zi|u-Z`qdx~Dhv=VV%V<3(8lmI&cfp` zxMpzs!MzM_H@N4)?RXq-f&WpLl>1m0JPAArJkP`PJUn~g*#pmBc=p264^KZl1Mm!Z zS=4VBLyy6)WhN_F=m0qG2^*9A1ll1(JsxS@ju?i&tEJa`uwRDP2vkQ9*2~`>z@=@i z5mE*lA@0hB7Xy%Q-H$Qf{`a7!(|%0L8*Gz{YMZ2Do76u++XR8PKMC*q!F7Ub$}>zl z)i}o>enD&ROImyX5tcOKrojxh)fWIsTcI%wa(fsY01dX;7Y6Z5MA`HR?jjhP_H=m6 z2A2zN9=L_zmVhe*xBkbpZIYp`li`^J&m?#zz%v1!W_X(6X@sW{o*X#(+<-$UCW+;2$Rh4ugM#&2bXGFoGh(SGI4Q^GiHK>;or z0UXF(peGi&K`JE)!=O1&fH>DK3?mV{f>SkeyZo;2UJ!J=jz9t35s=7yNF_D^9HGjl zc;Kv)^#2lN@DubZ0PSvUbt1`|o5t2zuHX^ig#k34@g!8F;pCMMVu)`lcvGX$sm)>~ zlV^UZ&d_cBWeA5h`JL{Q*G|z@|B_D8E&AoqDZ0*`>a5S35>cbf#=i& z#G{IQ(6`u0s?0+t@{)(xQU8XDerCyjPAcs5jUh*NhNkmQ?Nq1p&e0RRf-_$9lvVpV zxv-N=`=vJN^?P$@(o4N-k6PQ1S9jr%@8G0toJoii=Nh^8>?92G4TBHXo1Fkb;DsDp z&gR7BEF}9KYlqlDD6pYUKxUYifhSPoY}GXs^Rx;4yj~ z=LmRYsR|!yb`~CKXYU*qrKo+)V_U)wzgSb z+qjV4Tqe`+ts7ayK`_e&MtOlTvw#yKXwh0-1%G`KTH6<^y~vo?eVmlTN)H(e3!ICJ zONtjCWEtgTh+pAc8Hcmklk4eHEba`#y;^!H&Dt+aC99tqYUAg_Z zFMC@}``CNLPGr6jO%vw$+UqXgDnyEoB)u=9?sBSN08iPT0E}|mecJqK{XO(0#q?OF zj@}b;OWox(KDynWfOoR_rZ+{+-oVGrUPQg{_<7$%c){zzd@-WmEQ|nfA)Z39vlj{M z9L(ZRhz{~YCH-{2kYL(-%(TxqzpsVmIn#k-Vt1NvY=4UZ^5buBI#$=cyzb&?@Lz8b zyDehN5vwDiW;7tpW!eMPHwmou=(>sU$K!R7zrze``i%wz=%{SvtS;Ew;| z{|S91?fH@c%CFU4a<4~6p+~hs9&bdb6 zC~gBW9S;;R7LnyY!To0-CQ*q^J^2BpthGN0GYYu*C#uR3|C8_q^dDWTaWFrj3d5&Q z4OJM{JoTN80#ewaxKlN>k`U0(%!HSmijJrjC{BDjPgHy|Y z-k~U4R~q~2u@J>lBwodx$Ch5TFPaK%Ah>4Ecp2vt?-#T9@!8CP5J5hIp=u|7&;=wI zcVKX;a(f*;XlCZ%3ZOj_)b@B#%)-ce;r+p7iW3q|(Czj_pgkB`g>g=|l4$;r9+FAz zTHUIk*-N0|NQ} z5;9B(DyDA@XcrTNjeiAR+u$oLi+N~CxV7Op$n$e30CVdchRQB);NlTOK!m)|CM*P zYM>gWT|C&tG=oBcXnMiDbke7GvR6N>Wd37@S*2 zPLV{E$5l?z^>`Sk2=3m$L93*1*r9J|LF9xKa^P`lh5N$eL$~)&eLSSk>1FM5n(fG^ z+94olkt_EPxnfZ}>?i$fW+^Ak1f9#jLp_`UzsC$-Z)kc|J8cb(a+EwS$W+p(xj+{` zjwY^J`D%RBo10;Dsu$%T+xg++s12S4JRq0-KUKo++qt%=-dr8V)ovC_s(2ZT!91>+ zOe=WpQ!Huvsk#@JZXH5XJ@Cuiq3W(uZHK7XOkUg)B2RxElg0Hj-1C6*L@f1*pa;wK zm_#&=>&t_>T_SGg7$Fld?7_s-&*nf?P`~8Cx}cK)m~n(ua?WRf+CXWSOrb_9=RgJW zmKt4Z!7)*OtV=D4*k#$&Im&fXxn0K zmm+MO)19iQcZrhQo=}2^uJg;i#@C13-6;>-dXN_CV9ltj?(YSW9%mB0N+S*%?mv+(*6avT&~5{uWX` zD7DDxI>?Q$(-T?pto@r8Zylg(*Di1FOl|G@HbU<(JOlzohPHNnYY`}#=O8LBNps2> z84vLQowgedTb*PBn*IZLxJ?S$wAFTH)^_n7UUnv$BXp5957Su#Hy(-{o*W>%MJ_pR z{U<*TGfH+L1X^UNqaOq>lS(>4#~O#9nYC{T2`EQ|peR24Y_~^80*`4V1L&jzh;tCg z+KwB_JIUX+(|*(Giv@~Q_z2l?Qqm!M>(5eKhfZ&Kb7*P%bspPn$auh^v75=zGWJMp zOL6!67tttH^NkAn9=fQg&CFp375u0|;Vnz%mhLEDr1$42Sgtg!jRZH}3_orQ{FJ6? zmqguj~I*5buc>+#~KEmdB+N*ugCYL^Uo zhTR~QEYF6!JeqnGN`jA}S4+vKV&4_+m0?hRQ~Yp?j_~-|9fJK zS#op*YoZIn9Gn3>Aa-FF^np}+mvcb@z3EHM!8ayUZSpBl1TMTN1HJ~DD4w*3MeL=s zM06;RQFlg|z8Y#`XjYFsDlwbt-==mldz@x zY2*vIX2~C;x_zc#UN?orTowI^Yop6;zGa#$H4em$B5IaupgR)~EH`-1i51Fa+RLEa z=p=J+_XU)*$Fw&}^_f9W8ZggM9A=&aDUP-F@PAM3fz)3OpIxOADpl_@GX+kVKq{Js z&Z7266hm4l-%Xi?CUpp(D@4 zHWn}X6V9kwjSQo1hR)Xu+D!)zw~s@Wc%sN>+v$I}y&`of9FHYVXJiS`% z)X~#DwjQVReQZ)UPMm5dORFbN%dOqdP&A0RUrqD&Z#?mOk0x4#PP`5@mRxDG4=}|b zUcU0fpoEWyUkBRkS3-whv))3#$FQIP7ueiN6-AhArDr~-;0nxIs zpH)ZB`gpxw|LLrDcx#2XwppE^mv`%gQ|U)$b@I`8vX4@&?|)BjSsc>skqK#hXVV(2 zRx^s|!ib@&RQF%0fQdY5&!a<`O4g&-;Yp1&ijn`jo3bS9o9o7q4Oc~G)X2WOWqU80 zJ0}1t1zPV0xe$4ZZzj|$`hnvrbSTkO8Bwnz&$9Gbaciq!zKW%p#O8tP8hZ!1$CaQ? z6+8$VxKojwh20xZlZyfhE>}l&ByEr4bi0)^xLDf8FT_*LZ*5eE^8k3{K$zfndKBeO zgaXQ$=>>({Nj}uBc&{CnDFk?W?%IbK4{{LOSXqX# z8S$dtRDTis{|Qt5S9CME&3agP2b77-S~Mn%$741e$&eKcHt(7meunuLn(@Z*Mco1< zW<6@2RD zopp5GpKLa$M1lBT&#X<_oPp4I`;)DExL&;g3uAq$#v&j!G(|&1Zq`xLqac_mYUB@n zZ>k2HC_I{7pzQ+|@8Fi`x2*p()hj@QZ=ht`aCWmzwN<`=w#w7JxnntN`}z^&Mm)Rt z5H4{J+G@VAS6#^rmuWlIn~m^D9#j2pNEQ$6p~QX;CD~+k3HS*Hw;y3INCK%cgiXU) z{s)`y3Cn+`mj6idD?Ic#(4g?&8)6bX@fsA=c{~8T9c{R2^1*!hQRwv+MM$;eO`&!N z9Yy51lhiP}ll%maX|s0}ckiK7b)X5?hMPsxc2~`!ldbXsczf29bR7@@k^rEK0vPEbzX+h<*-djA@a(3CaK#e(0&09o zR2?u=jX=fRLYGyc!s1erhv$Obd_09a~pak`v+?E=F5nBBE{tlF-2ET!yQZ`>C z<7KlafKKx=qxfjCg|&&9jL`44c~~bYendSFAJ{XVeCvrO??a>c;++#ff zJlP{c6qYgWRyX@y(2uh$q7B#3b}z5_$mBS5onc;{bU8 zk5=_tFBflGkU5^8@11@?nMsULamA2{FqR%I1T`TgQ2|uWWAU?Rj(7V0%<)1GJ@xVK z8jpu9(hlq0vQ-r#TlqrYe2V8s3?779tMC7(caGlLZrU~z;?Q$kO(IUfI6bTuHzyd^ zR6iU?mcoG7xL+EEM|LX;(+IPgX_jJpLTl_l+~{JC#{z zAUkN;<9iA8-kJ*e0YMJpvGre|?-W|a`dLSQr?@<=F29G!`O93gN2_zwx z+yO$hyfA22%O^I)piS&C{zUx|zCbg!^~H7+$*nCPo87S;a?BfeE~?xj_op8-^cXIR zUnzJ*>WTC=@gTePLp&u_NS;g&OFe@RoxpAV6jcl1Q0daecsBPvfmyBmOkhP{&ia_Y zslJQ<3@vwC`9$zK2VRlj^_K4^rAt+u?-_u2@VKHr0{BoSpTrqjD!&!ddGa&BL-Kzx zv~5m)Kg2^U8Dsc=$_}IT7~di5p!b~4NaEjg6)YelOjNfVZ1`jtGH_|hGq6aqpO*@| ztUbVvmG5iw-`@{kDQg6Q6?4C^iL=h2OJz5ax4)0G=;W{84CPrwioW@zztKKm zI?$Z&VT<|Xd?8*w*ne`j4*32@15%+G?;V3Kg{LR00m4KwNzE(z`$0aac8$k3s$&aO!atfB;*US_ed0>kMVJ`qqi@lYLKfuTAINsQ3$jOGvrF-xI zKHqw{W|TKuSC>ztH{N3t?<$OM& zu2zZRUu`qQ$x%%XrEy+lgm1F7q*sWf0ndAM9tBh}Xrm5#jJ%n8vjCrib6vPgeh#j) zCCX81>1|j>y)U9k2e`|vsrFuM04SrW0ZWK=h_ej$HO1B+*$|o2jW=C@B4FBk1Y{RK zyJZAqULAj*X>Y8p?$yrmXl+88Mws>&Bea4&U(pj;B4k1ymLqI73SYN>yq}?rTFb+q0p8$oAz-l#fv~0@8XoQcrlJQt(0POa%?te z{O(sM?evH(1J;(B@!otrO*Kwz1{vS%iJ@!uNJjKrC%aj%5sDr+*B%UZ0xPem70M_x(PSZM8{W&#} zoDd1&;jg|V+2rNp*}h05p?JNITPZUXDwXc-?539&QtUhtrF1?`5JIbywE`|6cCSJi z*}vMMUIo|4lXyer?$hZ5%RH8;4h^R^Tv?J(3L!{7s&w_6i@mO!s9cneeeXn}J3U8ADG- z*nBbUWQ5IpsMwFvbiQd>>vLYSiCFb<*yLauj7NQTa~)nFFO_sQmJGDpPa<;$C7O?x zN;=x?irE*_Zbw@|rm;lv+B==Z6i4sK3Q9$5sx>jrydO_IY&a|o>u+IfQH&6gY47CO zI)_q+H?SE}TXA)=nI4A4&&lVf}=y^oVsQlZ~By03-f zIY^m-l)q@V<4ut^TyFBq_5_a^@0qz1+%4e7fisK5ChW|t^;1c|$2VSM=e|UZ`}>UA zn1S1nnvCMkV)L>F0=+r*k4!jUqU^_ojj^jX_2D#Uf1Z*%0 zLJ(%RjUT?%(FrE zGBCd)j3J)tU`0EskzkSlf^q^}SINQ|edKcL`Rj^s-fKSzoDVcyGH~wAgFH={mkXrOr~<=(ti>ekH%rp{NHf z_O-yU|0kdfs3AT7utzVRP>LX%U7U7(AhEU!qsco}in28W4|U=l5Ze8oqI6$^ev4yv zz^Tk^ED4Y&z7DG9W9n)HV+7EJ$e%ckAR6M6{57#1JhNNt1l>*7HGSeGXHBTNk|@x;pm_JMRI-&B7ieB_%N z7Qmz3PLu(B&|cU*h8`A1DAs`S_!|x&0t+nLKzrMi;#aQz0b4&7H2^=tXaM}@yVw<8SflNcl-s(?plDfGRw3Et z(F4e$$iY+2(88a#K{m}MOAYcp4b_9FYb*)SPHlI3bF*ln(a0khzYgLX{F$}qx10qc zKRjrug5*w(RZ^O`I~)UbA8twGt_OkAs=1}x-27ow-A7wujy7@`C0B%r&;vMrEJpeU z8yL2Zv&gk7OOa1dV%kKR%DPY|*4T>2fLvwkXUJ((BY|Xf$#GB$`}u0xhrc-=;1V;* ziT80Da>r$Wn<>8;RtU;XBsN|<0N0aHk#rI5A6IJzIen7QiK~2^x;8kDM6V7G)#||i zcx6a^tcEcgPvNksgEbDBUKoKTzq)*AKNlREhts9ybJhWVHhHxYZ61b<2EupN7oP|7H=*`OCxlVXV22H91@RR9lTGgpa7SG1rBg5uN=Ar{I7>XINpm3 zz#mZT@GjYaW+YBF(NpmgaNV|pa&RaK=h2hG2;{~Axrfx^+JoRH!dg13Dz}vm&eG9i z5!27&(KnX`3;E=sp(^(3Q2yN?>gaJf=Wsc*m492tNwE{4Wgl~UmK2c$5J5b*flNYT zjC7?6dYgKO&js~>de5vPlJ%u_!R7^_rije_nR;8C0q3IrwOXBgHd0JX_1KFm_+A_1 zE+P-LUNx!n$5j+7b;_rs<*Lxf)llzxJrvCsLl@xN*6ATDM~~u}<|Y-f+7-T2T{!K8 z`xlDoY5V8tII2o)0kUjBlh}H?&(MGX`N`8N$`Oe2tkqgL9_m5uyqyQ7~8*2TD*x&AXO-(|~sXb#a znHt-mVzzKV3Xi@9Z+}H`$c5L;O;;^v)f*QAFkX%#D^`VO8y2m?+M&Ih9?Xro;Dr&m z&ggGYHpOgVtrx0Uxz&dkG^m76Uiw{-NAfeD#@shVZaLG?xBi5z2{;_dqiF!VhY6v8 z=ZvSHrMfJ+fVG?vA;gk*DuRLt-OkzTd)<0@%fp)>+nR@5gR=dWzlD!ecyA5*{v0=| zLDFfEgL;i>{?pI^lMYISy~qS_ChJ4VlPwj4H!4Vxfa@fom#*jZsjFAelmrt^7?Ra{ zR5$8=FF04~rU$FufEi;BW|CMDrWE-cxa>x!54GK{(Bl-kkb~K3cXAq?B%(sIEgyUR zO|R`COI9?CrMB7#>rGH+y!0BhF|8>(Mc-Ux+Pjf89cbSA8H!q`{97-hc*8s42_F1C z@I+zeMtp+&G9I5Gxn$MNW$WY^@4VYnnugVVw6*T2u5p;}rlG!%)E(9PNZoRFi!W|4 zq;6te1J3pfQB=h#X~ia(%rxUU>^3Is=0s}Z3at0@l|xx?^-9{;JR=wRV&u3ov}ok$ z^(R{Ys8AO;ilASBmIcf(5icY*ZypI!$YzjLS-}XZm<|uJ23;nDJiC(4!ig(~a@g3F zArAWopi6qGm^WXSF`AEPV=QtDeEZy<+)}sKzQg4tZ_R~NgdH-SjYP@u0-x&5gN`Sk z3>zCin$Yr5WX6(VtPnXrAGmENbiHkO6y(-{JJLZc6YUwV#9WZU-K#gNG@p9I1!O6Go~-sN|~%$7Mfx97_NtjxHj1m!svtBC(bO z4Z=lUD8Nf1Q9QxrgmE|}b`Hc9G|{x9`U4*%9SJXZ^pgFs?1$QN z5L{m^IWLtQD)pJ2)T@Ywrh_l|WD!DLkwWCl5ZLPJKK;El6H{f*L)|DVAzaW|o}C zm74S9g(pzVL@(L?7VcyAz(5L288K}{tM)daj3}KPNip3yTV0CFA?F`clwI1_48U5M ziMz$gzgJSxSsGs~C3TnUsr8YRB-b96qvV+=GJFN-=XDp-^T4`5x|q_$$vt%!v-k;a zlJo@KG~VT%r_<4#ywf?!(bW_`>zHs3k79Im_);?#>G)ggHt1&wH`Q%0WC;_2qMYO( zkJG3fAXi4naTr&!cNkjgGP3wLWqU`ey-OC}GWez1X5R!_881NuC%qDHCK(l>outh> zptzaig?|`oPoiyDM!D7^GBlzN(Z?kjh=HBDSQ<}$@<6C{et~rjRiL&|_bRFh9io#N zuQ=s4TueLebdxQAxoXI7U8V{ScaqV75>f>ahi|46v_hE)#+rL|EN>{*$J?O+dmv6* zq$RIdj)L|8@sl)`Dvjgiw9JyX)U%G!1RN^iMC#!JwSEkT3*4j+(oL=Hf}{=oa_w8b znXG-k!J zk8KQu>-S$3{#P{|33EIUCV>2N-&G(xR1iZyFh%Hr#F{1;8pr1~j@QT%=Xf73!3Y1phYe4=UZCA7_J&$JtbL~pi&*TBYQmIQnT^f5?| zK=!ONLhI5Yr&8Jj-?CyEcB*J*iF%&<&vcs2?|H(^2_5-)#P>i0WQx+G|oAX1Z2;YEECSejE!W;&Ylt zL7^g`u6>JIKI8!E^vc+yxMC}RH3tAzTC2>}M))1RK60g@D#14s-bYra!Ee&~Tfk?G zFU7PE*WmSi+2hQ79HbzP!%2~SM|=j;zN46iEZ}GXA<>H6sA3R8z%CaWn}!E*C>q2; z1*ItDQxx(k3i%X;e2PLoMIrw?p@8YUDNI}my(Sv1uN!6scW(uufSKkE+dM^1%AEU9$0z=PgcG9 z@0m*svme}>;JU!|fr|$rF$LUga0|gzfU5%c2)OOwehKasaBbk;0oMgC0L~nMc;IZ{ zO2Jiwdj#B%!2Jx|ufQDu_YSyDaOc4dfHPiUm?UsFf=dHu1Lp?!0Jv&!KLhs)xZ~hH z1s4D}ascuIcL%t6;Ff@^2Dc5|4sgE$w-;O+xDIgV!3Dq#R~Y67aMQu%fm;O518yC- zdT>vI`z^S?fIAAV1Kj7}0^m|WluiR@1Gj)q4iEi1pJZb`%C<3O_t}_%MIa0>vxUO$ z`@M~McC_u9I4hU0sw^+F@M|p(mh+bK4Xb#|inV3smX+0OS6iy8*RCk9shJiN4!5GZ zd^ukp9%h+b!@z$gXRT0KW?8cq(MMI`R2t&U^@zz$Auc1)4)~u*rRmD%M+PEI_skQ^6P89=&ShFo#yBakCBwNW ziev6fODl3lK_M+TzBAmiie>P}FdM2iz#j(?OccX$@ZjJdeloi!W+Gz%?zUy$lap)Do0C8H-uvb`=HKruSm0V%=q_4R{Jq6XN=lb5TmHa`vhtM= zR;=%LYxweNqy@$f^fMoR=P~Kb z9Z+Mr@HUU)n_E5T*kYb@ke6 z3&X@g<1UBYW=rL7xRP)6%EM#bmFsEU&7nT(x33zY0jE zVtI{a^>QG~<>1fr<*TcBB*n_L%Yh^-$}KsTVBVFh9;jYkz0tA?%3NJtzJjmZI4#Cm zS-!lc90+?2zkCHxV}zxCQ;nrYsH$394I$;rS6fyB@~hWYmqQxxx|+gFQ?XU?OOK1W z)sj7kh5%_hTyy7z^&GxpRgGnNO-=dg2P!vO%7p4wYaX<$fuz=zt5B=ftm0QKuUz$g zntaScgoi$YD3wD@%LBrL@NL<+R;Uigb(&=^ZvoKNYioEY>qF&`Iu@t8yhf;m?y}Od zVtHjHW(GBdINiEp?dmGpb*J36qO$sC%SvI*3ROctvD|lHxoP)avsQSp!ctSUd__5}E+ByAl|w2lyuNO~s=h*HFIO9H!9umZ`3gXK z?V1(k)4qFs1aV8lJTN81Z!m*0E&PrQ3>Vf=t}_&cit^=EDz*rB=eLw`{i?NBwcB94 znb(b1!?s^D3CtKz6J63K$d0kP05U8vgqA zqD3lO&Myb>IJL>I?)25=4-4frm=RLS0>mc(m@(N9qzHB49*rXlMY0($eajb&W8(PPr+=SyTt(Eey&| zCvLs5OsQ+EgIEj<%M}$B92d2rs%m{z)sXS{|Ni0Ga##PG68d*-*tP%iK~nm*fA!z+ zZz#mpuz$Mm_%A&EBVqsa-|=5CuH}Ea`u|_>cWs+i{69?ry1{?n^=}9T=m!7kzvI6_ z3iz-7`_Iac{}SL|_*Zz?cP_G4?xEk`wY-DnzS>7e6~?-)kBIdRkN&VxYLd5kfArY) z$DjD|lTZERr#qhh+0UPO_7~4Rzw?*7UU>0Wzux_u-~R5U-~Zu{FaPO3{`|_Gz5DjR z`j@}H_WFT0np+OG9{O8b`{5%;j~)N}n58{-+%Ga<-nBz<-e>DU0>n(P72Zgbou|M^Z(zjkX}Fh z{}uJ0pFeB$>RC8zz%XU-H`U^RKMTHWgg?gNxUH=0wvAMlayl3$+d*|=(Br5&%*#%Fd_^(vf`a4fH0f!p`<${(l}G@0$* zE%=1rwGb~yg;qxu+ z8T>w%WE&EG_^R;NCJha53=6+B*~Sc@gZE~5zNNim__i>(iWxSha)#|&@fcwp8h-Ms z@DHyFKYmsCLs_;^S?|oUT{oYeyS^QdNw({UJF;!es_bu%Uoz+0@l3t%+vERy{4nzdin&8^1mN2V1{A{EbJ3hF{&DuRQhb@f|z9J-ln@x8uL~ zS3|?E?w=EPtKs-p@@w05^Evm2Z^y%b@Y~Dz^P@Iq$;D7s%t)NX?qt64@Bgl?{MXi2 z7U<@buPLuy&X?z?GiEt_b)|h>`5G8A+8~U_Rfrs%E)T9mtYM3muj2F8R=ZZMd9bov z9U+;gm>jxhqJhCM`A37RoDWMhfBBlSN{}DE##9|^%Y@4Eyj7Lu^OvtK2k7@1JI==E zRIlP!tyo^^DyQ><4AZNhSH65*`8EER22)WJE&_hXx+=>-rno_`jq2HDWz`ht2wnJM zN)^V?!r&}ks0M#a^B1bCp_YT5`E22u3Yv16eZvY6wjeSjP8TR9uz<^T zgWu85t;sEaKzQ)M@@gj(7n|-gohGBuDKMZWeSZ1!D!RzQ{F1(_3mQu(CQd9e^Edrm zYyq6$EH9h8W<_=RYDxty;r<|n1pQqYH#^74FbP;Q_uC!#-U-;amshSTqcj5&5OWv1 zFl;SlHhyWVDR<+0XvHN9zbJ~mSodMr{~@ft7Sb8jxgg{Glr4g~rZmL#>F2FoUZzbE z0yX^wa1Ks>U)3VnYsy?ztJbKEdY=w6v=7d3x_Dg00P=07w0}(iGw(VvikNz~XjNHx zPQ~)-g=-x+V|>p>zMMJu&FKKOzChbS?KKRuoOP>nQivhcv4E-LC!LI`wKVQTs2n>`%hJq2mG0_vrE}g_;UX`yOHC%JOQU?N9adavaO6)M7$QOfZD% zV&U3g1u-NX3hKh9_AUIv-URV-hWY?ZH>GL12%~mU<};)d%ssS}_d8l57qmKPG)zwA z+8T{JFxymW(eTe^eil}m`vtyA;At6$Kov2O*z>~r{6>w-VW!!PivcE5wY<7KR9g2? zAHcc;aSUsJ_wwphxKNSJ+-F}f-#!oYg0f0bn${Q=09{jJX5Logl-<8l{k~B@sHI@} zfU^gAPc{!3Js|MqHQC=hKK|do|M|b>)a=kx7jDvEz7`hu6=IEdtRL5HD6i zGyW)WXiv&%&uHx#qlLwWg^kqW;?tz1Yu5aRfg7$l^q;8t&(OZJweKA5+o{D_p!vJB zXOWhEv6gqG=8qFA7I465>D~6#8m^HVe4U2#R_*zS7A|Vx^;$Z(;SNo4exZHu)bM#h z%kS5k|2_@BH?{D0weX}UwJw5n7OeB|C-cAPf4%VkRru?L|DXG3zV4qIZn^H?|0vr3 zZGYEabWp>uKPmn{i}!!$-~YeUfcE$Qia`E-k z-@KE);aN=u@0Y%BVV1t{dH;@U;m>q@(0P$zZr`lNto)ZcXP2Xe|L@}6+s9=8w|?uG zYjMTky- z?8N6jv(d5mC3vEI(Fo5G@LU2WL5P5jw+EvfTHU@i7Cp?kZ&cPEWLyyC=bjNpdD1V_G zh3R6Mg6aj*a29aM;F7>4fHQ+Lf@8t?{|#*dj{IAN?}TRuxRc-xfqM zovww~i~61ZoVowC_$Q%U=J6_B2mQj|v5yaEG>^1s1&5p$=>l)&z=K)e0(Sx2Feq3W zxcT64V@fd2EJl@!*E7^Ej=?jYa3}e{!Qtl0+rT-%RsJ6!0RCroD*CJb4BB5Xer2zX zDFe3z+`?YlHT3iU0Z>Z=1QY-O00;mfnNw0t@6uCx6aWBUPyhfF02}~wWps6LbZ>8L zb1!3WZf0p`E^v8OR0#kB%?vPL%?vPLb$AN^0R-p+000E&0{{T!JZq2RMsnZhSM+(Y zAhpo(yxIG3P%?p?^V&X~9}C+#<1iU;I8WLb)4x9^8hRJW>cr%{&tdnu-_sr$7o+h&wQ)v5~(*!1SA zxA)XRU6||pYUrBo&OX~rT|M?aAlTr{b>FtK9-F>XX6m)vR8u>yn|fpzJH$Zjt6^-a z_Q=!wq1tQge5Y-0%`^Tgcl~;5D58 zyJ@J91Nnu}pAD>iUya)(Ty^WRAGbi(<>#Olaw(d-t_M}>iEAbEl%FkDgyEx)KKc%j zi@WBX>_jjHVHQ=lhUq~eK`9uG5-d+pOeHFTx=~yZvK6qe+Tr5pl^(}b9Bft~&`SK`O5#48-CWHr=VvFQgvPZKjKJJtQR0ob~q+O@cq0u`bY z@2a8cCnff6RZEqaI>pYA2AHH9+k=L*)9EEGVTyK=z{yQOLD!E+#UR1Z-^sPeWpP)C z^&}Cee5fT4x9EV@bu*x?z5`@x0z@DST;Xads&O3POOAE1DD05GYy`>OLno?1iv7^< ztGjB1SpkK706m6lv-Sa%a78jU>O$YKhNIp3wmLMo(?}Lo`ac<~(FxG;UKMy%fQ!TL z+&o$^WV0dG7^p_!a|g7ts~f5YmNxeX&P?!={dun6&y`sBz(kx!J^+Fu6VF9NM?DP# z$hBmq_rrln2W74A*ZG2A;CHZ8gOv=9?*Oc5Ms7HU>=+qR~@+w6sgp1r9Bh@i7*}_ zSczf;k!2QLR)DwNRb&3*McdclUh)MS!|kDTI4@mZQ0R0a2NVdf6ftkS`Cy<13pnTz zvkWF$_)=o1+=$~5p?SfOLtPj<*3}41tdOhVCvOirTv|0g5(ryR+AH=sUoz;m9kUW& zn$Za6ba_$}>Ltr2WgUx0e6zMjypLYPWpFwEXS5%pq$UL&f~CrN9t@+bYVLWVtWrm= zgW?)Y=c~OL3AUDm!^%al1h8bw4ghA4HE$x#|WgWz)*r%M8 zGQE)lDn3Yky>1Y$YH3c$=`gg1%F}zn8@XBq6ljexdRLJ)Ad*Q*>j8{-LiO@Jae#B> zLy;ats|*1CzhySQ@gTDU<1xACrC__|dP8Yj{Y6T&@F(ENX>1u2e>>&Z@B`@fz?C)-a?RtmQPyA4(61*&N(c(^u30k_lfRXXH7ZL()i#x) zjO+ae^Wqz(;vNF8t0I`Ust~V1=fP3`)7ZbHxW2#Dlzr2W zpoBNSzd^=8^n-Fz0mG^OSTnYp@`mW;1(Rfkm}1H|%BE|^vdooiH(^*k-?e!n(Cd$H zJIUZYk(&;Jhk3+t+Wa#1)mXn+G^5->;t<9Yo%#Dn3I&TA6>=pH=Z(hV2lzEMoe322 zB6K1XVApJqP%lN6Eef=leV!HBB85&}`G~GP#MWHg2w+-D3@|8lI~?eQirWMBM+oG} z&s@d;HiiQX6bkhC6Lgmn+@jSe)-^>6<#8Ca&Uh$+q7%eS@a7E9xgMJK4vGleEHSQ? zoC(!wp!R>+?OVBnh$7diLJg|29a^n6Sy5KzlfLQ2YV;Tr`k7KyZW zp}EUSNg>Ny+SI-6`uh%m+w&pJ|=bEYwO8vvA?l$S@&sK}Bvp zhOs;#XI%;12`3!lwaGi?NJ83w7$!Lbv7YXTXP6_kA_gIuGt=@BL^{JTCYT=kFSAcE*T_%ED{!^z+yU1GnDpg!YjRc$ zPM8TprGJ?%v(VLjCm{|fP->+WqB1#p;mG=%u^t6k&S=VSh}ssh$aNj2cncIVwgnX7 z2-7y5-D|{;&dMVjGFz(#;Yxf(TW%OTy=m$#TtJ#TIFp*Cx_V{4FdL{`Ai8!C{xnMv zda**grHYP?pu}vapCE&&DdSK11E$Wm-MlyoS-j7cA0sLRiIlg zW5o|H71>EScdH6t`D3#2L%U2c0WAtp;aJ|Tq4L?|u|JAD!Cw6C(o@Zu!-{riy&g_J zgT+tw?_G7?se@~lR(K56~cOuVTX5h?62srqCkSaUr7$K6i(^~QtuC{hwr`xZzt28?m zal!|J*;Q{PRC@z9eq@XF-hLWg{)uHd20O0$98caLCPboO2v-%=ukcZHu~=u0806B5!vU#x53qS%4V)KLEcVT$o#oM|<1qRQlOe6t_X=Va5GS0$=t#{)FuUgrq(74{0X<%Wco5#&Y z`k^BNrv}s`1NVuO=-dJ`!kM4Nq^9_(Z=zNeg<0y=lWKG4EReJ}hb1lc6*-{+tARSV zq_zrU!h8`ch!7?9iNgM9gq=f_W=q$t-?VMpwzJZ+e4L-x@28rD4k?S=Cx^r%?3$^gvkCwondy*_$P9CvshdrOp`% zT8ZOn$C!RKqBs31WALiLx_T&0(A_SE=$I;VeE9ff3bWxTcX3eG4|UIC1zY9+i9NJw z*;8V40c$@dZmi?}S5aOF=g6!I*gw}}Y7Of`{gyg{!i9=e_ql=q5+d&y)B&=L$|WoS zDeJlmF}u(AHzWGB{UK8OPMD)cv@d~4`w!8Zfr?$p(SR~$NKoHzMj z0TG8P0hXD?ymkJ{;)9Dr>qlDgz`F+-ALqfCTe6lv}{J%CcA`urzm>vymWJ07Ie`N5v z0?jhVs9hPE%7*|+{@ss`UO44e;sL3#Jl?@0;J8`2P`wsB*NvX?2s=e ztJAA5HKEQrGFpt~uYw!G{Rimt_y1vwrIw_IxU{7mO>muCm&`+C2~I_ z{;b0nBAG~hp*&~A40viw0#TD#eBiiqY+AW@k(24}`_F_Z0$G?-F+>)^NYxLqmGA`Q z><_J7dW`aB7~1vz1&zp)c=0Q;OdgcU30NM=qejRt9}ms>-OEPMA2nkx+Vm^Xx|11h zEad$BB;7}}o zn&r*P}V>Zr_(eY4~4wD8Me@rrIL zk@V_CIEnS}2Dihm=9O~s%M#D5<p%Qd*ecSw?*-s_U3yNPj>Vv2FT%m4Vv6d)i zLU6g?Pj!m%Skpj4#=pHGRJMnRLC+{Eo9=|v@#hTFdFYAUTk7=<>to#G9&`a#qt^fL zh{f+bf3mu~>VuBX(dAM_EHjL|JAi&h^a$3$lrhIqYxQad@)9MkbD0`}$vi&nVtDCV zWmlHNXtw9ci9u(ouN;5ii@tGt zKv62c;XhRTYcEe;C=>i_NFnPg6FR9k+L0t6YU#$2CJsH}5h{PKnw$&XrEwtlvn9qy z5zalMxyQphUOlm#&3+u!Bas3#cMC0m%iP1fQc^u_qRWm7OHNPb0WS%K^jlphpHlA(<-;iJ@tknsn}Jql@9 z2M6FA0%==cW}^=->w~x-j|>bCi6QcZF09BB)pm1tjfURK&%A|yWk^#agQF|4ePthx zvjNss2%^UEyp_ry4ypX)k)afcGgOyNS@shJQF)SgvowR?K|ymR0hV@ThaO5sAv&(8 z?t0<;X+undg;&x*8m{{FbEHYMTF-jQ(~WKhDmozwiPo)o^xlS~k^o-bX@JiEc*kkIbT6vF?L}L%jR=ww*aQWoVQqUSyB~y689(*zu9KgjW&HQ7|GW4P zEs?r-u&trM-ZWZoxM>AESKiLf^X(Z6CliY?ImCqBqufYlN8OBP(@!lG~!AK8b2Op2IsqZHQGr$rf5A#Sg>3<^WWr!AFJomD)t3#7ZE%zzgq<|lZAS@fsC@Q zR&ZJ&xqfdoXVNrK<=`>DJxX6zZY>22UjiK9xO+VIe>F3m^+dXu^6+~ZUdSSYRbj~b z_E}-?jUIK)IUu~(J9#0cU)Tm&$G4JaoE^{xxpJe`Ll0E)xWcq7#xpnvbp5Mp&O9gP z9Pr^z2z8b*;-vSPUxF|3aul=Sjxcq@+Lb@6*m9*TVdG;DSRijKC|Skf&gUa`H?i%~ zj;Z@SXm+jh!qwE(Q>_$47FTWwFXH8ejbe0O=JXJt(rlh5@%@15gC)1 zJ-h15H%;z2mxNsQ-`^J)IrNblN4d;}>3CcJShQDg=aH`%cU2y#o-m%|XYwX%5svGWR}dY=mWJrJhlrnqRmYpJ_ft)|dEh1ol_yks^4_xx%Qu~WhRw+KH)cOz z^ZuF}Md=Bgw5R<(Vpk?|j_nybNPi52MKq-}6p7zVNpupq{c!&B{A*0nOKBn$A0v6LnS5Qja6R&4uYuj;%wYDneBE#$*>5|Ip zJf26HF26>*t=LbhdPae?-1+*1I%aR#XHcIm#ozW^hT}b)gmy3$8?*|0`^)V}0T6(SixtdY`7W#jEOlM;!O9vNv z7h4CL|DThotmfbf8@KfI2m|lxyF$AF#GDk(3?p^$fb6Wy z7Ttbu7_9^&%@VB?eRzmwvwsnAkl6wDCQ5d9hkXIIelDOo@>VK3Q8{vv6Zc4UDdh{K|eYSD+8gWcZaB3uyCU$WsAsWcdAHg%E~3`*DeoB3F(C)Psg(`hM-O4 z(0=!+_(Jpg6`_w={J9R+!`)ES#RXf-NJQPreWlQ^pW&C2+tX&Z9!8a3ETm|@f zf*ExuWYj*uI<9kkHJ6#CZ3BEeOddf8=UAjaY|r>$*w>)MgPW^X{Vv4v(Db4v#O58Ev_J`{iB_{0kI@ zUR#6)CgD&MOJhx6!|4ys(s6_8ANCNg>RStwR2`KgH4mL}z7!d=r-KAGS`w<>%48m< zuQuyby%0k`sW%F3bth^(r5LUAt7Pi5{Pad#?G<=(On}Glx9X9OzsF!GdC5XLihIyr zC!W4#lh*=sRrziD3B{JV2VfhP_S8v?`q(b9@~#d&7#)JkzRxmGYgeRZZ-NOY+L>&;czwVGKc1sD6{!z%(*4~0p7IAKjL&p zMG1;FYEfc}35})0vDK>v_99W027qfMWrhO!Ap)RWeB5jU`=iNF0oZ2?j z2NUTl&-|!Oij*1+wp^MTO=yxJ7T2;)fJdbZqW(%}5j>eBS=Y26jhhM}2wAz$-mEX9 zc?2i*G_fG~gi#?b{MrB^G(Vs!R+iXd{=69Cyb<7REC0 znL@fK=Z*|v20d8yR9`lOB2z8cdd=AcN`zKPd&ngyGo}H~bXyO7HE^ z9&HBqS0`(y7DdnzGe)MFqP-)?X=xx7mof!=0MAdM7P@}R>ZS$gaHSFGnXAHNhZ7O1 zx(FNoe4jSt!M$@lXn*Hli??TVNS$#CP~Ji#Hvu6_vx~=`NQV(b_r}vdQ75y!|ep<|2*9YKO*@!mO-DM zo}ypp(^w@GOl*G{S+oOz$XiXpZH{7tGSPiC{XXZZf??C$#T6EI!GlxIyqqSPaniq` zXZX9$0uY#XbBv46_lDvy@Zi9~G<5TC?^c$+r*SjE*(s72TPP&%bi2cMQ$qt4hj%fm z@hF;|;=uEE8xc7gN(ij?0yMd*P=pC%>lNrtXNP3|i||2gU@BjmatnNm(AoYaibZy- zbJyzXMH^6tzeoLa{c2g0`pa;+E%WYlY%NGz-xh%pz=dtK8OlXPoK@-F_A#}Q5_h* z2a=>jMvewp8+OaL;hh1+4H8x(9enGF!nctzVC@8y+A30)&D-PSCxy2;S z{093tU!11nP5&4WtmNTZmU8U@%HcJ=ASfGbCCGl}rTnv8jM-ImS|OS5aw7Z?-|R&E zRF<~tSsI$5Cu9e`#ykp~7}PO%r4@rHAPHTn>sM-AklPtn5w`DPGGL;%sj?h36;Et*{rB4_=L7&DCE4r zt_9AaW8w0&r?W6ch|A0mJ}kSkETOh>nWPWfgFkGxia97~e%2As$8%Q8V}YHL*^jFg z(YNxIXj#60PZ)#1jx-xRt;t-$(vkTTiX(nx6h$W1-%t?8$ENYKr?z#?&9{Ss_yar9 zs%k>f98=pdg_(lTvzS!Z4_HU9;`~t=FSn>F0l*Jf9WtQANF@0Gs2D8p*2+n*9CGXs zKaL02iN!R+`~FJW4AC!x8E)T#8<0cjlua$~>TvJj=z~~8xo%tk4TS&UF7-X4;7QP$ zH99<&^26`DmB?|x(Rp40%Wu;wR15Ugt6T30%2G7F`lj(`H%7Evj`mwF{BF8qt=rn5B>Qjlf;@c20xlIAbu}??&b=vmGvz9+u~%7o=z77JKs>8tpbXbiH~C#G%x*bFmg2Z5s&aPI0K} zdpL48`XoArl8JK{lrfmbZ0z6P0>o8_2T0F&Y}>61zNBUT8^5H!YH^-l3?yS;+1`NzN1qA83&&%qYI6PFVR-XJF1}} z;%DQbIRDGXrc7o>Ag58^!h7XN{2?0bFt>!`mvaHnN39Y9J78swuMNbkfsVRW>NX{u z0&18LEEP=AV<%rIuW9Z?()JdDvPb)k=(m*gCleScYSR(=$xsubTha6|JF|m7WB9NW zD2Q1xrJu7uY+OtIvp&wexwVPGOm=S%4f1 zQRm)LVC3u>s;z^;PKF6-F@ut^ig)zZdP|SmU(MFt9rOYJ|3?#aR3-jh2L=EJzySb^ z|7rqL4;NEAXG?p#{~-xtRR-d67-4%J&{kTI8>AnAQcsrb5LD%tcdDRG`(fupNTmj+ zZeLu1g$r_pJ3vRCn;$-Hm@sYmG^U0>S7WR0w4`6!EkYlPF%}xdD1N&{uULHyVKZd+TPoVujk+ zRP)5$?aR4LU-<=SJJ$?S;uluim%HlBm38ewsv?M}cJI{llD_EI`yko*7+ElcOnDmx-`}L__8F+bXlT$c-Jm8 zl+whMyfo^gK$G876MSd+V&aYxn#sfE#tUG<#O}cb-CbaAd6ag#k5dkpVCi7744GA) zGyEsZ0JD;i~Rx57EJzm@MyKKtTlP{u>Or2Z9cOxS8+s@mx6 zt%Y+P9bpDq&~V0g!(G3F{8v5afvv^n&;tOuc>n;;e{YI|p|Q20xv9RTor$T(|F|tR zyw>iUZArUNGz#xtlHAC6Jd$0PViVItmdc&UXF5=OF#w1Ojw3!g8!SO8K1 zC8>?N8B1EEegnoEEZ9rVnUUuMuIT#^GRu*}tW-rGJUTAvsBB)EBGT#fxWkwQS4|Z* z6z#%3^y%MG97ENzxn|S##Jwl2-)!-qKlgRttx?0&(x>m{S`St9Q8j^{D5_jGbYjs} z8qFi*@s=6q`_$AU67bM^_EOkzuRHD-}lQI ze6pgtrOpM)iSg@)rwsVI-&JAvMOxyT?|I>-D)pmR#|Xdl__@-9K`(gyv(-d<$&b)2 z^FktlWMeWT(0Qkd+0^xS@1^$mTRQ0nMY9~ad?tR@07GOI<)^=L{a=Pcg$_Tn?U(ZW z(tY4eMbV>VBX^Hche0%Vr^cg9%}MuERaK@#%HQ9(_|H5^aldW@2tk;F|2UZG(fhAHOxv_{=q`j$qV}%%gsHIpwYk-&}C4diEQ@!Nxg0JNvubU5-55ew4pl9S`sR z=^Pq3d;IPAxaazQoV~m zW7p&7fj&a1r`$+wH|Xkg(^usB=9)y`QL!K3&}7k+;oI)~j?@-xxB*T0R!qRq2csYK z>hEu7d+2bM(Lj8J|U|D9PqgOLD;neq2@{XRH;Akga$NtII&S8ec_J-hk*qVhEy z_-F~SpL~%c{6kyIN3b5k901!{l-!Q7ki|EP@(us&AgK?HL?1;BnmQ(4va^pXKA4Rf z6IY>I$!M1q+(=1-NY@dk0t0T|usHb-t9kmV`g-y9a$2y}a5%x|p;bQ#t7tcJ{u)fA zRk$+F_&HAB_Ea@av2c&;Px*VF`@N@vpSu`tEgNxe#yUWhF&JzkY-2IG>~DDdKzMwe zpC4!#*IdJ*kK(Jba7p>KI^hE4J`B0MZmSw$OjRj`6#j?#f|iQ*TPP{;O0X_ljF4BezX<@-5xDvQ;aA22f;^G1e&)Sp?MEE448{ymhgg5I7#E@eP+s|AS*?0r3=XHS zG#_E*Jq>rcE|jMg=+f%uiHYk>wkicj%Z^RhyP9?30ITH{`eY{NEChjK-(_s83_ocG(g9}|lm7Y80g?d}8r+bC-)py4FpZ*U zbgK)Wh-Zn8l-}{5@v@4}2t-sYSNL7u%SR?B)^BNDjZ`@r;1U5pNf2E1y3o92I+)8u z<=&%fKp)5H`fK&suU<<;7pK?$8-H)`+i6o>_?iPWPlq9}2Z0>EhHqFz<<()&IZ;Yj zL?RI>NEPv9Cqh`!PghgSp_&kFV@N?*f;rTt{KIdx8@#{<8|BhzA~Lu%3g8qdl}3^1 zW(n_uiv*SDL-zS4fKYa8B1pE>iRpl>mf$RRkvG~El$CEbW)hh;Q!?ih9uM>KuChmC z!fZmB8*yDa+q(MWN!f#-(^MO&dQkfKfFRjOS$Ow7r^?j;b_3@XuBZLJgZ< z$I}nIb)49fO;XX+wSkHj0fF_zXExiEk#g^AbZ!fSoAPgQ4B+nQ&$$@j6$`PCMoofZ z7L>GT!>CJTg7`jVxfWp6BeRSs(8@Fjs}`GWMx>D+RU2AXI*hbbN8=C!yi2uAreuiY zD~<(fY-N}yMGqCL&+}?9 zc;}5W5U_k#%RUnFsR9d+iqeDj9y8SyC$xVWs=%~+kMVG5H5vh4>&VfN6OSPG^nPJQ zFJi@?;Ary5m`;DP>NO`PY#R-YRBZz6nMgN4_os2HpV3?*uKGNKaiy8E0!ad7qXPC5 zwg-|s0sbj}_K z)aRY|gq(4R=Ut$3j-e!4iYPLebpGrb32X&awZj}ui2z|rhTzIRHuj_%gN_!wy`>%F5ISRX(Coe7+Hxilq9H>ex60;~uJUeLT|uK&iK!^=A=(v5 z%2}64!&yXQKZngDrx4c%#-C*eidzqNuhFWvga?(y<)aZ!E|Z(f;^F1D9V>|Tn+ke! zX{5SJ%!L3|CvxGHSWjZ8-a(V;(cglOjHj^dbNs^8T-QJ3SHWg+%*KV}v$S@D1Wj0| zZiil?`MuRErw37=>@WCNxoQF8K)AnNZq}?9>pSo{DKi0{4+uWS62Tx*#EBWmWg#X| z%U!5c@emfu5A9g`Z*B}$C*#J{7-mU&un%`Hvn*{6-)oNq+HiHV)5!~dnnRf!>=ZW^D zv0u1J>LS)`1vWV($5j1%5xVMNb%5?5A~mRm;fjn18`vo{59mgmi@O`a!0FxLn0y{@ zX&<7BJUPM|$#Vvup}aeN5ZGODIU#F5z9#5p{ZJ)ge$Z-_Kp4UxrQ{jW9;kk6$zY>m z%T+_X5QQgdO6JKkIbatQR6Af`A72of$Yb^r@?eq?mqm734z~373#!a6cItgun29Y5 zN>}2%_nNlO(EJ|d5YHZyr0y+kfb=goTgL8ZZ)0{p66Kg3qbF4l58V|psK=L6YU=sg zLs4ukKxH%~yP`KJIlBRVC2*h`tcZ2;@`C0h6lj#vuOx~=5sShQN$XStR?x@ho1FK|GZT9*o>jdXUus829 zwR5LbLoA3hh_%nn1H`)+`r9L4lax@vkJh-A4Ae}M=`KqKc!i0wIT#Xb9G6Moc_Mu# zSIkPWK+gb`{b&-`c=x~O3<{jEg2ytM_Dp~XkWt{(Q;hDNvbb~!pln(!Rn((*phSkU zR!_V%{9RrYT&wJIe*+^{clY-_uX=u%lUop2MJt=YSBpNS)!dkM3;MtQFmt|gZ45F7 zffl{xOWJ+MM2A^=a?6fEJRsJ;r(7?W%fa?caoqy!0*~PcdDJPDLgobkB7Cx5X*mhx zAaXE=&uFUboHdQhe_S0o2Uws84r86UW)hH*7Jr{Bq;2OW3ImCOL0-+f*DUomE>BQJ zjP`U5Im5;r5?P3G_A_WOBj!9E5he=m1y)qa)|oc65|kVYgYjmt;mp0&dN`+x+PeqX zGQ-C}WyVkOa)w1Hxz)^pJ!+Qk0#dmG?lPw#Jf8V;?RJ@MTt4CW;71Aovy;Av$7GMW z`E%9At($kmdvujrdFn657%-YBLD1b$#74=K)GumUM&UTuXen#e3KruUa6(CH_9y)E%6N@qVpwfTws z+u8GT-B0J!zVq4h9)`Qwp5(<}s}p?w7j7#L?qu=%un2WU6Tl3~PjGF!N?fpuytP9L z^BwER4A{q3!E>Ax7G;3H(=XqsY*El@4>(4c&22W7c&L1+8ZB1+b<&jrY6-!KTCgy$!y}_ z{1x16nxt4J( zV?7~`BV_2=cXl!n+F8Pcm)AJyQf!lJk3A(Vpxi_pUvj0IiHo1K%>);1i+n&)(xV}cy5iaTM4 z1cBJN`JLf>)lkiX)mvRIruwA(`<2dTJaoAKAEro=k(|ys@xVI!45n*&G6a6FRK+4G5!nLum;}v6AIgcHtPBpK6 z8zp;TAoqwJrnJ4PAr|P!a`9#s9{vpuE=;s4d%Z_18rjMoBMVn?Pm~t6nXB#L7PT5) zLR&_STR1&jsCGYD714oc(p74pm;>geS(?x%LuJsQ`_6R&tgvP_aJhU}VPll=L*d6ZiD!A|dDBvmajfr1DcbcUdaNW&tT*u^%<#5ig|A9V?b z&NyHd(^<1AABt}jtYk1(Y0ZWadaC1efy-|3pt*NPXevr(+BUiY;sGX>j3tJ6snlAu zC;oeb?HuDN{lIjn5Kx8-T_f1r67^jmCIZ;jxC=$XZM3Yuv*m!Wb+X6@WD~xVRRIm0 z6QqvwmnhPco7B}o1%{{F)(jvgS*x2$qu6kd#EGu1uDeoj!5`EFaL%N^xU!jgy1W3m z;RXv)lS-fT*sJ()2GNLWiJ2GB((w-HAQajyjKJ2sdJO2%{>l1dCiOR(3VR6S?&=lO zc^;FRwDCM!xTzqGkZqB*dv$d|^=Y`Zg{2}#av;cF-=~WpEm(+_kAU1s@*~v{)hFO2 z(ik7>h9)5!0hNCFvNuWp!mMyzZB|pK11;zGvPnHtN7j-!n!RdVx5^s_%sOHwG$fVY zor0@z8mw|M9}>WI^7d1bTo1%Ai&^j{5NNWa>9^j_K&S~PK!q&i#`6v$8rUgZ}m_^^H`i!0#Fe>4lj>^I+rS$ zFczZ)3|TxOcGe~IBJS9tU}VG?LiQa025`f5dGYyv){^O+-aOOswk1j07+B**KC)#fV60$1mJt%!ZX3aq8(>f-#c zoc9jsykq#nKTzO_DK&FL?2)zz_V2NKcO<3xdES!sYq0Vm151hBV-o`BEb2}{105H> zz9WD}jZaYEcAA}rh`6)!PRLJ`G4tDv9_N{CR#Q(Az8>`?kPCJ>A8v(RmG*Rh62>I2 z?`(3tX2-;fxTFNBr-oMtu?o5x{@{IIXJhNn;0ob6s?P3Bxlmy51-nc~67Do-6(6*{lpHsa`(d?QGgwzYx>QSBQwQBJZ&%Vn2Sec5`$G(m{jit}X$=LD2s( z(_S#bBj6?uKWd`T;f{@CI?FH?TaNE3{1L8NXgWJwr2vap2Zv096>|ai3)_m2{UI># z(t=N(xQ*ZVnx-=Rz#w-kSeXj}9;}xnN?hCe4X>HU*zF?z zdy0j>P>5Wt9n&!5fLv>Lg+k_Vw{ulk1S2Ae2Z)Uwc<+NNT*%cRAQg~UKspZs6DJhJ z(bV|>&+*pDMwd&NO?_Kna1lF3ny}15^6z2AHY{!gE7;hH!FBPtFo&bD;wrZ2+437W zavID?AcH5ceXEW@5|Pb2IyXIw=Kd2C*F;mh@L_z$Ah#~Au94ZV8Cd9j20pQYtnJV{ zw)z(uk0sbR?Hhe6@8o14ZQOQFt#EyJy67-^>Xn!7@R zy=@7^c&OQQ=le&rMfOeF=dZ&r7BSy!+5s(+Bpo-j0H50ve;S}fiNYq@Wr77xjd6{4 zb6^`G=7WMo-86j+VzT^v_kgw}`>S9k`>^NM5zlOd| zBD^2ZE1HFxtX`tIpMhYZ0#evXpBSx$&;Huv{gOg{1}Es7uZndOq5jpI9MD;x!tm2~ zQP%g^l1bEwi`4Y`af9j-+J4HSu za8h%z#>(|br8d`c{T8v{gDKqSWI|q1y_w$o->2ZW>Fn~?gF*V3F33vCX%ufzvu!X- zG!i}nEn{FA|5^Qx=8Raf&}HvEBvvul<1E8E_QS3r@I=7iK+R*(mGC)V@QffHuLKJe zQ3+s?p9%F?z7g7~Ct1cAfg>6mfnTX8kWHrFz1_iQDFFRkAqZmtZhVQ3bJ zYSVB!Qk6~(QhgbH-i4H|S=9qiNOSC1Nwu0UCdt&Il1-Q9pg*Qy?kZN$7}0)Ogsrui z>U2W$mkzRrqiax!!&U zyH?-26ZAtch;zBHlIi+$R2$Mlkq~T5w8{~7a6Mc8o~yu2>~qR-9u2b{MluX&pQ`91 zIIz&c2K=__zi`cN@x)Orb=v~j|BS(Vh4NN=x$9fU2~aj_e5h;Q1uJ(-p~ zp_W?H#_A0}u~2u=_yaM!n|%Z&uoV$t>9biCn&z}|98_uiNe1&zD`1(G1jj`3D&ncZ zUmO~dy1s(T);k7>^0K#!XRd{fAtQ((P?pNdSU+_C&0CE|x<01=veDn!k@PJsx(_rs zYDcj!2ZMl|qIig2VcVVkZnI?vcP4D3AJ3gRZutC8F$gmP=OB($M%P0h(H*{M<+avc z%^vbggV{vVt9FSF|JIjtgvo5`SFd@N2S{gGB$ zcKckiK&|=23sc?%g5_0ZVM{X7eh0XJY!((3i;p`SkwP;>PFm}V@xITd| zud{>*A}zybhgp-2tqmR1e2$x_j9A3(i>G9f+35^8&qj?N*yx-)_LiH~!O_5`-j9uA zw4MAog?C583z#2gozev<${ZS?7^~U;GCYmsspV?h6p3qI2_TO-?k|7k2bO9t>bKw8 zl`%e@oCaSYCAD_J!6VFyja>rk2K60I3<(%p&|H+8L&y+kddb>;2*8+3Lt(@}^oVI4 zHD){waqm^8@H7QYmKrF4nuEUv7Dn)Sf^6BZp-#7MMTQ_Wt2uY^>dT0JGPB``@T_h& zDPTPSZpk_GjnM!q!9mJIrOM{sWKUZ;5(N6oi{G{CCR&?!o+QR2k#8RtImfr?v!3;3 zu)8q0Qe<56hCD7kG{QM|pJq5{GBCD=qVV!C;x zEzYvN(z3K9e80jmd6o*3BqvBbuQ=i?&EppZE|yYrlw7H0{aP6$bJ(5dH{G>T4D7fH zE*C%3h4p49eIxic5in^W?1tW?pt4-aDwat-$UAQyC-WFAUHi{TBo^8Fz; zkFgz|o3SxFK!Zl$8jD-%wjDXkp|PY`@|U{A}Su$JFF8w)G1mCjm?E z);wEe%*GV^Qb5%QQdJ^~-PgnbE+3RY$FXy=1C13cpJklzD=*xbleG3b3-r7*``zb; zQ=$ad%;~U;+7NY0ODhOfJ#}{UM!WR_wsN<~M#Gw)jcCOq9oKvYvXn|`WalkgXuyp& z{AAAA%EGWYl8D_#HCLQdV;<{hy&P1IrwQu>im*brHS`quNWs#uAUvZQg5IGfi{`8v z&VVJTh~t^t=;@4)$Soq=R%Q754Z-JXB1nKiNcQwXG&wRmM*Bm9!qXO$&@fW7I}6GI zb+xLHssW@d5FP|-E%IQ0jUY}rEQBe zEDz97kE!PJV<;iRAp57j3oQB3CtC83zuZIT8gTvVoc~`xX=9Px`M@Z5UYo%Y~~#%Xg>VKLM#>Gp2Mh+%!T9-pMqAT;`w{aiIIwA{uHCY$fm44;)win` z#9zvfZy9+CW1e**w)C#7QqbgYn%k9yMe!}*m6oob%dqmUkO_Mg_*f?`3~Y3`r0fNI z3EE=@9Zo)sp?zG_7v08%N^I~N=;;+lXkp8gEd_i#SWM=+d0s(g;ui{?XIl1nqXdp} z%J7$G8}0B6rkZz7g7BUl9 z2C@j1T3hT4Zb(d6_#!P%>Cqth4eX)JyS|TC;F1Ru$J>3zocnJ`IX-A1A(4` zLyqeq-B6w(M^D;L)w>`H)hNN_66tD2%IzGChIC&<$T7r-Ivo2RqZ2Tg$b-X*V{F&>kc@W4=$1K5|vwF zcB^unRd_n{n?%C)IIc+QeLa*5`RRRFFT3`=n5Ww#!7->yaouamIro zHTpbdC^6sltlxVr%b1Zp-DGP=E0x^S?~Bi`JZYt1d$Fh2kzI-|CVf?0AAax2(t0&V zWcRan2(kzC7jG&a&j@fOD%3MR@XQv>6cRjoS{F8dT<~S)ZB|S)GQd^E61>L{Pun2F1Z8UJ8Y|1^ z%#2(^&ooJELhkRShL(g!A0uPy&)45@^#i9m=ULaL51^f>Uol_Wvdmo86~({(zvrO= z*x8AnI*A})_{XZ{`912$+xqQ!*Y9ZwoafjlW#>FxCC2u;BqRVbNG2r^u=A@u;^h28!ce=(CF0&bQ3&sIRM2exS)#mLmrOCO;Id zeF>NaU7lPn&V)MLBUtdp4gsgQ5QD?V&`-*ag3w|{D)?=Ly8IZFsHtWZ^a+cuEvcR?W*AM+7 zJjq@#9AG}#m4!tPQfhK($T^928_d-Jb=jt(b)X%q4SEkgCbI~CyC^@bEYt88EOB1u z_pRazS4G}(&ZGm%tIMV9ife-9(I(*0IY-$}%H^ zp>HgTrtD(c*YLs>x)f^Tdme{v-Y~an>uH#}v+drYZV1b(m9tle+=Jt-$}aoQF7@f3XE>hE_hzd5V!@KDHx!y~qM;7}tO!SX zepnV~I04|5q~KJU46|$+0Wj1?7d&&cwab+JTZ(b%?a+qOHlZQHgwwr$(CZQJa4vi+Oc*S=o8 zI`^Kh#qqET9GP6W9{%p#kB{-N$^-Yj9-qhRj@Syzgv!LeLa{9zBMA#BZ5?@4$5rO@ zc=V+4ks)6oounj@G&q9g5i)92_J-4^;9HcZiF6lnj@)a@XIYhndayWre%H*x-N=GG z$_Y{v0RwE0KC`&p(6Uy^Bd?C0Hnq3x3V07Js@$vy5~l zB^i`gOmeZ)*epowtxgPOm1TZzQ{@74A%7%_-yWdIWh1?~_hBea)d5|)f(_@HGtgMo zSWJv-2KoC3{4ANP*NqpfPuMg7@Zs>#;Bozb6$2H8qU2#wx1E}FOzPN8T%`wWKaVMy|4C z(t)`7AbF$=lM>WLu>?a?G)tFkNGw5kg#KwAfs-xHV%re6X6@&*cKA3M4~bDOul)vb zhU^3VX)R9x5)ZHDv0;T|33`|Xf5{^z2hfvPl{7xy1b-KTw$tq-seL~Fd1{>;(*bG`K@ zc>F^^uF6YxdhGBt!xb&N63b)~BCc6mr%A77d8>nck>DzHUH=!?OyaDBEN8opK9rKZ z@XHseD`A}*7*MvUw|iuHZrYjnD+g|8WY}#W#W3}PS0O*svUFZU)T0`vZ4%;J$J~G= z|7hwO_-?9Imlimc7t%0KegG_Mw_{e0uA*nq2FYCAx6o80gY1J{rM^^Cn{? z)y+KNEc?^y_OZzLh8aWSac2@#|^alwVvuSR?kXx zhM%5F4JbGEUt(8-KkI*@T+Z-9yNR~q@~Oe`-l!FOp%n@7z`RwqKmVE|0B)+D**hrR zGjaufmN(8291GDG;u`I()WoX#Ks=+=`$lo4WPR^Bw{q`M`jvHKK z^YE%EB{VK^P|eCBptTn=XP#e7*fjn=wk$d!+aT!S5_%!~wK}A_e53++jmyrtt68K^ zCT%5776Q6THnD&>s<-Tm+}9CjkN)ON5c4LB^Q4Mb!&rAv4ZzOfD7;AQbTGW?%)xsO z2XFXwSH*g-tggWS5Xs*5c<8jNMW06|8HL*k8Rx4lGQp)Nkp4o_UOjADJwOGUzysfM zhJE9V*;mWw$S6vFls&E$$O|8!;n|!fP@Ej=XKKrj>&1-b2fc-&Iy!s`0XXxlKh0reBo%ca+gsACIga) z$ll9yuO!B3rlNHicy(P9w}1TuxIRC8r(~HV!_t9AqNk)xG1p6V%cTGoDxP)nU zU8ASg8amvJ$h3HrJGFT3NyYNg17(!`oA^hFfLQ%=P5$@2hIc=U9#cQahTi=Qv^aJg zE;^aS*gZ3FY2nmfAc4HT!GovuFI4X;)xghS-^7UAFK7PJL40w3#orYNPpO{4CtQ5h zEQIrr=Z&7jb89{sgilPaIot7AFSa*kseP&iS*GG)VP92`?{V2f^Vmr@la;+(pB3=V zp3M+w3ED7_m$D^{wAxzYZF)ZZY@}jB@UnxGn2BJr!lH_);qjKHxsk0!)1Ge~QR3bH zq@+AgF2=%ZW`}7fUHNXOx&H;;4ee((Rnvb{?j(Q!sQ(4tjjSzb*;wdI+)e&p&i%R@ zQeRoLg~8iPnhU!X*a9N634sMGKtdiFtBL;n%;wA-1;JT9ARYpVfb6w_Lf?>FE<-vl zx-fP#dh#rKbBcq`nu-i0p$;5mUHQP*C)N!2U=>C&|vd3?IZkJs*N&(DV*`F80G zmx@cpMOKB9O1oR_feg-Q`hKMaPHT!0KKg4dzwF&Lqqz_K%~u+3YAvg~n>L@tOO~Rz z!+79_wCR-7(QF#OU%*kC#vaArQ|^-~w>G=Xv$R%y)&9HS;58K97~RxzNF_XvtDU)4 z_w6??^1pAZuOmR8jN7iaBK|oBBVN*wFCDLVfhk_%$X8Cc*#Ng`iTv1yZo`c9VTY!? zrYF`v^0x5p&Gy1=97ZssK42-}X`2Tu|LW@tusOD^k2s*e?Q!F&+3F?&;g_^DC=?;I zt#6HwVmDy4ElC0wVYk}T{0bX>mPV_fa%Xu1khSuy?grPV3D~nN3qeIv2itcOw1SEXV zp7!1mzn2!Pi~1=<%05X`ju-e@L<*;o$e`Vz_=w}`9#hY^icXfjP@Jw96@GoP*W0-D z;Trv}RaqE&1zm=nw8gAO8126Axoqn&(k$<&Xp=V{fPCdKOX%+^4{Is8d1cwGT>7ae z<=|6rldC5ax1_c^7e!1m9R<6w6%k~`7c?(r7DcMr%%{vlBu=bEY?#$~XN*+VHx`-^ z%FRTI@@W#vP>RC~h>DLQCKi&)T}t|0*1_bION!fgq_WR8j}UH9ZxBnCZQ*_Dy2h1; z9tsx&{)rAhDExuQt(SaKD?0i+DX37s|Le+}NROmdtW_yc)p7LATNOF#?{lpd*TV?4v_@lo4L-Ig} zwhr-Eqc{pM9D-HOV8b;^GpNi4Q5M!jW6_uz15nEKa%?4kxFw(vwdj8|0$D=M5S7XjQj zIq|;w?2jtBFsO>Ew5xA?CU7n!7yO`pE9mk2T;74UJD{tM5WNbng&Mi$t(eqR`U!o zkO~O`fUPtOYr*3XFFj}JD}ZY%c}Vx z!@f+#E4VEtZlk!L!Xz{-(5-mVPnqG|bIa`HLm;KRMDi+-C4bvUGhvG9??nTWbqfSE zh^jSciztl#km-yF{&P-DEk}RHHLWAKWQdtog==9g;19 zsBM)WFVc&bC`Br4NNmhfUkFi$3Nv00DtRiW=mihV@-)u$c6+Xa4ZerTj9MCfxj!fK zmVJ{p8`my3>hIm;e$>iQ6XM7@o4tE&+9u4-RJ995Sa0&VVM!Vd@uvE*Ei~JeX}wQJ zxBe7=1X1EFIy-8?5BN`{ed6aV%V*nUrx9!{jL^9rC^Ex?{r$`0Ya*0_xj{+7%f+w& z_+=pA{m(fFDET`bFdj~FOYVi$Cj|qTTg+dW!HGwUomUiqZ~h@l$ekB7ni??ihf`1D z(5+LL;(~-BPPRKJ)Wv219Vkvk^CGC#M}GrR0~Nm8&HrOf`KwR=w2L%d+oBCRQlVwI zw1*X|1ov-))uZk`Cn6?=peH^2K)gs7+K53$ z#c;3C{YkB*{PnAYxUI|vwK=B1$&YfjmQ7VzdWEq*!9yl+OWW+o{;5a+(Chp(jm1&D zq8Z%fBws#Udq4#Kh@AqBo#P)UHOhe)g9_xmIyxnWF-dIM=#0Q0vq7JdG8}(FJ)b=m zS6>wnD%UdZ=%jVID>H^ML(EaZE`iv3&Wr|kep2{Afyom0uiBFEHA8v1EGb8z)vdan zNF`f>QGcaJE0)}Af%l8;8jBuiu(;i2wFahPp{vFNp4!9>r(feuw9wrGxN2{Xxx~ zx0iwkTf9oVB_w%A!Iy@x+6;&=t3yP+z(yg*IuJ`-bdQK06eSDrO7+C+)U1ZGox`uF zBD+BIhm~3(Q%n|h?|pMObF{$wQ>{u)IZ3r*Lx!FP^iwJ=i+y~QCTv`AbwNf^WmjQ0 zPlzDuA+fgx$$Lr3kcHFTOF)Kw4^_i`%N=9~6cy@`SztGVB(Y%EXU!DKptLiZJ6h0X zNYC%Icn}4u@S9hA2rQuL!1}eHz_o(2{EUC(UZZt4;Uml(Mt%_#mND5Ua!irk z5$Aa|U=UmuiM|<)7j0OT7u*y=eSDYzN1%dn;6b~-9*$)IV$Wt>S-jyc#L9_E5=@>R z<_r|@UUU*^+haV=iXC@AGLbmdm~k)fX|Ok9oOL$Nx;hT_%5?&cC! zOndU97$v7iraC(_7eQo)0Y&|4k<AO%VPJ@A~)|4%Pvaxw{TlJ)oT0e$#^u-pjy~UL+)bw_FQ;BsoU`oG7i!|tdXTT^E zp57jk^gE1EAS9^EK|mL8v*I=k{;C}})|CxF>&?y+=TN^(qkss)zGfM=P4X@lk^U zcej-M)3AGO3(hdNy|^5an>GmW7{#0LeXWoO!1DW>K)bGQ0(av=2WFx@Y=}Jwz`p7z z3^;xGks$KJxoDpjsn}W*2TE-xk^)JobiHbvY1nGC#RAAJw$UkyYJDhbCUQsAJ^d5& zY(OW9EdR!K!4G+*Y^u-Lg#p=xwy}8mmNgwi%(7hr_$Ir__EfNVdvcq%qPKHga4IJr zwkEb0(Bf)0Ce$e6OLDwL#UG-md#a@*lZ>~y#H$o+P^2=-xwprKWR|L1orCSq)HMZ?ZL#C=s z9{kY~OS`0MU zE)K(E4WY?cC0TYsTM+!lOtvOYCGhvk0t%!}%YHe37HaWV)isc2p*WSc&oqTj9%RbM zfNs(}rTaiP|5nH{0L{v<1dXGzL1(ujMTPsbmibrXR*}5ED)}+(5p$|N4gzC~j%!n@ zOCEXQSl6U92VkXt0DSPTTbU09lX7Gdd5I6DX}5q&{hewOoxSd`{N^(9Tv|V3Qc9XD zh_HfCISN(QN(;5HMS4g@5sH40FLZuVwIDN0&aiHLki8F>6*$6n8$u-nq8vmscE?k{ zjAw9$6(I>r`XGu|aE1k8F>Decyvhfx2v#QO=Wf`Tvhy7>K?6L#f0tq%Il{Q_Gl=>M z>`3_zR2O78byNV$;$I75%Htg`OYS2E$Pl$%1q361HNHW0F9ptkXgy5q?co++ykfG} zpZzUD@IDwPA=@8biu3{XOWE-$+y#l6XQB?E!x$anW#JlmgZ8gVQTvc__uf4#rhE>+ zGaTfR(!x&`Z28H~+X6^3Lth6n8o;6>k@}Jm)iu>Zi-vpS>fhAyiua$=_8vKjP)KWd zy*G+T1adJ#@I=_4z6#5OKF zVwCidD(lLnT(ATxsFYu8g5eUsp6IyNd}XpC!-Ok-2;+(gxo|7TI6Xto5k8~HOnz|X zB>T&%PkqWG{Dgmw2^~Y)C)T5~ULvbI`2k{E) zKpUGg^nz-*2E(q(cMH9P>Y&8o3EBm-wUed0^R@vol0ZWkk#e_EW1y8d0F+UKp-w^l zJJe!htR&zlBL@}2Za55)gw=%rNLSrISKW4tPks}61n>mFQ70h|Z-aA5;mFf@sG$zj z35NO^7~Kjvfl5o&1lqCao0jqv3B6eO5|NZNKbnWole0~aQLa&ufTkfB7)M9bLk4|I zhZ^`9Ug!fbO9dXXUObrCyvfaquml+jI@CaK?{MbLs9r_X)SAVFhSPCu46oo$_}f!K zoUxeGsMU_BV$jXa!klFzCJKo@zPyYT__<*joEdPq%7@Ny3QHM81HhB-4{+ML#e?Pm zX#-rdn3^f91`}d3=tIhq!$@eKi0ZN0t@4X5DAj``UHh$BZW5@EIWl6Gl`9C zpqSWj1?onNq4uyd1J(i2ktKdh4`)o$?yjW_8rw=y>nnt!#^f>np4QCvm!8X z@Zn6;j)@fk_jnISO*zqd-Vn~ZYL>lFRfhx1a8qqCi|#s5)80nTK$G5IJYuj=YqEj$ ziicSg3{>_Oo`ElkBfJ+j{~_G|PP-AF0dAYFa^UMLpFqv2u(a?YH2U)hj2{03#>|qQ?}4>uAM6M|f|+4Q zTzlPA0Vg*xa#DXb@E%MBzlgp9Up5;fddT(+hiiL1yl1}c+YE<~JH407?BYd+`iMv% z_}pMXg3+1{C++tBPS4TZKyY_3PYk16wH%d4OdYAShTjtg z9DcgTk~#TTYU5Rz+d1~hIHh|Lkoi=%^du%@{D`p)*-E;6Xr`~dQT*+Q=2eeU%~Gb9 z)vrQ68H2EW*}5eXMdJz%K$_1^_O`(oJ|DZJ=Ak|U(F@RBHb2+U&nMMsM;YGGfSQ%r z@6lO7_`IJ3S(6G}8{~tr3T2Biit+D+J3_)d#*)gpV12xxcP-#jCHvjAreP?fQu{^$ zZ)!^RBVUC9{e+16sZh=0gqr`|5DAsiJl&HBGuuo_%Y*18Kahrz>Yu% z%$XTZ<^sQ_@V;WyvxTZhxUn>#k*S~N?30_MMY`Jr$8+aOku1aM(aEBf5cR4YZ_!s1 zcvtXCz45j-WCQ~~fK}hf%4P;z8sEGJQIoBZOZ`kCg@Y;9W1*>PADUdS-g+WfuWP1O z%GP+8x?9&dhb{s=`?`2u$SQW7Fz$|%lM+no*g7>7lZP)-w%1uG9<;GU2^U zyTgvD%j&~~{1P|-wNtOLk#RJ^!$7rvBO1-akOhWS4Urjt^>mP%9xRG=!>&M%<(xDh3oh>{k3U}{t1D$X=A}y$6FRWQa2;s1md-?7q^&F z$#B4*sb&F8J5tpIn0vvwSuC&3U24jT=EXZD)R6xH8A^3%qt=po-u_{zJ36|m{u6C%#Al&0yDMCU2ZUY51 z?j^U-5XSf-*1I=C*#sPVhT9j`4n}MC?0;)K`w1V?^feJivF%`qN$)5t9kW~GiQTPR z*Z^YP|A>Uo05SR9+bB%!5`iUP^<9qte&1S5V=^DH%C1v!yxyTo1K{d0Gw7(OZZi-W zLxgt0g}~5w7Io?9(fuphw)j19^RS1%Lp-x;4&G| zLBeyW0KFd@oF7QFjYp06h z|DMGUc_w(ZV;g1VFIMuqhC8ho;313}4H@kXa2_B@X&-I^7XKg&v;Iu!B&mwaoM+(p z%Gz?{}xrd1~HSFi5RPN(R{&-jpuM+JC>XjIA_%1{J=i2&oNirh zSL!+!+Iz{Z+@fsnj{tJuKRX?fVC=8QGr?r-eP2kEM}0tznlZ8_%nb8^?3?K~*L zhTCeJcg@#tyXBhqlR~JKpCBT*PHD~!db%P`6W?;=pD$ScB9Lpty{}RMe7N9qtuZMZ zSl%;1V!0U@Q!?bl0lCSiIG0dmYtrN(d%<#TQMg5T3_eE{fPhl{a%dtW! z2>1R1Bi;-d)aSw2i#m8{UVNf6WA0av{T$-2XH@Co(pC}DIaRxO_EnBe#v8UmL2=4d zG3nRmf?$!ixef#qoN)Jmxiwhg>`#iMpgdbfcJ;xzdAx&Qh#2~B2NAPiic_XV@o-Oy zMh3oFLxe@0_ohmcQt531QeAv4ZPjpCL%Q%UP?(@svn`VZTT{_rV}Pkd3>gr$LJ>h6 zLDURHvsp=wxEZ-b#Vre)J$(2@T9oBu6}G{oOZnFpK&4nXbwFL`?OL*Cm4xoi811*^$7<=udPZevV*(DakTS{eDwf0usLZPPOaC1XSh8(ISb0pA+~Kj0`_yv(_97(Lbx~I4pDZzp{iBn%R0&27XrNZ!bueI1T8~6$68iQmv*3e~=2(>@+VtefyoMO0uLwTR zVvd$QuwA3Z@gHM#AN1ajuxEVGrgFgyN4gORU>kxE2FBMx_KbS{#KCWLSOhcji{aKf zpBK0+dgY?4g|P*VavfPMwH9%R>XI%~l(IpQKvg=0eh1XiO)WT>c|Vkv5hrE_G+_(6 zw6D_&#uq6J1or{EK~Av?E1w*FR|21wS#{fhlGfI`VtoAUllkGmpgzvQV&W;W@LN6s zRHIw21Y^LgGEhUQ2A}>~)=8OqT=OCFQQX+W)*Ysr^! zhG9Za9@{(tU9h*kA9y%1GyQmGsY)^YN)Bd8J`tUgYV%>N4Qqu7U*M#V4tO1B;e5(n z*rq;erd}h`GSHhBI>gjXX~D$292!>nw-HU<)y^MTBwT^jg64XBspz;tP1*M7Mi8NI zGI7Sn=Xhp3*CVga2E`KAGX)`#lCHml!IDC0v~lRba4Du|%01UE?uRXebX;YuV}JJD z?Z-f*RcSt>#Zr0f?>)Vnl>(-}m5h%PG)eaf?fo^}EGA@n283l{eJ~$RsI!XVIX7ue zO1)%C`Hu7prld}~$5}KvTkit^Btut^1)-F|hWro)@sZ+B{M}sz>z_osWHUd}urYW5 zLympwl-nR2@@e=RuNKn0P##0zn%JpRG`AvFFS47Zsr}`_dfv2XVM4+-_R?T1xu}5JDma z`}&0KPH-pyly$_M5gM6$fx zE6lOnQ4O!0EGZDV=p__PkgH7k#V;DFkAa+NU`x&QrpucJ_%&l6!FRUv*8M!=Xt@eb zCfutQa5Uxk9`Gi=!RB-OYinMbv42~VQKRphGmV)sstxr6V=wh_)uK{x@tgKj`s`t- zS2E>Igy+~I+A8wW|0TB`GC2}ji@-ugV zAnce`ZxO+()UvsDk~<^@TuY{*7yxX#f_gCQ*SN+$=}*M50bUDC8D8Kb$>3S#7PWst z%-FRpKy-yq_nnXh8;DNwOz-^gl69)bSbMtmR{^zG!t)KZL6RRNNdjX|CoV=v3oI(r zQw^Vc1CdrP6>R^l7sUmu4}!~bRE9p3Q-8;OSuLMr;C7t#nZmg#mlzuQShp=OrFTbH z<4gw5@HyzLdW_20ex{?n8CJtfsRo=cLyH;63+i{_EfJE%{h^!YQfKbH5c376?8Hn< z%&{3O#DAi=E_i6XkTM;g$SuJS%$*{qWQ@vZuI)tF*yX-?Pve%rocw7#O~2 zwNAGEa7|OGeTS1AD!g(9*H$&FN-9zDl8NbgF(Bm!4>sy~84^{n6683xoV40%qm3ik z6XpEEV|&5A{a=*UufEl$dC0 z{Z`1}bKJ7m7^moJ*SplN-yPV4O`ju6;?vhiUHlyBlBf*D`R%LdNn3$d|J={@dx?Ak)8e+NWau2-1BMeH{G$w6QUi(W?)^6id7^;;@l|q{p*OmNtYYLTX0@jp^bTMT zRtfZ)QOC^*uKLVmKY8N**c)Kso-y7R^BQAuP}FrV<*ig1f0bx`fr=@!$|zMCRHW!_ zmYAXo9U!i+4>8O#F87(tmh;XyTB|HL$odvgub;ao{T90T>#jxg&SFtm!jCTU8tbSZ zT3OG(;J!rUKq17${??DQh*sz+mz8KaaC~`|Qr$q(DsJ&k;{rf+PL5z}RfG@ebz)%v zcxI|KCRbCY-}jL{{aPRIH{T654znW<&eVTA)}qvceBM3ex}|nKd+QHItUiz|-($T1 zZc?Mrun%mD*2~S^DqM<9=%?*5PX@hGMo*X~*Udzsq z^bt9OXMuO@v^%I8#G^b_OROtUi5!p}3itq2QwVZkuo0yc6J$|oh`}N57o_A?4T}ME z8c^K)t_oUxXvhu3N7sEC`Sx5;zHunM9;`jEFCCX_sGqkLj0yX(xtcboq0lZ^Wu5%~ zfme@3Vy=BwPidDwE9XLKnfk9r#Kki6jHlPRwuc+{4{7+qmD#RwTRzhdd#bK>NwRnp zVk3(UA}U1=Thp0r?4{-(mcH;eaCQdK`uf*-AyItRcKT6JTimjWZeeUIH+I71TvXXU zKNzn=2s&OGUU=NWswGf--LO;CWlcq;())0=u%P0csMBz_j!d-RC82*B!w2KUWtj05 zYFuk=fhSB`9^C7Au^U)T9-oUdPW>29*&Zop3)NN3EG4?u9$k`unqkKevujqu6^JiGF;#Mg;o$`+Y^*6^t2WJaZ~u&>HL zWV8+P{uQVKmrqV(7_))3yM_SPNntZpc57t(Z3d;v>^St)Nk>k1qYg(_St^6n`wGTA zy~_PNi`(|~t4%0L82BJ@O|h)t%1>H^_j*eyIdVww4+F~AU<71OWL#K}5ZWpXQ7}FJ zLjzO?y_3YF{gV+{Fzg(UDVHh$4FhL0?7zqN%z=zKc2OB>+3fv_eC@IAo(1&zg^@_8 zT7P%@8T?KW7hnVfg`C2~P@liX^h7Y}%9cjIIz61hdok-SkoVghxNdAu#hv-|Wu**E z-xI)EhfUK{uNAkik3Kn&-Hyb&0~q(rNEmV0zAAAbVBEPMm0t+s57*K!Pyk<{Z+fM$ zyAfk06gJ$)l!=grKze6ox&7@mb=N$=-g9@P#X$6h83$UNt!IEYG`9AdDEO@b0|F)_ zby*)xJ*A-nmS;QvO8oBJ8-^iN`e~jXV)^UhbN{GI)0U&aV{Ty>3k}MXz&CtogXLWj z$c)-k(l%MD$Y6cTrfivCSwQ33=W$LkQlkLE#ZxfqIULb23mqH)p@bd2R81Cy zqK9UrrSLcSZNDdIoZ^`#${`P0q?&3p14?W)nYkcnWRC53t`*~9B=SS*f;0=#0v8hP zq5#o`)AQODRh6J;m_dw2pIZT52s|&4=GqXG7=N>X%#JTcn^>#yZTVAp3~DVL_fTmZ zr+9HkvAczypL;0Zo443&Y_@Q;GZ*l2C`cV5cg8A#_PiyDGfT6&pLG87thusT^O^8m_k@OT zMqp^{vA5A8q4)t3*5SfGQslsrs6erZZgMKAK)nQ3`~=&5!7rKi+CKru^9K_kvczT@koRX3&L}(^7wx_$h?&OFB+wh#y-I0611kT?T3}qn^#Ns%M z%NUg4Q?GVQTSWiTcp+$$Feug8s46GmIt6s4?!<&Ugy(vVUIs}?B^cMBAu#MpN1a&P zhJ>lQ=o)uUQQ`DYPD?6dlJ%L#*5si4%&|IsstBwZtZ4aF7wm6-O6|V@qf2HIUj7p9 zmA{A8!1m+d;;7F#xCA=1>>sx=Zf5;^GyG_CVF%PqrN!EWu#;Jq@rrND>7SPKdpzA^ zIW5o&T?PaM%4k+EX)m4&Et91Hj7FvnpXC^BZw)T!_7C-%yd|>=?Z(*29PDR>=J)y_`GO^i5#0-(J7-c{^-q zyGxrO(4m$Svg&l714G|KvXy;iqoCDymDRXF)yj~-JWttrK}vj|3?~Z zGdNRXu@&#>8bj6)RFnl;5&Dl znW4(Af^CuVgUF3*?}y!YqMDJlZrXF;P*(2(w;fgxT)`5x&q*fxox2wO0mMfU}agG+BB5qdc)ESqbP z`$G(E!_>qlHnHz*0#meLi3vb!x<{>`uP-dPOkXyTV)LSP16zQVzHHYX1#|B^Ny2h9 zddz0m_pqWDKro}8@{Ib}`e3z%Y#kEVD^wM@F0mOd7^v5ncWf3flkyy(Prc;>9$i_% zz)=GS{th)f;t1RM)!=LRU4x41<8U)1e{O*gIW)1CT9)gJ0NrQdNOZULif4S>R3<4e zH_y-TN^2@LDbS_YRE!NB7{gk$`Wf4QU!?{+&nvx2px1l zL`5jXt5R7`$-jl?Dck<3kpMF?t|azDf`Xe8hDZpxT!iV;Yejxj+p>;;m0m__vcjH$ zDJ6^T4I)Bt5N0|4U9PTY(EAPX$VwD}WJdeF{qiD1z4g%uI*88Mlx4{usv@)p zxq=x%s(u)CN#`%Oh-3PU941tsInw|g`<>#!X@o5%-B@zMAk{Vb26d{$&SK2Wk1Au- z7Z;v$Gbu}f33EZV}Aw5jpzyoo{Pql?pQVYI(DL^wy&KiD^k_UCfM-#cOsqY%|>g zS-f&{1~F)%9kxn2T{RePy6m%;1N{HEOhZs7Pr&!Tr^=RF*?Q zkY7ArdS-wk2*MW}B@3T>1n^G>=Z-SQ*?4ur67#`|g3#(ZH!UbwX_dd~$i@OnYcwvTw(P9ks62_h-1 zo6w@^=7<0XurZNwxp}Ot(XaKDW1sB_({R2AM;!4$C2y@?mi1A#EZavgG4vmuc03(0 zo2K%GzL?ZIV6vIZ@Gh;AsM6<%J_~}m0&kL19aj+_rdLunfi<=YKVA-y&@pxF;>Z=q zCX{&-m2lnbD40%}R9N1GsY?uSqifD7HM_8cFDsp{Lalrxmumn{_VY^sFTIq*+_Td8 zPM=HeZ79hvL;6DDB3FqLX2rV9w!6+pO1>BNdM!GFb1SYaJ*t1p$dHr8DO)N`;uvUW zod>sm9EnMSK(sjZ`$ywFw?>4J5*(L!_JB3%Av_T%W;*5z9{+PxqG?n=V|0ivA%H9}j!jo7H z;v;+%nYqMms;Y}QQ31=jG_^FQTC_+lPy>#Pj2kbarluK;&)=E3UF;6%pk}(9#z3&t z_p|Fi0hl$HdP3=NvT`7lwk-Lt^ zuT9_S(Eu2z(gfU`7$K+BL^nw19jD6`*-bfc(H!iNpKW6EOB7t#(nyR` z=i z5V;`#-lNsIH~tjfzh43UrAVP-m-BfT=YG_Yn&xu7o1sd-8?x=;5MyCA zR!%kB_u%IA<>fYW^J4ljejeYr-tjhoc>=C&7`3WE{Kr~TgyTECRCW(YpPHrQq23|W z&WqP}o1iXQm%#?)rZWKD7OkC_ak!=WzeHHywXSS5-&TEolp6*%dy#U6W1e(mb`dI^)a<7!l+(IRvP;*lCbsiP1U?2z4GIW zO;ZG`tm(XR5X**4>Pv7{u_=Vf14XW9R_+7pdeJV+Oh%N2Zk!pM_ca=4|7Gtc6^Qm} zMi>)0@FLHZaC(pE#NziW0>$BU&*Cq)P0Dli0B4*o?Y5`6x1w!Qx!LZuzMPX$JJr`r zTmeLfySnE1wFq-9H9(88kpSFV0tV6kB>#4{Yp>n>K&az{sCO%THi+qC@OGxMhwMl# z-kN?~=!d-@ip%D1^?OXTO{HM->|s6tg1t+Pz+Lq1Y?OG*{*`~N(fbMc3~h2N-b~Rq zjEoDBz&yrxfEq(K8Tjb7G}8S01W4=q!qkpvAD`mj19`_}j~8s`C#yxNr7(vRBUA4k z)51WrXhZspqtG#a2{n>gGkLoQKgJuBj`#0AsvLV#2u$Ue{sFbGELdaGP`a-h?eQH_ppj!0!We70w56aB==?yW z6Gik~rMFqNqTTK~2j#rm3eB+B{ZTG9Rs)B7wc5G>de7W;Ob>rydeELDeQN_2WWhJ% zr%ptXK|aM(*RQ$$Wdj|}B?H^_~iJkfQqJ`a&d(Jos5)~&@$a&1EMrp-TV zCdy$mmZm_v*B$?|Oodhm2}J#c$j`Vl%GaUQ=0H)MJ-c?-_|~`&%Gk|c2&wH4pX;z+ zlh?LU(mg#H!`kL}O-T~Sn(%|)UJ?(j@0#WrA$exz9afkQbQu&Flgt(Tahhv#+S8R{qS@Rx|e$RSYqwC zA3A9cgre81`(mD?FM$6Cb3ly0cJNk3DbsV66CR~q@D<<$@-?)yP;X!w9(yDhB8?v3 zCTqsAGUs49F{8Tjm}~W5n7Ku*R#Aglc>OC%_R%X$RnekW&#%rvpPlMeO*HBD>KcIV zs%@3}LkIq=tL%b9ih|!5`DF|fQ+JET1@UxJMk`(uOILQ4IUSOv%o!uotwkrueH#q{ z-%3`Ge@qIZCumXnK5P(!X*FfeX;Leqe0{}Md0=I$)I$tp8_F^VLo&*NU>vqWWh<0J zY1!QzOw_hu{!w+&)9^$Gpj^2{4kCF-w^g>v)-ew0mN79>HdM$B{DubAixLJz=#MAC zSKx*>l?@~6#SF&LIVY_a-KY+<+UC1777g;@^x(}&8ZIV&D_K0gloSXVb*XD{BRNFc z^P@uwI_d8@#7O@>Tp|gKo%UIW93?9I>nykKr*3{tC6d;_O57dwk6lQYnHHcxA%w~K+K6QXl>iHM7%fxWB; zLGd%a0dq@7x}{zJ{JN~icxTGmq%*$=c&Lb7fA8-7SCs_{{%1B?7J(Fw{d>Pjw!l#`V&TcrXNGa zv%ntb=dxY1|0*1xrk!3i*PShNXAO~hilz%-xKeHl8Gb@V#Z3H37t_v)yJ5zv&Di4( z+-Atwf@*}R=;hGt7b~b zINYimx(}J#UvLbzzl@10b-_~SPALXT&sTbB)GV(Em4L4pjYowt9e7_{H9)ythb?Kf zARgzpV4AyWzpouj+=CL%gan#7(n77nD;i-y+i@9~*We@?wCZ72 zbp&SVht6#HPG67{)P;?qb++Igm0K1McP7k&iZ8u_G%D@IwES5UxlE;)H}V_YR;#bc z6&$SI(0D0@K)OQ2yGvgR&D7=pkY0p(<~{wcEYu*2)EFCzuSZ-;PfWiKYkODyig*5B zr}R(n#}wNRif`Z%Vu>$YwE}xY#UAOt*Q4c=p0%O-r#kMo5*1sn(tzq+Uei{wZI35o zw`a(wk}4{B?GW#Fn9Xj{ub#>R^9bF1IbKP{jIkB1@;Vp@4O%V!UZCIe^m~qe&(iN1 z`aMm*?Kq<+zNcR!Z4k2(Uf9iXFkdnLr_hbZSSH^|%g!0c*wGNW0&1V!%j?{{u!rc} zAsPKw!NBz@78-0OUySA{Z^t9*3scm4cIx_rk(z_ZRyov?9jHDSTp;QPL22n&O?elG z0ibOmYi<%>xdYey*02Mcv>a6EtXb$4ou^=Mbe>0hV3=1Q z0WN*B)H{pC<16uSCg%Bs-xU0fW}mejr+X}p^Cbk|QZH-^DLtzv!$zE= zda7?hDD}&29s1N=_OUP0QKijTCi>1cEyP`QH4gE+@t@$QUcOB~F;caZ zPK<2XiYG>b`&4VlV*&Gchdi*@A9g8II;t!m!iyb&r@R&w?`~-l+fI6%)ult!8i*!d zzBE#>*Xwfs7Sh5V>*4=?02igK>cF9FRTyXIooelckbo}r7M*8H6Y;*xKzuY-LaqAM zU(mP9k&#Y&rRlz1ntps^h&r0knARB$I_{STXvEbAZ>EzIqg6lcXKqv4RsL!wztq>$ z(GE40E}gPKs=;2OG9i`J8PqwbDdo#g<$U?c9AhCuTHj$EP_K>dju*I79qp)k8#cSUJmd`gKHuDIsHzvW>Qtp1X`LIy~Nn6wX(ip!1EE zrI7x3#oPkHqpf9p#Ub2FnfMj0dj}>V8&_3LgTCdC?YNkegh+Ulc%FZrWY^|`7ZlSAY&c%rlT&$&uUKS6CJVUuk8x)h16TTpkDip0w<0bF z#Jtn7VqloMjokKe0{>*4;9J@!kCPn23U?oGl{e)c_6R|hJ7t>Sn+0Bo=Cq&(uUFbe zWs^pEl+9vVt;e)U#2u^O>@u)f%gv(VD-_pVO?$z7#X|H0Npe8w!mdv#q?!~8FxkKe zD^uq%QH>m>m}$tVxc+kCMuB5Int*XNQkBa#@C=As#Y@$xHC%%zIU0a3N$?_8%;T~$SR?myw}tsL$4 zc-?`VUoekw@|u0Rp7!^+&;?CnSo*N$PH};FT7bkuBxIEP@M}!a6otO_*h0MB0vkc} z)fyv$T+gq;I+}e2&hvObNagP^$$BGTCiPWz6haShtDcazyjZKpjFeg-ZIj^K%s*;? zfeCt>*NZYOZdO)meC1jb5)ohV5Z*I$*1}g7m{4bJbBJYC4}j61+;u;WF;`VTd8xWRRapvEvT|7;f)ti2HKm$+c+>xsCQ}h_ZHGp(RC&~PN}CL zrnQLqcuc`r$FIaKUuE-pB#2P8-U=gHGgEmuCu6yrU!q$SE*SaBy`ho~hLTaN?#gy8 zzXl5D+iXM8cd^E!;WB@K~1om3;z z8c5k6`}br>U#VG#`p(a$ZOquSyWI_fKnP#f>xao$0WDafGC&T`T6T2&{GCw#cnqC` zIspk>eaA2$y3^`djjWfb;p0p&BfFigk9-`oLb?(*Cs_H%8-V)%`TKCdrd^M->)Z$M{_d{H$Q$3DdbQoQOKj1+&1-vjgZ1}JmVIy%&v== z6I@c9P&Ou|A76oo-qcYWu{+WgmL4$r99**q?rG=QlUO(xqOS0FuQ6TWs{SO#;^f)+ zg6obw5t`d0Z(`3;n(#TS{DY`OKS2Gu2I^7sXR7OJ!b&1AOCmjIXwD=2%9n9reBkq& zf!p@6$3#xT+=-K>H!$`EaQ1yaNSxa`b%J7U<2QKIt-h}ea+Q8ctr6VA zl4_cdgY%$zP61!F3KM8`r&|qDVve%OqwE6@ypu<158BoK;dIn=N*VYRyzd4EL100y zB7ey4m+J1ai)Gm%7cv{!vEoj*f`@n^sxJNEmUJ=yv`@Pr_fr2@9a%L80Rn$ig>SDp z$3D6VE9Modm?NUnCQ`)=^?|eRn?ZPIg-0>}0u_@?6*E-5y#vLr3{~MLtV$kIcBx;d z;CV-g+Uib*DoF#U2`QLKgJxe|LdpWMnq7L3#$RK`Vc-w!s=XSAaP_B8!uW2(n@4XP zO827=QTKh)ZQeg_2-gogC<~Mnu@9ctAr_>lzxm`+3l+p={b>X7%nOmz-j8=A|4a)* zsG^nkCnnQo3ciP}oZPnzx(kc~*_tGhDplyr#%M7xQNwqWoM#rr@vDvFpauq-QD=Ue zn6?!vQA|5XahXILiiatMu+P))&TYnb8oD_fpO=H8Jl@twclRI6b?%URc-YTA*#U*P z5o}T)ur2I~o)&l2RY5h^xmmsmOsapwC1iTi{!#zUl)TvVwVZZ}I_V{h z-YgBL<6gnw6`h^q(OHTj?Sbz+&hv5D(!n0g*J962D($x1#U0OY4;&4|D52p)kjxLU`&BINX zXCP^JRZ*H2{M=oYrk?uf5|TY@lh}`NNfwgfD`s3^OBW#&oAbz_2AEplXpKwn5(5uj zjNf1DE{$Ir;HNJAsB<0g6=wYo`w+fV3%cJ+=ezhlj`#SwCPxg@)5QQPnfdR@6aDg3 z(Z6guNJaBs!r_0j=+8-ZD|YiI9Jj$p<8-ca(Cg2&x&1jXJ^t*UYz2CD2j**T=YIJ% zZ@@BRF;0p**0aaf*m}xRoKU^QA)0oghk#L6Pgj7PfxO3md-p0(Il?724&$Vn?q% zZEe`VCEf`E?@c!7-HV2c0f85tHH%E7BHYxX-aU=Up!hhZ2z+zJcTi{b(c8DrhH9YJhDZiY9&|h)%?}p{5TRQeP}JA#U(aPVAl<|Y0_gZ@4`8Q$Pf)tEMveNee04mPE(c?XGuZC>REx3dj*Z-9)7 zliYsUs(g&(RjJ8Q;HWG%3(8J)wgc-}#WOp&oUn@2dX_E5X2b(hW3ay*_6Bl`l}2S3 z-4ag+LMt6?eal%ZZNX-T3h*k`kYG57X8-B|B+UjOezV)TO^#O1Hsc8lFf-CzKGOpo z2v-R2Lj4Wk_K{QTQL312j6x%_|qVF4+q-xa-cVWYPLk)xbi9_{o_G$62;-pwXu zrb{s{(bHLbn1c@rO1s(!2`CjQYYC$l!q>d!VFjSFb|!eD>IWTCS1R=9if9it6|65& zyn5v`+EcyljHUq-GFxXtrbj4i7sH%ygZVyLSJq~`2a&2tIJT$5*bd{nEW+3hWwJc+ zTxe{!x|M`$*6B()8HaO~7PoT7t274|8IX|1LSvvpZJ>nVvrDr-JsZz|N>=~aU!Zis z>oxnd`_VJuyS1Sae5c!=uzxL*-%h^b3Py)~#XvIb;ww>~O_66iPs-7FL#R@0Zo6kO zwA<8NrLO-TM%OUr5{;PlYxelrNZd_s=QnIL5mzxr!RRpcwLk za>`b$7?_fhI@c4Pk{mohzjqv%#>vh)DFvDcQGh|CV??ftU0?@Oo&&3Hv}M9bRBtFKqB-S1GU?&6LlWGQsfkMEG4#DRg?mVtSV+jXJ#- zC#LP@AN?cKkF=J|z{hN^$72U^E6lMTt%2Cq)*7S47b@W3Q$vdgtu6C5hlKk|#Z(*MhI><)Z!^zNCil=RqEn0luh5&#M)(PYAz=_w`_iFCB*o zdX-7BR(!Zk^b1X1d{$3!$F`trJH4|fw0QB2y}gjxpk_RM6q(*CvHT2f#+Q7s)`1&V z$>vx-*&XW=%WH6G1T>C{<;@skt&8d>p5^D|Yh%3lP@h-v#@f&+8LS=~x+SBV1Km>b z1wV9eLU$G28Dd%ky0&=f6~8w<`w&U?vfsK3gl?De!*`X()X=qoL~To` zji`Y{U$Zfyk*I;d%^Yr|Py^+4G?1^^igijAXXt34Xx2bnL>B*M`?zDSu;zwTu}Y>LO-HRp&E9x>`VnIQ1Up;8G_sgQ!kmhCFo~GfY*pm|?n_&J45FE14lv zy^I-(RXZ~*R^#6dpLA0>X2xMt{pBBI#^FO%nHh%__49v(55lR9%uM%AZ(?Sge$}MUl)x4G4+%#2qms9t79 zxkz;}GagP-M=>)UY))lnJRYkKU}iiztJ;{E4m_KgnNBLVze8p`>#QDSW>lq6o0u67 zJga+|8Q0R)hIeQqndx#?Zjr`yv~!H;Oo(}zo_c+SVob1ti}n(^tYR)Ua5=?XmWNX! zn!(92f@YE-;9eGRGK=Z}m#xeto4KTdOEq)3mbt);oUod?3}P;s;PN(eNnkE6aCwEf zoc%i^EO2>-xitU1qj*f`B;BiQ!Gb2>B9Rrl|26I^gPQr*?k`#LzD<`b`8K8hsuu5( zis`uArgD#L5vme{p9m{Bk5)~?dqp)aXy9T9dh_6|9(p@;tJ6y`OMei?C099+Te(H< zA+n!6wDNNkqSpt}>xrHgcU4SK4I}#a+ubAjr?)x~^(wo)%0^)EH91*WVe)9TLY2{@ zZ3OJDp+nI>22;AY$D_LxMNj{Ji&>j;s$wByzOoQs9L1#K+*R&GO$fO1g3r_$IMom; zSo1vgOe-tbB`SFTTixRwd@~a7EvznuDuXAYGJnMC=>c{5o3}!B`2kec)_S? z6w;qPST}m3d?#z5DWSLOzF*a${?p~zx@{59)_v0PT%Fgn2j8osX`Ve;S0CgtBrtuYy2E=>{l|=!6iz5)}cuGE7sl7mPME+T^idOh#j}Je*#N1s-Mx&Re1R^Z8Kx z{vj6UC!9fpKK2x~{#D`=MZQ7gw*a%va*sUEl#jv?s<>r>IM|M_upsN2sIGgXV{N!W z3r3zEsNar0h(6kLDp zx@?x!dLEa&GB17`@88*{7^seZL*J)J?1U$+#*OK543t#`RJ-^Qj|HZFLTU>@JXr&ud=r(g=(JWK;mADH zNSJe1Nau&ISV<}Y_SN(B4U3$qq<_j+l+x-j7 zHSB#2d0&{qyq{*?eAwGg-bZwAJdf-JfzEG9c$4Y9UJjwR6j5l+zE%&Gw}H-)ef0*4 znIM55c!QnOv+R0aZd!0w5dojky4Wyj4<_#*TI%ESo8d=#Y-GsS});<&2 z6`<@L1c6S~lgcfvX$gVbPvJc~+Fo3yX@$;UkfZqZ$Lzry@f;3iw@VtSZu^*>`AF3o z^);Q#!2ep^zo+_^?r)_tA?#s86Zoo6=pHt=vLhEaCqJVQp@+GOQFE9*F{p19(s`B2 zEsGt#)5hfqzSAbTw_<639_ry*#nJ-MpYS8vhN#cK*6o(hJFl{xBf2wCzrXwn^?~jq zJo2jEp?b1Qg0Fm?qf3H+n8NALNN=Z0wVPKfbT?u7(bp|_YtVdPAq`S2yAO25Mom*s zZD9qDT}KK34Axf5EfCBo-G{A!1ghC@xl`Y2!P}#V4b6EJ8?qt=(`C2Gxo|r=9o3=j z97op^(vCY(I10m>{j14b=(&NNlS5~;Xa9!1jQ-EgedKv{F@TQre|oLz`X_` z^ki;7qC0%0g3jBh8;DrJDcIA)p3Ox+evMi5HCd6ETr1L0Q)h$1USPndAY_Ygr!g3X zZ$rpY%pbDnt0v-#kMEp;y>x(R@Q>fbaFbK<^$5u-e1xqO%q(**mJ-UGQ_%(S2wow4 zgs%wUC3oj+ax#XNdtxXHgpvV^xdv2+$yHV%jv0G^PK35!+)4wYn*;cc7h0>$QjCk= zu*27!9_%NyRinD8bWI@VMRXj~caaHXL0`=l!MVM(w{NFaaGow1ESsHM7Y^|4G~;Qu zexkO`)mmqj`-08G=X{x=1@990zn?Rm)~n&SALAkxgfYtl;nyIKR_c6BM#)-^i|%EM zpvvSco#z)0QOjQmU7&#BBvQXiaIL6IF}5D)ueBX9ou{Vu`0v30M#^xeR?Zk)a@qo}_X6$D1U3_4bh7 zY9vo^TG^!@wJ=^lx(mj@T9{3#6XLdDjH_ZTieqxD^Rzs$)ivE9^-({z=(l{}$@6zG zuCrFU4AObkqL2E6CWW@Ccia)$rUrjhy7%H<`7V6jO~769fPLa?q^z+uckbb-v#|M9WENJ0 zn1ydVHRpg?7*_Xc1he4&j*C!hc<&{ex>vr`-PHZciwxfxfcs?@Viq6;#x2Bw+hZ3< zqoIfD>A;NGgJ&(eDnlO2;;L@5xaq}+t$O_x@pQ%*=x-(p$v)r;q`_dYN&`Ulv#B$I zOw03=+s@KK0+{rH2f!!1^|{}76z@V!sNh2P8Rq%M8d2@65TCr33i15^?~p!DUy$R~ z-EmlB39Ffl##gKhOBJXYRd9*$)FY^t3 z>Irf=dwUmszy|$H6TWEFRU42km?qy&$Xul(Bc*piM06|Fn*F)kiCyhgh@C2!SZ}%f z3H^-Hv9);IgcdVVx5ob{^^e(?I{TQ1Dg!N{2cY*!J-yD&Qi3bSRn@&+oc|*b=f8#f~W7F_(SM$!6opeS071nj8_7p{JK*JEbCh79GCw# z()@(D{sGY--u6~sd?C!xzyAU$W$C@|5_hME@g-CN&r)Z?eJ}=>&ZW!5hs}KnQ$LG? zUX5md5$Uh+ydw(Ym&=1_W3eI_o`0l_P+$W$Tl6gl@LA;g^f39gz>TG!x$Sc zg)tjL^>a&h^~>iejJi4;EqD*0eyua%)fWNvtHgZZUJ~AU5%YdALkRk>wH~kT(Ul$*E9=E0QweiY;b`e#0IsF2&^zn+hojvCy zIuGzZJSNndZ8h+fcxZ-zvg9rS?HQNHpII5E`gb&`f& zc%+D4$_k8cP)|LJVjO!;UXsN8{eXq#5A>*UqtEg+43)q!#W&(AKGjoAX}>y`mGk-? zb*`9L-}HFAOnfS(5d5s>2MfJ1pT7(Bf%G+uxm!?&ue#1{wHknb5zk|_3B3E9TRD!Q zS=(*?BR=WASs(qErp!hPD(-mDoykUu<&CA`IW`riHHSc##I833TU_T(xdJA^o#Tmd zqBlHZ*)hN8jcnjf#VP9hhjkWiyKC~qPLBYyyV~h`DvN7rXh%8St9*b<>p9Bh_?!jE zi*5d89BB+GKf0CEqW>PNb1Prbiw-SJPS)(BJg67MSKy^-zGcZkQKb3_egeM2ZP&fa zbZ_~g`W*Jkz3-eRO&64Nl^Xw>H!up+WOz?lbT;t6{v9RcjS24y7j?HUyeqRq4+Yg7 z#^~w}x6*qi^_mt~YzRJ`qipvowYt*Ht_Yo**&fs|K+avN-6?r;}paa5H(3gj02n6>{jDJWZuB9@N&s_euB)ig{Iq_qxn3G~$pjeM#4Y`J3+2u3r_Ox_b(-5q7}IbN&$amtsKim8g*78v z)U;>xQ%t$(xc^+V1Xo@P#13uaUy<$wp1vLz+q~o?Ox<35^r2cBlf$o$^=KP~fba?4 zXKogJH4bnRwT-%q370r=y*oAsZ%K4Jw@BOEX}07SLd?Z<5Z&w#0p(|5=c$kthUf2&~>PTDOrKe%+3SSuCxP}5(H~QqRvG; zWazB%*c{}QWxOs`zEU-GU)i{s z$A-&6l3r2E)J534HzU=D(C(~Xm<%puW3tA|JZnnz3lj+hQFyafuo1843b->35s%nM z9Fe@_8$szL3ZPc>I^4%lH$97!cQxt*(%HEy)WRq94Htj%Mf%nc{Z`YOSCiOuB^AM} z-_Tas%AyZZuly&`oe(|v5El63@F_%6^(w@L%1YpTXvp#gQjDld)jnU-?@N)B)Lp*~ z9~a#OMkN_9>#6f7dok*U@92=%#doN@{5W>7!;%Rm`i#S@$h&_Z@%Bl?4QuJ_?hKs` zE+!To#49yd1|gKL-7cL;$I^W3*=kiX&V+ePWoMV#^KC2=c;j;Hqxub=i+xQ7b`j2_ zxP{8EHfJ{D-fmb6%bhYkbYp*g^H-dHek-&dcD-_(p0TJok9U9WP*+z|IS09_-cG@3 z3@`Y^`?2aOQt+xPZapr31Rd%ttMsbWg&qi2#)4sJCN_dV>SDFMk~|f`EUd*+hTfOJ z1vOk-G=-KE@fLFB_9Rv-*$3H~!I5~kWxIi2%_2w%{OXk{I7QSnS>tLhp=~BAZ|kq2 zY%0F!Jv^pGteik;m5q@er5PrFwV{+6Qtq2M?c$qAoBz&6L3y@z#|ZvHUEJHER)J(YM6P$-TTV10uQXCw;#tT4ol^%I)!?`%*KJ3G^yEg|!A7 zTlYvM)v1^$>Z>b#)fc+IAr+PGB5z4WSyH{Ah3*F{V&bCVWNEr;+J=5 zkt+{02(t3K5pOELW`EO#ObxOXG<%E6E}{-~{^N`d%|p)Op~!^1sDiqK_E|fo;d~dB z=oX@Yj6Lc$D&Z14TZVv{RN~YTTv8b5P;Xa?fz0^Iw~%{wHlVy#+dR#LmQBk^c)N`(+n2}EblL2pCt@bsh)w=! zELDpyqNF2z%WTGyPc!f7Ee3LWOIz^;j?Kafezdj3GFmh&w6fPWg5S|u+GadPob?AR z%JMXdxiS>f2Qm4IhkzP7B5%_pf1RtZ{2=Ssp^-f0Mie7k+|HAH#Zl-Oo-n(;d{#(7 zo@s|qo`BlnAqKreNuDlA1kU`rVLE3np~fa8_XkL>K1$aTKe>U;NKkY>#A4Tx(&kAD zT#P3nSe4|Wn)qH~ai#Dj4}Txao-_G{T0DTI_g=CJq|^NPW}q$58uUrc5>~xzKNR z!ZaJ{fBo2y;%S)Q{%|ES*td2#yt$H;QB@ji&U%%g8@ghgM~QMPc}Z^Qxo+h(Mz`M} z-A3V|2|?Ma{^kT$a*MN$ui)^JZs#Vcz#9lvy3&YGV24#xKR6L8CttDW9Fuw=@Hnp^rrbC2fsz{)msMo$J3~`$*ZKBY_Qs)2ef8I&+aH>jAa`=f`L~;TNd_jzHu=uZ zN*x);NSQ!TzQCh)DQfnw@kB|e#B@|kFZNxJ0b%_}O>=p!^E9Va_oNL_smS0 z8Xs=+;F37%jN>7Mino#SGG`k^<+?AI;%s$Z;Ge7)o!1=zn+$mVBq*Cb&QsWlP6a39 zGvivdH*2_jN~;cEP59EUbtwXGFqQ|cqm|1m=V^4aMuWP8o|2EID+PUg< z&2gTWP`&&J-6N?!`55UgoPQWI*eum~{i%@j1+dC}S%?xABB+OW6+%FbY=0Q5?I%D= zdO}ospd@rbNZaJiSCQwq33?Lg4Qy9GX(bBiCo0iG*-{HPmR*}FWKOeie8ukxLnu7G zrh-p2Usr-Dr(MA7n%j;*GvmSOm3X_SH)|fmc$6x(O~m^I)X%Wdp+JS+tfEt#G!V$~ z6r^Rq7u0K@JK^HHR!5$)D(3GGT?&S`;WhF;T0v40xQFpnIu-Uj6c$UlG*}9#{P0j1 zmF5z>Pt8B;6qoBC9=s<9FLOu69I#tvY&#OT#ptZ(SK^L?H@~_g8?UpP_sz#uMj{C4 zI?uBl_zIMq#r$1fe@X*TYl9Wig=&@_!UY^?b-rSSPN9YmbiqNyN6Bxi)Yxrro24T3 z{pNj5%LRsA*(C<@jH-BmQA1LfzM!U&row)_);(>nXquE#?5?_6)HXs%JbcbR&3@*3 zEX`)Qhi{vvp7Mn@XK++q@EEJ+ILvS+SO8a;N}fHBgY9-TkGVAe`F!|{Z0Nomb}Nl^ zvpVK|HkAiNgF0YM`0U#-F>t4W#+3#&u)iCDvA7(=*M}tPPM6?x&My!0W5XsL6u$C) zI@<62Qg*9De39b=F$ntjko72D)g)cKQQm1^6t~_`lP#;nDi5MN5ml1*DB`|O3pn-s z>bOGZPAP+5jk_8H%|Mu1tt&G_dWK(Z;@51c`N|sC;5-fUULacwe#Eb-akfizQRZec z^OZ2zUkWD?YQ2z@Gx1C^Uhx-<9=%aY5Vab7t5iNYdZTO>*|L{5G(Cgkw4smEZ$$=n zw2)3s??=0xB+|-totih>g`ymdQ!A5L|t=az~RRF3iq|v*MWmw17X?JwXlymxtzAXhnI(Eoj1W- zIqp0H{R&L48~MsdF>&X9X^(rw(rYt?we*y!Q4<<9f#0wTcgyUkJsYRg(oH>Y`M$Z} zRelW4((TXh4hqf#0zd8mkV0;`&dk)y{nfQ);boB>WW>JTJQfjHNn8XiavIckKEr1T z5-t}=%WQ&DL1ps#r=`0>7LT$|Sd058xbH8r{n{1Y^cZ1u17Gnthc^wgyQYPzTrLzz z@NLxu(;-h_vOx&UZgW?;(_`GDHECuj0HlxwDM+_Fk4U*yvEg{8Ln1D-&ThvjSwfj+ zkcUUa8I5rULY%%Gaae@Y5EbK$4mAw&3+Zm`*YVftJnAbW*;4;5oN)6erKCIe^D8%+ z@j?L{jDNkxOz%4Ma%r0BM@YT})4^hw@fAzJ570646)4R>oAnUNmT|FibeT8ZY7Sb; zW~E!tiuo|%e37es=P_+2O)Rfd<$a?K`fWVI3UkVsetbnNZcLBfEG5vBrygxnb5LL6 zafw<3%>1SOJpp%$p)502j`8?58Jihf*VOzmKqz2KxPW*~$~zP}{#vG_0LkgaeeYU& ztt3{n_f03$!&x8|NHP>L{U%L|ETAY2F8hcQij}T(Ri%aUSiz1FR=KZ@3Etvyej)Rr zV6vso6dTOY$w|Kw30hsfXD_gLdLYQD?nX_Mczj3C@*x-@Z78zWIV;7*KZ=4|a8M*3 zE>@q$U<}q3RgV%B(vBe^@Rhjo>^#m_s3_;s#;GUmNUNz#wt7rQn%^Z3e}B;CJ7az% z8IUdM1>S;bKa6t^0#~S{EZ-TEe39#DOeyU^FiEehwnI6$|9b4oQjbC*Yckgj@!lF3lbQ?l z?0Yy&xcnM(N};bEXg9}zS2b;xY=!iYgOSLSo(Krsav@B*#=xG0{jyR4{73>^!c>&XX-}<%i(kP;VLhn(16ELWjOJEMs)LoS83DL-p?(=F8b}D+_~S9-aB+-uY*+ChO6olx-6z< zNr#?Ur|SpR{fpU+dAN_O)Cz3#h<~~oME^APO%~g?Bz!$!m)Os;*unY0iQ2!^G}4+M z*XnlQ1wU@wZ`cPurFg;5fuLO-9Y#aFjgn?p*Z97q>rt;Ff5@*_x7c2__+MP`qraKu z^}CWqzi6G@Y2zH3!VFD#zf3?8{!qQ^^<;1fEHL;NzkqB02PntI@8nc$m#qH9YlYRe zU^H;(#qJet$hb~Y-{?VCX(V-}fjJ8`jbHygUt({o<6P0499zCLWfESgE17a)f5F9W zTsg!JP%R8;z-_iN=Pqed+74;7bBA=T>RL?q9mQ#C@5L8gIYW6sy`(LoWumiDIHQQuwVre#P=3?w9a(SrA8zwJH`AsZ(x`W#okW$OM4XeW)6?uT+r;}ucYa(7ZgU_DMN`e zo41>FMcvP?pot@wrPHwFpQU4@bd&??7MZCBPSxz!r_$RQe^F%_YYk_=;BzQ6L*owC$mggQI{fC zxl_D+B|b)zQ_;%%HzKD~@r$%riOW$oA$#@b7}|<+V`cSKTO>^@&&2m}q&&do)E*ep zn^9>oE<$b9Rkbw5rSAJ#1K~zaE(1$HIT86^H$>SG&7L}}fgG?KsyQ*t;TJc=?wJ3E%YQ}Odz+n7X)Iyc60ULm!U^8-38rT4&fX&R& zn;m9OPOW;9Mxo%Kbq45Vm;{hdPj}U;%-I?mrdX%vD-ahTBDVltg|B=YS3Q*ap-6kU zi00xe@I_}dmPtzyRP&X;HW0J;*dw$=a&%!2-+A-GOy7A6h_<-rx?v^dz^X_&E~J4t z`hGLR;`sb*Q@LqXS+4xinnwZZ-_6Gf&`@tFc>} zaMjv@)H4^xO!x5*KjGv=cffVQT~$GdG=I+F-Y{f3_JRg1M?a)3;4ajoCE=}e^1E#nIpwr*}zIDXVP*DRtsV;d}N{wfNg}xP;9f?owixM^&P#;^B}BAbvwU% zH@B^?;g3h8@Q}R)=V+KS7+r!kK)}7bW%1eG4qic)mGgUZFMJR z;^6|Xd^t@J{k!Q}UaQp+Ni0Abs0k)iwD1*Ab8Oce`u&Y5P#AYg-o*nK-SrY4yrB3F z6O%MF`?V?Tn1Ot~X8&L?4NA)&#PzrSc$*X{#>E1j*Wn9^;Wa|ZJ)>lA8Y95EL znPM@wQZY}5in#-FHOJy=<_jsf;v$xB!kMJYoruaNe;!T$Uccy|+uW!6!~>dd`sZ}* zQsowbf2ta97EV>)F7Ec$(FY{WNm+Q%OU%dHrtq9)J(eE$-)xCJXsPQS(%>63qhcyBMf3LoGfbAs zRw-W903&}o9g=|fz-!)jZ^v2dT%{4HLceDE3iZkF0)5Cq>jBEQ~T-cp~KI2leSeRmr5EEe@Ue#I2y@i#7*Z zbJ?L!rCC%?c$_<-B?d3(yg|^h0GO%c+uR2)56iq(`qbn6Oxh_bMvt>js&i+iOEv4K zVaSERnynu}bh|@T+SS4yVOiK&$5*~Uh6{WpN#%hlS*Yf9$5DO3wvHWEK)2y9;>ziM zF)-DH3yBXe(ADnh_zJvO0-DWx9mnZ!cgP!Y{Hp7`qzl-qQ;TrnXtREa_>a}y1iO}Y zzm^+=34ohqK^-O&F24d_43rX>I6{4q4wUZ1(p~{$jx8PsVnDZzqf2q0Pa+0*L1T;JYg;>vEyp>?Qx_Lfv+8ZHWTIAqgD`& zae=3J*$2VP)V}ku+E{;M?|iyJ_Ugk*hY6Hnb2v}2+oVbtXrad+7kAxD`6uV~^aBPz zW@xzBcZ)$eq1J3lVf zi~t;ilb78?H@xkGKy@{td3q9F=Dt(iLeHH8$M_^fY&#(K*Tl9XcpoC(?l@Fk7|uvl zh)fP>_B{h&5;kD~zM_Xl*T;D%@j2nd+vp|0=C%u6_aXGd>dMd1*>2sX&!{$)pBo_w z2k&qzyC6|i&IH7sABgI)7|yEM?;OBhO4E<2_kno9?crnUP4l@+9#ijh6d>}A1aCeJ zdZ3&HUNus#yB zh5X~u-;i0BQ+Zg9UW<7Jd7Uy$78Mrp2%tiirJ=Z1v%z(JRn$W zzyI_8BnO{Rc1*<9#fner}ipIg)ttV2IrH6vE=G329<_>)EbzBzCH zVKE?@J%LFk^YSTPr5^9p3Jkor2uTSB$ZA1n+j4=Q$u%X_3M#w@d?TnM^t|L3%sL?69+bDaokO zqS-%BMp|2`U$)nzehW1OH5-e!rLBVef+fE5Mj4-xyyA9E+wMFrr!kF!t(s=v-zRh& z5AQRlf$Af4%KwOL!5G@}ajK|*0--ef>c04hBvU?Roaw85Il60sSHCU{KZt^>L*<*A zA{j$mi*rq!eDN6y#bTHcKBuu5tPc&t+G)kRf`OTvof9ZD<^r4IH}Y#Ng~M>g88R;P zkF&0@+%*iFwY_RwEMC{)r-gx5tf+LHLNn1c3LpMc&M|F*{iwe0tF;D}MjJ%M1hcWM zD)qWDEH#2^yB{C7j7G1)ctTi>3l~du6oxjdkQr(=u`35=(-T|376_lRnS7A1y*FRE zqSNXTo6_s^p+O`JKUxYW<>fH7H;Dnu5&i5Ud&e4hcfZMV#;wu1uxmI58`nW59hon(! zrXxD4GU4Sy8Fx(xtndIbiUC^T!;BTxUfU2=a%n_=kET@M znLmhJCj$ll&s{y`;LOcJhI__d!FP~ZL;4nJW>dugLn!V~(WrWl8}}e*Gkwd-06r;w zSj()95~}q(mq<-EYTXelis-`MF??&4DwU-S{iW-oKQlD(ZbX5{Frva_g_BIvEqd*t z$P|%qir??UzZ0%$6@;Ap(cCu6f{>(X@0`Fjrr7qxBzp3J!Kt0A<6G~>__Heme*7eT z!thY`MCTs7 zWqs$zmR$N$GT};fK>U8;(zZ?YznYAH-DtUE-|=+bz@e9wZX3fb3oEX_sBE;fW>I{y z=J34CjPOZy$#fhC+XV@6>0WXyt5^S#VWjyUfALLr5VoX2)CUf-<&~KDP|kz#5vfou zzU$}r50$fT{FKozgA9U>HJ`2PwWpV6ta7}}i1J^~z#Y8!aki>Cp_}@3x1i%uvh36F z^1tlM$KyHd-<>}saMCOF6-uEV+nZub1J(9yGktB*+cxTfX282|oUa9 zlgp{E{k*{G7(1D_zi9+AWQ+jv?^5=f2P;ite7h7v5dCsuUdY(2e#}0tVV9)KwK0Do zUX)oE-P&hpS!&6+ASpTY`c6GSbTRGw>_P6s?1hzxsj=DwCY3Bk4eUx7DqFvsq+=tZ zbLqG=uE}r}RF%&RzN2ZmZNGzC3~j=IhhCV$sStB8Eg4DuZYt#f-nFWtaf{`E_%GBE zDKyAA=_1DZ8t>Dug{!?b(7x*cRnD26|P^Vr{ZF*f=c3A%yi4Up&e)9oViF7Pk49?%@sx_?e0TLU#LjF58Ihgj*ermd503K%0<83H{jMu`);TH7 z$T2ExOUx=wUC`SV{iM5!`EYTLWst0G}P{wJwr>6gS9mA zgZn8pa+rEw0lM^W^Y}0}GfCSedUP6S01|NEh_%R=*E01n?B68Zv6*r%cXt@8}wiMrbc^|W@he|k(%ktVJXo0U?Dct?k zp$=L7RZ@k73a;137PTo1X72 z3z_@q%A3f^_wLPw=T~?kviZr^FeG!^GJHN#;jVl(v)c-M?fGKbY{9gAgvEW=eC^ud z5_~$B=fBV`PjD>-wa;@Yqwo37-+nuz28Qu*aP-(-?-C zX&8x!3GkS@{uqR*pdKIMYK`^?`_|(OOEeJP;uvT_J;x=mrwJMh@nKJ92#@^+if48h z2tg$jlWJ5E+YRpz?C}%&WOOLMK@C9N(%#k1z9sSw%wFwK7Wl|G0iFfIu!bgf zf42D8fvNXmb#FP?VXH&>6Q+$$9GbA{OI-gt9Fvexcb%8Q{16LW;ZerKF>TCnc5-5P zYGKM5D}s$1Z!e!wy9m3xqxEEY<{=ygIxHSHl=i{kH+iu7RG|h%A5^IU)SjZ7PL9{u zkmiXmkERVcG8mO+7SorTpF)V+8SBhzD7-I)MtooINm#DxMdQX`P=4Tf4WyK->*lyk z)NYf{)(~Z|p0u9Y50B%Y6S6-HX6f`c+qh3o03&j*G1^;zo2l-vL>Sa^ozA24Z5JO4 zjoud>_AfCR&kgYKmwAGRfh`iZ2h22nwSQC+ahSB)_X@((n6y7&ZEJQ*#dDb_GSopd zG_;zEJD_IB4pAyk`z)T{Es1mDQ-6Wt8oZCTEkTEi$Z7o53RAc#sPyCR<1|c6nMuN8 znGkY<-je0Un~0>9cp#=9P`6Q(6vc&5>;ZqwaCqv83f`g*#u+k{>ib#E{XT*c6N7xp zEk>@E+Y5v6ilIc(Z;SDs(FY==-$#E*mFwuV=R^9yn|;mwcd!FS8rlGkZl3sFM3fYm z>oMsFq61XE=>)R#^+;lS$bFfH!(=|QS`R55z8s~y;%xB*&Pnw02( zb_Akl_NXWp_A=UjOO1~p&w=^-Us8KGDLVT!$%lu^Iq13Udv3ua+lwVY0PL1n+ZOC@ZwBpP8Xl^ z?dWdVw*RtR6pnN!8l+DxfX1Gr{k?}LK@=PE_Xim3dYRo^mwk^9p_i11={Brvuo2I@ zbpu~o)}V;ZC6qy)YORC3pJ*AjrbkCEJT{KlC)jAuYUEi%fdjV-95;%zLmUUe;G?EA znlt&X!PCX5R6K`u7)KE~!V3k|z+}~72q6~o;o*ip z*m{-8kGM4#0eF6_KO!ear1l82^pfQS%>*|My8D;7<44|v4sv!I4=EiPD zD-5{gI@s9lf8veTu)rPeZ)X;g|EsD%G;(A?n#vVivx?RG3f8jbr^4sQ&r6aa3IFo# zuIP8B4~#(e7ju8Cw5Lg;yw#v`XfT;mnzE^*4C|tge zj|~NCcovs8yw8a)Wca74kN3)(U48U7iPdlKALrjr_b+Td-N)9HE~=TrONJtv&jOMgGFisHF_e(5&Uxy>E4zJxJq18ukJoYi+P1oJL79#=jfU{HuY z-lCb~IehQ$xwrft-%+e?<9mvR{P;GVb`F!evaM{bg?$gsT5fR~KN|t_9RauYa3Y@@ z`=6JSpZ+a?)sD|kw0q{LqQeOSU3{$)kXg?mz7&%Wp@jxGiPO{s5v%ngtl7xeJ`Y)1 zs5{PHaEyi`dX)cZP-xB>Fi<>fF%oLv*RWW^Wtt3S904EQDdA{!#8Sq85y1@DYIs z*mB7c&ytTL#ZZ*M2_Jw7vI2}c)6sKam%C&+#a@w07BF9f3Av4(JC!gEfp)67%V0fd zfZ<>-lGoiNhVbISOVgtpVj8Rpz}t;Jo0zY@3}H&moUH8pI*kMM*j_-e%kbUcMFyoEvh`6mZYL9Ma{Y zPi?dLh3LLQL+`#a>?b!8+fn(7T<-u^q~-`0mZF21{CO`b;@q7~fIjVu+KfW#F6P9L zhIpMs=Ev5rK%6nZ+_0(^BV)$s7RNuIwL2(Iz|&atZ12m%lya7^toM7D%agASC1M9U zz#F|;+dTI2%$(C{@rS$1Phbss)Tv>5w**ilQ+8m`rJsFc*fA1?BKkoJpg7}@j1Nmjp$ye%HXN&)gu_F_m;Q1tE=jqtdGmM5DN7YD{n*y)p zkGt)$2??Cr=J<6{A&;Mlj^j>%hFv#9E&)pg40k?7OR+l!y*Evbef3^*Q8^({V~UyYTM{C0zO>RnX{1~J?}M2GI@8m@lamh|7LE@Eu+pA1j(QDIFHy-hS1-l~L4=JO2I@!NKji?c@8(E<9a#yYQJ!-5b&SaeK|+b<4=sM2_#|| z?-(JHI1ajW5EtWCGw*HT+*~3&KN4Af-4?%P`M1(>WW;S1ZuiRQ%0)yCaxpL1s20N3 zf)^2`5nt90*+J-ZscB&6#W>huV1A zDlQ7m7K(0qxT~Mwz(2p6cKW0HIKv!T&&?8Ox3k{<62N?DC9#zL?h5YaN|>{GJ= z1rnPLfa&%-`TWqSBikGvAV6>Fq@B^3(!6vQl8{}P?Yi4AGnZ`qxE7J~P z&F1Dsvo06!kd4yG?Srv$xzn;toxe3BU>sZ*8(#MpChZN9!1@(gW*CoxQuL!EKi12s zqu#rnV9m%j%8Emsz?HBx?3f8{6rmAFUEO^74{izRx6L{!Zr7`rmoJ-F>YYWTeUxpZ zTKH%xUK~s#ykUf%H*O0tx$%mRLpbZZe#-loRWFs_mXe#;rA9S(asl_BrM5rjNq_64 zTzwqZT^8L)j_!WL-Wfu?fC?_W9U$_ikI4(;seX0+2w)p>_PsdDEZ8XxS0CKJn~)Fs&0auROi3K-_aWw_(P&hVSMsId||w~vAan- z1wuO(gqK<9-ny4D{js`raC4Zm6w}H#L_Zjb81b^qj}Tm+ewzDz<9gSBOnTyrYpY`l zQe%qWXChfhYkNENV;qs|AV{k4#-^4BhI%Bm_fue`-9`OP&)a0(B-|Qtgm81zF{X)? ziRWe{+Le=fC18-8WE<_qgYI{L2h+8FF+$xU{4|q>TCq8# z*QTQ#)zn}i+578tmGmXL>)lfoR0}N<={Xw1J3E2!lWH=<-(LwViKnHs#b#E2Iyms^ zsngOZ5c78#kMT#?kQTjX4k=Xa9H2;u?%LcWRtY<-v@hBG?^MA zuRe-XlJ-3@p-?z2dB@VBl!yZBu($n%;0Y@*1g^B2>711z4smSabgTjqjtw~DSukiF z&Ie)-{u~=*SaP{tuqL4Ffpz8xUKvjBz!*+P@)91U%mG3}$U#ih*B>%b2+geH?vjxd zI7LT{4hz|B`DG%lu(qY1zbr_Ybn@)cxSW2#&3g{dSmz4(bL~St?crb=n+(hMn#Pft zbysU&N*0yQ>#`_!ets1y0yF|#d(j%L{43aW^b|va!FHQa2nVAB+^1O;(|~5;8|}N1 zTqTAPN@ghDt<20Que*h;tSZoLq5(qaf-enA)8gT0r90)5c zQ#0f62VwzRIqXpfS~=ovWyCc1vADSfqk{Ii;D5z9hX3JqAefEM0wJKCGF&Wq>3to)Nsh<*~)t@b(AB+{QoPq)bd$Dk->Zs32?48QqEPAgWT7-Y$Q z)qv`yS3u^H?`5@-;wz1i?3T!PbH55bSsd*Zh1@Y~N2^Q(qwZZT_P3;#3zER8RupfY zj%{Lu<(U{5XuwA8*}NK@3t&|!%I-T$99pOuVO60YT}^0cfYJ9{jfR)O9xFMzq_XTY z^tAf5$Rk7&FWu{6CIcML$-BJvEd|Ag-??r3O0FnEXB!JS!jpQOnM9)$zvCOeGNc5cTb z51*o=3u4`HfthAUV{(re$Z*vrYtT15(;(}=aa?bj)}WM5n32__qrqza+|Mf^ED2v& z*tAURf2f%g&0V`<7IQ_me?tlR%$xf3`8agGHs7O{3KK-QS&H)}^oD=5%6z0Nxx~MS z?qcyC`vHBAko>QH*)Hi#!IuR^U={OZi;AdF9!YO86lUrQ5w^1|3ynvjlXf4H zLxmYy1cUAdiVt!AMA0wV{eo_!T>bMd^b1OZ6%zAX&q-Wg$M}S5PM+T--1Uogfy$3t zHLuiC4Xv;XnkF6Yw&DH{&o#)OB(a}eeD9wYZ=cU^HBZZ}?=1dOz`Rej#?LXK4SIc+ z&x;g@5AW-bnzy&l9Ozb`k1l!i@&ac9vrIp|P&mJrA{pWioyU(`G-!Rl*q$4ltVuE# zMrQISzL1*dxdLI{)*qd3;K58pepmKkI4;fjy_a75Yw9nKTOEa+H_C4ADn!*5&j`gWOzu8oOcQLK!*xv}tMzV|l^8S)^;(@>W4fATZDD z0aaT-7Z@(SrLvKW3%@maCg|#2WOrG-rayZ=((2n}cUifn+uD(52RwQBD7afq_YJV~ z*9GdAtW~pmei8_J3?zsizx-s0D#`R}k@}x};mwh-}$1ixDT(JD$oh?_4FJ0my zFX}IQgG?kzA8-RxF|$JuL?tKF1%02ViwuS$?_izLMTj~G-E9Wnz0t?#z&aPATe=_| zn069HVRuvDqL_t{bU)(2#$Opf`5~Bvgm1Uu zjMH^{8~ntmVn(IAHWA>-Lu%G zvwX5eWGJ~C+>&CKfPoz6l_JCI0Y30lqs6EPcme8&f!FwaV=e)#v;hms^Gal;Zl-}Q?8vK2`E;*M*v`m z4I$u!6}<-OpoBjze1z;Ef&Yc!vVc$o=r4Q&E>}ikU0oVjx0&$5! zy4^m^VQv}FR|+c(@9JPeyJ0?LUuWbgFg?KdF<@)V@YxRL>0^RLDhSW;b)sq#?PDK1 z-MZ)9H2_CkjcKya5v31^zX9gAXLujLVg)`P3bKQGT8B*iKmd@8KoJARO#wse@El*W zwq|e25zO-H1}ZWNq_QvdMru|vkmRxcR>>WrFK=Y(vJQ9dM@_$L6fgwhN9Y|=09!GE zM-YYwJzfozetm2SWz81U>deudZ|jH{y;`ty0q$SQ8js8YNuoM@@E6Kpe%weNg0e6M zUtP+w{i6ObJl8_0OB4YLTSGfS5LYO3yi8EN?T`)=F4$&_-KocjFhT6;c-tMVEpVWH z_CP99JNRyGP#fm>w{A^#O}+*&J>lqubB2Id_<|bIbnF1J%Wys@XTI)?$5US|EOrX>wJp+VVn`MfMRU>q+6)jc-QJo-KE69w@Q0!Ujp-DiG;FEjQ9o88&S4%haY z{^IFZkj_9bAMDP{;Af}+l#jR!%7CrogNjmvDv!*6Z4e+#0}~$>~KP&sRtXaAMycZ7UJ)z zMDhvdcZWWW)l5$K0Dq@h=8x08Tf^dI4ffQVmp_gQU9hW~D%8vOq(){75%Y;K4WEv- z3A5$Kq5$)>K_H?oaCgcbIOP>xoCkCD7pTE!5Ag=pxg>&%1xf(o{Vf5kzi}0XLkF0D z!kmjOu(nS_${_Z7V z$ZRsiULg`zFB$0NU1P4T7O;;G0009(2yixaadmL9x3_U-cDFD!wfPcOQdNNiKujRA82rE8)dK+l z26+Sl0Q~Qv7|+^yZSb1ke*j4rB>=M3ag`ZwDW+nzarZ}+1!1h9?M5%D1L+hv*xm(c zka2mLY7W8P@KKO$w^z`@UFNIsA&ff`Y?zNi7)4F}C&8D)K zeDb#s&#FMm#AX_VjQ$oMR3)^_0al;s&263cU1p53KkJvf-}a5#VoiRhAV0_l%8AZw zS(W$eVM;P%N7Jk#U{HHjxnkB~v4_J~0X;rvo39Em zzG3@-+}qw1NX0D%(B3v)&bR!ZU5T!IZ4x((0)sxiT(5nIdh+s^^!^qtrPb7kVolu& zF~sl*P>$2omqdQsB7h9Uxl##GN_Gu_j)xO2Jfwlg-Vs7eF|2{}{HszZmzem8=H z4?m(1B04$W2ZpddjwJ$SP(fnw1iYw!i7xV2`S(<-V3a^pNC*2-?H@!=%I-bWVnl?EF2``QIH)!uLS*6eZt1zx$Bph=pZ{$ID_T_`NYr zYDeOWUKO1p5e7^Gf+(8Nc`cU{U3eJb*~SyB#tO-$C{$;Q9?O#@q!LaifyVabyYw#5qQ*78^h>4I zgH`bBB!7Vp(Y(PlbJKqjX=nu@pe3;=)~Q&KM=y)4hO(C}@+k(<+R>@v+=ar+VZb2D z^-?!e%dJ%~-EfV5sJ?j{W(ZA5=*(k%7NOyNA6B>YRIjR5W%Qy7oQ3`yf;hdy`~rRn zw)RXL@K$6sT(%&n%TU#iXXZl2n)h$GK|Yz7oK6TdU+wWSsh*{Q(YRIUY6b?>k}Y2` z)r=@$S7rETaJkcttzzk;fDN1`|K%1A&PMT&ET~58y*@I(Pc=Nc!5VQu472TrQLoKG z^P>k?QB|ozHHgB)5!3N7B#MmGhr6&0_B(j;=knuG8ZmluMjq=`nbeE!KzM!QZ!%{r zAqV47>6HV3EBu)#Uz2Op8Ca}5)`mxS0bDVsG=C!6-35=M?*8l(@net!Jj}0bXb1Gk z@At`Re7%xzp8o>%c>ncU%PlPNAvc}|tmJU;zp$2LnIu^Lb=p+#b`r?F>Ai7cGv@O?3mwR#5dH&R;g&qukcy$!r#V(jOu_TG zD^|rLPG8}1XnlZ#i;c*|7F!(kemK@h_{h?$7=YxOf;>r? zkcoqTt09`HvM5aTv@g&YY_XwqdF8Z5gex;nXvzH&xV!g*)Pylj&eo=57)@@h8b695 zzrjPYT9)kT)s2~ESW{T&Shj}*6Eq<#S2V|`v`}Uy6IlI`!EN42$#P6zUF?Xfz%lp@ z(vv<7$ABa~+3`)*OihXgwAw$aq18}!dxRmS;AO*{jIXB~5^KF*&(xYZn~u3oK(NWp z?;3^S;Ydg9do7HdmHesktevgY*SJVuPKZZOomi{ zH~Jk>`GAZdu%s@Mkv=Yd*oIURVZ)ARSJX<9-v0e$VdZozt;-`;iBFlz6pW2vH6(#d zn!`Rr?V#3F(CXg|@u1T$(x7kE6yu^&aAfnif=Q1XgJ>%fXcjzn4QLh%&jcPz!;mh^ zDVB%#pE5u_T#nFcN_KqTR)$CNrSo5FMm0t;6a*R#)L?0EKUO=Pm|NPe5_A>1PlwM2;Z-S$n?v zO5UZo6MGp$HM60=y)_DnqXSFjHfON#Uc4u`?Dg4MPUw}FZyVV?ks_Y!B$(VK{|Dsw zgAM1-yA9%_`3D6SP{Hd3$xNjxF>c>naz2u~-Pm{5sqlE#a#}!sKhy+c_&j35~pjfl$%3GrCuA8aGwiV&0%wlXn`<$^OZn z1LoT57=T}S@R1B`v=3?Px>6{Uk#Dip%`E7k`C}pd* zF?A0a6?#k$I%#-S3G7=JO7q;5f~J^DN&h<+Zyz4ozRwH2}%fDA{`u#5;E}nz4olbRrjhGVmIs?zd zwyrt#@cyjd4XjeSBK{rMhaIQ$h>TwpwLtP`rB&x*AIKXh*-~DiXyJz=%e&*X!1wlG z7=GASdVk1XVGTLUFFl-h3lu?2ustcqeW}_666{+dp2E8{h)B%! zlsK1%5aR##A)nEg6*5Q-yKOoJkiO@*&nx}CrjbMjs^AoLf?@tGckWy49jTtkKf5Cu1(`f*mQcy zux-vDM_urFZLhofr#(BQjCzw`px! zLCKdik=3w->37!K<(Nr!0YC)Uhte&$g#9`@I#8pM1N#Pv_KV<6fpUAD7UVBgB&IO8J1ds zxFr$%Xh|**Hmzbwcd|_B=qHh3!Gy}Ddf`#Be*KS9%0wjM!%5>%21d(=S7DMVwc&We z$CE#Kv8IZ5#=>1R5th~_5%LkHkd;Jot7Yt+g?WngHW2#B)fk*;^HzcGozZP1U>3c_{dd@ZV^s5^p?qVg~?5dI13R|33JSnT|2gC!37^+4;C`TNB-CzsK1hpkmnx|)MSL3F9yxtQ8KtuNxn`{+VU#!q+ zw^2-6aNx)KiS7Ei-CR*<&yUr&3QV|doa_OgMmnC`HEIrT<S3glX5RX_?)0HPxS= zJG}SJw7GTF79W6aTdVp6#{QKX=0FK$Fpo#~e``AFgYPYnR{-yg$;Erq&pwHB!wLoN zv5)YlwGLHf`+4)H&+(lVPF-K6rPJn_S)DT`+e&JM&#QNmUF^z2t+T_ll1gBX?J}pt zLUr`y_>!wDoIcN}3p8}a(zzgXL)nsbgUHRlrpwu?sEt*rz_Y`5wGi}0%BR2NS0P$)^?asEMfhG+doV0Fn_r}Vs zV#{$SWF%;TO=EvE!DL`ZJi9$n)AYHwf*8! zow-b2|0Zi#^Rbe((=kuuRj(xm#M%>|$-Jq<-F5{oAb5kDHTHf*Nbv-#rNu`5!cA2Y*^B$PzG}0LGW1 z;isoBV#h%JQB(^lx7~ynrG<^1$en0W;VJ%$Pv*Ykt52q24Lt;Dom5M&d;po>pva!_ znUEM7tA6jM<B7*z#%u^&ZM2L0`H&;A zL7C?FP)z-ZtL%@!G#(2d_*gg&Wfkqj`CMIHotoj84~w zM#nZfeBbMb|9u+?6Zj;`Ew@A{Jf=#3B4}{{Rb^fNM{d1!!VV0)w#jpjoozEXTDgE|MC>^l|QQAnpuu=D%({91lv4fXrMY@0w& z&V1Jv7S%QKTAyrh-rTiVfAIXFAC>WX z&fE&qw05GVRxk$^U2$YBb{LA#i>BO@rPy?1#xoqgQmX|m?>gjF`*zE#{>Fh@Q+h(a z8NT-eH4PZa7L05Rr1R)SW(PzreUSl#P3(lr>6SA@6PrZe$h0o9vqB~|$S@}~h2pYa zF=%Zrg-FZ@Lp4a#jW}NPPee1eE;gn<6dTRpD8}_>MRUItp!hI;&fqz(1qeDnB|L*= zO_SZ;O!*6VKD@2r;8i<=xgitt=o00yH<7%bLg8%*_r<^EZ!=?BdhK zs9LI<7IT325*TteI#I{b4{tRlOd&cIcQXLU`(Qj`%!7!!NYT_)%a>#yoys;lc< z{1Fb=<@_~lFf?!X6iql|1-3umBx7#cA*2G6eiSK~)8&7UgTOj{cd5xn`wBTS-=Jv* zaGi?_Z@#DGPI0V%6Xg$m&+EHT7cptQXog{f@k_1C`)XRG0B&LwW6KJvd~r*U989J@ zl+sed?YmSc{*fTbUQMZ?q_?KNBYnI!61n5E{8>OG%s?Y6m5d=T!2h*EhouZ-dbOAB ztiWff#MW1>w4n@P{f}zqm7u1`VtdCGAExJ+31++FMzS&3EZ)0~DVV)3Gb}gK$4z|; zNB&eXC#NZ&YCFdu<0%lkF@U2*-`^JJv%&(U1vbnrCg%gL@*8$WnYYMHjsIF5o+H>#;ulvYX!7C`P>? zjbpPt55mLC$(u9wz-_PI2Nqn|fZHA$a{x>bbALG$NMgSgp0oxpGo$>97W2qWBu<0?Ig(_r=)N<4Y59WD@x`F4FIen zn<`1jF|tu$fwvDN$Stm;7$GW|S}ABTo6pyf1{pWgYZTD&cagBF-#59bJZ>3cL$h(O zEF2{9hsD~t9%9E36{37*uu|=NQ4@VYnub`e*)Hcq1hi6=MnsBc z7LpAT%VHG-tRS*L!zOMEp}cJFnY#JT(=+#N1m)4_&Uwa;yd+3a?cbX55((Cmn|61q zDL0>ntu*VA5)&hi%K5r)xupxtQn{Vp8rZzzP1z+lGnbuO2rI;j-M$Wgc%1PO?#LhV zA2LacGXpX6P6o`ljJtBun;P6w{m#k0i{Z26*bMO1a3E}shg0wyII{riaX0vAJS=$^CM%#BU0piC(P;$coswjIl_|xpXPTwoA7$6Bt$xXo0xfH&AOE6Q% zo)~gs05%$_)u%j{{-4RSJJh7E5H2tl6U^N0^H2D%wQmKCj z6g63}aK4^BRM^G3lI}hrs+*eZLtZgXHZIhQr4#)SzpFFrA+O|MGYcnDx^cvs`Mb+1jik ztG=8*6XQ{M0EwxK9lrnD_Auds3Z&%_N6*pxfX1g33D6#2V6Jlj^@`)wCraiq)KoVg zx+i9mQh494K|;p!j(F%*^;Xmo$&Div68Q<_q0lA9UaW$Mfn+$fTq7wpk&!u<;Y?Y+ zK`?zN%{IN#smE`cbq}k@fMlLk{44ury9W+Jb%AF@~)gVDf7P7 z6W>O3F1Md>atWDE&+jhokJ|K-tS75$Ei4=nT3QoW9dN&Rx#RlOeaKaO%?G|x-y#O` z6@5wx>`J~ta;6*_A8wOUwos%fuz1`0hvLPg5L1q&o{=Z^yS_tVUsq$DPF(rhxFW8q z-!kHB4CRehpyZA;t2L4-wJFq0h-TTv9Xk6vz6lj#@f={XZ13^S1&y|f=|4};i=&*& zz$1R?BgnjdHY*RuFB=CbMPykRI^T`>_f9I}i*>-O@->b!E!{(%!kpy)P{1Vf4dS{L zGI0rwUzqih=Jlm4pEUvIvoc3Pb8aIi`L2F3mm-1m)q&DwKF~jPrWzI5JA|6ENm#AF zKdzoxVvB=i1Ifh<`Z`b)3}1^5IVP&9MT3_Me%At>l#n>VJw<5pd zgC>WBc`DjgsALpqm0j^5aK;0>_{*rGhBh^m)h^tM|{mT-3HwX}o zE;hNVvQn{gU{^a>lyIzKCRWKGBRaLJ&En;^7Z_2XG)WrD)XUAuhK!1F#-lS0i*FZ% zLtNBe-x>a+h3yxy^=od5HW{d1Qg2nFDepMq$<|Cw*hmCj%>1B9Oe_fwb-*e%n<+S2 z!1;X1Al^mmu8Tw}BTKw~Tg#K6`;9HK7zN^HJ?DB!Ep9dzT}&N9#lelTUTOsl<=-N!>oh}}(JJ6wzVTv5fs zp5Gd_zYQe`VnKpo^ha2;6;3P9KCHE&SaV#k@X;)7$0AN=R7>+5jPp0q1ROXjmzRq# zV>^mg6vzf+wQ%CBEVdZIvX=ZrcmlfI9Lv(yTum{o4VZDV>h1^_c>r+ZWP2NCGWQhY_{thX9c+v^a|9lHVpg_s9iV1)qpQ zAXJ_s{|+rhGTD6rTO3+OgmREMbx(pIkN20BN{2Z4A~>~8R?q!D!+OKd!1g!)r21evkeXeUEV_5^aj3^at% zOB^n&aM&r>CK@tPgY02Q_DKeq9-ZEm-5)S2IFbETO1GU*lGIYBZQ<{2VC{LUJ!)Ry z_a%^wlg`l8;e`MZqi!c#E*9|ZppD;t42hPY=tP=IY9u*r1!ejL>{wdq6+L%KNs1t1 z0h(_cg;wNOZG-6<5ELqDs@63p8(xvwJy8)REIrlbd|cxtivo4p$V>j0K=dp(4hz3T z^IbX3a}kHeebeHlbR6aui;p*Y1Vh_GEO;s7CDeetd~nAbU^Xn3|6&`mP{z&*r1R+Z zSiP!KM5(3b&qajkm+jGR7$hoHINl?M2H8d+P^P5EtSd#Y8N0vX3{TWD%EZDd%g|n3 zRKcWzRU029m5+%MCU;&h?WdmF!Ih1Yx<-^-w;EbH2yK7&7G*H2@uX@u^B_VXMEW`q9P0fW+ zZ6m0SlN$$2^>(j6-|pU0ZAKGCTfew9fP($jlUW#Jp5XVxYP~a8HiZFdR=V1ol(bU{ zY&EhRv0@8Mkm&ti9lwtV3PDVn_H?P94VTGoQ=#UzaM_B37b%zfrbF_1%D0+@4zICt zmewHhjo9NM^b}K=-ujW78Q3OnH;ydZLrMUBQ&Kq%EMhN{iFFjT9J~>$$XGyJ8<6Jr zft3P7m$fzNogPSI(xn`I7Hjb)GVi$p8Z#%;D0%0HBJs7&i@8DIF^o+b&7>>5Yb7If zr9q*+Bqy|Z?ox6qT=u}Ocwqr6eS(|;6r|J0;HSgC%2vL*_UQ|zRLZdI6KDl$!q@}` zY47~vDUy9J6oUW+B>EfWeLq71KyRrVp;@|RF#3&zmW}EIlXkB%{Gw8n6?zP zfJ}1r$j(m+u4T5zDvgnSmB6VpjfbvQb5F%! zs0Uh^xJU4JIQU>x(g+!*`(+4wKD{2@k%&(?uk=Q+xr&b6$kk z^?l%?})joIzaP}$)#%W6>~ zvbns!?NewDOS{R zhtD;Go#pT-_0zk5(VQ*Y&JsZ|r?z*D7JP*6igZ(mB`hQrNC&|+?l{{?zpG#t^fsZ? z+{w&0c|D?IM;tS=ZfaaK=}Wg$=wm6(-rjIQJ`bkf!OOurk{xy<;C%?B|M$l=+iCYf$rOknGV#jq$gaF<7BQM zQ*Y`rb3WI$0hk=R{UW^<;S85|eOs*P#Ii|I5|azxwNxl4wEJUm1dzTlfZKTbWGlS&xo%~gQC&V?56nt< zoU)Hq2*lV>iZ;lPPm2|mW)$INm%*NKa35cEA9UrqFTJo0PFDm{Z!6{?8F_(9pSG?A z18hE|ubxZ!3rhBvJsNxQNelkqr?L^Gi1{-Z6eU6C&g@BhFTZH)UK0u|d{1w}825^` zjdL+j=VJ`M^)}JuZSjxjc`SPSBL{3*Z&!lMgWBW+t%CVN=?h{KUOqCpEV_p2A^5bg zVL*aVYP*c6r6ZrIrCT-a;w!5aDN7X=LPH?vfMd`(PMT>PA4D1B?HQDN*Y zE(UW%BgrUCZPp%u0bLj14wuM1c#wB^yn&%AMq6_{`RTgYC^Uxw@qL)i)`rQsfkH$` z8HTaz$;@J6XBi^K{FMm5Rx%yDeiRj8jg<=yiP$_TBHx)murdeb0vIkOm9d4e$3uL+6doo$5zkR&MO|GHv^}i z#FsOPN2OQiHF(WZHoOV7EOf%fm&w;6Heq8%Mv2a8mmT=`j|3g3eUc_g;tSdiA3sS= z%A;0)_R%*0sqv!2P@Mb?8eUWDpG|XhO)-q@gl_QW~jD^V+UqXVy zfZ~sd0KwU@k7p3Y>BJ?6J+HnEa5<-zx!c`T@K-Ija|)ZAmfu3-$Axxx{MnXpNl`AN z>%}mwCK4LpS4q*1{Zvnxy9x6lfICRt>llZ&{=E9$l=NzL`ZeoQSN{EtNz70PF93VE zLUDLdBg4FsU1{#Z@na@jW+-=`VFpV;4xCv!m7e)s{6}CQqI3e1;V>k@EJ243yMzA8 zS~Ig?{`NE-_VknG_%p7^j3M7;A=`-A7Vxhr;w1s)Jv1lylvAV^O%4sBg>iFMij0ES zRGpPgX%HW!kG28!^wv)_0-0`25Wc($_cx%(`=$=O=MvJF#h8Mv{}{}0D$v^MX6i2A z^&li5MXQza9ty^!`AL$Du=VyFan^3->#r1m$SF|0^KOpP~8LzZzns)E`16F7bK=b1C(Gr5EW{VsH4jOdQX1+79e0e zKf#cEjz8pEEF`d;twLEQww|H2$#P^6#IFxfz=1kn>m6NVpQNsH!5L+-{F^bn9gM?B zle~BULk2CXuLaaVO#$W^92SPA_J+S#g98UTYcR;HcY02mr@Eu(ons$EoN6fwUnKOS zz4U~u(Sx;u_zAOQXUR^)aE^MBCBotVTxL-F3M%VC#?%%6qQhpbokm{(zwL|op>A_P z|8l`OD@GFA5Qf?*^8nz2oA6W$T*X*pGqHh4a4Pdh!e(URym7f6WQn{{<5y&Q*GI;63eP{89#j{Nq@< zzXzZC5^q$yeuxVuWf5h>*$D)Qht z_uZcB9qMDuO~O1%G!7s$Gv)6Hddb|xGI0pDt*8P5+_@^_9!^Wr94Zmp0)0)m`{zUu z8T}DbkS;3`q;!a8dmYb!Ql=iyLN&1olX`lxeO2370B~Pl+>WUq{H=+49MkLO33dEc zoQ{=o8KWm1$Rq=F(S>p8xjNW8r$zG~9PVUbyn8|$&5aHa5MhuY_o;(e=ZX;TdsP0YPoBaxsVuu5{Zf{!qQlG$%~fOe=$=hSxz?op>wiQ4>ueD@u4kWDLxCB zKm62FUNQADKr;G+tOLFH!q4b_ez2r<`!h^b^VM@-62ymNnzeHnmD4i|E-k;q@7y)H zTaZvKmlnoEtG4SS6gAe-Jjv`Z(%Wn!TqMHl5=j&lyxz-P%i;2SOae2auoEF zTq&CWotYCKKe6#I<-FL&wWZLvU9()v@9Y)4se*hu1-eNoy$06EQGvR) zk_V=Aer^dIU#;K9Ywz3isvfL+?6I`eMuT5)sZm$CS0?77$T{$U_%4%w?!v0vpjE?L zBaP-Qq?!>WI;_epbWn(0{pZsGKI@$L!*?8y|BnaK1fiFL`Z1LJOovxZ-~Mzi9}3MW z$Ox;50FajydXm#{IzgZ_j$fwvu93l{Xj6iyl~KW*#M}g#C4-RmH|V4-vE!=CDHm#g z8&cd;$c+uObTC_i-{}xuK#x?H5kSQxhJVAtR>DfFb0A=|q|mSWb|#3!sckR>k)gVBUyh+070$pw12}cL zgwe}q+eVIVDiQT!=|vsb_8`+F-rhR&?_sddoWpfKL7gu0kQXY{OAfKx0674YR6HkOr-f&86g^j^;>?Ao51Iy1UD}ayRuH zUI+6`=QO|gIm25VmWspUP^^VZICH%~EdyZ{yf|%j+_jxog8snvQ`9t&B69{63O*x* z6<|8AraTAcw4%2+i0KFN>IA05SO*$ep-rb5+x0Ak;cR&s0_<96jw7!?0a}^7yH1LX zhMnehtf}7S4kbS|Q%kQ`g0phCUV^{m?sYs{JS#V?Ykc8QJA zNi%!eo9tb(X!|9OTPs5U@C^W(Uj=OJN_Y*r?U`-Sm zO;|Am{2|-i6rWC~Hly#XtCkObnZjaOzj%m>ux?k)mu*h+_}Sl*h2N_#4If9<77!XK zu2;k<@~d=im@2i-%Flz)O`T}D+$Kq(9m3Yn8#mgx6oK?W6oG<~3S;f*#M`NK*YvCE zt+=$3>`-y-2PE3^164YRy9(M(12K5#nvQzz00`v3U9s3 zXmMo2(n+z-^v;Q?B5-i*k;uQ5;Ice_XKy5m+R(i^4LZUwC?;xQMTn#+ahX}Xax|H- z`IO#~18Q9>K^iL_pam$nST;keh9GLp-dAAE2?J0n7@6UiqKm~m?jMy_!EfT93GD66~5z@4xw@o%!k$q*5lWlw%?Dc zDk@UbaDDzK#RbPNG6f>TrUo&%PGOGJ1KHL^h4vk7J6{&#aXrobHHK~}jEFEzVh-D? zhR^%!sI!#mEMXMFsmwjoGRqGN*Or62<>Iy|nfpCn=^h`S!R6RG-j6l8{@z(1rtBv$ z!qBIF^;l!>FdRE!65bw;ZYN~a=nP~e?OXj@ouq&+uDC*-o$T6q%9Dfpaut`y5fC`_MioL3Zqd~$3!p+}I){kA5sXusqjK9?&p68d z+@#2DO!x7Z;(`8{Q0hGuPPp0g)c9EVju^LRsZR!o8V9s(RMiswjL*HDe42%duH)J%x;zIkMD~^rr=6lTivd6un`je>Ez^AY^R) zFwne4b5)=HuX*d1@g+>t*k&kjqoM_Mz#*DaZ&vL58)cH_-f1e{>b_ToO-5$R3@b3v zXthk6o*Ni0f4QJI`{rx^$oag;wit;7QEaw%Kk>nRpT7lKJTJg^U&8IK=;iP>IU;G1 z+0e@E!jQ1MlFXtD4E@4Z#OKv10kRWY2$kAtNip_YIy=XKC9T695F zL9Yt_eOT|ls8^n{v4$30F|)R7ozIaw*757FnvR-25NX$8su)piT+69bZVJPIvZbOz ztuCnUckxnO_;v0e86Gdvr@OL`$W`E;{PAivxOH%BIHcxwT8@2vY0uI|{$x+jTi)Bf zHsl69Ifh6$p)xpXUMC8EGi3u7JpRaY$dIr}H1mP7SgLl1RJ5F5hc@HpMc(zT)E`;@R^&q$p{d-@kCN z746&7es8dfPD)y;?qY?piX%cPC~(<`({Ux8YC7?#9mog@>QsSui}qcpU3nTfaB)~c zjZzW;nmaVm@Yb>+yX51P$5Y=%kN9^C{-T z^m0LSb&iIZR8N&vv)g;1von;R-`aU_6N^Q4J3)mrxN7X1ixLp;QH9-d<(h^j|T0zlf)w4;g^27qUh)x6#deR+G*?EoC;#UaersAsTeVy5 zZCGHCF*A2L^U~Z6s2)j=lh*jdZC2TL)0Q+H+xfclaxIVC3aj|yQ9ldu!^fZd0}>f1 zwbx_&wT_ct@3({GV}qdORxyLB4Kjs)5=1y#@O&&ko_o_P!L|VDapb^sOik<&gYTy7 zi?GIuGIY2N+SYifKg69e0S_lclp?Lf0K#s;ih%)PR2oS55l#-mNJ}!3WvPgkrd9qu z_Az}aU;Wx*F`3#!)I5<7Tf$^Xcp_{p5@HlJedgE{o?D&>9`YL|ox6TWlFVY1o^g|$ zcFeU_l)#%p;JxoN(!HezFg?m>zSTw8QEzPayraZD6f;RWX}A8GFMtptwt}n*sxq{^ zQPkOKV(tqid1+~t(ps>(z5^xAFwh#{wz@jFR!oxEfRfM!g&9muYJF8Wx_(CYFjLax z-2q*ia;I*?2$*j~u|%bJO?3U9IhO;zoAnX$OMkB?(HH*luaBTmL^z=(!t1x~26a8u zsDJj)N}P7AonznB%xw`u!ee99!N2QnV@Jr#vDLh;xqIl1pVVN1F1bMxb5GEcD|psl z?XHN*29GH>1|W4F7Xeg@(mB3Od_&9$VC@xFH!7iAEXFnc+a0GFsrXi|ihM0x=YK-= z7Vem15l0vyf@PR?tV12;WzLW%Mb=% zZHsB;`d46Sggi{_9P`ZJE(C=d&(kDdF$+x zbvykKt;^D7n*T!vg1p!>vm$uwQEt*NsukZGypWF2-&Yk}4Lol(9KYNkY4Jn779s-)gUBR_ zaV6l=;l>q7=?xtzUH3HifC}9Wh3Du7id@z5{|fjH@7dc&bj#lzOGp(s6M=`5qPCi+ zeW%ZNJt*oB^9gXpe;QW)Tv=!^XPB>}XbWP_^86B(imYX6`MGECJZ)yB3Hhmus@q*l zK18G7gFXCqRLh{v9lOM0Qzpny21r)S`wApejgWvPoT!s0!P0a`gT<9%Mckz_j##4X z<>|N$EoG3;t#0kCAPTV_0lAZX-2mX7Xka55RNm znsP`WyGXI~aVIoB8Cj>kjPxyXVepFjWcJor(ksA`X6Bx=ZrN1i%|ilr>Ze<^)0e&F zgGsW>OTr2a2EI_;uEeQ{%0KhhnF;e7oW2uF7@RupSJf^mRy*SQIbTI?f0`AD_4K(2*Iq$vRb58bGoAsBU;X&Xr= zhJyQfe0e%zJB2iSyONCo&D-$L0uZ#qM=gshNSb;CJ}j9y3MlNx=e#ib1)r%l!0!ZL|BS=ly)CQAcj$!UQh9Lv&y$s+|TqdE{KV zJK}kYo^>ZRMe{fXW90jLqLpT?GPtond3$x6ptjc4su(vjqo{O0&A!j_S2))_acC>S zVZ!=~U-|2*rK;ycQFrO9ej+|FkSRg=D0173uRk_14;icQzT|C^rUa$$cBNId2@f5hf*Sv)bCAI!Ds!{x@28WO}Rl{x07Pig$(GvFajA9dYQEZp?v8{(vJ z^a(8I{Kf-z?bJ!(2j}w{FF*OOa4V!P=E^gLRj~4~93e-X zi@Y9pC$d;`cKS1MLA>NJT~~5OCkI|pYAFbxyyW}7Hc6nw;r->jIRvs3I)(6+bGZO_ zz>tc8mAjmqb){5r8ptfvr-yaMh|HT{165$y3?O{Ca<+jnJ3Ja$F&;IXE{e)(>{fUC zR(F9+Fc9u8W8$V*l7h$)XzZ;4PWv8W`seNZeaLYJe^GipJhm&j??%CelmW*1p#lLS zQLK>?jzq7Hb*`!O6_;0Piao5ZaOx=JoE|Jq57i6I5~tIHTFX*TR}5ZM?GE>7T5Nr4 z2Dep^2m*>koklFemGv!RzlN?(^-^thAlLHCGCQXdH{Gz?2n@`6a(`gXnwn3ilVOytrW&GB+o=`1@^S)7XksRs|`xQS?oZaV|^=0yQ-24uS zs6(gFv+olp(2X7B${m~arqpiisX~61mv68o=h}+Uca|4}0ZhbKx5Yg+y;*JoR6dxU zAmFZ26n!7UvwnU)JLry*#<`Q1#VS#qLjU}o;1qBi$hX$lC z6*MbsGxH^e>a*2Q_;<7vO`r#uXT5&d-qn;Ljg$^#p=oW6MJBfJI{#Ix*{`Mn(weUR z^vo=mTyj1IZVi~Sy+qQ2<{{T$WV!bj0^vp3?jP)dC%S~E4bd^hW}#WRiU(+29uH6O zqA?NDxfvFd1E`;_1=~+7a*yq2DGUaccr6ScX?{s|_C&oBhUx&@LAv9c+^#M(4~lnG z{ENSd+MXzNdUmgJvo8qqf-IQlNeLfX-h?8jO1ty`b)BN`z%*_GfW*vgOFD zP2THurl=hSQ!wDxm&t~zkOIMWDRN+EHZ9I#a#5hP?`e%f8~8_CsRw|#`a3xUH#+3f z^b}x^hg`u|f_`$b2km6mjH^$0L(3Z=yGtPx@k<;`nK)o$|JWX&7CEU;E*PzIa+craRL#ptY1m>YEHKj`22Hb8oXLkPmB6CSxge2~u zd~Hf!f|&Aju8}l)dLq{WDQWFp+^P$x&LmRjsFIB53)!WKsTnkGD=_TWvq@s%DWHRv z0#h6|t6s-RrNVk1@{XO#(;~s}{)KkQt@MXHEv1952nbpz0r0?rPYQ^c^(U1L|K65% zz3Izr7-ROjsLKCNhDTm`2@%*?3}FB{=r>uMf3_7tVT&moFW=F(^e`3INgK3WK4760 zvpvDMAM^tJr+cUKSK$N}5C8z?pI;5-KixYf4i2^sj{k#CO($N)CWsy;_?07gxFT5; zCr_tkTWt}V*za6DF<0Sg&fznIASAyEY194Iv%~^Rl!8rS+%b})bZW%wgn8Z%=56y( zhFm0MfSsRhkQeR`>@ZR5zuSyPvVdTQ6oYOw`S(*A`aV^E)h9;McDPL0jl_}RY$-s{ zLpMA*V{-Pi3*`GeJbf7QazBd^>}34?L7Q@B?31QzCx zRKUY4b+>l|5^-rLEVf{ud(W_S6>)Q@K9F)&uWHaU=4MrH3=sbr12@aw|2JadA5-Gr z@n49E|GoG>r~d~rq32>^V{Gd{_y0po{AZui)nzn|Z~*`koB;qZ|Fcj3x0s`a+yBt4 zDjn;@P1b~;8a@9+t4YOzyQ}&}e8u#oXtN{r&PSJoF4-Bb;R12p-*Vn1`qH)C6N)vc)sY%E ztF`-QAs-L?x-VZpyLYHua{jhhxb-Id-Gg5r&uq2z@$>aD#&`P)ZH4oXl*)-9zUc~jW42#v(2^{DQFZoLCYf!n*=m9!?1d)N1|>@VW#p&>jFgGCf?9%g~Ah0_}b3;vVZd zA=I$tPyj+ddU}wge==`uJoLyzE)3KQyB6Rv(?Al^=UB|mv64m)1wc=p^@Hg+0jPK&UB!) zql*^@#*mHi=lA2&$nodeD_}d_-Kq8CBTGi`wRc$O@_y1o%mJO~($m~Lw-*Bkj`Uw% zpt9J+ca{U6uJi^b7f;q~xfwpa9GUg&)AQ@;zc7T_0C&$vABQL(n0nE*r*Kcu&VRq? z$m`Zi8z-f%VCH6c2Qf;>Nw|93zr8u%pBJ;dJKDQ2gpNZQ#9d$Z9jZ73^Rxezs}a3A zxVpGnWw74{fQvzZOpdymEM-tN%r(2)efM&3j1J`JZO@U*XAh{CJ>_^z9skR1Xtp>G zv;1K1;TSw9JPb4o+YfO1tiGSOFzECXa}#B?8&3kJN54cN)StnK*X0Q$NMpOFiOa1{Cy;C-?p2-Y_Cc6 zM=qV)q_|uSK>Kvhul%tRnxBb=tT$NnIch#jHhd zPluXi;c@qJj5L6U#ktY8*!lepLcq^B${%vi`2KMclbzFmZ0@tV^97f=%hvMiP zVG`&{^x^|Ssl`a}T|T-8KPcmMn*bK4Rzg$({|9RKk=fR-!SaqMtlXXDr@~`AmqdjM zr9vyHKGjC%+K@_Na?Q^9W%KU?pApT~h9}y-Ue_p5KX$RETR>%n={^`aZe+rn&l@3dRTcH(!@nEuZqk;V#t+ ze6y&>d}1pq#y6;^E6|)GJBLa>B*virUCQ?tljp0;n2)|~a!{}$%9(IaNLvQKypAwV z;nPGQLez&;3a}#JXRMM^&vpk8oel?e2k~{?E*K=JM;yCtf3F{1|1}}p3b)^}sYUeI zS22zkqp9Y~zwOgaMjAgDA8eRVcanctKhXy4x*3ux%0p(E1;$CLxjFc}e8po~+~wz@ zx}P5(x~ksZN_|jn!(M;jMA|L_yFacN`azfmX!$Ha9J3noGF0?Z3iS}*n2UtO!%(9l zC{T!ZR(&b}4u5dR2zkT0S?K1-DA~(f;#W9phT32%G*4*$uquE`SAZC&yIx?~sqMd1 zl@rwxf!w2F-}2*`pxqR|uD%37^Hr~fHb9TH7qLbmHVzH*RXNqcg@p03?()#B0ibu; z8`%p=CW|29!v4`FC!Ht4hoLc_t0j&X72zYAW+(0q!%qaiqhCc`OI@@{N$cRZ0s3`6 zi=ys~B|r|$f?k0+;UP63pr2l@5N+@rWBKEyBCpsZi|1GX;EZOY?{81}gMvBV529@B zP%W_3btruSQ`gVK+GlMMeWG|yklRN!HWol-A~$S&lO~du1mSR##+R*2W^bX$q|OSC zR)*w#c0_(Gux1sh0zOt|2U0tV{CA1eNG&mh(P z1hsQ`eKI*16k6iZMg67_-DIuCAFRgSOt1peZGKX`9>a7`-I9ICCRtI5eP8pS2bWy}sOHoQX^hhp0~dTfcQ=?sWmTqi;SE}*#AgY51ZE}URtsrn1_G{Ts2 z6xylQ!%bIP*)_%}U_ap(^7}m`n}lNfbx<3gs(eT3U`SY|doQbrcLi%e5k%_h{Jdyt zZ$05o$cP&q-aOXQUn09n!`=R9qag8t z3xvU(^3l1}Mdmfj^4Z$pvfaj>#ZX^Zx-D+Q*cAS>s$>wxqGy(;x||4JJKfArjCd9m zBK)>go*R!=6HxU96%x@sOVbXkx@MFH@26pP*lO9!pYc{$NS%w|0H$M;CGN9CF><3& zFT5!dS>i$2sK!mo<^)t@4lm-S+4I3~7LOosV4<{;dd*fCaJYt~<_d%gB`~S?;jk(W zcoB?4*}PfsBNSCU&2~DKx;tAXB-Pjx;WJ8_Qx56sVj)}$ldgzH~-*naQK46z^DdRKX4j!>KG;UF&2aqOL=DxEt(_9>XSbR z>#kn5zeBlgbcJMWt!P?~=aD7U250+dO;W2SSRGz~(n@lar>`BT>RIFAPn@lGqof)e^Mb^ zSpfd6226oQmF!##z#YkyuF!&`$?O2G2bJk2V=GlcuQs34+X4WuFN!w1w(eLig1jpQ z1*)3$g^D9b9PX`PrK0UzN1y&0UM`5{dp_{&5el8-04ZCw`HEU|VOdRgXolC=cFr$&H|Dw(~;c?uPJg zVE^2ZD+pU`F{~^T_kj$rF<@EsY@mFHaa7m{{C>yA8qnK^tDOURTZG#`P-Ry;yoJF2 z_Z;R%m$)ejI4|Ov=HJA+A+Ok8dqVLySre@lTT}l$>DrZEjn4NS;k4>i+n?(0Y}$u( zU+n73!Z%>+9^KBzl*f4QPR-h+<^k#w?fxRP?hxEpC#UgNp}hmJQ(3pL~1nu^6;*M z<2&IDmi5f^spcRBY3xapP=2oSFU z21?yb^5BcHfCvjn35xy=obJxJeUz0{>k2LYQLcwP{92Vr&sVL7HV|z$OD`?AL67mp z{(!g4Zlq1xJIJGwh%txv!j4oFXy&GUy49h9Xbm`eehTO zL!5az3CG9=(M_J8<{Gbe&MMaGTz_cA4LT%7zHC69K})`0+BOF|vSZfqw`#jD`HT~A zoEGXlDSPRdYTg-eA`U60{e$63eRG@yKTP`zmTSbaCvavJr8Ee;)()1|Hatg=U*}&e#@;Co) z!Nb0YXos|+brk+16>MBnl|YE|bg-Xizeqv#sbn%AF^N?}Sx2Z!v(3AF%dN}yb<-<# zG(k-HF;?ERHPbcOf=h!^{v3`a>}|l2TkS5S1vyL+Wvh^jzjKSTcsgmMFxt3eaT#c% zRc2kzszS$ob(4t78K@v?ha&nk9p&Vfty=2h=A&W$BLA?WYv^qyD4-|QA%Qzm6C$YV zDevU#Hx=FdUZ<3Io{#H-TBqQ1b;Rwou854}-XcX~CEc_7jR(&srU9%{ubFYq1llM4 z#d)PqZ=RdD)=rc%ym_W8(W5oN=+3$tj<*R=TVUoZ4kkPiP(2IsSTCNr3cTm z*Kt!udr zPj?RvTC#Dn?DvM@2v6eChn&H0Shovq2~(=arJDIm$0XBEYrJb87pX3>bsBq@4eLhj z(2Z)=6xL3fO1ISQlUG3*1g>k=V}zWbFVmFD`-zrHs@GQCJt{BkxM3C@!!HR z5r7@TK`w&3c!4`40I#{oL{Ffj=#$<+{4!aX5r(fTKU%0t zkoQ1zGrWF+VKb&%S$PY%csBg=A_CFoVzWJrrWd|7yqneAV#57tQkU^rhNJrEVp?y# zfSWOTGHzr=s-^H$qrDQR*0_#i8tbL{H{lK2#s{mqfX@|s=&baG>s6Mc6a!a*ON!iilGe-@ujI9XrH~2>aCNeR%jtG zdN$|S<+GA6Zp$LzINdyS(8Oo{|W2mP(~7LNJF1$cL{Y+T)*y`om^Ijq^s z)DQjep4jTkw2)rXNH==6C|+0$Dqzujj_l0Rxf}SMvV7w=0&xxG<<56s%+C&Etb%GM(HJ9@rMOlT?eySOqEf4J?< zhAn68U?KVPrJ9wQaXCb7tpqC^NvVMPxIzcr!9~Ph&%eyHjj|Qga#XO)MTv58OKf}~ zk~y4~K;*ty(H&wxgEmtXK*nvI6`*sAIiPEfHAqop661=IcDa@Av0 zw+nZ#=#aH;b98ABaJ6`A;v9M!{F%c_T5JXZuBmoW*!$gRv;19{G7?<^4ZMbf!#I!X z0_Y5kWu2GCy5?Yc*FXCr(59v=%*p`KfTjCf#{Mi&=1Y9ZbC7hHmx5HD#5ScIj|WOD z(^+N!>>aDLkaH;@<%a@}1fz!^k|w)M?m1pa4s5z(UTN^0bB#m8da#~TRSo!&hi@U{ zxNg;Q{QaF-hDpC#9pTycSTXy&L<=)VO)S^@;xVYj)X)KGPcXB%I143CsPNAja`V}z zJwd+h)JZlYRiEmya(#6mECeOD>X_9jlQ8NIAyP}DWkv~v zpTMQR?Jxk}=g-Z4ImHg3>>dK5g8EC8wG;W6jgQPq5W+&FQ6~V33bHQ>RC}hL!unV2 zzib$T^$sQ0Kr}dM@4wetOO^=NPZirI1m&BUWteA^fYz@?ahwZ=vT&J5!`8E70>}kx z)$i=)oG7g<*q^c?`RwL`4jI6tBxC|P+#{I5gVP5~)MM1MGz4_YW(M;ZN=f!63J07FcrpMBnjX*VOK>6|dXl}O(;g^?b_nlM-^eEVgo z17O}>dgMR*)!vIKEDrLZIi;-wL4ZHSP>z&g(oA~U6KEq3AhDpzW>*5$Ooh1uzp3!w z`GIUp9i?NYLMh05&C}qe{NP(`AIaP7d$Uewc{1S4;uYk68wh*NG$v{C<6ceSDB(tu zOHY6tGLf`pPZ;oMlE)lXMGjwPCn9NtYM08S)w{v8xT|k3G2dPjJDRpAR67*j&Ai92 zU+n-*lx*KvV!c*3Z&{}H^$E$ZX>W$-HhsItSFmi*qM|!oKZ}x8x z?V&BpDKJY7+XJdHChI9&(kcHa>xn#5Sg#F3+$%JqX{7~q)CGNL3P2gHW=k=8#>pGc zAyOs~A5-DCT~E4Y!3ecaFv>APibX6mFyJaTih3({u{To#Ys;IH9~RgBx*%^%uR51) zoXw#|yq;j!MEU+EpyEc0m;CCqc z&NwmJ%+?qbVBA+ldzfRv&S0tnE0sZHSa1B-Cw?>ZTIe;rG1JjVdgv42sZstEiQ2fa zF{kS2nZq&Oj1q0kVbfUZB_A*p>QHu@NfW@A(r6FF(RLMM*~RU}# z{tl>M=-QUFtXBoNa~xG@OB)x5KLAVqz0wwGIpySxg}TRMAv+==-B(i67Uk`wfr5(% z5n_LGD+=S}LikvoLhWd8(%_i!bUP`vKF6!pMRat~TjEtFEXi8*RRa=Cu|dC&MI3JC z>#qSl30AzyTK!psUBF-p&ML1H{>X-#Qk=tnsy#OYs5r25JMx~$@j%L)^-Asq_9g0? zSb@(91;v?o^MnW!UCLjE5T(QmlMF*O2;W7>ENLi^^We<{y#gi`9zw2PL}W&ZXNRLp zmQpVDC746r1nLVdY06+2mPOR=Z*rtykB%7+xR3;7@Ok7AQ4!R-QEio5!-s7;axQg!-Wp++lj~Qf*fA!@u0%a>`{9D zJR$FeeogAeCd=hWcYrJ9ZOZE-TSJ8iM!*p$tpU=q#%=cL7b@mOe>Ei zlJ_J6mURvNK@^YDM{UQ3g5K$Y*jvqTSaO{91PD zbi9$|udy7;Qze0;Mfj*Fn&>AmAj}4z(#{w*?)O|9j~4=T>EQYxPFyJ+NMalfdPnl_ zn6)mA42_#VO-B*ZRg>}S%BAgLj&v(XzkJUN(!>dT#ug7)q9)0wXId}0FfF07nl3wQ z>QZo+?5o=w<5!kqL+glFxQ-B$?8>b{UXCJMoPuDg*Pb%UN5a78MPh9*!_CD%lgru& zacuO-*-Uo5JO6bgflF1WUl&WAxAs1}9j&Czk#NTv%P%u9?+}3`HZC);*u`T=FwD{T zmwyOXP1erbdT0t|xP2s(CvrJ^l09Pk59u=v7JFPywZS_)i^d+@Fk5khrIQ1{`LbKP zs-~8@`fr2wWHr}UC?Pe|9-%*QYgGR{*axx?=x%y}CX-aHsXJtd`d_8j_B z_ma;9i{)wwS%XCm2KSIsDIWP~+vP)CX6@SFdcY^+K8{^X%X;DwwvaY(uZc$| zrB^sUoVr|Lr35k)*3*oHlJIEx9(^}qzsQkfqH9d`iX(+X0?2l`H)4$nX03|e-|zxW z!jN|w47Qi@rOa-Qln@B_W6MNmT>LTl!NbWlZ?)}l)1aQLu6wo{D*fW%a>9%5_94e( zi~I!c(@1VPL%qmiy$kF7J4f08t5>GpFGM-oEQEHzP3otw$K9b1P$|KXv>E z#&J>Jgbg8t$)SaDi${|fgs6ccUDv}D0HO`M5AkcGck2|49_%p3o(lZnoH61B zDc~jccwD7vj3=(mJgWk`sVQXcs7#3B{^|U7j1qJAE!DjpLj*mJq{W*009g=jAg`pH z^iqF?!tIqt{Yf3+j>-N`RExRW8>1|hnDZ-psoiOuE6TKr%$xnG>b)r*C}DrvkZ6|J zQs*cyTDQ#C#Vv38;DoJd>b)i9Q32F2k^^_&}EC90_f<$ug~j{OV4 z96kpCK0JKB9?CwO2%ywilRg<=IY|X-?p21_)BF9ywW4pL`tT>pkAf9q_Tp)q%h|p< zd{L?994^ny&h?6+03xC%Ypi)WEM>C9WxiX>9p|@eRiw536tiG_@ieWas~lQdf?VRg z{ETv>s!NfTTfww=YNhAHiZm90+IpFuUCmcT^nSyJ?%DNwB1U)~qS_N9H)KT{Vjh-W z;e_;DKqj$!*MdUxiSccx9IOxrp9t}C&-3hb zY%+F2ti0c6K3mpfSCEE^3kl_{hfnEpB+O(VEhl)=TU-D$d;QO@A;0{|gX)K|s>V){ zfapR5J^9IHc%tqJRq1VAk;&ZhboUN-9vL9d?v}B3fC1#ltO5$O=IWFL8bV@fhY+0X zmKvAD{L%-ETfRyYTAaXkIn}=*HG#e|4!`T+D~+VsAC_>ekaGsjA@@-nxV2MC-Qmz` znh3DK7_V3rVB>p|FCt0OsStrk#)QHF->oXy0x&h@BgSXI$@THx|59!LdkGltzgKPb z^ek*Fob>em2kG`d)nMU4O5ij&001nme^T>*U)R>b*u=raSnpr3!T(TtTI=RVb?kA4Z_Wg(C9Q`z)n1C0P6Cbp{4s>P9FbyNLZy zT{Q^@&dk@z__P~0UibKV?}Ts?VLJk9VuU@~Y6T_Zi;~X03FV!A^9d@I2x&txIcj3E zAt-G`8s$@78|twQ@k7N{JqtJ`N1{97&67EdUTQ$Gh&>UKs;z0^{BC;yUnI^8l?XK( z5cz~v`Xlppy-YqOMm5w6Y0Xh}TbUcl8dpZ?n#1VMy^iV;at{c-$7rPhsl z3$1~wNv#6C?p4=j&{ZkXUd`8wB2h1gV03VZviw`H=n!m9BJ$G?6uk{)3@PuDguaC% zAaL18RG|deUwz1O@p8)fX)@-n@sI}t&8rGNzi~HOf!LF&j8L9 z&(L*j5kt)mDNIer%%&P@Il42{fiefuMXS%4)4bC!9t;$rfCq$$m_H#+l|X2|??9p7 zO5jufnpbVe4v&``rqF`K} zMZAvCEUj^OZd*F9O!+93Bo4d^>8tw>0fnHAZqfRJ0f41I1dO*Em?4&S{XpQPB)}^xnd&uwLoT z`pcc77@G+D;jq>73rMb+xPV#+VxX$*)-Tr+X=RUp5F$(ex~m}R785d*3|Ydv`p#=k}2C3%c5j-d$Eh^Bl)4@DK;n|Ij! zM53L|=yPb-P~-Mg5XP`wu$nS#$TtUZtw9grM5;gvx_k~?xci$Z#eeM;{x=y-c63*9 zdh7}e8I>8XrWNh4+m!-`XnDL~Eje=oU;1wH|0g`=bJ+WRpTN1c(aLOqxohJf}T;0KG4*Q+iATFo#4ikKr z^~*3C5gJAw?DC)&Z1UwSkgJhQ3-!;IxCgt;Dj#%l3?En@hK-gQXX+FLEZK%w?Sg9< zK@k%to-5DrMkILU#{g+NQ#daV(Ut?LkM}~B_mQCHTgkaJ!Vv&S^}clOgo}RC+m;^s z&w}pQFS(oHjhP^zz+wkxYwwE=scl>*33#o#$EHtXV!ha>m3c5*it5$j- z$C{CILkmm$m8BHif*D?uj3!~Kay`Qy!3y7OxjA3bRw{AGoCbZ#BQ?_XEE$k#9plP^ zXku_CNz*%=Y=GwnL^Ou%eK5HTY?5AD5Su7j-?)M54gX(g`^a& z@(fS+jK2xY(;MgMie$JI*qvF6B|(gl@jj@x8~HHx+@s^lU{A?I>o>hFR>mU4;o%Af z6C}am-s%^WiBw?DF9odJD4Vb{8D4Az%vQ_>5gi@lw+d0-8cmke+1+I(rFQ^ztwd6( zCyFGL(Jb&?IH@eACX!7GHPI!CVYe2%0&8~3c5XnzX+}BM*63i@`ptfn{|0O*IRjVt zU?!_u@ZQGaWA^^Y6?-ZENkR)Tj7JNe^?NI#!I=zL*l9Uyvn6u9EHlcSEiO|7s=uGWx5Knfa3Iz$*~SbE&hL*k5H!VT8C(0{HQi#sAv%f|EYtnFmy zjLQdfX7IxdxkYxTHp^6ASS0%rEQOcyiS9At(O>*FqcXU>&*9txKvD_oR+>CIh3lhZ zPIu-kAlQPpu)LC63dD~UO;M8}pimyzYzj`f-r z96u_j9_+UI*G)iP0gE3`>p73Vb4y!ik;N;ilohMLik-ZQin1Pc$QQL;I1Wl@{ldQm zCEqk+0al60OOEd`;d+;)5a|!A#S0N>DNUQ_U~j?J>WS&5Rqv*$3^0usEJ8-DKor^x zLtC^q-4cz$mfdriTc;|y(?= zydjTh9?4Gyi43|)}U4%I%{)f39NS>!f0>RV~98_ ziw(khi6k!x3pSvJrw{*@wVuA*E#c49_NU)DKI}d(_jtpyd9cPB4wcrl$AQ9A_AM{i zA4=Qkc6iLgnE>{)1QY4`_XLJ!_gJ}dd|RZ|&b zhS1cnv_7|80?WNH>rICZTLLT{@Q-qy(-39rqyjy$LG|CIO4vk`b@SUvk? zQu%#b9d{?Q(q<7ej4yhoAo2~_=rm+w({RCtP2{?Y4ef0(d(>$D?tu}m{5q%`S11L+*n zLDH$wgwic9j&{;=Cn{b$`uw+k--Q3jOsK?4t1OBK{m@5;nd@5kEvA+)9sqf+Cii)!}KrI%rwu zP4qyzv*_3ty|}gyz5VHW%VRdgu}ymXQRDTJPRjf8yCyh4N=R&xe7ME)!2*oWdlO=T zH|8()^$XkeBkOiI$?|=J#9@YSe}tMefvfQj@-ttSkr;C10@h+mBAx%cp0-LG=tlTr z(sm;fem6hU6Sp=)W<>o=Wk5@SlXAFo$-*D#^-3-9BQBs{o-PCg{y61zXAadVx5s>O zkLdRgik%fS-Mlp^7g3>(esFfH%a8&LXBKlP&RK6w``y{XUA`fzZ=c#(Ughse*=uFZ zfOq~Q2yq*wHH6TMXeguu9%LBJEklXC;l7XUbR2?O*ZNr`62vR<3=;IYE<9d9r(d`8 zuB~3LG4;j2`M@DR?_vxHafdagurGnMqvx3`OGc@cFD=h%_xCG7p;4|d&p$QDB815S z<&@)+Xz(q6o(`oNMHc`|1Np$ zJ?sq}oh)q4{)gb5*0OQhVo&_Jq5K7pR>V}m)`-aI*@_r*tudU6ur!%6qez+{(Lfaz zKr)Ivx+7_2J^a4@bOt6CkenrEdEHm0jR3)lxe@IHy8F`rWtLGV+#GA1?LJV5T;t}3 zw=b6+y1@B@Hl@sND}}@D_2T`{%Jm~Bs68=_ei++suVK5?`sIHEmQP%#MDeI10UjW_fdr?+gai$d~_Vfve~^dBeC}mh(MX>7O73Q6Q)Ud zm{P)Mj)d6;pu?AyDftMYx9wq?J2)UD5n+cKkV@Dl>*#FeT#dm`f%Un^c!QLgDULMV zlwuRv(oKaQcwl~s9xdX*NAMs3(6qBS!GIpoAVR#iA^~I0w+lv1C6%Do0}VV~eJ1@D z;owk$kAjUQ+H7}N+VDXC1kq}uKx3TYAsUpbm;MZ>&8XyN$lXl^G)iv+Km)z z8*vBQ=DwBBm&cn4&AH4YYwjlR(P3+chEH2RTxke9LTpx5HCidV*F_(O4^3CL@=_JB2nM7o!3zo)h&yHGu|$4&NVx20~%yP zh2`&fjky{$jeDa5*aNBlWPzaFqxDu5H_@ybw01E;2a!f=SlsSWVFsCZ??xKK%6WqK zAy_qR3KqYsGPqe5~-? z3@=sV<8_k@zSlWuqes5C&^#HSjp=RCdy%`7sPiD#_EwrSU7wMo1D!CtOj=+E$TJb; zP^x3l;Eyf{^qqtOozxJI_<2*LQb~}2L?BPKi@P`@(%ZC=aHyh0f!SRPF_y65xtLVO zQGA>u)g%c#!-SwYR_LyN0rSqnkk&zjc{BD~E!)rhxB{Jp0DW~UViH6N6{#s?jKo5&{ zd8GL}ucWQ4Uu(3?1ZT%eFg^9CT9w3i3!v?V0B%)^LGI=N^i2TNN>houvjIHvLg+M> zkiZVwa~=}4D;Ok2CSp1Yh)_aDLy$kFZGVEcafN_M#HKO8N=f@DAb0QLrRXInG?8kR zX;rJqjN2Jy1Cn`k#B!sO4QP0)xUhV>lmpshcv$z9w@Wtv8cnM1`OPCpy~riU&~vAf zMG!M0NrK4`B~i`RgjoxJNSKdLxGa^MZgoR1plSL9=c}f4=Ag~JYM~`MNBdYJsVcD) z8IQrLT>*-NbaB-wPcp|TPPlfpbv3E|Ufp~hkmSC2clcG)ob=o?sId5V4*W~;sgPD) z>8KqfMkV|>a72wJ0vd*%58#k+;yjQkY#@L*T+J~b>-)z zRSpbPm>3kY_>dDIMIaSvDkuw0odiAy68<|_cSUo60JlC`o8vH9Ism8f$B>yANv0;Y z-MAF-3uEk1hB%1sx9Y$iLoc{tasmg8(yktoIA}!{xA!AB2;l1FEHIt#^?;bg=GPhz z_ArTvp4rbD?-`+irY!F)y)83wjs?ylf5iB&k@MYmf7@L5|qFTmK zGz6wXY(RJA1vv%lyJPsyOB8aBZwU=j4tqvnHKm!LNbFzN$i%|O4lJa8X*-f)6JWOx zE#o{}w$@p?J4AGSf&_q4ia?WRh^;L1a*t`0%vv?YX;AVXqL&5pS!8VRoS<3XAxk_j zs**1GoLFVzc4?oNtGhb7;jDX#Afm`XT-cH4Dhk~Zh2+|QfD_XLMGnZKGb*)y0cU`u zoVzD7Pm9mhO}+0fr3Z4A2cE_`;?860W+b38PfF36#CZ%@jU?dfTMJ^ zQvuGXb9hd_t=N|>Qa|$pSPolErf4&9eKWK0ieg&i%WtaWGi8*5vVflo3&|{3duG^+s zg(WmN40$n+-#4k?PvY0DZ$C;aRLl|HaXL=!rcg#;ssE3{+17Ud7Kw$hk(2-(rHy@JTThdIOmmdc}AjRx?dz1|B`76vp73e+Fx}2twsOMpIQDPz_gjO zCX_zVjCm8o;Xt;-A^W70+_myUzxJxdkCL8!q9IW#Kh?VD-5s1WEt=(AK-k;v3+YXc zJj)QOeJF*vCWy##bBA}Lpd&*S6p;jE$~rS`$sZX{zNx=h*-z^F)I+>WLnBi0HSSt%ueY#8sa%}_>| z)X(RX^Z>{yvS7@Dtcyw!8V8()GN~L)7FH6;Gj7aGv5!V-%O*(nJ|RwOs5i9T?PZOU zckVH>Y>M0v_vqhj4-850m>?Gwx6lXYwcTT|Whw5XD-{9-C_}erq9U=corMckXddqa zClJlV<8h(nKHLEz4X%C;o%;8AvU$LzU*x~e@kSmRP4abj5I`UUkfCquk$q1!;LU4H zbPa!|LH;W1TD&XTVO^>soid6-_rk`)QsN6_Z@@h2xBVlnQljxbRY{(AUkH%oKes!?u>Ijaa%Zd9+oI0 z%6tIzJTtJM*mBEAZp|1)Bb~~lD41~Curm$SJpDLXhryhZF-)gj6DKG>&!Jq_MEFol z6pE3!bVOJz2(T9R-me zokX$}e*uS1$qX4^8vsMs!`IRZF*OMN1CO*>$J$lkZ|;-l z1nDCJUJs&QiGK+7n|=6R{waOTkdcl_hOG3{KYgk^t<wCQ7B}_yXYs0mR+41glNriOWB53h zR5Ti9y0n~LuyXwGf#j9QW%jeRjGLJXml!5OwYN>ahQJJwXb`2b+O|k#onOfJ^GGm~ z+iE>&Ku=X4?4Hgb)QLL;1nX*m2O?U19{o6C-lcMAHkw@!?G9+}Dr$1iJzj@s_=CLm zNJ>tnEG>Z`-MlE!Lg;pNBY$IV&W#ph_6a`s`=R&y-Ik}z|3+%Cs`K?E%-l&QH|Kfk zcwyLrZR!Z?Vm+$^AOb6&Zy^}bg%`&>=;1J5*wn=RTnvewBUgaVPAj!a5`iTMO&>`> zi#wo|bByL*g|cjldX6HOiuGXIILYiZkrs*ZhLGF^(GHqhKk5f$(sggXV3qORJUGYa486M zR+1DkG)8ZO2ndK&Fwf%~>P)7Avs5dZ1%L6Tuuds1#OWWhey)Nkb;!Ij=?t$64IIKj4Ol>0zl!!~V3C|?V%H<#xuKIpy0yWppY?pU6Y}MLk_WZp#(6yuIy^|Y^Y(J^*s9kxZ0ih*^7V|79num}t zY=;^#xgJ2Mca^^vf*1$bYW=TRMOHt4sB>qo%oNR+4Ka2Y&}_E2OSAJ`KhPkZ@o*n1 zWE*A0?Qn30;wf=hPi8VwI~MNOWDp~R&Z93|j^|3Vf!x^zCcG<Q_iE?gVA0sE_)_q+ZJ9yr+-5RsiHdWS%<1pgamf4P zK7piobMbea!i)QdnA`II6mQ}7I{eDU`60?rnNFD=U7!cU=2Bxs;o(D_LJ1Z8MN4Rn zvG)>uAvKN3>WL_7+=F75!^4n5k*zon=e5hsfM11Ub^HlVU^76v4D~X&LvW`iPb1b6 zScuE0-T@PfF%m`EO~rZeaRE{+X9`UQnVpxP zxy*e-Pev>|*3%+8(}SorzsF*@Gz2j2 zY?jBr<_`*{l$oOuNsT8VOo2rcoE@-_1Akict3xp#V97kqM{T|=&Qolkr#$CbzgenZ z3%Bg4NV!+|K26R09z01EE#>{igodSjfa6Uxs+x}r(B#)b`ch+AD!Q6#s7aP$s$K)MY2VN&=%V7pbg!zE z%mr9Lzi*aCD>2SlG+pXJJ_Q*IS^(>S?y@XLi&>Feun(&lgl%-jVEA5pYwQ5aPLYKS zlsd9ka*o%@OF5eS43B0XYujd&uX|O(d!3UAw7GI`9SJoSV}eHi*+B~JzxCZS-=ZQ; z52WkL0oF)S?D0<(;iFdI`t=z8L>>fcs?_ZAqx1M$JLNRbd0O3aEMor`AYX2(9yo%s)1 zc&eynLJqSYAyOvrNvIyEiWQMWOon?|RnzNB+3T_~o6N5fp@tPy95F12C>g2U9W`tP zYKuEF%T=1y^(rPO7SQD5BvPkr2wMOm##No9IIn;c7eZrX%_i~ie}kE!dG;)uhyUGU z&}o&H)d#FvP`zp&4#>W{GuctDBI4(05w_`1G)NE;Eh%tF#>o3qh;?h~?kXe;u83{w z7VB_2Tuu3KP0U9x&YQphPUIM5N#E9K%S+M~lRalT_UtKyU&~AhRM)gk^KL90D~5Da zIJDhO^-2sLu5`x24w|kb$Zb!Y7SauPBF%+MWWpS;W>O&Z(9}sXYs0EJzzR_qqO=T7 z2v+p^szUT!G-4LE#TOs@iDtWc!AOzLZc5@u9^Vt_@)ul9$F%6DH%Wxoha=@JCRdrB zH!3@r+hwnbfItgoC>-4_#3DZ;8wbnnE8k9<8)r>|$cY*370$?U2?q$J&(t0K%_?fj zR;o0WoM>zfOjRRtX4yw$@3iYJwhO=V&rk&AbrwhXif+Z z(nZ^J5HdrVH`UhfhBRg{3u$ihwaR8ST<#*TgeP$|ar1b%iHO3CMUD;Ga_wuT3y;!- z@vC09`@Qq;-udJAg|;!j^W{VUvW77w#zl5ej$ZZaWSy2HlXa~DQl?ilo0*kmx z3|<=+c26g8=BK_|Qpt)pLcUS3>NQi*TXf(+Yk)hT3cnuc2>2^T@tC#qiQ+r~I5q$==ne2iqn!{G2xIJZQZ9`m zLB7+umPTfI_`a9>RuEDx{K%tES44&2y@NhmVnaTxx)q$-7)UV^1Y|9*UI(EdPwzAD8fsg*&l)v&I0yW%8$#t#K!fK_E%b8vuc_>gf z;5(w?k{F-IDT0ZB?a+ zT*MrA58s!Z*X_>EZ~`^luV3z|cbJBQdd!`;I+&w_wPSPu^)1#opjnd6;R;jg=*w`T z=z=)Lm^uS`(gBFm;PB>#+$i#4pQvs&QI)qz znUGgWYeQ#O@;Y$mX6D0ac_hsd&3Ek1cRRbFCt~uKJwoJuznoIl0<~g+U}^F0_|``I z<-5gnE|*_C)Mxf=m*Q}B=#DJzc2nF(1tmBCKv{p)N2Aa1&v1zHQ9+ogy#HcUSOmF(5)i~)L=t=`lI z@qbvo@#}wfn$}n7M3@af+r2!*pvIQ%r~3XTXyP_tM^jzno#LM$ul$SdUC93HsO?Hc zphmD?46w?aQ#j+NVSVV{t`JPV0ONuCe9V7&tH-2$T}~dV`CVZ-(tN(>w_iyBh;pdcWFdfO3Kj0uon^8F!1?CRz&n}gGBOFC zW&U&N-*0HPA%Zz?Ib_KrBh_f+B9S2st5Vb8e5$&Xp`~FMZCG$4Xut8VV&F5`(}Wwa ze?yXLU>ZC~@(xRF=oD2Q9?vydJky-UI;g6X7XNJkh#g?}4uFcIDrJ!CcwM2qg8J0s-cKNw2Q4yOuJUyYb#*3S-Kz z3E_x)a;*V|Is$Al2lmZ9UL4X>8!A(b=-yMMCM0{DTrv6naJda$5pTMHx__c0*32TW zbcq^ks2pvC7zL?}rbwXUOZ&rc;>7gGE5{(ciU*>FN-`{E*$f5%Ve&~*)1-{}D@qHs zhaar4GnO?$2sB!JU<%U(=ksUg?*u<c@WqfEuMV6-?zj5lm*D;8I& zWIAk6-dl<0_4{BAAx6-Iu8MlIyr0i6euK!s(Uk!KkP zruEH@!l0S(b}r{aNj0=p@rLaq>)CBFXA}0Xni#mCCWHsH>)bQa*MB8q_-H_K&gQ_L@kr&?9Y`|*p`_wwnL=kimHSsq5^xr_+HbQ@lQtnfh zjd(}iNEUZ17PHc4k5vIGxomIw76D@HZy`Z)uXpzXf3M;+4r900r|%9v>u#X_V0 zCfhAgRoWVK=Sz}oyhzHgkh6@A4>Aw;vr|`vniepbobM>sYsqAH*$7OdLylYb5IN9C zj#4j{0*UeEpk3|QX~;&xD4-HzX#Q)3GWsHmNS#C!EOL3k#?=#Ie-?(QIzN62Tt%Cx zowas&u7c7ttK@KvTx+L!E6xhkQuy6fzwSFJ|Bk@A8PFRfE>DRl+uQ{0V8STBL$c%< zTn@h2^ik8$s$3~IB>ZJUONI4n5eW@oJ!Ntw@7G7Yu}q8+E_@wqE=6Fpu7qJOuVo~) zfhV9rUoyd{zar0>FDcYa+Ao@sjGEE62Sy@Y7z%?|)3yoZmBlx6HNiLCxuR^+OO>v_ zO6ynzIG5jSKLld9DNj#8F)^GG3D>nl%hNwb}_0e!S z&`-#vsP}$>$XLNu_Rhaa6R#`H(DJ}oG@4x9wr&)vU{>|&d@M~5t74lAJ>J+mEysbG z^W}{VH7g-mn5Xg$q60hLxO+Qo+Ry*;uvdl4VqqHY+C70x5r(GwQ7GzYtufsdWEjm_ z6;!J@pT6Q9orbTHqG7;-PMB4jGhQX!?5xP_1WW?h5?|Qz!pJcZfTU!AtPGWDT^3Un zMeA92me8OLq58lwe=Vk&eW!f@WD=%+op=!n{xM@EG!&{HN}*MnF@c4LF9DPn8d{*~ zzLYtnhz)hQp-Nv+9`mT2>vZLMPYm_nd#ZO8hDxLvP8`We!u!V&NE^iZrPx+}m{+v7 z$bv*JviP2{Fmti2nc>Mwc0(-_WXM?J?%CMaI0t9K#{BsjhS2V%kv$6n*}R%2bN7sO zL7fWh#*zf6>QZu9Kz#)2>tTlg-gvl1k53s;41TL|ZPU<~;P z-@vUm>`PS6O~UL5He`*VacH&1%g+TJ5ltmn&*rjIiCM_ToQn3RAK$S3cqx*>mdd)|a9&LeEwH~h^;tN;gY#wRv}^jmVpPLEKuuX%F$mqz6<>SV@n+dXOd;8kL-$6Byl zM$ET{bN3K<&PS0;#jq$$!g(WDmYGf9M@cpfUhA$sqB;KG(3FGMI7Y@pB9C1&RE7Gn zi%dt=1CkrrwQ@khUrH|9_MWij<_*T9g1gXLvb#}p`R5<)Hh(ZrIwFb& z-|~BVeW_NzQ|iGv?Z>jgmg>J2RIu5RywQuvg6Dj12ztu?#b0?Kr}^j2tH?p6sk$n( z@ChXcIMxM$ZmyT^2u7)54;!@eF-Chj3SE8}zLZAXBcKqSlCK!bbAuAOuCpjGf?9{E z$?D^Dg%9EHZrk((gud=2i0n@9PZ!iFnVA@S$~lw}z+Ty9m5}w50THy$s%zH#B>$4V(TyyE5H6URCWGoXlZadUD(%WHXvnvA-nQ z;51UQbZkgAV3p9uIIM{m4hST*h&QdZwR+GLhD{pQ?dWRJMa0mPHpgk=A|Z#BiVD>J zR`GFXgb2PGn*kuU8NR7ky#|clJbC;RzusygnDa7hT>xbCB4lODDHDYnky?U5lE3zN zH@HTI9MdJO@U+zv0QePexr?5S`beFkAvwH`3rMubND*%Q-n+S%0624>c3Kpz>G{~p zV7bCEJ+m30${Eq|AeMZS@dZbTTnZ@MakSjw$WK!m+{)3O$3Odc6w=FBjcB3eK;2l( zct>Svk~7gmQ^&~D>ONFLm@NxOw1<61faV7IM&SA)y$NWX~_OZC04KU*bbCS4OP3W58iva@@- zocf5)Y@Br~*<#g$iN;3vkx$_L#R@I{NzoY(tkvGP;r@5^B4P@Fyvv@jVE>0|_L62y zIE_q15qQY0uoX6Pd>Z3?VQOw+NUD1hEY$`l>hahZW<-}O!mfg^V`bpmKYj=W#LOeF zF<;Apz)oOJG4&9y)f#D#c?b5+&*mHcXHKoCU!r^36K6qfMa|>t;3UUXiez?_l!U}B z-z6GzE9nS>q2y0ARlJt*YgrzPCiJuepD2v*Gt|Z4T6{>mo)9@G>S9v$KAp!Pa+4j$ zhi1&TB_}ED@XD^OweYrWTTjD+FF@Ye?5OB#L|jA7zL|T#`z$4hVsq6-v_=4HmUV$) zA<4xcDzM9$S2L!KwekrBcT0SA9<*}TXR+?1Je^)=+V;&v^dK*L*+3+%&qW^kH&}j1U(5Z)UK7HYu>M0@~*6UKdQDK+Ih!zBNE$uFfcP6v1dN6V!WO>$UsbH zg^G$n_vR3e!tJO`S$wbMkw>HHBG*|L#_0uO3n+b^)$Br)a?)gdP*dm#L#xxOpc$st zmYH*dfS!&VojO_PW6y2j9d_wyoi}_rf(w@0RF?@?r@R9)Uh#-ir}yp9k!AC%Ms)n>tyV!%b&fN&5I$^=jMCcXrE>Ed(Y z>L7cq?Vh96TH-Yib23~Q#|`n6dme8QG-I3xh)zXzs#iB)$(F^1m<7?@hy#3DIkTpT zlkd-o|Dw1%DnDjT(e+j{6xox8w@0cjCnVV-PCmS=rl-hm z^I(~xZ+WRcM&?&N`vsui2*c%C5HG*C8sb^U*i@7d$%4KnIgXSM@;t=|v~!*(XC{3% z1`VxEbQlVqDB|biB(Hq9&ZtuCt<%2GrU_+%_n1+G8>07ll(_biG9JK)3 z828nu8UAJFT^?s6dGrQfqr&Q!Za|I-W^fY9RS@hN!T)jI4zgfgK{T#mXS$+gRiY@N zuZc?GL36@2xR706^cPP54R8G;NuXjlix_=D#FqDYrY+vl28sqpa!KELf%00JZjvRt zV`TzN7Ew}`*g*D4UvSoOu26x4eqGEAazzfTo9J+Y*>X;4->*4uSb{8KNAW%gP4^u* zGFI1WsmIf6sHJZW_AKqblHa(6Vzix}PQFRe;!4-{;+D(Zi$qrM=<7HbroEFZ<$5{G31{6t%QChwxhUgrw)k zNA;&`MluQer&wrc7TF4yjwxQs^|}JpsZ*002lOOW)-UY4pNcYylih>QAXkKS7Gu%k zHHNzE&avOHoRxW`TCo&j=gOgCtad6;Bo)}!wx(-B#3bv*bx1!%NTfS=`n!$YAA zBjZ8eHxv>n8PIyIG#00V!)9nvHZQj16l*lYqdz2+8ZBB5m5+ zOayswLI&(fagz#I>x!`(qR!h8AS$`~dcd*&Yg`mVqd%e3G`t7?mSVtpIM}(py5eZ} z3Be^gPA*(eQQ3R=ta`R6juZpephw6QYtBg%^oXCnynwY85)KiM>a9WoMu5KSI=pz? zHMnXok0Na>2MuRO*{!r(Zas8d&3RBFB_3W^Y03nBhK=I3I;NNaAtzU6GuT~lBk&DE zq3j^+z=L-rWkLm);)5=7Y(6PiqSD0|b6Aklnj7JVn9PyKO$3f^#|Cg&M5 zEzLYfCXs2fs`v=&?Cno8`4nsC?+~dN=~x?M1p1tQ4vFo^d6)N1Wkl6n^lUx;{BR1} z1w@<&1Cw-oMU3TrVu$ki7BR_zKd=n%88?wCK;i`bFH2N89;q{Sq5c3Ml}p-W6cUYn z$QgJRc3At;2z;X03seFDVES|iICrrhni5&-nh(!8ZcYd$Jr+ztQbBWZ#&Xdt=bmUj zfH`Y{LL>ySsq^DWtgE68U->~~6Z*aM>WE(P_4Xs4+`f0X0;=da3Pn}KI;2a)81u7m zm1;Wf%F|HJMEcq@GnIpG?jg@{$E4bX`yfuJh5V9v@?;9dEN1#V6saZ=vlQE&5OSI} z)52@PX-0A4?3n$a0YZ{>Hk?_ynEXYdQ%KCsPL$f5r<@+QADqsoV9U#aNAu%F-NMaf z*<9f^-*xxL&Bhk7=S!MdUE%L-Slj2_*YT8D-OH|M-LA0Qi>vN;Mm~Q6+1!htH(1Hb z?-RA>^HrITCtQB+h3{V0c1}-^`LD~4z`sbQyt+kQJ|8g0w8O|pVDZRmpaC|o1a7YOj<3t?V}Ani1#%Nl$1 z8+rKRX??~~wgkIoN2$6;cGz!WX{7aY>Qg_A>yXpZ{aF+bPqzpvloqd%avTA&4W23a8WgW{Ha$aB$j(e+w^o zZks|!?YR+Pavv-n$Chx=zCbE(a)AUHNUGg*#&oi#*5=Qc@r_H09yr(ZG5Vp<{oO37 zl9*t>Wr-9y94I+d3)=ZDyIZ!iTA#|}Yc!>AE9v0&6o3 zJTNF4#tF8;PvPJ7BYJu8}L;~u)l=!tjqToI;a#7naI>3 zLoZMB1dzliHQC!E4{uBU5&{0JbAep}?q#R5Cb&<^U72)uUpRt|X{da)6T~Q;2>P&( zvyJm&)WUe7mC3M~R=X4tbWChZrLgy!UX+aPAf@7=+E=cuOjSE#p9$*>w%YVO#n%?T z9eKRpXlDsA-Kqjj-K2eJugYA zb2tW-;pPXkE_^aU2O>3yEYm)42ty;AQvWZ!OUVZ1snu(!; zleYwR#XiqB^I;~*K|dX9c5MMR*2vhly?lJZl67?$BS#WKyM>e+9gxTONl$1T7&JGi z*6taBJ!dYy%CnC&kC}9*@KMzXbcrM5Am*Mv)4aK^;Juy%5?8=ousGl~DLw9pAM*K> z35sc;oa_FR9F3rBU8N6*>b+<0cfvV(U^^M%vp@@P!%t5EtCJAVA>zlI32y-HnJ2=a z!QB4@n;4Id5F%)X4Rg6$j=Ft5Bnk&ksI{V_TI%T@dYJhB9{^cEroVogF*z!IO5Ybb zT6+!P?3ALUrxbg@DQOx9pgkom`u_C77wA^?E`Q1KAC+4@bd|+4Kgr2ZjUbB5`>D~pQGBw4M2gN5 z?^iY>3XcKb(9gnmJz!XWHoK8n`1nyL9e@JtUUz-tA?{AvzozkLUr-aMFK^yJpp}=4 z&By(Ct-6yR4LbU(Co?|!bJSg5kG^=g{^w}p(HAcpD;SVJ>TawjSS^XZc=YJO7w~uE zi?1F&c=Yhm7uIh2?3a1|J{{t0QaLAfFY)$DC_+KsNrvXf@T6wwEo$B(A)Q6jpWu2! z#5(pGa|(F-wZDZs(KE5Q%i(>d?-W;d>cPFrBMO4P>4qqWSO8&jl~SCP>VkN>z9B49 zxXyOQWiFxMvi9vDp5V+L1AM(qPoMw=6uqA8ZmoYe1;~?KE#X<=U!JKn6+dpq>)nk9 zold6}#h5+?2p6rl65KY%*=CpSi#Po|qb|200ySh7Hm-?)VqvQ_UX6nsOe^i}wz{!~ z#P#dA#k~}dNkflGC9xwzR&-`dUvj`v?lGfHcAw8^V`0DlkvrV4XIu%)T4_D^B%BJS;s}i#1 z8v~8tphJ`PZpvWl=cM;Z$4Wp?Q9YFR)%KWht_{k?W{n`vqC`UcG9fYw5C`iDdXZ1i zIChv~^msH#vG#KnX~aPLYcVGbfc^yzm?wJ~d-U|^XqvsxDZUA6O4ARPy{EA523Bey zOCK`=7Pt2%gD%>3LV~hcQ;)T>y{j$t?eS_Uu*@k_ZGV+^ol|GMzEK}LD*)W%=}jQe zIW~|DDs#8W`p(^&6Pg=oCOfC?t|l0;#0cnQ<3WkjDsJ4Xundbs9c)%~^xm3xPhQfx zcbasWmn!2OAyC=x!mh9;sp)a2CvbQ=V?KCf?qNhxieSL(@l22gg`B8pB$G%ELBt9xj-?tUj^_q6 ztGB_s_YOVmCIY)+Po4Axj42Y1;^Ssj zrpiep)O2M-|<$CQsoz2OJy2WDI6;|NA|g9qmr*u@@}c7&;$w_O=PRMSV9?&ARcC@8*s29Jlu zdCP%;R*eip=h(5+IdGKdBg-^cRV35HZ99dll>$Nq!kwi3v-E^%fnM2ru3xqiQ4HW0 z3`bcXk%jW{m{c$M@dXn)`Gr-HA+wR8<97&2Yfi%H!gkI+So=Jf5aEr87Pg(snoG%Y$y+T~gg`4`yPr z>^J#v93Oi*nS!ceNe)Wc_?&kQkr~OluTyF9Xsmtua0DKrJNB&%(k|xtr6CH9kT*a$ zEGgwG&tRX15s0vy|D}yWEWw_3#0CI03N3^Xcgs0 z5FGgA#8MC0>Jd$zV-e%WL1_$%iQZfD(Fn#9hI4rF4ad4cX{Z9_S)lpf^qK{=6TMub zzS_4S;bI+Ul7|%fXxY87jyDcM`|Sq#k|^hJgj7-q-ui(=Q~%P$+F&$(*W6*Qk-@d9 z4PJ`yP1M7zo3;6j5C}t%<63~(h(^Y36$wJG37b4N3HbhM2|GYJujl=3s2W zUN`TECyeDt;p??9utpk_qd`q@R@|v^g~yJU!?-1tY9o!)T2Q^B!ayiL;GVY)sIViG z^q6;8_vgXjxMkZKRPsBUs9M8G4SvH!G-X9hd zPkSGl#6~oy1q%}Ou%_Bn)iQTjv(ssD?q(&}w@%Rd+F)GBK@<+zGfLD%HO-;iU1wKU z4oHmhLt!N(=Jlf8pi>oa9Lu5O@zS~1LqnVwct44wUz$|PmXghxh)BQkIhuu6jA__< z-W2d=fK$^mUBM4B4U@*tx-$(d_j(KRunE8Y!O1$9k4CtrGtsQYevj*`FCc&^LZ($N zcdWsP-6Yj7<&0JIoj63I)LcF~>PESqdc3??spyY=g$7l?uHBXg`&=gtFgMk{xB)E; zGdc=oW36HK$jxJjIBc03xW-j^j3z))7SBUb)vzMl$}c4>QuPJMMM28?D(_H|GAef9 zB=?yV<*a_VB>yfaYN*1~FSX77KcfGgOpD`OWh|jpONhTJcGLc8T{BD7^^xl^r!MZd zRX7|rjA})9I99hZr}C$TP>9ZK13B(d!k!eeIh<|nBI6gApVG3MKq85Zk{E#Ckkkram8o*8?> z2Fcr1V+7Y;qM~BN$sU`osSVOOCkE1)=q>eHlgS*qeLNO9TPg}2*K+_v$OU3?uJ82f zW3u_5r6aVsdi|#|ur~!1o)0XGnpmuYtrJo$p;R?BF$7omtT5x$=LTCEe)P6h+0}3k zq58-h832#Hp23j`rO{8ho69}ZVhX?_CmRpMRMH*@>v$gtt^ax&Z1b21=q1o z|LBno)ZwH3xRGdDn=nnQoF}@go+rBX^I9J+yeSkuY3d^OffKfb71aaP&BF;;8B&GV z2T8Hobz+Cw%*R!1`7JGzI}{-tX+y@rbhe+43C1f-p%Ccr;_ecBO)s}%rBAVoY+}h) zHF+I8tyX>R2G$$#EA~X~{V+a4rBXKFL%r)#u6nP14T(0sivU*i;;QOS1IK~7Jypj0 z$*si|BUMSwBZNN7D$Tg!@QjKcOfgcpp)A*j^8#bHwo2ncq&GGF+!zREN42szopA z>-DgY6#AfAQ;|T|=K8=3d#|U1Y?=))oomf@CbRl^eq7W|XhmyhQbS|;ufcin3Da0l z0W|fra1WPUY0_I$;5rju!C!UqYs|d`5Gp5XQ#~Q0$3)9T(*MFhEV^wtcug?BMeJW_ z`5$4Nf6guzoj}z`MF{ktFJI0EGrgp1z${(H_*uG?@pF^qtm|EKN$YwySk}7k4VJdI zVg1XlVSk6i53G;gaZV}1FtKbVCM|>Pmw6T+912eVnd@EkeT5~j7qqT~KhUKegYqL2 zuUX%^xLlYcoo;RQE^P4kHGZ3G{Eo@J#mfng!x9z%Z*ivCgtJ<++d5hHA4#~OGd3ok z7W0$SNFpG-x9`;Dx(}_j z=8&_Xnp=TA61FX_&3IQ&_*@cZ02j6SdVr}c!kgyT0TQh)YFoYJrSP?m zY6vHF+r=FrwjEW%GKfiN{8U;%9RhO^zb`fQ6KJ-hBf7=+;1`*-uCCmpe$~eqtTq@E zWhq7^f9oEKePV5^yk`Wq;F^Y)&k0yfbyLF2?}d#f#*%Qc(OZp_pmK%O_gwKl?QZ7G zxFtcqY_4pfw}1-O9e+8=HV=tYA4d0R_g-4T?i0Oy#(RuwbyU+O-jCFFBv3)3>Tx*9 z?#5T1RUQK`qlPrrP=;FQNS32J_h5i~%BbM&6~jJT-Z;bJB=5V{d2iGPEZTRraw}CZ zS=wV%U^HbV7js*uB%8T5H^uQRBW3ppU8FD=^)UMoolH{V*a3Kol1&NZYcne7 zc=lWc5CPaFZX}9a+QzZe$dUl+K)fjClA%R87hgy{0KH!jD(}hF&Kij0j64z&tnJ=m zNspotI)QSeW(wATM_&;Iy?75Dmr1lRuF{KRAIGVNJjZBSyO)#lqF<1&cLP@;p50*g z#onA04MNP|-~ijbbQ-);?tNI09qkBo2OVz}HUw@^kY;XB5VhSkEY9pS$NJN>Je6@d z%1Rv+g5?UoeTv~@7={BiJw~~n$AzYg9-8`PTjQA!MV0Zb6focy4v@pJ%@46OcdL4v zhKJO`vO#;${J6?|V0zbF{w>(tDl)HsW3ZZC#H81sxap)73Zta)#xcK?xPG3&zN(;@kNs5d5*#12rb@>*}v(Rc|Ofd)EHTghRV^9-e380WAKjmeU#bUfy-Qh;ii(^L{>) zb92d2VPHo`-(_SVMb&-T;!iLH1#0P;BFqG)1%|1XWO1C6i~Rpw4>pI$ehcd4T(S$b zljGg)HZkn#zDC;}=V}GP%gSL+KC=Umswh6~%sznz93Gg}qu2$a8YaWQpR`S;b-vHk zi7HU%2-&vx18nF=7(9$bNyMfNN%gO~e^_JZEbO?neZ)1yE$8RsD>u@CIL`4NXuBDk z=t4MMphf{> z*jL$2Srux+l!h+g&1-+tQqgUl5VG#3x~iK{ z)mOISLhTfKf^k^1ws!s#oG1hd>W~w@jVLjlfe{#ai|0Ttlx_&|sX+&!T4bm->X=n5 zb4uXyb&|~}{h%Ua^4glI(ZLip^^ z95)r_6u*Hoka!2I-Akbp1rwzNP8eK9#)Wu+MJWu>kORDYNli;veg7YJ^;)8BNj=cJk1_n~IXU+%)l+x5CV z-Pq0L`Pkpatuk%_KQ`Yg5}0CkPTN%p#qzG)cHJu#fGultx|R!qcC;})UeU7_GtutZ zE+c{J%2&j>uaup#3iUcpxEg8rvKF|SS#ZxJ33vC<6$s%hFuhRZt zpQVlZYJi7qd`qmZ5Yi0?$?NlQg+8kfx45(y_*p<~AL3$4t^jBSw3a}rn>zoGOUp(E zhO*-lMVhc6yhx=t!+c~M>jITfMtr!sBKc8b6&leMQ*@JDq~i?=KOyOElv>JaJA)(j zK6Ug5e3gI-pWREZ2hg?-4Wu+Gj=mzD%~0TW0g{qvCWtV0b_7L*Dg|b;wOAN_mX$O< zAz6!-N?urX2p~z9^?!IsAhDA9j-_AYSzw|r>S&TkKuPQX5^ui`(wlW@Ntcz89Xihf zsmK;YRK>>N4&&tlfmH=>6oT)3prRIueCfYl7{^FL40UGtY?xL2JwkFX0Q7s-py+bk zt#euhQ`6o{Z0|eO-dk?($pve<-$Hv(<*(RY&AP*tzfCa>)Dz6T z^2`-0?%>SAj4&vQOyBExrWEqA z<|n5!Sh=%v)T?`g!FE)dMOX(WTl%Z0ld8fD9c7X-F`}n^j1TfHi*(97(u!4q)Y~i% zYrM5X5iI1D?M;=~epHLR>TvjAUz}-Irn+s-Z-9KWRsejXZPKEQe|Ll*HN(73#j53z z)6cOgleS=MM!Gr&g1?Cqo>vKF+RK%FoA{0qTbQ(X~3mg%mp zv8CN1vztjiqeSR{7X~UMm4@hhU`L;0BGNvm6~&D@fo6uo;+!*4|C&t;9h?)N+C{x! zJkU~)T5z_}4mE(r;PRWGth7TafE{P1G%!683O?iL#gtOT=-+!;I+|yhIFVPaw71d=$6%f;Au0m70poh_fIAxky_RN$N;k1H;U5sI7#?HXTCvpRrTR zlP(=Jv7P2&5*;+L9sY(b@Hd1lZ~2eaK=aUJeF7|r7!>>^K=7Bq;B)-P0a3GlYaK}) zPvwJXw&HGTvyZ419sbUK1MC-AVb$do=teKBO9V=xI>_GQ={}tmQ*qp_WyarSw3N#%sr9B=n8K~UUZL>Cc3*cp`*SsiK>}|0$jfO3O^If!@Z5+lwTiHD#N(ZNxs>< z-~Pk54WHdIKcYfdt;3U{figX(y#F?l14V|X0L-KeKaNuLT)+ymIhvIIVI`*1M5xFK z2qJ#bKQwrH5@>-+*9OFcofZ_0qvWd&;pKRJ%4YUJmgwePmjT&=7`}Yg?bIQFPiF53a5{7@<42 z0`k+Y=Ws*=Tw=bLoY4VF?p;cD->VXZ30XJSkzh`y8M#5(=W;-~kzjr@|KT6J`=!$i z1R1=W`V)Rhu>5e~7m_dzr(A@>H*l+tB?P@*ex7z3Vsi_6gwr^|f9MT<`9tljcF$2f zpa~^@uQ@65kXNkZs=0<^H9MTf@J1uhpaZSa=6O2BOV+Z3U*g7YIz}-4VswOxER~%F ztw1m!@ZB=tn}ZSgD6lRySQo_OE#(UPk(*0+n;T~Dv*GrJ$I?V%aMP>G!yP<9A4K*N zIW$o*coj`=YZ;M?8+t(UBMM_eRJIbSC?eR=T7RDfpLrH=zt^fkYkTGV$Q}A?jC@;< zd{X6~a;;85-Z1R$@1y;jjW&)Z3^oiyr$^xf-U9u}bcq`G7Jp?1TxapOe_#Cn^3#F) z-3~1N(R`?e{<>@bp0)N<)S8rZ$D`9$LV*WPI!jv_Lks-`JTuPES>D!oONB5j z#g0Znq*?%p;&DQL|5vCuGS4_wvoRL;2b<8P!eb!E-sRu2X~DUu zuVQ@Mssw3>r|2~Xh)~4e3`OU0q-JqxM&Zgy;$ZNk{Ow~OFAI@)9beZsyN+eA-=t6{ z(CU(28#vvCKy(&w1H(Wu=4ll==wxWDFhG-XD}94CDYP<*kM1QqbXAgwW$EY}$)r?P z(!GY-&BlBUl;UwLAI(SBu^sCe7)8H7pOOi8*%9M>JU&_p&LrTySn-`tbK9}PLjfk- zKWNxiV#v%MVfpzi5!RY;HaJBWlbQN~r*f)e9ZUTS6D~kYxQ@HWN`PUsIl4ycU~{8- z2BnhdoRlW2+JaVWT(;p{zBrtQnf-B1mC(%#H{P`wWVEe)5U0pwn zjzyGct1=53$q?VQ$QfuO1la3Y+_*?|kWP>Siz z&yyePbh4zOevWJY_p{?~cy=^oU#>;GrE&jVkMJ)#7r5Ua1A2rHpEC4+uUqo3r@s&H zZ#cZKr^}c4Z4LDAYy4ky5^%r&9$4crNH-t)Kh~{rbg2A&fPcdQMuM+!A$UuJ{rfuq z7o7&&?>`3Cc}|uLF#3|CX!UXbN8KWSRm^tA7q#Q7@x)T9Sr;iZebN(hoQ|?>(g4VlOWzjFQ{g|`WwJz^7>_A#pw5p)`t;UA-tO2iOW$WEo$0dv zJ>{5m+&j#KN-+kYf9D#63KnCG2r*8ST3MysxEPQ=QJQ6>a(0U!R>#Dr8l&qB#(63* zskmgIXM0lkePnsJk%N{tIvo{*IbJj#%{d?OQAXCtY|2;`Fs)1n+9ev~lX_Ieh^!+p zPcrBixR~uj{+oCSw9A^fzMC#feeCJsM!P1ceBo}fU)ZkL}g6=T8td* zLez`oDL4M3U3RtJJK>X-%{tR#)mwdQhT*$7g3<0Jd0t(WY`mM|<)%zUH4FTBA-1Wm zXspFnS1Nijy+|rDK$PpFj;WO?rJx%FlASRWe%4x8IIU{^wQ4BJ(E;LUCE-spsoSZ* z3$pMfAcH8*Iwu`WGdmK^E4$1O3J&T)%hKy0y!l40Euo@`9Zr_b;xj6m`Ak7ab-Z^u zl&h4?+7V*3 zz?C8CznxtSvt0&vd+jGtlb^3!feJUAQ{pDnun|~fyaB-7JdISK|6Aar^U3Yr9Eo2{d_B9GnZ&1bs*Aq@kIoPZ&E=x@3bk+gHFRlT~ zCzJ(Dd$?HOTA>cE${f`=ssTJ6rYF@v|DSDm-cle+Y}5pyq`;HdM8aDpaYz=gRuTOx zzTYVFvV=|#&|%9L(N$dMZ6k_X)!=8S67*>VHK4tZQN?}>Kb0d1om0max$rc1KJfAH z=s~IYwi(uqt-BHa8tG9#>TW!UK3x17ef9Oajjwes3mUt>WXB~%pNP}0N9%Dn>9ztz z@nok93+wIsjK2ox0|5Ha16oO*ts@Yc>M;h*1`#28*h-=pBl>K1DdGF(qY#SKhQEY{ zzgn#~K*AM!)9oUSd`-o*`UADS4s{=_)}!ttZ2XH)YWz{9@h_Zdw{MPXMgt;D@|T(cbC z-rdXd!IdS%C4!*Grl1_B{EW7+ES`lQE7ER_AIDormdD8!P~~x}VQG8N+X-pWLF$Z^ z#~Aw((?*aD%7j#cI;H59Zd6rHkg=zzOsQnqwcGNmb)p@#;T#td(pZdCiD0A)A_|ol zF%>X4osZIS8?79PX_KNre55V%nASL102%?57QHCsoyJi!`7AASj>LWM#N}=bT3J5(D-pP-g&b7wA1Op0M+gLFh01& z1jCE@a!l?1zi2~WxIafLNM~x#UhRz7>w%yeRA}1D8lXjMU+DhLW1MwzmT= zQ{$|bNCFQP6>O5ZEf&k(g%+H&P6NrOr8>Ti^8vs1?`9VakxlSzZ7S{5{$$)0ahb8s zU^w3T873%9dL2XM#EP^7{4&pRf@Yi$hZrEi06Fgj6`^=djBk~iHTtfQniS3^v(9Px zct|?Iygx0l3OS^d^CM?N;!`#TIT^?W$PgpGNo@UT-Id$-!E8uvtMB-uU{n?6bWvk% z6^M1p#B+csqPcmL=n4=MDWM>SuyMauJ}$N{S(M4sIY)k`uGbx_Ycv4lg=HV*-Pd?A zIh|1{y|5bHb?3aiWNWFgWR{!^{aV)K3GioYa=OA&E#nTaa!*`zDMV@5=Hq>&pf$Nm zZ(eI<_IC45GokbgPv@hFyd!miTo}qD%&iHM55Zj$K4h7!fzd&xIXhcf>jFcJ!%+vv zKTGZDg=G>0%_Ib4%Z#br5~7I_w*QaTB%NT=@*+A z4n?l6O_X;T^~s;V+{bSiVaknW6o487kb(Ht*TGLs-WpO2@RiOXSMpHUA+ppvl;;S^ zF(Amd$v7I{_^85`P75I6Ygd9VRS>p2Ox8*Y;>VgfrimzA@WO63DCRCCdjYzTB!-Qm zJ@(;PEFpMY$sR&!gV5&$K$$r5rj<8r?6L`SF&52sqNvkS&Z)fOT=I1qmeRUG9dC+vh19sV8UC;3brTbrFgW9?4O z(9DX0lW_*CJ?L~FcDj$g4wBE?m}v!l3Pqh-l?#Jq6Sva819)=ikJGYQT%ExO?J%6{ z%<15KKA@*-8xI1&uQ$sBGyH&_RUpeq)QPv;_`+!!oRVIWhUYsk_QENh%q_qJ{}SL~ zAgto`=6PU_FGlQgn!y=goW$!$9es@KVjm-S5?+}utyk_fLXjeC*IWHsy8(HFH&!)s z!P=s5OS8m2?LEqpGl#20s2w+LpgOpzYP27hlN6&+h>3}5gf`Gbbn)tVI?T^9I`HAL zuO6-xD~+d(nb@Ck#dq(l(9NaYFur-fjfL+eV>{K3f;mmkb)aXqb+(eBswfsHAgC$X zoHjcPa(dc9jrk~4uYY0TWt$`oiUkbCP>-EY4xIg!nONY$!DQtX&mMOJ5$vNDqJkHQr61ybA5E4$u)fok1iSq zEQ!@ZA*@xQMNywo(#ywzjH&fNLlq?UbMxJ}$w8g9;T880I-FrI zLdy7tvpv`hb}2xsR)hBujD?7*q)E2=Xx5J;e)QCv z_{w@7<|TInAvD|1e%gKZ{r-#BuMEOa^VTu8l=HA{ont^`Nj7!f_WUgjnKQ=&JhZS{aM9S92La` zCLuP@w~%;`KPyHcOlb>r&xlk5R*o}y*lmU{7YIYXROncR)At!}nI`)Z{*U{_87HY; zwJ+lcZ8|PEbbG=MCF$@yy(k&q8{tST`Z)Rqb99FZ%!>;9H?yPkf|VikHhjAcWnN&C zU%D_fxA>;xuL?2)sq4DrcOl`2`aRCxXVXvUwzRiu$EEl!cHJqHO{b$0ts5FYjHyqg z$)i3uDwo{og;mWUK#YA*h?PdwK#?#1+=O1SSKY#ee>ihf30&bJ+UEg6oBEWp1GBAB zYTbJ~mh=2?K*yw-X&w#JQ$Iy7KhxQL>F41!>K+%xCxU1$N(S7(N)5Y%&r#$9384+7 z*1jQ%yCh_qw0F4+1%|-!RQ%wM58*7kAe%JJmST<^Mh}nRU~;AonYedwK82Z;nn+}6 zF)!do|I9EcZk<6vJzc)25{CY^>W|4QOggh{h4D1mwt6g~0aTYF2GP<* z9}~A3CmgkG^=73m_VpZN3T`=fi60+EfaWffZdtc-OZE?pbMo=9ikp2<ZVWDEBBB?4 z3I!LM-G1KpD0bG*_I5WCyF=o`25+kzrj&2BD()B}nPHkf2WDa|(NEuNdVA(v|KI<$ z)Ro&VtTrj(U!S^3abgBxyNQnKh)L)~#l!$}I1mr=bd~`u`HzG2T_WoZZW2e%z#xtMqkeJa|1GUc7*39SfME zi46?Sx8GoI=m%ZREe9Wc*zPv35)O0X`o)+H0rApS zQcBRZVLBM(DzhK9sYu1-w@Hx?pbmKmUdeLT7rvHjC`*Pa+XR~+QcWDysa4Wp!*VZ} zbC$l8QT8N?FwiL5Mb@o-q(yMNkw^A;AZ zqH(#_=>1Q_HCC#XFp|hjgl&!pszxDT&&eW)AhtjRK_!d^TNBvRDzL2x+X?pVKUlPp zet$;MCMdRqc9-8;UUAB(IftIj^3|D5>S1Wa)VsjEPTA2M8?b2m7i_L?o zrSy$O5vM0rop@}?DwN&0A~HmW3V$ufID~0cAL@f|cb9_<1^K+5Fcpp?c|(bi`g3EcFbwXK$K`tCv1m9x<1pM@e}c8iWdluO zeCyvn>3yr4m9n4FxC0!a)IWL!*3-XcWaM9Ytcni`7j>VWP~bY#l3QG2@UV z0!2H5Fc|yTnMAK%?^gG7Nv^yGf*Bjc? zA0DBfzxBtG3HV#QTa0H@%p|~xTNo8mhzF#*)+eikyzW#q*yY{tZkK5X8ufLVjtLq)!!#%w@zjIfwI*G{N z%Ia0+B48_}L=`j2$?Gi>ed@W{GP&9M&`R5Du8+!rX2F7~Impz3vyMhQt8Q;bejfSm zH<0cAIT|g!8qiU1@eSAebeckS{lr}N^T^m-@ zrLx2BUbO-_Pe!^pt5x{q*)Qhf8SCS$L6NQBvV0~Vxl~;qV`wyXS)eUknMK=sJQ<)- zEkC%EQ5lm;51$}k*J6P~6{nBJ?3&yxijqBBX*lfWg^Xe#Zgu=TQ>m}5Hb8bc$;UVu z+8i5Be!H+#>gK*^7>!$!+dG?p6k5>k0&3XQJu`Mi!WnABqw|zYpaRvof34-y5>v@q z0*#&hUHJcZJ3IT|eYfM7()uxtOwpgHD6{SOpy@ov^v#z|(~st6ba3$XAv|p=TH&Ln z({A(dYH7T@ByeOtSCPceNL`EFqM);(X*%)o{p z(iEzdzNDmu78SLAFPCKRPM!ICcVJIol#b&HK1rbA>NW3j-CCWJ?p9T6UrPW#ax zXs*|oshMso3o{Sv8Z*cInAPnTXMXIGsir~vkhz8Xy2k2}hsqzkwWu4?MJan_k}<{V zEk4i$rs;>m_MxA)%&LB1INag#S>;r;SSD5t@pDs0NzU5g&7MG?ZfNx5vI|^2KS_jw z(j^H!6bl1g%0+lISN&zClgvMrs3q(^!3$8NLz4VR-^2AOE(u;@`j>|w|L7aeAPBw& zE(RC&6=jSu4JCN9W@#x6yIg`+8brj!$u6$Oa%J?sY*b5kL%9N^QX#v23U7)YdnS!jB4-3Re2zD&k10)Vf>=qZGOh z8)cRfVaA0P`aLvp9swPRcX!axQFT>x1OSyh8RQyRpHC=A7D?RxRq!Z3IVDdJlBJPz zF(@Mp?_S~n2}I>lYl13E#L<*(taw(j-77^gW@vJ?hD5*vJo*cq7xsK{B0V{R^4?`R zO~)r3rb(K0EKwyWm@^mj@y;o!h~&qHDiaA6MhzJUAv*I^6QYLKi#ndNdnYmmJR?$w zvw|)IRl8LMY+q^Sv`&=Ls5%rMDe z218%LU=|Xwg59C5v+lkZpn>fL7;D4>B+|yt&W^gzYz%g$89t;aWET?5L=5o;8A?cU z(6eS=a|hK)l=Xg!|71;Gzs<7QQ9Mi$N*$woGV%4g)&P*YsiG0HqrcGND5KMCIKk1g zCW(%Gfuyt!u6vgp`|-+pf>-iaehL5KY4#yluKemKpP_RZ{y55JF#2xf?wz;0FJ8!0 z>~4J3-gxu~56o~{A5%E{86b*(=c8ddrzhF0uU(a}9Sm_Ut)O+yHCvJlsu!@~T#Sy2 zA%;*uF}>_h^9edS4e}Je0=N|4RT|ezA3F)N0a5TGXA=so1uDxsil5lq6*&pox5$A| zn|LC065sOLS?_KCZm%cIu<%Q&l+xQ0-@$3NMxXuTQfnL=iht{^a6|(U<*Y`u>Eo(5 zuh9%c>49x{)r^+9uL0>@zY8~KUa!y`Yoir{uR%yhgAVn(uADOCP`_PD83aPMCi<;3 zrhhLgD-G)3D}-hA+X-~4wjH};RVBt-eTz#v3^<{!S99B(aWiRD!mdO3)SI z6JW4ilg@uiYpT`4Mvx7*r694o96kJ|EXOwjnCD|Q=z=d*tpN5SL`HZewbBpEiLOic zUhe$Vd+}=DYlx+aWld43Pyy8gDG=6GIgv1(0@pXqTB;e+%m%Fo)pxJcP57U4`C~7) zwZLShbk4}#w!8ElIo$TTL~=zgx4j;SN*|i_+kqDA0@P14eIwmCxLY2sp-!!rm9U+{ zvHv9d@CJ8pHo&Mt^;j5%%+nevw`5&<*$NhSOT^yH4 z`t8uTl~j5jRJjC6e1q<-J|MqAU)8MBGk=ASPaE%!8f(teHG1Y&4ZCeiH3XA&P*l}n zRZSEAczCX|3!!p^+gnlVD%wn|Q66o7a_9%0xr`#JsvQ*9d9GL&&GW_Ollu_Vqmy29+g5BY*R125?`vtmUIYuY z@74|$CcM&rYYsxp5J%Y+%Ttp;}w| zuw`$uen1T$lX~j0{cn_L{P{$sxyY13LG|9Bvrb8+kdu*+U zZ0O>k24e?jx6G|C0(+4LRP?JwBCii;TsjB5Pix-P0%-_?OECC<3dC?8Ly&MfolYQt#e!H7s(K){K^!_v{lRA;^fY+uWYYlT zgC95JyJd1$t~Q;X2lo2Pdw1imY>Eqn6dwmdU~%(-8EAvDuTV(JaPLs2i!M==%8+&E zqQ>PI=T$}Vf}0dMW95=DEudtk*o5f!i80`dlX3p5$&ZnbQC&HUzQ35AVy1^olJ7}_ zFD#2&1f6{_`P0}whjz-6;yn^-tp47;jKBSUi*i?B7KE!-A`u@YC1*4dvrjI_D#7aqIQv`)5q@ymk+O6 zZTvlgUY){&cY|;F!63bmpSC{h4m5kb8J*5%lg<10$*rb%pG}X4#W_lC_kWpVm}L-~ z?r(hY<%6%kzJFSrw+BW0qL{a7jN9n=*Cypwn-o}WQHYgo9MpE&mH}*=0j#RLRF7X? zt|t$#;@y`Ycb|TI`t2_Kd~nr@f7<={)85CuZ-0{CFMj&?;x8Zn^6d-$T~SYoyg7LD zjMCDAzdl*bOEY=ujjd?+j*F4W5?DDP<|ZQ3Cdo1$^@YlvmnlMFiYC{2{=-MByB! z`|9Ba@FR%~Y|T{745Q{d?i%*znxS+3@R=cg7p!cEjG>^oa41fKHx2Cf3-xSOEh6=d zvQ(10G^VOl&dr&=Nl{vT3{kC!5WRUO`8@*a!heP~ttM*Ct(?cNckEttFv$Be`#s24zA=t_8h3l)AB&LLpP{T1($xU$gEO?U8Ni?5p#r|%${E7lC~kU) zu=-hZgs^M*((Ri}i?^6v$ziD15o!N#UclrRYtS1?wz#7YfOn1Z8B3kN08q~&o*@N9 zT-PAHY9k-vMKJ;-&7Lukhh1KbL+C2ix~tX}90;0fD(npAHt?+M3ut4ifx#?DvB&_> zBj93!ci70IfT@>2yi+>@Iu4m__)K7lxQH^!@99vGDKiiuDLjjAgp9)_R=pJBUSbgR zQE5c5HN#kq}p;Nj_k=nDh=r`f?PeoD0Is+q5tw5&8fw|Wa^w}` zQ>Plc{NSKj0oOb{tSum&T~x$INn<1k>3R$86ZA|@6cZHd1WhwBR#4nSStYnjUGlRy z!!5ByY8FK$u@P^q_TVi%h~XK11gCOd9GqO94e*#KtO0LF=Wyi5`(@0-a&ewo;k?X_ zvTeR|nB}-CO6d}dgM1jEayfp)2Um9dVb;<}+(W{GGXl$MT%5&a|1|1w!LZ=q6tVic zP)_$M**~i^vgl+NTz=+qTDcX9tw1#rgo2}ASH?t=32}Zt4`G0aAeo(*F)Ucu({@2g zgM|IGa;yU)++w)GPCN_d<2wzt&1(zTo3cJ0#ltv3{F2?pblVPtw6CGXyF82#_f z!th2=K&&<5PRox}?BdY6ceixguTs_7i)vz!-B4M&nxb@NCFu}MYRDj3<-8|R-JXIj8`WD*S1O$%C#X036%F!j{SdKOo#T+#=JE#b4 zo9&PkRY`{As@wrmQh%Sr7)j=hz-eyFsO)ORW7*jQyn;?9|{hf&Hw97DwtQ7^P{+aTS?Gz@MNp|xPj(pvlY<` z&36yA(3V?IBd3;H-0pEAs5p;qOLHDP;QwlHy(!vlrt}amuwcoG&hc(_gVA2pe;tYh#So7z|M5t+Et~P*`bUEl9Fypa&@V z>vGhUY4JWsRWmtbkkJXkZ^OTtis95+-5VJ5s`?JaWyL3#!70bw|2UuAg+6WCRTh0j z)3!?6J7_b~6fovucABe1Ytn338t>67=ZvUL%o&jPP4UC++Vsw^U zIXBp043&MaGdcfRChE|>V}EW|h$?|5;%e^240g>L^Tai6Uu0-5hRzkGl^4cW{FfAF zzFZkHKfi`~`M-zVv&90V-&XLlb#Q7jp#Cjn$JSMm|Bf!KxCAHD z6yyO6yugtcxCN}j@*SQ>QTQuHj;O~rRr9GjP@u$uIczbaL^_^zl+@N@7|3YSJ2eXuq-4hq7J{pa#|uXR^kX*Cd-A26(cwL z&|AtUN>-$M9NFTEN#f^CAk;yMDcw_a1OB%eHMZVRd zSi=mYtN3SAS)wFMK(?2**NPit_#gawn5FMC(@zjY=HiU3QnIcjx6$=vqtHbc2C`<)ufV7ad}%=9I5kr^GNV-D1NA|ulK#gUga#I z&K|f@f=Cy@Dghj~>6=c>2H)^$uXlsRUMr7t=e{fUi``;4AB{aU>to}mgZHUe@>%hj z`UC{kGbS?qH+D3tS$aecJkxAa!0?v+X*$Vu4#$OuUw}O>0)#clFC!{IpzC>n<1GGZ zMw2MG_WiYv8H{nhm}Q}S#W3osC;u(=SrwpEpXDB4#=+fZQ&N!)}kLv~}$US^q z8vAIWsbjIoKFPDZk;qcFPJr1tj}ymb)YNJ#bR62)S6>wRT-C4IaPteTjW!un#~>U4 zyIQtvUrMk}oWK;eYNlgJQ-o#?>U@-)~N~ZVQyd7;bV@HU3tYXkLElORKU6Ed!j3|sVgPV3l{}cZ2nIi35PZ|l%z|4 z0Eos8sIh!~jPF{moh0_m-_KcxB-?+ z^|pcIi<{|ErN{a4PcQbLadI4eFNSBjq|sMK(;Dz-}>od%ft;LJ|Ux29ygvToa`0P9hb(GiTNE8isWs#L)oS1w- zaxn~RtDg-dk@DDzq3xRt6qvn4=c^M{rR92L#cXYLFz#+Pg466Q6D{n!qboq@G<}~J zlz*lgtwJerO`Kz?61kbq{ZI87|eBsp9~=mIz^X^sgmr_a-aX&jR}!uU)lz1*V$Pv2(<$W`8?^Ch@AI zoF8$07%8U;XAqkk13}67~IDn6Doz13GKS*$AYLf3Z^lFuE6856QBp) zIlCue_gP%sMY0Rbs1^BwS)kn)SQ~@(tkes;z#Ud1i*r2;wF*+8Oc#N_Ow$Qpa7!A1 z%1TLx!`Q+K+i?Q?(1gLKq6-bL0EO!)oy1GYBQqxGqq3;a0oimx1Re*J8W5ktWd4D3 zD3sAYF!cP*_i)583ExjMKJWz0o_a7}XK3SXMN0RaB8>S3HF1zTRxpy5Na}I|31@Zb ziYkMVD&+HhZ5HCXO;`xn?fSRZ)uS3PhG!pU&>~trc*U=@$pXe=#Qep59)2=<#jQ3U zzc0`xB2cw(!}+8p`y!d->P_AYY_hCFs>ZLAJ(yItbxd2=jR z!*F%%YDV(LrfPM&;y=ev;BKkS#e@{qyXeHSGi8FdY6xUolPN;Mqbwbvgj}op36sRC z*zzxQmaWXXx_9taVwg^VJB>54|KAx8nx#@=QHaSMWT@t!G&#Z;p77s*;+Cj~Nk195 ziN^8vio$&Hu?q8(OfiF!=*ChOi1GX&!69E!B9nrz5^Q{IsPQmA%g#~c#E!q7HaX58 z9pRp%|6J3{@eo^1!8};o+tEgacktrbwzr}6!wP$eL;T2{Cs8OlGkwrzhN`fQJ)a0_ zOLIw!G-?Vj056pW+0lGK=vKx3xiI&2^DtV2?ZE0iEc?S60CgLwQ^>Q?_^8@*pVwEm zj5nOh=DF`z6&ONbUjNx+X!UgyIrW-1s{cMCSf|ZK3%#IW|I$6F%w}&4>9s=%d{0O) z-Wd)>^Rrz&v$3(lLWb;uC%7)y>aO6q){z4eCIS`Q)bD*b$Y$FIhwer?LYGjd2n_HV zxx!vkQq%1M%!Omz)aas&+r9KEU5SCSNqT7FB^T2H%wUFPYLpbv@(4q{iPILU|17(2 zrDUuGyyVcztkP?)H9_v5@WI}yLPv!~_1adwL^9ozKCe__GKR22)yNrJohke)UTC4D zY33~nKXew}j$V(m*VC6MFIq{%+-L_<5{KnL0LP7d&}bzZP~5<;@I=2)PvGaFBSlbX zw=6Al5G2m0=;4Hsf;TG-Ic)&TsI&sl+;*(V!C%GdkvP-aSuu%;zuD6}pv1hFPEX)e zckkZWIex2XPiQFs6*>m4uleyo1VmJ^ly*|L>6d|X*LCz&)ilovXCG0o?otzMRIgKir`Mis%N@GJ>gwp)^mB+4Q(QBn(A>fD@qT zD`A~O7tS%W9|-V+3kTjbYb$M~mDjUGEa`%wm``!}>4HumOe;5vOaqrpj8nxpQ1=jy z08A@lpKAZKR;8NkRSiU70vvQV4+AzZmS!%A+%*)`!&z;*2EposN|b!;zd;iRRW$%M ztY*_h#162!7_ID=5-y}gkfSY;QbL(6$N_{O374`6(38|s$kV*23mq^4tb4dYWVlm+ z^jjwt>Xw73c6u0-ub1gdfJs*0S0e*1>S3@Q`*Oj)Fj;)fKyBCN82{v9Bu5PmLA1tl zivWA$S#}W)abYdNwQZ|XMcDBctjFTh!9edwtE$l!=={}5Y6WF~Md@VgKRkVGbceJB z2adjv#7j%8^u$jtN~0lopu@ViUmZb(U97mryv#3dA8)U#)vO@owN?`w(cAU{Lw^J; z{cJTI8UTe!l+NT3l!!=EqgPV`!>6mmF7fcyh{QdMPhnY5I!E!Uan-P!ToMxFb>)Om zFRydpX^g6X+a{i$t8zPbiDY&w)5&>ZYs>j^JK>vLlTF3sYmpS$!(x1bX56wkRECo| zY_%)O@_%<_`C5tljsXGm5ExKfR}P(aK`uY?Qyc$1+NEnv5y<)BTGZ^INw;}ai2}i} zTtn|hcjH0ypwoTW{UV~Q$cw_x%Jaz!k@q zNE~Sdw&}14x1ubUZ>)frQ`;!dVS zoq(hh>d*pztQx`S4y`U_6ErF$nvcw=1kWzO-w3wo+NEMn?Q$hhcLu>#G zaMcFnSxehSTT=6w_f#ZDQDa=_ zEBJJXaoN&Y{yro19!-gcWvuILQ6GxwzlAUj64YW@`d?O{{QK>Sl&Zh~j%NoW5SuH^ zf2Lr}8YqOMBEqpyj8CXF5{Ie6io)>68wkUO7D_1oxL7E@6P?p8MW~{h9yMTg7uBj? zEJuI*ta3D92?B0D{6o}!>;CgU{-qfd5;EWuKa#PxY-fmriTH(?Yo(fWZ&W0&#x&w{eBGi#AATXVaQtN1f)6k z?n6zM&0-|lQzGJ*R`i;HS4x*MfZA*^e>|UJp4i#KRk6BE=~HQ$T#27WvSkfIrrIsa zm*Kib=GoKe^_!hn-#v@|`fP9S^^ehaZ=OAS6+PMe;aT+k4{yHTdj{WkcK;kv*nsHC zo7X?SveQnNr|Bf?NlIk_`u6{R*m?6T+I{h67pm{Sc>(a@%iH~(H_@M-{j~Gl>sQh1 z-F^IPgIa8B!42W6!MRMoHYrk>Mj+;=Hpod)j&&XUK~=t^VEo$h;R6{$G?S)n4sikE zTTE4Kctkx7kbV(F`WEv8hdTMM7S8a4O6x}ONyFQ4D9JI*#wh0TRf8JA5KC4(+Gr7K z4zmk=^sM>i$p0}BL^<`0$=GztlX#HGRG@(TfCs%)u?Q=4$Iwo=shC0dqea|5n((}a zLM{8TCWISNRm1K~=i_}~=4DK=SsXS-LmkPaVw%gGq!Ep}>+4C>-SD&ha5b5PMEmH` zx~UKIo2x%sPrmZ%av@#`RC8lp;OWUsbvM?NhhEhR`n5L&H|WGax8tM+q7AW+-xTN@RPP{Mt7vFYO6b~|b`OP?}GHX*n& z1=Pm+_~p^MPnRE_xny}{`t?;UQGR$9qKQ|vLXk&Rf_xRC2jlI$kp88F9Nw)Sh2P?@fVVY^`KAXexWE5cdGTTLx#Yi&Ewu|S2&lJG3+ zW~0fTipA$V1z~;=ZM&^H&H+#cdJw5Hdgz=&bfSGtg4edVYO7agSvGm8LSFmJnZq&K zMSShjX!1-ZM>!BaFK` zj|Z*j!a585m{C#yY(~~O$!5gFkbl)^i;!Cgfp9Dq+$&0n4(I0$V#?TBAYo7!Lxci# z07a+9^l7O$L24jF_I2LGbi9)VVz`^5oC5;DSthAhB1l~i&BdxC+?*OO1-zZWT=N65 z|1Bfsi>Q$Cj!)@eK!>6ESmpImY^cQDFzTb*F`St%qEo!b_fp)5;wrel*U%Z`np+ZX zD8h*KNFTaN70cW>XpCYo@J0h^Hq}{bwZ_?@sowAX(a_DR1tE}JH_9A3VG`k%^HFRn zCOnw(IzDi6Z`uZ$Hk5x01=$~eSCCZ|WZzp2KO3LYOus?!5z&{aN>`sP{)my-1CDIA zGnUh(n*|_QsEMZXiUg~~!f@g-IU~kiJl7~1^@Vmni`)< zF%4gEtDz28PP}rg<9kbnD!C^zRjbxPv(~|eYKHx4Og;bHMwRMZYD_hlSv#eyYObQ6 z1d4lJI8?!Y7LtrjzycVd8Hr6;&3fLt<+J0GG4-RGe7Z-?ie^xa2JMEnFGS@EYI$gr z@Nn0~60zNfDjuFI63hVjw~r&@vRS?XTpmkgMLJdKbz6Z&u8;OLP`*C8bza@82G9s? zc5WbyYj(qQAq=Jl;Ty<8f)LIacbqQDitg{%7k_cbZSuyF*R=_^k{G54 z_c^@duZ{8bUFBDi`d12y6PDIKQ(zpEta=sFd}_#?RU+mnY5cha)qHXhqDw^--z$o< z^fXHcCI_2@v*BB87AuTdOD6(B-L#>SbrqRTva9pHNL*)<(^YIxEBZa>e^I-8&e3le z-1}^rALq(oll*l#e+#*0)p+Y%eVlwg3{R>?Jchyj{a z7|+Ej=m6hjbM-a7c~b@WZ9)=gz?kQ`n7kfuQymJ}@x2M!5;vnJ9er&P-+VLhG!9;F z+@*J#fFW#|!|Zt0fU0auxyYA_09x0bWH3o^&3z|5L-6>>G_bl&WnjBB)DPVUExiP~ z#d{gUc2{sOst+9cs+jGJugfi9&Z{)lR`y1W9=U{faBKepe8XE2ww8XX#_Q!Zd`>}Y=3@k})JRFxSo62v&u|uoBl?(D z+$%VMyM~gtohYEX^381cSJSip2OOo2J1Mg<-w|??b;ocj<%HYywYCCg1tlPs^brI$)>9zU-HAq+{{{HEBHo4dALCK{8u{JE?Y&4t~h}J((({Nqt-f^8PgSvu{ULd4HIJ9|; zA#k78kP0|yf-Rad2G{6b6nB%>B9txW^sg+S*URUfPG@xy-Prvt7v#%4?~C4U6~ zzX88?n)%OT*io5}a!iE;tYGg_FS4r@H3v(MNtSVE;Dn?r^Pd$JXYNY;)NIjmqez6VLYmw-JZ_c#=$XaMZY`I4{ym*E5$r4gA7iEV>|z4)Gb;g;!cJb3uXedGgyifa!kDTH6OyWVZDudjC(*U!gvnTl}SS6_ei z=J)fR7kiuN6;wE6>)^_1s=x1-fq7B12PS_TpU`!0Gb zxc!Az>b634wVm=a?T}U7&@CBkU3a%s`<6o^;ZcFH46BL^{#M$F#j1^M&$>B)g&$tc zg>VpT^iWaLhIB0*k;X5Gl3S++i~&*2AK)lm{yjyL)#Z}6XZd8mSZRAF(SW3U)c8$k zf5(eJj06BXrNp}+el-Vaen|VP@<4F6S9fb&AO+0Q=}9(otstgn>VD8ltWC-U-r@;6 z?ZD86h1ws^VRv>8FtjY;1Ot>uUcf=Fs;yy)S3LNN{k3zDp>qqj#l1#TnJNf&I2WlS z#aqygws>;TC1|T-FeS}v@T4_o^KbFah)&p`s{|}ACOI;k3y>%ZP6y8k4-p$1-+nP7 z?~#_sQ~Am1Or?*Dj)_a@Xtza}92!y7#Mc}N1wm6uMI)mmPqQc$8xbBW8$lT-om|7v zww!%~1I4K~jwXrZ2<3v0(c28~?lEmn^fW8`)0{)wEdG3qqNjL~{(6#m zL2BCgS!?T$^>yjTF6-e6at+2j14MCd!PggKI@hD-XBL$gxU?n58ymtVu{m-!g;31P{% zj9!Tr8|SCMvOoeR$BJ2j_Dkan8Qao=`tZw&m}zn6g+V#qKKmZt7;WH3Tb;}5Ntt^X z1~rFyrj!~u6)t9UP?}FHo=J*O0BeKM%)wpdAcz&Rz9<%+omslf2Y427DzGgFt^hCU z9kyU6VB>gx$XIwQ#GNCbs1!UHn?rGSF($}6S%#dVfc80S1y_G#DsM_gZXH(z~-z8 z>z~3(2m`?HwHyFne$jMdBIqt`+B~35Gh?%!m)J%12w`}QuKfmvU{kXu8|kkf63)V2 z;Co{!e`#P$kB7C$+q_0$zZ7OoFTQ?Q?S!CecjC*hu@l72NR7WLFQfPpU)J`-=5M+u ztHQ47(U)IWdPI1ya3B>=3)%7cjHHIu+)Th%jy)Ps2HW%>_H~0se74 zHLNP*_+o|pUZhWS7{j*sr&lOdM`I6yYYD?7SY!%Az(g2Z#UO@@t`Lh-!{jd>`o^&A zm9hwC*$jEpXR|5;s!V4A;{cWMzCM<@?~CNVS=AngNzt?I*;FNd<(RtZGo6sK#o5;JZZB5#+Mj}X&#qK_LIK2r;^Guhj zfqSj~BGg{&1X&0e6{?SJtA?-+ z-70Ouz-rS&EoeMIPWM+Bcgs}AN6udRvLRFzY2h>yzAi1QSEk|T4hArl*w$*qkdo-q zM<@mKMNI3p?Z{JR*QQ8N;xV3L#fF!Rd;_X3C*w~I&^ysI#rxo6U-4mEiIeqsF`tx#4J@4+nUF5j_)!kuW8Ajxqr)eus!L2UYDIC>WrCDv37wu#Nj-=9si|ET z&evl?PoK8!)6((zfVSSPEvWl3I)eXXp3@N;j?;5e&%tP9xHc%fY3dxfVjD)w1wtv( zk1ohJ8+&|2ioJe>%bYEj;N*vtv;z%yqUZ$;0d#`YegjGe2{Zkom@`}$w_)DTXBgTU z?V4x|Bm@ksfNV-Z{>PP}tLb{I`!1_uw;01P%w&+}9B~GzxNSyRTYoX7$V6*)3TRKJ z1$1eoXTjSni}o(9-2}OeJeVS38L!sjlhS}}dYs$3{ml%0! zE=fWE%F=&bIgAS^Gh0`UF>oyh{cHJ|E7yDp4dImaT@zMwNxyL?ui=`0aQK(`gjJQh79CqsS!?bR(8Wo@UXGy|mzbdig~(HyQ7KLe2nwEf3~=_f;# z3|*-4^&n3Mob4wc3}kLHrP=Bp>o_*~D*F;8XhPqC<^#M! z=unh%O3P$3VwTU55_sz|&VUMzX*NfGa5N|N?M6!*uJrY0*|%2dbf?-`r5xh3CY`^? zdI4|frf6A60#SMWt{T0XvGV(IGhXj*JODjBp#4RLR%}BZsoNNFd5U$!R{OSsRuj9!Du&0iPYYeR$&XUf2^9>Y=@AnYX>F zi}A+g>oN&8aHV5t3GdAhUu<$i&-r$TE5sRdQ1-g(p3?-FE#NQQ_2fcKjj|Z<*T(0n z5q8mxSt4r$?`4Ra4*h^s01S9F1!z|9D;xD78>(_n*l1OEtzu``kl3RJW-l#yTyWor zy@A6p+DSAj2I+8{kCgcJO(2-78VAc7kpxFUrPk+DXm+4+K3q5=MxemLW_x4*vFmJZ z0?9U{lWmPPRX84PRIZ>T%o;tcU~PXSF6>M}kwZZKE&N?x@0zI5{ z@%dwNfJ^b8Bid=!*WHcALxP8DAu6AS%Yl!~Cj{ytWS6q{s`OPcpS~#%;KgBHADTJ; z6w@QzV9KZ3-OJ5qspmcKHzbqLGt9$)gEhTS>7~#}Nf}zAOr|8cX?6@-I!N1gs2L7R zz@cgKie?*HfZZzs<{-d-FiUQh9?j9SObiCg{xqF%TpZDmGw6OXoR7vzI3yK3;hm!m z1_Q2Lb^q}`#zQhjJt8+9s5qZOm81D|m`)mDw12aBUw6c6%1SkbTK6Fu&63`{A_uPM z!OJFCHEmj6(FPnrk_eG9b7^&%5NQ&z>f~7jmF@-!@R?TM zyc|{Lg|{TlE5GQaV7=+nhB~?F6H@hLQ};yWV!}s4ByrKj8=w)JQxJQkFo^Dz&=p<& z^i{}onOa8|N((|$ZdFxCV4KAm^iSJmai_@>c!#@F2J#c$pk+ox4mb@_4vgZA@?oq8 zbcm$U7+3V_uotmBf3RNFMq3wASTM=Qm6k0atlDHyEoDJmi|6)s$PPyL@Bo3L^H9$o z^dIxt>FeWT;OQ9QI_&)Q_b{=6hPt#m9s;n6OHh-G%b-gBl zEY!-vBVgTO&yi;r;HM60s<<6;Qi~@mi@>zd@$jxBQ^mdLW?S^S0axmP*jN_xDd{~L zDM-sn)K3PMICWkxO`Z>W*b&S_c8-#y6~uy5gq{y7TfeH~2nmdVD;eH_p3Kl=Kpm>4 zmWPlWWe4-A(qdDD7I^bBDq~qPcQljfMU(4?b zWSGqA?!g&Eg{SC@LpEM9Lkeh1H6qoUa;=V%^h5f2$oLN%XsGnP*b}Ih%_{eK!Os8p ze_;i@ugdHL)^TNspJx4n4S;Zv2iej5fxi??q%cgV?0`9#8h5f@^H3M9K2#@`WKfH3%AD$wueuz5-3Z}^IS zr_uAO;vtMjfG?L`fbQYh;O8{s_8#XBsjm+LI;k$ zo<#A16rsb;a3Fv9FO-$PP#jKsmsj>FdTUD=0fteCfFv_OVQ~EO*|4-VJ_qWVuVp;; zINh zqCkyt0Rnz;Y|38YRto%;4XUZ4XBDCDohs1`#I}OoGhii4>L~eEzm=2!H+(aBo|oD3 zh8V25@1{GU?(i(49o~Ug#xsNYmu#DCwgUuiW6IEQhlo-nT{c0MOIy16_ux z8QR30;`R`E&F$=LK6$daySw@H>E^R%rcw8Kg_944be*Y`E~K(uYeWai9giBvC+dNe zkT7P#p9Qa~6t65WSmEWIjksU%jCElVZPbWN%s2@b@lMVHHwaLlwghx*A#mmi{bG)> z?RTcr^g^)&SX*c$<=Sm8Vgmvs!~|r~?Bn`lek9dOI+l~kkUC#t@F?fjR00T4AM`&! zcrJ2ICMLu(BtEICFw2HRXpT}(klZI#6=Py~QKMG5C03ai5O#``QJo51BijfNA=Gu4 zx1z8ui-QP}nS-b-6yyR@o>DMJiikG3P=|Rxu-jx>4CZ|#<5>5bl}-y5uQS^9Yqz-( zrAJYJ5M{?ra{-(3!W~qjc8T`^*<&QZ5qYnoFL6vesB(mnDlZZnP_w(Ljn#>CWQP`d@`=JYjtbG_TF2*1O0bTmjK*t}83ouQ&D+OUPiS_+wE;Wp<{ zuDiaBbk1U;o``?7XMw3#=X2D^+nuPKi_wR7=IAmFTy!!S(>BUCQ#<29e1Mbb@ZPx9 z!lRK~f1$HLAQ7*M^n_Y$CO{y}l6qrXG1QV?QN9)Ca0Zrqb4+8@GsVst)YCl-``{Kx z2M*1Glw?=Qr=&I8pI-2`;>c97MrX~Uso|#07)0|{)YK8BR4}O~u&Jizvc2OWvbu4+ zr-qGXU`1TgUgGTDt94+>lhAzyfKgr&x{cf(#jxU4rEbpM-ij?RVoV(I`)T$*FXp9_ z!gcw6Fs?AGyrgwK&HCs#rM&Bor-j(FP*fsjt%?=rXv{DX1T27wf=Ij){nbiC!!&B5 z{X;ryir%+czeA3I>ORbI%OZn=upv&Ffgp&7{~%qcrd65>$s}f|X#0((-wa3guUy&P zq9UWa*==00u!=e^da}{D0(75b{gfTS@>0i|O4W&5Iw)RBiDh$Y>`WCmR?Q%B`TKg~ z%80epfLNIivJwLgC!`tPy>z-w`<7IDTBsC9Sdhd@5X8@>xI?L(i!2)lzKRhBs*dSR zE=cdcU%a8g%%)YAhjB=2?(XR3E_5e`Edo27Rc?K1y^&=}MYBpa0ri<-5fmTQ>YGWF z3g;r@cd&6e_rZw&QqIT}SW{I4d#^}4ybuvmf3OM<-!ag*p@f+6*?vY$?}H*oa$@FpFf zh@-34$lmz}U`R!nfE53&+>HL-w&XDiY%y)TgNF_K3I{KjI?&h{Jo z;CA0P-i;f{6#uPxJ)_sNhT9i$ZqxE3NZYTEW7H54)yr%MOHhUTn3vpB*O4K>c7K`Y z{WHy0Q3sXLaouu(k7Qdac^!|^vkZ^1oD5_j%XnA-Ny}MVj6dP4ZMZq5a~>)M#>Ydn z{ee!Mz?%)zVW9$;Bdd|0JWc7w7JPk-F_Ru|0|T?!(EC)MCqowV zN41e9#b_Suf0U9g3h6X2i?OnarQ&NAZfo?&Qnb^3m{-va9N2gQfVvw|w6n9l@gRD# zwY{?g-ye537Tk>;95kPxT40-u**Dlsac4(A+IYZ^sL&QYg11(w$Eu>QRlw1b;j~5O zGQ;TkXa*d~VLVNaHlwsd_JuLY%}4r&BdL_+t>V_xMLQIMro^2(*1#M96U%2)c@ysn zhQe{ex_~;A3Ds3lv{74%l14>%^~LC@7~0{k-6J`%<8YKYQxyw!$_a1-EszWYV4@e; zGzc|eC_{4Kndy64k4_-(;7v%`!7p*+g~ZWMrzdl=4YT*zaC@VrNkTRmjA~U={i@(Bo0>1=(4BRq!No9Md9+0b zHv!RV+h@1_oMK||tApG+xZ#%YbHa{Vj&Y|hyw=@33>bLEYFfn-69n35Ric652W_vb~MJ zl-HYj8ltgGMZzGC8V7gFL%gTCVk*klXqqio6$`}ZEG;p^7R8f-Q}fi8sEs?7=f5r{smOdez!E#l zo8tx+K=W?|%l9}@v`^wU1@J14xe)~mC1kX$zq(2)o{EWfRV39uh|jk6O72iFRW|g8 zWbh8(f?@OOO0G}WN}K^eL}qLn(+J>QF&Y`p#~7oFgj0qLQY#(}@UJ#BG*@6rB_lli?zS6??*nd7cUA&BP(nXmh}7HS5})9Ud0ln*Dn_W!;v0 z71dJ?bM)7Hr_Awhu^V1o8NTJ~|RvDhT=xAt}CTk}xS>dJ+iG}kgcxZ*a zs%mP}Yq}Jalb1=nDc)T`n=>?zDQX}r_s9Bwz+Gx(_bJ~e>KYzZeuhKYf{6N#%>{AT zh_()x>aur4t;ncuruhj*7TSk4o)=R|ZKxdcS>si|*I1tH3Q&S650HK3zp4x>tkJHd zi_`wLvqJR(mYvv4h%vvodvP4hKkdKV<9N~0EIlz{45#TiJ)p)o9t9~)3|#cWh)Rs~ zfQkmu(39#mY^W6-fkdDJT&kXFV z@bcL0UaBFvGRGz|YAD6$SZR3@)@~a+V`JQqMoQ1^x!7IVNOFjH<69?w9OtMxQ^>0@ zF}Q8wX09OHR%5jt*VZgFH>Sm?5_bpa@wPyDI;7WEeI}c>y-RNbo4%CJT>uTXT-fN@ zX8M?52u%(Rgjz?N+#HOQXp1Oex$~3{tq2}x4`5g*`%D|G*oG|h=9!{pY(w2`qP8;H zI(i&|1UQJc^2bP|t^4`oXzM;a9peTvWXjpG!N_5qV!6bPqejxmD?!{aVE`N^`@^Cn z%@nFmaXsy)CuIzEy>kIdGZ733Ewr$x-6oo~ zByc@vthW{0m0{6;N#Y>%LvAB$Y(7eg2|U}3OfcyfiJ>Pl+o zn~zV7WBq1SyT{GPgTffPHA|h1l&XvJerG&zZ!uxZ8Jm#;*$;(5G+5+}S>rYtG*xd1 z30E(q981G>_DVBeN!%%NX~_nw-Ex!5N=89B#PpXLH*buz3exK%TQEO3_zGWfL-4Zez3uXAXdPZ|JgD3pP)CZDI6Coj_u5jTqA(2Tx1MjB z_r?vH4D?&d3CFJnE)xL6lSONEhl4eaa|$rt7Zc2qogRx)<*;>fM-U$n0yy1b`$2k* zOdma1-qPZT=qf;d*=2PRRsI<)he(%)Uw-LlyrJ;oeJe}vt@&k_w+fj$+=8m(wV;bM zh(4mn9DL8-Ks0Y7xt~t(D*NEDeXsLBYk&VXZv7)_sNBaJ(c)1?{&&zt7N{Ed6Dx9| z4OUrn4w3NKgE#n7tSy+J{X=(Jlf< z?nK&T9WKaj&(iiZ+O!<3w^)6eJptx+mMLRcWiQq^XgCS28-M5izcHTqabujF06(IF z+_a^Hi7d=M+N~-#0S6LhqH9>$QOS9Eij|Ey#k5{YDvD7#sZl*%t*GY(#))&(_}K8F z^+_?E7U!k9gF{U+pJJvs@{_1}aM*Mpie{8HO;_|MJR3ME4;vWkru{f-tW)~xFTVWh z>qekx+WyrPO^^Bj`s6hK`D{2E7n5J6;*9TRqB* z7@?u)hRmz6*wqXyEJ)f(wSgI){D~z+u}Ye;d-<+?g$f1ua(LAWfjiAU)Pvl;Y`*)@ zyozF||6!vGNA&a49Cv26C29VlX$cE0JL3-4SpRV6&XrDCiwbM&*lGU_mQL?~JWzVM_teBQXQ9bvG*LH) z)*bi63zI@gwv;QgaOi%^vb&-+g&WuerSF8l!6vlURmxBIeo%#u)>nFh8D15Mg)M$V z*e+{z<4&|X$ndlgTkRE^ZqBiR#TX4cv)y7CkL%6_>_jgP{Bob;`0ukaXqx>p&!?7q zAEhc4KOu45mC$(3DS?z-Udt4eKbz*q7l;`weM-?Y#;8c8XHpFyV|s_BT4+(|-y4Rb zA842j$CHY42J0YxcL#XuI(B77jhUjP*v6rJjtMz2@x}_oM0Zb8T~$aaxnp&JM6t`# zmu%07s;F{f*b+;H%-Ja3pqQxcUBWSWT;df2&z3FsRN=jSd=DxQ#%+dRq{fo!)%~65)lO9yvgrwON~=Mz^M6Vga?Y@={jCM*mwvh ziH8xk4}Z1iB|OI?2K)mJ(l`IGp^`f}M~VX(^FuQq&}skwFvYEBIO|UbCzu0=b%m<9 zdN4sQ^E|x3ELoh8GpL&xc+rU6K_;u!&^}D|Pcyl={Ufe|Vkhf$DcO8goU1MUN79>9 z{-yaedYYGb{Do=O)bw4kxaX{ga+gg}%C3xp_d*&i?nE%a1cPsVhJLS5x=}OLe;0eA!8WYB)XScfg2XNygGC32(|Sb?K`EAxHCy5hI%RO%1(|3_BKdXU7Z)aucw27 zI=*tFhzU(9R>vpiPW_k-+)aiszWLD&qxGnPrfxGz4)|m={*r+@E!or`B&?p7vRnCJ z*Jh7~@=1gzH7(3={%h8(nV?fLjVOaPlEt{JazIWrq60Yo;)}%UQoMXq3N@>9R-wDx zqfA;1Eh$A%r8JM3Vf*#WH1L55K=rsU&O&PO9CM!|x}OPfUDi(-0KH#Aip+|sc{ z9bNa!B*G1_`z8F?c=QOq;nN53;|qr`FQfZG^W|UhqWaG-UVZoU^-KKv{Pi2M2*!W@ z^!m-)XRcfJ=b_30vFaBkof(DszCMm#JIptFiEzJDaNjcACl{=>ehYA+%3lF)H5dbB zI$ZK=nlRAsnnD3 zI?a}j+Oqu6U?WlrFg3waClrh-s5&GBn56h%K0%XA?I@&|m+@_v0HQ5zi~ZmK1vHMI zW|*B3Pm8Uf$i!)3m~-naFl;G-Ep{RU0O@_4zAtE6?Op2In;y&I9UI51h8&ZM^YO}< zQ#Q#@!<-XRUKev0%PT!M#j^;nb=8$FY%)poVKlVlg%>K>$*C3@w04WGh}C5e>RIUG zK0R^owRkU2=>=sAvyA%f@T=T>*!mox$u#3)matF1;l-b`3)~EJH?;c)9@(%@!JA4S zaL1mc@CbtyNjw#6M@Z-oZn0~PUVGEJVT~>7Ss?x*7e<4l;s4oEqudnu&S{Q3Yi%t^ zZx}1vB(1SU%1p*SZopsq{jR$D$<)WP^btL(-AP-AyRG0F{4tn#5VX5YMtB%$J42KIau3SA**QXW2wF*q_M~qVF{UW#2UMay z13EBlzg&CF;OI&7C5YH>H=;h4E-zR%noDNGztVglEiV&NMJVd+0V(fWv_zf%=e_oF0{7pmXA?KBz3FUs;^b5j0d0C z^!;Gls!1ZnuIp|gw0048bua0#4ZTWZ0FUYHm*wO{ z!#h1xHXCPRCvYG=7?~7MA}_*$o{0tpZ*|7Xu0|n8wIv_JU zzN+oWSJCss4AO%3A6X)Aw~DI!L$9gbdZ$0hRMl%DD2RBTvoJZpUr;79;Z-MjKRcA} z#`upawBvfSPac$r`e0>%0 z=MMbUCt7ofmakq*VySt&uc0d)slPn6Q1pC+Rapf9k02Vu0UOe+qroiGB;xg^F}vyY zw$BhB+d~knr=EyLI}X>_oWQS8)F0Nj{#te^YQN?wF*20$dCJK>J*U5;H|}RDIH$9c zTVHJdH$dzN^4`;rdD~8A&ZcLsp}Qv)(Tn``nrkiwZn4{2og3SCfP*Z9a{Mf&M?tpe zhQX}tpSTIPc)sQhp^-UK=uEeFIy|?=U|2USMZZys?A)(}*%0%Xlcm&t#cTs&iM1W?C^XWPlJ(qntw`-?O-x`=6ZewRQOpk+1a>APj`f!M8Kjth}?~ZU= z2{HH8+#%^nI}MBdGi-YT%d|=u*cv2Z3z&*(J{@MON(~w6uVrmuPL8_&)u*ZXO}M%G zK4}ZD$=;bw2!c3z^UgA%|M#lzUyQKS!zimU3pb{*795HNpIML1SbVVyMGmc<4t?-SSpyUM9qu7lBtB5wm>RYVS|QI?JhwnLNp85h_g9IPfbAOfr6hQO$kVQhcb`RLr{ZjF|lEmj$L(kF!U!^k;B)@vRf9I z*h-&guFM*Vk$Zo_qDJjRXPHx#s#-;}-S41BOL@WFRixOG~l=J6C_s3{f z;<1Ff+VS-FSDjIVavJ#h$Fqut)%wMur}@p=gKzjk1*W~8&vV%)0C94}q1=<~Ns#H6 zIWI}?kx_%VWJtKf^bUL6mm}&ly7IGT)mmk2;U3mC)q(wPL?5{riOkr(X;OaH`70Q{ zbqy^Z|C(_wXsk2Zj2}DUPQn7NR3BRVX}+Iss+sb!g&dH3QB$2bF`2^yCtlVCVW_F@ zr$AY`2c9H*9X#w+*C-<^75<)Rjk3jIHsgznaV>E@JgHg-dNn2^gWPOMmZ+r3%Uf4G z1fy}3vcyVeQV%i9Rfb)$-Ib0DtgI3!YYRZ!EsnfjTS9 z;>YY2(uGL|4-X?P@^H`H{H-SESkreH5J_e8xTXoJQb|X~gDCE#=+lNf=#OQ~b^m4w z8C_)DFa1`Or&*S41fBw;Hf6K`1wWwlw=Cc5AF~=xvcHQQT+%UjD~hGp`)h)9s&7ql0S4?tOVX7 zY;f%GmZ>#RT>>q5nSy&h&IS`757UJ?b=mic&9QN+7@a+?r9xMyGh;*12`nF$2J2+~$I?!k6Vdcc>w~ zYIb(GrHst9R`>>J_&nhIyzbx5)~i(KI~q{)ak8dfa`UGtghH5uP8?u^*C`rQ;Fr}S_=&;pK|ES}r=<^&-tl%SaT!Rr9Qws9MPvpx|0w>>g;}b%R z(*SBk8%7+VH~DaB|AN$g3_C7Gu)C2+7gDUpQffCqKf7?rOjbE$%Q59l~wspX!%) zp$WY>(f+qok@tPJ^l3cSb@tXHkNi>Q9)mZ!EX(|;4*w|=+l^}5-8cDyYl>F_RB(`5m&VK-f5j)mrB_-|h zvwvXy&^WVzSTJH%JWGx{!TLtY#5c3BDa2*hdGMal&@lSVigVYR1?g|!h0~kWEsKZXnBvADFwI&DR*ygM`yX? zBcQc^68(k^YBZ`)P`ju8X=j&@2~=H@sho-N9+Tjz~}v^r$Bz$|k9 z12KN+3{Pf88cioS3nic+lM;Sqp}r-ZinMgZNQ>PcFgU{<0aylYQ&4!l<{rm7{Gd1O zt)!ts8*A+)Rc$NXPO`g?DvP4g%OFv%dMDQiyXMGX>$8?gN=So!o(=)TjDvL%ll%>q zVT;buhxIUeVhla5L(oV7iDX}e_jm|%#U_G=;3_D04wCp!76sJDWhwq*L44E32U;9$ z4;DcR>sEy7i(gCMge_s6>0x^6a?6PAd-abECad8vs?gPIqqzcBZI=?D}Grfof?h7I0HdvHStV(CQRv(ri1R> z9}9*&;VI}>65tsjciYY<5I7w31%*jxam_n2XMq;SlxU2VnIyjkj^6~~2M0{fv5<7> zH_2ik@%$NcAQHT}4+7pKMo&F7`Un|=-D1!hzJ8m7D$%a zTg$pcvBi1cF2wN^-ZQ8+)%*33ip>suH+fTE; zjmVNhy!p%I61gUlnSP4syX5i|x%$h3py+F3ZJ2T6sD0U~|EWpKo97-W4(G+bNcDo6 z7B33tuoat=tiotj-dllHJD=BIkU3!y5kWg+^QD+n9*J0rPf!-#RCEr;RZ_V1kKMNj z^-)8H{JUnn+jYR0f?R#Q_pm_#_uo?ynhrR^G9^m?woYJY%L}7sCq(4Nw%owCj<7gGtk-`IHz7I?bQ?HqQ|VgjV*ag_spq!`oK_}4%ZRL`Iy7tm1Qd?@d_TU$le znTCcWL?_sUD&_kI7wrrdDZhUU*3hY$l*gl=CMD_{yR2+(%#_XK-hBLS-Fg2nebl4d zchkeMZ6UGIa)Zc&CT>vs;GK{*kp%3bJO&jfF)IPuvfXyc%u-^eoKH`^KFWiz?^l6v ze5Gfn**~G+zbm=o-)bxrf}`J}h1Hdy)r?xG#!_bl=ohAnT8Z;~)`=rUsjn?w44vbf z>f@}69aa+%ER1eF7_gh-m2Zk9CokhwOx4lBjydd~W*AMNKV|Y_#1j6{N1vU@PozM0=4f4#dwjIiU<^pNeL*fR-bz11^P$Vw#c=hg?tDxv|n4>VrYBxu7N-13%MfXZU>Rtu*XB5FG=jv0*n(NqiiizJz zmeS?86w8uRbC|1Oge8rODrD<0m7@GWsb9II#4DrtB|ZU&8WF3W_v3%~3 zrBlk^EsQ)~$IQbZo_Ypfe7usa@#NTX)T&3_hsTO&DB4%W52E(+%^3yy1)$qm+y`tstD6yrIc_c9*fhFdmIYqSJqo z-fD&a9px*@`a!qOrGO~o&w-<-EhW3hY%w*6iY(Yx5>h+$simb*Blz1Q`K}0keYq0y08#rk;;0gdeIp{4^&*y^z0~qy z4&tcka@JG@?pUOTiuoP~#04ga>g3vbq$i)DC1 zAb96r;CH)54Mzv+=$#CMUyTd+T5i7YDTT0b+?v4DoB59UTFUdY6`1HEZoXCYJwYq` z&&9?RpNBKMK-g?z4+{295p>Aj&%u@{dxZ6^!Ad{jD1JR96oE9zQ)dk+HB^pH|&FAXY92by=Cqgwr+e!4LCUbU3Lx=hECfamVvyBTz%cbfq*4As)>qj209H zagwk@740}TW?0kGWSGm)iuzq%Zx{?v_pJiZ{MLz^ujsLFO~oStG;`9%)* z@|xf$#WCnfr*OS=SPLI<Yn~A-&eZLap+GiQi1VMK za6AB;R`}f|o^0Wx;9LBAB$^Ng_kcm?th3Psq*cm0hx?9E3wX z(SH{#OP)j$%W%tH-N>#Tk8{k7sY77@2IGWj!h8xPnKW_gLQ<^2ZCpk-K>QMgC(me5 zxeLTj`Q@1$cVowV0ahrnAvakBAMIaG;}2(A&ZzlkOMcN494x?l2ZI5Z>-QF41AfQ9 z_gnAh9=|61p2udV{f6Zgh#ICyEXjOFLB3XPltXooKf}2T_gwe8x`}w$5aU#pS?kxV z9YGh(PB&lIvu)?+D!xYH$GsU62piZ^JDH5b#~ap4?UDkdm+}<7xz?amv15Q0YhYZM zeIl%iVvm2GP0eHt$%eRz$UmMzoM=h&fg*tzkcpu9bH=%- zmf4SPewYJpLa`9qG)ZnzZGyZtfns2^V3f%*{vb2}mEDj@bN&`fA4tev=#F;c*lZ2* zIJW{9TTHZq(4gwL@2GNVeg?&Zbg4Ppfv$?bIahGCf6>s zv1-AAmn1P~yJ!+EI>fH^6POxGTvA&ZV03ldk7eX7Cl?6irMhd+Y9E#k8(yuSo8k9H zUUf$dP6Z7@&CdvwaW z=CU@NojuUydOb!lQwfg=P%O&i4^sX4nF2&HYe*M*w{;Un%nWi&5gYI1j`PcnC%45D zR&*N!s?n2^NPm#3pW9?AH=Qa*PXFFl)U+E*A5n)+K=W3!+w1-4ygaF{E^wGH2H6QR z=c6}NnGNEJ8EYbRWgo_#jl#G1>F;l21QOSX4H4RhM!7l{gXG=b*vTgK&gVJm(e?86 zIauR!|7Cb|hxzgX`>?wEcmL|5u1DiWxE?qOAy`0r%b^8r8o$<`sXukEc-%D%iIM4@ zF7R=?f41zCiI#RNdk_dXQ zPk=69E5DyCbF|HY*OY%(&$B_z^Zq}?SH6Fn-*2O*-^5z(`atuVJ9Fi><=d3b-tXvK zb7|qekG!pqsI*p%S-JN0(xl)1e!RLu^B*0x{PtBHwg2o{*?S6pN32`>qWm_wsoXkKf0zGPUKq^|Vt*SF5KP4tYOBrK*_$`PanuAW(TyyAty6hBUo9D7o^P zkU14J_e8|(D@8KVsHYAs2Yx$rz6}N#1A!+JDD0|c4dex0YgDHk;`&7ngKtK2b$?vd ztSisArLEWILB96Saoxrh?K;R&=KW*p)J(dK&6M7^fux*#$`!YHt;v>Qdh}7a3+rE= z`TN-li}YM|$K&lpi;R(mZjDW9cC)`__^WiSmo(|T&%Ru01^7G0HmoX<^OPV&E@FO~ z!w!@kRsj&M3fEO+3Q|l0Fw~?`keQv@{#YTq+&}$l@`Xhj5?c^jo)JHD07u(mWD}E~ z`CoJ+9D`WFwhmRX5uE<_3?nKgHbd zJv9ggd_f~CIgvEc^=eLn>vGnUv%)IE!Qh!lS4W)c zqBk9Nt7KATWmpA|3Wb6y$T-DotlW(pAr*lWJU>k)3f zGJ9qiGw~hc|(x0NZNs#F19T45(>u7&gKNc%nVIw4}=$b2Z4ac%G^ey zQVY3XjL!vut1OG+1e6#ls)1^1rGq<7sVR4&w3K?8n=b6QVZf5UqAKxd|Yub zuoF1t)*DiN#PmbJKmpWaFk-|yIX16=d6 z+siFMfgi<~9{>c`>0g4n2gD|g?%IfoNZkSQ-mF%L5NU^J@||8?KE*mQ2v0>KJ`P%w zWgjNV<0l8Nw8?t2sB)y@@M*3Pi`&Dao@!wC#hlYVUjCZwK7NHPDQpok#bXe1h{J6(&m?bD60liA68pztc1)BxQ zzfg1jRnfNZpbZw9Eq2YLiQzfKqWxV`-E8p(P2CIG<2|?IoJTwlajm<9eEJ*gvmWTb zIKpp}57dsQZ>Df*VPQ{i={PYq!8Xuhz_3G@R&B42vudF-FW`YOVAdW|S+}W`(4>wp z8>Zx*iK9fN7cfU0N5{Ix`x9Yp*q{dF5bF^*tnS9wf0adjRf-NaVTU@tS@S>d#7-Df zkax(|^mNA({z;(_D`AJ2Ag2`kZ+Gq7^gcpb;DQ4itrh(Arlmkd?FHg8(f5BPXlLS1 zWpWiT>#9zhOfUYUbHz(<3#B3D3}5b045a4>(>CyLIW~7h)Ermki0X*H@)0l18aJ{t z<>3fHX~=o4UbaiL?lQJ?<8f9d&G)` zk{rl$$yAb4url0Tzte&Ir@+}sj-ZyL(!baHO(PKJ#n+U5@yIwXRkVUr^4hjyZDR%Q z$UgbTGJxbiAS!>SsCm9NMYecKgt}M~d{iIec(IqD^`?B17Db)A{heX;`5$_6szn}k zSk4@B#Uc?yWJ}YA)}EO^my)yhLebr2Fyp2i1~ARpma*~^VW7|?4bVwg3NggEt8}OQ zb1uue9ZUR{vx_B}{Aa>$=@|kQ_!ZiGo5=rUKXQc^Gf5j-MnLyH!$2?`PkY3tlGrdg zI)zFy3Ho~Qs6a8Gs{`=+M;WQ6_fIKt;3(C0CB#MhDE|>5^A^X_#Wb>P_JhGt7O~{w zW&lc>gqVup__#&FD+WK~uJ4w=pX%&+1U?__{okv+Rd>?C34bXYda`fxZ+N$K?if%Z zZG(=BpE^NQsnAh?2EtZ}l?Rfpdp2CO6bciy`-qkrCsJMH8J6T_x`S{l0^ogDB);5cdmUI1$5?1AT@y(00sMOC>*S zS7uarfPJvask?z?*{*sdP=Hy5EwD^tmW96NKqKarXOZ7J#5wcxR!fX8=J6X*K^hbc z2JoLo^h;Ukzmxwx5CCui&ZaJ|4lefgHqH$CZl-o7_D&4?`VOAPhQ=1A`uYs2D$oGX zDL6)h|8!RmSO5_06chmX@9-bPX#Y$>{nv2NE;N-PIskwx2mo;X&xY-tOiZ0jP4xfy zr#E)+bg{6vqhsNu|L6Jt<#I|})&^JH?fU#08zGz|s?b6!t=mc4S`*is6@~0ozO*^* zJGI%euDrRs>CDWzQi7d}g|G4&nXOR-OvBUg6~!P?Bq7TMI$tD7Bq7@g4vAC&D-iL7=l|B=Z1wtJlYLjO zxk(Q0<=CCM=?k@<_+hS7*Ir+!1wf(B= zBg66~-U_Sxhrq)5n|UVI$(wCU_Q|g!=-eY?eanf^XV%<<1AR*$9h2czTjy7#mGmZ~ zp3j?C8rKVwu~0N0NwBmF?KoA-w?OqqejA8sE!Euvg9T_>Dyza4@?!h;Kzq;Ca+B9w zFDg5jwee^#Lha>JP?hsE?UVg9FYUk$HbYfDdu@lRHOi9*dv1Q8$Me}dH1t-YfWpqb z2yKt>6L+mkiwQV= zum*xlkDwFU;Xo1aUa;)oGag(5t~A7%O5yHz~@Q#&fG-Vf2A>PA z)v+U@)8KQ0xQz&k{np~Rd23rokg2eKxg``?0E_vty}s-#D+gHrx|nJd zs&Q=DW1nWdfG-09a5pwmi9SxYKeXyOhAQ)1z*=B>=q(9Y@1VI}k2U6^SmWrW;?!J+ zTx=lwnDQYkn|olm z$b`k;;ihQvPd_Nc-9hUGFpnVKNm7oy8uEji<`V2JD9A-b9)SpqoA168ePQK=Iw{G} z6NL3reQ^pvJd3}eesHENd`NzwrHH>GzCcr&zbtG9-7|f`2|ypweiQj)jE}rhec`5z zyjb!>9-(%P=7ryL`Uj@x`y}Pe z%-pKKl2OVhwdkB4duKL$T9d8Ci+ZC_&F3!zSt;4QPSTV?+jI(XK6H9~xR?stXHKLs zJ_Pg|==)qtuvRXrg3$+BqtW?*0KN~BDf50)P}aPfb`Mj$fWfCWpUNWFRq=IttVXgc zer>SsOknZSN3Ejs4+rzN!jA2!pQj`;RnkCuQY=@F-&fJAl5uEu7+*&k?-usiN9D@_ zW^p6wh-?oSol^$=8t?Y|uX>=b39fmfUE4#Uf>$ua2-G_ujf$Xu2Im(mgekc&B;@!@ z8T-y7wp11Kq#K+|G-Q^zp8GH!n%K|OP7Zhs@_}@RXp`6c$qP&mUbwi8w&jK!=?Sn+ zKCe$MQLcZvn;XRT<8_dCabf#P#|{+EHx#z#u75lm$bvS4;-+HuE-zzq)94>@U)sWZ z;+gsZ*A}>kGS9XEarfUm6$<}2(0FTe;BZ4`m{`Q z@*7=O7 zNORgc?!xAgHcB#;^lm6h_2LBMTGGr@Y^~>`t2T-wWrKFcjrgdAdi~^5R38u?45#p5 z=?|5VpO%Iu$B>1BB=}|VPZ*qWUNI&HvVZv7h)iY8`$!NcX|2O zc-~B1OhQgdt>E9RTX!^M0i5%O)G=L%h$W=@-g)~BX{p+%m_v9Id4{|TX7%Y(GWy|YF%Q{GVPQ5;3um{BV)XSNx@~IseWO~I7vX}0aea34ExX$!jQK;I2MrU$b z_Y5b)4Wh}`u40^2rE!T(+%w?~+~`J5bznO$2qc#G&KMDNnN3qC3t6ify^>CXrkY(( z!Vmk+P>r9w?(#DDt8q`Q`jYhrQu~yyN5cDRKmbq1Ao*FQBpRu!_FVCjTA?fkQB_Bh zvxw-X1Lt=t2G>3kfm}U^wLG~R9(6GWj;%humQ534_SN~7@hM4=E1N_{toQAum>yX@ zNJ~z-eL1OGzB3==Y_H08zLZfxx&~`@C@GlV`tE7|ZW5um`=&v%o$w6f-~Qd4@%`cg zBnA_iY2_qXa;At6G?^|a?1*rkWk?UIBXU{5a+pyA=9yQ0-TiR5))nWFHFCc*-RWdgb-Uom zop;9+)rC(~uwhnBy5zI`u(DOsl-HYkv3Cg&mC7dtGGXNL#_>2qTqhq!1R!EuXw;y? zw)r42bdu3{IaQxRF?`Uq0fZT-rW1PAY_VcZXTPO@oXlPsa2lCa%0PrFiIG+QHbqB2 z)kP^#{4iOYpKOA0(EQ4#BURSok|M{P!>RUDRErS?z6VnQMgMrZY-c*&EuUpw0a9!2 zq6ySj3H!o01fsV+OpW|XY~sM-)tl~2Kp?9xWPVG8*F0Z}pT43w7bTic?fk9I_`n~k zd+|v{;3%+tSdD-TXqza24VYD++rwKSDu?gwmUF8b%opulf_e~oX(zYZmQ9V7q0CFk z)lAo;Q!*}xt0qN~DmC~JmR*?tE z#;2zkMV#@)j~$<&cB3-8%{C45Kr`dA#WebfZGun{8AC|Dz6Zj(e@2mb_AYYc@36^bo3i2>Lgvsqc6x! z0FRq`X1F9L7v6(z?Da5DhkdN{+9QTW+YN8gRU57%he#Lt)$6AFM2%}+aRX=aj!oKH zR=Ho+kX|p&>1UZxf7i}b$_Q@o9?hU{Xtw1h{RE_!RDAesRS0G9ax)|h_Ok{Yh->0H zX6>Fn)ZQxN5UHKw<&Iah3mKNB)zr+oS&KN>h8kyC~Eksr7c7JdFj{#AOkz;_yRi zSdS{o9Wz>U+({~=L39-9qXPn|n38N-7bQ9!R%JCV-ZLlAV5nsneuMuHu`55HrHl}k zl0mYUoIE&jrI}Q|!V+QWjz|oBNMqFoRR*5ceZMDjpe zg+P0)RVu%nddlom&`$@g!%DwUq8AuhY{DKjZ7Z3%FEGrPvCWnT!K_*VRl)2x{B4EZF>c$sE&$d+a7b)2pdjt)m{{A7^E*UydF?0#&^XG2_7CRP^0eXW0 zek7F9gONlbg+!^yhReV4&KEmQ&{RXIo?s~@YB_;`X%(tqw4#1>FFxf?QH?2k|^u^-B zp>>bu-yO!VN#~&z7e;6QhP=V(`7xl}yi>oDDSk?axC)zK78NKwB5I=T1@&dxL`|KN zOLN(d6~v_FNM}Z2Nob7&H-s++5D4kMnPs#TNR1*3y3lg+U|MOB7ObZNjC8rd0*_tv zCCdsZ1Abfh;^7C=WnKiY1(FN~yD6N@hu+K`_;of;UsBP<8)583+r-8u(Y+Eus|vrO z#xPBw{QZ~x*c*9=kW9)#B%p5m@RHmXZC!tO>>WbQS26Zfd|Y3UgRsiOlHK{;g<YF_;WIRc9x27@KZrrG#nd8`xjW6U)x3|(xe*@z0HMfNuq z>nC;AT;&oWqZ^HyeAYbqY1}_Cmb|BxGsf(^Nmf1e4Gl8aKIv{%@k?Pq{1g2UT^R}~ zuU#E|;gq`5ta7`vdKeM?oF1yxitP4~3e45ZA6*4A7j*fwTBDMvz6TekiXJO!*N5A( zPDux?JGs?AN)pDuY?+6$89EPa$Avq7AsBIHXzVL$jf(p^V<%2;wF)S`w*Vtsy zLq~T1^s%aAkHBRXHhZZ++`;T1iw(+xmpp|6U-j_mZ!~%4J^DCV0q<8SlGd~)a$Zop zsLVz@(j~Jc#gWgNg%l93oR4-LMJbFmf~OYlCBL!)c5e9eokEY2yvA4XYqiCvBYjbB;;JWJ>9IB~ z+mH=v@I_@|#{ALR2p5IB^g}I3xtdKa6SLbYfaR3g`8_R-tty5Y7HlX`?}N zlQN=*lbBI>$`E2lxgah`Z3LQErQYyR-nR197yLfloP{DX>HlpE8vP89p6P=OEtMgn zR^ZEkq7_MYG78x1y`&QPhy3@%N6^Qb1^hIi>9RYFFDqJAc zx%ogNoyaCjJxplmg4!Oi!>0X9CR>z}z=#@=IOq%+A276*NO+BCh1BxB3Ayn=GB4x} zRA1K`f4l_e5D!my>D1`QbgK3>y7_`|J1`2^mm683^<9keTkJ<_aMys+1l`#-glWM0 zbmShK2;>-!d6*icenYczw5BWFcgWqwk=Fn@a=!+cN*RYzwD_eP@=bbrf!*Stlkual z@m+$g*uNq9odLJ^@Fo0Njdieb4|+>R%1Nn}zRO?JVe21(5mb3{>H7N@XBz9do5tK8 z2@;>>4FTq&GVJfV)S>m_3&h&AUkYDP-lH2WZ*w)a2TTDtvSpR*JC5RE-st}{=5OyE zyLJmC-fRPSL(>;L`dLG{$6rD8j_-m-_R>b!MGZhl(kX6Xa{^G6dO~jI3W`{WT`Gn3 z{!HL_2&LYK+sz@`g+D&?*o8Co|3rk&Ux@>(H!PZ z%MPIT;;}t$+SvW08pNN%n}|KSO&-e$;6dG3?h`$myyriJH}hX-|DQ2k zeSJ$iOBa3p{|`VH_UP!y2oTiB3js~|#svDq0L%!IklqZ4LIu|kml@+ngB>L}0JWdq z?I&p$=qF?rXlJP>WaQ*#6=mlsW@Qyu8>kri)6B}K*3Z#O(o#s$&rh!2&qvcrPs%UR z&&S71&rH&%OHb&C4k2svBV|5Yg(tx=PY44P@PC8X3qwXZ*BC%R9x5n+<9`m+!PCLe z$=TA*{Qo1;E+1$Q+!4p?$xEOCbPy?2Zbw+Yguzb$ud5;wogTLhOv=x5tw=3|7Mwm1 zZ%4B<(!NkUoD{OPG!mXT)Sdi;XtzU}p5)bfbe=okp_A3fn$?>lE>A}ko|&fy>FN(v zJ{F!%4F#pc8{m$d{G+1of7=$HJFRZ!{OxnewC#v|H*4vqg!S9Rfjg+*bZeSL<}7pO zEK3I?b6A9_5ivbVs0Vo*qoxE}@-KGXgSICbo^ZTh2nfo*(88ser8zGrU7Xrj8&d{r zWiZ1hm?t=Oay8?A*ZeMQBW@I4F@v&VaKThJQ#)VR)f$VjZZM}d?Nwem%~MvdSoCg6 za%^RHX4>b5sfxB{w&vsueQy5MtmDb&x}D6LV*jvAZfxeRug;zNp#;cd#B zWY-wa5ixD*n-p=8??2UWG1IWnxrjp0jE!_;BDylrlnV)?3Q5NciRGZQIS24&%<0q8 zN8`q%Ph1j_mLOwXwT_uRe?`^?dbJ&?z|4XT4noX zZRT|t_iBA)=b74NHqBY)ET9wP*M{(Eu$rg-=@9=^?zqoZiFhiD5N*litd^`E#p3)1 zw3W+SU|EUI%=oG6Z8tvzI|MspwI6!V*r}Lp#m9{c=bb@|d0LN&lOVkR4=0?3LGm2keE+2z6KX9%)w_C_woJ zcxK`Sc_B)K$W9{(Km_&EfCJ#~-nRn%Dm<`v)0tdnAU~Yu5Zm(hHjdU`N$%bDLp(%z zA+NZo^@!|5Ji=de9cc!5hKu%7p>9y>PyX`vCV4AG2EG)!o~m=( zF<12|Y5`9)Sns|8`V4M>ZK4}cAGlkbA*nu^Bc{G*P`{!!uv;=Xb6~He4%iEESp38R zwlseFv#EIEy;(g5l{FU`q=%jh@H%M(2-|luq|_&Eitrok1H%xsh3gw@R{%vFq$g?5 zvCkeoH~|rzkJ0vY2+vB&;eK+Xppgoy}IJfUZssVLI ztH2MxdhA=X<7(I!&_Yy)G8dpa@H_Gpd~@PfvX1}_6SOB|PdPwzeknU*?@pM&-_q_1psoOV!uBu$ zU(R>XeR&3B9tA#o*=etMLw-s&f|n3~?uq;S|K-&qGJP2J<)Kso>Wn-PZp(%b0tnKb z17<+Jr0Y>{<>dSUx8_4meG^BZ0s0^>jYjahY;XclFLgsOeKc5pP`CQgR{^aoAB?** z(5S!1RC-i=^kfA8=tE%dkoS<7`s}$C1>dti{B&ObAc)Y; zhyGGXd--JC)~A{H;17CU8H4GKKlpsS2kVXB`-FGW*(U9w_!9K_PF(%K8QzKN<*6e2 zl64aPFpv|UMEuO)AUTGPd-WDD)9aD!@ysJXxywQmKrs&(TrD%59)mpMdj0)!m)#?l ze6lPkZn{kzAN|c#Hh~%W4UOwh`n88!!bfR-q5th;;uHTOU<9-0J*S-MWB=s4dqIB(>j>iG+uH@4e+0_C3O>ny+y+~WF$ld5?yEb$ zWe|PUQIgz*ABHm%q%i>H{bIS!z7=u$=e_~z`~&shk*hl|_433|MRQ$`e|@t-S&;+; z!gw*Z`(a<}U!R=UGYQfE75^OUr|+v17byMNkBE)r5gN zysAg=nz~nN1{i?@Oaa-BFR5;=FX)V(AgS&RL^dhk3SQd)OVhw9`d=) z{!?Ft{O%d2dvKy1ox#9roT?Ai-hyzZpQ1nM6X{(2Y|J2hnXYJsQR7$p0%An(HTc;nYfN9Ki1LD-mn0pyS9O0xIk=gozf~5=HKhL((a+}vI^XMt zdN+VZ|EHVB+@y#88{#&M>R^uSX{Dsko1yIm-fttK)jrJEf$LG|SiA3=PB3eT<8D)? zNWKTwqc>LZ&gs>*G~D7$WYZn#Y2wDf#@9Vj2|xXQK*@5*SKbfQUOj(!hm4o^M{nfL zGi6TxJN5|xp%u3MQq2(4PqA;wvld$KMjR^$Jbl#a3lds(;avJoB15K#L0VB;- zT>Eh$qwG}oi1$Sd=+RdT7*&2FX|6etlh+*7ZDR%flB zf{m(J;eC{ti-drC;tx?~R^Pw24M(U|bpICsML@d0i#WVzz#O)Ophii#XG8C7dcYj5 z<_oS_t$<1@edr7ji`fCZ9Ll4EtpeVuCl8(3TN1OTEXblPxsI9YKXj&VOW*KqM3sF| zMGs}Oz@N?TnKjE56m~(}I0VEAi`Q8?V1gT{60JmIt*Tod1cy#a+vP4x)d`4}O7GsC zN}2c@v&+SZXhOQmwo60+vA1PE^5cWV3`d zT96oaR4+*#<#S|VY!IDLuu9aW(K6C>g-E#Y!meI4V2(#i>|1Y4%eM z)@b=;U0P1%3k68KQ}(F|q|q0~0UtKa0aHnhX;Q3ob3mSj(iF6sFI{*$h^Z*NJKdoXcf}$^0Y;>jzj%3Q9gz0n9FrdTu>@T>HG$T z?@M8*gB11qK_u`wVYE+9Bi7u6Wm`GqFi$~y4367n=+`K6rE6Ut46JVz9>PNGP^7Av zlm=x5x{Bx7g*XnK$w<3=*uJ%F%YewkB^g9S$fMz@R5mp69@g*}rNg&U%Wurvj_b$W z-#2{N-VzRJx;Pv*IYJRexTOQU>K$M(08LkqL>X&2mZ60Ak9yJT;1S zhZ=C0B5gGY1lr1i5jL)Is5{d2C1(W1X9*)zyHGa;ReEkr0Woe9hdgE`Wth5QsX zU&unfh`tktpbG+ifx5$Eb!<#IxJAfl6aZ0U>->%jWiqRB&8kN6SXJFQlh`q|V`%%# zs_oa9M`Xp^u?;WVw(Z_^t$D}M{WDkGW}%8(b2n9C1DL}Vx0oBhp-Q@7$N^7s5+Xb< zhf31j^Aqw5kEC@kX3H@I?E*}6^F@jG#O;U5xhaagg@h6c2=86DV$R3wt+1p(B4U;t zwgt=zaRA!Si$MmwWq~w5PfnAd)+2oJ_EP&H$<9dGy`|)}?N>eS#Ti4Kgu+W4ELPlU zFLfhNRZ{Gm_S$YN+ovpGOWjmHTHaqSREs4qaTARJuPvyl?GP{>1PvYZ!it6B{95ZW z>9viN8S;{#VsB~M>j5nOdl@g=&hnGNY6NId)+KG`_Ptyr*o21yp#TrZcn9qXafUh>FPzH+qeb*K`=s3q!Ev8w$@wZcStiKFEyS@OC#*zemqpnFR3gYFQvk3M)R(>1m@-bLfMf=t#KrjrVm$S ziQbpyj=0kWxnIo`UMyEGc-=G>EC@R^pg+vK7UwN&;xi`JB+hM@gGN6_6q(8Y5IiR4}vQtz!` z_%>Uf%$KVU36<9pdg@#0K(f>o5)R<7(N4eE6Vsu;L( zQb-c!6kDA%<{huSQZ41U^SUc+05&wU^F)-lowh8(reJe)E=AOZi+`$bgn=CDMCKX?oZj z7-HU1C}&Ahv#$Vs=PfJS`SCo){81Q9&^caPwZt0s6!pZAv zC^r&nrCr)xsuIf5Ti&eJe-eZ0&FPW-If`hL)M4Wtxx(2ADrk~T3 z+C9K>H~S3INoy6zIAE76gLyXTsaL2++13H0`(ekXmF)zkNuH-+4Bw%643j1=VI@uv znYW+_saKVa*B1U?fCYKR6s9pNU+`yYD?oLy#82BU+XFNkmdt!mrQe|e5;uyRa}N8K zzFOn>*@Hzu&6JGVA%t8fTXk{_Go`E2$S|mxLqkL6o}m!Ax8iiMKxP-FN1rh>$;}(@ z6I-rp=sJ2&;&+6)?s7bY?sB&XW1U9qr%g0+7vWu__ch3xPK?YL_f>5w{1by7PvS3a zcroY|FNRTfUiWnOyk<`$@z*zOb&Hj)m3(EeT7oe!CB-0&epwjYw&V0Qd1)25!j7p{ z+;X|#Y|WlTmz3?Tq0|jkroHyzf>j(9)}D6*-_MEenKjuex@KsYWVzt%847ZYq*GoB zwl_>qp3>TUhI%n%_qrGMmzPu=Muus}>mHY`&)tBzb{h40U7#^KP?uromK<^_sG*vU zc`@`E*&}Wy6=6QHKs{y%PlD-w9kIKc8j?uqal?qEj4q=`Z`ZqY`yp!HRZg{N79br? znU@$)k&+EUTC{)5&6qO|Xvcc)GiGD6@tQVo)MB+b6o7WZtg(#EY(41Ytco-@517LP<{m8G zXj#vTH8MIaf0;&W8CZYT&`e_Up5flU1w0`2$Sc#H2mqo>55J~q?Q45GKSEPkWi$u`^!9%u)+Yv?b$4u^w}&DvTE6n_s(qgMAa&& zln6<6mXWwWPE}BMwCfCescqYL?A&$bRaakgZKiYYzWoOd-e`^HF!+9QA0=xo`;le& zV%3j5B+ITgsZX`pMpUZphm}Ytm4JAuy3^o%(5<;v-TDQ>p7gslwUAY@fK|6OuqqQ1 zE6Le?R?oy`LL@~SZ!RT8yXZKpW!gkaEJ4^#M=lU{h#oq2f!rxNdV!cFA_jJ^vM&SL znX7r>F9Q=;EuDBqqk$ecU2NEkSnkyGIjoLHa*3w#7z@VZ9^x7%;;dGKE}v?*FUBa; zvbvzBQR>9_1H^Gg4I?reqfuImjZu7@wS_Ta&l77CUJO$1#fr|j7q5_FU0P|d@8gy| z?vN~#r_6pQ@%QcYcn9%5PCnCS(S>N`OL;e&{Tk7_oCPxpg@~V#)aifbqJ_(tp`cXG zXcCrC4XtKjsp*sSL-QsfDwDCfI2f+aJQhxvn6$`yU%>R9BbT1P&%h2DTG8jnrt6-3 zSfAv`VmDXglF1AavcJSCDR&K4`X|eI;g}QFNkR~i4cy};3$s7D21;WESnZB!!N?jn zo$6@ltnmNR@g`Q<=arzxa?lF~OyDM_F3Ym62xa8^!5Gw%Grg_2*_eF+Q$txAA*Mod zrVM*E8GB%?HVKV>gkp`Uq&?uqnqp(fyU&eBW8Fjzmc@&85odk>O9zWMHQm*{jppby zyAjBFxI1b)fv0K>f|sZPMUf^J38T^uypZ*=ME=DlBv_<1VaV|k{h8q4I$Mx|K6Nd% zp>hEn_95;?`#S2fq^jM%g$8pv$!V&?x$7wpr+HoBLV(Q}lqciJOIXCMg%d*-h7EBw zoBc6$U>6Gk*&F`Pn7Op&@Cu79FdM@WwpOEw9-SHr0)DZv_-dNQjggt&O^(@bDKDV8 zNu&qNe&WvVO=5s}jW7+#en;3)Zu0x_IInY?nj6!W%{oNU&jW3(>4x6@L`i`17J_9Mijd6wBY%O`iB z7oRNWOE7d$aRmu1p`BEqc`QqQi_@z|l7HR}#`c*hZ#FIMgXGk!n z>nD@OjM<_u8j3Cugm};wJuJm!q`JCVuhQPPlHg^&rXgKHuj!cmN+K&J^0pVJnV_Y( zKv0n(n>F;hw6qpd&IYVJg^#3lo2<8Vr~P`u^#*#pF+f<(LAV~{LCy1nny2jdQKk>l zFAduDcr3NV&{J*g%i3e@Mk=+qok*N-Fn-v0wl^T! z8bLEzD(W+$J7JekmDE0u+Omy$kJYxc+HT^9HL_72f%*P@(5h)p+UukZ6Z_0}9b4ShkK=o4I@2DXK>z;-nWY_FpWs@%>o zBj@8y!@z!gF_9(_Oz8g73?kkAjD>h3qGw99=P<}}OYXyH4@P7;U!n~zEXT>=qy(FK z9#GJdJelp)lDH0T1LB=y~&?aio4<@UQ8*KTs zaN*C=u?IJ3U0@0qrd30&QqZ77XV}&_g4WQc*-$nF_sp98eS`JA?KH56Jh>VDz00uO z?1UqJgr;(Y73QeSS+p@{mCR~s)XGiKymTZLBhygt*yRqlD+TTzMZI&U^DmI8aGgo~Q0q&fuVWjXd=QictKK--*!C9}lOi&Kp7ZqB zp^Wv#+0o;(gNUf{03n}nAfL+zGH!97G(GlhzftG2KW)|eH1x}k*dB5@zxQvz)l(_JORTtfGi z5MD}mmJnV>_m&Wvbax5i2D-n5u$S&IA>2s!m=Io0cbO1wqWeq;H;ZF*rwN$*=w1_I z`sr>H!Zh7)LU@I^pYAvz#}>NhgqQ)k>x6JnWa+*WQikZx6JoZ~y(fg*=%DZGxh-N_^l) zodFBZu=xi}$k`m)YlG@|81FIk?>|$JrG6iEdNy6pgsG0R(Ej6T%IIghciXXnfR=l= zADayiRz(Vi=6s~w(6C)U#R5x09r}5S!!GI6A{KODYhE8Qox?<$j%mt3YQLYc32}e# zw6tJan_JAjt$k*LksJNnVlGy`2rF>n*&qkdLmZ z0bA2!oqjH;JJ(-+%xZ*!uGhoCN& z(#K5dTP%G@v8pl2FJtm1H05fMBVVE=?1l0K6;z9r{&X*&22QtJRhiKis#CATUOHvE zl^)x7gs(fd_Z@5MBD9^#s3Og2LF-kH9nI;~dQJk~Flj;SDaTQ}DkC`-w4UOrKPvfgCg?c`BRrRy9oWnlR>o zmFg?4c9*-$XuE<8%X)l`!*!^+bk)pqm9A3m(n^=dHMiSc>Gq&zx?6ppI>$nyLOJ}K z)$ExaxsmNuwPCi({tor~$|kAc-ftEa=uO%}Th|ng*}Gb#`N3IG!WW;Orf4NiaTc`I zO=*Duc4cXonwRWHrz_Hn)4{P;xhdX0NeyD}_@}5jDcY%2PGz=G*v|CgxiTHuc%GbA z=PNo0v3gD2LKcJCuShE2{&(r&(c^pcpdBh6Qmqy@E=m7Bmi}bJe>;zb<@j|PWb`g) zIK|tCm-8q|>YaLzu^Q9MOH+id-yhACy;Y^48mfsWx?h35q1A$e5%df zg)l*Jv``?yf#yi6MPiVmE_feNLXsGZ( zhLSL1Qn;^uvUw4b8m5k>gU5T`68J%qbZTLsi38zsEPALWD2f#c_X@#Mu+4PZTh#02fik z2NGh+8Nl05>7{iMWxjhcSj>v~KVs&q!f`^AA<2j!O`$9Ir!S!9WU8a;Kti zSxtSFvlOR+k;>5lQNe1UjF3{qLL;#%Wc0?Uk~_SNU4>DIM75&UwG? zA8FyCp|{6KZ_$oyH#8Z3dXIkT!od<2e`BI06DZXN1{D8i zBYul@O%&8~UDzk6{5RqLD(e1KI4Bm`H3OHk+0Ox!T|>+Q3x|^zRH|!D&Z|!R*Ee++ zt*|V31>TF#A~M(P048| z9rxNMEQh=SYWCoE9bROtIZA@n$Zu>)8 za4eB_OGa9rIolZ&!xY>#t3SkE(WcX8(Mebht9moS<7M9r=3hQFxMd;btTmh#M+hOm z%Nu#~p^!IAB1OLu8Lw*>!~fgjO+4UD{aj_u=gyeXia+)Wy)|RL)4-T3781_7xdmVB z?!~y0s+aqAgehwl!M(V6clzQzub)$#&}Z(vJ#dK>3jXy-e^pDOXZF{fXyF}ZbH~u> z0rsxZ(QyAJa6NVB(CPFLG~E&LyzYkP zwHCcarWLg9(Ia`787yV}>AGXCP92ubgjmyj?q_IVL%XkD z4ig(*LFz?!QbMim4W*TiUEv=cj|pRn76ZD#>{pAA!4f^u?dk$4t2H`a2*^;WF!BvY zxN-7Ph{P1${Zg=y>=&qa*rr-7fiOwo^;#{-#}_H4t=5LAjCX;pj|I+n`n#PCLiK%$ zpjW7GP4JbEOpWFF5Cpr+{p$tS?>|$p9CtQdKSgy!9eQ!h(Xu;XB0ap5x&I8Uzh_NH z7Oj$-{uf2LBd^rvU}ZVGiSDk+sibe26{<=ZfPr#tkE2hjuSN(n{@ZMX-ug*DXC zpnlY2@{J&;ex@uKJ^n_5N{*6Z)qUTka%r%+ezTwNGt;Sr!gP3=Kiy0gH#|gCXFy06 zAKHNd?o`Spz6`@-JUD+_m)s^#V<5ujULb`nE5chfst0{EA+;Dxbt;0>NdqRItgu*l zC|Za7KB;@T7j99|ANju3LL$pokNOn@oBZGO=W~|uZfkW$C%gdKU*GU(IvKRh+`eO{ zxpT+%-gMgBsJyG&lvi~pdsKHsU8+xo+7cpi6{bJhilgs^VM2zcYW!uTl3X5L{LK>n%8S~BTTFnM6HiNk0;Vm<;|smYx`646 zbU7n?HjHj48kT zl)9o_*93i=oIdtAjHDAh!Q20&1zt;bKG6C$-L96{?_xV=>J(jwPzwX{_IL@N4D1K# zz0;?IMWcECjDf5tb$?Sr>y7J4eK~svy2xAbq+z6fW5n9o(-}9~^_k@jb1Moje%NHK zru+k#`NxUDnS* zj;GMm7u-&!zu(>tYy@eeG(VHg)rEu6-&vz}`-J(rxM>ftb%}{`)us=pKws4vTu0Fm z{j_ieMX6K6{Qjjo|A12rViXRGJ6jA3`)7FUGy+$^3Uc~4iT-%gIV&dz8SJ9uL-jB$cPYaXW@0>aO(yV5&bGOUTCxT+u%=JN$>~{(*Am0piT)F7{XuhC zbkN*VawM5^^pP$9J5eTE+WskfWf1z`&uDE;l#momKoX&k72uT08MP@}HW&i5AQrm*{>z)TVaHXoaZe5xP}i$Ml73&R)db zV)$pkv@UWa_vlRvYgP5)7rd571_*znPl@+$^oV%x6~d(TB%P4w z;#$O0Nti;wSc4+M@atojGZ_<$dMV}+3vFn?gFAQ#9R<;d34pHk@LX_tg9aQ64# z>)yM2_u%$p${WObnlm0tFS>5%>l>o0UO`ohEeV2sXyunc8Yxssxeib$hkYFA0^Tjr>6 zOXp)h=$SQq*SZ$()SKLoTynwq3-^X6@t8@em4W~57HukJo56SNsTp^x9Y!5%h*5qs zrrPYA)z^B%ih5m~7jL;TkID>-)ylU`Un@D74dOfhODe6G2LdTDsF$)>+3V7&;%K zwXXIMf6hjo;^*~;?&%gD$ughA|1b8gJ~ocyy5D}>-rfgkilRtbk(D!L`tEF!5-HhM zXxRz%K}(KI8xmcol;rD?b4MOY-I2RXS)%R|N0d#{^A>Yo-af)+?npeXu> zivUIcD$)l1=THPmQ4}?bwg{S_fB{>5@6F8a-rgRmB1S*ZO5lFo?(EF$%$qlF-uwN0 zU-BkwzN5-z(oArjma3^0jHW3sSZQ&Ymt(R8V+D|}8&t+YjQ({9p5Z~r8|*3QVM8sc z?`f-DwOu!<9*;(Rs>gnTbg&;$YVHbu zFKjrT2ax8o{(R^Y3Xiv{=M+Rvum3%-?{%xD){;qnSNn)%9(OMnh-j}O_Ph+gGP8rA zF${uAqFFz7zf-%F8VW4=LswaAtuqlM)7BZ`AZ3TC+Y#5}P2t2NeGwMz z&vsx4kju>|K(aGNudtWE?IT7dX7Tf=h_6wd}q6tysaXk+T8)246 z&!8aHq#(30D$$;ak`&V+QnLK8+ETUtG?jkWT-Ry_x0l({VtU!eEgc6ec8AhMw1PSd z)wTHrF(aVFxP=^bah~B}isr=y0$MObZ1g#2je>RyK5SS>+iz(b;Ih*r=`XYcn6@WfnNOk7vlRhKk1Y{CB z7m6NoOUBQdi-(u)voI|}3;QeSqXQ8!n(z0CEf_X%xTt{e656RSaeCqkU7jV-m~zmL4j_GbwyeMsQ%Xa1O52K_ugtQ&&8n zp*x`I`&2z;!`1Y2(ZUb4HvO2dDzxv-9zgl7-SofET;INx?`*Hnkg5JK8Q*tlztnVB zEO~anT{C+r5H8~e(cn9;45e>opahxm^rfr}vN@K6%NeW)aT%XKLKk^_4_&3C#&TEc zyB0o=-^|}#5hQun?urjJmziG*6dbQXF=Z*-Kp~NRQFxhe%ym6ztoDo9KxCUO-7xSq zT+Z^)$sq#PCfGHkv7n`YNvN?vhTsk@&+zUHQA;^XOoqocUWgAE%_utM>aItHGP4b;Qs zpfq{x^`wKqejVZJGO5jkR^&;Eni$(FdQGU&?feVfiJP46qkrLsU!Z!^{r6$w=2XwQ zc1Tx*{&SNEeJUXEutq!)$`fca{r4pIelpDShhZM}CSIFRngs1hIQ>V}7q5kjR6XkY zq5F7$3%suDYl&Jm)I_hCHe!8{(jV%Ns`>m;|1~6ws0shv(}a!4`lCB$&Q*kSdP9Hd z*YijDtgjza{fCI_SI&)U`I2yZpOCXQ>l7UQ$gPsSI%4~&sd&p6gl`RX#U(BAc*Jvy zt1EKhuBPNg#6lka7NgrZHbuE%U@-<)V>RwXH_`m?OfdA!zp28BF{0z#m1D65+&VE|lTE>jh>DPuwQ*h{nAIrE z7YrxDF-xSWk&nIgSPe$wzDV7y>Gp9Jt!waS!e5jb^*Bs!jitEtd`+px$+oUpzlK}* zC2p5s-Z6_<%Pa=xMh)f_%&f&(d_MXVz7OI2c>Koqpg|_;Nyn%qDNyF8wL~qpWLO`- zQ^{?!7ON#5gr-{kKE2PZL0<0a^Ju;@DhK&J%z)qjy7l+fTaeF`NbeUsB{)yLtJo$* z66&kBDmvsa<;0ytElFkWpxl~}+Z2n}I#>et^KqV@C`rOA35#wgYsOt{A<6Yk_e*C_ zBTo#WW#@LDd3@=G^CM}*JtvkEuGBJaK<9pQXwXGjBJgl%ya;!ybl=`k5-k>_mWi^@ ze$WRa-6p01j3MY07zRXFT$D4*mDRn}q<+FI4W#>A%JTX{x&MC|{ zI!RGP0cj(yJg$r)0(v9Pk*T1@8){|Q`aD^eyn7oDKt`SOFyt?v;}66TmlVDhw-0=Q zggJZ!1o2N^zq)*~%5ETvda#yWgd0D>F8eBd4jm@F{i>Q$I2F?x3ljYA4hV>tZeQaD3NGz|Q^7+LLIP5AI~z0V}gbiZ^*k5NSqA-~%y%Fv{R?!#*jAo2>XdtMHd5P%G%=K4d$h;6cx8g3z*YX$|JK z9`ZrCR4QVeZxa~a)$;s;1j9qVBos4Fd5##~q}#-=J_EAtN*><|cM!Wq)*86X@c*#8 z!T*5?4yej@G0$=F+-orZ zYFTxZ|7vNThAa|13Wp)?jll;*CBglL`Qkt>B$MSzsoG@kakG9u6F)bJX7kV3SbB7H zba-rR_$d5K9~v7QJsHR?wkYx)cd-&$*KN6ak9VP)6M=@ntSK{|8KOro9l5fLYb6vq zJ)RyL3$_cm=*wT*?@!N;p7eQd5&kE~W#S7IxQdsHb9s-7QA^M|7Xy3&ffh1#6w*8d ztPeNH?I0CO4QjDv2}>0Hq$XDYdVSI0Dn@*#?y2g5PgJd24VYoYqkNgsA8niz>J>?% z8HLQSI;vMSeVYtBd{TqZprl$N(7;Q4f@A%uqf7N`JL)Q5M$G^zY+-mSDqz-SN{K6` zaKv;BE~u$Jky@;z^-`)Jl}u8ie!pf~-=X_WP@$BX$_#ifQH!tsFK=DLm8VWob?-aPnQexm8uQ$PR6fbS3s4CAh*{9n;M5$v_my@Pj#A@ z!}&AC##99r65Pzyg}Ud;YgYw32#Rn)Cmt*)qi^@BUHeVn?PJ#bQbTrfO7G{yYTA*&c%~p)>$Qlmd53NXr4DaWJN%nz2It+ zVtoZA%;`2d@|QLLZ26HUp@NkXM*ol)va`&717-IuFS}}FeGld2(jdDsPDg__MO4=%vqq5eoe!z$0t#MDfG$S5QJd~1 z!QKl(9T%GV3I3*E?IPbs9n{Q}a!efxMnqy(Lz@J}m7#-(x?c$w0EdvgFYtg8 zm$O9~qvvyl=kFMCUq$kBB%OWv=7Qs_j2}LXJdh)t`f8+V%^yB`SP=9c7LOtk*rDcR za=Xeil%~z`I&Bp{xYAzkmDVbA@T(xo3s{Mvw((K^vKl2MwYW?cB_BNvVlbBpN%h1D z`RL=~AxVvwZK6!e;%kCFmaeSCq?$FkQl*eC49yN@OO@I5+z=ZYJ8~p9GR)E=1AP6T;fCVz_qAI}MQHsW`f?O>_28)f`qb3)bWTB3|7}WtYLX77a~gMeROsYb zD1b47zVX4=Lx4r{2}{RJA=bHN;Ko!qs!XL?Sua}EeBMgpQQT^x)=wE0)|!In}@r9zBVh`!pvj+i zPBflbmvHl{BF1=<8`c7DmT13wAW0X{zuJYiC(kE>@>U07;K|vmuceti6k5yGLwmC;QC-<*zAXWhpDxA zVj8j~O;U%is|cf~!%s^f8Xa1Vfumy;_&}8&M4Mu2e+1oNmsBM7xJY1f+qggu&)wDf z2`sLl!)v6GiNgswl8OMSH+*zw2$zrCPoQ5wb4Lh$QVxiDz~(fgL@f?t9BH~at)WN? z*ADpvew0sErm9YHyopj!I*!a1k*cU_3BY#HWQo?iFzXWj`Z+}~ty!e!g*+g$rPO|8 zYAaS17f?si>5GKydaga2d3{GZbJTr^j~Hz$X!9-eb=7LceV63B_R%n$x_M%H;^eb+ z5wT&f&Cm0B99NWV?p9x>`_lzX&j;;)tz3L95C9^-L~Bsfkg)Stigdv19TSwQoh`p- zOLFwdJnv4L&j_%jM$|$kW)K)?eQoIQz`XTtNEbnRpudnheyR>$})TO93M)oFXnw$!Wd~fNTGm~D72=1`bg&+$H)=}}gy3jDts(I={u$GV_>1Xa@iPp&%OVpNNZ8u_-FM2by zK&q&%Am|?QXwtDpKzxx66+L8ek50gSpw%c6jC9=~Uf=Y(DI!qQ>#^)08zSzlMwF}i zTk`vn96`QEq){b!PcC=Ro)Og0`tzc*5~Z<^s`;Nh&B%HUZ8Je;LboM6;+0Kv%cjn!rQV3r;19BHq6Om~YY-WoU z9{$U`u*9OMWou+Dl^$p!fLq~n#6W9DC&^#9xl=8)b2SMDZ04qD@-}+ZZ>bLA67+1U z(r4%*BK|6OG^WEADwsuB6h#0tKuk=s9^&3Wb!;Dtv&3!XPNb4@)I|_0u+{HGSQ5Rc zS(K&TR#*o@gVuD87{oeZ3nHbY-idBTHkD0vQ`^)xqa}lAI?Z~N?Wr5<{Z4dCW!<#h zyP+-`8(Q6XB~m${N1WJF!uoT;X>D#Hda=Q=fYH++Zy;QBu6HUFih(?wu zgM33-wysm)oVrB9b}7HXHWUs)drt)`|ow2WGA=oyz)IH|?S{@W@Q916`{ zFE~jbRe(Na-NsB(IGd>SO>#_-Z*pcq^s3G*6{cZOIc)1r$e8*TTsz>Ff;$O)cE?gU zvmfHUzATW@*)I|BJ7YXj9~NsH+t0uj48&U$b;QxV--#f7^A;5J1Qgd71Nd9Kt#6UN z!+Q2sq;hP1#3ADiVQ8t?m@(q-ZIzbX#c;iam|KgtBCkZAh+#N#MV zl#Hh!Ylx-28o5Q=FTo!P(HKX2o%ZUKmydK4jia#K!VY7C=%m$GxJvSf{I9+S_r7mX zWi}GT8#RHIXT6ST&^L%(EnG(fLZf@7kcSFg&U1Fc8x?24zw-E+g(17vFn*FWH7r%> zA!m+G6KK;YX`?8)QBPz0=p|g?;~X5td_*-Hx!wiVtpRGy995VUI7xt)Iem zVxnQgbp1f33$Bd#uaqM*4;2q?AV&|)+B_jRZJrdI zHctsoo8#;qc8OhvH-3&?VXwlKah7Ml0sE&}fz87H1e;?F_Rp{)E5ZI*HqRDd|9SQe zR%VOv?*6k{v@li71*C*tIUG^>3Q@uwwVL>o?-8@HFgb-CdmW&HFo{B zIrAL5!PeoLZEvRp_E>ck_UttR3flRINQ)A4=2Yl;(?KM%0u>oA{^Z#gW479KPyuWqzTY zUR+v6Xd?kH0YA}-M6rZB_#Jm}%g#YVkjct?5fxH$x_8jMQf3e5Ye=JAE|upBm1ghz z=E=KVg!u_oz$82v${MQLvA4XKAY zx4-ONe|XngYY(k|i)H~EKI$CWYP8jfqcckMI))QlG+`g7vjkeY@=4mJ#Pc0=)=Aq3 z=&mk?%Y}RBxSQb;;$BL(hpz0SJ9`Cx$TVL|%4t(mQ@K74Nt|5qAXY%pEtHqVaSXo0 zh2o0UND7w)TpMg8?83F;1gDVcw3o^&p1hzsx4ugXGYuIeKpOinB*8CS_~p*4g&W)q zcjoGfbE9D{6^kp=g;~3i1n~@#^vv}YxGhSightXvDSj0zogu&X4UZe9VZdm2)t+yp zh{8rJs39PnYwNHZs#W|C>aIRUj`OU~%+BuZ?w!xq>(xyYx7}Pr>~qf-f1Dl1aiTP~ zkEFp)NZcm1N=|z>v-aMtckgD_aeUdeP_CkmM5zBj=6%xOK-)#KnAt){$nb5ZEAlac|IyJZ?74P0X~6DIRkZgp=rj9` zfGEdK$ELm!lM?M%62h}NGM2-yK4@y67J6^p548ol71U4F*>i;pR5H(7!d3+1GBJY0 zdIA6H@L+}G1?d+&TqpV!^-xU8IB;fr1`I1vo+@j{?p=GPLE0jR=JAKd`<8#~&6nTj zCC9GjsFw!#idxu-D--=p$tC+9s_fpitFnK3*F%*(`}Q9jzoxI=zTJCvP2!=+%Km-( z_U@BCUKS6PFq#cYplg_FcR8?46pLnz+6M@2QtvS6ch4ynjQ<<*$^Y=X#~6 z(Nr!Ia7n-r_Ix0QbDLmC-@AK(Tua=E;UHLk?l`|FRB2%sH~5*&hqO? zB5YM?B$JVPhMQ+~ZZ7bjs&mkvB&v^n>=Y>+$1~#~kxhBKK|RwMVD+s#4a|A9RXr<) z$=U89{p;TA0Gt1Rl=e2I`mCG#Hr1{hWi@z@55CV{RZ^ZjGjI5V6&)kn27fd)OPE6!_1$k-k70stK)L$v;QtU&jS@&vWrZ4K({e`OmoAQ`$!!AuZ2aGGN z*ysl`+k@z4cApoFG$am`Xo^*FVa;`%%PzKT*BnkDD+10<16fYh!k==WQK|?hF!uwN zEhTVLHscXSa6aZ@32j5^Hxe7EU-5_uv07u#H`1AC7%_`T|4(i@j&4u-vg!y zrK;B49!}EmOhN{o=$aJ0#`x3vf}GF?)FveY(@C5-2PAxhaP6#w^nFi~Ln_1BoF6sN zt853+=S&iFexr46!Yl$l98yFCsBMDAvhUH^x!55}KZjb{sAX`rsr@SuCRsi0 zS3N-xs5YRC<7p%f$I!;&*bVfa~=?teQ5(5I7w0#LkNpF|E=dJe72P$!f9{m6jm4+vKVa?V# zZpeJnO)Q`QpjchbuBpy36Q4s5G?o4%wH^s$@!4CMi;YFPrgXn7C z7@SYg*FQ!=$M_g5N< zBpLwjagO=;GyLLF_+m5)U+rTE7*3k5ih14tg{?@skm~>B&3&<5Hd_i_1bObHcb{`Q z3RHE?3AVQFrqgx+t$f7#h01fbc&ycOUfwHwqS#Hu7cJk0kg27Q^78|DJ`%}_)vwWz zV~j|rZnYXdaby|}#hNrD-^egU-FZFZ#XKQ;3%Dll;Z}+NA}8BNnhd*kI9<+U{FYeO zQ0eA4Aqw^IVPx9kyVHDKw^Ip~cVKHovxa&7)W&(fGPoh6T3adRN&X|LMPD&COcmD< z575|ZXO>s1w&|S^5J^ISax|$#8$2VD?F?>-{Ye?dw6zp5()yV*G?Fxsjq`U)fI4KJ zOesgRZ~wnD*h5X9t#kZn(xBe=t|@b1`x=NV_uf<4vkUfX)$8|+10zVI`Ef}h-yu96 zfpX*P@|37{8)7OO$kUXyXI`_m*Jt4D4XF07ychGECK<3ucIx2aXrA}-JkMq_PN|U| zeVbD7E+SN(wdd8`svTBDm%d0x&)Q~C`gFOG_TDu z?-*idz7cq=X&~di)w*`-b!AnttAlh&slBn_q%~co2w>%6$XJ3(8U3fsc{T&OMaA?} zZDY#KR#e_8U<0KlU1mXsii=lG`av+!&8Vvt(OB>4r=q6r5~Va!NVz1V6$;wu9JI=I z+ds3!_Gg;kGE-B9DUhL9N;eAP*7biX&=191BJI;b>s$hV^Ms+TM%L?QOR0UN&;o|( zygV4|ze%#&?V2UhAPNq%=ZEz`V@vlZ%2N||@R@ikD)?F-$zl_c)tPATerL2)$^{+z zYKnF7or(1fQKV!U5y~DXUI;$yaZEC!i%)mmm78HFlT>I79hS#^%Qro4EswfZ+gU6F z5JR$lERQ}xf6Fd##b3-FKQS|rldZNtwbfeG=wY!ft&EWiXW(+%v;AJ)JA39#dhe~b zc^1wG55iLbGdVn%R{<54z^ef`%^Beo8fAOsy{Ucp|svQ19z!`9e2^9vvdyv1QrYQ+wnN##`5jld`EzfCi2n)f5Ur5dY@6!K<3kZ z;hbx$xSEFF%mAq^DJ$d8<|APBf<5GjGs0M$@IDSmQx9ZfQX*PZWMT4@6~)a5fuYc&UaCYclXzU->GQfSi50IE}W zVCBfl7GOQml>!OeIbJ%&$F1geS~LY(G{3AuLIyf^yU2($)VgxYT=8!iCZkmXzJR)NwD_ zK@lyG|NFIpt`1(Z!`nLrso`Rt?p;`?T|1;*bVu!4Eo+WuOQ17D+`GlKT({WX)Ir^b z>2EXrjd;1|-ENtFz2lM-{05MDz$j3y zUNy_SWVf!g-`Sz}w8v`BsuREClD+&YwPr?oo=Sd1_5JO-$LZX?{d&J|KY#eDwQ_=! ziCQ_WOY79iSw6|_e2w4iaxJ3YTrS;BW#<7L(J5m+Pvj*eLI;>|$o=11Iws;>!RN8O zz-ofu#n&tN`g?r+1HN9jwD`m@Y`pvZe*Ag~zrMvH6%Kjd>jk~}C9)Rl#f(enf!(t1uiuc(gbbgG}=59gEfg@-_xH@8Qbw-_GXA7eXIVyb&u8-O7 zPlw%62a@0xCwac?BDu^KC(VTuHOolVQC6+{=nKnhK|)zc!+$=97#S5^V-qPjs1}za zq-Y^$E-V$$IYT1Emvv+niMz~wV{!Q9*kWXiNt)XbrR6rPRIjDEjJ`3`tVpi(R+PNe&SW4f7fwIqE3SM>%y= z;3HQZ4REiPj%SpU2u>Y5@gfh@MSIOi9R`g`16Efsf1F-^9xd$+HCt`chG+T6FgfCh zR}7ZC_o^KhIZMXsTsldwjz5g**}>MeeaOlHn@6?eJgBI>otP{+5{m!etyGPkUq6+Y z?n2JyXT@E}&?pQQ^B;-o@P$7zssAPhw@p=w0!XPcOw;>RrdQ%|oF)15 zkButbwc#r1QYMPQ*HQQzp!Rtv{9&&w`_@QaAgcO*+Nv8Eutv+psY^eJD*CTlOJ_gb zmrY$@$QjNJ@jrx+4QDI|>(%@?$($*SozF)UCZmib3wcR*RM8H8N>w}lW(dlan^F~> zsn-;{SU1C-_B7XYr0uK{Wl2yIq9C6n8ms6@&Y&l*K~M5+n1y2s!bakVg5W5kAbgZp zN5wZsPlA8J0RGU{LzyHRUybM8m8tbQs5xM(lB!NHYbsvW!4fhjE) zl}5Wi(rAmM(Q-3Mp@TZhkShaAttHNB%Q+waU9@!&nVuWgS4=91>HFt-?KH}*7agJzw}V1l zl=yWE!s~L8j&zP`0~(HbDv;5bJ~aGVTa3<3A7nNm?&bV!jfPmJRFY79KNht?C`Rod z=cGUw66xFj5$H_3{jg4w7B0w*Yyi{gbis&;<#r z(V%4{SOI9BXMf!3=DP*uL`a;omhTP#2jWvduz?2w>qe0#%)pwB#3`NP0c_O0&B1`MmkbKToIAtq+23A>41U|`Lu0y%eJ+0Gvj>^bjk}Q`YZnmPszykP`*%R z+r!iomb$ORKqe(vD=rVNSvA(bI#jYlPyD>~sP!3|G0pq9HhHr)?V(Poy=m16zTGK3 zYiG+zmhiax9Vwx~9q8g1`+Zn~^hV)67F64_ii)>@;E^~d!_U*?oynVlEExv>99bfG ziu@|R7|4OcJJ{;*YjzAd+|TNed*HznJ@?pyk3H5aD6IK^)9OO-Qg&AK21S8qx?Cuz z{Vz-9=T~wESnv@W|$U@IQ=JiuN?R!QgAKaU(gi5DcdV4AvC`2yT54lp$)0D zOAB^5jij>(UGp58?nKqhLv$O=Hq&E z1U`~=c=CH*SUKaLY1LOGS|QRz=ifps1>o{mM0$5s;i&(zEk=UVO46@Dznoo;$j7e#ws zVWOYR-!%NxEp0yt(|des1(I|-%fLKz%J5&@z2`u8f=<b0P`s!2U?MMNpji$UTBQk-1Jz&Ma?*3tV`hV_z;H zf7Hq$x_1EBUA)ze%veqk&^cr_ao6ZfyR>Sx%d6JAE$ootUYuup_AZjs21!o)EXipD zB&UrMj~fauJ&Qz^1JBwlpE=!u3j-{l6-Yiq>OA3p_veiWh@;F2{QkZT9F~A9r|L*j zn)WO{p(5qPZ@(_2IHmZA=$-W-=}S(9#sO?*D2I5D2!-dsy2Ii?{-H)AjtSas#C~yn zkY~maMKW1tD{YimST5eD(xMAIN_#_mDH%u*V~QryqrS`$0L3U-*_zMR@OZ} zCKc56Etn&uGh|H$ttC34;Fbm5mYq+N{*vjqiA0wv@Aps~^rc0EDh+p61= zG1%Lx_{`DYHUr@ZpA>G>H6Nd>=yiS%*7()px@o;@6yMlY8!E~1iA|yly$k&43()q; zF`9_@;{3L){EpOWmJL$g`i6^j@Igyyn7z@b{9vvX`hxr@fq=zWuk00dg@eD2)XeYT zfHG2@)&lJ!)bACLUOXM-7c`36Fj|;1aW{}L5kgCyL7oMDrvX0@>$@Q zF51DBPO0N8TEUf-N(T(FucLx-qhK|cYd=o*exvopi|)c3(G&|gCUl`U-8^~!pQK;AK`Y z9M#hvjBrt}93}ZjJ2Xnm&oGd7*U%!ofc zQ+-;68^=_H0egw}FI7Tn35QRK)VZy>P1l=)TNwK?DV868rbWx3QC(sL57KYuImAve zXmxEVf)eni_KN?l&U|NL9grddF>CMNS8L?(5PNjeV zbj~-Xx7Q4+4~ZDh!|i`OY={Hg6rZB*YwyHALOA@)QvTcWqzy~Yap4_%$I~BK+Po(_u z`#&NzNhFjkC+;?ZWRkse9et8`;7NS4Mf3#{c=E~Y-TI?m*!NnxglpU+HNM788!IyU zNGBv2+sunL8!r{O{4n#j;AU{Sh^YzG`7Mq%05VHs<`%QWTQzeFw!$jE+2Cg7m~!+6 z)VdbN_IH}Q^~y^MQfsE!8;E|Wg&%yIcRx6za%)~VAs+!=y&pR)$CGsh-0*&|u=jxn zmQ|Y0B10cY;!f~Icw)f|31GTKmGP~}9$p1!7_L6VEz@Sq_$7&*rG(!2O^fq+I&f}g z6g6w**Ts`^4Z&0=Kc0g=NbJzL%y=su1{jx2oxxH&*KymxOn4MK0AQl<1a7{M&lA%M zYBtpAa}QxY*|<2<=mOM=gvJd=gc|Z z2heh1XSQvkFSn3rcUOTeV=C=yYjgD4nDbX2Ycr;;O-yRo4;(4a$2^v%SgN;V!T~HK zS5Unk%@{IA+nuYxnn3DMCtAw{Yf|aU&coH&AOmUTp(AtJ4n>^SVGjrIjQHdn&FYdVSH-q4ool)Lh9G95I{!UoDZ`d;Xq71yL8dCqn`*r!NnV9i ztHR=4YC831N32RZ%gdtJl{HD%+9AY)wWhOJH1W+|4Z}B^5v^TlQQF5F+}fr2%q7v< zX}7gk(AqiG+AO#B@)|o_W<_h_k}sh(uhO2I2?hTnwD@t-I9)8p!CWqu-yd4n0YIX4 zq$2Q)HvPMlKNW|6Ny>cEq^LI@S)cZYWqO2aV*ZO)01lrM3=f&+sUwHUf%dC4pC^Y5 zQ_d?$JUQ_dQ%v73%`agfH+Uv_N>3+-am3V~32>d9A&vrOC8GHxWG--iSseZ%sW2BG z0!der_SANfl26l=00U{4_&gyEBYzyG@2&<3X+~E)MH^+YyeJaPvKw4OwbfgaTa@ z8a756Hg+xUJVzQfrZsHrX3V2u&_YiB|X%>gP|WS^moZ7}cA6q*NK# zRmgBn;$Nyq{7bdqJPw{3bOnJ_`-IZa6G}s;#p;i#I)geoPCDAJ;6n8E&(uzPQmj1J zefuw_{KHiBOg_OXnbfpT>6+b&F+8;HW_=()OA@txw43OTV0kOOIWKgRNT;H2b}w;#0ws6>jB`?zUN#}d z&(#_=V%$=Di^!oATC=VBx(tUZD@4OJLs&(cw9D02Llh({Mry*R7Tqmt$x#PvbChcx z_bdVlXUJrjuPk+{wOLIaX1L&kSU?4AR+Adw@}^_LyB>G3fn*CBNr2@O0A~!U=y0XS z%*)M2?b3V>BQcjP7LFf#dTQV2vp!|X8imT>svNVV-CQe)pH)W#(0#LGiPE{ z3Ou`hlAm}#js?yJum6YQFfyXDHph@Hv_~vr;^gm@gvjn|hk6HdGlCjVk-t0RoCpH+ zXgX)zvRcQ05M7l%+=)ngguSp)qQh(32vb`iGO2u`{I#g@h9OOpx}Xum4rH)pMK9fy zHZ!n%IoYW8dPTsvnAl7-2YGJBRkDl&)M7|4QSjmo38&s`VN#dFf78o|1*cZ?(TfAU zFjm!&AE4({G zr!X1|IM6Tnu+JEr_l}$@HxPv&)c+OO!V1w2yB=#Rwak-pz2uQM<@$XT#g<38vPhgG zGh#^7ivHj9q;ZD^_iEXJA6SfFd?HTc{@5(xlfJ<}Iq;A;&xQ}RSaL5qY|(bkSMe?J*~q-bqQx&%*Bw4jrS8Zpz&!YF zJBBFzSy{H45a)ia9p`hmW!>WuE`=W%FG?q>Njy|s zaf===O5chC-KLQizmD)Dzh!-e@^u#@A4Hu|@%Zgq(XYUz%V!=FXSUH9s~aOaa7&y$ zihB_MzD#uBwkVV0tHiml$=r(V)zM$Fe>KuYxnBoEC0)_J9laf46473~G10bfM;Aoh zJg67Ul{ z#yRFWaHEradp^`xD%%jExOn5sHK)lW4!s;s=X<^jat?xoMK7`-=dFpwW~M>0!{tVW z$u_vYUN#@rNp!K$@OR4SM(!Yf9@ywX6y0)zQZONH4!>i!n(3i+XyyxDMaTwoKm;1o zm2u7x!lYq<>h5@Ty&G&owm5<}fQMQuFCUj6ku5)>dswSA>^4`ht09JIeYvx2n2)$d zSJA96w|a$Q2`)$?7Za&f;t0tt_*JKFgzot|AV%3udR#uc$C{a$;mHCUitEo-c)2Ox zowbY?lX{X2+T7%m!sNmsFa1ib^@E$a5SQpHp7vkixd88cqqe|1{uDvJ{!*(3Xfl57 zWmGvu{9ZxKTaEC~5Q%ZUBkXK3LO8_PD7}7Q!zK@+2JtQ&%m=a@H0T)|(_KtGac3_Q z#BS5KJ(7odRwj)xc7gNH6bkD+$_w&n<0GrT6XYBUI1rplY-_p;!V_X{{gn{|8+_ba zf7(9{i+eD$A^ml#<^H=7O1Op)9AvgRkKjN&sI=5ieG!tO#T2cqRMzzY%FhzYRJPda zZ*Q)&)fZ++)*)h}uT{LIJo8C--_|!3>VUU9bqSj2l`y@gT?7OB;`` zr#|KJMfd!VTk}Yfn8K3AHNc<{2`!KE(e*P!ZuaJ&5h7OfCmUFlV#<-o)&y#|M0O`? z7M#4|hDcJNpGwF?)M5u-tt%bI7Z%1X!YX(-x78GHo7?@V7Q%_hL{=&2uJ{ot{Cm*> z^53ykE5BQFX?)|h%KuL$1IW3)vV$?LC*0=|CEjC1&{~rA;W^#2O;XjX;)EaUV&;Oc zQ=uY%GvvkEC0=?TpZS=r5LM!mqc=$Vz9kBDbI`5-d&rHco6_DImsCgd)o|znaSX~~ zsK$Ul!^8+wkp2!CsUWZO3n*JtYS(t}aH5#nmogUEVU5R?d+wF{CbzIOip!1!3_t#`zn{BLw>vos}T# z{}2t5jG36>#KOQ-)YVL`R$M3oJ%5?RmB$cW5(BnbcS(-}!5GKYTPq)tBk?De)+lI1 zhBRxENm)7EP81`k>#HlIY8@-Q>0NPLAf_^x7ucNC@`0khJiIGQ$_& zTD(@B%EIDlcT*NRzME3PEP5VclD+tF@pMGV{d81cSGH3g2fKIc9` z%4bJJ^U6}0=(=6fUQN>*GVb(vGvCgHvx-4#|+BWcR5{MDqH zw{ZVN$DEV%8_`X=9FtoOop%|G=>&o;!`Z_FyeV>l+gT2|M%>M^xIna~S-uCqlw!G! zB%`GQ zTpmzF9L!A@e0E1ot8?_VdFW-qhVpKZB-^ev+o22{e7w7-(~@rP8|E zTy1a$NSS~Ws+|h&2Ak_f8qFHvU`i1yc~5iLv~EOaugYLive8XF)hi;3i`Q)uGRgxi zVTRqGy0KdAdDz#vdp=zx%4J!oFQ6<;%M(hfFEmc%UVunW6kZS#Ig!u0ZVp5=LJ&oW zrlGwj2AQ~s-pnUmNHmo#`awbM`1B3A~9 zrv=yp(SfU-<#J;RTgIf9iDg{oE*QemjWNd7CW-26CXy9xUvG%020V zIVyB3)QgJ45MY!zOHT|sw&zDw0T;3B$I$mkwsQ83W4V(rpE?Z+`>f$2IV&dJFT$DT zn|Z(ES}FZFCYGQDEJxf++BkVU9^Gjr!+3V7V8A4as<{*10|Z^W`&~p;AF@h!{#YF9 zw!76841#Jqn{_rY{NtYtYU*QgSTdRldJStUL)+S^Ev+gclVTCz{3t?#rL@=I9$<@5 zK5Wz0JE&yx`LjVa8bn}CqUDOkoflTz`Rib7{WM_w7GJMbIu6EC+qh>RyPvn6y=1_t7w zzht>1cubET!NkIr(ZG2p1H&b=Q)~TX9jt&1j^TpyaK@wWM>6lD85Xj45$5p_8`= zh-v+Y#`10m3X_EXVSnsA)|p@|6#qi$co2Nb`m_f-A(J!E|H`ro3XjOUdeXp6q5|-~ zuGAWEzB-hKLo~EY&6evA2;heGqs~lzq#wrx&L5IaLLJWMLefYW6}i6?jbZ0j_1t;X z!bqUgG9R+lkIsi?nJ_8PSy8lSD;(CO6&;PH#os-IeJzts!ia)!UFf?(@rCCjhF2hq zou@^6B?H3xTT%8AELyW%A|^^4Wl|eB?b``ql0|NbGK-R0g4Lxo90}hn{;uc&+mKJ< zeiN&!tbThH->3-E;9I5ZGEd7-Y7QG zA-8W0o3NbwC|NWJ$$fihgCyI5>@7rdvZqVTxI}woRip0{I2^Q#OeZaBs*@N|ox~{* zbY3k5FeyjfS!iz1eE3-IV+`wzb=cVXsSQ(j3ar3Ue8y+O>?%k_%W z#1$0C*XmsHOd@PEBjd0tef&$vewSESPWb*%C}!vsb&E|zB9`ZFs$TmT45`OuURj%U zD0C$+*eLB)0c{kkE8S1r2o3?`SnMW<_@i^%;zgk{!4g zeY`Saj8812G+6b2oAKFM;%<&#OECE1osqi{a5$5fHAW?lv~7wXjx9ubBjT?O)F&_t ze-M59+r3mbR<#zlIq!61ceZs?)!1FDHQ%)zr<-ayUHeX|nCZR^LnsXL?91ek}3+H0(v5^qfMeXBRx-7c;ly_W9At0V8T7k69pd)?${ zgdnkhD&D0XgzDso`F%{x?_U+Y9&7IeSasEISk-O4bT!^hEha^o{iv<|P+R7ZD5y6N4t@@nkiGAQBwh0c$)qsD`wtVTY%NZ&D3AbPYRh?og|fE{NCqMA`Oz zx_TR~YX2Nbb^BeRYeXF*ka>4>-jZ_P)*T@lupQ;Yqnm}7B*Y6btm+)-Yp50gR0+$F zaD>aoTZ$qDlk8rlBy-GyV>ZN`oW;y*q}9maE4S7%t02>Cx*-dlhQ{_VGdQ)vQ#{ix zdS_Mtwyd1sGB7IR%)XlMo>?!!XHV)=CYt(0^MF-W*nPp>AwA`uh9)1Mq;`C|wca4| zZhCqO$4c#PsJLdjBVQai-{5iXE+H_xzEIr(u`uLKVY7FDNj%+IUKt>VDt^)+)sj2h z%<@;iVF5~AY>4jhUNfG=abHL4^X#iF@TMzOFRwt=o+kunq{@yD>m7S5Ssv0MMSQK* zX2(+zhO;oU=Hyrkrtm7U;|Ats%mY8sGE?8Os|*p#VC_}#W4evkISA&M7=k(Ju`ejW z=%y26qlN3$sAi5#nLq4*5O^gR!79nbi}KyNSlTg9k$T z0-7P?Q4NzVDZ(R{j!z$S*;M#-^GnUL#7}BffWs?{!3w-=WiQjZ{O@S-;Gx=~ z!yy%^J%deGHC>yUJ`^}Bgc6p=ot@>;l*Pbcv4TXshP{yNSsF6?viCvyLc0jnulJk7 zg#YD`%a-dchWr;cE&i?67wTTN=s1Q9QIyH=J5|No5!f z5^koOF^hFG-l5iW@8)1&?{j+KhjI`E*>95ljC19v@?a9P?FAeNfB85L zU;uL3*oxW7c6Nf6LF~#Lkt^4}tyZc1QFB$;A2ro`KP6UC>K9wBn)@Si$;Hqggmso= z9nTCxKOBH_*08l}_XS zC`g&=6~^RozJ>F5X&Wq}qHq2bUnwN^Z*YLO-}wPP{RoG@$KjuFaH*$>T>3w8Am-oy zqH?&5C?}G5`b0TFpMN`ye7{Ov~Wx4h)b@+B9%M2yjf@M0E7)hnX&@0YLJZH(7ktHs7 zkv39dr41UR3DP!20V!$IDox{{L5&nh&^A8;qiBHw`L`|FqQ6qKe_9l1VbpQI%CCp9M)C=7b+9rc5}O)GIY{Ipi)D~ z(5)rT(rt3$y}Pj~G`@YuB>A3;Yk>pg!|>;7eIn@|K6oJ=iJY^P-drV$yqoNK`lz{I zYZn$q3y(b>Ned+=hQs~HlZ-Lt>#Ua=_i|_wvB5zJOYBonS-Do(2zVmzHF=L{lPB|= zk(C@}vUbs8E+I3>VZQ)^l01_;)Tfh<`@48f-!`|H*q72Oonn?X!Pyfyb~U~J&3SNpsNa9rfUMhd4c{8BFc!jcju&Gf+(;Mq%;q=ojMGcs z>7d)$?Z0}tR{Llz6t+t0k;j+v(YIk@EsX71Ui2b=2MMlAWR!Gja{?-?039a7iH)_t zzg*oQD>Mb=M>z-s6>@$y!Ed3QizA%sL7REPg;t(>e3_f1xF1pfvQ!+~PPL>hkL}H_ zV@oa*G0wk%hqj*Oh%+?za>; zA`qZp(p_PpGC=JL4O$QAw2~G!#tfYtk$*cWoEkF}qyQn7_~7k8ER3^-@M<3!UoDfZ z!4kR(TEQn9=52&yWQhXh1k-Q@mSU)l!BwWRga+p*R7BGMGARfx&RBy1agl5H-^9{; zgTT+Hr6D`!B>eygwGS+72*9EIEFB#BU+f3&aP2;)fxE#>H;pEzh1@iBa953EaHpAs zn^k${(=$nThikiO0DLJbb=&~}hjumXX57J>#tn1EA%Hk=26;8a1(l1j`vr&`-&36R zk_yU#5#a^9PwnXmI(213CFj+=vIG@MD1-smYpZK0tXE0IB$#OmfQu1pB+$z*Ud|VV zpJikvDw*qv&BEg40) zVbO(G$cd`S0*FXmrn%NJu_Hs4vdtR3i3{p$HTA@cLboEq@tn`ut2x~whEQzWxA0wfu456tEp{YSaP+9ujfl1@%h8i&p`gZ$)JNSIKVc}KN z3U^{Q3@91d4l)zpe-C8le+hpWm+fL)HllFZuHz>r$3J^&dhX>DzjE%?)5qr~UK&4r zhQTu>TS3UpFuWH+>w&>qw%ner1cfAT4ax$>o0#9ad=RC{*uZAUwnk93u zv787_Ng{ubp=u_UQ&^Lb=Mo2x-rMz5A<-lvQSS|fd{fj9B3}#M{}${M8*35r?e70w zz5kBB|268nU%z2myzgkp`+p3|HU3qJy#2RGo}{(~t<#%oZ+vBY==|-pFepPC=7-E7 zK{G`5rrrhNw)))>zmA|sTJ;B_Bi$GbXQ$=Y(|}saK-CJ%8|2L2WvQ*pLpeX zzSx0h=U3evl;dn+rbhq7|bRS%rpdkFbS>$wDwD~d`sp?7-~nLm0;=Dw+BXB z5%|F@2laiOU$H%|2xs$MjVp3`2!Rw=RO&d2u1$v#s2|{l;%?eax~aCq==hjWLHHiX z0pfblB3AR=`R{Hhd_c-hStnGU{+bszHDEr=nS1Q+K z^7COI{^ji`ac?rY&nHWrKrVOG%3s10@C2f?NQ%H-Qb3 zK&qJw$uDuO({8j(=|G^yTp)sNl$B)w#f}hoPp^Ib711L`Un;{H+LR`OhnmG6L10%^ zb!JzYcbTtU^+FbKLF@^j23|TWRsfA`&b?D@=vb z^%-gVz{nzyY<_D2dzaBl=)KR$WO`(}sD1Uds>~-9bpb@jl|>JCL79UYiTn1ZWLl(o zA+L!X4cfmgnmh_?rH>ya7E-%~-yz~?sZr;yRk#MqqI4BaACN49aYTD-G(SE)0sp@^ zK0f{8i{rZGS7$tosOEX9$pCuvLZPi3^CE2)qHicXm%DJ`*;yzp$XUXoLR+_m+2*}E zKHu4KFJXO0tGQ7+Z&%lF6%J{OTHK}$(Zl-0Zf9nu`^?OAznR(2#Aw4IC?g4Cc@X&f z4r|}H{q-*8+Cak5!}q-o;xo^0xdEOi<+i;C$a1F(O)K8;(?)My1yiMn$ABIs+LZCz zZl+4HJVn2@q)h+-$cIb4%-yoe}HRGtg#C+)uyfT(3+dwlZ@}s|lCC!v; zHtj2z*BoewrW3{lv77uN3o=afzBz8p9=>Qb?dCvZ0RCp0gN;mMa5?5rHPW{e=s#nk zrZf$dhqD~_r%Yr0o%N}PjbitvMYIL13buF!$CD*}YSxV%fp_3<9R6C3EYTq;L5J88 z9fB%i)2{GGpoQ%6?k0U~UzD{P|W4Dz#Dq7xkipb~++fw_(Ojn=%C_$^Ip2vTMWo3yl#~S0Go1v|AQ4DN79oL@1ro_& z0tref^TSM%h@}*I@%V?3SQ<&UaqKGpETL1N?E=Dpqh?=5W2QU~sA(NG=cO_gHV^T>9jW~cj$LNGM2=gBTEXD0`qoUFg zcp&1elA@ycsW$NwRSINNmFvwM$9bd9S=EBX$U%Vo)e23DS5tIf#~_iq!sLXU>37^~ zPt=KRlD(!-uPFMI0-O-p)v01xUA(eDhOR_Vq2PsDiYTIqOKLP4q=%p_ss z-NZKP6kL%S^)y>j^$2QSF6Mah}0F_@KqVYQ&Q$KU!Ynare!f^2`nP=5X!PgXK|)G{B2qN z#$(1|0Bw>V9|sbJn#;T6eih3obj$|Fr^^X53b%@wThRF0o-2%_=z#K=`S^ob_$c*5 zP#6;sOHPucp*yFDbykY&BiTZSq{N$6!BLRQrQ2^Z# z#)yBfuC7$BQb{$Om*&^l4TfPAouGR9K06XAL^evfU}N=CZ3P`TF`_{*?=P-}aOW;o z;1Zgv;Iq!Y)j7vcggt;G=m^wFBPjNhNIfhehmMfQ!671zWSbkQ|NZCCG5i?mT%S8fW-k`nn39B|l-TTTTtPNnH7KH4> zNNlO5v=+gj<(TM^I5OqPe?q?B-gQZ}6g&pCdwx2=IZR=LoxvF!Vp$cZK+&6qK=I+V+O1R!Y^f8*w+Wj3$}sM$Anv105YYZi=&hLFoWL_rKS` zIvFpC)?9O$MuJLz)=2Oj)(o>4!Gr9&P~o|Q^Z`R|8m+s4?=a?uT}SX`sXfMW>MhfM zm-@8mDlYPYy-RKL70D!*;&k_nI}q-~J7GyS;=L5^;(O7?Wj7Pq&^JoVf2iVJNR9@&l%oBaU{L9g<&8|dcBn(qQ?I&KKhoDJKRycB2L3BF55*RcfcgT z_z!I}(9t4e!IkA$$dV@2ZxUElhix^igX97QMsrM=k_PX_^Z>;)JX2l)Aalw;f^1CJC&1_?&^O{$~b z#XEXC4Oe5`-$c30Nyb9aH4=<@CZ{>8T9!6XhsLHAt9ouLamBA)UE{4o+YI-Qe;0q= z#-BgNpFhGM+(JdCm*~WA;`49f4@pnxh>-Dv|9iL_v*ChYyQajoy`&>wbA-Ctpg=Mh zdC-QfmxaG^l8z)P>Bk6c#W+2GkfbPw%{Xk&A*-G}x3yu3LbjNItUjcpTM?Kow(Ov= zh{GUJcoRSrWM8(1TELr_7L;_ru&rYL>n@2Kml8Kj`kPd!B<>Blarul(uq9fQo^BIo z4CR1=*pm~vH2{;iCaxz+(auo3a3Qt)H#|7+#m2_Q{Qos64A@(0KDCS^H2>oPK#;$5 zl)5>Cb0skZg;tCZMD#*EeeSu@{XuDeP^>5EvM4q91Uku4jC>g>;^DXP!5?a7H-FJX zzKQR=;|RYB17N}s$~a>HSCSd?A#@PT=))=|HQI>@C{zmGweR6EK|||n#Db$AbA%Cr zZN|s4PdN|w*BxRSqIOH-YT|a%wJ@~JOv)V)Bv|5Rdd7A$ZpyW9nlouCMWLCk*$@x< zMQE&odenY`vNrEp$+&Ycziz=me`%S(urh9c519f*$$+j=;4oji;w{#rD7K3pa;ahN zGaKOohGeaZ1Q26VI~7G3^buV}QT$mMN6;jos3SBo7IsW*jvo8W5ehMj0ZW_3l88GZ zlE36|Y*qga&ig`LadWIK6jIf`W(Mdi4jcv0<%B{<{rrW;%CpBVx{qBPyXZcuu>%&<+V7A5pH6K{NiqX+(UU1;>Q%^ts?6U_JYS+qct-MjYTBfxvqs4TY_?t2@F=fFM z1!Y{#a-}R*t{kmg7uO>{_m$0qr6-!B6R$KTjyH}Un}FNLo5j)d6OHqy8mEq(7xyR6 zH%^{yoIQ4u@5Q_T(KKG3nWaP4GmIR;&3`gFnG`fO2;(;_|4R)sC}Ai|*NpN>HJG(P z<|AGIMCjZeV6pyE`VN*kd^eXlXRQASpzq*P7U1s}gl#Ui1u#_4PxS?W%IiNmZ+M5P zUvp^(^!x+r#R-QHjmHh@5t$L{)w9C~+yt^Q;jmy!c9Ko+PA2Wins*m6Ds#KtG;03q ze>%-kp@fp15?PSWgrl6M6jF&_B`qeQ(lZ_UexyzWWh5|$d<;7qucc#id z?c!Wv^`}^&|yW(CRGLJ~+T1KHqDBsyg zeS-c_3JJ3C$2=0!Ait^v7?P{Ts8nJO+}!CCB6cX#=hIWgJ&Zz%3Svjj_w8oMt&|v4 zD?wk%)XVqr@%QlYVBk~CPn6$=0g$+uF0_@EU7tP?ZUA>cZu~Fwp}*UdazDmOKk1{C z`v=4q&k-Gg=|SVtM<<4)FOs(CtK$g29mhf)PVxiP?AS3|kjV8cO=BP0*Vbv@*A1q9 z+o;}rU#gdA-ew|9!WG8KLs~ZBpKm0N8?!@1(WZcYOg2(SjP*&RD=%A-Wls;9(El@> z-!wsScM;Z(G-p4wA|9g$<<~M@PQd!#-E;_H<@Y1JFG)Mhyh>^?v%Z5Tr#J0p>M#iL z@qN;6F91wRFn!iWi&<0k)ahy)X;bV$+WcH?k6v!3SlJm+I$J^0z@h^+Gbopw$r+Og z@xG?He{Bd3kGJ_>wHxVfP1WGQ|IQKi$w1X)vSv2#4Bm&zZ$R^miYrPcp;0oC%5Tsw zASLrBiEUCc2rJ#{$|5l9OlGWKt%V)NPLW!pjiPC{_USTy%ArsgTO)osvU~#IDbzkB zJk`X~N;`us)0=W=(Xh3)f!7u-M`{>!`yv*c-$y&IjWv{3BXk5RAXupc3wqQw%GX|O zZ}m0my3Dj%Wkn1nr~=jC%~!QP$n-}<#uJtJ8!__Q0uoDSUOQC?a`}9pm-59e#}dU5 zEaxuOYAe->r$^mfXv^yv!n}W+$HuR@|k_1x>+$_;;mxeXd7Go12AF+v*%GG@D(WM-B8G#O9_x ziaZaa+3X%ju)fl35P2MfIDAJ7`Rmv+Lxkx%2ByWC_re0%pT;3V#t;U4&#!8R$xwXvM`|1sQy zN{|2N?&@RYIM4cg?dR?7oiFS2#dV#_#jbDd%Mm*v4XH7496JeeFOlskZgP&<^Q;}8 z&wJpXRh&a2q^Zm}u^FH6t?^*eZn>%Zd^EVMR4re%B|x*qa7VTnZ#FDC zSI4F^yjPuJ6r<_btE8i-tq5j(LT%l|TdiQL8hd%wbjP+}WN%P=-lVpaf_=&M8tZMN zbrba2yozT#CQGN^_?XeSgS4mZi?>`TzF>K8Qq~vVUj_S+{gn;dU(l>tlSCzWPq(_8 zX`fs9`cp1l_4I8nJ;~EM*iAJt*WM9`X65`}5F1F6S%s$t7D;g61Dk4>2h&IqgPt8>wQQ1+FLYUNi=M7a!9$P z9Lsv8VwPTQPlq|zpkR*IG5~T`ZRc=%aM0+m4=i_~^rPhu5+XJaXdT(W7Fs;c3hBWksC<*}j8eZdR8(Rwu*yO#M-@ zDFZvw`vkr|InY8>R?o}W>9hFyQ#O#a-sF7_D{;%-pJ@Z~clF!F^ZhZr-Hup4HXyG? zIn56r`7N&PEPwbPySOb*2poIGdNrTPs-HUA4T=(Jaec$a*~voAkhM;8S(8A8;T~dc&&*8MBpntDEcQ zJDFa&lk4QkFwR_h4?@h|$697@lzwe;$=qGF`HEw>Vh^F*G5C8{IpovfQkQCe?z%aD z-7E-*pjoz^Cx_87tz} zV3PPAelbEI6VSKt>+?P-G3itb=}{FJ)@#{knx`+;R@O4lG?&h|um~kK$<$sM(k0fD zzNu|x?J=upm5Dg`-}kavGE{9MBAa6;;}O!>fF1sjal>}_{jQFl_;HfJ5}#G7y`ORA zgA9mHv$F}!F|_C#?99RX4EC4xbWAhY-tk6G7&&6^0 zC5Pe{9gRP90#*4L#01Y|LUYTn;AHOf^F}fPonIc}S{Dp&cPr!CoZ@70qLj_S`1?5F zDc8uh5EaOE9A5i4CqCu)J4<$o#1e{(6;k9_0%99k+Sg*-5R(x@pao~=j))F=_Qum+ zLN6qq1jB_(?4^yS!f>>dE3V7JBZst>_aVmipg~9y(S16&&$0fbJQWQIQq72bTGLqp zAHmn}qNlVrW^EmLV9mQL<){PYa$LwbhY zVM(*akc79Z7HJidnz5kH1yqd%oz(FFQb{HxeT1G%{0c!i3p>-lEcNYcQRUzz{bV_* z0uP#YN|N$Oo8b4t@pq{_sVC-0d}>JLXyLg^UPRWcpmO9@3-TSZyb^k%8<6B@Z(Nf9 zjPFn9M1>Pv_@DKY6;uX92{@07*@&EX=Dd$V!7AR$83l*~w{y2fvkQh2B>J~C<)umV zFX6e2^-1)yIc}A#_E?0%M5fz)nFRxdJBIY@A>lq!o+xfgcdhU57w%e}b#oucka!=} zbu@*?Gwvq0?2eGI4+Q*}cLxOgFZvi5$CZmXs1XKcY@fu}!g>~%7v4p9qh}&AyyiS(P-bwyWen1D?Cfh2^rTYI*2WraNzWh z$>IsOR$x*jO{OX1dNw|;>q8297vnm?VpjOauy8M&M`Z0+u=uF++b%~RT2!iLjdZD+TSuybpW9m?Ssk+AeVNMk zbx5X)d=8}Q{Xdvg{Yq4-25E_bRL!PJRZc!k5~PKa-vpE!e>z-zNdm)ELUcr)T~KrB zcz=ge#l%K6IUViqqtV;cz%2;oUwq*OAPZ%no7Q);xpE~PS7}>F$}mSjf?^){N+d-f zZ0)u3=|>gP0h@^FfX&lJteTo$Fx)v(MXf8RF=PHld}2)QU)6WXh^YJ^Hi&_}wG_g@ zhTE&XB|6*yYdq8cga^ZnV^BAj6wXTC##Xc;AAOKq3x2B zj~Ar>;Gl8fbBIqj%^>gQ?nIX5YUGgW&Vi;KV)A z(M&HecL5Ohf{UBI=N?Z7oBYv{e`FLk+axVjmErjL)B=*FL494s==K<8h7R3 zyfc%#f*TCsbp=}^k6_m+KA|wXR2da#cCKc2m^R}Y$AewRe)m701&(WK9oRA8kqGA- z(+_PU*j&3qOaQ>0-gw74$Er-fsuN&q+rfMu454+r6osq2DHz(ukmB$F?)6VXGq6%} zUdQ>jnGR^b?FJ^F%Cyo$LLFM=hO^vnBIkGRV56*u(N_BV zc`>;t#b&c67gpi96+O2Wdf&PvG#`Fb6^3tb)DJf{1n;(B0JcRyTSzS4En<<0X$QQP zTj+NZK{clJQIWV33r~XX=kuf)O=JTJY9+#xD#D;Q%$4q7k|Gkay=f3a&j2L$ zs)gma2_{72{guJIi3R)mgwYCA`MfoXI={`~L2isJ@GzDlWbu0Pr#&Ex2XCA|z0L#? z<2hk+*t0Qm_}Qq4k|(`E{_>;|;V&^Ozp+2WNA3pM_hqxvN4ju1AA^AlF=d8S);#@>#V8C27XwdYyulE@4>HCTS-tW8DeC^s^w$c z`=O@5163T3%!)H;d(3Sf8X+K}{>bby@BlTuv&0fZ8J{6QjOr|~OzIcOm{fh#4?UOf z(rBKlT|U3eNRIJZux8LfM!;P}OVlt9z<>#D==!+HO^uoozh{l-qg=iVb(Ou{1eyqn zL{e4o^^D%B*c9^-PX&!wHR+Nl!-On0`nb#vm5Pd`|@7-MEl#PDi|P_oOmv#(1}7gzGcv_Xj2)Fve6PmYafM zM>Zzp6!Ay7#K59sVx2q<+HXO}-2wrNEjSuM=XwrO)&QO!)xm*e%mMIM^OjuPVmwucZ|+7bPm67aw{~aOT2!wJ5GBI^ZYIo z&D`vP)3>D&v+khjH_Qb2M0#lop4*w_iwi1wh)9g)e(UxXZyC750m(~aK^4$Dl3wi^ z?KRV3TT<7%PD#|GYx0^bt=Zqo_3|Ba)jVf%<>^zrrAS+@=zWI-ML>XjuA1IbtJKOZ z=Gkj#YA~KcW2RjWmK5B~@P(rHL5aq9)HM{`jLm&%#J-J1!SG^ZQ7{zGUbW&;FrBqX zzu$x3mlG%xVX&8d9TZ`(_8xu{hl9fO0b#l$)e)KQQ+m4dRsR`Z|Kwj^4DKFeat4Pr zJxtj(ySB6>{h7ax?H@JSeB~+i4V)A0O_P|!A7i-EX$^InNQjlcV!=xL8B(Sv(rzTi z2Q4Gg4`k6mSW$;KWi)?b#2?;Y(%0wx*o0xW-w?mzxq9n-t9~)zqPBn0aU-Y@WfupM zEUbqp%W4;jg&K^meCJe%X64i5bgOe_+34MqkAGt3CpbvXOrR0UC-9uk5qwA#X!OS>C0H?a3frreT* zdzl;DjxUbu1iXSfRpXKPCEI&U|B>`fdF=Vsl1>Q1M2hcE*3iTq2k9RgD^QjQJ%f8H~Agp>#bGft}sBZ@9LXZPBVYau# zc?>5(Mef%&LOowV=J9xN-(0S=I1PZ4z$`{8q9qsMEDK0;oFHa-y^gh*YvMc4&jr5< zyllI~w-m;-?b<+w=0r-HxmmG;a;72LZ|D&eF%9u@iIz*eT;ijg=+$@>biEhM=7fJm zwXVSH48E$vR}GEeMy@NJOs~pV%Ntik)!3{i){7t)caV3#MWA`@>Ycpkx-$z{6;H+{o5Yro?^>--m zno6Hk>0TWZ8P05Py%quI{YOI13?$pm;jmPLPUyXVO|!8F69^bvZyOGI zRp@P3lCD!VkKq52^q@2}Ezy7=Aw_z8OwU3PmApqDP^uRLWBz?VRR}J|awTu)Gxg=@>U8|F7aYNg+@Qm54;?n6y6mu%qxtj-50HTtU=v>8M46N# zi6j_by%F$Ir=b?o=AcVe2+KB%m#g+W*l?$xP-mT_9v#kXo?z;#E@Zz-{&)AHp6c@*cb@<%KFKP zYBBUS_(gnEt0jCf4tR6ADjOj%vb}##@xC1x_6-l>)Z_FaBf1nGMy$9Lx%4cHUopgn zg%z+U?rqMLf8Lq5x>nb5EiU6EZB3*#N$8im*_PGGw(Lc?U>!i<3zjN z{5$d|{rwBH|7U$zGB|ZqhqWPb{9&(?Mq?~KhEA^ejZUstS~a}cj?>A#+2}enVyokD zvR78RnjG;aEu}b~s1D1U__XOOh{3GciC?!E0KYnY8mzAl9!TW>5p3YrzN}ZWzjUja zR#UoG6f8Z+=e0uJpG~Z~tQA2i;vn;0GU8MRx8&hr<^MJ8ZKlH!Jcld}e8xE$8O6z4 z>DM;)uaGS|d@$^+O!sSSH$s+YrDY*cknygKo`YZhw8(_&Yqh6Hgng2y<8E5_WWY<< zJoc%y=DK~JmW^wS6Jd?9V=r3G37Wq9E=|NV#<%;k>qVt8eg>~`r1|v1vHF=qPu0&{ zKv7+y_J~8zgr}Jlinqsb17~n3o#JWk$QUzVBe5nxi@JEQsFXI3bIU+B$?nCp>)Dd* z>N7b;s>p6pj-^GAYi>?j9+}T^kwbdIy||}Hp*F?0-j5&sd&U5swjAMU+vPR&!IWy2 zwq|yT7)DHAoUrA@`SyXO+;Lp*!e~jAqNZ;?1N`4rtqnJf>WNMNDMgSNyY=* zaMZ&Dt9`=kR~rSS3+1QiqY0p-xcZ3r7^{u}4Cph z1??6|Q%Bwzwz9M41kLKurJ`}bAtR)W95dm@CZ)sZX3iN51`Y=Q{%)>4N&?&mV$45g zG%k}uV39&Vqv;k%f!Iz8M1kz?!lKhbrSP#%ffN^7>N-l5D7>SGO5M?Robi7cxT zIObOoOH|7_X~4>WjvSZ7ktYpOE=WP??22rkwqN%<(! z$SXARqOXuVMi1T;r=`V>3wEgSPe#X2TPmq{@adEE>0}f>(tX^RA#-}DlX<7vC`&xl z4RuI{f&))jVmEbmMo9DoD&UZz($4smR?Ri@NYqd+^=k%IYFYnt{vXZryr)hR&nS|#{eVUe< zg1qfVqoH`;r9rlBV%|R_9pw)q?CgzvgJ~*?_dT5C`-9Yxk0z)i#o(mr+9`4-H|oy} zj7lq{lYS@R4zc0m!Ape3+1^CMi7K1yfrB+U7>qq*`$`dCFI6*Q`Wsg1Nu(JKlV0>D zINE+BdJ%%-wU5W#X|KCp#4uTWA|EtGbRw+bi?KEo>fpPcF4VbEU5L}9j_@#)PShEs z6WuoX3?~#xe`8m=L5FY7XQKnPsLl^li=r`39;uyQ`d{v@E;f$qI?wJb_m9iviezL( zc9b#gkh>O1kPInVtmImjNk_I!sw5S;3SxT19a2j!cd6M~$=uB5A$q9$kisZ}APrE2 zMq3wtDVo9$g&*1nqkZZ_QM4$)7zJ#gL0X_e)51Uzv`x=B_h;_R&MYb0Qi@OzIXgS| z&bj~R?>pyl$`r3MPwYHM@@w>z%vd_t_Bxe$PB$Jp2 z<}A;cGy7e%hXQMs^08(C2nZP|e-S4%ucve(7ATDSA#Nu;N?8my`MAzG8)n7(mk6h} zAN6rdmL_?cJU7sLJWU~yX57n=GC&W5i%G#OKt|<115C_-f1*5OUgqaI>?RM0m-!#x z8vK&4ou7iI`L7V3W}vh3&zQHdlX@4XCYJXzHJ?}L`9#c3>WIt@?o{t9%uNB9n-krc zn~oqdy*}n9ConFZo|wSYq$x@q>X^)()F-wPju9Fay`C}C>Vq>8jvR%DS+7^?c=!UR zw6swiUY>v6SX#cg_`G@iS1ZQi(gZTaezdAPoK=_TX(S1zx@ z_43m7MI{MLC@aW@Cn}Qi|npa;cmTAlSS|Ym3RRIeHEq6?{zW(j*gA0 zhQK{w8j4h8xa99RSs#6(3hAoIZm1noX(HQI< zTSvSAYhLG+)Z4NXl$LrmPuR`cs?~5BMTA-#$`2c0gHI&Z*L)h%KpIn%lVirz^ki5m zKJTc{joC@BILv5PdUkT`X@61n44e8?aC(wgC#NqJot_+<@s|ve9-)l9{}z31l$Al8 zH!Fr$tR!AhVZ5O7qr{<4PU4L*`~_91Va~^W?^JHHw}+HfS~YIGP6YaH?alef9rrge zn+-PoeuqVEKPyY|46!&~%uWWoXUKVH_$Qv>pLt(XT294%eKSoB@VZY_UBrubaW8mUJGy%T313MccKv~fV85PM*+1IJy9-|&AfK0uV`+1AG50I`@K%i%>ku376ZY}@dTpJx~cs>R^s*tZte|?(DlI^ns?91 zyS?{f@Hl9Bn-G|v6K(y?0`;Ke(^l!ynhX2V! zf2Bo#orP9IyYg-t+BMt;%JvIBM~Qwn4|Mk<1#iY~zv~=x^UlDgMp4BI@LYl1CHlLd zTSnLlIOU;R>^Mrj=%4JyHaf5_3FblY1^iXPd3mRspUu1w97HranxtXYhsbDjC>)Z> z13j@ed7L~+D+s4sam5ew9bKU>k~H+mTo9xs8EM0jq)C6wXxa=x+X=Rl*a-xlI`Mn) z22iNbSJK&H_lS(5?**~Kk-j8Q_$hm)#CvAu(4M*M@0ri&y^kLH-WLyfZz`;}*?XP1 zqi^V)y{*pH8A(MH0WYZp6fgnsT2hQ*+I4azeZIv#@> zR}N9XJQf@e+OGV4V`p_v-8->^q_eXNOnjg}w$v$@g@2_%JA-se90EEJ%YofXjU2$`JMIU( zuhEH5ZSX8IUE_NEp0_{|=Ggi|80pcQZd_9$*fBIOOZ4-WCUCsem=U_GGdv&+G8P0% zX*7sj!qO~7ZEX0(54?>nNxs3bojegnZ8x;4;Qa3!txBz^;guhO8jedCM!i9o4Jc$mOt_)(kGieVB8<8tKG;IKsQNl9)Px)i_tGfz~{ zvvE5WMx=rhREJCuNz?2(S|M%>n7QK)#jM3ciZXG89b9bkJ;SCX+v!vX>!Muo1j*Aq z2W$K15eM3zd$TZ2ATwyqa9C>s{?(B!igptx+KU{l&t&mVU?J>V)Bp)A6dM@=3+}OI3M7n8MI4D->6V*Am{0A${%>-n@)j3u@ak0iEfz!FxfVv;FUJG8=nSEr4*Q zh6iBIQ3&V1%6A}~hY;cXX!usmeYwe$*LMhG;(-KDO6MpVj_wZK*rI!4Arn4uAe&65 za=9G-?!*Ru@(6YXC}4gpT$HZV>)Yln%Pe~tAb7MoX4+#h>pWkU2?KbN1s>Yyxjh!G zs9d*XHYgdnng_fijzq*xQo?hx2-YG?SH+>6@KhTJI+cxz@S37{Lo5KcRqh~1I)w8l zd9)^GgWzusl5CjOyXIa4#7U=V*Py6TYgVg_Um|y^F8)twr1GkgPD>c;$h>J)Sz`Oj z2DXRXxs(u4#^{`9DS>rlu3^w3VeaEVLHPiy?t=2*Y30R5sLOj64NL-m$jp1J^l4*- zgBDvlbX6I=C4P4TIc7hY|Wf=vlzlBekg=G$O#u?Vbm*dAC zw}bxf$ylqOb=y&5Esg}1qkSqedK+hriJ+ezP5kfMa?x) zjysq$A%Xo|)_tn21XFFb;@|uR>61EPa9+PgX_;dE0WA}Vj(ORs0tpwL7Yj%8U&XM% z29wRDvR#5a7S$~#rG$6X%W1yBBxqylf%at%@@p@n!WAYisW=xq;*QAax)3>C-FO=X zJD9G}y%VGf(ci*E6ih5S@9O=)*OCS#?Hw1KTYXX&ll5(B>j(rV%fRwpvub6_7NJ0} z!w-_|Y(D6rufk??Z@(rYaWai6NmP&cn;bE-u~BI%FRh?AJu%-82X3q!T!_Lzufco}fFqc!Iz> zD0U{}trLMESB~~Ylv|Raxo=2hi4;n3;%56f^8f;Fn(lNgOx*IH#W{3B>r7Y&r+lJ} zfgyUx*ks;INI$||3{ZzhBuE^poyRADD2IAho;bjvnmZQecjHIVI16|&-U%3OHaKe3 z_X?-7!*k7{+XXE$xKN_5F2d98lD|S!y_$xD2{IA<1?OY~&hJXisw(~-MG^s|sftID z6%QJB>&0RTvoBD>Q( zk`9VAVI-O4!g!}%DH8!Wd)PZTd>IJY6`}nx9WW5}%M$SJw`ZU5qf0`iv@nS*OnUoz zroa&UPjNJQWmKaVm)LUTL15k$5}R;( zRrj$v%QXC;cXr=9exo#hxLRXIvIQtll~fzpNQ5x8)-P2HL$TK24HyVHeWQda>3WCIgw}DtBO`;D zGo`VUAZG6jcTpq3DhW*AiuQ`4xbIPj|Io+SF*z$hH9oT5FGavOMH^}jDU?41Y0Ewr z!$huMKXi|%gzOOmzFy|i)nZox3+Y|y_XMood?MeeQ98Y^FC^>* zC|D&AvTKXYYBfA1WK47wj(9o7jeLx*u*RmLKm#cxT>?xcuWo4M&3e5W0+i}}$scLm zUV=S(M|sJB?FVGMn1Zsd%r)Ti2 z+6k1Knw%P+oSdBMR=83l10Gi5`{vx!XV1)z2QeKHO87%s;co!}jb~;@eT;HQ8$#&E zqT;5%d{{F=nqa&tKQ3Ind}YoEOPGXwBjx2VW=ms65sl4rQv?v2JHy$;$P;!#^PjM! z0f{RKZxg5$l>Ya^Gvi(y4_uz9g8VS)z`Y|KQ63liOyBwYXoPLy_q~&Bh=ubyCZ=qc zv=vh6gY~o?>vSz)k@K!=wN*qOJ35`iyZju6lg;Vb&e*r8T+)7(B2yEE! zN}ktlSJ^l1L@lwYA-b3=Y$$G>UDOFP9Pm(~qZ_;7U~o+=`kn}l-0DO z28LqfXQ_!6o#}Dz2~7r_(uAaw)QzE1Pm{R@@=!*`CiE6`Lj#D|+pVla=kLKuS!bCB zQFd++F$%To^&RrPE^!v2vU$r9*%6El>@_Ye8D256&3mFBI z8`jw{Ddh1Xl5vT>er-6vhGWE{7T>fsh>?jJDvn!LD#k}wpt9AvU{*{Xuq1+8;W@Z3 zbRZ;`nhvlqHBtdxZZw+EQ_JkxabwDO5qO$uIQFvs;|z~J*I2R8^yuut8g({~(b#J^ z){e1mn~hsxl!~7-f##o^q2MnKSlg9#?1^2gTE!luxT6Mi!j<|arY9b));HbSXep%9 zshL2fXV1a6FIQl(um@KdaSb#z-@OIf6L53nX6w|^(WAD<2eqM8I&(G>4%-#cy)u6l zzVP&S?x-5x8P$n=w!su{RA6oieF9E_J%{-G=B~0glG+k#RcettfqzMl8I3w$P879A z%}my)l#!wK6<{W4obvt%J@^7JM=p2#^313Tvz5fpDeHZlCc|9x zwxK*JhXvu;Q_2_6?{jhwQs_N5L*(*(1g?h<-AINJ5Iz${x3Z@Q!Vj%6yaDHCI_T$Q zD)gT{hxF5yMH=>_Zde3WJ{#2tWe<~$IBLz|jX8TR*chUjZZ0gY_XGqIX@P%D>$JeT zI_WG~MnICOT$T|Kf1|f(!pQ(1zTjl{d)>ra_*|}*L?L7?SJpAf%2u8`nDlcwY;~bE zxF~%07)O9hrBq;Y*;7KiI>=U}<;-Z7xXb4o+q`^u#t<;wDdFhqUIB4|5OOA_LouS&4)^^uj8+O z628nVggW;9Mn7U9I_-+0q>&9V3BTY~&m>+1(;nzP3rn?)84aD<$B2my2lzKT0chVrE z@)_y*Am|H=i(P#Taml^sX;2eq@_o_5=gpw-Ie3)Zk~|AadQ;?;jNQmkPDzc!voNEi z3eOs{F;al}l2EiR)a|>bU4|WUy^2waxP{BC`4p!lkqG$}6SacyNySO@!fnQ8IDk8z z_yrtU6CDFlM%=V++9vS0mD)z-b>zC}MNGE4jyrK6E;dLb+qL@L+8B2_HsSVWjmbtV zFcPP`ZQL>K3VN-mUVi7#cewd20!K9ma?v(wSb=+_{hw9KP5`w|WDDUA%I?*AeOqLs zMh8oD>)yLXRAelJFO9Il2=vOj*Yuzoax5-^H9_^ZemO` z`jTa@U3Z!!$HFjJsE4L-Ql`qc6xA9^zAB(kZ0qJ8`d8ke9JeI@t{e5H!%g(SJYg5A zF@Prw<1+OXwMEG`xVPFt}xIc$Mtf%d7Ift zajui3%ku7eQ<-|k1`f?Kr5`CHPBvzOTP-6YSZdaLRi{eEzHi07%wNaE$ruWX!Y`gJ zcxIjgCm=ctr_}6iX%TV%826#Ege_YM44b${X`aCdTzXMRZ1-#iD6wFbOi z5=El3m7LSal?>;@2ADM-sS zX8aK^3&H^-U-+cP{2?2L2V^9c#t@K3K8ED!soQ@d2km4OS@^~Ef`VI2@|ci3D@8tJeu85W4O{4Up!B~7#MVw z8g+EY_d=13vo!Laxrs{lbRH~e4il6EchtWxUexK-mbU)f1H@NUi+76eEO6}vyJ`zZPEt{mjjwt@w+npb;DmUisT zc5uo&^zPJ5?9z7ZXufi!lCKmh<>_)|b~5|`lFm5%z|BK&^FN-?$O4dp0W9RM_DRY7VL}uYm?R!T6$Gi0~g7AM^`9do3c(tu(nDDtnIK5SiJLh+CehvBv>n&(Evn1 zyT2w;K4SYkHdIB33&CzX!{8Km{^m3TJ=fPjA#@o?;CD4s~SQTf{Loa0`jQ?3)PvXyFXsOyVdeh%>Mp|hx+ z48NX^P9D81*h&;hATM=|rltm6bZfKK*GsPT0bJp=_{0S7DxKnDr z^59mhZ`JJhFyB#N`Fk1fVrrZnt$Dho#5rH0kV2{J16RSUN$|Eu86^iX&<@X^nO{1+ z{4|}F(szyuk;ddjJAXX1peW${_Yn&r@fz~X2-}7l&eon=!U`!5t?7s^;N%!p^h%Vt zep7%Pt78_SH%zY=e+@L``~*Vs<(bHJdnP9u3U=a}Q6F$JlOKs0@E_ukf5$@v0wC4` zewCe>D0YJ$w}CO_?l5=Gn!0$1lcF;G?o5QtDACDFMDM8Xp^CpSj>w%_=F5D76~RJbW+(W%00`g|heoD=vvmA|jr0U-= z2cMjx)`g*Dg5L*GuWU0UY%ItV%Y_GcFIG78I?d>j0flqDcI!F`P%csp&ZB}9T}08O zC-`Qk>eL(c(@RT8NTG@2Ci?_9xHOnHFD;p*d8`NG`fy-BeyomM9q-Az=rVqPw4#|! zn&h1N=Lt6HD33Thh$((YjBkl4#+IEB#{W432!);Wmj>T^pR^Ed$*+|sZ^eUmAqM!( znOK2)3c_rG25`&(Z3%=*J*c$Bkw^b~9n5Q+G25gn) z#e8p*&gV`u;TtXKcf^;vmD0#k1FbNqZhNZk&&CuWbQ(Rt`4u=MX!_2MxN$4RuGHM@ zwtLq*n!RJiG55L!n;h3Wfe8FmJAkzrYt&$5F%|6jRHV`K+s;lcv(G=FFc=?H)^Z~- zJv7B_0HRpgJI=}7qkolH-ZL9Cyw&2$xSqN~WXM{*K&#wnPCg>Pw*Ztj9xJZ97j{pH zil1|Y2L^i#k&$LIv#xjmSuR&84i;4%G%kerCz%#KaA_-eZI|Z~o3#qwvE>DIpwPR$ za7PsKc$C?U_CtGdA=OTzH%`Ctn5=~(Re5wBDHOD$DCS$MIUC)_)B zmowVn2N|to1T>FJ8PCSIn`yaEgtU+Ek8Qsg)RcU2SM~SI_?+9>bYv3_6NC zZmH=RMrI0jMNrlV4gi$2TMXGk(bQ29)oN`B(18Ab-ccV7>Ug7ji?SY_bQ%J0ucp=ln-*R0c(amD7pMId)?~?%lEXiu-sX z@8{_K7eYjYFWezvVgQ(SMLjFfv)8Ex5-A?C!t$M5@OoI1f0=I&ihGrP#3V1f_9|wl z%=PAjZ&KMZ%K6_Ol=lvi81ii@Urw}CLaDL(tZP&LzX$^}$SZ-RC`rx5@V!}jqUgwaPxEIp36BDwxi{G>`29v=3qttAlXKimj9Dfcg<*HHfkeKKQi3?{!I6di)ZTjvA3pY z`*mE_N$*#;%rF)B_8syOM81DX&>kcl?5Hhk;%tcrq9y2cf}TLwZ%Ym% zI41*HfhE{!PCD8m11GF3f&)WrRzB2nv35W2e;I0?3Mzzdc~p|BwV7<{x);9Gb=T^MXjcl8D?Uu1|Ce(hyIpDxqAQ?rI`_9#cwNpu}EaBnv1cph!(QpV~W6=?x_ z;nT+YJQ_8|kFG2nAdREL{^k6H6^d2#_-w2b%UAN1Qpy+^1@4rro_C2=_+^V_aai3d zL%TnHmp#Ka?B}h{ag~MgLy6!!Ft_EMP-CPnc+IZhO|WWRuhHAuiVRSC{VobGo`f_d zkmPLJzrD$3f15X}wT9oFex zZf*lH)kCqEQE^e?ZHRJixKLXh9?(Ukz-W6RBoaZeXZLVrr8Z0if|N5?x$!Wk!6FSH zwVqbs$ARS%P5MrY4w#8Ya{APb9(^2EL(hEgCGak;ixn{+~+JsYi=2_xsVL$b%jy6LQ3s#oW)s#jQ0X}ju={H1r*UwWNnwB4a0 z^RBFDfLV4Asx%!T^}yY{w%ra4oy=8zOX()fBL@Zq&>#dp5B`uYw0VIaAfhBFkr(pA z+>mG~%QN8E3;svxY5pOgEG&((7}{a}T4Ar~76&$Q>v=@$qHAHZ@E*pHfG7;CU$urs zA_^Z>fZpG-Ny4CK538~zWE(;RUzB*&QpsscuarKg2#0zPP~4(^ZvcCD<%<6*Nc9cS zF;J|Lz1XiA-|S@ceNJNHPZEtd=`T$6-ycuvNt!?}wuYUgWz;{Be9ZHUa@zX95(Ohi zUbQ6j8bWxDiU>F3`Iqn%!G;&gqtcFZ&ff|~6_BQjy-sudfZ@Eg0~@JCd?z6Sj_m&B zS%q}NDRYdo)ILIz1Z0Tg{9pgQ>FSK~_tk>QVeXer+b0RL@6+6mUw(wJm<|dqBKxnp2wF+>IET3>Q*Dl6!eSzMGFZ!wyJce{$Rrr!^}cAFaGD8kHZsgjzc2#==wl``q-IJ&6X@qOpE z9#EFe*KD6BLEDOw`ypb2dGAw40pXIpuj2_bsy}#%LrZa}lbzdIdodoZWykNjy(VU` z6AhaA%L8&D^Y=N2;T*8<=9a5YquO+<-sW6vGIeCrx#QtE6snvxUiHi`A;DqjB?(YN zMH&d1b-QlVGk1Dvj-I&Si9}OHBV5*yc|ps>-y$j~6|I4`IepOcNreTgOWF(L#mQ!hqQ)ra;qd=C*)V++s%kg7xD3 zFh|poV+VxCi6SGINbU|B9&RwDRynsS13N}1u_F8jxUeU{6C8DzW5|r`%fgO+FJmh4 z-fzxEV4Z@fvvbonKgmq2m)9NEhfJ(27_h1U_*EPlcdfmgTSO!j92n^GUFd2`&J&ZF zzD|m!wE`vrzSo57jP|P9^t;!!w~i*inp`6%I6R4Nwg8`u>#OSunWDl~No<@F`EL&J z0VkYOTJUu7MRxzv<|flEhYj}GN!vYQ@*tCQ-+oS2dKr9?)1K#o@yqzD-L>7skoj1XQWv^9mOb8MhLPCoZ6D{CKG!-7 zW?jrCkOfU386^k#!@~X$GuT~_OcHcK5^r24$%K>8+_6DIL!HVuFUfuJPG^el7w+); z+UUggCM^AToa2wE7ew%{<^0z{PIF;6zVVRj?;Bc0%DMh7WUUdCs_xuo%=CKqGrUqg zKO-R^QG)-{`&!(R`53q_>lhdn!_Br6e$5``Y3&=-|Ne}&zHSl;5+L)__Jg_p>9^hI zb^isL#5c?HScMB!>J*b-rn28MJTb(@A)>I2h{ArFF25bAX^)ib=_$m&&ZMpUxh_Ve z3hHEVxwJ;?Pb5hfhi9Ud6O*nyk*-3DbUpX~oOEFy|K#abL)bfmS64JEkyPU?sn*A$ zX*aokaFVf?C=Z}6@t2_Vg^t%@supy`j!L!Fm_yf(gofdML>b>b8utXRUZP_5{typnJ zzrJJkZo1H4e0#l<_I)qU3|j1|HAd?cTbc8gGwB@;xj%_Cct<6-698W>a>#m-}V4_P}tAC@pcx;GP+ zuT|Vqc!(7odFY*kFr2zWtKa2p7vW(>!%RJBZCh{Heqm4?lt>OMhtv24<%fG1`gBI) zeCCDRurfR}$PW$;fPDEb-WgOxNwNyg;N=@%9TW!T0iu+AHTiT<+&e=5KE#Qg4h_rd zZEE8q*06Nr<$?W%9eibwqh5Ta-&9>G0HJUb{#7UTCo z6+7e3$h-SC!Yb37v-I9E^S$(2&s&|x3syM0Jw>(uj+py+&hC%rOlk3tF-ba3^;M+4 zWNoyZ9&r9Kts=V7Yc;o{V-adgk2OSwSAA766oJs=>&~_Z?TG}^cZD3cyPYjB2u~?I zF8wsYv_2~tpoZ#fwp&di?7p|<_-@-1zq#14s*5z(qJF@s6z5C=5T7Z_MYJ#!C-?@n zQ>B4GF~u1ICx#vjLLa(nM+efPMp>JD%G7S_QSxct?6%upQ-_vN#q>M6+NKkDJc!Id zgr}--Bjy-+QAud0bSYg+4^X)+@8x7ItZYUl4l9xnfb)8*&qh*p?1J0$*#oZ1~p0*u?Cm$~Vom_!5Nzm&aaVY0gG z`VJx?jjwewWZ>E&wm+_}}|r>o~zR?nTI-)B!RPc(mCy*hUu zN~l%#b66Jq=(%&zt>vfX7QeK@x9F+y)>&Qf0RITq?LZBJBW9myIj-BeSVDS(wNU;k zoPKsAOUd&ek&@>Gf3383C)34?TZYTAw7F+X5BBXiWggo0e+8Fzh66m>{!iU@CVqyS z&>;|_K}i*pYW&f}8l&l&Qk@b?TG z(H^9_Q_$UcP`WdN?f^HmpXyM~{{t{IzmKtYGUgNAd4HliABj9FW7;DmbCUzR@#Hpo ztu{*?FpvbS|0%=&( zgCD}+e+HKiTzyo$ z?gZPxs7znF(QO9`S_}M*jXIu;l*~6G_V%-M`6qCP(7jqGILMS;%HdkbNiH+`FITd2 zR_=dFbO-+*qo?mw;YJO^@S zW%Nm$LKIp#4q+-Y!}AhBnbXB$bGY~cOf-r8U-n3Pcf5p(6~p?+wdn6Jm*4QoOKwNalfzzRh&+_44gU+i^q>? zjP9d}1EpjcE;?VZMAN({8aiMra$dAxSg1kXEkd_EEDUV_<8F!77{yLS zLKY5-g95QIMIB0PP}nE{_`Gn)`BEWuG#Os#UB9)}>cFPc>oCP@^>s*j(G{mM!bHxg zp{z){AL_v9%AG+uPD!A{XV*V@nKm^N)rHPh9I?)KZt)Fns}&+9B@47sweUV6A%DkV zF;FSKSv8uCx2iUr=C%%DsK*t-lGL#V(Ou3D6Y3R7?~2=1!Rhq@6ji3irw$;!?qb`P zk*Q{F*9nAl3}gP9Q4WFf&DG*}T@=SL$TvniI8~)W9`jQhnmv@ry0L?r@?p6JWrps# z4vK;!7RSD-*hGF!9CU49b$mo}IxjgG`OypEe0;mS}=406}-zYS$>EGFJ&`2?3&G7bcEa#MFQ)j&}< z@VIK=f62SH*f_59JTrUY@*=xsP4xqKeh1mrkaK(TKc8&WATha+qU!cKgwhjAy{~wivO`EiA{LHN z>9GZ7k})OYMyjfwE6|D|*TgIL#%@ncjyHpV8)EUZw&lWxDo%Kx;BXTV(_r3#&cAIf zz_wxkZb0ga#ZJrN*-%H6iBp)n72QKbF|9P%!*9dUo!!uQ?s3@Q>un`30pXVi1Hq z!N?;8p_LJ%DKw=Xk@G6@opB6HtBYjUooEf#;A2ym@3f=H^)ov&R~#HZb^85R@`bOM z4|V5HjhOXCIvXMyhv7qQws`&5o=yH8(PaA8I66B!^2*HCyK^%m#V=aL%0%(%-09c_ zjS7_H%v9)(fy)`pEC$UWN#?BINX(9G{RG$6LZX%4tW_769YS)p(rXlIrDNSbk&mMr zss%NAX}7vO9jc3MF!!ctZOEAY6P&c+aeN(@t2?`O&$ne2jM+KoKhZu)aoQZTccyFQ zB^V^FBu1y9&~0tYggm@P%n_S`KhhdmJF%ll_Q?!moO__JB-r6Ak9C_|?QvceewD~| z`mVj2EP~*r z_%W&@k-8QTH|U@g?|l!v5&f*f@%)21#(8r5PW2lC6_;;_<{ z+uVCdMuL!%Sf+BdzPX(vYduPsD1I4Um-$m+NwL!iEoNgH+Yuua+&zeN2T1?O=mQv4 zrJY0!3SFh}%1*(C&R`P@0eR>k?^ij(qgnG0we|@U&!2t}IxIWQUfA{(H10T0PR|0o z9uQIf43~=pGKlFdeIst7{(+pRk9R7wbHn$23|HVMmq{2B2$Sue7xO`+8-5t-hNs%9 zBpQuQVc5df!Fi`V3Bz)=%v=ec#iiz>gg9*bk@Oh-hCC><;NyFT1&r!&MmO|q)Tbas zT!d?I2%OK9DNkKWn7cf8)aM6HAwPX)d*T7_1D`+&9LGJBSkw&8R~OpxlU*%-zb2hr zvTTSGy%NC@Pog&|27dTZJEloUqA}e#8FI&B@fRge-V3(#Zw#DP$4yrfH)u`+`|?uQ z`?edyCswwv)YpC_H($_=jps-@vM)?{@MG}sWO^|q(0RuBrc`||Ne-Wz@bTwTXsRy} z>+(X+rZ4nth(F=4^zbULJR0;jCCgjegW+KTB?Te}`^dAz*XS9cy^ut64je*95v3qU zu3o?A!H{+FScUEW$HHnyJwSc?*kcJjKaue#jv3a-#FrQmC<0G~5`X2P7F z$i|QbY^+&}qzs|vu{>O})RQm{!>L&jN>h0e999u;XxQ=d?C3dAHqMz?IQ*5KpKu?w z5cq)7=xP^zgvK`>5PYaDwQD3WpLAgxpvcJN_78zxqBJsQhNEoXk|Xh3a<0IGh`*8c zg1%TA*cCBH$Q^Wo*}w`(>xqahAVfjIXl&Q(be@Z`7un*6r^GJXN^<=;9CC7(nC=UT z={_ou`S}GAT_d`;5TeF_3_r@;bp5W_&b>n?4HT7V(=n&2E-L0Qz;p5e?=yMG;So36 zjKksAuomQjPO8qXy|ZfzVu>-B^uqssoA;4A%f`9F$L57bb99lOg^zz!MxZ(q5_!MI z$ST}vnh8}u<;HPO`w;X>`b^$8R`mOcX5t;Kc7n6dOmaAC0zHwN3C=>3@Qr!U28mVR z^>+A%#A<}b@&cZtu+Y;MaSeMsfEOAFB~JjkRj3CxI`qobx}nOCoxBbGU0n(6f|DsbJ7XDX!4Dvg_L>#xA#EN?}L4%XP;sx7W3^RdCnJc~x(%99y{< z<{pXT=v>`eFv;8vO)|EeWZ+%2;iXusJLJFQZmzFGG9pYOw|UaAw(HJn`~zt-I_~v2 z(I#1XX~@L&yz~-$89jdE>IvUQ@l~KbOv!p=tk`OO^*dk>9MCH$xM-c>~41F2vqqVkftmN&Xgyg)HxZ*iNT= z39+*|8kxC$QakA|E7otAGNIXS2^Fuypm>2wQh{y$_l=LWZyFyYZz-#YRJ~wK)*c$p zr})Efgq+l!|A3E2V!xe6%}b8pV6(JgsT(JlwsCeER~D{M5+R}g1owWXoU9#<6Un%D zkSVB;biOUgcu05qsz!IIuAd5tNRGry`9$v0>hST;hxx&mW*$r!2xokpF)+4f+UU$O zCmiPSpzMLrSfP`MZ-kJ|ozA0DNBGwAeI-K3ZD(#SV--)JU$-T98!g_N^9-CoZFy_xiS)iW)x&pY59 z^b>HG&b0ibfO9^H4lilDYe`2Ylbr#(`+>gGZTHx{csd5Z_S$`f!%5YC%RaDkh&j-B zhnWebnf8tZrFuy}eP5r{I+YHojzX$_Rtr{#J?b&gUJvgH@0fjvp@i%{%-`(tQ;_2@ z*3UO~p0tnHM;{nF$Dv+NJ)qnm>uLK5pGdTtDZdL+AKN4KlRR~oZ}_SCXW+97J|Qo~ zzCGS}>zar~vn)4J(v(cN2660%woO8rSWDp(SGK*e=m$K?b3QTffMC9O(YdY@>8`c( zNWc6@KXdh=?mUC92=Z0Lo_I*62%)YZ=>B1XoB6*dU*b-t{o`V2HlCSB5C#G;VpOUd zn0+Vuf`m+FIEAqZ41@2jb~%PGtVa}hjATr+;yc;Ro<71=Lo^s=w8n|JIti=M{`)C$N8QG*CVbBWPotao7v!npi;l zTPs7Bc}Nh2T6D`t(u)skoW?sL zi4(st66s$glShqVeVF1CIS&&t^R86Id$b^8A`T7qq*EXi?fr}WROPmvpH$0o*UROHvHt7S8b9iBz9 zsk=23!4U=0TUpE$#-mSxkKHg7KL!hcwHlUffh}+mUB>7xmeFCu9z2WUxVgt;r%bqR zJS1Nk=Rph@=>~k{kBH6Oq5Z#njlcet-@JGC`Qj02Gk+Q^IlX{qg10a7`l$H$>-W@w z#<0z|olmhV{y3&T(AaWG_D48Eme|`Po`GV(`I>W>h(igo_K`*`aoPj8Vh2zkYEuCt z0iA3k+L^FKW104;i=sk9SMb=e(US%qH9fFOONg;6B1)4)X|cwJzsuXrk2xc~(Hur- zGu+2K6JqE$ne#E!qOwhHxg5X*B?Sdo;>g2R0Q{V(7cC(aJG+9gRLN1n_<+$)Pj%*} zupGxTc6(}^S8{CX+S}v8dXD7T?G@xzaLX9&gse}p4h#@1-G$s?9#DN-(p!>T$Wy7J zBenXg)}+^2Bti8)l%(p)3Vh8R%VCHEL9Tj zv065p!C|kU9>fBR49!KewrpbF%x7zE=^_&gvZUO?5dAcIkx3sCePFWr3prJykA^=x zxjrIHxl-LyAkHEDq6} zXNdpQ#zD#<_&;`k0r#`vI2bh%7dfPz+Ma16KaX`c!wOT?&RBy zexc`=SNc-18sc}c+mZ6*rU&cho4i%9`9Wk=HVjrI0n25}hJjAew79(RZU+ZLEGALO zK8(_1V@?H&yCuT1(py~H-mCZG_#^@!M$w5NXrA)zzau-m8%obouLT_|%lIsvi$4Z^ zDA9Tm}tx*OXim~jkZ8@Z_W~Q=*|tRpgTX;2%do^QC1lGIWprYN&lg=i(*};jtIKBQP8xF3_5vtwQ(Lx-1|w5 z$b$Ny+x25w&9DvR(5z?}pSY@j%pz3$SSZxD5H&&Ey11aZ9J(bIy@y+|hd9`-U;D%C}FL0I7YWpcSCELvzYgYO#K?tHF`8V?d4l3`U8{C5=}m> zZu(9p!*03f<#%yPimn*z@bPuAVrb@o{z%U|e~+MiHFyy+yUEDiXi!BD9E`;cvkwN; zfQ4XEqhNhH(uMuDF}DUwMw$iBdr~5AW|K%F*6eBa`rUSNRde37Q+@_!v$UPYzs)|n zZ#ci{XKZ6N<9eRqXYT8E7c3~gm$2a)mYWR7KF~Z!UO-8|?}6Uz_j|n5N}7nm-Uk`o zAmi`6E$r%|ED0ZNE!-Gtj;sY+voC)S4cUV>pwnHAs!-_4*mF?>=0+A9{V*nq~${ z$*dgk`?>54yCQkNCtLV))Xsh zOHZ>GB;A3w^?C=r{)%xQC9nAdD+7M-$HZRi5A47-`HA<#H9c`ZHL1O!!E^6#ran07 zC;ikL6h|Ib!9HuMXBV8I@DzZ>4pxHob&Nw3iMv6^(wiG_n^_vTiqD7*7{|LwB&3UF z8-pgB%T-7LQ^GcAxi@8MhJH6Ui8O^96gUSwdG8ldLnU<^gVNR)tHcO5Y%&~qP zzEa(q=9sf#3XvK`+c4VEHyIfzBeP?Gi1qT~vQ?|P>*QNqN2~w=M@`r)IS6RqMtlPA zuYFP9Av}m^VT-D79a0TLAJ#nKn7&@e?W*Ng7iIKqVSTTaU19eFA@z;xEVhCSI>OC3 z=*5Xy${4{r=5fG)x>H^Yhj>(K#7FuimY;;;u1$$O!Sm$n8`z#91eD$`JL^z1jnL~b zUMFyn^3cm{K`sn22Sd4>VGF1~IPxPlj)QXWK+U+MES@+JL)UVdPPWv3g;c7sk?2M0oZ3g3 zaE6qS@A7#SRVD-WZ;?lUK)0Lv2GwKut!uA;>2{OTGKrhlU%Ps{IULko88C8Ow4236 zjks}KDL6bei;z8`Zd68BKKuZ~CDD^#FVj=u({p{j>OrA}OTwvD&7qE|fCxj3AVo0GIOUP^9)Sj zxk0$NFgK?l45Q`G1Ub&m1v!EYk;*}OdK9CW7%$k@QfZF6U=uEE+WAX_n_-~7M%N22 z&E$>l7hHZx)RK)?*@{E6{N-S|5oW5G86&dx5a7IVK~88QC)+&cOYm6P*3rz578vOe zBA4*{*+OG9oR2RH<&JYc`XU};blpLm@mCE2M0pzxSVO#qaS6g z<7DnTsUwZYiw6EZrXPEpPV~V29;1(wGWLXjqmbwWdY{n)(vZEpaW0#G<>Jiy+1c8x zGdnxy!?$d6fiJe@pd9FBA%ckMwLqIOnSFw03b6eD7X*l@4F34n^0S|!)sQwwK z=!0rH$U-cldh2A-kRY!qx{jTITz>@Dy14ceq_%$zVU&KNUqj||a?n{AqA6Nhd6=rH!Z zPTcsVGvmg-vA1Ylw*6;?gaimEko>cv0s#UfkXAxM`~}jo<*{fr;f;7X^JazgO_%zwPo32p8#Jymowlzc2?lFbRZ?G5uI0e_fjdvil;#!z4 z`$#;kRq4zSgF_!eK}z=kOSi6sQ?WkAa79Wrq&*oMO%cwsq0b&#OGXoR?ObV@WqOZ` zlGYCTBNz4D3SR}iA_B1@)&75A+`+RtMeq5F{zXVJ2#`G*9V2HnfBkZlElGW{y+H6! zru*3jys-BMs(Vg_rB(M@z}1*#;UxGTr*ReqX`dHEXf7rO1(p|=a;f7oC)cV zG#R9Io3FTr5T*JRk&h|mI)PaOUAd^cGfU(mKSNOq(F*qS%b1K3gZb2bD#ZqklO1UJ!n@x|Rp?HS9F3&j^Kv#RPn_z!on@M*{N{3ztz~9cEergh zxsfvOmE+~Au_re=257U;vbU>W9D3ks%(I2n>}`7^$zS_zgcaMNiJ9bF_>oiZC zkfq@UqVrs5#Y!rItbxejGt#*z&4%a7t8AM#Bm^G;tiP|j6y6x%RRC9INYuf`%7Ir0 zf=C@Nx_FmVcV5@!* zaCI&Fy&o1|3GJdwb*shGC^-_WA{9JT?5$Pthml>{e8X$=Q-!+rLxEcG$LEzwuPjh+ z_SkvvCCYu%qiJ-4iY26-Hkat*gNC3$s#)^sfzAr^?s1Pp7mWyDmQ%bJ_S99NaU``@ z*l)rCpQmRP7T0K$48wH_I%pX3FJeH4V(eX2a@53A zKa8>7$l-A9!&n3XkBGICz7^6e zzC`#L9xr3tQGN!a7u&9Z-LxIpZ>xL2wjg()=N8>zKbZGxwxVG3?$=r|XotCJ5h_^= zowe2veF*I98J?Z`Lrgc&31&P1bRU4azRLm7hGci zzVME_F1sy{^Dvc~eCDfQ_mITB zWz&GVj6nW2YngcR^9tT6y)PKg)zu}NEfM&R!M*Dp`Kr9tBp4HWb5&Y-)7oZEY+c~M zUfvHr$7bDVJopq=nkr+6^h)@`fG;Y8FF_xkQukT%gBX+Q4k~IcuLLb8>PTMNpq;p< ze<#(g>##8foxY-`&9S7TZRKO?F*7@e>g!WdUZ9k*0kymq8T2FLS}Wt@$y|CaJ+C!2 zKCZSUi;X2q2#dM7Tz_f8KxsnI?1cYxK|_G1^m1||y;%aC^Xyx<@+G6-{`fNI_`%2p zWV<>?&YRQy0bP#`h22pkrHDwnK->Vhf_4kqRoyCpZkM?+ zaqy#%_NGqT2Q^YA=z1IvrKFoxy(y2cSybm`5`9Tmm{&f23qF?>Al$70RC+HwgSf%S zsIXY0#RH~ww4{f62PM>$+qYC{Ys154(ucmK4&atzX)35jFPzwxWyzIR!sR@0aU0cN zIhyiEWlM#mwX2NC@~XAI?I1{X&T1ux^pew^WBu$RMDr2X*GB|6C%)h(jt$5(e&D}@l%N6! zga!qPGAzf(E1{WVuOtZO9}8hxfn1Ea0e~Ij8>^&OohzXL)**>379jtL5ih}gLT#q= z!XtWum8nu+HV|w+PB(n)v5*DmJ7s;qa^~VYD_O$oK7XO{w-uK59PZSJ1Z2x`f3PLZ zDn#C8n*L5ie8zu{iV) z2gu^hR8$h+&mlO50J7-smpKrwrG0o}bqT(Ml{HGy#oj-E+n&F3jQ~q}y=;clYRs5hQw*Vqu#SY&*A*I z+fjb^aEbmPUU`WCmLiTm!%OGJ?R4H(&Dx77MN; z_YTYtG!~o7$$9Ysx^x|N{sd2dir~)>*hu^H2(F8-UA%a`SbLN4Dc0tfxgrn4*L<~y z+Z4Qo5lCVLuEt~Wx_Dg+F^kRg8x6+{<72~UqyNUoF=7bY9@ZL(uybsBrf*}uFGHbq z8o^mSF5q!NJ}%5UhfpZjkLcV23Y|g5nOVok4mowub1LL+Ifri%NlI^WdCgpz%S-EZ zW^QdY@6?VApD^1yo%o65=(S<&frZTxu@-@$?9_8kvrD+MYap3hUDaCJmw`{tHwfl~l!f&9MMmf4+?x0vFEtXqiiZ}n z6#Q3~GE0CPdVBo}2PV3^OPYurBOomv z>#1gm2QcDcnDxbaq~tEs$0^>!fmf*H2bayy<0bqu)v!ZTw0cb$R(L96N9~%O@Ki1R zt)ss&yWVct3Eyvoh4=e$yY@kNY9FOFaax4as0OU_QO&~ zAugM+_Hlbn+#aAErnLQ>mhjV_u%ECGk5k(O`cBw-n&6hD za*b!G#xeWY{o~fN-UwKxZF1gG%ImOC*zI-)VSkKApq-s`^WUjX!sZyqj#DgYr>yhV z39IvMDlyeXu@Ng}b#bhlN_KO}G?h$KEW@!Lie)I)%dtL+_1L{U>U{{uLsR_(r{5ZQ zoA8|)AY2CRlhz=v=r#_ysPVIy}YeyJuf_s|ap0&?W?$G_` z2=>|Wkafm7`z3>0Jx962cFK-gLl^x?&=luAHHB1Y{s92+KHur0R;JT1rTk=qT za@U5X)w>xf=3DWGQkoWE?;I=U8|%w!8DH_=U3Dx}UR}e4@(*u_tFXo5Jj(#*A${n| zvgL=}hmq~HdF7t4X+s)DDC7D0Mad`3hHf4T*$go&XcQ`<$DP9{k7anxbUo!cOeH2zp7d2ke_2r*OFP}uH((D8>X7YBzkb4_Tca%N@xrImWxnM8 z|Jp~zSnF>6#ATT5TYlG`T)MQU0Tyy9?bfnarlj3oy_cE6-jjQ2d3kXokTu?|c`jHD ziM^rJ{|F=(m*JDb#2Qr{apYFDlFE#oQ;aB4x2@Z@ZQI&y+qP}nwr%gWZQHhO@8<3Q z`rbADpKkf`6o!$jw>O>3X@NaDA1CyueD;=to*=kc(J_==y^FxzY<+-Ig@%?1U_rJLR{4WQ`AqwH4_NE`6{P0?lQ#N;h6B&e)iGQPUglUX4Te3 z5*5Zz>$L`&k*74 z&C<{C1u=5U#hvxEY!f4jdk@()g|*@>MiXqzf{ixzUyoqki6QvGAqF8pTBQe$={BzZ zUsP zZwFFGVYxfM?8`%2xz8E5b^Es3Q5!3BQU~D!JT&!BppK*T)SLOb*f3{QXtyUnPz4n` zSdS;ejj*!p121wLKjr;#i$%Mc((k2uRu>hxAE=G7MPglSaw(qf|5mow(RTfWOG^B{ z?_3-a%eAg}-JSz}fxLbHirTV3pbr(=Ot2rb2q3PlW=N(oM-uBn_|`sC9xLpc71M>4 z;6qO(_fDxmHE+Op+)-hK`YZ-P$?F(I^7v;Gbx(HnE`0V!erDh5beF~$UG=+Qxz~$f zz-C`~?R?#5DrM0ftdC%qeW+Le{kyW4|Fh9;OlPZ1kc3xu*;YB1+I}^qO)eMtkCLdK-mcN~?yUYd+vVeGPUoGdQ-5Bk zw}K?|8{>&B?5xf`?i94oK%`%^J2KhY6GM`3{>-%L)O3Ityw~tQ${sBPLp+Mgj{-K% zP5kY2C$LtbELYj+DfK3sQu9C41QC+xwn`h($K)FAG8z0VyA;<;H~qvr*^k3W3?&TC z0EQ6lLOGS=ouk8^|(cq6sSYqNOeTd_+#>$<#4ikf_u* zd;XHx+1s+FOB@E0!Ud^Ie04g}fp!$k`!`y2QVjPaPw0L+-lV2S7fULVJm4v-hW6m3 zwS#MGG#@D)Rm1v#q0@ONnR9HY+ zUGjxg{Uh6rbfKWb!D%4!rVN$ZQo^u-sJIx|XJxN*nD%ag*HJ>3V-DKYTPtGdH@ZXM9jww5!Y0hu-}!MF7c% z4r&p$z_qpMxoEvz?JmIIy`E@@d_CDEd%J0$B0f{X^VVT4!@!@Z9I$p%VMcrRXUm@s zAMgV8`0v0W_R2&$>SU95{-9XB0sLJn*5ee1hfE@rOZOj!`o^N@XKZ@=!(H;`a$$-w zv`cUrH<)_{2!b5>(X^;^5*?{vKQ8>PsOW^| zZLZo4MTIxTboiGvvR0`2Q-4K7XxbnT)&W+q$Pu1&XCUp7aPFU5M6jSC3UUdE7-Qrj zrURV#AVB*Yo~187AhdOzH?NdU-DNoMchkSl>3MR9VR^<_m={XGh;Kuwl1b8f|4-=m zRzz=tbknf9XMuS>wAdch$YD!ER@ww|V%h}PqH%L}tmss6DHehI!GuzAWQ7UftAG3A zAiUlO)o;7O+2VmO7olX#TXzh2YHe>VD_OP)&XL{;~PExnnQo|lDfGznR9;8GeCtWXiupOg6TrFb$QR)oF zSVKrP=|;ow+`z%klh3+iQPSyJ4~_t#%ka$K19ZGj2EQ|b9~oIVJUowpY$eY6hiApp zT8zu@d2s0nGYL>Uecz;^$Yc;^pg<{%>JeEEiedOOiTe}tCyc~E-;qzw*b)F|aD zpleoinF1(jO}$?Pvs2?Ty{hMj8*Z)4KLj~u@I0md=WQjnT}rN5Dz5JN&~mg2LYFhh z708R!iz}<-Jdn6LxgUF_MET8fqKzd3YLRcJ=I-gWD;*uXQDgOldb;P!*En$nU($Tc z)ai0)Ji=O)oBzI})Aa^!o(1S5=B=l-A)KCoBjWsBOTF3;Ud{moI=m-nj~HaCaMc7_ z82y+A(FBI>ae7gNP*tQ}_hb%CdrPhs!7hAy>G*Ur#OPkm*`F@=Ba*tphe#z zZ_m`JDbQ?vM4a*F89F)SjmS%BphBTFdvlDQtL2Sx@RZSC%=o({ey4lg?)SfM{nk!g z116#YaITHSCg~5Py%R(aG(~Uh9y`J(N{P&}B61TSsula%W3%&~3^7k@k9cFOXeREz zIn#07e07|}?$R$Z{vX~zJK{GD5Wj%EQ+aQ{*q7E}nyijdtUc1YWiOI3nb_8Ksc%&n<0Ece|SgdFEm<-rlbatLsXD7#4S*NFNhXI zen#0(?p*bfDsVt4MBe>d)!w1shp+CH0~jS|3}BpGGwuVvTz`X^Ykm-o&ScSNMY%FJ(T&|9K}@ zOp`uW-7MCGU_Ao)asXFApK#B{HTV)}arWRGD^O41i7b~tD?$XsjzImvf^enP3lb2+ z3J{Z(F>KFD*!FLu37!QQalJyz2%MA7kqwK1b~_Iz=>O% zTML0<+<@4B0zb+zk{Lo*2tl4@SKuxQA`)O3ie#1;YF&sicn?%G4SwyOB~%{;&>7;_ zFr{>~GG|B>il}pV%MiRQVB1S$&7=}{9f}{t>J7}aOu!C_0iJ0Im0RGyf85VIpv)tO zMb|Rxccl2dAh;egtBaTij`S0w%g{Z}VuQl*73NEiP)AsA@b`rw(2nWHq{5DyMOJk1 z$!ch=N&eh!i(vqgs45e7F#IrLz*H94AcR4|D7b0&uIB!(M$SvF_OmOEZIaL%!^Wm` z-hYw-FKaA8oL01)b%HEC+8+AdrU|n?RG0*AT>smK8OaQ}IwEtZUzlb--ktjBYlRh~ z-lyKZiV$sox9nh+x_#$1OSzJNVANxu145Rafdct+PmECJ6k{?2 zmGuc)+hGJe_O1U9Gmk4qod7HKU8J4&z~f9p`c8UCEL&^LN=M<}9Ot@f)pz~ZW1plS znbV;kTw&yU(GByNY~G9P9Qxl15Rx+G=0Zp8z@~U5Tefs1k?x)vMZh!nHcGxmdoXk4 zd4^dqwK}snUB;K`p8fXy!4A$QwG;|yoIdR8cw8fraHU?E=p9sE3K#?h00002fG|Tz z5fn~HCY}NSz)BAQfDr%(z{$kf#opP@&f1Ay&(*}%*v^q&PtV@N$iT?lL{E?2$-^hb$$Cc44q;?X8e($8-=u5g*n0zNlSn@ zjRze;1otvRW*T*kTsRHcM@jMyf4aWs=xjmWL+1>|9@8?7>AF0zX_|r>C;m zneBGEJeVKBPCGjrp+37)yzYkOR#A`PlTrP|_Bny#{v@lRl%_)|WvHr_u_`Gcu1t3P zU0h{=eJ7g&@kugG?4e{HhGCvYG7TjsZWnaT+3;BNV#>c4VN>z_v6wV7&b zmSLju$#rY6E`sWq!&_2Em)coThtq4Mzz!Y5y*mLNHBneWHA|7Q2^+G@nbKVoSzNJ4 zKjoqD*Enxjo;{QfRXw-5y&~PM9KdUpWEP>&Beb(DHqrJ&oKJB>>JNm zB+79={PfY}GOKo9&*qU!e|DgXP#5_+Qo(cFmVI*zeEnFlI zOz$WJ7Z4vLZb)A6OH;Caw54k{ZqXd1<+OzB@2Y~IEh4Zzag9n(Jkv9CuaGY!f1sOg zOitGT{)o*fS;zCp%pqW#5`*NJp|3H6@J!M%CFM(9alUX1&@)7Ji^orkYD5r>a9|Ug zXUi~z@e|WEG`@eIR6&rGvg8 zd1d6|>*Jf&A~cQFG{hl1DZEg1ivA+QN7t=Dd;)zEyJhFFued%?1oBMz#(cx`@lEX- z@Cnbv*3Ez>_(puQzd!{1Vti7+NCc#;IVldEJ^^2puu)$;puSjweZd6%as>7Ke_ald z-bz#G>$44c#J|>M`nq0$xm{yDLq978d_HS52atwdo)R7QAq0BCja`G@w(^+D4^(mL zT>0Exo0}u}2VC#dBf1_Zg|PXStlOhkI>T6K?~et%o}@1w>Fsiwpp|ypDeblU>5J-!{2PI%%>p?UF9X~N{{|>sD9UQ7a-Orh@%C+ z{G08Aed+Y;YFBjbmVX-nYjry8-=KoThY{)T2X;Ym*uU@m;xGAyTSW=p4>tjcpWH9J zrX1!DeZK7cPfq^}RcA z^~vE~&mgx-J9ZD~z=ou{8`6qSunW7vwo$HS@jr`4m^C7|K-ve8H6qOW(k2mtFJ1SW zAjMgKp27eg#}RJWH@Qr?mc1X%;9l5V-#$O4zR`|v#-VNaSzrV|v<>eW9RE32cUS%? zrB67gI!6q_VFd7=Kl>gC`a@f&hDblIgNYkbSTB_58 zfw90W(sPjhq7Yn=a~^?s;AcPrWdNRF7g?yg0Fobj9uO1WXgweM9vFL3cRnDwzyMiy zJ}9|C0D6I+vw+?Z6x{fIVSv7b{`kOa7103BB%;se(HHd?%ZJqEx#0>tm_?DSt@+#H zmnh92bg@mc;0y~~$bD%5zJYsN&vf@<2%bo}jq(#wcRb*;0DWxutWw4j%*Zeaq;U6g zw3SIlCvT)+C9({t6VC32jtkibCQh05)TSY7WR<3ceIX7+(OI4Fdft-v4AfMd3LK&Nq3;M@M+i)FjovvnKAIlpjwgT*$odq= zBW@Ktg3eP6u|plYwYCH?l7a)gvjWRto;@fl##t5(NV=xch4yifNm06ym(hP_kx^mPyMwUkqN;p*`3 z(s+kk>48_%d8@3wBvg_|gid+NuH50=pp8@%+K2#ZqR}N)Mxb|suTh1&56~)72KKVq z0rR#&I|rb=c1A!gdoOD1#kMWmZyY8wYE(kl=h|*D!n=8{`QdIH_62i;iUgJtun;L# zhu`)^9n~CGgNDI(SNsT;*&ZPyb2bLdiGEup*u+{KgX(+9%(iP<}(_nV#q)`&4tCG4}4yi@yf(tEP#0r^& zbnpIX_$*0IYzef|90S^NPggrdrPdcNvQO@}tk%MzP_SgWtTavKRU9aM=UK;sk zCQ$|*&$M)$(>=xo^e zhoE-=8=6>XZlPj5@?J|7ro}ZuxZzORk2IG^qI_Dlo&KkPJJDUP8|b>X04_WR!AS@? zoq(+w8c;G`$ss>xb|lzZr?JW~U3bAK#ISL}pkTC4-b6w}70p?0_@DsTndJbhJD0as z77HUt5&&9Am-L1n*f+N6Qlb^F? zrpITfUPmEREiI3LcAP5lSoiHBtUf#UCQ-dAKp6=wmvl2!&MER`5!R}FQ6Z_VxLWD3 z*fv}}#&ug-rugPmL=zBrR1Y(yHr71?dpiYSMsT`-{G@pH5Vf*_&n0()RyTcPf+VnU zTdFx&--8C7npTT=x^sftkzltJf#m)NHuN(cjWcPL$ zC&9)oT*RWfpwap{5(#TwU?wj;@(ftifKFPnMw0sS_63<~R=l(okS4gWlq$b0sHouQ z7q|f^o|+;w3q*6<^Ow6I%tPua`x>$Uz$Of<&a2j>!%-GGFRd zF_Xlb{k!x(4=nC^Z$^2^5pl9ZpfN580`tkm>kUU<0Yl{R-+0l#0KnGHjE9#PZ zz9mSp%GcqZp_19ucY*uzR8V&-3PY!SWg<>ayy=IXmz=~9t_8K{lo9Arn6nc~(n$j| zILBA&VI~K#=tyVFrdTdVy6Kq*SL*QIOxHD6pm*tZOit9XKpJOn8$)x}o$@EaZR`X! zE45jAa%uZ^=Lc9wP%PsW?E^`gDoC~aOn~4_(o~gWPtmsC&Gn1X8ifsv2OOY_|1thX z4m!Y{h4d!{dEss8U^r31h#S5*E`!yna{xP&S3EOOM?U~nz|p>AIu@I_OEFgQ}pR^QEQ>9rZ!7ocB;)8dw zaBY{o0{%l)kzkj9*SZXS%tmpMmTay%QHXY_-KrkSW-0=W*_4dMX_(f5iAFt00GSIF zm2&M^f6#v>21Zv=Tkg0Yr~=Nqv?h5d4M(WXHxOQ>+zljY+cpv`YOwkFl;jToB%@9F&TtnQAhT82gB? z-ZRp5LW;(ke%Vw)vN2Gn=x<<9LXcaI6D+?LV^NQX9ncuW5k`ByMt-09t}*IDRb!?m zsa?Y|mKaLfc0`GR##j)KJRzCEKjpurCNvLjYQd?wWO84&?}iE)VPcmQZ_et!0Y%G$3}Q*9;&AI5o@> zMAENtLVg}Nj2|4jUn)Pvs!Q2Fg|?5*;()>_Kj9VS6|JQ`yU203(@xDVIX220N3`iS zF|$sm0omTKuxLv_Ph9}kj~VOf?+7mL`pS@w4&*UvduU>da-H6jd0$0;GQ}a zr{ok1a(Qm;9Q(=nkR_Iw$&j|b9Zc^u=@PzZgyZyjb{uN}-fsQSO}NVN_Kvbr<;vC3 zoQJGh{IYy**@8h#$y6#ShY(&MmYIkU{M%XE$Tj=o-={}l7%iE zX$wAsPnY#6l*@2%BaUwKq1nz)DhpLFzPYH30wPj}ZW{S|y!KsrT{TaGh9bVxF!( z=MslEe#W|_XmP)pYEL>X6pzppUNQ{6u!}}4SEiQ1!p>yjH)0*Pj!uX$yIUQi@bF%- zI?6&3W#}SHMMl(gjNYJ&JLL%7cZU>4Q!K@_oHmGRw5^on@e$ zQ zf^&$Z<(SSM%J$clZJ?s4&tQ&SL_K-R*3iRuFvT{IMl{MC-$||=q)vrlv>G(VST}!m zX8;o|E#xPbrXN`#22)MX!^jAfOClS2X0=GIEM!rr?nt~HW%Sk#&8oKOk37!Ftx*kR zQ`Cj2JragiOhHDlc6#N<-V zv3c=!SuBuapgW=uDrV1quf56qgzh;Kl@2t=0ywEYnRW6`%t!W4$oqSXM;vr&?R2TLJ`5Oq?RQTbpX1+C9G} zc%XGqy!*NE)P_sEEgGdf^nZJ|#Qmgom-)pMX&Jxd;d4==uTV;uw&wMZ%Z@w;%pU<> zidHP|N7yfS8!AsabOp*aAa-B7-)70VRgI7XTH!G~V#Rg&$%1Ow4OHGzv~4dOp@v2X zEo0TPJQUm{IDc}}4osRrD>-C}VP}gFY6~A&y0RM+gSP*PE;yExQ8t^;mVymA$}Nm0 z$IAf5ZiPXxYqr5(N?0w#~3 z9`qK}a;f_l%GFl;&8;fj9Sm(+;9O{nPVOTsHntQJVMb@X}xBu?aLR?U2t1?E+B zFn@f6?u@(N0C9j`YFLHJsZ+7`A0~#VfZHj4D|Jb`DM#4XAG4U5W&e_x=V~MJ_fIkTr~fy1WKVVrn0mB`S%rSpmtv zFs`T=YD&SU$|DuNYybe=^#-Jm#w%_sZdIB_K4Mp|)4iRl$9hvZoKHS=bs1k|+S>5T zAC}Qk7%!_Z2D&KM`oparpk|rHyX#Gw1u-&}#~NSKX8abrvilJwB#Wsk%p&n{@|gs{ z`7i>I{tY0cfER|8sXZ0xoT-3dW?wOt3~df495hkfx^^YW7G0$Sm;|_z zX>XcKJ~>-dcfzk(mXG54&Fi$>7`irIuJp~t4q_Knn_qlb%a?3-8P z0lqojJmyx?c;Dqc0Two1Ne@#eOh2kaTrykpe_uNW-t+a)suF{MEglNE5Up3>$EQ8j z#S+|x2t~N!ll+#~*AhaQN^Qe&H9^GCi;=Nf;T)>ste4ZvWk)xb&;If=UzR{F0B%CR zLU7yB3eyf3G2UZGJ`owojyKY5+>(=rwtRUAfGS+}R)@x_WtN`IKS##045_Lt41BRo z3PN;K0$vEdrc`L5Yl{{w)8OJ}WY6kEu;|vrZkWInXIl^%5&0`m;V8h4jq&gl8o454 zAVJ*$NmhOk8B7)%$vb-B#y`u z#m~{i74u~+fBF5q@?Y=#qlX^sQyjJ2yNv*va9`4;iRk_h(PW^RZ{aPuA)Du*DY4qG z20F+}?)qH~pcz4j`e0KlL;Jk6Yw&Dyk4LH`hCvgN?ODO;4CiOACNu0^?O0-Bi53bX zVWbXf;E)nw!7Ib+jb+GInm7)pgKz|j?8@49F{+oSEs4JPH*???s%NPkl&UL2>MIjU z(OD@a5zXT2^eLNd%{{_cd{lC|=UZsh*9loIG=Il}Hc#fy*p>plmR+~QmU|i{+Nwe4 zg$d+pQfxYj z7mwWe@~_NS>gRD&)rO>jzihlPUt8IlB+d~?xbsX^Ab$&)EX4pgAfq|N+EE>9AK>N`JL!AQ*U*#7snyb&CRnW@f#|{d z9=>|Twq2`)14d)J#4TbShbA3>PnuNn#kdhk@6Vu=^ghTsrvT^VUqz+ian85@ae>&5 z%tXnPaq9oqj4jrO}Uu7WzCaG80PK%PA|+l2e7!Q2L^W^H^=P%&*c zltbHf(Il)sGtu0Pp$}u2o6qvBGUNvFG3(WG7*jg68n1G2`GGJxx2cUB8<$BEwDNi; zNebiULQ@6&Ko~2yw)2CW8Fy1*Xbu$F5?QZ zuZmq7^;|T`A)}6%)ziE_s|%nRGXYZ)gh3_-ir!!lpiQul5d@2c8kCp(D@eOjl9V3z zx*+Q4v8)|U=I-cxx2jG#a20~D1rB#um6O%!zm@!k7mDC(f%@6i1O271dZ4<7;qk#c z!h!Q-bUycrVe&1G4(NQ;=##-g1T`%)*h%0LkvZ$sbl5U9~hEu^-NxzCJlyrJpyvGU^X%k zQk{p_c;qM(z0bikRZL=B3dDpUVEhSktTSE&f@bR@0qu;a>o}RH=D~EwfUZ(?NL*J# z2XeJ_vK;u&;x~7WCpcH{3w-Q3DiNA?e0`6pjDLp>Btd`%nw_!*)Eq*~aU>}?yIvi~ zGsb`roamKF1CG>GE%^9EjM=Hh;gcuTgPEw3p8WV*K-w~*wXKKXdbxPMbS+cGle%=x zbgZHZQof4Ts?eICux-XZiYk(PX3ky8QR5@sQN{o(e2=ybS6GeW&QQuzzzEXW4NQ6q zartfsXpr!=uxu7Px4t|AFjaGox*J87#_}dgH?aiWf4T5UirQu)~o84YrkR4L* z>M~|9G7E}>=rsFFY(6r1Z^Pj8$wU`FjV)dG-Hg)_Qg52}fgAcOst<4u;Rd@|9rYcZ zmHo7^rD7{OeX;;E!Aa&pzcL-2JQmyM0ILZSeWo!1od@h|K(a{A4MBk{_q2Q?g%ssb zpi5H=07~jYo3ToXR|79V3%c#YfcK#%5KQ}bw0kBAfaRS}D=Yi0c-4j5WH?sw`w60J0L z{H}_tUYoC;Odm1Yr!t>z)oKY5$SZ@oM6weE>>*TZH!wG$BSyziHGhQk=`KEMQAFTB z>6$htHEXC_dPKldH2T~-ajz~EIks2HIZ&_2j_5xj=7yi~Sa4UxM-z60A2W$vM+pX+ zbY|t8Divz_rqDQB#U!h4f886K{^6EB#Y@ioJ;=n;i7Qi!iiNP_UO@4aw^&AmW|*g+ z&q*`s`e#11NCkDv6B%XzB-9^#t7xbJ2{MC0AQ0$Lr0qtIcPsbKCC$G;{)uXR9cB?> zr{FX^YW@|ugvcJ|V}G`CZ_-yxE)sj}K+HNonlkv8~@wR5{b)QNWmrItWET+`l07{edK zy!H6BT#wz62lhCIS!)m0;to542n49O1(2X%ScIozdp0aZgB@<~y@imO%>{FBakSy$ z?E|I9hrxIsBR@7o4xm{Z7CWyQC%|X}hMyYo1Mg3_oPaEzeCE?ETK`=Qr)m{HjwGcP~hPM`2zc7UgkI@Kj_XY2g( zM~Ye<#?fUB^mD$v*H=A8swXePaThr?Wo5|B9-}&dRl1r=-++$(O;j})3jrkK6ES#q zXw^(pD*mS>zj-1=oC66P=KiqKhIwB6q96f9_Y?M}?;<8F7MXBFN~L|!--*Nq?J%LC zyFz zJYNB^dfFXpadt2{Yb{-3GVES2hW(@pw{oEqBG%YeE|ND4n4{(h=8^lCgE8?mx|-m$ zXm=!uxFtbQG98~1>I_G^GZ4>6LPuUg2>%i+>k2E2tiu)B^BI;@YLgG!+{v5OmaJLC zb>d1Pa&htyOTV1R*UomLpO+H(QOD5fADe#RD4c&kAi{`oXynU(lh+O`qz5bW9?}sB zJSJJ&NNh062|tk85+Ui>*g}G0yZe_y*XL=~_dzT*j3ouc_E2B-oYOk-+fTE6i!<>7StXu&6GuiCE#atQu5BQ2cRed8l;QRPR) zH*0#x>h49b)=2)bYKWpBuYe_5ZNvCv#Iy>>16dbSF!)2e`!y@Ad^S9Q|zJEi67@Wj&{)+miBvd^MZcpY)&hDp^?i~ccwa^c#!TLhncd7@~9 z=L2;90hu(vYLiepSe-NBWq|~vzexqA^a51le89q?9LgJU^b;+i-7pNR?$)wXToK@r zmy*Qd0f3o)(^VV|Aof*F8D(>ik^G(o>Eivgco6K1GBt9Ei%kQyL#pr4?t8F54S`cqO^2oZ$N2d2=h%16; z9vKHNrTfPxOQH%E60M&eWiK{)i{)a^tU6Lsdabc)0bqY~);MT3m2|*lLD9u$Xey4m z7?9g^Wo5D%G$He$fnM#7e!MFu`Gfb4&;J``kJ|e|X+Ejm?kVyDb7A0-g-veJQFLln zG7COm`ZLJix)w(f0Eg0Q@G-9BU-P~A!%V;j`7Xv%%zAE!+JPWWzrCr|6|(s)7x47d z)jizbgd3ra15MpUy*WP?Wpycu-r&mppw!VBRH^)j>OCX=PuP?3*g^pXE^8QrC(+xs zY818LN~Aa9=WmQ&G(sU*7TZI%{h#SyHi$EW`CWK6T)=SwC0^$OB_%G}yG9lM+OB(i zYpktyB3cw&-xq7Wcm-ZgQrNfx?P|-2p~-5iu!xK8G`?z1Z0=cdIGl5Cemz0du#?}} zBst?ZP0!4HRRx&Ve2;D>|Enj))mzBD61|77qq;9_7tvXn0mSu4fxu|cVncURrF2>! zLu`xh@jiA=-8?_i8=wD>lkvqqoCE+^PpoC(RrbVkwsO+(Is;jp+nw zLkRuWLm{ryw-?jyoIiE7M!DX{V)%;Mhp9103z3kLwFBs>C z^ZAGTa8{liadNMfm#SNx#m4qid(B&k<1tVQc+Q7@J7C%?L2x=u^2w>4C-mP8OH!3< z9hszCcbH|}gU<>FqB2X%_wC|@(&1w;R7Z1tt8Z2yOJ|5;89oFXrGR zt~;^o{%<%!V#rTGy7{19Sja6ue#v^Qi*VFWezFHm?qngnN$$)kiM6*{i7{3h>?`Xr zt|w5J0YAhb4zPv7oJ4E?03I-lJE;nfYWD4hO60g&dh&HyzS%(XV>zJdNDeT4dzJ_7ug^zpwY|98Ose@h?j4UDV|%q(op z=>I2~<9}CFnnrFMP6Gk}82qXr$^W<8>KWPD*c&+i3Mv1m1zZ$mthN{sx-ZpWcA{D_ zklE52>cZHj3lJm?qzaOW$X?p0sib0Ac9xRAUt>wkBqS@NiZfn!ylwXu$AvMXN#i^7 z<^x%A+r@dNYRUk-iS(h2K=_VkvmpPp-#}Fb%%T+D%i8F#>azOR%+|Gzy2+)Z#R{*x zzkZ**4BorKo;A?A&x&XjULJT#7g^fY8)Yq5mz1*s0pIOW$2!X(GX zxa0Nw!+ic=m(OmNgk+@;HByhDJxZz2%yfX1qKMynwHLp0-HuWigZ;T$X=l&TC%d)! zuimZ+Z9C_(qho;%bxYQ@P9b`kMcsLJNyc+Kf-qv^$s_d3;skWTK0J zp1&jyaIrwM+(sG*R(bk@sDZk3i!$ueCYbNnP6gk8-!1f<2Mr&P007bi{~x=>#=z0a z#L?-0*)1iQo3@)AFWY+kRPYH1G4ZZ${sD;S_MN#RbrwkyT>XZyLh{C3s=uzSM9EB< zKf67rcSH$^*~Nc6!bu;tJlt)$2=ZD&2(k)`L3~$bR1+J3MZ&VFo3u9Y%^v zVUg@LnH9uG@cnl}9TFRLbQC4VGbgGjM3~m?TZk<>EQ|*&G7}BenCT>3iPhJ|GcR7# ztD-uAK%*q4qa=X@Q>0Lw4H?vBJiw|p+zj$An3DRu&31=_(#?AUCrVSJ0|=g|(@P{T z!nlBem0MNgq1{WOYB{S*4r+Gj|C&ou8WNE}IC+sWqbT&!R6IvT{De8W&hRn7h5nG6 z$>1jGVfN0xagp`1N-sR86#g>|Gy|;~{A(7Njp)cv^&)2KEThQcOGaCs%9aApiV7yU z#6r&o>h2HP(Ll|}S$)&cpx#QIG)^MZ*bvN|m2e!~r>C#aYy1g)EKr5+2R^!qf~wOi z_T7b0g=I}!(HYoiDMtN|aZ{o578z&_W-5094x>etKwQ^U5FyUXJtqZL$9~40W%*4Y z-}e;tts;=*52)l#zcw})Itf_}|MhSx>oL}rTaa34LewzmzkhFO#U(}>v1cztBO4n1 z1t_=Dk{y-%O^`IkM{tmRpn;8=%v2RZ995;NrwU`_#%GxKkOJbMA3Q7hC$J)4tGHHo z_!4KUf&izIC{~t*p@j!HgYxBZ)-pn_j~OQm4B&+Ox#%i{i!3NjTSJ-(jWK?0ndaAK zo=yk(frD7m;30!Kd#GGaYX)L;SVQ?=?)~G3_pf*N&(z;Mp4cQ9q)dM)Oa3m9$m~N- zr<6KOk~wnt52DzY{*(ZtX%JFi2<9422{HF0?prj8c7Vl=+e%^;Hsdf~lb>5*b0+g& zdey1o!-u%*~b;Hy9XB>x?8z&}yXom$MCwIT!RGg7txUxcdQ^@WX0UreQUO643Sb^XRP2eI5}B7MvPJuccNNsCITom;n`?lX?zN{61V zR(6)J^p;P%EzRo}1={Yj8255+^WnU}+ijWmeYK~_U~ji~Z{Yi{cG$!-7Dw9`3QS2+ zK?BD7VlPh#Auv<5_}GDm?*q3eS<5D*zkukr8W$`qA?&G(kp^>$`&Mn0tZp1#t|YfCm~%o zaak%{Og#@%wRYde-wp7t4kBMB1yJD`idl=u5VnxufDpfOzu@tJVXzL`@;GDFX?`oQHxly!R~&fmgEi$ydTH z`38_Fx>Y#@FIXU2cR2CXEkzA$0yge)<7}Np@^wJQNk%_l+b8IfsgooUs??6Xv=6jw zg#dubbz;F&;_(rLuDvDNt%-C1`Y1@$kZ+v9qR%~w9FQn)9W2v?X2c&KRe=j{QVQ6P z6+gv=mwYx!;vkFZ{!OOp@NjLB-h(So#HK>~g=heO zP7+m3*@+r4J+5uwD9QmYH+UD8LS>mfhuk&DiDSSK?eqU?k$ajfGICS#aa8dgz2Odn?a#_M}kJhjCUVu&gv^v<1g>=TIvF zY?bCe)e8t~I~xgsXOYoBPBjsk$7r^kyOET)2N3!640ZLVoNfR|}hTEMwloB|r? z)6QD1K1KHZ+SXKplKW{2iZq3sH~d(}n8z`f*!JKl3LLzbK#b4fq*ds8a1y$SpxXM- znhU>dZL0EKyIQa{;zy0nuo$h&Uleq%N7?U^n|w$#XLG&XP@|_rNt4O0{QE95QwO8Z z;INV^cyZ*RNAU|5y+$j3V@!>+%v#ySlnBJ7xfXQ#<}mbQZJlZr-hsh(nKtl(>H!79 zET8HIQ7fAhk^JIZrV#QUr3r*(hLFh6{LgVZMi5%n<@UOD=+vlX6hi=b?ko=d&z!%g zE#}uA{_Sl>w0xdFQ;lC_s$SaXnf4gkGWcjn5AnTX1#w#2I|+CjLiM`>@fe2cTW(u# z;R6oL7`%^d37nu!1!0jz@-8}})XMp2v+P8?Br-EP$RpcKm+KXkC1yF4&TOYvT*N`D zepdE8!(u2ywec+JN|}*r)qMU*RDm~8O(k5BE%jDbQ8u}=zGFDw!Hwka*k-`ydO}Kv zvt@E_$-@k0@}{bIp*+3v^0Gs%5&TkA#;CF&*1dijY2#z5vAGI-AAM4m^`3jbnV=+v^i+Is`1k z!HO-c8^$m^m=U*Rz6v_r!%XDRagn}X3yhN;EHzR-=;qj70zP)wyP^P{0OiqhcmZRM zqdbojCHRT!+icGQwo4t^pO&5mT%|so%c1)!h=u24B5{`g{JYIj<|C9*7RGC&$e~m= zw4~rgBHCY^Qa|cXRUXu{ z_S$Q&4MS}h=7|6T4Gcrul}dH~a8hgqV@w7#QM~ox$4gR0llKr2W_Bj{;KqwLb0L_1kL>x^VTr3<-Y)ovO{~N$e zQPXhRWJT~jt>r%pizf~}bY94aR$4VMCR-L(qvR0#0|$;qm_Z3j0dQ6*@$H2UAQ6C+ z)ZvL3vHkTjbn^f)UF#H}>LGyeX+}yXpFj_ZN+Lu$4I%cBNg(kiO3<=EKaWPg|Jz&x z=qc7df%yU_UvJV`IxPpiH2V*M+p+h znKC6`mXweryY`Yz76+I%oTfFAaZco>&k4)+wiUy>$Z9DuTcYYIJuTf7(2!g26b0Q0 z!F$@>zl1>Spp$gnavFa4C(536pLm3@>lPFIC<3fc#2=}F%nk6Oaau)oJcuxiBU{L| zo?j?97QsaCE-qNa7u|LZ7SUilim11O5rsqn!oDiEGCTx(>L-+{>|IphfmL?lZIA_W zPJEF{w4QX*J4LHYs9|LCL&FCzuVxf8A@-04ng#@G4qN+3L$D{AgB)A1_!SPFG=jry zi_Zb!Q+sv!2Qh?b@hW~N6n{Gqnp(9YIz@1us76DBA}58)J+$N=<;(Mv+qw^j982~m zd<31?xq|s1qbf|D=8-!DC3Mg=2?5*lX5d*!!L~IUV*g!s zfk?L{V$dRa$Vlkn<%lM6m+YCmP{Ei&Ad4wVEa=;qz5GbGsa(NiX!50=xf|p46n)-1 z@3`soCW*z_$IKot?lfo>IOXh~10f5-M`)+Up9i`>3}9KC6#zo*`05V<&n1$(jSlbH zpIA}G@N0-1sryiWo%=8kq-OD0rv#Wi;a!}#&M3LFhSPsJ&?YcI=;QJleBdd4rx^Yk zoH$d;(lFYSSjdMtgep*GeHVYmZ~nY4H_j!0xJ(FeX|u+HV(fKAC1D1WhctM-T(#9V zQT{L-Ul4>GK;?-G?fLx)p!+A&4YLzXF0mD7TE7bbd&s8nV+7pfHi`$cx+gP2wdQ5& zD`?{a`$~c3*Q8iMpAfTzDIL`hKWCP@n9(CyDnH7g+%StF8o})o18vTQ(4Bm^soabV zp|1%&TjGGv!q)%Vb%Az$*X$4v?sF3~%i6y?2$j!vfrfWJzK`nelwv>v1QMg3Lx9O@ z%6}UsYcO2ZU}8t&PV0SFcphGJ`$@kXRhpJJZP|=FK~r%W#I#r{kR-CERNVz(Ipn7cljshz4dm{k$I;evapLLK);Y0`3uKNxqlp4=Aa7vT%G1~L zxX4I%W(3KFM9wY*RI5)&)lN32eZp|?-LFW`6_~F@z?3W{e3yB5fCmQ&_^BP9m{(Xj zI%~}=#4|B%^SISHTwHNrxwfH{s^dc@)t*(S)Cjwl^v9W{zNG3ATTm-$)g78u$|P4F zJ0zG0`S?Ne8nq&1P^%HpoF%+-ol0g9Mj_BipaTtXh{C*kK*Qk&#B~(bBE|<+b^3H$ zUkzT&oR=dv`xlW?xh6uaA=W_Bl;RAu2Y@F5s*6(6$P++mV(J1{#Czh(svsz;hijR8La&M z&A-T*Z5P!VuBC8Wvy$@};xS8Z6dQHqXEF{^RBjNX4Qh+e)>@SvD4m%*oVN;Os#cyf zJ~tNwVjtwhThOL}FH03yc`i;gjjQ4ZR4O$iQulcR04x=>!==UgK+~wf+XjM|wQ8-g z?+ro``K<@zsgB6o#OL_aODB4uh2MUB=Le1~=AHpOcC$L6E3U>gUwN-nC1?)twbiL+ z!$;M_Mr^?`cL;A9(!pdrZ`$Ym?;BcBTh+N|Z!+DmD-BSf zGWmj4YlCLsVi;e>B%%g|K;KQWo%I<@be$&;Mb22v13h1DDC!H>dhUgA6;n7*;EUr(n6`fQk>bo!~9hE{pYCP zGdo`T!U6zH(EV=^WUjyLn1!9~e;M>`O|4)2g66yWi(mdiYDj5wT;H_htXXV$a^;M- z<*+C5uIZ)_5oY`msUSF(y7+$mngQfTBq?tG%Uw-|tU)mIwYSxWd%sUbJ4`cO)aTX^ z$&^rBKP8nBu9728T0u=oRgP9nVfuM^%@le6ENh1y8K;vj9RRL31?cN z9zJf|QlTm-OGcza1FaHau8Fo@k%;`|MUnVKMmiE|SiaB&#E+*obk@f|B$6tjOLeUX zB~e*0b^%HXo~h4HN!=V7VQL|PciPAzSNYMe&yXRk0cHv})ZQAcOxc}(7j1er>*k0z z{2CK-_(?XgP*neLfA+P0Pfwn-*ox1K)6I8J2U+a_*9B`k$gMe6q$$Ao&A)djv*JF( zQ^wFk6fJ4Wv`|Iz5ZaR(=_fFX>SHE?V?u!9uS{eX$nk2&QlqbT_`?0oTWn@s=iy20 zWZ()}Mml|J?Mj-TqdkVwnH)akn=N9}{*z^J!=@nZ7X}esV{U8TWYpS!AeBKLjAOi@ z0e{_Otev2*6S-KZbU)2@_>XaM45L*C8aIQ=r8cA}ZhyyK!73nkvQwRId{3s(g&&u3 z1p*8htr7IvFS;RxTd_i(R;D*Z-_weA+$LB^bB`ZxxMC=iqBc@R6f1Wgk+$m0>YiqP z9R3bKN|Aaco;XO3OijV#PsUsEl&OFif#+DQL|6_dP>LVSB?A6D#)T~X0& zRwz*v+9C-OY2J$nrEb)~FjX(aN)Vdn`)C@!*PJNV578E$>zps*GG0sFiC*wJI<4vT z4cI}x`q)KLg z6U0`~x{z{Zc%VmhQ5Kw9=9mm_0^<7?Mg0!Q#TvtWy%`dHs`?$S`zUK)(>)BQybM9n z#I*d5mD&m4s2^yUZg_M@I8`pck6~^A@ZjXDlnPD4&y5w)+I>? zes&9BzquW9vV=eOo@}JHZL&5GG?d3ProQ;htpCB$7ff4IHh;%;#k*T_iWVaO-0UDg z27ZXXK74`$LM(ec9O&Ofb|cBqra;dHwH&{Mt4MGMyck}c1$^}VAPmql=Q`-)W%%A~ zTu`0gnq>_Xr{D~l0@C>J@1{Wr(r`jWd*l z6wdd_$cJ)4A7Rlxc@uQT&o$?mWZQ`EtnDqe+!a&wiM3eX7yoeV0;6D9JZ)`3uiU)Y zCy!`*CK=)e6bU_J%AOch%Ryd5j2gEU3tMLAyMfpzl>%Kk2^|u_v`b$>i)j;ieEb}6 z_w`cg9#FB3D|{a|fCWa7Z4Jp<;S2SFpz60kHzrlLLz!2L)|v3wdbDRCHYCa9ue_$p zbPpfPxmAsFP2gJn0dEX>m|t|A9dI=-envulPh$04Rr(e&XWrai&e$Oz?GM)AcZ+;6 zoj~&&xQq49ymZii!l58LY0Ri`#{jVfiD$vF-z*o&oMROL%7Z;R&!6a_^Z zYPx3^FaMP%&P=7r_+lm0a<6Gve1?l@x=!+{TZ#=+LTcOM2jJF3gS6m-x_h+0vGAqP z8@x3~1^yCI_MuNR};cwU3B1*nj70r6Dc`mLI|< z4bR!&ItML^=d_b{czZ^MqN;y3EOK4pUki!-omd=Yfc&tq1CZQT3DJC=0&T5BkczCD;=L{UHXHYqa_} ze?-*feOQJ0nRGQ5hgSlB9~6ntj>RX>;@ejUo}?ADH$UcB+4_7qlG_EXGI40KvHu|R zG!8NyOEVzRV+PsT#oHvnd9y<G3HE}ZbG2Yf=LcWD)HqW+ze3Fp{2Z_`zuX|B7<3YBETlEI6rXnT zP@`k|eOhoNSm<-)=5Ta>W+&Sp!GyvW>&N?k{52nE*A75B6?ehzHYA1xtngPbf1FGN z*+>dXcFX`mU{aaLZN>iVp8exuCDH^!3X`%){%`2=k~hr4MPDHbiKY@YS6kE6RaDv; zt=>v?@$fFh8P`D-RWb{t=Dc}3e|3RJi@~bq2vBpD4cGn?E*b|39zQ7WBmRs^z2-kt zAS@6P?Ok9xf?@YHEcQAh{4)?C_CY@(%ra#|*h{KU#m zeQ;zk5qgZs8Ot4!2<9F@Gjg)FGxiqe@-uTV7yhvv@>=fKwU)Jh3!ms<9AM6-_cAw< zBOy)VV*D@m=dBLN>$c5Vrqialf+#S?j+bLk52|vol`k<33Kqu4)X|Lb7|I9S8=N#4 zm-c#-AcsU7E&bE#ID=4|+591!I1MRWR31zBr{wziR7BOn8{72Lv2r7O;S8H?#x8aQ zBQ_|G<2>+C-KEc}{Vn@PU!jb{0;ul0SE6Z+JT9Mw+p{8ORU>ZnTMM~yqxCS#^6Gqf z$-y)mChJ0I7TV0afN9}!eGd|q9hm3#jY5&MJvpRp<9d=|7su{mDVIK@aYMT>Disj8 zdAI4St@MGTwK^eL1-r2r?9IW8;wBSGjq+=6$agDOK7!i^$W zIr#yQe`SL`h!Z;Yx4DCy;Iws}9)@VXgkg5D9VD3#B~tbXbHXEp9@eo`?Lc_H!f;<; zSt$x=&=j}Os3@yhnfQ;DO;e>Z=I^4jFnj!1u;?COA~48s!8`C zm1E%IB2$P+XNwdYBBpE|m&`;s5%A*FG>Ka^4e1}S?k7QuBBn&!EckFpxJsepo}tN3 zN{$?niBRqOi=HN_EScGR`xYRfR|d=7n00OcW_Qi`E4^0bws_<9v}@L3?_PKTelB+w%=nVQ1e_Y6=>IzXVvTs3G zYGur;fOP|dflYey?|ZHBTfn$3XU%bQi7O@beOz)8+aLZV|JZlv;^>@)u414~a*lnn z=(1cblKgDmkghd9nQgf)RN^vLf-nEXj4UDBw>u(kUD)zfsIZgAaKSkQ;|=UpEYdD^aR~x1M%eS>{K;x9vfd?Mw-U%Yca0;~HYP2R4?OyWM{bGBS%$=zqKq3#=Ip{=t~11sWgVk!&BTzuhkn5R55qX0{lt6} zJzo3YlyoeS)e2`TM+=%vHIqdRL9KqCv}Fy)I98JB2pJ_C6>IV3dNF0tMM%uoQR3~J z*mG2BCL!}*ig%hhiur0G@5dJ1Aq<0D^T#zxD7#-H zHug}){B7{T(~i%eFsltg)eKNO*l=wDp%b`B_EZ12o-;h2i>+VOTSFGGX>)$kqj^+2D8yj7P7)8P|IePzdH(|wm}mt|aEtG$j`9!cLmQb(T7dhOVJyx8mg&+yKG zr}}T$Z$Nzq3IIU*--2ovXAA59Moz~l%h+u)z;u78)y?>Ch*N=JyHd^#cAUun#>g&f z#ndpv1;{on#^R2d)@y$Bq*@YuiZr3P>nP)5Jz^%m{KkSHsTGK($f#ABNyJ2fzbqun zo+<>KjFEua{-M;Ql;%nICWvody<(*?2>!Y=kaonLtA`t^55^WD*x~2D%c~PxR)7k9 zX3b7sHWmH4WmQg_mgL$6Fv;zvKb#-|v6CAOMNAz51!bJ8m^4uFGL&FdTSt>#3_XUDx7-eOu`t_|BS7-TM?9WD*x0LV_{I&^`d8 zqdQY)kT7RBH z-60b=gnuuV1f`*3E{|$HR6A~=I<(~37sEX^^7q2zD0zz;pz5iS7L%H?xF$RzynXo&r4!Tzq_6LwwUn6 zL<$89%db4uexjsw1-j{y)FVg=`FwP+XkCtVdKBMWQt_uQ`D;PZB$;{hXy4!FlOs9> z7VG%qz!o+Kc4c+DmF&~P-PF#UY^QLKFFyGgGqdGJhkb(!jGi6o*3SI(g=Y!1rhcW` z3};6GrHvOV{u6FL!2_Oc)fvMr=u7*;%-_YH6UfmUf?il`$e@DwgOFP;2jG9L^8atC z8RdUl<^NB=z5hQ|*ne)ML5ap5onK!+E-C;3?*GXvoDIyJ{wJP(oLbg6t1fOg+^(+e zMdFbK&kcorC{4sH7AJE_HN1O9+hN~3wgP!$nHh9+Q?p`N^u|If0U#7T%g8c+mSB0yPK@nS1 zsrCY@b9ze&t1;#{u&bEilekU$4>?Qzu8FJd;+CP>TBzdk?pXJX_O~WTLhVU8y)yI? zyh>OZy=v4FyjoZYq2mCGhXR5S{`oSZm$^k81s(PB{AmUT8nIgjM*S%3(nZ@EvFL5X zg)Sr6NPaGY*D%P_#}F?g;3L|MrJ|B^6q|zK8 zT@G4lKA&XgY(NSrg+O5EkgF$sMYf z`}Q~2Kty|z0wR5syRhrxPWNh zF+sKoB&s2qHcGssa+pB1Ci7CSNNJV7b9b|*NThenYfYx0*d+gWJ>t!tEW$thIDPbH z^F4vHu-gQnMP65R7#pz=_I991b23>yr#V*L!UcUdV~{(Y`=&LNkXW zz)Zu7g*U&FrrzWRH-PbMKM^U8Bl?|5Zbt1KqXQzLYAPZ#{{}Rw?+FkNE7hb{eZ_-2 z%$kFqDg-M{621D#17W@KIddzg}O zc08bMJwW_AK#&9cbiL-e^i)-0;Irgxin%^Vfg7QL99>SpZQP;TO?cS6#0G7jzAO3P zf)Gg$jQlOl#g?i%eGM78CTw;(%@xVcm2kBO`;<`hx4K&ePe&7P!nYL`*J2!s>MBOL+&|bn}8H_ zsuz38YNFD6fZ;?Xm>BbPU=Q=93)VL;;9#_^3j!vi)F`ZZd(IYAfvv4nDvy09#0=?U z?Ym#6JMi>5@s;O^(!%Ez&&HOc@g2{_03lBls;yG@fG|#4fiNk3Mg>cNNkJ=EBEWO5 z9Io*5U{tQhDzC1;M3cu?1PwwO_5b8T38m#C5W$jn0gL$bdG1cIF89SQ&jBG~=US3; z5X%7HUSW48A&KYGVsh61d}8Ye)tM;uY)toKcqUwy-?2DljOWhna9>TkJ^Ic~BOg^z z`0p_>f*|A~2qO|eZ3klLo_xpUiIvF#*^DC)Pip%Ty*xR)HB?T>@rOGZqSPH5UgZP| z!Z4GG!mzKZbZV-hBfmD$#!_SODRXXk+I73(Lm~xo>ghGsOzCPk}&XV0&epYnR(!y1TY&)vc@P{azSG*YkdNEMw`%_+o7U$g+p$zDt>C zo}|~yXtvd@oY@h(VTZ?y4xDP{66(84cjM7Fq1z{JC~_icY@@qse-X6nZUzfny}Rgs zcHQQKKGE3eQ*zb>GeV&c!=g)jOi-Enu=3q@I{h1B4`OQ~Vsv?(3FEX!YAFCf2;C>% zrL1ngqPkh5^cswd)vO8~I5lU_Uu`0fm#B7UdRo^XL@L?S6*5iT^cssyqlw5Q;@*^k z5C_+AwM>9R7LPJ-=$(8V#0fibYfsf{&axw%;T@|isWg&81SXSNF5Sn5JTlzIhI$C7 zHU+Nz2So-qOd}Rw)DON%&nk3iuZf;QSQIOQ@S70}8cy||Av_=IiyeZ)D=z=ex~w)( zuogwF$qlmzO<(pV6QVIdwF!WAIq&(GH{~^c2K&dJpMP>|hJj?aN4cmURL{2&w1=@> zKNb+;|8$Axm%IN?l$*1wk${n&3Y~%r3Gwfh**zx6_z}P(gf*yZG>Z^Vj9xDFO&auI zq}y1J-F{WqJ4DO^4ZW8buLM=xEv_oMgJw`Eat zx`En8PGDffyc?FJ?SJx@h84-=@EiDzoDqkJG!ebNpQRXwV_rV(k6V9ibSY-UW504q zu0aI680Q!>NwBfqhs@O{9Z@98+pkP9U3e+D*TDoy^X=|y&I;=eX8wF^%fXam(g9*o^4$EDT|U zcTU}M3_aBBkuLODL}gb=Lw9oe(yg_9JPWar!%tqR17k%6Ax7S$Y5^>Q3d>Y50i1~^ ze(59QK1Q0ZaRw>!c{S>M-^b&qv>FNWgPY25Ku$Kt{ylv7>p<;!!SQ5ST-u2+_hgAM zbOdHPQfvko&uCOku&&q6D;<-ZTY2y5%7i=Fz6;r5IaN92lMQqg&ExJWRg!ij3*myA zutJB-R+zIXhf`3&fXM5-9X*SjAM-minD7 z(=}g3nsq$m^aK<2V`v5#x+1#Dhs_~&8*HcolWzD2AV#?#q;&Lo$~B47Uj46;KMBiW z_R%CiQu>>NRhN1<##x9CR}*yBT%FLjp&vDOr*B<`6TD4vB}BWvYov4B@r%2(`Xf;g zJQ?UCJfLP{^+dr?v46-NkJMjF5ove@BwT@oWc1B{^#g*C-`zKBunHZrEnO&CT)jta zqy`@@;Q<6w^d5?9jvf4W=%@V+DS;xLAQDm6;Nv;SEMjP`6HeGxSPEe7Hkc|(*a zV&y1uF|U0wE-LxX&FV;EYSM<7=4LEOH<-8Oh}I1aOvGc)F5fw4_JeR63#6JKFOr+C zm#*Vk^!e%i#y~RW>1CkeyXk4Idz4MgI{8M?A;#-ELb3$+6gYrfZPoHcQYfmqyCIB5 zeW(UT>~LpEyk9iSrQQim79fH8?V;QlG*QJlDbaxkSvqy%3Zh-bV-kp7s!tV`m7woI zPA8un(sW;WWWe}Fu8|lfK8!55yPQs*Gmx&v=LqWlMxg0_MwoH64tF)$zHSKgDJBIu zxd^(@l5s(yRPoDy`F%oQ?)HETv5v10sOaS_25bP60p-~Y%TAf(JI03Pcflx-^Ed%g z^j1ELF*aiIQKz&3Zy@?m0d9yVIRCs0{A2M(E9FMYkD7-#W6_3;S$;gNaxx=CABvi| z6bHmLDL}k`zwxXF+e~hC>VU9X9ds?JC^Rh z{{SmW2zTsh+PzFh6xLqGbPE4qK!0yA<6z}D9cl258{r+zZWwdU#O4hmp-PN5+&tsi8kk5h^;Ron*vocELr3KpS4 zSAQ-@Y~=&FK$6F$ZfTVB>KL#-9U!sC(`Yqtk$^`ckmVsB4;7Dfo=nhxW2<{~BO+3% zf4p1+hr?7j5!;oiDaI0{VCn;NcKBYYYE53fmZ*8@!*U5YyeQ9xbE6d`jUiOa5S9$) z8sa$zHi=X*tx2sc07bGgC~-1=fW#9Kqi~`S{?rvViy;|k#TWmek^SAhgvElO53+l- z6i5OAFZNG^ns04bGddooNTub+z(FEAAb}xeupUBM9xa9#cF-}zuY`xe=>gtNX*u~F zL)Q&1$ix(O#u$v5HEcCENO~_{E5zD}~AFhm-(K$wUa9Z+w-2RA2n#1Y3FSbWcGpf1udaAK1 zB$Qc=zA|2TCDWB%T5l2MW>Dv>c^9ZMH7CbISyv*O<}{v2+P?!s+qNO#2{hN345fkz zMl+l@nyLY20i#%{&kc^pH>*8KoG@?ZJeU)MpeMB0T^?8J_5l{`d-kkCz&7Zk)^%A1 znYwvTY#HYHDO1la+mV;$qF;0JMdtj z+;`Cu0OlifexQ|8c^@sy?2Q={2pI90wA;Zec0Zm~=_86jc-BvWBv+8Of6jHxI zNAJdLWKr@nHsCn2=vI3lo*g`9^|u{p^ta~swykFF1EJ)&0G+_*cyyf68~`KM9UwEb zr-O4dPJL1i=*gp<{bwsYBKrI2oVLnB@(h8HaHG#VK*ul%{A*`0*or9YGOhUH&gc@@ zVaRBQG%wlP2LVj{-JBG(FeTK@sk$}XmO>jLpYoB9cFE{bRqr4g>uVc z2%rSPD9IgW=Jr(g=-6W+#4(itV*_Hs4?Ofd+bIr+G}YVH{!(N%?=uUh*AxHiXgmRM zRB7U{VUxNzdTy-RQ6~uk%c>aipAzVicxC&7TrBB6nf;Yp18s2W^@DjiI9}BwzP-U7 zM8=QHTWkWyVmsXIYOe$EK{Y02yl zCMZNfPnTpKJ&1JzSh>LopP(OIflEXFYxz2QYraNOZfSg@C;0X6!3v-kcXSgRIVD4s zp3lKs;W?kBvm!?XQbe^fJ)k$F@@#}J8;Y7Ao#&IzJdrXlq_@8R9PuJp3A~Rqk5{f@ zF4;`;n{9jU9%8gqj}N38*@RHnK+}Kh(WgfLEeJY;M{R}+9o$Q`M175shUc1OB;rw& z_(|VQQ>YIyD8vj1Ya?$Y?hLE3b9SRMQ|+6V0G)ddKp#EQz+H2Ctso}tyjY>&5&97) zRy9#!SW4v_PTU^4RW%Abq+M4% zTyH)73EH7O;^dnpIsdlR@PrfuMv&?S!Q#JcxGsREF*(Z~pDBM3)M|{Y2m%gHA94zb zGf7N!<~|3pVs!pA_7puSCzpI&uu9FuJ9@7xH(1q2_!_G`0aHjR7HmMpQnP%BJq-O9 zWiCf@?C}=b#4VcQcy1VEh)u$PDLwra!I7~L-tHX*_JskZLj4DDFC@{JYYVU4-8T58o+1Jeim`cnn)i&J1vkY)8xOCzNXxsDzRR^BXt)+UDSgLat=Q`a5f zl>X|07qdV>1xGAiav$1`? z+gRhgL;zUB^5eB^hBo z6})16)W+7Q3eK{x8BjA`kmlUsNszq{k2J8(?irE|ndW4ilK;=jdcogE643Va?&+Vw zaM#mDl(|4MHvC|?J0e(T+|np*Lf84i*(;emR>Pz)F!CGe-fuIQt@l^)22umR!b}l0 zYw$NxU@de9AS*g~OY=7Hur5+D&Q@gp{CDr83i^9od_Me@riT{5Q@j7nM+h#t&e{K} zW$}KKd;I^S&HH~TXaD#64C%!8I${$djI?t}yzXMoz7ZA(a>P}lWJGJR*(S2EVAIqM z1@mCQ;anzsGWZ5q>72tdl@Dm901euyuWjE3;rr~?vFLVQ=CW}Z*4MnP{KVo6;=uc{0xu-p#IZ~=MB&SrF5O3-X zd#(EzU4DymUK)NA;E`Dw%ID2%;Galdkn>n@&7jX*GWHqav=R=FMpIR^10pb9RfDH{ z`B%Gu*SdYg4`A`<&ym?^0Ti}cW-n2u6BXQrDJjnN&v`&1bn}vOQ_58U^vH1L@Q%3! z=hP9+wZ3J_lWo<~k4+lE%$J(-mPQ5Ei4$Pn>l-z=P|?kDb-min3XjDyjDJEura6nh zd9i^w2QAtni;=hVCU1T2P@Ax>vd!i;Be6?U38Pp2S&Y|Zl)MC&MB(DO0R!N7a=+GgCG!);lKFi_ru=H((QkAd2xU!Eb|Q-hy`4BCAmP9%@r&Hx=8j_IfBVAPZ7r117g?S^dEVUfENQsLs)Y5 zlN{*ai@p5@FK+Z2aWXd<&G3R9q|_sGXU7-hti92rl6fv{f{vwDSDcCK`Of;Ua1*$v zbUGKDck_fEVE6Y1lxy{v=6`GTmyBW4a5neJ9pI|0eS-60p{)58Il&szqB%Gb&rZ&v$vn;@%1SO@Ft! z_e0dQx!5+r^*OVn!#Xh2Mf#D9lyl^!|2LO^md6*~llS@pb1MY#iunxtC}_?M_vP0N z=k)cR;Oaoi7vA(;@!C964(CDdUSY4ceA{QZv;^`D?+(NdpaIf50R5$8UE>KXJ;&%2 zaPiR_jKOEDi8QhI4(^b#c2d{vPt|)&IG3(`ZG?E{l-F^HZZ%b-%f1S+S+zp7FhSZw zsB{?O*-9D_I!zL7zPd?6D_NII?Zv-IZ)#6vWTwuu$awTts;*e0N5+hX_A=V=_sqQo zcSU6BOz4W)XOpU_)%R5Csii=b+KESHvXicG=v8o5RWY?&iW;?~^LN4bEW>q5ULBgr zw=Qa3$AHcB!%N%aX~n;4U4P=BGq??z!>*9xsPIoou8)l2AjnxwhE_0|U0h^4u5zn; z9DU+a-rZp3?)=pXPw17l}~}y^1l05 z3QPP|PKG(tiVj{N#{C0;7K}klC+bgUR+r}sebCQWi zzrLO?Vmb@*ih2uYX9z=>1Pfiao&8i!rM3Z2c2AUK^0_cvYxr66m(u1HkeIk+mYfM( z&OXoaT-g%s-BD8{|Kh-@fZ{mVIA_59g^jV@g!3(WS3?Oe4Tv-+E`j8ob4R21t$QGron~~8_Q!Z{Ne6yvD zrf%ZyA5x;W|IKlM2f7S`F<%B1hl6mXhoTkVqrhn%5H%SLJnE|hEC-${duUP2!EWB7 zYSbiTu}#sTKgxIE{;1MKHPvy+_%XGvCIk8w_(y404cdfMRp8?cSjss!M0k|B9)2}% z(;?^9L|*i7jv(QMiF6|Qs?TMs3*|ie26NL{Yd6}!Xahk2A|US8s`Cl_U+`A2m8;lK z^>;EivC1{2;NLYeS)iVhH?QO^DI#!YjLi|#$aDHX_vmvatua0@kdMW5zJVSvPpaL~ ztOvFH%#kGnx$*GxL}1hkIde!H>BChcnEiH3z?oHV?=T`Pc{})T6yj zYo|e7k-I&R6GTS#YG%-)pGFm%WT=vMslbB#Q!Ex4LF8pi?9i(e=Yd!q2EFPmL&Ca< zz#=^~Fagd>p`6ptQ0kzHTOug4J4k#u4t2uY^F`v(7IMU;k4|S1yr~`ku0e3n+$VII zlYoj%kvsAKF)|r;=&C^Hm~nzh$G+&9GfzG7$7;&OxNUw7a!4An2rc2y3Zy@)J14Mk z@Wf)74yd`qy=|+Si%VR-0y)X8BS?^GkaYuSlA)@xUgQzq{$CeyWWFuBAleTK?co8S zrZD7@8<(b%b(zDzoY;kYmxgLKxZ_<)j*_cHS}wHFy4_L96bgX^aAm#lMs;gLc!UFB z%Rff1@yKd-c}lcb8|q7!>TNd_WxskI{@_+nGbl`cS|q4rG||jHok}lWC_Yhu8=gAX zY&Ca=QWO9(oJ&k|4)ZVjC-`;n$jILr}E-Q%N% z3I9(N8hO-D4{aKisILrm#4b4G?}VmWIY*f1Q~}Cd1R-{~SEA5_Y|)25iJ&A=`2YAS z-q`|@#Xkm^$`csHrjRAG=np0hsuBNybfJRG(BGjUg$5Sl-e&H-jLiq><51C}tF*l_ zels%Hb4Ic!f*_@oNsy>BiC{^9Nx&m<^GlpwIgRp!?yR`Wdkqgdh*R!rp?0(HNr9SO z_P~hXS1diJadtrpIsi4hn^bV8mfPv{_D88FYN8g7!cym)zHtXe2x6Mq%ZTQ)Ks!b0 zp-WOfF2G+5WY|ScF3`BOy=@uhYtxLow?D^B(@f2x?^Ua3=l<15*P@W9 z23WRqC}wHwQdG|Y6>)tbRIXbWYkWJQ;Ylth*1#$r@KzX!luMfgEw4>BOPCsOQl#N< zYLsFykpl1r>2YABF*(>Y^zbx*wJh_2s8W-G_migno-u#aiF3r%uM> zw9!FhU7~&6PsQid8P?enZM!MsudKFxkSr2>I3>c+wWwabMj0__12pDmCd`$aXO<^p z){KQaYj>BOoU7qeKO$Hq+!L@Xh+*Y-z(FxA%i8b~TKu*;17?B#(x8P7;rQN}gRL8$ z2i6poJO2UxPh1{NM47vf@aup@4*g1eU*$sikXuf-DD>T1Q3>mi-G&C|a-j838Uu!FZQ8na1qf04B_%VCH8M^;G^Q(IHr*vAt(;dMIk#iF2$l0wkW85E z1~7CmhzO+CAZp+?b zxbYE@@3{A4`yMH{%L8hM!l8*ThPKU(im}qCBpzZl6-x3r5z5`Mw zsstgLtyiY9`mEBWTB)3amr&TEb{jS$8Cy1}-(ROpOZJDIZo$Lo83cILHYir1e5D2G z{>J-Y5n?q(Y@xlbYJUeN-x!^08;+ABiG1-qn%?x!ci1>SzE9!t>3GLLOK{!JZL2la zp^+A7+u@|kq1>qDtrlRLG?yQNyOn9#i-D{*WvjC6eFC)pF`_&t*RmwzzBrjk%%kMm z6die#?CqYe*;4pH@%RB@!-MQS`^jkBb;e<+e`i`%qqS~DHlxywJ$Uo`E;~{UB-Zp& zQm1MKD=auxWrZaEnvM5Ht$hDg(b08-=9N*i!JiX|aZe}R%G5$+=kTYjc?!^ZGN&6Q zy3lwtjQU!_}(Y+j$1 zoTjvHGkkf^yi7H%)%J2IJmWl`#M{$)tXxiXTMspfsOX9Y{;Q(?c#NTcT`b+_oFwiY zT#k`ltR9NmQ5-w0$OaWsd6Xglpk3D`>0P#C#BV+rr9Y z-q_WAVG8+b4Ei!qJ2DgjnFlDhj#_%P;Tqp??Wkg%T9?yuZI&fVc_FdZQif)oMX{hN zJu<`<1bs55-wkn(kzdP&fP@n)C87f82D=Qh<)Vyg&nB!`w3oyG`viFzbStThX)g!K zh(Fpv{RDUKJKV^#?eFMTtdy{>o*7r)q!&%vaX`z7yH$XxT^s$YdY*@^MKLrp2`pU0 zbp{4c$TIn+z|1f)R2Q@nPiV~Mn!IZY7_@`!0_%yVZl4w9Nh}!5uD{s3Kvw||9s|Ap za?YQbwCslldo=liA8hhUzoq7ZM7vF=$0CHTkal-&0-KExOHAd&&e3CwZ0Xv9G1nl5 z0ZO`N#C>smgxesHs=pu)()c%A;KL?W-b?5%t@sxY+&v77T-f=MwK%~QAHMR(VS>*a z{L0&Ab}>{vj?Vzf^*=s&75Grg_^`q*&)06KdhNad6_vLZYRy9Vo<HIsIzWVplUh%V;S1Zy=pZnTMb(GI)riu>?z7+Qws|dHNC2++i!aQ2k?ju z{|9C76eCL5ZELq}+qP}nwzb-}ZQHhOthQ~tSKIE>`~R~q_PIFuc2cRTq;BVYlNxi5 z@d!@JGRC-N{mz+A8-*RA^f@Dk8EI%}=!^m)H3~b^nl$no6VndgJ~AzIoPq5yi4PL>~mhvowF%H-Wxb3#0BNn4wx%gBL_2fi> zKe^M==v50Qw&2lQ$4M?3+^gWn@8u6<+I;9`G03jO(ZZPn248z#wW<17AjWYtw-lcT2V}m) zmL@$s$WCj}%{LE8gLC@>K-B}&i2X3Ggx!yv1F#te3syA`hA{5u4%>&IfZy(j5t-K( zz`Xz&Yc#~(e{N6r0W>af*A6Rz&M%s9${i$_V$v3X`EP^z?V4aDSz%z9V5Cbxp#O7* zK`dVbHySMX^ach9)YMjGRtV`+R^KBajqOLtjR*fV(VM^sQ1zUU02be#Rdwv6P)I!?~N84bV%fTxqaRx8B zCBZue;wj~}d$^*+S!1Bqazxz(F2@%w^0hx_qj@{8m*9_lz^->G4haZj7X!}LHN-yB zbgC^txmfAx0xwo2h4|UmcpxifM<`sjQPXT&{1%T(W*Y>BMqMR~NzbGOZ^CfG)uhw1(V;(|HyZK+{j z(4lvaAGN{S_pzb8nFbw_V#F(M=D*i&h&1X3=h_wF`2<}k!pF{IStSYj46b5(huJu- zk@N=Y^(G{>AvEL}B?J}bLR4^Jr>ht0uMprc^u2DS2tsWc3A}pD>q9STwV+|h!8W-B zT-ycuWiJbXTc+y~Zj6QbU|=J+~B%|mqvan4kZT(dm*2>Jt7US##8%=gp*KRvw zbNWZNUGzRx^YLKvjfSV6@pXA#a+z^S`{(vXI0~$7+TM>Z@y-G${b5{(Wp&uP53}$t z^|Y4g!+8pnso5UjHMhgy)0#!Uvgh=!`pe|{ye78Q!ndoL;gBU2J0z5bC0oe`7Efo_ zQb3&;Y2W&JE=kp>^UAGF)e^;Gcjyp=V!*u$Uru0s-Cd~5kriyKV@2$R8h19R-cp}> z4%`lwKvdXl_xow0MK5uWo;zH?fNaNV*3eu39cF_J1D-?Bqg{7+Kgf+08+txTnj_si z9JCpp@gZ!nRZ9R&3+Smpbm(x)sggWY#3trs^@H4$Kh#-u?s;lCE)bTZvi+hHQ2iiw z;mCtIk~&FICnK_PK-jhuRT)m0HzSLru=Z^jl3+0r{NERkjxqm`p^y&!iXZU4y*FcZmJq9j?m0;2pAHpPkW)HPd<(1(Kx(BkfJniZv_xTGBmC z+@_-3rhMGWPqM{X`^J7LtDqHSSsbAdgibdl(flHeJ2Xmi((>s?0SEMw(eUmeU|tte zy;0kp>`YxJ>Tg&R-Deq6hc^~Lx!)SDaa&2s0lSd+Wt`AZuog?VDuFji3E;PUdD_85 zivamJv>mGB#&dK~PUoeFf&ZU|i(UwrSr-#S+Rvq6PU;M@wW`KW%_R8-z#v)=d~I^# zy27LPUTW=#@U?XUlLIv=D3AyaPKWxW_1p?Bp<6=VFjbdzV`sA;-3UHpDgz(ZR6y{1 zkSsIgXl7+hzv*Sj)bE;%lc}|zzRI{>#vX@oZ(*}u;za^}WiSzuGpnDt#yk}aUWOe1 zplFPDekzQ*fIm=3P_Y$MwD!UodtK?sK;&pXBvy)U%MwT_F0jY+7s@Lx1=b|TOfgIb zDnwW%ZqZB@OL_AYNoMR?K9Cn5*cZ}D`i0BpO1u0D`jPKb_3(zQLRzrL68(CX0%gp9 zr~2BeuNbBFE*&BU-23&M7dIlr zD^Q9)8G`ZkhZ@+$3BqMQV1rn=Akf^U zn+CAB$sd*_j&Ut}V-dHpfU`)VQC>Xa1x7HQ)(94t^&0|Z@KcbuP_5qcVD2Ue2A3SG z@Ta~Jg=+pBP4KHg%aDKt3Vm@}LM6zx0WwXgUhFaU^#FPo2m)2akjvtT{_})^@u(YE zBB+-+hIimd;Xko0ckVx*YEf()((bvYX?(h@0c@kfT-`=#;kXi-gDVQ9@89{N27@P# zn=2-864-9($z2m&8OdzJxe%yb-lZaP6J8s`Z?U@FbM*S#vu+zATo<~XtXpae6tf?{ zQJHJxG+faIw-SE$?|%ytk7(z!!bJdTjBRlGb`5Owm*fA!s<5V;bZxh`C51_wyW)^U z6trb84P1aOdg!+XWO13GJ;2_AS)qELk^|5EnbpJlH=zfn( zW0#5+wA54QxXYvQdGPS-n5z|;A@tBQ>_kRRw7cbcQO*yOa4h_KW&ex&6f$1c!D&-@ z^61}OinzV_VZ*EcqlNF?7M{rz2RR0-9BWhy+vmcbVq<~s9W?nMw5>+P9K%rNs(W_p z43rxUE4+gU=^h9nnSPs$Ea^RIPT`!+|A!*int`%wQxdaGC;-lRVh&^ql4WWE#2S<3 z&?w4Y-_RkBgHxfT3$@?dn9%s}1uqgge-Z*XsK4AgHO&j|a_rZ>EXr0NUcj>aSDJl5 zbhnR1rm_O7Y~JPYE{W6Y`P{(n3uhi~NlQtq7YPe5ufQs*XrbixFh$KzfHNd)CiI`C zoHs+g%9cH?c?W}=%Z%T3YO4+xRX8{(Z`GML!ij24Miax{<><&U&}CpO!ki2Md|pUv#(S1nSv57T0oH zxp-YPu(ZN;X+hXjea&G;JlNEne*-lbLul^5s?!a)1PCrrP(%ZZPcor{SD)~pt=Cfq z3LZ&E9w=Wg`MAgW7__G8;dq;wP&4E>|1slobT#+k$2WxLn%i&}3M$g9FmSQDzcR!L zkN2B^G!JgLsZSy|P}(|1!8%5P?Z83pL~~N2v+#+c@%CJ*SR^6UE4g(Awq)tUd<=KW zy10h9M790~UoB>MLq&KbKVZKUYz4>c#kEUHo|}$FNTf5N=IG`G3T32K92nHfl0@mz zblx}hHJvgu7)v(j*I04sfgo_Xir_HuyYlkM|DQy1UT>OasAow@C|fxYDE#50OCl) znb@a@=n;SC~3|AbiItrN@!)^d1(|Va`#%w$l)?zm>F^cgy{qT zh0VJfP_)Ott4O#b9O#ne`^oF$I&KBi_o2@wV3>QJwvcZqV=bY`P5x>6-jtQSc-=_u zI&&cg+=+YLKAHx_^N(W>1-((qe33%PaZF1JhBX@qtGNru6~-Qa&z<7EJcuE}1QFqc zCPVnGAH|^Jwz~HZ>5nlS$nFI0($4e}ZJ&X9-grKXx#m}STZvFbbt;Xpb!1D@RxQ}B zN~MzVW~UMZ|GelcYzU_DC9w@;Fp=cc zjYrjPL=8|_`=;IqlCUi+s;-ve1ln~A# zmKiqznz5uSCn(UO*>huxIp&c99(3oQU+Vy-%K(iuSZZ!3UKh$5Tx$zAS_wzZ@(%Fh zaaXIE$@iYt%hbw}+XEDfC;j^6#t*+kg|_>*4T_!J;QHU<>%g@RG+E{fY8wK|2Znv4 zP-s7JleQwEEkuHp(DJJJzhIiWLnZYCh9!|x8l}O5Bdy;S&K)k)D%+zG}k}%Sl<~&&>zrEJ*UTM zJ*me(7<g=L! z`s;f#^-U<7hc+(;0U;^X*(7IvC++f5+0|5lzI{E2cDWdw6?>BNw3S+b*|a2@Qls+jn_lHMAd@Rr&jKGN_YBNPCuts z!JccjbRKsKFunAuh!|Yrc9<-$6j_&=QmU_jEzc4?$qNv*Kp|^|K&#D1C~oJucX_N< zZXSq9uUv|1SH|emrr&z>SZ)kpFUII){7L;o$8}Z8@uyYSV%0e<$5l67if&MQmT|Z1 zJ@@T?65TA~ulM@x!?M+))tJ>Xy-F3Vc=JDZ{c5$F<{HmeGW8m$GPN4MB@`yf@$0r( zub7p$)NQU++t%uhN|e);)ROAFuG@tkb!$u3nXcd6UY^m4uG1{#8QAGsHO%c>Mu)O`Wo4|@X=qeSK{r8kZ*R*fdeRQOCavava5o`ue~6PR!$WM~l}BdJWJ(RGD5d)5#jQ=DQh z3bR(N6t~J{WnLjUSf~ilXA+~2f9Qx& z-26kOZWY5S2fnW;itk=X`O{naVqaHg@5gI<5cydAYY*95gxgw1YNt!z}vI4wkJe zi|;5Hz?3!mlSpN>%qSzJq2GpPVyqGwl zP44*%t)OE{B(oo}q7+eFm z!UV}$FBOgsaD=1;5HF1ZC~#d)G3b`75TJ%h$da!L<&XS4^ioa(){lG#xP|;0{DHKE z{2Bb=z}d@02q(_zAc7N;`SBOhL52s|<_4X7*x`<5OBU&w`&eFe*Omwmb&uz8=C0Ax^5Z#%tT!$;= zED(Gc`5bxN41#!2eF*tLXVbrZSo2FgrQmmC?{7QiX}2X!JL0{RmtIbV91d{ctTgoS zHIwALO3f2|gwaU|WVk*u?0AsLbs6A>wKOS@>O_;jFR;QaB}QJC6epZnr8|vy^z_q9DI-&dOFmw=lv=F`{s9NUAZS1Q*fRr9*91kQj>ps34Q6#*Ove~bJN$Zc>>r}o>e>^ z1J)7#t2}a~4hl0#MQaL3@)#LFdtV6OGH$UWl$Eqa=bBcO9kZM(&*|}5z4zo>o;1+b z>g`atG~37thxz1hcNkgZ_G&4hr-%CGCM@#-!TOZ5lGnpwjiI^KxsSk_@GTlrXQ*Oy zTxbhC8m`dy3pJj5sx^_J);2EF8w(W`vfQ}av1_@k1Gtll5|{(w5S?}uhD-{_pkkPl zzET$sJj4`HDv=NN)ybRjCTmWYL)V4-y-06R_Y`ya~vvG0yiEl|?A_u@TqWy(0*IS`H>m3x<{ z_KTx0WP|tI%WV_*!9}w|^4=#kF$O`tMfOq5 z5?~yh2AdTV$_$%vdw?q$}OULqrTr7 z8q`f4w{EOBOQxZM2&NAaT(!)<+BxD!WZLd34G(ylo}!+B3YTQ9m!i;<1;8Ox4|EQt zKI_*0!6Wp?y;c~~I4ogxe6Qbk?6huxMT!7zzmngqix)wt2NP3|K_r%(0=DEEnl}4| zCD&ZDD4vpGNP=3xa8=z)_y*~jLPJEDUldOG$dh@28wOIvt zBY_2+d8eFhf(w(r0K2mz!E@N}70y7w+6qfE+RP0g4LD@FyLyXPuTy4B(eAGYcm_JF zO{mo+X4RoN6K@8@@FizL=DT9mVxpYo@Q~Q zBw}l%P!_)a1EuPa2=f;pkI(c-GaxOR<}i+f8PB1|0)r-Ryog@v`DLFd2-!0e9vxd5 zI12WOi;Uhlur#@O3ZmM7iWr}srBh6BNndOtp}dFftq>u9;_AK~ z%J-vpXj34bZvCe}dx&HuYxC=v<^I88?MmM~b<9=to)UjCWP5Q#VhHt1XzP$+hafbP zPV}D8k+`OYI|y`wP&)!9EIQG!Js}g?wO`uc*Ug>5n_@r+xW+i5AJ1BHY>Vv|v3s}s zGKbS!PgH_W_AfHlPy5--**ca{<0~9pY7@aAuqv9YMWK&8qhLWODA0Q zacT2uR?CHnfn)(1_jD<_ovQIv@sGHApqJv!Mk}OtM&0%L+2!oc#o{zr>6*dJO`A3b z1$(xXT+@|{*eD#LcZ*EA2t24`G3!aP)It|8D$*?qh$SGF9I+uN%k>@T@}YQ=TS!>L zI2ZMw?c5DkzJQqxRsxTi**Ugs{srf5D|>FewEEB6)Ecu_gP+7iG?<|sb7BX=zO|3e z?CoPGr>;*B9rXQ9mbOW{>qhBwWJUBhgbTpWp!PESw=>?c)2wtINsKg(&L7PvL^(kF zqmd@yQeF^SF!Beo($Tt)8r+yx2_WES-;ZFPEB=HoP@F-gx4^crqc zJo&wvva?*xsDx)AvKA1s=h5Utz3){#F}YGEB=lWo=F5mFnb9Ti%gbF)jZ8^X%lw60 z%t@Yvh9U>-q37=#-tHX9W1IG!-1WuWLS$pq&(T~iM!H^evuJWACj!NjpUeGIY_Ej{ zZ;#!*8AHM~#=+mk2I}+E`drHAyXii!uZyg@-S)~Ei}_D^2yvsv za7bH_a#I;=8MXJ2GtU_8_|G0R8$!n-cbJo_S37oYpjVN&@AAhv-vq=;W@ppQOD7Gd zZvkx+l;A1x+Uja}yI|vGNt-$7RD^%Na2DwA!FKzv->snzC;iYTMRFcv-o0y=F*7xk z!OlPiMrWX$`5LW?U@1G6n^dk|iuzM})!eLA*Ls<-e^NX6h30Kw=HD^BBct}Y*McKa zS0lBv<%+6@X#m=(O;P9`!}j3cA66CK@&D+feiJ;tDfTiE3EwsiQx)0E1B4$m@7vN` z4WJ!-ts!lRe>5E0<6n)+^?w;U1Yf^I6dhpn7k@b_@es!@Hc@i6I12D!9|uEjdk*5C z3zbc|Q#rpo*E0L(67a7Evme$(89e08LFPkgsB6($ z(jng#>){!G1!=d(>FLy)8fLc((V2Jk{ZCe6Ex?#e@&55b?kO!|$VheCtM+(XN z+XM~+fu#=~f(07_Bmq7T5D`VbkstuWg!NAXN&Ybt){;H4Rpf+?wgr(DJs?g*Y1MYx zn9xcj3Rna37ZQ+pVym{3QNgRWUZKQWsjD%pFr(AY9)c65x-kkTQ&2!CmOG0i1nPm{ zeD{V?fSF@xcoq!T0XMu@H{r<)LYx)Iw<%C0ZMrn@61dYE1ob%;D8K zkXf`$wVaV=7H0ql+^zv};pNN)(PE?k0|xGjSOEemGXAs1?nc^+-vs;G5M&NjDCVu3IiCA@BHD9`Kr;wV&9=j*+{Rky|GROsE& zrnv6tS?D)UP671`Sp;i4UR2@IDI{0K_ZB%eRL#>0+u&61VfFG#*DkblLE~zPt#qmO z{DaA~(8MKxP}kL}L(R`Bie##xeJo-_I(gW?=8-L+aHmt=09VPgX9o7q#s4anDl862 zFVqyk4C(Tc*gm2F{ZA017I3I-K+VoD0gtBlg%nz<>x>dYJ-BpPzXk&82m?LBIYL8d z3suml95g(rCgcvgWpwDQ@SA^uuVj~+TV%UWAevpy+ZtCJVuqmrm9LVRW0}$jyDwLS zyxsH;m#iFvT5i|QW3?9t;56SnU2opf5 zF(s7>hI=My^bW~Kiu^}TWCl|LiT#t`iRR3sr1^|Df~UbGkMLq&Gl*-vDOq&t55BMY z?L*&D7?K5_hdsZUGyfNWCvJZZG7du|xfT%CK(t+ktry@(P}p-r=oqudQSm<5{*)N_ zcz?p)R1eK6VrgMs2^muOQ^%Si#C$L!S+>7YKWQvGLyqW&9uO;5s`Cu(y`=3yKObWM z`_8_sL97^53!KdI*_JBDh%$`v>tdJ@1V9ZSjM#t$nf+#DY0wjI60+Pw2!x@~?)bXC zf2ux5+z;pJe2+4_L((31bJ1eX{L;tkBd`qL-y>ofs`R}(RKLGU(5+=OEqXII_wuJp zwB9b*N%9O8M)$fhG!m{Z{ujchxd+6s4_G66t*l#0J1d~*@4(Z{T;5Sv{iH00pJ=0t zfbK+6CcPB{ZLK+onoz(0gV)`{Z#c&;T*C2rFYA{I-WZ(yF@$bf&_iCT8zXPQ+s(DMU0Ixp z)AaZQ=4rFJa42CDH0D0W!wp%zifsXDh&&(|*3Z%Idx{3XIAdSRooNT{y;MqfwA{Z+ z?#*GYonO{_9N=%cG6q+4*I zfJ^7MDcN0HB@rVHQhh_|>hSs7^nP$sbf;h4)=(F+8~MOj&FB}dvR|=iBQ)MUbXo45 z(~-udzM-BpmSHKbOn%{3Swxo5-TCq+kr|N2LbK+L)&1ua`@$!GrU+nz07O%(a5TGS&d1FC76}2|o zZ9ds~ZTt?auAWAx^_MK1*cr%K@Xu7aX8P6BKcFzsl+Thi+7B^#+*SFCPl{ z{I1M2;gdt|y!zS!_&DHt$jAM=cKjv>`Br~3nX%W2vW&#Y8sHa;KpHUeU?L4Kbz$5q z7YW0qgd(I!%HNG+cwl4lk#Y|K!Z2}<`i*HX!YqA4u|Izh;?ndyVuT2un&i)hod?Q* z2L^1cn{pID-OzAuD!|d!eFIeppaAuzmbXk51ltnz$U|8u5EW&BpTerM9k*9iC9OkyVV#h<# zW{8j8QF1FfJzysmI4QWEpFYx2h=gI`vtDpoBsl6GnU{uqFIs^n&7f%NZp=m7*OSh1NN&F63cT%aO~$FnTx77)Sr{D{&PQ?>8Vh{Yy^Li6=?L&+cvR@o{9h=@Ty{ z5K`>NsRAz{fV?ef;$Ufd%m$4w&MwrZRo&XdasYCfCaW&ktoH0NY|xXIL!Yh|@!UJP zA7mL${Ru?J?D@xxic*gN`HGBW4`~ff=8d~A9FB5c7K96{NE8VKBxdLAIds6TP$rzN zgaN@2j7Bh#4=2L`MldABjKlPj0ICz$Nrj)VL`ijylr}92|-(Jn9fySvb?(&NM z%GbVn=bNzTF2^G+na^4Wnr=|$RXsnuPIu*Au`4t8`a;MFyS!{}qTl0hh7rgo+I2zC zDEa43W{C)wspKJ-uS;Pjsik~(F2Ir@9hXPwbpyYR=gs`=bl_KE~1N!Sg8_f%jcX z^7&**iv0V;#yg$}5%0L)SFBCArBKHhDBevKxtnCS}AtkX5D_wPEA-V&`U_<>5EWo#h>4iE!zi&ycfB z>`Eu}pun6=xyWExsc<14fzQ#NEroQ}<07R<4}5bMthckdA}|Tm<7l{gB$LoEl)~X< zor#zpf|HGL19nj}k8$##rS=P&P(PE^YwH2_xneXsD2s?1;dMpJ`tVqJ9=1ZR<@hVk z`F@k;h#Ubu#i4m2DbXl%bg3MHniAtMC-ex+-8GkZF4iLb^jgTSe3_MvND1ZoJnmOx z%9(`ZBzX~opyy3IE(d6krnj%L-~BBgo$YY@T)tJO=>1%I*&T*VlT2%5 z3a;r4X!sbA<&9#ssJYEF_6ZvkTiUUnbIDdLlnE)jx-wDJvrBQDnt*~EM<3?wR};gL zt^H1@#5iDL<(-YRmuI#(HFpR?L{@!Q8>HlKj?)?}zq>qb^;j~n^Vy`AxRk8HK?#B6 zdfAxddpbD(h5`V;?*O}c0qg0}oTYUp6$gb<5@)SFb7hrCTQmo-EV>%J{U<*gg({~V%qM|eR|)ux?W~&CCjp z7VE}2*FtWzB&-ySH6|D*{fs-vYGk<`t$LtKn<9R|&~G~5XwZODmxdyCC8~9ZPk6RH zVRb*o<4BzSIK8(mAIvx?058)X*UP@#*0oAPH0oTGoj|7gsrEFX$clq|9TQ{tLUX!* z_&OmGG3LE&-3;bmxNE3Ge4J?>!f6y!n*V2@#OlUt zdSOHRbUJ03ZKt|5>(iymSSB(&aiQ1D^3YgeLZT;lXfo6e6zfjd@aTp*=98~nK9|rV^4OLj zGJVs3{aQk*l97+SjtVYHU5YN*_`eOE+`AR!)+4DNU!N&1Ulk` zNzzXHEvu?X?n+hr2(a%4!EN~oe#ZOQ;GM_&#jwbp3}1{G0WNnv$x3B4Bj*XrvlamH zAd8}&1=GB=AB3Vvy6xUAI$VirF))KP!`MRx`M&l5FJ*&s9sbK0t3(PJVcS} zLmom$RQX|r`sE9D!9wIdPGEtnbiY2s!gc4|i>{C;Ya{oS_%&Gp%3~FTWg>-R_LvM= zZNR!Y_Bu$e#c=ZH_oayt19Y<9{a-Wq7nqI@E&iS2Sm6W5`e5kw ztIPR-%DJtQ}%yYB{OBr8) z8I7uV7^BWcb}p=hFmX@GsHN2E|Eq5H-bk)^`gbLb;ChZ)grc7W9Z=f_K*IlU3zk#B z%tMMK?T97i7%P9qZZz-4L!Ky=T7W+#eTFmIlYn2>jHDLx*FqeFRm#b5>Wrevi%*Gy zdZWL1TE=b{r6+Tm7#@mLqcB*9K374~htl;E1>=psce-0j)V7suQemPNv5C41{3s#J ziD&fGLQdWv&Q9N5PJD5TLoHIMBX@feCJZck=svK0X3$)qZr{weFUCf3)J3h1)s%L@ zhjcaeIeB7rg}t|TESbWn$Xa=`azb_rUX_v>SGaI(dSW}hOjQw@yTY7quUkbtn;+2O zmJ9+v?q_rN=whi=9nW)j@?`6YgPv;rXiq#FpM^;O@~kVjO|`bDg#C6;Ej2mrmzddr zH@MPI^(rDX>z*~2i-kOTS*=EUn0~>>Py+;Gmuj*8!Hyk(ve+wQpLY)4j}UNXX^aia zRM7of%7l}O%*=FLDprEUOq+SsyYrOK?a26;f37Xln|<+t_AjKMv~)b$+r(enw(I-yrRTf6 znWet{P&GVQ=}TBear#iS;d-d-@x zXlYcateqdz>=4_TV1KXf6&s)$^T2w1(f*1lRJDfD0FDv-qws8={}ay&;*w*!Jrt9u zn&>jbyMWOeicP!%(dql2RA*8>?}n;o(m`L4hQF;)V?2jv;9+rU`oYl*u8H6L zVe)}#fo~){hj%b5^a0Wg--OgG{Rz^X7xawC26JV&&Q`!XC|1BrwMqVlz}+bbfVWAo zib@eje#|WSX04PfF>#u>ATyC9$(fp5mU!>1#Fv+Bo_PQJMS8+fDR*=M%eZU}gL@#? zcy#Y)P`%S7GR`K~41H~wK804u-bD1;jVFUWA(@`+xTM&dl2Tu8V$$*J^zA{xkM!J2 z^*LwX9AGE~E>!Rt%K*cqZnDk%P1F5D4Em+~Ng>rEA?+;#F(geq8P+K0 z^we-gWwn}}ee48UJJJR4Vm0wyl&`)(1JxJLOn(nG-3QTp$n&s!aMXjJKdcAaL?lDW zAcc>!l%Y@q**a7AN2x*2MEcT(?SZs`uE7lf+Y6m=RZTze)YP4B=mCnSZqO;D=Ox9k zXT)s%#o+oM0b}G7m{;Dk;Ge{8167K;Mvqp2W0Vj7C*e0Ti76uL{s~Y@!&MAjr3v=D ze7Tfmi~f$^Y!m7u*Pi)DQ4Gv#-#)x0A9^Y_(QW9f<5YF%0$tiaiVg#afO#GYhq9NE zP>nrfL8;haiuwqH(J3W!0WOXX#v{fI^mY#Wvr*W+dx|Hz`)!$u&$#;DClF|;d=_tn z=F*Pt86xW)o?{`0e1z@7NT>%Pm$!yV;HFr|shQns`n67ourr=7xNS48p6^My*s<-< z(?j^4(e$glGduU#vf@j?YmXLXP9t6V=)J3ZdKxZRJPV7Kw>yA|*1gR6D}Ul8tm44{ z?T3kE8YqZUso*tGh39(MlGyjzuQHz8_05Eh82FuloYw6;E(6!0+99U)Vs{-gC|{Yn zVSSto%?7%897>2ze|^~rhMRbo^Q}eQHtgOjjtzSCS6;NEvO6X=S#PYHzSZI809_!P zH!)!`C+ZNk zICdPBOn6e!b`t?Wj3e#5F+-k&kR9Z^tbUthG7kzljC(QUqk&+!(O^Pa+fcXcITJqk z?xq6F=1humGhP`u@#x}a*8p=wg29HL(NO93ef+=JYhLyRMBA-G zEANP^q&~{TyrX^4=H<;Ps*QrFD0et4fEiE|^bWja2SXzlL19EnRyOu6B3~v@jUt2}!@{v#XC~NdS>*%oH(O5KRT!IFhMkp`# zPy^>*aYDCbdw!;QMd7=b>zI;mW@AOKfqVO-;DUuis{GkDEV{9cz^T#@`j=6h;3vg! zku4+o|Acgt%em_+kF90;6+uQ3@^iya5%cFF9>61xAps80>0ph@U(dxt971#J89d? zZohSD?p_s@Htc;PM+_`{wM8dfiw*r(Q7SPCBquu-ej>8yBBWy4^~TT*Oz#>O1@|%~ zoP>`nH$vB@)7G?LU`{%qdkxZEWqy+$s@w&9C&n^&4v7c0CqnQya#gMjC4W~ATvU@k zUVAN6N>uIEht#KUTTnsr#O;ZMqK%tG{h9o2?0XyYn*c>l6Wwl)P@YJD6`@?~Ko*1o zgS92!lK)T}JcES1P5BrI+@90bvU z80os9BB^$d+r^!5TyxVWvNQN&Q{sGbT1?L^k|v&{cYKXsYRBo&Bb}lg}%_m zZq}FkLOq;R^;$`ano67#jhwM5Zi~VX{$Tvy!gDR}xM`ixO zWmZa06;1B8U8WSt)jCdF2G#WpFzHjm$-BV0J1d>DJG#cZ;QW_r8UTI~kxrfr9!jNk zHz#$7kh0|nI^Pw}1_YxhQ@dgf5LRJ+Zin`AL=D#V|A15Yh{MGaSwnQiPOW``bG?@^fUjBs;17biM>RMBGO^|r7u z2_=7cPpQ2R89<-|Bv|8%NZ}R{6Z7EUZ=ojUSzF7>r_t_s!c$i} zkVL9m>qTG|Oy7c%G9!8Q_N`uq``1o`?FX|9sQX7~4c~x)pdjoB-EsMm25B4>H?$!x=V2=b;Xngp6v8gA_G4!sCBmu3u^2w9G6hcS)M$9 zqN@Mc#8A4yI&e=hby^zmflQRx#?wn^550#bzgrbo=Ui-2q{opFnD=j~lEIT{*gnjY zmjCk112jv^sV%!bAl|H(yl*=U!U<~Pm<{zo4s5*R)~jH?Cot#x8@r&_3F zZ=TjVY|Z)^fWNR&>OgOfkG)vx{dU#-@@xP6%W%PcZ)Sk@F$`BKsySgh^K7lDJ6VCX zgV_A1`6iZT7dkXNmFXe$#|xlQFhU8%h|A_g6v7kWHiv5^f862%xM9xv5Nkq!4D zL&q5O1{1g;a!A21IJ&$T=(zvy`n?eGL`3t3^y(?VH{>~1QesJvNlO1;xFCmVVNC+C zWx*XW%BB3|LpR(O_p4)6URYgF}d>POe_{R3i1DCrhsCTNV`pQ4E ze3}0CzRTdmfi0b@70bbWv2?3WTO5Te#bBZ#B$N(sKGzdEoC}90P|4C&UX#AbvdVB* zw%f)%nJyd-PTQQbeH4n|J8TlF}s=CYlDAbLq zn&i0yXPtv8BxppaKCH-Q>@l>U26BVl!I{B6NNBAnr8dvPHSMH*^PdQX#k35{Rhp%K z%i!XvHDbfL&Y?08Fe}7L9)a96FOVi-{a#deTtMBWi1ftnr~{@T?qwu;BKDwwdS%Jr zg_pSG_JasG97jg?0DtufU!g(ZQ7lV?#?~Yc7LMq%%pyIrKZmRIl#%ifQe001TVb~E zdTZc#?|i*LP+VTxxPc;xGRm;#RiMZefbp(ArA0orb3gHpk?+9M!@Lh+jr2m}{w`p? zx^N5-OT~GJD$bU5|Dg11QAz@qbXicdb?&+KgZ|kIq%Evg1|sC95G{@QEUV(;i;ks8 zEJKlTY^BA${@sS$d*b@a_KlXqHb``+?qTTqXY}>72B^KM+s3=-3L#09I@dUd;T1TK>LINmk=+bR+X$tLFB#`)9 zzrCbP5SRHAbIP*1*x`MQ-mBP(m`jk+$uB)(1JK>X#s7Bdf^2>^=VCpCN<<$}5?vE< z^NsP-qfhga%Cth8DSKnMZr@>V;KaLbZxpcgJ=I=uP7%<^E z&d1*!)Y1dx46qw2!1va2CZg$-tsnvE(@RVmvW4g$3M!n_D1#>8rVj2{F>z3z7Z%?p zFKeWhl<{O&FMf6Wk*`kSIyfYOyi3913gEfA<-k=W+x710Zqasi1%arM(vKV@5QD2r zn>;e}!0Pj&ZS!xy35G0@$UlRSy{3cB8IEhXA&2-z^LOz+-Bb(V_eZ{^nhqE29co4w{f}s-aQ+e&6_+uP;8tfpH2ER}jD~Pi`>CX3Ov)}zwik#l~ z(95$K&w)cfaqHHu?p}+6e)`Z|Ob=wdO8Ri+@!<0DsRJ`W3K7-t=N|iC^CuYg({`q& zPG(NshTXPCxMKrk(9=c-T~gc^N1$3i?F-9$Xic%pjQ#~Yw$sCqKN51Z=#r$ z(q(ZKj+{p~{sXZw(|0{*hzzVRWIl*s+UKGo6O^D@0F2ey_R$Z#maRgVpKCowdO#ms zF5JB#?!DnxoXX-)nAs!0g6?jq=2u@u!B6hV<4>W-7r$lRH@DWDpY+Gm?p)zFzO%rO z8&~-cHgE9{wU1PsGXp|r4YsJu1?93-u>|;CK`0G$J@#W2sg^>F^*4v7rp@V(SC0YC zf@;w$hb_j)*bm_U6f+3ad5|A|;{f}A#W}(M&E~wmzM+ww%YTuy|8qG*H&NQ|SDN#G zNiln{8WQHslE5KKu*P!8hbR#85`s{T+}n## zNmI+x_a(2TGLvupes$qsFaxm=RfTJ&%^&P36-^(iHW};9@scGJ&Pk4@XsqT0EZrM# zjsQ5ZrRF%RKPeu1DB5O!+H%z!DVO9@hIP{~FTH!M%hZ*UapopEr$-8v0E~!|A#0Dy z69=tYUDd1>WA|4c2e&e3GOWq#)YZq#{f>)PPl5x}ZLJFj-HEF;^rboU1kAIONmEhJ5k8k#p@#RNm8b z1@<$YvR?#@aNBqZ3F#aw+{4ZSdSqr?jhoWokuIJ?Pq}BD5ytio4Af9$-b83u<`PZ8 zDiR4Z1xTyg7|;i9Mnte>7&rP+N>c+ocU+2SO|WrJjM7Ht|1fq=-I+jLwvKJvwv#uu zZQHhO+pgF~#dgKEZB|(6jC0lfU38znu-6!S@3q#P&ouTAHGnUvSCf{MrCD*;AR0EC z?_NQ;k`aGRy z7Di(s3;p%`*-s9H&K3_YOIh{wNozO)F=8mpH2#zy+vl!&HKIyLMJ|o{FXC5Y;pza( z>ro8{X)c+3O6n;^P7lKrD;KToX{LUI>+b1ncjFy@*x=w*TwSxvd;eZDv#jU z{Di|lboqnF=gU{B7SU5HD5P>Y<*u;S9Y*EJ_y7mBfC0s-2n2-qc=@^b7vQXb(Z_Dp-$5YqF}e*b zr?~wdSuQB2mn5a+CuKvzmMLsL-)cBs8lFMCK$p79Xt)ulHvY`a$O2`Np_!c?= zwltIxM3PQQfm(s~y@{s;Jzx=FhJ)Z4V=-j^v7B%Wxbehgvo8iI1Y?mXox1=RMk7w~{G*R~_evsO)Wb`11u4LgTVIXIEQ2kIw~( z7nGPwPT(58Hp0)WD}g$|b3BG~;8si4u#xH^+?C#Xv>7c$x-BKo%?U9`_oBCZxbUQZ zcLPz1AFtM$FoH6?#=GV3?8WFjz$PIQ%h(qHY-W}jE;3xwsbm|51+68A!Qo{ZbYAQ4 zhf)M}%1hh8Vyubn6xc>15}AmR#3rS8aeb^|Iu(5u=d!dl;XL=Wc=z#Cp#n$Py^Y{< zwfIHPveRo-;Bl@ zD2goN#f`9}`e0mqosTHy3>Ik@eQXCVE%Jts(O~>_YN7b>4I5e|y4F~JB6C9g6;cg@`ekK4`;rsLJ?f(7}v_1+v{1XQn=>)-&K-a>k_Pmx4S0`de zYid>%JLVBA7lcBxKxw$0QUbExfFRsL;v4X^)ekAtk$G~|ixx0e2{3$#Ka-W~lYsMC zP3h6Nb8>uol`_#xGtMiMwXp~76w#lY)>WmG1B)WPTcf7(&z69`Pjz_e%*NM*+L<@U zDT!asHtziQvS&*NsQnwb*he!;ZSBme7ambTWtskZ*85b(CNGNkCk_;61p%rF0vMo7 zI?u;G_D;!ih*qeF*Sp_lhAIisF-W*laaM zYtpshWNb5O-q}_+bR)G7Aah$b91&v>qS(t7aS@sxqj<8` z51gJK$?A?U%K$W)3IQA+%Hi?GJ?uQG6X@?=XRs>G9V??9|9E^-Omr;X7xei5JCN-1 zp@`{{SKgIlxSWhE3wDnIs(gr_6SyRQ&l^^+cD}Te(D??=`Pu;2?jp|e!1#eT1Q_aH zv%anBx@`2HD_{C-XC8{P5k_{-#^`{!)Uw+0&`u|mt6T{jyI#MrMfRtm&=^M!XWpIg z1`X<_)z31@Y}bQvGiTJc1C5ou#XZt(FQxUP%czWdqvx?z`eaN}3LSyH5c%rw3qQZB z2~FmHLS24iaUIdv_ZUBJkH`_Wb zk`8cA_Uze1j}Ka6sH|g&=h15@Ns%B(;n{+qCY}w?5LxbmY)$aNb$GTs|9cG4s+AaTi7;!CB%*@CPf3 z^`vf?d?4-}(^r^+;u|M>Yeh3a!ot$$OH~ytgU1GJk4P(9VsJ zh0nm#DZhF?wK@S@ROy1jbOH5ks_pGTnL%N8bc6xpkHxobB6tu-Bba;D4wHsSC&PwN zS))|5B%!2ZTte>G1PAdcZjz&E<9aSPQLn-?bl8YpdD48#>Lko3^Kcx9-rTtUsCCAq z`sQ5Q5redx?4h`|O)8PQgl5d&`0NVkP(C3f9aAN24qn$_y>eYAzHs8^V+q}EYuK%$ ziLAh-PAu)XqR!iz)*=-*FF{d;IuZOoBKXroxRBTQX1M;U;~rKX*7%T`Wgzr>6BvdO z(H)P~JOlI)__g)mz}|f#`ujo*E3=3c&4QGqAZ?_ZC3MwwB4T(tf$HY-ICMr?O=4SC z&V+`TYH#@RVH5l~yq(o0O}+1E*aGi?t-$y#CUYdSDumLk>o<0L;$YAu0?4x@3ybc* z5Oe%4Tf9W`K|$Ioq-g>W?dsoQSk({d2I}i9M~Lr@8ZQt<%3wQe7Z+(rh;u8j>WUPW zibzw9A8tDqs$vLzmX_jL>C|W_Q%h`i3k${1%FK2ZC4Af}h=kC+wDX-hs4L2xB)(w~ z^a%(*7Gf%KSV8MJkwg|$6Un9r=stfy%wr;H(-Kv!wfdH#L|-J@!tvM>Z6EWc-SI@6 zAbLo$>F6Q7c|_Pjf~_E~7wMrjUg|BQ;a0e_8NAv)L7fUt=yv027o24+s^rj9{K9U@ zM-QuNGXe(~LTUO!cOi4-je50Mue{VP-NIsjOlV9a_@k$!n`lZ)k4g+8B)h1Juyp$I zncbG%veby%ps(;n%XddHo`5&1&S{EkV=Qu>Nfa(oVZGz9Uth6VW~rf&Vv)c?g9yekLlrxf^IX)azll*vu3oM6Y(*UJO%2LEsvPJo8w+;dygan5~Ca!j0=UK1q?- ztbiDdG;qqEBW!vS0wY#rR(h|u($&3E|3yhAMGZ-AK|di959=~m9>Fh$AllCOfX1UR0iE>)y^`LWam;ciHGw#AP>p%(!WZXFHqbTe4S@|?W;*8CY)-2hs%hp0>@6Km(>!-Uj2Ip%*8 z@;rj1VC6JNzF4<9o*I5_#n5UvFCr$f|H(1aa_m!v*o< zNAr$UjKlbWEPec>3FFIk>Tgy|UZTEPk^EjPTfr8yds&^H1l*owIJ3o4jQLUG5B($e z{iFAS#hHJ?Lq>VI=^|uzwTB*)XEw{!mQn!4?U!SxXydzyu{jAU2NQ48Y8Y>eD%ekV zgIR5RZ0{A99v`1Y<;J1EE86u5v?o`X9eyWIi$UaTt|?*aRO`hOC^zJi&hAb-sE86sk?iY0}Z;zcRkVS9CLZmb`qX+ie7LH9_g37dTvy2 z+ut|79$Fa|kM1T5fcEb#zCMasC5@9d{TdfGbcSeQ--}KICL{AUB^T(E2j>VXpA0OwglkoOzV%+B@;-_x+e*%VW67bTTe`YU{ zKNuX^|EnSY?@2xXdtbht!sigegcR=KKSHe~SX6PLSt%l*Os$+suB0&)#QK|sqcuVD z?Jqmh23Tql9sa?{tMBaF@uxS!rZ6{>GVv>*x&wq~ZCktU<^&r26>MxJL^Qamnrvj)-DeuNpFYsE104qVJXS@`DsTyRRs0X-*VD~_Qu z%XY%N;OKZwxKYmG_;ZgsynJF$_Fw~*$lG-HVYg_b9AuG{e5RGQm`2ulZ{?tuRd2Nk z-zG#Ioq{hFerjV$%Rh`e^EfW@&Iw=F-o;M^cTbn;XJdjQd)}nmU+pR3Uzr>WiNC=K z;|RuDlElXiNH;|X{sVpT5GlUsfCU5;YzqWL^M94~zu`{)_o`m=ef>;Z z()&K@4Uh7o&c=Bu+xv1EowM84@n>BZPN<%Zoj|c@R|$F zomDvD@K{U6Y7^a+7xevIRTos%>D9t)B-v3E)38~1y35Nf*|K#j)14S8QmKp@YTKgc zs_G-1$f*DLqs`ys;v;{gX?Yp&u2jts$b3wEEMK%e)m6e5kO0|rFU1&80zej#v{ms~ z8oXeELiV-vxKhhR&WI^=g}E3_>4nn}+5#WifcU(IalX0Eqg&bvia4OKZr;l)1>@~% zTiWzZjp1VduT>+4!$oJ+;bI6Bf5QcF6MFd61@XXXHJ zoug9qSq|r}Xu!WmDPzI&AOVF^O9?khHn42+dV%i)hdVxhbKG08JT0=e=DLUY|Bvfl+vGtPQmf=Eh=KbZX!oL!c zaB&r_t5o)ZI*_wNbg;Zau*eaFePqp(CP)06rATdYxA!)X1#UBkMH-R5Rk`}5`&%x2 zl(IlXVp?n~L1J<3FhF=D0(GE+B@cQldC}mR#L)wnNl?DQ-0lr)WbQYOQ@W2_s3W~vW%r5v)3E!G*^GQ1y=YY$`I!ebBZ3K?y*+&Uzi?1v~?_2*$k(>`4 zyclsEhFc4{{$IoGa zFLp;rV}4mZ9$xW;W}2nZ+BVtiRm%ZLt}CwxR~58j2>)Z_k<)K_CEQoLnP zd|q7xnO>@)JQqOMyu6XhFo}-2;Y=l^Di(s#$Ss`k=f_Q`?;AU-OGklfyf^{oPrFE- znSjg<#VeLAVv9<2W_cE5n2R{OsYTEVd)p7S=>ZOAfZ)S@!!#kt>L?+zUSdWO{^Wkd zmC!h~CD-FdxEIlh{cAqd$npjyO6P#WfUA>exn@Uw8sNPl!_;7Gt{o*DWdP&>35oc@ zq*{>LwiV~){JC6qju5ern0-@np2D9!BW9x7L2+F*bv{RDhqG^oig&Yhsgak8zD0u{ngCgXnal)SBI#z&wLo=D}?|o&OyRXn+oyy z4M9f%(Q9NBsRwUuR$j*-V%pZ2HN&C;sdI||CfD!LBIl`n{8j8)4){GmBur^n>NhC?iC=MChS)*fDgb*eTF9 z$KVFu)HBQ>^6xz7@xzZK45qRx$)IdCvKE+lP_W!plpNE$kP}QZue{pFQ4n?2M_!Y5 z{BTwwlr7se*(*z*%%8nkjL3wWIuFJ+c?HLJGKTV6s8=5Q-hHqSU$y07{|0?VAZX3P z9|~OJwRL692HWp0w<}+MSF-lv5Y#Vvf+nsxk>XMR0SeQc7-I-$W_8iIS!(_xsgDse znc_?M&NtBNfxRWOw0J`+#KfN7+l$uMvpKw{c@$YHq)a9ULqyjQp0uJub|O7eH`BSR z6vsHDnwG7>^a&6N9rA}!30^7hWKGl>onGs|dih7i9hq|4AIPb+9{6RSyg&y#s zYfrb*-@7JIuM{X}z04WVxrI}87 zL7pj2z?&c4#-HCeFhKmZouZ}i+$yQSlHE>^%T!_hNipTd`5ENhHzMeQqG zXpGFrC@`jb6lm#nZN&mZ8oS*~IR9+92zL3fcYE-5^9H^>ES#o(-5w_`N*KAE5c%By zoe${CxIab?#}X_I+dpK(K?}VtOxxg~E-uG7pwz|R;YnJCfZQKz9j23N9W`5#ZC2_W zI4IF~v>pnDZPWrHoK(yHWe+N3a5AQ)rb^zUTlUNjA-tA^^*kt3TvI_Nh2!aGC}nkF zt*l&3FKsKvT(2)_NtsDUjq}f}%J6tvrR0}6F0~<%Zeu#)W*Q5zh`y_?V^Sez5~i^x z;y(mhKxFl{Y?J|ENwW4r6ZLuRaf zV6g^B`cepmGiJ&0lE(}39vU!P>UsK04z6N|N9{ttGpomip#7&8p6U!jfpdmAr)r;e zfB9-+@u(-FuD?MrQad{fTj=o(%p%N#SI80UT_1SW(BjO&J0XNr3nE$1-dm0e1YEge zpb5B7$Dokc56g$6d_GsEgn;R>*@vXZO~4*-oI2>&!$$W~F=Bm-q^~*4`b3$$2Ffm$ z>HUQCpBKS;+DQ4!1}tt|`rCaq0j12$syyNOwH*Z;w*Z1&uW-!X1p4hc8^?%xVfjyw z-%?pd(oO5)wY?OSd2qN`WW>#`VF)N2vhGv;&(J_2c2pdFa;$z8g4o(=tt;C0I<>%| zx^omT8Rb-+`NzbBS451k8Yq8Ay3R9ORVo9nyMoq-DMoSOI)3l12TjWxm1(u0QFk_9 z?Vr%R*_SDtN;+o^+)(7{eLqmIBC9s9|-mUPu`WmTSohJs>`AwzV^|HgyHgkXE=e$0WZdm5A*mYGmbF*OF z8pv2AbqhrFuWMqYtn0J~kwmUkrj|>x_Rg1P{VEs9l~*0DOC*_(sFmX(R=u} z>nYGU*y~k*AUO?v+h}IU*ctWR1^mrv)S(ZjPy=nnNp1zWeEAcDL?%-wq~HzI8cPqx z=Wp%(i4wL#KM|Iy{OUJg;Tu_yxV9pRsd!CDS>RabDu9_M!Kuo zu7*(w4RY-kHL3#lRey2-#SJIVd|2g?g#>?vZhPx=Ph^ow{h9}^j6H0kJLHR<|Kiez z0|??ehBz6ULLYTfxHN3zZq?8fSRIG zo8ZGwa1zMh@Osg8-r7ICk2wPOZw?H^;Tak$X8sH)X?u8a0>_Q#cPmMTFZE#zrB9OL zmYm{&1{SK#=gb5H&)$N{N)#CXFjapep#jf?+p<=txkr%goVn@{dqK+!r0A40O<9Q> zhM#o|Y{nZlkGSp)%|blj%B^BXA=cPab_8qQTv(2|A348&l#z+iGWF)m(Xt028PeUo z8-Q0zhKxOTjn8=-_6c9&!Fj?-AHKcVMQ%(K3yM1T*3c<_!G4# zrQgyuG-h+wuLPildv1|2^FF|aI7ycerc6t(HJqrV@lae6gq~>%m@&RXi=)P60AZ_JvSYwK3CR}#;ga*b$gB6 zpJp14qaHFR6@~uS)E=Qa0IK5~@~8wk25O5a`*n~!n6?{j<~EeE*PnR=jsnlI+{4;p zRYKb5BfA!ID*ug)`m%T3n9Glzy`jI(bt8+d5E0envCth-D5j9nuU?dE!X}Qxf2UOQ zv=2E6>2vx!)QwNLphHO99QPy$rY^{%tXc->a&v_GU<&4Lq2QI%5@*#En7W_%F)IGf`WNM)tZqFDx|bDU z2psg--|bH=*q1GXY%TIv$#@tyuE}9M#|tdW@NnqVr7cJpdSmTz8s1U<&$?uj61GYe z4~O2q@JGAk0yz%Ic0xl|f+V#QQuAE@7I+1N&Kux0->MRqzz~AK5z0Tp-z=g8$>|7C zxh`9p78Vi|>!B9^T8MX4pV`k*#}1D+ecv1My;^l-fs?|<>yWF^j592Qlt-{1fcN5~ zIVMWM%<{Jkj=JZBjGDw!W1Al*=X^~R%HacNXjDZHFluaC80Jw2eVhb?XOLMKrx5#Y zJPcoXT+o!kQyiO)%&6q}f`gWi@OeZsV)1LJ->BojS#HACgDg?YitSG9HOH8A-nj95 zS8RkfYpRYm0~q8*lK!Ne9S2a%E<;Pe=6Bd(4qSraeWC6k|KJYam!W&2d5*|?*7(4z zX$4NNE9-SdE}UWDTWv=wuo#J%tHM%Uu3JEt(G1!040Gzq8-({ZmZq-36rT$e@{c8S(l!khF_pv61 z6|YzoSxN+tMqkjXPQ+t(P2N*9;(H3-y;c;x^Uk2KHu!e0I+LqJfo2#`BN&sadOZz- z^U51>gXTNfJVb**TQ5?D#@CS-&s}hw*`E7~cRz^@cbhu&DC!KkI3V8G3>M2-im-B! z5XiB7{C88?HzI$Bq02|6y(ngNRZ7TzF!*byAj>iOx7t0}X+xi-Y!K=x3`~^*EQYPm zB=#Kv!IC2)(6&c4Zv~N0ozR1(f!Z>AK1u(j7`O1+XgMJ8G90qaRXfJD_)ngXH^sJ5 zolwj4R~>5$2*xklG%F@M$~vKhnv_4+^h!DW*Th{co&9Tvkt{@{(y6gjZ!8DHBc*+A zV`rTkicMmICgrg}Os(jtIQMcqJ46njOd)O8?2s*G2hk)4R`fg?y0$;<*Kmeq`SfjF zB&ol)b;T}K?n+$olJf6+pH@My#pi~!*wclOg#|G)fh!oQJgW|kSdX`6jOsQN2fh}z z&3bpYzlMWKb@{w|isY;jLmK7W0=U%{0XUh>WA?hUYU{0umqq)RKU{zGpqZMpIFkXi48#DBi#34@&Dw$`M)!~h#rK&p{J{KNC^+;OB z#tYwG%O&1BXjC!2Q%2F)qz(lytS>c3)769y^%*(A^MNHQm6&}O&A5SyJr-^d`A+=&*dnB(!-^P_z<3@bZ&qFec(g9a-7oYB3@d$v1Z_!X z2J416@XW$@iPPPvGL;#L%QV4#g0}d-X}9woFp9HB0QrH4&Un#id2_&&#T$HhRqdCA zl!w1sZwez+!VFH@+@<|^O* zztTR;(B`m#h}jaX#4(I&v#ynHLW3xXsE1yh!-9|mnhv7Cm-`s3hT1rr#-Hh0*kn%k zfaZ^@>ih>~{Da%~S$dQp9j5inZJy)0LZ@c=lC0r)6_caH+hWNz&JIEK&#-^_z+8@N zl=XN6VKDLT>{f0rNuhk*Tyg?B!k~RxUFLHTC#m+71dqadAhb@MKR+S65p(~*LfmpSs{&S6!mji0v3&>HNnUF*9W#ZF zvz;`AT@U8U&|3*z2aKSDa2}VUKAL{;dRPVIx&;lq8#_(QVH++fclu`)ex9KQTE0AC zMI{;p(?7tQ2L6pcY^8!HRCK%-{SP6DpP+k4?$aK87rpke>$f|@+}^MVa4FS+MMq5r zZFSb;+BReW4^EnNC1O^8omZVgi4NRTl!)_bl`~p?5T}@k_UnbDmf}56|EH!0yMGS5>&yCx@tNbs$9)cU%Jg(=}aRXe{#VP{C)4Jcu zNow^g2r}+XbnbS9<&P++;Bafv%+!2>#mUOI!}-92iW@gZYo+gb8mY}L48QT`zqqOI zk~V5ebc4Bxs2yW`NISTL&5QckLn}kB`XAa=UGws#n{9zV&XBEowZhwo{s{q!sobA& zYHT{~-J+eU>M}cL!w?F7RB2y~qU{?HkGi?K%i+RwswzX$Qf;jE-fxryHTfAtg~tgF zO5n^K78xc+Ty{z|Ip3=)hZ^wZNELY;9jnGuU(Z9Y7Ury#N!+DjyPc3BCI-{E+62EP>5oPyI>MO1dHhtFmf;$e`okVgLQi@%=N zQobuP%!_n<<&~{yQBY`TQMWJ90FG$jr!uE`G6-e)rdzqujs8A2191Qb$=RRzinq<- z1UeTo5ci2nf}aZ^zhVEUN|>emQ@Q<#rl+2}iD)7^;oR5FjQ%AVy;y^&@5-}9snsWT_{ zsb*dcjrR;v^(gD$+||1;oCG`qxati8kUSr_1im$WFW`p4my2>vNfbMad!?%#{;jKz zMeCloUhNAXf4Q*BH99!Cd{3{zyNb@AcOLUGC8nnhAb6fn+*>?6E<<#?4|n-AotZ zGG?DtqEM0J>iZ+lo)Xb(I5`O=6qE4hG)+3nSmKmJN3K(hpNjL6QhonfG&M;sWkt-6 zv^dX=van((kUQ+g8q=Bu-NOXrOznbx>TtYU;7~GAzJc8hek()1Qbw7}B4q9!JzVQ2LErvGc|zyoe%Gp?WM% z=g&@31-2aBW)Ck7A!5{!VPA(3Q4Kj!^Y;E8C2x;IoYp{LLMQTf8k+1Ki_W6}`GM!S zb?yuVox)B$cVN|Vf2!r0UUgq7&w$9JJ3*u}^~VlvJ@A(l%gm3&Bsba~234S8{>dpl z1Ro!ylI~`u*bA%?3;`LD-tQ6G6JMm71!v<2^7r@icSU%)$H z*etP;7qP=qFeKg(>We`GQqt%EQ@W)lra^~nZkPM@rPr;y{i~%M-5ewuqD45o$B;+S`U5e_Ul7yElHd1E!PCY4jJaBQc zP`YmYsp9ClnPpIc82rVffr_h{AV^O z;|&z+f@X5fkw-%W5pn&2Ngttg9n1a}tP8cEvzUQbQLwEi{`N0f^wtIS{ISdd>J&i; z@18Vpo5H|RP&lwsFy*-XNWj4*_>}Y)kpGe=v+yA(X>crLg>S~Z>i~D4*z6`6(ysvu zLT$QWkE?KX<*4u=)UnHFSM32EXC{Uo&;f@l0Cj|!fgc)=`DRDlIdb5cN zzh0>y9Q<=V_>{dYdf3kV*+D;K26X19N^0KeT|ogu{hf}^wpvi1l(*QsmSJi0__cU& zft)!ezQ$0-7y+pI*=Qhdi>p$ixvqg%O(jKV47k$pdE}$`fl(gTiD3*raIWO1r4%Al)p4HDu>UX$xgYzPetn#Yp)QGCWyb;a z9Bmzy1F|#Y+EEc2BXUQ)CTJfA={KLsX8Z;wikt2?O_SZZ1cF+(1KXj1buIA2y_Mqm zCXt6Mo#GEe@es!CA$#WyeF<8v#LHz>(7R?u7D`A5A@sVL3YzDy-vjX|N)g$JYF&YE zxCn(IsRsYq%B)*K#YSCPvwC>Yy0#vBIlzi1Es1y-VNeo}KLShsnHj1j!m0JTC);P^ zhgG>q_0Zl_bHP{Zzi(xWs$b>+0!6=PW3cb%VXVV?J>9YSziY7}g7I!az-+hW+=HI`$HkaM>8`Rw0Lb~{_B|F!<(lk;6h7D=ZiE@m z8Sodt(Yq}ZyhE-hU$;#0YrV8;*0>!ZNWnX#NbIUK=2)Zb>)G=vP764v7*7MD^A;wM zGvwObb>=PtmLt#SG{*CfN6?v>3t?!do?bsqtoYJ74TJ<5N7cFOME7qf8kjRloFT*z z71d_n>(U0Mc@p^ra7ie(hD>P?A|-A?Hc-?4)jWquo}HzwUd??%*+trPw@xSzmkIXI z@fAT04p7Z)X11euaRi-%I7#TS{J1H(3EO!6-wv%*-|0SLTi#!gt?CrHJ^dO;(jds{ zf!@S4+yY;0azd!5dG;Mg7H?cV(*0g|hmjf@8UwQNIDwyhNqzjtkGP_5pYMH#_X96$ zs~SOY&G>k!PUhDZskjqFFmSHEa7*ucxAi-Rdd&cfZDtzFefhsg!<(xlR@# z#q(ga-n~Gh6PKE)lAkF!#&_bUNs`ilcURDfhD3$oD z?S?u*4X^~B-3Dw{ETEq5KUeptNls#zTE`@_&AHF5`n)Xh#KiDwW_7Y^5<_^o8MY^D z$wTIW8l_g1$VIE$9Egq)%I7t5U;p zJi!ot;GlW&15ykVwKbo~rXjXLgZ_E`LYcQIokE1ugd{=>NlDcrOqFa-g5sdRiR*OW z$qf293ZJGnY!n*7&|VW`@GD>yZv~MW3Zy2Dd}v>n?6P;`fww3_d1j<2--m(poULT_ zp%}P~pvs8QEG;7%@;(fes<+ju?d2?5lDlM2gXT=W89m6Et0(d@Ge3}dV;JmcJo$rA`XQgc*sL1M2Cgu|&yFCAOsX5=YrvVTLEMMrH)a%T+zKQ88wx zNJxa;-MSMLtwAH{>FtEB`U+blt;=oOxF2Ji!L=irI7Me|x4h(+riQOM?cQz5h+isj zdS#MgtNB{XKKG*~BPcLIPj;iY=<|Jf@O72^%1Sa>0F$3$bMiTdm{9ZZBLIaLht1Ha zbI8d4;s5Qt{Uge8JPvLv#sUFXLCw9JN(V~Z2k^e0BdZOvz-4}B>lGxz7K zAMKb_^(Fr^mQkG)8B`Uqj5)g2k&;eJAf=Osg6!=>ay>beq8?q$jNHRgyGWf2O-r#_ zy@=z>`+kLA4Bac;JSBiq8n|{Z07S@H>1@n+NP;-8Ut3{gYWa-+^eEr3D^f3tAF{9G z#W3VFKZqSoKFD4OMxPVl0KKI+=~$$c7o*A}W@E!iD0st(GOcn}$D}r$Q+8h3<}^Gl z)OyL>*^l;RHFzC=N+dOAdkgSBC`IK<2$437mETSEsIypkQ-@ZMirtfWME1`1f3Uh> z%RtO(&b(}n_PU6N_Ct)DuvSbb5HEBKcu!y%k`(M=JjR}P@JtURUTw8VuV`n1x`SaA zhm0BA7I*kKI(z;L#6NHb0{xo;#6T1gAqS%2UZw++4(1K(D{t~TDC|%@{Ay_tI^*fF~3Lg zXSGn!U))N0cp`WiXH9`NPp@V;s+8vBUjUO^fl+TwH~U=jUKyYdh!E0#4$=u@=`+Q(OY6SC;z) z!-If}JKlJ}5kzHPO@=<7QDVLa%?OmE(rl%m7hK}cxM)ah16}A7u-;nm?$w0HIzzTG z6TBNp)huSPF7rlDqv()%@W%^e!MIETOyw%e%V&i5s1)MHGWo;PvlSv~BE(1|PbtaG zarC&Kqb6q(TA~kRx=QU;HUcRn-f+semBQj3+Be7wOAuBXk(J!~oM~t-B^3<_Z>=Rd*hjZHX6ph& zYYdkjT-i8n%?co7u$dp*7?4TqX8nP*xhWewFaJ$AgK@+vu4FFu0EIj+A05I?8q9N_5L*s{4|ZHtm0>()u%QflMG1dlS9=F^D+(f$SCF z9J~#>P}r@6G;KsOs@XMnwzVz|RYj=gUKl{5i^AI{!Z86YOz~C8rK)7rF&AIP-Hd${ ztvzM!EoaF}5L(uBFHtIg$i7xu4!tYGzO+jSV{nWlj+d_H?cL)48Z}v{#Sga&Vy@(m-aE&mRZp7sNfvj?fUso~Q)-6H`ouvo5mD{DEsb;~cOVLxLT6d%#1zsn=Q9o2P z2d!z;)g>ksuy+t8Yr-JQW=Ce6bJt=Byz=FcJf^?ew-yN3Lx;eYIr7(P&m$x7^Bsmv ze(ztaN^l52cDRuyi}aY2v;Q7r^u(ctKPGrIr%344WvahKs3UEVS9o5NgrDbrW#P!E zx`AIFZowYr_hxvQ8)f&njx2wk+#yEg0s+CYX!sMm=y!us9srS-<|Ez%?Q@ zxJ#tezJI%oh>7CfKPh^?t@ercZI~owS5Ij@tYcz&owx2AW*YTuI^_I>@7fReOD#Yr zg>_xpyb5?F#wBoz?x@RTbNytVdT>bZgO+INUURfeIN>q1s++6b^(Q=Jltcr2pXAta zUGXSJ^C-SR`kr0rJY!Wots4<LNQEKA7sfLi6XAmWK&7Gt1)PrrnlNg}t0l8clj?YEfO#*X<&*_Q0gj%Xy&h zMAvCAZ#Ht!F9X|FSem%T0mw~|Z_X)ZVfm~ZLni9{K=-r*=(67An_uL2cWNT#TV$L& zF%8G~N)P2&IiJbz7dHKZtM=q^&OaPbEtuU3^F23kCe2)8LxRvt&>dBM6>ZE;%F3V^ z11b^`CnoxCi9HqwkRZ;iLbWlIOjqNWM`SOS21-3NDcFR~Gr4KO!lALfJ`X!(p_-&U zv$GcWUtuGqo;k7Wt<#kikvWadB?y*1flKaY`TO9^;JdloU*7Ko%_;1gdBo!z)@2rt zOR|CMEp(7*;t|l?obC|uuj$(eY1(<&_sc4c=FUKYN;^SC*NkB58HzdiL1hSxIrWDpV_u$v(u%2cd$YzL z2~%hAMv$Y*c#FM&^>UFjUmu+N9i0W^+VS^#6iry*D0EmYRzs*Lk^T;X@hbQMy2Q!y zHBo-2(3LY%mmE>eav%y=GL<3MVwJRz7vb^9#vn`BOs&}w+uy=K`ctE{+6 zc;(?bFh)jyT9I`TW-6KhG_Vw;3TpFnswBk|HsSmCxs*QIn@pQX(cBp+T@)?dcy`kEh zt+LeAc?WHaHZ-8`W=KG2GzI|L_ffl|{YOGw3KJg(;HfJK*ux2JT(mh5I`@W4w5Jt$ ziNznoiT*z9GH0Pn=P`Pqx5Z7rd{5}F7hgH^>UPIhHLjK*HKZP|JMm7W2{P!2Pz9@yH_q8XXhN~9?{bQ0{!WJ`hWL;61#h`vxAFD5N z!^PmQa@C~t<(Kc+tJumbeg)1k4b2|06J_p#nVpEnQ0bq zNk0{`bfYQN;EvxIcFx<&2yEKcIDeVg84p?&IhT>!P3N|_DEH+-ITt?}j3;C8 zm7Lmp!H|snlU$1$n4N}?%OOGa%zw{oB?;zsL^TD;_lbZw-DR4t4J~@f(-7vX_p9Az=hf#J3itfGSTDKFaUa_h4##88xC(zQlLQj@GE}^QbmZ=*b z0}EkdcSA@D3_7uF4j{@TZs^kL6L)Iap^%=h&NY;tuPAl^e(y~dzL|_2Oz(5Z$6lXu z2n)DW&Oc#17Ne3m;|XKq2Di`>%W4@ZJ!e)kle!b9i&c@Vd@=bP*7g^b6Df!Z#Ft77V`T0;NRYHRRAc3MI6 z&R)^G%ne$C2~LAHWadHT6vr=uy|pAZIUn~(h$#?CZh|ce_D{C9YaBP{Z5J$c?Kce^ zvb8}Bk*M#|_Z7CBU{1Mb27CJ(vrRjBJ_&SmcM`+ZEO+$a>%(VwSr|8%?Vh&_)@iGi z1NGE_0G@&9-1Js&390}+mH^F4pu;W+yrKtvXAJi{jhe)~{>Ye3j;#eu;a>D+kw|=NQk==Oy%(F;P_OleEvKl-2RLKfBf{w;C!Su%f0Q zQHjYVbbD{RV`k~Y%$anf)nVu(dh*cguSER8*9)X0Nuq;x6r+mEk2@~O%g5daQ19~Y z3bo!tgA`F`A?$%RLIZcKv5DrM!Wko^5INI`)z^@vGb-hH z&PIx=uxWRs<*}cHa)%p+uVpnnbT8IFOu9vdYwnywu`h@8KZQ-PA6$uz5bAZex8c1h zuAHsZRm&yd3Z@e)Gqit(zeMvWgj4FHU%&AmND~Y`Cqv=4xW+nELW&O)VZB z-(T;?$9$TdB#?Kt0~}-KNbpkjIUQ8N{bkPdkFvfI_uO2Yn#;Y z-7rr<`;MOaISqbJ7h;;-+#^qwFOveUkW%WDVaH8d8C$_14;JQ}1&p6}OcTNOb9fa6 z^s%Bs#*5mKtF$xxN_%-nYldm*dg{eLBi||=UvD!k!GK`-w&DG;Jx~3pm1f{I z6|UW7*OXqhW$>uZTg)3;_Q+%@b=6FNRq!JPHh!KuoQ>;c7&{bRDP2oyOw6corA(iXGoG*5>Q7B>(3wJV#sNP5k+5zWPKvi&6T_`5kLWw7=|aTa+e2Whd%qjNRK2Z0rFp(apg6e) zm0$qkfi!%&qeHUyAF4(F&7CSOamNRRk>GPM=bzaF|JLsgClRfPa>~Q|G||9p0AxxH z)1b{zDTzdBH2@3RSBcKb_B+|cLH@Hh2PYM|-wcl>;}3UUtYNah*`zS;xu(=h#h%`G zukEcR0Bd^J6ytwfP<-!YbwXv&eH6jMv(jb9Visw@D)x#FHtU;X20DvsNAcu zca9CMv)yr@g*}I>Yj?6JcBJ1(XUR%_sqEZ(x&T;FLk?h;K!5N`t2c=U_r|(bT02`7 zfumxJV^(q`A}=N|g)KIY=sHDFhgz$V4(F+AJ$2lh4Ju2FzfucquZ|YGGW9xLNBYLT z{N}DYoI4iAbfOyzVed>L+3USHL|mZ(lt~B!9;SYBK!E@|GiVPGJ$JkFL;GI}-cc?!vqrIx?j(mxQxw*uo8~o~|pxjW>OZ*(LKMDywW>h(w|e zEH_mwi!}WW<9h*hQCpm3tV#&VF0mLLZL>sh_p?qx=H_`$2lpGrg#df zwXpu32R6uk3XT=i1up1v_mA!H`$-d=Mh05>8y>*Q>oD9LfhZx>& zRn(g_&%5MTKTiWUt~VY|FD72&2TP9y!RL^_u4W(B#`n*w_=HFHwv|9L8By)FnXJJY zj>Xk4oT-?O7Bz=j2VQjvxDEevoSq$71GH*-{1RRHMX3;aGNxJ5^B$84QXLJJR5g{q+2e+t2J1)o>e(#Ym^r1Z+f5P zd0Lt_YJ~UrbS(#7*G(r9Q#!iWo2?=5Zmc}|{0o7hh9^)MRk;=iAgxVrwI5#o$h9q| za}IQ-IkAuS)04JG5auLuPL<3jr!BjeU+zD|L=d;o0F~39wG2Rg9YrTTxNp?XDAhk! zq@nZ2GRwu{kM*9klERls>9@#isff>Pl=2w}snMNg4;kHv7F<1FQrjmIaABmnk8w8- zasWdrw>DbB6<`wm*|)$oV^eb)eirEp3 zl>1^PdM17@CJLuf-sa9ZVcwVDwF&+s(6KDxEnbuE>@CA)h<%%%(GOPPW$em0iAFg} z$x%Knl%ZU$hsUzKmladNE;#pm2U6FXkI{+bFTXC~zM1t3nT$g#OaStEi3ab!kOSFv z%Kl92KDQ6t0WDLloZR=8m@1;RxkW@NBL<_CyRRJnc$x51(u}^3u5LKsFIu|B|iZ}pgMY-@X@0r==#4vOctE@?-`63!j*muYl}++K%o|g<(ZILL z^K2n|WxEQs6P9j39)qXJDF9WkNgJqFFH1WUuDn$PWp-7rXUy6f+xr+>>EXApRQ9A# z%els+#+4qFRc=UUAXRP*uR2w3RiK(`hmBD~n`8Zvc*mv%&WW=Du_NP^owp5{|4)k4C!C=VDP}ynmyzu|0bg#Ta_p=x*N# z-htlnYDk}ZU_*Cm+xUHvYNXZ+K9z13eu&@O9Y~Cg^`WIA$C%X%Ee*Pwtb#RXeA+ti zao{?fcG$UA#MFcmgV!t9@QG=EsKwHj>1Lk>7N$FOCX|_NB=xh}O*aW>#WRh*l^?W< zHUWnpd$HHIIa#)U)EhdR$zuQcCHz^t8+81vdfW6mdg&P&jh(l6{+z!%2s}c6O82oz zHc*S}3+S}sfhl@O_XTi1sG@Uv_B_g_jp6lV0a6cX!qu(J3MPo*D>_9_*2dB@cVz_ zYK)+dR--`x0Q_J805JaBfn;l7W8!3QU}WO-Kl+ebRAuds*bsWY)DUz*h_KTHv`|1> z?dOFT3d4Y+4DB}j^=T$eg%dy|Ngw*|U?>$5b9P+eUq;wIPM>CA#NT#9M6|b^2VRO- z7-1!|{{8d}x9ymIm&HPkv%|6jVkuyG@a>)<+*3uqCp})ODxGP*z~;nCimBITsNeR9 zn~uxG_wsyLpyNRajEVf#GK(0fyLN0Kd~Ba(MF80O1s`mGkN9#j9k(iD&xr`DuT`EO z^NC_6ov(ewqPYaH;5#@fNtn2x`uQe^`!z%_W7X5-^;1Xx_}d57i080D&D=;hOpD%{ za6O#Ef;?xQTT@Q}=p{E$8#r=*DhpS~dtZkhhoN*l>u#jV88#8+hgofLcH$eP{-ZGfBZjuoRZ8@MB)L+|h7ccfmIFk?npHD-PBv+9U5X%j) zv4NC8ir0q3Drd-axUP9#Z9>nH8x~x5o^^go#1bq|f5sQ7wwNHe>qD8V zEe1Zd?&>+WxK5sPb}j`M)Dh6^GwMbj#Vw9_lMNmK^Ja&)@|glBwAw)=u~z+wrN9o$ zzsL9)td_=U1Ye^3gSEdX4z%c#E?dLK;(M|4<#@?kF zr5Ww;9CX@$@+r0OJc6=3wQEgA?gIATOOS!dUoiI1O5PZEO)KgeuMT@2+`MV&P^3$9 zX5nWy>7E&k-i{xHFgZ?T$+LD6ygMm$9C&txo)f~{V?a>O+EY8^a?h2e&HFe2eou_b zq}u)p^u=ND)je3TyqK;6C)O%H@)SSo0a}VrIX;YFkd~6~6YwMTIY(U<tH;!#r4@rXj1JbYJD6SP;c&68HOoNl7Zf3&YXiD-PzGu0OKsjJ{xq~l=vNo zk5UwXGiZI7tIq^*{|3qk(>OQ6Sk6K;=ox8vKlRLe!!MUr5xAP9J^*T6 zRurpNtMDG~d78&vlKY{)HXi-JqNwQ`4gQT927?mv>9_d} z{NMgc6eEc#8E^oAcoYBtl>gptHg>jFCLaImW>dGZ+hRlbz115i!62c}Y-E|(1f2>a zk`92I!ZO~8G@yXcEVQ9ZE>B2CzFWJCMIl{uXuKT)B1s+TI@%dJ(@hTw3fgF~yn9b| zo>sM5s14Ul)Wq1*B9!Ii28hTo=PIFP)I!E1k0^=P9&D>$lr&9~Vn68GarIW#dbKf0 zNi=O;t|a`eL5VuBc+Zci^qL4tG?yKt=6>P|-RgB>lls-~unnq3gik6fnzt6COiEOA z6#RWZ9_-k(?`fe^HIOJ93DwX|lwQ$P4H&Y5qhHCx$>R(XNHwnV48(G~tvKl(ts5O9 zR-P)Z-vX@Gm`Mw+9 zXAmFT>*k?F?j~&QpJ;RvP|%M!hQ0pxtmG|6M>ie-{?Lz)_6yUnkBH{vnEuHcMWQ&o zlK{^mfc9J?O{;r0_-INHq=b!Y^u0tdZUY=?{uD{#ZdMMW?kegX zIO)#u1;hFBcth|A*n6{{Sgo-fo&U`Fq0!=Nf){psbf0h&wK0}pIuN6ZmK0Tk;R#aO zix&m|Xi!ai-g2tgkh#VOyem-zVJBP1NruqWZ(S%LDXyuGrWvHbUfT>?TinX)7Q)76 z5>-bj^XVi9SB}-3eHvd`D68ay0F=EZQk?# zn>@-lWQ+$e&4~5iAUU*YIYr4LwO&AWMFd#fmoerw86YfukKMW+Oi$QjmuipEkjUUz zLBh9*pf2k1yYZ&##RK9$NDo@)lhvjkZ~H@)d!rV;@H~xMkH^HDfhKQpm-xYh%pXqUI+(vnl-^iYkX(2> zUJDPzDc9cH{bQ^NjgOR0R`M|VyDJFMg;#Q4#=?jVb;OrWzx)fEJKd6NTqh?C?2V_W zlTFL|Wz$ zdMyde$ys8z9lQA-cw(Rt#*0jSz+FJK?I~kS6Qm;X7M#A+=c&;S;yo1;?~5c_!69p$ zkTGBgr@QV_nFF;;IV^5xWbmdQQ4KOwAYOZtG+x9#=X62UuO`+NR7a%vi$N*T!Qeo{ zEs9OV*tyOYss!64my@&Ya|~`ah=!6t6RU8sMPtkO-^NiN)9+t6vSW*vOb>*rcV^(B z7p3+1f3x!j&6FJ${fI9FndTE>4!0 zkoG|?0fVK5h0V&<+bI%tL#!#ZJIYiOrOd0)XW*&A=HAEjwfOvzn`ADFVgv|Cl(y#~ zPo;>LopJ466&MHx#JOeE6L9*0C<^Xm*Wj7c1~W6z>j2G5kGBSVLH$V=!clg!74YqY zyp6S3O~?7hhVx>#GUCBG?hmz3bDrETq*h-pE%aCa7(mEIKy8Y1v{|EZjCRdDst0o* z=Ga@9Zoz%K#*(>T+_C;1e4w0BB$nGJVsz&aRgtQ8(8*n}&OH~Mh;@ycSSJa4v3QdR z`V(gh&5+<}^<{a`-jp@$Y}p4abA`S4n9w zLPMgGhwq!{_F9g#SeR|E0sfc|hZaBYmwkz@#!XhMC#J)v$tg=>8}p>__9-Q4oH@JW zqI9qjGD(>&kDvToZSLi@fyJ-f-Rx+IBd!|bNdu2uA@!CIawNJfiyW7W50p*L@oy13 z^{yf%nzBo;w&CLMHv7)2#-3|4-&UU=z<-hXW9k;x`JYGE_h&KH zmO!1Zq3A6)5BG^AC6XYJ0&P^w&O&0dLP@+X3F3>?lHa2^%+U(*}wI`?C zShEs{OV=YeV<}k5A6TDv;ZTQb9C^s-F5EM?PLJySbPqHrc105guf6KksneY=^CtD! z-vp&nFJRAnHfQhaOb8;n_Os!~)_rvFDm`tKl+yZs|s8~;ca`hSno!q&;zz}nix@qZj*%|D)X z)QX?p4`rlr2(4KFCYC$dhTaY^m%YPAST$ZrN=5$GJ2XFwk7FS~#~T z1*}T`fZTn(kkbC~jJUB?vSg@SDj$<((C=EM3L&Cu*>loB@1JQvSybO;>FIa28HSic zYrd9@amQ1@X$2tH$h$B(w1|9tA8RXbKWW|T1^%3RdFYv!*C>fgnkWusrCvMiuzK** zNQ;T*P8u7#I0-(uJ3KU`lr0NbSlzZ^T+u8b0oFd(Yy~1@k8T1J9$wDGta2DY8NU<> zXGI?MprV#wnI3N#R7!hY7phD0#nKsp5V;&|j;a4xRw8oCdVzz}a^$0h@`EZ@+yI8C1qF+8O3a|FT+ z^_$`nPS7wct@AF7(oO%edb5#?Tpvu)QAkw@%1tr(y_;6nY;HaFG-{M~%_})c)70Xq<0hZHvzv%)2waw(#^M<+lidoahx(BBZ&N z#RJucy$_LR%L3!An)(T%V^Y^S3XIFG8f1kSvFx##Z>msZ1Ebvb*JOrF>WG+ z*Jwxo8;A&wRRMRRifM(ED^G1+_0$lGMvX&~8n%QTwUie)GG+Xh24AsNaex8{^>)%f zt-JZof^_3UwSVw?GnD)@(3Bk^*GeZqXtmNS zmdH}W=;kvpgRydU_5CQd#}x^16xvO)6~9%JFK&d^S+RrVi^|&-_7Xm z|Km~ZwXCU49Z@9@J*5T~gWA&e z6J2p9H5Q!_XcK$G_lVU|?)-ejC*V=@jQ=x_oNRY*y<2DUb zT%KxA=GSR(QKQ`r`qvjXI}-C~s7L%f1L_9hei*76O+f+`)cx5vE6BA61t-=!8kT_t z*^vdsm^1L89q0|m-AO;LWsn}<(-lv38t3`? z4W0$~AZw2CicP#~-7u!zjw>%Tt#9RtL*8>_vK}u#e;(5w zmu~*ROvR%8zFt^*u=|YFyWle8oODx2t174fx`f(833vTos><#V-zXow7IX;2W6YLv zuCmsPk8!v~$Nlu9DT*G5!3;0rr9PaCi;@hX2oDUnzY4-p7II_|HN2r9+0n)}^5vt@ zwSB~$-01oKemz=qcLo~1YGoHJ{oR@c5b?dS2ExSm@y5At- z&MQ(S$~-#daW3!>rTv?|49pLiCCxgvosm!vZ0q%PIIC~&5@wA7km=zr9THz;EFKSg z`lbE^Xj*twp zF=Cs_e*JaltM5x-0>RpJzdau^mmZwQklqO*L}qF&hWa33@#WvckbG~!7V{Fe*H*1Cgks6!jfBV;O~^z@JAUE6MV^Zqg~VxTGrX~ zZ&w&aV64>!MfP1es93#YHLvRQAcyRk)+6un85_z^Ola29x@)3msWp7+kxOP={|(s7 zFRL}2*-=3I#{6hgkM+mH(f8%&(AU`I6Elsj8-(@kG5WPo_m7}1kD{q)%Zq;vS0`6T6q)S%U`)x&eHBbD-?b6iyl!VyZgoF& z$;q?9UV zR5NQk!~X%{H|o-MTVe>kPiitHz@%#iHsC!N2!Vt42>6Lul3t0R7NW7!H5H^yU6I4T zpR>IZQiUkQVTECjhLPOdady2K8!!3{;k!>jpjyN{=qHX7Bh1z;^zF6C@9I=K%l!nj zRald#G||&Qs*T!1Mm0~0{aeRtB$2m{WVs4}=oSqV_iTaC>dQD$(@^yO5iodn_&JWnnaa zVm%3g2o&v$V1P~H0WIeFh6u^&=rM{27^Zjl9#0{~RzmXTqo5RzodWWlXd~DqR-Sv0 zMA8}4$&5qSw)jdw_>;80!XA*=3is$R&}nEiMydgeGL}bEsaH7LztI3J0+moovrrNl zM3OnoJNs5I`e0L7hf(XN7R5a{dpX7WoWNWhu!kgjqyQ zT)$!(LX-xwoFUOkd^%FMAObe2Ie#SkcYjmp0Kt9{`7>HhZFpWG`Dnd}hJZLm2FJnI zPqPE-uT=PNR^SA1mh zJ~hwzB|>g)#`zMS)7gus6n?gbjk%l<%+nC7jP%|k;PH|Jh^{8WDi0{jS<|r>kCXPH zu#j_o@SNbQk+3|TckgnB`Jq$R8N%l0G>HiUD^b&^4(m+Dw^;}jXcj)2=&F&y@*MBy<=xUuL-rRH z+X_R;K%-F8mBWKkSo9`AxpvP~J;BaCixJTlb0*P{PEuezfFQ>|EG>1Fb#1w42Oop3 z`DQljEEiXm{4#Q%M_FG!oPCB@+rB{*2lj%3p$2u>9YWl8>+NsslcL+CtrZnrn1^8xu?J=urb@2g3|B@L zL`f-fU-B2R=}#v^N12<)%br%J%{-MSms7*dwDf9)x~&+-WvRPZPcK!sI1#JG0)g0FS-isg*YoRDRZ zncbqavPW`lV)+IPMs5V*ytKYwjohZae^*O&R(Q|kL#cz_neu{eGbepPR}WmNh;6cT zBo?pw%E!&qiu#47s597TYM!@Wmh%-Evx}qi?&{8Df|-UL zY2!UM#qdW9BOjgNLzQ7i^Va9ozjhYdCcWg*S!#~{#6$!FObjy-O(UO;~27N7k4m_Jf{DavhWBR&3leABJS&TirPlj~hNfFf=^r+)*E-d}3%gz5%Mm6VIog)C{a zHO47FrgTv(58%mFfHVqrh!>gPE=F{f(u(hao76ai;>*=ejnh)l+pWp;q1LA`*Rf^G zFD+e~o3`|ZSls796WL7E?i+YK@N_1wAMd8E@IJeHP+VMI?oAr8sZ6>Km=E5?Gii8Rki3ecpNE6jS;$C1$!^0eN zz+7{{ba7sGNR}N57C>9|Z>$>r83ltSl2pI*o2}T&kt1M!`hDxY^ZEPMC)fGs#-;L7 zd4*G@tg`V=eI|n=mU&2RiNh9mj8E=X&kwG@Z7d&_w;jIF6-L+W{u+bF<24(}OW`5# zE7EMX>1-yO-!H(pk9|*pl4V-DzFd)#Xt7#0*SlWD$$jcT?ypX`gfv|pP8i(!%#H4=G8Sabe@|#+ zZ=v4tE^%fd{}O93+;&+p5G_mE$;{2OYOjnFp~X)^n4A~_zIG90Kk>^i{{8r-e-H1y zm{46%OUI%AEIuY#Xk*!+lR+zmP!hdU=o0_Xd}cGZP_aF^2D9$g+e6%P{nAkYTj&!( ze!5)2F<)z5Z8pm7*0by&EaYF?SJ0$tKKc00SCrA)UmMod@U-l-UbO^HOUcC|+M?D> zBkxS!d@GBZWIO5h{3aY^+L@xc(6vFgO}kAhQ@4Tlt?!Xk8et-CCP0pW zIyJ^i=)GyWpq860Ob0GnlBtJGN>w(6U94LrT2uMFtkT%AS|O`vL2DQ9hxT(a!J+K_ zU6q(47F=swcAl4=4OJe&r`D*`LkcJsUNTXEqxS$OE_UYJ`;A(C>xbll9<_~3)Fg%e zgMet6J=lDM*5avPg&_M~+9>%6nfu7>}QiQ>>8Zk+wYGARYLTy;hlcpW{ z+Bl=$^tK$l;`a6&vLY+`Lct#~iRl-c0s#|Q&^o}8QyMV|InWk;#6Ak3VN&8l{+YP! zJziTV)%Xykjq@(U0+3P8c}&rEZ>89ONyAUJb8*amE5D?nFReP_mbj(i2?yCgXOAEw ze7rlm$`!OtTm!}PL0*|%6x)$px}zCF_VP^OB4NqBa-$$&ZexK(_R-knSPbF(T_z{E z3j-dNC_Fw?4wotIK^k%_&%@>fEy%ie-e^>C@^Jk2>hdsbf6Ls}maN$mp&hf)8 zGpBXz&A|~m28eDP$=C70EVOfO(&5))e&R?K&{BY1w23g;^y`Bm@!A;z8btLtpjk9} zf7n!ZEN{8GIg}<}`=qHEtR7B0ky(DZ4NfT_tg4Jw!lt#YSBPL%K58Z$WAP8S_;XPD zu2K;IUg4qS?1Sx!cPhUSRpw3Zkc2tj^e^O~R#QjdMDJi?4^z7JU)w}lGtk@1-k-x~ zE?A3{nBbXcMgGCV_7taE9#r#{hm!JdC=}?OsiVG?`szIplWSG9`!%<1O;+~~nJ(T~ zTxmc1Gn)`g1#nTM+^xRjc54%8XR5fx;@9IKA3R0V38Bni&do;UIK$t`oHpRXZ^XiO z*{zj3FM?mAzD01zn$XYasb!djR5sTF;oxb!DB27fNu&q7J$-2 z|Kjh5A&2Pn`xeLe7%N*vk;fZ-QDDpJJ3hj8=pk z(dx0XQ9v!rCWCOCZb_x;i~W~fl!`m>IOUH0TeTCy%Q|FiLW2~h z+)p99^+$lxex(&3$pJB%6#$s23<4j!a$>d;xbJlCrz=svaYhSz8>Mp9*AR4;TB0^d z=j(cdPgc<@q4X@&@xyZ)T|xgF8c=l?>E5_c;jaBG@SeU z$kpFiQy>f~Pz~z8#xP7!;tNV;1#V4*d^*Z-{Q`A#JR!Kcr~!^QmQ4vv+`&H3V5&4n zI|y@mCf2bjnR&F=~ zeW$>lf+i#M?5P{{DqIji&gp3S7x8-->V;Qf)EelJfTh*iQ|171U52dW;lX;c!_V%1Nq`0fIS5*t3_| zYf6k#COKWHVJGGMh~!_qZJoNqim=+v%{m780VP7yh5kBkZNd%voRnl%bOeLV(HcJKdv2*sgaU^9 zH$Wv&Nu4X2&rPW-+&5~@aNjaJ$zEB7W(gPUmKY)~$o-fLr3MI19QLjPP&uN}Clv;w zFq2-io5q1so(CcmrW&YTt2Y36{%OqMc*7C&DO!6CUeeM*6F6SWZ(R176iei;RCz%Q z_85;rqJLL|P4K+`O&zSSh8$$_F^Y^GX3Tf%`T#8diK-`aJJJJLHAP&KrM;(&l@iQ% zPCE5ElGjlr=YdBi-nIrR$;~SZ_Hm43(WceNz@b(ZA2guSS(_=6FHuys9R{2IR%{rh z^zzh_V%1d@orQ4>6{w1o3l1$VAks2I;DUQ=72#8g0uLsp?NwI6}Pg6ph$4Z9d8N+Raol7?xlN+xcfOIf~UH;c__Q` z0$pTD<(b6-9pRU9~a!QQV4JZNDbBzs(juFb+u;R3T4m3rbNd93asX3Ac{`0&4-2 z^Dhbt$QV6=Ut8ObCQpQ3(^$`LzTftDSJ%LXhIhoe>-?8XG0K5t1)9%8zqJ|li>=)f z?Cs?#1ZU8{*j2+sBq%5-)jBjENC_3&8o^&$?E8pX8H5(gHdXqz)%&1q9I!w?w+%{L zfU%TfL-)O!euHf+_y>Q7&KCghECN0N)Lz2WkTnd6;)nhB9eQ3u0Fj2rE!0!SH z0F`fxfjrlah7uOG469ri5s!yQujHT&MioUS7K5u&35$2B^k1qONbip}b=JjxmsK>7uQ#s??m;t)5&X6^&G#1}#f_ zuc~VA4j_xmi8MEozV`2~$zu@7)f%T^OV(T=$+t^6C5>>&&X>|y1i2jx7HEeSTU<0K z1_`%|5ujmaYCT4@F3QxgW)+z&U>jV$>=jL1N>O1e6*7VNeg}%Yo_0HT;165bK&-YR z@rgKj5^fd2QEx12E}JSX3xZ2q zU$AzfOX-bB04G%UYgHflZaE-;tg-koFk9R9u`|h5Gvc}qNf2L6R=BeG3sxDvdx7*~ zN~JQ!0ho5-y9MQJkG=i%=`R+SY^8qe(whlYIZ7>`q@*a3F$>Dgqj!~4-dI_rzTDE) zIE7ZwD~C9vDjaH4o`i0!>=V2Eq$^X4ys-!5Cr`+p%XIY2k~p4NyYw}$^B1-!p{8df z>KsRso-`EUM0?oA)G=vXqho47XbXnsiU_~;fbDM$S2R+ zL!nAV!IzkzQ6VQSRc89Z7bMpJGQ;GG;>AbV_kdY}BkVLIR6!udLbqafJ`c!vf@E0{ zlCXpfp?HC0SrC@MCKJLd-Qk6^utB#E#>H2h?~@Az)8qMfE9R3UO!&TFLA3iq$i1lU z%L;gFz!YahR^v$0y6vef5vEB}Onb%!ssnpJTa3O&O*$BZOK+Uhwc^@SuWbClo5Aw} zn5H8)e%%R5qK<0*arAth7jvvZUO-KEyv7>ZIfg<_-RYA8QA>}0gWe@Wj(iK7WjgQ% zn^bB7Y{~YbOV=MfMHk=35s;EYsH!@G-mGMmWy>u`tinFb`nzpWTZfvc541I;#uI%w z!n#HPo&*`xe@S)N?-?O=!o?&T+`vAI6!dgwThXQ%DZP!FTA~mip%NoCMBraWItN9_ z#8ji`hb2KpslJT@gI4nE%t>k|TBj;CK(W=0GOC`H0kU%l(%0`EsAm9?Ck&}p=C)nf zt3KrcZXz(}NY0S{t?5+THi4BMi4??Z6X!`utM9*lu7eJ306XP%G;Bi-28S_tReQpb z=12hWAnounHByHg4?R@a;%wo_MLuGMX`jwMJHYqU-#I?%#! zn#==BPJumWpHtAfN=!lW*E5ixu`>S}JBFTuduNt@la>lB9kozDKB)~M3{WY~OW6Ka z2ZC8X>Xh-uq0GinZCPT)-&|8A2IBaNH-9DhE`g5PE+sT_g?}WdgFpT2+!Sw`aoU{D zE`^#=v%cnLQt%}e#**pFWw`wJ24`93a%EnSRqhNyw1$#~r@p#xF94d691BBu6`f-Y zl-s;RzUil$J2S;b)5xrIuzOVq*gwt&9R&F8MS^Z-#I>2hX@GzQ7+I4k5X|4A`YF5A zL=(Bxde~Vo+y#e{FSLgR)u|(F#)^gmiV_7-@!}rEH{oW9n#7rJdv zO3R0HQjiKts`+cgxXw%Yqax0|`>0)s2W zJGcS_;Gt9dyKT!)!?k1hY4gi`eK00t#HokEyT0rsa4_e@)8d6u35t=|4-bigDG6gcoH}FW?1Gf7w3Fe?P@Uq)Na&}~*EG?@nY;RIG?{Ncx z9Oci2l5`usYbcRzxIUL2090t&(SR;)p!;Uu17zu@fzWg-t$p+S-S@AGOwhS z98@^HL#tq2xHD2B~|;4V-;+Bk7qwtfbsB- zYyoQdkt3spfSJWWhepn`R#=M*B{T95tJEL2E2KO&!a!o@TImuZ zM1}EygxRlJNppwkBk}a{dkzPHpGoZsv9y33Kewz9IE9js(Yah6LW;oQf{mEQEaMg} zP{QQ^Y~7mEw@V{R@q7`6QRYuQ%07`!g8pdfCx^arfLY#D~oZ^Z}jmC&NQ@xdOq$YK3d%WQl z?9lmf=0OI^^g=3F;8LS=9^Q~FtQ(KD(#;tSvo?uf)xx}1#gmwm`)E*MKsP4len}Fy zIHm60H-{f3U-j~y9gV*F5LYxec)nF9ZQ409Kg9RN-J*V?$?Ta6-1v&mIGRdmdgg*r z)WbM54^i8=Vq39@VenQaGN7SHoJ@7_AbrX_K43U)Aw5WUgG9KQ(^uT<4jt{r!(NyA zf}3f@&rXRj6-)ypXwbPdJ6d=WD`T3-&PkKy#uysl+qT*Kb9KpWPBU*U1d_39S1g?cjoItI7_^Zur| zXF$h1Z-Qu2s&Oig)!sTyay)d*6X&;%r`ob(dvcuoQVxvfj9**qqPT%$0)@evl&d(Bdy-r0#hKoy z#d)HtnJhe;GDCqw`ISxWX1=uyl@DntG7B z2H`4q_S~x6Y*TqdX(lk?(H>%J_4QrCQSB+9K&DW|2i&XrdQxHmRA*@-_cK>_*k30fKv#{9&W z{}jP?6>-f(_y`xWMXgS7{3`m`aL%u)kHAfxrm?w;dW!tUE#vu(tE??h6W*`+fJsoc zig}yFyav&qSPx!LM92Tean+~Ikk@o&tKitfmoEWyyv@M4Ra$k!RY5}_=yfP)cqwRj z3bOT{GVm2+!Qh09z3sF3$Cg9q<;zQr*mnfJ9HlaEdnRArh&9lj#g~sHmz((VVPu#j z&GWYB^5x%=?GCArw|ypGZX;VBUyk!YvuMU4Ig4|9w^-edP104Ok_(1I(xn2w;ky|A zQ?8`vGazr};J}fxX?J^bPl$oFnbT~gjjMs#$042LCaA);&8bj0=tum9qcLvfE-uT_ zCMdP*QD);^)tCo_iML`gaB&^-2_`M_u7R<~iQ<}n-GFJj6zarddfV5k|akzaqI8VN*e z^{(^;3C7TB40b$a8w?b#W`(dr#tCbQUx!jDju!$kQ(5KTEtz4ywbqsFNfrFJ{#xlu z&JIixh%-Vz7eElUqb~9+=HpN>)4B7O`2^UOcGjRI{+U`^A#%%}s zHw@hhl_UzvPC?r#IJT~^K-!WWh6bg|4SlxlIPiA<@u}YSjO8Z5R99&dwQYe$)b_z7 zginELwUioBtHJ!Epk7_P7gtq~#G*poXk})Xx&-$?Vf3e!TI5ARf>7E55yHk-IMyjamRfz9quPW);GCG( zis5mzQga3~+F$HK9VFn_*ot5+u8iR>_8T;Mf98To&#pBJ%GtE4vLA6RMH=XGv;YI4 z#AQR$s+H0KmPkZ#Kdp+e@8@Wjdqaq!7~%(ec!*NR2-!-FgR8kPJ=`*ehz6_2l`%Ov zm#>(Jb%c$1HCCLpBoZlb1hiM{W`h)umK2g1fO!%F3E*m!D2P3vLNns*IT`2C*(p-8 zE2RzmV_~|5qB=dw7MODF>gR2mMh;j39(3KWCbkp3TBSblYwi>wRec2_K+>+Xstg!z zB-zov`~gu3xL_b5{emhZ(+)reU08>`UE3vkw;0v&V}m_H9;L7qR2bEzOFfD!dA5$i zDvGZDp^YYE!EsuCozM>qB>;00YTE?*hA`TX)i#R-hjg5f`qF-gwUpSYn8#Wv2+nax zA~-ttqCNI#LMk|ui3*#nkn4cnI2|V4!*x&@G@s!N2s2$p@+nPor9TmxHdnD}^UpMG zDz)fPuW!x&{1dJVK9_7a(H4E9zC|Bg*98J`OJm@7wv+|TL zZ@v!QXTi*g5Qf~#5W+w^2qBEDeGo3@%Xx$_-$eq%8EQI_t&?A~gXSx>{aVy}bks_N zX$ze8DS?$#$DY(Qs3^eNIp$}++(_%w;Q{)eq?TxY2F7wI?G+r2lkrE)QoeyQu!)^S+uJPR8vw{X+x6wz*)Z=r(?1|$YF^YzYa=0< zwFnsP#YrCD410*-U9Hd4AlbbMv*hXxxhP!w@2$t3kRuk{dpVGmrnwz;vK86Uhm0i8 z|IuoINqD<2PQqn!3m1b6N(V|Zvnn65y1g-)P@5SQo#lHd797&Sk`WC*W6&iBTs&@X zO)jw6w}eM7u2JGH1qYaQmnPrKm%FK{p)W(;e7S>^JZGE5yi~X8mSLmH<1FnQ>C%)PZ35bXm_^h(B$zzbJ%Q0;kKp`*FTa#RcBPFVUK_BW`@FgtS3easy0%Sgn;``C`8W=nV-?f-JNkE8 z_lvDKEL;7eQEeZML3e`d226#Tdfne?*1?*&vm5yxr0iy3PByk8kABdtw2R8Gsxyfd zyPpRN3oEoV}Yl44TGZP?DH3@^m;d^(mDdns(Zgf5^*cL zU4Ez45iO-?Rc=$Gw|zwMuYTc}w>@D|#5xd8xtg+S7jEq%33yNS5cnIbYQ(1n#Z_&t zVe5U17_xGd=(qg%J=C~a^j5`_8UXoE3-jL=^iL%J&^}CBSeVyCVSGtyza$)_Y>$1f zZ{v9UIq|@7IFR^##*m)VMb<@7(fGJ`hlb0Yv(iH9JHs<9cbw$7g?3y@uYVVZ?iW>H z4qT3b<4Tc~p) zLRnvtVL1XK^}->Tb#|w$>wcrG1^%Y9g5#`Q6`uK0Y`qQ)aCNJD99n6siEt2+H`}4w zJIa2QSfNRP#qA7>ozU;zK`dU-u@DH06M)5Ug5x)N4eM&CxXbF6dWhzkHR(6YZzgN)QWL8?Yc=!OS&3*Q@e($2AZw( z9qOZf)JeDjgB`fw9a_~q0|KGX6k7A^*uSD`OigR`-)vCt2hL!%|85g@C&$3iy$sy4 zIi9?4VH&oY4BQ0o*d|WOnV`frwF*gIDPDa)jp<89Xtj`3viD5l(yJlxVPL^96w^j~ z{%^E-Rm&W|Rs{`pOb4z3`$TW@x13gk*##aWZ5H)MBk3=)ZY)9hQ7>V7O=n#MyCNiE z!yimGjWx;oYS< z#=VnZ;CTNd$hzeH0+qYmKrNwi()|;ZM74E1w8RW$m%4JlrmY75yA4#&DmBqHg7>^Z zPE<2+^ngiq7|fq8$UHgFKdYiu?hS#A(2o6>x4^sFa63^{Y)O<#;!lw9`u%tw0TChr zfHe~?USZl09TnKZZZh4&$= zK^`XN)e$upC zfR9t}xnf?OXsU91lQ$!maQNcmr|2IzxCt{FaR(->oDr4l#EMp_zjuYzAVK3ok8S)b z`s`GfqK1n1GE~@(7aix8ey;Cu$5II*G~4TcWw_x1fp0IqxJ)aLmUoUoKvRRLK=HI; zNq^L3W^o~8k z$q6d1yg`=0Y9y$;ze22Ik92fQsH^YZ(Cdmi5mQgXHW-C^XXBg1w&S9st|VC%N%Oud zhZjrxm2I>ub(hG$dy0`yg(mW@cI>lS(;{4EdEqqFa*h>7bj^0fn{3h^;T`wnX%xl# zqRREhgQ#w{i4}*X_v=iUaNw_KiC~uC(4E?$H_(M2!bub`=gZF!3VZnSU)eUGauAhU z1`8{>a^Q_{U5gVP`}s#cCXwuRL#3hCGzO3CDZ8_wgG>Y0L zTpOz?9mC1ryOjp@Ksv{jre7uXDovj*^_};d9&~uEX(Vd$1*0Z)jq1P2AUbLn#@A*+<-Z4_!$+uu7D%Wy zAq5UqpGPO!Ea=i+z!?1zR+%xSq0^kptPv%2bs3ia2LPkuu#6# zG*BJ{UE4+)RH9Oe7{eIk^6n zi=xF0kQpiR7v;}#yn z!7iGGdt^9zOb3q*Q9+60#@9&VKxDh&i=m?ofDX3NK%x(-ai;B2@7s-QLWf2FvUtHi zF+$+i*0_9knc-`NZ*0Mdw_rrN4UZkAoLgxg#K_qDvqAn<^!o=wN*l0@E6o{|2B2=y z`xE+fzlYeN|50k8npwL)w0&4aF2@zO8Cw`+!)>o}+((!^ZbOeV(B>le6jd6vD(KCQ zn&OiyUCC2xp)T!sylZOUa(>M;1CVx=%du%uZy}}8tyE3$d(1_s|MI?FUD8O0kBloL z%d6zilpAA7xWomrA|w^%Ml*<0j8p(0lYUecmyPgv?6WtJoa^KuoH8|*6n`)rgh6E> zrtVA!9F-dAswj)i8hi05#;#EWI)I|b8ab9}S|A1@Ol=@ix0(!6Y-v>d%JM|a5BD8R zMyY3MlpS3lYGoPLR3Ngpj1e6)hPKJ=tuf-M6ZzA?4LBRzJP<14MZxd1d)xaivO;?P z@%BKhfVLix7EBji($O|SN{-Kp>C`Q?P}+9&@x2-?FJK#X)&$Yde4;+lmvn-+J*W

Hi;y>9_nL9Q^j$GWXXrb?FkyP-l((AN?5M~*mJ@|m zqFW;YmnZrJB38uxkbh#l8;U3!U-kI?aEyqWke}Za0e-mDCjjp0c%*pyY52?be5L#s zVl}35nVBDzA7K#G)t+z2^so00if2A=8epniG5u+j4XlV+Pe(_+EO#I>e_4P&ZlIw^ z5Xq4RI~f3{+uTHKiUGBaHO;WM(q-4E)6k8V~5E~ zZ6({L#9g_2n2qB&>nK|&IxQ;7ag3Gtl7mWt4M~;VhF%ZLqOoV%3&K< zxa$Vrxs7ew7_Tv&A256!wmZ6Ro^9A-4-mL;^B+MM;*E1j6=#)IHNF?uM2Rr{Z(N?Q zdw8^bzWMCqJ|7UR8Gm_U2C?$@R(9IzrGb#vb{)=grH*p0F}PPrzGnu*Gvhwd-UH?@ zFojePI)vx6=GH}q;n?{lUt_|lQuWVOXAKjSY|W2oujvP@g}?7IEr!C3#e7qslgM1F z@x^6Qipq+{SxiuB!deP`GTRj;D(~CORlbXD@Im>=N=cf?rL4`0p&Lu?{)(v`027Pz z%>s79O`ivzq!Gu~UJ)pG24im7Jf`-#sWK%Ipr#DQu$APM4*}zUT`@)mJ?6qZP=4gu zD$1zdnOkS|W%Oh9^{~w7{K=cd%AUQ947|sT4JDz(IY>zX^ ze6F}wVqb#UqYzbFJgnI)$LY7c9{5IYkS*rW{V+fFT{>v*oV0(nmoIu1Nq~f8J1YYR zIk`BJs}uuw3sml{w{ayo(nxB-a$irKyAYmXD`&j_c2#XgkSd9#^&^+0Z1~Ou1#Lj3 z=`m-Ui81yp{j1;G7$1_nxL?03N+bo2wGhc;fiC}Uh!b5p?5auW8cRkbWcM2RZDy_d zOGqC-pcHEB4De-FG#bKXILDgz4IAFt_f;##q{7-*Vpg*;5oG#g(P~P zW9e$oI{~T98u|`5=9h_pgQU39bQ}^3vEGEim-7}h#|b`SO``%)>m<^KQ)xl%h)FM#1UN`vB!>(s_DP;3X`pg zJ6^w=lla$q^BI@WR`}+FoXXZ7Kod zL|1-|F3F#C2{FmQsFJbxST|XjWpS+FlX~>Y*O+5b)Yl4gbef@Kjhsj+CF$LwE~Ehm zP1|J2KuHKDEa!)ukYAr}f-NJ=2nAJFK0_!NtOL2Fc;YP}vO`Wm;S4!r&+^Bd)n zw0p}xt!>d=k0y)7n!TdawXxyd{(|vjf)4~#eHR^|l}sF2%)^1B;R{Mb>O8%>L76O; zMP5&Mj6fM?kAM~4fhLT>g_FyVbl!w!H}Ds_EN^@c*HO+TjfVWTvk$1&MY2~$1BLhm zg#8Wk&Jjp~LwLMQRF!lkzfL>Ij0{}jvIN`TfvCS@v@S^sef20|ceEBAi-VDy!Iz#Y zXvn`vvbYwR@?>Zw_4>Ojb=83W&iaCWFVRO-iNmyjTc^O=4!zZ&;k))T;FrjQybZauBn^N%HIiWrsGC+3+X|p2k6;sej7T> z4!GvJ(Tlmd;AvpILv2L+w9V}FlObx#%?jD|)IVm{uq`!t8^`g*dcf=7Vyga;~C8*(^_Oqu(dYQu*-Rlyv(dfnk09s%)u-yO}fOHDU^`mMXSEMKQVgC@NeJe zl;&C{Bcm*gOl@DIsHoNt_DQC~EAmFmD91u=tkEdxIbT-M54n-p4|cwZ!+Kj7wg^;S zSW)b$$UnqdM0VlQaJNX6@sym85ES|KdfU| z2DI%IWvfWZMdoB;U1P2guI#4GKwPo+VOz4h2HE0CB{cxrXr5{Soq3`%J+h_s%K-7Y zeR?b{A%p)csvLS-BPi6vf!jAAs>+PJ8&KETKEH1@7g{<}bC#F>7iI6*G+Gd)(Y>~9 z+qP}nwr$(CZQHhO+xES0Zjwr+W-2q8`EdS0@9y2FpSAX-D)u*z-S+FAfQl|@0xu(5 z>C08TWLp*bW4lSibp+fAWpI6@y)ax~Xy})9(dU=OIwST!WME4J`;s`;d@sYEbq4t? zc2ykgVtT8MtlpG?QGD~Tkp+^;V>;5a<0vc!F?~HVZ)ZH3f)ENpY-9{I(pgd5mtVty36Gk+v8_zGn60nZ>VEPe~{FjFeOO{dQE(a!wUB;D%(W&(wbo z34qML*9BKjHIwt6@RrzitS<&hJtT}pFfbSU7Rkk5B)$>lq}aXQrU%dOrU56~1@qa^ zr=XJ6s&3S%js(^!o0165s#@anJ#8aE5#IN=*-dsj0k!n+$#M%i$2VOYpyTU)37+}6 zIXoI;z1e>l5_JNy*t0rao3LZ--M3@s3aiYxF9YjC^~7jfzf=mEWRG_gsg8?xxcQ*) z1eGkAxJr(qSlnv^7unsUfs-_5a1bovWBca-`Y9l)tf?db7e4#VqU*jcS0$Hsd;|gWbZa>A~$6FyilD{kAMv zs``7;qhz}14Y%WmI8uOTFN+eB!@e0NnBKo!BU)}*fC(%29D*sVc!CwGaQfBip1nx%|(|K z+}3PchtQ{Dn%mTc%XFycQXre35vnX82(^J39b|*S29Gk}8V{j8xp11 zuOG}dpbj5S874_Mq{$8OD8mEQi&+fJTgpX0v&3%^#cczgnlTshe$oLU@}Q;GWKi`PfA7e&sdaUVRO{7?yx{kWytgD+AJtJ{et#uB!!rftM_g)l%4kDYR{KdWvpz4C3{iuh{^=c=UnD$1|CL$5ber*jLNFK55iTGpUVzKgm*T)NdYpK&H)~)} z+kaR;#+(Oc`@n6 zzdm4qYL3P>X6&qgqy+90?w0s2m+hZU%-{$f0k39=HaClzh#87MZPqbW<6@45Dgia? zgVeil8Sbm*;P@~YQu^v~EWmse$dEsDT@ioW+khXSWm9({K~5klU?E|eG~Ty~Zrw)Y zA55VUb=y-?A1g{}5|Svp+zIXm&a5Sr`u1Z8;y?dFB7x!|0kbaa;${}Jeb`66pvh-< zFsij%<}sydg7nnk?_-%m(*z@Nvo!bs!Jci=qPBpx=q`{l7=K#Km=4cy=B1jNs_^D< zKCFe5Sqlr-tDKNvcw4!9NkHXQ{mlRkMkR4eQG9f;35^Ujy{HAWY%1Ure!#XPb%Z12#tw z4WuJkb`Bq+j+r8eZL*@jWm5!pTdKQtDLtdjxh<>FdDkewOxWFlNM>Kp4`NpcZ=A&L zfw0KfEdsrfH85k!mpKgSKbWb5DSUZJbAa1o*n{p$Je6b`)x6W8UDq-k2}s?LM%AL` z`f}X4f!G83adPj~9C{;%lLYEUcd*dqdZ?-L za+YU#zsFcT_MQ)~q0X11?YRq_#=w_nljlx@6!F5dXPH&aB>zzuc$Y;WU?6f)L@|x= zR5sYA1v8D;te!S?NP!T=9i{` zynRgWTe0Wl-3XZoHg_vd-4yXAc%kWbK! zIbp=3Y_~#fj>(lY#NOBkYPU((1794+Og2`<_0o6ysUi5j_%cOThHQa^)ko%v3b5-; z5`WuM6)=K#;kN~Z4b~I5^7!zH@vaZ!`!r=(4&Z!es!m?Wh?X>V$HwBW%x$=(@-EEr055r)7=8fib2>uh zFf@0sRvJ(vOP+uG$hIfzuC69zIQD-3`(2L_fPXN>fZ<_<_d0_CMKJ>y&KR=h?i5~( z(aJZ)=x*Hp>UihK|3>HmSRvgzAK(R(Tf|ZD7vd#2pUn>c%6c-7>Z!|!2AMPJy0nx3~H=dVE>F2FsH;2H#Iu&J;1~dXe@fcaK4(XcE`CxnevLq zuLBr!L1XFPvJPj8J0H9bb}98fS9zea4sh~^@+6%T{=I17MHvyLM2oxLS9dPC=Hh1Y|aj@wd}+S1*UnofeG*8Lg4kCL&d zmnkt)3NK}OjG&e0U(smv(f=0JG!0e2B6s>xe<3(ci3nl7jk7LG5z~on?I(DKoyay@ zuO}alN*5k>Z$>js!ei><lGuY;v`!lZM?)FKOh5+T-%zHYl}x5XcD zz2VU9023w;2t*cwSoQ%7g>EUO3RNQOw-2Yj&(KyCzHu}^w1&YAs)^;i1Z*0F?SG6rd zu>8gIJ(s$CvS~=Kh{j92;Llb`RcU3~rci!1vis?b#4Wect843_4faP|8(h-~ANQE- zvPNM={sZ$R$tJ*}br0|*#QV^=H9`P^RGtt|01pCurxO73;8CCFcvs_-oJy*xsPCS4 zp6_|zdG2-bvZSaU?CYP+`G1pNM?LAM>i)WX_~QBnmQg|}XIxRTw$@Z-tnt*=EOM*L zEo#$WzsRL8zpzb#^)jEr^eE?PVpG5?=)o>J+?Wyt~|H zJ~5~89n7vpof_4u(5=p;&acj;&ntg+yxZJ%J~^lGUGVC6EA$Cm3hzO;qEFK+c@1@I zcvt=?-JU*8R~_kilsxSRE=g(>s!!D`L{r|cZk0ZjZdsqMTcuB@TkBK%$4-^^*00y4 z)GK^7xVN&Y=M}#o26)u^#4d>&jy<1x2IOq@-SzYpr|las-)sPv`W(B4YTkSRhvK@! z?a8P156U$pEBqzn9+eyZrd2aB-`E7V`m|LukQbf=@(!CF`o=Azr3_t?Po#pf;?dEB z^Qp(=YSXs<;L!ZBd7 zQ@4UcG27R5#<8zc(k<3$9s3cx_;S5rP^-4#aML)fma|}Q8)EH`D`n5+mQCkoEytVt zY}G2AgVM^$>-T)l&2}`qeA~exP?Q+u)a0D+oIhT~ekG{!&;t#OE((s`>Ae1$J+NAS z-S}src{I1;8QLMR39Ccj06Y-&kP|5CGVBJ5(tW+A&eMhk#^BlyUPwY7GnOn?eXmmv zC+!GM&K!_@u#@IKNxcdic3hjWbST$?#0Beo6bl89+Z_cw!v|0+E<_G_BXb{~Y6^et zDHzu*$7A6D|Kx&fvOh5cpU<$7ih z<_I6a-L?;lHH+Z(n66|s&@E`5Z+E!d_p^WG^}dV!>}0>qZbwJ6qv?r**mw2ZsPT~d zQ>XiWt2(b==g~nr-BH(wTJtFzznRjk?z7h%Vf4PT@u4^$NA$b>#WCY}lY2Qx3!3DT)2s zwY|@Z{d(rm4gIrfYxq0hn3D1nTI}G_*HqM$Y8fxXmR0GHr3CGZizF7_AiVqlk@6a9 zp2-5MDq-!e+V&OMlpD2@+e+J5tHc%q!pE6&c7kv%uJb)-_)(iMD0hRrc z04*Q(2Az%lp4NDmbAxgNLgU@psXEBn>0T&j5Fa&Q^VzzJOivSF z6YvF*^&r2d-652^TJFHm@w-&oRn*$i+7awEjZ4Fi!|Wkij?g(C4p22FfTtF3&kz)r z9BLd*&PCGAPi-eDG~63kj%@X0uiU40M?o$Y8GQZqjn#p3fIe`a0pwpBRS#F#4OEt5 zw}x*tn;3i0Sum%Mfh6qsj6<3lWZsX#5uJHRxf!i&>wjcXc>gt1IDzU_nlfZt&FoYf z>X#Flwi;;GSDx`;r*o%%xu(!-ld&sD#z2P?m!|AA7i@rf?R#m+$3j=jJ(h0UUOKd1 z2`R1HR=QLvxd7D@pMjB(KeoU}3n?133!W8wE!7g}ZF8>NNgK#J0>O3K#S@Jm}`@r^;|gz1-)nZ8{CeY&jE zHJ6h(4{OCL<8fgjl>$FTDc7q*(8Ei^V0ahJWFsLP!kL%UlT8Le3_wT=4YsMVid#Xs z4UTtHu%!HuX$5?<54>6U21s_uoALr*Aj2$NGx3AFi>mOS3S~Gfq!ymV;AP2`_=20t z681s-J8at$diJe!?CWXVi|N>R15dCqj_53O@3P=onhO(i&B)wq17|#`yim3I*A_3l zDLR2oXi3aLz76)J!oD35eY+-l_SN)kG)@UzxaDi{0IRq=3tQa%ZRVR%iT%ZhG!eQ` z&N2Y~o{oj3D8p$Qv`{c~^HQ?#E-5Iy+Woy@e8IhsHPVW1ou)cF%^A%~7G47wYdZtm zu7#$%@PQ62Jy4A_XLuLjBk>8Jx!MoB3FnYRfeu^_wZ;vbnkOjdgzlTmP3DFRkm3+) zwcX8@k}s4L0jg^lm3j_k=b@=xsCZ_idJTQ&9Q}6<@(M9yKgFep#^>94s?q{nFI z=8186eNCMnx6`%MWqgT*hhN>o#nhT+>9}QXoabs;6Ni%TMT!XP%eSQ;+3%~=Qco%^ zOCmZ3%>_Pb&}px7J6-2A-Gh@sH3Y6!1GO87AMu4rxaljmw+)DNJnnJekCsH_ zHa+RJ%|P4`Nod6=uU}p98r}lkM~QmC$8g;4Yds++P+gzVUUc}V_5iQqb)NpitaUCK4w za84RI?f`=N9=PzcEMRO^=WB+eto}_=L+QAP3dnCDRq!FSvyVQKN%fj#rdPvBEl&cBaOnQ9@)~7bXWa%#(Zp<8G((y7 zT%vaqnWMuh2JTQ=^?Nc&YWUq?NcGxxQ3CLa^&UHw3_CeS7wDKa_K+9PU`v7BTHtOP zH#K@ZL{eR7*4OX$3Xro!-BXhm12+bPiz2Dvpq@l{W)1!|rWo$R4l(wjguunvh;%WSR@xOo4z}d`nA?JnjaVtO9=rs-i|}*D^U1r9A3Z8YHC> zF`BnrNMIRvWA0fKl%8`!CP^kAxX zY(qvvQpb)ptfH6bf_dr1N2CO!c-;ala9lk89Hna8x4^lCUvNm0JWMgQ+;qulm3s#& zlin2f0|vk3Da2XX9%|%(DT8zzN=pot!I~V0wc%#3Vl@jg!X4R!Dnf;dgJGX~$&2$q z921Q@GA37kv&A5eP#T;zUNRi2M3y6nJ=H)s|K->M>tz>0hk5$!emWTc&>mrc&C2Pit$L4#m-=ycmo+idvNmHSZhj*dmVUC zH^#wLYHV+u?2k~If&%OW&#!n4fQe8saBwfpo2#yk{D&?`NvMBy1U~S0Zh$`jBM0x&qS?0kf(|HF3shQGcm0EfXV3~d z)s>gX`d|H>9;R2;3l2mNgSUR*`GK3AxZ#&rls62G z(Ds0qUwkPeE?gbF?RlYz2l!ZfI3eqjM@v=9@*%~LXaxkapYa26H_Z27$47COIMqDT z$s-&~azSPaKgH9J^As*p=fSf>km+4De)S>ARuued8zSblFo@$-;uZ!t&Wyxn9vS(T zfCq=tef2Gk2EO<}6>db+!X3pl-^zAyLRKK2{lK?|oaMO?w9@#Y`%&K-9+do^I$o(? zitYKZqzz&q?35F{a(oN^A6ah>p3sjI6gCiy7@j39e~|uWhPzA)5}|KTgfXlwLFjjy zl!2=qbT$RTpw_4-h3I2!nt$>7c%jebMT#^LVW-zIMEMV1M48s7#fdjgu* zETL;HFSfk+V{d3yFRIMK?E1&)n_)40>=#?Q9X?z?x~#~B#DbET^7?wwP^P^Q5Wh^%`u0|jFyuH4en45|_${AdW6Aibs%*UhIR&?#_ z`u4b1`4BrJ>fdBP;aXoJu1AVd>_ta68ZO2{9hI$d!%+A^sQrL{;br*|sNpNChOY6p zeni}HOdhG-&as-?^kQR%yU7cZmLK%P>>CdkBufB-9|VFPPy`o0A=RyN19?eS@&{TgL^Jy+ zH?i|y05_XRIS!@jwq&3iyFgigt3pq@F&wsaaN&KlI1O zaU%H$p>V?=!OLE^Xsu-W=?hCh)|e~+3-c2+H&~|4y36>u8+N^yDMrFDV8Pee1OWpQ z^CV2n$N?R~sb&@ONzd<+pQ%Xg1*2fjJS_A;h$~zqWQ4eR0c4yb!9j@Ug84QZxQp|` zAS@6;Y>|f#WSVu<6p)<1SVPleWDyn!<^B(_$8Dj zSa!g}xF|K7Lmr?gH;{@Y$q~aWJZgcUz8q_6!W(1qDc@M&gb&8IaeX8_=b)+h;p^sF zHK}vsRKGH}k5$RSyxx<+z5=&TPh>GDCj|=#MY4-{*YVo&w@AhYx9+|lyK@B|e&KC8 zHJU|2g-{Ll38s+d4iuS!c)&E*Q+hX!x*z-31v{(sewcXtA|bGW4Mr5Tqnu4piB=HM z(l+Fr9DG*N;;a=$Yezptpj{Z5_Xbi5;dX^=)7tr zOUqhqzy@}Kcf}ek56(Yo3V1s2a;GZTsQC!p9ty>`i_eOBLZG6fK*VvT=|E4;|ajI%Ag8@ zJy#@p1GzsrXKVvuheEC!@NHOlApU5W4B})6MGsWl2`et|?V}(kzXi#567Ism_$RVI z96q=$mjj?sbdk0Mk55cIY~{mjn9LfkMk+Cu9NVur5_=V0IBYgDKGAj+mTA@tR|E3v+TLFh>CM0d5Grp_7B65 zutD}dk!i1Vqn@3iB*H-kN*c`T>ptyx_}7qnQ;RI-Cee`CRdZyz2+;lc8WfgznZ*7| z5=EhT-8+odH>v_a?s3;6&wD7L@rhnMfb)1+{F@ml2|NbMVFXeL2uR0}a?9tldsSSm z?Trc+1WLby?Ga_9peSaKbAYXfe(9E2b;28ktg%L`aZgXmf+H{4 z3lw}5x5nOT4rpJb^A$tS+=EDMe0UdM8R6b zWR=f+!*iaPK1ri}%`oFQM!+r6!6kf`4=*T;w|PZ6A9&5;G*IaUg~6*;7}T3>6}eS> z>yPEJ0u*bp0v+YolY8^BNPA?j*Z|th;532|{A)3^t+SRIv#QA5N`FI)1u@_Zs3=Qi zV(ItB!t9|oH2*5FGzuuEKaF+o8#PsbJ>y-s2LY6Rw=t%yB2@7lCayGVz$+r!;W(cg z6E6imiL#j+*g~&@>SBE%JBoVcFs}8jxMr~Z0utA7C8fo__{Hk7*9XhyhPom)m8C@m z@B;aP8z!Tia;&Xl)?m#cG)kYgK&_IcGZ(zW)Fjbey{v8OWooZ@pKvh$1guB|p`y;( zv(QhbED+x&eihpXVAU|OF8$NW1wtmqEzz)oiqZGHQnL6g)4Dz(pjEGk}=f=gxPTg^faiqZ6Un zEj$W>0fytj(UJf_7yy~8Iy8mX3;hmDYR*9UQir(G-Igk!g4Hw>`b z2^#Akb6jyzy@c7cQit^k$%FS^X^8IDZTseM;@i@c&ll!j%UGhSh0kpn*l8fsLrPZT=jy|ANS4E$dN{9h1!f0^uXFaWwsesVO8O8ZCt zQm2zu0wd#LSO=Lt*(H9B;cwf42x~%j9FvI%ftusy1Z1W-lwSYXcuyqBiFrkfLkWPu zA(O`f609Wq;3NkMW1>d|D&pvm{_E7JiSJuD#Gi9G(jQKqzuZbdUUaCdE3UILr>Z7Y zWDHw1TyXpzz`=t{JzT|BCojZdWtRNnYSMMGy5E_3gDgz8xL+3fZE?RsRaI8qA4pc9 z6=h)l5bXrFRf%LW}pP+{z5UsB$*Bs#c#mZo1zEE4&1I-D=Jm5Ui z(J_>wPqetp3Ve_~&>cX)aiBO;CJJ4}!=6<8omi!Xe@k`$EH&-VfLFc=a6{{WdYf0g z6XbdWd;L!3qUE|c7rLgf5J$84MeQ1sCGMAM|ExQFKDM;yfgy$eMq1-8O}-Lc5?$z_ z9Q8-x)qW9IZ66xUgqCdm?O!(Ic40!2{a zji?-X;Vi#t_4*~{i32JGL64ANT|$YF5d1nlkVjWiV(epC)?gxwU|xjq+v94@MtE1Q zT1YiSmTJQ_w|&`T;gvbJ`Ic)wn#_u^W$uTHbV)`b;^F+^Ckc;Chz&P!D7XsnG_L;1mc5j%D31Z5=Onkc5D)FmoYlS#@ zNdb~iSgQ62&KyGwMApLzWyZ3iCaC2LZKf`H+OsZ+ln%*(3J-CZhEAXRvs)A^PvIh{B*D^# zt%_ovj;x}HY=ipHByN-smfJn@?TMx|&@Z?xSE%$0Zj>94e)Fi0vxWbUMspbhxCc2+ z1x8k=Q(xwN9%;#AXx%UJWO6kQkQbL?h;@W7Q`{kL1!4X1DtRgwj=e;|me>X7f((>Y zgxgN?8fB6Oio)E1S;h|*LP#NwtyhF*4n)Jc&Lk*m3Y5#lEEO=E;#>KUuP|#+F1CSh z&;jaYP@#O+le*YLcwpqxzwDm{9%BZ5H09|Ae z3>gS|N)q&|ld)F18(pSyEx~m&XZoTU*oOcn1MCx!9~9E_PjaD)dzpQ3gZH)Vbr8}8 zRha(xyU`>vfUAq6N4LR5pdR451k@;_EY9g!)k8<_G7`Ig30Q#O#oT)~mo7barhbRh zEA3}CU0v-iN9(){n2hHOKbiYCR5x9p?u?UqV)!eFMaGp|7uk$bgPyA}A7M+VSScUu zj}_7B8Zm^g7gpuJ5v_leJs|Gjmn1aP_knE6-2#5)DQ;0V( zM8!T+@@jTJHyaQ@w{|&MO zxTN!d%RT@5Ey;6;^kf}GgaI7Xxbld!P6p;%f{iRFT`lMk#z$BwB`E0_>|-8E+~oS6 zUTL<3lL`XGjAK;1uN`Ot`ufJsQ9DL!ThvM`LnxPfTi7VoG9K_W*f^ z9Q~n3Vy*k5eIztD zqIOq&+(TRU>%U@$dv$gaRwQ~!)3RlMTZjz_22mVoX5|Y{*b9V^{H;^q*;Oq|S5ct0 z*+jxFyb97{o-lwh+~Ro zQ2N7K+W*eylJlLg!T}U_c3BEw>dPSB6~|mnkYxzVsD{8IXca4-{knsE=C0eP*F~7VRUVd5mY`!%n z4e0HIAJS-F7ESnX1n6I4F2|QrKpYiEXo8H=9J2e&XnSOpL!lz9&sBisWhjj7%jg0W z{UK~LEUb2Htltn!TLzXuODn+$_EkZD=HeGOFL6y-*F%8p6k-Wm`fl3;bjXiTU}^b; z@5}s{prKtq-^$)lk!-)#tr0ctLTzBs%E{#Fo;lv~EfSss_K$EgxQbq(mlet0O_TU2T_>7V|Cxa!TdNX`ulg?f*9-6MNwreC)ra-1CD z*n}#qihiXFDvQgB3~en+=`aKZoKGhufqImritk27e^CCakpT?|6ZG;&V(QCNN#l+> zMTQB9vtPXEFv!rn?1xLRuKgoKs>B%R=%YkDo(dE8%D<32e^bf$E0mYKsHFE(Vl6gT zBI3a6QdXnNiW0L`1@VmYgZdg89C{lf-mavWN9ajx<7g7_RVNis>xs0FE@Tn)YJLOb z0c%(Qg&kqz>V9B>;3)%f_00Lu5sQa;Nl6>kDatO4Wgi#!0Id>zc+`;&{dnL{7j;?l zqyv|p5_wNc@5&p9dOTe0k$Zv&DkF=}x$-u*!6c|`z}WV{VMQDujU^sU{H4huEkT98 zv6PZ1Rz&=V?HEi=@&QFpVn84>@lPZ-c`akW4QrB(T)N9aQ%m=-%?kD_elM%2*S06$O(03rXNupn!_+!*n1^Dw4Nkf`Z{}<_GVu z7|%!#t-E4g@M(sL%QLOs>B~UnI>)=*Fnrsay24JJc>+_))UUishm81T z`UCa8RbQ}M;Vy3X2XGun`8|5`b2D>)&)A*)7?_ln4!)Xwp40imSa0cXS4@Zg!0!AI z!iW%4EM--MCFEQu>MgG>S71J{5H(w_(zKe1xiu?L5A0N-M#@5!NQCKOwie#ADiIBT zV_}x9ol`A_%aq{M$+^F%TU_BLda$3WI%=YizbhioahT@sSWK;1MAk8D>}xh>*36w zu=cz7dzu=4?iFW3<<(TE-Dffch5fU zn%dtDZY7b!-qF_3&d3~3TK;_ApcHN^JEDnh4E8R#$D8jaE8dW0EOh0I0(I}_^05Yx zD!O$vJ>S0rtIQt>T;{Z0j+09P@egrB5(BjRywoyYA>Yh_=AJS`3-SyQ#pb~eXmSFC z%!78|Z%LINujh`%Ip+-u=x}e#@N+`mdtQJM4c*1x3%Hmw6zTDvV2i7%ba5b(l_%6( zXyQY3Ah|>lLm6i(gUie0*e?;PnGPIg_iZHf86Ac*j@w1(zNgq99!&0y!3}sU#WFkW zGY1@9CVK^iIs!klK!N(jthTvecPzJ~3+y}7QMcjW!DU|a* zY**C&h9#`6vBl~Z+uCG-AnJlq1QUnq+iD~$Squ=+2D)^}YmpHX_`;VI>sGc|;%=M> zZF8)cQiluc>ey`7Q43mM-g*5K{|r$a;0V9bK#;YoSljxxEQHX!CGtr?sDh`o#bs{y z5qa5BZtsw#y;op#Zl_K(^)Y<9WT(N}^UPK*S4<)W5+eQHbdk~N0xXz&EnFhrW@ zz4S1^g`S^|7D)Dxpz_dvip-kCxLq;JY5HM81u-q6dc&rfP~wc9uvDFw&13Pbx4UhK zK73-G3g@AV@SW$qYkj*LO0g_c78GWWR^rfgcZ+7Wq2Qh${HsZ^= zS`L(dc_i?eqYu2QGd=1{Q58sc)n-eqyR7{AW4?XwLEkbq-_Ydc@^|2ZIBU1}{M1hd z@fHBrsymEiwU6xI^KFi-}6UoJ(#5Rvgmq0twf^Eeqov=CrPBg3+S-GTcB=#X&sK3`_ zH*#u`d$p-5-hnR$*1!e%sV>DK+n2z%uD{g~8bro%lj9^5?|Lh2PLCjZVyTq!9*PU*#^E29 zc1Thdv`#>L$r%;XOeu`#Mf-C#^q#!#or9@p0tM*K)?pz*XJ=+e<8d?f62n4ax4E%{ zS~KbtPg@b*-eOiB0487ujYN&uY8{kCQWYUGDq!4M_J`&%7wpvimO2=b1BNJAd54Q&j~L0C@Hv1^Rz}|A_=GRnv|>W<&9Nujeqq zyrGHPI5+I2-$s+7L}~M-7%rfAlOz&L(~*>8qy2Nw+hiJ#>+SV#zGPg%nJOv{0?pc45GuqL3#*VZNvU$30_Ca1FLGZ$vP2)$7E!Yl^kW@CT@?DUG$rCz0F< zo^`K^9YC58Hm!8w$^ArYg(DOx`Jz>!MkNV1L^w|fnG0(H|NC@10h)iexR2m@$s*!M z@ekE27FK`Sh6fT3?jJpF`Id-=&)U|py1|J9f_(_-ze{4&k-k#l-oOJ=O-HucUdH0q zP3>q8JOdp`SnDV*CQVvhPAoRD<4ev-*M+T>Cy5krdCp(OSd}xYq>@Thhd4h)#jO%j zX!)O5n%mi4+5J!g2UGv-n77<*TSnF4oobxzU#&Pzb zy`5e>ew|`FVe!|Mcs6}aPY@Wi*{U*v^czWrr@H=eD8@xsehJZ=6o`D6b7h>q_hfYC zpE4yv=g}@$OSu6Q!FxooH`i8yd{JtjN0**`_)5NrZ4$t|?itKgWfJ<)TtDH6oNL)d zNF_I8lb%T|I|gH(T+8d?STKwQgtD-U%7|ln8Pm1IrmUWn*$d=NWnvi}FZ-OmuQ_`U zc~yDSr+)C^MorpEi2!IqqfSI9fjtNuRM9Ch+K{kPiGwM zKdR3`e;&_0aDrgc6(w94-Z_d%WIm02Ma-jLz*#wCg@o0?)kIxFVX+Olj&mMwZAjw> z@u02n(5KK1d1&vJZ3OJ|CoQ#Rf?!HHLAW~DYR@|-11{<~dYyV{h3^R#1^T?OWZ`OR zphs!Y9y@iH{wYlU*yl-fv-wpX*HMJHbofYXG$sAD(z^2O0v-NG=XD~GxG{l zUaCX=g^Gf|LZa4>F^*7KZ+jHQ6lwq9G^`6KCB?>#F=#cxvU7{o367h6_7f9vLp3{>;w}e=g~OQT>*mX|u)MGO&qgm!;z0%k^edn?yPl z(EN3RrPWT}rbpv&Uug`u+r z-G9IOd{wsXj@b}=*VSQ~AV@%)7R-yO8Yr4%1B(E23g~SG7nUT9gcE7#9iQKEm6B|2 z*{Z>_(=!hU|ON4`Z51m+TQ9uhf0TOu50rG8aKlk5t0|zfcd#-gT>kIn{7Dp zJF!bS>a;7v0}<-9-_Oz_#4@rF$^Na)uGAtvr*ImxA=UQ2r{|tO6QiDY!NlcoyH`&B z96We^rwBa>b#WhbWBPo*j~*YdpLx7KeqI#^m!A(G-}IKwzb}q4k{xcb28r%9xWQhI zs5vzRVlEG42*ix;EekayE5Kj-OPYfjN63wuW}5#bsW?0cb)?%ypY-pT3+~R&$$u|X zhKL?U7%%eFl-hNI4sW6HFUH!6JxYhjyptk?EjpvTAmT(FRAwu_x?fSAl;jWB=7y|KT{s6?w%qSNl@Tn>Q3J60B3?EY)To5LriL%slFg?J8+_xySvkt1q6O{m_&C`RnWzrn)$tT zKXmq{%I!+ykcHJAY3LxW9NMGwdk?+E`?zUAWx{dFdNwc;ru`HA-L_&h+Ag!=!dgiC z<7(MEp2bHxkNM!2S+zv$WW-X-r;X3bAajC73zdCdi%>AvZg60s!>xj? zBU87G^nu;3EILoJj#;ic>rnEer-!immK~x)bz-`WBh>96V-~IqxbGSy!<jV|0r z{>)!RGk^aR36*70%H@p(0FY({06_R(m)ZZrX#Dq;Hp~0Reupis|GVB`973!)S1}6@ zE_(VFMFRJpZNtWDWD*T}eZh((uC`T7Npx~fXYqUczIPlx5yf==WN8>S%1n$1e;<7x z{8J*o3BEnY_PVJCKk6#X^wn;>Ixcd%i{82Iu;#S;EAN~pH2gKLxs2|>SFsU}`%QQM z>Ek4&_wo!V&&)Jm_}F&0smd?lujUr?99|S0fKYo}Z>30j+9@VXikj!nn`(Gzz)-xb`iiQS z-e9%$5b&c)aNl|V3n)Se3K51y|2F$~Iz;(Imuf9n{clcMPYU|9V410* z!M)R@591;Op4J6l_e&hP?$+J|o#k7B!K#XWf@_jw=yEQtszMdVDke+$HR#KHC+64B zpKttq`oLXt^MP9h`M;FMbX|*(!SPr(IIKRB@+o#@8yj9ei%;K0ccbsVif8rFYQ0(^ zVAR(%u46#4w-RoV0DJdAJLy|ty+#(vyO@dx@D^ekfSaprA)SaR&=0Hw^U`~?nRoum z0ZM^Qf0#f6LY7+#oOUkArCM+SuGR@5L`-v@%TANP!$7YP;i1%AnQee*nP!SHQ#=*0Gos!lg=3gwE-r*&j%z3r7s=m#r5e=1@n(K&V5)T;j^fg_AiQuG0)`p&Ik z@#YbCRterZjolx~2}nI3@HpvzFhCTcbczZ~2g6vlH-Al*ZabgoWTr~VrhgwFgYD5? z^tXxOijYf_GbGQ}gr{v%!-Ni+C6Bg%>-uwwL%)nThnNBhq8mZ}&8lP@snA#%Mx;WQ z0ShT81I!N&{yhSM6r_)2DmEe9DabvWXheYx;w6>Dy~wgO=Al+Yokjre*P9^vA*CrF zC$IsjYR!}3T43#a>z9MndJq=`Z?&+XkHp@UG#9Gp<Z_(fV#EjjHW~H_c3pHqkz?ZneT2kd(a8S}@Q9XpFf{7XI>6=cs zr|sGV`b`cOz`I~pHnzgi3+@RqU-n6lW0YEzeU7W<|3Wj{_Pmz44;05U$bNCgQxwu^M_`gZI0Nd@aUQx7K<#K6@NE&jkZKO5 zJ8TvRR2dQ7T9h{(G{90k|DzfgrMN(r8EtZ4D-f-2!Ur zEr5IU%cKlKTu`?oygE3-aL!r96ynGE{cG#gqfHBM2c8b(nA6%>kI|_QNd$it^f$eo zzm;p#7#cA@dx)vvS*^oB*mtAZo}eL*BeBTchHE;?P~VHeomb|s${Qbn0PqLJ_ZHp3 zTH4!z?i2IYg2XyBr&fzV5TS!{yIZ#;uYkc#CSu@lx#!}bU+VGRmZ}v-a(^kKkfv0M zw7n3hxx8exzO5*5fQ6W;U ztE?a=V{D^_yq0x=KyqgQ%OLVo4#+XhKI@cWkLWCdXW2@94n;43j^tPy0|zp_4HAW6 zgRDoaVtw+{BVP{>v~Fi9vKl!=5-?d15^aI{s@`q~3RWgn`VEL7-e0eek6&pL8t}ir zS+XO1V1hiS!cCZB=({)^rEh8{s_IxUMj@yW1orU-7W#c(KJY=o=i2*{fw|#?o`ahT zYFx7)pdHGY34mZksUd!i0z{13VnpDyF1q4{6NrXbn|)vjq{1B&5MhKxFyk-tVKz40 zF&7ioB5MNl$jPLm5jX^8ne*0@OXC(`tYLmfFrqwB8qRHCJ)baf3yYiOgzwr)ym7Y0TyQ1XsUvk?gVe(losVSSKYf9@QTrxEtqY? zGINic#IS!cb4@HHEbr7Hpq<+|>>btO{;tv^Zc&wNeLDn8hXhiD6lGRgDj7>6Jx5Ka zjk6a2z+g-G?Zp&=1mPTIUJJ(p_AFW?hU5a3L}C>#tU2lUa_;RiIZSXy&F_@R%$#jU zR(aUhF!Ncn)j+f0THssXvfDG&rDYhO)65MS(D8Vc1ZUvdB;H#Ba=W*I2-+LuGy=2D zbxnz6DJ(&}pij+b*kXCP>(14agUrJ!wT=fkY}3q}8n*aVMh^$hO%2721-|dn?mncw z(MkW8leRoTlFuAY_^nydlRk64Pp>pcnq4N>WClEH*8~mtg&4>v|`A9>(?m zf{aBVei?(xb*B=Nw~e^%hl?%Z(M8uL}$!hdyfD*g1YrB zKAS=oJg_!@?3NC-jR@vO^4l>-))$rZ+$el6#-!?dlmq0h4Biut81lfMrE-X-xx(t` zZ?6f2GsnK#*=D!Dfsqldb?e18FyuQ|iq9=o!irF!X|jQy)3(q6P|`lsw%BSS7!;L# zUe5r?$fw2Py=&<&M=J%+AXOIdOROAdl&tN42v(g($)o1i+Y~z5f+jVlK~8>*a_wHe zeu6_xwB9~(^J*15-SXq~f)4V{1Hh<^De{*UG;KX~nX2^&YG_1(WSsWbQ7A*S+>d32kDqZv9!q45!Zad)#QQme$w(@HLX<2p%v0B6jc+pclF9~ec`UbB-lSeuo& zugM^%&XhZDuy1l7ql?#{^&J047ZlvghW0%Qc$*C@PRvU*G4-|+PE>mdJ}uIYsV=U4 zsE;31J{=wCF_=XL&buR#(m)SE;zeo3BOG6uUzw1Y;_7h@gY45)5KmV;KE7uz3hRT1kCxu`k?ZL$DI8%tW zsfE9+(c#-BT{${jr>!9xkzZ)!?)o%Z8ZqQlmn;d%s_U1%wr3-%@VMPP^P2dJ;^K-63 z!7o~30N=1v2(|JqwCS9Dyfx^^tY`hqMT4aj?L%S+L7!Z35b#&5tA2e@IG2=Jn|F{; z6lLyy^OxL{K_m)n`^vnmf=0$iRW<@on)pUy#zZ}p`i9i>%0|2Tx((1WZA&ghf@T$4 zR1}+A$r!SKg^`Bz@yhCaQ9UyiV>X$ay=uRiN^$x&&M9`h`Dv12726?&5l($S%wn@~ zQgCKXIIylFAF3^HS(XdqFR?p6voamyzj~bfJ}G0OjCK`$5-ctqAlB78vKVV?LFa`m zN^5wov&AoL_nVFgqHZK3y(3m^Q)D{e7feeMv%}~zs`(Yz zsVJKbHQD1!10Zv3;bYe`r&^JM8H7ut3F#0gMLyddEld_6#aXR*a2J8S(}F+K@2JV( z5=Gk2eC0r!=~T#jNu^5Zv;!5kbLo8#A2W2tRj?My)3-O8UqoUk=&Dp0=~h#Vw9Eud59>XwgfiR^|R zTMd=&6!>!itL4bu@dBf{3D9s*LAJw4s%8f^CvbNT7+&fDy!F!6J4u|hOW!=1!3`m^ zdk7;i)BVO)>{oq3h16QdOH2cF(AO8@W}u`;2~Rt&*b$yP)Gnf!Y7OD0%+arZ?02{a zy2k3#<7@(f^&e9#LT-=*m9yPWOZ`%$>D>fH1k?IOQe^RkdX9|8XUA>6AiyKW!B1;p zsTLCql8&kcaVa*`I9Pq@Cd8H3hzeGZ*9KIaHrgPg8OQj_YOY_=Ozb7g5&Nxrtcs*U1wZoTZWL!X2~=Tv#i`ci@k%R&Kd@bMl3;db6?eV^q;Hl-Cv%zBn$_J&Bj851&*6n8`xiN%7c`A zPC`&uOQVcAmI(yu;}qCz+7T`1!^|uE8hSpCht=~T!Jc2K zkv-zAwHeiUtvC0I5BLmP+;|95MqH}ommRUUe*@|fk0-4+i5q$T;JZF4J&F&}n7}hY zK$#{ge8s`mwK3Kh7d5F1ajirO`#wYhs`=CJxZBP@CCimd&k}hpU?a=tPurjUQG~dP zD6czA!78nb38qpTH|+*;S{oRmcD<&?LnOwg-HIXRbx>X~8K}qc&rnn{p z=bqUym||bzxfM7RLLV66Zx&#ze6%bI&4UwwH=`a~nhZQeKrael3eL9x>LABcuuLAE zE)kuFKK`L;8rJRPC@DvY4;w1sT%Vj%f1SSX<_$`8~cFnT}y&-U|4g(z2sLW zjU82&F-t|sL#qfHC@HLG0c+18V-GGP2g`v*gNy#WNwAam>e4g)_Hffq&}}bscZ`_~j-=%;D}i zi(>_E5Zgk>7aeg>zdCcQF-O)}v^7acM4$TldZ-NLxVh#gycvZo1YI5XWOSOor{Hew zD*kNV^d&bZt$AFX{d~TWYK5S|gm$^~Rae^sW7|$h_ii}9zS@1Yg03E*`?hAATd9A^ zJ|^kv=nh>O)_dScjJ8$XNnU}Uwtqx@2nr6Xs}y#jX`71+nP3m>XJR*>3|h@HuOCs2 zVI4+X(c+r`NSRSS@eSWHBFzh1y;je{C2owzt1OM$qkk^K5_;8Xae6X}PuF;tIy4ux zr*v8o=Z2142>pj<(686uRUo7r=%z2u<(2jboGb%kwd-MzbKh*m-;`)nrKi*+vh+@(l=l7T{$%-O zRVJiRvOI=RmMWYo_VO00`0&irhyy!I1aIUrjd+H+mnx^&iRz};2huv1FQ8trj}Qpn zIGTKmqX5P~Ilr%HT#*uk^8K+PX#Es-2~`UH3_I`&{$*pph! zM90nWEX(ODS!N~Tr~|kZx9vjKolLV!dzx#tRIga_^7o#}e*PX{wGKACLMkeH8ofJk z{=KvhDQ+N;S?C8*5oXMEa7>$e*`PX9+(b&+0K&_Xm6cj$l@`1+f=w7&z3(ORyb(PK zEbl3*DTVU4^Oq5-Ol7Ntl}Vjm>lk*o=+4t6GvnS~9n`ATiQM(FfSvFgx5P11^?eQF z_f-4HnHS33p7xtIS=07P-NTQo^WR(^jZwMt7N=c&tY?e1-R-w~O0B_J-`ENeU{Q6TDq(Lenv)XJl`GzBPcNUYfF?Et7h}J zJh{ILgd7^3NUnMn?{?3>Rg(*2>B+Ja3HlBALlpl>N3`I|7x+;k^0e}f_s1r%(`(>P zN%L^g%zc@srmDa-f_(@VsS1Ev{&ib(2)wz1>%fI$3AUR~H%#a~N6%ph17`%cHD+UN zwZjcPMnPRfa1)SmmZO3GA7Du^3(FxYcMOlvn1(xF5}Zg}3n%?-ggeY$2$J_^{zCY( zi5vY71rCqUPdq< zD(_Sds*xZ^KJoNgAi_k9FQ+^i_4g$CAuaohEdt{G`nt=*^kBJd%;D3w$ESe_Xz4?h z;7ROJRYSz{^O~E|a^Yo}d%e3&Tl{v#R^xUBqv5~N(aEoA-B-v+G1M?g8&}KTE;V&I z;{^1g2F0m!&2x1P-~@8jeZ%bNTR9ESJb|y5@11AR`?v0I5GCiKm7P5@{e-sIzZ4U^ z_~au7Wc!5?$rLk-f(eiM#S+0F6t@AY)=q>@J#l*J%?_x-kT(Q~y%VDejYmp}Ol~o# z45(J4aFf1iurO@u2O*Rcfnu*#YY5USbLYV{b;dM>1v@i&?^#@}i6kYJ2+(r*kbg#D zzgO&0TbGcH;Pj5MjZ}wV2p-_+*>O;NW`=43`h854XgHS(3&Xu3JBR){T(i_fN^0Ai zvu!)!wIy@v+Ek5(%NF<;N7|llwI}48_N10-%rzEaJVfyTuRl|*1CH5NW#r26?<+ogtuan&8OEg$wR10xRJzkj@2O3p&7n66!P z8)GYf72$82N^ln<^l`NHn9LL$`s>vb*aezx+GFRl*`oef8mJyFthe7px}~=UqxG=z zKNNA@Zbt&}yVl$;^@Hxs-k)n&IxDo z4zj8LE#e>YeUMypXOXtG*D3p7$cy%GRLB?d2dgM++TN`sc9OD|Z}-%{$Ec_rIP`;s zNAW-MrFIf4<1Eb%`V4to6i{dC2#1ZfBCNt@=d}6E?|`mqp8DzX&983^}ID8;(hpe#1KiF{)zh$478_xUA zjTvY$7=FX=`-6eE#PZZF#S8~IHESg7(lv;=!M^tVhT)16IemPQW@+{sN#!?3Ns_wO zx=D@qh9dDPjf3hb!TUN&=~^E>e8H+}08b&r>poqr&&(IZC^`=_c^eEWYiYv48jX|E z*E|x>&?@RWP4|Wr+;DE30;pNdA7RNv1lCCJ6NIM}Z9w89j9*DwY|hLr%K+^7-Y=gS zhTM<_CJw$Tm;NbP4~lYF=f6a)Qn%&|5Da?t270FV8`ozx7DF#ckO9sbo0x6H5X zB{Anpk>ZR`_IJTcm`pJP`iC$DJXfOOn-o3hIiX>Ga)Ex3o~{?NeqS)K{16mL7BrQK zSx5YoYKQTarIE8d-_(|Sg6%X?-1v!0t6;9@KTBE=n+z2 z2Wf`L5Ja|6AmpcDT9Z10jz2sF+sfOC-vi{Ue$jn(ui%t_uLZFrtvMhc@iWM`85zow zzY+fD@_1_}s~8>%2nYo4zuqo*TA7>M{V&_&dTsl}-7e&>Tf<===O(38W=?DjVQ*nhk*SAKhTws8cGh z>hP><&VBA=W69lbLgY2VB`^0G;U?R@D{h&)RwI>t0g@Xvz%MexgIp)jss~$$jnOu- zvnwSQXMQ*J?=vlD$`h;4oguKL+9bD=dr6Q5ZQYir<)3w3Og)pkwk@YWLX?=E5V;++ zY-M6t_lTuwFPv#}wAj=l4(-!fvrfPXZs?MOH7L>uzU{;h@)IRhR-x7zF)^&!fl<$9 z4Xch&AB zeqg+?JGZe29CA9Kz|=n7gX}g_&_PrLetkXOz2y!L`adRqWCjifejmLLj&l`GZNGtL zHy<>;>wz=9Py3a+-A0FsB0J?yk$AF3BR zi?;yf#FeO`FOH}Qt3fha$xc1=24CP6-FA<6I@FbcJU8fd@v~_Kw%2QVd>EpY1+xi7 zYEppWQN6Jxo(6I-FXecNwly*@wMIfHO3Y%68=p&R@vH(EEVF4PEJ)k|C3#WKb4R4t zFnQWp+S}hcIPPPOWM@i=t5z#@D(%ZS3~%WUW(IdBtq0lL)TXgDwq{;*22dI#P#O|> zeGG-LLwtM@F!^dH#s`Bz6w;dzigIz`Qsc*?uI0?pAad+kQ6rStbv>!oH&5H&mNSbL zx(AqD=jznb_aaiCllrnd5wNnOnUD$%T3F{40JN@&&o;Jt97WVZMe;il$e`VW0#qrC2a-%}Um6RfUb zF^--SEltg{+-yb0wI(1x`XuaNwQ($0-n^!foRs?tkEc4U0GofdX#oz}T~Bdbw@uhd zsE|XqM<~-Seuk0(hdjDtSe$*y9I6!bIP%u+Z2h3xmeYHZ-I6FKu*NSi(uR#zQoUW) z;L1d+XMSW8g06bPs5u2`0cAyWyJUF_nV&tgu^tzS(`_nmp;cW16tk9(RWbyPXEp3b zU)~f4(PtYBB%1*&mmGm4VeJdu3IT0)RBf{hArhzDb!`V@2P2_}F5W2f8*M*ILZv*^ zYsm9^3^BpwgGsV>RP+ATe{Lv!$D1of`mmjZ9ngbs(=`~~$T8i{JMz*R8YEf>bb$2B}H+^9qConni>=@?BGPB&CK0r!yB&AwrL z5n|t;a!URUp&kFB9c<9h3IMnmWHP}hiA{z^icg;x}Rrj@^P_E7T+@5(R;WVcSR>za6X>^ zp4z^WYDQs{9ErAdOG9Fqu#uOXyOxf4I2;jkw%~Fu!CVzqD}S7R05;7E%9y&xCU!n# z%R-6s{)j@0hvZq^(mz356Ji-WxnzB|=uTaXInQC6a-W*A-vNxMXp`L4hogZ!oFK)R z+#~1FSOl_&5*jjKSy4>-BSg0kOsREZOB< z?3!TG`+hSo2sHHbe%=4!239rYpeltqF)CPcQLtOSgGXhDm+(G|%L^ zFrlv0r41~_BOM&3!N2nHgg%P}qItVt8xpOR9l!6x=WW@U{LV>Axh5-_vC*L(OTKda zw>=o(uKCyP_sE<0XTQ_GF?aGBdpwJqqr0H-?@SC#R9VjcebvrPdO$3SWmo7SUNL9Hf}SpFX19nfOzSoMn{e<+Cbob+9#b?F6^t*Bg5 z7Tc(tR{&;ET9^CjrgKsgIR7PQh7FfEa9Otp`4>lt8#%rwoW*LEZFlUds=$mUU6yHj z>^?k{9j9}@Pn7{;#n&$)lrEXmP?pze0YAQ0%@5d2*|0|LBVU7=QViRB6K&`-i?00Pu? z1d(hbXv)8=$#wpiT8_MkSKY!fg^8P z5q6?^}RoocU?wzOUlH0ED_0v_y{n30H*_L%H!I z-yGQggpay}P?!yG8U6V?N4@dRnO_GmOgVcKq}etc{HEeDo$kz!Kj^>7BA}rx%wj%1 zCiB^_=@c$9JwsIOp!@YJ;ll3q2PLt1P%1kWvh3a{1Fetm2~$s_3|T1s1!XXaGiD#9 z;RetgfL}-Dzd+{ZDrYve^mSU8VF4FHuqL<5IhOYLJ~f6SDYs9;OTv%r7EL~3zs}CU zWFq+E(v4Lu#*9fV$Ey!HEooc5DHl@k8m+VxTOLM|HbgbNFA6P?o|7JpNXCf2ycAnS zD*ji^+p;bYgg2B`=xlpM*c@+lbZdrm@-{o)YuL=r@z%1J?e?uVDnKXM{EHFJw;FRI zm!3>w3Ec429m{v+53Yk%w_eYI)}0I*ITi?({1&B$$!#%b-9!YEbJz!1c_YQ02)Y*` zr=M&I{&yqhA6WNWW{d9K$*fW&+Yyx<9EMtSZ}@VUoZnZQhJ_RU<&MT&Sh+y%(8sNQ zkc6O-a^b=WAsPY>=IN8K%|dnhNcpQ3!lMc}%AzRTES!5r7{h_MVb=Q>1M&xTQ?o@$ z)L1difFjNw18~W(R!y)QoNkj1yw4|hMAxiBZ=+whAe)wNs8?uVTWuutj+`S&`)YPk z8cV}C3x}-0qWj}PxC>J*Fnvo5VZL?ZQvjQv>(`g&-%D0x3ei*WUu}Qk^wEe|TT*l( zT&edel)ydnHC{Vz>O&_SYH0)2)H;KS@{!STD~PC+v5AD>#fKk-t=wQsvB4$GP%JE{ z5L&5u<`F`jpm2psJCA;UWMlT5FWG^bXmKHcxD%0SG16=PVFwm~JN%5#R0F?|kwQqs zIBViw{rZL65SQ{nr$0XCSfW6 zz<A?N*?86^?6kbx$z$-ggW3hAg1->;I}98uLqoem@;5&rgR+`9I%X znmRgISX;Wg82^7>(*IsV`n7-JfVePz96yINR3z|b#rcw^Z9{UGHxN?_v0dB#Od!D> zR=T*+Ybh#vq*H-~u2PpG(jGlnZXZb7zqup%Iui-AX&;`4rWB65xh(t?J4&dq8l!lk zcoe52kf&kp=Tt-hh#)dy(Ht+eDqQ|)G-yO?2QWKvS-x0)qe@u zH0?NMV^pSMj!gz5t8)rP*bmhDsmr%m$}L*+(ZH!&S!9ejD7fcK?F+gL54%ll)!`!S4n4PG|5LcF6(afr=nc3`09gQKi`b#CS)M}Aj z*3{K*!UK7-(XFrBtQZx9U%< z6tR!3z`@Z28Zlhyt;ngAXWH?^T9re&=%y$w(h95%MsdweK6=+@!2zsCqm%O&(aBPkp!Xp%v~W;l3Rtz* z+3rAw0P%-Cx|MyJV05CX*H8-Jg7$UJArwvd&5lXP=*f#rB#GH3Or`~?B4tP~^z7(9 zMds67S*!ojmk{*^vYlOR=7l#`c^XS9JmRjl3t*>FroS{T|M)>57KseX;4bJG`;Y4k zFh3#0=GFxcL!XLx&KwZBBli=x6fDZ0PBWfzGg`X`0e`UjiemqeFhi`F&Bvp3QC3HK zlz3|Gm59{Hf-x3r$nMc+J&E6cyb*<7AyB z5$G6AJstSJSIn?zkZX_#>w-b!{KW{+guVtHH4z7YAt&hu^nLz&E6_`XfA+n|o{4jC z*`sTcrv$N@ndeq4Pnd_XidUg5?2+dN<`_K#SBm`0H&98_?l+Mb?V;|#YdaC7>LSJ1vsIPOTa5??bk@w#9efR%!$vX z@h*o7NC(zX)7a3Y5K>Tgvgm236;F~c1+r+$neQNL*~T6Y#n-HDkPrmZAZklg9~5C5 zPG}(}3gbUUCuc)oWV7mnISjC1((A7jI4E9DurAl-1p-b2Io?1%v)xg#b?SLFqjlV} zNVKAsN`%5hIF}q6GK5J`(FkMe-17UGKXIrJYZ|R7mBxEiX%uUmbgGv0(z)pu8@Q2G z^qL659O_8#8|qSvI+?0gHWYR;ByA^uy%=I5S~~ggs|buSS>{M^SMR1r(YrwzgRh-E z+(7-kUp=sbaiip-@w~08r*V*Ll}bb^q)jp#N&jx6MSy*!|so`=^o9 zQREUDT9v&f4jUgD&~@0V7s8AiuTr)5V~4&OlzdvoEj#gYQmWwwN*Lh*0fC+peNvWw z_gO z1JioYBOm0wG-2u`ZR`cWPs4U-Cvx`D58e@PbX{F*@C17_ z{RUy-l`{HX8Grp%{Wm{Mn$Gik~DFEx-k z>Hr>aR9Mbd1@Ld*jcXME=Z3u_@5J7e4X4%;ZJ@uWbB7rlo0`bgdwymRqXe=Q?(b(H z4ZW>D4o~zfBY`{4=O_wmx`K1t#GVphxg|=o77F5rKYdx59Lk{ez-_;(JTvCM$rzf>oJ0AX`q*qY&lSW5 zj^k)P3{$=u#odRltjHX5eF(h)Q#f^CL5`Ha5i=87KFjOgm`aG=G(G8y!Ng55#qAnXTLYI)_b&u4uW^; z0ykrZKSBSqF{b)gnuz#g9nAl+Gyga5*8dx+^WQa%yXtJh4inn`8Eu0Qm2gOvty+(; zYP)Sk?eY}MaZ1;7ZNSj+oo~J-v`L@zweRBn&x2xs8y1_qvKQ6>uuBucAL68#fl+`$ zNbfcQ&%=lpX_8RVw}OJk5_QwEkX5R;_f&#jL|x~&T+*rQKsWgK;>{#zz5X2sGT{Sf zN|eUV03_&5YAUp`7%4z&H*H1fmNWZ6C+_{5Kzn74U2je#Gi~==*n`vvx*4`71#{QJZKn*1(lM1RF-|cr!DnRaK~*JJZy&+Eh=% zxp#b%V*Wm!k$HYK;A-j3o-RrU*JT=TKy~gb?oYl|`-8tsZayqw;G6lGax?mZ?yUzP zrB1LKLP#GW$5wO4H_y;GBj9rJ9vi#(gR(=MhNGnPIxjm?gt&8jLTuhzjLA+(OPG&1uz1+`HkWCDO~}mVOY-P87sRTeuj-K#qK@unzK#_>a7`RV6eUAV z#%3LUqK_)-10+3bUDFY$bA4u})KD|Ob8S|~15elT$`hoRw*}p6vAl2RWJKR`kQ}|& z0^7RfpPIDZ#1U$(-(Rs~+}v~LUkU%pIMAy|xQ^@kOw~shC9NLebMu~uB20!)YTw4< zbtGjDUhHFz^$dW>L+6I<4v?YK{uRNo9`XRo2|6iXOObWvq3M3E^9@D;}HkO=g$C!42n$NoVc}j9BA7;cv~(8A!!;+9zu5r7YZk~ zWBZ()41H4fY4BA~z>GhyjZg#FF8i3jkMDIlujQTI@~VgGGQWz$PCb*nkxg~Chu-BS zoppNlU-TK>sFA+Q#u~_DiAfHa?!HXHoPu_@;|nGoCJkwox9-J{Rmgi`)8^h(gGwN` z-dw+ht)0bsMr?acrS-bDCRXEd?W?kN_zkjo#bH;1P5R$hZC^%!@?)1Yxu!diX~E z^YcVe)AJ&+aB$BrYI{F(cDA;+*OchPdptLovCF=(tnP$48pRi#23dWfuz&96>*c7q z9euM`M}Q(@-l5$pfEo0arFLzKDBrFYyaSjWo@83up-X{TABIjU{V!pl_L6vLCYd{J zzR8n$vPzZ0WIkF{Q_s45Y!VR@!}iFe7KnJmyjE6)x&{eP>9$=54NJMvfLudI!o-sQ zWmb zEfIvc^^nAvHt7|-?#9LpqQMwr6G8mY*9MIAvNpf)he5|42njJUWVFmV8$3GW2D5MK zbo|I>?qohMFn^7`(B$DCX3}7)i{tkcNZ~qZ4f6sK@pQ9p@8AaG&X58lh7hbm*CQ`s zzO1m(c0uCE;e)R}}DNJ1>FMcd`@49d5T z=AV6cu%5eed|^s`te+T4JFpCV@WHbI0mq(j>n&$B33?$SEEF7)2$p{Jv)!k;J>4Qy z^LFY*qDAsac>3D~<{mJ{cR3j8P2Wx(vq;SQdBNPrw!np}1Z|YlX$|EUmN3fqV7R7) z$If#{$4N|Frs_2MrJjJbmAV#~ZTx;y!%v3;@xe$~dP+5UCo`Mk2n3s%=@5v_jH5^c zj8624d7l|XSU=Y@jIKgq#sVtxWr(!Qrglwc?_*zf1P#G%vS`SlFOIB=Nnc?9@zw26 z)viub+dlXvtBYTR5wihz0mYqw#)~e#B7QRM)uKSSeJRGIb8d19yG?62xDgIrG#W)? zI8NIbyK&x?YDhI&8>V+I6MrIqfUqAf{y^P+)TOE9#hk45$iOaZmlBERwTDzeOUVh7 z@o~wO)^E0XBnK>e?e0BkXulLC>!ph`nyn?#o3H&3tTZh0sA5^fOggP>{>WKiNbtsy zf=$V5UQV{3y$+Re1SE@T2iz%AR0;4es*xV<&<{jea+v`M4uJO#?1p)25&b**Cex|_ zPSJ#z>~~7K(qmjmd|W-@*WC|O!W_wM7Dlf#%|aE?H#|OIF7dLVcM85_I4Nkc;vO`5zeT7Qc@; zAKaHN_@6MKKu0Yu{vS)%opRcTPV7wRs|(aRbP$;3BPR@AUUg7DK5+JFF90=<8l#}P zDm5X$x-`o@*JC32ojCQ=S4j#-+*B27F;r0D)6XVV4+{~Or`uYdiFkZ-ue`Tf1N_Z>E;NL0j!!F$+w`K^-E>c}h z!sdnHcMOjLjW~p{)^-?iQyr3u=u;UOBRhPp<7D;gx&phbyx@<@M`xE9jv*3btePVw z7|R1!OfD(D=buT1c&+%yXQ^T{p`OHy&N*XSGb$3(e)QquFNo-P8(`R1*ywQg6@(op zK?;Y2e7K^DJHxFUQ5m8-FNPo^sZvUoQMV-KFPvJ!2{C647=6z@xiN81ob2NYN{lVG z+pFeByQCBwYZ||wQhspJ%bpx!IE#HHv>?#)dSU&za(KJ?v~#;(3Gnap;fp&26kGCo z)xE?k7wWfNeKYCoF^pUZYI?%^KW>9DQ2be4bVTj(&&|vO4c>SgbylC07{&}jM@`oY z{dU0OOtDcBOKTSmnLsyvM;%#VNvt17DxSr}bRGj}Pl2VH8Q^D^DT92u>qRSqIR{LX z9QLyI=>nO3xR3Oz`5J&Q)w zUzV-=FVr5G?Nk|pb`*ukSmBgnR1{~z^m^0m+;Dsc-zZGv)w>4E>#PLIMBLHOcW#wv zw3MaeIZ|5`oXABMS5hfXI-yUuk8G}2p6x)+sznocQT|F8#!5bnT5k8ysc0cX3)k@K zSVqjbQ;jE*xgL3%G^o)#=%ja#tEKeZOBL@3vus$Q(4r$Nhs5!4)L=guAS;$I>irNh z(JJhIgp)0GZ8u3)lIlXxHx6egJ!43uzKSwPznj}#YDuY89 ztiC}#=OwD10*|j0dom=9f{X42)uDjZ;V9_jSz$QD30e<9BFl6;Yawzl&w}A`>aW<{ z((VQ4!-&!yyd^i^e0_<~xlOQxnmF4{s?&L!L!JSo+_jP{rP|D)HjBI>w$s_{$^H-2 zQ4IPgV+yUp+OQ^aPn=P2sIP1IfJ?@=A1p;!>Ko)g|2QAjR#E9cf1GUi|ElgST+GdV z%>S1*vRrdF;b*=2g8)H70GZa6y=VpIw{H<&2BF@m@RtG&$&g^NjWLt9>33KTyi4lY z)nVI)lA?n@8{u~48ub?s;0LKrL%N(ZmxozrBf@W%T#re?3&OHmBTWk{R$>=w``xub z?)816IL(724ds`WIi4|Ot=LtN z$AR+N?9KQKN6uB8i5gQ%be$2n#BF+jAV`!iqqaJ_pAub;iuGiA+ai?(q($(*k8C=~ z+V@-6`7&j4s9g0Kwz=YbH;L%sTVkm@UO-O!ijmfqf(CZb;AB`&BYWzGb6h0unpO-j zsU}Q7(LXg(4ab8|iNJq=UPCE`ujpltU&&h`w(Y7iTHoO(&Jl!2cHizVTW^?bitt+N zIUsf)j%ecHMjI)SO_>CtW#9X^q#=tItgPXsI|jBF<5_VPo#*< z(#Y{uw9)1y=q-Yv_AqoxfJwnMh{YX==siD>liVg4X;ed|Czb%^?dKq^_%9+;w)SfB z0x#)bY;;iSs&jZ+rpo-=L#exi-l1T#NJ2~&t)!hT_LyMUab+hdyfUb;B|FKy7B;bh zo|UeN5rKBG?D7~{H&L8h7NwtiEID+_)S@9Od!6%I*al3&W@~>G^KcC7*z${U?l5S` zwK6AN*Ba5Z0H3GKt2k!fruxkqT^~o4<$b`D1liL^F|b`N+#ySEr=j6X2qMW5zm!a$ z8>oX2q__n`gr?C~i7=c)gqVbbPp51^#`TWN+%SGmA+9tZ>;GaltA9OEl@#5gJL)&-@`)C@DdGZPfy4zoMRdc&RxAvV&bHT&^ibA_C^ z*OdXCl$eFfF-qE6hH*Ir1~H5gp_CRQb>g#AXK{cXCF`@>V*nx@lg3)BRY&K?k9Jqy z1-CuVbDIP`ay(kGB?@S5$(}Gh?PVUvc9rX33<5rCBurVtytsMzHd!YB=%B6QcfNs+ zhqn~45_yESy56*rH_-i%$^Xk z&_l-Sw>*FC=Wzj2gnM~)1$rCELH9>c=)1S|!L!mQF!>P+EHMkL^ELO4Hy>fsD|Z5d zt36ZOd(03hK;*XO6M$~3xR&pU;N;FTEjj$FR<}jNb?LkT8DZJ;gMLneh0(Juilt_1 z1!A)6OD5GL0!%d!%PO;;!R0BLbnbpJs(jz=y~FW1RRC+XOL0}4{eLS7NBsoN43f3N zLZAEI)x4$B0=|R$Qn%l_F^!8mSa&|gEV=1R*|RAW0Uad24&P-o4~}mgl+SOzDkh&^ zCHPXdw~bciLn0leJ|gql4eQGPAIjb#N|Y$t5=>h!ZQHhO+qP{x^QCRRv~AnAZCjnc zx>nb!s$c!PV-PDwcMyYp&p8_hkK^M+aimAcUxK@2rp4Xd1^ZtSOE3X1El(^ zXiD{zarCcR!0VWDp**n4U!!yi42sl#Zm}1W$U)EYSfcK!D#Y5g?_8&$!!*P>P+F&H z{RWe~8j5^t3Qv$DZA#M0a@b>WFKeuwVVSAUQM3uy-8*-x-Nj_t3Z~4DrMh8ul=J{= zHl!{+F%~1_q<)!_M6GK|R2^KJ9W~X%9q+;jPQOWBTn_te#VA3Y9 zoSuUndv&(r>LKlhzsvmTrn%kUbCjQ`iWUc#K6%6dIyn$W9-~+2;Sz?Q1@}gL`8S^p z^3^CG=v}sYa{it$F+bT8@68%by{@HVjaskOK?wR=j3+2{*9A72X0RXH%Hk|51*48B z1!^^*i^q;v!eE&agh`_u;waOECA7@o5W#g{8Z1;A=1}+o)zi*MEZUkpu&@aW_Y%F@ zCJ4XO<}wI{l1l>wu+RLEE)snl}4zF z1icM>;y?bNL}wnXoV%qc8fdKgo_UlboCA0EVh@K$HF zY0@m#OZ(}J(pWRQbqsgfk#Lm9u%IZGSPc_kOsg^KqI+F3BO~bf7C7v>nsubrf|b|N zp$aLFSXRbJZ!lQ!YeYJv5Jy5``%+;s#=5}AN-(VjUfqarts$^v(u&^b9QFRn|JE4W z3ZM?Q2f9guCyzdXkZa+EG;6SjY zFfivO>@H*6GgxQg4Wwd0+38$v`9K`!X_x-4GMhgo7>AI zY_&QMn+(c^v$_UKc{zcbL_W6fWW#o(@%txbx{u#U|4DJKkGOs{k6Jg{sS+4(Za>*| z-nXBewm@_ehl66i%OvOuou4_0iXiDEY}tJ4Z{*#!|G1j_^-G+ftkhm{21Ghs9&%|K zPP&g=2{gAyK?iU`^lXT~po?@*5;LA5=NvW%ej?Rz{~O9_FNrz-StN-XSYXjXf6KLv zwp&O_$c;5P&%JMlz?TbuXw}A9A_UgUG+&e4f@?0s*Xsa45_*xCb8Df}X z4viD;RX?G3IF*0mVh+E)!GJVQbwcy-L!B ztE)&>@D6sK#2Rx{ihjo{uxEhUm2XXoqDwkR4Jqg&osfU()qO)V$DCgT_Fj))fiWNY z*cdp)JjD{e70f3*JZ>s%-Bl)5pGeA4hry6ep+OvL<;rjJp%*v+m?D7^+#&GpppuePF1(J(tSA$d06hKpHUc4FUe6 z1zQ)-%$REvrn@UFCEc$Z7cqXeKnk4jK}ztrx%Jozjqj&TKCe zX5KK%{J8&4A}Ko*w%k5^@}WrZAWXTx)XI@y$fT(-9N1T{i7-mB9WN-y=t&V-UL;(e zX-LPIiCluBUKbvXmIku6v~HP zIQirwB819FM|7^e60ZuR-z!B+Ew*z<9Aweis6m!sLHGipvnnU2a4 zqogKcy7E&grgt$HXK-wdI$?vmV^iN+R^N(v2~!{2tDbJ!|3dHHe4_VlbaU=ddjjg| zO43}Io-7t7ae)aI@S^@m;E+=ERxjTnUGs(C(;Jo4y3yts*)#4Hu$SulC~~_G`PEN} zzTzmTTq5Zvsq0hrt-idPB7}=3lOAEaenN5Iw7gegNrI<)p0Vp@0hHN=;PzC_($Vw^ z73v0;AAFg;YI&SLjKL97ijRAMGbg#YQ^CL&W&S z9t6aFK$DCUwcaP0Bw`(gW>wcpk)hd>;JyhFf!0lkNU0fHti6$Y(N4RyQ=c7lwwqM? zDdEuZ=c!$s8OzY3Uv)B(I5aLvBPm(^pW8QKVt%9v1T#9T*<2PO?$Kp|WpF;Vm2OEC zphY-!_pu^5)zNHeES?c#>UQV7dCAohus0%u)nW#VFr@6cBl-2!Ra4K7#W}JQ+b8W7 zGnVNJk*6ArLMn~HQvyr4ySpjXU`ZzlmxOa}R|vbT#$WeDE1|^IlFBF`Rtq3`VpXam z^J$5xVY5s9N|Ti94XMRWN^3C^~T~RcguyXSc!4ZtWUVGLAxZxNmVF~JBt<$ zjFSio{0K?j-!G>H(<;-iKnIW(D6T9WQpYvlagOx8Z+)Jx-gf-loh%>jX|gNEd$uWp z*KW;gJ#36I7Qwe8=F%qP_Dg?J!X;Fn)i_0TZB4^U%INtKrUBM#vXd;wQ1iY@o>dEl zoqqetBppK{&4oVinj#QMwW(9)qRI5aO;cz}QkLAX>^0ullAS{-J##Fx(b!^(XkVR! zd%7hy8zCtFVuK?0)(aNWur;M0a{UWdmcGtG453xMB%zPHf>H)ViC?Px00BpoSJNgb zR9y$bnW_&U8VBBa(PrGjQObtbu4q;kT=!Od!7hr@AVd~BkKC#c2{A)s(%19Fhj|Q3 zxy*x1>W)0+1*N&h|G4Bu`*yP;;w@BtBmzuX`X9b1KC4D87Qwg$0ebYh(V9Z4wd7$B z?FPjOYykxdY$Fqvr7z}Fx(WOd)%qm+PA~pDhh?rkBw-WX1*QH&DrSuKK7};{6pu~_ z4M?jaYE2X-$E@T4Wh7ky8FP0DfJ6d|1pmbA;}}w>2(62b(9oY+tc1Ywv`27w5B`+G zgSj#71`PI&61QIou^gaaP|OG}VKkOhG$JXx7kMsK+}5$9RSH1^DhJ6|K#R z#7*_0CZz4lh6n6x+5kk`m4f*QK~$M01oDsSz zJjFvzk{qC{)VAtM>-hRF;4lEY|01N4LRSI7a%AEx!y+klhOW*V81mY6fKR1K9&tHq zCm=>LXgc-v_Yq9Kc2zAEU$$-aZ$-gtLm@l0oR)Wtq0B!CxfAq<#*+U85(tGi$n28_ zP&&KCKGqr>HuXLu6^Rd0*29FXzZJebw!CN(;3C#4YE)PQWmP%UiY2^( zqOriO-}Zr9(x*hg8u+_H@e7>J& zmmD#=D7=dH9q+F%2{SwQPA|(CZ+MkZ;v)^apcDZ;d_OX1wU{1QgcQ(g zEQiWotf4xte5{*G$6#9=h_1VP!+0PV9-#$a2>UUQkixx5ovKMXMa6P!)sr%(K=dvB zS8Wt}4QYd!0ECbex8z?DE- z-Z1J2AcdOTYzHbd96&#>VwC{>ClO5-s&I#8+@xC8Ib@Nx3cpJ}R|fubl>dz)K^(MB zFF=gGmG56+p-~x=WU#b8i{W~icxi@Z$GJ4aQsE+Mt73pC=Ut_gA6N50%IJHGC_YFGJcJV~2|KY7SJ%SX%{-BY;*S+C8Qq!T&yw?T z!o@yoiVKj$+3?4SF`dnp5|7G-9Xh1uMfRxg`Y0KP=juK9*3LAj`N*FxU-@}R+pMKw zUV|v${RBs6aUNi{>4lDk`~%mf9vIwPL7oTwq?fCI@I`JeHT+$7>@tR{&}{A;0eiva zOY1kFo#VD|UBaPBQ=(?f2dDGw(UJ1D2Da`DZuG7@=#C@*>gYt8m6L{&&t%a($vs(| zQQ{E5Y=W8B?B|q0;BX}ID3W|WA^2qO2pzXO>4t!&XPT2_#dC(qq(Ekj zQA}(`;gSq*T(vDIXeFJa0u~|HlSfu#JK?Ea z2(yN37D8|eDYW&j$ze<;S+LtgxXP_K{wzZX+m9H62Z|BPG~o$J;@DL^YH60N7s#zq z(XcF?3)$u)$UTx25u{h z+Q_?Lq}19Cv2eX7;NW2M!msV!oz3-~Eu4s(US1zoyjC1=(A6Dr?=9J6;PFPm6$FL3 z`k>!E`;^FY}tae?%cN&V3HC{-J!pX|U=H}w^y13GyIq|O_+jfs>xe=+gB$K|MOLB z5c1^Tg&SDp!x3`w929bxcqxWT@{7GyJX0_0Ik9tZ#KmKLn!jJBX}XQV&kqRc`E6`{ ztOn=w)5j&*AsrQKrWt>bokzyqg|u+c+lkarYjVn#!I%m$#hGidIdS7n6s-x^p1-8x zDJy{_C(s+niwdcXl}>=P9w^Mr5xWcBQh7vS61zWD(BowS&L!8n!z`~0bX^#ZWqHIV zM`G2{V^dt9u<>_Z^)Pm-JZOIXhDa4weR+yQ<)i{xQohvWiAVg54ta$KDVyb2U>_)I7rTqUH5Ly1*HHQ` z5XD`E zbSfN<@kQfbx-1>-Pt3X(Nyc%}J0Om1%pCj{8rxvw8$aJDh(s>tq#x(pqgR1aRBKEP ztF7si+SQQLIv}5@tPJStimK!dWoMo;!b(emwDQ~*o*;R(gdP@)BT)rG5&f9EU`)`a zc5s}V3Z2McAtwTAC*82*45&}ZKQSP1ew9H32?OE@EQeRB*1 zxs6HX3+KypmO*Bkn8%5M&;41|Q7jZ(bc7|~-V~JiDUZa`A|;1X0lm^{A7+B zgA!=#sy?GtV|MrZtndZ8kq(uxtOt0Zm&TZ$@oO6@b7k(u1_Mw zobD~^E)j;r`+B6PF~7g)!bP0!N5YTz;zy&qF{=lm6q;8)p-ul+PDt;%PeBF{0Kno` zT!{0Z4mS1lENm^D_4NLWR@p^CMh=Jpq3fn5EjTD`R}@K37m}R87N#_!q}Um}v@zR+ zlVrcfO`Dz+(bMvs_qa5KuGliIhZI-w=2LyNW#$5;1^fn}{rr zdW@xXvjDtabaf4+st&6`(41TsLRguPz&@V@)f_>~_$UM7VY$iVssLZ?Kx%1P>glYf zG+tk^-l$Qq^9B(cdofqyQNsq!%iYt@wb1S1-|cci6r9T`{$8FX*Pq8 zLP=K}Cov^;JQo{XvoZ*nWzEWEiLqLHKH7h{de4R(7_Fn;j&;g$W6b<6KYo0l{iH~} zjb3l~*2DYgkQ+VD#?#f`qZtDB;IyyTN;O%a*&=Y#Ld&v2G$ zDDOunKAK|0bWoc66d?6{^4lKXG^pu)IeMc~3mW|hUPWJC8+GS@9zFxx;|U@BhW0-r z{b%CO{}^c4m^d1_I9eF|SJ4Yi>KnG3|2J#L3S^;BH5-j#s+BGRSWx-#FSC6dLW~NkwPBefl3KLQx#Ff z3cC<`Vb60q*<`FToa?x)o_~mc&qP(-XGt2B)R{0G2nd7LIjealgiwW&JZ5Qdj|((u zOW9lu+i>InxxmY+d9(?mwQ>nu(zf&2nswwN1fB2oYsCH*G0)K|ZXp|NhV^Vj^8EU~ z^78z;A9}iZe4fe7RAcMGNws!iDGeu8s34EVK~z5>)pD}&r_0;6RCx-N5Z-;8n9=!Y zTl`BCLTw&v)oOzkIja01s!)~mGy%Z**AxM60(e}{qiDuqT1o*~d;5;eOZvF=PmA~0 zu$UCG2zs1$q6l94TI2@brn+F6G0PxxDb^7RFnrH3r(Ki2%CAQ5m}TV1A33#R)hEd7 zBfk>Q$@{U;qnP;RfRxSymZ0a9eHc7I@$+L#QMuELrphKzZJ`TG>DdmIkSF)U1r8df z*Kg)addj8@ss>*Vu{M>LaiCAhYW#7W_;w!S5G8anZ|OIV)G<|? zBETO?m=1C|iYfuUVxiZBiSZ|X)BkK>JSr**4Q>u4FO^Cx@lP7GdZ9f+UWCeZ)9x_T zSu^%CSTLXsku`@*=^=3N$$r0;4+GI;950}lOEy+-US%@u1RwENB+S72S~LGgfe+x; zIPXE?7&Y$;!-5CJ@@cQ`Mi_F`T_~nj>GHc~MuN8zHEE`7ttruml*eJ%KJ6rr@=n-!+BSEU=xS%(zLySp658K$YZF#(+BZ6 z0*u@h4O-1@t~+*HZU|JWb|n!fM~qV%@gVJ!a5RAjBoPXHYM=fD%c{#Cu*Z(2>Pif1 z@X7-w;V=oAt13W0GIhhcS0;8XN21UZiTX#aL3X_2_s7{*wDT08Z09&hdEF289|672 zxwH;5p|<<1N_tr%gmXV+b|xiT{Qm z#l(5d664S)yfEaj^Rg;Fn1b2zfYa+&pZn+JM_`og)D^vi22&oR&@S}4(% zV>##BPT5ZE&9`lwU<+9VT&*hj_FwNV7a9>UP;$6wCUzP-4&`^p;USR2v(~NWZLn#X! z4dl4&Uk`dJF$q(#S;FV-7j}w8icklye$r-6Qiq`W&w7{!|t%>M-{?-G^?q5o99wp9$BaI)0t+re4jW_pLvQ8X@>h2%-}?1EgH1Py{#vm_7_1xQ4*7gtpyiHhmwB_lE2V!d>BgtG z8{qr1AOfx(FE5&TlCMrHngdvEPk9xM-BYfFu;bvYTNkd}nQzrDG^-Tg3_ZJfvQkf_PA&v30>m)E;BxZge&4VK%rV{XG> zr_}maXHgnX_5RO<>Hlsr_>X%=PtV@N$l!NDk)GcF5AxIs)iXB zIQM_tWk&WM&gOQuG)(NjwTIFFL)K3JC#%`iB%H8DP;#y{=m7)}io_!|E2DMdZB_}7 zh*c?*B`*gXkFrxpIO<80qs10r^-DE&uK_6t<7kzW;VITuu*b@^ou_WZzxnl?#_>k` zB-T7?z_AF%QUO?a>^#%YUb=2*zSi~)r~G&L&TD+`Zj?grg!Bl2rRza-PzYTKRG@y#4n|^+?ytCHGPCl*Ku@cFU$8jhnq^ z78~JrtrJ93KP(i)@_L?smV0s`Hgoqd((2|pU{3P|{bcp033)r-W1h|(p`=S2nQK-p z_P!Fw%`-nvyRo#q3#I;wTV^1-?C6C_BUl0v)gh;gNSM|hFv^4u5GZ~1NNGwx%b>& zk9_X=!aJU(?qALZfJb_jxd-H-lC{c&Ox((9d&+OZ>lABaXFpmG<9cwmff-)=t@k(S1w?uiVX$Vq(cll4nvG*-co0-n&yLGt9&iwt^h8?!(Kp% z@$0;R7a(agn|*#^(>VM>E37&DJPb@6pdC`K*m$ykyIw%vgR@gDcDl6l+ef;a8<%EX z^z9RC$G)i##t&qSt@S;AH*hgJaQl_JgwTl-`l%CV>LFFz0h-shgsn)DaLXIef^+e7 zdtnr|A#l?&i(8(Cy2jIMHJsZl?UsPLt&;MFI9oq0bVd?vy_tr9K<82{hr1stiW-A+E87rp%?&I zUVQ=jRZiB}{oVjshP^;(R9rz#HoJCNE}ga`9prS9gO3HsRHMi1$EGPSUewgDEzS>8 z{2~*v5$ivi zO0H<~IEXTGj@Cfq%ki-08$oQL&+$x+%sI~rpbWV4IxpzvTFPOl4RB{{Qy*~AOQCSn z83}JG@xKzP$dLZ^s+O~@jMohG7pg(@O5`XpSbG4@O6=Iv8T~_nBd3Grc#mAHAw(y2 z(8^`uiY+$-y$K<-$`jd2wJinJ79v6uBB|nX`fa!miTu&;-Fw$J>e|B=&3044HOY43g04|rpytHPVP{2pgCY1JsKVOmlhY__J0qF^&s%+ zj0AY(V)x>`TjO5bO3&Tl(AAW=o3kF0EUx!haRI{~Qk|7&b$C$3`J_?qCX?B!Dh(oe zALjMpQbfc2qdlK)kM$LF}^tXN*H%g{nVm;Ny?e?{TM=4+~qPBK@?tJ z#Oa#+SVbnXKH>w6_qiOxgU`Z!7Mp!fxqlZR%H0){=aY#z3nMuy#^vNn`{`}fV<(A# za0LjK`PunM_ff+69^?4ohvF6EF-4c=F@r>=CaeB1)I>U!1{EhOvI_gRmZ%1)gP}_$ z>Pt#1EUXL3%NDsC6kKKzV5Oyi$T^W`;Wz)_zHBY73kHiI`KmEl>96+(^8+$*lM2E6kA!BMhT@)g93sIoFrk$Z-Om!Y&a=#y zV^n^oo%9a5rth6w_2}>iy6k!(E&~WjC|!NNTMsuAjF_a44m$pbqyXK0FdH?V#WR{*`@VSJ*P|A-2x*1w0!$aod^bM zd|tp)HVVa_p;B+3FkAy56DkqdNc%KB=wU&JkK+z!@3 zFSw*5ovqxmXB`Ne*D|5F?kzWz?Db;P;7sit$7~D<_FSHO=daWW2)L_srlE|J19%E6 zFTy(Ri_6;k(~~|z1tm(Ib8XQaM{#ENQUYpcQDjF^oi{3%yFEz<31IWDEbua z0yb1Xpe|jSV~kr&g4o^(WnjtPJRCtVQ$XUK6kvw#oddzV0!t3c*f^8MmE?v{Oba^t zjK)*si4kFyAbiPQz(9S{iZ8$nzQSQM7BCr|Z;eF4xbG1M?0P}d8Cp5-=B9s}`22j3 zKq}CI%w}I8N1h1y2NQqpD12|m7pqsRC>hTK`J`0nV(lsD+BuLehD+zsv{v;k@{#D1 zNJ{(7m%&%Nf?(IBv`3DYe<>ICdA5BC#$^pQzbx}uc0xQ7Qy;YpSU+e!`UV*sua5F{P z0^JNDYqIJ#nE_gRC^eqJ0!iXuT-ZBW8)fT`v47MEQhT>5)2H@+{ugV7L>H&)+;6do zNdf>s|6dlIW){x0|KCf^DorUTEH&3_HcWU$WDy1UiHsEM^ib-+`U%%zOfy3bM3FVz zb)m85=((bWK^p)XAoJ60Fp{Q#^s;<1rLv^^Rbz%sga(NuAJ%WsHR5C!HIw9WWez@k zXcChXu9gmgxTJ4szUHbsF>f(`JMV;A9uso6g+t=wdr z3a272wcHEbD!k+#=-2XFl{>jxKM}pQ2g4WZFY6cZC%n-*l**e$oVA?3PNyfQt%s)vbiMW;#V-ie_X-hZ@{*EM+;pxnLcpQcrih*`Osep1sfi_N2)`%s#lCuXv%8&AGx-T zT5d$H25rG7-M~A89FnVBjynEY7iCOt-gSIk0KQ-;jN%;(f68^g9zwsYum82eYsbp1 zuG!J-(O^k1!t!N{{(Pd>gazku4SI+pYsh`m1~ItNT#a&Hm6&D;!cB~IE}TX2Wj^hY z!FAQSei2FyGe|n!fDL$Q;JX$}J9R;Pn9keD?@C$*8vfkI`B4xCu7)dkuF_?amc;sY z<O$KR-Hh^Zh=`OckSJTcj9JWIAXU9cGD=DiS`gW>p?OkMY#u}SKC`V6(f*a}JFAEL_^xX-VKxE3 z(Y>SLtJ7-7s8%g$ zbjKZ*=eN&if0x`o{=0Beb0r;&Y<3Sobj#4RtGBZK3QZ$mO^<@hvTHE162yqIfw5w@ zV}GU=gO%#Tlu3vy&})9y-VW}{$XcK|w!kNgX8f6(t54SOlEF1Hd-w&&DWch)WT=y5ABZKyyaYCbGK>XS zJuU^=cDwyRx2Gw7QvTo}mW|i>#(J|g9^HzqT9?n5+|rgDl~$-26nGEXT=I!8gu&iV zt9fC0WXK$dOMJKjpFge1u>6M*TnTxp~Uydg&$K)9Po1fPmjg>Q4dgPqP zrYJT#-$4(_3|$x8=Uu*V$4F-JRMvPmCw<3gonqA87;Y*ODB}F0B8yd}DZ%Iw_15hT z(cqlBlYhfKqL~2?A_73*5Nr}O*d50=i}TnV_ZZ}GiMA8a3Zwsq840I?1PpkYxI8nd zWLf68R`alFGp-|Z^MYj^yx0{AIMCJ&!6P$Unf7n<&MFl6T&x7lgQDj{c`@dBr7d~} z=Sz0}2wehmkJ~Y?%lU$0R~WRC*e{6!Pi|8tZ8nT#Qv}wI{_?tUdq^TWCRm*9{1w{0zh^W!3Bkr;m`rIL%IQyo=x0JcYB*HJ9UYise}CM~h2!vzsgK;S z9Erze2y5P( zRHqDl5Bq4-uyv|rJP#t>H@9H81dP%@rp(swfqiA)pV^AimP$P9{q+ZU*fs-g<}R28 z)!BQb0~fL2HDI{xB9ohM80zYESza?2jUvOreZEo0K5gbJBKmORSF>yP;-!ee-h2%E zK;DDG{fj*0Wgdv%t#{H_;*-*E{Z0}GN5|f;ENfffF|W_(ksQgDj$W_ zl4p`zl5#1r#&zroO6w7O+z$TS{V5aZ%n)MG1ra6`S8+y*+Y`>WMzjavp}-+STVQe_ zsq=1wz#dtJ3Xi>|4EV9WKAvbjJ$r!L0qlO{^ZY z_=!jcyBfr2BwPZ!iU+^DaLx}Sb_F>;sQ1T{ha=PWr57OWDq7bB?KUb!F&}zmrHv<@ zN82I$ns0pk(GBFn7ss)r>4lZRQ4DPWIV7JqaBZq{)OmaJB4WzH$^a3D09-D;ZJXz^ z1GsFF{LCqz)dT4Qc$Fb!>{0EJ_gvR8F^BzYu%~m>M>ScH2M|{esB2LHq1G76s<}LC z_^cZL1KS-XV=uL)H0jCQu0%8R<1)*j2l|dw^s*a~x*M3@rb5S&C$Q=EuYC@BMH)C# zDA=qXl{>95R}8u2#Ki}5f+T&iGyN0i4%j!g?$ZF@`|P`E-Z;Gi*_^Bg+d@XIKAB8( z#1T#_6ElKLkK+?c3BdqK7m2%)RCV?|WD|TbL7|wOK8U^*9QJNa0N!)N2!QoXxCH6( zlWIEkivmr;Br4U86f|-=Ody+e2@A-&;UpeoSw>_{klQlmS;NS;N^Ed4+4yf~jC_{#+N(-#wc{c}}? zNwHd8dGyzTS#+yfS0q()MLfL_xl`l4UXrLDE@scXUZJg!8voZcAtN!Ar_ps9`oG8J z#v`l?0X8<6fO=G-Bp6Bl79B@*^+uz&N&A|hHhGxg{v1!(I$*_qS@k}Lnj77Xvy-|2 z`Z)^^c${7q;YhaIVX*8VZ1b(QH99_9ki}JUDdRyJmTQ{?QUP4d6khLq(q573I(PfD- zNvd|6ZOzAu)JG?f>}Cl-`xs^1>0Ok;GiN?U9+J?K*69j@!V(-zoc9drXT+*x)=l0y z$he-JVQ3PC|CoI<-=Rm5Olm8owNO5dX67L)-ijlp5+lflAaQYEDxJ7h_Kd3-F!n_t zXHs*Na0v) zhEQ*My@3Ow+D){##d}Eamld0LAn4HQYtAKF{sBgx7c^EL)YC`$h(|a~{wT8bk$a9H zVDSK8)$KddOQLpAj0`n3K0LHnt%JwBv@m}qgM{sXsuLZbqmV{4OG=LupzW{{CIy`$ zaBvBNBJxL!^81_9A18WYHaK?451@DsN9RYPZr`D;w9+) zK>XQO{8x|zg6efih)YTPgva)O9+n$;FUhr ziJn4IoPWGWq6leO1~7D%Pwy#QaB&{f(cY@jtzCs!PhSfxOQg+v+=@ALzE>|pI;bCH z-z;|y97Q4sKmdM3Gm2ZwdM8j9L8s+fE=aLEI$_h7-;YGPy6n^bU=0p(mr$AW4gbPZo z8FL=ac9TJ>7Znu;)@{DUw42#r{;sN;-jZq=ygU zDc9CJX$~mZoVFnA=ct6HB#fl9YMAFi3zCJY!uO{|3gd`i%GCsFGL*6C%||oC;+--xoZ6(dBuaU{ zrPi3lAp`{lNig?v5R_L`O@Cad6XaXiB|)y7or9XU$0s4kM-c1LzIaR}=`wnjDldf7 zMsi9(+niI6Bj9tk6%&U&jX(75)K+X2pG50T%_C2MBuJ1&$*qn#lX$eOi_sjNl4P=yQ~J>r^WU2CqoeHOXH`5X*t~Y@oh{EYW5Ye!ECuPl?h-X_bH?c8(@? zVMd8-h*G4KriXeeU~;{cNEN;`$EiS&PDmrAN60}PD9chdPr&;+nI9n)mf@D>7@G8;rKhkNC?@oUj8uR$rKrNSu1x)M`|5+`z|? zy^G`Dans=eGqPz!`qn_=3x5v=9}vt)P5i0X5@+OF z-P|xVoYffR>=BVK+V=X_O=`fod>2|L;iG046eGQ_==z(CrTRXlr)J!428?Q=5cnfJ zW|<{^XuQOfE}}=a>f8`CQWUsj7e^G23o#{thvlo-e;aRg%8ykL&Yhciy#4| zA9ugnKumJ-%mo}@U=x2ictu3zTTUvnVxu2wzeO?mWu?8mm^GAg@`qE_5_68lu)O>^ z`;$pP0zn(KyO3U~Z-(%HaEm3avB=3L@903d6-v5H_9wuH-wbEgt>sTqEu63Al5T!n22alRzYM zcN*5(B?FoH+}(X6-iC-_738@_7aBH?vcv1r_%IHt5XaCVfFjrbfG8_>;t33sf0#kv zBy?hx#HCHS3?^(m?V*kdmm>H;s4j|7P>u&2+XXQH#?2DI1!Ut}l?3IAdT#Rc!MCFo zSx;^ZJ36a_)<38{;#-`HHDL5lS?yT36aI@gbtipb1FzzKNpTQA`gHpM{b?blMf}vD zc;(RO#m^!7`5s}kNh2wkaT9e#^*F6lap`(DH0-DsJZP5~b5SD6*KyF1TwB21PRU2O zlYDoU3zjL%$&qy&<%m<8}{78))a9JO+OQyBLe zeX8e8uT-4VSx%gf7Wh}M9DI`WE*^ADL}DcJ$<|i$?+pZ!G=1!|ZO@IfO>Sc1h7^d{ zWR?p8(SE$-)@)yhw|YbD3d5Uj^uoiNc8|#_w`t<}Por#*{JOK4l35v=O`D-h`r#@z zK#GK8MiTZ?7r=!C0W!-NlP^gb#LETUbCB=U*0UG&Aq!{Gt+_r8SJ1&BI-^f{ZaOY` zpco4jbU_MGEr>3Vp#%%Z9nbg4V|b#Y>UR&x;-?raAJ-2{?gCGEU`(kC@SOMrw6IV@ z!weR%-}OW79(26w^)$EL?4hs-Zhw~Vb=-(gIq)jI zS!)G-2R@Jdn<8BJYanC#FGq*}-SqqaeR}AlCgt>NC>w^sg{FNOIuc5vrpOG-sa);e;(sxMZ?FaZZ+5TYg42b`KrK(_QCtnik&hjzq|eaGuQhTqLd{0^i- zDfaR|GAahqLT5I`WZK$U*<$)=U8}^h|7vi!*l^gO|2CP_M&0!D*YbsjWkQem8|)sO zCv9}D@Wsr7lw)d5(tL8tKvhjreM0KAo#oqd;K_J1WwjQ8C9z;-*@oJZ(7du-kL8vC zYDaM9sq-I{H2CAxP}EpLOA@u$gk}lcL$y1VW)Aq5)ONA)k`}0sr+2y@2f?-$9!6zf zh8URDeTdLP$9Tuc%IgwRW4f=!qZZv<4KKxdUyAfW-M(*g)hnml+Sia5A!Jqv*{agFnKabM~YTc4w zb>Rl}%eifF3Y_cGVv0=GxoQKLW&0FhQ){EYTF|GFr&}AM+fu1QX>v)1{4}PfA5GY%eD`k zv_l%8#Z>4M-#G99^2sXg!)4CKkOq=K1@_C8L7>&lj@g%K`7-L`S6Cgtf1aXeRCq1mOO<}LZpK@-h3p+d_VB(Km~_@i$+EjXg?vNn}`j_LydG99F|W zP1w6JLe^;^Bp#hQ>H(|qArH>*xpd+TCm#mb;%6Up(RkOkrNkSf1=cp)#K8 z(+5p2ML*x$+ux`$Hof(c&=5(m5Ltg|V9z|CwJUo)`9xB2Kmwenz{WO6_AivQ=yrn{ zL%fjq92p7$i*Y8QI7iPi5cnvS29UkgCQKHDdQf}K{HWqK!vyfM+aelvox!HmDopg0 zpr+F0t7KMsYCJpzV*(112vd?c2*P?t2HBfQAA`MR;7O&Bh zmkJp0o4=>D793c%yBhS5-1e=lFcCu-d*Sq15oE~*wKj@S&l5cIc{CK{F>^Ie?_Fn& zd;yySNE{5Z*COZ5AZSzw{|p97&%FkQ`WW^?a5TbO?+&J~maG}V-b-Z);qv|!<>Kir zaueE)3qOaYXs7>zcfP_PmczlWIyc`NJe!6?3qcX!K{C$*6VgYB;0?`IDlj0R+Sj?% z9dLskaYkj6P8+smJvlb1lq7vc|8z;RLOvOm-XN#vKz+{3+4x(abECsf@WK3+`Jp!EZtB0EtuAJ^l! z0`0gwUv~WxK7n0ioCF7Y)5lfUC$on@%_u?D1csP%z=n=SyR%}R$O_r?EzIum-dgR) zFr$|LWMbym66HEv+;^ldViM0-qOrp=Lus3Qu9*TZXvoCQglYIe+l6g2##Z*|wy}(M z0%r~2!oq3`5y8{f5e;%?(B;gviqrH3@G?ECsg7a1he2xF(^DlEYsq3wCz=r+F~#gsB_(TKw=A9OJ<}F5UGJ(#*XO#iIs<_ zKzeQ1Q}q!=!k56iOdV{jsT-noO#d&}U5t!TAIt=?gksd!AphE0y$M09FA-VRAn$uh zu^ zg=)=3-QloZ3Kuq&;dn(zvNge@)%%frOfWnSL${=6ptp!5jW0P&;fdI3&g}M}--6B> z!xy+@*>ziAr<97X8=jw?R-}T+(c&d(x*FeDNB>ZWy;YTK=fSZNvttQOoz9N%Q%9M@ zGCocwr`K9Or`~-9Dh|At-h7Hrj4({V?vCC&2*KFJV?~1WpgWGW|0^pK4;u`U^fsf! ziYxsCgLsRiRn@kVu?1I)EIcS%rRck;={gWQ{ml@&*5lx2Wmg_~2 zJ(7&o?FPYGTbeNGr|9*UpmN#apqY*%=d`0ZIKaU-MLgS~5j+L9%qWD72;cF;EzbAF zjUdNz%W!UdO#QDwKHaiKGX5`+-}if1{@VfMKj8fT_YuT6zFTIH9wj)tM0&9z8$p2- zLyeQ!-@m#-P45c8VB8?<2&(FXd~1#7PJ|1FZZA1pRd0Y66}UZRwtkj;n`-@a@jUJA zBQ1;f4v#SRNcTNT>wTNHd#NY}gtDOf6%G%-tM@erW2{K*s19SIN$giiAe{3Hq57$AdU7}{V$~w?*3J^yuW2cTYKt8y{q)KxS!_n;Lm7=FJa6>R`#(sugIif@)|0{vRI zyfM0~BYR$pfB5C|;Jptl{ek|0f7ET4d}mMYo0$~RM7&fJ-#t7$>oGOeNsrixy^usGCu&MIIDw9Tr`QT=9oYm@8F`)GU{fnG+( zLa#)>hvjjbcjY@ShEGdFew0m5dp(7JzR2jMcU#xxBvOCJRZ(}7`6x3RuX-i02+m$} z4HW4lJ+zKm=U052UW3)-L?xySC$I?JL2kVs?i_bOXm3_QwyZ0_{9LFU?(fM>Ye1CT zl}%w_3)8MezU^>cw`h~*h0|n_qhaad#<#?Vt);x{y8EW{c?3cCrVa8(Hlu>UL9NwcF*};U1>En7marX*5@x7dCFzS#cLRx~ z(}mt0a_W~73uf9{_wtb(z4}Kpb7_#g3ctxv>VAO4wRI8B`%a-NzTvrMD_jf^9}Ebq z?UFaf{9h-+iAv*+#MS0MpAPnl>=VtWNF-*SN{fL0T;?~VQ2g`dEc%L)T=c*CJjS6K z%MZ{*bkxhO3_1uc7wF$#vufJN!tx##`|ZqLIf%y3T!GGw1~St$hTC0ga^LDt=)(yY zv-!Rv)Rq6b+6q=`!bv#`#QsaUVpUN>{tlaiz72io8j){4&m zro3lta9TTqtI%P0Z`droq{5e0?Y0So6GVbTWFM|OXXnT~XrhobKcdmLP)CwX=>=JO zJxrNwn%Fk^J-ZjJJe#@OM*3@RLoaPbZd&2s@OblFGs{N@9y0GLrp-u3L_WnEu&!G; z^6j_@wYo?@Y&1Wf_wFx;q7D*V>2N1|?y=FAni%4n^3^0rB*T{sIkm!fRyT)Aa7oPXBG7Y=5FbY;oWD~enrZhRi+TMZ>nCA+<#u9{AF$-cnx0WFpfMf)Xzjcc9n=tX1Nv$ zJkut@-gA74whzC(b_ckuV<&a!=%N~{YT4+X9v)7+zxoRP&g;tfkkdZ7&2k)h!*LW9 zYW>#v!1%U)w-IN`bX{`7-rCQdF=ttIaz3Xxb->gygaPo)5lZ@h%P>O(cn-NT*jMutuBnlG#sfUHRl)52=G=&HRWQR|FyS_*P9rloYrOhB|O-)5VN_Bxsoc3rj& zCB+o}!Hdb3F!~kK-Q5gRlFE9U7+9KksC4|JVLs#-AzS!dtME2+&x7Wgqyjoz6T?!^ zD_wOy)7ibrh`alxQ&$O;sxcBMiUVj7!3FWTQ=U*0mc&SxAth$zYxy!<#Csn$k>SX9 z1sv%F=}o8yOR1|r50dg0bJOFP6BYdDP?Ug+#xznh=EKdL2y+BR1~TN7=Wz|?W<&`vh?!Hp*J5Zv z|k^ws#NDNG-Qd`XT<@yf;qZy)$AmyBV7tr6sPVpb1!r;S^}ayoz>vVy}L1h+tJe zvq|g;Lz%?fXjtd~y#}uPH#nBw)#(9L+K`NVK?fI@so<+w*cUQ{EAEXy5%n&ZofOTN ztmrSHN=ycd_pTpB;9T}yu*HV3RYklq>pjvl%wy8Jep+P?0Tt5D&wr%X5n5pylv)P!WK*uAA*{jqfk@swS zf2CIwN=K-rG0!{v2&9zC@Jg;Ri$xvAxRWOK!AGovLp?tQDZzVT!#~25bZ5AGX24JF zGyNIthN&cP5=B8x31!NkAE$73%4;Y+3ea=A?prawiB-t!pFQ61%=-gs`7oQ|ojLRpPW>J>7>4`hxVQ(6DS|fO8WYI{#VT39)6D!l8ma{h)dghiP+&i?QY%V~pGO*UCsI;00JvJ)Yy6F~i*h+ut=`9o;hUDRZ3*yC1= zmGg$%2M@P-H03x+a9*#;U{Sh|1WZKZ_SOf7n-~6kWth`*U$lWg%(w4k(pOrKFg^Kg zOb_q)&~8-P9D8LI8P!-Pn~3{s$WPlzsl4V+5$Wh1lK>v5Q24yXU`B|LmTLbW2C@4j zwPwT_!*HiasA+mLBG-v>AI3^4F!xXs!K)W;^-bw3+3vc-QXX*wGGUfP1l&eypalRJ zGU0V|6I6?aqLVnZQE{2*5|X3JBmZGTE2RO_V(MbW_d*rX0r1thUHJn&QjE|^KVIA- zC6JsI3jG_^qIvk_VhJ2^T!C98Hg=#pUk4lS!Dr*-2YE{>g63xEtW#JJvwzX%Q|4qQ z8y{J$qteqO6F2WaBa5;m0i{WX+p0UT@LlBbfpVMt8X}OZaXLp~Dv!%+@($g+Ftg?v z`VhaO3knI@+euL8GCr1WY=~9grTc+iL-qVZS6z(5*Q2RxWYi;yTq0`1rnN?+zb2vP zD??gQdB^p5*nbu$aO;_$RGO|MC?O*f)QwP(!Es2Hk6_m^CTpqD7yDwMml%k6t0cv5 zOCCxwrgxDgFZ`hXwwI^7548{5E5blZU&$DZOh^$VLw=ylr|ofyAp`*yi9W=oILv2^ zZ3AYEYVDW2qv{$1e}{#CRZJAe2@)whKi>#MH4%%DD9KOqp{TK{W$iW^r;Yg0VaNl$ zAP=B*LF=6##>5U8Osyo@E*e%7Q+5M@ftiB++;k~ATPd0 zDq6A_(&do|&RZ&CCL_+4MXAEl{4Egf{d}!ey4iIN7zaHU?Ssk|(1-KFNwg@u5?{te zavmMQFw{YKpJxFN)h zi?p4wNVF1n3r~6m+=^k}NnsJrBsmN#j*LQeQbM0XL}A2vIQ=P&=}>r56w^g~IGX2A z5QYZqMgM`P9P2ZMu!;fx_eK$hQF3 zQ$dP#)$$uuRsHaCtWAl!P`TQq1?F~?vb z-HyO`xvs{3Aqu0&$E=E!$Uoxsttr{fS9nCiv5%dkdlb$D>LVdif{8o#vrmXp7G9qkTlh}zu~HXXI#0%a1+{^6XI zcx)&i%!Ill-_hpmX2;QGj~|hP!Bq~=f2ag3DB>tMDua@*g65E(k8x6p{viAu=4``; zmrqkvO18~c5#kz73l_+Rg%YhQg|})#F?B2>SRXW)6)UVCiMbSu$VYAbobj9pDv!Nh zjIn7g;9EY|;fOejbduGcNC+^AfLCYO_NFZ6lVKI!Yhc_s4uc~zm%y@Zp(=g~qT-Cl ztPt*z{_~TBr7-98ENkpXQaHg&P%s^5zBqe`W@)JkXlGEFCa0yocnIMN9n|x z-(1Y_+ej-*K|4AkQwE`A_>2z$q*xXb%X!ati%GnEXPqPqWt@XqD*jIGnvqlrN#+}4 z5-F6SNJKeU`EeJtzX+eR$D4ZZd(Ql?S@2NlMv*ryI>NhG_lYy5OzpWTyLKTtvqCK{igV7BC8CZzhb7$0c9yRU0V=!5NHXJ zrPCq=Hj^sTu|&uH|KU?DAB z%GdK#PvZUz)BY8N{hOXu9OB}irTPyr?4KBJ;{yozEbHXMqR=O06>rg z0O0&@|118N1o5{L)5*cs>i+|R@8&YM!dZ29yuPw)FH#{A&Q1|+Fmt4_INq!;cnc%h zl(6DJJ+_S3`@6+P5}LKG-knZ5yv)c?(`+8d4n7AWy#Zz4FJjsY!wg&pav`DV49A8!x~wft(J{ge|Gpos`P>Caw*TtnP|6JOeL{ zloakynBlm3;I!&ti%dY(AxK|iS zc!dk2=^S*)(=zYsmE&5QY&5GZx*WW=GgX^gu3aVSuNi=^TMg%}nl!QCyQ6|Mllyp< z^RHVjdaGGrDYN|RYL?dRBi6f?j~&;7{58h*yCG8h+i0A(ELil=T$nw}b*VV3w3qZT zy(*UK{SwnXCvX1vXlT_R8lB39aPW~+_nI}$;;;gS!}>1O)7y1??aq_doB1=?fUVaJ zNH^t!7nVMr^~2n0yYP{)meV!MiSDo5KNp`m)!Du;2k);dw7u+XuI4wG6u7!Az&On( ztEyKa+IX zJF*IhL3#eZWr=EZpeOKMNU$Bzv{Ny;Pwyp4rKb|qGDaV#^;CgAR56&-KRBXVaKAd0RfF(TP3d2RV&(jP zpMh34Oi0!N`H++BQvhc3oemP3u^W^{252Jnf^T%$?@P^@Wt;!4Uc5Gej#)J+WmB=* z^>i~l+#p)XF8>RG4RD0H_LU9+Nc>gV#45Obf1mXS0uWd~fyqd4#YiW_OIs39 zQWm&Upl>6kb0Ve-l-fk|94N12Bc>zyvf^vUCWcb3;H4qC(C5nB~X2WOOV!aAyb%8$uFZAPQlMd5BBAAiu1u$@66Zgd}F6!jkfUI8P)-={YObb@mU zO$mbP0YHTc7yrzgzWfjLJdt9?YN~!h!O5DA5<8kP>q{yBKv8wzteXn7qy4jDY^dI- z*`-lFr!~L}O3Un91dv>pj3|I;t5Fy($9`}jGe9`nw8+d7Tg|Q>pd#BA%_W%pGusdU zZTi%0uDB8+U%+)xWjkB$*c{ZzYRTuJnMMmnx0t zpeICCIwbzWuo7DSchfo67AmUTzyIGKJz+>SL0BP)5nhMtd*|W)_ z0>i*Ld{OGLYOO67f2Zl;VL=<(b{-n02fspwGXZF0N-=6cI4rznl0IW*3m+l}e#@%lDul`288JRtxTg!2Y3isA@wYtS_#BnTQ-P;zK6QYLjB-J_VH}PNQ?Uxo>a4!eSu`(V(GTvVe_k z)}BJQY_7DPL}e+*CE46#pGBGpezP5W;%Xvb(V1KHh6cJehj;LvgAIEOw25nUPB9&k zj)TwRjIIMp!n8_4-S-TNuD5@q&Fi8_9T+h7)P|t%eRLN{jg;1-@xhKmdImI-E&Wc> zc1_9R*t_Tuv;f?zSbPHJi&gJKgf}D9x194I3BQn*jl#PhmsHyTxwrD5@CS&zv>WI- zuSGBcItgG7EeCw|8geV0Hv^~eBhFtMJ#7}FM~dVVb5TYL88+5~(AGm>DTm(bAtRn& z1yGBtIDp}7C3@MI?YOt?)+uDk9^QtgbkY$clnX#BuSl?fqyM{^SiGY!^b`t^d;^S> ztH}aQ9wM%lhj%4b%z-3nc-qJaQC|X9?%N}JL zRw}ayX~DuPVrLFRQeH6mwwr#oFGOmyUK%xqcm;X$NdQ<5CFP2$1Sh6!P%@!)I@i9# zck*1_2$Afn%{$YIM`!tkQWKK$7q|8~Wh!@ChbE4xcG-uF3{f0Yt*{JV!!Q6FT->WF z01#-cUbf09N8&_Zg+LpSN=v3KbX`(q6Bc2O{*J>}b|m9L{#exBDSNDu09(RT*Fs%B zu}8Vwd~6#WQm-QFat(+9w2gB>mY}8}PSE>UzG~Q1`3S;smNYFMiQ3x;tGtV>DleL` z6+it=t6{af?2}fbCmI@cE%*)St}hUx8Dux)1^x<+%9oZuFAJ>9aE!El4nDYSe{Q{u z0i~p%@g7<%JuecG%f+ttLW{!rC4lC)w}GJrd=#1Kfd`=*J^7amtCvhRu?;B`{1lV5il8 zGaSPJ4ZMR}l3!gqnLeg9?2p>5n}1LNaM2@8JXnY+wmqtRB?QMLhgzUV-<+;g*z_53 zOB)`9R}I%h?m*7%$Pw4RaP>$R2f`64wFg}^gonZ8Nq23HRbX?WJ zQzCn30V;t04)qlqvoP&ZGy}0LO$bO4p7$qPagLu8i31%)xPFmpGrXiEBcxbiM&wYT z&1tY7NW3{;P7ukFC_!&%GKFqf)V)08aIpmg zFCF!%-1B#`9OyBRl1hr8b3JfL5&Q{?QWYE1JJmv%uS!Bt!5_CuYDs^zJYxQi{0Gdk z@nQ=nIXnLDZB`dO1TsW?xY3QC>p&eN8e%4ZXsjvizwNxBww?-k{v^Fc>Ej0QPTQ*_FJPYQmabTmUn3VxV0TdaXQV07D!H zxV?h-sxU(u!9#cyIfE*RT%{U|M+14|blyJzWlA^DkMl=@TaP$4a7JR6_qKa}0|<&m zGu-9Dq7ps2e?vRkFL`y&p99RX7HF&1!#I7s(ZhzGJ0qnPFT$sx7r-S5IEy%U-E&Ikh9$>lFaZ<7q^Qvc*rbewNH*n0wvdbR_+K|(19UX9_KC=f? z3j@Yd5wb7T%cxEVzaoy2-+O>xLql5i){C4F|DB|Duj#}X36!m9`<_i5Q1(&{FX$k; zd?N6V(uC?I?lFaXa&)p}D>1lvpkFIxrAt+IpoW*7!=U_W%DiX(!8jzREoBP zDK1l(D8CC^I;8Ovb1j4e>r(pN;}XiXvV<_|s!v~+F|Hv(%^h>)p<~Ken0m`WV>6-! zS&0yj5T(Z5#@S0BY(Y)wH5wP9%BFZQVyO68>AI|3o6Hj3LcYz^L$g{{>@!<4z^q-2 z_1>S|kDX3%0LFDfRCLFGPTi`{1%dm(Y^D+Igjb8sD>p(brXgeyEidx{^Z#7&N+S9u zJlW@=XseK1)4<9es9lgSa=_t=57^({@Fq|eSr=LLB@0|Yh#~qM*0*|s-HzHey3U)1u_s*1BH3F>at3sd17V-W|EXCd z8qB)1_5&cBP}XGFGgIp*~hSG6MO8IUL^d5MthqUWCJfvOF0Z=?tV{h8-?+A?hR_m zMeGneo+x!J@xf0LB%6@Y%vC};R5qtPZ#g;-jDq>^*d?{>yZjioRnUX*82TE;@#vMk zijiT`?%>Ee-rSXhoNr3<+D;~8(oJxww^e|~m0_Y4Z&R9I1Eq`K1R0@k9B#pv55_e; zr@%X!i%!Yqp%KzG>M^(3kg>&jfzx7w5X*mA=M3q?<<&w*-qT|3BO-hKbxF%RI+@ zH{SQV$@~0i*nF!49p1FOtClGwQfE=xgopL_HG*iHs1@2QYOQ?;||` zjd4D19gkRi&sF~X;rPrkXiN@~Y9D;>0iNYcP1Amm9RU;?Kl>42{AosgNhDDvH@;*8 zBPUh(gjK@&F088Pu1z<0l9qbenB)vE(-Qo&WNl8^ew7&gNF(g_N}e?1r_r6GwP?=G zQzQG@Vc`k`4po2dkXn&pR2{m4Cm=AKu6S*(* zXy9-ER?2EiUvtwHKP9Frc#8Uxy|b1g5O%obf*OrbIk|$8fXhNP#ka6nz+N1?#5lC` z-BxH+gsxK2xuBzKMZ_XW`wL^dcoH zcq@EN)%3*TA9qlly9A@jcoJAnfmEZ*VAC~A?V7XK3>!xL7MLUC*Ht$LFIAPecelzE zP5+MAqu?mo#l`3?%fwMKHyk9@X5vE6sM!$+kI?tUB45dy1Z zqnQ#s*!nqXnPA7SrgPYoMm)8p_7*BJC|2fOeyW9K#Z+ZU7!408H7+tn@%ldqf+1!D zQF7yuMXN_)gx+M(?sLgMuB7~5Gyov~Vpyb+I+6Hg_XC+|lMmVE73~H%=;rwS73*Ic6(;ej7YDfedmv$@RAdyvZsax| z*8t+7>pps{RR9s5L(9LmyySghH>i-CkmmDIk~`+L!xt+qS6zreT?3?aEzt;TJX!+lU0?_mqt(iVWql4^BHv+f0i zx zNxADav(rO38j5GcoQD3x<)8R5I@nF}a_IOq=g&i=fu9$RaNYQ^tsVjbaVxV{Y~p`J zBq~4+195!#PfYOJN3ZH`{019cy6XbN z@AuLQ`$4ALk5pn3oz z!t$|Hj^1pU`tkcxtxpbH3O&|aphF&ti4~sUgo_jrl#1H`F}*4U>&ixEuZEAL030_B*(CE@x8`0+e8z1+_8}{liIP-GUKp@c9Dl;G9D-%5F#FP zF4>M7VRVJH{gohr7@7N%|AaQbfY8jpY(+%j8Q^y_cvu+qVUmLddd~lY?_py*R?2bt zhzYN!Of5Dc2MPgEf^8=bXgZS>Xc9Y{aRhX~ znpsM}hZKRG*>=bz=Wy~qU8+ITAV~4*ZS>)2J0_bDSz=`eZ9nLzFQyP2oH_?ZRGlgn zOD}r-g$~*6wgi#Unwdlw3-K;{l{9yQjnc7cZ6~orVWR&_{n;SW(Oqh!PL#d>PCZCc?3#`6A!m@4 z6?UzeXJU&;;_67|JQhHY>SrAUosW1puy-as! z?CM9EL`)gMNEH}~s9pY0nz zx7d2gH{*o@_(@8s!1Gt2L<^zd=TLyM(8b6Qnbrp|QB$p%yh1|eLbXV&7FKkzA3?o~ zWu(1q`gUv_ca$fBbtLVOC~Y}C%O&sehHbJqZBc^LjgulvQ)2YIALKpw(y1WMDxt}( z-NJqp9J8qnvSeksMf49c1VcYCHUaPcy2Z~ILGW_j{lFX+W;M8 zAHqM7Ig|{4WPnHK6nzmOp+=eFJU9kZb4V%0C}t_nk2h5X2bI9%ZP|0+z)Tt_wMDou z+Y+(&u|A!}>ktEESHT;BElDJXeM#zctt{|FKbw#aWZh7H%l=X>H`A&v2ooFAcDq=(#Bj zgQxAJes?>78}Y(c*r%LX8$6|+rJXq>4K+S`YU;fi&74J&l-4?cv6ebJPvmdW0DzzG zDA-G$>Qm3wdR3vw*6!t4lEt1i0~NmwrZg-Zl%wfIl*;HK0nJ!y-u-fIHL>f{AN^fx zjji4-lih;hO;-0_ug*!bP*{;uVIFqu!p3hD9I&j(PGqST%g$AWx4P=J*d0&NLh$sp zM*-$|)a$z0drO0Sme6Ih>Yw<6$iu;&O8*t_xl6^@ABh-@IwVemyJEupz0bx2TEJwd zDBnCyaA(d|;`!|W8F{4Ln*uD^R+u;@zDGF~Q5Tednf&^mN&DSG_MTRvP$Qjs^nKJB zQIFUD^2^H$F$X`4O`DTTWq2B{&1KU)J5$p@%?rPgc2z)GWIYwJ%EUF|i_Fb&{_37$ zHh2Z@?h`_dy|AgZg>tVT2~-@mwOOb<-e|mp5|TGsyaXGHJpSYLwTuVI^jw&d7Wg{* zEYyh?xpgXL5%H;TK#qR?srd+S{bW$bB!8I@`ysJ(+jaq&x_AYObXgnNB#~?_o z{mZ7GCmU2h#h4GA>s!SgTXXZ#$6|J{+{}O^xwN$@#G2iZ(W^7O`W_P+WFE&&^4Px? z7!;-n`HaL=e+2(!Zz6-s^wu9NsVcxt?Hv3G4E$D`DUfl`uwgEhCmw!P3@Q$rIp#Epy+cHjrj# zgsE~WG5um>u%#!@X8iLzpJG$+HdX>l&UP{hoFySRZ(8#w zvsZc&Onoryk$>jBFuHyY;hCR53D0-CA>1>`j)7uQ6i+l#Jc;FS^PTn35?=!W@*r>U zl|oAvuCil(5>MyUg7}0&42UXmfc}#yfhJxfoHqB#1{uwxssU6h9nvAtFA^gI=@&YV z*9SS(1JtVHjvy}LWEk`k!6asIB@XeL3k0@XUPNIGR zP;`=yd=CCCDtng=P0De_Gg7T}8PE=u9~lGcapccY0Whgal#t);(#I_4#^?Is<(k3p zXgcva$r%$=PdirXmtN)IJuXZh&{*B)2OPdF@7$QG^;6k5}C^vuq%J@g9+z8o9+ur z+ugCm2DhFz0_gJykm|*pk2nS;Y=~3h82GFi32peyTw8cyX36Bw} zQ&rH$536gVK5c!O1VyUT@7fg}l)E|I)u@0)Harwh{_kZ){WRt=Om@IJ2nymO>2BC` zj{i?GRF)W>!pHoP6&O2*NSx@rL4lJWtQTwo9fkc|mkidi z#yu}SxS1L^fB5Z2#QK(6Z>eSvo)qmos4y@IO}S^Ji&yxl6`})z=u(;w@DKrC&bnUC z>ozi*Rn({5SBRh4gA9@M(k%Ji27Fl2zP*FhJ`|I`-;N2opx2Ocj`#F{^HYtB9ll#4 z`Y!v6JyaE+QyI7(G_hpFx^S-Mon}91648-}P^^3#258LwXNf){hWOr6AsR;S5HIDh&qMC$ zQDfSkF?{<{Fnacqg_AE7X*#ool1}h}k7Cp)NW|3Z^KT^j&e~6& zAe`L>HdzK#QJ5BEo*X`x_>L0e@Yg~cycH(z=LEz9PPx*F(#jkm;(s9$4UZvwCHT#P zaC83SOScnPNWoa0M?IUIyGKXt2i3fxfXxolV;g%q^5fq|`41299~>YeLyzy!Pr}}| zgGMq|m>ZZ0;ezV3Sw+!7phaj#k1nF^w7rsX@aY#pbEI!ek%4aI=KM5}!`YpkFAElI zj~xd1K`R2B35yxKPj(f218Y!qzz{91P+WY_Xv4>IQAHfVVJ9u&n$Td%?YcAM+0<{o z2lBb>S_cPlm--MnE$=etb`+!#_8m})9w7^V0L0hEAHV-bF};uz#}@bD&}~PD@}GB$y@q z73DU{o*CL*@G$EwKV($i{%MxKfKqrkuF#jhIpQr|x{$hYQwUZ}a~ZB>11&JUjRQurg2opH}8(%^%0j7StbY zUr>`;QH%I9w{4e9*Bu(^EcRB~>AyOy*_ZbOND1tUMNobUO*%iX-LC*~0OITBspmB{ zLO}5Fx09#dfDRKjs{u5Z4OOqg%?9e->tPa1%{7^frqKOGYfGH*OmOg*(R!O5ey_sA z%raI^#KMe!jWY*d?D`)B>`7Q`|9G!Oc;!SEcX&-pl9DABSFuq`PiHY351VL8PQM8( z8y5;&_{fsIxU1Ky^d)?%R~k(|Z+s`k?6s_soy#b>)9CZP^w}#kAS<9cAFr%Al!F{j zc!^(c5&|lFN!fM&F*j02i|qG$WG~*$<Jm$MKLKb~6EA0c9AcI4Y^#?whvDklEYq`TDY*S)bl1^|#o> zx!72{AX1ID2FEU5BYvkhfMO^H0v-aKh-8j zvUBw`y_zFydH_GIXj&J2Qrw~)?{3_U+h4=h=@yjjy3!^W?W6WGn_*FJs~LO3F0-c( z>*gv`g0Sp;K4~)KISw^}{B>i!_HfS_;Eankgio-uJUS>y!74>Es{Gy(Q~L}RFW?&( zhYYRWH@oZ|t?u>@a2QZ60N@R@;;=&B?fdtK;jib%cl;aQx9LZGU(9_w0B`~|-m)g@ zzO5ClYQyFeMPdy|k9btgC1*_6phVc!bj%QvhJ?WRp5F?ei}eM*6~AON<+Ct6zxobS z@z1!W8$45EZOBJ0W6OF(s2nWpLHPKL`JbHX=ADn-jL?Hv&?g?SV^ zNgT%xpgawN4BEQgZm7~{*SX0j9b>ElwU=Abrh0_u0l;emAX#MwZwAW;<*#r#JF*+< z!2$Gj=FB%4CIL_lp&j$}NXHH#WE_G15}rvi^MJ#kk;y4cV7?_*|HvCMUBoyH#j0BB zJjUa&uow;uF1jOd)kf}ioi>mFAj&MRk;V5sM*~}lk*__F&AHcb1T69wiDU@@?ifd^ zr#_5I3AYs)W2@qktOw)(`2A_<`Z4Y>)xo8*o=>hTU z38tw=aFw09eaml?W2x|H`r&X&`?u-fDldFHmUILDt zQO)&Gw+p}m^Z-pD$N1v9M2!f4$!cjc$paX1lccURDNwVg7Mvs6>;fey#YK&h5CjZJ zep!N;6)U|+&;e;EJ}04Y*V)_6_Qjs{Lg^>fERY`Hn5zer2Jcylp6-tKyO&JY^Uu|v zy1fyt9^~f0Eo95fhH@>g*ju7c#*SS5l2+N|nf_6!0yK6?L zTi4>Uf%{j;;3W1qIE!P9Vv2_+SO@<#8p6a6q^3%!!|CUQr}M~utPnO-Jb{4BRZlVd zF;5<{&?DY(?-aj(b42|TRxxD+>W?M9G%8%2YZ!*#5viU&0HGUv6VUzh9tpUKQ4~ZH z1xLGjN%mCA37}j#JKA3Eyz~hK>duKJXik(5(Rww*kd}(}DixR@>rsVOT;ADPSxvjP zQw}^6Y3oc*Gp-2m^C$@S{B~zqd)70?nnd+tDv);h^ZJfh+|nYcoWjb}%leIFlSG-4 zdRku8O^gh%3S!=RBLw#A$VE;8Scf#uu_*SWgvpo8dlZ2fsgQ=Y`|3G~)l+7%kGGiW zp#!>jl$Us67-O;e;D(xod)l;XfB8Ze0#3~wPJ91#^CRt5flH=@S+r<||7D?tat}J7 z;-7V_@CRq297O>z< zxzzjjC~46zpOFS{pK~c=)(CA$wN-k6FoH;Ht7=5vJSvp7P!z;36;n%uG>*uU!hR$X z1hJ=(9odf_Kb1AWqPH;h+G$9Q6b4TA40NY;mSS+B*~S^F0EXo!}+LVd@wdJ#VaqDOkjt+xUqSjEnuJMv%Cw+l$VkQ&kwG8Wj)4m$|PHlK! z8v&DvThQw;q&%RW0_>#XR!5FT8Q`HIqxw+O24RRB_*w2^xd|flb}WJU4cDdgf#M7U zD&TOa%E_Af!sVd$@d!}sEp+*a0$9_WB76XOE-&F*?er;ISJF6%#k%6tBH+~7LwauO zjRtUFr!bpXLOXCq?9J^~Fw5 zfTUGe+X?tr;xbhKmShc)6!0ir7}s+FAUg-LYbV28>x)z z6&;z0;p*BiDfvO`5g`O-CxnGUzYNkH#mWN(1R`;ah$_N&XD8+3Y3>*g0oQlax)y-qnyfH-xt2BL5pk_Q z50-*gs`L`#c|WyH%zQ8OTEUtP4S*H@}Q0OGD`2qLG#stb&sfzL4k79gnUUYz0q|vFwD$2{5gmuA6(FaCU*liv3eV6(n4* zoGwL^qd;zS&N1PBy3&VN&1+xblj{PP^Y_i?l{MK8Zbuw9N{9id_;j)ruXe$|G#Qx#&n$y#H z9|5kS_HXJoLSo8NOR{U#jk)JLQc~C7Fyb<^40hGuzvIMe^B6zh(6KUbZUl(Wksv#N zq3LK{Fm*t95NO2Eje(r>M^s_%vc0o2Y936$cFAEL^ zKJqWh1i*GChi%>)jC|SpiB@EjC$8rZLOerlzvAi-IS%iR*M+~KHccd|#M)AR_&gDw z26o*SWcwt;>ZcIAC&(QB@@y&O4$RvR)W4+e5+>9{U6Z7-b!5}U>!Ly3&1onJtkaKw z>dQ&r=MAn7h}q=6VmYsm`-+_eEg*G~hZ#>xzMZW`yoP+;|6bqH;+Rn!oAtT=H}c#=B4I%(V%9Ybk|!x@ubjT&}T zfzX!OyznY`=f?%v^O#?<>|Gz5)2lUO^yEP;?|&+)Y{=VLYhX0pj9zZu5u>{ z7M_g4R+3hkeG<*%)>=RFmN*-M&Ezq$H(Wv4v;0(!lqzyA1(51v-?ZXB&$xg#wf#Tq z@Y!YaVLSql0WUVIrvHPma|+Td=+^XCwr$(C?JnE4tGaC4w$WwVwr!hTu9}_`bMw!c zn6o2t$G*zQ$g364e%G_E+}$eNO>H9@yb6)CxwCR_w0TD`&(AYwF2X}x)S8M*f&Tnb zv5Sa@E;&Oj82A=su&C$f#NQq;SQ3W*M#MZcWn9E#9z=FOeaY1r_cZYSo%nKuBy*Nr z%3C(nz3E>eGt&6H_a5(crX=zB05usb!)(6?K2=EM78Wiz zWvspZP_QuCfL>=o6IJtS$Ec+2`BiUPd5VlzWyiW*az;BZ_n2%`>+I?5&yRKp1jmEo zmP$JBVnC*#hY{oBUN@V|OzM6QYm)OIzL|wRs!&H|UxZWQp1j>|UHS^+-KPuaCTI?L zaiNT=7vq45PH7p(+%FjvsI@Ms;2qRAZv*MTu^f;sUV1;cqP>W|M8BvTQ!(Fz^6-L* zN~;?;6B~tv=$aYh_ikesDCg7JtDxMzv68yBelti7fR10OPouwfP2>pau|r=B_5owE zwilsvHwO4=OIu|9W=he8iO%(Mcf|WB@eUbA&=*Fp3$u|_WV3YDp8I1XAIOE>86bm6 zf}~oHGtydz-GW+|(rux(^J{EL%nJhr&^so*2FZz9_;oSmJ!oBjgMYiFcO({(m-BPt z-s|(dH92aL$FkM}4wJ>??1CUx4|=5`-BYMt=;FAV@9j_+XCVaI1q0~<(R`{Q2Ij%R zpbVDUQ7RdAxurXGZv@UIWx0i3%OE@0(S+9P51(c)!npg4L-#?YNazvpp%;w-}GOuGm3`Ga(i2k3@8ErpanL zyY@ELV79g`#_@tL?l}d^Zq?p-X{NK~2V51Gqau1Xa&kfh_B{uEwU41W79wDy6PZJN zXVvI_kA;CHnM?c}UBg+H{H=FzO-W>YmyZ>iYsnlL5rjica=FPC5Oh}0eCu~?MCyF8 z=mmNoRx($=Re*s+w6Cr;EFp}qYt)L`&oK(0-9dVJ57=!8O=P{w{1sRSejQWNH?J%3u3 z;s@+MnF)=};w}OP03fLW0FeAYnaTgvaPj}gC*8c(&YSElyI(X8IrnJI3FldE=58a( z=8LWiwkIu?Wm27uNzZerP*Q8Zih<+Znle6L_)Y5P3Y_tz;0U@MqjM!y zG37_mAAT;T)%IjlQ$N&YPr8ZbFHNcsIonJv)a%-A=8vl(dik5*8R`pmO3(CcHKC6*JTLZ^zPh%p z{-p)?knNF;R-H1|JR&99J;?t`xL!2s#-bt=@H~}nkn#(;0Rc$WDllE0()CWWv?Jk* z-S%Id#M_I4KBgp2xqSs)`tFwV4qw`K*5msh-nhuiwC)YSCM~Da{wT=q9{nxnJh>)e zzkc1i3+i-^z5IOM=Z!zNGSvJCyq%w_*Xs4Wf4s^9dbho&t$F1O8{l?zvXgWOpsW}Stf#B4uyIsVa(W@f}Kd`Jfuz!VUyDwcw z0}pxiXx#0;%9FtqSv|4)>3@WTnYGsFIeH-5(J#Tu%ROZoZY7@eh?tX|Jx`jwyI6IC zGZHPgxR{=FQmv=)scHS&WUoqRzqNmUIz2uvl}HFd%J_YKMX$`#71}UKro$|Z3sTTi zWUZK(+;=O*9A?O+&r}c}h@_WoEzKv)d@qBJ1no!=bC$)$<2RA2syfH0!ua|_0Y6b< z(rm*C^1g~QZNd}u4$_=@iF_<#h60q+Q$GXZk35gH|qWVoR_`oZFG@F zTy9)7_2xH!t9!%@k>;Cc&Z~1kUjSVACAE<7UiTOQCx?qS0*e`e0N=;!Ia0Oj^Zg<% zIIPWLhm8M?e5_?SI)7uAd7R<=&oYOBH`&Yg!2A2>&?#xU38oR*gie(wK(~KeH}D__ zk+Y%lqP)BTHKN1dx|xZbFc5+k(cl(mEh;|dqrStawaKt+bGP9*mnwI{CJ4G|eV%cM zbZs}&zImd(Ie%+JR}EW3@c|fo*Rf+O5MN#_R=n7AQ4m|GuL}y6lT~K2p>iGBpfZyg zA>#mvC}ExKOp9!oyM8aRa6$k4{r#Gzk$7}BG9+Q!81yA!!2>?K3jlRb}T0HdN( zqBS4rCRY~|GeBc;C$lvO2+HnLwXJPanc#)MJJceDirbvfR4$aKEx6yr z0;>MFC}yuAICJ-x_mvD!Kc@-V8n>?exI!%I(nI00v*IMM1n-XJn;=;N@dQ?~)W24d zsi*S7K3+jzQgi$)#Fcp3j0f{fu5A$*W~)`y79=O$BZYx#PH8b9On_+=z^M zNhPq$nXs2q6^>I6P)I{)Rh3{EC?4E1OWmENc+YTe1(m7n3I~&v`DyZ{Df)g@7tn-ee z%LWPLk5B;SN459&uU`JM{dAhM8jph?v;)rK9kWQWD2CAzOJO4TU z68*UYI6v5e4YsI&IOYNA>=eYtC}==<7T@WQJhmXlT zd|WN}n((Y&26e2AB`qQo1ck@dwpeAS1)|l!&EYy?pF|s-D>xKi)-!u}Td3g@^g#RG_c=Y!~_nLSNt8!JXgX5}+NBuGB5Kq~kgdDThT4jD{1?L4j z1aj0vOQ=0rCONhn*QaOBb}fthXHhY14IF>N6NX$QQ`( zVe(?z7nxr<;}FgHqGBm8d^`I~uEAyYQE=G9wzrud#yPJuh^X)ZbP~={B)(Ge3m-a+ zB0l%}JT5Dc#)P%8@R-`G58oKKdzT8maOnVsc>==uNv%SXQP5c5c3s(IxK(s ztpP~mPvF0xebAi@M6LXE6Qtb)d}Mc*vA?l3q!*=}YoPrFFBe0HdEp}`W7DNj9eJN_ zdIQHD>`)G0x>lN_Y&k@Bquyr$95y~x38yMl?!V97aAh>T*3_MI=Tt!G-3C7PO}Z> zZP1~T&-dt9BZmX8HKV9slJ^R2zTc-JEI>tgjh_cjmwrnkZ~nK>#1}X$KGnD%=7Q{$ z^!RyU2ZZXP`X>?cK4a;fgA*{O|9I}{d3zBMZGnsxdkA9yqY15*R{*o(eu;$1`L8{> zVRV=B=J1VO^y}2C4QI%lb;L!8EtKc$NDgA|QrwFY$Q4Tm6P7wgs z_tM{8{Anjg*o2&Fv`~cktHZKM_AMK@Yj5Br%6eZYQIb2Mzw~z#;>?IGa|VyoQTa3Z zMH9MW5qE7oyJ|QaI?Xj~(X!ZmS&NEAly{e&>^;q0O@l`P*}@@t?3hA=IIM#jQ#(o5 z&Qp&LW`Y-1V{lD$`C;XBEI)1gRD;MTV;NChJ2Q{0IyTgu8{PAPXuG&I}4IGk9n;ku*~Awm8w03WLJh(jDtAid*Up7{bYQAG(M<`*ReTNdrmC4X_h#EAO%($#D+LhvsrlC z#zL-KaOeBw1S1a&Jm|VS-JU2+X1g582>dPgx5moqPy@N!spcX``XWB(#Y+VdA#mUk zt_V(uZZNmp-GO1R0Gpm?8nxVQZr37>4;TIATn{XU3Z@eUd?ej)QOfN4vYk5zs8|;Y z=zw}ohHy1AV2c^FeqAt7f|yJ50r-=(8{ac&ot$oU2MJ)st<^Em6gd0?lo8JPS=xr0(*{6g%wGTsi{J7F7&Q1et^OG;L&!1SQt>bZ%2jJ69V zjaGenL&!t++_1^w1rS!0`Uv z2(gPhD8>6P3*2pk_9KX7kd8$h!de-rL$T*l@(xC~-O)1A&LoeZrEzGL-xsOWn)8IM zAv$H;M=`UeV!{ z;15b+3DQJ#vV?(PVw`>PVl+pxK^}H}7N-(-P68~<4Fi{|T*A_-fw0&b9dya;s+R!DtJqbX$1is#-xln2OUlTquFrVv7n+d%h!{ zv(&P|gp)r-G6|o+HypSQGIhF`(4A8egRj{Eau8t0#T6OgjVtN#`(Z8tbkpFI5sUG2 zI|*8~|#RLwOJ2rDY;C^e}? z!|ugvO+%^`Iq*A-b%OyD{z9!@&)ea>Be9L9r7Himm{1VRDY+s%KZ|oo?Im+=r)m zUem$m^OeldCZh9@ZyJ#pM_b@5s-+2u(5^psYM0;9#-t*^Mb@pOeJs>g7j1X`#<$o) zDFi4bcRF5J@+6)=^UgEz28eZzkK}Blp4;TQK~(u-ex6id+UzlxW52D1?@Fa>wWA01 z67KE|#9Q~&V2ihjYwXcYp&4TXJiLru2*jc$bx%8Gz6sxJv!Ya!%rxhN-35nRdsJ$n zV?tNwcRYUdZ$*xRmh<)p5Q@Tpfj5Q9jSEN#O?7+udBinJ&~Zx&uWBZrA(jfqxnt-} zCbsfXMUJxy{IZrQLv&lX!<13$*q_ZTl5^KMUGInsdj5@$ibA749XN0ABQF1Z}Zc-bep`+6?W&1KJ_KCuoT1YYny66kSmPAQ5>qJ}>eR zV0Yv8Fo!Q6<%Br6?@0DP`O)|8S{=UjoJEx7D7ZSo)5SWW+_7q>p#0?{T9LY}o#}F1 zxY)eh%~p6Z6i+Wv`gwlsD^(5eJqsD$eWCKwKrs_qOZn!**begPlq?<4HTLvsH1u45 z1r&0%$_P41y_iSkzxuWHr@9&KhplZ~ZM_~DPqgZCuL$7ZyocHFzI}qU-?2bFeFtwr zH8cp4nHf7M`r6JMnsqJ6{A=DpPmntMT(iR2?vlC9927wOCzfPfar-(hnxwRgb>Jx! z!KGX|QNjy6THX%J?=t^7Ka=&{U(?-qdC8E?ODCI%+t~-`+uN5ViS!~!XX@sze8!24 z&o&W=OIZ>T-E8D77I9Ff1rsNw&Y5OxY9mAo;0pvn%a)6p3!)@YeEKAzYsFY@$*pv} z&z|rVJJ3GZ(bPyWp&(9(XqVlw(x(raGH@uZwkl~GJI5Vc*^>N&*7dmUHzYD5s-O~G-nJ-y5l%{*+=6N&G z2ALr47&8Wl#?35w7h6xWerA#9Ve)1MiZC*9uK3aU^IzY!{pADtF5CS$5$I;j|70b2 zZGyFq0SW&XhhxlzR5u}xe*w}pw`xeZT`M}E5Z!;}jFSq3cvf7Zx34~DY6u|Eqx8j8 zZd|_79Rzxx9>?0$b)$#+QDb?4Cp@|9>yNqqE&>_yE-F^ zjk@-2?M0Mk)6wPict{h7Bld=#o~cs?j7ZGy^#A6ugYIXMbp}RAL2cm-ib8*ueG_jU z?Ic-)S(}>0E5{3GET!V9HH$F&$zQ85@_1Gc{itIJ%5ME}Z>-bL+X`l1rTaZ>c3y34 z_3|1XP+s&%fzo(mo|Mh$H3MV!L}}2>V1uVE#}I~97n|3A<4&aSMmWlbvK@A~nPR_X;3NsflcxecJZ+Ym-Skg7XCW8O_R!OFpp3@?|^xD9Y z!AkHMFL`AC+C{5OmuMiMMIIiBdFU&Jru9cp2)$#Kxmp+qcJfytL^S%-ISe?$p=Dd6r55##PxZdSMp z?EEjcAgnZUdM4kIEBc9M_&n8#t7!-Lk8Ar&i^{v0aglN-1FDg2kAhos* zc*<0|`j{BYK3Qz`?;j#vcX{gM9~CjKNYg0|%PWVm;C8)bz~E=`ikbMOE;Ro(icHm0 zcquzA6c9%y=F$sYxXJtbOu%cKnA2N(We#WA^HP@o*NPwWtA)O0*Dsro4dv6JL!R0v zwU9s1zseFtPGzhLH-u3I1HKbC(ZwJMD6b82NK0Gx3PI+b^g!f3^)~26-8>3fu+Oh$ zTr7&_;Ej|?!V$X{L8{fbCd{3!K#ofl6Z|Aw`=g}qao5T$KBz!s!a3rT8ajZ8ws`(H z-f7k|S?Ijp>HjBdr(H?>*Aol?#Bu-t`2UTy|1%nyS(>{#8M;{7+x-tI#c6G?xJ`EC zpWVE`GQzrOtCUi8+!}Ci_bihn`i6Dd29KsYtjd)_TlR*3)t;x1&`sm+RD3d}v>Uq* zz#LUmn>cLHGqXqf0Bbp|`+y=+|KGWVqjcL5912d-PkSLIIXkVIsQj8l zPnb~J9SEh3y{MUZxD{VIIcL-J$uiPV^5>RO}C%Z=u`Bi9RqWz=x z9&>0IWi~O!9X_eQ%%6)&dJjmGmJcHV(+29{2JUef9d3E^*+Z3wc}bh7u4;`;hQs96 z-W6+&h0m#yH}V%JR$+8aqDaP$W6i|00#tV*C*lnJ(iY93lA{tn{Ix?eTKtDjG79lb zDt^fL`dGN^6jMF$uhUtfdId%BG>_+C{UgVLBm-6~t+E=?4O%1&F=A;C2OUUcdcjoB z*RaP)^I8ENi0EB3$JC{^v>@eHVfty&T&Z|(Q0xA!>K*)C)oYlg>fD!$)2h6pGJ#w^ zAFOT|nZSGcLs_DcA5Fhu(=WV_wl7>>XDRNBdlTjSy1T@mimN9x5Q?3d-NF8YlSSDqlSHiGi3KP6+x>BVUee4p1~7D06Y zEsXgkGxQn{SE1QYO5xT>Vob15uebN>_2llz7lTVeUuJ95UU!2>gINw&Fa_t-<70OD zVL#3eR3$*K!fT}1G)&=T(k%5kpWysG)ho;0ko(+QE+`qj;`_vpLkrxx`*DqF zfaxNo=CCOllGo=wR97~;RkOu(Zx+1+jz{W^rs4xyIO}vjx}b0(d9r_&Y3ZJA@lgUK z)az)g0X$OpMY-Ud*2$f*;qOOb1X4Lb(4$rjC$|--QW{{rPtQ7(G%U?~HW7CYh$4u$ z3X_tQ3z%mOg{WRgy^cV|aIA|yf=18oK)At2uMsbwP8O)SNG^KS(ia5&`TP+R6GUuy zTwrrN$sq*&S49ka+@wa|693w3PL8Y&RcM2x*l`dp@L!D#O5rC7Mmy#R_zoFXb^k9+ zAq}_;BwWh#u1hfaBki4;NDSmXg%dSq3OUycLO$#O$sHI=MHIR7YZQXtPPFq`*szih6wCjar%KocZa!{!JD^#)FYovpGh&4# zEB-j{hbI?w8pf!K;Te&jwJ7@-1P>cB;Ppli7qg!bA=SVeLG6LO8&8YIBJ5)+p7<0h zg+w-t6^m139;eji2HJZ+R)iqf(Wf2!hW&YI)*yKj6|pG_&)4^n29VA!)%Qgp^lD+K zhI~07QXYL!Ic47;K}JYWbYuW#2vkp}M-LRj*g`^%Oq2q;0aYyT7_qP!6EDjI5oE_D ziU!}hZ)SVD_a}|WEuBtmi(LK=z+|Q&n*FE0bN*w}i~?O1zZyXuna?h%4ir73 zocs%L&nZs~JJ&eLd#HwMZ*WOIOY|c=MhqA%7*z3iU2||TVO%I-qDgaC1fGGTOSEQ$UrOJrtf_`A3q#6S;*S;S@;&F3KNeb96PZt;!@FZ zZ=-wt>&4PM^9U8pNM)Jt61bP)8nn#qg zxsv}>+aqGr+GCV%FR6J|X*!I}Y>h93E*QZ!tc0MEaCVp<2d4m2+c-|)jb+@^GKial zQB8e#ETK|M9lL*zEnDQsOC8i{UAY00_P(@UMBfKAhG8Q6&XIW?AD!8rr@h_g0kSNT z&If8o)}%p;+v3u?PpF>9{{y5muYLdl-H8vg$r}(HOOYCW5|uiG(Yi#8wLw>~hN$+8 z1pNzf(*8V<>Ldu{ReH^8S%w|YT;@p7E&7FmUC>m8PlJC0j5I2=8P{K!3eG5V3pqkU z75^TT`J;%(9=EL`g7wm#(ok_nnhQy6Bu2x&t(uTDq6>Ao=UUb>1NH{Ls(6Ls|UFzb-sl{pMr4nLa-sFzYF2u zbdr;j6&l-6PjyVJMm#&VU^@qm3tdF|JQaYEqe(_tYq0d{SdCPy)U|Cm9UCRBG+TuS~sNFjMvmS&zOa zJIAQZ9x1UfIMv5M+_RP~^3(*qjiw3;-I2Q@h=1S%hZh?Y;{A!|gK5LX8F=`(3q}{F zfe$gja$u9C#qo^^I9KlTfd{(Yrg8?n`XW83J@pA5>eC|>)Jm{*Zv27C@iSrP?~nO_ z{h453a8$H4*QGPS%Oa_MuU)KJ$Um3KmDmu$`n9Xfk_3X9TTm_Hnxo2e%I#NqCJKt= zn89ZETab+<{L+#n(xqoG3B+E9f}hW2JD+ucAE)LK2CW)C`m^hjYfHo56iZ7(L)JSK0+{ zF0OMye}L+@AoRJtfHp5{eSRj;1$LY%b(JKemWbjmq8i&J&EhbKI;A~m6?ZQfp&Ja{ zlxsz5B_=i$1{N8Ls?fZE3VP^$dSjb==`S0ORPwTIgeH!2$DxrgcQN$ud5b}Q!Etwx z$*4bF1XH4}Q@?a0l>EZdnZcK)q*n)_fAP;jVu=T&8laBx_XagcgzA!UP&oITYYn(_ zV=JlPH6)Lng3U%B|K_m|tklMXt@;fQx5QciaiQ;~8mS#mPV?9?Frn9L!y`G^(A7&l zY?W_z_OY1Y4`K?62Hz2`v4IvGN%&jkv{|nxCE20QXf9Dw8Mk9{GS1~BrqGKrs{_O1 z0XR&GuEY2@mmOsc`4CB zt5R)0t_62SZJI|1iQoy+!BKs)nX!HEgSJ2%Ikrf0T3mr-;}edU?l32#LPdjZ;0wR^ z2o&EtLLHN5LE$6P$0jtBK6_OjMBo%1eJ6QXj_YN1ptRq5xlbo9nN@I%!Hz(N4EH(7 zmIuHf_a)NIVVyw!zq)0Wi@0pZKpcRnt*%Eg)N zW4;)-Afk(Mxh-YR1#C~6HN-r$)MIn%u90E}D<||9f-F63-?Tx0uL3k0$4omaHo{Sm zNxI#62GU8Djx&2`Og~}OH08KZD0+pkf@_2Gy)7YQjwoCz1$_}Y&Y)Vssi=V%-Dt2!V6k|A zdmVqh5cqa>S>9uP@w^pIA`m!#GD&6nv|qQhFBwnc-T=ADBjH5j2#R3bbx~Dwvbh33 z*R#UB-<6_;;YGf;MdY96pBCIa_A7@mpkk((DOLpe2Vtna2@U_6B;Brs)MhN(MC@P{ zeYLuUsTy3y5%j0Cw>LGot^*TMbSGXyvoIzBQAbq(e^h34mgyX9jvHoPCO+W`9VU-a2*9sh|-ej3nCVz1RExhl)^&7|H8`yq^_ z=eXE`*K!@sI)OWH(ZBSGaoVN{z{C5Aj&6y8cB$)cyxf_lSPk0DqCqodiQrCB*#q2I zhzu0y4L(;jMnzG1nQolPAplV>rAVI{R;cD6k$r>?6RI`FSl$(YS0A1gyld&6u!uw5 z9L42axKz`_;88as5KvfHTQFo!U2nQh&-r4s2+Vh=9Xx@<@1QjgqgE+BlB=aDO7h1W zUU-E-%xu`uPuXS${0;P6Zhuj_djP!^$ihUcr-|H*EpEk%<;IrTAVG-?;w$+JvCjcS`!6rL<4_T)p8 zW1ELLGz2|p{;Tf|)uK$G3#B`bpbR#Si7praeEiJsKY53v92OnwzmZ_g{}$SR;~ln! zmj4sxu#H!c85BeuzWtyI^|UM?#}J}BD|tm=i(C_-BC|=7V*aP&V?iO?-LaKME11Mj z9qr+;_eJ}F2M!^nC>xt;k*ZyiE)*eD2XXCh9JqY<$zdS4O`UxkrJl@ffG{rSCSrgc zQodIHq38l5BRD+06D}M{N2WQWZLc`ivSYq=aAVB7&S~>MpKn;_VK403p4t0EH(I{ik8jh1;Q<|i#?nQSiFGWFz#@2I z8b~F>D;0^bB1zzaBxbD?LbudPV*jG2@=gmST4N=al`58yVqmDLO*HNoz%3&zQpOLA ztHk9x-n9`Ck>=oj7yn~?=k-%=%5h7p55+{{xK9<&;X=|a&EC$B6d&MA!?EnW$ zdK6t{h09|2g!CWTxuRFSr51Y}$9)s6b@XGQaxHhEQoQON4jQwg#R%E?hl_w+8CQLm zgWm3|Aw5c-%3d{yow4`9C#&JYu-^(5)n};o(Dy14>`V_@Sd&?yhjI3u^6t))o-{bh zYXxB10|S0OJ#RYSPm`N@zH|bgf4{$;Km3IATUZ42^%!5{S5yWOtTgKVlDKe%@8q!= z-wV;T)uff#?=&uKEp5^+r_)N5AE8~tWl{$Z$h7@t*|j*HN>Sp)hMhe7;#iS=lvDbi zX+ojXqN_ZU0lkls(pvRpvZ!?wYnlgYX5%gC^uI@ojVz%4=zA)^d-`Ncf&u|2=dfRQFs{Vd^_5Uz zQueEyK1`4DCS;gyziOB|c$X;tZ9)6QIXH^YTi|a)g+Sub?0^#`(=SdoxgJh5jp{Wz zORd+~K7Di?*!aqO>t>W?ktZB76Gumkg=GspiSvQF_Q-R%V#OxEug6_AnMZKzZ=;6Yqe`V)?> zAi9Et>Ey0)%@(s>2NCMMQTTt(>MNDTtX2+KFhP4V*yQ1_-F2@&L*=AzS77Q1nRpyl zh8e%Da5SYhVW*l36Sb)>jHnAplMTjsbdlhhx?SblS7BIAcgo2@KeM1E%K-%@=jrim zAD{t(1tg5R&OpL4tsg5=eW()2eR}RUcGeSQ7S~BFGphp(0%z$Jwd? zLmsA8KWyI{e6p_7sp-UgG6h;m^5CF5QnM;i?%&vnSDmJ=ddDU-&6tOXNatn{s4%<2 z0fzDO*GXefbX=|d+-AafCS_&0(Q4(+zMZaW`Whz3BW*{2mDigmmAM=QzW2XN1xZEti>ZXwTO zI(pbKJ@-n`*re0N<9~(YDLRtCZoZ5t(S3A06#gLfSU4n#uQejIsaQ6b#`e869@qT< z?5S@&1GU5GfJi_FMCX_dS3LhbVe8dygM*RK1du-mc8BhHkagHL136O0`R(}{@Ck~m zKI3_9L5XFxi7go1SHKty~XV!;-`&TUnrzJ$R?h=5C!;VT#l^M4InA>^w zx+3B=;?UU(wYM_~Z4!fGoTHx&PFR*rDO6$`Xx+4Jo3*OKweA(if1JgE5~AQ3Y$%sA}Qa~6WPab0fRcpLV}u<_$ti;FkvB5s90?q4s7SI7-oSpZ9o3yZ=a z=^t!NWrNtY7k`q#SJ&bZx31Ki=)LttQRm^La?e&a_J}ek4bwuYnLYzJp1%FQ#*;Dp zhQTK~C&r&6xhIM!V;ld-pG;Oiba=~kvd(Gp{Hkx*oNeYZr>_eSOrY{W#kR*LmAkIV%kx5)yV(&&<%th-FAzH zu}?YYv7Z|o^AQPQH=?x-uC|?8pvVH%g*0@xcWfg6~_b; ze*Amq73ZAq5)k?mL+f`rkB#BKEVzavMXC=kLAl9n&%%kUc^8`Jo>g{hciTFZw#i@! zISe1iy*A;fuA^^!A1$7f`P|=lob5ja7FIEa-c0ZLBR{&JKeMMH36qbNu-x680{E`O z6y;Fy0m%Zcvm`*da5|qE?RK1IT~C;$9$MG;^*pkzrnLI+UdtI`^EnW(Gn+iEGkDdt zdmbIaLs?JS<>U1QflMr*SKOJr&D9A)ot7*^jo|<0dTD|G9V?*5m6lb-E@hu*O1j+B;CEOqMh$Z0vA}ee1#^m38$+-6;m;K|4V-Y4fx*= zQHHY8e|`L)7xI6r1)WSC8UBCblmDzMn*h<{NNE42`APx+c>mA6{_Ur4W@%&kKm4g| z=Jj*mYDxIHE$fRqXx$1fq~+mT-K2a$mauch(5@^go|dAPONdWJ6JrKYSz3Q|?oI&+ zfsl1JtvY6BwUGM^7<HYW(;gxCs|VaCNIE4)w!BZ$*dg=Hk$$^04HX;wP~{K#0pv0 zm39x6vXR|sQbcbyZd8>x=%bbHxQ(BsHKK!wFq&w#gT~LiS?4c|xCuwwjjX$(FY-0e zzPo(YCAq~jmy|unrfLzACof0`^wZvTpP^AQ1C|}`OOb_R3{!*y!DNXQtMvm@*a$~^ z!00$7Vs_vq92tcHPp(HVRO)|9{TPk!xF}7NP{jh}K7>_>i&xoU^noGb5J9$k?)rNx znDxdaA4H3*G)h&cr$tAfZZP%V#G${nlY#YOEEY?VK|Y;A^kKV=aB&}L?GvK{!@f_5 z8Qwr6ZIeJkyJV|ihi4!~H&q-*_De8$*vd6mSK`%s@xQQpUnjq#eqwe%Ki{AGF9j6h zK;hkJIu7JuX9aW6exZxrE`V4`T@wEmC!c=RPb@rcuy?OldK#F0Ip#KDh_8~Qa05V+ z39iR~B~Ox@)K+oeCKtl47p!E&=iGT&a9LW5tPNM^nGZ3rl%V6wXq1ANKvl29er!fQ z9)R^^T;!%<^~PP0cFWiN_Kt`fh~`(a*I$^V0+89?P&>jsP?FKs<7BOlUQADgb4kA_ z5V9s-yC!p!31#{z}3&n~|Q{l2l87I$Tf@jY}WKmY- z*i9EqGTr?w`+k}cy!#u1IBS5&2c-XyXt2qB;r}Gv&d1WHJ|cGF(wZ^A>vwPX`5a)O zeI9;ge0tWS`8*$c2dw;6T>w;&9Uj}#S0>tA+Y&p8`f9UV*Uh#DGia^7rQPa%VgEdQ zWd+^(y;=(Fd@-84do&79!sJges*xL{Dq0H_{sOO(QA-)lY<8U%%k-Z@?*g)#h&O#x zh4;-zHt9aS$K3;^V@9YB-iw0V5~6Pwh+jHCyL;WcHCRhxmJuCchDQe60Ooksc6ZH3 zP7yj@&gPfUJBU+>P2_U@jUoMPK{aWu&C$|v{hz(j>e?_In!D@GK9 zm;<23vT>W&ky&!*nZngTD&aN;FYht?4u~00>hYTiG0HYrvG1u92o;J>w4xmWMf5ni z!&T67xQS1bKw-a~$P?V!m_NYI7cQt)0zF2prQqA0(n?HaNR18tVZ zE}RurLmsRqYl~-G^X7M6=i!1j zQ}<~ekafFC7X4Vtm^4MZ`S|SH4T<=mpn zSXIL!)6wg(Om#P);<)*{{bV4uAXh6=6!9AiSj4P%7Q;;VQWNs+>?o7S|4#O`gb7!u z#aEX`DHtP)DN&HHyA#@CyIiV{hJ~dV>5;P$U}G$~lzst273vrjpL@SE zMtA1dq)pv96psFgaw(UeUgPPO)0I(BmlMoRfnGev^or8PZ3zL%1XltGEuv74Cw@nH zI;l4QW4g&Cwr_RBa%Z&QtO;sL}b~&@1BiB?^t; zbhvOcd-wT8qb3sw{2ErZqK}s-$KKD%U|P}@v2sWAy=zcwPkbJLtNoclf96ST81f5S z9eA#tagu$^{6h4lzV$pdRCnUTPOCf8E{M-Z&}Z{X#kmLfi}SbFo84~w^i1bvOTWiY z$QaCfV6GSjyT{1|kkY3Db%k6K@`j0a{*PKh)E<=C6psnY93R&>p2sbB5q;%G#Woe3 zFVvqQM;BcT^&AleKY zYg*lVn*vVYK&kEKqkfuU*=BKVljw@&1$oIRZTT6r51?2;s^Kw8K3f$(v4c|D8_D<{ zfhOT=Lwcix8i09M{?vk`etAZYawFY7svR1%aL0JDXa?Rkub0h1+~}7oYm!0DQr3=+ z8W=jPN=-4d`xo^{<`X5b(k4jiDZAao{hFJh+3@1!S~3XzM%S28$|r>Glwi1F&B`dK zHl{q)e$z2?MMD2zWiVE-sm-EKT=&Nu#bzIi>@|h6CpBoBwSRL45uUFiuDJ)aCg1qN z>oZj>r~5uEqOz{b!X?gi+ptDpU1_@TY(&*9zroer%^+_e**2-1K~xY8HB1yODdvt* zFV2Q5GIGb&70N<@f9Dr1!GfP_C+7JEi~g3`AwFGTJD$y|nM68>cju>DzQ(>qd**=G z%1h6pWNRPDndiP_|8GN;=ya?1FW(9FVR4rKMcFwvi4sOhx^3IGZQHhO+qT_(+wR-8 zZQHhOckiA3u(6nk+4%z%6;ToAeJh_lnaSa)bYx}mvxB?I>DXgmjC}HSjxruq;m81C zr2V!HWGam6?e^Ncq(qPNyVWf(GI#36xV|n~Fl0&W8|)l<5v9xT-Kty6&Bj!IiNfc* z&p?J3TWYO8Iku+WM;$ML%?*M%ULAR#{eObEJ|>XIKG_9x02u$SPf{YRC8ldK@H*}1 z<(FkcdqsEiynR-FlalCN&Di**b7n|8AgpGu!t|A`l5HwY@CM{>R#D1~0mPx~+EKHi zsb->d=iLHA#C7(zvXqrkp>l4Qqg{__@iSVKEuuejPu80$j6;ye?LoqN8{{TKNBRS= zUeSXopm;ed7YqZ)jzY=7BR_Tt$fHty=>S+HyXgDnNlV;!5uh8FnWJ4^-#*<$BK+&c z!kmxLFh#UB_L<#5h9@JqhJCdk0cv0MZ9-|d$E#gJLiYW_V-%T%7@(DEplKn8w}_UKZ!Y^e zQ?=|BZDwwCW>N(EywXjHSKGZmOj)SHC2hpscKtf*nGiuWG7kNDWRo>&Jnk`HVY6_z zj$2vG-zC4!8(I`yC}%Pr#Zr|bajT0*LFsf|yx~hj+;Z~QS3Q@_SH0*3I#gW1A-sI> z%jr|B!B{WK&fiVpU$$C)fl~_yk>8a68*(77ijSz!>jq!^i$PeL7O3nC^<$tAl!#@_ zn-BfcNwc;&7)#jgOPhYfArRYcRquAD+j!uJt9=5KKHl)1y3o(`tr1gj2(F9A#j3w2 zJ{We>Rs>Cm!u=Uxmu<&~G2lOPgyzd*k(g;F(dhXO3~RCx^K_WV#G4)W$S^_cb?)W}i1ZSfqy%^F(Cp71urI;F%F?EvYyw zRJ3mhRfT5i-E?5r5=;HVu67xsvorIC3FeJU?Bx}*(;r=rl7BunnH2qI?B+mxv#)VC zLLrkNt2v7YS(dCX%!Z-U;Q7lajUB!X7P~P$$Z7O#g<+n#j$3AmDgY5LcC(UP{bY)Y4iawOmRY>d`nf#g*&au*j>?AIrF|#7sm+szcxUTMt!wycv)`4ai#_eFMqO{g z{Ibep5te3OJdL$LU^bfVfJ{mh?y#ltU~klgD6V1k+4;}{z4>{|3$Vypc!=<3R@A1Z z_tC%_evZV?4pJyq{3=Og-#7?DeSLvdu83n2I^5NvZ-|)$acOP_Y0enL1@-9 zm-3xOFx;L3YWk(7Ceds?Q5OQCLN1U;TLd=dG1~w%^@~W&?JP$C;iWlInxNLZaX%Gx z*Sj^&D1c~{L_#3|&CA?pg!rj*t%zQK<^$1cRw-QPr5?TRD0<{B`efy6 z|E~3)X8*i8WCrjtEK*wtx3=TCbuQ*HC#DS|!j+2n6R%d-hrtbuydN#-%zrVW>A(|l zRygnQ9}rQtE+29v&HHdS1w=KpReLoi+s&n8&v!&(eOaWTHRDeQg&OOdf>GT(h3leL z+E>r}<3C9?1@$!PksW;iNU#sGr|b;79s35$%)A1=eA6%d?!yO1L+E|M^;ldR=}0uh$s2D%?hVrWIbxj9bfQb=JnR;Ya0WTT2jVAqd29g8^L+yWS@5pvP8*YK!d0<(vQAc> zsJ?+rcsYrESRxtd%2Od+O5uI7lMsb*i64l?N;0zH)GyuKo@}w%Oh;)gWCC2nlN4(H5fJ` zb1EV`7m6%c9YY%B?xeKaBlWt4|Bzt;w8FP0E?9MHZl7SD)#ggnzq&5pmGId{b7OZT zQWavn8({#;H7{`wnqiqjhj>HJR2i5>tfbmic~1x?Zt0jn25Yh+C>tJ?b)H7gVYR)} zT#Ujs@QK{)+;tGV(?Q*aiaE0&9e8v|#Jv;hk@ij_zqBM}Pz~0#eq`@Qa&k-bU`N-c zEL7<1KyP{*Nnl&7?jey@J4Ccyl@mRe zcpvMf+|4tp-StC)aa&fpy*CB>RT^QcwTjLog2Lz7@_rBAuwQB0k13OLyXxKUW#C@D zY;S59-$5@=EvOO^EF1;dm2$buPx~sewtMTR5X{9e7;fv0{RIN{C9P@$}66p{x56I8Dv%3+_p>PK1bn%h)PwJ+UEbCz#Al!Tg#WI^B?xc!Fi4bh z1!^mECL!l=`Jg^Mbt^2D7cV&?JWm%;akD_JG}*>y5lB>jT)Rdzbz-DYgR!>N>SU|n zMRz4eEVhT0h!IL<+nkCba1q0s%6Z%6DhXK0_jj3KXc`Hur~q+(`oumA`u6$qriv#q z@EY%DEH;1=MA?`98?DmLcgczm=rsiN833U)v9RVRy{J-sw+iNlzV{gJYvDhe0RZC` z=*#_>TSZm8ZXETC@LO{rvj<28A*vF0coPMLd)_Qfz>C=|V$u`54O&bWfc`I5%|c{X zp77#kHm$cAK|1zSEuY5i8pgAvUoiMj`&?pAw~eY+8L``h>l(L83T_dxQi~lO9f7n= zKwfb0>Gn^~^B_q-sRH*nkS~iI`4V{eH`%hU)wbU!N`Gc={$tn~2txV&JIGea04`OR z2Hf7KDiQmki~$q7>g{$vc=t1 zFE_aM4S1&wdzQO%(~ym@78bxb2MLO8a1qkRM&wHTMT$1#`20k0w@Hd{&)fAko7Lm> ze+kp|@96OIeP%K%0_&-lk~m9*Wk{NmZQ^^`#0ytw}H#__0yesJ8_e)&>ZS? zEH~V68n89lYZ82oOrLCQ2aEiP*v^d-{exnP|HJDveS})EUXWJGl3YW}qfkMjUW2B? zT!-8Nz}e+&_;CNwb*Za+>P@Hc0x6BtBe;utwczb3!m(}EhaUr6JDAEhwN;8^{Aj*Cl*-kD9Nv%o1wQK z7j8yaIN!a;l@@N?KE15ZG|i5htWVhs`{X8Mll)aZ7lU=-Wd&ogR$SF^6EZ1m6PuO; znh*Wxq1;)aC|n^}?U_*bl6YnB*}2pkOJY<2hSa)k^K;XIxey=WohA^!OB4{Qn#%BE zT6}SU#!07$dDK$Wa>u(dH*ZLD?hRwccwj$EKkC%Jfx`}@2Yrs?q08H#&{F-or6|7j z%wWmAr~I?(Kz_p}VZlz0&1|y}ppW?@{NcOpPV5>vweU)U7|^S_wv*8Tp`)36Q6?kd zv}&`r1^1fx!7?xmnw#w(8OqqDy8fkweD!zzQID0M2)X#tOAnYmG-bVe=9tI=Q~5LN zgG=5jauk8T6iD>>KXcUnbNKTA?sokLe9_l;@H93wwlLM#|8Ibp1?WYg^nW16n*soU z^FIYK|NC?Q?T|UUIJp|T*gHAX89R8oSlHXqGIRW!9mfBQ{mlHoq4&O8vN2m?Zf1!# zY*~wsmGdzq(rm0R5{oN;NxiR|dDBeBKh{%?<54Altffmib+avB5~kG>X)QOd3=knT zXzRpq2m}LorvchI!g;R<+fNdVfsQclG5`Qy(u4y@q*f-p<4xebSvrZ?HEGnkE4-dB zx^KOo$PW+0K>UAIct4-9?WGrbCB1(p?m8iQ?^b1!+LjVH4jV?XVs4y-OFI`7_G&yT z^sQ1bS`>Mw>DecGcIM98k5qk%3>7pVN4~6zF5=lo&fBkK-;!e`sV;X?__s4&%(0lC zbnfBa8e=u7uy+LgYZ%3k8SQuYmpDX@E8N%k7dV8D9dAK@Ee73NwFLuF|Q0w%NF6*`ag0NltcDA3p zvB|97dd1zk5OF&N$F<`@JbIDG*vxjGZ(X(r?c~5rf3`RT>shb?dr*5#Qy>%=ZrO2` zPU3FbZ~{pcU^ZVt(8-^5<4 z!FX@m5fEXdbCbEZZ8i}nV1ZgD=c9)*0H#O_v-5Jp#HJm(8dm&U3?{6$oQ@ph!KK({RL?g)jEZo`% z`MO|EJ9?k*(AUb2TiLmcD!6GWrnVZVrNI06m09<)Fg?lN{d2B*d2!lWTeH*gbALgr zla8%r$M%tVsj?5!QAqEg2;u(zC4o=ZN`5k^zeq+8=LNqD1W zzEhPe;u~6qa!9fi9N+7NGq)U5A{Dd!iU}w>g?aDf8JKLFh!PDi5V(iNh8g!lz%We` zJF6oKJg)lQUir7X9haiK%hYBexY)l}+OGFKwdP@G!=q`PV>f}NxbBI z-aVLWtzAZ8gbgh|0)@vRBrAx)jx<67eR}UE(F^P-yUmOIy1`_aSnQTVm+Kgm=NAyo z_M>gu@wwaE$Liq*{samKa&ZSs^DXsgxZJKbL2}8R?jPX%f0%h=O@dt2^KT56vtzrgFVWKR5xy+b@mL0MWLcpNaD7l>2E}uygVyhTK<_*mwr}m zF5%Yqdtc7!beG?5*Y+08PxFuFs-=viF-Z62wrWXQ2!rt2&dmI4!2wx&To!zF1pH zq;fmWz1XuZlqpq7lmehqP5NOD;D|-Z#vEw>t59DgxS6pNrruHxZ zYg)k+3%T|-2NTSeHgA0u#+=Q-ApHullNkOe5UIYU3s!5#uu$4GwWb6E=ml;mjF!&c zT19ANc79KYS@WoSh_yQR)T-=GM}*O6f3Rp5B0(}axl}HC{+ng`YB1m6L!t0LMPp9 zzgLC}eful6UgWx&=9jpMgRwR+v@r+#nP-6d+gjXIr30Mcgh0Gmi@C9HxbNryDj%M- zGg96f-Mu8=GlrNAeisn)y5S>IUT!)Vs)k~y8cU#7QM>irqcVm$*yjR;*3<&#D%_d{ z+>!tJ+)2#<4Tk{)xMH1A#`?cz*Q?=H507Yi?h|r$ej1fxZ~dyVQHZhUl3F^}EID*y zJ@kh%YOBg4|~yEi=LA zp$q}3YH+5@y)eMLlC}?Y%P+1B=X&T}V!uV!dsI`QU!MI}Ac!EE5M8d1QgrJ!8@N^a zlR_n@{X^S9FFp}{)Fm@PrM;J1K?91$G(;2-!ype^U1vYX6}rWpWSHjj&wtqzsbC9LLy*DeSz1ey8W zT5RlF5H;1XZ3KSj(aOzSo&tg7J^cQ#R`Pi>OwT5?RcinO09H;GuOE6zIq4tV3 zQgPyGAJ9dJjec<}xO#tY-Ogr<#N62_ggxMH+3Avj6xX*R7395VA^V$?qxZ*6kq3CL z3NevLHiCxBG^R+Bcc8om2KvnHIndmyrW5hyj|fo8D1tf&i4Y@D7-|_5Hv=~%S%#|I zQc|v)5nAP9jFkcKEeL^(^EeVduZI8zQ57SCqZq6H4vYcdUBPDCUF?mQ;}_pUJdhY; z%bA!;$v#yftiYUQm%|WB6cVgqhD#HA6jX`a55huN69>?gqp4@goQ$FciIV`)Q|{Vp z&8w|Sj^K*;rQL=QHtjT)9gwzd^-b#tHGdVOseGxNg!stF2!*XX2@x8x0`;W0IeONUXZ2J`TL9-xtaZ zqhkvIakepR3P)MkPj1l?xgaE$deakqF% z3ZZ<(d@g$)Uy`+Ox?sN0eXBxAWsh}WE;HbtxKks*&|hb8S8s1h<_l=cm(Hb{pfUW> z3Nh7>htJ@v@59ABGZFZJ~#I{Z@J&cdN&Ql zv+ft+q&Af`3prR_>K3__C*m)>AnC+wSoj+hX)}d}&C5mS05Z3|1uio_{d2Woq``b` zw;G7ZOlJIwo}0()(GVkrnC1LIzj%>E<*Aj;vdZfXTw=0=4YFT31v7Z1(81s! z7Qgj($N$@@!$yl4*9fG87@6W{-^30$Xf-EX7NFu%@HaxTKGZADszr}^XwzcQqiGll z4~6xN3s+#o!(&1Pa47~l7On~1Cg7W#^rq^W4M2v90s0>K0seBkyT=X;WzCvPt>qZa z=Dl`K=F+0g6m<#@UPv_;XzXud{bbY^w?N!4yLP5PvVRyEe}T%MHyFUIrc-#_Cs7m* zXmoKa00p^6^1g%A6b=&QA`^P3tdgLRB$a$35DCB#EhQN9Q6qo~Qt3EA18t~qiaTCy z&_H9*ZgQ%Goay2#WK>yP+3J+P1&7tqU>Ez+U0ax3O}tPGv}^e64OP9#PGJfw7(bWz zJKVQkJ80y9xbw!EYDOApA=kO##}%gAm+N{TVm_=~do`UOICTEezy}kqVzb12psiZ7 z%@55f$W7c60fZ=Fi?p_CL(P7yMi9?nRBvJMee7d<*gLa6!9WhVCHe4O1K@k8Dsgq{ z(*%x?Pg(~`RXj?N7yP{0^>2l`wF%=ZEDv>-Is*RbBgyqXw0A#HX^bCHm48>qm+rLz zIa~sl?vnTQuGRzJ3D5D5n|}kO^9YHv2v&7Wk!{dql+!`OH>{_f1P#vuMx8@_IaDzA z?wzpf_|3B#IHXKVh@C}NsCZKQ)?Da}d5Jt3*j05RmgBCZ93ib(YkauHvgs5TnRNr_ zAn)7%90NU!FH9g2mlUuWoD2cv8N24(WYu=3p4nk|WPC_YU|z|NL@a2@lDwABr&+3& z6VQfOL4>2?q#P6rIHhB;G}j~yIEq9>6m#q!OtR^*-5>0igvLtgHtE&(#1rBLPxj_d z=!uZVoj(vdfK%Z}#JE~v-4kdDz4zu8B}&!YKo{GoIMdi#8ASFYhoWXHc4C7j+vQ{B~);hmUslzqH`Anu;X!4+L$1`m@iDLAiA%H z!RdzXw{F)hr$RZ0lUHSeb3@%K@0OcdE)2B1B=Z>&aFNvFJ zFgA^EOCOZE(J9Qy69JWj-?U{0J!6Ls0W3-)1zxJKjDu99#jCntHE^+NRkA%7ywsCr zaZYf+Tjgh*cgSTrucpz4YVzlo^0+*lQHB?%@F;jfB!o|vZVhH*lHvJo@+l(d7Rj91 zC|={721lBsMSBCNJd{U2#V_?KL< za()ZXcd{bU7cSX}ICJZDY72A@(?eA3CZ-#>L0yti9tU3dn03Jj)RM#PHm^aS!`Q|l zu;>(UHlbVL)IWRo&_NVcftXe)(bY(YBr3uQD z5}~^hMYnJ97896x%J-R^F+3eLY;t5egGTo|CemY(C?SGUL{KgP$H*B32(&S^0Nj4Z9MR_;%0KUJIQ!5ak1qMQXF(l)E8TM zL3`rNumzYU44vrM7r?h^BdQzps$g5V0o)b9$GqstIjgJF1+GKW8vYgVW%7^)feC)# znN0s6r&0c7u3nIASBu4f5C5qIw3uDKuMpbY<+=db&I zWPt(3KHHfV!^>O=ZYIDXzvryLc9Ht~EWzp#5VM^7N$D3>6PR9Z4N4xWwP%cnzf~V_ z)Fy$dEBYJ2KMDhOJO2{>{ShP%#|X*7A5wDs=?p{CP;|mmnM&?Lg3S%83H(SVJJcLB>yWDwnCIaRrQ+MHoKUd(5w*C8G_50p`QZ|OrISi z2I7*Udbbj8__O4ShM7LY!l0c~l9#};o==`SeL#-xVLhhW z$G2C8D$56w`!UC?8mPrqbV2oyR$+z^{|AVyh)G6xnorp@g_0R}!%BfYG|#q2n7#)6 z3hNx!PH6v7g(h$m2p$SX0sJUd9n{ZC%vcV_G6t-fbf$;(4q=mYXnlRuw667(Kdf|b zm2DB=Pmt8^wuR!%XeoqV-Pp12Sa1S6&`t1}JG%otdLeCyg8(EkCUN5)v)Yt&&Q)i? z_3>C9x1n;Ib&5f0{0c@*Ju;zw#>E3eYy7+FRGh)4oxBV1S4|>$TafF=P@v=xO4!nq zkk#I+V_AxgWfLJN6kDb;0F#&)&X=I1iPiSj3lt7axjKIA6~xU`Qz9dSDo|sB(hDf7 zym$kdgm3tJARp9UvyfI0#EB4yVK&(M>|t_D{;T6Z05MpJ3u;A5+S>_)N@*LJ7Q-<9 z*G^uxm-S!~`JlZ04I2p6jAlq+>_#NhCdLAB(jsx7X1bqQ><=g#H|~fHq+bGgr?Bmd zt^gQ7c(`O+O2~u1s)1ic=wN2l5ckdqO#?ly#*9;32jM`-xd5uo;TNK*t0OODn+e1n~YYypIIuG|Q-G1lFtLYll-pTh?nUCy!mV3?dnR=PUXWgrgI2Y#2!K57y(gGwnI3pNC)3kQj6OEWM)v z2#c^cOyc6-Yr|WuMYbO3+_bCK#Xq~$AZNlEVz=k>tFKvxP^f3oacPi3 z5hN$~P7w6r_d#|NT?t`>h=`UA7Zjk%(6D$@RY2Lt!V?nE(4UB}j8%qR@=LPj)F{0P zPBkKP!E->SD3HV!{aEK1h=Q4*gIy|8y$~fn>7SAfKi^6fk$!Zt19}1+7(_n`qlt`y zOQ9any;r%v(v!*!BQhlwrRLJKm{ST*QG7M&&+t!0%E%wtLt(!^qZ}2p7tkNmLb%C4 zn;w+Z-?#sFyQ!GnVHqqa06-GNKU@BPsRaKoZ1n%H0*9i?+GC5ln7MW9*?%Q+*p`0~ z>VW)Bi$I3!&PP&Atw4zi45_%5T5h{Jn z7WxG$418U2ODZL>x!z>A-+5i#sZhZI>fN27)+Y)0mW%tA@z@C_{{#de&kiFgq$`PN zOlXJM5wj2}wLW2CrV&ZA2GrYA(}=NIow+yCh{E~ThQ^&8Jz@6;$#9%+EM-7S#kEp# zx?1${hUbpMCobKy#JmGK=z3-N0MAukhrDaTIv%n%GC3aR6{YqORL@gpTb)Cje0tdY z%s%-dvp11+UjULmVnL*WZ7!SOgh)*<<7rRj_wA<4y}J@$r}HDR)va>7XTIkrMlR&C zoSu1KvYr*9I6{C-_#&1=*$<-zHz`ny*GUJx!qVbUs;g)^OR%)58!nyb2EsDfOjE=F zaPHZlaPkrqUL+>1VdlQ7QFCP$5Mih!TcDKEJU-IeAvo)f%@eS&1^twzXs~$g+Y|)Htpr#6NRGA2U@A>qiA!^~6MIs%{@xuKE zx~FLyok+)v`;pGpo`0*a)093UHK87#PMBsA4+r?zv)V;`vvE+fDTjMF%v}GamG$s) zjyR6kZVHFq_;X&Di73k@KIpQFm*=;kG#X>FQ(rIPkW9qH6&drLD!yFum}kXcA7H5- zYp)Qc{HaU*cXb$2zf)6yu<6iqK2nP310GpqFKLebnU zpXw@26|`G$mU3N-vx#qDq$M1<46xUd66+u^fx7~Ks9OwyT}7Ye;oUNX!G@OHy!&s` zNSK97fbLz`ZfK3o(>FN9K=L(*j8EKC2D{mH_NCy`ZDiFSYD~QhEs=UTpb9Q140D-V zmYuP%tLhQxoQcw$jyTnUj~9a1*K9`IdD#ctO{Ued=2|0SrfDtejQ~T=otPQZn9^jC z^NSKqXN`Q{x06ZkB3Disf(4sqR|*y$Ur|cL5-4B%A!S0BcV`WCQ~!LV+T@{a0kP?d z76Z(ekR>w&cVt^TGC>+fDBis1WWlliDHUNpfex2^MRaqC^Nqnc2}hZyfvHiOxpN4> z@|Bj5FI$0=CeRo48R zhJVPMcvFiW&x5ip{i7levc$SE!t6(-G$c}cv{>IWuMcqeqhgbBe0j z0+nFyCzoBrZ}jC)e=c+Kx2d+OnWA+bs?1(JY;@-56i9ZCab3`y*dt3#?2P~{2_2LT zp6-yA!19yk+TZHn*bS_|1XEgzlaj78U)bRrl8OCO>R82tmtX}MKK2aUjU=aegt{V7 z#iYMXmey3-17nW6W9`}Fk98Qibk89jf83*ZLR(Lr3rviW!HgT4Cw}XXn|wVRaMb5( zuUG+0%^I0#4}s^3$zj9@d_x4CaE*I}a{uqys}uJC>GE&xj>7{0aQv6E_diynT$~Jz ztxcW&8xYP_UE3LX9Q7tQOALK-!~@W~-J(?piL}4Y#1lfaB@GnaaUZpck%l5G6Ss2n zWz9L!TWd`%Hi>FVxk5?h0s6@IF#d?vKVSbbr8gn{C_6XN7L#zf`BiOmp?kZ<^|lH3 zY`PAm-B!KVIQ01MLd}^sca>PPTP%_uvhdq=h_Yh0?y7N#16QWytjOucY2o^djZ2R& zU#9h}XkHWl{Gpu(VaHm}-`mOk5{n*Q_{X(D(4TWeTm6%f7gROF<<_Hwmf8z_R<;s< zU2hSM9NAt{n@o1N=@;`U53x+<-+qfM71_^AOQaW)*Py>y5bHta%W_E4J@kVH-)vvm zT8E0Sh6EnsWCs9vQ+}Tp=hV0T_-S}NFKT(MT9eh{8!~UWJvZ)dD{viM=Mzf*z;~|0{&+GZ<$It-o;m88c8(ehel z2#WM=I>zS+H8M7xq;dWOZ@qh|mf-v1`?1!1&C#U zzz}ZDlnRt;Z(gYmfx||=rc%jF8ovF53g-fPR>09aMa2DgnbdZ}*#zfFdLH`*dE`lXoHSxpEaDW*A2SQ`g zd;u-48N;K!LA@>(!uL?9BXphu(c~ahBeRo9pD$~0^+OFC1Cz1HySqth7msVW2wP5C zreDX`lD6*0jJ9_7@811_RWH>2F2%uU%r>OaO7Vg7UHz^`95Cja;oNCe{SLIy%3PXY z*ZQ65q1Q%LBqjsOX}%&^0wsfjs@?|t5i?|(RTS|GF$pMCN<&A_)&d44xeObirYUpJ z&ZbIZS<9@}esVcYB8k!;-1b_j(6Y>%Eu0U ztz}?eQQ=vPCrfPvbLlsqE-IJvn zxF1ZlHtOpvS@T+I#-{-xn)lQ?D;&+miW0BEib4HgBzTEW2?F*8eheNB)$1!VSk*sY z!2N`ZqY?WDbPYz-o0E*vhW_mdlS&{wsJ$XxnSZmx8kF$tBJ}YGJ%UOu`@tZKPkDvh zajx@$=brh$6LN+VZNqb;!gJ%y)yzK=E+AlH2(U%#LfRP_fgXp{9hIfK+j#qz8%~ek zkA0)1H8)nduJv=zEDbm6<=U-K@2u6WA$T#9h?53sN}m@9Gzni1^;#`0=~E_OxpPIn z>GyFZ5}cljo*^}Y8UXn+WXeyvo)B@IJL|g`1UC%YfvZZb4h#Qx2(2*6_f5rU^33 z(A~Pyq9KYE>a8{_x`@~+CTNL1D?+kD782C_Svy()@QW}p5TXF(_!Ho* zBJaD?;Z;Q_{!xpNo5)mM{C=BghQ$Tw{7c4BY=b+$8?Vbmy;SfmjjXc}R(*nU!H=iQ zE3e8!FQq|0^qF~j{qn_tkJvj5+B0Ne@1>s)C!Ug*{J&dJp>pUfLrLtt}&%BJx-tgF)*BF-{)$)i~55TN&@ z_m~mLayGbQ`fcJ;tamj|AcMYdFSu$PI0o+njVue-!BLq*3_Z+(8aMN91TY!kP)}(b zj4G&7-%nLt6C)3q6r7HJq^%-TF#XjA+c#^d+dX^1p%*567{%uwg+9u;J_0sd`r$%h zCN3ctq|yHBB-cB@u$U*T%&ep36N`1GHeF{C%SN%IDif`SwwL+C|9_eh?Il$s)5rk; zw3PpUZ#kC#>_&z*Hvf%VPOOjjKdVtDzW%h?>(f(=SkY^A+Ow5sDXH~0m*#?2ZN2HF zaW$Ub(}uKT2M2SuVe&PR_Cix9JM?7w6)D0>JO2$@8woqmzv`e9B#?1ZK|F~B=?2E6 zt8c`;8z7=~9y-W6cZnc^K3bzIt@oZ<2{!Lib9O9O*Ln?A8a3be-PdJxUvr->n*LsV zHM!mIL+_*~@r5vdEFZl`hAjhf-~B zEN%+@7q=ESRyRezsm<+;#WmsgsMglz+WPp1!=0a%z!AU+_3q$m;aFkGosci(l)O8* z)?7QBg0EutCf6#*?1#-ROgp>vEplwLZM(NT+FffLYg~IA zdt3_~3!axp)U|6_^elC4bZm63bP7AXyC$otW2sYiFLiCFSx+c>XT6)BwGLS)ZeMGf z_3XRk-hp?pt1n~!g-&+8ln=xUjtkySulN}EJgXg6uf&eTuB>9|TW{NJ*=$>FS#8^G zm8yjsh~2W>DC|7#*mW;@gg?l8-nQ&mcZt6b>J>ddkE~MuHof{?29JQJ@E`aVnX=M& z6gK#+*5gmcg1V*Peu`MJ=%=nZx*Z@#<~XbgH}5kXr>RtaL!4KVjUvAYVR+<>)o-bB z@6G$jMviV)N~5_ChZ<=K0eLZf2Ho^3ubTVGAJ({@wV6LG}LYP`o6fXT**SW?{R!C zWp%&)SbmST*Nb(h+bkHyne9iff3Fy<7F~5d*nVw?7R|a{lBx^Zr;43$!fP``894^+ zY~Qfdo;r36Z8zL(T>UH51zbZk`CN_QZ7s~|4TzJiz zqZ4f~ZK#_FBh=g=Z6tK!(4MeF zrJk>TL+3&?FM6!DY1t87GdS#ZX}=)Ea-2OzH&6zUH%ZaLE8(@!fig}#VcbstdgPiq z9&hT$u%HIzJDgXF)P_DI@-fPkg7yiu#I_>M`}ehHLH!d;H{E-~_)ocau^-{W%BUCB zmimX6e4tK28S`}_l#TA0-*qXnYn%PX2?Fx!W33S#*j7v$F0#c3UKIs()*ZbrZF0$^ zO4);5`3(*2bjOd;9PMhN3dQVwb)Y2`rExw)M6As;wE*nfm|GPHg>bf;4F@0eZRb3b zdI7CJTvD4CBS_&S22butpkDCLBXArm(JoLz1N5Yf{!B1M4Z&^qAHI4F`4aio2KNY9 zBD*8dL~AcY8=AEOVbjBNUB)jYU8A&KkfKkSgVnvu=;*RSwNI5z+gUfCBdqZ0q^S&F zwx--(|KEO~9d1w<;3tS9_b6`s1M=g1FK=2p%`wC^-WQA;Q7uZ9r3M=cRZVsBW6AbH z3a0PxlwLshEbMs!PEp`|IudcKF&Q8bg5Veb9Mp`TNSKe_F_?sRP&Fgdx0Q8_%0BnR z*hVTJY`I9;x^em9aHk@ecUzmN2jhg@nNmvqz%RI#mZn$0UHAuDK+nl*c$rqUC2IvQ7 zo3w{cLVfcxieB)Cvh~K4-N~7{T7gdAE6x`lpIdYKI`sWdfF;k!Z=hw)v6+VSf-3~> z(V4;4ak{$Nfmh`#*%zozh$5b;lXX%zOegt9>MN=(?tzoF$~)hb?qNOS)x8v~Dvx4l^=3Sp^L^c3}T7JKD|HJ2D5E zXcWw6GkTDmF%Y7II84x!LS)wTNK(#-H}4jFK{D(>%g?E%ZU%;|K>YPP0%VoQO%cA* zoh0#SL{2k{PMTf4yZbL3L}zCnaiv2~OHdEd3qZwcto#VuOQyH@fa)zDMb7}zu z6+01bJR|%?0?hl!U(kzwb5n8&8Qcl?d1NsP1>E5LJj`v>t%Nzpd z{keeW1!Kjzd4(V0l)he&i^M7X8`MHj3Gic*S@=q@QcUZu4h`-?4KT2Le_xIzw9*x~ zej6SN+@vG2GliI#=)zwLfund2Ud*McmgGl4JMyK7JaI2mXF>&p1S@^_>5XnJIL;b~ zTracE+wB5%oQNkY@*aT#?Ds>xRy=ClaOR{WoE15^2$5A`j&M84U;%A48PH``IyTEjtPA0QQ!)Rmmu(c$wB=b58r43M5cy&w zvp0UgBfB*oV0cGB7Qx>dHjh6($=vNX;wH`mgvF#ZtRjG%CLWi&Np<~T7LdPAaTQH3 zOJTC0(yf^=6%BTRy|I#?$Rt#+D=n>5fWDC*0PlsxmAb24+kRz^aEwr18hRnEe@cfC zsh02|OS=Cg1fsMQ-B%aT7*C9PN4+lSQub23nEbKpc%8_{nP4eZz((OG?E$!6k{G>A zHQIoyf%)0~8?vkDX?j&K&>QIqU}^fLSId+3Atk@R8@i$;FR3*S(Q(ol7Rh6X2iv)L z%GP@nS_4Ofb(=PgEIF)Yo4tZC#(H3MoI7%KnZc2PQ_LzjAzp}V?Td_@jhSyQAP$gH z)XavU6iL9*&~Hw4>Y)!O8Vzf$(?nxoq1hYEY@MXCaLh!5LsO#@3Q9YwxI) z)mvjCa*z!}I&LlO9snW-zyO3Q8w`z;+206G=p0f6A88@e!(Le`k?>h{2N&>2M!vOm z@SJYAkK4_=bz)w%ov`LNgaAT0*VZ@1-!F0b`yZYSYM|f%JI`p5YFyDT=DMIe?8Fvi zI7<|ka{Q+EP<|=as4%SKsfa%)-&!mm*=my9XE*$>h;&B$+7I!39}znpySMshRLo>+ zh**GkK&Y!v8lC3BODlr`MIzs5aFyYbd15_CZGN-`Pe5!i?|IXI_Ybddson#>y?tUS zvqh%~9#-;G( ztOFU#YODz)p-6HVhPAi=h>sJcY*}cuRXL-hF2R7}Q8kn_3y+tsx&;8$zw3hQ5bMi2 zA=2K&OuqFa=Zllu*7Ok4fP)bZ!;R- zVz{qK?U=#6{{%O?LL>q$O?^xhss1(b-l|{U06;#)^R{KIwxvxD2f^Mt!8HIxdmAN2 zZo=)?P|_l!tj5HUTO7f58E=^R3)fY8z1_MhgzRc(f&}Pg%?#wl?CywY@b9~M;&e60 z!wXy?nCaH<^~A#w7$_ypYXI{C!W($K@$PBf&){AKfWQ9B6oR-~v}q?yfP$gHxx3a0 z7l!Xbb-?JxaAnd$Hsh%$9fFu&2SgKwW+9yNO;+H;#HwP>Fl<6H=rW@YKz9mNVjyl! z^*`ac8~PM^i?kQlXkPvwl$}$1Ccv^rW81cEb7I@JlP|Vy+qP{xlZowQV%s^hFZbO( zKcO$G>*?yZ)@oR^Myi!9GfmEs|t|=3LMD4S1DFZ>pq6kCpb4w-k8dG15C|WvZ^8vOWbz_(aBWR1aSPO zpA&qzwQgro({+m=R-%NN(cU|ahy=%-oG=M7z zd$>BB#Ztsf4RWy5O;GAnS;%ez{SXf)Nm(ccebau&*!%R40G@3-bj1`_v02Bh>!f z2}2fYNI3^$2U2aGDk5;nQYSicXD0xXpTN}vutrjHYNAw^fcfPFu(?~cp5$n&OH`s` z!sblC%N!fp6iQ22t<_kQ&Gs7k6Lbzqiy@jCg;mxYR};LIE9cGn!2Suu!}uiR!lyP{De2pb2M_3`|-CL$|n!Rs?~vdu)@`x=JaO+x0OXHc88onEZHw8usOgDt7+#df!q;`bm;xRFniCzipq# z!@KxnivNv@Y-ongql$d2EJ;fj6^Cm}7gfbkE|}OE27{VL1r(1_GlTqn@e8|nhh;?1-`f|<3zKkA2y zSx$Hnj4||Rm@ae!=pNHM3LuSeR+BpO$z_3A*`pE8fUBeer30vJ8 z;xPCFFkH!qg%XZzv^HghD3wvbMZE|o#=tADIkqQ)vG=t!212Z?q@!yf))=Ir{>i%S zRXKGoJ+sCD>jKWl+$7Ew$*vG+C|j7$zeI9?IUKX6%Wi=({le+FZ_R-#Ff(pHI4md} zW3TAJZv}3+I`g1R`dm>z@M`8!dgo)#wwyl)d*-^1FfQp7K`eVB+%2o&IbraaLUyE% zLDRDA;Ufn5?$~Cj9kTYpde4V=)FAY0@r5O40P)S=KtKhFaM6~h zy&t9ULH}|p-`Zx)sx8cxbMp!lv6tp1t%+@AFhVw2!P?*l|-#&nAIaY`1$l&Wzd*(~dV(4Z?$ol!9B(2MaPumlo(`b~L=*DBzX{NNkds}EbSh5a4S~4X zDJt@!oHAOM_H}hTf!L9i24xY_r8KE4&B<3%b!jIyE+uqRiq~vUAaDX#7sGqBqSTYnlZ=C^JOeq1^4t!gmn8+Og2EY?g3sA{80?Zh9km=My=#{F zqVI=Lx%E3uuQv#`M&Rm8K|$0hb|Gf7%5ncwx|qp+!%*}~8JiOvic1^+w#0YbRO@I- zlo)s&rb`Jgch?Q#Vn|O>+fDDvA-X731)$;>V7p z;&^6Vz?YD56qDY^PJT%^Eu=LQ3!MZVjv%B6R@Px;azbAKtBz+U^6#aj&?KI#nSJnw z@^#JC;8dXUbVEUf#4ooaXpl!u832Gc&KnlBglW4v&-xnHf#cf?T+z|z3PveU>67Rx zLhhGXp!(DP#X5-VfI3GSX11JKTqpR$u|7Gp&2-n@7>WL>evT?k$*%q>PcfEK#V1vu zsl=Y~>xwdK$Jcyh$zgeM#r{MUu|SXHNbm?Prc-j;GLd4+EV7iL3#31Y`aG}%&9fv! zKbgSeqihl88oE7Y?E+=CSoJ07_0RkST-OW<*e@t?s8z&dY$KAc*&3DiQZ+d`S=k0|)>3Gq2rFQd_`mH&<+iTPukD1G^00{;DH3MI<7HBVxFl zJJVGjUL%-}OB1vj?itJ{u2nO|7<>SF6Wj+;rdL#{TX`aU0bWD%8o8guJ)tGaSbt60 zTMym-t~Z%O#ZtgRKe2Qpc_*KAyxG7B%a6Y5HE{Hu!~909@9S5^z2dD`{SAS zv`;J}XGIJE9TGjSM-k?3HmfSSuelByXdGr^gf9&GP9a=m_=wiVhXYeoBL{sZw2+@APR7Z9Wq53Za#h_Dv=;bX)QX@h@Rlv2VSRMpj z)v!eJ6D3tSoD=i80vg<$(v$&>f=e$*m7Yd-xCGPhFbUhM-fZa%ayrt=Qoo)o7D33S zw4R1A+$i7sMExFr_{keYpNLa%{LcAQx2D!TKFKaveAtrAfycic@i2hS-toDhTvH~$RJxzkXJ{>#}Ik5c+VYS~HL3nfwsPAPG=ZAHnffh>hdi3MQ06!Wbw~1lj#$E!F zW*mIkCGYbMHb9*28&A*LcDggLMp^Kv&mz=Mc-5Rcyrckm=)-kOR?OSVUAPR?>VX8b z2&pV{`k33_`v?hcRZ*jdbPZb^?=y?IrVyX)Gc(GAGeHV!*k|E5)-92mEH*Yj7^smY zq&~zCpYGuG2*-vz-VaJg4Zd8bX%M&lDuM)YUEa1S8vf43g-RF72zkCD|EfQT1&`Jk zcupFJf#$3_ne5BVR6Oc6@cyM$VASv#7HwR$;FXe}##jU_VvOr zHTrbQ#lsbk05~j1WRJw?*c_uRw2K%>>Wr85$N&oJS4MEJ796~Y0u;<&Tn&eeKY|~| zE7*J$XCW=s$@X9Hz%Co++5kMlWjXwnJUlo1=EHR#b4yYOBx@EAmw%LR=+VW+Z5ql4 zt{rz2e`$o{g56MkVr)8V@jqHk**3?KF>}Z?u%oU2 zT2DV^sWsIA*cFlflw}P)89Jeu4wRk=Y4jj_j(jvdu>OE+A<=3+Y^gfZqG?WMEo$;r@hQ`j1k>S3$v4fBu7n!t2`qR!lF?^a zS^e>~)O!=QKduWDhJfJx7oOG{GWziVLv$E4zr!qlMoqDDduwj8XI#2P<8g)R$x^{{++)up`&pT&Wy`-Yhx^3$?I3|fJ5Xi9;QVmHk<-VPZLo+p_mz1U_ zk!RAk@(Rad!QJPx3w1d%05$!Gm?FJ7^>aMqQ$@ELlw&ls{GESY{|_E8sXJ_vk;Sy5 zveb)Vl-X!PxtgxA2)5OUgKc-~J8uRRO4xp5_x#*QZE!dVAI1_4^*{$3*H^*ls2Q)Q z)l~ceS1cU;&j~$MYK-Gn`HWk*uu1$cH=VfWlS|URM7fWOa+85SIZ4+oF@8?(2s$4k z$|kxAJph?2Df`w5gQ$T|@xPnNgw;Ziy!%}fOA|<8q${F=QYfmpn5ZC%^5m-o912RF~V?!K2l*-lx z|CHyP&_DI06wiXc?z@tNsHCV>T5{9CzAku<=depZOT4{CQhsFP)><61=P&fBEs}07 z$s5Nqc@>D~lF}*KxPg|bq>xySUZA!WHDl!-$3cEEv%Ub0?lOUl41tpHDMF`A%Gs=B z;~I}3+Bs(0i2RY_kWHZW?qp%#o3D_- z^T16a{K4yWVHDk%wd!cjaeJPnSn+ty$+1-d%lr%mh9CJmh}C|NcNq7#pc^p-?IAAJ zzs%pGV}0%b*OOud3DtOL8~F++d0Gj%CM1D~4-Y*gohwJm35YhMsmf5de_&8iS$BEZ zom8m%K$^%eah!-<-J_L+dYcPoN+)`DU23Tl1a5U&TO2 zb?OFrsV{yqE{fxBOomMX9&sMKuoPGlK`6Zq$%e#5gW2?wKKG-5I0ZBun~44Xg#5EO zdZ4izz)g*3iZh(zwSa<8Aak(fwSz%lD>Iq>U}0_aWyqdZfXq`}B)H#8aLJ!dA0d&f&xMo9Z@oY zH=1>Xm|IMjT@KVgL3m8hc9&oKvQNym7A=<2Ds+j44z#e1>vHOY8ei>cR7`Iq(_J0lGw0|R! zy!h|;9`sVI&p*a^zJRcs>AfwMKJ$#}$I%{!Hh_NY6Dgph6;m;bVja##(E8JCxMY;2f~El$gL9 z;GRf`2d20gWNLvoKq&d+^J4V4sfa$%k! zOLDo0fRH*8Dq@0^(BF@3VgP^|tnJ9?HvnDDUu1@L{T+tuQrOjY-L%W$0OG+iLMB%N zbZTzBT@yQvW>r=%&Gh3lJCV1OON6ukbfy?T`ZI(17{|u7T@BQ5g$95H)`amwwgxGN zq<$JB`{_XaqFkxCeztYPH@X7dTSGHSUw%^~-VA_-J!T8vh7*QwS)Y?NbCF!K9aTac= zqgmP*|9- zd$Y^V`)N;^skTi4Y}%M|9hI4j$n?lfVL#?idm_&OY-FVHqdjDCF|qd&!f>M{g&Q(( z^w95!IDdpqndoVrPPb5Kk$llJ5E?Fg)h}tkVRW$pPxLT3RFPT6pr{2YVS}jOcuUkG zxw~;=cML*QHM|t(zpDN@&1tIY6oAk#);98kIM6L0f-RkVadF4}yrf^dYrJHl%GBFl z*vtoB*lveLNZ|uC?s)SLS&g=MslY#s%rL`*U*NGOuk-FS`$&8nzWX*9pQgWdZhzB%5R6JLY`_vmaN!Cv!QIE9J%%LZ8YcHmiJ901_!$ZC+%s&@ zTWxoPUL3f!yRhZ(_ZTzI+jh02R92`dpKtJ{tiJ%dnRZ0vFSF|8kU5EGhh zV1YtsvM{FY>2~A)hHAEPAN+9ZhqUmzg}UWRu>wG4+6;omH0P`iO)Q(^)AwfM^9BUr zw&_(Kb%*WxZ*|*)PIgtw5%Ltot{0hvG2F<{{3lvOme>Id^Cb0|+|!w_kEKS9qBY+y zOv1q#GbcGxU;fP8M23efd$5cvisiTdGS-k3;c(f2d90Z_E~EM`I`eC-~4MuLg}C5RLO17 znU61xJv4NCs>T6n(~)t5sa$VUxefS09Pu)6UKr&X(^TNV|IVjWlVlkzsu~WLYlA|m zE7q2QHfHh~3_jNzF%~R;dIG-?^babiyXI4C6`iNSWYQ zSqXt(n^AI09^8Z06;sd_wJ$sOOXZd?14LWFv#9#?t1dyBN(GSI5$;~ql5UN}Hk(eM zDxOC#8@5XKmyD68k*4zK%Z_?;0$6LKct9Y*`ku7c;G7z5#I2L+AH4UhkT8~f$JtixI#p;znszzd=}!US_T0nO zoM|a##v&qGS?b<$Od^F8kYTW2yW^?>|g^t(6zVz8ILf& z9o5RzgFjNrioncDjlDdm%f~59liKgtNd6I}6<>i^xASz|6 zpQap8+_;l)$G3^CQUZDKvErdCdObFW3RflaAG^3XT;qpMEe^l?6Qv-wATV{fU0h1D z+{nEuQo+ZU9l@}EdL4b5vmra@Z^E*4)RX0eDvL@4I6uFCG0H8>{@!EU1btQMC2@0~ zlCnC;|Mh^33tAaeQno*1_)YeeHJD!F8nB zM%RGH!<4G7+gO7*NP|Rabce(Uo0T?7>eCs|^v0U;2`=l0zKMf{cW`SdSA+US(;q(R zV0iB<`^`gv6+&C2FmJ~W=zs7Jo9v&$xCqB4UO2|R8cn?T7Bo}F&mBA3JNm&-792g2 zkyTu{KXht>>nz2t`Qs|}xg`}L!6)pNLhiY^`$OGtbIAlV7SgDYIL+h3_L_3n%@@~s zFK@E2W@5-=pA(W~tn2_M0B+LXIGr)3EW+A`i~84M>Z9Pew9w)+LtI&Bq|@M1^whGs z_%h)VG$qj57q7TNXTqgVYk936Nr89IHb61@?G$n{-$6R!dD06M$C9yPM{_H zHpM5GIu}>f&;Yv#v-MruzVvA`nL}CLqYFy-7aTQ(thrRQky8{^w53=PP-vmwNWDuA zwq(L30{%>8xrFyymQOvM6RWeA5(936*=W1*VyDJc|&6T zBC~vX!D$Er~)cCEQ@@QDjCv^l{vS2BR#=V9Mf5$%=CpPZZ z@?TQxx;Aa~*xnz+|IPvaItJxnB?baQ6$Jv~`Jc8OTgiKz$;K7a3g4v7fukhG>}nZkvbbt)Do0Sv3r-hyPHLqg~N+sV=)1(*#JpJ z2+54}Xw68Y1!_0ii2P_$YRaMN6rBc*V`q+P4wruyjasGjH&v?tYL1#Us?{Jnoh2Vb7J;sQPBCe=mZRzY~ z>|vXo16TQeYrRr~+PZm%y1Zh8-nvDHzPxaQR--ZFBE30g=^C^+tZ3e7p2> z@~%}K$c?{VoxTlz4g4DU#TIWXh0i{|d3CWX`_I383w=xcN_sU7Yzb@sp#YZCH^$G$ zH^wij$`(e|Yklkd5TtE_Ew(IPG{3klR;ag? z&hr5XTxPFdB_C2J1+4B8oxjiXoe;PmZZ8*SjVyru1P}2XG4@}Y1{|T@uH(7K_rJNe{SmJJd6)*ipu76_ZmXrA<_Y(GRJD8t^x;3%IbCYayAPuQ;Ca8@ z+E(cIA^bGhwtxumynfqw30t;nyRAL;Vus#|rH;Q_FE;aZHwN}^51^~D&-Q;WOqJI6 z`LPSEHQ?gbwNiYxk=sN?Cr}1}JVI2lXXhPy6)xYeR)?;2*gABkXVY`4Um4Oe@ct%h zNs0E-tdJ6pCL&{p4hHCtK+z%68SJ6vznIo;pV==(ljt&KMDx;sd(rLC{6>1nxlo>O^( zC4hS;i84X&s@AjS7+Uk7b^+g>rmY}e(GMgTAJgEaVn5CFT82N|YPBy99cI)IYA@>C z7;T4lHO)Pp)b5P1DFv6R5G?>LLTl++9D#f zLf|dB9PE<5_HY^(*Vee|)NW6?VS;t7xa7h_ zH67GX{!>T`mkMX*PMz0j1^VyWz7kZVc)Rs(Ug`*ou<`x}l?RTl<*?(@I~9w|mCk9u zR560ic?rW<@Ivnqw`{V!q%Nf8rTx42@3T2`ZL3{<=P`tlgSnQv!NukE5U$-n0jsmN< zb0Bpz%|gWJlB->p8`=Y_ikso+lOeYg-STyqz|l8iwr6~NIYs1S>tW74t~8EHiH4=AY9w{?T!DdCh; z!7%7_iT7}8dKo+IDeT8g;k(TC%>vO_vaMYU86y^-AAA_TaZx+!@1G2o1|xmb4Ac$; zH`N8sKD3Ne$b=1&msA?5AGY8t={NyJ)oq8Wt(wiFUPuqMxtg%LtI_P5 z(^nsK$2J6!ayg})K*YB0de)gS5mm!j@a9cB$TEG^dIeATdI@d z$ZnJsPIp!{53CuASNT&}6O>P%bZv#n6>#cP(GSTeGn6t&W~e>sl1xX5EQs z7-w;QrX`OP51*$GS7H*unXH#0b7tDO1`b{HRRvWWxN^n{}^#x7gM?VOzTbPtz)DGpt?yU5Aks zPzxj9_boQ|M$muFfF^{1B9n({V_$bMx6}_^0j9T6{C#Fk4z>s+WD*VMRkIYQsZM^@ z1D33r&X2@ZOjvbm|5t*L-{W>q1m0V?(tzEh6?qFRcyA+)b_A|!e5(sr+m5pZpSNYc zp(D@(F7?DwHgA9qf`%vxePF;D1Wi8&mZ#QS^LKP|MsTDi`Zq#qWanWb#~4nOUe%%E z;mNo~l&#t=OVt(#&HfCZ`yz4ss5Bf+p3xN{75t~TKpr35$Id^b1axAy3H>tWhTf5L!WUn6V*T)v z80xml;V^VIOHe|ubMj@4+mBg>cC`BKz2`7F1UOK?Lr*~bp==v@wV{@!&ef}+n0}|G zuh5)aI=_D6S;L?!5QYfo7Wyp@>CB-k2B{J9u+sUpEjV3e7vK_P(0GWK2E!My&XLv> zL3k9~cXodSprpT1D!M>{B;Fr8`vyz_7iBxb+J4&7!N2pN z6{D8>OPH?ZP)S^F91*0Y&g3p4)*Cj-9kc`lz89fUiNCpt{)gy9g2tH)>v~Pv(0A)D!<}o*RZ{HFk7%9;&jlhI?g~nA^Qeb{b78A zBq^=(gB=&KpbbNW0WMpq&zvc8kWXIX^a&7IJi{3vj8OvFJ?$=c}H6ex_ zphr;OA5V~pSuljCRiZPKuOweU=?mI9?kiy+xZ8A6P)5k=PKG_urqj)fyv@<#eSL?-VA zQ8Yy_43w2kP5Sb{Z}x-9C|PtwBR#Pw3ubi0pl=|4Xb$ewkFKsDg~iIPKzW;?mtkn7 zZG80QKKr8ud%8*c8Q`O)Zb_DPJJ%vmRmYV)XTnbzMK8R6Ravj`@@KL4M^IykE13v=uY&KJaJ%INy+N)~1wFB-!f~Ir?KD`Z#&XdqxvueXLl$A%q95~V* z**U=Of$OR!8YP-7$K>{+9zQnSaJP)g+a3WXEmyjC9+`cDjb;JLM3J*@`1J06N!KzH4>%ytTNTi@e@!5-gz)( ztJBl?5bvMkBt^Yuc(N$UEcxr-^d-=0BreVdy454;&Z>mGGs)@M6Xya**?|lmyhGUV z_y6EElw>pgF}ze|V=z#iOOJTP2{Uuy1=@$J6^keY0lPgx`ULISShoZ@oSonXaxXVS z9UKypvZha{1^vQe=NzmkT>tm~U_R!k!;k<*^e}Q=2wdV7OYg1ML}jXzM@W(jSsaK* z5G#A?o~C0ctSthPkMd9gFdH5N&f#&E#z;*KO#$z4HpBMDV_O|e-c8l}rN0KJ0KR0f z8a!{jxiCzSC4A(aFo;c<=^`gC-WKQrK;QZegOY{d!fzD)Ort8{TKh)7_Z`^cb>OMk zOHjkADN$$^n0#BPB@%Ddc~<+TVs*HTCeDFEBxMJWB=$|PE6x}jSxp2tu0j(3@8<2W1giXLECQG>98$@*iDQewcj@pwTtRwqUG4r z4pOp@9ik2qSSdk@`wAKS=85{7%!MsRR76t*e*gpG0MXf+9jQrq^z)Fi*H$x9BzO=VFK*;5O+2+P`{6s ztMy9XQKsUApg7?+MjecR7Za}we`PrAN|C#{b74TlE3KSS=R^PprSH`OWQ8bfArM+`c)p61sXq>`isQoss4*B!oLgSIzi519h8HtgnI%f;C^ z73HDYt}Q!JeK5{bpVX*Vw$#HD7xwq|8P!i0x_4_^ig9Us2FFOC(_EjU$Jz52A;z2p zIO`(q_5QxwSr3l4nof+GoSD|^rzX=>a+W|=_z#-WuExXJLH{8W?fQb*ZJNeln`8;Ds5Q+D zfeylz;3Qiw$)m+7N=ZMnPEoiEJce7Xb&6?;lA;6%$<|mx+{N;jHPdH7bflPh(`yg zIk~9=ZNSLkgKA}EYYMx}kl+GU~>cy#seva;oVxq$-M6xEb%vm0&{Rz3q=?RNm zwHjJx&%1Q|{H2T-roZoHI6>vAIiTCl4Pidd_Oc^I>1*2t;6}wET}6gQwE@As+scK5 zvR=>egKiQ&Hf)d8Q7RC^#=fI{mg_$Qq66yRmCOAiGa+vQkD$O(XX80@ti#?*16?zk zp_?m5_D4)^XYx#Hir|>#3^N&!!<~JBs{*}Fn$H7w$pYa^PR=bpW75Q#o1|xsMem$6 z;&DYSzK-X!mHsO#KSs3dLel7!fo3+ql<;8w#&e_M<2dj#*UK__U9kWmrO@*-Bi6qy zjvPN)Pg~uc^i_DOoItU@qHZ{{o8}ax1{Nn<{C7jYUF1MY_};`9)_cA{xuEn_}0M{4}@CW+Y~i7&y<2{LA({^8~z;_2x32NCo@!%iy_+U9;l zn71{?i3H)XTG#AhYX^aKK}X5Lj!%<+z#ra1?7&@+zvci^h-GZ17LZphu+PtQIHpwU z-ov@En&36)n@awH3I3@M>e0!kR)eJ-pp@;p9$^253~4S-gseY4H=V0|3MV=a{x zH6Yvdz8hXJzop3Ez-7OM+dMkFZ3vf<{i;KYePEvca-Bs>={Vpe0FZ615}A;LAJM-7Fe&N} z0DE(qg^z787&cS0jjEgWqpp5lvCL@r&E|!!Kh12?CC_<26)f>+nw1!d)5KRTbVLCI z?>Y9c_0ege-hGqVJ!af~!%ZXZ4g17+UpN$03U~ZT=$hh0_4{=lf;-DbOGoL%Z>;2j z_@K4YgItDqoEUJ!87DD2f;l;dE?=<|Z$YewXg5p+C-QQLgS}NiL-9FeH=0=-hISPiQxW11BZ>MAIICaWAnP`;4J za2gKon4}N_?oJiPPsYQHCCw<*Aarm|-Q*!SX;wv7!Fl+dC;~V#vI37(8I+vo$OpC) z8c3>zq(5`msx4^K?T&T?mPp;Q2B};@p{N&eaJ0uKmrb;_Pz`2Rxoq>acnWN=WeBi3DVMOZ+#RCf|DP;$oKz|dw7b2~tw41qROE~jXRax-_7GO;JC z<7p6f4-Vut(cBAciF0BzwyFj;s?Mk4k#tAEQ-rKoCSvK7@KjN}urIFZ0X3j^-jxiK zfWe!EtgWU-1306-H{T)dITym<1l8$Nbn^ktN z$%)}u#3*g1_>&Pc92WEi2t$k=b_CM(HSq57ktjMUtANGr)x!0_W|; zk!rYEzCH|>(Tn&!QpAz$2qXbP5+ev03w@%Qw^Gv+D+=6`L-X9tF-Ck~ZT?C-hr?;c z&(rpm>LQ5cz=Sv%Ds3PS^tJG#TZ#i8(PfgCZ$(6-lN5`6)CcDj*9qvW?cN@;g0TT^ zf$a#TKR9b;H2_PbxBU(%5xRyXT*qoaBkkR*1U@QJJ}caZ1aehz)eZJO9Rf097yaXn zN{|Y*-8)`;$t-$;%}>9x=-(9qs(%+t+X4vp?&q{Ov@8^V;j~u;{6Qo2vXPrlJN3k| z?ZkyEJRF1X#(h^$f{X&vCW=$F>HVYI(yOu$Wx(yq!lhPS^J;Z80?wuN&`mHOw;!0D zin#9N0QH(wnRCPML{6UP6f7I_3OS$_r+38xu+Yhiow5ea;lWl#oI-C2pA?iX2d zS(~DpC8Xlc(>u!wS6SDz1-n)TEMDdsk$-^q^Nf(gOJa3B?Tz_+^>1(1XAVm`Yil_? zyC$XQ>^}6C|E0IbosdXfygGgtj{va?&Nn}-D%1-+f7_Y-%KWm&V#Durgik5+gl)q2 z!XKt{BTXqa6M@uE)vLSlfzA(XM~PhM|!rVf}US5pmR7$7vdzhQo( zpqNK{`Vo=bF*%#e$uY97smZLkEw~oriCp!*FHhWF;@4XEqJ{2pDB5x6vkW7y{jCdg zdn@a{w9o3)_yE#7JyxcFVR3$K{M5yA7+ zy1fWgR!){tlq~d(U$AjP!|NuL%ogNE+k2?VJw#@PTf{hnM^s2HeCY=f-k&;D_{y0H z;qL%9tK7r^AHsCjItN*zl(cMN!pIk6ZRY6Bq@XNybyO`!} z&fF;sf|#r#^jrvZ+bFveN}=rNg-yJiGcjD^ek~m(sE=!dpm=wSU~{hnxwAAHo~Cws z0V`)hT6(86jN;2$-j4|t15${aQ>J5bR1BCkve!7xf< zBV@ojqar+b(Cp9Qb}^560RqD}r5SAgW20upZXRd&g)k+3zg7M{d z4L(Mu(6)qjqQ-3C(PK*wZTvQViu=pj^Ev-9Kjz;;NPipx_v3_#;z#>tgCKp+XiY)M zW2C2-J5h|JXOoZk30{luiiP|{{-Q_G`%fl&5s^xX;-Y4x{YWw)=$m+L*gw zm(&InDH9a}{AvEaubvnE65%*OM8aq`i#rZ~_ew#TT0Vl`2zhHN5DM3WmhYv7T2az# z-x&Sl!Mkt@JQ8Pld9{_WFmbWkb4`vVy(?oMvc&@g>B5ltPH80K3QMA>al(Jp9O3H} zVs-P!Y_P^@zd()9$HD%j53znVm4_<4Os_eyxc@yJAjn+0r8}CZ+~pci)>3YNaxL{o z+Rz`Xr`R$2>a?_1B<?n*>ofwyEZaJf*IXvq})D#f2D`Mm>Z z6l9L8m5Aa{LO@M@G@)_*bRGUBgT*di2rj=qFQpqmHT~}EL_Z|5R1akiDN5`g<;RYb zLwqdJZVF|+B8Nh)>ba`ITo`k!7vA4uW_`HB$*j`}8BucIHAg`}KCrKL!^nr|4M6^7 zUOIKK)pgsQJAF6f)t)KPr|zph2A3cZp)776@!K$gL_K($XocK078W3KJ>+G(XO49> zhNpORhUh{JR=4T_AxSco@yTQ=(HOYPnb?IG%=rUia8!uH3n!-Akd!OQ%y)>4$$3e{ zJ4S#hf!I1uG3s<`+0B2oU?Sq|W<1M2fYqLlY58bfLVLC#p>Avj5-0zJ+>W5W<=-yJ zr*Ps$&7+Wt%wq|ZU*TjlVRqKh3V9pQO(BKaN5sEW%nZ8(3CZ{-S_JsJjo% zeN#z(*noqEu)Dv8%%YTu|_pnYGP42!5pc^PJ1M$9UEX z-OHd-AI&ntPOw)sTN5*)4=gy|`eX_aI5u{rIV=tS>ChyFD;lhd9w^4=zg5V4uIXfP ztI-iz&UM@JPmcFXY~ZuoIr7T7H~JO-CySZY{}Jf>$!Qy4_txCoX{%~_6yblHyL?_l zhKRQGMJxNw>sFnhy&>cif_Qeywc)`OsXy$FLjD=x@@V5RmIDW{y^f%muZ}0w(l44hKDQhJ%?U)_f3a6N03RwoMe6rfXEn$V-{*gPvOAhIi(k zN+XU#bZ2Q|!mMBo?L4Xj4|T$aPce^637b`xt$@$do|8~yh}JG`WZ+2wq!q|tgBp%p zINda|xw$Im84vhaX~N+nH7xVQ9BQ*Oo)}^czE|6h0h&T4!xV2ZRluUl%EuQw&^hNf zXmAGdKjYl@iIKRrivK8Vbl;Rfk-~4ijN#(9#XKL$P(uY?amF?|hUBUHW4M2;b`c|) zO`~v09DvITM4u;(FJchkME(N{B>z;+trwY>n{R{BgEUFBxF+V67_hBwJ;F&4#f~N3 ztx}sIlHG~GU@^v85aWnL<_2PuLM+CSUh$8Omzl|RTg#ut&CJ__j1M*QpgpHvCR_40 z0X9g|eDV;Y3NA1S^VQ+UK+ZbI<%{`zIa_b`?IAy!g{s**xr4-RS?wLsQ2E#y;*5gi z%RInPKh351V5GiIBT{TkerO?-hyg%VpD_60iC)4{k!YEHrW7j-?a@?AzTxlt^+kUq zPJkoY5>R9pGuJwZ{si#F+ho+(CR&=@6EX%pF|f9nTUboNNgZmnPRK25GMRI;#sf+4 z*!dJ)ruUcn$T0s9{&!3x_8s<17aIsDkNJNA0{;g}X>Mg}_Wxit z{GG`L1x*X;_n*%1_5M~9dt)@4-UX_|1cZ{yDe;w-cvO{xTdUDp(ePgc>My+6r@-}D zNMrY9lPBM-D`U8mPN;oI`)*O7YA$~(=jH!4Ea1_^IXbarQpIP0*KkjDa}>agQFTvu zdvG>rDDP@-Y456UiGNUU==Umc3CRBl4ql#Lpb|U@95Hv%|1hP_t9dPK^4F*3 z-Lu*#czb`&9K5;KKEj3gef1f8kFQ=3d`e#HduwW{{zWT_JRp1L>P$@55D6#&vHk<^loxq$gat6xNoR$tYU5n>YshOVBPtA zwW)P2`OUYVZ`f&v>fc+bT25#J9XNH7)vX^^EJmWh*|D80hP~!ue9D#Wmc-aXoBWny ze3(xl3gd0VHs*rW>b#!BRV!DAg3>O#^kGRkp>%0FXhikMihB?Bh5_vrW5c98YRr$a5Vp2+5P%?1c2r6|fGNddMWB_+iLDbQLu|p=z z&^F$G19W0jH1*UlmermhH~3Ao-&BE_ADM;-Jp8bTi_!m3SnJ{aB9$l5&x@&wofI!+ zp08nVVB5{^P`JqD!sI!*+4X0VxuM9FhVPD~&mP&J$aK+^Y-~)@Ob5BN@6@-`%_}^c z>ye#N#2Xgzq!qHp57-JG(U7JQQYK9Ro4%OYfZ#~snD@rFRhoTn`CWG9xoje7%&v|{ zzLHSY7^fNyU*eS`Y&}A;5L0f5xl|dHd1N`((i|y;r%@eza-k+@N+AoUF%upMj0{zY z=R>4h)0rR_GlzIQBDK+=l9E#v5{3ybJ?rA8Od*j-#tr$Q7KwL)pJkm#;gD&4vbxdR zIAC0Uyi^XsUi`)_Z_F*h8{KdC4vI>i|hbjocs4RMq?TIF;p-GR<*GdOaPid0>O ziB8ntxgjeZsa+v_F(|Fkb86LI^h02*KDAwuqIqeDD)F`DcM(@_1w>|s5%;CI99=2| z4g2Gvooxl}Q$VdQx(5}`_Q@)y*DP8~=xM58IX26=C~u(o9*rL5%~P+k2!^pM-n?hw zN0bO`3;9|<4STiC3HE~Pug(Q(H(Wm6L~%wH?@*&|>TWjs`f6?h4Q_|Z66p`vWeL2{ zl?<23R55k(GY7b#-s`s0a387=Ctf0^(!|LAiJ0vCA;Ko9q*QdlQWdSY6GtZl6Ox;c zL-$0&TBZP{tC8d&_coL&sK2CGbJo{%PW;Y!qF5fr8RYie;O$P|{&>5-Q;3L7w@V%x z`9tTbAjSRXM`yvQqQnyB=ND)6UQ8BU-$(s2>0eLAeti)TWA)`l7Y-_c<#n8*q$1TQ zXOB2l#bE3GZYeufi*g9fMQwo`Td-vF&6IY(tYW)5gykaiU=~IV&cL9u$?Br^h4p@~ zc=>2?Hd$7D6uX0ReD030zi(e=6^$w^yDZ4SMIWD94N}5E7{sy}W@#F1+Ty%sa1bBq_xq$;#F6NQazLTvvMe}72|EC7lbu(AtQ6w_pQup_nd+6>5m2pZVnCtg^r8e3g&>nutjk0j=MhC{VW) zr?0QuJNm`3z!9|HbHu-#)hEA*qXO(5_7kx*l?m2N9cPcG))){c>rAL7VcDd zH_J11>UF2!MRcw21$Q%R_M(#>sP?> zZK7vT++sD+9Xt5GKj*H_xBuh^r{zYO1HBkMzTD zH$$iLyW?{CmcbgL=tYBSygzJ9H#655T(Wk1!!@f(Z{UE2&eN$JXMcF*Hl;0-NWhRf zgk^Oew5ehxFgccPydCzMh1zr@H}hcv`Q;eK8PUX4zQ^NYd1`}IUEkGqJEP6l$#T8T z=LsGf@6Q7 zc2-!`0-A;~cjMl~oRm9v@M1nb2kznao1Tyo*fE;AJU60fLYiYt7oG4>ReoarzYH71 zccMXlv22nSVwN8>B2C^ABR~A(+icFid-6FNbfN8i-`)mv$@6ObC$|A$|~A@v-G4b{O2vgX)=?4n4mM=0_+ujJSO13NbpTNyw27r`Q& z`61|e_&<|`kecfIz=PeSH$oHJl2U8%{12-W)j~0;=^p2(mXAVHbZ0xF+qBi@$c@av zV%{Bl;s@cJJ4c+W#Tfg>^}Hv)}cyDw*CPr|aeBCxusAPnhKx@CmXj$KgW+!`j$l(!QrHq~$Ek2hjp?M{?U@wvV@2 zL+8bM%2N(F&Y9{pgMwzEsO2R<%Z7h>EoM@hv;IkCBrFT^VsW(|ucafBS(FQ6!EmJ~ zpKB$26D%xRXfHJr?TF>@x4dh>=#D`QTbqw1&Zq*Qyaj>Z(1)+LWJoc%|B~)HRU7k# zRco^V=NqrQxvbQUl)hHvsEHyLX8-9mX=Dnn*)AMOqHILRl3z&8c^eb?@@{)0kM4X6nyZD+4k9fQE zkY5UCaCI$vH2Dxp0gKcv;1tXVcOU@-IH?ZFx|r6*BklAZ4)&_n)Vtc^_=auklV0Cc zZt8DIiaPw(JOn$el3iVm>7UYP4}{{X{z5Jv+!`B0SQwxux7B@lG}q(BSoPgN4-0R1FL1;@eV0jFY$l-I&TQBhy-9c<~0{61Xw?- zM^E@$-8JJTyPf#YNZVOFd<`Ygf<74eD0B6T@RlUUJ`v-B{fF_~sf=tH1L zh|xc500s+X1!=Y7F?z9;T(4qg$Oi+qKZy$h6$5+wdDJt4p*P}~`eH1sod0wrC=()z z71-%|9#4f!GWZukbF2?@fW?&Z?gU8;ljPVM0v(GjQ{vq$Z|Eu1l@tDJurT+ZiQ`yF z{95+*zoqJ2(T5x3S>rI|D{4l`&`ssQSLD8S+53oZ?5TTJ zoHy1CGefq*wiB2yNxgNQatIt^xw}tp%;u^A2qCKNqVu5nenSY9CnD_hkcEarCJW`i zBy$7FOk<26fhzw>wsi0z6k}o`cZ;P13e#*Tbf5rcCR{o|`%Gm5|6^f(j%w?zb{@>m{jkS6c{^%+}m2` z5MT6W4<-CI@vp;lm)%juI&`ZFk6s+cC}>baI*9YRMQJeOIsxe0jTk{fd{>BUWl;QT z0R-}avBMeXX9|!rx2R>*3_|O6JG>}XRyc~O-rMY36SE6lq&e-T{@XM=bFt+%&EI?E zBnVk@&-ljPWe}W*-6V?sKC!W8AzdMPm^L3*i%0D@%Ov;E=~CtLq+P=}>cFaZr>_}R#$hi3$rr!ba224QFC+0}wZITnz0UJ_fa6RH z4&uCX$0nIeZ+*$NkPy&MV?2XgkSv+z(-eKi!aOFl;$#lU2FSIK-aE(~MLLlS5-kFx z?{`!9Y0~37l6U;l6OoXWg>9q@t34#PBiIl*qlJ?DZk1&X&*ge008cjT{FDlf%SIc> zo(BrQW%ytw%q@46IAd}5tE@H$s~MT7=vg9tDw~rfq8`8C6akC;Xr(&j&8lP@0qBSl z1L+!Rat?+{^6ASBGP4`m62(cJxC-;|{x7Gr7U<&|z=Waw51O|@Vv&rz*R-1K-g*O& z7PEO>ywcKW0&Crv7JM39x61{&kJeXndUTs0u=O1H(k{V7V|EH4vu#$Hr5Tr7a~`sE zTIo6}hW0hs5q<;pv+4gb*SadZ@Cddvnvyc?ONjx%0?fQn21d1n)9*-GQ< ze*0{HP$b0@Kh)|rDGc(oMr>4?n1daYbRr9Eujk-L$y|ih^u5CI-r2gZ4E_R2T`08) z1cM;rnx9DaR35&#Wd0FavlDR^1Q9QiyXMGlb{b`f5yb>jXEm1ywK-2+jqf-N>-~Kl zKLC`S_NF5moFKcf@F(mX|BkdE>vwbjH!~0Ua&ji8txk3Zu@Mhwm1c_nkcMc!lcI(H zp*6#mZ8*%X!_XOXW`fRC598A8O0u{+KO^xQHu8q477m<&*Dmx#*$b2AFivu;;GM&j z?BI$r1Ykcgby7qCv|s@_1Y~Q#6%6`4LyQ9&N?1HxOX_zkx3_{r?2AE$8k#F-@>3LF zd+nDcsn*%k%b-4hZIyIiS*x3X!)%CALdRu0PMk3faHehW=$6}-Xatf&k*kx zmLg2Bqw8p6TywdWV0{hklQ>vKF6%l1d)QesuMM&f=3mCl6EN zGPCzo+*>v6d42RFSlUxEtsTZ8r@;ZJRIbXS%(y)ZE?y@hjOTzUL1-}I&<(o$X6)$r zVM*{S-8wN!ss#7Sn&7A!yA(}Y;gxxshft1}QTG4EZmc{=bV5zHy#cAlI%-VbEL@$s zb_o5%D7e1iOKLyyD@^8V-BEPWs*<(dzRBsPRsoxurYSq{_#O)LvBztF0QZK+uFL)7J&Li*cZqwYTbcsh zI*|e{_w<+OCa~z9D0hsLC7Ep?Q&P1`YlInI*mfEvq*jjcr?}1I=}=f zTV#W>zC6a&Uq>v*23q@8E0f9^x^n|_qZ<+}!%^Bzo;!OZ_20MNUH$bksHPYvq=-cM zR$j@qn@N=S)H2)Ikk{;HS7NMC?U^8UJHNgc-<;$(QeU+*q7oD9wU8@0*EB3zKg(g7 z(u*upZ+On&whi^0J9lAD`88r2xA1XR(cIyc`BH;++PQtc@G}v*`PC&fkCB-Hh1|Fp z7w|nCjOSBgbqvRpLiT_D=*j50ANPmAo-puv?e&vEq}I6$VK_B`bR_YDtYyT6GLAFg zgS;Z=j(DQekzHn$th!})JZmJ9JQ7E1_0&43+3IF{My>j@38jFX5Me_qpeQ?%3~8qq z!X9G)$<&{vn+d{ zgr^7^gmS44c~vbhrkihbx6PJ{aSx|Q@}27sEq%&&6k3N^p98 zw2TFV0Y)Q=k*f$+RCA$}Sy3WoZvRe+8V2+U_|J>vo9PomlGfFT-u0Ekm+&n+=kCuF zF8%YUjKCDEMpnttcoJqV&$pMNiJZ0Xt-~=S-O0D!A(lTtUJ(g*iw%Reb^TstddBcH z-*{ufF8BF3!dFwxaysRlpmDltfgx8rLJF(a6}94UwLT!!vY{c``2ZzdE)BayIMnRe z=;&~{NGd)miHo{Kn(x>cp0^>R-B8$A%2O!O*ZmXgPiD9Xlaw3ND?L;S5km-Tl=%_s zTUF}YG%WkwE;6q#iVwGargC%X&%}A?j|VsAlFyO^nlO0m_#>f3?${A>p39vo^E+ac z_x*q#Ma9ajltNV0c0(0fU8(5PL65V6n9pKdFjQA=T z4K2}EcX)ctmEpRlF^$HH3#A6gddEm#+Y66pZN!U_(~FsLW>d{ry`sJZBSyiMOB zPN)U_ZqCl#{1)@sTut0la5E zZACgeopc9#zp>_LBp()It9C&bu%F9`3)UqU z@JaB*f_+LnL?2Tb4RtFY^b>5g`Umq!rpV|XyUoBR*VZzq!bIut5xGYnm(=^GDjt6^ z?4?iR^wZZUdpgG139;&JkJB;kNGx<}Ghj1bhoDDz`Sm~fVrH{QKjE-IKp~hwKy3eC ziCZU=e`s!d4`*{bTY6S5273=9RTXF;&?z`3!1TZ8;tmT040Z|%1oS_@Vk}vwjbZc- zAfZ16RGJCoYmRtiF-ENMXKXPGY7Ts|muz=rChM!^Hl{38gSt|G1cBDT$)oZa;t{)? zGlYHrT^pNPTs_a576kmQ~>bVee48sau}>`KeUgM zcf9W^OTKh*Kd^7V;C{V9Ql$-t*SJU|B3Ucva!@a}*SJNOHK4-qZvLxqKzwe_sU>^#%BNd(uKa^b~)4Q3lQ0N~!Av#QaH+k%fEas$Ec z=)M`&!|Egzp#s#}`z1ON8g%*J5xIWagL*pkxW7(>O;^2aw>@<~%#FkhXAgHY{Wjb+ zjc}nn?$>?sF!bJ)JoUpO7F&^rd1;T2!<{kF_8Ano@C#GCr|s_< zsVW#ME$I>--oe+sQXnicd)W~Z+zBLFiEr*RMeGAYzSY}YEhU@`E(Sz>#qTC<&w1Qz z6=ztJdUd%{mJXsRL$eR|n(k$cgh*j6DM@;lqX*Qv283Ac~59j|cs=$O;K#`#L;HOViYv zYSYFNq14Iy^>v|3R>!eB@G0t|8@&DgiNr4Hx-=bRN$0AAngZ8(89JSzQes+B3)`?8 z!Ul=aJiFsrcS+F%RAHP@g7)Db0*jU=(0;)sz-!3PoKOFxa5g$RSYI1yQu9)pU}Wx~ z9d=~*^V#JuDr@P)MtR>V zAjnTeGTZK8b6HWYC7CMqOn}O8zr#7_ClW$trzT+~UVehH%J!5ACT$6#Kd}RWiwL+B z1+&71e0VEY-bpakMd*#|a=O=p$>|qt-E*}!Bl}tcCD~ld+xE&}4pPo9YCfV^A_vO; ziEtU`-dq$ngM{C}dg>jKWzjMKc2eeI7HbCxO(r*;o(U5}>kvJKLPKQrZ0?X1!{M=` zfGS0)<8TjaoUWmTbOHmobeiLm=V!rfbK~+cW?k&GI{6Q0=`e1izet%rfDCkmsPfdY zm{`r8g}z&HyhO&`?bU)XPr^wk#t)esc459S zHkF-(gs47nx?}WGTeLfWlM&MN`}v6l?jd>lwrK8B9dx^6oH_IKM?E~FJ#CB_`yxcA zNAKZy6}%y|4M?z91jo{svl!^E4Zliawr94Ibg93FCbpx-sZ*wfI_eG5jcSzOlDB2`zzr@`^PE{GMe$ zn~!NTDlh?8{T!-S4cbw&L5|uxjL%W}CC#8iC>#cO7m!jk6RR6q+a>5WJLlT9+JweV*SFr0=&ouVC0_N0JI==k z$*;dZ;goy?^C&cW;2$6b6B~fE+D7T}(2o@;=SdIVsGR`Il(vGC-fEm%8wdzEW19Bnc5yw)4cjp9f)?REI}2>BR|{M>?}0=4|p z=ad)x7H;G~)ekAK@VJJRz1PlPt3iO(>FF(|cSYwwVe6iOcy}^k5-FW}%Ns{rzM`2+ zB#Oam$ksmD)veL(r+wK>hesSf^Q)NMhc1A237&}k*|6(sOz}u-|1an0q8NwmKRW)V z*l~{M!bua){ta1YVptDoZlrMjPjZJ|d>ioKA^rA>c!prep&dY6Bq6F^kO0tGjZ9bx zV{1VT!WA4pG+6Zt;c0RabSq2I6u-PV^e$*TyMTH@W`Je6CB%eR&CVLs?@pjAX-9gq#>-9LK1^5Vqq@^^n?bW2Z2Bm0!e-F{+ZiscV)`4GG`q$5Yk$s}L&UC{mT zmd<9#(mRM}c(iD)C@#Oiuiw#YT`&to^t%p90Pn62MOt{>Csrd{j&yv1K1rdvOsrR$ zc$HUD`2r?nB2C}{SN~29EU#Z&yMU08KO+IISu%ao(4+@KLvX{8!cjK>xLfUL7>o&| zGetx5;W`5i(_|GQkgO17EH9~C9E!$V9MQxiN$i3FO(k-Ztw3g}DWi(io_w*V9kgQy z(KibS>4{;wI_D^@B2Sq(hweb6MJ_pFIF^^ic?Yvd-psD3QZTk1^bB|cYHL|?f`3a} zG}J#ftexR5xj8|z4J=TTkBRm&c|bYF%;_*I+i7rDiRn`^irC10gI{#$!J3}wDzTJh z1lqS(z(?oQDp9c9OKwdXLq?jFd3&hRg)Q??S9FdtjGbIP4tu?btSV{|f`r$tGN0jGAw5i4HAXgoHG&Jkmr{ z^)Db>vq_nv&c0Q)Go(%i(mAMpQe;Nn$wG#7yY0&+qD0wVf< zs{a3zBy8{TzZL%fQ2GC%@T)Ym?KU{jd{=6AQNU7Q)e(nsV2m|VJ#}Xpt~MX@p+Ewf zV{JHC$`e#j+*bW|xXE1d$xDZrfQ3lzb$Xms<<_1sR<)9gJ&_y-)GS*-Ez;L2+UZtN z(n7P_!vY=nRCoc&DDI484TBmRTEZz=^;_NRJ;uY9b@el^T# ze?sQ1iC#r>q3}Usj!m1;i^u3LD>{+rSJ=CIFmTk=&c0BsKO&LfWc+-;Z@GJ3jePGo z^u62L+dDmjuB*gj^(o*8DbfEySDGxl1IhKbbPp^<78dSt=5p$!8-ofRSf76Z2^bLq zGlshi|B~dpARBD9dX*Az2hcH2h~56<5BIL%@RufWQ2DQw**pKJ@%8>MWvZlQ{)1>we zIT+2ggFUY-R21_>a5g&G*~d^7x3_w90bxpVDKdo6HB za^0{STKiO7jl&qq=dfKJ|K%EPppj({2chZ!XQB`VSB7b0ttG-ENPE6_mi=ew4Q$Jg zU=tyQeTMCC>z0_fFuuHV324vE*tA7uzuQQqze$&*JVSA9VCp_D!nz5){XNe>*}}ml zKPx5c$pxE*2^Uh>o&-L2J{DgTu+!19jzL1D)Z`#Db2qL53)!!M6|Qb@ob;3O07v}E zGt3L2n_@sy%V5G0vDV|oE(E&O9#2tUW4i0UedHFLxT3lNb0j7X6A5x4lz&(atHJuq zSlA*j`*G}pN%#yh=rP$9B%JvJraf`OH4V%8958+W+r`WIW_#au##;0jF3u}wj{~UF z%Iw`Ohvoeu{_v||ipG+ojJzNB-J{W|iKZ(Vwi>y;rn-dyRucF}77gPe))ktOp+%3q zBlFt2_Bssm`-3U}Z`<;{2?|Q9NZq?`to9<c8Z02j9i!tE^cS$s_jNN24T=-!CIW?JY>7uS~ zn@tE5J0?Wr^k*N#;d^m~U`aM^wS4v8J$KhH9W6_V3mQ^X&j@7K;)xeM?ntgQsZzGa zQ8)9-1IIWCQaYG8_U-%^N(PP)kaZRij>Y4#c)EnJc_Jr$!OK#oAL^v3n(djI>aY~v z=jp}1`#NDT2a$ZEMAijycW7h6kY1&Mj9S)ZF^^>slo_VdO2P=X@VI#pqaPqHYwUJ} zYOahL>BVT=Tqi=OzK|VRK077I->WI%iRK~EBVzj4)yNWS2r~z7{3(d693E-W6yT-- zw8S`eVA6JJ;w8q5V5i*;)EP*qbhg$?P(C^nX=rAi`@P&O6`y9WKl1<#xy5*b1DF@c zj!7%3zIH~EW|+bia(47qUKJeLW~KR%rhqbZ|Ei{xB>l6yZ%4Qjpb=#S#(n{Y>B-*m zn}My#Qp%S=C=IQDrKGy9>ufA9yUGJwK085)!$AWszvHf03{XU{rA&ph~LU-Lo8wEiMH0c94dvF%#}Qo zmVC0>XaaYICw3xk>d2b`3rw6$jmUohC;>b5=fmZtlNnU$o?lHhMG{a_YSv!5!`hD7 zwN`&xUtV!sQpu?}cj;PrP1TntsTTJ;< zu+_blE8clCULat#-fex}sr74$c3Mu3p~Do@B;7pQMDgD-usZG@-L4|vEdABjktA1r z$`o|8tOi~^_to`uLdtLB0@E+)%0#m~e!X6{!Ah+rQx1Mf&!#^1&h!*!I59kxu&cx( z6H}cVAmVI^qbdA`QS)PUWG z_W)?j{E~v&MfB22#aqqr;u zNLhXvna|t%wTa8Ip@%3=%r(Y1y|1r*)#t~xhbYWA-!_R;{=Aev1jEr7h;Vneh2&eV zM^^`+Z3O)~@UosaH)^Z3i6g1{ND`!F&zF(tN}K0Mx# zA>*8=5Ha-FvXtStW{On`ye@gSi*+_=?jh)I@I&qP<$ElCPHxI-vo{YJlSoU>m3ec; z3hwJSn2N$2r>_0YsO`rx&UxyN{&x=l_uKy6PJ_Cgey98MzTE=95XXzKo@QVNt|j0R z{`Ln4%3?bVpo5taw@XU(Fwwhv(rCK4F{C_;??2kd4`-^B#cA}oz_Hl_)wr!ibB>qObnPD0o1$h7e+fF>dhSUf+sD=1J*O8gpg;`RLvc^b)0UsCZ#^RFk!&lB6HC)`9&0cofBlmI}c>s z^u0$xCq#jIC$MSF2OdO!l|Dx6k#&?JV2~sy)vBXs%`q^C3QJHT#U~}b_^7g-Z33bT zl@vEA%g?N8-fIiPTV+@hHmv>6FL%hwEU=XKt^g7)u!s)txkWlK82_~AaTJVSRZHGW zY{|AEazkW%k1TM4)V7q`uy0oDK}QMDD>n781%^CHySjz(9#}?uf8`4UGBoHYsZ6cD zMuBD|gyf#taTZDl6pBGh&Jhp5GrK0ITb}X)Q7m^n{9r`%zZmQbP1Z zvG8^W#{lAkgZ>z$bST!B_OzZLM1anbP{O^cHx}EX64{tVOyNrDC{pxTQ&*hWC3EUy zhiE(eV&u@mB5QaSP=Ud7q3-?1t;T;24iAe`hjO>khz*hkE^sZ)oy##;JDmiGBSePg zPXTbFjqLue)1#q@(~X)Rde4vZHhRx2H83a1X&<`2=-O2JQ>TSwz}DezR%F;~?vO5H zalyoePou4^r8BM2GYIC9>d5`mceFQpQp7xvjJOdyIFPtmIA4l(0^-|mqsWW=o?>!J zbKw1V;dH(Cvk3msRU2T1eQ>4JUmDinT>wQym$$>t0YY`|htC9)MV^u!*!r_mQV6Vg z<3h!|lLzMIL3^?sMP$&h@UIk{A^I%&y;-@ZI`uZL3@d3KqWQz0%qHoa1X z$hYTp^5Ic8#1#oW1)n^Ow3~nv1|GacK1f`@?5gJl9TUW_Z5$wDwq0tOv-!y8{9;fl zCv=$W4*vR{h~Pt)BCc(amS(e7LqUb(4A^TKaW9c*aM%(EO)-*S>ncX!7cxle(Z5kD zw{~RCqaGN(J3^XgTuaaG{sX}eJ`3=@l&R)`yZm18Har@${LKJW??@chB&0;)j&-e3 zBJ3|6nx^Q@{9hy;;<>+eFvOV%H*^N)3yy)}=6Va54K5g3)6i1o5`6i68R_8NtA4e^ zM}v05K?K>*-@F|!2j>QQ6OH}sb_8>&eb~-7cNwsW4|^Tq&J!&3VSvK$sqWgGjxSq0 z;zn8KrD%|8%wf>Gyz1}D($E5b$uKd)fp@2XSM*jXJOJBRvCY;cLumzq>jAJ3bIl3K zk7ZgDxKK@$CbmFr#v>WUHu~LE2e`&!G`JjSkTMLNor_3ilT@A$ z7lMq^LYeFpUdISim!ZR5l=~^d$Y})I`tB`|Pq6jct(G~{Piv#MyEwT{^G6a>KMPJn z3#H;AFq$aprx*&~5~s4uum9bIPUP`K2%xv|xL|}r;==*08~2Q^l${$ zOoD?P=I54#x+mzb2DiAYxoW6Kf#3*D_*dI(?~+iaV8Br1hEo3FK*%>5u?9WnVzj{< z(YnXNOEYxCWM{(12-G0AGg0-Jg|uyqeQ{<$2e)0Lk*vPI9`>PM&sXbm?;0*&Iw= zQNC~Mi#Z{SaUVULvSFFT#+)6m))@QC3StgV=mI=K(FD_ec6nz7rn}f3CK2=0w;qX4 zL}f50d6-ps-3h(you%yd;LY$VAMUiYuQ$u6O}v#GWzJxTDPrh)cKPxI8aW zGG%I`LG(0JDySR^T43B)VqaRBs3Kccn@#^3IC-&|HLMllL@zWDs0c`e(f`##BBL_k zRFcU@F^1+R*+m;~22KMAG0JGnJFj?*fD^p)Pls~+il|*>)7NlCj)kz<3`zHS@BDl$ zy?&rWUnuI1VBh8aeAVOn{ff*PjTb7$E47Ju~9avWIzR=ho83&?Moua12!*FO<|Fd2Zi`^BAVxB6q-|^ToucsKaXz)W?&XpoTSn2QV@$ZS4Innf z6I}<_oeU(IGv=27^=eN5 z_M=Lv`XJx-Ntp`lNDgG+R32(-FSFZU^z~&8 z`b#42jLt4KP>p19^dlo{-HP`<#~Aa6k(=czc{A@cX(<2OOtFp)P8w54MbJX5E4S#2Oqe_Zi3W`I67$U7^PWn3{D1O)fIHLb^z8 z?an7(ps1+?e#B&;Y&F{jGK6YD^@LN7?!D_Z>FCn=%UUl8Fg4Ry27tw~0OS4x0E}y+ z{%Ecju|FT1nf2E0f?TUv$E4&}g1hZ|sXT~p#@J9^Nv_5RG%#x zwf$)4?KeL62JFJ=^J5(F>;C9fLg%LeX{QdU4b_|*bQv%;K%gPfy~=J^k?!AjuCw7C z%wmw$Z~OU(iiMZVg_?pDJZ3DJ>V`95^i4D0_u$s8wv9cp?I#U_KPGSzdW8J=aW0~$f`d7dA@&#{&tskt9(KQ8Kt zYT)qmLc?J?;4|FcSP|`#3|vCq1hKBU_^fNIdj1tIk@_HO$`HUXH9eat{n5H;?79=Y>D7&p0PZc!}D=&)bdXKi^ zy49s!oi+SR8SnFXimgejOaKTTlm1lP2cnpP7aNKwsqB5EQf=ExbXR}ZvS#vhol8Ko zAQ@N1Q$58AXT=FrNBv-hi79Uyi;T5#c5T(d_?wXZV?)@y#ZMDfbV1u$O5k!a5~d2IV)R< z#g+HlP$>v#o{_3P6vRNeR9jq?p6ZhCWm!bwJMT;#YPPL?h!#vw#k7`M1WcGs99{P6 zDcGbmD0&2yeKgRzX8W>Yqxx~~{k34z2hyM1{s68ofd`wSFgTW{YNgn_ytJ4gdFw4FZAIV}`czsV=$2gPdS z)B^cBevx1Ms@<6CLfzP23V0Qu7ZCGWRXw>=$ig|K2> zC&9V`1d$HrNkLIm6P;iNdf6idE#uJ`UosrETu%)o>auQx9c7&^cR>vJjP$ zLp_VXQ4{^T*KWHvlhMEOkheSU1l9Q)u*zT%}>_&24+U0%%<84}HvVwTw z;wB(f;R$v4oVJY_=ne(eEN_kL03bAe@g>`h$qMG+Hsx%qcr-b>jDoHK{}CWzZZ8W8@Y--(k2 z3z9(BWXd0(n)~$%dFJEa4!NNRBrPOmJ1&3Z8)*YMd_C! z8v0HM!VtP^P069Gv&O6LAk;l2zDe{Pl7@(tc-r)6FSZT=?uU8e1EM>YW4IX{1^umFf&X&YABG^(#z>b~8#clmKb!?~ z0On1vzA@^S1qE%QP1(HWsA!SksdS{*dl%>HX$SL`_h=M3MW4!*Co)Bx&eNJd-uj=d z^a61g7ZL9e@cFtE&%8ly$6%sN#tSq%N{rr^ecnEVwFD@aX>L)3)c6#oiI;~o+AJ@Z zM$n8g;E)T+K$k>HctcK3xjm&|VU4EZ3LelbHnq9G^`Xg_;Wj}XgT+$l@me(xZ5igA zfQVpbwqPuDbZIk5&wF7{px|4p$O+m-0wha$({!6xnH>l~oulbER(cQX2!hcn1Tg#5 zXqX_+i}N_Cd9^TvliebecTAHtFY;B#wt9z7*NK+Sbaj30+MLqZ7AQ%O2#6?d{zNQ= zYKV;bp=H2pACj6TjPwb!-HXPgO9>)?x3bNSBeNdtkJ+jSS=uDeZ$Qw1aVlmXtF&}j z_A)(F1s***H2&pTh%b9Uj_1n z*id1?$eYW+PmMkI|T+Cw|=l8gqV1oRCIZSL#r z(yx6hs6M|^5hRQJJt8^ON z{`_S2mwi3hFW;IfYhe6MHm*Bmo zWfv>3bsl2vl)#Ld-$avMoJ~4UpP4(fl~~5tH*KGKjlpf(E-M`((ITC8(mEq{RTsGa zrZktS92VrpG~D-gY#@+~+`4zgHsAn{N}_9DuPi+9d;Wq7RStEHIhSin;G3_!jVwQS zsyR4Z4ZvF4v*Gs2T3OZ11I?P{=p>uUI+*_0_AM}twmOFNFcX&DWXT-ekq>DR^Z3mf z4}dlFDV94m@xOfrE>+p|kJ5bRhCn;ki%D)p2O5G-ZNs1Cb<|vL5p?kNs~&3QQOOc% zQ09ODk@lAZ4_q36 z)!@Ahx>GX06fYC1u%GwbbMA`x!&1VE?I{TjuG@_m)C(nB@1-##8a72FEYhDr z$>S$nz3;H=`5F#sqF>o%G!DG@FUH;>Sd_5K+B~*x+qP}nw(Wat+qP}nwryMYod13m z|D>X;t2+l7ImpOq?su)9hu++-7xNDl2>US~N+ zwP^4;(db0U(PUw zey1k0vZhRoLS+G~4&H#_&1DvRcsl?t;pBGH^aHUl$AZE|SgoRarj*J=nyVd0VMtH- z9L0wsI_km03dBjI8598b#1YE$d}SRqYaJ&eBI~KhM139;spUEtBbWP#t|Xs{9zB6* zlRoHru{T@u(F7bE=gsWtrPA(H!pw%{xmm1oNaS?nYnmJs5(}@QA^VF9lQHZpBw3b^ zn3InbcE?e$&xJsvt;n#vlbkhO0;5k zOX(2E$YpOke`-@y0%A@C)(9MpfcQ7eKYTqEgy@T`H0QnSr}2|Am=oPxwEQf9{DjU7{sJf+C3c}@d70t1 zk^nj>yDiwb{bs2BX0z_HM2PgXk0%81elRj57l2cKK$h(7d7_L8HEM)JVw}={XXu_> zf&7NJj`uI|iZ+)B&2ZzYbZ|Aq88(AsK0fb#I|3Fwogc_lflG4=*#QC@@a3yVd!~|K z#a8)--OUv(xYyyMPTs#C31xHmJslp2;lM2bhjV)h!Q*mD74pTE)APndHa-K63C^d; zJ6#X&5{Tn01?5~l*Ce`=vA4ET5=P-sMN(8zofB16>vh~|)coLrzNL-ID5i?>gLEBU zRcxtS{65(J*Ur@Y5`Vs`)9qup;Yy{P##_r`YhS^Hr ze6I#>;?O~t_HM?{OKVJ@U&g@E1O1Qo?z%4JqP(4;CSo< z@)Z4 zFQf{|tRuM>`G6w*f~<)ip|1wfG7OQGBzg3-n4eRD_yiGBAA=2eg<)`93sG+`%AY6w zBmH||;EZ7uD2g)}C4bD8{e`@5F~JFRulGM9=x6YhpNlk*wS9|B;BQwF#JHQC$cc7F zU3lxqZM!4lmdpcCQAxjG|D7-smq19ZL-^+@;Q#<2{2vK3V|zPi7bjO^7kek?e=d^$ z4Kdr%wsqcaMf~yW1L9RBtt-snNRl&8?qI34TFWer9dlbWBMCW3Xy?}A2_%%5K$rjV zc1NcNk=UJhb@?pFY!F52H)>d41E2Td`?b#8L0bt$?dm+{)@!lU4v(x69ipS&C^h|v z{9QzaZ2?W(DUl`QnqUH~kxgqUOlaE3qBR$tRc<|j<&j*qTSEIeN+hnpozt9jyU@Qn;)mPjj| zom83JNKIp{-*otACzhq&ZS6MHO?d(E6G&z(7Y+PDrbcwa4~8R4zv zMCP_Jb)xQM8tcgKY8S>F6mK}HMgwggav4AAwC)0X=P~T^?cq1Crxji0Lt?cv(W1*M z=|8ps!;XHW9x($>N>?YGQ3m#1jaffHIy{b5@31(;Y9=1}d7!hk6Eu-|`yuba!=8V> zYA&Ly>T0HO5(hza){9L@Vx5b0J*dCm^vS?*>yk7e7G2A~cKu^sm}W`*u~dpEJ8b16 zr(>tf>7VThtQ7sx6`drKGcxa&*n?10VaTmepfn14zQxUafAVu;I=t&&c(9b9XbPBG z2<{6#C*B!|^tkx^7rj@;wf4=Gc=xfImDl}(R{naeSZ?cPnIj(VM;fZ-H~^&7eID+1 z69_{Goz(u#wGUTbPnW0f`@r(?dCxw#*TeT?Cu%JW{0=H3!!d-#rnoAR+!N57!n)q@ z=XU&=q2<-7xQD;@o3X>==lKwSqUuh+yWQvEZHTz5w3(;KCsB>$-qxyLmkgJ#KzVo{ zIepj5X!Hp)2*2=<8C?nZho|Bd@e3QndAN6J6{lehM{mz%zlQkL7ZjiPvhRH2L&nrH zbarDQ8v2_lYbFsSIGx01qSoSGX9_ijP*4i8eFLq8CyoqDkh?%IMn%k|YtGJ$*@b1_ zGHvu|7<<=GdT)@VVi8w9aYSahTaqzYfZuw~(TIPn&4+#nlp*Vh6^hli(bjPcS)~l2 zf+iV9ULpKDJ7oVa+V#Sk4XH?lN7kIa<9$4;_mT@iIO`YY*xzVHsuBh;$0ETqs5{gp zWQJ@4vA1Xzffj$kB2%l~sxfv(4jYYFBwmD3yZz*`OkcaU<_paX&bv+VB`Rc>eOI92 zOqI}br?6ECEeBBh9>4vq8Ccgnz$pZDH_I&BA+mSM=sC25mz5RyHFkFMHTI}Ia74=I zK^nx;AVPYPk(od@-lO8r6bYL?-EK<}^{_bf*17TnRm71d=_W7QcDb3jbXgH zUd`ZBK-=^8T(58O={=(+l%Bc#Vw5=v-x-u?NQ?ZWnsfCJh~-^dQCl}`>es(j_Brrg zqO;)4VN#4LOGz+C#OVpxl3$W1x~{FZTc6)eb84oYBY*Z-zHfu=*`~~esuxeKQhvOi zz&C38i=1Vs-=x>gA(2Tgi%L-S4Uvjb`XdD>5#DtaDAZ?}X-}tEX|Q85o1tU&Oi(ya z?4~KOHSv$FsX&*vti$74kV>Cm(Y$EQ#HNCy9Xs3O>;316>(4`qRu)`N@1Qm&=ev7D zOz3f@as6Z6Scjhs4(17~(y$FEpL-AF?_t*X*pE(GjAbkjyo;4&GAabf=Jt zk)th9V+##|oMv}_(T3B{%W6)zbtS)fHC_gbPWwJ0AU+cuy_g8jV%|XH5C`$O5mFG> zHj=w7a@JJeK?1V~k=l&ZXH(F2%9JALjjC#IMi^7k6on`os;#jYqMYobL5Slw5L=}h z3N>6sGsdDAG5=J^Y6-|PNeK#T#I5pu2TTG%BTCU}!8oY!Dh4!|-;JTJPkgZ`ZckWVmevIpP^dX$wJ` zKoCJ`7>lZ!`{G%Yl{4UHG?i1!M^#t}%?xf*#34<)Zcol}EdR~V15TBt<3Qit4F3CFS1ySrj>8hY9nq`g-w z9&zmFmU#!E<#6v8r`r7vYzD75?iMA*B$Fb6s)wG=k%q(5E<^N2U=3E!!>WKQ;qYEy zjhI^ZsV9#eL}&x&348!f);;C9W6C8MZ@HZW(fQ*+(h$7o$4iodCn<=~$~tu7Q4cHH zspC+wWI8ULtS*c*R|=JUa@w$2>+B)zj&zaTC8zv4ktVxw-!`fK9EIHPinL5W{;$Jm zK7#rZ=|o#3IDUKY?WcsOY>Cj~t2I zYu0sPJk`)vW|aL>-4Kv-G<(n$*O(#nz5yd%9zF{Jg=`_22cdr|Zd$Svg-}dN)8)P#kX)%0J6qp8bxiCC zqvmUf2lu(zp-tz&X=y*VPZ}yd+`0FX?ciIeqHdFg#bR5-euB@L0)U!T=BKH+eAOr- z zBGETkkSRTEpI?)#JGs>dBFn3w=wAo&inOEU6_E&knyLZi=o7``e0gLBf(sGIqrneD z`B1|@7o-g!MzAv$F!S)^IN^oPyz@KJ&Wm2lkA75pVkpYKW>xIdp&sxkSen2cCM5+D zMkJylu<``>Ue6LAGu1Z)U(Rzi&l%7!j0i`B5GonzUGTA_8S9yl{@8=c8pIONNr1l{O-OqM)>@-I`9hb0PXRfzDY7*Gd8FCMqBadzS0~ zB~wxzM5|0Zw@wulD}^y@hs0LGK*>A5fRIJmy)+1E-OLO$c&BO)+)`Us)k*>UVY!x$ zg=F?1wjmdY2QP}Oh{tbxI5Cp9{ee`j7?_ZIGT%CrD6gNL-D{q>s78cf!Wuq{Vn9(1^~62<6!wkpOpKi*~K8KqpHoS*%Xv zx(dyt{0WM?I=QulHTpci)M>6-pAYw%V-|7OR$3%R*=|$XgQ~dy3D94=np`e0 zEC+|zv0&YUzLmWe4DW8Q;Oa}0p!aUNO<9c4+S_vKAK%vWDi#+5uf8mfxOEFf)Q1@_;j7# zisP6ICC_mkJ&k-nCCFkfbiSro^eu8g(I_=vCQGba&Wf{xlnYY8!eFreJ^A8^dFQhN zBBB$`^O+&C&e+<6c>tC1L+QdH!ya+@v@0aM9jC0op)24ha?0rvl-Tr;n(`F@QVF26 zYZ66sNLu8k07H<-fQU*UNcj=-j%m20M<)Y+%G5~(iB5EBL<+sa+$YH8I_Dm7n=Oog;ZEH87X_8=5+HmrwGXmX0iAw<> zyYXUw-qJq&9|~$di-CW?RefDp-B{StMR4|hYcJ>vaS)Hscf-w2_CXW&JH7PgVR(Ic zPl@TwqDB8R=>uFhV|4X+F~;a9(ODoz$O}_n1XcvXj=itX{G!Hljzk?5#{zfa19}_r zgLFLOlNKwF7YXGmnH}O2adjCrl^m@ulLYW$STceu^Az~Lg;*Rf6B|6oS9*lC|ij@`8e>ZkoTLru!&1^JkETM`vgX4p9 z_yggWoBe3l-yrz2rk3=zrq)HU{9`XJ<%sqQO<@?#+ODtzb zfXoH3k10p&2~F?g;M|_tjU9D0;w`LISg*nF{?{;Nc*Z4OAV9RRwx%Zwg_L&NJHFp$;}b=tnwvPEVQ5y- zIEOra%|g9Kcdr9%O;snv74I|%;laycm%KOBNVfo#9pc3)Fvr3k0jd*#)N%YfTx_>xaTrBSd=hF*|pSa0=EC=&UBuo zY~Ltgh^yt>C?N3fEcK|6Qc(QqFXGybv1t5;aHUjTy*~^<_FctN%!z=~o6UbFFC};n!9!?IIT|PoI>oe5CmOwf6g+$^W|+b;f^M=hxfS)$>KJ<%#XtoyqvE zQA-Hk=rn2f0MlDRV9E~})2Hu-C%2K+T46u{C#rOx`*R=AGB>VMx9>~M(5q0kVI$TV zXmqvvcLQ!({#7$kJM82GsSOo%Ez`5OZh*w;3C`H0BU4jQYTc+gLMxp|o<(IV8P%Ht z&uNFvg)h0oHBhflk(MUs^4U|Yb10G&o3e`Z>yq1z+?s=a?(FFdsvU4t9LVG+cjE&* zNA~lLo7L(J)V>iXws`L?ozHTZ!`@PxcJB$*`(Z}^2dgp8Iuv{aU2L$0RkL+kTxhos zmxMTMPdpe3^P-hP;L288wX8ci&Xv?NqW+=pUdYhJ&O}e8|EkrK3V!a*Vtn?6@lI>* zF!gCt!rK-$H9PGhX&-M`Qq&vrFInwOY`2vlvGa7D7S?7uVRqmwC1a{(|1F^0RU|$e zX_;>oCD(!{rtbqpT5f-MF{^gH=qua0KiBIJV{W zHP(Ih_q8Hf@Dk#Yr)o&`WqgH^mH;WYdy20@SywZEop%G2H8s5X^p#X9q2)G!)Xju3 zokY`&mw+4STlxUk%ZHp=Jt_|koj!W$J-Tz<(ZAmYVy{;l`-iAnq4=Y(nj5EUow|0m z{MZbe##7qB3aHH91wq52@Io1|&q7UVz^v1tWArdlwli?HrXX4YuAGR+4-nw>$b3MM z@G);)bsnvdJ0>=w<%;q?h0~EDnD=ZDPQ5-;S)g2`_9TI0+hS0zFQ@=_EKMkwz{s7;>-h}G1F?ari?74I zt)JJ?P~1deFwKnXVt`#tDLXAl<~m?!0WAdcJBMnb5hMU!6e%>d@9^5a07`m>bO<#V zqZtl_n5(_UHHq2cmlPG35kWeFy^tGVXEDW*Zb`R~i~k&SS`5E>(?>^)h-@Q91>n5U zZ{V@|h0O|$8I*Ibf#{ycXSC6^bEjxh)^KR-NAeO~*QP>cA9W*x>*;bI1?7{@aQjWH z^W#yiYc%uvgwmxN3bq99EG0lkIGw))AyuFKlZW}S_4nMNvW87Tn8_+^N{Z^kUNqPmlvYQyNXqN4r~w=gnp zgj!>NHUNy&KfOClF)KW z`0EQ$CTBSMS)JPWgk6}T7n;8 zA8s6jImR|v2o%UHr{lsi=J|FkWb0s1{2{2Ga(+8l|B^{slqf+%`I$xut(xn+s;HRa zuqK?G=j~VQxZcpPdYY0-nH5*jP?6~bF#(<_aF$2Bl0+B~a+FzH>XuE^MMpmVWx;3y z><5LY)Y)oCk*iSdgRKDHNIt$F=`LTdHN4;kq8*V4(j($EvaaXrVV~r=ZK=0<9oQz0V&n z&7iG1k`=1T%`FBsun;LoE^)Vx(f5@tUWT&1mxPPZ24)Ug5G zGgo)RXTMQpONcjVQlpt|=<@U4UJ(Xic2vo4sU;G`OwzA9-ON-p`qa?69RQWV(w&&h z$~A*%Y`;&!RSBV&1s`N0SCPVX+y`cyXWO68QrQ0J>d7w4wmvTmEY3d)=K!Mz4+d{| z1U?ak27+mNUv^?J^zSwm5jw;L&^N3|JrSOtvN_Z`#vfua5pyJNN%*3rbKB3Jis)Ur zxa{WgOMf?I_t3R~0B@SS#0P$vy}Vmn!&li;Ccfof$vd;Cmh@A0D1Z><`Ir>KvN&Z0 zKR>M_Ca5`yN}w5~v)t&bH%d`eE0}-DNF;_sN{aHu+GiU_;yKi|4^*w0GLeYs1ANZo zqLW)4NeY~RpMjFAlxt0^p!yA8-T(Voc6hh1GX1Z^hEoRsfaw2qEOWK{|7kPjv35RU zOWgZQjUX#4nJwXhr|Rw9`>3n*)Sk0BL&BP5LwDlnNP(D$p-dvIkm}m>v{%>l04As{ zr{wx+AWblD!SWdcwx-);tl7Hz_7!W6N$qaC^g^Q_S-SbglhijitMVnaeOY(q+jE&! ziqu(P#g^5$d!85LNf3Lxrm9>wHM6mSWo|dcHe=_h%aW7Z*|TASi$2q~Jx~<%>Z=*yvU0uI zy>{g1_xE(b_SAiPQcxG2M9uJXXbC@NomhvJCCcQOD)+fB<($!7%o5sz{ zrFX_nw;ZRt=a^1_Dc*I~#YQdF)VGJ$cS@~s9XJ0|c+J6}2(G>Vw;O!3!FBv~ho1jC zk@t6N>g>lxy@guu0 z@b>97zQ8!=S1tzv#K^AW`^Qo5%2)h)2hOV;Z|~|-AAp8#$2M_w6SE1_Zi6(f)J5pq zZ+@$0D&a~K4JS7@^?RnN(MpP~e2tMBf|T464!ctmJ#xoAdApV0fZ44NLw?u^jbJEp z>$|+x8Y+wKQv8I;WA~BgoMzt%!L_QZN#9KX<|-*Y#_T|5iw_tM#d;(cx{YV?0lwh0 zV8}fu!Gk0r^*YutPMD1p0o2z$;KR>7VF{u=XE_0atdE``ccAz@OWHh#B$+O}N47-1 zS`>b=g-NG0_15r1%D!=qRs?6?k%*9mtw^L#-p^+8i;U~*I87VYS9rC(fw%h%EnN4a zKrL&pl<|5;kf7ymYd<+N^VgXTRAj7t(pap7yQgk#$9YbHzyC2f_iqFOx>Jj#HxI|X z4-+3&a^UhpY?v@>(B0Kz8*g6CReV@Wv|fp&)yX5&@!Mx6#z!w4$R)OM*P?J*8xVN{ z7ZRD;6W>%iGz+h@K#gfCN zp%t>{U-V3TgT(YNW(hF@uYDSu4Cs0C`JdO5r@Osg4V+28t?MsPhWVAs4nAjq$pl|x z0_hx;%LYnsPzBC(6R@HZEk^h=m~+v72NE9rhHkoh>7bl?MFME_O|B9rt0R|hfTp2V zqz&ZNAVo0Obayd9vrSxpUn#;oFBL&pkX%(Ls%8M)x*0A+Y+HfWBVWB^-`G{G<-aOK ze6mQU)&`Ec&H^^v`a{7|(F9iP7O_FKz3r_wPAtnVs^GBTmT2w3O_Y%JbDp66T5Gc= zg*B6Yq58gf!@MDOSD%+g4=*nQK``_Gphyr`Yy`(k;i!CXqGB_gL>2zyyP9Jpk@5RY zYJwlKSn-NinKGPNrwEvHfMdD(2;W)_EA>^yHtZGY)LcAGb=c{!11mkZU{~7 z#||?o1I|~knb{|28-DTHl7r3y`+e+3ugyI`s{Z&Xu=s|dv+6@mjOtRbBRE?YEt>&G z!02$d@q)&bw%gao)z_3v!rBWM*?7?il=2RTK%qppS-ba##>18&MF3ZQ)QomY$JuVa zS+K3FzqDwhi`6kM+GJK%+ z22<+n{=+3^a@QynO&}^K{rO-pLQhuv7q)sgg1Y1pCr&^P6jeYlB93|U7=J+0(h}gj zQ^$A^&tFZ}X2TXhJJ66^s-QlmT-_l!Kpb_A?;M zHkaL{2$aT&1vWn7)&PHBydKaLItpxFcaJSE@KO-O;WCFKxVV@@RI2gYf6IxSX9Sw| zW)Xq_%3++3&#z)Z=8Sg{x!^GWELiMkp2CEV(y3Q2<)xi`$#gF-V-l5M-Yv^Iuu$3~ z;madt&IjduLgBnew*W43UZeregY&(o$>PQ!z1BywkU0r@+PeLM2{JzaQ+Zi7J)ClS z*>P|ePJ7-!ZMUHw-rR2=W(z6T^iU^A+ome#2RX7liAKQh59k^b;V?4}7(;-S5U7r` zO#Ob;OvnJ}B~g{-L!1MDOuWrPKxtvT?YX_(Yl)7!9yYmvJlUoeRI+KXWUkDq0(4aY z?NM9*(i%n3*Ar^&4MIWBLoUwU@E-(a#BT-v`R02WmPRAU*sk6i3 zFoDCv({tDLgZw-|9&nDK%EL!9UEn@v)6KJhVd;1ZJsnG5~t-rDOe(XgY8@^Q11n5LH%S!T0JDkSfwZHVTu7D^hSI zI=@-EA>0&ENO_y0{~e9p>Pa1k>c7~S|t|@0$p$+SudE> z!}Js;>KO~*h)?H;?FdIGn?e&}mR&`RVlcIGQc!|xM~F4tRDiu>sUdEIyMvubl&B}*YQMxS+Pf! zB;ViISXy!Od&0eBS4U1pB}U0nj~gotQevewiy0OCE}@(HO7M#5Fi&qes&n}byTu^4 z+qLr==?!81*lbFMgEmr(M$Qa-6~Xc0&tl8{Pi^?(*qc%#x*Cpf`fr&6dEzB&=mCm+ z1yoEw=TC3AiEVX;*;U0ZPXVY{gT^^JSd~9};MHgXFzlFwFwV%*1pnIWDm`xQzA+5h zBoPR^N5R)(XX@R)%{9FoctH59HRJ#4q+!gih=&_Z;Sr;5J`H3WtM~4OBso-knx#t^-Tpk`t zQmN68@3hk4eydrbB?yBx%^_Izvr@4s#(&57ub5c1k%kT1WW(EypDPl?F1iSzOhuab zza(5tuYb@$xXfp`UieeLQW}DX9D-lI^q1jc@{x2K+nuG4Dn{%YB+JeK7#pq%YN=sf zTPs7^RV&R5STr`YUlD}nkD4<0kvE|;vP;GSm3^%7`mb5-Dxm1F5TGkSb^o(HVZrEC zBH*D$!DB$I-0)y=E|OGH01bvMmf~v&207TNzsB8jolMNbnT~P)noJc9XDymdjwLwO zP=i=J5Qs2a#mNQm>ZTfLNlquWV<*&7<*t3Xp>;y90(Y;Ow@}|@R%)GAWsTMRC3oQW zG`VO9VFuyX@U>o(;rO~reqp98MKw#hBT+EuD?9Y1-T5vvVlto85(hvm-(BzEEx^hm zv`SxT2Gzf1Z@SRlRr`P{^P_sMUh-s+WKn_zQXLAXunbURo;xfcf8Jg58x!Q$^HlaK zL=2;f>bV8{h$mQR&h3gC4cLoGOg7HjI97#wCXihWK(i8vS`dpRKD-$}E~!QDjz4lbVtaF4x4sHQ<0BJb9?8btG!5G(qH1ddiSD#uh`LMDt<87SghUat@egN3|deT zb&|A>I`10H){Zk}LLz^){8wK;l{BFIO%(^PLrd0lb3JA^r+8}1n!U`+r0f|VLCjoX zopCanCyj44t9N1%gzdkCD|H~Ia$6mV?CM%}6}tb((BZP#+5Iv_ zNj;xurhy?|$D!|8HH}%JET&Wd?#)jw*mp2T&|t?mSZ9_b%7|Tx*wDk_#Kn0 zsCGOA(n(UhjYV?B@l?gj!QdQg=7&>El$0|4w9k;oyy%52DI-;Y(cRpDx@wO~wEn(Ev zKtCR!_&NDRk9RpYtkegLf$}W*i*9wXJYUD6FoRl*MIVIN!-0sXWRy5#9H9M_@LXQ|0ZQTUv4I>2<36l$gT@vzX^{k{qnlIb&}MVEFPfX)261;`@ETfhUl%veXbe za93IIpnyJU7bFXGI43lWnqQNHyU&iHqB%f?3*hC_*b?p8uGg}J~e>(P=v0N z%pWJ^C;5>P7e0}}1V&E-o7DCUYMw5sVmbjnanhz%R%mXjGaBp^DjtG!!!stlgod z2;2Rx3b{z)HKoR=VQ!$gBY*cV)K%(9ZlKUULtuy^Ml*sos>Uj%44Ai7WlTlk_mAwkx833O64NC{2Z>L#Qk;lqs^l+Lz*V znPX?=^usms2`PAmzAUj5ATUWP-2|r4E+|!_@QmCcEZA?1(u^M&nes{MQfG7@rcGSP zDuwikAm9B%UA;SJ6lSh{c^HP_eHH})2dPm*L^6!G$5{XN(OqYYLhY;mv0;3NcoC_( zJ3!V<7`bdGN9KP&HB^8s+_|gcK8*eh*|>XmE%~J2?%|{7IJ5lSO2uK~DqB5!e`$cV zt;P*#9YMI_g$a&%A3dN+S0tUH#LkO=@*{#L4C7p2xDpq1is@f}1hILRSfanoydeP0 z6$1%06a>M+t|tEC5+P&cQKX2hqSLn=rd;G%1WdeW{xgH$u`X3k1P?Iv7xjgB%$XJ} z^f2HP*RDGNl2+Y*;6|l$Q9UCyMNJgD_x zh!O4`#tIR)JHIe>Qz1BvCM)c8(v{a_6l-Pm6g5g7zS?fGF&$)5&9MFmf$ZNHe-5`9 zUHK0o5{NA;!#c766HXR+uuUz&rr#P`GLGX;`IvN@2&v>m^i@ur5@8f0{EP?$IA5`* z%N!Xn!2CXw*a*jnIiu~KUt;lia=NK82m+$+_o|nSCKK zxjf$z@XzJ+<7F7^J|C2!_$zW9GHVs7KKEzCy+7DMhv)eTx>!`KW6ugo$4#)rPmq+E zo4f(an0WQT+uS~Nr_@dL7ES=1$6{_-n6DVRO6t9^%j3GV44S&{xH(lztw{PWvWf7N zHADAFJ)`LgCO}1CHL6uu3~tKDx!7fd#})t9VG*k2)Bwla4pNGoc?@OD!iD6y5*vKM zF?$)PLf_Y`o%@6llIB{3iij0@skqeTX6VME-&^vcV{%XO4>c*3FyeuNz$*eXRFe6{ zy!E5_g7d_IykV}S;Yf8y-zO6h@a~)r>L6u{BD)a-23%xbNGAkIhY9l*^FKtGM9S}~ z;6T%bxw4Zy7BR!pGg^5~2ayg3oqJeEuMY`)Lwdh_{^|AhB%B*}z9$u_i;NT4S!CQq zioTR(DAx=CfWSja0`f$VwUrZguuf*JODK)C z`2&w5cJgS9jgK#8?oP0NE*tL>#{}mmV_$^En~NF32EYb$SE#H5dzEDY|E$HV@G#!1 zUc^&;{d4|AaThlHobHW-Vv{<}a{gSaJM|(-gxFPcRr3<(@GRW3Lb@?-mcu~RUF?0x z(4BA<{2eLkdxV~ye@v=THD0BE7?6st+z^-Nny2)d$y3T>7gZwPPbO^fs5hB=%U?rs zj8npU*U{+q=oXq4uH^(nZ#3_vIW6RC+F7Y2ZtPMVf^O1@rwdN*isS0^d=^lT!2g3b zLSg?-$Iw^6=V4U4udyfyFyrhvts*`DYc9;90a)EpQPWYvbDdcC*h528xKs|+gf9@W zwO#R$TtAsymhQgM_RJMFf_|Z|rtjBb5vO1BN6`OT4J3~H?!&Ux9YYzhBAb*b3T{^5 zZ-ctNUL3rA*dTr?|L43MjNGz$WD+gQTfa#_w3wP4xCLSCzDensa{Ri(4Iw!1WCgQ( zfY7cJb1HmK%wa(c3{zU-9I!jhvCT_%NVE`JkEJKC14MuT?q_LW4KcYVQ>*29idaMA z(MzfxV8E(rD7y87kk{dz3LVJU8rnxbon}9-O*v*M{eU}J8FHXl++Zp-U9bE-h*d6F!*qf__tg_9>V5t8U!dy2l?C$?q3*ppe8^gcttS0 zwXOs7Rn7)b?^yH>dWsNq*n41=L501Dk8+DGEXfzHGU>mh(=8yeC6}beY#RgJ^CD=u z8+5{;1o)VD)1Ii2=Xcmw`_6k&h1+xE(nZ^I?QK}T8OdJ}4e!48=~AJ7D%YY)e=MM! zdQ(05aqZf?0@TrN8|?1&Jxp!28D?YP%1;661m@Uuo9yY!1otZPXjjvqgY?oHutZXY ztCgY~E{)K$CD#APZ#%apSl|~wfLs{M((P- zuoAPp#KQx>>*(tD}T7dO*cR%dy{m%l0t$0s4o~6&FI1RC*M_swOkx zsIiWF#6;;m8xo1x={r0*D}bfYAUMsl$}iEmo(QNRT=f#INI?$+opHY3BrSZh$>u8P zJCV{$iVr|PWHG8(?MPYk&4n?(Pn7VaPv@U1(Y;Wi+#e}PpZ}?fZfWl9rag%JY`Xx0 z^sBN@ei`m?EIwxe;2}g>^Hwpg_Y4)y6%FT)W$bgVgs3Mjgi5xT722wjb&TtVzN`q{ zW=U^%puH()J?p2qdBxXxo~mfkdner8o?e99E~R5%kk&fSgJX}CjQt-0b~{aVi+`kl zKRMeOYJ4K7_rt=1LZ^4Dc#?Opb)Fh_P{Z_m5lu8$#Fzd!)Hm?t&6VEm9c?^*utY?b zYZIHBOj5dY-vBrjyMgzp%I}RgQWo*kNU<$4z%veOj2cIi&*y<8PEu?<`@Z$&N@3hQ zTwzm!T_*V6t9qSz=Sb~vEJ&nZMOu=7-rZvKGFwzQ`1{rze^GILh_VKovKXA5Ka>dl z;GM1CT)Oxa>S2h~N#z&9*F(CfsXYP1IVdK#Tc;N4t4Gn-**a8`1%#?9-*1@g)uI2% z2^I%4%O?Z&{mqVve!Xr!mh+{kZ9jC^;Zm#?-7lV-1B$sZtg`MRiPP3e8c^~roZ7vs%;LuoVNoWPH(dB2Ywlo73+s?6_Jl)zUmXI$wGtXQ6JA$IAp zkb?`Nc^-yBQct~$@Jw+RwL4Frw3z0sqtUjMX@SbUfBj~(I$~*rhhS@m2)jMq`2DY_ zY$$;LT!b0QO8@one{V?t51q)^#*+Sjb1waN&51PqGxP}@03hj~?nL}Qe#_9+#opN7 z*1^Wq#nRsH|APq1(XjoOyp8Z5BB%tPq#&~MwMZSEqSF9+lT}ck0Vb4?lF8ONK{Tcq z>1*#UmL7?6N|OuN)+V9*h}ZpXJBN;rj_-lCDtt2~viUm!N^(-}A@Xi3lWG)u5UXOc zv((zjokVn@F%_mtG-2l7%Vx~2_8khrZI!ek#eeNDdMApqZ9(>sOUo6q*AmxLtkfIL z%+LhAQk%e9Sxj?OS*Kp>)2%ZK`3Wp4EN*LL@J_#cH>$x|U)_7nQlxSazFedP$~0)3 zc#~3)8%n6|4gffnAl=po;U2pITx~R)T#0_(uU_lEhwjwz`A+qF|NQv;{b296V}9`9 zBfeiy5{A6XGM1_p6!lbJO7;oVEyAj~mV;bhDcEu=89qyN zFC1i`I-z@WvC)u?A>lyS(c3${>-*C+!N2|O_;qo)r7D6|O8`Zf%CyPDFo120;0L0b zWAQw9nE-wNI=IyqtswDpHj}2`CsrlX%Bt+x=)0ef;TIdeM7c^Um z90;TWUFBqXtdqDVM#HPpta{w3xipl5pd*7DQ<&jrMeNOpxZJS7+aEi+vVY3~VcIn1 z1>#1d&U_Vna4ey)o9qpx%?J_N@4(m`T+fzjz+kZj;A?zk0QEje>&cF@TE=>qU@(Q7 z?)%3{-#j)dvVnliRbl@xcnm>)2`aU+s{y>;aGH738h^B`6b??d;O?hV3W`;CgaKooc2o}8_H_)bc5qE(LELu{l2|jzmCsO*5ALE zOE)Ya_3UBu^Dh7*$E^0PoIXj%C7u9;)X9EKu(8y-s|^jP>6c5gl&wq;Ha-C>kXEz@ zxX!U$=?l9)=9 zMepzNiD4pnP5Q8SUbyqT?E-fzwPZ4lUj;SJt`V%ZWn`$kZ%_|g5<5M4&T49h*1^ZG zT~O8RCR2FjO&a7E0J|AN{&|8@wIwtxj?E>H+E6_xPNfS;nSB?3z-_n$!^zzY&WLCS zAhamyFjo9gM$VZ;0a>SzRZ#37?z;*l9=LJB>Okg0@GW4zA3Z%tXrpbmaFu$xQj@m>pY*JP+Qs)~_h}j)^tN|*bIklb5TZvfX9`weHtQS77q-T9 zL)U0?Ww*&g1 zREcC$;Hcr^RW==${)MkO8nbuOr~66T^u{cRi_Xgx zXH!U>Yhv~D^S2ao%3!(2%tP2U!FiE)>c`EEE7^2Z8&x?cJvnKIX{MusDqeJK2?05HXsAOM;MUV?O)WF$Z{9fFd(y ztOyfSRRhu+kDpL*wyqF5tM>>Sn`;7qAu_*z zKuY$3gxFtoTLGjG0a9WU`>?US+<_tv!35_W&i@1YT(qRO$NqmPd#5N(qBrX^ZKKk* zZQHi-rfoa3(za1)+qP}nwzH=G-^HxeGu_i`E>2v=igT`hXUBf_KHlRts~m4MGtPdP zdzqOUk;l|$=j*)1BrCn?+84+P^ELbM^zg08BBuY6-84C%XFKF*=*-`&fsk}fDk+Y^ zVZ*a{GlK`fH>b;B3^Rlrs=khqvJLCOKF4Bba=Y`wF7EKMLzjYrIbFrR)Q+$8pCFGb znCaWVh1o2MTYobBMfqiR?Y%b*L8yi~k%fc=c9?=sB~qwc(Q!JedfQrS-!`RK439s$ zd19LRUhsW;O?ylF6XWeU{?sYFIF#v#eUgBJ0bJBD5ISLe^Z>3+{LT5|TJrWKo>&Y&*{2Wk#5kuO`7QE`U((WCJjvN_do=d5`Bl!gm?9% zJ4vk!Q-s!oojQ74y5IG3g6cGT0rWPGmUZ6WoXF1mSfg8S!;{(sMi{|Bv%jhsyl{_&8lk)6r^vW4mY*rVH!|G|(DClsxL?X_ty znBEdy14H{;q6fxj;tmlMl=dH6H&ZDJpEtN-|;v$1C2@-hlS z2lw0O67@(otHVWpi3(pr7v^O|ha|koI~5w2hYju<)=ebR9r~nX@g`-nG|MGTG1f0h zCF6`ookGj7pyR|32P#SNVkWyNHRxA*_&%LMN_8nOTO?+xnrN%fZhT7@%u|oI+-Tia zQYA$Q(u>_`UZhtnoz4lF)rWr(D$6e$;s^sJFYtxTjcf#o(2(TC=xAo1{lWaM$~|=? zfUNX8`Q-%~I{SP3uo>MKa7y9!MFbCi)!CCwlOQ4PAFuR*?~OKsG~T8V%06&}Egh=N zL8iC8qrdxW%HFQFXR4Oq=Iwp(Ymuxsd-q}EYI|^aczIi|eDvV(;Nv#x<16j``g^cb z;UBO2IQq`+8VJzRd$T6a2GUk-EFJ5H6mOFkqhAfGrIH>0oHDtg^w(?Z;`EFkB}qH^ z=2lX6scP9?5UF3YFk#WDA=5XCN(8doT0Sz10McLL@o?JHgO(yNR2EmNx~XiFF)mIR8I%l+9} z;vW>%fZJmei^DnL0m*|z#@`EeQ~cGoCy%upy$?}{8W;rc*Mr7P2473P4^pP&7zxpN zTNku(`#o&4hl*xjjELcyu66v4_^n@A+CIwIjLvzb3E6e-_dkNCdxJ`T$V&9jhJ9SZ z5bot_EUsAMK z-eTI5EG2Sg=F8apN&j41$1uAJCh1t-48(dQ`s7lqbw>rdz&2`CaHqMc^Dz8j;!s(* z4~^d;RD1Nl@24IpUGw7rCqhpl>;6OTQzib*9cm%m3iWF4l2}q$pDA;WVj70n{#!!( z{%VC!SnGUoGgsQX{IZ!~Xf^2s-78nk`1Pw(&O%o)QFJkJ>Q%TP#_Lf~=XkYfMq?cL zd*Bm*ZnkM;^zotOW;1692W*px>Smn-URjWtIH;U+p<_RM${#*X%yi9o!hgHYL@lOZ z()h8GPs=b_N#O4y@GJ9S#$UoU_)uo)mU^Hxse__X!DoSH!6}|JZxMG=s4T{80_|E# z{Zf-`lCNYxfFxEMAy%Lhykc#j!O{mb^Mv{JA5a`zEwi&(PFUOQd@=a2+}O)8Lz)yV+rR!^bUC%JhJ%E!MiiS4KFdY52f2hjNy#ygB%A+=+q(s8h*% zmqe_TBs_4Y!MNgWfwXQwrd}|5oNSny~ZZg-#oVm7_s6&SY$NP)JWP8j3nYgP`{#x6)P+$ZhA2~wChqabg;Dq zRraO8H*}E{(s2!#Vs`La4-{&Yp?)+-;Qna-;&9)Jv2SvHMNZQc;Lb?~dtH$}aZwe! zvaQ_*?}B~2mhhxDS=OM^AYgD(Bqkl{WU{qPQT#1i6St}zqx~r<`ccv>brMRgBCfIM zqoin$Z2L5J0XCR*@*DLlb2&@7tzl%uM9Oh9`CJ@}#N*^U!cY}Y{dwbjgq3B5J|z_l zw5OgyBlOzDTJzG~HJg#HMQCrHlAc#dszIxdBJalje?D>w<_c59pe*2?lnz>m?v)6v z9)K94-af^jusxU3KjFWzj68EUK2qZMM_|lKe{}NTH>dbP#U1S6{-6MNkn%dxP_t8$ z|Da+ZRf3^&ibT8AZDJ-}G$x@|oGtoN`=n%#y@g2Q+R6(%`6Qx<=bA7l3Qtl=w*z(Z zd8%nzcyZGWBT#W39&yaaGu!d@OV!lB%D~cu4YXK4jvW2j7ppHd!tvK{Xxg6d_v5Sp zDX*YpAe9B`q(MVT(3XNo%oEF2;ag#kGJOi|h+QO5@PAs5+2)>HbR`!af05FEhsIP% zS{sD1(FXo>LFd)B3EF>mDm2d z$U1Yh1kS3WzXyYg3K1+>nrgX~kVOgud*Wx^PDeY>K_*+JKIYqT;kcG) zXVTD`aA<~P{l-HPi`n!Gn#8kgoL*|es=ay^** zs`1O%-QK--$9R3b6zflp`SK^Fq~vaQC5RA@lJ_oFHGI^NK-^V@Iv#~VZ`XsSNe$UA z5T;*bjt{Rug&Y}8mjwB=lj(@8J0KpEc(hU_{Br|f>8PV4x))axA5BO=&#f}IZe`0| z^ty`MNZ7?LXo4xkuDzV7+w24GXWW*?^L+Hk>^K?WOIszjEJoefxi{4tZP3R_jp&B- zym7qI6>BRc_Z*7-jI9nqlphU*X4@{Cw19uD$pFEaTcb+*@lDx$YuXN##;49QkI^Ng{f2Rc z^h}qfd?pIKUY8%zdk#64NG6#sAy}hEvF-)MJzsoK%BsTi(IW!zocyemwDG$CW^+xP z#(y~D?all9@O}a3fr-a``QTJ+(ytY=`grNC;M@sZ^)s4#7tepWF#7VZ@1NOT+70tbO9kUl z-y*0m+l7rj9CGg|W&W*1rMpwPxfb@2c#uiWuWAlPWZG?IPueWxHW{l)r(_NCW|4T2 zE>hkl(;#upQFgs4Zj+@d0N|ibA=A-rC(&&B7zApuF0xS@voVbo*Z52ulnI=yd<@Im zFt7HyJi}n%HKMO2JLs(bQo2ct7!&U39&6xb>qUiGEw9!%e~57)iY(*a+;n030Q@V$ zQ5=49Pv)QV&FdTS9#6ARrcHm?s~2kxrp+SFCxurY8v z+OSMCYY>8i=~W_%D^`Jt5TVB!DHJdoS+!`5*()DyXnKxTcLrJbGIO;YSI@wRW73Ee z07o{dO*(0$eG#`ghutxg)h)9~o=2{h)V88TV_~r6O8Wip-|mbYy?`g=SDM$ssVw)O zTmQeGwXXvFeB7C_uwq#f<$kxkBT!ba}3F z>ByaP>CBxB>Cl~Z>0djR=4Ba`M`d;+Sav5gp3>$y31$V#7P0E$S%4I#2^=Tp>H7)J zV&|Ebla~oMX+$2L%vM!9%bTjJqT4QKYiA8pjADuG?P&s`QQ#`@i}05AluD?TuVY85TQg?UkPH$2TW@Dc+f{>Nmw3 zo4^y}6DE&>$3VWf4w2KJ)UQI9OCvgOORn9@#;tWZwH7JNohjEruR<^W>vk=t=-p1? z-Tg21n}n_co3lOO6Zo7p^_%N>wH8+h{9bHoTvLxe$r)Gj?7+R9Yul?0DUejR_-+hY zCf@77>LFcWl(+mZzu14bcLBAFq=Zqm4ozGU@_^NCE40Tc-hf^)Hv7kK2uOP()`zW= z#D7x8JgQH4(`1?LN>|4zURqB0M)S?=jP#~t;Yie2Yq-9EWf>{h@sjt}UUssv!}?1U z{2VI&Wy}JMt~t5|<%H~RuJhC!Q`;B%$=5G3b*)dJCUeZr)PcXC>6pmGbBK7FuPg7@vtvC=iR4(Xo+`{Y^Uz7$-i zdSSjC_+;%I=z-sPysEA5MYv_T%DK|J(>K&ur@8Zs9P#7$bbG;n(SPB`{QmYiRg3Wr z5E$+W*6UO+qiyKz??JVquSaaS4SLmjA$sB1|7QKPd*Qp|AN~3DsqY~mGUt=-OYo(9 z^$EOSbFB5!x{fHg?tDdZRd`pUm=jkI|K=N@0VF`hKT|U}@x9l)Kk=yg;l760&oJzl z?&T5q;1}YH>qqtCPIb%co$^ijnA<@ zu=Ri2ul4@E*PD2EPky|m8ZFEgF!qP@>>d6I5w}&^@i+XN@J*E!!sHm&J@kX>4WEyu z`jWSv2P_)&jqzfz?hhL7Gx2?U<*zvFFW(IolGRH{{loj2cjYgnpY?73;-8-;qxu*2 zDoXXQjH-W3_YA=i;(gdV$yc>cW^ar@zxi8|Pb$H&^B1eYNSt%js%MnI#42`c1H<0{ zrS_?w0fmRwNB29G7}n#e#-&7cpT*2&HoDtd%^;RVYw(uSkCJ2NMxrja$=TD{8iz(Q zn^wD4T)P^Fez{E!&{-3obvMtg5$8*viK=GMNB&jV8y4GDL|Trz>VT|%82b~PSdB(p z^KP5mK(ip7p3_V=yH0q@)}XdRHXco;YHmMXcFSh%Ez=~kZKr*O@PFYi;33N%btCQ8 zEwua2y*4dZsnS{SH%>-ej{g0bdXVYc0k9aOd4JB|Y4kUZZcO6swfKb@c<8gt`G6*> zL}WG*+i(P3N2P!u2_|z7J*;D%G}tRZW{(FnLX(%F(1hZwbzwo&SFR zowT;BB_nwK``K{Vx&B~beVFBOw35OsRep+2Xe4%VmX25Bcdq%alAe#3-_OyPWA=Cw zOVo1XES+GAYfjb_{%8dkuPj0HrO>}(E*<%Fu1$zYU`AMGYv44Akag$O#S?x6 zU_-ji7!ymrlsRF>oZr1#OQI8Zh999T%bg>xhmpu|Ll}t%k?tF@Ce5c+)W13UZCms5VMp{r`2}VWIYbsr0bQS!#Qi(%V}0K zcEhn^mN0m=;Fx`-0w9e-wSmPFKHohzJVb#Zh_=?v!FFAnr2 zmt%&AOO^@f4$yc(bcHo1x;NB7)1tAwn+rGIZ8aRIp6xCwLSf$)YHEOG(l5Fs=!p5G8^p}%Mul(Bd~ylwxPosJOJ@XmX|x5YwpP4yykA2zg1 zHCh+HkfxpkSz`^*I;^0VcWsUuNpa!mPUxsP*N*Q=Hxi*84XsVELgbuv=XYOvag@mt zCFrqa$fBc{=BE{gJp;mY3?d2IV=NH0&9D^AUXF$-l}pC={Uke?$X&N%I%*qtdq&qc zsD5ddXU$)r0)r%tK5x|#{Hj|Z46kZIHAHV7{$qPKIdgjH1rppbutyi(52AGB&6Y26 zP0bji;cBub(uZA5h!nrHtr5uc(x0L!TovvT2)n#lfKh!#_@jvl^&RyTwlsk{}p8r9la6!qbknj*E*U$WtM z1mRFzqKv{3MXlpiII8i7cpU@RH?kWb0%@(jD;2pt0YD;&+NE+?$R<`m2uQtlqn^y# z7NWCtsspgNfGnUQ9T^hI^!4x%ct{6=;x<`GFwYcwkc$_YLTqOus=#LJ!OV$rzZH;_5Rx9w+JvqN_?J z)vb}_F%0$ogSTOptb z5Ea{va8%M=uT8|Rl69vlpoI0-G^mtp-<(g&C_S|JkUaK0t$jgcMU}ahh!^AmCF*hM zvUw>vxU*0y%j66Q#S$KW;A=g_RlzV|edz{f5FAgc2-rD}Jt=7wAm)MJ-IT*thXQkD;K`S@Tl{m=2FDhAJ zA7gBl)_|IGXnpYL0PQIus?#1!av@U43TBtDYTU65`PXICQ?BOH6IL7TG3x+EaXlF`#m~IOLsV$? z!Q2Ma8&!#124HfC%^hTN$?+`3!h@hA3k^XjjI#`_h6P3$f}cc0I31H2x)rq01W+dKvl_qaUvy6w~ z%6xVrPb8&8^>{VoOCzU8)D4WcFyQi*@yE4aIg z$oX3_OD^@Ta|Gq4=yU&Q2918Q6(=17O?&1%aEn_OC()&-w}E1l^7FhGqca*aYC&X| z^v6RFR5f*qf@d8WX#~-MGH3oSRDvNop~Q)Y1D!v~DIRW-c}bIl(N>)wiX^N`FqGPK zV^|+>PH38zAtYDqk5479!GA!g1K$W5>-nFy`#oS~@7fWB*6?}Ze zKK?^G=uigzL5NhX86%NUY1rX zWWU#@LYlnwf~IX-m;M>`9GXdJ_jp!Mk)H6RCt3mNB<*Ijj5nO(4WTP#Qry9u|SuElPGzH}PY z4>@|}VY_(M_A`lIm^yubX2K$bwu$(6OzF?A@B}eD_F=@FY9ho05@*Q6*akv0z>YF&w~_f z8$^*q*nav#Aw+g@j}=>+CrYJ#$&)b_tLNUl)onBHT3aGA^v;71P7zJ|I{sNu%P}?N z$iP<6`&_}`3Gjw=5e2#RENwPzqL&p)C8!y-VK5*9uukeqTyq#4i%cS1owV6H%6^@u z+hpMOa*eS@RtKmtH41~9CQ;c-6Z(5wK))r9wTx-m^X7(om=k__f}2WoaTn*+xv#;wigNG)`V!kB**wDk zcMhw=-bu{BRx}wv>$8wWQ zxOAg6bg9AcdN@JgqY#e=Smoguvzj1ypnu{QT{0E#S&>1Dx$#8Sgz;^mO%l5 zR3NDnwPs%0`+YUt``9o`p$rEd*WoL2mpbjQ{)0~lk%*Lib>dY`2Z0Z~6+IPi#dlde zj%MdqUsLDpGw+M3nknWGnz3*F9OE8+>2&eNYKVqEK|3%h-EM&4CeS3$01Q@14O+#w zzP5fmx-nKh$Cs-CW!W9R+`nw`?nKac|4K4n-2ct1)@FcRN(S-G0^NP(rU@QU%5iVN zHY)iQeTmD1k%orGKuK|9)+HSLnMg}fbNmwpXwr|mK`-Wb2wUGnsY!YAk$?-F>@$mEa+9Sd|{yq|MO zPGq?`ikHC^eQCs&%W49+oRh$YS0v#E>%J>u?W8(R2#&{5}7N+%D)NxGsk z5l`}RbcWcRRT7d;i52=?k!!x&4M}qcCiJi%sK{{B)nE!$WObz9SYfc}9a>4RrkCJi z)tU`k%DsaR5LKQeNdU&uYEBtt=;88O*d#3JZ(A@$&U~qQYhrz@vXns)}dceH_ zI3a@;DbEf**(`B{geV{xYUwU;UrS_D0=C`UNP9^i!2?9`x}}X^2)LfUR|OMY`F&VV zX6t2;Q=&b#mxu`k5WAQ?=}Fk2es`=l?#yfFa0aDvSFasH8jVH#{Guc*0_A+De{WFh zh999RlLX4PS}lct)g*Epi4&ErpB0Hd2QF37xV*r4uJnK?c7Gv|@c*-Z`>I~5aQuhp z&PKT=iHJY?yjtGduKbU8O>dmSWx^{J89%qAny;U=WhoHZxgIZv45Z7`x*Vu!F@sqR z#d$?~aSti!k-%25#h-QY5RHC(rwzENVWT;vqQ4BdLaw5|0qMoiJ_P*6(!t%1S`+(n zr<%yq!`r^%8sVZ7GJ`)-*5@3<8Gd#$oc@|PdtM&K zXwKc8&@+O)(*8i@zc3RaA^N~Ol|?WUu?HjvfaMT$r2-iG2Rnee@t=(u8XuHt$dI4P zwZ@kZRcicZ=yRA&CJs3+#{67fP^*)qaEokamM*)%KNZ`TiYswJIhUvi8g>HrOOqLJ zD+@FX^{iGWo^OoS!r~DcB`b?T@hr=hn52Ob(M-Z2ApFxIb>nai=`mkVx+Iv0@}EBR zS#E^!{qre2)f&(k{paQeBiO55o!1-irZhecHfDu{5jJ{~19Nd3;ow?IQGH3xpc%w@ zf!e5%5%H;{HZiHtu8z*9k3?LaA^A`}Whv_OhX?j)R1dR6*b9Blae_mfyYd`J2Y>#G zbAk@~H$s=@~n z6_Vne`{c&{5?X{r7l^mhaB@CW{xiF*e|$2uA3^28%Pd67;@I{j`F;mRg*->tmrgtc zwgEJcRi1wqZ|OYZlTS*6tB4m2-E$>3o}X#8XpdIv03Pt6AKj=ARuMi35#T2CC|Uf% ze2vPyU^~FWs@>@0v_>`%cBExFpPq;K{9qmKHwPSV$eq-;lWB1VP80O#QG)rs>^}F2 zU6a=*;h!#Cl>C;d+}yeG&ZNl?pLU6x|4LR!f#ixjH&>v3hRKX5pVu$*nm-i#1U=g#^D%u6mk%(%KO(5bY~C5Z5fZ#4hF4@QKS;( zgz8B~ytY`f5sD=wt}b4;R%p(B7ib7g-bCPlI*olnT%W;EFd!lLReo;6{T$#mgCtN5 zZ-Ix|ifWCwIFu^HvT6X7b0}SsW%O}TN68W`#@vx{Ig(;y=%SL3Xr^_6Z9%lndPZ4p zm1%6ckTWO>L?PK64>3iS<=Aq5q;s!|6}P};*trnC+p*E~{*ZG3BOcgoC8>8sue$>$ zC%zSm$ZL`UGY9tz-nO_QBJWR1oK%k2x=SL?x!Ctu_hL9)zAW%u_(Z}z`4=-F^o^@1 z$Tm11m2ib8Fw`;D+`DJaBwUbH?s!|IIaibTx+Ox)^6Z1`UqN^s`n~jKy-;?1!TziB zI6i@qZou%A7eteB>XH%&f~Br#buw@@!t;GVGoPF2XM$g@Ug}(1ioxW=ycWwI**cnUl03Sk$c9~t(_*ayV_!B zxl54IliaKmbwkm{(D(H`!Ny%{r#eWl;o!RJio)egvdkjY8bip+?FZl0_;JF4`sD z%9JAe`9%*%EQDUfq!`bP8urTBSps7LFUC;Ck@`x!l48r6;%EraCs;p241_EM$%&59 zcYd~&d-Np+G6uk8kZa9Mh{n+Uu%kxjA0{(4U<^~nRsO%aiA5k*qF;nMsU|`OxIZh_ zI1`wHIIw<^_(^RJ^s=MLnTN4^uzS*xz=t^Unw?DQQlb*!rsPdjp=0D9*UuEfCR=(T z)C~*4&ORA_2m-9{a9N2&)jBg)@6z_?aaLxh^ZP$hLMRwp@ffT;Y`KiX3jn zJxn?|v9R8dr#UxFmAS|y=)?g}1Cf*F#J$xn#lFpclBP%k!PeSSFk6)esMa@FS$6g%s0c$U8?Rvwn7WE>o zKnff#Hse65>CX(CiMGTFQ~O80=Lmw>sV#nrQ~ zVGUyDtzu%TLZ9Jso}`PWU!@%Rv6-ZlnaslQhjVkS5|cE59Y#tMU3z;4fT;KcU9j@# ztXmJq2CE}DRbe?g9@wI1r~^rE_LEccGzD2IN+)qa)4+yec;9#2%M=s3`kxncV@FS# zFv<53yLE5xFINJQ)++H4MQv;mxEP{tE2Q2jAH6S>5xQoN%YsjW_Yo}eI{LE`?m75- znMr;@(y+(z))QQ~*@Z#NB;e1k<4%dmJ7(X7VAo^jMMCifQ^S zk%#quL$Q*lwQ$=L_gj)?9?tmr`IV;h7q{JlFjXMwy>+@Pa6NJPJF<3zN3cyjLm!&( zwQqcdF`#cBzOo15(`dNEMC8#J3%#so!gutPAR;AxP4=RbhzNgxnY%^IbuJS~I;oyE z|FQX)sv6EB+P7{Z1!Ffq0!&X&|11fW@OE|2Fi!5t>8qnoDA4c9a1#S^oX;7liJO%Y zS+73Ny)Nnq9lPTSb5#}%E=YU@YlC?zJe=2&kkRKgU>JDV_BljR|3Nl%}-J_OK&o zQ=05pmtkLwPfd}yRH97-U9EtUUB9gCu_0S73U(9VmIEi{NgDOacWkTY3HrP0-=Do- zR)6acfl2BZLvb)~$&hNnFt&B?S9C`~$&GStq?;BGUWs!UncIUl3XZF^F8#`{-LBL% z;|!Tmd3ZWUAaY`KIf_&en%<$0wfV{QCbyR$B=c)} zqG%P%JKYzB%v>d_6ty}k8>htC$8=ZI;I(988=02mIGQd;#A~vME>nU$xhqGD8^xgE z;wwn$DQHXgJ5#h#ULxsNT-r^D54b-TcMa@6_m-(^<6&e$Y%xXD7ddEdutS; z2*{}Oq#mNYz1($aorfPZ%331rk{}u@wn8 zs{+uiKbo>%C5JEY^Vt9s*$fCW^m)S_`O&+`I2h#oj6ND$^2R`JT4CKNj-%+VY$<=MH*u=Zx~_gZqHxyHWt zSzy&JVXoMx0Xt0DxX(u1)Crj^BN^j{%&1LlYmhyWox&lM5c8eoD(t89I%irLJ1~Wl z0SnU$1sIS$)$aF#2aLE;HTYw1EMIDbanZMIX(+WF48KDCd$KAV{kw5WQ@hDu z$ERiZA)fEEA4GrqwIy~SVBLWKi?y8AR};$_O*0JK;$H6}3{JMquTetj*rZD*eJ|ES z3(OUiC!s@Kn?9TfE~5|F13w;@6gl78Ac)0P>+h@?jm&W<(>B%D)0fn?gCrcNRQu=D zLnzI-K`U@+Yu(UBXQcO0J&Pc9$HtGbNPnu%BQ_6(%Ond{`=ouo8be&Tx>x7gPA-P^cwoocL4jrQz^kI3LH!rUqBtC= z4N^M`6N(rcXSyNL#xlUFUreDzg#Bi5FgPdyOW+YnwQ@J#52;Uqq;Y>AnM{AQF@j_r z$nij#t=)x4fSD_UT!t1Rg&ctvAaQSFG=brY1shU;^RVX!N`M9{O0Ub!JcwEeoW}Z| zI1VZ!FXNP#P%5LpBOIpA2}bp#laMFjgH6yYUDhvI>L-#Xi^Z%zFwb8op$&^Tf>$_z zRbm(yHEY;!zjxReB7x%2D-wmlf@4g5@LI0(OprD9mzoeaLFxRV7h{b%^*+2yH{6bV z+P?pn9LAlC>d#zGj|v0k*#XUypSb#N9G5tM3eIfI$?Fl~5%cClXl{7WmlJ#1-8=S3 zS_8P(>mSnI}!^mQq#hn4cg~uaKg%@ctIzxq}%Y0c^9`sp*{+sMEx?|h9n>%R| z)r|&IH<)EyoG+YD8e=gwp}ehsORS0a@i*Y;zI)Q~6nvf+LqgnVQ!xpK+#5#DL(uFl`=38 zUd_gaHvIQ+$k6X_)|d@da5Mfvz#9;af+1kQ^r(nulK;GF6E4hG+yjoh6K5LZQ$$o3 zsS-cJOsAxfEsAILxMRn=T>c?I7oA@6Fq+4~l8%A-CWb)GW!CwewRMDugWfPh>UWnY z4X9NE+lz+d(-p{>Fz}YvdI5vLdlB)GzM`UX=L_;h5f|}>iFSXL<;>>_>RpuU0*q-4 zkhUBU=I3N1$1JR#j_fAHZOa74e?747!KX43WFR2qf8H#X|MkEejGUZJo&G0J)(jk@ zp{oZh5HQ#oC=k&9dE{vAI&ZDGj&%3k1Wg_%YD+C4(%=u((^iLROO^9wRN%_tPNwon zQAt!>g;WOzc=wY@($;nKMILyq%E_3DmgdMV5GY)`jP-byB$fW4=bXzB+^_wU9~XQ3 z5aoKE8S1vkR^=&@UqIU0+BjdgoO>Q~f=6Lt)j<9K>UTab4p)ZW8;nESVM)+bxm>&I#L)eA-oEfs%Sju2x3ldo znW5PiZtc;(rLSSAu;$Ud$kh@Ugxlq{c{7h&`)L0RO-Efm4K4dvd3pDB_Qm3R{1cj+ z*&BTc+oq4?s=LZ`KnugR=s^-IqPygPEQ-gmefbVugMnY` z>wn!ZVSU4cNWky0cCDYwj^082uW)f3A>0T5~mdm|(ufp+c$`Ri6FCQ*&m%km_ ztR5P1{%wSNP~4$E--BM3b{r*@a$ghW^f%o}E=ySt^~t;nGFyE>A>D;B@+en5>CB!c zI=thrQBOyN3C)=qKf-U;ZSPq`@7s}v%VH#pyAd7vxDHT*9k_2&$J`GmlF)?~#;JAM zk$J3hrSrOFGYYWMT~L%C1T7>Sr+y81qXUa-?DBg1@C7oFWCrZB^87H{M_XqLn+Bp! z3jU*BlR9Wn;SFnpu4t?V7QNdH8I-nePH4#_gE^YUVnP(ZwR6h*!#E#xQm)a(r zaFV|)9S!MzgpCUtuScE(}T1=w*D zhphFgeh3XS8_`On(rF48nNzZ_of57Ki_nn*CX=H)36uSkjWjazXDg>ynVy5bnN+=Q zKn=U629Es$SDLvLmFaf1dPx@SlCR&1$ZnB4wb5EWm&`$i!gv(xH5sd|wK380_;0v* zm*@mGlg-dB-X;XBe>e4U&LE<_>`5I@1_mz`XNzmVI!~$(;wx=`*a>p!d{{Awh;%gF zt6xxylLY}*VWL+qqKr#(l^N2>{?;6~v0~OSut#)7(qBF>;<2&&Y`3jzFAfv}oU?wz zY(`0CiXB=YQiDH-Vgu(N<*#U;TNSaT?ILlmkNxhrkc_AwPjAmAuyev3>e-C3+%7A+ zj$i7hvCiKcG1JyGGtD?0P29C?3Nx$2*6f|E%?ABHV{S!Vj4GSi}qOI-`0mkquG+Au;(I~{0o_KL@pVb4c;NynkCT!n$tDDcvX6Idw*c}C91 z?1J9;b3?;jd9S6FT52*}#=4xmWn*fkc#I;l3b34I27Gqyd=a*vbR0nTL-D#pR|dF# zbM4!gJ`J4Uehh`&1$rCCa1<)t#R9}Y@=#ryo0cXfE%pt{1=3@XUFsF{c?>B;g0PqD#Cas*aS$~C!F zlA^Wzot-bC($3GAVb60Xlpt5th-7tqXzUeck)sVfjoLX%qkS5Ov-NGSxmM|Fh_p02 z68%DN;i5UkShEJRrzDm8Sj4m!BjmnZ&S1=-<0GPlizp-IZyAFp z_%tjda%A}|(Jm3lFmk8)RbxU#d_R(z>X>F0F&}TD@?GvD}BEHCyzie)^Uzo&wQd z#oor`rvbv0)$@skkLIz%qfQrY$lg_F3!xpVBBjvd7``aIFPPa(GypsfC&KqM_I%~o zR|7%SP#uob71m!TYx)s<w2A zlyDM|Lc3o5^aXgQ$)?+2P1$GZ7`ts=5CV!P`}#<3T7y0B4K&hwne*)K(}z)}Y|`m& z*S5k!8&4F?t58Ak*!+4xEH;6Kb{X_wo((YPeXjz;9qR8UVt?oWOqI9Tzg3V;`Gj$u z+vuaP$P%zfCG-?ActdA;Qy@3Q#k=yr=N@#^B_YH~eW=(;3hkw8Z4_Ei4v2Q`ERf=% zESUTowl(dmEv}l_0}XMMC3S2=4lu^+iIv0du;VP9oJmLb4{$LRm#%2RM=~sK35mHk zYn58)_dazG%@g)=vmGn6O?;;sfhY#>uQr zf>(DnRACd==O1^|nB4Gn=bX9wRYY%yb*$K`ZN^dm5c1(+r_;&m2lhN4DB`?_!p6vgw<;f<-S{SxkG}sS8aNIPI5+5&h)AC+NIz_OUCO-WVts1$Dc>|Y$qAsU~-nORh!oaWyzQY zFT^?mhz$QRr{c6n)|7)D83;;((aQFi8MYR{qZzDXDUQ}KqdXiEIZ~#WdL3nL-%fHw z)ZR=Ic&8Te6TPL;9X)x$HLtj>6uRvkxh-Q%76Tt`s9;g_6Y8DsxR`r0R=P;n zT_GGtcI-H6=tOU79r>rN?Z+0_&05;OU+3T+v&ze*D)tG87@X?*J+a0+ihA~9aF5}F z*n_^7M3;qMPxRg-AUle>#5Wb}GrPtP2i0Uy`Pk)o$uU=%kTw4#78hSXxS5LUfh_I* z$xm4qLJ3Q@?%r%7a}<|yR8CE4w`gzt(1FJCQu)YGmp|1lJTM