From 826381599879b412e5d9cdef4336a1199b21622a Mon Sep 17 00:00:00 2001 From: IevIe <107225518+IevIe@users.noreply.github.com> Date: Wed, 18 Sep 2024 10:45:43 -0400 Subject: [PATCH] SRA Security Lake solution (#261) * adding security lake solution * linting fix * adding documentation * linting fixes * mypy fixes * flake8 fixes * flake8 fixes * mypy fixes * adding CfCT templates * updating source version param, removing comments * linting fixes - black * linting fixes - checkov * adding assertion to ensure uniqueness of external IDs for Security Lake Audit subscribers * allow empty id * comment update --------- Co-authored-by: ievgeniia ieromenko --- ...ubuntu-pro-20-04-cis-level-1-hardened.yaml | 2 +- .../security_lake/security_lake_org/README.md | 208 ++++ .../README.md | 7 + .../manifest.yaml | 87 ++ .../sra-security-lake-main-ssm.json | 142 +++ .../documentation/sra-security-lake-org.png | Bin 0 -> 154956 bytes .../documentation/sra-security-lake-org.pptx | Bin 0 -> 259168 bytes .../security_lake_org/lambda/src/app.py | 686 ++++++++++++ .../security_lake_org/lambda/src/common.py | 169 +++ .../lambda/src/requirements.txt | 2 + .../lambda/src/security_lake.py | 981 ++++++++++++++++++ .../lambda/src/sra_ssm_params.py | 65 ++ .../security_lake_org/layer/boto3/package.txt | 1 + .../sra-security-lake-lakeformation-slr.yaml | 19 + ...security-lake-meta-store-manager-role.yaml | 76 ++ ...-security-lake-org-configuration-role.yaml | 187 ++++ .../sra-security-lake-org-configuration.yaml | 807 ++++++++++++++ .../sra-security-lake-org-kms-key.yaml | 138 +++ .../sra-security-lake-org-main-ssm.yaml | 709 +++++++++++++ ...a-security-lake-query-subscriber-role.yaml | 168 +++ 20 files changed, 4453 insertions(+), 1 deletion(-) create mode 100644 aws_sra_examples/solutions/security_lake/security_lake_org/README.md create mode 100644 aws_sra_examples/solutions/security_lake/security_lake_org/customizations_for_aws_control_tower/README.md create mode 100644 aws_sra_examples/solutions/security_lake/security_lake_org/customizations_for_aws_control_tower/manifest.yaml create mode 100644 aws_sra_examples/solutions/security_lake/security_lake_org/customizations_for_aws_control_tower/parameters/sra-security-lake-main-ssm.json create mode 100644 aws_sra_examples/solutions/security_lake/security_lake_org/documentation/sra-security-lake-org.png create mode 100644 aws_sra_examples/solutions/security_lake/security_lake_org/documentation/sra-security-lake-org.pptx create mode 100644 aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/app.py create mode 100644 aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/common.py create mode 100644 aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/requirements.txt create mode 100644 aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/security_lake.py create mode 100644 aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/sra_ssm_params.py create mode 100644 aws_sra_examples/solutions/security_lake/security_lake_org/layer/boto3/package.txt create mode 100644 aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-lakeformation-slr.yaml create mode 100644 aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-meta-store-manager-role.yaml create mode 100644 aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-configuration-role.yaml create mode 100644 aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-configuration.yaml create mode 100644 aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-kms-key.yaml create mode 100644 aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-main-ssm.yaml create mode 100644 aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-query-subscriber-role.yaml diff --git a/aws_sra_examples/solutions/ami_bakery/ami_bakery_org/lambda/src/sra-ami-bakery-org-ubuntu-pro-20-04-cis-level-1-hardened.yaml b/aws_sra_examples/solutions/ami_bakery/ami_bakery_org/lambda/src/sra-ami-bakery-org-ubuntu-pro-20-04-cis-level-1-hardened.yaml index a2df9128..0f2e3818 100644 --- a/aws_sra_examples/solutions/ami_bakery/ami_bakery_org/lambda/src/sra-ami-bakery-org-ubuntu-pro-20-04-cis-level-1-hardened.yaml +++ b/aws_sra_examples/solutions/ami_bakery/ami_bakery_org/lambda/src/sra-ami-bakery-org-ubuntu-pro-20-04-cis-level-1-hardened.yaml @@ -74,7 +74,7 @@ Parameters: Type: String pSRAAMIBakeryImageBuilderRoleName: AllowedPattern: ^[\w_+=,.@-]{1,64}$ - Default: sra-ami-bakery-org-ec2-imagebuilder-role + Default: "sra-ami-bakery-org-ec2-imagebuilder-role" ConstraintDescription: Must be a string of characters consisting of upper and lowercase alphanumeric characters up to 64 with including [_+=,.@-], but no spaces. Description: The SRA AMI Bakery Role name for Ubuntu Pro CIS Level 1 hardened image. diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/README.md b/aws_sra_examples/solutions/security_lake/security_lake_org/README.md new file mode 100644 index 00000000..0d8cb1ef --- /dev/null +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/README.md @@ -0,0 +1,208 @@ +# Security Lake Organization + +Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. SPDX-License-Identifier: CC-BY-SA-4.0 + +## Table of Contents + +- [Table of Contents](#table-of-contents) +- [Introduction](#introduction) +- [Deployed Resource Details](#deployed-resource-details) +- [Implementation Instructions](#implementation-instructions) +- [References](#references) + +--- + +## Introduction + +AWS SRA Security Lake solution will automate enabling Amazon Security Lake by delegating administration to a Log Archive account and configuring Amazon Security Lake for all existing and future AWS Organization accounts. + +**Key solution features:** + +- Delegates the administration of Amazon Security Lake to a Log Archive account in the Security OU (Organizational Unit). +- Creates the required IAM roles for Amazon Security Lake. +- Configures the ingestion of AWS logs and event sources in all existing or specified accounts. +- Creates an organization configuration to automatically enable Amazon Security Lake for new member accounts in your organization. +- (Optional) Creates an Audit account (Security Tooling) subscriber with data access. +- (Optional) Creates an Audit account (Security Tooling) subscriber with query access. +- (Optional) Creates a resource link to shared tables in an Audit account (Security Tooling). + + +--- + +## Deployed Resource Details + +![Architecture](./documentation/sra-security-lake-org.png) + +### 1.0 Organization Management Account + +#### 1.1 AWS CloudFormation + +- All resources are deployed via AWS CloudFormation as a `StackSet` and `Stack Instance` within the management account or a CloudFormation `Stack` within a specific account. +- The [Customizations for AWS Control Tower](https://aws.amazon.com/solutions/implementations/customizations-for-aws-control-tower/) solution deploys all templates as a CloudFormation `StackSet`. +- For parameter details, review the [AWS CloudFormation templates](templates/). + +#### 1.2 AWS Lambda Function + +- The Lambda function includes logic to enable and configure Security Lake + +#### 1.3 Lambda Execution IAM Role + +- IAM role used by the Lambda function to enable the Security Lake Delegated Administrator Account within each region provided + +#### 1.4 Lambda CloudWatch Log Group + +- All the `AWS Lambda Function` logs are sent to a CloudWatch Log Group `` to help with debugging and traceability of the actions performed. +- By default the `AWS Lambda Function` will create the CloudWatch Log Group and logs are encrypted with a CloudWatch Logs service managed encryption key. + +#### 1.5 Dead Letter Queue (DLQ) + +- SQS dead letter queue used for retaining any failed Lambda events. + +#### 1.6 Alarm SNS Topic + +- SNS Topic used to notify subscribers when messages hit the DLQ. + +#### 1.7 Lambda Layer + +- The python boto3 SDK lambda layer to enable capability for Lambda to enable features of the Security Lake service. +- This is downloaded during the deployment process and packaged into a layer that is used by the Lambda function in this solution. +- The Security Lake API available in the current Lambda environment (as of 09/03/2024) is 1.20.32, however, enhanced functionality of the Security Lake API used in this solution requires at least 1.35.10 (see references below). +- Note: Future revisions to this solution will remove this layer when boto3 is updated within the Lambda environment. + +#### 1.8 Compliance Event Rule + +- The `Organization Compliance Scheduled Event Rule` triggers the `AWS Lambda Function` to capture AWS Account status updates (e.g. suspended to active). + - A parameter is provided to set the schedule frequency. + + +--- + +### 2.0 Log Archive Account(Delegated Administrator) + +#### 2.1 AWS CloudFormation + +- See [1.1 AWS CloudFormation](#11-aws-cloudformation) + +#### 2.2 AmazonSecurityLakeMetaStoreManagerV2 IAM role + +- IAM role used by Security Lake to create data lake or query data from Security Lake. + +#### 2.3 Configuration IAM role + +- The Configuration IAM Role is assumed by the Lambda function to configure Security Lake within the delegated administrator account. + +#### 2.4 Lake Formation service-linked IAM role + +- AWSServiceRoleForLakeFormationDataAccess role provides a set of Amazon Simple Storage Service (Amazon S3) permissions that enable the Lake Formation integrated service (such as Amazon Athena) to access registered locations. + +#### 2.5 KMS key + +- AWS KMS key to encrypt Security Lake data and Security Lake Amazon Simple Queue Service (Amazon SQS) queues. + +#### 2.6 Security Lake + +- Security Lake is enabled in the delegated admin account within each provided region. +- Based on the specified parameters: + - Natively supported AWS log and event sources added in required Regions. + - Organization configuration created to automatically enable Amazon Security Lake for new member accounts in your organization. + - Audit account (Security Tooling) subscriber with data access created. + - Audit account (Security Tooling) subscriber with query access created. + - Resource link to shared tables created in the Audit account (Security Tooling). + +--- + +### 3.0 Audit Account + +The example solutions use `Audit Account` instead of `Security Tooling Account` to align with the default account name used within the AWS Control Tower +setup process for the Security Account. The Account ID for the `Audit Account` SSM parameter is +populated from the `SecurityAccountId` parameter within the `AWSControlTowerBP-BASELINE-CONFIG` StackSet, but is specified manually in other environments, and then stored in an SSM parameter (this is all done in the common prerequisites solution). + +#### 3.1 AWS CloudFormation + +- See [1.1 AWS CloudFormation](#11-aws-cloudformation) + +#### 3.2 Subscriber Configuration IAM role + +- The Subscriber Configuration IAM Role is assumed by the Lambda function to configure resource link to shared tables within the Audit account. + +#### 3.3 AWS RAM resource share + +- The resource share invitation is accepted within the Audit account. + +#### 3.4 AWS Glue resource link + +- A resource link to the shared Lake Formation tables is created in AWS Glue to point the subscriber's account to the shared tables. + +--- + +## Implementation Instructions + +### Prerequisites + +1. [Download and Stage the SRA Solutions](../../../docs/DOWNLOAD-AND-STAGE-SOLUTIONS.md). **Note:** This only needs to be done once for all the solutions. +2. Verify that the [SRA Prerequisites Solution](../../common/common_prerequisites/) has been deployed. +3. Verify that the AmazonSecurityLakeMetaStoreManagerV2 IAM role does not exist in the Log Archive account. If the role exists, either modify the sra-security-lake-org-main-ssm.yaml template or delete the role. +4. Verify that the AWSServiceRoleForLakeFormationDataAccess IAM role does not exist in the Log Archive account. If the role exists, either modify the sra-security-lake-org-main-ssm.yaml template or delete the role. + +### Solution Deployment + +Choose a Deployment Method: + +- [AWS CloudFormation](#aws-cloudformation) +- [Customizations for AWS Control Tower](../../../docs/CFCT-DEPLOYMENT-INSTRUCTIONS.md) + +#### AWS CloudFormation + +In the `management account (home region)`, launch the [sra-security-lake-org-main-ssm.yaml](templates/sra-security-lake-org-main-ssm.yaml) template. This uses an approach where some of the CloudFormation parameters are populated from SSM parameters created by the [SRA Prerequisites Solution](../../common/common_prerequisites/). + + ```bash + aws cloudformation deploy --template-file $PWD/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-main-ssm.yaml --stack-name sra-security-lake-org-main-ssm --capabilities CAPABILITY_NAMED_IAM --parameter-overrides pSecurityLakeWarning= + ``` + +##### Important + +Pay close attention to the `--parameter-overrides` argument. For launching of the AWS Cloudformation stack using the command above to be successful, the `pSecurityLakeWarning` parameter in the `--parameter-overrides` argument must be set to `Accept`. If it is set to `Reject` the stack launch will fail and provide an error. +- To create an Audit account subscriber with data access, add `pRegisterAuditAccountDataSubscriber` parameter in the `--parameter-overrides` with argument set to `true`. Provide value for `pAuditAccountDataSubscriberExternalId` parameter. +- To create an Audit account subscriber with query access, add `pRegisterAuditAccountQuerySubscriber` parameter in the `--parameter-overrides` with argument set to `true`. Provide value for `pAuditAccountQuerySubscriberExternalId` parameter. +- To creates a resource link to shared tables in an Audit account, add `pCreateResourceLink` parameter in the `--parameter-overrides` with argument set to `true` + +#### Verify Solution Deployment + +1. Log into the `Log Archive account` and navigate to the Security Lake page + 1. Select Summary + 2. Verify that Security Lake is enabled for each region + 3. Select Sources + 4. Verify requested sources are enabled for each region and account + 5. To verify that Organization Configuration is ON in each region, run command `aws securitylake get-data-lake-organization-configuration` in the CLI or CloudShell + 6. Select Subscribers + 7. Verify that the Audit account query and/or data access subscribers are created +2. If an Audit account subscriber with query access was created, Log into the `Audit audit` + 1. Navigate to AWS Glue + 2. Select Databases + 3. Verify `amazon_security_lake_glue_db__subscriber` database is created + 4. Select Tables + 5. Verify that resource links to shared tables were created + 6. Navigate to Athena + 7. Create a new query and verify that the query executes successfully. **Note:** The Lake Formation data lake administrator must grant SELECT permissions on the relevant databases and tables to the IAM identity that queries the data. + + +#### Solution Update Instructions + +1. [Download and Stage the SRA Solutions](../../../docs/DOWNLOAD-AND-STAGE-SOLUTIONS.md). **Note:** Get the latest code and run the staging script. +2. Update the existing CloudFormation Stack or CFCT configuration. **Note:** Make sure to update the `SRA Solution Version` parameter and any new added parameters. + +#### Solution Delete Instructions + +1. In the `management account (home region)`, change the `Disable Security Lake log sources and organization configuration` parameter to `true` and update the AWS CloudFormation **Stack** (`sra-security-lake-org-main-ssm`). This will disable the AWS log and event source collection and delete organization configuration in all regions. **Note:** Security Lake will stop collecting logs and events from your AWS sources, but the existing Security Lake settings and the resources that were created in your AWS account, including AmazonSecurityLakeMetaStoreManagerV2, AWSServiceRoleForLakeFormationDataAccess IAM roles and KMS keys, will be retained. Refer to the Amazon Security Lake documentation for the recommended steps to address the service and resources. +2. In the `management account (home region)`, delete the AWS CloudFormation **Stack** (`sra-security-lake-org-main-ssm`). +3. In the `management account (home region)`, delete the AWS CloudWatch **Log Group** (e.g. /aws/lambda/) for the Lambda function deployed. + + +--- + +## References + +- [Amazon Security Lake User Guide](https://docs.aws.amazon.com/security-lake/latest/userguide/what-is-security-lake.html) +- [Managing AWS SDKs in Lambda Functions](https://docs.aws.amazon.com/lambda/latest/operatorguide/sdks-functions.html) +- [Lambda runtimes](https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html) +- [Python Boto3 SDK changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst) diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/customizations_for_aws_control_tower/README.md b/aws_sra_examples/solutions/security_lake/security_lake_org/customizations_for_aws_control_tower/README.md new file mode 100644 index 00000000..b8c25d5f --- /dev/null +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/customizations_for_aws_control_tower/README.md @@ -0,0 +1,7 @@ +# Customizations for AWS Control Tower + +Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. SPDX-License-Identifier: CC-BY-SA-4.0 + +--- + +[Customizations for AWS Control Tower Deployment Instructions](../../../../docs/CFCT-DEPLOYMENT-INSTRUCTIONS.md) diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/customizations_for_aws_control_tower/manifest.yaml b/aws_sra_examples/solutions/security_lake/security_lake_org/customizations_for_aws_control_tower/manifest.yaml new file mode 100644 index 00000000..6f9278b5 --- /dev/null +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/customizations_for_aws_control_tower/manifest.yaml @@ -0,0 +1,87 @@ +--- +#Default region for deploying Custom Control Tower: Code Pipeline, Step functions, Lambda, SSM parameters, and StackSets +region: us-east-1 +version: 2021-03-15 + +# Control Tower Custom Resources (Service Control Policies or CloudFormation) +resources: + # ----------------------------------------------------------------------------- + # Organization shield + # ----------------------------------------------------------------------------- + - name: sra-security-lake-main-ssm + resource_file: templates/sra-security-lake-main-ssm.yaml + parameters: + - parameter_key: pSecurityLakeOrgLambdaRoleName + parameter_value: sra-security-lake-org-lambda + - parameter_key: pCreateResourceLink + parameter_value: 'false' + - parameter_key: pCreateLakeFormationSlr + parameter_value: 'true' + - parameter_key: pSRASecurityLakeMetaStoreManagerRoleName + parameter_value: AmazonSecurityLakeMetaStoreManagerV2 + - parameter_key: pSourceVersion + parameter_value: '2.0' + - parameter_key: pCloudTrailManagementEvents + parameter_value: ALL + - parameter_key: pCloudTrailLambdaDataEvents + parameter_value: ALL + - parameter_key: pCloudTrailS3DataEvents + parameter_value: '' + - parameter_key: pSecurityHubFindings + parameter_value: ALL + - parameter_key: pVpcFlowLogs + parameter_value: ALL + - parameter_key: pWafLogs + parameter_value: '' + - parameter_key: pRoute53Logs + parameter_value: ALL + - parameter_key: pVpcFlowLogs + parameter_value: ALL + - parameter_key: pOrgConfigurationSources + parameter_value: ROUTE53,VPC_FLOW,SH_FINDINGS,CLOUD_TRAIL_MGMT,LAMBDA_EXECUTION,EKS_AUDIT + - parameter_key: pCreateOrganizationConfiguration + parameter_value: 'true' + - parameter_key: pSecurityLakeOrgKeyAlias + parameter_value: sra-security-lake-org-key + - parameter_key: pComplianceFrequency + parameter_value: 7 + - parameter_key: pControlTowerRegionsOnly + parameter_value: 'true' + - parameter_key: pCreateLambdaLogGroup + parameter_value: 'false' + - parameter_key: pEnabledRegions + parameter_value: '' + - parameter_key: pLambdaLogGroupKmsKey + parameter_value: '' + - parameter_key: pLambdaLogGroupRetention + parameter_value: 14 + - parameter_key: pLambdaLogLevel + parameter_value: INFO + - parameter_key: pSRAAlarmEmail + parameter_value: '' + - parameter_key: pSRASolutionVersion + parameter_value: v1.0 + - parameter_key: pRegisterAuditAccountDataSubscriber + parameter_value: 'false' + - parameter_key: pAuditAccountDataSubscriberPrefix + parameter_value: sra-audit-account-data-subscriber + - parameter_key: pAuditAccountDataSubscriberExternalId + parameter_value: '' + - parameter_key: pAuditAccountQuerySubscriberPrefix + parameter_value: sra-audit-account-query-subscriber + - parameter_key: pAuditAccountQuerySubscriberExternalId + parameter_value: '' + - parameter_key: pRegisterAuditAccountQuerySubscriber + parameter_value: 'false' + - parameter_key: pStackSetAdminRole + parameter_value: sra-stackset + - parameter_key: pStackExecutionRole + parameter_value: sra-execution + - parameter_key: pSecurityLakeWarning + parameter_value: Reject + - parameter_key: pDisableSecurityLake + parameter_value: 'false' + deploy_method: stack_set + deployment_targets: + accounts: + - REPLACE_ME_ORG_MANAGEMENT_ACCOUNT_NAME diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/customizations_for_aws_control_tower/parameters/sra-security-lake-main-ssm.json b/aws_sra_examples/solutions/security_lake/security_lake_org/customizations_for_aws_control_tower/parameters/sra-security-lake-main-ssm.json new file mode 100644 index 00000000..fceea19a --- /dev/null +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/customizations_for_aws_control_tower/parameters/sra-security-lake-main-ssm.json @@ -0,0 +1,142 @@ +[ + { + "ParameterKey": "pSecurityLakeOrgLambdaRoleName", + "ParameterValue": "sra-security-lake-org-lambda" + }, + { + "ParameterKey": "pCreateResourceLink", + "ParameterValue": "false" + }, + { + "ParameterKey": "pCreateLakeFormationSlr", + "ParameterValue": "true" + }, + { + "ParameterKey": "pSRASecurityLakeMetaStoreManagerRoleName", + "ParameterValue": "AmazonSecurityLakeMetaStoreManagerV2" + }, + { + "ParameterKey": "pSourceVersion", + "ParameterValue": "2.0" + }, + { + "ParameterKey": "pCloudTrailManagementEvents", + "ParameterValue": "ALL" + }, + { + "ParameterKey": "pCloudTrailLambdaDataEvents", + "ParameterValue": "ALL" + }, + { + "ParameterKey": "pCloudTrailS3DataEvents", + "ParameterValue": "" + }, + { + "ParameterKey": "pSecurityHubFindings", + "ParameterValue": "ALL" + }, + { + "ParameterKey": "pVpcFlowLogs", + "ParameterValue": "ALL" + }, + { + "ParameterKey": "pWafLogs", + "ParameterValue": "" + }, + { + "ParameterKey": "pRoute53Logs", + "ParameterValue": "ALL" + }, + { + "ParameterKey": "pVpcFlowLogs", + "ParameterValue": "ALL" + }, + { + "ParameterKey": "pOrgConfigurationSources", + "ParameterValue": "ROUTE53,VPC_FLOW,SH_FINDINGS,CLOUD_TRAIL_MGMT,LAMBDA_EXECUTION,EKS_AUDIT" + }, + { + "ParameterKey": "pCreateOrganizationConfiguration", + "ParameterValue": "true" + }, + { + "ParameterKey": "pSecurityLakeOrgKeyAlias", + "ParameterValue": "sra-security-lake-org-key" + }, + { + "ParameterKey": "pComplianceFrequency", + "ParameterValue": "7" + }, + { + "ParameterKey": "pControlTowerRegionsOnly", + "ParameterValue": "true" + }, + { + "ParameterKey": "pCreateLambdaLogGroup", + "ParameterValue": "false" + }, + { + "ParameterKey": "pEnabledRegions", + "ParameterValue": "" + }, + { + "ParameterKey": "pLambdaLogGroupKmsKey", + "ParameterValue": "" + }, + { + "ParameterKey": "pLambdaLogGroupRetention", + "ParameterValue": "14" + }, + { + "ParameterKey": "pLambdaLogLevel", + "ParameterValue": "INFO" + }, + { + "ParameterKey": "pSRAAlarmEmail", + "ParameterValue": "" + }, + { + "ParameterKey": "pSRASolutionVersion", + "ParameterValue": "v1.0" + }, + { + "ParameterKey": "pRegisterAuditAccountDataSubscriber", + "ParameterValue": "false" + }, + { + "ParameterKey": "pAuditAccountDataSubscriberPrefix", + "ParameterValue": "sra-audit-account-data-subscriber" + }, + { + "ParameterKey": "pAuditAccountDataSubscriberExternalId", + "ParameterValue": "" + }, + { + "ParameterKey": "pAuditAccountQuerySubscriberPrefix", + "ParameterValue": "sra-audit-account-query-subscriber" + }, + { + "ParameterKey": "pAuditAccountQuerySubscriberExternalId", + "ParameterValue": "" + }, + { + "ParameterKey": "pRegisterAuditAccountQuerySubscriber", + "ParameterValue": "false" + }, + { + "ParameterKey": "pStackSetAdminRole", + "ParameterValue": "sra-stackset" + }, + { + "ParameterKey": "pStackExecutionRole", + "ParameterValue": "sra-execution" + }, + { + "ParameterKey": "pSecurityLakeWarning", + "ParameterValue": "Reject" + }, + { + "ParameterKey": "pDisableSecurityLake", + "ParameterValue": "false" + } +] \ No newline at end of file diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/documentation/sra-security-lake-org.png b/aws_sra_examples/solutions/security_lake/security_lake_org/documentation/sra-security-lake-org.png new file mode 100644 index 0000000000000000000000000000000000000000..9e0e7829730293319bd64c3339e00eeff4e7bdce GIT binary patch literal 154956 zcmaHS19YW5^Z2cAZ5vx|ZQI^%wY6>AHnw)V#dd4E-P*Qo+yA~F-}C$S{O`$gp4?0_ znapI8nPi?Y1vzne7#tV?001v3A@T(P0RPB?ngAg`N(cz5;sF4dd^2HT1xaCHA_aRJ zV>3%506-$_dlHm_k~(JpxyNA?00g`sa1HzrJQl?r@IzG*S`wHWhy^5ZHnfA7_YVaY z(^P+jQ2jALO^xw6)R*KALLF_!sY+Mah>#(0^>xY9WN+_fZ)fG5cYmyf843WCN{jNT zyBbgcobK&fv%VQ9Hs!Jg-|)kWg$VcU*((T3@$-8FRH?tac=$jGD7_^eCeC%dz3a$E z4@++Y01za2{j%EyM4l+>@|+}gT!3OGvho^gEtcMWBo!o52og_^@JD7Ird~Vd7b7kT zmIZtO%M^Onh;hUtAa*vEgEydC+;JcRi4D^pLMX84$VpC8a+kytTu+!xJn$lskMxY5 z>!ri2Pm*=fvOUqnJ(aCBgh)1VMEli8yZ^mD(Qxnt`)PoLBGk(tnLc1;akbzpKNakD z68K29FLx&YC^SlTrTSh$llVAO^64hUYIJl?5Kts6t)^Z8iHx`_QQlX=ZU#ON~5;<4qY1X6=-#vhGQgoC;~<(sxOH(@a7i zwc`-&t!;8{5KtG}{c7Mq{XSKKL3g5E!U3k-QV*468;inKA|PG@9l225w0O9r2N*R3 z8dw@?A$5<+#ynwc0*cm&3TD_arOO2PHtz@07g#YPXuxwgF#)^J4vec{00jqtsrkM{ z4>mL7%?u(W5(qja06ho9(Rb6)sJ;`q5mbHy7F2*T6m%E_s)Q3Fw2QhD!xFTKi0}m5 zLjalsh!9|Ii-rd^y1~MMNEdLNgL~r#r3-)yz|@6ng+fIF-z0(&3HVARD}l)5_n8=S z2hL6CO@RRoqF2aM0w|eNH(^XkNbM_?Bdh>_!|Vvdg{T$ep5rk=!~)ai$Jb4n0!Pz% zRLR$hWZWsUfQS&3+~w)|DFb4^b9qz05swd)y=#B-*p`q7(Ba#!2oM#b%B@u>q=X#8 zNB0dE>&@>ezAfhYiu@B#ImTSnDaSe&Qh{DEdqRx`URFFk4}X&HfPn?74W*5s4PMK? zT#P-JKF=l>YSQ4q1`9?E-oW3kvyveWi_aLH98)Q**|v^zMI5Wr7bO?E-Bn5Y)T8YLJSRfIDSWHJm(N`}mu z1OxRrEIAZ0%tn$do^3D-O#~&DEk0bbUqV$Ppg`Wxt(tK$6HhoPwjrT(V1M9#z=jGf zoUivgimYUjWzmcRodSUp-_V5Nh@l#jW-2_>4<=crHl~VV@SgPrf z451j_8m$^FRv#Nl8_5se4Mz`8?tI<>-TAUpKR7$2^&K~^fADzNW5{9GVFz(oCzdcT z*OZIJ1t+9FRYkBx1Xrb#8jG?L4F&xQJ(}8)Dw1l5<{M2gjWKl+b(SKYf)LdqO;uw2 zcV|j`)#m&gx2z|gJ)X7Jvg@P$+p*^y9-T$y)S`@{m7JBL7xkd>t&;eHYUv;9yK&Ut zX4P0FoW37{%u4^H-=`UI$rw+~W`BQpc{Z<1tNK>Cgj3gTo@u^)gmbiZL~`qOggK*Q zPHEO?PG*i~UTYR(<`vls~r5o z%(B&-SBa3~?uoE@su{C+?CIGVtzRuF4RZJG1cEWS$vF+G6~gBM?S9^YZy2w}ugG9V zU`c{Wf|*^y!r{3Qn^N8O-OFNXq``{ulivB(1`7*)99@kw4~5W{`W7S%i#Ag=fSOKk zKU={^e{ZE~s%e()+A+ronZc3u&&$6SPiBQygC=2JXiwB0MpycH7F&P6_yx5FRfyJ$ zmiFRG8%ReRmF!y4gnv(-g)GG=ou4D0<2eSKbFngIi?FI+s9pA~tE)j@o?DJyI$Y{q z`o4I}jE3bGX%$IxhvmWk41ZU2%FnsLRltqs^3Xjw!#G$qXJ;7KMY5I`E-EayBxhM9 zEC)8`xUaTPmtGPh8ODC`Cq}f#dy?i`HY(!)ad5?zOfxSv2e;LXJ>fY&WpGSdU zjlhjSE9)vtFY8lQOj~W+gSL~l!5Z6|MeF#ZuIG!V^W#m;j5?kQyv4};m`molD1Wt1 zs7}~As*izBmCv!hYt{MIY6KzOqy~xR6dnLn4WtE(00IZR9PZ^45El*WE6xqe0*R}Y ztvHa@P*lQd;8~$z0zVh=H(WQF-s$GdMao6m1tKy5G6XVM94zU)sCLYkC=`)8k?p+h ze470JWOusN8b^*ka&q>)F{S{c)ZubERjsVnml2pFn7eS)s+5J$g{1}h6M!?P2TwG* zDh7L>-TujL>qfIZY*RiDg*M2!daIJB;0tg)tRtO2Z6jVG@#4z{9VK$B+>Inp$^$VK zQ3y1f)7y$p)B%&f$y%qenesJ$o{4Zg~mIw$!Zs%oL2+3?i2DfHOf zVkLdbM>(dH%?!n~OFQLug++MbR)#x^VHF_O!)nU19*>V@qi`dIAV;!@;R@d#^@0Yod`8(6a zx#{F5T`bK2HP%v_tBVqG8$-p#Y8JXjIfgnW{)+Sp%_6tLiOx#3yvzESmyQ&Q)RWYz z6zP<@iu!uaaCN9V1;tKe;@~0dQc3oQ zxsmtoJhk4efRpWQFHTEZ+PAtTd?(w?0_z)zk+`#b0&$Ha*<(ajO4c1huzs@starTU z>&$KM{$+UvxtZ)4ZuL0{ixCU|G!^zJRtgrxT9LY&j4R&RwWEclhloXb<)S*dhOvt)>&FMgxf>K_(_t}H_V31`$<^Y0#OnIR! z9;_|6wg=kN2KsJJc`EscEHl1R>?%A?-XqqfSI@)iP0Tz@RC))W}2}}7I`J6nXA6_i=XE9fjw<^SR zG&&x=JUCLBIH~j_7N_$8FzU9RJOG=YfE*DJfn!MDMn~hMEH+c)w`}r@Y**v8EH(`Q z!aW#LGbG?07jQx&D5frwjRPh?gdWBXx-cZwY`njAi0w5ravaCG=K{{u)lrrD_)72e zJ{>@%Y;hs~PVu`H+`Y+|gXY6(RWVYNG?tYGP=Dls0FV$f0Qg4^tH~XsQs3t4J zWng1Pr)OxRZ$$U8Wc<|xz~jpGk+m{%)FX1Wvb1*Ka^)rYM-8rz{9ncNBt-wH;%LE3 zq9&_ABy3}EM8rnNK*vDB2SY?e#A9!0%=JY?>|f14{_&ESIy%~N(bK!QxX`&U)7jXY z&@*y!a?&#}(K9j8e$=3KaI<#QbEUO*ApIwjf8!A`axkzrvvoAHu_pQpub#e*lOrz) z$zL7)=l4%Kja<$C+mp4!zlQZOK>EKR^o(>2^#8&A(Uj+}QZ5BES0hVx5i_d~_I&ig z$HvIY^N;%f1Nm={e`~4s-8!P_F=YN!bFq#jBhyFi8rkgQa{s^@m44K}SdP5C*|j5m0bH{{&6!M-~|9xu0p6ls;z2S0ljhZ{ zm!Dt79bXLuh3J1$F)esT7bIP74)tnljlXh<_Al5!pqpU<)zj1KwGPXL>b12E0+;ap zzsZ~(1O}q+`Fejf;eY87U<5^j3E$j+`4ejE519G={&)+;{}4yyrw>kvhSuGM{wK;; zKVUOw(Tuu7YMp;?^M_~jDqz3t4k8{e3WjJQ6 zJa3>@n-1Dz_Hj8K4M_GQCb(#Of3t2m_hCBEe%E|%{F6Az6nKG&l9U{l0{on>JKMXh z(l)WbPEPb)8g1739(N*ajJi4^jIJDFhD24@KI5`mQ8~k@{;w=PN`A8WF@0igeV((} zsrMkHCPv|~vAbQmz3Q2!A6#wFBz<+iPxP>EQ4!Pf_G6Keu_eH$-VK7q96FjUjriW- zda1A8;q6sr)#7{_@ALL3&StZwY55$D&pmS2+R8KUoblX?sWUK=%KV9zcC>DF{`Xp& z$L_q2&v*42HLqK2vy7RE{ia<`-7bF!`wc&+p)M%G&mMOt^1oac zjgkjB_cN4!9jI!%iMrpP(I#uVn^m30@V_f8f3@C5tE8V#_sGGa$feJ?iS}q z$BRYb3~IToe!9rHFkWz(RaTYM*Uy8)<4_2O!zPKsWly51X#D~M12bYa&T}1^Vf!0; zEu3=R8Hm)_@JTu;u@o;$=6`0K!ZYxJ7VYMARoMGuujzo+ayfpr@7iS_Qe7X7pI>`Z z(004_YPyQQe&OSf1)F@dnJ$d#q}k|3n4};S2d9CZ|=}DRN-XD1W z7zJejBz*kAfvMYNFXrxc41ZD>D#cJRJZ>aZCp`NKQ4G&jXzTSDcllK&ED|VP$BVt7 zR$mmZNh>a!)e@P@id~3I8jEC>#~J7TrY8CS2!P0sTC~$9H^=S^sZ)#mean@_oK@_q z`tvoG=i?}%{my2H#FzXDSM;5|y|l4s2uw{~u?rp7O$b#jVl>_NY@au?`Yu+VyOTxx z^S1k+4Z@pD&brwBcn%|sdySk9dlJugr@Kd`6-i078dCG+S`Y+KUe9;m-`}n?eqA=K zdnc&scq#WqVw1A3x#rheEvuxl+t9hJxfNx2KOKsBb~>$C?T=-Oi8Ma$rSC49WPeXg zd}S7Yx$Gyr+Do^=;D!+DJ@0rwTViuL({%fo7&5Ob-Bg-Tc7FeNar#gQPoxVfG!_|4 zBGhagir42G7A4{*%JF0CP)I_rySi3RvsNC*cPo_A{Ku|ZdA>)HFG@WZvs*NZ;Y}%VcY(VJC2!9)*l2wh^7V~R44+2 zR)zu}m!UaE0n8P+@$xYx(=;L0J+GrU*QN<0-x|zkhcwr{_zPoi3>LUACbCPby=6ZKU;;!bah1#U~qjtZGfo3 z?F>f1H*bZTs0vm9_yK}l9LpJDL0Tbyv4h+Ng@g>`Vh(+U>wL(YpzqwX4 zK_1Ol(5I%Ra;(}213|7xh-5&56(D9{naLlRTzQBnx~YmX^p9|Jw-8Vmrv9)96Cr{A zfPnx*Jf+t$wf0k3=%?m`!{H#J6z$$6V1}2;W0b3Oc#JW|Zhb^9?*3;LV8m56zH zwb-mz)b#lSfv(Vv=K<`3Aqe>4_%SO$b#?V}E9ZLf77#ro1|VMLT$x6?%Zs0`5a}P* z0s&wm^@obc#GaOz`6V7-XIL$NVX4x~8{hWC_eHp|sAw}T#1V-Xcow2)G3bvbHzqXd z?9P!)Air8Lh>`U4Y)u74UXE)4C}HUvgN1@2q3Jpu&$0INyvIBv+5Gqc>Z}HM} z$bonnZhNUrR!b}naNvNEVgMo--nKOqo~^H>V`v6+vX*n|rLF)R5D)CT+o)du_MCSmwHHeE~0j!>_-iXngh{wlAW5Ph#K%v&R zr{ltCV3+IL)%NAngUW6&kS5SrqRWphkf{lJ1KU@wgf-ttu^wjVQ}LeCt_8k+ha;eu^AaBRSAd{pq`phIILG{;PE&@c%~CMe*Ld2692PF3xJ-1 zPpCQt&po5T#2%cVX;j1sBOH-Byrq;@UA2UxD^N0@bjbK&t#;LQxmB4)JrlZ0_^3B~ z{@}S7n69?Ce>3zdM|I4lhJhG+vP=ELE@KYk#{>&;*B7@?sTyN_v`1*d=0<=|k6jZJ za9ZVI?_hNH5>%~>ik)PP1|yZHB%UvWkD4`U%y z$b?Qz8>!@4$2yk#Bi#AJv>qCZH2H&nAQ1IQAUCJaySA0_54JTW_lGraWYWj{hjlHd z4<$!I!GQnU8rGi_FcT2uU(LLY{fD6`7(gpf7FQ9{+C=_=cSCZ%LV}B_mvDcer??9I z!wa%?`EWwM)M8DHdZRel3+yZRNS0}^l!Xpo;QX^UG4a9grF^KWJ0Li*#eJPV`^-1f~fL1c8Qv2l%8DwIuyQTx^>;UixNCXiwVf zAB$|<_1Cx*9H0fr9?Fl61UtI&lUwm_nEsC8E4W`QEW`zwuLOg~#wc-1c2@@v`j?oX zSmg|ef4Y2MJwV%ZTIJ^2@5)Xdyv*u4FxUR(3i=Av4J!H~XLmXDl@e_TE(2k=izNTW zCv>?S!EA&nR|%U#w!Iga4mSF~>25BGf>oeD-F*gWRT-{y`a5?sS%klT{Bq;J{Wu|+ zoMYbop%;rRW>qteN{`TrzAefBIH)=Lz^|~mfHiP5TW#{k)0nZxUqn7pOym*^sS#88oZj9yf~TvkCgZK;((XS=ulV zP5&NWEAO4KQg$dvS>-8ulGPz)KW9m!LrgG+pxor4#6;#WhO)?O^CP4*+>n0R^zM9B z<EnlI-$V^e!^5kpR+H`v#oc2^gtE@yFNIJ>Cl+rAvGk9@zq z@5oQ3|6QjUYMqEXj3kJKw(4UisEVg|gV_$I^1-T0zP5 zu0}pQ?jdy4BO*D@86)lbs#ejj5`^EBK4o|tm2lJY?1Qq}uC82+ax4JK2fg9Oypiwm z>GMcUaQj`dAfbZ8hE|#vGT?7<^7_ppa(liZsB&=DZz^wUYjz?mbJEdVbAR` zrBfcL4c(5l6#5JK%<=l*_75WM5Q>?EgL+w>Gx~F}&|jOk24r`>;RdQ}T+duS<4ac6 z4tE{#48M{kTpLf+>x|y1p5XdkKP-f=zYUJh*3S&6j@Rqrvr}m&Gc_8eMfr(eshySR+2oCCV z1*OozHK{nI-=l}3(*GQzcqIQWHMdk&K2^rv)xIL6NMx{?CRE`c5j>cd+~JI`niZrx z-%i=`{*7+bhEF+u47&jFb6jQ(#?TYv`OpL|I!&a+#!@E)CP*m9s2IFUna4MY z*9()9eE1HprBLbD2X-_2O~ovPQl{l1#U?eTA4J}89EH>x?Iswv1&uBumdto+EAPxg$K7a$8Z``YdDSUUJW*qV?E%*tkssHS&@@BWtaB zbo)X(uR&~<{Z55@%N)jE9pdQu!#1{Wxyso?{qg(@{qn6rk;HSD>T@fh2mHMY5PW$( z>qq9xeV}eQL+&Bm{b`?Rz(#Sa69PbJSvmT%yYyxhb!cpz7Q7 zEz)}oMbDV}FBJw3>O6Z^HG`|^odo+=)UF0%O>Hn!9hnp@Gg|GB@D$S57I!XlI3+pA zacVj$+INwbZkIG>PWS5miqORmc}MJGE;w24p)=EQNs-x@*m@ui^kfL<^w|8g@jVF$ zNv6t;*UU9!PD^-$>Q$0=yC>fl2&~8sR|LO^E1$|_N?DBmEc?>nr8HedH$Wd7Xy7jG zsVMZT_4M!y1=rNdUHyDV@=N6Bh|b&S5Vx-p!SQv50Vgvai#66Q*iP0AzZw*s756Py z8&rj<*!Z8DSX!Q3?UEw=ZQ%$|4g&k`EJ>prYYA_KDM7fZp!@GwZX?%Kgva-3i93EG1 ztE*hYX;<{oWxs9;nvY0=6h8z;;s}vBdos&kxtuWFXFA>?lfMVGokNP>V|emk)#gTq zcmEZe4&PCS|UP2y#9b(BjCT&d_y zA179itNGxxB`!IMikrm~s{XYsbxNY?i91hUZi^75_z3)~Y~M^r*%;?kYsT#8@^{i( zu3BKT!bYo@=x39chYDoq-`fTd_^($$i1s5~smtc(uwS~n(mZQFz;LmdG1KwH^bBPmc`{sD%Lwc3!BH-41F zg@h^Cqk)`_(X0hIeX5$GlO!nBzG z8|ItWj4G%Rh|vIFyy};WB;+WeCJ_k__2or`T;H{3NH$^z|9y+KA_x4E7d8&Hzlqh`8E^dKwa*vvZXujZ zzKL2?1;JXzjW(RwR)#>(^>wsY{t@;1L0dr$NPWKO#k)Sla*aM0SRn%NJgp9T=Im*@ zR~?#xWeUlCd@3v=5Cd0deO;1oP&+uKswBU|iO@RltjA+V$34kqXKKJUsZ9w_GMYMT zaY=C~Qjn4x*G^$$XmLb@2FR9vn`Y~8fUk?Yy5wX;)9aW-?-HUA`5nm;-3ST#+L?5w z{X|?=b3%-`MLMrN+}0uUc)b&P+HLI1V%3l}LFO;Wf+Ot;Z4ok=|JJf!&O%y`1papD zl*#wtj@JCGM4@u8aB#_%`ejoz0FM90D!X}vCEWI{`Z{|C>Yhm>u|D?d$Lh7JbRJtI zLwwss9@qQ%RuBTS2Z7tg))w?S?xT^0t4{DBEL0M$DOv1DXDDFy1wRv1)MASeq1L%eUa$1(*SWAB2+zG(oO zwIzeieDHl>gGaDJ88bc&YOE7>$ve>a+STBzzN)2-aJnyiHfz@kw`J5t;&Aw}SBWh)_>{tod{62}Fwk%uj0>r`X!yrFq!L8HsH8G-a zQWTf-Lr>;W;xJWo>??$R%ABZ20Ve~(Ts&#m9|;#`8oGYWj_EsA7bi&;SQTTd1ws7R9?&2c zlZu$?3$=BLcFl(xxRGa^T1JqTA)41eJ2qJcmT; zWxE2kE=%Q2G`G)gwPqoD+~8g_h}u6N-Zl8H?5?@>#|4|nTZMy!w{ySUyxZJ|u!kmK zuxA*mL`meHZVOz?EigTP9C;}`f(y~39mI&{)ISA{zjD{%&HF~QDS=-&3U0q4e!?k4 z6mKjitwKe!DXxKjs)UaCED{zA_N*Wjkn`c)9t1dsLF)`?*UI5a;QkOmw@OZp`>t(_ zo_~JuLV_@xF8I3oaKN%Xwt90VBp;!2pG7O{h#i&iv5$XU)iF5=L$EVT`hhPsLx?CH z3SJppgr~nUQC&;Cg#uH%4gaCWk>peU(gtS1fkH@x&IbdE2Iw%(rVAjN7bN&$!JWsx z=l!YG6Lx*VmJNK3y3cnzl8xvvt(wd8yytUVbMupsA4nm;A7F1K3t4jK+-&ffokcaezSc3tnh{w1@hF7E4Tp?K`i{i^j_X`;nBn%* zX6c5r&>>_}E)qw7hQ;a0W@_thI^t8maIw~MQN={u9PeJ!j%;G>yy^8qZ(j{u*!Uao zmfZAUpn@*^II*kTCg=Q<-?fY>rhRoFdnoJH%hU7P71hvE^@a9#(K&%$12}M9G7h0- z*t@3FR+D|EEcCwG(JB++pO&6m2Bau6N`i&E_$C8MnC&e1qK-(*ybeFEzYb0-hyz(F zjj8nw96d+j6J#j(w1n?|&vJLVvK_t68Hh_Iz7hUvd6u0HW1%?AjwF0z%-;s;^hj`n zKV`1J8~lb(e_2qNitNSc{cTs*8t`oxx^$ zyD}|sEm<^ooIkuEUh{_B>ypA_u9krD+s1^5N20?FeX-`XTCOGV$Z{uZH||03Oy+KP z4!BHOeA=2f-dSry82bn;m7Uldl!hQqLJ}ofAZGbJ*Gmww6Cp-6!KS}Y)sW6M@J-eh zzhn*aV!?ua(_XzCOr9as{K0b~sd`S6mmKEmS{7G6)9sTA6wVT#TNstYYs!73@66q$ zbitu=e@Wv-T?AEoGO#IVA=DvF+b-i|W*m8~z|@0Hp#r(6s}xilGUA=%x|?F|XWc4I>sFzCQHi=spZM(vi7| z#fExu20G7R&4#pxEpB1Ktn4L_3nY* zv}GOk(ol&07;ZEzonS@Elo~L^ahRS0E>Xx|8Ue$({8|z$cS!faaTKl?wT-td8i8)& z;%KBVDQ2L%q+j#Pjr+yb0;XHFK2(kr*1nOnhA|MIg-tJI7c}^JT$x?W0=RAK4K*R) zoXYo$G(O`v=r{D8aBs-P=4aR@0!t{IezX?EXY6N?sbHDTS5$fnBv*zs|49Kd+yI3Q zmh{}#S}&|k;e+655~r`fJ?X>Sape?Ci5dznzMizdyjXKo^c$fRM}wzj*~Z?u?x3i% zUOF&a*#xZN?}RSK46j6FGaaLQ$sd?@ZsbA)0J4hnQ*51rff1F=&=sW6OI0C)FM$-A zPxB6=&Ci65#@kJho7fehJsi`5!c#nCFLjWN=;LBM{Zgo(+4H(f`n!0sgD2%3KQl5N zT1!$}>K0(&OC`pbfM0>2hhMjgs%vN~W2%E;#N1x{HoZG9KRdTCoAA^J9q!xoy6!Of z(lq05Ed0oSJ_{Cv2MY9kHC_0zY5maF&unzRf-Y9j$G0;lNI{sC6NcVU+7QS}b{Hgq zsED5_lL#^_J!z7}cU~47gAIEz66k^tH}7YXVP(0Y9>gQRh|>(y?Se~eH^3WsAscz) z!MwBK*OdTq8j)gM7O4Q(gd@O^Fjq^mj}wP>3Nb-wC1C)962m)*g)G;@w#`B{0f^K( z^|@Ht13oqKyF^%~QR;DR0EqP#)nn4|gs>O{qA3I2W~`dt7o)g1mgyQ*i$X|vTrS>g zPj}BXPk{`jsJOc@mx2#eDMF#urwp!TBqw0{07wcV`wiyW0Q}+_q&{vT)RMgU!#{_O<>`0;jAM5bcE|x`W#i*Fic`vL*^3k4Oc_^Bf@2` zJ*DAcu%S=^7F_yUla0clqJ}AAXJE;0Sj6@D@GUGXopXfc{tt06ld-{9YI(slmae+t zzve#=0qr`Qr8{n7V>=Mjd33~(QzIg}pF0UV?R$5kJ?*xxE-R zDfq(1Q8X0c2$LP%+@*w&3obF&co#i?e?IARbc%De<4M5PJ2NFBi3W;{0~*Ylczy)E z6!nB~Nswo^L=i;r^}(th`{5PY$V%}$Z8ZtYq}cm^F}pAI>7>W*QZ3@-Q1!TL)qiKz@=b z;;`(PIO8F(g1}mm9XJJJzMXa`Xvkv{(>q zM1}d7ri-MZd*_oA9d6VY?sF2fjOUa2o)28UbVhhnDgEpg_d>OFbp|Ok%QEkiq@J_cJ&TM>qb$mmU_xo zutykNUnnKobGr*vc!Us+^w1V;IXAp=^daU{tapBgMT&v?wCU)hZ+_}Xu~^9T3w`26OVkgZ4N$U$O! z;uxMJ+aSumopPDbyTj!BiQf`-BBGO`(pXo+!S6O?WQ~)`-}|FjI%I}^K{z`EwF)Bz zGC+4t?9o+KjWTLE^`U2KK|K?L{&ih413kFIgWU=pYgySp9@8WiWrtU|ExZPXN@#Oy z-(STLbQ0Tt)u z5~)iMNmi5`=BB3S`wAZXI1#-CCfCz3#>SizR z4l`x}27!=Spu~r|k}AEA$dZnFj zbHK;gRKKa5xA$q##yeYHoku1~{qcyf#hU8$oLv6##SJ+;KBE=q?Mc%;zla*SeOM>Mfi6^sCALJ0Ws$yEI$%&HZeV6FA#@Utat@}KuSMm- z8VWPE#qT2&OW_qdv8*3w;FSvp<*A13mX*eGyr}#_?Ms06sT0DnQ1AT)mCIlf{d??g z%=vl7XSWNj!}q?jsn;&p-HsORYc(+0&2ZhmOBdD?Ka zp8$v>XW@Nak|wZcm??eFE12YiRVXGhf>rn)(0lx{j^(B8H5xH>Tl1`W560TQ8aQk? zT2_&YKpHK&UztgM(QV3IjgIT!8H_|?t6id!I1bo^3S}2rgG^~7-87-|4~ z*(*_0_MM3DH6f{nYQ+_|cebY!5G)16Xha^Y@t(PgRkz>IM=arNA$r@0?g0c(+V@&t z51t|dl?Rfd`#{>SM{T%zHGlpHj`)Rh>mTMM767;$8tB%=5laf%ZrOOT*8L_LxNJEo z5@8CS_ZbIz1{~B0w_my*CL;@O`It*Mi3k5{w3P(M9$LO4nwS}?Jdaxa!DrfoP}X^o zyoa)YVOFud%g+Ja{308y4J9choG{MsHDdO)0sC~{x^byw4VsD3G;)_!FsJu~C_5<` z!4+L-WGj2lrPblKXyUtm^Ws6fl|9l7sk9F)EdZHa+jH_8lpR14dt1Z$DZ%{tvLeQi z#5CA`)4m=0B-p7ofI&P&YOHEddgs#V27osn1d^bEY!XVio0>FK8Fhhy)19X9;Z$9y zi6MaWv=}%O)iPT0JZ)`@<07)S&^J>$#fVD~T!9M&)(=9(y#tJSH7_&;O$AGz$64=# zZBu`k@S8_3mJugE5Kx#_%kZco%LN$rMMO90^rGCBUyu}cCP3E6bj8+IEY4D-7`^y4 zRy_nV7J^0nwRz1eON3%xjP#C34-EQ(hsAMq#;Ky^`QE|syj?8%KOP-xGu7ZW{xr-U zZ|({vBl4rPXY$Kr9SJw$CAR;10^&fXFJcNFA7wq0fr4bs5DON-4(g3-Y3h$w=V$5W z+V6}0xmgSKdW`?$PGL4(;2;PTD%%mCQR`{~O*Le)YWTCUsXk6*4;eh)#0!v16co=_ z(cev#msFfSjZB)*d!20Aj-GVF$?@~0KkQQbFFe(gjG9&zmn>pe_2nY|iS+Ep8OmK} z70||UVam=>_LWwyHn*A*3hxoC?$RjoO~0=6+#ky?U1QNCg$*@xF1v;;2bcKRx4A6c zvg3T7r+!%KXRPODsO^4no+eFBvsMJyXO|md-JlNd-?}4V&gO%}!L+mB!eB3}AweMN zEwBb%l0pu{Wb##Jy&5ZWg-=fuxMD=H$1F(Yh0X3;U&{!|gw%ECz_7N?-tZlZj+q6t zE*3jyk?EqwT;=8OSGW6xAlA?deI}6mVIeocZmsRM2gxY{+AwRB-tia=GPGFE8L5*v z&*7o_zOA_#>p`v96=d!WRSnjKA|sh#Bh`L0g(93zAeM}0Rbsb!W@!aPT_iQcFht2k z0=dMc89pLCbO@N&X*^vv*&@|(esNaBSdEQCt=E8gyAD*sSL`o~&Ls`H{B=ilkzwvO zM--!U{X1Q^+oMLv0ru$`c<&wPz**MbhwkFOT_`m9Ey$3JF|a{}cXU#}`w$6sO|ocJ zbS*`8o1Zbi+wPSsWf3aFsH+qPdod2Rb5-UIH;Po;q$5uLy+^jQqgE6-g<{rc0;(spcjA(NFEa^pIfX-LJ`{%mj_8x-_ z1XUkWfJHwpJ_oag-)Ut@a!S~|Dly1oEE3|nCT|bYG=eZL)Mg@*2htvt9oFR=tu?;h zT}w=~u!4@)_OS6c-p~y!2>}!%vYPOxU{f%R! zD@bA4ar>aq?vq&ook1cQ9?A>;rXUS32npqkYj#M$jYWSv#WF&k^%ZvG4FNvCvV;!S z-(cY2n#`z=7Vo4^yT+dSb2O{rHasS!T@eL{eiOk6;a)cVrkMqbbIIz{SS{;r&{(C7(G_On22#m*h3$7V z1(%(_RiQdqT|;oA@pBR`SW7@jO=IS=dU#3Xz|Y&H0eWZSu+lNH~TEFUYwEp_fZ zN41#UYz4h`^t;=J9g(uJD>uLG^cI^Oqw@I1BiyOk-$gWO2N8tl1z9J8(+@d4>;i^I zh7q465P$<6D=f z#Wj>odLI$~<2&xp{dnZa*-~gd@s9}5;J9gH)l6M*OG_QQOYj8VRjq;AeekDfgq#*# zY*Y2MF=272F#A4s;|HiHRJeDRT-ZR_Qa z3yr*(OtuNHjtZxp8o_#R;7+}R`VuD)R|IMzT5em-Rg^>(DXT*E<8~4BHdwqctt5_^ zMNi7eq7fq=gj;LtlrJ$eIZbcK&iUv4&wIElf7c^h5*}nX_Ke%A-S7LnUw4y=b1Gf5=ZL2^O{Rz%EAb%F#RNNu zfEk0Rv<6!BB9}=usCj;eOE(c5elL>nos|>|%Sm8LBpjUeQE9&|P5=T)!Rqy%xleLk zl3n82LN0#whzWnarmWyN^k8MUPgMXysw1#r43(+cm7+DRwGp|nV=EuC<;|z_(fBb=Az?|D8yR6P9F21X z8z_$j1jOL#i-6?3mLh$}evCa2aKs@N_~k%$gYsze?xU7n4*#6(QJ7)6!3lEc8%F}J znzi=*tmu0ejpCu(`=_<&05uft_3O1M4$kolGNgsqz2}Wx56z@^qa9D*g$V`J-+#q= zn?w3hQ=wVD>$N++IR5(F{9cyV*qn)CWOVV_oaM%XiZXoI#?n#iF}GtOb|fgN zjh`%os`BxOyBmcs0_|Rd_yH*jw0>b)I2(__a&*VY&X8XNLHvSVxbP0Sy~}OILGz_M zx;$XrFGD%~M^kX3`xRcv1J31NVT)ZvNbb2gBD%@v=I2w9ry3nkO0g5RXFud6ttTA? zZd*Pb%K%*leOx+JJYm`Z<(n-SJpTU*I%`E8P;Ag_{TaYIQ&84RDSn||{7!CX=nKVhi}|0~2(F2^aNaLQ$OC(S#( zmH)pSqGShgM@z&dhW#(4|BtDwjH+sFw{*84NC}c6UD9m2ySqE3Ltqoq-616n(%m4^ zDc#*2(sdVl&iU?G4u9!bd%f}Gob&k)Jnow+1SW=M+o|46|NF%O;EwMa)iC9A)n;kq zmDWdnWKr>*{_x1lXW#y}JRlho02xgAIkW}-@4K^Jfk_x$4%Nx9+&&QY&TfcC5z`s< zgrB)k*Z=RsK((Y8tl8ko%&Bb_Gm*dW%g-2~pttV?G*EgsL^`u*C*5fO1*C#h$bo-N zGL}}I!{oGw5>GPvmym!!=}RgUh{xay8Vpbeo6Q5jd}unqo&Wda@~{e7vpbqB*O$^X zFgqj17~v)f-rN4A4kEz$o`=HJp}Bcy(}uz(BCPy}0xf>!i~q{^8~KD8GerYg>JTLo1~5*%UU6a_~P4ZlO374h^e0?2TK3wG^v06D4cH^AWe>1_>4`K;?M z+!gVHv;Ff&CHVyhbBchF2wVMKe=20_?+z);L1lNLm2#pQk4=y5nGtskhJ(fx4BXTH=_Yt`=9xun$D7&Z9c z4<(n!K~xTwhp3m5L!}7sdtoXN>##q5+7oVc+WQ`=_hCBZaVkaDB3W|>~909TNf zq2<(X)&25zC$rhM7~llPW@OO2ySvB6#gTEl95Vj!J%FJ9?-E9X*eK-<1bw;58XUbZ zr_>yNiQr0f1)_!>(T7PDP(glEH_-lPPkbQ|0sy`afn5vf3t=H!CgBcQ$`WZp~FRrZ)|Lg zmox%!RT4N73I4f@SuHS(k7b@g-s?X@{LH49dI`zgo@Z@l-wJ!7 z`gad)*iTZY&%w{=HReWo+MZ7$`0HV3_}BunT2j z_LW_Lp5ukdN}E?cK5&j$GGO}1ZFIQ!Z&v*kb+`a#oAz9N$H70Kbw?T$|J|y>Wf%r$nG0E%M_|Gy8 zNJ4N%`q|*b=0GHf9-39)>%I1ixUV@-k)hUqD0no!`NQnMk?K(5$tbYNu*3=9!4dXL zVKICCA!D@AkmG*@2Y`W)-KQXLkPUx~ny=5eCN9HBUG;}dQJ4XG2Indn4OTMoUnD-cybPkUIdX0bDizg+e&QBw(mxwIfr@PW1-+M>+12+wHD8iu2^ZB}^#;W&ZV&~`A{ohKP2eb%B|6_y~uE890 zX3LD7R0zhtX_~=DWnj&ZuGT-Ctvqh#E!%Ko?Kvez@z*kQ5De$JAH?rp*5Wu2WE?R0 zhlPS8M1uXsn|F$EG+m$9lPBS%jgE{;&i4Lu2;l;!glV~?fDh-#o6oj`kc-##}njGSLlz@+J+A(|guNDAc zMQHp%)XWd6Jzj22lr1MC92Jd(6M2;dOL?{>xH$C4^~M7sSYIVf&SE|-} zBIQ|;#pQ<|OVMHl*eAGp3*E3#q~>bX6kWC?XG}XY%en9_js7L_V9-J(&|||Khz=;C zEpZJBhV{n&y@l{ls^lEk>F!lL6dwvz0;wGjAyK#dgi>)nxQ+n*nypcr^TWn;awhhw z*|t#a{uMQnWz)_=0!+%BNNbA6`AG)X1aI{!p*F2}$~cBY&EqQde`7dh6R286>JE6p z`jO&?TH~d^ws}C1BpwJV_7&!O(T-Ag9ayGf2&ny zn+Prqw8`lH^@d=WP)vj`K_*8yNZ2+i4hOVX68}g6bWr)q8{b^I|DtgNJ*%QhHwaMk zAP#smyK_}NZ&W#HH1cYFn>uP&EAep1YSTwRo&9Ej6mcLnpl8K0{6xk@A+GF}JT&fD z<#^o>pi}acCe&w4lI#X!+oz2O%6MlA8G6i7+F#bX3Dc?`ob-KVkp?~CfP z^HZKHJn2WxG0E(qdT22$pj}C&h*@*awR7Oz`&CsD*>IYe?zxHHx;-7Pz4z;#EXFVx zBapBEl0vOJh)Baz=Td57EG$LJweM=Eb-T@;U*>meh27LeR)jA43~Urk>5PKrv*;zw z=*16}Pye{wNouImVq}+Q^XG{g(QKsQVf&wytlAnhf6@}cmzx4zBxaIXEyi8${NqQi zt#Ep@s!6@e^e=Z8O;g!6E1ctJbSoi~B9{&=is=OD^wzbs=kXzg=U~1Flg>b$^X?zY zEX7f>&&Bc9x9+#Hn8OtEYTZyn`~f4Eab_;@`KfBF1zUT}d%ZG>{9M|xHIBSm-2r-R zlWT2jHhHq|4Sh=lo4{NT^%nI%t=>$((*F^T%IvC>9|~7!)YiD&=btu!$V<@wy0!hD zUx&`~0y(#K8M+LSyTu5a44ZbgVIhF{tDAl-=hgCF3CsgGdn9In!RMlD*K0(ZJpVGE zN4sKcB}h`mlTt6m@FMO30v{JKGWle`+rL~eAawyj7=EsZ5cJIy7NWzlo{h19I zydo^SpOBk=V7ms=U~5Z=kPc--D9;{ zT%R<@b6vWv!MMHY(h~;puJfk`!PbllckPC*dWNTt>E7-W{{iv|zgQ*} z-dPa*kK0r&$o|*Q8krWtek`mkzl&&eH;YIZ6}qtUpIV0}KMlOqiV#1Y)F6@>`Lgm` zb98voyaj2o{4#?$%xv1Iz%_asbzicWlB>mLAIV+qz-uMMW_S&Qnt1B*GKWn2x|x!q zAbBRhvr+pWTkcy7%5w0`Q1J!7buL7xABoz@ONN_v+;O2-%}JkgKW{IewuCCmPZcj# zsPw{VWwtqX*`VLwYwBvE82B=eap4-@tMq0Tu3mZZQs9 zjM67O2A=EHMzB3}!(Pq>ntv~pb*)Pc`ic2#sR!Q$pZe{}?M40?+ho|a)9ylE&^ke^on0m)WrKZYtwsTDm0JL!k3nKu9lu^ zywjE&Cm)>4zgD^h{hsd8JDJ`Zq(QwNmqNF*)#lT|UHeP91ewczNYE(A zFrALhgvhx*izI}cUO*xGglG7e6Dmmlz2fk9Vl^ggbEqIb37YjxjE7ZnV@IMzJ?BcZ zl^Br$Oa-Y9mNR7l+kS0@#xZ|odVh%i;IJa*J2N|jAYRo1S>eV8mq6WmrO79ZNCZ@Z z)9t0euSgN8udnlg+=>f#sq81$AWc)FAl8Vcwl_=2ZO%I{5MC-u-Zm$MQ-(dDg`O<=CsR?3Jc!%@rV&tPYzWn5IojT`%Ai&I>3r1pR1?b6qI&&YjQ~UwU~g z2m$Z9>{Li|yi_?aI<_6GlX^_bu(%G4BKK&`S~%;6b`p02dhSpxh&&F(@QE39HUwhCX~?+sM8HmDlv"nHc*EFO0I@%cmD2JZPZD8%Kz&`vnA zw*9t};c;&7QLUqQKy=n!m|(^i4_*s!X0XJ&qj3%F$!jb7R0KpB;RSH9ItBrG>7m4Z zu3%3vHr@5tcv{1>DN+LD14ddIdTTzD}Re0Xd%~pU212L=8j5n=M84E56;##N8!mZAv zy^Q=#Zz{?KEn(p$x4I)4$=gm(E)&DZZCJmcu0eh~=67rkuL+l0vs=zDOx+LDoVS4` zp8JMNkjp~YQeuD^=QB?pbigb~6peC*-RcSyk^hD@t}oo_Q^Y_`S`g1R-P^KLO|k|F z*;~gFCtG|nSHhVd<7wneO?$jIhW{G z5Bx2dB-qkv&BF~E?|xwk!${vc&4`t33fTxReRitq^#CFUi5wPXi1z5W5%0 zfd-{2D6{0FPx9)$^qRdFaI9>)5D02ux2M+75vlsa#0)N*cNva=MM-V_VuWUHo{_dv zJo}h~goHs9IbkCnk05j|Trj7ihw^pD{$J}r69y{9K{~xDv$Rb=#lmwo&JN3a6zo8K zn}buKk{TcpC!S{g%LV^?ms7x|%#oW>r0ECj-*l4LUtlCr*$P0OMCn1|5M706+O!57 z1!W_e;0hS4mvtZAZ*Hm@~!5*p{h-XV_#|~fK&u2prBS|+>bRg@>1J5UF$NLtuS!d zj1g<9bNr(=^A%>fsixU+s+LE)0P*J_et>1msz%`Kllc*k7WaKtzF!iXH0ka!Y6)BrwjixNz-s+&lMP`%sY-v4xWt(bk6;>eXI%a@Ud;9h-|E;}0R z5yjseHwOcG*K?iJEO@*c6NHO0S^=y*%XNJIby_Yb;n#N^8)itAhlNYLDo+$qo zzW^DM>#t*!(G!xq1=C2dD!)o!NyII_60sRw;6w|R@M;Yg3!^RFkB^I*X)gv2EVJ>mz$h!osrS0F~6%pJ?gs&P2_ zx-bGGH}X?$#OgK;Z;;c{s2kplv)0*tdnm=B3-x0kAgN&ji21~3w)?a>4jMl_+*aAI z3A*oQ2N`en#W=hOIYpBS9on|Vff6V&LQ&dP?gC2`wlMH8NI zC1^&-o>9-Q9==To80xRBeoJ}twRhfx$2B#cspdzj=)-8) z$1Erb5%GHVUAjj=jRo5&nBt@G6Z*T$ACtv;H85FF`&(T#VslOsTX3 zO@sYB%6MJ^@{B_Agvl&rvqO763sd5fS(Jz&ZK@g6DG3KqQ`m}El4W`a($q{9i|NR) zfeipEK5CI%`_ymPEaR8DuSqaEc0K_DNs^g-Ub%ppMGq`N$mr=0_QNiwnyObX_qA%q z&uo$$>U5kSI~)4c{Qh?)_J)Lgn(Pd6Im~|sNd@YyMP!pc!52UMSEvT=yT)YwD-0i8 zkz#L#Cvs)WEr#-BRZ58-ez+G6I^2?RvB|rRc%6?&5wN{x8I*RsNu_)vTn6KVD)CBg z0!F?M>9JGqi=$4GDt)Y?!S)x8RAWp>b+Rk$>-GLnBN8yzWFSXi>OzOq`x?)|K~z{lX5kvQGuIPHMm`aL0+1Sr=CuePqC+;{lS z2728Ljc}jvbaJvjzoe@XFn$sc8D3<+QvzW+`;PpzxjKon5ly``UjJis142QisJsX` zW1zvy?cnYWRp;5E37+XFnsg0ad_R!FlUOk8ey~=F7#6s8{`9wbe(ny~2Q)P$3 zP`7P=bRk2!A)B5ZMIt70)A72TV*a%Lvq~pk?0@BOz=wb^5Cbg4I)1~9F;UAE=-UPj z=A8`m3w+m{3$tXs<8GJZ%6E(MT266^%iozFnj(4H>eR8{JW1q#*0B!DZAn$VD{uENfLxik-2<%}ddPq{?e0 z$@!uuwWq(meLQNVkl`5?8XDW?bwBWx({Vsax|9nj#=#_>o}Plc@jdBVkdyVRewUBl zmeZc65{^u;^iR}{mt!op*6zK*(RQGX__sSjA`kUc=d*YT!QDW(>+G&efeBLG)(?g$ zYuiX}VBf1ega-enbw$6sCD88Y@I|D{*Ugq;P2;z;m#ebDca`^>Bj#u6A zVX%(aFk!|JTL8lPPot%}(i)Y%*B>68y{wmQ_z`an78l*x)-K^hfaDa=5=-38Lc?e6 zbAxd@nxERhfkVO5znUr6(_8+0ArsY`)s>o&as27+$73q+vyPin0|5`0uJ^5p`+5k~ z=8DfVU0pL!UUyh>o{=b!O_%NqzIc8M&&A7SId2DI!q`$52-Gt!ESF%<70NE0DRFP9 z2`>NO;?=n=EipW=6=$1p{hvMxP*DQJSpv}EiTo;!dP6;XJ2Y?(yO4V$hEz| zw;XN}XfefQYr2iLtT0prRPju*K|NfV{7 z4k8Q(`8`1vnP|kx;!c6rAXG!h^|3)E(X5$mca<~Dxg(SK1jwm*(EeDd;?2;OV)r<20*m#ksOeB}yB^aDWSa~oiWW9rFMCFO>){&nh$C$!k8)J(Oz{fewSZTPA01o2!T>^&(ug;Dq79vZ66K30t#Yf}+0%S(yLr!FZf@G_OsK`vnP(Ja zRcRXsv*)%^gtgRS{6lI+K*b3XU1a3*>SLF$c=YYI%{v1w$}D0S-&sHkc09Rp;pTDfkS4bT9@ZPBk^bO>7n0)YISePRMTIWWnWWE0Ijm{sSs(LR12E(`~V z6I4bqU4$00z3lqjn9{EO!Tk4M5ap!GMdq$wi~9ylMZ~M_pp_*G3IOHf#B{?c-mYMn zZ-xrscaX;@f@Cm4NRukpj%C5AYZvH=XU*8Ov9y0GSAtSm(}=Ly-5OO+g{ShrmQd4S zjfJk+HN#?70Nu!Cr|rejZmxm!$#vm9+-m-_go2HM=F*jc{w<)tss;f`PAr56xwsfZ zx1u*VaL(7No$I2@z;&m*SNLg&K+;KhNvy0@M}hl&_t3RF=A{wEUNA8h=3A}9q2d;- zV6onp7UD#{%&Q@92!^QPw2w&*B2Hr?Emv5a$DKivhsZsFTTyZeTXM3m=63EK5qmDx zMY}Qk?zTl@?7e>OBn^2fOlyJ|YbKmWQdkPU7hK#}%7XogrXHY;FM-m!C9JQ!o4O)3 z!kHR8k%ub*hkaJd_8hnJ@FK4?iEAH;P~8B4 zAB~+kQq#33TjO#F%XQxh%cHX=`UsVL{U>P7!@*BjD>*XuNZ-MVP-nYfsgI^2Ab9I* zTN(PD&Qs0|)^+6&Ym6NOyW5XndW93(qa|rcf%>SBJ9jTteSBzN33z8D8lI2F<-@6N z<94c5E})Bd4#<-tIG8tRSwOKD95@xIa8IARZ844E( z`W=Aiqrn7_0XZF|EId4m4Jge=S5|B-vPAte7FhfZb}hdTmKVw${T!mvEbZ=Y)aK5o zGOI>yQaiHZ-~JGUy4(fL`qo#VBOr*A_XgHnqtgT5)T&o{cX-CCvjd1Bl5=xw<;$ki z#8JtyXEP^nb)+&t67+s*l9ejCYRO?aVI7KvmMeT|_A(A1^uG16&UdNJux`8J9`u9g zT=__aN&gZFfmUJoQtNd@f7=kcK@yMT%CAC7GJb62H&(bRtzWj>u57;;;pWvvB84~m z`YCYKdcwyn$w}o(o#f**K9sqWK|DN>G&#wK5`%%CfQ23~iUPQRkOd|u68+JW{e+p(95(P>nd%~VqA!VQNqD|DP`iWF4_ydk!!h5eI@LKu?M-$6?&u5>Hr z0e-QbB~OW29!}H@tS!A!Z}l$iTCl8wjRSF*1ocAd@y7CaWo9@5^}&fwq2R&ir)z$e zg%Bm`Qwsf@cQ-a?iBe=)q35|Yavfe3WPE(O#NIaszNat@I8Ik->^3w9Gvyzz*R6aK z+6`0zp%JeN<6Tz~H~j>1Fxm&*V2W<@cZ)IU zWWnk4bxAGGMGl9ULYs$7AKk7u@N#0VN={hB95a z+WymLV#TP)d6;UrWvlw_gruxjhNKRLs~-(^$FfZ&M?jd*OKayKxl4EASG#w@%6ssv z7URNgk5^h3M1CYkwry9z4U$3&(%uy<1s?5qq3X0hpeJ33ciz~7y$ST zmnk3<%hPDz9UF0zpRa8!zrz6SI4?GQVzyi6nFtXPdtJ_-??twe1J{q*HFB;+UdZRF z)5!KktQVdCfrLyfk`+gQYBVe7FIkgm*p4dE2(Jv~wRkll98zupJT!3Rf^foU#ILg72TpCSh3xmjbD=T!2{ZI!; z#C8XW&$}SOaYv&}EO?u}ahYqiZcab>8+e*fVT7`aMx0Y~JST{#(Cgx)`^XW)T3A?M zy?L{D_j=K7BcjZNmP7zUH!p=Mo211%T$r_(!M!L2P`uKa-&+)eB1Sx%Yg2NeTOt84 zU{dkkNrDEAMQ>s&&C`Ew;7gokHwfn??H&I*+nbCsUK{T&^Qa9CPNGIk^517q;)5N| z-KnFD<#mYt{60>*H(vdeJuJH%8$)+waAo6JIhA5x5tjX>%!kuZ>Y&!?)ijcuOTM8I zFa}M)We-3-(ng5$w+{h)Lt}n3_(&J?^DtZwd9&TN2i-e}>^(3v8Y2UFeEkSS~0 zrwIYj7o&XlLmN*oGR#@5Zl|kQ3k`qjFXAMOP+=cEGXy?Vj3bQ}D+mg>0}2D$)Z1?E zSjYp8!ymBjLs@>4l&NuBxbM8dS}0A}v|V~1BZDtq=W@l)%cSG-SlhyrwBA@7-Z5?W z6pJG#9rv0HPV)Sjh_13<#!nO?14W~xeqes4EnzrwB!=EKldN>4Y%W6Np1^)bL~T$H zmycA#st#skB8gsv z+zK7;(AQZXiHH~Gy;x?f7$L7a(KhSAtDCkXooI6ROHsXC-UR<787fJDf*{h3b#(mD z3VcEPl&`!#-CBcpEYBUG#`EfZ)y6@)2&*g)EweUOkWm9{cZ+wE2B`SapQo?=DKsMZ9hfi=@XM4{u1Ncn<(RjdPfSo9a}Q|cn?|B zd5v-I7pelM}B>?(wYo9T4S^= zHh?+R`SD@ap9q6Qp8jw8NWuXl7*kUIVh9ryxT2#bM(p19H6HJ@Onz>#QhE`RdgySk zI((oaH=BDB4u(xNx9!FC=|6_G$~~BDCb#-_aJPQz`{}qFkA}`18 z!z1P}UC;*^rTq@oqmJ$^ztn_+!-jb!X0>ibwe*Dsr9M=@}%^HvDrRxC^8bw_h` zLhD>Lj62Y%bw|3568r2DC=Jru1-~%i#f|+N@P(T#mj}cy6gM-rak@AQC!A?UT4C=u zw?%`LWh%a_h$99VRu}=O7t&G|Gl`wF*xgEzRN>|rhRF+2u zAPS;=g{m!gY-r!c>~MXr{(7j&PlYP+kG|qmIz-%?yBiqD!s3sF+24d%!2~O_l}28R z3Twwg3oc0u3=N8KE+T#7z3=DFPvp%{} zb>)7#+1Lssu#J9Eur1dL2@Xrl72v&`5;D~K$iBnMy`~>xk+OMC-O&@^oxa&|rY5Ny zBL-Qwb~EDomBNOeZ{7_%K;$)-e{JIpo)R$+l68tq6u^k-m z+eb^|;nRv51_U?&7svj?w^ieS39Ny7+O)bL5qs5tQU%B(c?Qp1v!m;&3sO^$H6GTt zvkW@R-i6IB zMwRjv#!B~5Rcuf%_J-KTI5V(U*$mLzUfBdv=tLnj&Y!H_UWjnwNbaivA7ly^Dba=1 zA$4ViZeIRM7Tn13;QW}f_0yjVSy$E{&p&CRB_ZW=r+i#Zm2J*G=Y_CH)EIXPToqyH zjeyU-ZxJTb%HtqIJMBr^ec2hKz3k`#Ei^IA<-V{)Trfvt?XT={J>EHV}Q#~$`y<^Fmf)VHst%Y=yG zmC*-niR!ypBRzNeWE~2W zhg4NTI0$PJ7$~bct5S@8GK0~VCl4eMXb1GD=tr-A;NR*w^|V`&U(SfcetuG*vR~v==H^j(54EPqIkQ3l14{`pWpgc0|@yIPX-uI}~Z?az~voGd2pq=8! zBja>)n@Krm5QJNnNQsLQV`KLqzwO{AI82W58i&*XlglcQa`C`^segQP*E>}%>!ECK zO;hyTT}+~el3AN+&1mkdSFtDu%CB9OI7!W?Tp?rQyFS?BM^6+3XS2XnzOu&oYV-K* zNOf_ze1+E)l*Uybe2*3+B4tUM$~1yk*4Ggq6NS8>-nqyHK+sydULjTdh^wy>W0^#? zVBLo9LwTyYGxSbrmn^PY&TZPvJj_L-9TUvUo@Z+7pd5wzJxe?qDXRW z@WnUYOfP;3Ev7?5b)fowCbq13{yS@1+o{(xG5udWGPq-XSOe?OMIizUiH14H$>cMI z9AL!~R^2X$#W%IePuY70^9ied`;wZIguQ<-d@Dtc%{!?uoFcFh!?Z`2e{%ItGekro&;AF#kJuOVH$GP*&~2fH_ZvY0PEe%3 zmpvImVUfS7cbvL_RCGYWRo;J{{ZNfxfgenW`V(6ogVPdqRD2)hkbJl|Lp^)sW6Nm-d2L_( zUDtKorJN7_LR)&?y+J;e&)GcEr3FEEA>6uU2z<3@QQ1B;ap#kc_|ysDOwa46#P z`vUewZT2m&2)y=5@sCoCh^NfUsIm@;*zbr7XStHw0;DJue(>4~0Gg zS9;AHZYnxb5TvkQ*ol`|Y^sT*<^m-?^=zYgEv@Id(Oj)}$H0YJZxx_D)tegykb4 zo4Tc0{sD2QBeL-Y0YBUlfq^4!gtDb>19GCygY=l!EZnamUllW*tS&eRLy!|9`b?|PUK$l0Iyo*YmK~N^`4+3g$W1{Hu|`PL!OqNGzoDCHu7?e_ zi2b(IBI9EH1a+33*N2&_!vqhetmS)gd*e&2kSt4_%n?y1wlbgFC~w2Qi~0Tv)487p z(QP3@yfIkPwW0V_z6J{8($SQ(5wU-rgi+2d-dC8TNK%&&Z;C2xqE+n|$;F=J-`1cN z1o1`|q6(Fjr=@;e%SK{p@YUGqn65)duj?+#t0K<{^6^BC=Oyk73WY}(D~iNekW1UA z_?p&JJRHi{_4PLhb#fr6yC~6+y64+p_%xLT#!-h%MQBrX&4t+aD_CyO20g+n*sw5 zNah#B3SRaTedzlv5-hyDu3JVy<%Yf5w*%?lqzAY}CZn7Hd)E2FbdxE{(aCmJcPN=dkiyf- z7FlPGw7v7ZBjjoksJuQKZ6(wN^z(5pS~%n?9TTD>e+Y zvbJO>B*VvSlG5xm!c|RISv?vHFPyWlh6+Jh752kz=uD9(HztrDKBz+Tu~ppmw&&U( zM7BCZq=qAd9T&`SBmJM|Iik4hrAC`%x)*wj57jF)y`N`vJht2G2fV>*J?mn8(IWM& z*%9A$qx5Kp<+#MBy&g&cFe&W&#b`R6V?Hr1J=dzuA)WV*J$wvWDw31aIZ^S;QAs^F zBaNnCzk6JI_7g7Z(9BaUBEo-m3W9U}CUd=}e-pt@q}=VMwd_<(u0q1nbIvp>b?}^C zBq4>Hew9UR`E}rPY@wiyo0&$44r&9zbwa-~1YU{IXv3f z%e%gxji=M{zFp9}q~Xpe612wJ&sUkdE#4RQ40W-h2gkog{lXd}?l2);R03|x6}=>{ z^tM3ZIPmbA?=Ra<*>~HcrMsMHu2Uq&Z6>d^QNm5^a^aoIFv8i3tK6iKqv$cEc)&-f zmD0Zv)AoS#2?%t)I>`04+EP`v6_-ULtU9i7H?Ohw_LNLPLEOTh^DCSIGwn7;4}f80 zMQXeqThuDD){>>1)uA_oOL10waY`V8$2T?K*B%%;33v&W@NpbB57$Cg64v|d!&p5Z z=56sHsXm|Rz@pLqlC*rD>}I~MNUPZa70i^MeFtVBb%!abvA3SLTI1moVixY8*;wRS zcAO$J^8G-Sb^}rO9H7#YeC@<|xBZ?t0Q7@EkcoI9=*(l!k=;H9$>t z-fYQTgO31${uB}ll4Cm3D#AydEGA+=9MFPj^A*SJ`H_sL#VW~x=iOBlWd9RA(6J@o z4g`5^29p8lI#+rlo~U#F-LrBzs4G|83O*f^+1*9K)UU3&#)K?chY;8Z5Wd+3c?hyl$XM}HYT?HzwD19h z0am6f5E!y2u#WUU(7&sr{(Y2np_yQ@m34{g;Qwy)sW}NBoyPtN5ag$o#K&O1`}@*( z^R#Squ?PKx#gAL4AP?d6cQHr2rp>vMvUYM*l2uxZJW%|22P9ScXZQYpTDAW^h$M;rvq z<`a{S8O>_L8R%3wi8=f^{t>>Z0nPm6H$DjgR4?aStGk@YGse^Da=O3HJ(vPDV1s}x zAM9sOO^rpIMUj&kJ)e>nzWdap6sxsb9?EO`V(d`yspZRN1~c!q@rmb^@ZT1NJHp~& z<6<{Kbj%m^&+D%!DbqGzOrEG?_VrRwiMPCSHKwfRXqPVybLP8mXyt*YDE=-C8B)8x z!FKIiG72RkUsR=?c%Y=?sy*Ju_wn&G$ynx5YhI5}P*GDjvOp-So@(B7cNCvr?^}c# z>6oX%fd*=WRYzKOWQ<)0BnaX)8Qz^J$}UJJar}2sp0kYSe(J`pPa+gj{M;eDd1vS! z_cY$&cj=C`fAS45(%%vk=2wJTJO|MXDh+`z!f3^(UTl#`A;)^yYDMa?lQ;L;2p4{7CsvG4enW$tPL7B$0VDuik(_J9YO;F#LT^+&Xku?D zJE%7X6)aDbxt(t;$87ouXWqYd+CPFqp*AM0`4mgkM6-bU_aNd;cKp;xGckS^C2g&G z`4T!^wp`b77gIJ2L)4b%r~4|)DVilKfRRW}M<;W&V8{Q4QU9&)T=*N7&6hE5FOz}} z=3I~F^A29d&2_V%!~o2^0Rea-a-d?{^>pHVO3D*GncG&=>=Zz5I<1fbx4)Y)(Oet5 zT|iVkFs}0+Ng`+V^QM4eeENsIC9MOGNxRR+dJ-0M^33qgzm^dQ_0xVQ?&)Y9A1KvY zJe_n+dTXZeX@&EsBh?>cjD*Br&B-y}xnlLaj=(|-Trr;%YUt6{;w`z1TKL#?aKuv^ zKNAKR*YIahcU--%r>7Z_(P=g1Bm@b#R_Rolkv!z}&{Q|1e-15~@U z)&vlvb!5V2_&mA4jOfc13PMvg%ruhf<6wLSdWPP%M=IKi zp88is9}pE_t04q-2*fzUe!HYy1R{nhr4rX?R&Y=x^Q9jhx|p*u{t3g!BFn7pz8us` zj*MPVJa&|spu5cudYn+rDK#u~VQMMAVg>u2pir%*4iB|6ou+#*g28KV7V7 zy14#0szIO!4~TCx!~!GF2BjEU$zS-Qu*k2)f!T0mJ5WdB-z1@bUGc93N(xVHn7|(h zLH~RvD2If`NS^yVjdwBm3I9HyTPf3PqKELJ#$|_!G0T^w1Zp(^^OeIY8c*_u%S(g? zT=FpdRRXff6%oL+tBdZbe?B~76G?@GL&Yb58Rdv3cFM-yfV{rGz6p#Ee6MD6y4pD( zw+ak)tN;mc9?klJfDkWm1vF{{Sf5E_R6L_ayhpqT%G{3KZZM4LipESlY!&+&vg~R0 zq*kY=)yNhMR?AF{*k4O;Cx*rC_#_YD$tw<%lebXQStimc@VH9*CO$abtfr*LO z!00|2SAiFL>&qlkV8G`fQ8lb8w67%z5W4ziEKFD97xv?WslabMQCzO&p`NkbpE{?H`8EPq|XNhl2K^tSB420qZvb%S?}=GD-FNo78FPU z?BvmHWAVP>;RI9yc5wg{FgUr?@F@p^)#+$Ile$z|sM&}Oqx(_;{$7-FJu@_lrw@J2#^RSoou0ZS+K3%yU~%-(Mc=TsD+LM@yIKwd=}q zAF=999afUCF@91_TpXvR>r<_3ngVTFb_|`09U~m|{oNDGKseDWE4*{$2w+=M@$!Vc zsceE&p$*0$mLYPP7F#_5y<`sW2e(cVO5SgnkqW)sqp9RZ6SAS9r06+XMBi5egcje+U?{CIs1Oe@{xV*)Yp^c#ZIePh0U zCFBG^4Z~%+D=rH*=k3praw8lYDDUa%6JM|aFTHUu>(vfl#by_q+xF*s{ud^5I6hmk z^n&>Edm5T?VjM8Bn+QZ|$K0xv`Kz~Y%R`8k4zdX%IlEhjyjCW+ydMBephpsRd{I%+ z%ZSkd;1zaC-L-Jyg(@Y9Gs^MDJ8l3NPunJ);P~=uZ?Vx!Ha7K%Xv#~L;7WDLwIkyt z#s2${oU>x!x(ij2o#*-j&23R)_f5?Aw6sn{rgcfo+5r*vU#oz2?iltSTMuz{GlFP0 zVD0GvI7fn(U8@S;-7XpLMhW^nzbdpR8{jyoz#3ImRjlHxLx%PM_^vTB&Eq>HVz|CC z;4M$8oDWo6rPJ7D`hrgZM4^=&tP%tM^iYkNnc1K}I$xpLvBaxAnNuF1lkJaIDJ~^7 zk%8l;C!NWs15IA=)ghG9DHr_*>kV%mfTk-%?hwS6yjt^X01#v?={;t*zzj_%YT=9R zVOS`MW7rL`kIyHN%YL4z7YPz0Ey1c4Err`ziB0zD&rc!xy}ggRZA{CJ4h zospgYElGzZ$rUS*S5Y?<48g^=6W5zkL4XAWhOPl{bo|jy2qN|67W@sUKVWA^CK`=txykM_QroU^#yD#9`}yHwG+*2w?(zOQNhXcmf&>hWM><xC%i7)ZX=aLybU;&4^3{ zaQ@YA)q-5QfK>%q=`S@o`a&*|6Emar@9VHmd!&UWU!P`Sf2e@Hk^@q_niBn1^ zXFXGm0aJfB!10)jU@KN#*lj{L!Zi_Q(;>XQiGrvXgylR-Ct>-BbItHrCY!gnbMaut z!vEiFQML+wFWtU!+I%n+UY?OcvV!q+Ow>cB_npM{aN17O5LpzDV)7QtkMJ#Es4^LV zE_86mKV3stx1UrHLp&RA2xLjK*wlNzOM1HL<(+#8fx%{|`XsM_kpMv@ZEF_xey;fx z^mlI06@mH~>!LjV>fs>v-FUzSH@lp@-d}32x5~WWTxdeOne8wNmM77!8I&gzvH=*G?kx|9{pBuvd)u$s8q< zuUM1WpZ0rzoZ05A_{kQnmuVL`Cq_08LU=(;YtkWb@?ZiM+aE)=Bk9~~qms-li00r9 zaddld^Y36xvKm|{IOq)cmnp9p$T|6p8yea57rqpqX8 z{RZJF32%;Wz&l0sO8x(6I?J%A`tR#cz|b%V%Fu(9gmiaFHzJ^vq;z);EeL{u0@6x~ zfP$3N05YV2bV+w3-Ou6v{hy0ByyD`V>zwo5d#}%0+hKX#{8?u%GMoB=zwU3@B*j=! z8`|^@%XkBDE<{ES*s&~VD1$F7g4Y!z1<mP5>p`;$_5ESmV1}$_Ozq z*FR}IZXAwQJ98`P%UeN__{pie>&zQN@rJFB*VAquKCNl#30rwD+2Z6Ps7*?gwl)@I z@~-(|p2ppX;6Vjd7Zmj}?7NHmXG;_h2ObJo#Z12)cm^d0-cM;NWUiS-Y)lNxxH#b< zoZ%rt{D>(93UTrY0*Ii^#8K}ShGBnoQ15q;C|cR zJJl(?X(R5cVWLkpW%mCoA)gcN|LzoKqV&Zr;J;kGmAq_KuA52^Hp+0qSl2LGXU=+B zcWxN*3(9gEGZM_X+3=3<7;)rr1RaL$=50B;XjP9SXxtjiKMcEG5LM!@YJV~ml79LW z2qy3r=OHqG3a3MnwoTzu5-Gch09>0%#2P5VvW}R)3J*->4*W~1s;aT8?5KrIN}1Px zCZdpk*hV60NZZ@~>u_HQ$f&9Whx=YXEs}BWL1Zq0Kxe?g=qW@lLU84l0?^QS1ixb6 zJ&efkgT9t*N|t!9zfvt@gLq5fr*9fAnR@pIdD^2~0%ag9nYgr;p`92I%=rCxs3G+d zCM7*+Z8U>VkCl99ogPY%`1kK1e&>1LgvQ)Lvs6HHmv4WY8-3qltP)!?Kc}PK?#8*h zltbPG3(YX~_mJE<>A2zbDBg|~CE2e*5epjVPVwak2`fc&)uK3ropC6z1NqDF`vaaz zC#>u+hw^&GXj+8u%d`P7f%!9Fv-M#CkYqxoj4DDKX!;Hp0p;!45c)0{ri@x8r{dy! zFsE*uy)Ud0@Ak!2DAte2X%ur3R+O2Gj4V?;|5T^kBm5ci+w*~tA4OE-(7GdFA-R1p zwS*o#j#$oUs@kEb-N-ZV0?Gq?MC~b?ge`IRs9*cxrM6FFyS)GS-~@B4+IHQg97g=< z$p>z;^7cfaSNwE4e)wDVwZ49g-)?#1KUK-|R{rSLE%l}?sRzCmX$qn{KZdcmD`YyZ zjYDg~DWYsM_qiLpGbF$WAb@Hlnw?`;VQg(Pw!= z=-T2eMW+O%SPEr(o1JmmNo&n#ZcE37`woPUJ?N^0ECttix6B7@rz1~pMy-NA+ETpW zWMfm&>f8TqB?EaI{i3aPltNENw$4RH|Ab^w%@>SmBx5os{6%({#KbKI$S#ox$hUXx zmCjhXAl@r1$KekN;<|-RUuH^3rxt?=&&)gQb3ai{)Hr3(l;aAg7hss@RIMC9a>F$` z#GB}S@yeF?OOmx@4B>JIg&Ak*v$A`*eBcbyMm^sID;t~5Q*!GFH0dfv9D6|M@a556 zu}Ss{LO$c#PV{fToy37L_QuqIgE{NtArQSZdL?$GM}{SX?IP0#T_A{sodZkb1t|zl zv$fe@fAE8KUAZqrQatNs28kTR9dI7-65I9xCCvtY!;t_kh;3>VL?pKO(42VClM-$CK4Vn${wO6SultrP0O4GzrYvVUFPtyG`VNiZ*K6XbJuM9ZP z9yEHl+nwOi*=A|Q4_-_hJ3$~#qowj60v8+xj{%9pI9MSs59zG6FH*Z-mnV_3o_21~ zm^0H;3_7hTBpGWiZ#NpKcWSm)-iZDF#&jL$CPf?XG?K)>s2{p9JzWhEKn!SIEKmWo zvt)va|4)jDyN@@^{ARrP@1Hc|H7oe09U7<^Z6XQ#^_42rSLYk zynW$i{T`9_ADt)K;=PY(XMVpXuU(&4baGJo1lwl;A!Q8BfI-JtDe|663awtXz4_u- z&iVqQq0dSre~HS6^Fe}gs-_@t9I*@(1(AWoO?-YU zrb_(~;fHv%Do?;IVl#4{`-M#oMp_rv#Uf{j^D+cx9GUTIq*zDnJ?}zvpyT2}Entk? zdGfmUe?=_y&E8u|e#Ig=*xA~IJc(p}6(jFb0_i$=B@^lHH=Ey7JENh0dK~%k=zT@Z zQy@33|otiR!)nclte+eCI zsY5MEY{o|pyw6n+Q1#XwvG@OBs9o0mTW)U}h~NFv$hpA_SP)<%e?u3asPe$0}71 zl=#=hc;}Dm0$gRr47z<&mREpd>9?j}%Jk~gfvRDN&22i7!mY%q=E4PnyQG)_WpkCe zH))$Qnk?qa0iQK*;{gSC#X|SU#GdTe$`R0~7$cSKKl!z2zAg&EBKbGdJe`-#M z&%(PIwQgdqGzOi{)K{~E*aZH|{>UB}Pg-L^Udr~f1)NQUyA6O-EyX@Gs&z`8bxC|! zX*TV7?%zt>G?3Fi&D=E>_MFc)D6f>0e8-+GH&-WX%Khp1vwt0xA}UjQX7^%;S3X@2 zTRS;71~yokJ)c#Ivh6ubZ}?UBqE>b8vt(a(X3`4PF!pt_)p5Vbxwl($X&dgeP=V~*`C8RK#D8mbicXZ}frCkr zy;dJ80o%@$%&)G8)5NndL^T1+39H)@-YcuF2l z%XmMW1mLRZnm}++qeU@vC|6hx_Gjzr{P0-)#$!OT$a3}%{ZDLP^C*Nl_%q#t1Y-Lr z90&bsrG^9v)&`r0W=K$)fP#3OdFgmjZdsioQA*%bA3_sMe-q2}y?GMevwSN>Tmtiq zuc|2QJ0^*a3?u1f#1qH6SszRo)b(*AHBKF+hRZ-~^{TZP)7AN!wSyB4{YeSX&q5QF ztRR@>QvENHke%xBBSH7CcEg4K^xr<0;a5R&bIpoCoJSkOO3(+l7vn8QX_VsT#At#w zh#~kR6)T;IHmyK3R7OkfyDQ8=KgQTnfb z*DnQ2ImZcyit=Bky!cLqTLjy_y>hiT`0-K&K{F#1xSScVTkk(c0VQsI#rS|so&_iZh zf`kYw{5&_DIElYsL_VCiZ`1Nu$mw4n|EP~f7I8MaLQs^ht=0-=}QJVAA8|q zw-1)5l~eEU<^Q))l%u-Ve?#;%E|Ac6N(?)k7MvSKNCpp2B*sd>m7vMAb2tXqN~7>V z@p&8f3|%F$wa42M4W=iU4ug7hL5PbrhF;BNqyB&PltpWH4j^rGce-rCHb22H!qoevp{{o5y3DB3TkTWow`Z-|34bQ(%l8nM zh{vyEEHR0#byy1KHk7$2BR%=tfG&pUSC#~yq$CK^n4ir5Z53%F2*rNMLix}Hmn_{b z-s>fX`ZH-iPEoJO!7XA;5o7{i{6VUG36C@T)prJ8jeN`Nyx{LjXE}Cuwv;d~LxPcn z_+Zh25p{|a7;}L~+W{|%iiz7V>2rFq_7%NHz18TFWf*4IJA z=rBI7_dH%k6IX?gfBZEopEQ&!jWS@9H`%!#udDs5@HI%={A(3F7$ppHzQV=SklL)^ z=`92T36q6}1APtNBT>>OX+M3XLH6LE^VMNEancNNQHcZ(JiDsmod4vJ$~nfZMS?r( zpBdi(xo^6mYZ2ngVYQ$uNJJ_~QN&A)9{05Ks67Z==gP`UXq9Qx_}{c2E=pBbf#3AE z{UDxHj}Ci5JJD~%wHsQ!wi3S2hx&o}l>v9aM89M3 zuC-#yWN?w2M>lioI$!&$X52AAM_2Q9){r(5l-I9P(R!QPw1V%YiR}O{czF1;FSI1w2RUad-rEn7UBm+p+)q&+@~p*DhLPz9tal& ziGc10VZ|_fzd|X&AK&|lZU|SWKv95T{5E}qu*!f(8MV9z#(d>K)~o{;SjIulDD68d zR@5L-QR2^WzxW>=YA|Hjo+t=X2M5)vBVaq=rt||PpE$~(Jc1)4T+lddfPWn36QNg^ z6QS-pa31BU3UqWoaG+QzGi11h3r@&5h$)U7$zA&-FAbqAs&e@sHFGEcOu4cnE*c&c zO5mHP5J%7Zivr#EHG_N{Edggu?zkdPqRc0GHXhkSciA*vbP!pp*33kvn%D2P`DZ>=0=CtdOl%Tan$3^aY4A#aN}yCjf~+pT@eiC z3X}^Xdnz*u z%=%RM35XLDbl%GLgf-()EL?&U!m}j<)iWh=Q^7>ux-dPyo9gy^q*H_+ zrirGOtTnszY@{Ndti_R7J}e)pTh!?c)K2rBy;!RAGpeuUb=ncT5I|R1XIHILH_^KN zutSgE25J$uWcPge_c18Gmc5e{Z!PSI*h1Q780z&nA;L{*5wVXz5pqxL5uvc!a16sp zZ#q3R39V%CeHKK11^edv`nPzPPTl*oNG?GJ)`-K2Jxr@`s)M8jtzD#7uT96fur~KX z?hmQ85y8K5`My2qk-2?ODuQ>`yeO90CQQGlfB4tnkDI&J8C`p_C7?7->9tx(DtEnN zxi!%K_;19|*=(A_nd+fevP195)kC{mw3V5@yu0I)ll;-OS8z*IzU6exs7#t5kIN2m z=wRY)?0o#r4t+Ej@+JwL;M8)gepEW93RPUfrXvk21F}DZMEqh;b?ABju^x z=cvGJIKPF%-ekvoW>h4@N~eGni_I(Kwy9B%nV9x9)&c%1$LoKeB&&$~X7^<=ZpO(JWU z*!8f3XAhX>uULA))0!{UVNAJ=pO!pNHk`kzo9cX295(8lJBh2F_PSqnVlYPs5E3O+ zhIPEsU$`X!Dn+}~+SOJ=Bs7^}V#bXy&{mygCAS)LKi;^r?#)ZIyk@wJ?~>;L4xaFK zO&y&(p)+J=RhfH*>)TS&W)~++9ZBa3R5VkMiBq*-7jQLf^Zlh+$~q)#z|rHq^o62D z)Ft5##tcTdtRPPmZyE*n68b*zsUik@F<}i0BbDz3A~=$jpy$VheLpFLwlRSi_WRG4 zleIjhtY?mu53D-=8{i{92o9DR9lLh_s?^-6HX_OegIJpja9dDk1FF7)u02}?R%u1e zyc~_Jl}#^*6zXA8_&?&>WSbvUS~Bt?A+7e?p*MFXJExy6F(~R)ehww!f_*rX3{RU zn)NEM)8rU3`iCj45EZz%!Rn0+^AX&53OFoJ$gbhZIJf_w z*)tcolkv^_UACV8N02CFz-Hu0-fn#0BB;^dX7`uitCk~DI<{jGCfY!Lp35-FJ1P7V zc3i(HKC@lo_4r*%goxd9VIAFjOSCxb&FR%u%9Y*^zK9&o*GYs)F0~QW4}CRF8c~a3 z8|E|=oVa*D2x^JeRs%4vi07h5(K_mJ2=!V`hBa;pEE1`++$zJObMRAFn};B6q!T>s zK*KkTbmo}U_?*<%+459C{AXCSG-lnq#%tisHXTl^5=t6O17bqXk_@q7@RdTPrNEda zHJr@x>nAHNoF{ev6I>c#ZLRxT!Nd(N|C?Gn0N_JkV6?`I`p>G|E`6;|%U@cZtbcI~ zTQ3yGQVVr32SiYgTsFIN+TYe_J?nbE$N7QsHe&TB%j3QeN-dAY?I`RcuWK9|W)3@~ zD_!MHiyLaL^{Zf}(iIMZ3Aye?wcp;;U%%9DIa_=qMnt@Tliz-)?e$-)eZ2+p3``57 z$uvb|4{;LJ(rAVN1*?RGnTFpcuDtWBg!9d^2uud~o7fl}0ZIIVJEQ>QOZJZjf>}DA zrYG0!fNY*JaaX<&Uh!6W7YTAl)2UzNR5V}oyw5;rVVx1pG%;UoZqGDL$i zPfQ>SsLL=YV4Zsct@yJKTqa-Utg|mz#1k4) zGm88d9x)OUTS#Cz(+v$Q{IM-~3RPECPvemd33p8Za$b;k%0RD7{sXsb_(r6za&^}- zB$+M$$^)M+5%8*5VlBL6BABy;YbR$9nkYkKY+2@9T=@^CBbF(zKXy}}3cdU00)ia2 zg!4MR+-3i4ujsSKn^h3<#-HzM#jf(Pv_N*ge8X7kyKA)=i#Oh>U4hn)Ez(ZOaT%4* zFj=Ed7MD^oWSOnZGd%6yy?Yu%*C_nA4E=V%#h`H?gWBL{uPj5wQN|64H}9q?>MwU2s$a%0 z1Oa2#9v~fN&EHOb7pI;<@%Bzx1T){8W)u?O^oSp<&)hrG`aU-sSI4eJIq|ln+lKt!Tl*-GxHsl4ZM^y;H#1O3N-Io&DC| zNwG@?g2~C3BXS+LwM)x>6z$!UC@(geeD&#`QG-+J*1c56o@Ae!nMd3=KQx;&TJ(8_ z;+H8N^p12)AAQ$K`SX_Gw5SKAgn$1mF{_rF|JT^e!*f>~Hh8Q5@LRdz_`uQ&lYA6@ zBV1%4Vk5)q4Zg`f%ifoRKoO6sqgM}RzrkGAYF8GyuD3qAWUw(n?g(=L7#5FFr7D#nw!uU!)by>)~o$l*X*Fe0w zkO1_Eh>nc?)+0bUboeAI$DC;wEYp#7r`?PBM5^O!`T+@f#tlD$=0kCg2>vWHu{>sK zJF8ceQl6)DZT4;4KvB}$N?wHG{6|v)N)h0X5wbwX2J*;+sTHQ(=Xh3UV;*v`!MY=h zs-=d#VP#PG`VjfmZmmR%@BHkL4y16J@@3#^&ZqfMB=zumy?KuYYI?sv#ee^F{*R5- z`M(wG*`kyT2e<6u5nH199l8%|5_G?(eQ$X^1}x<0Sv50@TOqrQbdUN_$)jB+jeq4g z>*)^*Ej|0KVh=AN6$qET011SjbLK#}hw<$0{k1hiAojoN=d3qERIAj< zlV=qk238W}4UOOvfbTo z`mwILFB+Fo-Es(-mj`qzuPc~YkL(_KjIG+6zf{3@+cqmFG7y8@Idow>Jtpd*P|#F7(`p_hYtfb zdsAecU&%o9Y{rbC$WYdU0;txp)BnNyJXFQ8x96>KtRr4-1h)V`>ZSZ~SR>=B2&e|t zyDQfPV)MiESPJqwnY7(XsT+Z6W2n*pZLG*Yf5Jnzk6a3ote^VZzNt>F zZ{Y^%TdEx$13QXkWrnPgnnRDzZos(~l~Cb;6Tg1nw`t0}VWApAj73ERr(S3Kz~N`= zLEJ{>>ny^3ZH{Ja-o1Y|A~_>An=*d*nVEptk(4mZEoa+r<4J3M00iTU@6wdtv$chg~A4 zR@SW1jgLh@{nh@1N-MqQtDk`lSM_{K;aF?*GwSpK|K_ro9{;KGi%^0fTjg1O62;%T zuqMQB<_Ft8bSb@w2Wd+bT+}%!ybyKJCfkwx&R2@2;i{q=DKGc5&wO6kxBKe@?59xt z?&a2bD*VN1m#K!JgE>$kyRT*W*q<61zXDVAwMlgrTQXk=qNAJc&ryAA!I`_jTYdG! zW<7jEdc-R{o?bxlfsx}3w!AffNbPn^Wo6oKj~bYbx?M)}nE=|`PdW@Oow?#!6GRc& z7iR%_DFcy%TdZ>R5zhhGXE`>BNW|pUo%{r>swuOqK6u@Z{G}Y(i<9aYC#bt{?+a)R zOy^qXo%}YHM^Uo*$WOsk2l~JlX{1_|z06?sK2O2X1gH95RPg6Z((@ zE7yiyRsKE?ONJ_nCuJMII5rq_Fr?QGd1kfZparQULlUL<$R(`W{hX0tG|@+ZgOE<| z4Zx5(^8y>dCt|CxHQM=fUG~Rpgdwdky*={iYZG3lVR2_PeZDN`vrl@^K&$5mU%`i& zRVOSo{KwmStr;Ia)k+xh$#-2O%7hpo)b3Wy%$l?@ee7*kKc{yfeWx{ea@dmTesNB3GZLGa~=oLlCc zpp$gCJBpVC5%KO8$b5RmP1FeXtJ$aXy*XbK9E7yoTVUSj1>c)jbpe5<^fV`Ma-kTZ z(@<;@$ORfM+;-jWYV(p4g{?&679sl8FB25a^W#7YWQ>eJOPoGE@~l{2yX&e35T@Xf zP7&L9AKctwAmyq&6pl^=7|@B1UJxpZA_hDMlHZpy4}5)SWSz5?d;o{Olk?~~E(P{`eh5|?6;NOK9)Uzp|4#Bb{FTy5395$7ZI%-r^PjkU zq9)wXHM5p8WUILPY3fY>M>FYuNNazXMNk|kUIuL-7)q}4GW-XYQFXNp7`xij#A7V( z>Afe{*SN^Possy@Tw*Px;$OR1(l(vY%ZtciasSt9KnLnZZ(&p}%{?k3at#}6s$`6Kvlo|9oF=yT3&A)9#Z6Ld)0wc_@wSBppHD|>7sb@G31oQ_4T)KozIHz!5=|v zAjU^HAP9WX$eMR?!<4jH#TTq7VabpZrmci#E2m~4#Nf7&X6r-gIW9d zZQg=$b8#B+K`OX^c^N1RiP86Sac{T4_#kro*uI9{L3}fI#iJ!w&(!wLYtsd(8EWrm zythS1E}VO8_gZUjCXf__&Rp@EESvWGB*uZS2%55r&hAO&R6Tia%fcoF>F~%Sye?oT z&+9c6KB$jP1w23a^WB)e?g*0Gvdx;}9CGhnY^|m5*3Y1tM4W~>tpD?8{wI!i@I{N| zq_fYhK8e|SW&H~T3rrC+TYbM##ZtSHovSxC8)3Oxhwad4$9CrKX&*w;y7hSQ0bmv+ zI-1efA!&~maj=oik^%D$_Wh72ev@bY3!#tb?dyM7XJdKA>ktn^g#QpJ3BjSel2G9Q^|8Sq$UTLSsF4})^M;ZTU8sGc*`E)$;^19#I=5{zL2(+g_T zXamR1+o5ovrd+;)iId%IR!SflqyWlCa)5Q9;qb=)rvVBoLG7Ez^TtJj3RklA1?m7A zh|WVHxF6I|iqnBvm>`L`d$?`frrcg7# z?A+-)@@s&w+E<=*U{QOa;?zp_zA2Hw9y;MoO?NBpCSD%sZ$?4SUav=f2|lGcb)xy| z7uw2@X>WJKHNx|w3QoV^&F7+WksO=`dAJVbonWh|T{*?bTKzK!B@wK2N7`WdRaiUO zrI2TZ{b?EOi!osPbMh|0CmQWuk{i`wIwAx3$#=O`+6j4;itjum^0s>?T{NbEv9Kf+ z969KK!#N+`T!>aOE4nP`8F(SuuQlw zNE_3nh%1TKr?0)e8x3qF2PmyFXNzYG+ZLn#Q0CsNx{Y|K9UTy^qbU;8@Nz(1oPQq# z+BIc|b3qUbqT#Lhb*)XyHy8J&7(hC%g!`OJyISIn1E^YDTblupZ)s# z`i)*TJ_WlL#1{v1TWKo&B9&%LZePgP%#Uj3d{Q+_=wJq#VNV=-QG)l+tivwx19^qs z{qi}}VqBPB4+vXT<9XC^SBhnTO%JzPEdkfc*90AF;GND-==9KyPBW3C4vgW&1djh3 z4VQdSLRGhsraLI5+qvdq3^eWYdlowf`+(m=k(oQtwC!2gIOr$A1Ei}o0SZhnc|up` zfVpkHmOLBR(J1AuG~4L3;u()`#VM6$a&ZNl8_I&Z;)>nogfWz8NYyU<_wn|m-T=mO zy%mgt>%GkjcZ&pT1~$7jw5)u1As|W%qlcxkLjNErc9%Nqei{Cnw-BlWgg`109{z#s zsdPRwhnw5Pn9zMtIT0~d9ofFA`RW5jf19v_kGM~9Rs&b5CWM_dj5xpIF@~CfAl(M< zmGHxwc~*%?um}FUdV=5OD1`!FVS#iJiZmu$vzRhoctKimx z>Ex_0w|!^M_-C~$Exz2c>1%J%$Q81_6_TIbV~Re|!x0!Fm_F!9iY9qEg2q(pAJ7V@ zYiXktO8f@gDjCv(jcT7V;JIYZm8qxCx?RdE%Oj6xK2H99G>C2^@*65pi4FeH=lVCt zQjacX>-lEuSc^TZ$)`$gDRXk+;YQ1L2Yxk?KBG-4rHD>GmtoL}$WZrhp5!+VM!=Voc6u=>f|5;zU#M_%taxwPQKNk|DXbXr6W zn4C%XZSyKJRH3qe-O!!bbr|%u6!|0-RR%Rhh7eTL_WUB@gT|8DEM5e~BPzgzG!Kf* zY2Gn_3_P^xIlgsRI_fjwNH|Z_g+LV|bU_TR+?{Ej_;Z|b<1b=OUBp~ZbjWIe12aV3 zFzWE*LC?G>Pt|f`I37h_`S83?jhl133W{`hhYqlAPum3UQ`bqC&TeM7H-geSe572A zSy2-JQn(EniXx&e)C;BpxTqf;9MNlESa4hJ2VX|e9W)>%a6joupn|)d9}#>!CVEcv zVpmL+YUUuzzDR`G_{Y8S_}t6GQS)Ps0#lvr8{2bx+qdc7Uw_w#!n9pa*EkAn-w04n zJolS)WJ@f0Q`^mkj}*z%+Mh4q7%wk_4WdQ42T~3CcRtK{M#%sGy^V_3u?@BiI{PW~v7J|aiCzLro9cIIm#%8GqO_lL^`3z5fRMniyoMn3Y z8ux4Tzv}gbV53CIjwiZFsf-=i;#OKOo3|%TihI1bEUOnC)XJt}bUApREG7>#b5)m* z#Bx8`^NOU}?@Yc)|K3JKGrtX(`A&)>fvo3EN{*o*KeEe!iK6sZmpLS9w1nvk%^Z*a zTG&WxzdV^pHh0XJ)YIyOf*B;LKNDIGBQj?Sm*i=%Ra%te>)+!4q0|F zqVuSQ+Wj$%(QK|Pbj>-kCMbTuAR2B)^-oPN!4aBo644HIp^?zuk7X2SW&2Ueh73LY zIq6LW-t7#V!(q~XcL<6gfpve#RXuH-`0D7L+3@(b?s9_EPo=Im6UiXh{0%^-PP<2+iy&cMfRlr2MacQf z3j0)8t^kT*L*=!WjS%&zrcWpywXlYAxw1I6QA)$$9>eAFJLr^fqKN~AYU`KDN{7D> z*?OKoX0Cs6|5ajX#xK?)731fHOahL~D!&_)-M6HYMn09!mYZ<@;E&(6j01u{TX2+{ z(mLFAW*WdNw@=tL=x_$Zo`|{v{LY?RVuwL!*ORbyJ9Jyy0jMRAJwB;0UjE z;aevI|2c;*rm_EgUJbCW9XezyWvkTu=3T4OeYf+!v;u9?f+?ZAKd2(gr~WLaY*tjc^vGtp0VWDE8G>E+WbLL{z5tV<@Mi&s!LU<4Q9@SGT-MP zYyxhHFM^f~TgM9%u(6crcCxHU9M{qYB|vcQQPq6-h1tp19AIRUDr^45MgqxK2;wAP zv+3P+qGs}G9jM$Xs%6#*g|X3|8hAykK0j?Q@V=h#K0P`LK<~Wo(CY$My~v+?82n+v z$ZWC1#q8Mf+z{|hTN;_2OnrsfhrvJ{6+q5p(@4ZtS(l(#{IVT~&uc5Jxi>KUeI{+B ztjetSWP2rtRscl`aJx^S_gQ`CU)B1$nK-HYZDEW_=3+6(0FD!D>owV8#N?rw&U-92Klw^HmijO|g-`%zjF~p{>>A`Rpsky&_4XuAO zy_cG~UQ(LIbtsVh8{6_M`BN+<(2SRm^Yi5H%;31_HhR3t{~`UHijbZoMnfE*4szf{ zuAFGBv}n(|VZ+?uqoUHP$u?Vp4%?wFaBbJ^e!=s^yZ=JhyZ_o$w}JS>MRew8P`G@- zGr7uIz0qQKq@|kC6wRx;wM!>BBE(xllVQz%EJ5p2VaZf7#$&qxk%ud zE2WrcF^#i)Q{40Isc4vQwqajDv=gI*yw$Y%ZwqEV0dqppF~yokwy0PT_K)!eSOh(L zVlIi9D$_2?OqH2p$bA#4bId<*l3O^kb8c`SI*)by-a!y}XK~9%X$KRPAxv z%r$IFb;C0JJDJ!1(KtaG9u z(_aX2l4|*ZSSD>!MLU<+?<=i#C=&3RQdq?pkA-|;do(+NT{IHO$CfZN{V^e~?$^}4 zoR6H5FTA^Uv(A&WD>zjQ`Wy8tm*0`(|IxW-vNUH^`4TD#cnd0PNEj*U+7QJnZC%kC1QP5HKOVANaeSfihU83scFtl_qJG# z`7%1ys`DtJ!2F!Bo5uh92)%zEgmS3&M?z$lObAIMXWDg`K214s#2kbxVK$gVa*3*^ zh>i7`vc}B!&%%u+yR~|G{f?h=|7TkL6DuB9L+5Q2iA@a^Z+eymH5&Dax zUAo>biro1(8xHyQ>^trkA=#`ALN2MW@Bmed>j{1-Np@C+$Z#0Zkd+n!hsB`2wtT$V zHwJ&F)mj~Rved?G>ZRck^Q@u5b%3esO<44z2$E$fwwwWJtU=k9x z#rBU&M)OyaGLBs?p@H)ei^vp>Oc9-MJ8SZKA6xS`Z*?p5akQeZKJ2jRaN8X(kaOr# zTA()vWdZx`wF%Co4e||<0-*@@Bn!bjpC+KuDiSO+wM z$wou#H-D0qY-GdJs?&gOLIyz?ld|MRCI0DZ*+Rf9F_vEWr-u@``hN8hM+Z>;!< zviqe5R*yje<7L z2P1Wh)YQhmfBdn)@%SMfwy!(lDcwKin)FcsfvOQQqzCN7M4O3n-O1bI0;Z-(~N;wXJasylhDl4~ey+5mEhUCc;&S4(qw1Ggkdq z`7)Tqlz6<@!VCa^bisb?rK*wo$Kqc?Zf~a4&>&E&DF;7YqDz0KDE~xZO>mqYGUax7 z`}W(H5D^fpu|VmrMVR@SXDJg-H6-gt_7I=O_cBh(z2}Xzn&}B_vi^oXy~_Oiw$7D8 zNvE;SbJnn1=bzWO*Vjt}pOInQt;CNN1$fK~Gg{2xC|2=K%A0FH3= z)Ar9zLDw_W+BS1rDnto)BD#)Kx5E2*<;Yx1>BFJv@}a#Q{-m_3H7Ec}xN0Ny02CRR?rjT}_e01VK!>XYq zUBXW(GTJ5mKJ0y!)pe;s_n6AkeUerNE_ZpYpPF{VN*{A>;~agrV3Q})m-kY24L)WD zyYxjcJY7AVS1~K>I}hNo7W8wn3I6m1XW=#dk@pT1hdAZ@a4mr7<-u6L5wW>4{gGhM zh36VWgGsx9_MaG#mi;I0wdmp^u^P@sDm22pRm3l#=A#Yw?c}l>h%w;(J<>zTgWYW} zzQzE{$x63c$KoavFm_L!D*{0${yI_a^6E)f{I~YR%coPz!1yr6P{S}6Y2l)AL=;GQX0tU`CdM^jya$L3PD0qH%QDNcQg}%tKa%r* z?C6#IyO(BHI`x$5ezPcCethv{^GK}HnATR-BAFP_RunpfY_x(jY_+>+yp8(cG*L^Z zz`BUPlK95G+4WCrG+uCu>kGa6D_YOal=p#2uqW}zxvby@Y{Fa?G@N*wopsv6;%sm~ zeF0E@zUaBN`REwsk)R9hB2yd2xDHx^hA(9Mut{wRRL*0pNyajXPDPn=K5Z??RmMcg3Z5JZs!Fa zNY8rZlYgCC{OE^%gM4Bwplmm)yhv*fTG4n*`6$apLVxqb{>5sgTC8{P$J3&&8EVs{ zm4QHZQG#b2Z)w{xFAD9|w|SC@4B^C-0gE?3r-O)9tOp8V`H$)nHbZ;RE0gH&3b2ZK6VJ zcNCQJVKx_{X}NL|LSFO-pF68KP)vMfp(ITLzDI$opVYw2=aGE3s|MED&%K>ySa!H* z8PYG=PU(sU8cV&m9eFO>gK!H5=e+PAftV&l4?VhX+!{^YM}*kO;`6)oo-{s|@is@wTlX$v1jBg4ew#yFr(jJ9PRqa*i|Lg6w=JLfpFD zHl(=kKKsqp*zn3A8%giC_Z8jWn7MnwWG=~LMf6>4JR= zJOVFDjHq0NSFa_t6vg2$O??+4#Y*3>d6+do;k%tX!LJ0(C8Ufp)ImUI17E(<@L=|% zu34%A=AJTn@t*U`QFZ4MVGyI z4UTq>)0g6dTqDqMKHiDGi>=ft)6Y_7q?Ef;X=OzETC53LDoIEEkKa#UNbQDgtVy#_ zx17mudfKx|(zh5=(M)I*?7S&anoVZ+q>L)ywvewNlBAh$9-O-nR&6J%4Dr<|$bD@P zL-I86^Xh{-vmu=9T;uWg)Sss+q?ZFb^m!EB*EBw)oIr!z@23rqZg{0^E-_7to{F#N z^B8T?2L2Q!C)?_|p{umz#1mn*$Q()w!2h)vCTDapp;UPklQ44qI<j_C&cEk$IO;#Fg6v$CwKiOLl#M+18Y(Y#=vOM#vOffKn?9zzo>HRedTsRo#CGXBzO&N{M5@o zJT7{qcr&D$RUvM4K(_rss^^iaw=314Y8K_Gp560(67u4Md_xrVg$xyO zi(=AqPYNB;WKvz~)hj7k_reg)k}Q&>Dau$Pl~8QpS8c24CMK6zCN>(^MyA@G(yhx2 zveXoo<7m@I;sxUzRS%F(gwF~9nN5r?(Q?mj04vA) zjW_D7D6HeH@$m)hxxmAC0;XIGQ`77~Ain6o?MFZ~#KXO&HAzwECS{ zGG|Il9JwbRt5t5_rXfddOO*gJRCjit_1F&n-GCHu^Zw{4RovDiT@0FxP(j|pFb<9KJzg8DPr(EOG+UrgWWTrf_!Z!$&cOU=d(tOY5MOiOk>>iYB;>p zh22%w*S0NcpBXPzufbWKTZGkgN3CUr9OM4ut2>p;e@I5_i48JgI|4BoTjp_2=F1t( z2sA3drcpc&hyi(_x=KosX2RCros`tLQ+Yi=!tAl$(eurK>D?wH6GK&G{@y9~6fMJ?)}_KS>o++s|tst)d{GMSxL?N8hwq(+dvK?bOaj+7qK@ z%L6K->oKPH!Id>fx^_?WriGK=4}>tN7`o&MoLWe`s}*t3~AL@JzA_7Edkw!KLN;S!Gq#%7~uUV_`*` z819xUcRxV+#m)`gj|9AW?@N`=!hqBfqg(RFE!mkCa(Ag-@9Rpk z#1a{zsoYL?Cn`!7eP2!K+?=lSi$#De$5OW^o75s{NB;2NMi5wO1(_sG|38|}GAybt zT*EUA-AG8Mw1jjsgwhRzGzdtCASK->N_Tg6N|)5oE#08BbaOV}Ip>;x{NZBu-t4vB z^*r}|F=v8Y|00IIe5flX4-}AQMa8`7n}h&fxZP8x3a^Z1E?&mg=6&7jO^;*0 z<6Z-Rx9L%Q8Q*-InB2KHsd@W=tR3;BYe6ArmkY{9jRvNkMugcf(uG_my%2YZ-q;9O zO}+x~H9yikc9Mmr{Y>+q^t`(2>M^h1S3${KhPj9c39Tv+rdBF!8j#&z3RpY>Z^Mqq z+tTMYx~`SkF!jTmu{g$mR~i4N`x3MaA%0-w*GvZef1i-L&J~4k*L}kVGoU1QgwZc% z=A`;v;#)#oDrB9P8Mx^s7>0E?o^H&1g72!Z%AXf;UZ($bS)P$CJ^lsKXHxisri{xb zn*g{mm!>T~v`f6^u+m)8t1dbnZmA>qNVe^oo+mda;*U5T?3UF#7%KZ^4yIn|fRafK zz96HRRS+`tj-j==gYGP!fBW3BsmL25CV3fT84naN2Z6hq0r1^c&k>tejDV1Kgu=B# z0)F7zCoUn0E1Y3u#Me~>j?h%@i?(2x-;Fu2`d+`1`^%{cMuccycNI>a{9&b+3nr(2 zo^(lw>uH-%9q(s#jSzoWcgwf;^-5BewT-5d>Xl zw6q8PQ7D;m-~A{#>5uO?Blvhc{?5l~2ze6fZzrs6tD1pGReBfAE=nn21Yk4gkz(+^ zX*9YC%k59=dmcsM`9~p%U<|O-{K>vDe_-rj>0E#1TUcJR$$77m1x|&lTvryu3e-frS}gS4J2j14Go1$9xIVrAgiEwnVp}dT!L|J)JNH}rhj-D(0Mssw7OU0AaL!NE_r+nY24_ht6r58}0mRzRXvAWsF$JZiyqSBQXYKHTe_c?cXeDm0e$dJ9wGW zv0rkuneB>p{#lez$@EWTQ58T|KWe|TS1Ft}_wZG8rWkrKZMG4%8;8nK)bXbcYgzN> zyoC^-y&gRYRQ-m|GPEOLfKQEVt&Ct00#rCiE9|+bCtXgfzl7EqKv2lig4PHrrTJs)N zc8XhH&Y?%mQLd4Be}LAc+mbIqlZj5j#l0^dd}-fMvwH4~r8rGjQlHPb>rzL-yer*7 zUc47Ib9U5C*+dqsGmP=FQMlG_HUloOQ!FyhWpwCvw50RyCWwm%`CMN%MU6EKaQ7K^xD7Z zhH{R3ds&MXPdNk~B%P(3c|Tf0pTGaJ$H<88LbG}B|JV#Oww%1f`vZde6Zp_Z1 z9=D0{r$8Fbp9igE^a38{u$aZ8bhvikD{!M=uE0N+Zf*(imT)Ph^-5sFb)ST`P>~Y$hwf0*rxUpSASeB6OBjF zeMhyj$F&&9=&yl{O%QjK904T0R*%39 z{%g5CEHNp6L=~3GfUlE|zuwE)steg*MVr*n@-7KF)Bw{aE%g@ituun}H0*D5BEO#f z#HgNm_Rv0B@`4oVDpUlw2}YzHDyp?gVeA}Hi18)k%w2ghpBpef3%{wg<%`}3pk@A@ zR1OLtK%%CXS8G7XnLd{exLtl5BTdGr#AJc(wHyjS31r$IZ*86#R}gHe(^)FB&>)_P zLOj!H5=Rhj)=28+g^AlScyGfb>S^~g63cz2A!$U@Faq+sWVIUP*Th_Ava;_KjNTp8 zn(?Ud+MKa{m`&p)sEzVN(n2FXU|*pN?xl~(*m_DWr%fr3&6E6~A%FLA`JF#<2Zshp z?X+TBblUy$>1K{?mlSC8scMvDlG8gAWp}Aw*!*&DQZ7y6a36gI9i`Z%1U+#8wk8#Q zi~P>D^a3bGn9c8a$tj1$iou6E-APYI-&fu`z&O+j%9pZxsE`}v5;NG~DhC7v#Ze(x z9!{2pm~;Q|Z+YTY6LtsSWe6AqNn|fg_A8XGl+d+YE!U|PvBx;dYP5B`F4t96kwQPD z-i$+6;81L$Xi>RH#Qj?qU?8#9ylTU{};?ZrHrL4n~~DGe8ykL*?ysr#D+ z3f*|fts=7rFn5EvSXS1IJIMqQJ~b|!KP7Tl8oJ0KeS${cI3Hn+uZ`N5c!K~wr$u_}~w@#xvyeZ}t_6%SF(*Ledz6_Y*C-deTGwz(`wuunlxAiF@cn#vI^7Efi->Uql z+4b`mK6R32%P4Cuj>Ulg^FR9H_Ct)@yUbT7d_rezn(=^OL#M+uk^F9w$K&pM`(%k> z&C>O@Iejr0LoOGT& zh~wC`2iD#VKla>G5g6NzqS&6aC?QA2VCtUOLYEKj>^en$kUX_7^MfebNG)oIq-%yU zHP7Of!EX(w&ekAEO#?FG9&^IQt8J2~X#pv9;kZ6^?!bB5U(|ysA~Ff3_lG|SH@}3? z3ZFB2Y7&E2&_BsNKG6^{^Ihkwc(V*;JW7*dAJG`t3mR~@-wDg)QSL&pk-f#bsiV*} z2Y7HZ(+ZY`&hmreLg7_cuY$m~5B6yX%nSLV$Qv)zd0t9dH{g9wL^KGx4XyHw`xjQ@d|` zW#q{wm;SVln@*{Q_rhKy8$&4+M?G0W7hb~eqY7FkDz2Oi>lR(hI5fQ)_0qYReKnZT zF1?WEocEZ{?r|-}3@au|CFiCl?m`c0S&XJJ|Hr+QI?Uv|^H;@}CRuU;>;q&HXof67<|BuM=WjChCKYZLTogYAug?UFrx5KwbVo)%$xS_2- z0`d_ExM^tj9}Ta1VexN<-3IbI@XoN*XJXQgUNN@uNo9yP6}Eo*V$|f=O+KhyyO$kR z$XFizs&^=mb@}rC!+dcV%0E)#*)|@6%bw&^f=?f+MckcGfUaAf2;#S`g0DmIsZR_| zPO=Ifn^#y1ti}gwvcSt z#-V~L16opga38z&KIc~seUY+~u0 zjw6zsEV#hKF2tOT(i#=s)QrU;ylq96qv;IfXC78RGL7_NV$FC`=Wc<#n5HUH{f*mi z{6*MT01ie`7FZ9;YN^l?R@>M!ldq;_e9ip(FCi1t^)APt);a`@g-)VRqHzCgoUeY7 zCMHi7vr(CpgCuY)Za9}Cv22Vo{*VPRd*a_*@lrgxl8S6hNWTG{O=btw9P0j7eE}y* z*ARr(*ZF>9k}DqEG8WA72O~THnWObY^0$l*E4%V3%q}KB()X34@8{-Av%~aSO^=DZ zI{R1UV?vTC6b#2iIg^ux8#9vmoyVRsK2*$G3_8+^UiJlb9c+rS(4waO>r-snj%w#x z|BmN0IW%RyJbUPJ^p2x`VO3HP;nhOdsZ##J%G0Ik7x@Nc9O+cFEi>~03uk`h1-N|_ z4MzO8rx>i>oGtJ9HW`h<632)(?aG1-C^!XuT&ykiueX%Bu7V*CT0+^?9pVRTp;pQ9 ze#`(L!qQKnw0mt&_~zZE!{qFuMG9F|+3?>s#bf^Ohu=&B#v!CY^`~mNc061IQ2dT+ z5LE!S%rSGR*u4Zy`x$!%>Zn`OLtzH0ujHd7YE z+@AB#>{Q;@7h&ooul$&Qxx9q&m+f7DblUuA#vOt~q8NHtv)pSZfeVRUB8za-!)U2`>d>nbrX zrAz(9#+7?!4T9QrO2|;S2!77WzdfZU*ob*477z2pio=#+7RO6Y=DKU%-D+%EiR&Hn zroDz5=QMh2WFs$f_L6*F{JUT=u#{>P(|t1(?>xwre0KcOyfAb${s5-5KU>WdA9025 zZP4PqH&r_WU+!#%X_THmYndY|-gumvB@2AYQOrC-@hvKISZ$9KjGqa3_vQ%)~kZnvY9{rl<;#Dvd_$S z{HZB^w&dyV%XTv7dXBm`7qQ2d*v4PjpoIvh;LD2#5kV_`I&>LWE}s5b$3OitSo~YZ zCZC$+j{u%!!AF!5)%0-$S4jM*ouEI_m_qkO*;zXHrvge^Yqif|iOZ4CV$x0~7*C*q zh$T5+`P{~^okmTDS(XlCRgePZJE5Ovzt7IMI@978b2glR4W`#2pl__JEewiylIvj` z$Bf@inwmXK8xf$Mq#%Qql;{3{qcK$D*>#&?p7su9Uc^B;33RvePh=`H*3-Oi1yHqA zg!FC3i@p-=G>+cLyAqVaOt9lW28YWhJmydk(Vp`!Z-;ei8O^)0T_-XbA=$-2q=tz| z8~$Wbkl9~ff0`G%a~`x>)kDk20wB}xgOyv~!^B+L%e?PC&M&!yadBAEvb{?$&t*)K z|0^}P7aYTHOy#|tH+SXT^*#9XB5D8L7J$O&yov0*--)^zlZ9z?1d@CCd=@>VW=?BV z^bvb9nZKB^$vgXWXU&$8AWQ-0Ov>2-R)>elb7R>7ag|bvstsy=o8G&b(c9hQAaa{t#P{9!CChMjiv#M3G8f37jNEbO&D?L{ z5zN*)lr&@T4(iSlu-sS1!TxQ*EO?abe37|1;T;Q!>+sspC%GCb*)opFeVK%0y#KT^ ze8E*@ngP3UC`}`(c+C_Y9+xbUfWVYB2rC-`~$L;39b_V~^-X0haUtn@Z?hLq* zhh+J_)kKJGOhxbiX=z~gXkNe^wbrGQC|}voQBAtn_v_x_wQ+gWphaNkg8}i;VS^lOqYR>eQ{b7O&NtfLW9PU%fSDVYO@m_wxY)}uC;c>)% znTZ(Op%}ekUK_9Ko4|!;iT6{#c?ZYEuEvblf$>H-5-*dBd%$vBH3d^#GFZU2;GRe^ zT3xF$n?VXEI;|p*@DHcfjj+4qTRC@GdCfMlOrzikCX{pk_HoABkAs1bVYybm$g)=^ zKI8vXJmtqQBBsSe+QqhXw^L065G+$^Wn6*GKUK$#O2BuFu+?S^~*8JwMT^7ydllw1f6!tpiW7-QKDzUH!AeJz8` z3SB?*NZq2}E?vVS%)t!}GOUxS{Mfvb*sjMWUV{6bYHTHojv2&Pr?HMjmu;7CetNFW zTBj0-x10iRWRdS-ED>u6X2}W2-`eWbmwENW?7&3Vir^Jppj~G7nxCXb_?+!zcmH0b zPmF8m0j(VlDZ`HzRzi*oJTmt)BeTP;OqZ~R8p)24gqGQN6uNSW8rV@HT789*6nl}z zsF{%UAc@b7(Gk0-mxAfHrK+(8W{YVYd4p9wnn?rlKfcGrpT%`P6}##u@f-UhAzmAi zw4ZV@!x#`3;{v-ALiMTV?L4nNDw5*L?}>Tlw`J$gd(YHc|5yy#PZ_NCBg2oOb3?1q z6!78fwS8@1b{ko&wf}<=TJXmakU%>|(SLhr#*`Cdyu+Evnh!XZWMoRgWTxv2SYKR2lnzq;MzYaJV$ zU+K->q5qh7-m$J})nv13jg4osI&sea_2s@MEux!Lkob23YEJW!6-x}&%Ef6AH*$wj zV1Iro0@myNm(N#QGEhq7mcqV=F8|D`Rhtxi%1o5ab8VC>+MTgta3@sAHoQZw5ew2D#BSlWrH^ z4Z=_%>x+eKD>)M2VIHeMZ((yv$Mpea7RhdT52zJ_vB|jJTeY96@u5ZGga*qT={YLr z9`QW!BHC7*1Vsaw@vY?E3DY_EGBU3np zIB^E1yLfymw!QVpuBji3FMu?&)Vn1ZvITE|7?7IU++rmOZ>xH{c3Di+(YXCy!|Spv zAKlc??;J=GR==wGA`TDkXyFT4@3TwUhg?5 zZj58USyvs@b7+Q*U(GlufcfOlKq$F>$ZS{SSzXO(mu&G4fhuNQfpC(ITeivl$=rCN z?!g6_t{e-o7>~wQT4B?W@mzb#+I^u0P3AGPH(FtY#!{9qrU_qhx*$O?iZWfl!zAh! zxDOY+Hw26`^MCylqhxDAnq8=qqtId-)MM|Nt}%( zia{`WQpX>AEOWw0Td#tsA;fJ&TaSvu>5WPPl_CQStM?|(hpjte3>iOk-f;!x_8JYzI$HdGh)y? z_^My3Q_JBikHB}us$Z$(|AJY%k(6IZS-QuuT7=cHu}p%!vsDs407qPbEkjw0W8-2N zd}BJaz3^dBC%cqK>ljQ;)~Tg_1`o$csAvGc1j9pg0Zr}2IFw1JMebJLqjgeQKwmz7 zvxgpzw?VXhN8P9=jKmWq+#Y9r?4?Nm;U7&T(p)-g=ewVgFyU#LJO~deCog9fXr16| zT-A|DsTMAqA)}P&rH*_^i|Tx+CF*5-{oBm}#%*~=j@4=dE0P-OydYqsdL}oqCV_Yu zq*hT>BpY`6A?S@Ye}C7tX+*C-<(X6DG^tQY2 z%^0Jn1=WRInE3FU98nH=)-391%6zFMeotmZl+!rX$+y9lbm$0|W75Kola~SIT)TaV zd4IF)CwFVA!6x{jcKPy_%*%CJDFU5-2Mr^27H-p}yCpND**KY%u(q>wtp!sY>@6(v zV(rJq`|F6)H;zeM6xXq~sZZiS4Djid?>HEp=RM8#TaC|hX~g!oih@H!4)ixt*m1}# ztvRVY*PLc?-+VZA_)1zqU=nz!e|AiKM=?$g)x_?U?sfPJ0j)(3cqG`nnm`ZxMA(L_ zs&vKL8m%_;kv}a5)atb@zD38Zri>-bDvm6`KmAc`&lKhY)7JPg(L#xV(=oAcus6GP zj^D}R`+8t#8q^6gLQ0qng#Z_+-O~z@ZmL${vXb&}Kp(^6xPl{%E8b%o6Urt=ZF$VZ zOq7WpJxmT^>#>$j(Q)LQ8}XJM;z140(jrrLQw7(VJG&Sszr5bgqC^m)SY(I3PmTR^%)F#sq9}o}# za7Sz35}W2En_F0Ddn%`2O?#7L7#Xd7H;ZiefG5 zN+RJKZ2ZG&hkW#@a24R|Aow{chi>6h=8Xy>Cg8}VU`oms3lMH7)5gP%i0kvdLeJ9{ zRK2SC)Zv}4cC}t})9+T#0V#VtNB0McGB54ad|iv~V(93@E%x}xn93oyP@~uMFHugv zxQ<8QI4?9rdAPN+r&>JHn8Sw)XW9elI~*A88lu7|`++4eZC|vl-HX|A+|v8#C=E`Y z6a>RBr|Fem+G0pr2*0w_BS6 zLO&kA4t3%>0{Z;FRM-4bb8ygw|QngmTQ+^MsMh9 z87)oO)2TM$tV5}~))mf>F|IJDJ1Rb~u!jKkac^1*7;K#jRY{ z1Z!@~$;>Zo=H%MZgMSye@T-`KbGJnEz*wJ9uez8@&1I~-|MbQzI=_5aciSBr*5c?2 z5v-99-tQ5YXxX&aTtK{Qs-1W4^=Dbfv)Ksq6w`V$_WNc6BY*REn+*%axlp#;-Tfx9 zRkfbD&cixR%wp4z&#Gc?N!_%>*j@+s`dgMFhRj$}a3kSgf)P3K{JQZDCKN%RIWGk1 zs9wWph?Rc7&9#C)FgQ?z8izBYp#&_e+`aBSMkb+&ZOhKrV~JGKedSrGN+BnhuB}4? zB8Ve+Dfe$jNxguG#%po9q~%+HrcUK;kq7#{gs$^t?RNOjo)IA%;@7&yC&>HQ<;?zx7Qh&cqUH{|G|q?^_z`yySuY; z+|;nV4%7P#*{LaXCRyId$>^1`+XUa`xmvTKGWtn%GzPY-KSnOsds0!0#qqc6O!XJy zFuAkzhfxDX23iJ8-&?Ah%c;!#k%4r@n&r?n=)0bGlN+72!BwGT1x&u+`KHOEpj7%o zZ>^O*mN+`e)6g8u_`**eZ4Xd?b+*qMe;0adZZG!D_YXMowu@?A7I|m>R`g_eI%e5B zi$$Wd#&VIFD=b0?PYU=HqMeP?PLsS1FvYf_uU>sdyGMa`4P)aT;2vQKjvzU?m6rG$ zd*K-uMm&MT?(H4B(o#=nRs1uxiy!C26b3y|(gPd~Jc%Pf_$65P_yjNQV%77l{;)2+ z+Fs=QS|g_+*CO~BUh$x`hrL#RUG=$%Yu(_F4@ULe- z<^a2fwemXmmU!pu`Eo(}^@3n&rmlDi-2)iWkEVYa89x2&&M7+PE%Se#+ZwbSVE zbGwB5C6RgkrOsD!RZgoy@E->m^!o~2+llc4>gQ8~!n=dJ;jVu!!%(MT9;70&H$5po zIW?TT;7zVN_&1C8H#N3430_dtja>-tJ)be>4{4wL04NILYd-Cr#Vi+u)`>nMZ~r_o9@LcVcxj0b)7aAr z)Q}>7xq$+94kWru|0oeqm1M!~@rgPv)Tq)SMmt5jty*3o*nyzC>7V*B!B)>Ynz3JO zfIn&hRv|+G9upSGWEig*26{32j5^Lq{P&Sv=dk-c77@diWFrG5^N4JY(($tzoSjMdNncL1RL{L#&LD~u0sa`HLWiH6 zoI8Ps-`jVot;K5tnXrMEE34B0Wfzspc70MzR8M{^K~TMpUL~R2kVdJd)(pBR!faWk z#22LZb;Lq2YKNS-QjrLZ{^ITW$T|Lu@M6U_6cxMfcYS4*&NnO+PAN;lTam%PBC>ow zHvzMVOle|jr&_2zeUQta@0>F6VnjlON=bsYzdwGuMaaY@s#m`(5q{-j^Oid}+Mej#w4@0wB z-Am&f3|Y7L6XfSZW;Pa^75_~`vZi9oXUpSB}urg~`QeYLW4 zNeG!=XW5@xnJj*f?^P<9m`tE7VV?6;K4O`#4EH(Q-!mrE9Rskl_ZsJ3 zi~)F}as0d2^p8Hja#4_}LFAninV;H;A{*?;5+DhX89`2q?S`Uj@=vpAFsMX{dz|YE z$kSFZ3Y~mF-56TirV`WIm78bQE5fWJru{8(c)UNjwm`Oti;YR66hSrcokvWuB0g!u z9<2xDQjNMtb@1=Bk(1En6e(&kr{QA%^cwWF$bA8DtTv@U7e)7*CXVi$Zd!P7i)Mrk zBy<)mRA9(>0yW%3>5`UoOe|!B(EhBPKik^$^H2r`7+zO>%XF~r5o>|F3GWB$4q>Ar zXVb(;1~ARi$*8il-^PdS-wt|3F_$UZe%sJjU(I5J0H73lqeg-7TJu^+>2o7moJ#1XXT3!R<9CJ3(eT3fB!Kl@#Dk%32`$PrGLx#`TZ1Ac z!-jkB$cmZ|&ebAkJvGgm=0m#JuLx0&lIk=o#PXcGZ-EW5ME6fivIg=Z3v%d*!+2i& z%HI6=p(7iL^@x9UkEZP0E85!0uvRm6;rKBXOT+*G4iT0b+2pkA23W= z<2~B6RdCO+&NYCjZ$|?{!S#Q^eiF2QX5V;k|4bM9Q=n}RTi@9!K5tr$JPKxiir4m_hWnY zV~@snzEI}J-sC85xI!X({Hl))0|wF7pYb1+C=QcnaFrqSt=}|<`C0Cv!$!OOf#<`P z_-rVXNf3^7Ue3K-4DkrL>C_0H;Mru8a}R5qy8nK+EDSquL6}MdP2u_GO@Mse^82TP zTP_A7Fb*&V1y(5CXTOlcu;A83J5ZvCzC0W}PJsVvve_=d*?|XK)K`0l)xAw!b)ps{ z|FbG~j}-EJx+I@VJuf2Pzl&E>{vP}JGp+L9<$l=8qo{wrue{em-9Ka5=R4}pcs5Km zs5~1i3KHQ(>spH^CDU8{+k=}Tmn`@!<@z^*Kkup@ou>XQgpSxJFRHGjHL0`vxVaV; z9PkeL|NLZpaB`wVWNK0n1zgdkqZGRVr_TRA)a&G7!J(@`IB?hh`#~Q$r=-xx_tXZM z>)|qAA6rO8J3Gj~c4vrjH2zaZnG-{>%MvxW)RDN8-??Qn>(lL@#ws}CP*4@Dmp`{# z(TVJ%{9VC(OzJZA`|7aCIYRqHm*D)#4sS#0ZQGsc&CWx4{C_u7cl2eOL`<^8`x+hV z^)_>GfEdEQ>T_3qe!OZFA#y7Fcf9LZk%2NdmCO8_?b1)RXU}pn(B&x8Z&C-en!nt6 z>=ys`rU*-d6n|vF`vec@W+u1p<)((9-9*lR(oGW4FLh;ljmj(DR|d)A zzU}%zgF~08+p|0t4u_`|YDN6}vj6I;=}foi%YUiJ^~SusUpjB&Hz|Z&H3i)=5N*OA z-=0DCZMhBmaYWCfS}$hx-q;-h+7&E?>pXm54Ic}j6Br5}zPfGmg01{)p1J2iU&L&t zEP94|!(R>oZd?u|BqV=p5TfN-bw4FWUb$hL?(<1`F&g4EAfz(`kc-%H7_OWq-9gr% zw^gkZvXQ{kV0q5^o}#*n3Uf9=sqw$3-_hCcCfpfVd%IYuEVu=GH2C@3;BpTo;W>r>h*=11;i}gzZ%LAFsQ1CMmXSKIv^s_Jou#ZXa6N z@Zfg&j3i7#4X9X00zFC_&~#C!FLokr%-XmNPI3_PwfyB)C$W0JJpG#9)^(;KT?^6n zWf1Rfxmo@vn++ z%(CmEQvaW2z?-z)a@;;Om*#8V@o?!k-<Ly2asp6JBRE^)4~{5qQ+aR9EE~(_cL+ zt$6I0-UGHwCZL-|5*A800eEQ*!jM{lNTnrBLO>EPx%c@*OlBqrV3>`cQWjR?b67bz zkkqAsgvBMmd@Pp&ogvIe&K8fxa{>9OH4{WRN^R9EGU$1NcN+LAX&&kQM@}NEOH#uD zn1BsJ4tTs?-T*Q@r5L_>nzR`(3OTOqX6J}!XGghSX=oZc(m^o7MhOor6#s6t5^`p% z_TSS3?)9$?*_}?oL8f-JhDck(*AUq^(1;FzcXqz{_T($ZOW1Ec&EI`GtPS#0@38VT zoW(n+u0JP>2)YE{w>QZ8ysy(aN~@C=yEboYf4MEczt%Ol*ZkrDZ(;SpBc0ERxH8Dy za_6*M=*Om3s=_wB(KpdeGh=4YJz&9z`^e3JV~+6wU=1e!lr_9xWzo@6WuYoMBV)MF zu461=pN@9RMIZ-#dAvB1ywL|^DDcM(oT2}6e@ugoZeqD zC6HgQK0Pu%SCfGmnYI-&O$y-zcIZQaN#-gVFMP0W9D9xJfy>N|TRRHC0e?N);JB4rqT%MT(jG}rG za@2AxcC!|U^I5M*?-G)EZy2!k|WaIEb5@pf-dECMibmyG3L4E=2eWEzv06Z+gI(vV*5H>Osh z)`+1B!pIX0#lzI3!(qKqc6kKIB7oLJAEQsfhw&s~m6FF{MFiXlJ=+18lB)ko9!66@ zeV|{UjsUQ&^Um-@M>LSOx9r4Wqdh$pM*O|MP+$7EydN@61+51thE`SOo>xb2cv$8Ia5=Pvxzf|&Q#Yvo;&Jle5s zVyl?ZsP8tvPII+%#BzT5n!u;NNj5IKK_WqAkGhVBB*W88{M!M0(G<9zczJX=z4>Vy z0=ADS*|Fdn?p6xf1ZTO+ z&U|{nTi%{tUbOPX44)-Lsc6A*-Cxn9RK0N!Z7#&zOJWq~C@(o&8+8~n?f3tO#;0@c zv-g4DP|umv5yWc_@>4zU#^6AW#hXr-`A$s3zx+8ClaxocDw02l2o%87Ef53>iu!Uo z$cWMXRW0>hm_#Ruhmg)yYhw*doTf`8)A z_s{gh;23y+cw7u^u+txljL*^$C$>xWZ^NQJMyob0o6YH2I>;Rv{F>wYuy5o9 zw1)ofl#k_}90w%wL0P~#WZ?}%6Jt-W?BXf|UaBnU$S|V%o_9GnXzd^iyNt$W*pbR* zPclFqJ1)oV1C9|a{U>StU@TaEiPQ2=HsWPOb=dOp36KIbOA?U&K}9E|NG|uamQlNy z>(h;?LG-zOEGtFI4KJbYHve?D=wIZ{zpFGVa}x7M<<2gIei&VrK?vwvtlgHbHZ!u{ zq_(hNp-PeBC?DSRhqbjUk>3ztAoo_^F;5Y&rYZZ6&wqlUt2(@sB?kC7uw(wYA22^b z3;GuyE=U)w3e(Rs;%x_7*FgBBe6~eXxRY#9^24DW>>mCXT3+sJ3|C3#ta{Jzn zcRKIu>fP&-MN|RQx8=I^lZk4BV%u>VTSFWj)4Kw;UMF2BN@{EZG*!v>{us<({Q7#I z)0p*df1-dSm*@%~gd`d8S^h*xVNd9i`9YJDlXVq3na^|I`h7(X3PCQF0r7}GoX4^^ z0_}SA#nQ_5lCu*O&JZU{*5MT1QuG1SBQ0v@7|I~vmS{OboEfhHy_Y&eR{ar1*@bEs zpxP?k1Bs<1XFwoW(?&!f1|dp1L;6EdZ&f*0UcP*3Ny5E zhOMSfpf;a$W0-IJ`l<`*D)-MLE8oo2Oo`%}*2v6YtG+D7Ew$tkk-2V!_MndBNJ}Tb zIo2cFE{G6M;|zBmd&9ByK#2w(KWj$?{s_P#?^E=;+il)z<=rdoxDHO=Yw{iPIW~ltI6$Z!r z1z8*4_U?u`=f$gJar3^7?5BS(O80i2=u@NGqQwQVNsnBbX@6uhclY(dd~NCPCOYZ! z{W%WRyn?Smcn8J(xKz%tnm0J8?<|?9&o?l@*?p)DeHlW(L&=Shi_BAJ^iE9;{Z5eA zWBug>$XK^foj-oSE8{4R8x6ud!{B*C{E`~2yJ(%v^vxP}KS;##E3pp(yTDlv#Rt?X z6#uC*V;W2{ryV-1D3lDyYZA{dXRnjE23t{NHw7MOx@qVJ0#zx{ttF@T7>g|GTl1zP)U{l$!Hj8WO}c|KEjzLF}}Yn%MEz*cZuD!h@@YvWf@I0Cxp5%gM&_cz?kr>bw!x-M z5px0l!uIT7k( z4mgMZOE9`|h{X}JhmV$raB(vx)0)<30T4Yh6v*}cP0@>IUdLSS7ob_I{o``vySBGi znwrOs6x^B#0mE>=`a-5Yd4_=;mv;OKaJdtSl-62*WfPjCqlZ;ochU)DUk*tBVqW^W zFU8cwmocLfR3m)cs$ua-*wQ)C)Fo~ZnL5F-k~@l6B7>h&7H>^y#|qBg3H$W{p1LLHPJBQYT^%=!e5<Fhhs#01)5amye@q#aH(pM@_qR zmk9j@Vi8z^jGPQ?q@Mf3RWaewLK9{#Jj9s2tJk=vc}$w;a9p4;4}Z7utQ^K9%<|9! zNBGxLIhge2jfXg;&-Hr1Uz#0*KEM>ftDG_jSwp9WiVgE8*{mg^jIeLI`L`S2CLNfi z;nW<*Q0XIy8g7Qo@^74ebv7Sw)39l~XxhhUIuLcp>R@jb0P-NBy8JO?J9aTm@rk6 zylr9ncz@7-3<(Eb(Xy7bmU1t2Fq>nxj!bosxCmCpp@`|33?09MROAstT-nb~Yw{ zMUH7Ka?HIOG8+J_43d25pqLrlX*g1^)w7s;?-B5sGMI_Df1f?}*8*rWFl4=D^ z4C~a1w5Tf7#ylSgAQakF@chEg3YgZ^pZX)gwmsg(w!M#p(_=)0Z1lwzx1HeG!sfLj^+fpE3Npt(63=NpIUs^s#7!MR$W_gq1u7l$3QCt0 zHdxR7O2^HBQI?XjkIJlko}{I++jJ-7g9iPhBM6m!a}MlmQ>D6m{b&$5_<~HJ$S|`X zQesdDW7Fb?9RC!0T})*oWIt38*6#r>D|tdskKOkpZ?3>IijCe(rR<8=$)FnbDS*3B zPH_qtaS^ALM`VCu!jkidejye^lBEmh4PC&mXZuh(MOLUB`J8)%st*4cGBu7jXiLJ= ze~=`ab*=4gMQ~BMz|_4{I^`=Dlr;8T5R+d$up-iRn>qQ44=KrRhwo8zC*W(E24lPE z?yb4G{x%6kI+9^BROg3+NxAwGK~}i2*06^(s07mr1T#ynvrV!Sa!oVL)S<*Mhx+3j z&tyuF&)4R%a=p_J+lQOMnQ}z5TeZlNr_LN^ql4Egjfsztp|RqEDmyx(#^a4UfZO11 z?-B84ySt0EwEtr-;g52l!LMdhK^+Gs{WrSn7P*5i8BepYOPa-M3@(M&{Q!=Hi97gO zhron*)PKn$xOGO5P}g-fMFSGPTdkH|PvT5ZdPI;=MT;%5wvWCc(IB7VZ@F>?Q9=|E zKp^ZKB^2VV=@aTb@G-OBPRHX#Wi$0ho3dY~r)FWhU1*$1pD&ZrnmQ!%&dBGsR#9sa z7zLF!K+NAe=uU}ae>(PUmrar5f0(`2r}^PVX}T-eCjxOAB}^i7PqzB=-Rd^F0JL zc)f(Wspyu~V+n|vNb9wI`tH%i+|rnc?`FqHhTf>K&wvGqKyC6F`=q7B++1f%P!oCd zNL9J;p*HS+sCuigsQxxwc<64B?(XgyDWyA=?k*{*A*4G5qhWOFZqWWAn2T$~8r2 z2Twv079kacg2ccKbrl&SmI@Lp@nbo(hn-e)=f`6m#6#EGA_1ZFeTAvX!YfznC}R5t zKkoTHL~qa1T|>FU+AQV;6D}!#BpSO1e%S`^doGR+eCLu^^M|x8E#F;p7My4-VKKfN z8hpv@iYBL_48#F55B#^W1k?7_t#WYi$a90l^q|~iH8^X_-^ej&gdDS=TwYbExz=wV zm4A{_l8$H3F4Y#{?VF0C9sM9By)*vctl#NUS7j2$aFBN)aS;s2PoN{@HI=+|pbvg_ ziOOm&#|xi|0TUI-tx+D62(|PhBwC~2I8SlroWQ5T$`cC>qy>b!L2T<3C%RPr$6D{Jw0T!OBV%=JmNitjm4Ln zAiJ2#0fQ(?B)uSRs<(j4F?bIiCF^P`43Eym$lPrZo}U~U^2rYG$%RQrsUsY2y2vCC7gdma^ezQf_t!@<Ur6o_X7VFmN0S zNw6T$n~MOk-~*#ePToo#gh1KSL3#2Zz0fdJDT$3R?sqbz2#n2%*bsVIz9Qn<$?98@xPbuYW9|UtEcl0Ie zUI_m4I8MN+o}_6Xydz>LXTlOL>#x}_czU6XWVj@-={;!}MjLepgKShpbCy2{-$e-R z%H&x(SpE2o?AE(fS+lor8E(+~1T@Yywc;h(O`^KvQio!=cAq^vNBnyy#3jd1`2z0! zna&8`PBDUymcJr@?0a}fc{d5mg>Ux}$R8=6PXe3pQztSHHH4ZQfwBBP2{j!pOT_&= zImWUbmI3ft)E&hZi`la1{G8(VECT+~MKNRc!Y0CM!$Eqt`--eHA$p%vsyi^Q{~rO? z<3{C%8Ix(Wx4?Nmov+9>9B0KxV&JZ_oE`k7bub5tC=~R=iF`M_l1@6ks8;GvcVHlU zPlG|MPbjsQf90*l*Hj0;G;Ho4tx021C$nXmS5cfE>E|H0g`W+Z(I9jpGabLqCAYZY zk1Y@TWIZ_fq;$}niqEJe_W9u8efkc~N%VDn8`_by|}LnVoWjPxT`QZnHBw#(@xli8|1`S$%ufPcA0&=j_4K z{U%o0ah14saX811L$OFjse5nP#1%xHL&dM%L5#AmM3JZ1_M0VFIRe(ab>o-&wC4ma zY7abHAsZf6T_rZx$Hiz7TwSNaJOdOR?`Jdf_a#f zfqnaiK)|0V3i_0tB=P>+E0R+C81ebgeb)RFJ^dexR4o6XIi<9(uBf(CW~~&W1_RRA zy7QcY${_1ZuTh|=v$}tiBmp9zrjC^c$_P=15;*n1ae}Dz3ylcC~&I0%GJk zGA|Lkjt-yWS?ZZ&^xi&~p^Ox{LFlwFA^I(q*=BEKR~vklqk@wTk@zMRzA;X8h4 zJXgo|I$lJSb^~eiIH1?D@`q|tIq2YYFskOTg&<+gH&=SgS<#PR=fu|l9T((Cq#u5Z zUoS|9bC}7JJ!tOtGVqg`5!n4qpcX+CyQ{PPQ9X}M-ETvgD#n=q#_M8C(7wq4{=>b6 zn55`M@e+6QK&60ai;K^&UIum#DQDlGreu%@`VqiC7$msV5VieEe>{|K+8#~g80z)L z!K9RUzBPAbRT;en^0933NCJFciAsRzP?5O%o6O>HZug6|N+F+$v5B3qsI5^su9&x9 zh8rV+FgDma*I$QATIk`hf!`$o`n=%Dj>LwvIRw+CJRbYi9xj5U3jR7VUHa%xLvalG z^jl{%L45f?k6ArFHD5P|a^oq78~|}b-4>W_hvGuJH`l0Rl(@=#4dD6jb-`jc2sAaWjZ{2oYHjCJtC zXJyA?(vu7e>gALAUmONAuwVpiq~Pw?$gP0uQxdF+4T9@Dr@nSED?}if$~ILIXfo@-6!n?@aKigTW@Ebih<(o1R1{(s8n`Erb&= z$<|5z0fHWtA!4e4S+nHlALs6>imiuVf`trb)f=-^mCS*)2Qv2Q;_Xh|s*eFZcr@O# z)={%5y%6~H2w1VOX)ce8tNfZb!?Gu%=gTF}>colthT}OOFpFrBb}B2;-;q_F6%(jo zE5=VxnR$!MUjQ#)`(W=-J7y(CM4hm1k}wQkzB^#Ua1<-JI%#_g`*VDJ9+q~0`ZXvI zBKz8*lI3?kT>r|e>5UKA3=+ah$v0SyHTK~DJQR8@V%-Mr!5PdZY%@Ju1SXJ0M5x{u z*?-0Uq55QGJUAxkWlF%u%Rw{*87+Xc^3*^Iwzg&0Ymh4O4htUmfBh`{J)`RH$m#tb zuIFHn0V*`Fmsk)QGKlyHmjIJxN|5vrAueu$`DmF$R9>aE<6GMm2;2rsVxRz+?*RW5 zx`B_%fBd>gU1UBCcz8$1#bw?e9RVcYv4uZo4;%=FyLVR*g{yzx8G3F1nc-IX1t9U- zj0Y^NGXbBl6C*{S*~W$-#Z$AR9%hjUQVg@csj2B~m{f$~mM^j}Ngra+EQ3?j(UO{~q?Nh@THw)xu)EK>k9UY0LB?X%+ROyJc=RP>FTu;Qp zZWil2b{9q!twHF_E|7+Id?M)ibFS0!j2SZtzB*munB*)EM=iM@-N*Q0y`>GkNf}`g z!I(RA4$GX3&=5jTX`2kSFl{mhgiDwN5b49~u55i__bWxURDA2TvKg_Nh|rHtX&ILfKITd+vbs|6mPf5$JOyKh*>ii8kUL;Qs)Xz0|L*fQTY?Om9+u%?CMZEf8HO+-7fyT21DC6VD&&;JvDZ(P;@0-r4TN zakzQ|P9s<~892!nbK*ZU*`AE!VIAt-|5S2OP1~I*b+wrNJ1d+8ud=(Oaxv24RZg)a_rzk-m3 zU51K^-L9y!Y1s%m4{eLpvBjGgz7_m{ftNj8!!ekA(^EzgO6UMTAo+YNJzs5DA*e&6 zFU$2e2a94Ae;-aYNVE)SAQmlD`di6a z`K^2bibuTNou;cqfCdn2l zHuD>kDFgTRY9@~qs)-T0eM#z`mKTU;J48_SADkrSn<+kwyHVjI z;dUbDyb3fIE5bf=Y3z~U;c6AEWY!tKdp~4F{vZj5PX#fLa{+3R>|l0gR3+!WA>P75 zBX1LGmwN0xg$7s{lj(KTa6Vy!)$^?jDRf*qBT_%klBmyEnMoUGaLLRt%v7w%6n}xs z^Y$l-%*R|e*HUXeskG={GZ_$H_vsn!!8T=kxH_;_Il$0}pMWWaUAA*Ewulq7>_ z;*J+g+x!I0qG>eo1mnX;q+({()bX4FaNxn54ZIJY&aYX=eLhOOarM-}9N)h`6AdN> zeHJcyUGXSA9rnveAKr~@(!zLnNhm3SV)AwzZptgFr%m9KVHu>MA(|AuEaZ{$^f&M@ zxdcZhpeWx%XjMb7`$1L9J_=O@Sg4>cl!^%2FGKKxoL=>~MfrlwkeDv>TGVvBKeI!2 zgvL;;VpdEEj*1kxZWT*D4V@FznR01E38e5n5rCbihrY`JOSTb1yoVmng$byAKP~@&8^<;nX$l7h0bGFjM)UAeWdvOFW(>p zp@EaEt3FCe3y#r$8VwXMC+gcjoTcv!N2gqK0|r>7OQI$k}n-jnF6kA5z_0JrnN=OVRk|3?%Qnw>(>aTem;N4-&90 z9^N4$(5}wN{YmUX;?3MLbY#+c2%BJV?zoYI##^;p9S=xoXd;fdOvLa?D_IVHa^mF7 z66OMdWg2P{XDtUUM_il)lC5q$c0pa;3!`L_=F+2AiL?t1bAtP?dQ!w4qNyB0VBCPb z+XEKAtD}5$uMP-k!_URLtX^TCp%D#yrJo8eo?!lavEhYF=_ZYQ4MlA;UjNAWsemvW zNOA46iiqT>z*kZM*W!dxF^GFnLt}VDHxr zDNDoRCGMf?6TK+=LgJdV@cp_V#1Sebs^tQIGo7){C7!4EKg11~kK@U#s6cQ+FESs# zq_U3+dB<`4Q^)L%X7Fyy5lrI-tbfFt3t(t*+SHf3HLH)p8<16y{mSEie>s)xww2s7 zth224gcM8acU^gF*_*~6@q+<`wIwEuN;-6I#yFIW;6~>7{IUv5AFnOsZ6jpY_|^VjCOMK0VTG zRIaKpUX=Ht!a-kY=%C$pidCelzg|UgGMLy>s^BJvcwe1HOk-U;6{jMyQ&pHBy@(k+ zSPEg!{dS8q9Zb%|Z<_m!52^hl`$~m>^6){18lF`LQ+UmxF^p88|2~^`J;MYG8@BwTO0QZfwlHm zAU77Q1pDT~I>KhJf5?M;q`XP?Ed|5)$MR&cQc6n{cmCDvkO74%=$rB~V$v-1#l ziM{DG;J>Ug?p__bFc(1JxZ?m4m~yApW_$>4|7k)RBy_$-NEB-mK&54M&zQ%U{j0$Y zx#tymYtmxYsD6`s`GaK;v@tjY@4b!=)>M~$O$L%6fzhC-!7WV^(9UdWR?B_LVA@2= zb}%l!KPqTuE12MpI0jaGnqn~zP z0KY`r9m(NG7)0BlWD~f}n*ryvHAQ9o{T9OGN2DB4W=;D4Hf}&H?*d76Xk??I*MZBb zkSG!R#;8*Ig&|wqlIxwR@fr$6{`>)*78kew+Y1Q6hf!hVyS+>9_0bbCon$M=zI7!u zkHfjHVdELzx841F$z?TN$Awk6={6Fcx-5&>tgW}Cz0_sYadQK5_D&gmjUTCW(%mP3&WY`xoxctCgk=r5z3h#L zvGPTG!#24S2EAMJzgbyoL_eZc(wG$M>!m5tv8oupq{7$ba_!IHU|<6-PUZYhRDKn$ z7at?;$R7N#&TmBFb~G*+4Z=DpQv+s|HZ!IILw5DaQcWkLgeO}g1P?Lb8O0VY3M5=w zA>=eKer?-(xh~h40?M7LlIxYH%ol1)07(Q|*B#-OWzN4?PeqxULG* z#XSWz?P$4*5v)SZGVPZyJ?b2(#+x#0eG#enx{UrI?ifN;RdPARc(J>Tlp0A#*4f67 zeu1qU0|86L!*RQ62xt10DG7X_>reYfI8!-L4-z)>8E^zOQ~y7N8S2t=kohgG zVAA?A8Xq6u#u53E@9cx&|A$4MAYVBy)V{S6Sdc#!GF6N1=k@@x2|vh?g;JN3nBopwVot}@w=SFhdEeJvSP020bnXeP8xfrcN z_hwjBo|ma$3b!Z*j4KIw~`yQ|0pYpGZ zp|u4ASS738Y~G@vpw%bx4(3DK^zxi63b}!StT>>7aNK&m=YuiaZjM*j83ACbFDTvn zHr8|kkN+24k{oJ!!<(+EHf|w1Lw%nN(i_+R13QfO6Wm z83$Hapv3A&a=;)MPq8$D&JTcx(@YVfHx41Mp9KapFKje=iP(zOWs2g}eEmXIrVWL)q(!gKbh)hPm~T%$SZR&&)NmZl4Y)6ZA~T-@0Eqo5(Qc^<4ZcXe=2Vmj zpa`jeaE<$2F93OSLP{zC=cLE=Q^N1{-EFvnEYcUI4&TnP>thalgPTfE7;K9lzn5Ob z61iA3|L>O+q_qt$XoT4xsR2AF#*-kI>Ao*$P5bSrNR{N4n?=*|HX7=Pcy9>8v_x$^ zjCP3<)}vUfC#Ue1fA7zYx-?yHDvIvz;!# zX~%3oUW*5Mb8;NXO#gh%LUU?P)&av%6xST6l^qkIxH}pF?<8o+9mEd16`T81oMyCd zOZeg8jf4EJp#A^MMf+6?`2Tyimm82NSQ8nt_~T5{xn9}+6zXzv)CQiuk8OK^?tc!@ zYhZu*NsfreSUnop=5bJ>y@`ZQlqVh1cCaYsl~cK5ZPAk}jYymV$;v2;o6T|GItc1~ zar^Rulv>JD#bZpRntH%;^4+z~kLA&JGA{_zR^c)j4ogf;^f%uVq6xJbs=7XxGKfv+ zdcm9@YH~gs{)A?IS!1$dvc{Bx_lZlO6G;@D=Q17xzbdIwuK{ z2Gl&u@E*mJjTDKS38gE0b3AEis!Af)sO5D2?36+8D53lE;gnCfSa+X(Y? zfh-z1=9}>9{GZGV5AjcZ637rzHZG|^OX9$>xgJ;u{D?dCmk4BL8??OGAiVy*J}LjW zt#<`v;8$F8=LBf#v3!2KGvgCm?pLzTdzHQbkTr14%OBph?0$tS`w3Gj5VR+0fPf`& znGgT(*5azzA4SyC)RP283MC2gui(}TvzSPA$RnoL+<=}GpVU4S@t zsnTsQhIqQ#P_z|rs%!&_ZCpR%7)_R!SL+M0RO-|EpbyO3)zb>M6Ie8@;Su|Q4dYy0 z5Uf^Klu0j!;Ii5mMxgm@#suwV)j>vpO3SP};OUbQnM@oJx6}iq$CVBTx5Fl$Z=UIt z#JRRHZJdPYP@`&Q2C&?FSm_I%_}{Y$zj=-VRp{FUM+01f zg1T@hJ8kZ{g?w0;cB|9Q5_w;(nLiv++-ezwsiKVUKdb3&PuYNFWrKM1BH{Pf3to)& z57HTLS4g!|6spNfkQ|IuFzokjxsu^V443O_iW=nJzFco`a&ZksTz4?NiagZYN^-w- z8s!T2{K`0${Lt)>I6bXV#bbRN1V^E@4_wp2emGg&CeYBAFc2yYv;D~8tF1u@8=!%j z_QKiC0SXZy5m^8)VfEe#{X>gDc+*n*fi&ql#57S`TiGS9(p$^zw?GVa^Cff)sW9o> zt+n1=S5in#cG3$ZpwRPf5UGF4m!$%SjVh3;MG%BjsfnWS0(e0_Nfs_X(xWm#NH9q0 zVm(QyK1e>uHFN6Yj4|LE=+cd&04B#g7v}$5ntLNKJwb+EE85-ZSdxz}M-fP=!iW1= z1HyaIN%8Zav?4D+2>kA-Sv)&ZQXHK3ZIi|8nv3dTSdSSP-S$ydqDF%51BuDo#(zyKScyBT1nQUbi8F==9?JfXg@5- zEqwJY#9RDncD#qvoT;6!F|KJaVI6GnzFxFGu&yg{yKZ~+liFa)e4yw0WWTC=pr1X zOgEL<*utfEO(n|&5w@&;uE0LW?uPd$J{(orE9tm0ZunK5v{=$)!Dm|z|C_CQMhXrY zDpwAI&C0Y#emOqKgJl@|JF}a5^$%Sh2nPw{Cgq)5`s7hlEe^zPtB#!IcC#)%eI9A^ z%}Jntm&0sd-KF`4(({``_IWIytP-B&Q_ux zYSVxv_tBhJVC}JX0g!CW4!~p`aQQ^P5r4XzX=52Bcr~QiXxksukwLx4hy?w!KmMlX zq}~!(!@KT{uxFr57J67g87#Zce4Yq=);#Whd9Ed@^?&fpKFP4o!D;@*(XIqwwq3O& zOGxjgR@@~n_YjDy;~n)sLraP+$`L9^7W4G=di&~znK3V?q%^gXi9Zxt9W}nV8w72yfnVQb?(PVz~ zE_Vnxfa}~w-{Vw{7uOQ$evZIb&1KJAdsb`qzw6u-k5QB)5v_Exk})D1zEn_}YqYpw z8jJ6>!Ezzv08G>vAuhib{H~JWbd7w9#U4-lxrxQDG`i`31zBu>%Y_kRzC4*I-}D7| z*=;6tQg9$)=j@;R`yAE{HG$v6o$)NqlCDrEf);glNhqE|`a=e7hIhH6`M9eMvQ^3|sqrB8&8%F*0;LFdXew8%G zwP!kZPBG=BwLpKdaJ}8;YT_CCLlGA%BFEQIu{Y>ZZ~Dh9*l{5}D*_N0&aJlDjp~`4 zQY<7Ft=j=S)zDAnnrTy;mErfcLrL3U9v7;NwY%XS%7+#Cu=WHBe<~T`I)KFmJIcx0 z@b2evC=T}n%>Hkqu~iWKA%<)@h6%iJLurl;gs?=iX{GQYZ$niB3!(J4(U47$-?OX;J;W<<}R@E`utEQWp^!jXI5+!VyI zZ|~dNs}rj!B{=WG<5K#tB-7}_a~Ke6Itm*Rt%f(b15+`uBpDYw+nIaT)%R{^4U@dq zSL^TQP@d1(Gy9uU@>?r9rKJY#L9YySv~80uQY^$qo$nw@C)Ytdau?L>ktyhmxs(VP zZ$7GsU(MS6R;TyhD^7#`qpfSG%^okG7qCf~m?14zWhd zt%;ylPt!Tj!=NZHFP}|X8V9iKC>{n1n6C;0>1@$WLWhHo%6Y+U5W*mZf=`e;de&9z z78_bPH@Aw}C2`Srhyo+2?y3EKj96kaC96Iy1~ASnA0+SfP^x%~95jPc(oz%_+paVo zxA+$CH-< z^S`>Q_y1w1|9QE!{(RZq@>e^hqR+oJAC-%n%9i`)33EA3sy5CL}9 zi=xRXK--Z1ddic1k2g?m99CH>7@L}{#!~GJ6}+U$Iv2ZL50Q#l2RxcOzs`Y*lo3E? zv<;BSshTRnvIZ@fj$5-}pTuJE|DJh?u2ebW=to|R^}gorNV`3bEh`L}0*~m3|iZ$*^)59UXn;Q9*7il+@;13b6~FwE-1OfjA3> zwRJi;?WS~AkEcIa-B8fD-=inC`gya>0 z!L=k=796!l&Wfd$h9NuGy`fEx#;5t!%UWNUAlP@Fx8?V&Ru0}N=FPsGGA@Olzyi{ zqWZbOg0*)Jm_Y3}s^yaza(tk_11!Y#H97GZmC~t%NH1w}ngX8ghf8w<_C53^?*GyH z0Jg$n+2}V0?2QaFux5xeIluuY<4#3_H|-s_F~9JUUZ&H}7Ga7F zR>DW%vz?^Jtp%sL!SZXF^^h3mKWUx_{g<;6FAR)zVhW6;J}4KyC!H;E)`9=>!*vdh zo!XB|vJpBT&wur~LQkoUKr&6Jj#8cLAOo1*e}LsR;kBBe!{;K{GI4qNV=sJA1WM)g ztW5q=MOkI1lQ1^>e~}f9_g{a0?&uN);t=9qUBvUOy{|u1j|EL@O0OmPs)$$$cH@A% z;#EMUx!*x1)V!7rV%`4%6a8k~SqgYEcxaI;O@h8Iu>?U4+eaqN0edojk8Msb&=WYE z`+Ui`*lU*){T{Bi9zPJ1Xd~&XFvUtsxro1^Z;Hbb$b&qdx#mtsHlYT8_KZIvF`Io` z_Q%L^r6SBMEY$(>~&-eu}~Gd-na~q)vmcNe5F#SJ9kZP*2V{ z;TYxYy2TWf$QH3B# zrYb0`8AM{Mq87P}r2O6w`!!GD8~{7)-wx`B3$M1#nd&;=9!YSJag8G_dJU^~5Q@9_LSy3=gx#nUELkkoqpLsL8u<8( zmb&{~f4}@!z4b{bNZ|^E#!}wg&bQe^p4{>F!5f2{)d*wmwyL+p&qtr^ytdb`)0+yHxN1o@|G5Dl_B zSR#-ezcwX~?ENK;w*d@7nN`jH71(?&yoxEgS&^ev#y5S)HUT(o)X2b{$&q?YZ*%P- zu-JW|iYRDAH4twiDvYiR>anFc@=2W8Nd4^r=rPrD0rENoH9Qq8Rk$wsau@$93|e{| zTO{Zbga+gF#jTx1GUoh4!58|quywf$&Xw?Ql!WEgSbfnfQJPwc7wYC;!zUx+3G5xf zfaC%CgwOGuun&e@%Zd}7f&9yy)ove29YLX{jPz*U8;8k=$XdaaWKh&MK;RvNEN?(! z*h(AI3mmECLlS-cQRa*M-U%ALCJc;(<+Oe^4Q1`b-tTuje;Sjf5zy!we0Yb&AJuH3 z(~o3off%f0;dEAf4phV=N{yEnW%cIw6B^Y!P9|^mtxL)1%SZPIf)U3>bzb6(MeI#x zk+K1y0gnhTnXp??C@mx-{;(H`k}b4U8Y2bE0qWv4>p1KN!dy4K2OQ1n_|e65v_HO`Rly}>&*8--~#1(*klBItS+N1%g;RoA@uF?`LM+>0LiiM z;#E6`^URzv2f`DNm{Lpmg-wHg+Wj_i3p--NNYU&s;Ov@?!-_6dP6I}`5HKL%&dW>6 zCHM|31dEkre1~hQw(J(s(ApRXJob}DF|0|DN@L)3*#A%C4~u%rL>@1%$Co3a=DoYm zX@%@(QMU(Ij1)9v9HjZ(y`>${H?=1p`iSp<1oD9>6}9&+Wz~nhi3AhS*SUTjL=iCa zHkpm0<1eW+R12@}FCZ=>1j7^p1GF>uEZUc=A%(lozkalHJSrVw3F zH~5>n7PboV_->=B1I74JIxe^ zx?^Df6SsUc2^xQoqo^%Z`}|y5S4~)qXgD$J6_kA^JbHe;yUFvw%8U z2Op{c6Bcwl;q7=lTZDM|27lSXVrsTU$5!OQ413FR0lA3;03T}TLCtREGS26QV&`a< zT&J(uNsCTfoGmYIwg}3PlC9cfQ#-nR6?Brnjyqg0xKRPx?|x@G$|r zcN6%tY(VFCtC2X;-3g1A!Bn^=4D*O))DK*JX}!eB0bjo)$Dw~M9^V5n+nRBYB720L zmciRW&6IrCP~w_HE(q9jBbYy`zhDIo+W?U;UP#hJJ|mloj_?%fBOd?1Rb2{e=ZtMEC!}Mcywr!KJ zfPW#|y6m+2dZ*4^9FMu+NkcvRm-@S{VU5#yZ%eB@onTidx$S3@yHN3y74Of|ZB5fG5^;EW+`dBef>4MDYz0R42 z8Td=U@hf7L!N2@ld{9RI?Ow?=LUgKeL~c2qp!hMDt=sHB7TYX75(zznr>#S~y^OI; zh4zP<8_~>4PyRbRvwYJG9TJ4Ib0+e=!t>XZ4DICizrKtFZp8|QwK>$xnPaY3fKpYJ zbUQk}z8m?r(I5T`U}sAau#6WmnT?vj%}>vT_?)*Y3SWUtqNeD97RSOjn9%l0m(D{b zJs>u5M{&y8Sg~-mU2)5(T|wnx71dO=LRY1zvhnUf7zqf;WBl#$Ga8N1>}=)kUHG`2 zTlsG7=ZR0+zAtj)E^MOfJWU#xYOH3T4Gtz01Za!?$qQt7=T` z_liCVyrU+;GtE4ZS|rYxrZ27gIM3|LYT>aL*p^atEn3mvGkUV9g;NG>?8sSH0BFbM zAGt%3b7sUF2bb+J<25!zZkd$vM^Bj9q1rgUg9)RCceaDgD{VvJ$-j>3)`~ei3?sEn z%Jal1X_4t&RA3edhA*%TRvZ2(^&?BEG9YLAMVcyTo`*$nBCpx9r?~C=yQpZW>+S#Y zN4o%>leY0}NHm+^^4lWrkf<+Dd1Zg>DaV|D*!v^?yFtOz6d4VgfwnK}vGx9oEX;rOsE%ITL;j*41As@H{DJ*= zn%utkFW=>7$ENe)`V_24=)cOG`5`iQyS0I|kWot2sGDHJv;&j!Hh*Y!*( zOGth91xT5($XyAOKRfr)xcz0Zc>5!|{`$$cc)fzK*kXz=k^F~WS=OAExXy1sQH3JC z?Ulzl#d?+06}~Ik#e#hnb&s!(Xii9mO*Fn%!s}x}76H4yH$q)yQ@6*5iEA=O2Xn^P zHp?>IgypIRPk1`!Ve1{^+$YF^-$;B@FGjq=yNvMku#M*z=f#A$9GCcx0C|gso_uN3 z5j7s$d+awgn;CnR8^TRahy`P`+dT%&F#!>{bI{n0hDxj zPU=Jj{twrFu5 zp*EKNskUj@%$CnQmPq)j^7oGp-Jh=ex0yKj{*uxPR!tI|71Qh z(|3=i&ZVueRd95@6;A!g5_WLMg4la)OL4VKkJS?O?^EtQk01{uYw944Ym;yrS z6ntC6#KaP8=#VFot19as)hYg`;i1LUSv8lOb-%$Bp&glth6P#SB=lP-UD3@`?uo;( zm1o1EL(+BJuy9c_WMZM_|nj4 zB)6CindjaZ(|7!bW4f|9Ht?|Qoly7+sZTz(de$ zzY(p|xT+xbd5g}b;|QH!pqT4J>Ud_Y?=Waj65IMkB`kT|CHR;_%<(l*h~Q1a!X~~D z8ofs@Ltzh6cz{zYjmPoh$auo}6dPCg=QDb7ojkvRV-`gY5vS451N`aGH}BTNgoVkt z*{bx9?(f@|$j%G&2{-d=Tjeq_P8c&s)wesX0`-LzfQb8nt_*7TCf@&-1;A3ab$RiH zh-qRX%_}EXT5&hEJy&F@5+jKb466=WSzfW9dnLaC~>cXnRiH<;$|Np|M}WwZv6a z0_=_(tCyw5V9MT(TC?zrPwJ^_>Lb<;u0*v){a>s;M(n?|0{UVeGW{gI&-)d)2+vaU z(w*tInSeMSNNq-QHHlg$gExgLNytwIMuE|&)DpYXq6FCTmwjq9wmq!|(A)<^#t9|g zLJLKl3AZ^vhezr7{g907FMApY)DXi%oMJXKSl@3%kTJaIZ>kg-$*IT*US!fbm^ zryv$Uqxy9dYO!Z5_V49eRN#GVAd$f6&zlJW-rFj0Sy!lf58R(<)U-db7wM>tMO9 z^+@n8H8Q^Vdm^n`9X8T7t8Tr#bzPxyBUYlsTnBIVYT@+^^;NgS+-H`1D;STi6T~Ht zv6rcFMW=kv8I?i~thJHxx^khvf1Q@xFG4z?+7(qKyq`dv0os~(-(pqtWJ)~D0Acc6K|5q`2NhbNBK+5>T?Pe zMFfAnWO78{#=d@wivM&@S~2oC_{Si)r^y*8x*QfNfm0$|ugUY9U|`uejdF#N*6EaP$Mk)4B`)F+0+KH0 znIYfWJBN7UpR8*VDd1Ve(;wT!qe_O}#?)lgKVcI|s)C`%4sw$XNCbX2a1TsSSE~s0 zEJ6#ga55~8(wp^dX6LtYPHL^z@!3U9jP<3@s4UxOeq+?(x-rE+tI3(fnrO98#u6W_ zPvT`SM$X1lRzr6r<32*<1BVVc3MeQgR3BDz6=feWgC>IOyXQp=-A7tAnafqN;+hFK z)G^P6`(WsQ9eOEe)30c5*PHv^_GfxQB&wzU$Bw-K@D0jBvFy~ku z9X>emurxQhW1+;zk`XP1kLzD!mE%-Nu~wUhaH^A8u<7pX1VNgUue|@)wLAH2v15*q2EiIrOk0y#4b=`B-l%JN8P6z0Vc%1bi{{ z!HJ1vYwd(s^>UgPpG8vLp&cWR#7ftx>M{zbSU*2&^7-ClM#mM@(|2p|+Y>G5k{s8qJ{OJc-5T-l zcSNDP$Rfsss~QoEoDf4F%-j-4v9=0R!*+V7cEE%+-5x`OQw z<-D-f<-cKMH@#sR`m-{~3?|q!(cM=0(3s2VQ(L;17Ic4FTNdNi*i) znmMZaQkkO=mU&h#A!^i2lz^tVPyg83B2cg;a3XPz+H&2=@Zh`M)Bs!obkUQwt#ZCM zQ8@e|<;1#_%kXS;4Kmtw#!p#aJn8>>!p_Pf*MXLvE{Js7-9f;Qb1p&577_oztEM~~w3Hs{Qv0^dkq zM`1}ZZqt^iU{CJim;uE~TJMoVl;K|5!y6&b{N;^~K1QYi>>@GA?b|YKEgR$v_1}ll zdDoJf!2C4a#Dk?sM!jYIA4l9(6TBrW^DA7b_)x!zRQDwo66uP%lqWx&M6r7l!#Wr6 zIIE0Au{)o4zj}N#HTw2%Bc0!ykuSbt^78vmEv*-feyW7%y>@k++SbJP#%$M9I4I_| zD<(cxtU1S(RFG=_&Avml(~yP;Ytzq>)#kv;xU`UtTX{)qnI z3-nrg%L5w8Tx(|)W?#E$G!a<}A7&Oji4xL)B27-ny_|(=KvyW|g>LPITzRm?3rSFm z5v}MEy(JM&&sE%(-p&Z8=D~?2$=B|@D>iof$(4+3C156_FbnOXe7HBf!uhKePXeL9 z>zAxItRw1V7IghKHp1x`zc2-=p)?TeA!^o1wa+v0wkJmc;Ci+w5wOgOZA!qjZG?b7 z@29PtXUS+3;2@Rp8_05*16tN`=f^QP1FuGCJ*hdGFfY5W4S3b8{eCZvsA_o3#%25o ziKG{w5;Ke1up+GDnMS@LUn=MY$j%g|K!$}OPrb0#d-3PRCMslgTZQ&!$Rhb7(ktb~ z@?6hoo^y9E9TPnvJ)iexdAhUG!DFj)49^!q`v@qAU#G!4I%u02jpA!1+Oq~9`B^j8 zj&P0JLQ6_LMY(!$LFdskd)AB3^PnK28ru4vp{j(R2nN!c>_@Q(DU->MI%9+yIl}Lc zqG=(irz06sjsnq~Qem@q^SY~j#s+`pFAcKOk>-loB+bLmw%#U6qp36>k8Y!w9YYsB zlBCO|FfMqu#xbsABP{}VFgq$0U9J>v5KTTH$K*$@TMMhUk41E!J9D$p`r;}1*bNm^ z<4UC+x-)f_>7V+ZRRqmC#)PURL~K=e-Wb6# zGU*jSm#tR&K5fj%{Zb23n7`9|%z5g711@OInv?nLtM2&)jDMla2mMuhGW%NZh5_QS zZY+=A6&AhPB%)rh!9PbM+j1PFb9`vGsm$Qq3(}<98vc#T|m0uNy0c zt^~5zfD?mc*f&y@9=2{KuJQMh^&*V1NDNyzQmFhgvs|$}$g49nGOw?3d3UnE^$`D4 zr08QUetKQ8>$G`6b7k98^C>n`r2+=%`i9YaJ{eS$ronb%7VuBCD+?=F5{G+wBm z_b?V<36X;ZD@D&=3Np+dh`ic=LDvkX;`-USy5R97drii;&fk2tYiO$5UuDiUcGS3& z^KyE!GEL!J$@`FVWh@|8L92;LUWKw;!f`+KjOSQgg))%MaoMY?e^vAq{6TlDUXDa| zgI-;1Pe(*@cL&bgWhzkW_IxmAqB2A1hnR{)18?}n+xK7aTfbEHKO=7*qiAnE54fb- z%AKOK!(k}Z)!`jwaO=xtu3*99Id|Z((7=8Ts#TJ#d?Yx$`|0n))2_=%JY&=>{>zd-mfEbA&RZaX~F4Ukc2u#u)A#0Ae$pjnsfy zz_`#;M(|!Z?YRj-=Rk`Gip+cA5ez-S$tJ=#Y3svIvfm!!5R6mQ(36#>5If%SBD5P{ zSFOx(9;a2zvZ9}9oT6n#1xNL&n_+?&jNq z{ig(aUwvg`?Nk_vF_qRH6wy6*beF7sb^10ibq8DXNPJJ&PwSfQYPdKKEzQINx7{EtopPKK{a~qaQ2Q+-R%#f+Wx1XNgMU(0VUEl{VAd^l zp-0d?#+&%k)TTS~v(%t5gg^S+^5?r^`iMd11-6sf%o-6RP_mRJT4Y|nQau3#XGcxR zKX%5{G)rM{|CFdz_vL$Cl6NwQ%LCaWO((^t91vtYqV5?aIJh*a_d^3VEKlJE)!xyZ zAx)*ML$SOppV+#4bDiNfuyFvdVp5S^zr?sONDerd?^YfQR`})v>wNHE(4MRUeZi7FwF`0K~YhnzY zt~z);x(F+KErtXA-FNQcST}utpSBgi`pd6}flA(Ab3ws>lHn_3Qf!Yt&G5QB*>kf< zU~SIDlEx*MKVm<1a&aPO!1px2r+enQ#zJoP_Xa0UHmK%`b-{BBkJHq39zH2{C!j9% zSI6Bh>+JhGgRXUQ{4Xywm&;9`ViPZ_kf}V!Vm*zn>jokq$V#!7KAlK)B?3FxK?prZ zk8K!&HH>KlBxrpG;GL-tBg+{+%^Gg>h>=jG34G4w-c>)*`_WWbNTElP6#Sr2RKf)` z==E4Vl}20$SB05<{3?D_Ji+Qmw}#B|58RAA66G?lvR$4#C2J&O@nXnp$xIjXL2s9m zFqWoDZflmzi-+{h8=8T`M`acG2a#kYVR4Kwd8{!rzz?Am^TY8YydeIQi07ESS?zC| ztUpw^nsWGDg&gGF+jH7Ih?O2BgBUt((k2z<#Z=^C#2thrm48&QprexnPEn{!Sv!u? zYzH`DG-z2H%U~rZmvbhun2Ff)JiEV*r(`WAZ#>TEDHB;?hr}T+vDO1!WazOO7cuJ5Gm9ENM*aEnLR(qRB4mF*4LxYK=H7hX2o$3uX$+zzF=9Fk zW|prmP<9)i^R2z3U_12RZZ8Yb|LnbA5w3k=>Lb1KGil@4hEBzx0f(BbqiiEcSmk)+ z!Qz8(b#PBnT3ol8j;J(Bzbwf)pE9-c3ob_y{gkwNXD9ek>0&?qoFg$x3Po;(1p?mv ziC#6viR_?m2mO64ZfKPl)Y3Mj6$XuTBGdc&o0sJ`xQIZp!Mc}SL{|0t14SHN5c^<# zEFv*Be6vM1w!eQf@#(^xtK>7%qaR+Zc-*o<9+?ywZqkIYG?6wj))0Ejp4beOx18q3 zTurLDxm(3Zu5PPi)Vsw2OSH`6mkN=gL2|K})RSNF+cjD77}NE$`Bd?_*PBJb;Rso& z+rMXI3uoc>UOL}PCZ6uk(C4O+YIl2FRw z+Y3THmD~Q^dVbIong}vE4GlaNX69jLZ&k&!kuOWfzSAvWN4AZ`o)2%>k@p)CPB*c> zR6Xzc%6-4#xUoVs78C)9hP2ahOR-kDgxf?UHyoXwCikyJox(#j52THHzJEXdEV_UD zUy1-unfD#iri>4{9@lMhSKn22_?g52{@^rgA!*m?{+Md2cH zBu?PLCNhHVWp{UXufwdeI{BPq!B%Ce>PLu>=du7pmvg2pRC6WA0p0KYNT4ofUuW%w z^ec4c_26#pg2U9s6~PV5Qq4 z`EB+W{_w*RLyfxB46)x(b*pj2Zj!S+2s844PgjZXL>PkXmOl>ogcQ5--ebZz$h8=T zlzVExGF~q#i(C<{BVCD{$Vi_2&E~wc(NlcOLn3Gc%e-%iV@yluuzT1r=nes5=3rMF zN47W`{#@r$YLlRq0Dk^;UC(h8*^?|a`6p^RlDERr6?qX^Br6y^kP~f&rgCMUhCgkj zNkktf$31}B;4uuO3ra`B!V2f~(FhoMXw~yw$n=>D}IS!@-gpGx55{*sCISUC;- zrF=k`M7{kPp)o>TvnPWa7Nc+kRBRgk_OLF_r`3xT<+#AdnoWjl(C#_b`qtOYm^CG! zW~_ArITkNM)!k3BgI>GpYW>Nq)xYGfTS+t8UK6}ytfxfqORMfrZguC3$b_u-F|z08 zQGagqm*2kXX{tmqSZN`!L0AzLTA$bj8qfkotZ!_$+hP)F@-mNC*KGoHMh=l0F$Xi9 zNxzV#6-S&9xkUK7q~L(tTsAjqoj9zQz01ew;JYS^vtde5AAgq=8N-15a|33{*to)~ z?=Rzy2G{QLrDGYHDg^R{GotDzQ}d;_rMd#2H8shb$Ve*L@>kovY%%p4!V7THI|z65 zELbjp7sOc)t9b3v=dUt}kz`kAa07-Y1C!eGJN8o_s*kPg-yH0=Di_^cmR(Fw7D+#Z zpqNKQHil1$j<_!uMRUKMqXZ#W-INbdZ#i1%PsYRL?NG(MjM6MaYuWQr3cZaJ?1z6@EZ z-PRiqa(+0C)i@eRzv<4H3av>O?8iw$=!|IL$Im}75@H{8qCc_S8p2M(E?z3d z<^T;vU-8GsXxf-q-^4|d(kM!>FE_>BQQxYTQXBV*2}ZD;@BWb^8Db!s%`PP6UwMs% zM3@))egxrte%I--qgSd;a2RgUSta|qP}q8QNkohxte@d?BBjzZ=Qz+NsCtNjGoUo<|+bOY1ifoKHIYRFp!?Zn~}o;-0MZ~H0>Og-go>AvGfGsshc z){AB;k1)Y1nKU^ru~ysaIeqRSKHeM8N2RM?ls|5Fo|Pv(PTpeW_uo4u>3o2xiw6t* z_;im{E6Zro&V<>!TdU}e@E)8&`n0Z=@4McVI~N*0#LZ)^ccQ0(Os+Ul zm*c{Ja`qdl6NN^*K5r~lU3Z!r8YdH)RW?;d9vl@SNKgcwNyHJn9(*3oqq~G5)OP4=W=yhDRxHN)C@Wm=mqx4q- zc&-THUP!kK2H0}u9flX3Jim0bn%_WQ<{5LJoVes;?v;*QwhOL92E4^+a7<)OgilgD zCO<5DH^fcnS%%7w>~|Gj%kK>ufB7a=p^{+YdtmqW!IP4S3_fSZK>~{M4MG}+y`(m* ztN#AFHkW8CnR4*!alV-pbh{IrLxhjMR+$EVp-F?2sB*Qy=SVeq^c$`iI?*>pfB#s? zqE}aX?2E+h&8Ba%X~Ci+OR41>9L6S0oSv|_QH|Ta19HeRQi4a&0K3ti( zUfo~39AvB-nss)Z2>FS;{JJ=7iUhm3zWk`YGo<7Lbt+ty+Z`|JChc_G&<~6 zXr1S|>IM8)X4*TXaT|^1`TQ)UipmzsTT-oY?SoPLxcneh3cMxHmEUrqkxxlTt)9j78${ zyy4<)et$QY9>-Ze8^>MtO+`mZM%>Qb!FLz4uRPb@;vh6taV{V2o zaUsvgQU$AqOQPA>^e(Jz80Lit3^I@>#NaTN(%(CD1(_)?Es@I0%>kfV^~ z!PDNe5f!x%?yoAM=DhkL&H4AtDQ+VrnqzB%o&j&koA5n4yeMbCa(G#Rg)&t4e)3qK zBU-P9XQG%dsQ~u%!{dFPXipOsDYvomxCGLSv-74J_xkL#C>k~XUub@$vDi@j^fG){ z_$}aZJuhdmr@AI^=S}5c7e-kzZ)nYi>*k#Cl5nsfXox3H{pr@RR|4KqDYfJ!j&@9W zR-uAw5Se0Aaq~8F+|j&|2BC9J(MwaE;nw}i8atT;bCOwu23xLYx9HlJIvl8%1nH4E zb8s?*u-8`}lyN3X8NQj-b57{p@dGDJ8Fl3JkSwtlOjDZ6pB>kI6U*sS|2}^3OGVJ3 z@^w~q1An&8)nePvsfOC6cTca6=S*MKEHvi*Zk@^D6vNro(qXhv#dQv3uA30b$Hq`O;~d2DOG7HH6=PCRVS^;@3{b!!nz5_laO660zRFs2`{=6)ou;I^eItJ`m5O z5TVFz8;brzLv{P$`FKfRAj#wg`7)gk4>1PX;=J6MwdB+2Kkpe~^jLUmJ8s2b9-w`l zJ?PoPAD#RY7K4qMRJLjRr7|t}QA{Q1L#+MP>{gJ*IJG{aq&M}M zf)OJj6vUCUq}1vy9dXWGFA{#!V^SYl(VfrU4t>_3XEuI7M~C>=g{r>N#xK_LHGOJ) zDXXwN*&Ve>KsnycsjN%=T8@MQ+q(Sir=MNw%VlQrvmb9X1l}>@mCh{Jl^oi?JW}n~ z5+KHJz{D#ZTc&kapAVmtLusAN202}S`A*^jnm@i8E43AJx7mN0+**YN<$~OwAW8mJ zVS#8$k&f$9IUOZcAtpivviqIn8KuLQ9-Q9OUHg@!J`FSl5F89cvDja`lz0CXl5Qug zusI$WbRrWFKcOM5yUDKlE$E-wgXn+fU6v(N%yEs<=V)Dq#T}*aEJ3nPd}V%Na6a~I z%pxM;&g*v^IOwt1s-tFfVLCJc5zI(YvJaP4^?m9hS5B4M(54p8Cc>a&m4Pu5Ej1N^ zhTLW9nch979u6VMqQ5$~_Hn(E4AfXtQ_|qe@G#%Rq#Y~iP1WNO=>9N&u&!(tc+3S2 zJItfoEhC~hu|@&ju#&DMZ!QikKlLqUTLLRT_Hcw*#aVyzI3*U64khgr4;Xp<^pFbu z_HM|WGFow<6STK61sf{28L7Jn)*`UqiAs%$OG(q1^}i``38b46)0S}@gHfA)&0B{f zgq1J8yU_t%LC3xOpXnKAnFs9NGJ7 zm6y*VVPoH27r4xjN4iVX)(ImW*~1DebV<;}O2m1taB`*&-#zr@9Z8l*VW9;U`V2Dp z^l3o}Lax%q1$X{l1HC7dr~2{oNpU*+p@^YNl2w^J z#!dZ!w{m@m27`el?D)k8__bE6+Rs=SJB*E&tT{BajOy}`cWjEK?(G94S*$bN2aF5X z0PRjB#_{dM8Hkm9pzdNbx#kO-$eW~6wNZ0XD^d)<-IX9k(+OlQ~iSAKCc;$cg90YuuHj>FO^v*BD|?rThFLE7T2p*~E(KpzkO~^*#aDu?HU$5s66i~R z58c+smVp-ONyHM%`Em1D4n>l7`u|8a@~FBvw2HQU%AQb6G;mISuq5gC|9(wX!D%atp~0Qud>yVXP6Ua; zX@0Un*7;}0hoE4g+d9hv%lVyac&w`l=D*c&$>YLKFw`6X3!cC zE0zlsKz0~cr~!IAI9=TCLK4jnvb03a=|;MMH!YC4Vd2A$KZf|_;wg-sK84?nR*T~_ zmzkx*H3>GA39LiKW1BB4jVc@oBnNC3MSfVZ;zvnJ3wp>uwBSH~e)^j6+4PH!VW( z4f2F2q?1{5IKe=M`*`tCZ#-Pyyp{BaTJWnLG>#}HqKq0-<_#EE<3cZmq%gN}Pt0bt zMuAv<{gBUN4P9zN1}V-mpUp`^9IGt8m|p|;n17QC^+cEusFw^?ra2lIxl z{aHQ+iD7V8&9zv`A<4pRb`OYM>GOjPjOOq*>!W7}OKrF~tX*NuV43dsvizHE$VlzA6rLZ!e8ndl zvzx1)x$Ju?Hca~q^lKv)n}m$KKL=afY62mYIj00#GvSs{bYqS$i}RN)xIHK}_Of`G z(5$T*`GK>Ly9bQU6$nmBr2{T?8x{6|X>P>?AiMDMrU7o8p;E=@*>&wn<gKA8M^r1vb5J;2~WD54NOMlrDh*2@lQYG^^>x86fMovL!lVO z@eMqT9_aE{R)`QzF-UtX{gkrYT%FX!SByvCX#J~IQvLaYr}#aqB&sGgqiHd8Vt1o? zfAgJYnyU#mSOKQkm>j$7kVW$OTTAhZcG&)Y5d+rP4aT(q&WoL=$s@Ob;8wL*Ine`# z4p?44$pf@pUSs@2Q?o|qngE#|{fSvu*2Tf1Lb8Z8yY&NZHNOEMMDmLme2|( zq+1@efn~h_Tw32`D|4~Yu4sqzE;;MAYt~a@_p^l-;5Q+;N@~U89ldh;{)3^piY$mg z!TsdU7TK$>1I%DMjKO_!{rj{<1JndgW#da$5}**y9yd<5qK<@;To%;0Ti{I#5oqe|S-*TiBf=i;LGp-6dz zG~MVXob~o1w!5XP84NU3<{EL*xL;9Y_hxga=>O$~5@G?P64BA~CxRJrm2IX$p26nSG*}?s4ys{02nUQ7fLn1tXiyb zIb3Q9kwf?1qJpOhD@&QSIZ3xs8&xlE227kU(BY@&`325ngdb9X&^wt5#;*(TZ-A);^pCG#@!NdczaUD<6t3o&384`m4A|-&72jJR}Pg6RxXdJEWFwnYTmlt zHx7Ri7Z5BRA28vssTv7H`K6|BSJY2c5{k{%y2s0$G>v=-Sfot0Uht*%Gjs6sr!KX< z=H)y$`MsBfEpMMONJmlA9k?JgU0*CyOQqsaWA2z{h*SLJ8n*6#f9$I?{lHiz}VkK?Q|} zR(;3!)$jg#N7FDzHdH2&M$&M&+ zg1MKZ_Q|#{sf#r^INn+<+`!|RUoCCu3t+ry#Zav}*V65hXgt+avo zKcueXvdFe&ZZKTLe^M`r->o&DU%fKmyTNTF%~aivsAbF5mYnEJ5-8KK4@D1!1wB6K z*d`klOT@gAqSSxo53PTZKxzU**Ac|jP087N{OzGn_kf_1^amh!CiFyGXzqWB^0s|^ zkISbUVF-p2`yH4BV}a6vPqS%*|LA5ivr{od8&{^;3brK3DXe52G zD8oJJLaqv%!Gf46m_Mm+CE);KnSsG$O4I@kZ1}qC6oUq^W%oE3m%aVmTLPYx{7WE@ zEkpQEq+Y&RZB+N>28#&116(Tla&Nz-8gk-w76biL2JBd@U=ilB6UQ=h87z;Ee%$$%$E0raMoN|*18;%YQEXC=y( zb>e;r#%fvw*nWJdei$osJnKBYS%i{<3Mm zgxYq)8kGKABZB`GdiL+tz+-X44pS~=vlMJJ47`GW9EGA5#4{(XQR~d$+pANLpmE{( zVP^8fV%d4Kz}n`>SZ-F-b6ZTyuW4c3$ZbUBX8?ny1UxKUD{lRdyZ|0Wya@CI%@RI6 z7F?j0gSnYMXG`uR>gVv|=MC&S*w(%$af0`_K56ib5i z`<+Hk2cc*!YWi(CV7^|1$jt_wm8y?XelK&nl{OsIwFC!R9FYgP+0}k0k~6~M7D+2w zGyeG#0cc4h-NfMa8PBnwES^tzEu>#lKtohe&a*8~NaUNL^IiLRG$#6N^!$$#7kJm4vLC;Z6YRi+iQ?%sz?*juByULbIBi2v-F8hQ;zz zLl`|k&13+2P9gxHaj|f*7Wh*akr6vG(bFPmn&~WvkZOE}zxmZ(zru{knhIw|jG!4_ zoFZG%##jo_fj&8v+i@YbCFx6Y!wpL+P#OqAhsQ_h#`d9y6hLIVzpd4x5|Y%CJQNE1 zi7`w9!$>^kN7&QMgEXT7U;3Dz(EMN+rn1QERqn4`0DFUT08>K?IG7ys-w*dp2W3Q; zPurEJzT>xf`TJ!6Ia}r-3Q52mfAx%I^q5|C#r#gGu zW$IkWH>I@lyQ`k3eo8FZx4z~}j^qEvrwki1_J8`zV3^Mld=nqZ|H;SXHlhD+Ep<^h zdWLIcPT*o@$wPRjKw5_ln1(i!f8c_|!3!8bjUYOWH#ukg=M=vSh3lqk_|^c;EfE;( zcs56B{pXP-o*bm>Y(mmXB{?O=5UDOPvtRpz4?Ainw4$f~%~~Ec0DzwXhAg{eL2 z>dLRrhH4%$nJexYk%Htv|Avc;%OY!dT$p$Q1jApNY|o#7rXkgS`wOQL#9A;$NP8b$ zAMm2u*Ov7Lr=Zbe!!77FSpS00Ae|zKpTvsHZm-!?2&|vLtFzNB(JQhk+7dL#-0Gx=R zL|bP++78X&nqevkB!`#{bl{Hj+g_E2E# zCuo>&hw3(Pn*wUWdJ~1k_vGD3m+;ELysMKiF`n^yx0K!?+VN7OPZ)fH;y23H&2{fv zEig_Qfe*3Mi+4#@T;Oc!dVXW^BAV*XI$4^v>eg*6I<}m!qJE2F30hVoj_K{0#X`>r zWj#}f!Xp&EOl4BRxwiOi+&0&diZAS2F=YKaLFE4KICNU}{*+)*ee^dU$C4hzcDczWYE7VUZ=`Bm(OcOB4IbJWJe@_0#pwcLHBOduswfKf_;z z-4EZM^2U;(-(tfBA@?8)Gk2LAQ`7+M3o6ua1RB2EUM*?pzKj4(;6XzeO^`Mm{*s;% zeXmB_jaTO3)>Gmi??`5fsQvF=^)Dc*eLIZD_o!DG9*(-w<2&r9MqlEHQAVD;IXCqU z4u%If@rFg8CO6%xZxuQENT0W@dOp3;EZ2Q(UUeDtG#9m(_Lsu}yQJk2uns!V7j$54 zk%yy@^zWrD+t1c9WfyKao0(;n-T=R5GYyn)2Ngj^yGN-0dNN;nvlv8sutSoJ>})X`HwF3y3sM8 zUJm}gf&QcJ(zr4M%=tJ-IMZR~aCQusj{D` zj;y)WqA!*&?MM~!=h03f_J%sqI`y~jsZcRYlhBu;*67<1)?fdM1bF~GXw$l&Aw9_H z-L8WEXkdq{)16(Y+l#J67q|Uneq|u|wlEFTwHQJRWD3PO2u2n7GXV)l8G!X0d{>jh zrV5*~=T>#i@M+S;LiN|h0bdIkxr4hgA+U4R&tRwl(ifEV@zMPY%KrkUILWsAykT}i?J+XxU$a82WjA34~S za|$b$5b(l5zj0BVJrp)7kY$7MZq}qfuGMQzLA|)3wAU&2VjT-T-(Uj|-I<}wv(J+g z`U2us0G525`&cGO3_w0=Z=MVB@Mv|#yMAx~`c>263EUQQ)wokaWxuAnn z(4+XWKFwTOt}fvu1?0JqgF~<2IR6a@ie7w;-PlvK2e}ETX|BEi`Y5g->H^n=OL)H=ixBL@EBTxfH!-lrh>+sngeDCI%~!L3 z!;}AdY!qRr6zHy@GJqPCLwG&wEX0Be{gc6%5wigSc~nW@@d-o0v6to!A7!*YQ3P(U zqs(SvpEYNzGR));0NHt~5b=PDxCaOvWGeJiMD<#K3zaPTN`b5);$Oy+!*3lmz@j8R zz&{A&maF`;#8v}E)Xk)ZA6{}yJcp~Uqa7D=_9i3B0~4yJ?YXax-7Cy`YjC46W=pU8 zL+bfK0DgT6m$!@l*jp@H0AfY?9-z0WeFI(^-X6&hJ|CuZ!i!BR+BYxJ!~EuA_CJN( z1?&MKszW2g?OREt{xh+4d2Sb`n9Mr>XBWFw)ifdTg?WEY8!ICtW7rBTgh^-;1dx-x z_A1LI3_b2xyI&qRUoN9ROP!@2 zrX!1v^p#MQ51A1pl13vzG|r+-@8;6u#S>JUbDu_ue;@0G>dl>U984 zOC|{3ca(`iW8%~Phi#^&RXkO27{?{XVB)icI}qR<(Z@V>9LOPf^)GJ6WB;5?r)?f| z8fi04-XX^&)CwFE8S6s#WQ9{s`NO>9zv8V=$rlA`QECssMpXp@%wj-g z{FHVe#wYV1%x|K1;|Vm!IVSc|AK*wc{%1Q~`e8+UhVv<}qf5=euy{tIt^ZodE2p znqP^TcZ~b=77a5KB?sD4+sBkXi^lO@f7x)MNO(ev6b@AHnmmZk1!}@q;P-~L9$(%( z@!E(aSH~h4Fjwl*)i|k5f2gQnue*t%Q)8lFMkUKV+~2Wa4=EegRwdFRFTSoe+J3>R z)>RJdUBcAYYU_=KD_lN*->}|Q=TbOd3uxA#C!o2U;HIqu|5;hOmV_GP@$#guT>!fg=X~@$QkQ#w4G0! z-AW)u*^srjyyjZ}60j_xK3_s1c{qtNde3P-8FW3XwZUo>jynj`1u|JzXJNCQXwUDT z)fMJf7XAu_PQ%*WG9)HksXShA&cLoJGBwFE*|AdC9D$*v#a)sY>EP zD*t@`&|cPnwt~TrM49}2*L`u)gPE=p{kBt8r0%sS(?I7)W_XZ06JW8CcgxDqhi~N! zun5mQ_QplmNUS>B+eMgv+P*bae*4lRmZNGJ1BUw4w@sJBqRfYn2;cl*+NlmOv^xh# zz*KQDq4=JIx3@v*c>o_bWN*5hptPg}cKbM+AN?rvd^G_eV-K@k8TCG)pvp{?u*JERbako`=dSM96t|5yP3HX2&N8$YkU{{CNQld|PZNn(A!!sQl#0{W9N z047!k0E@p36+iIxb zf9HSyue75H>6!=NhPLHX9c89hJjg8*CM*tgVejfW@JxH5KSGT)8Jn}MGQ!32LFK4t+N8)Kj`k+E#_j@La~l$f^;qV01iPNPO4}BBhg`Tjo-kAFr$n| zh=q;IerCz?QrP-h^$P2WDojqS&2>eBfvuk29q@AeQbK)6Fp<7N{tBo~Ha_R~JFz%5 zVn{sg0b&HDAa;w}ty+rTz3FInf3Tt0pY`ZD*7=sEy#tq9f9eAvvQmLC;qy<`Z&WXh zWwT7lHgLvW(_4EkKUJvx2r}O77B>kpHbu=0I(H<7rUZYZYaMTD5L9gQE_}qw_C0?K zoSQg;-L@md54>Qr(sTCQLiy1a?Qzc}arY0)I@g$eU!5DSM-$ukbbTXe2{30N4i~wd z+v=~b6uAhu?mTQ=&gEPm=}r{Jah5u5;_r2^j&A>bbo~8eQ=-w03w6@`XD$H1bf7Zy zSq6tWuLb0+!M(Kb2j#xn(O>5IP2@(n{&Zj_>Pg62LVdXDt8|*#MWBGedtJXq^SI9O zDcPTF8tzdUZ7UZV39tIol1Y;JT5>GV>p7AJcL&?Y(b8{jdeeO=$@zXU4QXJAo!B#? zJ~L#N+OdW^A58Xr#UTcXTo_qeKT+ivN)H|SI5T7LShBLYK`lIYtKw;rrw0Dwf^HLa zlVMom_?pdownGutBIlY@db)!qLu7I8qGclK$IG7!9Y02T67y(ApGRr3x@dT)-qes< zTDzz(+SgKWOuq2ZYcAYxovXX)RzSqE__y&D+E`nSMBNOA2s-=Wzqm2|)mc50LxTLt zfMPZIE!}%r%5eJU)2Ywx)+lB~hO%7!V)gIw6ZQ2BSQ%zF?7o+cmb$$b$7RMo8NWqd z%*X)S6dL6HFSJ;(XP)|?kw+|p@=tQ7DJ+ln)6q!um z#Q|ZW==R6;Fx*{$Y|HAv0)Ge6C90vqFQZ-QPyzjnL=pdFjd6_#cECs3gAH#AEisV4 zVtVPstd;04eSlVJQ7U`(6=XYOx|lu& z3Pt~grAt^q(A2^9%H;3w4HOJAd8#89z0@Ln@ZlH17{U4hKCtia4qqq5NQeO{}c-WlOa}rBUO#juBv5k+;2M{HN3IDIFfFVevO^!@($JM;UZbxnK zOz;{LVh45!2(*LJ*QX^}#x5VdN{oZU7^jxv*Z(zk-+gj~$7E$5hySZ^*zHa%k6iB0lXQisD==M1X07E_KL|z zXrqZ${bAjU{N=5uN5p^w2{MIGi8g~7cY`i0b>72^2gO1}OdLuOsJ;QZCH&nUNz5^~ zfhz!(75e~npcC?1IX{=1eix1SN{?!a1mXds6RBpW`6RR3S%TKN@%;~P452R`fzM1| zRiHKTP%r7cQGQPVg!|8dWAXRHtN(Th2^goPu+ipVvyF>y0h_`_b6g8%uhSckFPN-)Z;^|4x6f0U4 zG-B`(x`>S{jV-qbHWBCH}SyNf-T=NJKg6a+k)C^P$9VvPf31b8) z5*`uc8ba29TEZxlDhJBjbrNO(Jp{uruMpIzlH0;)+B9}7K6`L4+O%?(0R0QO;Bb?D zPm~P7wtufDhWKtlIJ0`+?$_c$WFvFOb+jrTyY=1r;^}to{NL}z@A=yN0H;r^2?1%- zws${;M^v!Z^Vg+8#EgoAs58U&{x!)tGma$40(lD{6Pz$fN&}6zXTLv1SByzO8P1vjdpx5-)-}ZS4Rb9 za2SLZ^ZB6mo)|h3sug|=`&%%A7^(2qiw!7jLE)2P6A}ge=q&$u_vrKQ=hxAfp%Hyv zY$s}nk;jI9rs%8~SM~k!<@yK1hC=c$r}G3pio?C2337#{kZ)KULekf;OOb7FKkcQC^@wOcZV+Yfcn^WKkD&k7uqo;f+l(C5BSgBp5K^{h?V(00@B z5o_$8x|7ymZB0K%zQ!E}0v~O_^`Rlm7oXC=7qwM6ftO>Jt5%k4f+F_~Mi8@o8GFu%`P^8W-F4waCVT298&~nEv-6<6& z?|oK`IvvHnr5Q+#V*7>mfB1UqfGU@+Z<==0Ra)DrBgz>OQfW`yBq12?(Ptj z*np&Tw{&+m?}hjAobx=-{e6FJ*fH14tTk&^{uVl?02c~wx-fb#3T{0W87&*Gbj^$bvN`O<&n|!#E?bg9=LfU6r(1SV| z@V5-7U-M-LM2)^g#Eu+wuu3~r$mE5x0#a;otzVhCu7uF+0718PnD=v0I(hJ~%Ae}f zp$m(AkF7rIe9COWOZz%xq(3{>6e>VQ$>gTazR*RlPbV!5<+w(d6$V*P{3vr(Sj!9Q zH|TMQ8NG-ardI)_-XpTXM;4WSS~aV3dvW4WR;KhZ(9BBX2kRY8rgKIw{PFdd~iMP#M=hqP4QqMSzVZ52|`wEC2VLv z2;i-J2Y627IcI~D!{rPCe^bCTM*BD%Ni7O8@(b>CVGK|#wR8-IAt8rlt}Oq390s#l zn=jn6cWBR@4i_1!W-t}dbVmSg$fp>_UA&g=eD{;~$s_UG#q_%@8mOHyM#pGVz_p27 zM#F!Aul#ZgV9sJu86ox`P-_#JSi+Mk_o`GT`UT z{`oR#l7L}eUz7l}O<_iI3*_7bQb`ms5$kbW&t-?lxy#o7y7Hg&+dNFUj z1kEAyX0sOl=E%Rux?~1YIjj!CI{(xRs1cAHd(BupZD+w$OqnPDvrASVTFME~FgBQ( znOS5NN@jJbbeOIOp}_75!=E$x`}w4%s09)Fw$dyK3=_S#EXpo|2F?2VI`c6plMa-{ zua-0tz&M6Rz{DWKqLF!l0XlMe^AuMvQ|v2Fa`&?lv2B1% zaX4B@6ar{O^(#pb@)hV{SYr$UDdI<v9SmX; zuJSY-OqBpKuQ=`j51O7Kll_*QOZ^e*^D-RcdT%oCKxhg=0c#T7evAiepcOM{1?mfk ztd8tuPB!8d477vc77BJ9`hRq<|L7Gv6c}CgUFhtu-AnczwjPZYfoWv%#gXrG9TMln47Ci*+_ zhimUBTSI*Fi{b;zsEW~*)m5a7z!&W7DiXed0;8vEGGhkEE1hS6TWuK7>R;!-KG4~j zuFCmtAgu_ReE}mpO6W=RRYK=1`yYa2sv}UoXc)5Or%X6N z#IUAWwvC@^9uH?gI*~R6jnYthjsCy8Na4;)*=g>uOfs z&c^+FAE3j$pTR-9nbqq5_3$izfy!h_|7RDj41cC0@RD-rKbewJ#6^p_!q+I7Q~AGL z>`YIWkRy}R$J_F!|Nk?6=upUbbP?a7IxvGB`Pt2(AeF-3--b{ufx)d0O=@1#;G3FO zjj#Vq1cU&y(_iUxy9V|qFjkQLYb$D>!Q2d5Q7zS}|HDLxE+8Sv9I~~;1ntbfeh=%T zqnULXbe{=}y6_b7`txN-5aLVuC1IvIx3;o{BNSA{r%sra0^lMDX^; z?<8yC|E%M8qzTIBud*4qg9`Sn|Lp(oVw6a5RJt+8Kl?xyhmqv4ESK?7=7}Qx!~dqp zf8sfa(_#|bze)N;LJ%7a04XQ}&qnb&?W=2CU?`1>RcWTK98yqFS0XekMpXVfHlBxe za4X}D2ZUbq7nVrdxrey*H5KBX@ZI7T3$FQ4QUsNKX>KbTfHOU1<>zU2?lyPP^0kEo zI$%ak&O}WOAAn~m3eUUGA1e%JWGgDgRro_U_Ym*jK9d%6#ofQ(1lB?}jB)gr#lJ0> zxq!VN`DcIrlG%T~V3-3$$1n$i#U=l+2 z_}6vy?`L_62!z1!`<5vG>%ji|^R__XNVPe3*S7xqvHv16DQ585rv=33%e;WkXTn&SE**MpRTUq-!u95 z^Fb&uC3-13J;P1ooAC>~PMgz*gLg*iM|A&nPFcEP0?c5blWKISCBNv~Z@O!i)T9}>SR$WdYHy@v}H@eC$GV!e@-yAJfM!kE^Z1#Uy zfncEbYZy1Dj`1@HcPeY*fB6Qm)M082x$I2odBbM$f1i_o769P}rhkM^Gm!V+_q`Sg z_}m!lt2(2?pQ-*e<3AHe2ll6_L&EOg=lfsm2T&;7b;)lol{1qtKveW9lloG5ny$Fe z`X2p~hE4hZV^DH{-&nDvqCi-<{1O3X%wNn&&E;FxJ%ayA$J%i6a|JMaaJ}oy{ zKqwaKMcdu+6kARHO_=P}woR+)tMOme>Hn65e{a398De3iFI3~Igs|(Ve@2Fm5CqK$ z3m2EHdED|}9Qx1m{JCH(4fC=*dwpCy{49B6SKREgwKs`HHMJi`8)Mm1PHnIv=&DbP z?C)hlx5omq$7VUQ0%s{cX|fbC7kEE=cad|F=2qn1tu4u8ok{5zeoMIFGyih+E`Yxx zE21DWk-5Iuluo_o1K;xT2sTFpcjtwK-S|`t_d$6<)xK(?vfRjMI7t{432Rh41;Nmm zGETh0aVP^ee<@yoXrST6Ls5jH-Kb2IKQ^%|R;YNgT?&69Pj-`yUfb(`dod~5jP z-0k4Ra3bxx>oV@L^N`hjgfi~@0;bRP)QwB$dQ6I7ZFs}%W3DzhUAD?&H)G4H_0kJ_ ztS0s>i^2@>cAvP=t%MXSbEP^Wo;O_*AxDN(Q{Q_0a^*FC<#$UkK^rjons;%xp8j%U z?8c7dG|3CJiW7~$`zG>xY~HS;_yX)=qdfJlalxb6l){PbZR5`a2LkaRX*^!pj+WL8 z3hoyZn&mpZTpC^%IoKq4(j8u&{9-_JsTH9f;Q%=9aWeGN0f7Kz2GPXq5w1a2?)Wfa!jv&6$_MjHNkB@%%s&PwZHk zc&>EzeKY<{sHMwSv?M@EAnO%1vA{F?)_W;ar@fcObgzInSgU`1VJz85E0AWEuIrfu z*2;9de;wy|z4oq-IDXM55OBxl^yj~Sc#lbYJifb(@&c_7SDGA&2xoFn#A#oE*GMX7 z+GjyamhFaf*}Emq{zwNVYkal5W{08m@}877wGOEmMbh|CEUYN+P_~)))cR?q!Va#I z|LceW$^vkr*EP*+krK48{Lc*b?+=Hk!3Rf0DuRnsKMUzvlWy)VnP=TQ?c(kagmzp9 zdL!tE+|M;biHGB3z;z{Q!Yn$62>c-?P}Dif0eNw^omR|QVtj;H;CIFEe*Q*=dCm1h9ld!xP#a7WX}*pF8ha)cELgwhQ5V-&Z=?v5_@37cCgtU{u+s|P zhQ~EG&ciqDavEKGFFK9--Ykabo39h=!6~`C zs@a*Tw|?xBDxc)qw>;x)*PyW{M#{66j#CkMcou|tGKQ@~NN4?|%^W3Kv$+a-99C0z zdH1YO)TVxp>i-`BZ!HL1%6I}_?C?nlr9Tvq2VQk5fnT{C^^~mmv zv8YHNs3M*V!10&mODFQaCzjz&nj?C3aUs0C0(mceV=`#|tF&Fk@UHnb6b6yZABbX5F5=e;R&ksz0EAf zb@zII=4%pE=UrEF@(ZTxO26H39cH-L4^iwhhxg)sd<~sNNKq_X{5#%_P!~@8+(8uF z)QU=`%Z+DTv;GqHxI4S#htDiA$FQ>YOj4y8aM=GzuCE2rsYbBw36$tS!i^dty_e!@mSH*3 zU#Zmwavg=T5uvvGkWshXwrDO|>kdX=4lt7=xz5|Mqdi2hZeww5v3|Ri+v+Fc+JN(q*UYYxqdS`XDhC8S#W{)!l%ScBwO1%Vd!W;9VurutW zSOT0d^Vid2F-CJ1R!5<>vIGxf9kwk$&-7jNn&nhxh~u57p?hs0eUA!{Q;+L$C7bt~ zeIf*)cR)iad(KZpK))(HGX`vl7NP@6>dE~G(tV}!EI(p!3*(D6VE?iN4;Q35HU`Kv z*~~QOANktUmj{FRbN%1kn_NYLN1}!fUg&(Rwk7=ZXeB7D{QhGggL@Rbm+kkc*S8z@ zw4ZEe3P6a@qu~AcTfzhFNRour;0W-CU70R>UD0oo+`Fs0MB9V;#vgvb!Vwz3!S|Vg zA<{&@PCXpcUm{#y6fa}-087iauSEq zpjOF@5IwX86m>PMN@uKkEJX$qu?VYoqwwu&Hxm*jrKo@$1R6+M*O6J0m?h>NwOO!{ zO2>X|RIbLWn0__=RbK%FgXX`6)G;lkQ$&>Fwe=q9AU4dK=cOUgx})PVb`!Ax@bt6z zh3>J4`ehkRu!nxihSng7^1pW*gDy$O!HU{*+L&^)+{7ZC3Pb2uZo)KX5~)T)0b!Dp zO;CNRp78o#ngF0Qb3WaWMA{B^9V{QPJ~48ihZ!9{9+!6Q({c0Pgh(=1@AXQX!^W02 zmwL)9>(<^T51FMb^}ba}%z`2Pd2x#=RJMF!Owqztf=0UA?!WpCQh6-Q39v@Kl~h8U_Wa2tHcGE1w9u z#!>lG5s|i+!pP7PK3ijfdDb;+2jT?7_fEhR z!V0s2f|GpfkIJ-J36wGY7<()0jG+%>vPHu6f#Wv460h3o>|7PZj_{km|y` zcDeH;gLv)r+n;L-AK+srf3WM=LMdApmOF9XA}XeEB5OHq2=Db+@j0{xNE0~=sSk|6 ze~z;#BY(+BZYd6KH$WSN!2%P#R7ak9y^zLv_1X0%EQH;BUV0qP7|LMaMvxW$rqwlE zpNfe5GIK?{-Ue?7!)5(T+FiWGqO`|@U5Ne)QaIw3B#>hd8o^d@=_G|Y^(JOnT)o3{ zYhv&H>=hBgt&r;UYHIBGO!(#M<02+MyqbK_P*4|gpKdi81;Pdy#+A4CEdQV&GG0a2 zMfXe{XXunU-WWSmw;k81%FkvVh_S>JKSS_J9korhnlrPruh)xfXI0aEl<@Ijx8p zC3gCtOFQiT^$m$eh2Z7?5vrN5VT$GD@M3YLw|^|J&Ynv0Qtu_3r(}RNZAlST>@cYr zuY;Fm3}N$4{qg+Ant0NW9QEBEq!amRq7j(L1Gsqap#4Py-}kh%3~5QuS!Re5GTuZ= zvFpNWS8@DOS|0`pZ2d51&zl~Q+0TrLa4qx2v2&hb)Z=#dXY{w%4~LiP!c@S-(nE~E z%&xdCGwOMB2OW3Vm)D>CF-)I_b9t9(T}SeJ`vFhYl;7q^!miQi#qA=_K2)i@(|42N zxO008U0pVw=P8D2ojY?-BV-stRqkT!`FKLH>ID|!1f29}&1Su0;C9Fk0m9-ie1xEmao1$Kf_*Wq)An1u3G41TYbxQxj`)cF*7c zdRv>A!+hql@r-Wni-en@CuKe|BJB)dmHfbi&3-ZNcF;8LdMrSgen39xCsiH#7Wea& z|1NLs#)QZJ(N=+cef$#s8e5JHBHe7{4;*3nul708m>nkrS!*d`exR?uYqn@ zzaKHabsB!O%v!KZ9KI1Vow%Etzhw`1xrZlkJ!I8z`B`GQd!)MZSmQ)|B(FSkOW7Rc z4|?WWAsL%(20bo{jpAi)CZ_&V1JX_x8d?tbp(?vPbSo5%u!O=F1_l=-=nD3KCMo0! zpsl8IH^wIF8ZtBVO4$w`UY;y|zxO;GFgS3MUB;tq=;B*cA#D<4wGLZQKO-1W^d^0%hc~ozn670qYXfnlIPwdLh~7bo8@N`RMriOex7k3TK<^6 zhAROHFLIf|`vuaAh$wH(Og)%~uheYU6X9{m zf>L_mXqV%HjmxM%q4Fb~pfGjsxdhDM=E9`3Q&V8;fjfemp$Gh;yrt!{VJ@wr>6%AS zz11ZZE%|2Xb?f1~_B6Z^J-1*+w6u2cg}{`mr7|B`L~DI;HhZnIA?f}DpUQynTY93| z)fZm4d~6cWOaI4wo@VC^f+k0v4;V3M%+e@&Mc26uPMDa}qj(#j?**Fl@AaAAN5B;I zgqlVb49NnUIk+>FF^O3CP1|wF48(Gbm2&f?zOZG9uu516FZ~y+Su{B5}C$o*5uhH);gFR>S ztE}GUD(N$FIh6td&^0F_)$PGNL$AYVTB8X|jb|CW(X3tFUO*amVe$R5jyE>qMCsQL zQH@2<@f_O9S4GttXctm1M%EsR`^#4Y6lATVFGcylQHMwZE&S4t6l;&LYo`JgzV0Mz zr#eCceBjT1?j(C&B>1G5ml#on2KKcEk@GZ6o?ceGhYb}s2+UBdxV=!cG}zeWs?l=e{sUo&a<+@ObyK;Q72i1 zi11cMpmKvZ#q~8ras((xdN#{0Tm4#C9s*D6TLOG}#g_00{FkmKr;mGXId86q!g&a` zW&ZoVF_Dvr_MH%E-I$8=KPU6^O2(3%Sb6+h0JPG*Lzgq@Ng&KNhBt;RqM=;DvW|k9cg6q3rHl$CC^`r7z(=$vDZryP!#>SbL{hfKf%T*JX%TPrd?F!CU^9iAv zt@9h(8+p9{@QbkzBGVf=QGyuv$)K-onRr6(lT(ZA@194J4J#pT4f$7i@=fc0<7Baa z+{es@NTZ^}MChGwUuG+3wx%%5ln=gu1|Biv{tB$`TH7|c>XL4$F^ly#NBZCfLt(+j z$H%{9WE2w>4dA-cM%m=1bZuMdb)C=8$jIQjyT6}Mzswm*-y2$V&*R_SLVPXl7uJ4S z+E@RY6CO0szlwoDR7M7UbZl%QSprrD=)uiLBr3qT$g3PVHx`z8bY$%x7+BmHwa8mm z!B2vaScP3g({S`%m$v1ig^3)<5Wq6NyVhA|bl0Z(A|iXa2VZN zK;6X;$79?MIzBAJi-C~H#nAkjKrIuwlzS6W z_labR?aR@x{|HOx=P*r4I@tm#B$X=iWlmD+v6;EKBH{5Bu&}Tb zLWM1zQ6(tUMMn2UD6bcN!bk$BN3QHJaB&SML8I3#ww@ce!cjd42mB1c>FBN$tz}w{ zb8K)Bq0xHdMOhv8lh7PM4ZzEmb|#yB2RE@zSyM@5()ejB76aa^HCFjy2itNfC9d?@ zTH-jD;mQFFtOj{P*MR<|zX5g}Wlkol2bPrS$8=-G*}qRW0W!4q(Y7!*%UXc5jm?|M z4H_Mz?>=Y~b-Vl3=LX?$>zj#=og+eCcS%ZmmR1*6YW;I+$PX6nqqNl;Z^hjl90D8r z*RtBgX^%Q0-NFV;6u>|?`6~}{(oLs};P!+jl`8-esd;MqN=Je8{JK0+oW%?A%axFq zVTv<8-!BjP8wFKYt-B?&*B+h<>FJOzlCKo&YF`Rc&ehx!alAAO%Gg;FCmO#x)f}X^ z>a3-*U4#}k?FKnQ#lpqnnhOf5FNju`^(D(bOsFIbob7Jz|A2$lv+3AIa_Dpa$_9%v znE^>Pb0w$lX9+vzBIdL??K{CX=Zv$e>$<+zv!)DR7?NgQJw>CbG&jQCSe%|R)FlUES0^LT{WOzKwnYoYR1BNBA zqCkR~J{U{CHl(mC*&{04`JDSN`oYc?9QKd%@Iw7gDRpbGA~}#YBa=par%H_)+KZ8{ z91#qqrJsaBE8k?spe*v={kus?~@; zN%f3a1L3=Z^3LD7gLDKG7J@6Rsnl12QgMqD@)=@pl9C0X7+Sx! z_t@cDvOM(U$UHvTY3x8>*F4({_Y(<+$xC+@*E8eK1Zvy9Dfw z_q&aBx)B{(_l=ojWUy00d~>lxr>&Vt;qu~5KkMIgk!8M{%S>WrnN(a%ucfFBM-@4A z)Ga>9^IMTqkJlo;oeA}ToYa`dHu z);{sIJ%jQn4wi{dJB@eB9kaf8>&a{2r7EkKw)>0h&YQzt7qxGcD3KrMankgJcRqJa zq8*BqN)IZ}+?%QOe~hs`8XW4zc)n5r2ok%22Q41zDlQ5a>_d1 zz}Rm4f;QIefLkp<&fxVwwKy$72;TnvOmY_Q7_6$bafpNeOJnbX!7z_9!6m6vt%52f zzrJEqbJ;peD=V`-t%n@`NcJSfj*pk?zFdM?z(Wv{K0d%DOsYi`n08cm$UcfIzG!PTaSs`33!T2& zOuRip!la7COl}kUpugh+;J|P66X0CBf5S^rMD~9vx79=Xm)i1CSVyG5SZlPExMd+Z z@SL{Z3+rmO$)M@C-gkuz+=9+m65-ETx=N{*Ovj{fOSPK`=vB+@>yUzW(nR8)G z(MQ4x!cmfi49#@|3)@yZ^4GG<~ zSqXurJTJx-~oq)ExXQPfYTU(MwU+_j9VzIj&sKDJ-89fVzNqkak|6|P%5JK-0rwvt+ zpS3n#{Av&uzCJa6-F0RR%NGU+YJo9wCL3e-F^2=aA(q!WD|*sJh9a4c@p@A6W(Al! zcChPQ?5wp`vlyBx7ZIk3!0fNmflcDtqM}}Ttu%5 zGtBic`mpILc<*X_mqVYO<+SI3_d^g)~4e$^YXI-|J~4J)Dam0pjY zJU3f8Jwp|{C^{=YLYA1tB1t;Ww#TAV+?dS<_igP#d?Heal}=ucJC}qrcim$Y8HcS4 zF@oGX5CJ@%`-}y8jcX3)+szz<6O8xN2%UYc5dXFaH>pnrA&(p{NHVNA1;q#~c_`(t z>D1mwU}E(cc;Dj!mp&FDcvD|w%95_Q{c8#f#G^VAhP{9@=0kDna}B;tyO-^4GzKk9 zmx=nEVdalxEU1pw&dFG-HRg&3aDS}Qj{-W~wRT!0hDz2@5gYMKXK&54EQRTi0aN{u zyfTXD%WXEb|5tJb5g&x~;JOcwn3V5yfZ~bxF5tm*zv}j-gFqkX`}@T;~L_s6!t(99h33&fQ`;SclozXDwmljzxd2w z7al4OXfo`W&~F+%lo0y!3K678Dw(ou#-1Z>5g6IlbKbYVzKXh|a~H)VcqR^;h4)sM z=Zm5#0oi>XIsJ2PGL-@4_VCaU;KZTNV9+w2fR3?@@ZBX>Gpg~&KOB8++qXHsCA4Op zlGsFaNQvPV%(WUw@9U6Mjow57ZUDoYI<0v@Z49xm=ebrW7U7hRwAOjS1#AoZNE%c?zNOQ5yWr7Og5p=xhYv15Ms@PHq zqOq?)EQlvk>SAsVQKU^1OICh4@bS=(pZ6I>QVt5Qen&K6kg}mz7tuh^hwG4b7RI^c zfJTlBhp)6L=Uz0eGFGKrp>Biw#^?j)HI)X4Fz}#Th9+!;RMO$0{uQ+P?xUm8&IwragK<4d6+F&XP2l{n2rIq$wdC;3GV zLu2#ulUcQQHZ=p4Q4i5YvNVzC?Z6Q_5~ z(1D{KmAZcIymL*3Gi_6fAy58bDDC~ET%(I}h33|BYSaP>ydPWc!Q=E*xv5S?Ij8Tw zQh}QmfJv^TqFyFM!6FYqac1XjNJ?e5yIK`%m3c>N^4j{PG5hl?Pfco)#zK16;rr43 zWKKblP^K5XDZSEpn@6*|gRJD(ajI$6fvEqFo&)*Nt%k=_kGki!REV6xkh_%I*$)Mr z(^5IOyNT144}1g;%+k}z7;q#|8Pc#xua=ks6WR&jE<{pZOw)DjhyHCL0>T+MWA05M z>@?37h{C9&S3shv?hd34@k4;4~{~Ck!4;tU$`j%6-?_BVUDZ%rq2kia#Vz z+xCpVLtCRw-E9d3)5n@!$scm{js@Smlx~eV7#e^fi`$d~q4-LfX)^7a%A_uPF zx?iO3c1WayzjYdc8m0CE?nB|O>||c?MS5#fkS$M=Lq{W1$W|kJxoI zIkZ|8J<8*U*ihKq50G5%yw6*vCt21M8MXANvm^=YYuXr<0g#&a==wKs#1pqBC7(Zi zJGL`Op2EMx3L1YWY4-Wyiy0}POKj^K=x| zh@2e~_@slDxcz7|%iUpU{c7o&Slp=0Pp6jh6x0%lbSl>RLvHVdg@0e4q;k2F(8~t2 z!9%Gv&=do0iQHv9b>Amte)|nGOhJe|$dQ<(xj<|2>bg?(W8!K}OTFsin9E+j90h4Z zWHAQZfxfY&?s{K5K8xXJu^t#|qz2x%zUP_y>Wds*$A~yTH{K9Ii@ZF{Y?Zx*FA$t!&r5-7Ub2`!~d64$qMhw&E^gqRrFkPg`ZyvtHJodMLg zk@D$z2(h#;3bzvm?tpw{Uh1E_28e241F`iTQJM?{YWT*b{z~K~O|S-{YP^DbXSH74 z%ltr-Qe0H%f)OE+kiG(X4=c&Khbg(kqvejH%S+WT!VgJxFrn27(a9=85k>DOQaRb% zo?E;>UM*K@`p$}g75F3P^BqRQnh{0I2SP1=PL;YgYUH0z>zNMTq}BKD<+PH525uEb zYPxuqhH{nSaN@~1IPgT_T8OjP_Sr%>K zOC?8D3-gwM`E9xU9i;*U$QB%QhQ6>d`Nx$tDdPc6ZS8V#-{Nd7rBivy2qg6y2oPS^ zgG6tHula~J=jOhw3m#eB*k};f-jUCR7uA#138X-FmLE?T6-JiT>HLQLL#bAHsy;ec zn9p-ACVVN>T@?PVni2e6G0bKvDPrsSc2J-1tEN-^*MUx9?IU~7h&WaJp)|Pj^YX|! z=utXzN1_sNLt5lNsR_v=Kh)IX3v-F-%tgcG68-Gh;ww|0S(%qwgTooEGg(fK)(nhk zk}}9gpctr-8}R8a#LFeXy(odKS2GuCS${x?Rt|{ zvS|j~yDm@JZ|o62vlm-D+BO0z%DYjr?rKqU>$BwoCot*M86n>hl%x24h+b)>g+3Ba zLi_2pS4I$lJ#XF6HAW6-gXnom-m_}p7-a=xQ@q|@55oCgbF?tadcuw2t)_>>TQD<7_?CwY8Zk9t>+hL{~bt;j916gQa{mm%pd1b=epw>|4G2ycRn zy=h2BzW^?p$a3AH!Gv?^#8FBN_B~S(Kd;z58@_5fyX!}rX^e86Y%{TJXnN?-mAW+( zJKfA_xvtuP#)6HGj^5!lu<-Tv_KuZuE6v$V9{DF3yTc@B!-eHnOjgmNk@lleL%{ zn+ku9nKzxBJo^GDvl#nZQavfG^ zVkK<1>Ii(TDQ0cpr?(S^kHmd)xs1u$s<2Z~9tp#(tb`kjkkBx$8g!bM?hxmWmdMPk zzI-__yV)^|nv9Q#ge0%-Zde8r%OV|{A4Y!|Q|Gyt$1ook5hDDF*8of@cH;li8bn1( zKgL+~T5(UmBXRl3{`^abfhm{z%WIoW=nn7pAeGhgxe@{|1gGI1D^)w!n})Q?)fJ=b zuFY6)_*-jHBCz3g)D^;;;qGT!wn|kv<*)-kbfYK-6c36fxvIFiSGKT!zWCdRZ-#eQ zGZfz06rQ)?nnqDF0kbtR@q7bQvy4M~2kEsp&0=CXCA=6Vvve9*;P+!x`NRy_N$y2)Pr#bK;p!4(HYB<4LuO)9lBW}FdrGbz+kUvEcbaw%C| z9~2Efva5Jo#PCNw|BJoGMInXxO%FPr3sR~FwT(XX4up*n$3c#iP7Di3FuqXaM?hfM z*AD>$xL;t&B(eUc!S4msr5}Ym_9WMRIfIG*{RUbDgyk2h=@FlX5CR|+ItpHq3w~J^ zj;962`VaN^{Jq7TCT3DdNhzMRvRK6a)<&zG2+dm{~ ze>MuZw`gIcFz~@7hPRW{vX2p{E>e+dpSN+t4s1QWzReJA zfyGAEz7@NDxs44T1svm*ouu>F47pI}D4A(N75NhYvMb1Ws*Bu>x|GJbdon(qo z6;(|K}zNfQpo9C}&tf3Cf!pgC!H=fnkhg7YFdlIBt2=_hNem-3hu8<%8yw#AYNyqT> z*GEnXBj)`TRa^<41Yl@4($8Il0jIpj2g6Bk^oana4}luzDlZ|8YV-Iap8%-jRvtPA zipUi^s>PmJLj&&M1|I&$=PZVWZr5W?7|u&R2;)xe`O+y-(b2lGFP79E6>SdG#M;3>jdwU$Xe%J$vR0sqCR9+~VFHsZ7G*sWwQtyA;G+dTz6BX(3Wa7jxxVLXeROjP)79T z>Mcy;-r+YUBUJrRyx?kItYJMGzHdW|Cz`*CSe+eKV9-N3@r!5`&g%fgon-5en zCj!miKWxhPJ$iS!sGOg-zko);f|Gg%grF&Sc!FwG`UFS~{4X$_P0_~XFF_Ji0TLK0eT%=TkeK(GYcKh3>q`*AKl+n;Sb;_3S zdwjVn{8WEQB{Rc)cib1UsdB5TQKL$mdkerrRypo#RHWCSmV1H%(FpV16^$8uZp>1( ze1FkiShZPLOjjJ1X=W-lHmn z$@##aJNb93gNp4IHYpT~k&v87zEGgnS?TSovmeGY$K+X&gGZ4 z_NM&h(t?me!AS;W{5F9!V+9Q*VvT?!r1Qw<>aD9>9!UIIf%mo5U%yx9Q-hG zw<3RTT8WTczqJ-qsFtieRntwQ+!n!PMv=}}Jg6<(O;AxPxqa*b`X_VV0em1`zq$0kBZ`Wq|XHQ6TMe}t_KhR!S4vb zo7jGJn(Rco=yCa>Kb?0j-;~)5=W{|ZqG5m2ar?>4DL#$#7k~Ql1|bG)7n|-dubg=R zpuFMk=o^ z{#NNuWBj6N)BL*B#o*in!8*C#Vvg=3_7kk)%txdGLeccEnBiTG8;1+U#dM-4>pW)a9D1M>|)c!;iceVUFq6 z0MO_M5e!@{eo)DU(Q@x637K<~pUKPgKNTyNqpTM7>80zH38<<C;S4~MwCxnWd;Ufbw9%jJ2jE5GyALe(hqsd-B@tZ# zj;4`1Gu0+w$Ggl=*$(w=@Od$R2`^Q3lPDJVxvpViV(z$D%~Xpf7d$~AaJ^64{W%qo zthFW@6nsghvwz##atOui8e#gz^Uk?Wv25(s&|Zx|t_kK6X=+_i#))QT8c}tQuo$|& zi)Gj$p)gk+dRt6uB;<}il1uv8I7bVr%8eqozy5W(xjCi_Mu4SUrTG?a4mWTG_;=sQN`yKS`%0vJ%S5(UitboE=hQppgr=VqXwCaYTop( z*0KJA=b*yy)9~GpXh}kJ%3;Q;1DO8h&~UA&G_VG;TWjma7qd$JZuE0lzh)}J^;Ek- z`R@Znmc8jcks@wetR9QmqG57MN*p3M{9^#X2QtUU4Em&HCKVkW?vjCF zMV+ol%TXS#&#cd`Im6MYq?)u`x^t4U&HyyE%ELGG$cyv%!H#IoA_|9U-C#6I!{5%e zu8WqK0t4^4|9gbaB0jL;xTjSK=$aByjjS@IR!+nn3_aupdqV<0VEKdS*;-C7H4eX3 zI?-H=2J&2z)9$47%$FJqO76n{N7q|L#T9jJx<~P>;X~tzLxM*(g<{BSOd0 zd9r6Os!awuk%U)Z;SuS}u}vs3;s*vcyMoxP=NU`Q8Jc~JbC2yT8GU}++#9f_)_Gif zZUscuO@J-qV#y+VE>+R@zQ6lYk#NfL!5Uaa;P?Iabd6*};0i5;wZTV|(ZaOccZA(( z!vUIzn)OSGw{wV7r z*AnMVxc1+42PHuIk`O8?bgy-1ES;n}WPYMXi{8GG^b=0iB?4Vk(J^G&CPk4LULKL~ zEzKlmrNP=rO7NNlX;rT@;=F7!iD)M_^woB_Gg#D?F>!Bw1Pc-k$Ko%-Wa|N(Xuec0 zHoIB_c0HaHK-VS*0Upp~BkSppt=7FIyMUt=2{O4Xj2M%kQ z-zsqu5;AJ(=B{^-eZdlvl3U~aXP_`SQ``JEf?l&krvKiVtvJNUXMzj2WS#p`@^@89 z$mxlrDQrF7bkx)w)(}?QRtHy&sAc4ehOLin$JI`rORHG_^@ z;)W-h19dDn#+OJf)t1(@i0)rS{HMW8bPA!d3x&CI>5x`81^cI?n$sp{7bK@QT2WjQ z^iPhgO7Wn^jMU;wgJ)fqU?gqwmE~OlNo+mAGN!EbMfl1|v1~5FcFKC26Onjc#D9T- ztgK10iODWzZ0@4jFJy~pSMkT#?EJjB@}!|IF?Aa9(+E&nAiBUUpAI6V(ZZg?Fr6`GHpTwr#Mj>=z~1kH`sKjgmml_fh9%h9ZCZowAdb5p+q3@`L7 zOHapFm-4xFKnnrc0PWI_3P+@}?S?qZV;i~UW@w#Dmnb?Ptkq6Xrth-di(F{ddj?AX z?y%Ss91N|0mYdyYHp7C$?U<#}I$uG*jk@IRk=_{(gNw;fYDz%uW zoeazJ{3ui|q>n3i0wPFv{7EbgX}Z5E=Z(_{wzq#1%DbHFt|;4oDTArX=)UC3{u*nFh(09_B!+230kaU@!a5jTcxJ8A_8(TLdlS(+b2b^ z!whVGTRV-?zvY{+zz0&EY=REt;+582$>MuX>&>2a5;5^b&HdmVnIEi|)<4 ziyf3RpzgV+zl48R6hgZ_@uqQk_(to&>hZvsv-d{iM0qz@NA zc>-tkcj=h~fKvX7klQAuM#X|I%%|$s+JIFDhg%79AqZmJhy>;w(SHtCP#hi}?i|O^ z7JUA$X`mv3l}^p-XqswoyZ_vi7boz9ZLN)-HShbJhj^C%!9{t)9VSd|t{aOrMXTZM zzrM-$x4)x<1L(M586%K1f3SM{7z((G+H1^xuSSUf^4eqKwFy1@lO~}`ug3hkU5-=;yJ9;i zqPCRVN5qUd3e=)fa#>qe1-b;YlAA%YzQ^sFu5#(8tCYw~XQAPb|I!pfp#}@xVm0t- zDkcZ}u0b4V;Q*>6ZiDOgdGO{p8ynl;_&B$Pwx2d2KpxDnIN7d?ldv92*nbOVrTk}M zE+P9YNaJP%G%~d$(b%+eBv~Fjz1!>Zlc{ewZLZ0|_G7lXDoiEZi!`97b*xI$z={n_h7JA4#%gNu#T=+4pL zn9^n+a?($9_t(w^^o54X`Z9vlhtZw0gKc|k1&G!Qq60#rRb8iH(^x^Yn4IyKz}Qf% z^--g0Qg;nJE0oFHs~{_1|COZ(kL?xHQEfkPE$vM~NTV=Qami%80>n{pQ1*OH6)4({a`g!lCXJnv1sGk%(9B zudF}eFU8I3*(=q!w8#d!@qwqd;{U=JSfV&ppT=vlfLQ+o^M~ND{xs4l9Y1E9-29OX zZNrs!?|-8Q1watcgRB!9mPxfZsbx1&QX2cvTnp1?t!O~NOSYAd23oC4Eo&t2{x^+m z6`0lY>QvYC?TQMt*xD(BeV99U5MI^(r25e1?H?x8{NaN)ESwE-rzx}^%ysIA6m`Ne zgKADM&Pv7VS?rzru)0>worph&SNucYO%i+3j?eN|FQPU>RPcIH;%kqv4zu06;g2dR z20!GBzjz`3qUsEJrXGqFM-KI$)WH5Hza}tZP8IEh@M{RkFxzV*t{yup#!^9f z)n{qM?VhJez9!;5iFPOLilV}VeogH+1>xG%r}Cdh^?ku+d*2Da5e6B$Eu_7;P#1k& z+ZG$U;+mg1S?0ISC@|3fmWIR3uj+It7^!LA>t*m@bMnji4f)fD&od@MF89s!+8xf{ zGwRlLMilV!a`uECX|sQ|k$*i!Qw1S4>Jc%1@Zg%u(wAXY!nSBuM5JU>~faQK*QV8 zmla6_Ip3n)%NUb#AoVSYbf;Fq3oQn|2O}~M#9r<_}5YH=;x~a!#N4kU{C@d+>pON zKfrGX6oXNk{g3tB475aULuAnGLcAxUBrqg(!Eax|qPz0dG%S%AMy8*+6z$1#|2Xn9 zx<{d@MRK~~j@%te>Isw+%Acf#!?z7`%#|qH9wKB_XEAL2O`bWL=O~nG+mDqKGs^Yy zzpmYRQvD%Q#=nu=^exJKdmZ_xn9Vaj6XPkYfpYK>|Zjm27yX?8! z_8p?cr?eYRIO~N9gfM~KN!Qbqbf7AdXV~F4T%B1oK!3s|1b006t%ve-y=}#8ED+{_ za^pQG_Qqe~mJ2!xLB0@}S4^Yn#WbS8eDvyHP)lsyub)ugOCR06W9KPmWO15yM;#CI0utuou0 z>Wc5jD)lJ})wH_FxeJWXppd^`2)@p)vIAGR@LF$4acK}+!_UfJ!g=w5p^FHs4Ydz&10 zNPkk9`GBB6dFkE3cbm}7ud70**aE&MG@2#N>P4nIZn)2vVREj8*tjadySFwN%FacR z5HLZt9t7jha&+b-6njFpED>aa-wE{PWHD4qN4|zL4vKTdBYZ5)nZ`BlENY_Un6 zAH!DNnc2~H3+s!FR|Q#bseX8O^>H&_X_EH{kIR-_G3&CR*K)%iTpd7t39O1zD?Zzl zvdA{Z0vpfGMf|FigvhIm%YIlMJC~&(t`Gi&J}Ap`pXj`6{n*g=S_3%jQ?kVVrLvWA zaHw)>=lqvsdp9A)CVS%uGVr;OJZJN~G;IaO#C|D?&L`Kx@qeHslY9X$BZYjvDLZhu z$?2k(Q>^|pyJID~#!p=(hXiDw0?IC4JI_!9o>NP!g-yQyGE)FshJ`$=>vcj=Yh>8U zQRftE;PDE=<$%s2eKx;j#S1{;w1Hai(8Q+RW=uCw}CHw%seT{+H4KO zF85q@;$hp=V~rGMGS`LT?C-d1bUwOnd)@>660F`&(Zq+?m~i6%MH`$%H6nx5aWdP?*NUEciFF1SA*Z+grAxkKZOMxjpchSZ`IFobiHlj9Dkgy z=Y^O1D4)WA>F4%i;rZ+M$@#I8m3qX+37SK=$Vqp}i_-2??eiWr4}hU)dfl=8cN7336i* z3=J$SRk_=l*mpwr#1gt8m53qSys5cjx75jm*)!-AX}e|op*B|FS@(hqVRUz zY~zQv;@k{uT2=&0bNVVNj7xB1l2WErQH7PE?RM&-oMz`(FrYk_%l zvQo7CR5xZ8BZU7>TG)|cb|XFcrn|e|yUKKpTixtO&N~+Pg=~Ms_L9>x3Elr``S6uz zPI6LzH$Z@fiW?0~`Fw@J-aof6-s*Re%vmCiuPi^Y8S9z(o#Yc>iR(dZ%wlQ39p}M9 z7~(CyiIB5Lb*@BZqZc2Sh5P03**m_)={?4(FlM1NJ7iV}-%&Fw5zPm>AvzwdncDtaFR${kp7 z-&q_nq;}pq+o!}mz@^$7Qi|`eWAPeqLuz4uA$V7#zre`K!$@Ed24HPO&g){iP>L$< z!6xq)=y`k(#V(Y~B~3|3d7|R*d>wW0*@>;jAWQSLcTlKl?FzGpg^INLcC~=>3*VLU^G0oz`0#nGjCNT_QvO#wYuakYdtMU*_JlyaGB_;7wIzwuwZY|u`cC0>Y>oG#bv>zSh%VS<( zKjU5Pr>p_2#d;j<4T@;QX$g9*nm+~G37h)h-Wj`#d-oLi77h$};dVvi-BZ{=OW#2n z(Rr*hVtZ%e=)G;fKgGO_MHWluzUUZMDXfJhz@jE`C(~XVW;@j;Cv&2hb_HgAWi_}y@kn8Y|v1eF)i;cjx zg>l4#TaQQPZ-u55-b2~0!$Z;b6rIGNu!`(5#F1T*RYCW~S?sFWH37E6yv zEC=bM!M%!Y2zYet@z?!6-)uG_?^18K2D#kx-wk}-krx)O^Zi2nWRmCbl$DC>--c%9 zeM9X!EKf6fPf#-QUb*Q>)8xwO#0=b9hXiyhZH3{enR(EekBXDgYltwz2yVO_CvLiX zylajG7bF_@RegfesPojd<%43 z4PpW+CH=2H@rKZ!&(l%wI1xfmo$aJG98>xJl;X1G@o?X?w<%WFm}q~cnT)VHV-i0O zo{4{^KH*e7HpAKw6=C@s4T8l%^07RD6(q4XM=X=<46_Rx!;@$cq26CPnC!?14e!V* z4~NZ?o%&Nx|1hH5D=aiug3}#0qbPaz%fBnW^i;w%VhELQ;r&`_0Vnpde2YRj9Aa;J z$m~duZX(fxm8nzCDt9`f_dGhxeJc&iU1udZAk17BK;9rpH<-0f2(XAtnDB$mAg~J> zg2lihgg|mIq;)+{7J}4gcSoz5GyJG=_jBGI5x(Py&F8BGi8BO3Yq5bg?26J^l!^Ll z+qHB?IrHAX-?!v{s4Rw}$1;7UcuYOeiZbw7;0ed}YWjRx52bsdR%f|?VZxNFS;TK! z%{pNA@NE{uno7sJf0kNoP4-;H-;Tt19mzm{NN=)QVI77DCc+G}h(?=3>!+4DI3|N( z8-I=w^x}3Ae{GN7C%`EOL;n^T=1anTU@eUwP2SJ#k!GR(GYs&;pQ{x=9VA@q#~$rg&&Zmhs;F&9}GL{|Mo2#nZZdoBHMsRu_HVRGbBI{uPsu z7k{x{Cp<9J%jtA^9#|pdKmfbMQxaqxb@oGu*+opOML95k{oAzO^w}t{#6_SISMH{O ze<9!-K0r+*LsIHF5oTBp4;}Q$5NEegR43m7Z#k`yzD68^gq~QUh~4F1A+jPipum;} zj)^pJiX@d_c#A>-E)rRu_Nd8rvZ<>z@2c1F*Br|uQH%8W%jj?zYZyz5kmU^+cl$9G z*dpr_I9k}h#tP0kSJGD$rm(=Hg8jOPtG-8|YB|dt-u%?fm&mZxL}rtqEZ-|~-_^_? ztXo!0QKHb2veRUO9CC>;+P!OY-hnmI@`_cf$wfVaYkv+|Ll znREqX!4tr|mTtMjSw+jF&wb=&2{=`|#a7AKlf=20%4HQb67V2?&UjMDtH;txq@bq< zZ*6Ubhlh&*(B)5fE;3gCH$#1UMYI%+1#q%NAqqT@-`WsMWAI>iht-=V2!cY8chJqU zs<6Cqk(=b>&*Ze~u@^u1>Giie>I8)zw^*d!zpd+9?tMs`&h!a%iX zF#19c+4K6{-@~NiXeH)lFLbfI>(;?%H}oKJ#M}tE zITMNvXd)~Sd=k)F5$Sz|7>z+MZsFI$;OP<+#!;>!-YW`&zD;e{wDxlDyBfv~c(V&G zUXkpP6-XY_=iC|wxCz3{i`{K-sE-?!Z2EFsw_z!~`6wTi*lh}ng8&q$0fR6*J9c5A zDdKFfL>JIKb}(<$Vq8uQ^-Wdah0s-h+YS_w6Ytb^swv#sIrIskcfe&}IJgGymak(7 z9S^my7&IpPsv2x1!CUhGeoCBv+rcX0B!E{B-AnG`1hG!#MLK!IsAx)~Qq zT=j49Zm<`kx)H+WbYY~=6z!!9u_Mj~E2k9c9*M7kQe-|HXEw{*j6R$nx_)Z2tK^Jf z!pYW#AqP!PDicHkxlxF@yYl7~iSR9Pu)g+2b$Sk5^WP@A9z0Y2bA#IYZ@MkVz>=;tVX} z_C**|a}&jTjB5H#oC3zsJ=z8fL>a7N2(ThL_YuoHJAa@=8bA_qBFIfLPq|cbGKtuY ztF9YfWMpI<2CIqEMbtlidY2di4ACX!b%2qT-I9?-mQ+5XD9gX?#7k}P;K8?(b8Rl^ zFnr(YA}j0?iQbnleC*oXUJ;j|5%`qQEFoXqgkReG67Y~j~{}x@2 zDT%)$>8G&xRZL_p(E586)s5*mvQsVcmU%ZhfD4HeId{d(8R0Z+rVk`aea3(A$v8LM z`y2!BKBpuH;*;IzfLvqn$Rf$}^D#(wqU2gZlcHEt)7M%^)6^9DOc3rt4kz0IKSXjE zk8PFnjK#}7%;wKCxAQ=?9ufd#phLUF<($s9c5g7yRr%FtCE%r%Cr`?RB(l8|4aLHi zof?%r;)GwkuSIroH8(HsNmLAe){|t|-@ixU`L(6oKKJ$DHnJl&yd3zS7qOTq(POwo% zMF?~?ib!$#1^;3$vMYo)?fT$J#n)rj-C=b>oFD7Oa4khz&s(?2Hh*X;V4*J-@uxCnTKF!!4&$CLbJCx2>@f75`ReIoD^i}$1O@I}Quz=ZB z@~rLQlnT#M2%p&>jIj9|+4Q{{_5Y8Xjw4XwG1W?zaj_&jmO@q407B3{WWaIE=NWnU zZVX)YTQn@Jf_394Qa@Qx@*;5v7F%{Sq$o8U&R_WN-9%>dpzOhLE7dOJN>tr#Qf~9= zgWZnocbeQO2t5@J43mvhPA1MDPWK6^noi3vIgeYDk(m+7kPCE>SZG#Y4l`MtQ(tDW zxrHSS-oSL+&7||;-#y*I`!j++>&rGMNzZ{bYmZ~vepB&Z=~?LpLl!7I%|X^e2>t5_ zJ~HFzrKL8Q@z2B#ADAbuB?Q6(3`VbhsRd_-ZT@0DX(*^iJ;whMFsfKCem+)UoN~1y z+S>6FKHy~(4LzJ(&c1->mnwd=l}?Oz$y=1irOBl44h_1er!SXS;HD&;;X#DuT1Mv(r2_PDi-0YCHm5`s!$rxY7wI%UtB8SIz%8N_-C%m1jgxd%yp?-uC&yLxQ#}bbo zc0}0uLF(Se1JH<2HNKR~vFKU7Cz&)9{mrNyr{YfjK$I$n zQ^Y9`43${FvPHr?jLzHOPLYLM6E`#G{@8GuR~6P~gN@K!mf?#EjgC~9LJL)ZnP;gJ zbQ`ZMsD~sIT#&-0(M&RpuV{T`!wsFryZGi7xR=s@9ofr#sWLUGDoTrJ_BWlHy~)_$ zi9^vk(Rt40VIesG=`91&*^>`iJmpJxzU18(ox{qd?8t$Bca1#*eMitrEMA_s9@www zFFUa{0B*3VR9#!~KKAVf>0wnjnba5vpe@&;`4o+CF$x%Fa-7UykW(|pEm?0{k zTD<||zN$PjMn`&B*Ul^>rRhz&ic6!Fs;%nq>q+sm&iWy{5I2@`q5a{c;V}pkag}9Q zjL7BMav3MEG6%=q-^SX*`FrCpK9a=A;aetQD=6M6bzo}&{9KbAv)xkJDh~{tSNvIp z8{EQzZMkrq^p{X{R;@_d*n{NlZufbDStiyFxLsPH}$nJ4(Px^f9hfCC- zH6ZJpjH)(q6uzaOA15c#C76BMxBm^UR038roa%D>e#9FRffaz)Qgi;2rcOFaFUm6g z1%d@)#9GY!Bp<^?=Ffva-SWE(USdROFDnBE6+DIs_4|vN_x7XbC!x#N;%h2Bg;!ow z9@?O1%x^zT>m+2-PBN}zgw9TNaSVEEJp-66%A?HQJPH_bAmY;^Eav9okB_97d@bwr z^cm|7f*=r6o(U0@-{VxfZv=OapQ!lVrFd3RiX&1~dDG$AFWV_5M(ziRJir=_sBZc^ zX!&3F4qfqO>!mvgCF5K$!eyynEueY}ifPv2aEcn)yszzb6h>;c*PK}D+esvGxPfa-Q+vBIv(nB&mN^jvsl5zPBW+hu$i-PvtN9qPt? zFKLtrzR6V<+ed9EV6hT($Y#`+Ee$A~RrJ&ld8yO-FLYOLRefb&5`n5RsXoYK)WO6> zBSRDqn~EPSGT(Sa46(9m{)tsJi!!;Rg6ctqk|MLo-rB_T)nJpP9$jljgkQ##DnN4K zz&g|LDJ&vmvqonm;7YQU0Qxom=Wf`h98LQ@TFu5i$P7spB9KGynf4VuwRS_)H8&bk zY`Xe}C-aFIH_eZxln60yM@`8F$%{pA?2GBKw-L5))?+mL2cFr)oyQc3O_FI|$b|r0 zKf;GbAy@T`1AfO`NhNH;akq)c&2-_7uSLv<(f=Ci))2U%(xcwK@RR?RmN?Ddn$#ncD zH0%L}j^plE2~7n===^YP#KVs29-?z04gh-V7TQ15gxmr3^_B=7Uf)>R?A9Iwhh(y0ls(+ z#OZGc$1s~P(rGOX5nH^_Ik~A9gaSmShBvyxw4a{GlINK}y3+zyvJI)tP1?;~*ngLo za^aM5pNZd8S<)gnAgS`eZ%@ma<`&+Z4Lz=cg_*3)@0a@1IWIHGuzxVEM~AGaW>zf3 z;VlkrzQ)IvOz>pnP^0r?#TWbFRry1M4~<;MXuA4)?g^*r(=VCMPxjGTpRZK*@+ngD zh)9Q+H82pF20XoDEuZY2`Glylk#GC4?MsnO63K>8qlnC-&=lF+=^eSUxzzpv*yrJJA$5JG>IhA~;Km z^wrOzD>+(BtK;TiZRpVf`BajT|7nha-~c;k8v(RRrHFdJ!5V9}^u44Qz4+Fp;lJXM zy1A+6S&o^h9i_6o-w_{1&RLKR-z}XQRWpH=7Dyl$IY+v92&vs&nqRbW;6RCc=JZ2q z_FWz!=hG3I|I<%f^}m5;{IwC_@UD}5J|kvHL8HrnkRF0{7pcG{y3W6-Et@^{KkvSB z3SnDzZIs#;qi7eC%n7IRo&k1)p{-5FR{>@@S1>B~XtXK|P z-sR+P)^Gl0*#mzQxVU(*lh&y9`U0Jw|3poUDL*`=sN@p^83*eC*zZN=`4bkHe6voT z%?vJa;vt1`niNKy2u6V->F^HCHzYX(j~Nr6X^?ow(z4;yKB)Z#CDw{1_K4{lSYs3; z?kUxZQe4(lhu;re5BfMVfA!x0zb;xz81lfL96Xaq(+LKY*c^0FGr9|;qic;>QkBWF z-ccF#O5_CGb!B{Ihk^8Kz>;T9SOxFn*1y`M1n@BSP%m*AfphncaRkSnWGqm}!|t;3tDU8NH++ z_sIHIfl6F0-u$2EAqoV|DmECj?hY7&1;Q2YE02gKmS15S`%bD@tvXN6m(o7LCQm&t zI{g?llW4_+#Rwtfzcwd*9muC&NspSG3Cr2mB4#&li)fNQ6Mdp~&pj{VnnzOP9+&K} z714MZYQgnlGi}Q&@Pdbvc7yQ==R}7~4CBkWu&}VaB!d5^AcA-u=7uRND+grqyQg6t zZFC6tM-c@zHSr1nCZc^8->yinoo<677Am#iAl!N*!VkRiKV-nVLuZ}ei~5diN-bjY zD7FdVo<{Gq+PvyZadfp7jD!PX-X`*MCTp^%=A%6t9ihf55)|=#Z*l7ka!1&+I4|jpk3tS!I2tHke-|Q z;V9`U(@5m#@0lVKU`jg}4Nbz+(-s83#+``h17K)dLv-1_WbUib*QWsqza#b}i~r&4 zwcIH%Nu9HN(e?QA$e5|F5CB1;kyt=>P&{FkP5jl}rV}77!tL(FrigrO=fdD&O0Zp5 zB;6*9|73$PDa{VFPUDgGMp;87oe`NBj>f>2hOo<=oy%I+dHU%zTJLvk(jYM7RQn`* z&s5#Y-%Z#RG5;)S+|z>jt$E>ETtucOj^ematXgnnQ?6*1+gRZT?29yhh?+Lez=S62 zKg3J97O6!@*eD>yBQW}$vWJHUl2VwFC~H`KOzvoh2JkN2H|k-Sbw`8n5F;%NeGcBAq=u9$xnWqqil^! zn2GY`3Kr9qZj2KNWZB62usj0sWB&E4G9HKHCA#K049k0h2Jq}@mx-QllF_fV8K&X} zqy333wq}-eRjD4f_U)0lYmAY)Y00MAuC$=`5U~f{o<&C;SS62dVA^JTD)U6cpfqZw z${Jisv|>PI9&A5sVW|=J!uzL%4ji!g7cEeL@6K>37FseEyvah>xhXX3aX4jj4r>1x zg=q3~jQSps7YjHlV=fe4k=VCF_ePRUuJ*_Nc{gIHJ9lBy{hO%MShapR6;87{6qWCP zy4C*r`Mj$@Xv|i}K$x5orS%2tgK#HM48Sd79q*y#Y9)oG1qI`tUxw|z?HS2>WC(n` zF5@Tu3Oi1Vv=o=y^m_Yvp6=Ro*Hm-GI{eGDXznm3vRhD_o~}nxz&n4m4Q?u zEY?8sek*_Q@rl1cm;>qi?_K0rH|od*+mac--xa>Dr+fYU5F_l(BZ~mJH*jthoY4^z z`iSY%AvBgL2c|#wg&W*0dt7Gab;o=kF&-*D>^3yZ$;u+T9WO#fgAk2Jl99M?b_w!UKPZ89dK60Om3?=Co4|Da-P)CP6y~dOHVr7eLLds+D z1?{O&8yH~`^(~tZT;fB;Mb0*XD>vxpJx}%BaChn9K%??^&tBUEksf^&6(|6!ZNEI8 z4al*y6(sH*i-L%|^#X?A<{2T5=&(~2Zsi|c+fRtzA*CtY8*cU~k4Fsz8SfFOquYi}3!iG?SV<;{w1Eq&+p)`(!Nl36#UI9K6 zN>L`qnOnd;DC*N-#i=L!_{%`!i`RQNoG{*l^B&y;${p-~-$jlnq_{*3Xuu5m9hvO< zJ-L!45OuTwa@@+jJ zh;@;y8}8v4j&-SCBX~^NrSj=f2+~o6&=1c0n>(?>h=#RcKKZM@w`(c9j#TUZuf9O` z7@ok;ry_XmBZQ5ziobl3 zfu1)Z49G@?OFv+t}v8 zK~XrIki~Zu88oE5q(mr}23k zl)i+Xb^$~;ms>ecslnmDp|Jw=ME{QJ{~yoW9vHCRcW}YHde}@{RaA%LAs`O{DSN1| zyPhpg@r-h6s|C2{XiGi={8`_OlCb^(9vB1TlY|&x_P7}1*)RgcO0JiCKQ6GUZsmcg z-Z21RkzZCOpBj*)M3FICn5=i!0wM+VS>|6&MDaK7#M zK7zyD&=bvDnwfKS70A!Z3OTl92GF#HXq$t}6ylORf1l*UwDzq~lJkEta$8v150{tn z?Rfu8G{wdAt-y}w@qE3YAviuUIx6rJJ#+Fsr>f!bk~kPR<~$T6l?mebVIpCWh67c0 z0U*c!F+Ctt6(0{Tx2o#AfSWg0deyS@HxrxV%b0Iw8n?A(Brtg;LuR;P9OH*=)us5aD94BdR>=y^0kd^*8r5%Jk#N1X{3ND)*Fj$a&}ahvB6}Ni za)j@nKJw_Rmd1e-ImCmq1OJaCxQ9s)51W?9&d&WowkC)hXTSAuwaOSCAZvt5an7mH zm<4VHdS6bYO7Bl;l5AFE@(c$%0>i}uc(NI@k*$4fmTC}y=U%ge;}-=Ezm3=VLAJk+ zWQBCP%BLCK&)a2%3@Lt4TMl$Nc{j2~#dfWvMDKrTY9n&;>{0zD26zsjGUo2%1gD6W z76Ic1?umK?K$gIK>DUqkAs)w<`-2@|S&(o*Pw>V&{m~z-jV5zMwQ5WwQt9u24?M>e zR&4y~1)x>>fVh8|RD61Rsm&{|KF5tBn$p+#AfP>1J-~XPHT9&lpn5m(t^>Zz=?lZd zT9y2Qu!FW_+y<(je?mgSXdmyGj<;UtJTLErf#5iSBL;N;joZiv&Vo9MO)~KLZPCT1 z$}i#{@;IP0n#~5iDaA<%*wf(tjN{I_$9*nH;LC>>t-8X-&j721)u z$BWgQA+(7II*6EW%2>Xi1*W7Bnp!N(b6CvlsZTk3ZeLof=o=WP?#=ru-ztKSr*r$T z5lBP2RlQvSfzqe!hzmjUNsF;GGXn1^`r;62{Fizy&i%QejuMhu_ur+W5KCEd+Iiwl z|ESTD*Yh6CVfBD|cr73dEnqe=fDxdz7TGrG#7lhhrYzNic|f9zI#wVLKe08=1PAmI z-(z?<1vo6_palNFT|I!{&$aQm=>!xW>3l1Uyacuio`Os%4JUzA&H zvr&Lh&`8UA22R|terF!iU)}BQ){M6rJc`1|WZ%-#mS`>LCGFMCD5{-NoT0Hn`>y{9 ziaLehw&h2JgxbIH1Bq-MttYb6it|?&p_E+>X%UKl;@B_qI43O}?aK(ezf$nM)l+e* zhSF7{XrOHRhAY&_ff2{;%S zDDF(qgGf!{*}D%`MMLwx7kSi3sA4T4hXjb;*0*IG=vgONWXB$_B*aag<}$x~I4<+xqC09(W7v-P&S zFjlz|y`yZ|T)}E6+{%xc!1b##bQo6X}hINMD)x6%x0~KUEbTQI{{9 zsKbK3yYW(unI6LNQNR!bcjEoy#%sm&ZtVYLX%L`RkqSZq8JR3Bo6$%M?yj&oLojXh zj7uz0SkeKGaQV1A_%DNw+$cMk<_?LaeF21pLEFntTG*j z)q~7?Mf62ER8*DCLd^b5<6jR-vzbEadCV+-wIlyI5KFv;uJXp4bVqa$I-YORmqqvW zKhuIdEPg4Zb8EHxd{`thI2g~IW9H!L<{!@J=bzWhB8X~*UxU1YW^?u?UK`!tIH=+- zk^2V*bi#d=z>|c8yC$yxPwln}MiQq4~fYalI{tjSN8Y+)o4aV&66qxgAb+ z5s`VMk^qjONJ-OcBzRc6a{XqPYHr(QUhzcxe5Gt5w|*jvMYaLb9VIIkP;dYQ0>?n5 zjDH5Qrx9V;XddUA5FIyLmSW`p2|-j@R;;!{6x1UdG>UOZRO!Ct-(KbWMf;3v=aVR{ZbDbYdhmXu(y=l+i{QR`cZ{gS0HT+qbA(2L0 zw6N2lo##a8^OyT|3UM9(^Dd-vAVD5e5H~Ao;{mF2dIAn$O$OU40ob>9JF)ybFj8=! z2{<$aLaf%@053vpzn6Op%~0V2@@|c%FmgYK(&>0qJ{eTFA;6G{#l4BpC%`xwO%TOj zc8tRZR|#tjZhGdJAjHy|vY)ji)8*cxGx(?E8!+rV&RVg;>)MufWEeZMfTIwSGtBDwT^Flj#(6=TL)|SDctKDe2#qyOF*YGmiMl=# zZ)_8IA`S@)|1|pq_+I%;{i2`IK+IKIqnU1)U0eTB<|R<@Ah6HOUI{dwzJEc^Suw zbg8xB|N0!$bl$WRQ=1>dH%vrN!QBf)#e&a49yl~+;sNJW21&@|7u|Z!c7V^tv0dv|+LRscT(=Id4;DDo@Y|HSrm^=qSW9p0Ib zC3@u_5(XThMbm}MvK!II#iygQs`}D-VBQ(`wRI1*@m1smm|(#X7tVtq7#-0E12q(u z8;r_^L1Rsk6HU#+-E#iZ2=!&I9yvpjHkzyDIoNf@J2v<%VPoKaTVH>@mUOXzMvUSS zxJGt(UhT)M39Wi}qoSaq+U^dI`rOJVQf>)65&3 zV%A1C@V%asK?DgPdoZ6X2b99t<9dMT<>rIb6hHLEzj;X3U5<5?e`Eb;lQN*@_Xi}3 z`QFX*Gym5WN2ATQf4khmm;-O~4tW63ZYj z)xr;6U?13EGp|^o?xtsLw{BY!!I?S7i70r~n4!IgF3BE0Cf`WW)@V_T3R+d3D|#N4 zH?BUfg=}Ix zWmz164`&PG(Ru6P?^o1U`(WGqL)%Zc!PF-UY|sXx1dZ3n*(8CBR<8DIlyu*H7~NWr zh!&mFo;RN=SE{+swn@YaT?sK^(LhsDfx5BLntZ>m(s5IsZ}DqS+_+GA-(5)|lFl<0 zRx760=FRpNF|5%KppGcV1>xu|Rv2T%l-$LE`NQd|*1`~^yc;Yd4DNUMd_X$`vF@ck zy}!g==#wujcc&kJ(Tu7*4bpVJV-KYm%v2u6`gDth`*9!DY`Oz2?@p96TnwxUvjsL_ z#m4gL{3HBP*nnQ9t`V-4-~|Cs3Be!j6=t1|FrhW>D;70QE|#uMbqI&doi%+*!Yo!N z2}~vI9j$UnTW*eGCLf|Oh)97IOd0p7n*)j!fo_0O^U3I`$Ee3uOl|R;T}=7#0-T!} zL&o3iJmp`}dil|U_wT_5a3wpa25K%+jG#04D5at-uaf9Dg3E&N0+GgDi=rO5&r%*q ztY2hDj zytsEQAfFB8h4VF*7tSWo4Jyhr@-j!32Z7Hwg{@t%6~Al6sA6{q-YN=}EucWz)F~}UQ%bAoNQwL&zNhnS1MgM1{_qCLHs7e) zEV2b@>A04qk=RyOC;y1K=2tRCwMJq)xIVAvtHfsP#ux^A@q4iFo#UTo{zl{%U$Q1U z{q76AR*n)XZ*{iYG$H%K!i4)A%V{6E?=aP$r4sbre!OY2RcI84waQ29G+daFFCJ$Abt@$vZ}+0bu^=!@3L0DXWFO{bO!7-d)hkZDRr z`rsvJ!l|mG@eiT&g9W~KZz08*=E(pj;91W^ND?-F6ru;)CeaQ8W;jsUs-X{Fy!>KQ&UQT@H?$F2a0wyw zE?p|7_-s0hU~U+T>G3_Vc##k4JUWVOPL4Egb4{#iurYi!J|VB8oHbT@!V4bEr@&xc z@=5zf5qrb@rXy)=M`Z)py9b3q%7@v$H`*jZK26SRy)8%v$YT5uGz9u^h;+^L=vPjf zLJ#{K3T%9_5;ZiWU<}CT0PJ6YnU^mHB?>8+y81I2nHxlk1U`g^eG_^KtUwbm`3qV@ z$l1hmOUa2?nD7{e9v$4c2@7usE5=V>ZRr18|Cmwf|8B*47Z6!->=W8!HpxM{$ARVS z**eURWuBXzl=66yo0GxU{QBvXqi;+&6EVsrH47n#=Wnrm;TdY^s#$ubb6R=YQ%L!f zgX%jC4Q>T6=koZm{bL%JomGPsPOVOQng%K<`ZQ~44PdFt3by8@XChi6!T0LrD^FqaW<3Jez6rw%|Bet%0p<6#L|z8L&p zoxOKF)&2hl?i>flK32#&MjT|8nY~9cx)a$el$o8q$qc202uU_&WgasbA=w;c?=AE9 zI`{p#$M^U6{q^g=$dPlKl0~g!#Sk5B; z$f38CJkU~{&5N3st@ne=XR|`do^(WbMnYdT+K9*8w%O2bcw6w;``(PR=V2B^6+ir5Y!k^iUF5xRM;(2lm|oU=^Zv8u zL|#$x{X9>;!k<#xjT6=;H6|6fhJHt_RlA|uNqi+w?3K*lGzW}HmkH4R5IgltA0rmS z>sYBAc}{y_mOU0`+sjFC$GxBAf!9V{^KbjFlUWYU&y5f|E*=d7MLyiW(E4Gvlqa=obG8pu^;@QUpc9Y-V_W6|Lq(S;z&UDA}R)P&y(t!>`X|6sid4Cclb9 zX5joA@baY}@)ov=_Q&85T}zRv;qG#x)ZA=5b?Vf`=~o5;TE-mh;(Me!q@9I1e49u( zoe0D@(Kpq-TLVrvmeAx~X~DFu5CTRF^*6O_saqc$N-0vjsr~A2zr))~G+60{3$aSI z5U0cGBE0bhB@=xXO1^A9i6Dsgd59cp|L{U!jud858d6d7J8}Zj>h8m}@ANjUBE5I7 zTDLguCuXqHWHD6a+e?PGfqYNDUYXiS#3Og^$#y*HpD%t|xX569YSqFP+9anZ1jo>9 zPY_jB5#TFL23KysdmC~yia7MTj3#bC`n_PW7M8UWh^_o*t)37Vojzi;e9gI*pTuHV zxYFka@B7jPpVUa-D*h`^^amTZOY|2*lXQ4~*GUm+bfDHWmSdiK+fcZ5OYqoAv!A`6|v2hpY9s z+H&T84utQsmpzFdn;?J9muZDB+mbTUd&RG*PfiXWc1$=b-eK1)(yjAS@<(2rLn^C4 zzlJ@0Xp#B|U$dZsNEHEJ*G@84%t9g0=nPu;Jp`logxg|-O6mz%{9MA;i|grf3|Fj_ z0+*-C}lQp{yf-~iZtTo{^{b=fp_)LlRDhtrP7}9OV{3Xi6QRrqEB;=Oz92y zjBCDglPn0`M={L)@UGu~=l$+`6`(7XmJQ0=@R-{}@9h}Vra0?kzOqs1zweh^yY596 z&RFdfV2ce!tCRZ6Y3qsMR6(K5ROat`axh2hV?*>LYB5B*%uU(@zd{=`mZb}O5L4N= z(J#K2nA|#gqZ-KCw5LGV2CDb1H=b_ts-$$CNBibWO_TlR$LPE^Ww#cQ7gP|kg-`RS zGW+D-dYGA`NIn_<{cV|WtSxaS*O}R_LKSrl->y2E|AP7LVBK$DT!^oL&CZ=|$6rGM z$%nTd95_~eGVCPa$O_J;`fYV6^~P%~?&o@e??!55M@@gZprPodiIKFw$}hbaPd$n* z#-`ZbdgutjZxf>7o^UCmDzb}Szm(jKC;juiFA1syR~JLnc1qI?Q&i;_Fs3D5#mfRz zn=f+TwEBAi6~X4Uv{b*Q2X{?l2Wr9tK=j{7LwIC4DQ&nz>^#8xbb-k4gR5!04r9Hr zT)nV{qNt`i7=-fKs&ha^P9$B^G0r!>eWD@B~vgZ34M+3vdXI zAcf%hRudh+Mbj@{I9AIaMpriI*UgaaBn7|-?V z?i~Vsr=rWe8XO+WH$qrB97tTb_AuI<-f@ED-ed^Q5DVHC??~NfzMu6jPVLW{$&UqE zqL#vYt|vZJDEk`GlI-5#UGnQo%5d)t1LH1J=U{A;3Pz%A?i{qm4tAdJ505cX2?bc| z_uX+@L1^i;O_eXAx5|Df>6SWuw;q>S-lvYQe(k)|H4C~3a{3HyA_z6Wz25Y5?aZ^+ zi14Cb(5p4h5jwR*k9OQG_UaWG5l2^gABewQ&MYrcej9VKz7_tY)!;1Vnt(`K-qYHZ z_d))g5p9nX-o0*1%UG4-x=K4*=2Jw++p{G$<5$TZ8*`vQS4eiCK{@mC{tpz3^!@ZV zqK;|h=-8AI0IN!2^}1gPH*ZLh4{<<(=kJXU{1kKr%0a-Yr(FNqBhPm`JoUJ1ub zi116fy>pfIv<>jco78?%`p7yC(j`Ft&NfB@{M%2_PXddjE2xbKo+P%XW0h|Ug|iQn zicMk^%(vURy;^!N2c{t=zR%_YPtP+~^X}oG9bNpE4@K^-Yk6KV`?4w)+9vqYC37vQ zN7a01J*Z||qVmqttGHTW*FbJX!_{BUJ~>gI(#MN6qCMrMB652GcFO8OJT%44JLh_k z_8db-YLO~N`5j+iuV_-9?n(o+Th>-DYy(ur>AOZZqCFY)T*+b3IPw}}Ki>FK=IlMD z5-v)8iUP$+6v=QsjE#!(wu?YS4UCqWTAbF}IL*~|+H=Cu#HRy)h5qf@NU5{`Nm0T| zPR13!2Q}s2MSIp!&IHVK$5D78dgzbrg)e2+krep#1{F!+3?lPwH`t4e>r{AWwT1W6 z?Tm|<=PUyOm6MM}@ki7D+?H(}O27>caP%Js_;_wG);}-x#xh>2Uh8v51~VXFGad+qs02 z7d$;!9UCpTGWmErpps)nG3)v?;j~>(qhX6==JWl7>o<%ZP+0SR_ZsFvtPRMc{WZ!o;S$=F45%|=x&BBa9V zl`G#L)UR2IzFl4%HN66x&T!J5*wo^(GDzNUcI{|qnvnTFjSfD{vWv*}7FRB^=BrjtvC;l7)-OX=UlOo>2p%1uL3<3>N85go7ol3H|RjQC#j z2P0gng7a}v2NY2C(i9{y8#*0P=88+;v>u!qdcCDef5fkcO~%brWl6RyE|=Kx@(nj z>g%KRALFZ;lVewB+-v#jZEA{58V42i{F*%DM3w{NMH<#lx>PbgKmK_|AYYp%0>?Uh zep7U!Ni}gQYcryHfpG+-IA)yGqIbq?BT4gAhr29wOY2L*tE)A~pZR9qz>0G|>?yRb zx>SUSL3SDdao$)MV)?Vm(Wv@e@&{7Wxnr*Wm}?ybhoBCYUpY@Qm$s*X^92X5Oi>@z zX`}m!Ug%k3szhIo(%b>4r<7VVSM$bg`Wwg&GDW*_il)DKXcytZ zSdrn4)R%F?o9yx8=odEEqF>~drG&|Ya=z*1p_2QdjqjEzkBsS)*0DRRDJ|RvuGxYN zg_1jAIv+9dUbY=a;L(~+`Up|7CNiJcavAgg6x!)TbhGxT*Vl&ZFp9Y?az9-V7OYJA|z#npK0fk7{;BRxF=4XtHy8ZtGYLFY-`hA))3{YHgg4zojBYT{R=4 zwnlZp*7fLS$>l(ZUc!@S&zp%gu550b>hQGA(U(bdKJt1ske({1Kc;&fJa8dP5n8b) zeW{;L%qa0KQthY>!d@M8Cs{8^4Aj(TBcD2W<8x5fBhYTEgc!?VLRkT0u0Pr|IeTa{ zq%1i0-9XZp-yP~qD-gX+%s|vuv`H}p`2OJAD$S*s%6^#GsS+?eaH4U^KpD^ z_X<_WteCJwrd6^vGjvPJ;pg6+N=Hwj(}3N&3)lMInO>F5RG;(WSmt{vULH2F#cW#z z-$S1%-6GghmXameta%)Xcg06PIHwg?$Gb~x6Hgi8r9Jn zuj;)xap;>e6J;XOYmdh-%J|E;o^7TTQa0H4Kdo6= zNc2&wKg`s;N^2DzZuL%R&IcoL9YxS#N+~UnLfCJ?*-JyWecqfLR2B;Ki(go;g|gta z7j0q&SwLVbOc%U7a{?lsy})7K-|L!d8HlO;My9(*l3&fck~bd|$NP@GOqjBmh!5;Y zYdTF4sjqu`&rwHq<%GxJH~g$>a=n-0AwgziqX45@{Nq{_E}3TE#J2?h@pPICol{{X zQc<41`P+|=;TwAFXQ*%DQ7yLj_D8J}J_7~NFjlz1ev0Gz#syEQ^kiOz%$1Rw3Z$nO z^zRv#t57Isb46s3((VbqxmhwyM;P^uQ#7R^&=pm1iLx#_Rtz9el-!vO<5u#$mGa}x zz6ZQkN9AkY9kY|8tu6fvRu`q{_Rv|N9GPm4N`i+j`&xG|SufT~b>KDODkZrnZ})gp zYPhKH*DKAxv@1cyEaCSvW+N=P6NG*rszai^h+uJ2vR|iTo@~1!Udq$8E~J`mDp&y+ zv+$-bO8Pw12<@CXpHrdt@}(H6?UUj=brifwC^I?iRCvTCO)X5Wkrh##p6Yql$aDw* zcUGfwq1~M1bk^V@H^bVn#G=k)K}>p3rFpD>pw9i%f(g7TQSa(;%Qh{2o60$hq%rYE zztz12vsc5U4kiqEX^ae=>EG_XmT_(%cqnXjJuM}0X3N?|{qyY|o1s4*7y7BNeSg35 zl=gIY6WM*0886c&^M!{&7NLOnUe68o>Z8J6s5QiGioO2sTbWQgGJ|Uy138h>zkemi z^JamQI6kV+mjxk-Q%mCqDeI*o`d((?8X9%E#8SIrMnK1k;R?FP5}v9P368$;;zb2~ zTE2me??=mSKZ0Y)uDyJvPggm6EoiAZ@+QKUoLE#TF3Opm0)O^NiC)ARn3>>k^ZLD9 z9vs=p;m64DwOWubiAOw7WfRrQMS_?4OsQY9hBRI?tx%CnqV2O+GlXCi)K;Zkx&KZ` zc_y@fr%m>9b}bR{PH9N&ZGiB!SE!Kh>}zxuM4pS4+r>|ZB_ZrKJd+pgOkB_1gEvFd5idkF&rR|>EY18oVWi+f_oxUND}o#nQ2Bdf{+8L5ol7o1 z25&CL(Y`)D*u!*$K?m54BmejcQSbuI!3@z^0qV)qsh8}GW_g%b_?!Q7(J8{+6 zwNa%0%-HCnBVtR*={Q)(xBZmLp?7dWB1Gkoe7@Se#m_!by=E)9#Q-XqXolPH%B_|M zuy5v_oAo{=WCB*5pLNTU7DgW)@0_g(THP`-WO_3?NAg&9{-V3izx${dCEU6kPvIP| zN5bo_t`G%L!Ar@rV_m~(^DnAWA@0B{QS?jwsFUh~Z~DuM+o_;x>05F#Q`O@dl6T>W zB>II`4XA5qWL?JX6XQXtd^cl+?ryBPySz>_^2V>Roou}5%v8Hc%3hjh*PB8u_=(MA zGpu$UJ0`e%1*G8ciLZYQ-c-|^jezGL!K_kjQf&L#wp=l_yKbxfO`7ZD$V2S!|YR| z77HfFY2^{xTU)XYM@_V6*@qBlHS-%&xpxSGQRHR1lnd;a#3Puam1<0mHZLU4Oe5twVT^z0BXMfw;U4$ReQyz*F>v0{rr z-1FuUn*-Sl73lc2dbXF(gC5gKS#q-&YlcBaZrsyITXK&l-h}J->7t|7xax7WUz91l zUiOLZ5F9WTiUi;B>3N@!@)7rmTgB1bt)v2#kY%CY{pKVqTw{6&YXAC#V?I#b;LGcY;d@B4@w&tK-^UqvP4J(3n9SGR5#W6F3tM>$Ssa1VHQmm)*?dMs=rdZL_Z;MrDpO4lPeD;dRMUBSa?$M6b zYdV$Ho|nYc_HOz_pV!)zi!}O}zbC&@dU8~K-gC9uxZ3r)VS=2pb)ZpT^`x}kvixRW zu?i=wf;pJ#j(AHkUDIwi?;ZLtI~@!eg#kawuWRGWb$taI)=iZd*B}y(Fs4{WiNTCN zsqcZNwURICAqigsu(YE*jy6p10p)2z1w?`;f~|%}@T!H5H%g5rIyfjXSH}ND+)|g? z&p8UiiJHqiPN}fw$!3bZj>YgtTn;#Mx5sOi-^HXS%{2IWrRpc&Ec(r1y1b^<9r=BaJ|AkX?DkcT3t9r+Isz*hs8%7F{#zv|Z1a!gYNWR0WQs zlSQAmFT2n)1`BmsLW`|K z5p?fjpQ|}_fmgSX{%Mv!o7IUAMyu*+2f6;`8MEN|_`6f)O8nGJ$0n_}vkF9_W3|P@ z8&5wKo0JclOzi(qD6F%WHacsb*Z*D+Iy`FOTR7n9Yb3bOT>0@{(Lk0ayQ4E>uF;v> ztfZpjuUxWjreL06{OWrX99R$u z0>A4esS^_$10o-N0DbQx}2$ zo||iF=;gn2o?sLw+9K>`@U!UiuvuT(Ow;98(WYg0Bar@yNX4nxxe`}AKuS9?m^xhr z5@BV_oj>`c|nS*-JFA!Jp1`-`~udp#L`P@z;`NL4-WI(A_TwIRwtXOEhVV8-^ZPC!ti3ovV ztk?411#MfIXV(6(Su-w}Q9!0ri0^i>GpR!On-C}RWYN1@cnP@rYvgb>j)pAr^lnI~@!ofL*+8*NKM?9EZeYVDbI8TQqiO#{tTFWBL77zvaVV?YR)p|^0lbh;sX zm$qI!VMN)WS?8}U2es|1fH-!tM41PUcda~k^0Xgmejrw2kHRtKm$hVQMF>iJe>MB! z8Ta{-!BpR5PCTjKp^;IobwJ{YW3gimc+}K+O ztQ^IK_Dp!y{&b<`vWACO_PFh3({K4i(pfJfksV^AgO!^`l^oQbG-vpH{);aRde@Bc zShp<@CL<22l|I4#iI83u#p4<%nX88TYVeU2gb>72PG%MFL>)88G~SinnKPV zX>1PEeEbt|!`sN4VP??HU?HoHnk%f!R@a*RPY(})@cH0=I#C)5p#~G4O#C^NL{8ckU5RETv_x9u&MJ!}Lx`^ANWe8%` z3j90ljC|H^*!~$NC|ng%4rVbTLjj%l@I2&Ws3{z1&d)V#d8W;_Ez|dLtDSy^M)5jZ8Mh{Npd95|y}kI*4dLyv;C z5({W5Br}Hx&*p)1yq z4x6ox;wtKCq6w4u4n%J1(qA=Xg)YOOlkP)W{O#<&qQhj(KW#rta8BMPsAq&rBa5H{ zc!%CP2$kS94>oxUG*0uY8geN{xOM!1LKk#2h-$u7O@3La=w|7F$AKaI4-P0Das7SB z%)IS5eegEjk+=S2bnfJl^}ykks)tb=P`xi6mBsl+n9GUd3_2clkCc43sXb1 z>;(<`Y_@-tk%FOUP0^iLGsg`ab69h8(4dU_vQGXF#HqGusOQGGL@Oi{Mko0$JRlIX zm2e7YVOIsjaJnka0ftNteYF4fT;iB?JF0m!hyq5bRMsjt_pL4zLyn&eS~QEZDRvMz z(V1*(Bw{1)pe1P&BSSU#`BA)oB~*b8a0$K?%?8`YHfvSJM;s`Jw|-CWJ){;^1UEg3 zD*Gt8$0M6IJ^0}8p<5x|!gx>d?;m#9o4*b-xCS%?MeYgKf=GOpdHGLeAMgBxRF!36 zlFxBWaZBmKN>y1(;ZLF}TbK}hE(i=wQ29F!3&t>HvnqlNgqO@CJDlccHIGv{&Pq9R zq4O%&LvO1ec$mPgC81LDVayoAO6#wbOFOs(giTad_tzN{5mj1`;46=~3f|mv$$tHX zc8R9|Gr{HmW#i&VVbEqT8&ll*uoDHKW97-1f7>6lb#0gR))%FBWd^pw+`oWQO^)P= zs`3u$6(`rt$fALOP626zKr*rdXm~*t!}3k7SwtNFT^uZ3b?p5eVF9WXu1#4iY(&s< zT5)7upGQ8H|EL089h|X_g{9aSr=&i|xyhj*_m_e(OwI=zhWliF6#Y}2_xIn0@gY9F z4}1Rjz^;%rNul%ccwg?iqWn{rKY0KC#GfKjdlekK87wuRsX(`3@uPY^B3s3Nvo4Ja zT%;B}k@OnPYf)Qep7wj9WKfL+I)YaYGA5(^BIpDM=E4(x?CJ!!BM1K_3N`&|Yj%ZF zVfD1?8E0Shl#yun0}S=)+s}9N<5Qu*D|`A6cwUn~Au%+*vMCf)Vz-%AOWP-Waph}@4K+t>6{GKKFJW~IB(TiapO7~s zlWZHnqb0i|&Mi+VMH*Eng3<6`PmZ57BWTA4C0^dA4nBH;*XM%} zYB!*>E|9c4e_^k|$-5$4Ku6%iy6w{clUpRt>vQfpR*vXNa-#$<5B9Z&`_IMu*G~rP zv0)_eKadexNd8JHj~N_@9S3h@K@oJjyG1FR!j65rDcyxG4zM;|1Vd_(j1e^=fFwoJ zM87{<@_*u91>_9HHhxIieR-MZhyYOE|M16M?J#5Wc2zl08hu+K;xEn5C%s>eFd$1N_ z;K2I@S`FD6Ieva|gWCA%N*-2DZv-4wj^FsIKLNpeb4k<1Q(piSi#^unoTdO@`()$% zd@C@4jy>RPNA+|rM!+FI!?U7#`suf+8FEQ|+1kTz0!=lZ;?tmPu|tCNA?Ev6RTh71 zP-s6}#O}LX1eE;Qp}nFUBgaaxUN*tMVu=5(hFpqZK}fdPl@xu*w&Q?wJo!}P!>hh& z7w-**JKZo~pgv8xdTda|cmfjTJ@~>q# zJ`GJil2yTlu|qmS07pHRCh~Y4+>1La!8As%)Kq#YPwrU0B19+z0aGBV=UB}ba6=Pv z)gXv2UtgGuBV*;+U`g^>W#Hg?{m9IDj$CQq5JRE;lVUC z6_(>*7y9g+7mMUKp2%9Z!IwyJ$mNeVr%XOHvjm>ao;=IO09LEw_ukSiZCw4|JB;S7 zc0u)Ee)hS@`J-t7ndl7q%f%2YFOOB`OCOF}sn|gr+o_I8m;=vT8Kj?nnx_&6F0W!R z^?!bTJfikO>3lz2kopXytoyuMB*w$kWMy5?q&J1{ zVHk}m;ggiu{#FMY6C?Doua1;LbeF-HxJprB^A&rXuZ65sa*3w72aaNmd%lPMsSLlt z{(qF=a>YOof`t9O*QO9d!|>`stV={cAvKQX@WmbO26EhbN0c3iZdwU`befV1(6+$V- z#H5pziBKvF;G?L-qS3oyOy9}tsh;R!9D;7l0e2aXsMO+C2ZM8LdTS+=O|?5hS}7AK z%D#YpO^o&&lazFJ+s&^)`j|Z&+X2iGxCftmq6z2-??~+^O@N&uqq7Sb%F*@&vAMfz{jt-a+~wavHp>OM1DAviMbMec+3^mAVhcK)*m3vQ*Q(2l(_4A2pnb{V!HAg= zSp4ffH~QT@tj=psH@|EEKd1*jg!&xl!3}%U)@qqFR&8r~lkZ4=<^EWdUipmqPy?R& z?QmWxoz&Y|P=F4OIOf>CItuKJy^*ml%(5E2mQZ?^3TI$FjlTk4Gy#&C!RgV6_r59@|}AS zm4xyG4gjoQ@DO+a#KUwYXIY!sgZ87<;;xFMLxNMnimqGH$$hAvaQY%qq3FeSJXB$$ zxx_7}hGT&fZ9SwV=D|B&B$wmzR9WnGz=@~&M3km9?<$?F;GRl&S?f%`rX-==FGq{yCOyJIcAdzug}eg9f5S_#7hA)W{G}CKjO8J zevtu%M8Yi8icH~|mY&k+pl5)rL zTwT5ktFXbAP`BlfV^tO8_)%;$^5V~o>V)Jeu&+yG2CWVkp02tcxiDd4%y7{&U}N&^ zb`U<_Cl$3HY@-({X*_w<`lY!)v?-JK6bvb95`(#+k5O)(6a+i{;p@FgY_B!P>3W|{ zze zjsur5TI-LloqZqPyLH+FxjknA`8T6TPyl-2-&Uym^8LO2BW|TZ|G>`xE&T7afCsw+ zyrWV2D>WkQ`^bUgK&hdon1<@n;BKXCjvpZ;rmYh?@ThPQbw>cSHNlZa}thGg-FPnk68Cuq2{t*feX@QX+1|AZ$o3=FqwizBT%YA~o68P?O^o$`ot~e2F3#vrTtZ;UK-H61x07 z)Wtt=y@9y#^1}Cs(S37r%1g#rY6Z|F5kzDwO>Y-{8m5>A|wTl|Q5SclL-1hZmouKMq zG3wlIzF;n*Ok6rnsV!J;Dp1`1_6?t%{SxjSAM%3t{x~>WrzFrE;H+7I^QnLB5(UkF z7=*2(zGQw4{A8Y%IrbduvHD2!&m#qBH25YGLke3re63vD?wCn48bkIdJ>u4@11B?f zzKstQtT@oGPc(004Lvl??6c~qf&^C_Z5%X#AQG83`x1G;(Gh`lr(_14*sG==zXcUe zcCN_9){H%TQ(JZZmal3Q&7=^b#?#JQS}#1OrNH2wmB_XSPA<=EibS2HdpYkG0MmE3 z?%MQlQUyEM!^ebrYObVEa?HP1Vxolpz1sDZntdt3qiC@oEz6cZT6srp6m4>rRK8-* z<++xq{eBP!hrCiSYcs<;_q3dO>Wc)Pm?=Nb$^2uM-6h>`N ztqd2Y&Q~mhBo{kcsUIufD{bvkW-3xNw~V<_bRK(J ziBDE!Cw#@a*S#R;@0$seqlVTeQ}SwEcv4>%jTi6>2pE*Q-AMXsD)qYI+~_aBD6bh8 zc7n9Vis!q!_X!GFXbQCmBeuG`et}(fK_fxrLQ(wlvI0g`JwD_&?aD01bsAM0GYn>l z8{>8-y;y{XRSu5d5Wj^pNX|_q??$7^E3~R(#QNOdCR7o$Jrq(uG8r}vXG8Kn2uByc z`4>ams|3;Nr%)=8kKQlT-zdc^{@oD*_Zik^kdS^d!oP9VV68)huYOk?vt7KgqP;lw zgC%uzi#PSb&?@hG*OiA}4F}197+X>^VFCfWYO|YW?x1#~SePUSyZ1&}J7r@GK-l++ zH0gc$%_P(YrCEika~X91yN^Lwbsoa%%W=XxeH$u1Ms1I=L^@N;sJ_0qw7c@_rSq@B z0Sa5K_d%7nZkEedPjeXa6?d8eeieTVf(&P0V6yhC<#ev!iD&@la+Tcx+XToHZUBna z!-6d~**(xaU@n?#alA|y)vD9{@dS_7*xYN{Cx2cOJ_FqhHwaOM z-99J}J9gW$p;&ub@Af0QvCqDI0F3A5Db_B-=*0Q*JfrX*PSb~@B0ygBC7-7hIW zQeC2)na`KGU9cQvEm@Bg2=2AaE5q-)UL|zw3)~7z0FD% zp-j@YmqXK_$?;=QNTJ@b;oxWdBsi`c-7FyBP|hDNG91FfQeKczy0_HxdLB&>Ww^wA zdA20G0f5IrugW1Eug)By#C8Y4s}uXkZCrs*Uf<;jYEN$hDW)1}6bNYqN}9?xs6xpr zFF@*P@-rb7XN?Z&$!*!qrpths$kf6tS+FK^nIIrMCo8y0{m*s-PS!3CSUsDOuK!#B z=%rdSp(fxpPzs2xp*^c#?|^);xjmNNN0l zfKF(6gs*yXj)YR$_t4#+t2k2|qGqT-Dd=fl6V!^qLRPKGr)$NBAXu#n@CP%o1jNKa z%{4p2_st~O+W=MU1bWN{8rS;;exijkLwxT0a&%YGzP1?KzU%mZP7D&&Ae!^C{SAW) zYg^E;&z+lT2P#)myOI4mf8us`{@>N)uMh2H0&oCy^dVM zDaF;hW$9-=%oK_nA{HxQPb4g?y z#3WzbCLAi`CiV!}p=fbL7kOs_%U0~Q#=zMCt4TS^*#)9y?K|v({?i(o*Y@NGa(}<% zfmq(bHRx{P-p@*Dwt4dTFAD9emF~XgS77zQ$n|@Ik5^P|?1l3HDLDh;G0}%T zbk)Ll7C5!i#K}UOo6dhO_P^Z{)gL$9Sz;8rKwV2WDo%F6g!fe7^ z)36vEv`T+qvoe|t9U|0B?1wW+FeeYQ!kxwY6fOli6Fv`cm6gI5op89})qB}86g(U- zc;{)$u?vt@PLRu-6&01)qMs>T~m7&R8aE|8cW=Rhu#0k`?Rd+XDcDjEOO^kmB}N; zEw2ge85!^52B)$W2~I(dk8ulUmH@TfcADc?`ECa20v`{5d~riG(FTJReKJC^Rdhby zE0k13gDN7H4&FBq`Uvf97dh4@P#=b|6f%t)cBSkj!2+6k35wn@SWwaNbvYo4w}!2iq_&#IyjnPif`+9q3kFmlAsi--^I$(h9d}=jL_x8VShB~_Eqy24fjh;`Tu}G zn*k`U@eWkOE6`k*HN?kIA(L@7PeAb#&uT0d0yuxXc(>Yqr~`y;w1JPS$&Uzga9_hf zT*A!0hGRjtpYR>0h7u{~FjA87*=_*sLpce8oA&WJTzWE@lV$eQ7eVW=$x2{AFJTUg zHANpCERD802dTn3@K4-8>iU)y3_odEGJ2b+y1)t`%Y;KGUgTgKnYr$~xq*bOf0uHFc?h3Y15|_*Lxlpo+jTDP^{^uGQanv7Gk*sNsF~prn=R{pyk{;BP1aSnhEu zZAJ9Ni)^HjjG@mxv-d^mq8<z~qX9H>5(4E+mZWi2KYYg1 zKQo1>>9Z5+-(V9v0lR4-&K%7RObX3cMIMdHR_XAp>?)fS69@0Jey>x1G&6$sBpvkH zlX6mL#*+~LUGZ)Kll$mD{JaL-8#qlYm!fmH7Mb5QT{-xy|B~_*&vh6NMKJo1^ez#D z9>_P`en|p+VnTp7e{G?n6)DO7&qe&f2KAXcU%&D7wW|1DTiP!QoRo}TItS1OC>H1tnO}rw^;x5 ze2Beajj~O$+R1nby)uSPBM(#YzhAPM8p*A1B6qx)<5FwaL2j*fX&byI6Met{=fk-$ zi?n$pNXx73;2QDyt!v;<64HbaRp08~w2P1b1`J>zwP9zs_*!_&}} zwsc5$*Z*hc{`a;_*+A%Mdglv1m;ryUggkcpK15+ zMTmYPK<&$EhyQbefwBDeJ`wW3&j6>E{P*+!c@qh literal 0 HcmV?d00001 diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/documentation/sra-security-lake-org.pptx b/aws_sra_examples/solutions/security_lake/security_lake_org/documentation/sra-security-lake-org.pptx new file mode 100644 index 0000000000000000000000000000000000000000..2dac57e3b3ab7ab000a403035c42f7fe8b35afb7 GIT binary patch literal 259168 zcmeFYb9-mawk{ky9ox2T+qQnOZQHhOckGUxbUL<^j%~gDtY@vW_da`F@BRS$%s)nH z&RMfYjd54ay6&MU0}6%;1OWsE1O!9`RBikda0CnlB=!vm2n7fVL`THl&c)Qu#X!~5 z!PHrg-ow_0um}u))-x;Fj6sShDn9?WaU6 zQuu<67>YD9*p`L67hP#YuFMe00Ti7^-M>EjdWV-ReLM}SOrU3EidopD!)bwYvxQH! zM(pf+;b%1Wlzt0S784oMT%SALK2ATInf6nZEb$vVi+cBW%pNPk61z z*ol2gOaU7(IBv6`3F{NQp)yjsW{8st`EeJ<(~~%)x?Z{XNJP-Rx@_( zDzUQH;8gsK6xFOYp-*^yQN~cP!m2rwl)`d)*VX=tLvD@PNxzU?=oL|Wuo=}p^P97F z{vL23&G}9xJ+Ze$-1d$4MA)u#y|Pr0C3gZBCYeDxsYI?xnGa@OS+a);fD@y!@GRm{ zqELes6DPNHy%lXKH;*8J5y%eZcUR9ER6Nhx-IYOon98#BbTbXMPajko($|B?i|LL; zSZkp8h5tz%BzGLKC*RLjhl<;C8up;ive%`V30`+BhIh}xV|A6zoGUtZ&o5ktfW+(@ zlW@W+T&94;oGUiwf=@JWfl0DpU3Us@zdy!CbLC$G`(g@IT(xEox@ z_bo5Jp~F%2G?0wMfzsXn1c4;!p`T5}m5!>w0xLUQX6Jz5k7a*-fdVQ17kIFEb}0n? z0}p$DydU-tJQz5c+Bh@N|0Vw)Ec`FVg8wx1nxu7UP^Ley0KQE$<;$^7P5jHoUi5eF z*ej4Ra~IAgu4LJ--k!o8BO|(?o~bDTf^AYQ`$s#}tCa8X`u*Rlgc6qfHMeOz>+09!TZqz&cs4La3*Tt<|G>Q}nerkG?|@14IdLK4I&hNhiK*Cb zpy;SN!^!kxF34mYUZRxLaRx8q6MZGn;RdjdQMyVtM^wsEw3=ef0Zt>)G71P}xCl_x zh=Ox4v~x8g!gIZEEJm?X>-8V7E5GC{Ufc_Rx~k9n{^XI!JMJ!vv@gfh8WHV4jXzQ0 zaPgHVT4V7PIl3=4ipdvux@E~m__sbI$Db$e_Qz-7|17D5f9`N_aA9z^u{1GtX87BE z{!w81Yia$5BXy_uTMaV8grh+O-+9kg2VWIZxNgyyzh0?QVa7)9a%+G^|t;+d8N zY1}Be#T`rHztTgR)_mM-ord~3W{yBisF9mPX>fFo_k5q;8xSKAM$*b$(VZQI8Q9O> zx)y0#$%o?Kdry3kn>6#IeW5;zm3vo=&AVOr)}G6pM9hVKaIF@z_XZa#T(ZopIA@8L zigU(Wr-mEoj6XIjN52l-)D}^n528fE*>x!kv*?%Npr;j$$3j!82EQ{2+{iw*qMtHD z$gXe#Nh0zK5hj0npoJ(QN+ZDg;L5<5%#1LRyoubMBr1OZ`vd`1M&vaH{)R3clgn+S zFYvd{c7nUZ;1>X4KI*el9Wh@>S)e!s)kZnl)vD0 zB@g+p316k=DiRHMvGslIalHq)AjC*^s0Lug?^VTLZ#msK&;bQN$Y2b5RN>a4XD2(89*sFu<^(fi2+uZ*d9gyDt1V{+w^@ z`gtE``JYc;uj$!OlPAMKad~vx2m(2Jwdx#K+dVpQbtB7zhX{AsH*mdgyau`m8rR2r zx0}O&XS5kFK3@r@w5z)CFBalU|p_&y`SrhdG6^($%gjZ1qFkAc3NUE0N} z-6PlfG@v_VUR9!g^H=`PxOjdU#>>;~(ekiIPMev5pYDcF=gVZ#>+6@_%OrrYBjAP` zXDV!&k=Fbwiy>>XO2FKpD%Kq*+@Ljk@Tt#VU-x+X+9r5gAg6!Fe^OxkaCW4x9-{bl zaBj1_xY_`J#oYysVC7BEJJ9`!J}bYfx8q`TZu8CuH-4woKzdcMl z#o=+AN{IrnN7;|Qx8is}%t5JCMxr*ZLjFZTAb0RK2hfdu$nWA3Iau=U%!@(4JAA)8 z4WE1O^xVDZ4%86!V6ndK`E-X_5vv9R*_V_Bp|Qp2zQJyeJHTNIm}*MolDnlT%VyUzt3AnlV4d zfx~&SEetX^#6Q$s(7)`j^2(LXpHk1S?$GE4Q|tES9Qtr~jBTs?AN1qCodB*)IX@g) zUwe8kdwRAGomFSG1n}PVeY4}voc(eA!;r$l3m(RoXE|_V4L1{BtE+d1+dnl8pO^J3 z_=-9Za~Q8au;@2)ySVxXkLwiX&kf+uj%OLUH~Xhm1l%0lMO_bH&M$Y)#%+2%euK?- z(Ja3$gQ_A-O}{N(+4GQoYZ-4RQApVr#B`^%@ew5{&ARp-dE6*IWd%l0zq_K+7)Vs=8$E_IB z`X2E4prHw5?of0H(;Hx1<-dN1AP)J{kX_Ta3(Frr4#?pgz?_o@Zx`0|g8Vsz%0tT( zzJ1}3+nZY>u3_oHmpSmk_-yFHrb|0o&4a6p|B`Z5l{j9m|1th~G57yhFAGd*U#C^69#7vfK^=`IFa! z^sr08|DzFW`ptdJ9bWT;b#YHS<~wTL(SuV9<{)pa#O~#sI}C+g%&u9w10d@_O)Ij@ z>6&b|$*L)T50s&+O+Qv*LKfmJ&P+sRfALp@%738? zDP~$AMhV}8Jd3wlm^6v^QXJQmKy-mVj}QinkwGGu;=`e2^s+q^C>x4bJ8$$Th`^h} z2ZzAd#t-xMiePA0Za{_B80Ep!SLYwQBfc@>tz4~Ku>_6A`-h;yeW6GS-No>beQF4v zBA8Epb>h*FG-PS02-Jtz(7Dk;-LP6hH1O~7BUH5Z$x7X+TMNA>c)SZNe?^v6ALV}I z=*2`JNbq}!p8M`O_BiBOb43rCec!BM#{ijq{&({Jce3|)a{G63`gijBcXHIMQOA(p zcGWLkt_MeB3uvw?I9D=LXwCS*F*y-{ub*WI3x-^I7P!nPso?{;TU8PBjLB|n8<>ts z=y$G8JPsnkZ;(jC49mGGD55NjMWEOiH@nY`!ZVJ^E$2`sNzoN$Y)TH_y6=ZY+X#3u1vWN=h z@85+x*n?2MYxWDCNx&n*k!8plKW@;cB|K9V^4P#X&mabeV_Jlqi<)xsMl|zLi8f*` z`%+M?Lz#L>!=7Lkt6d&+T>-z@*BHfhK`^m0=DJQ;kli!RgjgC3y&IwB0%vP+@n8?Y zJ8ACwS?#sqm{R4Bz(uuew|~i2&xc&tP(@W^QHiz}32TD71ckB>_al9ms8-;YLh|Y} zRMXX2I17ozh55>dO_#Av9Yr;h;n%_IVCJP8cJFL8`wV^6#i9dqZQB*RSnr2kK%=FH zKdJ=T*3ewT}HJ7aIs?hh9v?RgEO-lzSS4(3tMs1b}nHL8EQ~E^*gKJKC3ZlGa7Y!(cH2<9Cc4h4_l*8 zbauhBKy?1LA|~3%BW&#O&?I42bR0JJ@D7T?@NaR^-mBdsmmiB7YrrII%B=G>zbg21 zY6Y_=fL(HpF1pY=AxVnp{j80X@HwV0IDh{@tm*>IN91?KnEVucR`r{_p!Uj1ji9@z zt8W%1uSFw+qe^FDArEzt#<$GG+{geoL*9mN^z*;xJf0G0T?2#bJ9#rLdPNk5)CfzkBT7UD2J|Q)@D=-KSUYk{23YBKrLR0 z3?H5#nq*viyVpUJ*YzL5??72TyukR28#2!kEWgp zp#wo;43dEd5Ux}Nkz)|w)d~UkgEHh>U-?K$)A`xp!V!CXr9_F}Gg#pxZhj!9%Y)1<;8Ri5hVe9{;3qYD zQ@#*pP{p3DZABL|QltVOET53eeoWMzRTqu<%EOL)r7YV$#>2exz-uy~Kau zt(E#nQW1Rje@WP!zlJZm=$oz|4UXTR{J6WuZz-sp$#us-ZR{Etrs27diB|Ov&LJy! zXWCCx>lh1jr7kOJdMPp=79P7iwezh+7e3XjOiqC%0+Qmb-;j22gr>d~k7O1RWj|GS zs@~#P>qm_0Dp}xx0Xb``Pn^_01gXFTM}gl+av9An2;Zp^CQ1y!l5^yl*{15_Iu~63)@tq--GS3PP_NQiNn1P zpZt7wwb2JrpM+CZPxZy6-KA2zE2t5XW~d=rkZZi*;)a!A+>g2{8T)4nM}y#&#s?{8 z0HPzIxCa!>>JG{PGt~(wOaD0zz1qrRbpuVpIK-Jcxr~@And4O^I44?rrQD~F+rtR> zwqMRQaFeS3BA?zslySx;GFB1jUK~=1$b`}X@NaCDZ^`MbGW`d}ot3c)m8{aLcW3w% zC8AY1xSEc_@|1|91JJM(v^fn918qN`Pnte(S);dY1Al2m>$tIc#F4<{VeN!W5tU1c zs_KZdctJMWq!J8&qC2rDs>XErht^GD`5^#DZ{k5Vst;eVpK(Wq@>J>df-NYJ=BYvgY^qUzw?Pe~;(%_(C0-zd3YZ>&0Aw)wE02 zT{mGfc)wG^%w9FK>9W@CaZ(2f6f#L6!juo=R6-h3gBhbK75lC`Dk+VT{pr@Im3$lJ zG?zc($!eaoc(#Kfm>{H&@u3Swk2#qvIR>kMm@Z5b%_c#O^WnL`ABAx-IobTP=4gYv zjd(4BwkXJPX-SiCVMm={<>uR{N(RT|jY=*8LhH6|E@-L!)!9vZ+(7?G(I)2=|H=1A zh{4t0R=w>QqhE}3>pUxcH&5Lcn*Oh#{9z6h>yAi0wav6Gg@F*!E;A-aTT~@fGGpN2 zx-;KRM43kK*KnII)77oIp3NhpIa5-3Q89#Gu`z^-_h_YJgs&Syuo6%y8ih5%s!0%J zrC*X9kyM$BPw697DZyE6g0m4Pq}C}C88d?3Gf%k5=!=HLQ17&Ee&v$W?@`ioe@~4} zDV0?KmzLy&u}^4)0gD3B+A~QR!&aym$_RIudaVgX!Ousj8#k#PR)?|O4S{qTu+i(V zuLSs(1`mNt)WAkm>EfZ5hrm&Kjsdfy&?LniBn%XU{}LKzgRpIbu^JG~h%G1sR8YrM zVpio%%8qS?Rb90hw$tGBHGu}7)BK{sQ7hskE>Ok}By^9UoJ0)x_Dy@vVyri=QV$+8 z@0ZE0A0C|;o1r}(HA%>>(>yyUYDwteRlAM*^q=HlzZOW8}(Fh8K1a@e2C1ob^ohO&8pU25c z@0;ZJTZ-@OkGl=XxeuJ@YKDSNQx$dBAx6`JVK#e_AZWFfy;}D96X{)x_peB~=c%CB zxWQN`T(`)_BT3vu01M$bh^Y_~(YNwctr|K8oamihm==Wbutcyu4?le(h)lx~ks{b_EH~Z2GdH6-uj&?d%@4VTi-t9VdpQu|- zo@}{S$Ed$`sNt{JPuKpsV%n@IS&OSwDq)UEVe%cwuv>_*9Z3m<@<61W%(!GK!&$Un zXIj+ek6193eZrjgJ$tQtDd+f@i_g#qpI=m{R|oT`J#{ork1WV!Xr0NCV2B4W&~{jt z6&rJAwbiKIBN)~(OPxWb3x^>Fg&aW}8L@2$OHU*Oq^@zic4kz|o7E{NArqfQ$;IsI za(fMGi?yK31qPeFnPfuRkLsr4CI*p*mXKl389F5xAX9>;r8tLpI7|9$pJh~|DwP2; zJn1RLJJuR>%?udFEtQ6~)oRrKf5ZcOty=u=9lbo8<&36!%kQc`T9oMtC5Q$$8T#guB)H07$P0 ziu-c%XZaQA?J*WZd<~^O_T#1i{CrVjK3xm)1~eDfl%WSHMJ1>raVG%)01%rnCd{A& z*_EEE*_X_PORlGUf(Q8RnxPitp;8!^1$8!X)`-i++}VXnW_K6dkowvq``1tALCQ2q z8d=3(S~JLlNZ*iAW>e6W@oZd%1w9(xJ(-8{-(_Byi~ zYtK;RD4MoMFoH>-b7}$IzI4OUEiv2}yzXn92MuyRY}mwwq=;>lvnsb9hN$+;HU}rL zx==V&cj0Y!(1zhph>^UmjMOx>Pa{Q$UjhUN4s0-CbkY)cDwf&tlbGLJ0+aR7nR$eq zdoz@U?UrtdSeF%y#CE!o0*${OEqBWA)}!Tr;}+N2Vs!m9EqQ2(H;16K1EVFgLQ5Jj zG|@zj5TC*;NNfvvlp8vyN8iFhnjaa@DXOeR%sTDt#xxRVZc*BbH2!vK87%qmI4&wH z(ZY>1uTf{(01(oO^+^EhFMvP=lO?{2xgDUOV&sX97`L*l8%b@Hp>9&^>BB_a&XRZb z^<$z<8+;4Rjw>EZtV82n$Vz1gp|Wb%0+$MOI0hD>W!ur z2UR5`zR)fUUzmMCW}utu?LuXPGv}@ICFwz)j4WwAfHdDBQZb4={u}jZ3Vb+TimMNU z>n#WEdlx46KYviXF#%|a)8Ia6aWIk@osfDaKXY;6yOODLKJO&WcXo zq-TW2xhT0H$&L#SaQ{`Ahe+t_%aRLcUVKC77f8kT?9tWc`sKYCfAUmK@U%38m6_0= zjZ1992$RNxN~sbdiUfi|&-p&F7+*Q4!tV9)?` zOCnxf+rBH_b!n6=A6tx;L>Qhcr27^DR|6p`CmECQTV$_%{8u7%n_Oiud9z7S3TGYi zXiLlYR^m`^>u+IHHK=XC;ATt!UMtdC)Cj3_%1HX_=6bI7A;%tR-1H%7H8~q*Qb!=t zUSKI%shl25HJJjhH8v3to0>F`jM*XGloMh^i{}!{CpcSgsq})1&Vy6fO^Cjg~UG&#d|RpaaFr`2d`XqNq>? zle(f*l2}?19W*mi8J$Mg-QSm#G7$rIak#08IwG-r13O(pEBnAyzMk?0;6HueFQD$< z>-G({xgs3~&LlyYl@(EW68s0{XX`(bcr(9ISI6LI}ja5bAvO&gJqMYN}N!rpzR&;q5 z<0oceKJ2q<@>PIHf1I@E3CB(JqDgQ*Km2;>*LCgG-bEj#Pft!9{WuK&($SwGtu;+G zZB+?3>|lzpN&Q-WLc5RpBVeP%2D7Qe_MN6qp00*#*bJs51rsRrzTGf~S5`)19f(n`ys4-1MPS z!czAE0>$W25`0M$4#X1|TaH<3$o6X^qGkzVh>;`}#@o|2W@mk|7fv6t^JC)O=>5j0WC{PXB&ZhEaa&@VgYa%>42vW154 zhOZd~blht>e5H%e@S+AC&I9VA#!%9th^WPE5!?ic?n_>p95bgPL9__$8EC6MHDi%j#K-&J5P3z=xI9;IIdD{Hdk(A?gI&ovFLoP=hwh;ary z2dN3j`<`l{-NlsvU(GnE!!X~S|`VQMn zKaKs}lmps-S?6@lxkRtfev++dzY#O?_T)hJmT%tJx!BAAwM~3(9xBKeUM#6QVLm(H1G*ZKYgd!edX78 zr*IE{PgqeJn(P;*KD}6s{5tyHZ!_g>(eZ=4^$sM~w<^q=Va%pUs*xYG8>dh|z-uO7 zPVJKy7t5=S9!D42a_x67mC6U_>>oJg?CZiF!r$?IEgtJyySh3k7C2OhU|gx(k^vkY zXL{P1vJeMQ-O_FsBi#BeUBx>zI8~{zYtTUzad4ieSVh;+%)(T{Bnv?5y{Rz^1s+$*zfX=V^Y`7cTa}+#Exu0CU zQg&Iib%|iYta>K^WB$=}xLXM%WF0*mvEpe9{h*FW$he^C@5{iE}JP zIrr*)Q4T{u>(g-EKLGjG4;hc7O4cDr4X8S{;u)(p;?v&iM*NdJ)EEz~>FM#a3 zuZkTkfe#vgMd0qqhJ91gSjyb=r%EUSzHW@NotPN%^8uh6x8L|6&6Qwu^5p`+Ix}~* zf9UiRH589_G@5}?0wQ_N=TXES#}-SzVv!P1mB5%sXx1zyKNlbdH*oSSo~3Uu(VZ#A0E7}2~~u;?;22AFf~TEsmN@EeeBz$SH+ZO6;r=FB5aqs}D)GIO?IeHi7mMH~`Dv4Hc+V|1NSRtQ^aXdM`# z+|Yt*LkF%S)4%lJvZg`?9hegALTmYur6$&2TXN>upI}`v@w;+s6MH&sVqcs+czw`= zP4e7QC{)Ut;3dgFB*9UT+#;ofNymD9C);{jcRk(pvbHeubo$Pv;AWF>6z@)(nSgb1 z?qb;mc_|(_9xSph0BY3gr5dcf?ox%hyB+mZK+0zpns$N+*MY)ykA${El$I!_h9ef+ zU*bkdnA6U-@e|jwT#Gn%RzX|3-bsZW+t~94X{p$v z%{_w-uSmm8Za~N8Jiu^)Xv8~^NQR=uF0RoyPkqNB8+mjolcysqEvt+mtlV|&%0@QU zImhHrA-{{1Xs}f6lP9R@}u2uh8)_sOXU)veCOQ2*}27 z5wDx6g?5Yfi_6RlGvXw4rDIisNJ`2?w$S48*2X!6^2xrFiuKjo;g1}KAwf~P)jx%i zhsVT;c@hh3m~KHDb-d5yo;uC1N`?6v6CcNyPNM6|6xxm_=Kvtpemloav&oa|Vr=e^ z1jqBm9^Zz_js-8+b^9)fC)1$tNJUVsgP_pRZ){xqM?A~vT9xsduJ4qrdY<~m-QW?+ zD<5V`)QKVEF6*vrWc6EGU<=mx)zWPj7iF(XrZ3Zo_4Dk~RqKFZgA+X3o zU8Nl8o@|32cr8WXN@-z}wbv|~w7LjNkXTAi>NHE_u1e*O?EJXSTi2$A0 ztGN-0e0o}8EJd~Ml8h3GtEJjj}6vitEJ#aILkhFFtYlDDEHKIR$`JQ9k!db z<$(&#XqJO2E+uB&F_LwXF3Kv7`J37GhEZDZaSy&)R;W410(>qn-r~(|&<|{myVyC_ z!ncLfnyMutki-^LtlugYBp%xc9hE|w2Yoz}6PrZ2;)1^ud=91vP1KvdsPULY+kCek zskZ*;!=|PH$T9-CJv4z6w1^xUIZKnq+5Fle0^veYbRUdT`k{VcpE7*ql3>f?rCeI%E_)4p@W;Pfp^yr-cm)7!(otG|7Md&*0v?x zKozBlP)EGzh!FQjoRw&<%kq!4=xlS8hoF&VMHclm2?cE(!4s38Jivlw>YJrnqJosz0FhzJMb9u9KQ=RoHPm9arIZj-ah+@{@fH=jH+~YCM5xoUnk750k zVx?N=@EYv7jFQk|v_GA?xrloA;!V4lO45k3_{xEEh&Q1^No+(!aB_elNnrxWz446! zL+9&dmmRpVjAdYSZvRkjT%5)1lWSI;m13;L!@_Cd(urIYvF8C4f+WiYk^@ z26I*H-P!GxCqk{|0}YWDc4++PcN&!Y@E6sN7H9U36eB6*rsfgFVu>Xsg{Y$baa-Nn z5b7xeDnU1o5W1OFd-x)z(lu_yzh{&Ozld*p*>Y)rPS#+5&P8zwj4Gj2iLekwh#eC| zno^NNBy^tP6f0qhaXMR+JqU{k4e-~;{+SMsh>^J6Gu?Oz7T;J2XLZR%M`8&c5%%EIfqPf>Cp)`cT zluSbC81dVP;I1mny}~K@BGYxn1}ri5Fbs>l47%!HM#o?&G5^PA9&&)^mvaI`@RXte zVD|Jx!y$r1obla1l$9oS=kJpu#2fpu8nNTd*lCK;{~q28?#0U-jvDmvTf)+EN#Ia! zxwI%LCR2n{HR8N@&>EHUfiU9Uq73@>k07bIv(D^=AMc4|e#M5`{msP^C42&Y!3U;Z z2=mM%52y<<4*ZzW?P&O7dC186)+R{^Njk-<_Y6>0;*_;c_%@-IVW28B8S0F+hT31> z7oqhPaK|v0=Q-C=O<~B1sFNkeK_sFJz75cEo<|NU&808!T^$P_dRfL`SpVrQ$g=0a z@~jdRYu`&-jgoWF<~oAKa%W(m2&x9z(mL6E#h6~7nSPp5@cW1eVaQMoeS!X89rZW+ z4VNbROtZMPDT!{XQ^mcor;H{wzi*eF4mRd|hCwQ4&|TmIDv_`DZlruxUL zD^uN;XxCJAEksQYOOn@xldy*{FJ`Ds5(t@Q8Shij9j#eICy@_MjoqWIx#6R}XK`Qh2YY=d6aU?2>gSd8A+-{d4lJ!hNr z%f(M_FkMq&)s5kq&`sSPS7&oewzKvlEYG*ji#5=ny1D~$^nP7ELf4oa*DJ@#CngW@ zb_A16#k_v5!Jk&&c;NWszRujfV-9YFJ0H#Y^=ZSIPf9K3Ie3D$_vXy>4ZsDqIXHHW z^^P%&xRLopRRv6JdQ;YaI1KGd@LU+US=sKTHt=i z8O=U06z)e5fm5`h?FNo4uyDBu(bk{t8)10CmB60!`Lzge^5oM0;aUCgv}?nEH$VQH z<43ks+P0|K{O|X7fiE}(16S6yW6Dz2lenrZ#tTNXG|q;gE;9-V8f3e?q|lW z)-AL~jqm>dmd_|ahn0u@hc#yo1_VR^1O@yTpYd-Zql1&F^PgA&BNt11yZ=LH{KE?d z{u3_n=Yjv-S4~R4^w3{)`JgMrBfI&!&M2Es45UZGh&qG>+j3h*Ibmdtx5qFw>rUEX zk+?haquEgbqUr~8hH?B_6m2HT@3>G^(#ygvaQbZs7;S<%$5ltlG$xD%!LFWutzP2e zzL-wAjB#KXhnOx~**wyEi$=40W$;xFzbw|B38dGR2dg=@i1iL$lGav0Cn70U7vRpz zdcnTq!F`VEaKu(z>uX%`QTy+~R5eRHjpa(<*mT&=u|y0>NhE^%7nC>JDFZxvlb`n> zu?FxOi5Fe;4)AlQ{XjePL{~PG%2x%-|FO;w#$z)BYBx*9Hw<%PE)#@b=^V zWOg(&OYh3!)*&_-)(U%vMc@iS>#kW*3B$jr(!f*sX0YPyH$V_DI|;Ypv>xEPUjBI{zIi3L28dqt0g|EB8P=6@SBrE^)p+2OQNoN zsFhIy5yEs}c*!9FEgDkaq)z3GdQR1p;*P{VC44eeK~$waaAf?(%hbnIj-%MY*Ah2H zq3dlXG^d{cdt-?HFIeK=LBG%H^m74_kO=S40f8Hok66;bI2Tc#P~+8jU}Bbr;){~i zrIy-DPxHzV_RmY7V{Gx5l~v{}wf= zALEUs*ZT-^VtQynGQH{;;Ptldd+hI_5n&o-LN~!8GL99EL}~l;qQ|}VrAJ?X4EMjY ziWldSZo2=paQrcR+JBn%Kj_4=MxOSrF8_rO{&y9}|AEn%*&dhyMnuSKy=%OI3-a3F z2v%35{(iB0;JAY|h;`C~qTlP;b3wuTz8{~uP5yGl9?AfW?l5h2!m(__+$*+?y3s{+ zF!Ou#(H*J5Y|O_Cr#W4VA>B9+heR zXH{zz_qKvOEW_hgk`y|@?Y$%)#^H6&Vc+_B$!}jILiXmgxJk^VLx&esmIx2s{aaNh zk%6mh7tS{yLI0f=r0ZR|e*GDJ-ybbd|5FQg_AaK*D*u@j{~tB~!Hlm-XtV-lf(v^R z-tM=E_f02CK{iNJ9!n@KK`^x0%pK3Qp(P`=HxQ8-7Yh4^_aO6nUwCoJt#BF?YD^4U zYbQwbf=UdJ&L4kOjiE>z7nF@$7>dJu-g#Vp0VywkiX6|>RD}wFEtd3S3;T#@GR|dI zzPPWPlDE==NX`}L0G{r&WG~xbDbQhDGM0a6WlHnRE{7BIqwiNQD8RqV&=^iMS9POXn@X-Y_YoM%gSlb@ zop;`(TH3dEbMz$n+#ED>ymWO#`w)SBg#WYm3in%{=f_cZT}y0%gSz$X>149 zO6G&rttjxkIxW7rQtcPBHAS=hz;1e4L#>%==BCE-XK!yc_8Qg97*g5xR&!%WB^YYt zM4v`_Zi6vPn~=33V4PZ2GC9)6`ruBv7r(r2(mCI`dQI9`Z~a(XS2bmWaA(0|E@wd(UX&PhWF6xw zk~5&6n$1Zblj9P@^@>t`}9g5s9AKGVfT)}9;ZVK+k$Vw83($db@ENG&?>&073 z^+|1eD2dk6|3O-Yl1x1@OAl|%0}nvuqL-LL08KHBFODenL*84t6L~kK1{&gRf%W_R?^X}SSHLpY?e09j}o##F(^UNz|L!*8h%`*2vVr^!k3`k>n zvwDDU6L(NU7WCXwbJ$C7uv5mZV&Neo>Z$OjhCV_lhY%0X??!Zlu#r#x=7H>jlW*8O z`0Dc4hUdAyvH>WqUEvof2BFuiHsG8_O?d1?z3ge_Ml?U5*VhLhEAB9<>j8fiwvA|Z zBpf}#b%5np`tjMFTdD=%b%6PkMG%@Y`QxSLS4)y*VfITVoEq(_LD-%2E3}$cWGYc8 zB5oK#@*iNmm7ev2N0~ng_AqD!z5FKDI*yowZ{bkB3es9>E_w`-RqKayRNQSB6R!GCew$N zs`wCT#z>tiDChND_EE_-vndtzCwENR&gQi@t!m0!8aTd%Rx&m-D(FJ}DyPJ_qD(L- z9Ktb7aCYOKzdu7r&SAR6Cok&dmPAg>hCgPpc8Q|A^{ZA7R~0_QS>iYzPS^%EF{C{Z zL#6hDdpsJCiFjn0K#oXIcNZSplaT?V0=u-DXo^ibTm%X>vuDhac;NauoMXrALQG}Q zQ9kX4xNn8|qWXyK>GUj=(l`;9y+^kfX99h`Z?9J@?a_8e`LE84uJ*s=QNd$|dW)i+ zM3aAr5Si2O)rnZ*z7XMFr@C>=+FLhgvO;fw_7pEXSKX;+X z6^pygQSYTw`&(3h+Aj61TO}^M-r=7W%0oNnbY>Sh<$t|#z5j`_`tQ(5DYVfl^9MTR z{JQqB^B9)i$_G3$9Wx%iMgHV{^jPYxyoQM$eC{)zlhtFtWp1oD_*QBoJ`iw-&b*V2%XbskPvkEt&KTIuRCI4ur(<5^nNJm^QYs#!6D+j_7g z_cfcJ^qr>eWK+G%>oi7crAsWAZMiptlxF(twV9kxt=sY{-0QWX#S*D-)*NkUX5Jqz z_t@)F)tKnfgI0~bKBBFf4ETv|4usX=YsrSj5vus9hP zWeCp)lVq(;BIK3ZNQ{9S;hPg`4S_u;W*rLcB_6{k03F`3W>MxaZ82R#NAz~> z40ml=b%03kbMLrOFa=bO+VLq%pW?5Twj|=PWr=ZDdv~O~Wo4$z z3&h|E11qWMHP(RJr-QcN;x4P*%p`39Ov!3Bn$u-9M|!C(OT{2LLn?b1VRD0w%!A(7 ze?X#Klf2bdXQA6npDAPA=2O8l-jd*&Lpv}%0tYdIFiHw1h*=(hM>C31dP-xf9$peU zfk3!mzuWq1EC|d(#l{ecenF93>M-T`Z%-tl>9!1I*=qTQh<}Y@*Dt4X>Kk1fhlbdP z=n~W-;TJY)`%3K2E~4d}QkN(Bs;Ty~&{Z)aY%&fZL46+sXBxshz;Y7`7-XC!oG8fW z^R=fd?W}pPB`$oB<|%`<<@_bDY)RvKnQfs0;>!?%b)3ncX$n`i?W-_&%$&FlK;9A_}615ZnN#J1{9#95E)j#Z3vF50D$#uwYvsyK2RP zTnvwqy#U?99N5G6I%%_>Emn>vAcTCX9ZEt>v(tgJ9Y)AJj1r)ZMi5>EUXFX_MWdi{ zNZpU?iX6VE4z5A@4O1tKQl=Tu1jJ>?m0&JG=!M;VQW+=Ia!Ze8Q!jYS>TaIa4xi8a zS^Io}5AUE$K-fvV`9x=C?1m6!tWOSM0Iwvf*`JLJa%eyZa0n(D);IJlo?J)*CkZIK7n=KxM1Gwr1~7fh_Bw22@ zDWQA9BIA6&;MqUX(f}HL2^T; zBt8Z+onLmyUUjlu4-w}x&XU01VK9s2RA29aS4&ul;0eW~5sVE=3=!1MJ|UjDJFn2zxx z*Or(THTTW@Wk6qMHJ@unvBonQL7_9R?R2#YMUH;4w%tiOu}`HjdrheBj7v_x7RGntXqcu!o6r?D**oSX~(Z#GWSYsfVfeBz> zg2<$Vg$qx`DdbFX040Q#3e2Zt|0i$+E&BpLl>MWu#t+#MnCnKM^`>FyW=`<#k=~HYKfWb zqg~4%x3ifn_{K`RD?3i?tvQ9LUrrHBdEZ+a7G;}M-5@&scUI1#Z%`&GXC49vbgsR) zW{76@JE^y{zc+bkNu7D}OVZOO3OVv_aJ`zV6+1J)w?^a*G z_u?HfS)6bjD)*kdiW%+l#Wl}6dE8>uYnG6%h4sEeX9>`H}*kDI{uDn#7RvqzCOIuz}dwO@z50P&i%Dj0*d|@ zP`$$S-1>#m&0nR~(dvHuzHNMzdI+vv_;1%<3j)(0WkOp9nHKjGh8i&b-lav`7G;W9 zy1ii{srM9dsGiQss zjWNV8fN?-?L$9_*22OEe>g!l`FD_J2N(fL`9jrxx4D%^C;W%+dC{?6UnG;{IGVVmx zu9j;H()*z}Hq4duBsMnIGOxWmOv-U!FrMh6mGT|V%=#@eM#q+*`_PMjv$%P!sb0CO zPX)VEk(Ej+sTfgdKuO_*7nDfCO9b$#DSixQ(aA;SXkvK+GgCQCU607_G6SF$9oK9#aT8%j%za-t9iG&rb~b{GWHA z@)+||{_RIK*;^&KlrX%gO;D8BEP_ctAdQZc5|m^maT^&&DwpID#*f#Of=4aOueKcL z+*4oRp*E%X%QSz`LxZTPsxZ&7TA9SFqx3DDY1q=`9e+&LB1suH*W|NGx&VZGe*ia&clE0q5kaasRD-1Gknafzas0gzsB(IE0RE;-;@X=hpDV~Re2_Q^sYs~|Hs~21;-UE*`i{WEV7uHWm(M3ELqIV%*@PeF*7rR#mvkW zGc(?{&%8Nv-#Za==l9&#p}i|RYPTY~I%-u`u9aC{_92$F+Utbp6A&FSk!d9&ht?qh z2ey+`O0YwFLoaq*B`f(+6$l&68TlltwjeE8z&qq%B(TW9(cd(3VvC{XT#Q)@AcIiR z5_m^bHDWh=>q}u)0GP`Sz+9riae8=C5|qTjv1V~pd!g1Z7-W>gvp<0ojeu48{E356 zM(rM~C43*;@T^cbQ7=)S;QFWWT?S5nnQ_7={&MO+SJwxdi+p!KNEn$RVdZH^&`Ksp zD;X=Gu8xdTac_ut=I1UcY%2@uJf0Y6BVsFnQ}K zC&01TRb^5+0LB(<)=>k~nW<+J{C3;3i}@7xK53STuD`KR$P$Q036FT&$Mk?1%CHMW z&jzjrMR=9K6eWl?O%vTk4j;_A`q`n4=|bnyoBg{NcYpHRTybKh!LS^k{FT{0WGufq zn3OOI4qxQTL>r#cy`i~*2?7!Pe4QjRZD}TaXH-mOVp8f zl*y^YMK$79b*u|^>7s`PiHB*0vX0zS%_^x*nbw^rXVH3@)saDOb~v5gPNRF ze7Ql@j9h%x_GG0mWm+(TclEA5XqTTfo4RzHG%7m@qogqn_JWfX;p|{g$S|{DuGEUJHUDhhH>11dwYj~r zXb~}~x~^g@{xxI?i$}ReFr|xO*5{3*hgi=?97n3z{1Vw~>UV$gMR!eNB+lB$#=caM zmGL4g`I0d5wMj07ael0gD(F^!uA>c@&8xt7NH6{=mK10=)c@N6*fyLzpJKM$yFe5= zs*g`kNZUMnJIbwxdQdfo(RUr6*&SVIE67ZANs{bW)-RPd$Zaa{tdMweGS zI{eMg+qIC#Pw#-a0fbxnIQCO#7CUlrqHu*MZ4hWkk_Z7rhcX=mU@{VE)r>Uz1rLJO z3Ea*We3zFCf#I(5GhX5&*}Ij4A`@uhEm4d)=)yQ6P80YGNt7-;i)XG&*`{RTD63e7 z_IZHPH;)qu<>f8r?1=YYMhDTKT{0mcfPmid{(G2X{tI(z|8y+pY(#bx6OlNlBZPs; zSk6(*X3FD@Em@&rts2KhBqS8#O}Owl>u}K_PVnR6hx6l*T4w zF^t;L&!^C|R4!AEvFT@t%(s3xsgJtcmQm)(Y_c30&kCUUQ zKXXOQ<%FjQt2=XxB^=0;pWC3TZA6>iqc*gOYe46lY%!I#mlZZ|2s^pExy$2bzB4f1 zZ5xx~_pSKd@$!tIHddV`_4C_84u^wNG4wJfP!PxE4m#7yPHyv*d-$fW6s6OVgj7Y;2IvzT-Vva_B zSao7B7e1I`EOpOk-qT$c{4^Lk&~ymF3<}*O!B$6AFovfQh@>!bO&`N++dQS~q-s@| zn=&kKL_6QNa+%fIFYPK_5Kf;F3%?a34QK$vmwi!c2j!jGkrh$FG>dl{d@VVj9h}Y@ zu_TnAZ+nNJ`ee#!)mB}z?=HA%EJ%zPaziZ!6ja!wItnU-MY?b}Ywd|A0>yyD z)dV@giB=c>wPPIf9B_!i6%U_0ZMroBW}Fn?_`xF(4~_G2<^rl)uHWe@1*)GQu!u8I zAgLx_3H^DGwwT}^JF3U05_6&d)0EM?nAI1%^_0agVFnOZ1yc>}7Sz$X;de``Cyh<+ zm6abljbGcVoAT%zn{I@*U+^Fa1L&@5_JPP_xl1+a`{{mH-BwV(IIAxfpXATo;NCBY zsC!pdYoC^9UR%UmV+(1y6T7ZRzN>$IO6EfaCBZ@G+k^G>q#$0dON{_cZ}I2x@k(;^ za%#Lrfqux&xrEby5AxJ6n7A!?Ttounmng`uG6Ft9{L+%hPJoDqYAxnTv8Np)B972r zAtvnHWjUK~R7|<995;iOnO!XJhC8(3XP}P~*O<2Vl6L!@JvvP+Q&EG%Gjj2%gjrsR z3fr=5!n@SG9xP526ylpMM&OMcWFj)iH&_~fkjYfoY#poHsuiX2zDrLEuh1QDnuSTR zd+{vN(rZ1n3@fBb9g5$0b)opHEZYbsJ-f+<8?aVAp2J`WTCg4$w|cSC&J$OKL?*iOI8Vr6c=mOWi)t5BJ&lv09Fd zAA;-`Z5QyX*IXfl*&aOsLO{rDEVkhJd~#Bu6;GP@ArhR-B+ZS)_%d@cT3Q9tT1GE6 znx^nKYQi^9&KL*DiP3a}QdXEb;3w1pVu%;)b1x1{%0Af zn*_!PJN=s1t*{=|%P-9S&4Ui^QGAJv=E~K+v43p>}2`WQmN3~Ze~$*skZDUCumyh^ejSJi-Xpt zVSCh+U3uaR?mY>$cYL+)vTo}xWfrT0S5u;xDk@-P`o1Vie1dK*Ak+16y!wz*XVcQi zKtv1n(0Jc`IQrleGqputh5;rbpMzo>x8R&8{m#mzjCFB^)fx`e-%FPnz zFd&V1b3tA+Y-rIy~pR1afp8Ruu#tQf@WGIUg zVSDacS$&=bnfW-}oUQrZrtv-NWtu$K<{*z9D^*; z^dQ!KPEsCFhPy+pYd70f8BilzT)XxKj9*L!-R)x~;x_9I35rPo2N`=kNz`GOoLikx zXE9*4#DMlJj};#~c%E;5T~l?&KPDYXvyse6$@4$_V@@6lLR^oou9?*caa*Z5Aw698 z;($)fn@mA;xG5C!0i-XV5U|W0q(HnO^gsktly&+^jr=JJzE z(51HT?R$E;wF!#LH$b%qM}#g7S7z(S?eqc< zT1NQQ)7eK3+l}60q!eNbykdvhzlP%!8z7#dMs#8tJ%?T+0!YOTKF|BZ-37zoU@K=v8uDk(Yol(1VN-uqn8bKj$Sx*W;i~+2(RUUwK z#=7F=>#A{z!5pJ3r4T_bpgGLyRVkyI!Kp4M)z_}t?dl*a4v-EiR3wpv|1R)Y-gbv4~( z^Nh_nRq}b#LP-BDfwlD*LVe8C7@cXLY2*E^J=MzR8|JT^x(;)`Z*o`b*1yEXa~24@8eu9*20fRr9BZ%<5j<_TZaJ^6I(Sra7Y5nR()apKH7c#?H znsk7o>7)XAg9f3TAqOQPRYvPdC0j%d3j&o?O*xN-oPnskf)8Vm04~o7Io`&BKF637 z8+8-T>%wo}5Qk3a-ptV*IKwQQ9L9#5O#7be%vgE>X0wFeH?UDd3**X{9HOFLZ5`ckx-I>7gDJ1g3ZtbepE+*ky75z zF@=`MUXPVqmG6->cRxr8oL1~uo-tBfxRsJ6pGdFGue)_$R$U_DedGlW{R}q3DGcp* z^HoSQp@<9sdoKS*8(#tC72n16`${P|i+j}V3Z!{_l)kP&Gst)8iyX8HC6xlkH@Z14 zE#M29woW4vX|pd2-1qj+*YB50fH`~%*Bp_02D$3IQDJXD`>e=ZWbYZig`?z;wJC_QB*CM-}!?$PB|DJ|VS8oY-Z-e1{c_ zcf8VbD0nOY2^t52BxR7vR8OYLg$}FzU4`=#{a-EUDpc~Hr z5TEaVh)>sUwFp#71^xtq>^|QH_=7uO)UfErV+-VS4r-XY#wLJfB(k8t-)?=`4x7fO z!s6xXD*o_Dd!%}+qI_2Ux{5yS#Suhj1tnrhEdl-h{&=s?2xPhcL|FaMY-Rq<(Z26> zB)uN6C)~)oGxE;bWRlbqk8a}?mnDZKTunG`m_qB2cvX=evv^+XI4=7!T)lD6bU7On z-%eFL+_Yhqgm!P3v4#7+J9R1|QdGLB!j%>xK02i|_W3a)?;Kvk14?7(doD0dqizBXgqhzWSYu7^0 zs883KHH~)jvd1{W71G@t?WZ+OnKLuVqb=vK#pe9f_e+&--euM}lX@R|#>;=oCEJNI-)wg8q82(4UDy29l>8~=*$ySQ!Y zcszP+lhfWXCg-vIv1rGVY{r+GU4gcSJ;L zYvLwiDa84?hEj`=_9imX6|X|6r*0Aybz#R0^DBZ zX26J+&7qwl$6(?CODDx#Bz@ZV6xdvJb9s6=s9a~Lk_en_1IU0_0&G{L096>AA-~%U zG}@bc+&x(R5^`ccVkO+QN;G||iv z`p9M8_gtw#1z*Q#u)b)rGQQf?4TyMk%C(iEtq(f$Jy5*%-&H}VN+Q2zt!_Z$^v zm(`_2+Qj#hj^*zX2HDSaJzeKO7;OlA^ACI&qfQ2BqI!nBKE*2c7I`*V!s?Ss=BG2- zLrva>C>)FVHh113{9+_8oDtRb)iF|{(9b}GRo-VVA^ z8hs#!%bSk!g(MEH74#n#nbOg4xX!8T<$t$HR(`jBHwB*8X%IcQA@w;Tffk9?#pl~< z0=~8d^4xJJkO2Al#DJhjG_^`X%8V*Jkg(&va{VZoOS;~ayr4ovp^l0n@l4x9j4HGQK4Cc_eo1%O8u6M=!ycjoiM25y?^1?#$_66)$oR|50XGGu7 zX&@3{0fI19u(RQNOs53jmFrvB&6HNI`pmRTH($=OQ6cB;nQ!($l9pfsp~Q&ao`Lm- zJ<-7DZ-=dtj*|)+$1kRLZtll;yFK4;F29t}z36|eF%?(k&v5c@w^A4aLlMXTMRUQt z^^+11A`I&FyiJECxu}QYyNe>=9b`5=54Sf_-evbp%HSDUg*b?pmeb^tMpAV+TSwnVO+!OZlGVgBR@m*D>pW~1nD?%%Nh&nn~G3oxespCE# zd*kXfOP*E0aPo=IT7{)tOIWFxLd%nQMVF>Fzu)?U^JQxn?#V94qCr|ojC*XG6%rAv zc(?6>H|ftE!$RwZV-oZBK*vI<63ido@(u5Si+KKv&Uq@|$UJ<+Zi4ksMHDUj?HEBPpARIpjuPj6~bMGyl=gu21qC!*&5=Sr4NI4APf4 zg>3i`$-Z-n1KXWkjU0~EXD?we$0cN`Y`Cq+=HNzn@kc%%Stg|fAs*#I{#zghjDDmi zpCASZy&Vpp8Y*bE8x6m_0CzY~3`))*mzMO``r6IftFXT~|D{ujHJoDNv}cV>pFmM( zZJ>m@^w2aC`-3U!oMuas!3i{5p%0g=3;C31#d@1)?*%k$+988MKV=lSl{?O2agUYb zwX=;1W{yLH$sD{3|J#_h_Gr4o&xf+WU0-{KPet%YpYmd>8CKx7&V=O?{Dh^_g6|8- zMCMl)_O8KP5u-$}x+8Hw* znNT8%#uoyn8Iw#wYEP+*K=w#5gu?oOU=yH(7+mx*+z~{dj!DZZWMfP^qj)q+z!cD< zCE!b9kXBU6AiWCq4HCmkFWm+E2_?M5vXqmY4+s0gIaIQ$(#b5IMXWT*PB~AQr5l2< zmX`TlLoasBVv(jccEAyL1FjwSAY=m~U0ov}wREa)K!G#0_@cgp#N+aXmsIT{`C=J? z-8K0_$;*atgUIDa`hFnf#K1em0L@bn6KsH(H}r|GfC6mY8qg!8&$t59#8>Vg^UuPo zg&gO}5j=ya*T%(*r*=z78zv{AJpGZubl~eI456Aa0Tli?{YZD7SvAA3+jE?G5BO_W zO=4rurqM?x&USl;?Y$J`^ z;a@==w0v;|b6AJu@@KyQ<*|&$(gwGjWaRzmEmg^K+dA`k2}+RK#45J`v_j!kw1J0q z2~(#6n)3zvG7Cjwhw8r^hWQ&IH&-@mQ^Ub+NbPseN5Glf7`v>-7H|rjK~a&F@`95*6JLJauJnPtjDCy=eKFnW{sZmzCL?Kv$hh=Rj!yS)v*j|C z%prYzKHmI4^;1gHi^)6a9hglX?LRWnTSQx>&T4vM^wH%m2oU*kKt&e51R}wkjlU5P zV5b~27dB#TkGv+(=PVXn`&ed}d z=cAzo-#t7G+tg{t2_3QXEV6lYv)>{Am5*-0Jf`y}TPgq`P9*y8blu{K(|D6 zZ5?aukKyjm<~k~i(Ggvi=|S*1ElmUI9kind04a=?JmRu4y_#Z8nblJ-&()^4)59q} zeY=~^*Tb`E>%u}uruPimv#7+4b-NeOK8wX}Q_js2ms90=sj|WrdzfE56dO+au2rX; z%+%N(T=X*RTUAR&lXEOviyd(R$iJw`l0M&y&R)bdT*8}VuCz-Tif!6RzGQ|glZsS5 zG#Tyn%bfGQN(E)nm-m{hRZID60I`D7y4r7ug0E9BE?mPI>?|ieLA8Kg3GW6C(Bb7T|PQ2MH!^p-Mvh z$J1x}1wY8WuwHI8Z3Cw82l^S0wth9yIm|qqt9K2rxs#0aGlNt26IZN`#W4C)IC{Z& z;vnt$?5i~hd!^r<(wLJs&7KK$qN1c2tt?_j< z<56maPYwoD0Es~D1mtHBDk2>Bw}9FhBz`p}*o%j}-RuXn? z0(S;M4I416>}te3{06Nb(Y+x`gjr?ZjN-Q_cVFJ!D<(9#P{*8hTx1B}s1M?e_OFZ703z!c0h zY70_2dcT+0E0@e%yuYA)6;atGzit!IyjniYg#&*f>DP-pYaCR~ziIorkU ziBXdnWyy5y#QKVP?TXO|J35a*00U%)GJ1k*2^7i%42+GhpOi9E?&;1_Ly}?o{E`-h z$_ZuHyJ*fQz%B;1k(a--V$@&5rs=+2!#BYM#x=*&5rZ;0F24 z%vH@U&yUAu`s`1Sz(2ypPt(7`#jxG!$9Mt=h94;o8NrN*^4UNVh=bxdLeQg3E*znk z_M%oam`!Z(q{DFVs z&q|qFdqnQ=qv_)8!}?F)e+5%#4o*KZ0Wf8V_~lbT^^c2b6J^5jpOL^uc#?AxfQKnE3eR%z^u&4i8qL7vQ)^>xLcS;GblxjG zm2(=}bTnGlso7#f$CgvYSkggz3m^x2JCOrkckY&SvL49=wX*hAHk8>{ML9F}U|sTm z`0N1K0VIHq=Jbz_=JX#rnptY25A9cL^DlxJe|0oWI(UrT8r9{0bTn1~9S!*(9nDjS z^um|=<_`>;PSgNr0}~%uajkm}^-K&W`BHTfE4Nw~Tnl=a7ifD~Czx<0Ee@;ABfstj zGo`&ogLB+WhC_j~BxdXvSjxcT#`Z0v?vts)%y)Aay38`BO)~l_R_>qUXIAa?xR<&w z`|A_34;Cvwl}(0L=ryHxl3Lx3r2=fj?P^*uX<4c-YiL=s7A?bH<;r}9$fP_(LH z`11TUcR6Y&C0LKS^aya$M!U>(T%m^T3G)V}Vl%C;mpBXTc@>Gb-|-V;qodSq7*-?r z8OWA|EO6afztPmaIvs8;WNw7x#tNdAPmuM|wVYJTaH@sRs^EMaPKdrdm}$tI|2| zOc?_5I3_VtsIC-{kT;kDS|EWyEF`52lGNN#^@)PY^%cKp{L*P_))4xu3+!qZC&K9k zXHwIm2?4g%IJ5|`IFJMZ7{3&TnEyA3)XjC*IugnqjwMEliQF=*U*%(!sMXB}1&$iR zlhY*)Xl@=_LnllRo?jBMnUC*j53Ss?#@?pZINo^GVT~&R;+gheOXkF~Kdih@46qbH zX2Af;oI!r*2q0LZao1QothgbSHT4mBfOy6MAfBPVfUJ%Up}06yz@7Y2{fFTwx4M1s zz1l9t!3Avm6N&v*MW5dn2$#3xurA_Gm;auGdK(_d8jG6nh| z7s?7M{k_H7A+2Oz5Sw@O$irXsgeCm2ecq9LTGf*hCrCQ0f7Uo5PO#O=wNpwMt(u+? z&mlS%_&Yu&78ifot;W{|LKHL8~dJuIc92Z|ycQ?i9s_Z99j_Ynyw_tL)D;F!1(>+%z<% zJTBlO+DS<~GK%><@SCb)`3ycia?d0m2j_1d+BNL74&Ax9;<>cTCxcPG`MV`c1@POj zz`o2qGaWn4x+Mz7xawd5q042!=4RhoP^H_6^m`YakvI!!$Ucsq2e78!W+y-8YY}~$ z;f=H+ajcf~jVb(_8Nt7QHKdO~Vv#m!C~zx%oMM%A>q?utO&m~aQ?HA65x`QGLwIS9=&(*|c%hs< z32r11;pxnu#jK$3r1@@_spYc8Ti=>&(yU85C)C3~r0_i=Tts6|KX0lkj)%j8_ayZ- z&b6ho8f&n>MDufcKILARc0{kXp86xc>XWRfijMLJUYnoea-z2-Bn?J z#io*QIM2d*oFm6g`@)T~5%L!saeqONG(=**IR5cijNge*BL1{C;Tt5q$+zvUSnRtE zddLl5Qtf&6xPUxUivhY~hYz~S;;n;qu)Nn@})`O+3}J>B`j9K+?MFdM&??e7`Qa=U%sCoecza zx_4PCAT*)*pjuDe^f-}5CmRr3UV_9(VXs8%B8C#dt~D8)Z%Yh0&E4RuHqQ6!=CRW3 zBU7{me|4@17e1LcQ;2!CQZ;h%cYsjw#kYs%>Mlu>ZBzE7SPQ!#7TDg<+(cX(u$_Z5 zG3I3K2rUzM!KYP>Wt>sm6w{IjUDq8bciXg>?^KZbO545X0-kVMHIPEWnj^LJI2a7jp~u1e z`U!jcx8j4j9`9h(xdRN9GC@Avnv<)-spP_#Zlll39%rRMJ2a4!&b|H}yO88TT$$?Z=d4dRp9!e(fEtLnq zH=N|O;P28mTLONh5ib974W@12mb3|YYN1NSjigId_o!Wh%3g~ zo>+jFIWlXcylx=d1Dq)~QJ-LySz!O5;#yb@_dEXGq{Efran`5i420AYr03Ex5BYYO znOmLgGWseI8@!S$laLF1!#c}q-feSKm9 z5*C3kU5McwJrROSkLS{vR>ERQ+qkl{)jB+%uYYcb*z+oG^5oW|r~4%_8;DKyY&QbL zfwl}{XYC@fY%FKav;uk4utXMA`pqJHdS@WlX0;kB-E~D(_HHs^<2;_ELKuW|!qMj? zY{&YJ<&{t!A8!n_Y4~Q96IDnJ`Z#`GHhPI0J*Li4;P9|mXiOM0Oh%-T(cU=}s`4yc z$$6^b0;oY0;gu9kd2HbzBM$O=`|uconvPc5Uwtm2%;z(W1(Ml{T^7Q9hTTaZ5-&Os zky2cf1wBJEYjc?Jzo+^>+^!N$qE?@se7VX4uC|0ixY_}(4m<>^X5LO(IRc``yyDRL z-3Zxnq2iheT+KDb)^m#B`d)qIE=XgTh^M;=ERz%+(sQeks;5BLhNj!%U45|=QjW&V0ReHh3Ug9Y>`?cIAW}3W<)(9msoW!kF6q}F zgOyJHWW_m7(qm;o8Yt<6On6{bC!lfahg@1Dj;ZK*D?kEmInrZKMcNa}NOB}@c|Ol? z)zKWbkTfn(^uH1Id0Z$STLs;garY2y2wk`|s6Jr`nq#1^(ItVl5CK^rF)fY4I4ljx zHP6sDCIWO(&U>-286LwUK=!^W*2OZhys-9nST}7wts(1piS~2Oq><#qTX=gQhj{iT zK&?^37G_(3hfwVO9KN)2`mVchp3BB|a}R@0a_?=T*+=N=-J$H+ApPy;^nkYMy?nDhRMeb4Kg;P-F_!MC9p&oj@-+2kQH z+n#w))0+5MBF8)L+`a4U1JC|B9NE}`X6v!!$$KzAo#W$A}QIPO@4Nn$;(=#Q^iRy{J zKiIWu;PpiCy760d5`i67K!83OEs4byjlA+@9e=We_BW4A;C&iKc1qxfg5I}V zrX8I+X)Twpc+yUoa=d^QIKPYQxbDh>yN_J)wdMJRaP3zE*e^JnOkJkRqD?w zCt9K_HoYd*uH0(;>q2<{^DW$8ec!*C!}>oTg}>sLf8$Z0{Z|a~f0=6kC>F->mq-5p zhvDCG6Xzk=q16wF;7$?zvqYw&sgact{ongP_HAkt5!kG#-RLj8a1JhS%)2p&4vOob?J#XjZIwns*K;`JFrneNZIcdC<+Qw1Z=nyXZb+kJMUtkNg9svXUL<@F;~(K zEKoqS=$GRU9<#jNFOQEa4|)qd7@VRR&;v|Jx*;^&0C{mDKLpg zk=O0eRROi4ygydJ9koT+1`&qIceqYk;u7m`_v~)PKadcC~b8rN4 zH&CxqqKdMQ6x-o|4(C6Q8VQW7aVYuGhOROSiQ0usIo}g{16qiMjf};arMwWM8tQ9* zh%plldmFhjLfA#F6+%S#n}4YCC`O~pHMavTua1v}oOM3Ca9u%{tI~`e53drOd+HHu zqtP2a#~z#26agz>P(2$WX9h|+&7Q%D#lo+-|A5bIF0Xy-Y^fZAr?|T-=ecZ z^{(lvPcL@m8>B?~2ioRkqlcGbH$>sYAX=B&@k3{k-%?I!ykT2V)l-yvjruv(cRj}; z7@OD48a0hx#vknHTBV*u5&EoJ@;*8^Sa-? z{jMHsZQgg5Lq6Eoe!rXG<@G#%1LT%e9wnyColN9APP>iJ2cY$I!YZDd8fM$uC#ND|=tWDdC#lf6O zgg%eOc&n>H0`tLcT4_JO!)PqM+%-Uf_5hVnmym*I)E03F)2B8-o#V1c9~l<8(fuVF z{3{4dHst4blW&6p%ZAohLHv(c1(@w?k4Ho-ahma^@U0OTW5lnPSV9z8YU~LlqXyNX zlz|lX52+3Dx(5jIURR(JFdJU!x_ukfTWie(@GGD~+^G(0$vxxiF|Zu`%S9by2E+r- z?6o4IHh5UMoe_Y_Fs6~U4yWPpQ^vs)jI%1l!&IEh#_8q5kxC1)HNNWNUs=(Hko5x3 zfDzPyvpWYwcGPl6L^{N7?@KYigR-6ITXf9M%!?HUmP=cZ+X?m$zQ8nIhz>(hFQ7lT zYT5Sr*whX29b9k@Z#O6V^?wXDu?x-rB!K-X2&NQFyWt=D`$I~|ikz0Ec~p8_I=wZw zL;kLx#LWu4LH_j#zxd%=v=_l}Q_V)JX;6H?9NkRZl9E^R}X zd7ALFri{t9K(yo9Zz*qnLr271Oew_$#z6g24%Ep=Xo~E+8l`5s?t^PQ?Be`|lM`nY zu-Ngz+&A?o!CJDp84;8hG6)LjyIm>Y{cQtc@u+zVZ>TS`+KMA0&FI>V)wDJ2xN&8%N$h_c#}5bT zfrShmTv5KZWwy@e6id}g=dZjVb}5S+60=VCpRtqI9G>u$VCJd~W%lsOOh=mJ$d*V2 znf`QKkJH3@(fU3X3A-XnB%${r-}doSY#diYKlHu>+ce&;d@;>DDx0F!d4H}x<70#q zQhXKjnYJ%Z+>-JG?&;Fv-6#)r>o_fDvlBzpMJ6V$fafc3h^q4LctQA9FN;3b{OIm^3h&)P)i@QUs%hMY zKxd)%4$-Yn?HzE5STp`EVzpe=>=C8VzKNUM;a#m{4jH9gx&@W?uE%?&asC^0iG5MG zTH{N{V2+ackAR##W~y-SaxHWBM)f5NXARKmS6wp;)#nozBkhUPo$mj#-GBkue_n(@ zaWzJ=)c|SAp9@f1>u+IbD?*qQbWvu0E(Hv&!_|1Kc?@W+kdv8Il%w?k2xU!`SfrO=s)d0 zpBosh-2gPuwqj}yfOH;&KNs+LQ*Hnd(3gI3A^sn(z~`A7&ZMPC!qw((6!*JLV~REI zhGkf(dz39!kFqg^M$vLd3ZbG`5(KyFjcvEW0ySZRK&ho|8&AZ*$OQi$e|}ETToo3p zPPDJ@r(5{)ue>%ocoPS^kNXcVQ!xQOliAH7KF`J7>mQ!ar}&?4*HgEuqP`$Ac3AN+ z0=`iF*E%-MLxkX+CgxbL!a_p7kHi!SIApXGR)(*x0>?!n_$_Lv)4JcUFE3YLtKy?U zFqdbkVTe?;kl=_TNrnCPxQeb`qVvR*uJ0eNc1PoaK*ZfbZqmMjBlB`qes@$ztCAs$ z+c($G<(sFwVb2wcs1M(9060-XU(dAoX;8(+VUZ6-VL>|^0TsE)$07IFnw?UDMXRH= z_$g4uCU-MVJA()X5RoFiwXe6TKcAvc_}Du0H`NZQP(z7*m#yjbLJ7u+E@Ni&Ll*{k z>GRxLI(eR#%%i8sP+>@ZgL4P!317c}4pb0@t0u|oz|E)+*ptP{5g^$-zn?ZAuIdfT zbTjwssf|+PveX zis_n@X6qt9T9z^v%T7}oqbmTHGBH!gUc&F~@|5*fmGHAKfGXX5y#Sk=a5Oe1&(iJj z(*iG%zvCmt|HC1{BihPC6xs+qE<=W3b%Baa;FA7S2=1q0uQc=I*1=?RdT6nWR*%Wu z=n?`EdlFy6j;WJG>lVxo8-rMDDQyPAk_WVLgPbz@h#6QOc&0tw1T!^EK_sux{GNjl z7Lw$csBDcQhrc|M{F-zA0G4@zB9ss;8yKI1HMxBM$y~sU805k#>ufM$`#E?XICh!m z#rjbeqsm9<>2{E(MgFK5*=iHl4ed6dSF4uFt|?ANPJigAK|KU+g`tdmY4vUlzZ-X_ zJp>gQWPLXSt*EJ@9IEe7e#|aWj46WFw48WzZB?0|G3ta9GP;@yE=8DjDwPORscFne z(r=!nNW*T0w~RdgMtN(o2KRT#YBQn8lxP#GShd?wXt0(Rkov1c(D%IjnNUNaR=Rxp zi(d$@rY(5R3OHuruHgtG$3Gs+UGKqh(KBAWo2B&;bwc&!-%|~a>8Z=TYCA8l&m}Ps2AiFhB z(C*%Ly>kL(Pc>(*h!7MS>>#2s-IOem3hZYdYd*(HKIWzc$2pfQs3b1dS%K-he~`nE zt73&3+^vx-a7#9Sr2k)cK^S3*u8J*FzOut(2%r4lVcuTkT@Ut#9^m zOZQCJtgDc;>t8QD_Z;yTpJJJoTK4D)uJZ&l3&Z2aE}F=kbYVRJR~PNSYAM9^DN2bZ z5?iaTfF}}@yqjj(o`UbmM+PB{D_DXd0*g&gc%ZU4hMJv40g@9JWVFHs7DA@AK$&T$ z`7}qiYo+b@=Q?e+SviTRfVr2KdEh z0&b%{^JBzvwKh%~XA>icD2j(1;*7u*u(|EGMc5#38^C&aJ}Y{?Czku%ZjBm6%Spj! zk-3j59H6%w6FYW$2b~WmI{p1AW+e>7{pOX!XY!LZFJEsYYq^8@oc##i9Xpv7XendU zek)neF0O(9)XDJmHY(>1ALhkFZ7!;e+y_%&?AYn&y1=WiGIf8%Lvem{a4h9$5-9`p zpm5vADge1zk@&sI!Jcn?hnt0}Eew`~E`UJIgCuC=+wL@g%F%KZ+-lO3v##5$BdAH_ zbLW1?nOh%k4E8lXZg#>*JSEV$(UBl1?4zb3x8E-tw2J8>=bbk{-j`2*o3+=E&3P_W}=GJT{_~} zS>rkB4+#gO7kMxy1kJUvh>2$;;Z~p&B(dYSfEmGc{bDPg@cFwN0o{K4&+i~{687oj zK;-eCH>FGBxnV@K2~K<2WmeLGFOpP!`Bf{=Aq+atoMTs`=d>H77t_sf*1K&52N@JU)s_-MiN3_t(#Xr&mNuf?JF7kKCmwVL^1VsyMT-W`YNi%04LlEA zYZa$JIO1-=G4O`BTzX|tZN`0<>WZhJE2o%TdBFP;b7*i zPvV$(9~HweCuadGs~v^6Cf!u&KN9E{zE z3e!(YXP^$DWXSRE4Rm*FR$Ejj-Af_u$p3kaI#|Y8e!u>l%?Fh_5#<&)^swIPk+Jsm zg7U&+4xA`qxn2CYGYh53QT(x-efu%-a4SGgv$kb2_;v`H!sklGd<)qDv2vy!=W984 z(KUXfbF|E%1Ka;%@2#Vve!l;4KvY0bKtTb8rIp-X7HLpQMd|L4?rtzZNht{drKD53 zMGz?gkp>YE>5{JREU2&d`+VNN^Zx4>=XXAP=iK`Z#_xpAH}HjKMdEUsQIY{wM1^Iz%zUAU6TBA9kaULc4_7U)-$ts z&$WzRT;ThimJ83-bC;d#nv>Gcr8ceJF*xLJtI!v7dJGX9Upb?q_NhaES_9{WNdzQ&Fi3w=m$ynX-DKnaIIf)l!!6^l>1;W zvsHVmd!jSpdSR-&Rbh1pZ<_x$@$@gFv80@d20Ox)`_xAh6SPm5+i3U(AS8y+ZwRAh zlIc78(z%Uyuj%XMmCZS>|rnqoxquWtX z5#p>jLhtTB#41dImoVlzE$Y^PU!d={+H6C|`~I@mPxmf)moPJWN4iff2R!(|NHEJt z%17Q@(Mh=avGh6zCkufNp3QF9m1iU}EVo_LgCtpeZ8WySYWBxNyb|B$~1G8U1Lz(A0gMvqQ1zkhDP!d<7xABKsQoWCsP&+ELBmn>;T^}K+l^>k^phf3`ukr2F#W>XY3 zx^ENIHqH&gcQr4hGxN8qQ^-+$lnLp*nU$kh*8L`6dR&|<+8~E;bSE0yd&&2g6TPif z$0>HQo}nj;TD-xzRjJ|Vp%2=H>o&f>?DQ2Ogjx!WnbpReuhn{0M|&q>oPYO#;k5XU6T8C_twugRpTRwDz+P+1VcJk~* zQgiF=4p<{~TGtRX$okHZcA8G+y;)iYZz_t@X`7U7t0lTb83dhK#k!B^>Fv-JoCjR%@&V3 z<{FTqJTFOKzB$A3*jB(fh}`VShrG$B31bX_L0M|@kn0XJuym2)0&EvK{m2}#;b|td zMYc=N#MDEEsR_({lf(LM>EFVarQsIwt#cx{MG*cyB;k>CY+ z83@l4<_}C11QDe)*3T+8ejK8Rkms6OShA`4lHBLzua0$yD|0Oz9MqNCw|y5P4#WHZ z^*^7G`XhY*zS?*_YVHl(W?%Z&J&8OqUBCOXrwIQ!;dravq;E}uhll(7PbVBm9(yMf z0q_TL0#~)bkE{tY!FXUy5NA_EhlhepC@2r~_{9WyXk=>g(Ba=mPNqiAV%9E#On-Vo z{x<$HLjJaxAmDp)t?UJv9y&PK@bmIIJA*GVMetbLnef8F9K1k?-(C1!EKIG;|5Ha8 z7K`OQewPViYADDA9!we8=>U1Hf%wK2*3N**)X>n#ib+VoM$h3P1oVO2gi{Rsdp%LJXV=4v-gJB^^G!F)agrNX8mIsQ( zAh0k962pVUO$f%p@*r^n!XS4bNYuYjQ71BrLy$-wECL3@z;OH+6bcUKgCNj6C^!rQ zMMGe49ykid2Sq~QU>+zMivW_tdH7&Z^sz)R3=bTNg!3UF;KU1of`JYYurMee7#;$L z@xU=~Gzfe=`{$4+e2;00a>JkIDWa!g%;F#}fQ22?je>(my094;Dv)0yzN@g@N;-A#fBA z2Iv3{)B=!>!NOrc!Js3s2$T;3L-D}*j#+?G_)bu92S-Kxr2_7gAz^$#ZNOLOcQ0H*)L4P?ilp$G)f0-%By66lBzXLJM_026ou9}EctAVKpWaTYm-Kk^SZ z4p5+t1saC)z)%<@7U%^41%MhiBjAC;0JM&2fEjQD82vR5t|yLqjHBOn{5KjOPF}Ev zfBJ!0&_HQ?kpF@tzydvC2I|3y2&TRRaEm#y2?F(pD2_t}@ErtjT|h;n;b;t4Hv-rU z&IdoHL9s9dA8=gcUv4Cj0t|@+5Cgh`;_P$02B1k?3!v=}4XhSN0yI7VUeJKyY;(+w z11M-CfW}b(1waZo28awnAaL#qhJxU{0GJk71W1NG(K&ec7?rqS2Amxy8V0+pkhQdI|0k}C90=$dl`6qlpdC(YuK?IJ923Ub1AxJn60tsRk^0+4) zg8)GTgqeT1f4epaNjM!GTLL%F2||xU5(f2`dLl6hUcVzP==qxm(2n&2^b2UXe#c=B z;04DGwDF&*P@p56EVz(}2I1|v4G{GY6$wT-9t}|c`VA8CFZSSr9?t+qfCHT#w{f=l zOT}sJ5A_(Gza@hr|4@O0|CJYo1Wa;X@;UZ{o0pgrk8E1DzfRSPTwX zxYhj8GzJ$Ffvx_X3ZfrwRvh(2H^-!1+{X4>MDp)Cqg-|pSL>Vvw5`zV9 z06_vR3MR|v3wvYfzGh0UR7hCO97w4!99KDBuRT9Ki=rbh1jsiIy?IM!>&u zksHVJ7egQp@SR{2aAQtZ4l>A}5(MO*6AlnDa9#j~f*b(k#lqoO42WZ>^*~3&vAnp&9EZB!VdD4XIHx#CAULJ{c3&tD;&)&IRmO=! z;GlOB)Ig8{s)B*i0;CrJT|O)d1(b&4K_QW#wgAuq5fda)T-|fBY#i+*-2+vD1aab~ zfciVRgEV(sr<3kYG#z_`lTOrq%1JXiL?Ol#|>OC`CB{uLj*uPSv{EJw>9BB zAUfbg1>*gVg#c$fXap7s$_m^{5CB~ut>FxV0QC^?3KS>oPvx1u7 z*yV7F`BRbol@8$Hq#wwZzk7lC|FEL}62ZtP`uS^ye=;A?-EV>aB}{`l=r<8Wh7*P2 zO1R$(!nxW>a=>{$Zn|T$o%93CKEV+X__uvJHS4_D-T@7 z48vlupo+i&0||u1fRzEC1^~nbIFL{HuyC+D`5zGYFQ7S2*vFv(=m&*U3oc!O5fQkM z48q@EDnLGNc(64AGXg3KcmxPHz+Rvy9|-Qi=vXMOSo=-GaYIiQjjNq-RGb1%g5rq* zj!Td~RN((`7z}p2L{JXHK#Bt%_S-*W!b6DS`PUm!7poyk8`ToLj+ z0so!nUuYmqpGb6^g8qcf-_jo^Wxx;S$EAzE>%`521$_Yq{_5jD=~EqSCV~9F*NKZC zCpbKo|DU=30~HtFj$bD>`J<`7)c;~!T+RJE!~krbR3*SUL9pUOp+UWmLoC>Sf;>cc^&5gkJ^!9C}1XAJ;f&2H#$e*SBrCXYU z54%~Ig8#q~%Advk+2dMSTN&XtxVS?Op?^Q2Az2V&LJHyG;r{;92@UK&-$B6_0rx>f zj_;s!gr#MH1EBve+(E$?`R5J_PC`69fzE8)?^FM$J1BzEzwe-EoprhTVepXUm0O`< zMeFHa_m-Dd2G8!oJ`fTSKe{hQ6!u74e3=+uY(@_MMc5g_7h#{D!)go^?qbR@gLC}v zj@%_beq0-kuBxdS9d=HX3|(?EF{$-5SssnuQ6DpzOy49rM*$&_fcOzjNvmS=^T7)QfF6F!hw#ea>zUw-_)H=MQwR~l01-n92>9WHpRSXjYZ%@RDLFn9xf-FA zPxv*rF+RY7KU|1KZ2&Y4+VO9yz*%5lP?!`<@T7({{~NT&Rgxq%SXvv?wf`yg4_! z^mXvte9uakWZK4bnS|Rmj{_+^=MO>xmU{9F2CYsSF9)@E604-Vq;1umdn#-KkpkN< zkwW{C4zr};k52~vcpHn>f2(+BRDok7-{uQZSK9LI!iyg>+TqP-9hJ9-?sN^C_)9>f z00RAyw9D!o7ja|sOE0VLn>-GcneD(M^GLkB#->hmYXQK5K2)|w)%G7Q>X z+p!O3{Tg|=Ow+5`CmO+u_6T6V>s;27wv%}|=uE}IXsCc`L@+si9q_2#V3)c>l71S4 zNE&6d`$5*t!-3JSJRM!NT){`K@w=_QHng{1~Vm= zo4e0PDssjaTJ%c$U+>xH$%^_$$_=%K>9v+~3-&_GynkgP1yM%zmuamdewb)ecc%%Sqgc6!PnoPy zqE}odYn=da(URSv?K@2U;_Gtppm~oEA<;eZFY+Y~L-LM4y=sa_*WhwZ3+jbENyl3}A{t;6At(|58Nc3aEVs2$aOn=UNtd2Nwh{vEK4<*oI#>4KLas9BOPw_t z*;M_c(GG3B)#iCuCKltm-257YO%e^`>bY3ImWvYuQk}S=uJm}k8jX}YWa}LJL8tb` z!8@zpcv<@0V7#7r@l37bQGPxB_2`y*&brj5i}?I8U(G)&la1`=vl9q1Z%!ExN+|<{ zu=!luv>{?$uINZSOpgDe!DJL)Ls)cXkzAX0#UeAVH1tyLaxgD~pscj^S2}UCZoAj7 zn?M@`_>|u;*J*)|2wpVlGLIJwt_)($ivhku>Xklxeb7uHvnhwXdEAVC>K4pbQs6>P4iwyKTUPDF#C!#4d{^sC|Kn!_aie4B2zh;W8nE z*VArVnj1gX9#U#{Y`t(~P<|e6V~)O!y6X9Z1>d;SIRCErd+&=Tyyp->`lt{1vr2C> z163MGcIg$aFku8&s~O)rk!42(%R>zdI*Hil+wY$$Gh1WleMUTzRon8Csx+Gyevaa2 zs0jEqmHdvxW}JId=38zezr#w(2MY!{uijLTDZAJ~S!PqRrS=VcCdM-SKWEG#$>Ti|Kvau!9-OkiwB*2RLNL^HO-wjO_c^9lr zb!7sbdFFCcjC?{3lF%2Pq7Rp{ej}n6(cyv*z8h!A}k%6Z|7+G|N)4GLZT zL9#jwK21>|_g<$E!E1Jrsn1uu-rq_jTtnJ!>K11_h|zj!Un7dix;j>>Q+gEqBx9r;->xwCh#V*MEH%?o1)2K*255dSf zP!I{?hg8q=-;hR>R2L2^TqKz)S?M#*my3NpG+RV`Gc~7uWp8y+DY4qDTD|DC0Kjxd zj!k~arr5B9xxt~W$sQTQ-Z^q0Vg0)#ZwTvmsO=_wKc9PL)5gtC?bT?yc)=PH96s|% zK2LtrzLX;1x^}wQWI(8GX2Hfxl8E=>HYCQXs=|CibV_H*>FxZyizxV-RyP98t&OMG zLT@K^(0kZwq-T>QgxYQ@-#{on*Wml4VRRVY_k-_b-HQI%%X49#UMUFDeMq4}4 zNUMxpkCreZ&f>ZpN#A=ynTy+uRfFdaJ@!tGjIqtnkQ0PM>MaHrsJ?vtbvpuo!lI~l zCiL$9^L%%zOO+1Gngs(T)>~pf_ZpZvuLh7mi)ISmU2rr#T2UxY^LhByi$gBRow;#` z*(TdRH(W@dy4Jh&@_9nLM7)_Km)eq=jYR8|a8sk(px$8XRqsvdlJ?k)%Vd8=sp~EB z46QELdjDM~ZKrU0sf%{B1&7?TuR0pHj~1!hh8gkI8za`)YiyfIp?7M-7$RxR^3OPz z6a|iPA}Zt671wu*9`KiB4Zr&NqQ8xRNh_o-ekr=R-G1 zUdJ|5R#?m|3J`0C>B#34w-f)!mt~$pn(CgpqPdqR&^jgFP%8cykNESn4GmEKbN=DB zAo%2a?OT2?#L=FrqU8Zs{e>SD`!&;AxqQ&D`X0DOIJ7MKbkX`SXpJzDy)vik*-T)Y ziBF&XS&&Zr3m?H##1L<22tG!_-#?Vg$d@*&{X98=l#GyiarYd7S^h;AHK&x_rL0%XAQw=A zT!4oRUw8hQmf>F1^*B8kK6y*Y_-!t|Soxl*hv2ub@GZyWHN&!1etYGuTCM5_iMn;< z20b-Jg_wMqA4`w8B}u^$KKS`UODiR67@vKae z$&>YL`+T-Y_TURbW`}N3>@`E{Zyft&W{rDk;v@N|Zec^g&aIyOy>iE0*e6o5EFaIB z?S-yUP1?-LnokjXO0ITwmn=*2V9b7Zlj)`dhYJHQ)mINjg4~&o7yrOmVEqkp?oR$) zRFt;6aVkXqElM-`MBD>ut@YYbD zl55ZA?w$3rUop;7u^e(wblkOvI*Ra_zFh)c6;f+6pLTdsFH`(fNOT#8Yp@WsQmlNf z#JCCzh=a`-1<_To=6W*X(@X>s^}L{P^f!%gJm`BlHhBg3TqLZF*GN#b z*KC>Jyz1Qk?6nBkhdtAK780hjbf_g~{dIm*fGQ-|=o&tcZ?O>JC2(NjYXQpIcIvf- z7|_mP2JKz)`*=(ughe3cLNz`X>)_fUpgk`xf)9}Xks5e_1!I?2AZYXBvTx#&l{xvk zxcBp~TP?-l_#!n(*!(K3K{*myVhC2kx2I~$gc)+{urLJ zt2KUl@1kd1;l)H#QPEO~kJ)Og(v(s&*o(zdd)&C#cBn~85<|{|O-E{vU2}fn@RsqT z1nZ}eeZq2^)-vaaZwfh9s(vZ07d9LmrL{#x*GRTu!?9y5b^LZFxFmVwDvD{=vrBMo zhVp3pc`CTNtN(dIA#L;5WQ5cBN`8yctWp`9U{dbI0ykCnU16@OBaasUTfeX-6s@iV zCA+JvZg_4(L#$n5_L}zKJ>Dt$im=B+VXiJ-^aa z<2Zc%0)oggIqtkLey5f$@xuxA6t1od0)c|JvRNf86t$9xp;D{MP`XwIMHKn>zS_&A zbVWm3$sRYZSaGXZY=2G;sEoS`qpNs;O@G-U?Q^E=Gp8tjZCu^ZDd>u<#S|25`meh1 z&2EM4Jda3xANXdYzf_2JQR%faWI!F5Q7`D?4*U8S(f8SyuinOSZ zet{UL=NYq`w5}tZR?xcxijgk)IKMd#{D!l+d=15h&++sVSs~(bKJ~ei#n|W-D$DY` z>77IN$ztKh)uY+?8_YrgO3$nxnLEdI}eLm1(+3QPV8B{}zCw@{;ewhwU`zDms-W$AG zq}4pQN%H1Ke1X5EpfIQ6oy2c%tJZE@ywhMd2G_WI zKT3{;Prhg)-B9<*q#vL$u;A$JNcz>=i;=%Fk_SU1Os5&f|MX z^bE7N{FYXB=wXP#l}}D1%FocHWA^qVs&Q1==SSs8I9~09iZ>`6ych3X=#Fn&ca-ZP z%T&5MEQ$IRHReG7UD?hL4`yCm(a?ScZ>zNvlX9yGfc7@S$0b8$LCsW+Xd zlw>5bL0GW)?ncm;j{L0q--Vi#hN<=zDFUVqJBY`7X`BNM2G<5>z@>CnPI`8&#}XYeXK-G2cF2L(Z>D7>yR-CH*}bo4HHDsPW%kcmK(kn%5`A_X z?|iAD%2#&5122x=-Rj%xzS@>2Uu8bjR^>Z!&FP#u+E?Yy% zlEti*r7VeHJNHOCL42aug9S0miou_99I7D+Z-q9YnL=jjL(U30hRE-`&pqO!E@jO$ z1;q12>_00iF~k&SW_Q_c1f})8rlgjt8adVTSl;?4uUA~3k%zi!s;zA&d9s6(%y9g& zy4XY$kEPP7A?^2dNtzp|?x$}Yo23SqZnE)Hy)vj=xaKir3*R=}^As-UM(^(tYgouQ zR=rsY$!4iD4znC};J9R68y>WOz{`qGZ7z+SKH9oG?5S66IB!*Zry!vdoD}jzPt@`2 zaBTHkUWxBn`=rscyL%^I-Rzmew=wws&^n75*1_&6o@0Q9wp*`Va+~vb>)L*O1SkVJ zoYZE5HsNpFeeb(`8Fi~rWH1$8p9klXA1)uLM{8|)QyzVv_r0ILS|eeJkv!TkzA=bK zBw~~#uR@r;-Geyv&}t%;{ln#={Y~L~#+mw41$YZMAKE+>u zE3D0X?@nQ*GV%YRKgTe!KUw@0oI5C0tn% z9lr@RMM=1tx^7s`s+S;5Umdc8Z4Y5_^_z|6P2uVxlYO5`Wwg|uJ43#cKt|oqF@-+o z&8UffEy%6&f+Ta^dn%@0`cDGI`_c2_nF6}J^X1P;AYw*J-~g6_-U!&{VVt->g0 z5(9OlaT=WEH*ln$_E`PUFRN*3`1;GdW`Qcl=E#RUx*JzCEh9x;=Pp<#&Rz|rd#OM; zFgn0xRGFmrE_Jq>%PyC<&S($vOUWl#FYRz3_f4GcjlQ?CRf(G}<3`vW2Hvnwr?y_` zsk~wa$FxO3FGm=B(%F+@jQWqP`d;&pX?J6-Uq{{@YNb@s#2b0uCq>If2i;u!JTD(; zbT&VD2yriL2q70H_Egla3OU~Hr@#}L=k=gPL)+!OfWbZE5NKut{GH)QwBHEo+B(u9 zzU^oK>367I@GGECbUaHV7fW6-_nfhEnLr+{Kkz`NO|IvEp-C2zxwc(oAY7~%NWYl? zU7y`{tNo?AkiWG-(R}2Z6dX@m?=qDsuI9P#Y_uX5A~S@?)Z+2(2*!VL_MW=QH{zEh zig#k6D=TK>bVpl3T-|B6d8pd?lUc40>NBT|a*w*+Y)S2ZDn4(%{LxQ=7lC+NYv6g5 z?NBNtA>C?e>TX?HGUp_j?Y7|X)6R{|DCz}UyXiBus-*4_@nX(!efg-RWzo0PbB@$V zcd}J|<|m&%R^?q(B`CiUb`hPPo8R@KywY0V3A=)A&*$oA{domnFJ`GAID8x~=1PE1 zd$%I+FAH1}CJ#`hIdhUf|yJwk3NJk?g zkNl=}=pk7XGIj6eo^?!hW8>k|{_Ta*Q4}pvJ-$UjsH@2GyPP{K1|@MjLxIDaoqJFA z-NLq*r85t^Dd5{p%n=EWPFIG!_aW{>Hx=DAxlYe@>tU3Yxl?LxndsySZI4R)m5vMr;9FAK&LZ;PO2s*<{V4gy_`&Ov1#zxSrW*n&xMuM- z=G;J2{=s0OaeB=89h4wii#pLhIH02xZ$IxQI7+qXx4l8Lt}jrab9xPLRWD(r^W|=+ z>C6kG%7q%KArr5GqZQhus(BTeUIktvG5rq?v2ik@IWpy`G!=cMEqA|-NgVVYEm>z< zqFA#0SzXo=xn|zGDcBtoFMUvMniCvKhWi?ub%xU8`83F5yt6tmvRt$ycxM z{Lq#Yhq6+9pNGZt&@-v>aQ7c%e7LNYPy6VeZ1wIv^ud;?IKMfU(H_V4uR1NNGwUH( zg_w+_n{yPON_K?#`?<`oX@$L(QOy&d@bwhVNIML14|XaaKK0>6uaLhg?~JhzUWLIJ zQ?YFV*EQx4<}|(dQ+scf{L|IzLn_uSW6lrgN=62My*#e!X!=q}7p-K!FmWUBYJc$N zEfeh<9cXQ2AnnuWqSc8ErOBI$z2{l_E7>d2qXsV2bA6rGtb&vB>wLK$K{<^5FN z`x%An^F`7MW{ydMi;KptU-J-9iRBwBjG7lCk>|Q9Wz-Wru{*V~QJ=>X#Lc?Wj|9yx zF+ZLUkv3ocBI?X$JY5vOgm#K5@RE8bk`hAW62mk595Y(a)jC>oi@?D@I@A%C9AzdR zoda+woP0L-9fXgLlTGbWOGNhH|AO z((f1+9`MwyYpcB}V(+=1F~s9_mTXH{zo34q!L+ic;G%A)sqdaJUdoYeeA;WPj85g+ zxXsB&Y_tc%G}|=0m{E}!TmvY^=h`FyP)7`0KZgO;cMS=3@SDRwIt%uefvUI(( zs(Fl?i$(2fsAsJFBZCEHqXJqcS?9NubB9U4`{73k7&;ftZ-o&Uk=}ZNooZTx5s!W%2i=&%vlfu|oPEGsjC)+QH1!f1{9^NZ< z3|$ax`4sGH>AHH2W{N!M6wP44WBIrEju&&8k|pNU)$^D9bZA`3epGhFaElv08uqhB z+ej{mOkKTke|%Qx?oHy)&oh|CE$ef1+r1BUP1AkU8v4hvFjn4>*D(pk741vj8k~n~ zVO(`P^zV9Sm%RDHl3?}?UYh;SZckQHOEK;dpH7Pie3GMmj>z!2+KrJqKW$z6Se>-e zXft^x8IMsjIALgby)ZL$9QN|EEPJ&fT#&iro5+t;N<%8`mCetrim^*Ategc#jl)#d z>SbxukNZ2~yECmH7P={xRR4-*yj@JrDM0ivX?@fw=y|%zDNSTR`kBrHw&rNEqh0XF6A_iUW z1h%rwZ3?H%ynYx(oVpy2TzD2}Q#8&pndzs-jxJZj?aR*-V1-W+=5QYEGWhQJD2ckH zD;jh;n)BuCuxlqHMCbRLJP+P~$e9cCH2ihoEH&K_!AuuYec{3(JHenBWXr@ygqp6s zQc_V!@2qS>p=3YU*D4G>Lf@{Qqqv`A`z=Ae&j3vnOCCV^I);4k(PMDe;fOro3_eF9 zREnqHCrovYjT2h_*tnB}M5@T#_G+6Ri-Op7wy9DZ^#X_61u_?3i(_8u5n04U_nHpp zNP;5)J3=OLp8!969VITuT$#clQ$1^*>Fc#wROYdV&!j&qX8A%#T?pzo&bi8x=hfKc zK6pZSbB6a`+pV@aZPySYiEF+;$&*8nn!Wld^Qo$*jMz8_lKdM}SH0yj4Cw~?c^Wgy zYOu03S4vT@<90)C?t~85e4xwAeh}l_FZEF&O_l8aI?5;&79;h3xmS8TN1X7@BawUV zek`<7T$l+algmBTw=SkIf4W_HJF{RjUvN*tkuxq*>S}+>x7hByJjum?>p8MU5>&Tc zcJkadI*BUoMw>%j@F}D&`hKK$|LLbx3`mz0)+Hv=!)KB=WjX63p3(ZAh4aom@+)d+`l5*N6+&q=8>GYtGyZDfSJtGedPw=IKH1rl zu`B~^kDuzLVsq9<5z@UCs*`6*YZrxbDlXd@7Lgf77jp!PiK+E%%_qFlblRGZNjSA< z%M{ZWw3J?xEpRBzEjgLY$HuKwiWHlXaJh98c)qo2%>#IAGA!;f(q z&1%v#dCndjt{9mUDDt^UK&-p(<%yv(Nc3%A9Pyz!UKW|0>iT#QBGR&uZJF-L$JI_U zXH_-ALfrL5w;|PNI*B22r{xv5efqu#wQ2dzld}wcc(FR?kTrT7x8iR0=Uq~pvMj7Z zN6aivJqxCx`MBWiWOoX|KKVl0!v9O@#t)S+mX1^|GoGTA_H4s1f_2nYm@2jNM?dt{ z+!hzv*v;5Jh%Kp2@h-LL1wHJzW!6OY{-@XhezU_Sp{s%TS@s~F1nI$ql0}wsiPlmL zKGRSA{4Xo0hsf={Y{M^^uW_cHC6c%GbDb@X&%WiiTU|^mXp`BH3mC}+325Jj6M}QrK~r;+r)9L&e59iO<3;r-KniL;h6e^ z&kKtA&rY)+G)^`Abmp6F5tY1p-LXv5xLy5)^4k2P+ts4cHwXBd`(z18=%*S!DhCGB z>MdMf+DV%CmZt-g+l_RV|qJFFgqJi~)-e4^AZ^%%P^J+D1W)Hp{3!T$_4 zCGd$%W#Nczy0P?>Bd_epyH}FR#Uw(NuazcE-juYE=uUnodVPh8cU06w>O2W)hph8h zr|4bpEX8Y;b(0}yuKlRao4hTq3cDhwRqrEyreudb(S%Ooot(v^0b1LGTkt8rB$Cb9 zH`;62*$E_1g^TsqtU~5Ziu5}QpXPpY`H`9wH(58Is@^<*$uwGkUE{o`U*uwC zP3zj%Ey1iKX&>p^wc@=u#4ghH)4cALM_E1#a{YF%;}l&GL$N|dO&(@DGKF<~`nm4P z4dKY@7y9|PZ2Ppko9CrJd=b>rI^`@qbXNk{SvAmi`fc_;7-q;I369Nl6&du1}31<}}-F$X#Bo^P|6b=g7bz z#5tuD?fE&lBF~^%@7Ri|SyyZ@?v_P!{71|20L>6Z3frfdS4T=2p6s%S#6J*wyVoq4 z2ony{znlmeV8{Yj7+?y%`i)cW?`Am{GS(eAlb1F*(?oO#GB0h9m3AGDJlc_&-gU^! z6g+UbG47cW87E?Pish!W{{1BRv(%TVOs7`$`V%si5>8XUdy&*g@6;Bgf=W;?(f;BY z5QeuGRaX2V4+y-m7&bjPbZ`d$@ zGy11@Er&Qq`W-0ZM+mkv>VDvmjN6@-H$PHSQa5K>)Lxv*TedQd0{a*hnZAOmdbaXY z+BP;3=AN_M5y4Q?Bhv(*vofQ(F~ctyDpgmXdP~Kpn_M3?MzqmWFxGhFYoQoA_iC$M zxE`;rvJgY53Q)Io!3{at;XMY~*>Y}+YljydeLa~4A`4nLlHd>Y-Jg*u{*-cvjz4~%i}0(9 zD+^VrqPm{Ktn68~>+_8YoRzU{I3F-Cs!@^VQ6zm{`q0gO!LPmZpkbC^ne9@w!|hRf ze+?w5Z)j5se0*uzEF7O=Wu-G; zw89x7QZo#0KDf^9>!cUQeLBT18!IjsD0G$D{M%v{lYQF`ZXBOg#F#v^eQD&eCCo)g!JD zCk@|3!uDr6jbBt^&NS9j3W5uQt*_+Ygcm>W`*xY){z$Y@*$6Y|(XXyYF%2s&Q?FF2 z#>7Mtn$CMNmSpAIYm$AX5F_O!8No!748rECtD?+l(CwjFc*H6Cd{!mLmaTGt((sH7 z^CY}oR5_yNG%!TdZPJn~hp-Fe=Lw5CgZ9o|bv&YCQSu&6GW@{6P*8ovlvvk?)VVSF zQhWJjQ~E2Zkh{uIW_qV-wHw3d*~~GoCSUGwS8ThPdi`K+GY+G&{mGh<_DhUzz~;UJ zEomfT(7CdaRh+G3($cyee&fb#!KN{)_UmutSHzoYW3TPtUy#U+bzX>_v)gure8YF; z;#>8QUGq1#&42HC4(i{PEfLi*xtBzLlgvc`XTRv(z6xH2j8Oy31R; z!XH~a4rBY`+0ws`_$+G^*HmQX`()EvIpT6gn*A74toOp8S8c&nslXq`=D~mp+UYl|D z&8ru=n7*2qT3^07OLn|Ow||JrRO$FddBt50?0>8?RVZoRB5jyaJrB=gw^&p@QD7F? zvxf8bY-M?>q)|&cZ2XHqRej@NWPJ}sG8fMA&p||44LLQv=95w~GQ-3UJ`o7PP2FzNP?{ah)d^26_$%}yviFS zz4Pc=`<=n^l(aC3T5;l(>7D*mHL`fUPZKH)IrOUpZ76-d=FgT5@Uo2!wI28ZmCh;Z z`iEEZY^ST1ud}W=^^6Pzk`O~FI0T{}5QeS16|o#9CnMx>fHF2P7~d%vf6vga7Ivw1 zAl!7tcPHzm&uFw3{%pwp`+P-;&pZWc^XfUP-;viX_9J*5A`ULvkK_dhB|d${q)o(M z%+c7U+jRfN+uT{Q`YguRL5l|V&+AjpXp`HL-8vIfkatTK!4VzN3==BIY+AeWpdg%- zB+u)L99IL`k2YngjNSMayr5zko$cP!|63#IReLTb2bfJ{3q zhL`ZC#<{-;RJVQ_Nx9di%9m^C$&b}89A~*3=Vj58g}YT9t!ZoDvp&clo-r#Vd3ZRC zObndb_Lwncx)w`(D*A05gkh4B?_)~DsUpUl7fP+Xyzls5y|Z_+WAxV`e|~K&Y*6|Y zWK4t2kO|+IK&jM}y#7K5PuLB8x-*4Mb2-x-q*){9r%19E23^ie`3#B(GI>(x2@Y-E zqv+)g_;4?;u`q>j2kECwp5K+nM{~IfZ8t4I3{|-e_u2BD8gn{L{Kijt4VldKB1?mc z@D=ya=gN@2jadGtkt9wZTFVFCg>%kG`&7VR;8%zCTq`S#%5v!?W378LQks}VC4wN6@IDDa@q^B|u2~Cd765q7tl9?{~rn{v2lT;C0IK}(&7DKF2B04Vo8AkenE}!?~ zCiNru&yS`x($B7vD0nXDoi{fwRlgHl8vdcfRP=B>+3ee^G5^aOQa;+rAJNLTUKb-f_$7^xzVmxqPPwXKKGBy5&sLU@BX_zSlh` zzDyc$_QYX!m#Y&dFbL#IX}`YiK5I!1_h3Q8+T zRMvGmN=oxw?`3u0S-Q!Jjo-KV06wfRm^aLxPwtCgsV5>W(kTlND14ufRavJnPaMAV z>05+1FAM$?PeOktZ?9U?syT~@5&@;~HGLS(;k=Gid!sX7UukY0XRp!1H-(VWEPeO9 zx#Swpq=v>`<0i7pvJJ^H8apqP>XlCq`79b-I!6qBma?=VI6pS}SyoPEarV4v*;P8Y zD%jAAfhRoaqtOv(bT48S=Ik{WlUU82S4>-^r;#&p1BT$V#OmX6x@_veDT4+5-~q(< z+pG;fyGAz~nEUuy>J`H$9navei&q~q+3H{H2hV1T7NXrP!a1)Z$$F48SuzaT}h#4r_wh0cZ^qEXHfFcoUf%;JWAL39H*Yd{OBQD)!rA!+jDd*(`ICiA6_1I z#Jv0Hm!!>=%UjC`9e8K|@ob^;y;0dpy7<%suqCRw!L^lKeq}!*g+(rA$tmry%sZ<2 zDSb?5#ktf*-)^T_Cygt6^J4L;tKF^yYDW?pX-`xdbPp^55aqLQ{@^` zjpO`4TU3SA!SWH$#?e+x-xTMVox$jQRZn+l#d2e`%6Rybvxn^5yw!|vgl#fd>$1d5 zL@uVz1)NGFdZ2kVy1etz4+ifLhkT3e&1a1-zl?gsGGpp$pOXt#f>J|flDSK!|4o|b z)5RlBz4y%pGBxN=eTE-Gs&{D@9u#SNOysBS1k!juZTBX0{h-YqJ$Dax9UdvX@kW~X%;&VW@8F{t((@Y2vpEZ#v*5!%mGNd)>O-KQ_VAvii}j2+J^YH@UWoMxKcHh)u zszAFPl_fj7ol7XgSY|Z4Q5W^3PB>wuNK}%Z>s`jRq?Lp|(Qm%2g2qiRiJf^=nMOOf z&p2n#`+0>BUin3_rdC_sL#bxce2@q}m$1xkG}~A9?B@kxHQ&9j1#O)+(_Yaz-1#BS zJepkRyqp3ZJg^wkh#i!F>JldF@u-7;s^h+pZ|u0857N9kie%pCPZ??V=zRW0|kt~nZe!^s;>9uQILQa5yc z$g6Vb^;mW7|MbkA-p0dyu~8_uKb z1H5g@voGtUz)>)Psn_nU7ABYr{uVd+mgK8t1yo#iBLcQkIyTM_cpSI(Kg#T5O)1O!A&y8bX>Iq}RwtaoUG& zXO`4qh8@jaR@)DjZe*#tNqknmbZ!eTg>Q~}E8!Ep?tWW-+F@s1d7Q6m0OWBTyCFDz z`qfn2l$Eqp>SU_OdiP-Y@JEMntyw^JXdD|+W>koKTvWT~OmdK_*E~bo;x%i#{YLb~ zB_CD|tDgSHDMxzar&#d$X@C4wv;)uUIBv}v&~Zua@U-bjAGslp_nN}{Ot-N@8)UCUSPL3+D~p_;&R4JA`)<8IE>(n;Q9VbG**$vn=w5UF zT33bc<-A1m{uSgEt&#thq_7sdTOiq7QsObNP>r58B<&&xK@xqv$#!9>(6^lZNCr}XLL?;C>t6y#R5EWwxYIB`o0m8^0qzj0#7gPV z%uDJv;9+Uxy-*wUZyk@sK0@rBO)%?xC439_i0ug)@G^j3?5v`D$5FVfA&2e40^z$Y$% z8N~_)B=K+p04XjqfOhcf8h}~x3ugq-CjjWfPo4ip3V_DI3>q*P>Teo;O94U(fJFKU zPyv8*zshof`8W?(f%X67oBWXh+!S6gl7bCv{qK?hOyYs=!AiynAR>Npg#h-&6L85V zKkEiG0z43aAoSB>pl$%w1;BDR9=JjPb`T6>0%TzL6W4!PK1Y`io z3V9mj13*{+5+nfs_}MqW-TWdN z0d<2xaJ;+#Wd*Pjpcn%DEU*lqgK=;H_YK_b6EKJ5Z_qY?mh`|Kd7z*GxH*7%2($|r z><0j#xB)s4z>MO20&w8KGT<-JDPZKsLq7qsU)&S$)c`pK;0XcLFfeZtY%f5p0rxx) zI~xGa0_q01MBuuCo_}a);12)htw8Vnf@XoGV7~&hsQ`~)f5HJ^H^EdVpw9px?&3V@LOf*?K+Z2(dXfO7=nN&wOfKuZCS8Zea+j4TA&ij5QK zeQ*o?g6091KlBN>ZlHyMw%`I2Z2<5hKm!Btc|e~5-2eul0QUpnleoA6F97@w>_dQz z?I+y`?EQehfX5EdQ(%PR69AV9j9mb#0uUzwoF5?L-~w1&z}N+lD&Xb-%KgG5fv*Pq z7qAh4m4T%IR}*j#@YrDmGuZ%`A_o9x0pAZ;_6v*%wBG~w>EUYLpZ*P44)o)%G5ROM z{2q<}6m=eGHUQrUFbQZGU_AfE?*X5GNx^kJbQTaffR_D_Qh?C%4;ubi3PhAYWdWc6 zX~REDIRW+;cntp{nEfgXNVxzkBN(Ivv=$h73bYZpCmu=yvGuQVzh%H3064dwHT@|G zKyLt^6aZ`mM$#WCAp5K2?|S}4_S^bDQh-tPtF0b%{<WO zKv?>1{U7NAVd>X>{*eOr{$J|(o9wqm57ee#CI9p^*aHBc{!0#&{@Hp!OZ|7!-+cni zK7Y#omVz|{R{o_KhzP&E=uhc?mI5*1FDw40;kWcbGZ=0N{sH4rf0zDa^S_b))*%Ou zHh*dOEq%}o%tb%>VL(jy7tLTE*F!A+C+Y9|1~mWC@LLMj48+X8YW$mKz-Rum^tTS6 z2mfgJEd^@^X1iZHfS&(t9T1iNv-GzPASd{v;kWb;&Pn3o=Yd~j{*MeJ_Jnld=M*3i z`1hZZOYVPW7=e0#bhYP!VWjfj1~~HfUl~Sj|8kBN^xw|T68PKMSrY%|>?{R99ay6; z_@Cc@|J~VHJ%6}G4_1L@NspR%?A`LV0x`s9l3`dW6a(`j!q<96N2Y%*gRPc>OYh&%^P37!@j3lb3` z(D#4zzi1}VZZWBs>CI+C6cO{sB$0KY5$W^%eUI6O${`56#T!|ds}EH(HSZ>h$GY91 z^9H+hZtaIYr(N=xFJ2|9jWe*$`PO?~K+YSFppE<}BR5_*bq!oNjDgaDbP2?VCs#jUR*&I725uN_8o5WqwMG5#GW~!@ET3ckR3i;_9@ce?sw5RrwfAsb`tI zp0`84`YZGn=Mb|F{pgjI39!p1pl{A!n5N=OGO15t2>ru=y< z&!I|veBW*=P5bynF655f(y5DS`~IuLapz3YV%F1uD##$R94te4sy9&3@vj0lX}-M2 z#8M2oMRWGVh3eBNB5<1;CCG^J&7gfBjYnZ87yXeoLCknRnivVm#olGi z8T-T!DmQoo_s%2jKda?S!*2_56=M0=Y3Nl#EecGFw1j3uB|I(6QdrU{RgoNmPVQ8V=upOA3_IxD2_CK8-C|X+G7B!$1 z$l=uSq_XT|@gdTQzHkQsu2f;5^Y5z>ihWe2y=K)6hc)ns<)JP*=3n`)VZ6 zjpj?LR31Zma>dS|+$eiol1hvxiB0y(i|za?@4-oTTcmhlAt^0j=j8nhD)b)= z(4UZ8g{(8y<-b8bZF{PPl zi7oU6V^d2iF|Q0xbp{8mNwug)RTC&}Z|c_c=r~!GP?y+E%>)S=vJixl8fCsQdJ_th z{lRv;Yf37VBW8e8pqR@O+B}cxV}j5b=uIPFR_< z63%ug5l(Lp-Ml?rC=tE(i2|1B!nLuYlL2T! z={o`3N8B~0r?T6$c}$Rg)(|1H9t-tc)@C24dZL&maG3b1&lE(HqMYLUZLJvh)2IH%!(-n~S?yR7kt1+Fa$|>94C{>k;ufk)&4AR+GDG_Pk z$+Y=my0VRlHV2nesk`F`8IowAeGDAVL3>-*6xE5^W>;2ydbeHY-wDlY1&hPw7q6a4 zE*86SC+f5=U3rPq!b7Aq^>$lCGH`sMUV6GZ)*>!{KUuUhB>J)L@p}9q5+6#{yU|$q zuk{g%jQ-sn0?W%(;oDr1LoZZp^p4aPzJ;#3wS)A&ih=&sw}O=<~+yzFx{M3kS^R^Gs7`SFIUQ z95?RtIK1SgJrkOSQ{fGobo`fUqD7Z5)#1~_!2)}*@ZWPn-RCHJu^r^R+AgCFF4e5O zb5%g}jJ60EvS;1C=b0vf!;;$RdqX=zJ9UY5ZbtcygI1{Jim#-hr$(z1}tA@Yr^aKe`JZ$)!p$2I#Bu4APqH-J0KjHvOs zCg_&@-sHkCZ!7yaAiHKDptrMWy0N`K$a){k7Zh~8Elt}~s9+f1$|@XfaEhfkU5QQ> z59b-Z78FWyoi9>a7uCp#^|EWFY%#N&lj`PGt{TX{k$nE#DdkRf2Q8f2Fnx_OI=@5% zK4z3%q54j=tJ5Bv8#hSC5)&2Umgkx%Xnl$v)PrqF`Hi#g8IvE*(G&JoOGmt?W=Xr} ztTjvmmsm?*8*n^TdY50kF<`FCwwH4KpnmogA_T8Z!9l<*+?ZXEaGK&>ZqcW74hb)) zd;KV!7Z6)<+*0~56hbubw7fo7*ARWFfP8)s9wf8x=j`}Ro5R|b=M;wAZXerMD1g*M zfU8tLAWR8_(Xin5L7XB{ zn~cOEY}pu1Qh) zkB?Oll@vHc<1{=wuBhhjULh~;^mgS(q8v;ni>kc!UqY@YY{-EulX`>h+rNQRbRHZ; zdC%%W(syf|UCFWe*aWhh%)91LF2DYdY@RsZ+COyEmMv)UX*3ZXOdx@@6uko zYNT%K3Uu(b?!Aq5*s+@S@(tN&&^=GOhS=NG5oo)8|bZL^$?$1E6Gb}MZ8LXsxn-LOf2yrln`>TtNO5mGW?roOzKfS3D5Imw61E3prkBZu(O7YuaiU34TxDSDGpw3Arh zVLF7rwOhhpokpZu5?MZ#voGxpzH}KHDkCWDQw+^r@%NA)KFtrNveIlCv}QS4J+R@y zZ^dh7(s)H5_bBiT6M1gMG4fkkMhqkO!Vl=Z$x92^v_-rEZxoD$w2zSjkW zO*)0)I*c%d7U=j*XoQ>J*XW~gjjroT^PA-dp8IJXpNM3d$-py~#LgdBjD34l;w%SH`z^ho_ewQk~C~onVYt#BccnH}M-?PFHr?zV+`| zj0`shPApNzh3I`zcAR+KooK&Aqa>D+Z?yJ!txJ zI9=k&`6|Y2dF|%WqcC@F_|u%BG7>^kOr7u2H=NH_-YmRYa}7P0Erq$jTr_G1@tQq( z^y6|m#Fc9Zg1{(;#&NUoK2O{Yw(DcyY4Mu1lW8+2tE4gRe%9Nh3%UU&I?Cgg9hEeR z*a0_=JACx%EaH75!ng!9LN5Fv@8X)_brKOI2O)(UE#z*>z*^Pzj2HDbq^Y0(Tr?s$80MpPXgmMC61GTET>z z48)p3z53<2A9?QIrTK2}pc`N=h1~3rYJCZ5Cp&jPBRAI4ZPz$QFTl&P^s;~CWIO!E zQ^?XLbl>Clk%ouRAdwm+@L3J7fU%D@QMaX+StPBEdDMi=hUM@QHq40M+Q|3Vw8T$t zps)9&@lR&s<&4&XqW4-H_?YUN_hx8^Sr#RqBRafFD54hA6|MV9XG!!ZbO*X86&hE| z3}Hfux^{#^Q;{6So^T_+jJ39tLf!8`oU8$Vi(=jJHR6x4AD@jHxv(bv6=1p6v z`d)ecnCS7QBLozAc2tE(SGNAvSh5=sC0-%=^qln6GP@?)drw2XbO#!DT^7 z+J!Do_F|>du?-oXU02Chc5C2BPTvdnJfbeagUJcJOBk#jHVpC1(V)S0b_GF_G6xb4zw$Qh@T%vCqR_yC zEP!5p-1JqRJP@%GlB1qZoxiWzkset7U5;~huF$cFKf;21%yl>`usfh^flZc$_stmZ zTl*Md$gN$2RJSg0>-4yO@ZqT1FH@ecDA5bCKV?O2|8aERhy1!o-OMtH*T*oWjnoJ} zrD(f~3P`hxPHP`y8Fm~w^%2&TOuHcyZj@P5QTQ(Wn73*Bs;FRkJ%QvbSdO0^Vu{Ji zUCv%Q{~_`yP+sA!T`r*w=dALutX?*2bk}Rj^jx287ed`NRc=a12uDxziKEd-7@L>d zX^>MVk5&gLF!7-?oGJ-M6vZm_QF;feOM=eqR)27E;6z6Y;t>{C@B6rZUmr=TvNLZS zM{`Qkx7i-ChLc))X_wrVC7Uj zDp~ZP{!U=%kfdk~OaPx^4?3(-avCj^(;&I$^GsXkXMC)054>O64CSIT-C;<8Y$kYo zYqPE}atxEqgS?pPQLbsY+CYS}t_sW_DaUy6;UGu2vK z>vu#nOUhRyDXd83_s&Ukp*LR{0~9FkTe*>b1hxs42KnT=cH?>Oy{7Pt-)7|@`gG2# zO(c#)0%-s*n7E=0fo5L#^(x1MVQ5m89{zes1t0qcoNuE z#uwMOC&m~r8!-cjsMbro;RUf5rjejYk7V3bgS>jFP1z{|Rvx~> zlpSKiwewkY&$M|xxYbjal!+f$FJKHTAAQsnCX)HgRx~LnSL13DK z!^&glxozkQoyKRf02t*Pgyb-FU+@x<=Hue1fB-bTMDRY4&iE}5R9pJCZ)xGPWQ0GO z8I4BFf@PE~f8UUUD41CP0^1icS-PqnL(qP<^Ftu&xg1}>WYozko=U4(o*`x;W}`Gg zf`u}^;Ll^?MJWAl0WP_9FOTedZ3+|hwBD-Ry#B6oTVVl{6Hhu(@%o(-BpS`YmqNKg z+AowNYwPS)-$2L;34^`BlKx96^+X+y_w;_jO~q&z%I2CQRuwi2;D_hR(}+Sa1Kv5^ zfxh>#C$=mZRLieQvTUJ!;2RFAH&z1c-jnl~aiuf$98${;>Jzx`*s%xlj4B}9V|dfM z3^IVmLi*3h$T(a?9dof;8d4{glraXKW=aCQspW#{wTF~W+7b1C(8~_nre$K>(A}%; z#pZw_Q2X;m&rL}2{kfRStdUG!b`*SZA%gju#-XT#VqU-;H-v!p&=7%d39 z;Z%vAC`$6$6?cIqyY)8aSv##kpmDaoHxvzFo>83sYlzCQ_(6CArebJ|6v5AJ{nmkl zA<7^=tan%$9U@J*11PdN_^#A zKE;AwBTCcq(GGadf+0Jn9~8(KZ;nswvLUe&%M_rCaS}2_%vFPNN>Q05GQ;3QBmiMa z!X&R5Qdl1`c`(BhriBLSr|yfxWveM4{S3tJhL{KqNB2C0(rK)2oUjP_vy%LCG!fzO zfWiU?Iubb~U;iN;yjz3s6K_kn$2=Zj@-83Gwvt7mgSe3ND_(cIxy;v3_`&ld$YeM`(J)xpm2FzpL)Cd zUSg;^51Q%uI+m|ombAx*?Xw|0Gy4nVAf!ezR~6i3Lt#%QTIzN&%hjZY-Y$`PI=GKm z8IRAJ_!ySx>e)ZMg9$Dl+br18X~3h^!DR2MsNIKhYu?Zyo%xPx;%(8mhJ>s27x{pmG8LlmR>w(=8(Ub-#)$QF667WK-?q| z2uzxdbmJ&|Atz^FqWCIiQBI!=-faf*b2>k|oaA2n(wPxDkzv{%9UhOT6o!{ryq>x*O$tBU@FBBA<#Pwgm=3B5Ufd0p!d9xET{adBp=^7IjIo;&=hmT{t;%4IAwnk(MCFpAH{$r&gM?` zP0)*XzBNZWl|Qg=0XKSqFteQFb=o&}MP1>C6{2(KSK{h^o&JtjQmj z;J42%kl*c~^FOWb-S@VF-Y{68XsR#8)DkHcKVPthH$>dD30QrpMOMkKvaho)n2#p_pY5MNB)?^^ z2v9ulc#NcI9&PD=ubY19Uw553Raad7WI@l@d$#=Q$sHY@Y^yyd2$(R#%23d zyCYW2NgM)Rh%Zw=3Q7B;b3G?to^v#+Hfvx4vSCf)M@{ibVmK3uFOFq$=f*wRW%2m-afxozi?-+Pi;@)b2^ttkI-Z~q!|FwTD z8!rB%ba#)1nQGaV$2>i4Ptz^GkV6fZ(ECKL8y;dx)`Klhm1wV~=A&@`LPJ*=T;cFA|TZr+rvX z#i7)nQn{vraL>i4o}+9$rbsq7$Jdt~PgnJ^s=Rxv6KNTp*D+%sp>cbA9e*l!ej%pF zJ*I1uR)rjZJsy#MDonPIY^1w+`cC(K#CjcqV3T3#Fb?C#*dCMn!ezWH-ltS$DytrFF;~B;^w~By;kw)U~bX zG&fW#z1B0{jv2x=GCU6TaH~IiB;&G`Q_Lo4$iIhCayc6{>UezL^NO^Atq_&TUGe)bs&!Ojn z(l*vVyg#V_?$7#tmQi$1F|}H*nqSy}sW@4o5ZyKFiDDm_wnQ2Mzi~?Uydz=xssurG zUkG+J=-YR%@AAQ?O%>B_N7%tU{WRSfa$PX5j2BMCX?K^tYEQU5^=R!gH*L!jN1{DO zQZm^1n3IXQwcxl*801WE0MRu6MfKch6sNhf=4_8f_XR=#%|d*y&_;S4)#ns#ru^ja zpicE_afYeA3=+XgPG!#`r;f1@<#R;ecT~ssc|qUb+2mV?T4$?<7-+BXfZokVo%M96 zN?bTQhy8fQ`u39n=8=S4T0Cljb|>yoO_+vnSF1nO z-h0>q-=^85y+BRyj#ni?XO<8PZpp*;4G(F!3YM-Rx5az)6hV~E`7QT;V&@~l*NqVd zb~@`_C3>$Hne}g=42GHYBqwBC1Z;4NzIkEc1 zbeYpARWYKBPPR`Y-qT!n>}rNcrq+J1VI^v74g?M$r+1~&nr*C~zHKCUy#kqvR>Y9G z&V;`qfeA^2CIM~3@@g3Js7~Ly;;DItfeW6Q43S6{eZ}Jz3yrcv+z^(dwbFsJFdK-p z<=A{OCvz!5Jg(IXlk9JDZJJ|n+w+cXPv>T}6*0C=w8Z)idMl>3ffWklYzT(8ND~FH zxLh(Kv9UfVd)%y-eY@3`!K52Vz?DgwWAobn_jiu@+n~2I$M}<; ziCE1P*dXForvg%htW<0X&0-FP)DZb^ofB0$>6dKEx?hW}(IOx0Ivz;dB@sil`S*h5I~euuSU8a+vmBnn2V z1uwQBOa(|aj32!o)UIPeSp4XfMaoWdd27?sg2I9?Cw_IEwCHN@TS`44g<%EOQ zS7oe2>WqOx_-HvFaMG6j&e^C6HiIo3(lGeTFMaaK-B1H)F^NEzBPPjSKWpxra23K_# zm-6{aA`nC$27GKKM8JrlUr@%I%5#v2Z%7{=e-I2CSsi};5IY_Yi5x)>SqwxxvRObN zl^EM74kENPlS^{}syZ?K#N>H~)ARB9o{GWa@9WE7zjl2)c6!%&y5M>0101_$@TKb1 z%ama?mJ)tS-iQi@zMi)}@0mW`xFrMgGcV@xWvbZ(lWsY`RwyiYtM-o&@f~(iQF)Y} z6bDXJpX~*Tl#Ar-QeoKw_IFCfP%S8DHV{M;&T&#u-&82mTMv)Na;hOrf##V*i9R9g zRoF}!D#}_yI;!^UX}B?&^2Cs;+%&%A}vMD}Fkhsu%A zCq1bAVU%R%rx8^xW$F^5)HkEe5X?0v&$a8N|KAk=}pfP1b$`D(Tv8tmN%e4H6 zU>RpO6Ujj%M$!t!JhYT2NK+{SwuYE0Os`4<8o@={zhie5t~4O*dN2_(x)VfRWIIK%M^$;P!- zRohO>=qP0dzN3d18R4IBp>;u{r2lLc!CxMVZKx!RaGCDNA75I|nrEzjvk4P3CZ#nu z{ix*a-rEAtHl-jVDc*6R%|ay0uqhe`L4UK&9&aQq1GF#kRoAZ;C($YV9WCmYIPRnh zTdGvA(>{qnX$~Kp*VcF-#icPz8IL&!SKx<@drf>guJ99Bvid<`f!zy5IHD-=m3Q$f z7~&1nh=erf^iJ5fh($ZQg~cWd>cL#r)>{(%8#GjYw)DCL!&0C})4YU}OA@f?=%EC= zK`%UKV85&&F_if`U4+_9GpW*{PKw(-djSWnY`&7@kot+S9#WhrXG9e{AXZwZIT025 z(Ew#{O*4Nn8=RbJ5KgQ^jx21TBxiz?z1ttFe9lV$(#W(D*T#V1mr#>K0oNe=L56Y$I(LhY zYs}BZk~hnsXp$>V7ZVTVg9A5>u>` zP&`W~6izNFSt0`!-2nPg&5FKHgIe}piP(|#OEOWsZ*N=Al)RR$GYUNm#vn<=+f$%u-SILA|FvBo{vaoDJ*%6e5fM?i6>H? z>kDuG3}cyO%B_)Q*r}}F5)$DD=`m8inGx0T4ATiWmO{f0=5ihqT@d*$BUIp{OQr}9 znbg$EL&UyhYh?)W; zviG6`Mp{xjpN-Xkea=K*zA_erqPexzm$E*+!p3TJRLN3cB?m-3QHD@TfhYZPV|2ip z`})XQw;>Kk%?w=%VHnt!V1+kYVpx6BpJoS1Ca1PNUq)0|it1Hma|Vxwg%rC|XG3no zg=zZ+sYcFE?}ANt28&$Dt>>yqEfJ%_*_T2Qu1W4HzDhQkE7z8{VOdJfVdEQP)tiKG zW0w3=g%W{_2dUvedpgc=(?bPUEH6pwhLR#LYrEq|>Qz)&*6fWeu~;f;-V;O?bJ`nj{&*ZaHFg0#fU`8fg&?o!Y9=r=@r07XA8ClM!mOScw;ob z9{x8%|_iH;tycLu908h}W_5he9SLtdcE7H~lCV@0hS4;c$YZ zy>Q-uU_iPjuSR%r9)*3IESm0#^QMTY1NU-U!g7jcW{hA%K@8vC4~cAypy19pv^Q6l zBq>4{#3Z&MYO%|>{oQG87q8L9lr_Ad+g&Hd6d8$k8u_?B(zL~{!_}$2t4Ul}g}vHu zzi$~6O9(a_4HhLpjOQ?R1V@N&qU#GSC#gGhiMq2A9L26n0Zf!N(Lxbot&K;IOk!h=5Dco)PAOs^JOk2e!2^Hjetih57Be?E6M7588mZ;# zqXCXa>5}}&k)^`7pO{!PVY|l5rem=utzn|HMd5{rQFO>{?W6`L2;?~H)xUywzIVDV|&>AyP8j^q9 zVFrEP&5o2t*hui)A9dsdrrzCArH?~kja*ehi7C826u!u!1+>X#Vy%y1L^FuG0sn=t zvDTtn06HUd0ZgukXz}Z$T<;@FJ_4mD%GfQf*arIeIF5PBO!^;^9>>vryc8??LMJ5s z0XtMkMoTFcYNgPw5ZzL5KX$bwK~ghehVji_6*N87F=R+0?J1HfzqZsTh<-E<#LhjP z>DC2GHk~3BA{yl#u4Fz!Ch})%1$_xTiJNL-YTJ!SQ5{vm{KQ==)d&}iV>>bg=2qdc zBwfh*as-F*jnp_|bk(-`Y&8O;Z*clz0tJ4?u=kd8qi!(!B_4Uov$fg1I2I7mVBg4b z6gCx|i*qxW{%cCmBon1203unRUvNF1y9OqsOA>`*EV3?dRvw`Ns1*@QmHm2fkYPdL z#heXI5ejn;8;s-Vc!E@XU<%5~whAkL9ZU##!1+N`;GBIcAe4%~Op$c9|EAslMP7F= zj83$Ue(Z3B%O$!|O6z!#HBqM%MnAp8TW!cXNW26^_X441Qs-t(xItrGBOGSPI1E96 zSYbn`Sf^;;RcVVJ@QK+-+`%*x54$9nJv)K?55^eJ+UqF0-y+%)9~ z?dXK@yFi6!FseR*fsv|$wxHD5ox&kiP#$~bL8qcFjqchl6cocbm~%E()JW~XSkQ`J z=ofXwWe`;%OwB}`oS-}1H&yOGC-pqE$K%Pt+1}YA^aKHl>J~8`;2E_S=XovoO%RWg zCMMeCfe1G>7kmW=T{4|b0}o4X!{%z(;@&6%E4S#@_-;6!6hdK;2j<4Ux18z3wux)# zifnb~?cA^C*2RUdL#vM{X<{#`C$r+EDLXIgKkso7-(7=<5%4^Gr~l=}a~e&RxjU}M znXw}f42m(-I2`)xA1aRdbxcrFQOWFRfOs*2(ZT6ZS2uE9-o9vUB7o1j1i9;OqBRl< znS0Bnz~QRBX%|i_!L{qnlPSN#)GgS)4*Ygjn6bXJ_MlaNU!{Q52P+ zo0pUmr50#TQWS7D+*o4-C5abq^qk|LtvQ;Eh6jND0Dc*DOZ@uA3qn#m%Y2wp8eUy+8A*9n^t zh{h*MQ!4w2Vf;)Yx2i1z#Z-sqXV-zF1aB?;Y@44(tJ%e~moLo%b6pp9a@I^Be;vA6 z&|AzIs!VwzC}W-rj#3`&IBB28Y}9=BcHQIyaDr<>npuVxs2QoB711n&VjL1a<`6F{MmQ`?G#mADW#ZY_6`aZf zm_huJXgNk8!KLCtFoZAU@!$!MHRtRlFsHk~l3v}RbKot(e4+`_x-*#0fn-#lYH{tH zi`*aMnB><-%A*;3j9RFffubB49p!-Rd-_;^&Y`10I23+Nc|xLSdRTVQC9`c&4VR!L zje;px88g#)dIn~cBQW7}45z4NYc&kJB?wC5E3UBa)`lO-&f|QqcLkZ_Kvo8+X_%mf zDPOhp&h2>5%*!@hLxl)2KK(S-@6l!tWj&oNLK2@)Z1LV&NWqX)* zTom=6BZ}iNb_`y__A<1{G&M>kN=|Po3-R~t#S6tSIfSw> zDE&(2hPq64rmqh({ECbL10_sFwrb{fSCsb_M?=w@EYu*VnD$FDjr5U#?8br<3vIJP zl42DK@;S4wg%YY2T6iZ)$q|xq1KftPUS@v?*ubz!?dTG|0=yvSxq`FH@1MlI(^B5I zyUnFN?s@$-9~PLser2~;3#3TXp+A$`_zRQTef~jsZz5KtfVYEgNO4hd;B?HaWV9_! zhmu;%&dCWv(u`Ysc`hzKcjk42FoaB+I;M&^YaAr5X$PxtX#hm>x8=N+nSZG`?*U<=pXh?kQGVsX zqoAXTjtB{6jRg)ZryKiVRc)Eqs1K9uN(mHB5VgkU1l1=TaRy7_M!wtJqKs!%NU-E` zUx0&qJa)L=K>AA|aff$9)4?^iwsX?qcF+l{>P60Io2F-^ro3i+ld~^FkXXRy&(_r6jCT`9d1cX1^FaYCe+G}YS*8e(-KD{hb_H+KORVJ&s(PF!N_le9#&vAbv>jPX=DpWTCujgWouT3Qw_7Q_bti<4WSKnus0kb zY-^CXLJ6Ew%gRqaY)s)N`@ckrfk(eVYlHE7?=#s>l;2c^Y!>^OTM?-)0!R_la=n^r zkryL>t!ibh_Bhe>c|83gM>a6~a{OX`TAWkdQz($WC_4XEPXW%Qw>%Dq=Oh(_&tDSA z$H$Zs0HZNd--;yprRk*857Zq%FsLu|L1Oa&A%h;CvVsxFV~{YAU%`}Yrfm|(l;+U& zP?&btVb0FcupH}^Ob+%T6*NNVs@WAm7ykb_(}ECL%^$+5YuIkdGanql#X zzBl)m7P}AZSuyR1y}_0`?s_9s;hwx_)-;~Cs6Ch9K@cK*9?)RjAS5L%TNpMlqaAG) zSW&YGqO(>1^c?k*TJR;vvA3LZ9H-BW9oXfN(N@qscl)F^N3WkwD~GY69TXo`GPG)C zdMpEHzI%ee{AIUf$jk*-#Rmg*uLo@n*p$)wSh`O{raQkR$U3AO<{4BmLV#Vw-dm^EQ!MtRz-velHL)# z+HLL!yM$x94hUB$Iq|LnCX=C2J60-etcw-uxQ$$%>C0Po2T`=#$wrb`3-A~#M6nF3 zQ3+KDZ60yRcG)gOK>4q^Y}$XD%RUF^vNh{y&Jf}iY=tn|Lp3p&C>o3j!e|u< zF}tT?SORHPuNVKR=tLb%4Y0JatfXS9TvpjO4ITkv)rYxa%fy(Z6gH~zypAa0;aoIe zcZ2*}ErMImuA^+*&UCa)cm9hfIJsOlqmMUMbpPL`u}5?@d0I_XEWuXGa3e7G^?yrY zzW~bvoA@+2;%8&i5+kU1=T`oq_DG0gRfQv}+%+SkY}l$wzB@9$Trbq4tj;&F3SSo| zQ>Z6m8C@fpz-y}_BUan!=t2&Qq@{y%7rX7<5dyWDnU~V7*i6Ws^iq+Z6X7dx<5BHV zedMPqrdg@i{J_gG22z%=bR)tu!{zrCt5`rbAn#@2Bjii)&C(xOqSF||1*Ior1tF0k zhU-grit?7I67%)>Ag%F(BUv7J?vf+a^EE}>iOaqou2Z4knoOC5{Ne%xFm<#cs6}l0 zsy%Ce9_lW##L+|!IV|&-*%)5RSg0bIhxAo&y{_rfB9_yH&$lHN&F>Mp?Ab!kXlmr^ z?l#X(iM@DWkL$1Xc_>yU<#wP^z4KFUa2T@`cEKqPrxCRUiI!0FV>~gn9ELlE+JWrQ zUrc_}w*N-K%jiOnPM5m?VV8@SUD7x91;OIm@FGZNEaKQ6X#X_-pE~1%sz!c4rW!vX=!?W3| zkI~og*cWmm<9$J$x2mhN#O1-Kk4N<^Yr3i}RgF;_q-5}lWFT>R-rSmM-B1Ulge76_ zVk*!-=dhZu&_?s;ls#b!{zKM}o*~C6x{N@z?kvCg*BrL48_4tiHHYnc0_w_kraYJ# zSxL%Ii}Z&%H3unat1xRQNf2SZ5SDr)!9yHV`}EDcZVnr1hYUs6dJX@9hU}3Q{ zd9+PHD*0sqhqO87a1UM-zdXG{lF7{T%&K$z&QA1n{Tn7_Z+r}~sN38nEF*S9NTCEOr;5*ZY90B(O#G|P= zld8j?J7DIU^@#pxY>H0AGQgdjYiyE+@RU-^I`UnGveWRT(&cxUE>j^w+6SMQozs78g*&rwQN) z_V?WNzwFO`4gY_(Kid++?3>k={K=g$EUvAIXs#6XBjS!fw_+Sqz=TFR2j~FN4rb8Ws}*-6h0K~&t3!B>p@2Bh~FM~UzX~_ zO|0REnfb-E z;@Jz&D9@B2gNKr~rmA&8z=*9K^Tx;#4MVz)Bb!=UG#9OqbiI{G8N7tbMqUIi4Xrxc z_0dC^GR5&raOh|ff_;Nl)H)W`J8T5wg2@8PBdC5hmYeoT>CsLc?w^(fclX-Il>nhl zh}G3NFPWN|hm|YavSJ&v{z^d8ZiyM?lU~2;`W94`D~958p=1JVgJN@LVCo-}UN1o= zsxvbtwWaoEH8I~c<#4R6E9y<__j#Hzrn2Q^2;K&mmmscTWvoTCr%`@Ltjp#{A91?A zXTU@jNl|Mtz7P;fcB5K>5d!w4B*DR+nKcHh-x#FNh_$~~t+9Afd^;I8Bdolx8*`to_j@T`tFWqq$YQ=$@=9ziG-{jdlJ8nC z9QNaasYi#E-~-@a!|O|tU1wi150_LjywRrmHZkkZXbiNinMJlOW53IGWBSi;Invxw z#Be9GazJc10aF~njxmz{R;&dsNI7zmWLHVv#Zd{jgV(>Pg?^Co96c@N2>nM@bvarI{VKK49JZzR2@BJI?ZyWGICl7CNwSjibJsg`?&K-_l8Qoc zYwB^`em^Q3Mp3-JV^F+EK@MNIm|Em>kg`IBEWaa5D1nkpJ#s|6Ch!Ga0@B(Xu+)-J z76R|ld$y@0&1z&^tFEdlmpj|$u}b@z<16q14vyI~4c?z8j%k0~qIC>x#L9m|xIRdU zAn!mifmhxK@>VH=!4dO7;M=W7)*lkc%ZI?mRQF5Q-JDMZ zrz-O^^R^wVH0OqP3rt~613MsneNW7SPFQcoMt zV3|?MWaV+g=KRF6LUAEU3$3uD39#_)HL?!8D9#-`K~U~wkE4(B<8AC7Z_z0jtlF^z z925M05d{vd+MGIaD{21feekTbrIhlXA%+|ag$!bjRS;6`=?nEdLp(xt-#8CbUNu!> z4G=KvW8+r0c(mvK|1N1AWc@*xF=9cMTmA&xuDulpad_?@z)@=oeFUaDicuFneL{?Z z&-_`Q!MIwOtx9}pz9jDo{4xZkfjsNEt+3xnBbNIoSR7vMq8EsWF?tA75*1_0Oad8s z38$Y`3d-Urj=cSl$*seLHxuQpWjC~>oY-Zch?i|Uh_v6x=s&v006f#z{~#@RXHtN6dJ4Tl^)v4HOAudb&$`USdN|>7(OE@JjiD@@UBW=!PTd zNw#b@+6;_B(v_%1NhJv_h?Htqz^>a^PkxITIxy%sfXNFSa=q6`$7M=Go*MHZ%`E~E zLR}c|k)CErOIkI;R>FOyoqQokRRkt5A$Jn+_Xon%D$Y?6xIq&$$L}k2!8!K4b^&u5awFu5 z>c;<~?JdKqeBbU*x*H^=m5@e4xov}V^UG!15WGPov=ko|+DywuN#r)M<88Qxsb2y^z9d*{9G5djSh71@v zu*(AWufRaF=abYYBhPV`MaWW(jh#RJ_rHxd99>fyIFq1#r(dm<7_cR+`OEjUf#t$R z_CXQf1e<|Emj9#qg%cUHhZXth@>@a0dyW)F=Xjv5d@`>(YT)M)HH7t zrCLa+n94kn@~5p9YrBs#repQpuVr;l%*$jnu(%CwZvHI~gy6 zZNHkklZ`MjEQ8ka^Z%@1HkvBYK5~D#u^7OX+XpHIisc$E*otgJq&-k{2Y@AEyU)!> zuzXr-92zQe6ohh;90Bqal-}9Y_I*0J#0XKd401_8NJw&nGIL*I6<&w+nN#?xzHJ!uu9GVXKT=grT`d2d*8~b9L{hoLp~U+Ps*fBrIkDeHLwam023r#Fm}Ngl z+nd4sDT~h&H?kwlAm26TBm6_Og#^bn^08MDRUK|F@XA;YKn+rtoe?L!M1>#j;;K_; z=+$>%S*qJmkb1x1>;@xUb=QCBj&_jN1XCh4EQ6klTZ6~T$^Ue@$5^_wSos$-m`nBw z7fPz;hJfl8G<*??STnN#zFnJ_*MfS2%OoLQ&j$K(g} z2r>B7y$mS&-|q65&96eluyBqGP`QaaxKknCLM&02l2UXwOCI`XRYtaBK&ImeC-{2|<7S^aUFZq}l&dV~2nm%UUfe5wy6y4G}(Q zT~Sf+o>D0H&eRw9Dt=SsgnW4iP2caV=cDl6Zse~{1R@K*Sw)27;9|AE_cQCLa0*~u zf*>h8Ggn5LQVRS|65r$;^`Ec;-Wduggovr-xI;ysSYTS&Ym4ji7LS6V#w^%B-`ttKZE+$ zB_IA{z8&pwc}-QA%Fp-7d4IQUL!-P4Y5@m-EZEsW6ZL!63yf0+fihCG4SdqvuSH|} zCOk=R8hprPbNK^p^M7%21=c{Z>ye-}(7%g9BM%01m&8SKao^)~zOf0j^5U+U zg99gizPGcg7kQ}C*V`48ytM7iuz#tVz{=H&Zp%I?d5%7m_mG5Kk8`g3 z;|txX(hnW}@6t%ctk5~%GR4R=!E#w11bdW{qG;cPmfNNwzvZ#eh%OicY`MiK<**9}90nh?*>eg2#XyAkKc1_FID@}!56x3+C-rj~7nYji4dpC0GXu4*GO)ex zM-=~b)09~00^POL;wl8KB5)SilLA5;TV2FLRe(SZSTOKfaZ&|NK>%ATNHbfai=g9T zK8v~*vjHt8qt7ZLE`)Qxj?1y(e>da)Qutk)VSzan(eFG|23M^o$qPQCj<~`VG`+uI zUf$*`#nhhH3IBFiX#i^pMMCR6&;T}^WvN9=jSN)`FAkYhxqjXj^U{EIFN=L9IZXZu zkzrhizD6sWHU&kPz^aWwUaATDzd0f5SEnM4UWH81dSKEbQKDShoY~=$N{oQC5fQzV z;(sLv^8bG$2k?P{CHzTYxiuT~FzEQ91B$%MSG}>g$)N#()crE($J*5)OqPF@g@4xD zcP^f^G`VEQKlW(lbpKXX?yuUJ>*g&KL5k~$3W-|coxIFJ)Tf?*+)y1u}~)dige zR|K}Y&@afKWOzV@serOUPDz>jf58lVz^C^r@Er_cx{og&eJ6*rDwq)aiW*UXbqKTS z9D)8*InUKpho!RPieWj*P4e3e(5Q+*2YN871f==qt!0}`30d1T)G}g#C!^4Zk-jgZ zvmkCGR_$|_c>y!>Kyr-~tYSb1o)*g|Aol?`Kg00pqKFu5aq?< zI1VCBv4LS+)rK2M%(RVE|ocQ7y$_PceL7 z&X=zo|)=!5lpPB#_rfzlF?Mwon%WEq~F@;?iht@U3cJuE+J|g(jAkTIm9C#`?z=# zf3c*=^7mv8zU_T~Qt=MzQ%o$BMG7D|FinzbLD?k&7}$J)Y?Q!_KN^T?O;O=Y=-9enq$`HtJlu;SU9n z94ax54TBIc00LQbrqR&`r4oskJnTbKP#7#q6O_jAquD!TnFxa4j1}WBXuko=-AaaCjM&%XUzHUYQQ!cua$m#wF&Q` z&~Aql64Bg~gEfxMMbc5)%I(n6vF?5BQHSTl$>jWYfVu=Tuo>$Uv`#n#I0t?tpIqdA zkus$u(WlS@mQ)PG%_0yWos_0+`lB}E03#OTc#gCUmV_U2vbtko(UJl~j*07s`{D;j z^Lh9$Wza4VASw9^w0t8ahU>|aY-1SvHe!aukH*36@ea&V!nbh1Ycu=vk3W&fvZm;S z0=@`Ze52$?$Gc1%fyMOoeF|K3;>>Ro(I=07M~6M`gO1zee3o3-8NVN>7#v&qn0Tdm zU+h}TQXdj=tQQEKzMCyT1Bb+<1+6Vm*C?`9&G|44olZuiZDj|w*5tt?6HR@T2r&(V zp+AsYG?1`uj%qs0MexrlNNrQ+BZh=E3*D@d>WYb?*R zyF6!hi8KP@Gp4;LKpDZJRfuW+(HwOEt&x^0L@C+%y)l4?s_HJkXh~NoGUSu^s9fNe zF_h3G32=w%$o`&CeSBm!HZ!;^Ye*C22C%H?$p|Y51X5$i)ADIH()Xy!zcN73FVOI0 z0sUD*B8|6%cx0Ai--A|&1sgl3d5{S%f^Dq(#rZF!lOQPI{wO?J6{`4 zN1YIh4G8@#QY6p0cKtiaPsBx=M+0Q_O1}QFjI`G43iRf`lw<7iX4W-HP zi`ZPOWPHuV%QN%>;mU*iLhQAsp>F=w{RT>9O`5$GHUDZ!m=QmeWUkp{c3m8n@}cVR zYSx7kfNY}=t!ROsZv0s9vm_(rp;n=B$sq1oZrZZ@?tU2LtEzRh1kv*K8RuyxU`OLC zk^KiTTiVPpSos}Fv?(bLzfUFOWS|@iI9_0h<~coL<1W|lj|fCappjfd?@zFVc-;7! z#_2B@X^tvkLJrp>$BlSi6RrnwVpK%8ph%AAV&qdg7ALon*5%>WRg;0Y?k`m5RlAJ- zK#S2zr}vJq*m6`nJ@><)e<#?fy$@+%$Pmrv;YGs2y{YsW-$(?Du6z2 zN+Ps-!2}RjV(be(qH%beT(0w*d=qm^Z z0SLbV$AXXz(m=a8FFoa!kLr7dGDKO=(TSSm=R3ZoaK25_4=%sO-0(wMQ|eAbR6!@o z&O&$VqvUtbl`T!{CHl^Xr;^o&XL>C!K7H;QLJn{~lM!pNwH=_YG!S}jlGkiRxLi7} zpPhj5MdUper+ubsx-nu{Sw0UN$-BYfJbaLi%%d-d173_!Ibq3ypIiAFln7GUBQhZy zjC3UUZ+aDj-DyNt2&{|iIgWLso&)XjR$d94SGbsR& z5kur3y3TrXX1!4GvUg&Wmv;ZWP@ZhfvhYBl#p`6<_;j~Yv-A|&`c|TuLnI9*EI{fw zt&v1+J|h(_uKx>JsskA}j83qSy$(erq`A-p*Cts|ZjJ>J9&V}nw49w643(S@f{k4z zp5&MA&{$-AI(Act49)#Hgt}M!*n&w1E7!_!Zt<{}xOJmZXHO^h3rAiCVIVUeaM%uH zF~*dA0TJoip|)~)oQEizK4Lu^5$=Q6rziK*N1I$cIs}WQXDxiLTaL$kZJKf(&p2!7 z%LI~*<8F!9_1GLEh;7j)*PBO!Vm$6#7i&O|(ENP=z^eOZL(|y$W%^{6%?(Q;8KjNT z!Gkaqfcjl_#}l}Z$;SUKV2bZQuqhGpA&?t^1P?lZhIy3rk0w8UGijAP-tNtqQZf7y ze~FUBC^yw!_8VE1X=geY8i%34ClHG&kSl-TPb!pG>_gB;rwzvBn0cN{l0(`hLAT13 z^SXgX`j6b)9F9Hkt^r3{NBZ~Dn^__loK^$&#a4Ev2?iXGt(h9G=cR}?@@Bq%BR^o2RuhnSnMV4P`nuAu` z2lM8uU@=Sm7^LwZCQQw~Y5n3SODAe6i-;HB^kVC`V_$}t(Bn4+><+xd@`@C2av*mG zfV6x-=#Gw+7D;$Ka_9VEvHi08D|q609vZE(r7agw0HY#{=M{vsr9LE1#(TRpMT=!6 zgTZLZxvfop28v5uj6dH46LB-o=D{;w)3YO4C=Q;^?QrwyPED=b$xY{hX(_A`)0BqS z$LLDIxT-feI!QlsAJXoWDgQK_=P=&wW!caAk(HwL65DBTFM-JMvHo>$|N*EJ|<}~=1^DPn7TL({X!EP_w7p= z#Ut||$<@?XpLBP;g)@FX+25XqW(-pweuj&@0v-6DO!WnD$OP>G+^jz{npa&2)Xz|o zZmMknXpuP@KsV8FXQ?Am$Uka;&-^{}v;KsVVV-&$Sx?h@8SXYIVFN##u@$K#!mFR= zEZA}QJJy|A2f~Cp8Y?cbBU;^luVd#&K8r?lkF{^Rj_4j155IOi9~_@mpQGd3w9f5q zjXVBjSj$Cxv(1SpOkp?}MoWH^N!nUP#uVaDc^P+JqVO>7-u=@#> z!>ROIybrNb!yLi5owOlxG)?pW5q#28Jn7WeQSQ3 zGt_Ip&=0$cL(bx_=aedP>!iCK(h9}I2IcM@TAl+99q7X!((CN)AJdXMZX)DYNi>9@ zEibVYodtjfw0k8lMY1bI=gPW~Wy-e4e9z~O2Nx}7jkYuO^u9#((!)jkUrcz&hCrCT zCeEl4sd3NBUGPHK$V0*LMZ3`~weoAP_se`J<27%m7DreR5WmXd zSCMup0Prn;syG1PZ2;zyJD>^OU>(3`hBozr_*bEhu$hem`D2q z;nNd}VRQ(uUkAnuAKuf2Y`F9r1l_P8?tZdgigHp&#bsn_xYa`F>@(%P~gK-!({5XWv1Qo)^xaURcvND zT;CF38tJ-?D(XLW_tK3#YTX{4TCE?Y0YX`(B|fs-v%!Jjp~O5<2*Seafi1UFw{gX#()rb4+ZO45{~QBKpWJTVH=L! zb*B|i&+hAnky|m3v&!i{Ru-?<(XH#RAyG^kfk8W;O4a^?R8H39;Mn+N2E zvTLU;yqHM&YVEhD3u_gZk8g0 z9TX?UXDv@m`0?|MT!3ahjl;ng-}^r(6VYeY-};h4%0#b&xPKp@OjuwOf%~B1NiUYk zzFHoQ0svU$QI4P&K>xU%{#~0GamY(QUxt0MI&m-ke&u*kxh6lB>br8eov6^+SI{Am zAekmJJSYQb6~akB^>G!3ndO`hmLElE@YPRkUust@eHXjM--fb3N*KLDtVQA!gI5$2-^g1S& zhE#=r*_>3>zpPM};)(#0Q{Dj9y6G~Z`ed^Z8;WB!Bib(iNOwN-Tq#(;lOr-(S(9!f zK$h9)7>@Udi5c{!C>Q~MX_Cod_t)e!Fn4IEL@o7iiSWV^`kb81Y zf`jpu)WPsL(fx+ULhaGl`TJEju9o*Dw8m*OKdBd6>d`2p8Z2OJGf{9M6vBxnn|6^0 z$*+;|2{3^3?C2MR>#!q4OPp=>nwWeu`0}mm*>NzeyxSZEMhSN2SvuXge`Gu^-7~B_AWN z!NC4z0kF1z({IQ_G{OytsYJpedf1QiPgvV~j@$91c?`R-P-1y|W>8!5&|xyQo#7x0 zc$jY6%)wh-1DD@8FEn5Eh~EM-3gEc9CO}haV;`2-^eXtPqa?^czH&eaJJk?9MWj#} z;V{KN+1PW|jl(EtLa(O5AU!xOe||^ynyft2>IIS3A0k6eNYr$|<}?PlLnDuBy>nf~ zrT-}QQ5&)dh`onkx%FeD2?k8CwRl*TCacK{!)<{9B{h;Z9s`a87cGhJhh}N^P8pmP zeT;1j)gmmTD-R9uphRjx4d}XL5^dKZvs?0Fa_cpLqb_RK3IcH_-|qozvl3tIaV=Pe zU5)BW&pUAJP9sr8!A5Ce?6eh_jDE25`5{sn!N0KTG~Viwv}*`QK7w&{?$+a z66VKAO5b^DNZApDDL!Aq6U0SFh(FA*4vLWeJd!6ho@F%78aAyII zL;Mn(d1h59yeOLVbIuCsB?CGP6;~#yTooIE8Hz$(mma{~xwRbUrcXd>xJxK(ab;Dl z_J#Xb!s^5t6pDSJQHV9{`w|SmKD#8p-a~`Q+0G)+TTyRNOAVaLN%y0iUSO>E6Hx6W ze$szXkk}ch-A;F&H?&llAEUA~(_fCj=>p9;!9fE!yW(Hc^i66dk$kDqhiR!;kulg}P0_&;;opduR9Z!Ne7MN}Tjr>GAo>hD-%s=}F+YB0Yl!^8 zY_Be7F$6n6=S`02y#&;BsCXcIU@L{`v}ppyNgL=@DcqxGJilz{b9Pvq$^t$Q$e$GQ z@h7o`e!Cn&8=3|(w6K)=ZCzgN(lGayyRCHJ@x8z9;;CflxeCgD6Z8@~@PM)Z4+zrB zvF=m#W9_K?hqJ^y&rQe6c6R5`aT+$t!m}|f6^p*cYmlr%cju#&6hGN$!1C$?t^E87 z((A?-9X%R`*AL#$J_9IH$;Yp@#^fud$2z5vcZR^`HD)Ig)QD}AL$R`@fA+)0iO}^; z{H>ks4FF=i~z{OmxW&EP$wSb;6qn>N;= zQO+h;62L_%M_592ZYKDy38nhB3DM+#6J=S#2F9T!4No?shmo$f2 zeb(E;Jt#TkoHXhUN5AuP-|N}4qf5mV8?J{Rd7U#FyhdD(PY$7lR*g`^vYsQMx`Hb# zfx6}O?TR;UHVnXb;a(y_w7rhxVG7~FJiMQLe#+kA3@(+d33mu=yMHmufaD%MtdmE$#Y`w}Sw>Pmp(! z{UmUt(X;QoNMqJ_*AC5`7Y51+_6h9m`i}VSH=yKVDDYskK-eNdBtt!pT8nnE087XrOQ0 z{p3EAn2wi&2fP)I13djx7=em%?Gq{UA||M?7u=jYBxrGT?Lze+e%!t~l4u;~ z20W6WVy^Q`7#}EwXA)J9`*13&po`1$GfYJIP#)hj`eiX5RoCK`AR*7(# zXmgMz5J}Feda?#}d@V~3fQjV2gWZ3eu<|*+8*)8l66g1RZQ97wA*oAN*fcAkaf&ZM z$%8js8|knxh`5jRY}CHUaiVUqasQ6o)Vve9>atDFn=SRN1$0*N87$-L9`k zZSL=nb_*1(9b(BImEr=qUtAU(((m@V%Yifq^+P*lH!3kSl*>Eat{bW0TF{Eu@sR0O zUj2Ao-lw|@fG`MI^eS3wrgELpx!Vv}5M$*EO*P&Nx(0F=(g6+za65${QRzbT{KzaZ zqhIo&NS6=!`~7f6^$ISpF(b1op?y}*zSf{U4P2>U^QMM4A=a@}pBs|p%c+s6ELgXuGmGaw$064y*F8mw z*S=97IjK?iQdc595Y5O3js~ zv_qz9jH)?zp)uoZ&}CFOPt3ft;3EFblXd`d@*Y-W;nl0DPke!HJ<6>^O2TU0T$_R; z?jdkxN2V-+i%@?HcZj_`j3EB44H>n>CNbsZp3r{Hic&#@EpN?kUu9vb z^~pBRfHV_i#F+`Ae~N0^Jyld7x_y zr6hhq`K1nh%U+Lqx4mOk`p_l2P|}vi`OpvtnB!a_@TT9?M?NmcH(7E$oDnBW3OSx@ zFLM~~dJ&9J84WE0`(L9_`vXJ19UrvMO6x9178uS*-3YOYv1WDC$ExOA6Y@}tqo}pu z)E@x1MR5_IfN*cv8?`S*pOEH_j+~pT=2hVx>L9~SX-GS~q$c1aFg1#b60&e(eaXM@ zlD**@%s1Ik7dwG8l)=Iz?Z?4t?4zSY=u+Kq_vv$v>CKt%h{EpuT9I+tl}%Jn=sJ2u zPFYfCZ^rdsikdb^cVf3wv}K7aQ0Z8+pJ`PaK^E|{ATg$asPpk&4gO09)M+wttKSSm35B6p8- znqrOzB6ehFBPi)8FrX34IC+oT(W}dNvEQjrllUL2bG5)x5Xji7qrLi&!}*UrXS>6~ z&0CS!>_E;f&4o_XO=oa7lKjOC>l=1cg-#qnM|!rHegEMrFR!c2yW1ZRC?JU?@Y627D>Au6xBs8|n~MwrGF78kce|ncZwro@4vX zxz28u3r6SAJ_^x}VgTPbK+<-Fk~q_`&RWWP;n##65aUyeXE(Yi!AZ{9=(3x&F)n8L z>h#-}u$d{ktTq-kI~ayt=zKgE0-Pbu|HT>dcsoyWF~%?E;b+B(m{5yI@@p_S3vOyy zbbf;;vT%oU!6x=zhnbm9gzP5v|9ZL@lBHF->f7N+YKCZBOFt0aGS?`r~1k>e07uB{2RhESmG+H zR-*x?R2#V<4B)@IN!T3rctD{((7f7UV`&`nPkH)r6pom$`#}Ql@c3W8Q&2cfh{6Q@B$cJrX zAcaJ-&~A0kar_zDo>W*BP?Np#JVKFQuH$hsTs73Q5#$tpLvARZJlxb~&!jq-qBZYv zwYWB3{$bzu#-)1O;qaTXEq7+6srjyPhFI3&Pylsarn?rhnga+{7=P!cfR_2VuKTRq zVeV53nPvTzxO6-vzP`(!tnjS-tqS6;M~g^Uk0edx)YXl7P#3>@k_!CAIEMP0Ee9k{ z6n`piTe!W5VWFk^X&do)?t6K>QatQfSIzS?qUry|VvQ|v8#W3)@$;z5el^v8BUT~>NC;XGd6{U>f2@WdG>UuloAI+1MrWE~VQ|TG!xYXsl+v0~+vqSB3BO!Y^ zO5X7p*wIPM)spllj_*7l_atolmqRI`?k1a2M2zS;V%JGl9)3<{v!5rAjrAN0CM1+Y zZ#HD;qsQ+k6y6X}K5*<5F3}hz$Z5Z<>Oc6}woJHsj>lp#y_&FvrgDDegOY@_;moYJ zGhc&*N`WAurIq^sd8m}@jsPRaXaKocd~I`f9iq?np~R2@o(TYk>GFpK338asBl=S5 z;RS8)!nt^|JJgP_M8ZDsiomfO!Q2FZYDS6BKa@gB7(ePn>42m3|woQ45tdkuveF0mZ%jADgu8jZIo~mr`eX-I%=?J;_+s zrMvV&{HPj7wOo>@ZWGA$TxE)yh+-}*_EHf%HD*z&4BS3}$E)(eYLiry-}zl3yceUq zKcBZQO4aOe>n=O&p|{iY`04SB)06S$M&*o9J8ZGrKGE1FV9@E%^%&5Ec~~Dk%mw?< zLvXeh@~`BqW=}J;U~Ju^8K`d>N7mZg{rD*opL|1M)c*@R=+1bFBd}d8p$?7x;ym!~ zOIyBEz6xkz@!&%Zvc25RclJQ|6$i!0YxXlG?k4C)9tMT>Aby$wGz(xfoTr3^m|6|; zBxsyJwY!=Zh1p;C_+=+S0xPlSXn#f|Oq=$y4wkYwtuaGVLer9KQcakBa*&z;#JUV% zeSUmdc2zxMfAp7IqOOwO*&G+>Wsct!SK7#?e%Tlwsm&kbl_a;|YJx1(E?a#<0yCHB zH~LSRM6=OYDmLEzZY+Q~N}UibTafv?-|RDEB_i`)WG3 zZxGp~weU76s>w9suR$7^3V^_;YnBYs#c*WL6N86ucOB57iu^>@exRfu2@~ol`x8ji zl9X21&_Du0np#40v`x(8en-6Jk-GWtlm^k=VCpsiNhg)0NjT!Uc|)6L5B_f8F!Zm< zJN__Cj{!(5iGH7W3CiM2y5M1~qMqn8>lN(f-6s`ZQ#OdF+@O<##7AFhM0M0@!~&8J z$pIe>Vin@2ioY2}A?hYZg&(}Mka1auA&S?T3MfFb(HX?>&};J#WIwR0+V1e6iOHlS zJp2sAFL&=(@M(g?Y9HEaJQ=?DFchVvG)bheR9la$bQ(IP+&W?x=IpDnd zqo{4Vy8o%U;;{R(`K}MkufZ!IvWTg;RJprtCj>Bjm!+7P`*-`+vr&Pqt)XTAQO`K$ zrkDbdrz{kn?B4Iz(>QgelKmg2)S)msXez~=6}n^x0uFi+DiG6_X;0DZ=|tmKY+c`J zx}6g)r!g^D;5Qi1In#Z5uIn-T^!AL$caFkD1&Z<2v?%`l^74M8xnvQOzHKuyj1e${ zvvJLk7((}R{S7pE9l$_AMpoxWB?=z5PmlVB5vy1 zp{b~+3Fq$IgdRDEsxrm+M#b0RgXyG?6n#M5%j7=K7u%g+h`v%_a2%~#Du#Xa*@SYl zHyHImC$jKiKWs=Kd3MV^uxd>wJ~^BZHs`wM;2qsTfGK`rs3Z<>8Mg zh3W#nlLjdCfc2}N7PlEH;=9U1Il-zghK~T89Ue&5u7LOQT(6lQ=6xcsp*h3UPl{08 z08US`$1{UVLei4sF?UWJAkS}e@WX5589a4>*l@|pX(|!81}2hEq+t-6Ir#opkV%L_ zdE$NfXUkQG)RN*ol38Gu>eG%*mCBZV0rLCyj|QTNZ}lA)2Jq>QM92b8JteC}rg;vJH|%-rvPW9I%Drb;YvR=_;<%4cP` z&m-Fe9e|wA5)kqy%m#M+TpVu{5tZs!+oyGNMvS?TSC7S!Gn#WXS98F-hgpLe@kdrW z&E}@*vNqL{4N_4FNK_@|sku;P2f;eEl|=2Ijf0&6n(35t|2-th?KLDx^H}*mhJe1; z&yWm5D4qBSj8~txa%_}fP}D2SBWf`Ca4Ra$nektzE9sY`GCpV-L9EJxc5IRzf`42) zqf=+Eu5(5w6~8?!;~NO)NBR3aTRFTCp@ba}L9u68`S>WQ+n_z~;<+fT`~3E{D?zO1 z+KhfqK3vK4$4ZmqhFwcWzk_U%3jM#`*>?2gwI% z=0jWFwun^DUjW$r5m~k4BiAVnOR-YlJV@jV5zlo?@UPv@L2uW=(uPpi6=~O}`JDx>+qt5NcsZmEf%T=Tm_sGYuZnChCXQ^Tt@f|%z z-c2@e*N~~{708I8$`ha#1Oc^}^jK`w z*)e&{UmH7>E0S45d*(-a=srqjkYAPl-Oq;+mw1DmgMCl--U9hp93R)hkA*cQ zf9I^~b6`i)XAB`3Zyda-R!ZA39zzt$SCn<9CObZ;2BN9omGkBQ{zf?g(g~k~G7C_FosfRmS zqu})qs7?Q;j``EovPF2%I}F79Iy>N5w8F*T~utcX(O@ zSLz&T3QqTqshuaC0Gv!$$!Nbr_i5^SUe@abDzY}?u$bo9CdsvLP+Pc==XqDmCgL8I z&&VFRq;2A4hWAQnb7V^+`Wp`O49Z~;URr;EhL@YfKiRF9<430vGdl>HI>3m3=5AwceDaP3D249Kyj;Wu9zG4o3J36eC1)oA@J4+`QA}UlZG4AWdi1~9{eg(BCpl2o zsvufz6mw2Sxb_ZUq0jKQGP8mwL^QJo*}E6Q;>j)K#3g&)Z>dxzK@+| z9uzluXWK@L0hlJFXFzz@e{)s=jPDkMK%G7n`^Qut^IY9E=vWTGvus#wyfKDjW4(=k z)jQvK89EY6zwzyMbaDa!qieh#ORdq@(x4a6j7dRV3p3d9ZE*U$_49h^EPXes!4SQT zLxAUsXLM1o(C>Qxfn^@Ka2hqLH~>Z#c+M|I4!BP%oA!QUXKD|i^zG- zrXjkS&S*QuO?V5KDT+TuQU3{DRiN8cFv4F>{zZq(Xha3B}7<`BsmxFMq}YEG~)6ISVm5cR&K_RPgGq#KVibYa*`O};Qy}WH{!(y zLVsz2C4~7oI&iDo3>v`Y>=zlJaljY$%eIIl8+~_?oDlc`X4wa}gsnr_aq6dp{v*Gw zGPvpS%~ZxI8qRj{)A?1S$CJncYlNp5JI&bDSIU;Hh1O(GNxWZ#f+ZQ*aFtu{Gwvi4 z2n$AkGj$AAfvw`Cw;tQ2HERRfOw-cs;mAUX%liGs#a!mfGGghsmb;fn_Jup$moVY+ za?VxB4wv}l2HhWTy&2p%FWQL{?x#18bsro8+&BuMY)Q_bA5ZVX6glX!igQvo!@ZVB z1o#$zRCs+eDze#7rlglltKO`()7kK=+vyl(!L*{PzFV*d;;_fZB$*V(5HIemnxLn_ zA%)KHcrIM}p+Wx>^s;wb*^hN=b0HMBFD zuX%#5ySLLiP$zyT19f|L=^R#eNWArToVWYETpsr(>Xj)BKb=it9g-!2doBClaoqfF ztyvo>xN*BVYA|uTbliqqwz)ZCzV+XAYTfNVRi)r-T|%^p9jm`2^rO%#NyYKojxvtV z9SW#6Nk5Zch_tx$Rk4FNzEwKadR&ekg%Daiy!0KxbUPdn)kSY>Xl-o1r|}||`?hA( z+MN0@v(l*j$L0#LN34-rIGci;6l=A7^C4g5=3B%J!enM2G%aNSWVB&hWaG>#@FlgviPcCJ`paG`^L8d@#ml~0&qYUwWf;3lTF=tHExR2yH_nI^Be%V< zTK?dd0nw|WS#9z9RcZL7b@P~OMuOX|o^0J)MFNkdEz8E8E#R}9+3^ya{?^~4@|W#) zIkefBxM^K@ZcqgwwN|x!2XkN1-RNrRdtlo^rBNCWy}mtyIHw*Pd|cSC z6zk1M!A}z0J6lZl$yca$N!9EMf$F0lo)SL`iYfbjzLl%MTe&~N6aw;CUu(>oXIkh; z;B>mZde4oJw81m>DxOEBOjhR)ya91=o=_idh-I)vqV-&jK+HrK}H>C$d*f5aaK$m+tk zK0l*YMGuif2!`l=u3p_fyQqWcS-xo*mkt-*@ggz2f!v@gn**Rb1-#w#2vCG>Ve;PJ z2;Gi>6$n|GlgZjAZaP~@eBlt?&K{u1jFu4`)Glf|*`hbCh0w%3+1!6*Izhd4Ou%eC zJ8*yy_ftG(U}V(u6inDx2l%xmM=+4Rzw+eI)eadW-aV9NRG2@d=ZtTh!J6vjoFi+~ zlGqE>h(mW}PDvxjy<2HpiM#89Vz!+dTE&C+88*v=HG{4C!g&}pxIyY|`_I%+)Sqka zURznpRVi6Z{4@6YsqNT?1_1zo0m??uF)=8m`sAEASE2PB6)!;KCE83|`?O}#VZya{ zAd=M$?op*6#(?@xGBpJK&G%|CvLwL6-yo>lrQ!TH{TQry@QLEh)z7Wqh*CsFxk4tQh0Js_ER7dPPj ztWA_3cnXA0!bkUKhq&oR#m^IzAdx>%DlvC;Z$Q6Q-G$J-X-B1leLj2;m= zPdbUH|ae`o0XN zihryb_XHtz=BY}7g-Yh93`)B_>lb!kx={#Fyif)ZFZ5|z#fQXc7ENExl15At{%>hGmJWr%ayD&e@`qdO>#z9CXUe%d(warAWtH0RXzZI@8x zDr5+O?qGo+5Xaj#7l!}3gzciY=~voxVtX#s`kTr&WJT6(>aMhx#CSD&A-0cn?v{F%Y&z=MmJQ>0 zc0VOm973qWnD=8+N~8b5V^xBot@N@ou*<^Naro2$iMaYCLtOv1^cj-DofB1gv6lrQ zwy!;T(B>iDGt#u4oWLXw6cPc{nh$@eMtNCasu5yYeyv~l z$~-O;(bG*&!XpTAwh2WR@;v}ZDYQw3;@L7fc>7BwTX~&hcDwbLrq-x(RlokkQ>^;I?@i%|N(vp%c}Ewm)&238J@j!B zz3fOu=P-*X8Q-Du!o`IjQF4+EH(x#-kqb|y^y&A-7GT)k@Q4IW{c+X)zCMFh9tpk? zRbEf&;aN-NWH=dB4(Qz`Z_T6WB<@@Iw?fBw6(Qf>bv5&k0k&89n%gAu-HxOV9 z7iXBKy$*$(;Am2{0bnOF6&sbfg8TcbLN~}9gpo53E6A%IaZtM}dht0k? zR~4BkWV8Zty?&o#r{fb_(4AX|fi@O~v?zuOI6Tb;>fh>B%=({k+oqv(sw~QzdTTuk zBm|SAM8S#AGvKsZI6x+Mw}k%jWvF82^K!eLMSHy2PszDXb?A5aLpP##HX}Gr{}ESi z-Udvj0Cz=*ak>XWUB8Ks-{6@vK)PW9^*k?p1dqs zV7s^g7{UY%hA`mgp5q|AUHH4khnib~igo@~B=_k{UF}^zXYuRLN-&xo~K;cn>wlYkx9Z7`P{# zq?V}c8=R!_B*`|?&%k^I$6LH#Cd(?0IB@q~t?BU70Eex&XYn3IPn!3%!=InSdRL3v z(|(NUvmexnbW*>k)_+Awy)^rL2-HuYSR=uh88pBAIU`?XTy>|OC%4hEoCbEVcCyagx~7FO{tuJ=Cs zsOkZm0Vpa4-=U{TUO<$7d-Tj;t!hjU(5eJ-E;%ON^sYc*zFX#OFYKK4P)JZKRvhG| z!~Em@Mi~32Sdm3%uV93hqMej3V0F=LYuS-pLkceqQP9*_kgw}misx%R<{0>GnueFl zjx-_`j?StVDc=chj(Z{I^!`K4adUB^^15wK;A<;;xRE%rT*zv@zu)@0(<&UfFN^{p z%~Lg|l5G_KT*`rCYP|r%)TEc2Om2Lxi-kFu9IRi_Bwa|}&#ZkGlsY>U#Sx_k=N||0 z$Qt>9dZs;Q;nR>kB z3$p4RRl6s-g3xmik`Hh1yo-RB&tgx;tr)1UluPPBUnLxj2bOKg|2H)N(1G(2tfBZ2 z@R8uBwc1!9l%7%3c2-OAYGq-z3i0LIi~HWYpPo)qevcqkMu|v%lf31`z$&-RzEELO zn0Gn#7Vk&`Jq3q7i*Wb{wU^)Co=hLkUq7FpjhQ}- zI$$<&SJbRsho;^VlxfQg?0gsbn%=I~;s2F*R29ETJ3jCe27jUhuqb~p=1Fh7rmuY( zb4*we*fC95qDob)vX)s9IP)F}jB04@ml9kHMlt6Cj!3!I1ze`d$7PjC3;rU6Or&CF z548iLv8hjhU#6J!n`~)%4JmhW6ig>fKH0Fmi5UiVtoIrC3Xx&aUbAu_0&YpR#P0o+RL7v+c}b8RX;YKO&@7ush_z_z~IXuVsT<0#a3 z|LU|LqmeN9M9YSAmxKF*x{TK^eA!YzB*pPvsc_AkAM@I9*SS`bc)WGt{|lFM_pEfX zS_qk#U+EY({45-sk?RbhY)`8UfGy>+AH3p_QuCM@d_Cd7m#{zkeJGIg5Lm zkLhWVc4CPpQpx^zGI3m@iSpWY_(R~EA{Z&eb!h5#+IZ;M>RXQ^DBxKqQg-}%25KFM zsxb3_o0dL>VEyfWi3wQzoaKR09M-3EfKkha2n*oo%;UpcHfWIecsME~5=(te;Slj_ zsQ(k@y84$yhZ5)a1XjY>kF+6vM}!(s8?(bVvN%*U<+m3fm7x|?#Hza{r9?xc6i4ir zMG|Dkcc~gI#JXhDRYkf0zrUo)+HtCBRkx>mC z#>)O#^~OWlC4kzHpVj|S#3C7D2;}Eh=YJzw7aRytbJPuDD__x>+DV!czroTa`v+ea z+}{?@p`5WqJ-juqFv{%Y3}>UEi-qR2z455Q;NHnLTn>CC+KBlEUR^Rw_4uEwNIwK! zj-wd3bX=PaEZf8Mt~mzgd~brcsxo}89O#?W4cXce+oOg*NM0l5s_~Tk9fJ}fq=-DH zH3rOEZ&J4+%iOyiIuahVoOOuMI$fi^4u31?qCPG)>XWn;?M?h9ofDs(MXs`J5WyQM zq&Zed0|&qEV#1O0aA-Q;SpzR(^N;rHn-^8EXN64)8R`0J4}y?Sbuy8<*&x5uV;wPgea#bPHDq42hrZJIc9lr(NQtL#}|G1*Ag@ z1+cTQ$o|835L{?%-@!cRdBUVK>~?ydU}WQ&5}X2gW7zL=Bma$V*caRT`*-uK5x4#% z!hP^0viA|f%W|Mdfji`>)crC>(kh!!``QnUF`)yAn5zw*s4F7UbPv-#Lh_)PpYeT7 z-<*jKHBweA^vAXzngl!;^pZpwdp6xlE>apYibuf8@ztDA-?*U3OoBb`m2}UmmOra5 zwznC-mA;ROWhvMUE|9se z+R|9j5MZ!dtjRU$Y~lxp{NIZNz(F+RrOQF$veIt~8!_C`HbsO;$>5sp*;-lO` z4fs$%GkcG|clle&t!IWeUk5&vG)*wb@&*A|c5Dxh_cxSBS{e7qK2@~=Xl>vA0C)J3 z!|i!`>)~_BiovXwI9|7tI8_t&7ZbaS5}>g~Tc3b=hYag9^r33 zZ6h%G+*Cs*@SoWaeDXN$RP970g?*O0X^O!Fvt>0dM1avtiVeK28V_QZP%jcM=+gRJ zm*(900TbU%N78jWHxRnq5PNH4)|>ywp6tGO_)J!HMMn-;nkK!ZsLEnx<|P4K8XaEM zgG)wCEOA+tw)8d20Rj5_{VeTz_L%Bk+zbQbxf&EcL<_kDCEr3>m$(|Y8Emx}-P!^Y z=vF}Y7R?){i3>|E^+Rl}Bm4arV{^IQ$0KmL;>?}|Zkx4RC$1&-2sTYu^IKnWo80Pe z8cFK4uUoET?Dvy?C`yqR~DQOwv@ry+Cxza1;56#EFD5(=*hH}6?p%A-1E;>1B=(gyVy49M1>qVebG@xot5 zGIznCp(5ya)D)@|j+nr42ZvH~oITywhunjdCAZZ!hrOuB&9k)-evjM1=WEwI4=s;z zF7E&$`@?LZdi+u5AaqVvtmDS#8DlRam!XuE2JN%V5QYrFlPyqz^(m7<|0$t7MB`39 zs#c7Z1(qwG6`ZCy7z^l`EMuSe`8!*HK93%Hg>QMNTFfDH)~HH2H$V_T0}2K05#Rfa zn`pDuD&-1&MTKwq72EM6J1m0&Otc2!aFM+l(biZfRP+1B&UHR2EQvF9`RW9EutS<8 zQ=C9XlzPHmLmQPUNWoOzP{4c;>?&Ytr!IoSpBl@+nVRZzAtOj3@|qE%#}!!rJwTyw z@3+-}Bt&R2-MIw1{Lx(U_keN0^=SFR)av){>Pm}cJxt5>Caat8$|XrX_eZj;iIlcA zn44Z(P1X6lBBe!RGrmzyJ4o=zB1kWSVW>faZ9nkewwCwYaLUVhKYclO#_iuV+pRWQ znd^>Qu~UNE2LGna8eDWLIL~fBeBVVs<5+gVw74JP$)qte7-f2k(M2il=jT?i$G>IG zU(B=j0^^HI0<@CvD$sJ%7Skm5r)~m&ObU5GJHEdOZ^EA?RybXM_6T~kGpVnP1z*** zzuqD5u+wz=@~2Yi(dz+tUwhQQZfV?L0~PpIWUDYgeQb7!&BugbNPYKsPCXdTPx)SW zul~;`=#pK<0Lz(Q@-zcQSdIo|$;_H|O?!t}w`(Xi+hWv4c9u!7GGMqAEy6}DGVd-G zRjC}+Zvss75NO*iVx9aP-jk^ zvZV86#uM5d59BhVBk)~Kc((Y6+qyd!Dq^A|XE-e#Ijy2Yf9hV}ZS}9*lx*E0F(TLT zDQ%jM>Z?cYDE7=dT+-^Mo`vzSKv^6}Fq3So^T?%89u=8Zj=bk#8{;?o3J%{yqCIc; zcL7Ty68!t0+4A8CLG>UVYKTHQnuND6NwNFP1X#IMF^)!cKiEmKr8hy4HgI-uG>;Sr z#(QuvzDfcabY`6ilzuq5c?wZ7_s`^m$aqw_(!4hGwSO)&-x=?!f;a`{TTzWd zw$*PZ&7pWuzhM0l zOz+C)QjMXfvp|Bxv4;=p&xpY?LPnO`&5tO?nU?3rfvnc2lr8)l!`zfrF-$k;7-lud zg)GirU;j|bqErZviM-maz8q3NCd-fFn^)#tewZp~6C z`*WKGZR2ytA=mM>Jl+N{fso7|85pg#c_2OX1evzD=()@sDO<)GuImzicS&zpQlt`J z`>hB_6)ck_EFIWMOYlc(t1Spi_UFn__ZK62Nns%EnR*Jm<<&^1bWB-_U!6}XIQ5W# zH1}HySE1JrjxMxAqTTxF+uO0(U#&GNRSx8j&X3@OQs_}Tees6%m8=v|cxK+?LAC_t zjEB0dTzIbme?6R)g{wA6zqOIm=k4?X8Z@6(hm9<;0Z2F6)&7K53m&hr?(!PD%}#Ak z;?S|P&I#nsN*KymYa7i-zuTpC#3&v4hw10KL;OKoT(6=j`|FMjPkJhW-RIm}?`=8X zmP6mIp9!6~8xQMvE9^8)gXzFl=I!2c0G3VsjW;b|Lqh^?ZRK|Ze>V5ck^GC~?DCBA zcJ$h4urROBsLwQm>217hw?n@eB%ufOBm*b=kaO>KTF|mlYjwf_^3~8=aX5m>9ZUsh zRzGIajSx+zjtv_p1>21&S7y%t6wB0c#L$Ni79W>n*aZYDN?0zG46n|T9WYx~e+h&R zc!)1K-GgY9pKV;+$6IMkz1t08YK)XF7_vZm5S~&den^P7>jGmxx<}plLgNf zOVr)39oJV)hQ4<{^;!=76ps6pbEGHD^A=5R z>J~E7GwN zFD>#MVc=dBV-nCwegY|l#9IRHoyPDAh2lSJ>?~_Gdsyn(w};ta0e#9Y$ha1Ddlwp2 zm1$|ke@32!6y$@RTW5EQ|>pz(T*b zq{hodj;R8_FQvP~Vp0?qB9TN4IqI(ST&RufucL_Rr(aL)zR{SX4#vOPlLE6sEmreH zgOD&?2@?FXohZ&^Rct3H&LW&q<*+x;;8y_d_eNklzB7M`aGiG%eSaP&`G zN0!bw_Ev~9W{ju-Y3BcHj9goiq^2t;m6;_jw1ZU1iu`p#*y`dEDy&gD>Eqw853dI> z$CWBS|7!EF{L+5aN+d5ZBu3EK%<;xdF>G?1Dyq-a@J~rk?ME4bm|{24d5e$j9-{Hb zobtT&8g; zHMcd#^^@=hYaRlEcz;$2TmR+cVyNP{HHO2Q^kiM&Eq<6AX5ZJPoROX@6Dx%M_7Cdg zz7Zf=$_E(PDb4#5O$Hkqp`5KLifXuFeDrLi_UV9s8#0ZPV05z$UnIg}lO+T_J*>=T zQkYvR#svr)Q}c6^jOo(+`jytcsA~8L?4E{{_e{Kmb_c&+VODCL)rARCK2J&t8RoMe z&tH4%&pqF*XbGOH+3MNUAq$e>JXRT>%=lb7jJpch@t~&f zXf4RQU*yDFF5kcptVQ|Aj-b-`!O}U#bw)E7>ue~AAaL=@7g4k1vdlyIuYs$aK8d_Z zJ6y>KaALsvxz{|o5T*qw^Yv{o2&dLdmn|QEP+Vf#s+qt?Ua+ILxtfOe-Is%=aFoyn73$M8oCC6e_8p30MwbdeQ zpXsaS7?Jyl_i^*$E%pvWqr#%88&g|rCa8p+(R{l4GtXN_y)c(fy$`7u87;=e9pM9# z85iCIJ~s`D%QC)l2G&>4S10rdJ|k?ZOsv3JH^?Q=HU}E>60x$qb(?#v#fBZ7tm{_i zYSNS*9(0aJkfQ(Uyfb`*YBk2wra{nWQ;j*sj^r1jAXBlH9b}>TcuGS$vxNxx9r6jh zG~SOzLIiLW70bLAw>@q`wYz;TlX7?YT7}~8n^QdMZ(IEvC&E`sZkvEAxbmI83W+p{ zLLQSyn&l>e$5Js2X)(JibS%_#K0Jk@(&JSj;uZG9GM&S_$t`TBlUryHvEa z->mAjI^Is6`_%6`Hh8Wq8?Vf)2>Cf}2B7`8*|E-P6&_n3$T&v=eM(zn!)qsB*gPEN zdosDbU=q|DXxun%_DpEL9?2+4)JX=6#IuG<|IDW|H2Uicfl%KqY0f55=#zisXJ-y_ zdL?bX_mi1#urvXWT7)MC;2ZbX1YdmiYZBLma|?+FMQPVp@3&Me&8JG-Wk z`JH%WgOImfAzH58YfcGjMKJmmGnBy%~g_}PqV_~h@0 zU7g`LKbTxDLv%kJl)L;M^TKMMN$#8m4YJU`Lxmnp)n2G)&Pa zi-F!8UHI+Nl*c9EiHE&eWji0(5$QxnAIMG#~#24z=Y=OmRib zzLUBnFZn_FE`({zwzczzqUvjUyZEG4RidRPO=}%;gT4_@55HoGGZCwbB5M zu*~{$iF)&!r{%hMN($!!Q8xfUshWcx`GBDKeYh0ExXFVwy8SBh>%3}+V(GVZ?eQHj zg+n%hD|D{pKf2!)safRax@#z-&pyc@)_6J!xUudw+Ad5YGw9j2>Fx_z^J?OR0=(P$ zf+FgnAD7e!=YxsBLen5A@()UuRL}$Wwyz!hdumA9ik>!tT+;=)E6zOiZo%J-m3h*1 zJ0EE+XuW-;@T?)H0O?Z-oMBV(6z3{0&j^?Fw=ZQc19PX&%yKs#Uqj=)afEv=$ps)M zlof3kNnCIIe;w(;a0l}j!ItyUFjr;n~Ik_v*L8*olA3Zww5kB{KpP=+uJd%Yq9$3-bQWmet5T|coH4*kMi`4DpCvXcDufP0k@cYw0k@o3 zTuQzsJi>kNmJc|?jU$FRqsa~}UX>*;g)Wq(QdS7_jlI5#lADg?(7=rhyId7^0*V>G z_8-6(a7}A{kZ+Kg_*=nb;~y1v_x7gxI&Z=Es5^W`s96#yyt3pnL+E$01_#^ni8+eq zE!Px!Ocof3&-9-@eSg(FPhM2omc9fkut!VPV4AVHIlHtJV$N9U1MOH3l~ph&021CD zX{+go!)q^(ORGlWX*kyb*CFy^B=c!9B&k){tcoj2q^WR4xnI52#E?m^vA~yP+euu+ z^P>sDUS-Xbdf>;F)`Y&eNrKp)V*j!kuMkFm$$s_=quB-eIbuEF`d?eDr}4iIfmmI^A#uIZ5WNTqIB_dL-*SV?2(VR?TY-MAx!w%%cKzTl zX)l+oyc&~xYWvNUpv9m;fUI+~+%0+h-N*2^rjc#&?MBr#dBw5%dB8>Dt+F1eRc){! z_n*5vm{jb)*U;vp0RtLyKCm%1HN7HCfZGIaGk)|vCK=#Tl`xXe%e)AA@(F6PO8lcq zQP-x<)Sqa-Q7xA}^kZ|QoUUIRc>P2YJUd|eCet}9+gmsN65XEa0gC5{zW~sv)75rr z^YsP6gOJ@$n9xko64Zi7Rmf_zC;#>79iP^>OQ-K|va?5;Zp)z5B4es<2A@6H22T`6 ztJg|=Hy5`8mkAo$bLu{x>fTg8#S4Khrm0D}TLWz4Zoey#KB9I4?|52%o3ED6px*b1 zdkT!Ku@=g~(({BMYQzR<&tX`+Xu#26kgkD0twRgu5%1OPR^(2zemyLIv6f3`Yu4r(3WL8M zokEa;NBv`Xdh6X9tlINhMjJfMB$5`7jQ+QkWtY{~vZ0g2tqa`8SH6bG!%Q~zrOd!S z_q=z@1ymnmNm6PzMDpxXIm9?ZW#B2uf?{ zrn>48+A7}n`NN_>M|R0qksO95+ygvh1aPzKpA(OrJy&z?=GgCfx0?C_Y_`lW8VkOz zBGZZ-!bFpgfjx-88&zIVhR&?ebYy`2mvHSQ8_3mXuZ*$afn?>EYUe4OoAV`klxM#K zNatBNS?5v0d|v|xA4kFxv&wF#wdcNLr7K?ZL3b5x@u20K3?6FF@~!-UhVR)QSSBY+ zf~VWrPi4>Ecig`^6Lem|n{as(;OeU#@T_FK8yjCdanwZ}jMS@LCGZk7jgJ`MqyCT?Ieai!4JY zxgg-s|Ke8UNhy%Ck8`90x(sOus8npLU@PE3Xy-)BPYFM&pwmebyqCCMwRa!gs_qLb zE?@;QjH%$s<~r6OHoevY2>bi4>2SEhl2deI;POc1yYL^?-YB1_n5RtuWhufwqi5a)CB4xfAj^b;292(CgI)g=b=Y~^k-NIPg7Xq5R5bUPC4;_`sM)VKCT{iKj{Kh1!f3z5{%XNv{?aqzD0_Fa>_( z(6~vE<$lnc|miY^BG_3xqD;1@r?V-$e9^lu40$R zp80%ksH{Wf*1I2D=*_eQu#!T87suE1YN^+(toc_4sP$TcG8sN=?x602bG1On$M427 z9U0WR&QEl?Zp=I{E%mgifC_p$+kik9w;SsgjvU@O4H*eJS^KoquyEoVj$9F>ied(om(s%TuW1)3k7^>!3129L%9Qy z=8vu!@n)~1O_Ph1g0DaUoz9>?D<9H90t0IbJ{GxxhJ;K$B;MoK9V_si=fPE{KGOHY z4VH9z&z;Pz1L&f3W~5iV>E}5Jz{^N ziC&@myK%I4)go?X%YDC(FWR&aGG{B*NQ@@=MA1ooWVbqyd`lvfM+Z(UdPu5VYk#>U)o=LapH>HO=LfH zm`yNi?tHPYo69bN$-Qj8f_`q&z5qGKi=BAuDck3^W%+tsJM@v0v}!-MBZW)s>3zh# zKW#dOCeaqWDx~U7DbzWg6QAiQ+e%13?*eqCjt6~4fV)@e^B*%NI-uD8ov@&$jz0$) zmH$p3K1!;-xluX_mCJFR1N`%I2D0Pi!UYr#ZC>CY*w_z(vaK^a73DYg;RQjwkxpjs z@ZT_7@MXerR^ro_oiZK+nx8cuv${WdGlGZfw?8RmDb6-srRIf45c4099#}KOiSH7( z&dzmF%R+}+SB$1t-``YUI=HoO{E!sz;dx+j-<&ywgPv|#s}3NBygBDiT#+O>t=pPt zz3QKeTAtZo4sBJ{LmZLReU&jf;oXh9{i7g;?Hmh$f_^timie7Dl`fjuvnm`TaN7QP zVbBP&=ks(2L9dEaRR-qf5?#zeE^-jCbvg9tG1vPXE%0VML;`hoxDflL78m(WA>QN& z2PH`qIRE=k3B^p>uW0BGOB6TEvvtxKEu;20O{>3mVq=V)xomWaj+tbX2P%%~r5ll+ z9uA35Jk^v7AX@sbpFEceDoeZBa(g;(gEkT<)6R%iYW9qte&e=;xjmCSou2I_w9Yen zwf`t!gABEBTMGAr0kOfJPOZhXJVFi}d!L`^E5WC(_zB%jY!$0@Jgk;5S{{5wiU+># zrOs4b1-L{dIoNriBQ^rlt><;qtB09$H9w}udE3pFzMd;ZD9YN@8of}pkn>3~ID-a= z^<{1b075_W0-^t|hdaFLw&qd@G;6J53#j$SA`iOa8}LbJ>l@Pow!aVMmEo&X1F&db zHx5KzIrui8S#;l|^*s!~qPh`SY4w4u^4Tu-J5tgl5I;rwCjSt8&vd`a#0YBij%uF3 z3-^g9^~px|v4eQBJ~3StdwWYF-a9964x;J7?BZ_qzHVKq0Fq!1 zJjchbd1xP(yw{~w0y3xrMo89sb~di#R`uLgYv=M%1nx{R2128-**g)ez~twz3KO|P zBj&|mYtPXu zQI{;1W&hltPibu4DDnS}S!b>^}ShxynKxk(1IbTSN z(PzGXGN7L;U5Vb3QvBpxvl(LfT+p6tzz0V`8fhPiAQb&B*+5(zTr);T8YNG&=B3Q2 z77_J9nrH13kG2|SZXUFg{wq5Z2i4vmoZUeQebL5OavDr??Xc*LPMT7VM0I^&k&B&( zAu0zU9~c7+?1}Q_K|kBvsu5BOUJ~wuf83CMl=4495bjshJUhMr3Gfq(N??f2vdQt5 zZycreMdF>Zlp1Ir_R}&$P z8Te^T5q0px!0AQBykFEq;0%=JQ{A)7E&|w*PAi7-!W;qHwt=E_fE$c#{<=tuXwa{j z|44)vT4dBZdZerdY+I9pBjo{9bhFx1?~$978v5g4LMmkef(boN09Ns0-=> z4p_?<&7J=Ip<{lT&_0x3zEu}GUh;xF!oI?^u?$iTR+4dDAGLr4td?Tr2w=+e_Yz1H zpbys#)tMWXl&Xoh!s@M+72G@=Bhch61S^cwl1ndXN9CGrk(?4d*a())&3ZTYbA+Qw zfC0=7ZVTCLI)cM3T3rPN#8*)n^Mfx^q!fo`4AC7qo(PU? z;OOeVp78-C{QXh*rxehBC`$O>UQxfIUEmMACt;HY!B4A&dD)LDfc(`>g(WY_#F~+n zJmb7D-(WiP-q%2`^#HDxM&I-mSGHN;<)ItQI`=Mp=q4&PbHT%mL$uET{ zo_SW;Ns4n&flV%2bmdKEACmFA#GM``afRVB(BH$4aUXo|rG!ud-;C5K|K5xyFE=9x z*mlSy1^J<$7lzOEZDWCRxRru{nbQjtQauot%S~lkNJKWT{VR4~ztYr4;&5ON;rGtO zH@dS)WLAFHPy~qAc+@~5HTaD1Xxgo0axCQvmkIj^5s@kNxy;d9O}uE^pBON)U+w#N znOcl6Y_i))MFw34=SmioE%&)Glob*W_C1T*Vy1IF6wb%rD7&$7Tm~|iSr6O%V9%LH zRwR>w#|DKa6Vz+vC_^katP!Np<_V8?SwurV@mFv+&j*F;hQGr|EEwj0JKQIamgo?xOHL!uqEH{A7j z_SimaeRRG;>}Nt-dn7uN?ak_JI(SGr9n6@(>~AOP5VgSA@aQapV&m=r1fSkN=tpk| z#|=ePr!khrI^X@wx@G=i!#(1CU0+K}nFF+U<_nkE9IbPV|d9w-ZG*qr^7OQ)|DHqu~9YmQ~hf%%!xVT!8LZUO-h?F zl6#sl!Hk5g1WCYH8W>w^-kHM~r*7z{IaYYR1!EEtC&|{1+Yt@>;YGUbg@60T&a8<| z$9U|h@uWF{P4Ds}6TY}MC2+tTFIz~xfK_|o%f7@V*Df(Re{ZyzH1Jd#+9HfOU=1$y zb}y1r4&+l82c*C7f26--nzoTrYg)ni5yT4HB*NUM`v|A^hy$Db1suF^I;;#Y_&k!h zNOWhEMO}BT2p7a>7}`LiN@+~IdDM^kj(fWEPJaGwPwxKr$M;(x*Y=%GHPiIjL29VG zyp=`45srO!N(o;jl?rz&Yby*+PeKl|lUb$8`x&#?DAdn*g)~g0; z>wqLL|C1zVT|%(;6`m@C5Y(ZQy#c9M=rQnK6;96ANe8d1{swj<^G_YdD9PES5@GEG zZ}0ghbPwsskkNpa!{rMh1v?Ti^Sk(Pl4N4HfrVKDn>pR&Uj5Gqq5DiSiq=S4DbgF( z@sg$MM3o-0t)!K={_NFD>2U5A(Z-qihe63#!V34)(s?XniSKRY|H{)7MWj5KnGxzJ z$9Y9WGPfd8SR%)*P<($R_FQCnfh6K~H0cL=sfMSgm#y74>j9?fP>FJU?vEXAWFpkPs zOgHfTuiOxnOhmK`{=XXF|K_c@DFRRncf^2`CeX!UvV*`!ty>a;W>-tsf&&@^B)4nbCmoUk z_B_Ch3x}3Q5@p4J^0Dk!&aYN#qBTNZ8P0P`Esc5Sx#toNNgepd)=}lqdzI}U6E3Am zQST+mYzDzR6nVBf1<2MtFD-ze)!rQI8B)LcNpu-reVHaG+YSZHkbAk!AjYdGfR~QS zAI&cdYTqhwW^&6!!q?;j1=p#dRX0)Ja-b*Fo(qb6Un6g=bhSHegb*Bl9BsVa*fy`3 zrji}oW+x56!gk{f5J3jD>m&6s*#o(%d}EvH9!5ndLd8_UO1BB z7{4sflkamYcz+a216FrYAk5LFSexH_;~xUhyOE&~l|p*n5mBuNei0c-vRQx#9>qWH zMiYef05k#mHc20^(*Q}Is?%_4_S$qFGoaNk6Qgnnx@@Tp`PlBHu_vK`kDnj`8`&H| zB$-VPiPjNTCA8g2f6PYq1amSCd=MQ3oN*R!vBvvO2JX(YnGiIaX@f1paK-rstE)}jk?nEZeM-gj!W-oK`loA3qsO; z_w&#*`F`|epqEd5r$`(%y2Rp87|&K@99FCypm{slSJI+r62))z7aA`JGV#7W4JJl2 zJFPgO1ASk)3eR|)w?ti>^3c+UdiBF1Q-n(0YgW)`H~4QI$;U!`$O+9^JP5xGJ)=ZPin~?%xFmkPq7v-`-58b ztZ-GXDme}i!PAT^e;oj72U3ha@Xvb!Y0~BPKH9bZ>j#ljC-s-t!sxbLvv`hLpTPDYLPJyg| zJ`HF&>+1OPzH+<(`-A~@!eh;)DMuo*_axf;A98^a zL&6Jfu!;G?ID&(A9GeFn+VO|V{?6bqOHXXym6v6na>{58;V0HJB>mU>D&fx3_2ME# zeOyc2;PN8<1~3a?{1TS}7z0!jFsv!e-gq>`oLpCHG80~|yP~(C6S}tSO!)s|D}k*? z0b4=p4J|o2|Iz5g?iJXCp?qRz#!PXg${aMwX)i3I#F-&wig+~*Xyt(VTJSa&?*DFM z4Li-h)!fAtm{3m@{Ex#5*m-OU6YrIE-a>_@FURn*!~X&aMu1MB!DrPdCxW6Hey~d8 z?ibVlZe&4e2wn(%2A6&6ibwO!rgP3#cdJC|>HC{Uy@^Ym)={Pud|`S$@t+oK?U&q+ z{+Jxi<5)|FEJ@%Fr<2060yREnq<^u2kTT|1C6Yy__B=!*h_?OiV)F?=ZO?8@QtHqQ zN|l673x^q6m5_yG6oX&{*lJUu7~hW_Fd1^dS1a1^H;1sDESZx*GI^>J4w(Cv6>yrWPbdSmzxUiIR>LZ{u-l! zqn&Mfmk%s`z*8Vb-&Wie9WjQ3POljmX5luqw)+{7bBLmUw#J2Fm-^nwN9$*2AtEtL zVQ(vaJrJWL^;XNxhWrW~6@2{p+3vv zCDw%CGiIqv%;^8?0GNfO%lq|_9GJk~7Kd(+KbBno-s~|c@T`H^kU$y8p&NHNm=*gG zSjMpW%Hwj_C$q>OxYmZ8mZS6ItsQW@qk+ub_@HuS65OWJx7@ZuAl|YQZ(s*b=krah zIWL_ZfTnj~_AvB$s_K8sO6^RU#UX^ZM{D24&amuqV`YPS$#R8S}iSy5FaS&KmqLu&@ zMnRN!niYf?-vbz>#CBcYV6c3SfyV`&fu$y3e zpLYAN=Op`fHtwbFLX!&DGduIUnUecFyl~l$)~EE26gu3voI!3fap$mPyIlmQz%F@2 znva}8arqyU+)EqMp8Vmw>{}+1VBu@1S?DISxYp1M{0p*(<6jWP)I}Zqk^hC6Nr&8z z3yKeGYA0}@Bmq0;&Jb1xIEE~M@pP6_rhb*`;4oU7^~CGdZj@d}2*gyr=+FKV`#nud z-|LOOT=5+hCrEz1j@eGKbq4;)C%k(o**A}lnY&uwmMv!oKTXV>LGuqS05JK>un+th z_i$tf(Ma~h%YO#}d$S|SX$6-edKvx0b`)(vV@7(moxs2&*nXL=!HWfN7x#VoV_tV2Y(lI@1@OE&ROA2j@q z-ThWqhebTrH;7Ge2j~?`z}qE%X8FF%&Z2z*%JwzPEDYS%7L`|G3N7>Sq;8=NSQ^j= zdAzQO_!I%*x@JzL5#KGA(9z|bJ}W)nWCdT#{@UfzXSh|I10B7mNo&6yy!Sq;o2>FJ=pJYr7E?+36RJGkwD zIXTTc-Yo~O%pxhM8k4L@ok%8*-~W3PXNHpG=<4Z^O-H4Rha@2k&3eCg?0zFy8-mwaNxy$KS1e z-noh6intAfu7u74mW<{O=fE)w7ZRKIHoAT#baoRQGweG?*OPC{2du2S8vs+vC5~M+ z)L8s|MdKePiDG5!sp)WiS2RN^bp8HlNtKx~iq;PDkkNQaf0g-3^62)bj%r@|fjDl0 zMHq$$d1AzLr`9`)#ofM^b@{Yi6ChphmvHzl`|K(Euxs1osC5;a`{K&A?Ql(&dgr6G zJKAlav}bs^-dmZvwD9A*^fUCaq&Z&T1&cNal# z-GFDUYVi_Hx1i%T^s-LrgZwP(Af)?V0GTaHW*0_8#>`0*cQ)R#wiCPB>K|zMcro9{ z;Vs&_8={uYoV9Nu=f#W9e@rz^m?t7y2w*VzB7oR7h^8I<3}W?Fv}2oX^c)N%ybZd= zqLazfa5MV}&2X-*$yV{2>vOkjK2+U!c4Nrwo?{Nc}*s%ewa?eHY2f$T+h8Nx2?o|j; z26ODq_%Qswcfc%H7a;#TnqzI-;FJ`rzk9(oH%qfgs8S1p`Z~01Wj=n3afI)JgD9VV zG8ucD(G%=iwQYt6Na>`1Q$F@4P(sM+0kHL<_B$YV+0Jj&hWP{jK4Y^YdSxBAL>_L@ zCez^E_%UD|DFsVn>nS%}Fh-8_T3~_i);3YCFlF`n3cgQToX!CMUvZZ|OVRDD;9!bD z^VT0Z`d=78V%@VjIwn+25^vvIf(&dD!Z9dUouaYEE4uZVZ?!+d)zwcUzYFvsQc!lL zu)SYnS>Q+_x5a^aGPkV=(-q1b)iN4_Eeq7Ogtb|~I(erH*@#pn)0hwspXB)m;bHwj zc*+5(p$wV4e*XpHLGP-h$J0^l1#R}~7-AnbRjU5dlX*shDC7d~- zL4x#eZepz*q{03STcM))=6}F+7q(2fTD(0)np}-}B!T0BfWZZw8Jry;a=2&#WwM=A z2hF|#kvJ7BVW(Jrq@m11LN9R`I8LrhP)z%d2R0b;OBH>JgOraUx9xygmFRTx z+;|*ZVIVXXS8ml@6)S1f8$ePj>H08SDcy8xElHq=98~3zMFOPzFrmMTTNr#TrZwfV z4S#AE6O}Ep#t4#x_$zFC`SKETpyLgN3&@Lb2{tpZ&{(ZRJcFxK z#+fkCFK|N8f)g%=I7Q!)w5abnvhDD2P9n%sk0b+>nZpJHt;XEW20%MrRR}2J-yxX5 zi9!NGb4yqD*kqGd{zZTU19iM1t+-{Wu=u@QZ^lsvi7fr<54uNUK;Nw}4K!bUB$WPN zbf2ykw*gzz(PD2>nh-TJuBh?-HER2JK4VPp21fmO2^Yz06wwo;Z& zzKb`uEieQW6=o1N_^->V7{sY{J3oWw|Br+V4jS#a(AEdQL+`o=DN z%>b#nCMpk`uT48WBQ)}48;IE$I@ZN}qJyBRp=8u~{lp&vDL+kiG!UG6qmY7M!=C|t-zfuVCFf|MyqBQ_ z$O}eYM-5H7lb7ky*9sgc^dv z=%yUst^Vovv--6L_epe$kXHrlEuxUbo(o9*J};1MK)=qCBb3VWak(`N5^L z8!!TqB8>9}iIx?SS*<{x-F}Z)P=u@u`qyMHnI|>+1opv)RB2S<*7xyddsEmb@((@I zK+~IMRW4h%Wy$z#t|S6O-Nyhdjo3Lib=3kg=?1Y;#Xb)+H~|%SA5Dkdo&W^b!OpwZ zC&vXhM&HR}2_Uw85RP}zb(~mw>bUpjJW0+Y;5LMFhRz2Aa{_% z!-Qdp37vizfV4=52ay)8T-m@^0ml7L+nTGZ{`nZyaxkB8llAJj6p=3E zuHo$S?de59y?U(lC4!m!cZJ%W@J>i1^`O!q-951qgm?ovA zaOfu?@I*2hw0}H{palB?V21$txG*dO1!?%349Cp)vI-_4)Ask8!rYfs)tVx}k&#_= z4q$fq6z)b~q#Zf@Z{Z{gJ7afxnYZ51`~B;U-D-Srg?B50-ByX$fW*8^^-UtVQ}X_ zW1;JH9-=43lZx&o;_zDj3nwrm z3Xf>QAaprYlWG%4)o{Mc$NT0+#!7oxXf59{ML0CsPu9a}cnnbTWn)wManbg==Q{!T zLfVAzN|wqo0x(Y}^T*XMQ$eFa@?Hauv%eO1S&LVX_%9pxl2P337ZkK_$64T*zkJw3 z=D#@w{&?60*LkxHs7C_E>TJNvsaQd&^po%}4e(k0Uv7-FpJ}5cFapC*mO#b#7JVqm zqvn;ix0VmPa;nf@K#mzYe;m{;Y5L97JP-s4m*H51)4wCh1}I1|3#e@OkqNMwhT17IeL0tN+Ax}h{A=LZ{Wl(2op{4MU4v<%?=&WqcR}xs)pNB7YI<%dpZ1qPc+2VBI zIxa~2eCFCFbRCsyxS8*5nOfUJ>T1ipzUca34ZG~e@mtkgb}Y3*s$2~;zuqGe9z}^! zv%b{uw*{OzLO{x5kasM_3?ES_Ri)lInC&Y#U`2#fqvp*6|Mou?@>hV_o3Zad$Zi&e z$VlM+aq0FpAm`gR_d8ynBcoP=kD5>-w>&`0RjV@^g=lYDNLGZhh6S%s80kvKUX&a0 z-eWyKoUuV5@<0a~Bg#5_=IUKW)ANpsx_-(HyfB_ z=S^XJ?c3D6-8dm62*Kv|>@P`)`Tcy8#zZuqL^gj}Cj*RiCyCi=-~u&&xuJo-4aall zm<^7%tpMp^ag*x{62Hul6Rcq!HRz95mjV_2^?s6Pz`e`xYyL;JgKtp`4pSfJ`1OEi zxdaLzPoX$2lWvxY&E=XY^%Nl78hr@%CpL1v0^U~qs@(r-8&<>|0`;PFVQYR|Fj*Jn zf5aH|_9Snv-!5q1=k?csbSd$?>C!&Ge%#cE<~?(vWsuQ#y`lixiM+=A3vAuAz-~tH zZ2VLeK+G=^Lew#%3_H>ULH03u`=!!OIb(s1`5EiPf_5a0S5P^8G!2RlfMIq zS&avh0X)|Jc`Ag^n5k}OSq>`WgJRB$l4i;no4~Z!AEd%%+@`68=jeRiNo3L}3x{~ks?jnE5Qb?{oIXr3P&wpn?C*teSx&KkZ z2)p_8ikz0W;Q?iL6X>+X)rCXvvDMZ^zslzGRK1r&bbq-w1{f#B1QWwit=P^-O+mrJbwVQ|xrD+#3 zT4okN5-5|Hq%iN&GZ8?;FNlaI-=>gTf8wzpzs_^Y?$B{P8f@^PY`BB#rR{VLRCm9) zSN`p`41JY+Hp1^V>)1m^*uG}}ut!V;P%znehxen4NX^8qCIAZyLmR8*1?#7A0|+Rr zG|_8GmX&-<+_3xtPwO-uU#y@u`aIFtX(!v-xb@BBl=n*JeT zySuAfGTkW)h8i#ER4>nW|ymuKMS<1B(pznVTyvXCeIc_&y71*37&7S35T;quEcRby@ZS zWLvYxCwSSWAh?t}Q+m}Kn>VZ06V+Q~jY$U#9nkFf-U=_ux}^kl-n`(;R80pHYV{g( z$q5s1gT6+}zrKc)rd-C(>s%R?`i?iQk>9y4NC@`x3oHQRtBSSz46Za8vlw`Z7p<`IfM!3Wwjb zYrCKS(dOHI(`^1j`ujXEFnV`M5kVEr#6eu11~YX{U>em@++;lv-vVZKNQ`9n7ePkT ziGHIYcM!ZTG2;I>^j~Qg;E+fvUnGkE#esvKDN(k{2KGHoo{FMeKr#5S2CX_DW8_D) zeF}(qXe^<}UFd%kvo^s&uah(Lm;P|ym>gM~-&L=4>0AQCb2;AY@9K5aY47Y7uxR6} zAz67^41r@bu=W_yD`uZ@RHwO+*8b4=l#l7&{LNbgP}u}rwE`8%(@8RTT5Bz&kM}`M zHX7hS+u6i_j#c##pfkMu)v;aWI(LN2Me5`uS>s~C(!ahdQ_VwEF#NbeO3KAyZt zYAAhQV~iy+K~haf&+nzRc7*|q$KYc?FGk!Cm1CAK{THu<9inD0y#8%&6V;uE@xUAX ze7V=Hy;&@s3B3|8*0KDWnVTGMDAfTCs{NF{w{nRNEy|Jllf(f1Rq|StP!My6@?>x@ zBsM1Xu7MnSvLukj)?b?LSXLvGXvnBT_yiHtckm?O!hkTP0=m=ZXH~+5Gf2&0dVrFy z)SV)2qpww2qVDNb;2UCQJz&;G3tLR1p88^Dp0cyw{ERr4Ov=q%`X=7pwQ3~POz(Xh zBn^B8MC=tdxvr0Fy-UP?ebfb7<335Zx;y`U7K(25%fTBcf=W6$+AOXf@?f{eZYGcf zNNFhyUZp_zMBHnyiSo#woEE@;S)wH==i-IA+yLnkF2eF}ejI-?4_O<~C*R-^RMv^g z_q~Th`d1#te;#96r1G8Km>Z7!0+KZyi8pFJzzz0X0F=*WsyTI!=x7Ec^mw$ziUw2) zpWrD0RF;LYwnuN!YrYkmL@7~>_9mG{6iMrK%x0tKq2U2t2xFJOVUvw|#bs)JtEPHM zYj9#Y*3e^WpnoBrMWa!W89#<*?jCzHP)Ui$o;z+sTMN(SbuR^D#tn=eISU3ZIP`un z0T7LO;FuW9Js03I5^>OBxNdr#G{WPHq6IitOK|?t+CpFp$jW!z5nZ(`r@u$bH7j-n zV596dIODki14EyMEVb>jSvu!Q+S^Z#rDvFGsxlef zP~^i&rOYx!ZumSYl_$eHkjj0>za>JNu|;Vu1wUhN(837~@r*aoenth=J^y3gz>@&v z4f)1w+p6R3tp9kbkQm|U(Cors_;hS1pyYO}h;%!oS-Os8IFo&b`(RLEK zk0qqgUMA_KzL6UwEK+M4pHJqbjYYwucn8vA_2a%A0$|2}NFi)fNjdn##=Z8w3Z6+REo$UMc6zW zUFy98tmXtWRKZV1wFM%=tT1n10~0Yngzz93P-Do(#uGn$FT_Hh>8%T;8yxNFAIt$} zW1h^j+A}?W*HFCpwLH&X*Bw0XIIfE`6tCUNxPR8pp9$?5!DDPzV)9ir87OWbmM8~} zTo(+y5gw4!hTgs!U<(ImA80HGfv3Ea;*QbYjR$Y!;spy~6#DHt(AgpI%e>r|{tLvR z0WsBMHqiNJ)}Fy6QGl-tglq@P4|0%=2cMz%aP1JVmvt@prngK5G}B7 z+P|(?Ax$_hK?Dt@j8C2SVS+4x?*h9riY3_<9$!ao|T}Wa+G4>{HX@iCiGFz;~rUl+j znST#i!W4!(BeYVz1i?!sMe=G#fJQ?>c>y4RLmVIoH>(4(Lm+(z28S_!X{8@MqY%P( zxf!S~Zlm$9xF`xp#2ptf{PAa=Q<3&aDlBsBfaiPQ>K>yYY4<2f`!L;RdX^0BvKWmd zM5^%-j;0@DHk|6b9rRkANT90#Nlv*(V3^>hezHA z{FOnqkk0~SP-V0CMaY|hg19a)atFMJ^Xrr-XjZ4K>LA*@?0)M%bg2R@)1|PEBTqWv z73{lpb$@D{AjP+hgB3WxofDz#W*xBU`7Gsqd*>1$c*Y=Q+Q@h0LS8#v@%6OI^KDPz z2=SNlEmnpyl=|gFvkE3_7$k@OTqOPPtrEa=lo!QZ9>Je!NVU2NgExr>aetK3@#ghY zZKTpvS#_)x8{>BraK!@wxf(l=6UHHWN=~;U23($Sg+Z3?%DGQR_2KCiT0OWGF?KG*e zsS@AViP0QGp(P8jr`~UJ0RMzT7%0czA1)jtzYgY7n*m_G9OolC_Y{;U!?{W8r++#O znhUeo5yJrTToA$J65eo1K;n-yE=1zYsdkJK;5EUWjj@pk3=S~@&GFMfH$q0uJBvX_ zYeAqT@u|S&lBx^BTzw3&PT=Kl_huZUe^wh5QeXwdoW0~7a_OgH>TYt=u6m5VM$6m@ zR^IkR%}(gz0^*)@puz4n-UNw8aS_m)Kto~Ykb7CcLsG*YuL6fz{q4f}ixtH#>W>yl zxwaQ$nZ^x6)VNKGXiY;YHMdDhCdsnZoT!APbWwPrUjtzjg05g($+@H=h;@?za2xDxc;@<{W&`ejU41aB$e3|M(!+cbPG{SGr zx-xht2~8B(B1h&9Xet?7|LTA^JVwON+!$#8{9iR*A{iZx8>(;wopIYu>gPe_oqbD; zZ91{+c_`_uB0z?$PYo0SqJap&F$?OX1JzLevz8|u<_opX0Uv{EK;D&u!4xI#)y^j^ zgHp!>1I1oP3l>_K<5}Q#rjdCYud1jwn7gYG3e-JgU+<%x152&9Zc7{S&iq$u+4M%> zNrYDgoz*rgvETfgPS3JR%U_iXs{oP!nMHj}>-c|w^iP)<$)7e}qiASEQ_z-hohV`= zh|52Ef<(2II2eHnK!T)<+Yx|6kI%lc|JyoYG*KcU2$xwIWFTv32{S*9PO}rbQJVf!~|FM~5KPAoZ5UW+>!95SBhlRJNS< z|Lx;p-i|LGO*^ort@b}#2^&}4kJ#9sj)26j!{W2AZ~f#;zfJ;5PRQD>f}3ytW& zrMYO@pR(ygd05396`xsSih%>uC{bhno$f|)WxQC{nBI1NtVA9K_93%cgqQTn$jV0 zs0QMhsjNQt=({q?Ck`LV(74Cox!@Mo60((k6}k~24F&3WxX|_-_=YYfqY>K=l+`7N z6fz9qXQI1MKOfG|t*W=MV>V4CPO6QM23A|>*~Q8Q}`boSr5 z`A~IEFE+FwT8f=M9t!M35&f{;ZB!xlk*y|oNIkO2*}W<6WaB`2zZ>qJcFhyBPWRT% z_LOlI+<5K9CdPuhIB_cEm`14l?b~Kd1#HX1PZzERHx9@rhUz)Jov zg!fA$BsMY?KR{6EAx;zd8P{LCaqd>+kA3-w`z>IrwV|Gp;V~&<$FY9uO~6CkBUNR= zeb;Z^o`b7as)OW^lsNDhA?weB7KLh3cv?j93`sgU!y(gg8hdn=Vr^L2M`$_jGFQJv zEsEnrP2~eg7`!S1+@U36DdgkuUTYxSGXBk9IF{e{+K&D5}bR*+_kjF<1j0=h+_@m*I9Q-luL<9$9+Cu zjqS>?>Ea%XZ#$13X#4 zFyy)|B^>0BWCrfk>W3*TkTob~XFoab!VjNhYXOJCfc;T#aZ7682yW(7Yq2{Rw(fqM zZCD-OUuJK%DWT?hmZo!uXC$mt5`))jAXY3s_27)BvZNX+`P9LLV!uRpile@QnykXY zz}opLiwd45hMg3*6r=`IWMR+y2Ho^nKvOjl=Q!eHch|j~z0J2X@Uk-|(&gu%*$C#m zqbY^Qy^n&H1TR$f4&M~K5S%Qmv3w8u$}6f9jSN;J22Au4g~!*F^$--JiM3}2zX!pe z-w2j(v@Zh>u$fht1arDqjqO>5GF^=jURj{#iMx=lLwogQjNLU_btvRK7vHCo3dfU| z(55fV*f+N@J&tMeXDCY6Z!)-Uw-#d}d^miHbV2x7;MiIIG|%1fIYE(b8O;5}+nl;O zS*nw7U#5{5v`waTh{nV*Dt@q&v&Mb?Q&Ek66gXv^^lS+0UMZjLwL%@C*5oncDF-`S zWb{gR>TnIe$7=P=sC7m~teD6bVM^ojqKC#>i3NLM1)txZc~|2%yL}Hij}GVUHf*RZ zSVN$XdO*joJIcO(XW-mc32pM4=GQlDW`YzwlwK~9hF&zxwNWq`avsbVwbQ#=WlGl2 zozMTuHkoYZ^ki7)kVeX#qY3vWv6tc}DAK?-eC%7ZW#k^?)HbrK!+6vCiA(b^NYIfY z;0nBIN~suonq;##1|=bT{hVvExh}c6{475ddt>r86bOTRsk?2bQnX3nof67|2=A*%xE>%IznxwaFN{+Yze)WfeeT&F5hb%9~T z=p^%zh#r_)v`>V_Rz-n|Bt-60A(sDoi27?Y#S?4z{1Eyc3Yo5eZXAXC`XxHb&7bJE zg}*%Q^N>ZH&R_Zc_sRP?Swt5Cg>U>Yv#rU_9`)6|C@^fw-1!*kRW-(rSjF*^e- ziAA%zPQu9W4$4J?Pf`0=AO;$NHR_x#zh}!@WQOS2F+%IF;HK)!$ZkJiiDi(c zyn`M;AEvONwkg5HJgON5k`QJQVpLvML@OH7Lu2=3$9O75=4C>MK7N=35wIUd)`gehrJ0vmdNq(@2>oH>eArW9Mz;^mR`b; zkP*p&U$jNxoU2is9%mTi4;;!T7k+i*Rh}JT6!E`X&RE?@LRV&1!t{!h_qLv1Iu6T3 zF$|1{+6dJVN{L;~I4<}ce*yC#K)sdBn{Uf({*JO{PO2PF$?E3Mu|(qyK$G0{uT z>O1;OdE#Iqd+2CiXLpsZJc|~H!uugl&9s^%C`Pz^Eqi@UHMZ5n3u+j zMUAybvPBzFrOWWVX^J#@8->Y%>#u0MNKmROsm@qNFOiAnhcL<`(>NPByhu$^|IY|( z+ssG(pj{gM$_v3%m~?FP;lx79lo(-b@{u{plwW_g-vM-AD{xG+FV56YW28%Le$&x~ zsCqFWkc7f|LD_&>FTT&NH9^jtFE?#-RMa87n3{c*LIy+&#bfzGL3>X=*r{D?=h(hn zW9M(bq^ps+R+eZ4@3u->7*5rYoy(>g#vG)(Knkya{?sb{7tA_&jrVLex})y!5u*%DyGoU>@)^p0wus_5J` z+2a9sq6O81x!w>o6vxO-wah??FFjG;C>w@N8b)NqtAiFoU^FJYH-7O>kdqq4gS(~V z2q>U?Q+){BTaRqBN6A^;D}$RnT0IYaz^~4w7~={R(NMjf8URB5_$si})$htJ!@z6A zb#B#=8tq6+XZb*|MS>mb0#&?jo46Akc1~b(A8T+dn{yYlWE1fUS3B9fIE9*s>4;z6)dP~<(kxRlrdGfXL z{`%rcYx5@4~k0~yGr9!$RxqX3oAL0tRXN-je$1Nk+jir6s>SH6?MR|Mn2)% zD9JwEe9j^kJASA1Zeu1h+5$(pj_Qq}V37nV@wxZ=vDe;E>X!b@*6jQgrZ%c(oG6T` zgZB1{w&0kQM$|nxoyDZmAaHoe?6{|%(zjmgpuh{DWi=kNkZXFK=LWJH^avta|O1c1Rb75xq$;#fSo7TAd=0PDIJ*7;t zFz>fL99G?b!jS?1j;vz+zltMeBzMKPlxEc!FdJ}LHJc4%bIqUwRtG^gYgr>Np9we|SW9e*gakOCplKa0v`W zW=6i@o!9JTWpcTK?WrB=y$f~ffK5kP&&;V-P6!7-TVTeI^y!+@*|c=8(s>)}yq>)g zaTw!!RHT!qKY`f6m)bPDyGEOT!O?T2QHGYz_(V`t1RO_CA4?)g?BI{zSa{plZL)1a zmn0_PD+P9EAP$NebpceBW-OKREib-gA}i((We&YmSWX-4+kn{%Fm1+?zU^;5mUvmi zLI_+CZCWE#ewhHWNYZ=F&+kysUju*bclG~VQ(w~zTiDze$}V^8eKrn@C)MRiNmW%q z1kEskQ!a0aY+D6!>8bH~K1m7D#$!5lEW)ug&0|EGWCYDb`Z2YYsmF^?V%~!z!+doq zxtKPPRBNd`IOkYoc7)6j;qbG5NMewyb$ib8{zM(Z!xTZ{ZVk?!f6ZWkEvFMAYN86u z2$5d{w%1z#xzVd)_Pe#r29x>~2ze)h4f~6viTS|Lytcg7I(r}sAf$wg zYU1*d1`&cgHF!ERybf3G$`P6VK^f7rN(EEvu9~nVK~&=1FCrvvj%yyHKZ0loBhbVU z%dqHd=T}=xWp6?FVw%hkuFTA2N!{@9)8_fXh+&4f=izzj5+pwRn~x(}LmUD!bf~@Y zRs%uBeck-H&WvU5I~ERk3{qg`g84Fi)B#Q%;yEa~=xAPo>?P|f7AeHIzprX+tBaP` zyftieibE&Nv3ntk?BRJKcFt2qPA8aLS0j*FCV<=f^t*qpwj8#*VXV%ufu{g%V`7=8 z^H7Vga2t^f3BfWi2n^Y(u8N}3cjTO*MF_%M){FqK+fW+Z6u5|Q&lsxkJtz2q)cQkh zTQIrbVN+u&UP}3I)mCx4Uf;32%gPMm{<5uLFE0fgio-GBIqKP{KJWSFu$!JP%G#^c zG_>g{{j!d^3Mz=O{yzkhRoUwk;|;czMODY=Z4VfJmh$qB0OXyk;h>z4oY|itrZ5x_ zm<7S}dosSyH<+j3$QePlrccPVs@lgXMJH$(8#CS9a1;E?WaTr`Z_yuzfaReVNrvC_ z(B7l{?$5zEU7TDz{rHpjQR~*!kOuS=A&QmA(NJCa-fO&yFprdyG!d~p~& zI|SRP#J9fwNxKAso%wOuljyjE+3E4DsgsLM`b8GK#tlo9!YO2+;{I%S!IakW9j-Dh zMI>+_1NdZ|kR&0dtt~&$>pY;f_E6C0wc&(R&JE)gIBc9fwNt_w&hO6{$M0d!+F-n$ke&SW_q_>rLy4r7mnVtV@RZU>#Rv!GIlKr} zNnTI7czj`_FP?{j0JdnVMKYg<9eJ*>7tGB4NebXK9g9aJ6TTB9T3gnJ@$z;w%fo&+ zj-A7syb472TUN!T*poL?Xa1H!;^p49uj$d?=X7_(8zcGr{#)d^^_1Ue-1*VX1V$dL zq@S!R>FZj=_LdnbBVKVMw(hz<%CPhWaO8q0AA(rE-%x&DNm zwd0iPkv$1Pk_^gnE=o~{K`+G{jewKS)aC-i4BHYMj5Q+U!F!6#fDhRV89yh3BRLkawV zOnNF}Zf6-YWUNwpZ@5&<0&{$BoJmKFU7i%8J-eQx-A0SGx#(0= zKGa$N~b8fXlBp(;)^7G1NF%YhX8XD*U;u zb3>kH!4q!!N2Guo$HL=^9%&)y^17l<*KfH#JM-Hdh-Obj z#zmQ0Q#mGv$3aVKRBk2mdxz9;oC(dOA16f=)EGGLTc7g2qb9qu?Dz6|eo84Jc9$?Olh#52YFg{WksEeVD89S7`P!{b+YBiC<-5qt*)=Y;61DL-j#;M?fg z73oQf84umOgg$1V$dEV)+hmV4ha~y^29YtIO(+tH% zirBsWQgI>zYcDdXFF|O^pCY&%ctsfv9TjaD@hEdAU0v0kkcb#9fjhIcnpW`*Bzim# z88E}f^7u7FHsTM7^(K91IElU=-94h3w9;yAz{bi(npPa0LXxC6E62Py(qz!sO$rmc z^Y&=!0S0csK(vy{qaZ%BPRDosS-_!BH z5H#;tpBJ$BLkb;sW|?o$kw)9;#$cx8j^@DaQ@bYf#_E!OGvq+)(=y?-vkY|}%Difz z3JbFhbuQh^)cVFn_x>*aLSHpskOxX4Qr-BOoqsD)LOpzni7j^t<*tx?1lIpul&RWu z0cKtH^}`yABaJOyvt-GaEK*Um*guqI^et+*yQx&-d-=Hgu9sb=vBA-=wjs0eNeW(` z74KQs)4q5h@Ir9Je)b8FwlPmPmyQSsE*^a63{j{rSCK#&l9qjpyNZyT$evN$-j<9r zO_JvRe)QujN+t0}j=x;d1*xm5FM2tHM`ymK2zk_U6p&4dK>BacG(FE`do#--#I03? zoHy#tK=Q;_?1>vNwnbGzFG%f5h1V9QJLDa46}YBfn@eY?@`~cQH}U`B5md!?OOQ|@ zSE@`444$8g_8;YDt@lQJ3n{L#HF>XOIb3MfPyaJ-$rQbWBQI6ZhzUd{_dk)T zk6<(HAF=}!n6~werlr4J86+`FO{D|q(R8yfPDD~zkni(ukejdB&1(iR-|AN5s6?!} z)%f}6h2V<6&ym~`7f~wFUa&B)B!*-3&98ofEqzbQ!y999TNH_=#JE}4L&-lsI2igrdB&FC z{pDh0)!{@NYgLi>=fjGV#CtKPPQD>izqwd&;cpnvGRC^j`$#pY&o~0DA2WEj2}NBS z^0k?u(YaRE&QfcleOxWBheVe-zka$*D$%ml^xwRto{`OmmK;Scgl#1taqJT>oFX&$ zlpHhB&)@cW?WmwqE14Fj-$Ba?^Xn7C$rdPQY|Wt}myhra0?0r`!pP|0-s9ocso5nb*mda@ zUU+U<7QDVPRKD$L0A~V;gzkZXv@)fEV|&vW^zQ$Zx74Tk-{37FkoUZqf}Bn6GO?qY z8dYs^L>n)?o5ks1C<;4i5&+~u51lBA_jR?Uz0vWK>o-X+`Jf&A;h1}8{0|&xA zwJ*iup2zI^sW61_9H%D%U#SGm|E7vNjIhs*)W$6t#C_vX5&wa-#94IS)N2hS1aC?q zqx)>;!^M&|YCC&zNJ|Q{am}g8eE-sgto)9GZ}!e?r}vVbD0caH`RpHp|2#W`9}SRo z(WQo=AeXX}0}3OzRH3YYOHAEFS7ir!=@oDfFkgOYWe$!FG|e?DxC#}~G63)M1Es#R zN`DG7`Oi4u>{3W2fGDg>veyWHO3rhePn5w2vYnw~MgE7LW_kA_8b9H~`{*j{nl#>G z+gIy2VEnngKgjnI>?3^H?j3ATjBtdiJ}C!bA`^*8*fMunN4o~-}9F? zkPjaPN|3+nWpcrUVoj981Mu7L*tAEp62J=%7ZU4d_-UUiJzgm zEhc|Kmns=*ZO4`Cw}-Mt$+j9-D(qCzJ(9u6LC|>YROH{08Nw81)-*TP46LAgSgT~e zIMyG=)WLcGZtr7d;rRjy!o^eIM>q1QsZIYxpyUymn>ka*gsb2J%#J{0%u(QuIaNdj zYGVJ+*tV%s{qHygV*9KeUU#(Kl@vVu&3WSk0};|3(m3OSqXRBufPFt0(~P-)@Xb(d zZ|aBQ%Z%=w%JNnCj^6u0dAA-FQZd}82RNP%cMS$E=Ba)ATK#64pXc8OjIL8QdqbeU znIGw^Iywh!{eY%h-!~!|;&Ki^k6)lV`eR$6( zg$slsSTEe#1EfpAH<+5#?Vb4>DLIBqd zs8Nz1!F;zg#9mL1pDhnu42|TV+CnhKaY#(eE+SVkZv!cuh+kyBJMQH#>9L+;e#O~x zqJK{urz9xWotiAGgX_#g&JIO;x$yyX=@?leOwt&^M{xnm-0mk+6-oOARRu&o>hIUn z=QATcSI;+7eLtCg!`5nsFn}^j&KO5po>?G=%V7M2GOxaFzisHB1{JRw7Lo5tAm1NE zBqe>DAWF5ftYrvHX>g&be$wJZk_83zXBPHYzvk6NH$s5Hgc(l-YxdN+%`b;<9)sUU zd)aLqdXMqUi7#vBn5<|OltoC6>MDJ6}1}Xx5Izr zAy0LmJ$NBwU(E+(uo}+TSfNaX^$#vuza6elCDWXU>e~{EJW2HD({Ym0W>u+R$AUm+ z^4+chOd)<2=%i+wx?r(>-!suo!P58sot4`%!YbwX4Yb@TV7V0I-2@7C>ozN_3o~j( zT(2_zSCinF0qDqM)pEyu)~r?}t$FQU?K!j|M*z2AKeh>u@RS>}*bA_(e;zGAR3#$m zZg_(-JcIv;6@Z-n@72KLhdBg_iYWH5vjlk}8gfC^dc*88wh+x6O9-B1S`3frh~Z`@ zzYCpvm9(8{87tXW;Dr9VUik-B-p=CA)te|{@1S>(S5OwQ2;2vq&oggICHQScecR|* zn@w#XPREFRQ!$v4tG)6}`<4&kBgP(FuM7lzMk~|C6-kA@0NNLiN>F}jSs~Vi%&m{q z`j`7Ckq3uu`Bx#l`#LGWdr9=S&z=pgW|+0@Dj4u1DJmyYEo9)YAPotH0QvyY9;P5Cj)Z^*`d3Jj5+X`qV32db zZy+2D@QHwyn-lOq*|@7{I4c>t65Bi4nOWMH5<9!un-ZITu`~k%`?6A%X_<`AQJeMK z7)uXg-;fJ;@(Q`b(+5X$9&$O6ia!E9<8)#K3Kh*2j@b0}_rvDkGvlizgDQq{S=*k? z17-7)=K;z*-|wGK?G0D2-oG`cgBM-9yf)|VPR!RIzu0Ip8gO^?9=$@!9;R zcI9Ts%j)KviWc-q_>GG#|2e-DzO3x28_tLgO#<4<|2xT?UbcSXN8Eg^VLujZ21 zh>rNwb{@TYcjBBtBG%=#U2!)X^3;hJZs!eS9jY+L=;}#gM9UPy1aG(1{%TBj&eyU& zD68&v>6l)%YZhL|@p$%ou!eu*5WlFyNo$PvTy-3bmz26s07IZXg-qnimeEfim6Y4w8K%SCCzkze0 zF(~B;2!->B@Wc5@4>O7#8N;P*snnR?r0twH@jV=@8escLkc0?XP*EFUfwNzie3wH0 zg{dS%y{DoiOaBYsag6#vr@p%;MZrjtB1Or{vS?AkSe9*3siLgvc3&F|UwO2uaYgGS zE5zk|?ZNrLe6a*Dp89|mnr{jpVrU5jK9f$NG} zimvPGORN=T=9ih_l1%rNBO*noefSf*u2(**a{@LWvZ6Pm;&b;F)EC;EJ(5aep{X&^ zp*W(xfw$plRSaTwnB4ti>;??vlT-=*4Vk23P`fUC1b1ldlS5t+8DUpGm>j>OGZhbC zeMBaxoP9#qE*zdntfXyNY?(NOXoTs@krIh;KI=c=$UUCa^ex4&IG8pNlU#gt;WM<; zp1_Yby}XTVt{}Qud-HT&fRbVDWIidzu&~?mCZY7KQ;p|q>v^4U%^Mkf<5SJMbVF@^ zCCy=!t~;LT8XYrk-o3A4D0B}$G^5$9z-W&gq%;u8GuPxbzH--0fH{ArGrwnD;i3C^Ib7+GGDe7(b}UxN|@q=XX|G&D?t|RHM-2K z6%*F2Y0}7FW9T#0bSh=W-@gHt9G|KQ7M<}V;VgVzn0NWa4Gn+DS&yGONd&V3aZGn& zqI!WV)m@JctisETcO5Nl_lzKRf2H@p*KA7ZfT@DTqkhg5quW$`Y>XYFyG?yPFKStA ze$H%SwYk>ZFYo>0?fG%Blvt#Q0Ws;2tVUe-Qj$iQEKFqvq4Cn$Z@z@Fu96kIwB$s~ zx>ka+7_(7Q>P)T#I-inNh5O)Y?-^NIaRr_*NwLU{3DQ+x2-ygsNsj~^Lrf2uCarzlO%xq1Jr_4W>KX&62LrOozUHg$F zkS0nR@xp&TZ;wt*-JLLv)Cz4<6eLIR@Xz|iAhY>nfk^!bZwG=< zQ@u+w5vsUxa!usQdvYQpV_;o^$fGn7Dm*AD+^W0|PT*Rpn*19Qwq;gtwPHf0AQwj< zG$nYJTc4MV0#`A5YSJJgi4UPsk$PB^k_X1zoSAX2^k+rd`qGq?KT%tF4GGs#0` zCo`hMsS(Z@{F~o|gA>;nF6rv-pBTiJi~N6Nu%Lvs(5rBo zKx*#c4NsT7u@@XV&&A*+=H@ksGMTw{_ctHrt}O)j#Kh|jys7XX1R!rGi0y*%|GlMrYD=hc?8o+t4b*3WcEcR=8>_>=tVrG5^due%- z5dAklz3=e?>4zwPpwk8+{y%AJFifJgd`Ts%f(AFeaj zn{&hT1W4ov_~g3W#H@YeZ+j6vd;W3Y{(&FzD~%b22L?C{tOfRHj1F>dPI^zEs#Kvs zXeHy?G*zR52wGti6MPCqLR#U1{}^|G2#*l0x#|`@ShK%q_ss7# zZr=AYN%MYWWY^HevusfmmEPbx`o_)_DPQdm1h>^G0Wc2Dcqp?~g&}2GDm5*GxL&>^ z?B}Hb)&m^Ed<_T`GzpBTknr@z_2vU!nB6?VM#*F)9Rgk}O)^@fb%eN!TfNO7HGy^% zDNL1U<$S17_l7`!#J=t}!iXefQqpNv~-m0lgfu!hY&nYH}DzC=tW}p}5o7^4Cwzn?vg~mp- zFA-}qbA6WmJ+p?e&MHiKnzbz4?w6gU{2t`gWCPa7b@0jS0>5JOxyrIPlZD)k-<-tk zEKeyi1-N7v;jq=!U1tbkM&VgfzW?+?6PLZY#85xA&`M#dQR0@LP$=**(YxW8i!`j% z{Jt$O^29Losik@k@ylY}75SirvnagC3K(oN4lbq)&C*K0DqC?_yQsYO5xs621HwFb z>&L0krC9cT>5UGoQi2gY)3iuDzw(jvD>iHUF1OS72;xZw$mwr2oDkWud^3JQ_SZ6< zVqo_Xo8&j}$YneZ;`%2sP;*lo*2j2$Ouv<+3fS1#>}Q=xX3ZUPuE<*4Zbs|X9o=b5 zf^NQF3#DSo4o9KgMsgK>cWD^h>iESAmqj|*Uyq?N($3`EO=Vg0C()yRXbVs2URF@8 zrp_t18yW#~+Rg|2Non7*eQMZh;8KLHo~3s+Wo za!)LJ?}Zcz)0bW$Ipd^uJQi6<<+&fv<)usJn8LFf+RS6zhE)T;q$7&IZ6uwFcy{9x zc))EeFu|$A3u3HVim({ocUzN)=D!=ZITV-VPpI+r#G;D>23w2wG}^3$atnUi^BFwHY zLM;Y8Bw`$q{neKSodj(AZ1ihzj3=$Iv_`lBm40BXpp%OyFc zN7z#aZduaho#vgxXLB(Lg{#7M%8x9#g$^2>2X$PJnyd7BH!60INI!oIKg3s`<3=eL z*lZ1`$Qzq2>yW;uctltXAP`&vhiV@jKnX+ygSRImFL@iG7z%TG_WiO)gQR6%8S1_$aGGC7cv!isnR7BEIh6!I|JIjY-`535v*iYc! zLMmEz$j3?N#4J8UED4CIK}ZQw^sc5k>Woy+J^C51kFU;i!YN~o za0pY!P9PkWno!%47W#8l;|RgI|BBE zXf^#rl=7%^^3WtOR}q{R+gJTVrc zpRNu5Nw0^&bfcaG$vpoymPSfJ z5JaS;r6rUQ5KsgK5fG(A1OZX$ka%aVjf&^!eZRlw^F06E=X}m_&vmU?>$}#hSuuMA z@#2ag;e!org5luTDBTUeTAXT7Zoxf$(}El?)%?I9c46NkG9@nTlE{UD+Qfh%H7RPa z(dsL#q(3>|*9xC3nP<}@9w~ZuxcvB@C+*G53=x+sNvWeK4_(-HdPsGO_DT@>(eme= zG3=J4t9KXoX}KR&y-)ol;`#m+TeH$TwfmE=Jb&X^$m_pK%-}QsA|99hXq>uql5-Qi z7LL!s9I5rQ>Db$D1y8S2`1>eim}NRq?pHUJDC1#?a1A={oS=N}nZ}gS! z)q^Sf%km3yuDwg$wCr%NEa=(T(;jJDr1YFUi>0Q|R;=p&mWvDp&NnWZiK{Ymd8eu< zX6Iy<*}dKvg}<^{6|KdmP5;DR=`~3~((F23+cbx+Y{MC>DteJzrl41EPRjCPJoGg`!UooCLIwE{S_*DPmh1A!zDz`rnh1JLj#B3f)<5caD zCAm_b9XoB$Cr+6eADK9fLl9^lYt5Z{x`4LIEFh8%3_q={ODTKTLZ z?Hve^eXCg-!*xiXfLYo-QWt%hn8DeJ^TDb{(#f10f_MD(VIAGiNkPZnezfdUn#kju z;P2KgMh&<}A9iVDO?7?D;(M->pQj=~$kkWSlec~PK!i@A5cpxrwK_dzqw_CHvNj{$ zGnpq=JEhe~P{wUa;Yd{XYs+I{xr9bpslPa^9jO!>`#$`k;Plv8<@9kio*0rxCin4( z4~b_@Cln+Txm@XfqvNh3M;qeVIzb~k#6i|Fe@dJ-P`W1Mq;-OeuTcrA5x1WI_;&Tp*nBT^qX_9OQA%7Av?9&>GqyBL z&%QQwMZdRlICk`$n1YOm$cu{1+84gh$#n39o;Y#)(B@?&w-0{Feua9Sp{eW3H&$C1 zn7{9)zoyk4&kIh08)pktj->gl^k6ab7v7DyF`$!5AmK(#f1#L*vY@Q;$-_+JIU%;W z@5@)JC#Ty#p94f@q zs3(+6MjtwG2_4cZ!9OjIS9!kS+w5lX>PG`zA_BpF;*9B&508g)iPGVf-B+1tQ!Cgj z>RjJ8;M6L{do-d-GV1g^*>Q0$ZhE_>DoToI@jaUfT!*phqT>4=((<$KrNRq)>Ydt! z?~|^I=R!TkFv#3s;M;4spld8duWl~#Wty0tX-z4VP+I?9zl74{N$XqB7+j3ikL1=f z=R`zYX@0^)I_RK-|CIRr(9!quS6|mv_dCxYHQW30dSVUrOc-wKWI*;Sy3px)vOe7K z7}WU;gF(^UXD5%fcinb>7i!nqPP26NzTT2z2)Wi!pSgsS6}Lenlaz3=^Q&OLr#P0} z*q=KssZvj_urYGP?>pWtWs5t9QiwN|)z&(Yw(+@x@Q?*5d3l5<$|}!#nqS|*=|v{q z_qW?Nu14qI~iCqhft!Yq)CXf?$54|pV%TgorA@5 zC|v&X?dP6ciSDP-#a+R6%;?xXpAM;Rsi*YKuZPW%iyc6}cJNC&>oB#0<6LD+I44^J=@p94LQRk2UA)sAx24S%(8-NuI(PYB(LLR0I=QYdEgp9h|3t$q z-Lr&w4>IPLM&iz@hHctr)zftY3nvfSD}@{0dYcw;mZe)hZqK+`&>`2&!?S!}EO@1A zePwgD9z6F|dPnghcOV1%BV9-a`oY=e%P1n;6Vpcn6&i|IxP!@W;$5%%eq=oLO2FY) z3dPZHot%XIFBJAkV=X$waSb+~=aiDAwTUpz2pr>KwxH9rIXQh;Vb1}XVn zT5taSWezONXI1;n*hNbPTbyu*`o_b|ux;AO%4y1li%+PmINfhi#z+$rI&~(2N zo21Hl^Wf2*w>Y{gSUCRLNmA+Qse~2-lxou@p&f73m7>qOd@$DSs`To5&M&?9JV)_4 zV-|Tbp2pM(2K>@ASNDaBJ5zji+@sLJNuR|!9+kOz%IWAEds(d@C#<7)*hw3& z2s-7yt<;z;u*7=Uo~e@>p>x078P{Lq!PDrvBU3>G#s1MupDRDsq_(-t^cv=X`Z`bU z{s!JbwSdeOEOLsY%!ZO``vp0g&)3t3Oxwu&-Mw|}P~~J9iM)ydarfQzSlL2`*-(KQ z?b8M)2>on=KR9UN;f;L$`lNYjk+v&-$Y}Gk$b(gm1O<`f2cN2Gkyu|MOL+JEOvdwr zx2d-~!FMl_(Y)8p!-v{vuN{lcf3$8`Z$+cFCc;)6U?-~UE-s1^q&j4kjjg?vXQz2f zrCj((?ggg8`+2%qSMu`mOy@uBb;@TbLful}xUx}bh!RX2mhSYix<{+vD!oSwYd$|c zW=||-pAz3=PUSd~vxIxTus8Y5+-CL6xw`pODd9mE^}Ew($v2$)blkOVs2|Lv^L|!* z7K8R*M;$x$WLC1D&tmj3s<${tfSqg zv?O@Qo9uhk@pYX`lcGFABR=Gf({|NYYFC3U=2aydbAn$lM|C{Opr?m%e-<~E?un%G zj^~R}Hp7BtPKVmPH16F!Im7RdLzXw$<%LD#Uh|5W@@xCMc)2$gtO4Omt*;(T$GkP_ zG(H~1cw$5FRyrV_s-Ij#ALG1@#nd|%6AEw1uh;|Nfa2BN7cjZ-xrb5KS zQ7>!ZjD4f2iR+rgx@hLZuekIJ{T{a-tfW+3|8TzXeNfn~V8XY)Lg%i_yW8ChS&>BL z6G=&&{6B219m@=17) zrrKF|A#0*2b*FJ+cFC=0e)~JIL>{Q?bInVud(L~eeg2lN!9MQfS7ao1OveOEIG;69 zjqTc@j;9u$$HY#)Wl;WV%Xuo;KB@*^{YY2$$z>1rT!IJt>!fnR+he7d4wSubeU;x> zjelHxPeeDHW`}I-6|`(DC$4)LpT)ZGDV;`-jYB7udx8gY$4Szbw1tLWV2zP7+&vtg zC-{+Bw)mhQ>b3~WczzrG=$CI_X6nD-DRyBs`k2@zeMw+m8??5(>T=Vb}gE{PGNZu^uuKFUz0p)jEt3!m94pT#0sBV!1~)0>it(@ zb8GJKMN!k6o*$-a8)gvXdIWu z3D0hI(%1ajB4b17;cG`ozn92aZyCj`D&BltR3u`!@I>JNY0jwA%H`#~abmWa+e~*7 z_qLtSb+E{nym_>Beg6kB|1-GjOX3$^$qw8dPkfOyv+jTYOXfAlXmpF-9UmTN?# zUOZ^ljt9vM`%DO}ZoOr<=5YDuN_1lSw48dj@+o%4YbgOiMG5{cRmEw7SemRXkIS8} zXCIJjmMAxJFYM?p@ne)};IBSF@1|ccl!KkvH`5}~cH!IX(pNr_2UzD4m&=^kP##yX z>E9~$v2dpI)!rHMrbNA%BRzM4eDR3BPW2jI_w$jKJr52j2-<(q7%a|V>wV?6%6!9W zMwxLmsrF{7h6!`j$d{KhnPG)$4QBec^Z1ij`%i`{ex0M;e{ksmX+Z?tBh`cKwD(nd zaC%dZye#M7{gyKLzJc}ew9WJ@#UKXX&o-G)odl(ebo0~iE(=nHXwmf(PE8#S4MwNLQ!%nQa_4n4k9>C>;(&7_l7 z$h@l(Q&yUuiEzdCch8j;#vfM;sz0acM2G+OR3jfn7H3_F{yI~2Ldek8?ZHdncht#~ zOpyA$BRWiyN2qGqe>tS;OG(DEKLP!W1$m$LfZ|#mmd@7@Gv2BMV=Ir#6>D3Dk`Kf; zON-S{Bs5RUAEI@QrkodOlYXK*MrgI}kv2kmJ=~RYZQv-}q0%iNjbV;l zPl_NSerMr=>WiXYTMBD$i!)kLDC;&c-|VM?!)UTJv#_Q6X6>(!bIGh)`vtB0T>N^< z!9QP8g_p1X^K0hI@wYNw1v5RH+Z^@(gp>9`4u6o2*m8)<(vMcdBhWL3!ZtoeKXB7b z$Jb?`A!C#+^Y)QW;_f{xkL}#R?@1dRmG8s974y7RHocEwrg+9J zH)qSch+4AaCE+#c&)FXqLf>m`9~-9Q{7U(vnmra@raGdGX#VQQ58dZDbY)YAS4Qel z&m|W9`926;zs0G8PNV%iuo6+~ksLy@eku$cj%c#C^VvD!*W70_Gh$frNlI?n9_4*1 z7oPal&`TSOx_I9F(y9VFn)1c1c#q~~vlF(p_s?yJ=UtQ2WsXJ9-#AZVy$~Sd`^{34 zreCC+)0_xvBm6Lbibu^eLTOVQ##F6s5{uli%bAbY(kWCMdg=L@Z#R3OXAMl9(6Smu zbu-_Fox&Hp2{=}Hmt0#tKj?2i3f9G6K0(Lw{ruU14aR3;%&z?zGqqG+dezwsEhPm; zHLZ3}3U1%Ku{=G{sWLGTaOv_DrTrY+IjC^Yloz;78w5?Q1WgfY2WlS|84xw zC8>17ajjZ2RaqkGv57C&UI|Ma{rmuhl`EW=GIVYBoeg>->am|(Q|r01nankkD^=oO zZKloRs~Cf>A3xZ9U6rGa+d|cxJTbkUnk-Z8yxgVH&b$QIm8fr8O*=Av#eN&MZzW!w{VFMx)sggYW z1<|(e(|XjSnp=tp(?~u@uP&|)X!d+qw@7*uA|#$1Ca=z);=Dh&waT|+>)Z6iHTRYo zN|Ke=)L#Y`yiW()aZd4WZCwdpi+R0WANNf?1*O>C9!|)!fyXu>=VXwXKg4QZ?5UZe zzV|bM&Rr`qdXi<$@@Kr&8S;MhZQ_TEjvrGBH9KK2o8bK9enI+Pw#}i7`#e1N5OzPk zma(4R-Dan8gnM8tN3dkRh8C4|JJ6+)sfkUB|0J4>MxqhduE~&QBD1hrq?+IIG{JiR zdFN5x?r_%YQCT0ns$>8seCW!tAPUY) zZZ$U-z6jK~($VweDe-zf$2wOU;l#)`F`sAn^^_MrQ=l&HQPb&`SB4bHOU|l;TCSYQ z9|u>=&@6jmutcNXZcGKs)JOj{ID@7sKSk2KVq%y@JwZku`#VJvPT0o%I^!uk2IEpqG?A zLat@NAX_aP7Rr;?JFZU+pP@`lHd+G=nR;$E`;ZiM@3 zaE~6ke@nDtwrAhSHN3*I8+ARnrlJaVPGz4+h`}#nEfl(2v-iRmRDf!gvHXqk>|kp-E6FF9R=M)7!kgL z;4^&8&Pb1tI9Z7>>L{zxOW8S?(DShIuyL@;xLLSxF^cY|7j`f<71WTH-C+SnB8=uv zPWFQA?5?h^Y_8mFb`ECjoB{#@>>OO|TwJVxg4NO8*2%z))z*;-vcT|=HgPm^u&{Ts zu(PFyJPi!(oSj4%8Nqw{9p>Pzk&GL7xFZ0L5%!Kw#_S4UzytIF1ngWK9A{WLxLCOa z*mutdZju_CZ1yPJVMJ0}|lyN%6nGaQ{{Tz<*>;|xbFa36_X!^F|f*}=#} z#>K?eiD|b`duwOM-7=jWP2eL0x3#e;I{<}9-aSW7L0RqR9B4)}3mbc62Bh9iX>9b9 z&feL<8lf>ZVmGliu>n9F0cXzN=$$M~e=X2&`oK5;0s_SS4|^e45W5OW+Zj1S zp$gI>j1aG&v7M2Hu^{r1!^D8oh@X>#m4n~Vkd?>Cl!MiPlL!3x2|g1per{t^!!w2^ zyI3jMIyxEH8ks;=fH|85;A6nS$7jUD&%w&Y%V)sKV;}%n81Qki8gX))8X9t$aC7kR z?P8(oU;%c5f%R@wkd-lDC1A{ZhEIUkkd>R)n2(j`j0rER0Y3*ntBJuG9$sz}UJheJ zBZL)P2SEun1rbIrHjZCU)T|AhOzj+O!1l7RHMVng{Pjx9!p20?$pD&-laHT=lZS_& zSAgRT2j7`p^R-PJ9D$oduACffTwKU>V;w*l z+5Z#qzc^`{+qv5Q|HtPS=}#^a4ojKj);M5(Wefj4M>|s| zR|5wV2{YgWV4cC{Le`m{Wyk+c{Eo)e+ypuo2Nz(<$;v69#UUWb$tB1wz=&CGu-q`h z{?Jw!#vo;7!QJ){hA~P|0bbSAbhfv*wlHz{-A+IJ<}Y-+=I{9Ef1AFW3^QBG&fXpD zVsj@|SKI$6{ttv04oVhACbo`t{|WkT5{y}PB_eONP{ zP{&b?=zwM%&rnfL8nq4oO?{Fb1D@=&m)8Yzf_4i#TWEQ$IH>gWp?>zW?+<#1)y+{#RMLiGx`!di+$!DvpL* zP+I#dM4D0#8grU=COpj_s62t@#z|+}lE95DW%n9=PHDM_F1vM5Kc>)vpGMZ@5zooq z&oAU78=M(>?$w$P1dBONUYZ!HoD`T`a1R}FOkRsz5%!v_l*C0vDK2@4TOD6=;VCJo5Hv7ZY;JKbTT@ zV%j@9y zrsAP~y-SRu=z(*^f6^>S{DbBP0khm+Ui{!5#QQrZFvhn;5qCCFqj14Tiyde@n6V`F z&bX`?4<&&{N$UM%4<OT^S%j5jO703&4A!A@4`V1@tCvm55FR;1D42`J|pN~gka*I2(b_o5_dw5 z1XhSbs6bwblLsh>h{A|wKqI1oC@{viL@@n@5SjRk5C;(rG5wR{UkI@fWgsRD6bAI) z2??x-yP+ruMFQH17?=zXfX9c*?Bam`8zBzD5yA9>khlkE4MhE!5DR6%nlGUi5Jl06 z0{Tdx@hwo|Isu3%U~>sH5QT^a9Ow~3JTTtD^iM)${4YWrL^Oiw2gmk zp+RIS9uNgFM*=%RLRn}hu!{cFz)pxVfCK7}ggA&YOmOXh#Skt3P8h`NPYpyt!boT* zpbsuDuoGAu|2}-M5fBC81L7WhOCTE|fU*GrH3Mq~R0!V^64K|BbpMrbw}}5nh;N0c z4JGIyYX3`gc`*ed3iv;Q337y(AR&TDT!$%#1YiQ&@$ZBH6Mg=kazyRF6E^6nLDK_Y z%7GSzgpzvlIKX6jYD_?VXj^DFIQ|zQzyvWOm{5V`|D6zE@-1dF`a35;AU@R~IK>VE z2V4vZxCB30lL_U==;Q#O0j2=P0~Bh$#qA#(;KHHYiDoXa%EO0IXLTkG8KA{{yBn(V z2;lOeGN^klR+hlI^h?FbT{Qcl)?o*G937aThlsyvs7mKYD9L#9g&Yhp4;!lrD9PaT z*kk$q4h+b{-UbhCN`x|&H=lhf2odx!#95IYd5Awlfx$+fuMgG>QQ4LOu`a5i>Z;Cp z1Z^2@4>^2?DhP2ld7UiM+tHy`Q?i^t1s>HOu=VjaIDke!+gO@;*IfOzmgcHqQ7-09 z-R82+Biq64ZLw}mP0ilIi`8Rn29Ob@oAuKp>IK^Aj~+cbcr{w=qrMKXMg1bfW{}0U zC@ZA#jjH9yFgsw0`J8+yvzK7M6_^^hcnr6^7??&}{xxF`Nbx9?3E`CPUgTM71jArO zDyTGo5l&?E({?vN!*T^WHT#1k4VGX$>WiBiC^UdMsX84gFz*?I7VquM$7dJ>t^wy~ z9PYeGgh&?;V@OKec}Uh-Nq~8{pCPFq^Ke`s!;uc*BrZSco^)Fa?_@r7gfh(Qqtu-( zcnCV;P7DhCDd}@z^Jq{{pg_5Tfx`fN8tCF1#g=^bO`RXa4Uz;Riauk{Kc;Ks#%_v% z5Cr_=pYJRrKz9En9IyxF%x_~v`=8>#rUcf2qClAd*pcigvP(2Hhi}xM35h%Le_-T= zn1PD0%mP)K1T3>a@r6-Y5(G6kW{6A$Wfr0~f(zh)X7G)YMa&>B4}t|4LmUtnWRJnM zXNNszjBkO9i~)N@+%EQ@ngZ;97YErxal6@rBmvmd|4|%d55+_FP`o5HMjQhO`aju2 zv-}rAkXj{RRR`6ExF8Nt)d3tJjQ}%%+71~*9H7br?1;NDxIi37*b^gW0JR-5hBzQD zhy&pI#s2p(WDmvtVy~vN5P>pvS^V_I?fdK_G&YK*hDq*5Q&Ur*ggEI&_de<~UaR28 zue~)~2}?PIhf+H^y#4l_p}9FrPrh#YA#sqnf8^sIX%-9Q1WdANfS^Etf@4^ofp`ZK z_rD2$5#eI!yU{cqM^nfj$pVfa(Iw1J(jDuLpQod6cX?2p$kWcooDW2|@sD z4v~Zp%0~oTAOu5Tfzbm{?C8t`u>zf8l>{V!5C|d~7=r2pSmcNB9})mHBEh6bY-zH@ z`}^|a(O{aIn_xC5$rbM2x%0y1^LrBg$vR7_9pO+tU~X8~L;^*Cm3Dx@rWZszXced@ z2rdxzF`}7HuM!Lp*e~t?Imjmq)hPN%HQP zqapfL9O*6zK=U0{0ZS0)pl&QuI?UTL00#g7JL2B}K&$*BHBi3VD46hUKcv;u0U-vn zEaeJE~Saa|acHL1LI z0gV)AAX*t9j~YDIiwmJ)fl)yZ9^BJd#Rxpyw^$Z*?0Py~9nie;}%N{wUr+uWSVr&Nv|@?|K>(NWiC{ zrQ|ht>bM_pvaU0Tm`T7OfS5z_?oLVfQ$QGT=fxcXN*0z{(S_;wTk zYXo-x4qA#%5P{^GA8;h5BgO-{2RH~U2BEHhAf;3t?*2x5dAf*6DB-@HJ@2hPJFN<>i%N)YybM+vpx#S4J|c)`jP7z$*Y zU2y)z3n+wW3{;2tO%|y`fjSTuEH!~Th$Ru#K-$5m38VOqng|?#5gdm=qd|li;4uzZn18@TvNclM0!=ZH5oj3o zAvA~=mec?mVoC@TWDg8X1P)Xm)T=;KjQTL?{N#nCNf5mdI2cp@0UAkXlpQRmD;z$y zewvx##y8daKJRxuX*di`!)HuNN}3Rga>t)iPUJH&dvr}osVf#9hL*p(WJTP8E9UHv zH{|*CiM6%$=`TV{q>UrD&XnL)9qLrcNQgYLy^xfnop*I}>0N&#th#|7Nb&%uI*5JX z(b?eg*7vVw)h@FK!87EP7#=KvNC`3^EWDxpLGlGkf(JlJc+7^$&cIlp&PJ332?-YK zyZD2G7oIpnULfXy`Udg>4`8zW!3&tuef@lDObn0qkSuLZ)*~e)b#>7BU2h{S z>Lp-ahv!p}4Fn4sAV`S;3$qu34KxBE+QB1cm`l@kdxnl$Cx6Gk-a^KcHspJA}O`5%_tW}H1y95zwR?7vT9wt%{S>@ zgP$gK;zx${r@jj=J|>8)e@eglF7!z-7H|_DHL9DekC|wFR!4P841+`tNc>s;5B$pO z;ADI zQOZh6#>XYIB|W;blzV$;hl#s*7B??@v-*_IWzW6cWd0zwJC~JzYjs$#;mZJrI4KGq=Gbo3F${B-LQ*yYVyC_b0SrV7m`EgG*p@j8lmPsG=z?$oQK)JJ zc?A3(_9zfHc+>T)c&Nfg|AP0@+hq>m5#UT16w@&10VY358PEumo#q0V2sS~8#vllR zxC0Xo_yg&dz>Wo4z-9(1%8?cZ<}?^v{~|!G;XiQz!ay|s!2z-!a@>&tlz<%wl#xM( z(OKe03&8{uJq8>!E)4Q8p}>i-_386Gt0VQU@i(@R+Yik#FFFzsU{F461b?WuBNhNF zFV2FM0c_8H_CjT_+QA5%EItoi@*xl9;RJzLM$sUC4E@Xi6u`P{MyC0 zuh9X)6)6{KNJzx=R;vs;I*7JrX4Jts#?tiLW%i!{o=rAU-(h9mB@St+erUB5@Hj5& zoX>mvX?B*i$?^0WyCh;eaK-{x3K|1sBN&Ev5MyF1fmIkyPs?d-gcgRaf4r9(Gf3)x z_N!$f>2W8V8DKpN=#kK9fIboEY)b*#T1+p%r1z<6C_E zV{!6ABJ7zk<1Bmw5i@>Ln7=Xf(G67}_+bOPGbU-QGNPpXHI8nqnx!QFH9pi(Wkb1Z zenNvs59O};hZ@&!T|T{o52xWSSBUdVc942@_(v8a=f#r1ZHr+eLTxZ8i7YyZ->^5) zc|?rZ4%h{T^q#H|XBnXUPEUiJEF%FG#?OYk|L$pCdroD>kF8Cn@ROK2tqi(0uP@C! zUzGPqmh(5AV=6;l*MvcID{-4MtmDKo9dEj8 z8w6r%sxJ6?z5kKj<%o!gCb6w&Uk?NZi!4s{`Ms}kcRa0kf{61axF?VY?*f$NIJ6&! zApp~bP*aC2Qr7vrX+ugz1E?pD$0Yd6{~Wto8Kw+&+D_%2;(4ca`mI-z^q>HB+P*g$-6g#7W4gKsQb}Vp{FWvk!rXBVbe;{X@lO~Qyt3?I@k>s=tocGA@9nw z3y5ZSRC3I&mQMMNq=!ntE&($8rV4ii=*cJI(Pt=#WK>h{a0K6_W+?DxI3l$&kbsO? zGaSi(zK`Y42nh-Kkg_!&;TNSOKgqSL$B9~rYIok%E|GM)qo3SNd>CHfF`_+G8ApdC^=zwPaPU_nZTT_^B5W|QQ z{6>oOQX?9Y9?dt7%suZb#q-~3_hOsVq(UBAmQ$0El{{7x6V&;Kj9MbM|8MpAK`nNuOH5!elpu+#vm||K!4rLvp0|%PO z&tDjI#})4qT^o=2oSU5tLoqI}9&Fv9p^%2=AAK9B&7gfj7TwjiA^eeknE^?~m>vxF zNB``*ezu38Lxp+J9|*(rT0zJcB*-Br$Viyyzr=uVnh=pYEgftX|ImXGAYZn?ehk(_ zunPqV_h(B6I?vxl?zDGD$vbC!1gxpx447AbQdOd7wzjq&&$pfuQH7fjUN!)>N8Io4 zo!>47uup+qB+O-Szw_*%2E0Jc^t%Q~5db?c6cf*{AGq^I>OlRh~{2584m}eL@ zV59q2{@{)YzSZN$+1n#_AJRf-!@vRTYe)H4EiufcgVnCh!!_GRjmVcf{}2aR|7co4 zZUyTH!!~FI;b*8l3;;hYfp76U571}A9vQ;}9zv!GiEeyr{0uaJWy8N-|IQXz2jm~n z#Q{s>!o$LzEI$|&z_Ngw3M-~}$~?B)gFu;t|D=6()kPKJvO@B8cs0Jn*L2aA;6@Ny9l0IRnh0YECq zG8kdVwnIM0p2*+3cdyaf{KsV}hznyoxGTX;E(ihEMmwcGFg09yR-_X^;GzHc*|!tiQ|#?h6+4oio{pp~ zNvZGg1EeG*!{0v%G^VB{UcOAVxw(0D*n4FkTtGEzm3%)Jdq(8$7gDqXgMkZ9h&ezo z2luL=F+r7%mn zF=K>1xb%athXwji_CVaPF@`-X$bVxGHem+5JNe%TffIonR}hyZa>el%E-;pW*S8QH zV9midnGh#%0mKYH*ayLh|0JX#MwPhTsGjYC4gtm%yKp zi=Mz&ATD_3j$C=P!U3LvO!y}O1~@ErpgdStVJ2Y4u#iFU?a0^IzeD)X7sv_pZ!;0U zLoS=b@&|xMCGGn$*%>K`;4|oK;C6xU@dl5tLr;3=KfWv-9KLi5O+;h{ig)fq;G%`O zCN+D-&pRq9Ylef5GXA0FA9qqwFmi( zLY>8;`T1D`i)Duf8-)r1i?BnZ2mXW~ec}Ip{)v-{^^0RF_77?-@l>2&pW!^=_PiSK z$Id-xAwm>Nh!E>lMOpv~bxI1k)QmNowC@htv)<<6gu&jVC+u+_@j{ttS?;@ylX6l= zl8{EqDjyvq;R#EXxX*Z!xQWG3T4Aw~9WR~pIn~W5smQsr5&ru~>>}OhR~}Y>_HO@j z-p=a78EaSP6{i&~)$JMg<%ER7=?9N|>=v@Cs;3KHRLwCjksQSLMd1fViSq<{%f?Hf zaK*)$P*_btC~SISJ#6Cojw;$Cd$EXpQDf97EMk0CEc`3x7jNDOK;es{uA<@8I20~N zSt0m2B`92a-^Y03C|pTJ6gHLKyYvtAC~RW!3pn79v|}i&0|hg0t`eiL@aYS&h*5qW z2Ype&Jxia?006ke?@;)@;^zCrQBpG=PKR;DQP|hPjbCy4GQc#=SwxT!n;yX8{U5A9 zT8o~ahPX-gKw9gRX6{Hw2^s6jSHWy)MD(dg{f2t@EH6Kan~pC?{j!u8TlVILdbINg z)#*}4e@heHjo^G8Nr7X}9wgv-iql)|J9<~&ysKN+kMe2#F!sU=qOth$?e-2%nSI~t z1hyVgE|R%njrU(V3RZD@pK)W|lX?RBTh1{O60hg-8yB%y&9Ls{ZsZE|rD($ENWBrzYf1cK*j1I<<7Y%UJ5c;*0>k-ucU(#E2wIIi=- zX&*_{+oi}flgh@unr+JGyK>CvGSt~OZs4&d$(0NS)5OUISL5biPZ?sAR%1?^V8&Hb zuA|Z;r{RqV-g4MSe#9}*Wrm#fy5=a!-ma+214{Qo##yn1#ER#W?-;-R7J+Y65m+~UW*cRj^+A7tAD*s@-`qo=vlNWfyZ5*=)ErpU5q z1-%eGdQV(%Ec?-Z$ZP>HYo^SKBct`Ey6rO~-NkiJ*JJu!S-+8m1X;0CJ$kN-CIEl> zX!mL$>cQw<%~KARcxp=nhq6p=aqoTgB-UZ?IcB;B*AU##*Du>Co|;QJErDwixbZRs zwcgyPtN4ZmeSsryc+y9fe14(ckN?&2RzJ^3DqR8F^Ba7sbvIUt7|nwUsZGAIOQXf8 z^wh6z9n#{k6>IcLk66X}uJ$a*jK<`{<3L~1xf!nokukCBsknuby~N@{_o6M&dVQuk zNs0Z5=XS~hYZx6@&(u_!$m`tIsd{>U!F@|&48CFOEP5K!IF#-8#bDs#(=ml-9zMMSbp9QJB;)Vs$g#z{u+A%&4 z+;bOwYP%mSU#n9Q@>wJ19a_OJe^Mi>S35s;B38_l$fA;i;@jB`r#NDXq(F}ppq$rz zR_E$bIkL#fM7`VZ-$?ftJ_*VxQayFvb5k`pyYT7aJ$c*0JJbtIVPxcY;t2G!-i>81 z1j1EX4@8|DC+gMUAMEa<8&(PJ^VnoQHtni5>-=cH$c7fNt7(Q;D4It4?RiyI0qP;} z%T-cTs2Fo%)Fw%>bFQ=RXV%l7?pf`i%bg86SFJNxyME5HW@Yr^jci&L(Jhvf0&9=E z8`HpTx78_ML`P8u-~Fo$W>?71T|RYrx@T!iPOEN_Rw{hvYgLNirEAR`mtW`H6=Cg8 zE9E-oBY5q4stV&m3UR&Cci+kB&DH%=8jpr?USYPt_u!&iNZEyJF z69gF_ALja=9Lweo0_NZXTjkYZ&#_F~nx6Al2fVJ#448Z4xHak{6}gvRC($9=_F*};Nsxr;NRDk3#6 z?FdV6>&FbHm1>cT4IY9Ew+$9Ub8k90_oU;botCaE-Z?3C5%oz zWnW)}?O_vR8OsiUN^N`(1ba)*s^yEuBd4|xW+AMq+fsVUYu#NZM7K~Dm8oR-cUPw_ zz~#9HmS@YpN3W!&yPzbY;^HIYNiauw-0b>bV#QtU^q}_jxzk~B@pt10Bu&+xshSah zkl?nx4{I@buARcIFSNJN*5hg49>o(S1uEMK%Vu^~iF{(kMa%|z=fC*2)`zr*MN&zE zkl3-T#5bG&V!UJN@RNi+a^>UFxRqb!mq86NJLhl#_|);Nq!+i|Xz=&CKip{NAIe-8 zVhwB;bP&Gny^{EFI<~Foo+$6PvFyh3Q~m?4M?FC}Uv?8XIoqSbFBi$2)V-QFtWS`{ zyLq^^-)tp=J7A$4WI+w1bF^!j)OK>X1&bo(TgBVKC=c&F(u`kNogJTQ=cSceQiOKs z2H_`t#CFh1;{e&Bx&1`lh>~J;6XOSq; z7yquE;K(WO_=bJDU|I;_ie;{T)$vC~>qK+2#iz;X#G=EP=}w)>((>7SNFI0m#$E~B z+3R$}J&wcCpGkaCeIHCJ%ibvto~AKWE8bEe5mc<9iq6C;WzTs3!r-A{>$q#ta4h-v z`95+npTstAxrcHnZ1bD(A3HCxJC|BtSC=SBzn9seyXPvkTe=(V9ZK#83Y8yRE*;J} zbI^&=XTa>}cW9slh1V;;V+^Wdy7a?j1b59;V8P~!qvYt_v^w2IvS~#9l{)9Or z{@lX$v_Goq#Ra%@H|1TO9o>NiE{^bbTx7KOKYi{pe+)Ts4_^=m)5u z%s*UsrtwI(Md0`JZUn??QA%9DJW-f+f+YdMiyl7Qd#5i+!h%h)jPv&epZ8L)XygSZNuz zleX?RNwZu=e`2xHQ?KfT@vq#?fB7s+HqOPlddU{}L#BmFU-m*6b}}6cI_ca+8Jx+> z$u6D=IrLq?6fXnceYYdUelJF;D7QdFoHqVU@3L;Ei*qT*TWRf^m)DXE9hdM*TB=Ty zJABG7tz|fsW$cp$z-0G)L}597BDy4@=GaJ1*3!aR@N}xsHtY6!RON@EkX)O$d7W`5 z*~!yNm$z<}-3!~ZK_PKH#p65{ZbzCb-m4{-^ZX&El^%MtON!Uio9|@GpO%#%O!^p) zFS+rm@cyfhA59CVMk+2iw9duFRn2{}|HN)fXe-C6M@u6bhrZjvP=R~)RhTgd;+erdiuJ$JQ9!EZK)&41&de4G=Bu|dqS z>nRaxrV9+dd~4@7u7o+|Cbpd{&2sygsTu0v@2OD93T(N=K09)$;E-XsH)X`rg+d4S zbU7+YeDNFlz-R=%r9q*@^;cF;oY7w1)2zj$*hLPsBhg*DA%(J8&lqgzCQdwOsyvrG zi;lbBiksG`0=$$G_p6UB6Ye)hin!XjT7u9l3PqDft(>Aq@zWH;$6RQ>w%xTAB9S;{ zck7T^RK>(A>X79w68tM-YOe^FtOw50yk1MA;6X{UY%#bxseQjTl))N*Nv`1aM%RIh z^b4QE=<68bpkh(i*6!^6!8xUFpVLCTpkq}jO9zHI*5a;~P{fvX8`=ER7YKr~N( zhC0|G)6ps{k^V(uBjSbemovB=j-TH+)Z=F`0R!+Rp|P~O*o)7qW2?Xg&*2WzB^Gz~ z#(7D0?1~&NgHM>?9CsJtxlAhk=zNbG~#-m$?2Y)#`q17yLV+SMFB^eU^?W z>0)cG0#V=-tztKsB=%{4VfM16-uRqH<;vebd`--1XKa_!NJLFwJ(#7_p+sR1&hWqK zp<~_eo5{g>8zt+TEB%cI)WJL;E~H)M72Jp&e42Lt8+{two_{iBx zGT9W|eSO~Z>*@Y?gUUyW>hfgFZQbYHrw8AZaT8qzU4K?po&#s`{mWf;uxgU9;tMD+nuQ&w=zNQ@sa{J zdghASeV>q`S+fTv@2@jx33#8J%UXVOzdzr+1%>-4;MQk^M&upp| zHbF6j*#<2Mz-NDof^&RQ-LEt?Z&^Yr~Z=2J^ee5OWY{X^CYz1@`Oy!_34X+0VB zw9f|ErO2%rEf)_Sv=bbfo7V51`}!_-CSa*gxGwNcXT!qwnK`fed-GhJs`mIFBWWe( z0#>qD{ftu^xbFVf ztUTS(yhUDj`;sr42&Pp&D$&K)E+u}B?p|)NyiZOSjdtA*t{VE@QF5*ZJ7X!g&gz=G z=NDP>u3Dz7dL7T+r;IQ7>=Fc0SfcH%aa3^qQi zPta3cZ!Er#f?%rWlx@fK1YiD9un=MTJKlf|t zq(_{}L*1OsOy085YVI75F9%MFF2C$7U3-SFde@dT@w>6-`UtU=&wO~}r}NtDZ^`;d za5=D@*0@F#+TXrwFV?c!oZoBS|CZnVq)!#Y>EZ#3M;6Df!Ud#{Y6E+a%`^VIn@)mj zh4#t2V4*d@^+Js2GC9wUhfiaxkRM%9zYn|t#4dNA9l%v$II8Xk_#^mS= z?@>_(Kk*9a2%mHbt?3mvUa^xh)oE3~$E%Qu%U@K`-a9WLehzHFc;QBdf-~=Zb*G1l zWjsd>w4c8g_E}@}6nf=7RttFWK_27hZcH*O_S@BV#Z%I92`zg0a6a735?V?LPSIXB zb>rd^7dHUBDDO2!-xIi#t2?I9E__6$yos;G#x(T%b8l$?7n~_MJxzbctQ0HjFhNfH z;CO<~VXfOzOH2SK*ppQwZ|*C|-RWtt^6b(bGS#ajNU)~qH;;2mIe3)#1s`bBc|@pN zUcckx;K~cep~*=$=Ce%X2^A**)=~!6vhd&*b)oAT>_3x1F6XQ+QW9yMr#==L_l@uU zb;28aZ-XN$<=1nyPfSBUtnD$ld8s1WhF9@n?cJnsVPdst__pX<@JG|ofCRi_E!MY} zcv&_Blju{y8N>9^!#>Yt33)|gm<0Cz;oXGRxjV_dn{%>VUbneSDq7bcXk5NRfUm=V z!YY$&$xtdQu0MJnSDV7q4fhYT=buZPDh$`Z$d5Sb&ZTeSeJ+!(7zZ~WSY7W}kOK(E zx*+D?$x?C zf#!O0E60kXfI(hU&Mm;XH1_=^ySPYUV*JD4{O&GWjPj8d8WF}eiVdNQrg`~ATe@L! z;`JaR*YgOtTq}E87QFiOd*Vc1?1@rx?3`PVu7uM-BWry2`tIFDJ+}8onmp=$PBAdD z?yaS_pD&F2`Gz5@kZDwa@6s`7qoc?}o81sfdSKyP%N3el?er$^@mfaUPhhRHrj%L3 zT4%oA?a|;`)9Lae=Q81Qxh{&w@E~&kX#**H&=g$!c5a4yo2MZ2Tk+M{N0YW$CR_O62$JxY)h2AYJ;) zdCJrWfHYvDr}^ehi00GLiS*N5`-NML6T^Voh>@V zFuo@NoG{6Jq#EdXH2N^9YHG=|VLQL#bL5W6<6U*kZ zLZ`ze@{x*OJl(Nc`;;hgdVNT@Y`xj($?|4^vB0_hGXXc(!SQIiN34nid%qAI#5d*! z{m088tiN2yTJKpNc-g%=LYMRT zRZQmbZ;oe%>|DPqyJ~z_w95FHL^hJkwo!3@xk0KZ5oDr3hDaY16RN6EQEG4mOzo?% zVn5h7e?5=K0i z!J>J5>`$fz@sW6wFkfN z{J*pAx#zyS&U)+J_s%FiU3=HAuBxuC-Mi;E(=>!+khnrch6Z|X#;`_9@&rw5mQyP7 zO5?xZcuR4G+G$T{WOLPo=VEoAUt!Gwrt+(9=$?2U=jJH>8`8c!3>?WP^#CxX~PuPJwXLV0e+oP!IhwzQu_Hh>v z3%Q}!6-+S+J6&wriMUJl2N~_H=iG1DMnd@L#Q*5;k9QB?jorkNW0pz@7r6e3Ss3y+ z!+^@xu0oON>~%9z_cP-x^aE`rc1QPpxVJgEXk{wITz5an{<+`#M)mRcK4i5_Zu-6U zbDWFI{lj@I)&^s}*Q6>SZ(`7$`hBLyZS9_YR9X}av?0; z{M!`XDph@@gJENTX+7?&;ELO7AF(&9eJ* zD)6cxTgKH5oSnviY{?O#+x9UV?xV#P#olst>XR{huu^vlD!~{PA5Z84L6K z?T_wEOLBBfO1O%_!4#R<{Cxt6g2eBuLli9~96CxCeipu0$FJ_+_$oN-JfSmdX>wXt zL!S|^7jDZ%!SV+rtD6^CB7RaT93wfKQaL28Oi#?gBY5}zZRM3np}atonkvVLg}J%T zO-9qb>6(m<4D$53gHXq*F?_s7IFO=wot4)w6L+NjP*HsM`b{WF65o$--F%xVe2&SQ zKs%)#+`N@UG3C~Tg#0Rv0OsR~#Dq3T(lLDJq0u-tEY}g6W%;>z&)4~_Gxt4_Y2wUE z=Ti&YT}v6i6U8L(s>fMHsyzY2xWNbG*k%7{4z|A4XogC4VEgo~?|0P`&Ggo#}RR zYsSn6X$IplAw1kbc!Kb@?MZ8xI!krCYmIe_>#|ed z)VaPa3Tp2X()IM`H!<5{jLFcLKb2;g$C_Gx6MsBR<(^cTuXzz))6U+a%rXBMV(M`o2VABQ%dZg&lG`v+c8%yTeG%73d>H&_)R zCL$SUU2Xit3R$_Pwx;^Y$}7`DtmI9kzav-eahlZAA&FP%ThZ$jc~QpK6$-i{^TCDxY z@T99am^sI8$o=7Wyd6vBZ&!ViZqDI))-( z6v#<4$_z;(_hU9s!<*P_c?Z)c`%Fmc-w0UXI8YS6Flf7jZFV>@lA<6T6qLTJW$we8 zefpUACz!v8lk1l&ld@SeQuWCd069x?cTH{tuZGLY)>T?wM`>&< zHRv6+m8W^W$>qOPBVx4b*r;LklfDop$@ulRUrz5kcos16Oyk$sU293-cTMvcqww$& zzXG>oE*Y_mh3A^V%J5hvBkg$5qM}ox>#iadzq4T0P9C~!*OaX>B5#p=@0ySSr})ARR?7T=k%cu?oAwOGr<@%Z~&Ax_nFaP*+u1d7@P=PB`zC*=ZnS-hP zV4+2q=f~Ts^G5b9#G2R&0_*Cm50#A8*5^{@@(SbpXAcH8^n7Q@j1%1}y}*AVrDZ<*jee`D8_Wbmsv`!3 zpHA;R-&&Y#_iH2eFDi&}URQUhFY>T<$?mRCzL8Vgd^>Nlc{-c-P1huik68sdc9cGP zId#%#Z_}1t<(_cOPu69w8gKmE+j9Hsg7vOCdU7|a7fkRx2kk$mDGX>vud5(xrz*{X4~0?`2trh^$35w%-`yG5Bv^Z^Vz0n z9J|yotoS3f{P}|vD@G6BHirQjO7r1&?X>pl1DP6^pJHFS`R!}hgwj2E-xdEtedc_k zDeNX!=Uy2p6`j{}GrP`oUFdmTqQgVA1@@Y!8I`{-agrERlTMWjuxG~Am44Aq)ia+C z6OWiIt=jL7y!G|^Z`$WfoJL{$t+jaH#JUek&XHDRyk!{v)TB7RV{8;qZw;UE{@k3G zt9uo{6I!#z@s&%ipuGKS`=+pmVrx=^{+CBG3FX9lue&TAtteJ$d_J#n;_y19nQ>33*ZHJ=L=r>2QD4Qc$ExIo zb=IzXt}4xq{2kYuXL*JAUbr~ke7WWIYK4GKGI#GZ)_Qba%Hc5O6kSPFyE2x45vQDR zmtj*NL*0Ott@D$^2}|aks6K9r92ND_dlmZabMUNVMrz%cog&d3ZNu#F?u7_;)CpLH zpL<`?W1X_k;Y!hc5thCB^|TD4U_0r=ESM~H3~$45`!>FLI?3p2R_@;&K!a*rMkLWCuHt~b0mKS^Kt&yYb9l+gd-)XF(1$7 zw944e*bkijxwD(TR6Sr3M9oG%Xg^H))4;Av>D~5KGmGv}lyptO4~=!|OPqb`u2sPg z#X`2klJ-R$xrB4K=Nfy@26SzPYNRhlOq$l?K3bU&{K#6t1b4(${I5x`a}~}d7G)|( zdNA}XJW>k&vtUMgNl;yIcBB08S9MeMmV<*z?GVAY5IvEHE-@-KxyJXXed0rj-eFUP zWq-OlRV6&WQ^I1oJCtBDm-Va;J+p8{)W2g=&?4>j)8j*;3D>@g=-hmH-sIl?M@o04 z;KZ$AGt*zK$p);gdp4Q@ZVL_v>h~O;7uQ})y)PxCE^KjcKdU>~wj1(!cHwH)qgIlR zx7~3n>JslqcB4(tC(Bb+x!X1{)LCklF-&pZkLY;JxoRNPtIpWL`eyF|!vn7_yz9*y zvm;eGde)2^Z=~HTr=E1W6lU!CZe;XrFK~Gy(3(d$%|xv9JDOTR-2>GyOV&BtAIJZ-i2 zv#ba92YwJ&Ta*pIDSNc)I+}pBnjIakoggn!@`HCNMIAoCKOI!?PE~&IY!_QqW8RDF zzG?Y3!eSL12ah(cOh+bo`k9Y6Zp_jZKO(Z1+uu)57_eE*3hhu45pXF=(n`Sg#E)gM zON*v*eNFsY?Xsb9yu6F6r%bWANt%doVuf1^laOb{#x3$2WTJfaN~ImGyM;UV^mz9N z@b_8RYp{M9-mi?f`|Q^`S(N4Uca_Oo#xah`uC+$}HknGdgz=3#_(Wk z=baG>w07(96@!Em9=J_$O{uDGzEQ9&ksfS1!)bhcs!}q?a3|m?HGjz?rSq2;@bz( z9Y5cdiy)=sxe+8dK0PqDePi!Op5BP!GwG1hM-!VDJrzYRmTF#`yP1MOMn3jz%q@&^ zQQ+Ddo$a&JWtTq_8D2?kgDlsd2zliwoL2NyR#8;3lIChkNYC(<+260?CsI%+l(H+g zUAadygIH=DMn12drFI@vw+rYOG(-28tGdlcGQEy8ev(7E(#gD9?ombQmI)73>3N~f z@oI}NFSLx<75$Vw>vciw0rj=FZn0Mfq;=2-ckuKjp2Wj)z}d3-7tH`g2}c$UIv;#! z-Y9-f;WOZAYrJ~7btLdZD~yOoI61eWN!&?(c35b-_{iVfLj7+7*RXto@y zcmjPeyYomR=qa9hN8AktMt8#=VSH(4tIIX_7M%|$$F=9Ih@3+B?)NyR%*}Ptw%ZKe zh_8#?daoQ-GZL@Leux@3P`umvrXwhlN=!j}f4$^QtZqe-c0hqOQ3ltj3w`@JbX)!J8z*Z(saVfSS$MaK|NR1UcI#iU#tUDU58LzdLJD& z1=bVX?oczAzWZHmYnQ}6$n`YDmmklpF?hC_#4uEDBZ~LP2OfY)e(G4fF}NHNFYuOM zRb9~~BZ%jsM!j{EiKC(9vp@scOXiN-| z-4%}Nj;4lA64tN-5IYS!4L|Z9Hvd6(1^Rpcmw(yL2lm%tX9Hn>SOlFdOs!y#p#Nas zAIw==8f!;GTO$i=C*U)E^vKYPR#ey+vqzDPfwdLO4O;^fQ+wDB#KG2(jhCAZq4jQP zsIdICvkuD*0|P@lI~E0fE7+96R*#pP7B=6owKg{tp|!HMGW?5T`C}jlEsc?>1#F9Q zbP}nv*g9AMw;}A&WBusSf80KcgfyapilKpnt*N~WiwtOMk5nYBEnzDRWM`Vcgwx%; z$;Hhr39@WKcN)Zhv@|Z5@;`7ivMbYF;DrrCEDT{o4q-N9QDGZ>dlMQsp}@sO!^&BKp5`G<#x52GlQ zM=}ta=WiaQ9eGS^S_(X{k<^jSu;~sB57^1ii?NHJm5&1|l3e_(oV-V-^0D&sK@HBZ zgCqD@`4E@DX?`ArVrK__9#%eHP8u$5R$eX;12zB$Hw`C0E3W{Yg&G{?#Sl3TqSh)l+ zUBS-|d=PJN5YF-NU^w}?pkYuIp}1Iqk_3tidJrf9@F-9mh*I28gHoOcLY)KTaMN%L z9BBn{z|JQL6c-25hpg-Z{50GU1^mGEH-+&5hEtv!+J?YGB=Gz#i|Ze5KkoN$2t5K72!=4R!GApv2H3{8F-&OcEEHN*-~fCE#5 z_yiMqFd_Db2RavtX()N1%P|!g0qo#s*pCefK}Z-JK=FYCp+p>qL>{z;I25kr!$cks zNMrzoL>_n^6DOFy)KY+GLfpv-9f=wBm?6oJG3w|T2hs?*>MuTsh9eI^oYEz%T$Sge8({q34k- zE(t#7h294mYMgw)3PwVz0g3}je=ukv8*xB{ae*%EtQ;`>5DMG?V*v3KFv5@likpK| z9>NEqfCDH=ptwLJP#j27750K;t2QmC0lAo0yaX!dm z7mx?VVH-6}JM56IVdx7$XCpd*HP9-A3`RXnA{9U~D55&}8G;T(1I34U6G^gQ7Npd_ z9Dztaa*37#L^d~MTuI~|#sl;MbT2my9mrguG^A3D6L?^3AT_SPxR4rLha5ph1~1%) zU~~c(7x)Re4tYP4gw&444{-fyPyWw4D8T+l0q7iX4bpoMknjfgu_Hks3-TD;cHju| z|A-4}M+(3@+<1`FM_fEGxDf@A_ajM24O%(k`qQ5LpLZCPU@J0U|CG?_h@qI0n-2z{ z0ML?{5_6k}`yvknE+iWs;1NLX6WjulARM-$Lyp3Y9P%MDsle1A0fH;wJfP9$JN<|Dy$R321r5iP2XcQ)(S;mH9uLY$8)sm~rZuZ0mS(IH4{*mpqy}gx}k6TO-Ucx>Z zRpcXa>|~f%bow>bVA&YntM2Jc*_rBrH_-}e#eu}DO4Ozj+DzZVirRyuWNw{&`VfaB zbXn1cgTD9d@fV+aDa1ZaIiijDHw7YHx7q}Zr{+amJ>@PWG|uNfDVrJ5sRY=6-2xNABsn_2jA~|$%2K;KJb%- zAD*UB1@IaBf3y6*$S)^+QP^*;*sRMKk?UAGw#XJrPKWaC&Q-K^i#;sal`71RX_yPj zUZe9uO+~J~Ba+(}-Mm*=OU66lhihNIVVr4qN)kvv?&PkH-=7u^T#JVYN@ZZ2GmbQogr zLOJp|IiJPCdm)3uxmOZ+aVkn%%@ozUwO zJ5=>ez5}f1b|7jE^+wis%U3^MZ_BRtJsv;y{N0jeQfxw#Fcfz0RYgHx6mI!V6xP2x z`hoVHv2&53<>pXC$NI$xz>P$BIwsFyNm<^DaW9?ZI`9MQ{3a8IW}ZA5Sfp(C&;Iw$ znUNK#vK+clc*Ub2lVGEsWUN6^A%e24Y%wq+<2qdjze#*+%;VLQ?p`R8#1l3tXz%IO z)C2?CEG4gmPaF3bzQ3Mcz4A)R$K*MvN!XNQ-#JxiH!xqp?6y*<4fa`0np;>8xH($I zxQ9~mQ;I)0j*T~Z`VIib37a4SqNL*kh_MNyyiwTvIOnQiIdGNc6L*yG>U|;E_*U(U zq-RKIJ`p{@mZ8VR6Mw)B*P0CW!nL=(;97CwlYkYV2!?Af@Rh)|#4ymWyu2ylg~FAB zzzJyx&Za?m<3c2yq<=*S)$e%h1UB4O%~qtf@Es71sQE=wodCCO;+4%l_)7f$d%o$qrayQ+Zd zfh?w8qme?6vAvHcX}lg!r#)Wk$C%7_*5~ZyQE30|!g1k9zQU&@IgzlQSN~=htc%fA z3^1|BmiIj$r(;|ihUc-zHDsUg9(A@pTK^!a_T zREyCIRT2_~1vY6yllex+YoOYF(uVY-L*3AY2O)cGD|xj;1x+mYtvxP_g^NkwIIX>1 z9a=B@ml?+QeYRrKC2&|8vi)}1n#HQ)$6i@ZP1)kXpl_Sw5_`qrRz*FIb>|g;KgNw5 ze3$7ZqcSL&`H0i{#i0GHSc`?Xc3=;k+~*iBW3*9lb>H5T{A2+`c!0NJ(xouFqpZF?W^gyF zuhpt=tKlP2p1VBwH>!Xmg)JzAPw2OOVSSpwcUNO3H~c~6`&p^U-+C9CoG$T8=-N)b zD^;XDOWl4O8z~K$mn_DwUVYqqXd)&6G5SlBfai6{ zy2qkM3tcrUo^;&k?DJByQzdGpxtY59OJ+`Snr@aMIuBDP$vuYV-v=9o4x4TEZnX{f zE(`=ZT!whLobK9i-?60cL=LZOqiMVprHPiZ47hKxg2VA=>BDL4c zjg5EWs(V~1+h?B3=337)>G8DR(vaCG@2RT(efTY?UPt&F^})|-vuSAR_g;&@^RDc< z(r=e;ZY&hiNpJ7W&EN4NR^j1 z6(m9zXmfii*!Af?4$4tik2_)B;-9mbETnCJVc??#Uk9Dn=hrwm zSV$cyX6)Y=Uy@An?Kf6_&kwF4t&er>%|AOFbjo_}x0i3`*b#jy&+0exN0r&8a>9;~N*luA(ag5^v(e$yo|Wl-SrF#krTo6bh8?Ta|b+#A|9ovzmwX z0%g7gD?*8~*NolrvNDrouM4iex%zO0@J@)LW9ir5XNg$U#u+;ts0i`p;2Y|#Bi&-E zf!g60%Nw^2sF}!hn!YJL7<#f%NF6?XAfZ#7y(-kTLHuzdGE&SlGJeuZ$-XsDBP-$e z9#h=4wB88`6ppb;dr#Z&L6G4>WqHmF!9vkm%dG(us(7oGo@azZDK$HclU;ft#B;H)n>&$<@ zy+UO^+Zu7kTH%?p4CB_lk%j(Y^LleJ?;R`XzUQQdb%P&nDmmGjEDql|gMNQ?Iy&{~ zGlp+ATD8YJyS^_Sl=uB6kKoyl4!q%+w>#0rIb>g#-ux|^{9~<-T6ef%m6@!<={JdK zdqRuGl%Ic}^GVH5U;c2aHnZtwu6WkefvI57V#C{~896l4o^NP$M2=%?wx@59?Fy_{ zu|?@@^kfsLoqk8x&{vl~?VZ}VR73hTE~{tnp-XnG{K4+m)d>E$(4T_>0kel1PRy|n ze<-Ju4V~2(JT<+@s$3(ecTc{?X$e0@MZN6Ros0)Qx(uVy^f^5bACm{F+SXjHS=wK! znza|tm9H6IVwuZ***)*ZT=MkvX)S)vzizVhh{B&OQwcgy1BT&f(uvRcP&Zu=xA zJk`pZ!n@ko!b5ffYs-^`4BuOg?~V?C#QmZ%|HXXukbGyzDl5N|qR1Pvm5CTq^fkh? zrw(~eJG3nle&WF5t=j4DG7@voE7yoK7$_>aE~GXTO=d}WrAAhb~4>rWR{UqYg%Na-3%~tgQM2Z9}4|LhNHJRzGZL+TqgMYV$@M zW906*d+e&NO>X%U^eeHg&}96ZElgz8kSnTV `?qv3z5F2w^93OFz4ie*bU2L}f zUEHmv8g2(T(r{bBewHd?rRYPVPSWr39UPUjEk&s~zniV2X@9z&OKs_&tN86SFf&_V zd&jWleJZ8?3M9aZR++Ky1T{Ltv}qLtMqKTdoz$Z&o>(6%%-r6g525a+nx8%lH&fJ;IH{v5kj44_SY;PKL#mKMr#5GPvzv9AX<#4->=} zTx|8<8?rsEHwO}!r|a9NQd>+9WCPTv}( zAvOF~Ss^*}OJ9LT{qpzWL19v-Z%WIe-`J{- zQkwDbm{pq|-0a}_IaoVnrIr+EXHTUQ-Ls(@U4a>zZeB7=aZe8< zJ%8?T?|qPsV)ECl#2rL8YqsGoRyR}TSIunQ*~*MZUp(Z^vJCOk3@YmgV`2CSRvO zNh`W;#IJaQgwP;=^R4asSp5~`CflJrmbgg!?W9LS+&WcZIQ3@ngCTz0I`tRssh1w} zg@)d_KSv00$MJ!$oFad=;hx5l-sA6${;upDhi6u4-;$7nENx@{AO$|(5_|)zc`6EcNPmbPpIsgaJGt^BEjT$ zI`VuYyyugFYX|P8!%4Qj4nZ(`$aZ^c)mpxEu}g98x#3;XkPlVAt?)U{wO&(E47-?h zG`szPgurL`4kXsR?$^M9FSGlDf{i-Gs^JtC z+}IBp{nXTBBWy~4>kq*!)sfBkS>r`&Cx&(FHKANrYaVNb++G{p*#ecbVfa}wxZ9mG zM#HCa=fb{;d6ZSyjkTOTalXlcgG4And3;zp?IJkG>X)e$+eTQ4(4k?28jfDPr`kON zn^8H@Hd*mvlKQNcI$eQJ<&gO2trkyp^yF~5PF?mSyr!~|XufZ$>FVXB8Su8F?*4qf z6?8{MT+J8PaBYn~hXfX}MpDhH-X0$ZS{kW`lU%Zcdo%Xtl!#;6XR=#LKg>S~&+y4_ z`DnmJLXlcm6=g64(^5w<|691%DsoomMCZc4Z521WP%UYQKK!ABs;U#+lCWcCn29HZ&6Pn z2Q#`TMb@C(i-&xL8l~I5Nly=H5(F6*>s2lCiy*z3P8MFR_1KHd^t~oK!}h@{@=1^Z zr7yw|M!fZV;SAn`Cju-j`C=}iVtH^a_1?g*yiME2cbRonns>)V+pDm!$dE`f@(@c-`ipd?EM6i2@2GySA ztj@=D@5YeA$#eVbTR*Cb9b^ZC!1jvB0exX9lz(E^=aSMx-?uHrd-9XRBM$Mox3uQY zna2@tJ@kLCfWnd&s=4)cbFbzeWeQbFnB>WWq`Io0;+DD>#9L}%rd8dT;S`sx@0j?ZhR^e%N>djn|+a9`{ zb5Siq>*PT>IMEOEaFy1YBl=XddhdKY$%p$V5Bv|>?=mOqeW04|xWJDj~vhSR$5fKl!Lw~NRIoSI>a(~}-h&53!?4uKh>RZh_ zq;=+iFaX>ot{(ARh66R zVR@|Qe%DH^rmgG6+^iw?RpGQ%jI`QivEv+Q6`xv z?B26IU)P`XXqdr}`YvxcQStCrfa`Q&hw8X)zJUukZSAY)Jqh%#8J-SPqFx2`!dv34 zE*GV$W7tto{LJgN*4>SYasdCC~%*EH>pnQ;$xS3B)T4jT)sZx3=FZ&&e5u>qR;b()@r`b-#_(OAl_oV zQtx-;T>@k+CEu-M-aP2vvNK}S{)q*vg47iKX5k;5@~>Vwjok?ki=6?>W!Dq+CZ-?G zV8Uh2ScGA*uh1ACp1-1=<+c@etT)omStt{bLA@=bOC;@`1RmO)C zY6g2~y~>ub;FX5=&%w#HjF4ac?H%y?#g7|`GQy;%qA)Ux{OwycaPzcxPAz7)G>wRUMlK|X zUrnJDN4-(B7W$m=^st=gu$n-yci!j1oA86GF!yw}gzP=l$7WY`-JDjWB{+u~x& zedX@_Q8*;jR#G$bbUD1B?eJ%e5ph*5Su~4aw?(4%6xC1jc4pjuSe__pjT}xRdil-t zGYugQ)>o{Cm(R}b<$V}0`)uh)W;@S2k+jr|JfJoTHoxK(zQCIG(!f6``c(|Q7m8Pg ztF~J8a{25Rsf(J9<#bBH!8aaU0`Ksz_jc<(4o%pf)r%5w3GJ({TEKC!OJHu8J@szb zKAY5_RE(A`MgGB82Mu{;CA!JeO6(;r{xNY+a{4ORY*aMAatJ-ruo zidlG4{MO_5F=U-soEeupeDbMEyP{}vY^PHjabYr945eGTC;x#{<%A(DL$mC#DQTjO?9%U$v(qt@PoiShrmsAd87!K2X}1_KDy(v? z)X5{p4kmg)^}yij@AR|Y8l_Q3eqr^gdwI+aR&;zIV0|AL-@y~7fpxJ5r|*3_0aZMh z8sj-0hb6>^FeV%RS6M&ZoS`Uq`H}$EC#l<}bJugJom@SavYvgS!3sg0a9KVHOKz}A z7o}Wq64n(dz~yIGM@eAyk_g&MenfH&RxfYE0_d;LjGzP^=p)s9MHQCaUcv%fldlpi zUP^)GFJ3F8!{Q|k#Qw_@39#z)0&czM8Dj2SMtR?W?xGi0p*dGm)m;Xyh*+U-M65? z-Gzuf;C8l7%aSLTXvu#cQ|w45i5i%cTXM(M9qHQAk0^EMZ!2KZlYC$TihgVQG5p|w zZlPWyZAs8lYQyHBHrcA#F$3=PD(&;nA7__;w%7_G;@h-H71bD-FlZ322YSm?*tB`h&-$drEP0of&8Uc@aw|$Yaz9uN+zg6xH>VZdjk*M##@JY{ zLMPKkZ{`q!%kY|5?xf0q-*&MAf9@d>+-F5pi}C|##`#otP3}Xc)5N*^RpBAgjXJjJ zs=TURqEDN>S32!Xh;Ht`?h8-C$HjWV%J5k5oGdO;4gZ$EYNZ59rTG``cvKM{tp~|% zvnfefrCdVQ`iU{YC4TLv7o=et5F){{X4y{$Lf0rQe8%X!NS?<1xMK;;M*h$x_Pmbw zU|%4xyEgR};Ytv1SF@lW>Pk$1Gj4Yn2z}E`o_rdd3880-i#-tts$$#onm&c3j3*^{ zUJaK>Y%}g9Zu)VO*B(9w1k5H9ga-9*aaAO5a}kc>*&M&>#v|yh9}4<@zgIZ94WYMk z{zol0cJ1@gB88F7$3KdXk4&NT=#iq-d%f7U)M8B(llW-;Gwk*Xj7DxpZUvA?4L^xL4e!jsw@adRr^`N{)Tar< zgTX*Vk3|mSf*p7J{y%{HykVtp z;bL!UVE6Y&{rr;L$VdJEg)mQm5+VqaqY?wn1mFV#Z{Y$+5C#Q?K?F%2;eZgl1qRm% zfChkF0N??^-#{q|Ula3!EvKnmFUM=IEg!7yR0LTd6D z8gvE!ftCm|2UCKUaO9{2UAe(xXdA2tU5@;Q(BPpXt&tk&0ww5zlt;S!;lyBPI6)VX z0*IPFeuJYJU=#*XgVYe@C-@yH|49AA2`wS*W3Goz29p3J3mpJ3K2RU2BVEjo0HxqU z&>CPue1L5QOc^&jbO)edF_0ZVGw~vDD}f`57tnwhI1np8pa+o}ga)8<0C~#ChjAGo zErG(I?hw2jz$g(47y(=dTnGXc&_G}kf}z4l0pt=p=z#zyK{`+fS_~*?`3UKT#2})T zBpl>Gz(YqGBe+%!&KPX@V;|CWh;4wR0+ikn3XE3(kZ1@(4lD*t81x4Q4h91NDu5sp zzyvK~KLRO(tGN&;8gv7og%D^ZfPoQ;9byr3WE+4;Dk4Tf&y{~ z_>nP$2uI%dS=o`O1ymk52QK41sfij@RxCkHVGEcmcwP z)Q;>&Acz3V#6X(`09t$GCxEp~J0tOg51u%k`LBa!IV2nE4fC=RWlqZaM1iHuv z{Ra-@!@w62hd^&~@*lw}!JW`!90>3li~=8Xvjgz%ZwhfPsPX3<5`PFP6~U}Q_XAq( z$b1Y8kr%+GN9};FuU^ZeDl7Epp zrc)tckPbzF(nyvB(U{zYBp6TvGi-S|5ZogM&I|^F@{lZ{XQ1;ipkg=%Msoa>ciJEoW0B6zae7_w5nM$nV?#dB^z=e%~JT?(g5XN4*4Y6nX*0f5*hy-rCN@+J*)q z0L3pMqkxNxoI@Se88B7CpOi29U?~gtx7W$2`E3ag^d}S%9_l6hjy@JGOzg36h_KLg zC~DB+7#8M*xeN*{Y#iKU$4}s$JcSPo#e^tqEF2tcT%2RakY=#l;XDeL=os;3jvL2G zl=V;0K0e3k{VEZUP9py^>D}+k^jr^ZeNLVtBd0ijf#C|{RiesOG^5- zjI4^Pn!1MOJuQPrhDOFFre=2b4vtRFE>C=)KJ)W`9uWBYO;~tDWYpW}q~w(MscGpM znFWPK#U-U5%gVph*3~yOHZ`~W==|B$-P7CGKQ=z`YjSFO=J)K%>e~9o=GOMkE@BsA z=U=ZQ%l@5RL|_*-E-nu43B)ceY$wEUBHUw_IgS(GP(Gpmn1q(o8}FRNtHk`zC+WEE zE|WgA{eFs!o_ma81u+d{+5ehhKL1;m{cYI4*)@QYL}6oIIM~=Y$8d0PjvYS+uj6>f zkr&=6Jk0CVpVw*3>n!pj`1^$hAy^;-7Z>*g{3paeiBI@{`-L8YZ5Ig9{ixG8SP)D& zL?|)T!G3Nt!GOVL{`T~;_5|m)^w?pxdD@JxY{5rb9T7HqK5}Bkll1$ac^gj7g?xIW zm%Xu5zh}LVwf%T}bw`Y`eDIwKF7YMpr+CDxfr1b?y#H8cAC4LXQs9}m+833g$BBEQq6mp zZcXNY`4H(yuP-hCLZec1U&H6He{n|JIk3-?n6bV-u1J1djjlx;BrxsXpQhP8buu`Xp=R;$UG2UTAW+1)7C-Y zCjG-r;lsU|a);qk%JyM2YI{5HHu2>PJPLxJ|LY_vmM-hgd;Tsn0@k_ai?$n!yNJ*&SDz>(#n8 zl5T02Mkhw7)San&qk_p<57XQa-nybuH(Yb~rbf`H7vKL$_QcAp@JaYhUjOw*lcWht z^RRY}(A9g=?!}AUN5<#RSDgsSvbw@M!{asgav;m+*=78RE9_^*KQ*{~T9RfyS0FE; z@z~Q&C}F;JWEX$PbA%U-+BXXQ2lbI*+xxwxRQQH-5LTI1YnVta77>l_XEf@pdG@y@ zZQVli0hcAqE}i6o$LAi4YFt`iinXghL($WEt@C~tX=KNKFu_0M{Zo3@LEyxp=k$IO z8Z}|>{x9_q#asI$2|J`Ug>0TPYz}CY+W;E15-s*mvT&0*bO((}SPep>g1ZRtP_t;~IXH}gsvp4Q`Md~y3o5R#VQ!Mu4wW5w}J;&8Co-7Z#x@b|Z+ zE=%crCCp$jpuwp`DRSN*P5I5g=+Hzh>tn?BPy3RkNx-#9^%=!!nb4vFnxTC3^(7&_@`hepwr{WAzn{z;k#_%=rK{9Mu29?@&2 zFSzbZ7KLBt0vL~v>-v8J`qkR5v{Afa@cpI?N(xuu=@tN}@3>e37v)wGUA z{ZC@4vh za^Y~rhndXT3y0o8VEvqJfnn`-QEVKawe+EM%74;V2J;%8YiJbP!5TRlMI_yugGNms z>g`Rj9n!vijb06l&>g}8|qu%JQMWZCo zbx*4wul%k4Ov~y=kb-EtQ1Z^^Hop0o5{cWR6>2|^E2g_kzWV}WK>^mRtW-QQ+&h-6 zmkCo-8k&{+r=?W-Q{)fJc>o~!IMy7OI|w3|g%_H2V(RN{RD)4>qmOPBJ5 zJ-nQa^tP4uxze0_zEIIul4;c!+1~t7hjKVY{y5m{s^Uo+gExAt=_+$#9s8jfxe*f? z`V&EMC$HH$-Yp4rkDK2VkzU|17Sa>jXs`JaxuA?jLB?EyjQPy?x1i-zJpG<-BFm1O zLHjA*2@ziJo+=A<5@p3!mDj8aIx`x3s-8ohdz)y~m~?;g;T#$@0{Q9Ge)EcPL+*ec z^l5Sbw#p%q(suEPwa--@izHsV-wKmETMFrwna%dzv01`~KJTQy&hG62FEKX(vCcrh z>B`sC$+yaJcg{4uZ=w;<{}M~ge!Ia=#jtlS%_sY+;H!|JjKRO%mHZEtxBa$MI*ZOI z-T7`&Q&fzvZTh~Xc$jYQX4A9eAeS+xJp4DE0=aD?eFU3dwpUiz>JJ&di3&JtiCh^_ z^!<9>V&K;6hUFGQ&AgwisInF-_n8|yHS9tS#|#9yuc<~}C+*vPwwaDbm7`Hx3ux4r zvZZsyRa4$BhF2{M-$|S*n3O}g&^YoK)Oyh8uiOeN?LO7=vgKQBku7!$4sk9?Is1

%tx1`4tc8=F{LZ;9%WsbRj??^CYE;*)2TqJJJ}-`A6E7<1y48^X*c!f= zUcgKuWAo{zT*N2bmv*|XD|$D6Rw^&&)*W8_{{2x+7k6ur3278pJ>)gqc@_8nw=m3mV3Mcx2$iT;berIR(Jw#ol!N}r-btvzkph(26Ic#li8t&0P0Fzx3oi@ku{~mYi}0V zDvVzbczxx3+jy{{NA7m@Al=hw=|wfkk4nocrR4q_ltwaikqYIN1Hw*BTsK?yN_uDS zlU&R_{az7k)Lr@UsL1j0tDRhp^vXNt*S;Pa4Zh}-5z3Pho*u5&k%&}3T-s*rd}!lb zuKZ&5uBn{rP*;zGLvGV-<&Nj{5E{jeMvbQvH^CPtK2iNX;myI!F3-iFDSvvfeTB>&~Pv zc2u?;^m^XL3Pf)eiJYf5`AP4Xm6?pf_QFD=+*S5}|JCS)9qY}z2bo1|{gJiN!`W#j zcH16kRBaE3_Rv7(%24gz_I__P^K&namV?Ppk3^*K7-w5zc1YKlT~^Vkj*3H5G^+lN z;meIuyX~~?uIQ^ZFEz8LThS=drJXc1ic~s*ZGW$3Dq%w1BTS-Kk2O0X+GteI1R6CH zU|y7@9sTo3?yVha^!J1Pe`Idb?j8oV{bxJ`yL0+zRAQh>cW6V%>$ye71ACBCA1 z7q1vRkO)6NC#LwH`EH+Gf0DM2*5`Gh=%6qnyMkc0Vs^Ty$FQ z89$rr?vOPXK}B3qUG>tBQ?qS~-{%;0RZBD7o6m#dr;dv-*B|nFbjDvfh~Cg6F!2zu zuZe)V*leKCu)#qm49UAEf?rAYqBW-?Oh@IGU=1u4M_HEz22m83&dMlzGW7ID; zeqZ01OJHngHs_8g@%xqjROdcz)YwQB$H(RKa+bIkHkXcN7gvW^JnTx)be{V7DmCJ< zaH8?sU$= z$;M)LEN;U44G%vC8%lQFKTZ{Q#?5lMbhG&&wwhsIwrX2#3`^wwLdB4@rHkFel75H1 z{!4=_Svxy{FY?c3e6;1f_C{cNWAen}hREJ0QTAnzG?s>dVr*(b=_Hm-ZZlT&5tV9CnDIx6=( z{!U7RQ{o&pE`m{Y`3lDJFCy@_4eOWFr6Z@%5NkLx!o$5Su(g> z7i+)KOuF}8k8(hBPVm{f2kpo2m8R9Rj@5xza~FPj-??vn{;slyr;x!;{&@=idRJ?I z4+e9s#k4ceI=nZsS(#!(i*%$&1TDk#lL zoYlhS%#*6SKeMj$=!j0scd-~$7nTPnMGrr^M;F0I@yOmYJlr3bir~rA{=G4w1d{LNmyXSW8|1n4e(Ucrqf|1zZaWtZirC&B(j%dyarcAl!Z>^gNqiF+Lpw53G{ zjaSLr9C!Lk?SfOQ6Ta!GyOY%y&vdig{*qv#`k;lOvE7HCPBeVQ*st=Q`?x!0+7BKA z%GoC>*Rv_Rq6$6|<6g%O$nH2@cET+Gp)>sgPsW+8Acxlfi@mo1t83ZTL>C$)!Ce9b z2*HE91a|@iw-DTeyF&;b+$A`{gS%^R4ek(}h09{`CfWO(v(LTf+QC6|VM z!!z>_PE*kU%?k7f5RM7UcykqyeNWqxE{$rSnT_{i+~0=D>j&-|C{07U_1}C zv6q+fz2fI}g%^1VN)Z;7_VNp|&bH-W?|j6)4ZR23u+AApy96n0aV%M`KS??1)BRl5 zFLAheE))NX%9ydC$(g6T((%xxefErwGbv%bl5!|v_uW&w{*{c@fJM9TUc=aTU8?c4 z>^JV^*St`~8#Nb2d=cCYyoN@Bt2){8?kgGkA?v;_P3!d-bF1~}X<3?i2S96L>cYLN zd~j{}021Q#xyA&(kJ-3&_dUtnaXsrT$ZKGkohk%D0+wL=Stl1O!B6Y(h!BQYvk~m0 zWw#BT?cGy&B!}KTfReV_?!ASepA(v7)*nFIJb)%dKk5OLOx$o@M?T)#XPA39W>q~})f-Jk7*v{#+Db5XfJsl=Nmqoq<)7w{UNvl5 z++23D_kx{lx+|mndY1BDu=7ip6b$ecS#QI$f_nKJhB=R%4DG&`GMQ7gpeMG{ zcn|uZHmh!kf}_^a{P4s0#o@nECa}lMsUeMve_wio^8KGjGa}qd>-I%CrskJz=D5{NHp}P?w4(s{w)M!bWef7Qh|x~PyW`bVExpM`iES(i z0-teD;VRU0;>l^L;#X%=T-DXU^w*u8JRGC=inf>WOV5s?ahy*j$#p`gLAa^{3NSh( zFtM4Owfdu)YTNFP&{q9PuAHRPw~lUjEk5O$=TW(>U1dIFNj-YH3uni4i;Kd@(Q?&A8KSSA~ysNV$cavP`r}PnTUB^1Vy# zQo63|E@m8^$5a#GF;e6FL1Bm6o&0`+K|8M4aC%V&hX)X>R((@dW2>M> zxEP%@)lou5{?Okzf@k`jk@wIS=%gO(WVI<+9rB`l?JmSttV)~lFb>c&Dtl!wWxVcD z4Wm3lK$F_n*BJd9_u*Qv29MvdT{D*0e}zo7vci9GKG^0k^yM;oO0tn=MCkF{ByB$P z1q8Rb?Hc>Ur>hmWdO8pMGC8NXP{<&zspPCV$g`W8(wIp&NaE)^c!XNWio+XL9Z?eS zj#Vgu(fif#@Bn>wU5My)>>99Is|(_2G3{j0U1Ybk`95ridYrV*EvCsJP0&GQRMEk` zpjW&`0k+aD1P_eMm(48QXI@6Jxoz2PLz*NNRc7}`WzupynldsBBfhGNE9VVZUbM`L ze_v=lF8Xz`MMmO{tL15Zt+LJ>R5u?tFQx@S#h=fDS>}uskGBu>{iO+tMur*t9>bP$ z;eJ9El8L1vJH2@_;d>a-lLzGhG6$B6MYB6 zc3y7pYCGDLgqMWBgOv8eheui5wCaZ@h8UCXd5TuEJsTh0GD}1Uu^cBSs~jJ*@QWtU zpT^F<`1S^@*p1CGlSkH_&S}j%ogETtrq1(p?f%B(bm2a_ukZq!}4|k z4aY^_yLonLnRNEN4aY1Y1se8|siYj+(LT`VDGZ&$EKD%@1#WM=`WPk&qDtwiKP&pJ zPoDdn39qYrWijG(N=tfKxraO3)|pjf23=s`l=KpxuHMM7u3K@YFP!f9*OX<7f&qq^ z2=i9gY~4b`S4IPBn`x^tY?_%p%PbhC&Z#l7L2KGtKlkg5%joz(d%ON-Xi9SGG& zKymx>?g0c7LFIm+qPGxru-}gpgWA&YPUn2l1Ep?FAJ5gWj~5{`w3+zZf~C7)R_fu= z!ItJ~{F@HCUsBxU{(Km3Hq~m5As#|&kRC(4GHa>>`?fO@K+{s*_W&Blnl;zad;op< z2lGrmvKGt;JC%Hx{O@9x>M0OgFnTu`GK3ne9wLbIE2mqJaq_?@QK90!_Gpr!uWylk z4g&^;j&GK~iV`VpDWy{TPAwOj9V90RfjY@Kl2b*B#l z%&L|@sj(Hzy|nImPXX+165Hv?V0oXGCtsuzqaMn>o8lP7{e`EV56w>HZJ(*Cm#~+#aam&12is`Lag}pO>>}wiaH+OT zNzwHQ{ktY}^Ax_vRX0}cmAB4Yw?WYMLSL0eQ9;7)^IDl6Kpn!~WDu|PX7s#;j+1rz zFxAPe7-GsiML0J-ySB!-`+QoMGe3>XG=!hTF)LYZPgfrj1su+@^&7tT!@WqF|k z7qlgZa>`t333gv5V(Iz__b_!D;L!vNGNJsz<3346M{JjFuorZ87dXm~-I@;BQTm^#@iPa3JqcGxwg%&yJSQ zJQNtLod_uFKUd5z>wF`%=OcL@e;twKNpSy_(UH5_;{o)k?(7F@6S9_v6#|2dfm}Ee zWk5UkFE1fuL4w`+$mo-m&Uv+RRBe6DUFVOZ*oOA9By?p3goN;z9p!Lzz3X&SF{Q-x z<~jPwclaSBlrdZNTC6`T9fk*rJizf2+Vgz+Lr0eV-U9n=Se`5=0X;;3Lhl(PM-=|t z{BdQi@fjEC9+hzv{WiZHo?{fH$1A;y{b{wco!S)mZOMp}hD~tPzTWQjx$08X;L4oC z1Kq-Ix8lfv zNVkFG(0j{kyMpCiGIURt+&w!2W`^pfS2PioaS7a*x(ckUNH3ZX@LuLg3pyEj7xzJE zvLp}GI`0J?;>&^1ITikva#L@5qhHGkTTb$Mdd zsov|6p{Q50_a-xT^!>@o?V%;K6U*mU{XQ6OBe;W+zC*tjui@LZOSgMOPA$K(O6ZmgtVsi@%?}yse8y)e@(CF|Z}Mmn*ou3h9yB86AE#oh~S&FnV5jxlFd5Y=cgA z5k7(TR{C^KZ=%tBt~$MD3GxZrD@XxWC@pmT-q$_fvs`jnsmbb-0!H!|gm>P?{<_jIT+Q(8Pp4Mv*F`2Aq(2$LorM zY&6LT!C!CUqx}#cPy;d097i@b*6l`wv&bm<2-@Meu=T51dSh*P^5I(a-8g&c^F{6X zWxZ;Km@dn$9sK_t-k63MDfGt7UFY{$>37||`CO)R3zA2+%{S70kch*HG((mJ106e7pObu zM9717=)N7{xF3RyVtrxw)q91iW)Gj0L3A3x?0W3g6(>Vlu;vHfyC{cZh_4bjo*GGA zuH`&$aqFeuO_=rMC)&mDc0MJhUU?l!@p5`ZC@}5R&M#K1Xl^cL+mku0Q$6AN_pA7F z%bIWU7O~nKR~e<^Zc?+&>@$ast*^ebFe`JCkjdGMcr{M0XpT{0@MpZJl{zwH6{nPd zx5+x>ws+oq&bcEv)u7aIAFo}v#(c``3UI***BB(G>J}mC#;H{ys+7{UOrk^e(|!=% zpj3x1yj^s3#>ZAN2!GSK6YWJCwz=SQf3TFLgW;iL_2WQ*r{$v_#p7${r(vRyg}UaXKK89-^Xv{ zzai=vA|mj6JK+++t&W z`%+8PA{1RT>P>_`iYL=aK>&y5MJbN%ec7&&=F_V>e3WHFdX_o*?*Z{7zONCV;5PiF z?7u|+UX2ruI`d!B{}TQCBUa)CqPA2M+HB&N!K~cMuXTKpH=nlydLL7tn`0U%9~9T` zFWLSPRcSn8F7CUT-GE8}nxz$}$G`(964;<5`)}tXQ;#|;?}J1DtMoR=RqO+Z6xg1$ z)UqYkGd12I-$--V)!CgmCU2;V^r+b7i{mqhkm_VJrQ#~cv+(&)0D(vY)+3^TJS6jG zQo=`egJzL=v;gd*FlxsK1Bx<=VU_y@pL>KtIQus02heIx21%^g)cI&w9dEVs<$$Ga zcE^X$+k1N_0>gWORwXjo+&^O}VNO?#Lj!Kd_1rcTgIk|mXBrf_imty5GF@jR+Ol3c zWd5p|%@j0P@f3|vQG$T7@>^hvi)2IB%@HM28CXLtE~fU|-9nBKNh`jNYg8v0oJ}i> zD_8gHTtUW}19o$YI^U4POhwD7Mt^;NnQ&R|u3ilcw%AyGS?_+R5co+q`e)wdpmj#+ znqpLIiX*|1lP&`6ydjHvmM%;oCSGvtMC*0MweiWm*vU-nssMc#k#$`#`-Jy!0b{Pd z@n_#YdQ9D~-@6lfrKw_LEHlBwWr-(IfF>cd+2drP{j%=%GCp5t)Yhz6}<%vl}Ky(cO>qu4UjPh&N=%^@N+2T58($x+u z)QJkeOvYUHB;|G;xcky+7b7|7@^tgL-M+Nb%XDKvZ!rg5-$#Y*_FV!TB*CBoO9qdq zk~tX#e?8ju0K#ZyHrQZB8JXo(%Pl#P>K{))ItZp)eSH&mfxGJAdbD<3wF@Q`G*m<< zQ5EMqe%PgLH-HGsc^BYD;F&35POLb>; z!@4VDVFuToc!}j;2FrKfn=_ZaDiKr7Ei!b!C%uhv{z}K{o`$xae@Exzt$26X*4v;T zobh4?Fx1dTca7?v7rpiXM4mhC;w4tKCC2z}F#P~r2AbiAcbjm1K7d;1qyCI6KrFkO`R-&q zX}}6C25T)ZZg)U}nAwxW8GaLhd)3Jy-Hw|JaGt)ckb2I2$rbUV93b1HYIJ}cHxcCUD$Hk$j( z>4-HU++TuRV~n1PYpI#F=5=4gl@E-TDnq#j*E9^`BE=n5hxO8BRN{F&Jm3O+X!E49e5gzT0w!zl62IIKIqZyY{n$y$B8^jKYyBYDnGT{UTTvIn- z_ltb;HO;Vo#cGR)CEE8>S;jkqF#Vz{z?ob6oZeF_RnR&wCot-Ud}IS@OEn|Btp%2N zCi11%g0Te1hQx6<oJ?iSJ?m88r^cOK%74vpA1RIQFP~2N@ z-L51O8yH?ZRYsfz`w1{&@)OiLa^BI%ShoA!X9qYdU3Q%tRjogns zIQY)xJ-mT_4Cq=`8~~$1+xbr8I%#SXG|3@6iC#$^)0&UoKEQl%iv(=W`?=^tbTukw z`0;ZWDJrH2=s!JuZl0&(L?Weu=JjfdT~dWL>4I3Qi|y4H%=%b=!$bk^_&N;-shB-Z zdkIm>?_VTEp4zY1(bFE;KnWf|x|$(HfEAmhB%t#N5jq#EsnbZwgakVJ++G7rO-xqX zi7NA9=D)>gs@?-?qP&%RhhSh9DWw|@fQlsgT#S(2XC#*j9Oz17m$vYyap29aR%tkS+`ixE6;#PKbBt9MjML&!_G-k$U z61EaU-szKF5AG$MaFluRr1nfuUE@t)n&a---FK@T_4ZS>Uvlr*g>Nrmt?0575}<; zz5h_5ZY>IZ|Mfgub`SM%r;M`oH+|Qi#l5nTu4GK^B)MfJo*YDJu_`r(E4IltlO6L% z5yih6Ga}q_%qzXJg?Pj!rP;^1mPOezSEM$Cc;0H9MJZ+*#_*_n%8@F5w5Q)ByH;K% zH`iK$VhEuyh8iIFQ{t`SH7TdDr{5X^)GT}!1|+{H>_?f?yWWN+zFA&5_}!* zKen8|xQn=f= z)YHtSQ680TN8OV4Emj=cdmFcVufV;6n_^_^>CJwxx8KQ=Q0iH$wyG7;8OOZI)gU!s z+KSjAV>PAtSp`Y9^7Vf2F{2^J^<7?Xr=}P3;Vk8RpI0ZXvi7RAbj5h3@|V-K_|wLk z{Pgu_JO?_dAxYUS#e6cFp_xfv`w|3=H{Z`5k$rYtxYw6xoOB$Pkbk-Dgp#O4*Bot+ zOh-l^!^*RpHkP0j;Z#! z%8G&&LYaa?JSFC@6MtYF)r2k#Amwtg#OO41P-URYq0v{CM~*mCT0@$%oJJDVfOzt z^0W8iQPD*NOjIenJfN*P51R29f^! ztTVGl$j?*udAtXH=$e ztJZyMCcaR!r8;(=daB|{ve+k9rDRd`X8gjvXPz)Qz{_?@=Jr|Re7`SOp4_BhERYY< zL!f)}`6VJc4=JyDSofm33T9ZmDtx*1MQy^$ruXbBAUj^mB+F*JtWF7w(P=$u!?u+u zJvM8OT4-W#iUcKoFPYffigymj?jt!TQ6CnnUOALqvz?2T87r%4Av)7*1CyL~nOmBj zh{gw)rW|wp=pza`!w03M?GQYboWfnzuRador`S;R7o@KOM}`=eb{HE93?X~il6Lm+ zn>ow)3p+Pn8U(2Nbv8@9z)`7+l|6PAgiT|bQi@;onO|6?iG+~mx{h@9U}$LXT@Kh+ z=#kN_lWxStBd!uEyy>6}_m_C)Mf!AnQ7pEzVa)yx$+VU0Pmk8d8>q5cR_PpF~DrtGN4KyCw zOSRvAl-{mf2rzgfC@GmAsYF2qO9YF7ef{mS$cBEvo_)J(ukDt};@AG^{0ioF`6t25 zVipde8>C+kpbIb!U=L8ckF5f*u1LTbKp#*-h5#Fmm=Cl6iQSDzKQA@?wzQ-*Pd%hg zkB6RG;qU8@MCavY2A5OvQ)rVGPz2}z3y!(Hf`yuuTZD2bJUaAcRfZxC<6#US8uOqq+K5_k}Bf z0mRLD7!;OK7^Fn{G!=gsxv*w?VyL0Jg@5vi~Ww>0dMF{imuuG$&V7D(@JqFay8z zBk$f7;mLXP*=f3COWzljSBJvjE1eX$K$?0E=<@&3f^SXQ*U9O*oEWyAMmIyqeI%=A zJ<1j{R*ACOOFsIPJ1%JI>wN7(gOlo8{m)_vb~3|-mTK9|JPB{U=y0L}S^)s{ zIBUaCS3UeZ3fGboQ|nq?Em-OcA7O^2Y9khf$XCuv(6eq9{v9(?JcRiQFb+o>3mU<=37OQM*oVC z2lTA3#>%Tn7jQDt0@Mw{fQV~BCv)^mUX$8q@4&eLn5Id|psiGo8;Uba4#rL%OCr76 zsqA&3Gm_D%BWMbSjv!D@ll!dnTj__ne})`@gGHCgfdg&>*S|RXf#vmoJo|zDFF;_A z@qYpW1Kdy_)Be8#0%Mf4w{`l+%*M*BY;0-{Krpbe{tf2qZ@6B6K!E-CfPVcupsxSe z5&sO-^(UAZCE#B!F7oCP^WpE9U5|)4fZsIWDE|m!0iezRF~EuYH=xa*6yWU*cx|%) z0oQNOcOC#^382^j{0YD(`cLZ7K_9@%`SVF`Zn-}T`A6Y@!~jovz}@;0hXnvc0qO#r z!5CpSNBJ8^3AEh)M zKp;M}#|vht_GX4zAE6WbXx0)w44-($~G z51{r;XUU06={Fjif3 z-7w|w7-RI_M3TZJ{|_dD6W(EzSebJwE;|&@dG8EwUlNybTz=Sz_0i{qlYC&e^}cIL zPTn}(!RTwG4MLrqE!Q+&UaIL?RKqHtVQ1$xac;iPA#8oEX~}ZNkM$Xf(d=#;jc7&8m&oraeC7n(3y&JL^^J?TW z6HBF}hb^WlG84LAA%f1rvPC2Be0MHz&@Wdp_tP*pM#ttkL*PV@CSMvz5(2rnG(O}g0I;fYWL@7Y1^Uv45@Y6HNR4~CRp_-C;)4QeQ`r@qg&W=fR1RA5PJI5}72#q`;9uj=TQ? zqs7;Gzm3~zhQHo+%=0ySBdGVTPhtqpfzx{%kt%iKL9pM}^XkKdS$E(}tbc)*yfnj5IDCw(2Kn#6 z(r3fA`2O=pn+QW^x^{0VCs#)_&^+pFIbGV^>pSB2>H8?^1-+F@tw+~c}cZ$0AJ-U{ZNi93$y&=2Ttr{L~47+9gDU-3)VmZ4cJE7Y1hx)F&Vb;f}y{zN~5 zUpW};Yj>+Qyf5>pGOYgfm*giy9^PgfZ`j$Fk%?Wn6ky` zcblT^r=KOxlVUuP2%=qUi;D(=eKC=fvH>#0w+JW@6DjFCK-Bvd{RsAjLDhi2!Fc@^ zChP?nEaIzGul*UZhYPLeC7#$Z!85Ez`g64`d&kaaFGSj#yW`Gg>uS_$UJH2iq!F~d z<6zFiM^8Ai%j(C3ko7J&~JZoJWz10rccjnT~t;y{X6z1EW4 z8xi;tj_;VmVY)zyRBcIFF9QXvNrZ*bnPEHz3?;U8(ytruP%VSoQg5op{9&pY3_uyR89)@3N5NRWrk^wRTG z<@G(S3srNSScB;^cZPW{k?$4hnMo|MdGrS&sWJE!Qdh{x@=Ve`-0-rmqLnCpeJ#vr z87O>xv1E*NdDcr^3qE9c zAEcvQq0L1kSTGinUVC(9k?Zb+!+(5=JPR8WMjq&V>BM;jSfpQKV#2W?Sc{3gS|H%X z#2lmY^-XasIs}5h7XCj!TYFpOt^In&80PsS@BG(rz`o%C!U@1fAFqEQFL3`Gd7&LB zu>H5ZpuA`Wh#LPaFS!1byZ{eF1VVUx1h@oYi2oj!fO!Q1)*e7QEC>{A4thK! z-~#^sZ^{Vme~}T|AM;I;9n=EBzmgH29sMaIEO~q(5hs0eqCYBV;^2xY9zrfyB=SQU znSx*ZDV0Rb!C=eY+se1XO5dtI$@@ir(4P#5R?5gKYmnpQZi-xv%zJ#1qIyYX1{)OG z{Updt{JB4dA?(n>p~Bt%kFJj{O_O|8E__Q@OFl==`Av0qlXt1R$>|vsodE0(a5yVD z2!Iy@{cjQ-!^GeX2|YSBB(ZOmrAqjc<($qh1?M+|)SnJ%pj0h)cjJnHvX!8Hg~@7# z_$#;J`lCIgf4Wcch1{>;o1U8iSE*N{UV554{WNdQR$ro!9P&Q)tB<)GCT-8v%Ev$i zWS4>Q{udZhxxPABYNaQj_9USpjD2i6^1viwwVD$U5DJ-0LH;ugpP~mvu{gLKzf9O!AWl8=`3{=E>H@#+NR!cBR z+wPgqL;1HFzQH}p{7QWoPpn$&7-1g^i0Wpy(t@cY;0au%4i$ueZiD$VM!vn(t!p7SSPRjY_D2CaRg(oJOV@{& zlln>ax~OAaYh=J|z7)Ret^Dw%QMC+MwQ^YpHnOI7M!(aCnQaaRFu z)s2ISf;$_!>GFr~pT=RbR(X&jhquivS<;1iHX~o>9qk3nET1i}a<8KaS|%n{dcG6d zfP1gswZlW(sF)t~8O6_Y4d`M|jo#t%t%#AtE|t{i&IHigCRp|Kpw-gJtJ}Rr&zW!= zX+1`_4f~RfTI&twhxN^ACijQ~WM41D#W#th``b_M%*TtftH^gcU<2kLJdvW>*YB^a zpD@?0`2@fUFBhSXym{MSf2fUUZ`z{DHQMdCf!`&s!~J9V3Y_uoP-y^DXh)!AChwK< zL>YOOZIXzw94JoU)F)h1(EwlRI<+mx<8XlMF{7FU|av zC$qUn{3fzrN#vAVYz1yFys!QK=_gyv>G#O`N_V!Tl7iw_?$Oy7Jvva&^mC~y^{gaa z@Db;%(#CyW<4fhij-7jag(GnA^U2}ZKt~A#U)cS^r?zw|H)4nnIcQmp?IRR+sQRHE zUSw#Iq60HVX9AuGN47uZk3;2;kT^DX&x0G8a)+Blg~$z%!%;z7v-_nU>j*wOMf@a0 z6BnCkErBk(d3y21f%qJ^NS zd|ioJ0UIyqa>FU&*$Un}dec+E>$&?Md(imo9W^Z+_c@y-RtBx)5fbO8nH#pV7Ffr2 zeD@Qy%GjF9Nm|r0oOKjzfs%O#HV6dCho^f!ba?^O3rCA;+^_%;e*L|v(aId^!UpA|UrhPEB@(Y-l=mQ{XTaGDt1 zW>2qP6EgHRCp<>>&OIa-qZu7)^7#Tdoe~E+`>`dC6@uQXyPV$pxe`71s)osqm^j0~ z4397)-Q;*%RwI4${@b9(;OLq6X%$4&P`u!)=STib`y4Yo67g}ucPW9o|*7MLs(4{*Z6 zYep&Bd*4k22t9a5P!v7FeCtg%Eka|<+MSfzbWgBP3TsDq5I>vZmE(DLNvW%?9O&0Z zKaH_)fs31H-QG@enmy-pcty3JO}Ud~UY2H@q%_g4Pj`0SLpp%>X0%KLCbue^z5+TsO z0Pj~>xYawhv+MfR@gkL^%Bi2ARTT$xc)gqJvcWMpleY`%vK(wtJ21ro8wM)crY0aM zx3i?H?ra;ayXvBo+9~bfp*zx1bR?tqn-{7B$RJt~TbFFKW>{M0$9HKtH#58C)@Oxa z1Y%SC_loT8g zcw3?~57U!rGKYYW7Q3%{o&t{ zA?SUCz1pNyQI$QUp!=Tf^L6Q65WAh`2iUA1#P_P?n+4oRdi-O8xEP+^KEdh&Es38p z_$x>rsI;+Z$Aa;E$7Skj?~XR%wjJCDuOMsjKeVrymKvinAOm|Nww|a*`foX1 zUP`k_a!(KMnO+ajR#NT4wp1ISyPZcjRgpD*VvgjaKuXhPPAuL}b#m4nYA; z7wJ|*-2}t6miEw=Js98SPfx#wo_P#fPP_VO^+Iq@jT7cS5K@~U;S}TcKlS?zi{$(H zW4{T2x6>Z!Ek^$Wg&g#vlOmNA774_6i&^^ll`rTsQm~aX5;^GLmt^&eY!EE@3zF}1 z6uzK}9J2Ay{|N;&IM z!nYrtG}1-jvP`Yc4G71cT*pl&RCHE6hb_fhHAMkCOm4MoWw~qBaY5=TZrL55n^WV? z&+q14R)|yr&tRPtHST-P`(nx#^MW!_{}*4xRLQLRC>*f(g%qE*JT43Wy8OifA%cJt z&p{NRW=v#+DqwMHMfynnp)R+vbu@O6H*jz?ws&Cu3&Fw!>~0-sEZ7ipVR$i*`Dj>? zp}HO8BS*vOV#7rmij6#Z+Z0!gk+^72+oSN7ylvWBp*2^OsVG%f(rzjH&3SfuIw=}Y zu<0ktR#!J|EXxQt-PiLqEo`&3uZK1C#@uGTeb{XBYE@Ci9K;BEbnnn+FMph6`nW4O zy~3{d4zTcRK+rQ=dZX(>AvSH7#;d)GHEmkbiPJhvz#Q$XF6d$(Dd>9@!`-^ys}O=> zu@8nMfvq^{S^16TzIDH2SKxjrB@BO&U1+gU%G;~mWB1Hv>Q@VOx@h2B;N~e$I#=8A z$q*gjOFQ5sP$5jZMTm}6H}l!?aCfmP{R}^nb0&sFN1cnrkaqlnUQhm;WtmC6mcGLY zGLv;!HWo$#+SC*4e7#*Q8Dpe%XNNc$ zj)TZEr#rD+aIbYYNs?|VEgxz{NM02NvpdWDWIA;XggCF~l|}N0Pf*EUbxNj(&aUH{ z-^;9YD-3blk%w& zAM(m`RdK5;eA9wPNWAN3SWe}NjDP*?9(t!;F+QT5WnBJ1{~Nh&*03@q_T|>{L*<+X6C)P@F8L#Tz!wh|JW4uV1$Uad>K(WY||sO;4Ph z{m&zj8K2=*yjm=#f8S|0RVwYRG{WJf%Ib;jwZX28gYd~+kDz|o#D<3?$ee@-?THPM zN9v(BRtRPqWW)c6)Y#h_Mq+uvLzi zlCJNJ*X^RX!u-jO-(qgt1sm3`f3T~T>^UxXWiW~2hSbW1$>&E9#`0CCT8um7&dZTF zrpf0Qz0MqS%m4DRwZP!v&YSY)VdrQ5H-)xXHTF57vvReqbKlos2Moj!r;qm-rZ{Ao zi#gEGLpM9}mRM*3p*$JrKfc-MCywBhw`2@?V{jIEsM_WU z-AH84eDM5aqADWW^WNASH~rHF2&Yguc7Qo0USy%OK) zLVllbUUGp}i5#kzLkuPqQFX@g=*=nWuc#hIsT-`^-Ni&+{XNejIAmkOd{~C+_w23X zR#vb%$l)*9Q^w3*iX?2`j)U^FeW`d0UbMUshnrf4c@-I>61|)?0f}DN#UHkGFm{AK9whzn00;VK zvxkj%!5LdXWBGXf3xy}w|4|B0#4mqScq%FoOXECQwFv08`ofK%z6x9NMMB0tg~V^N zT`KzfI;;*wf$-ogG)eXgKa-THy?Xi9{qmy3_-d#VWToKY9A!Z7r+_e1 zaL}Po0@{JVd>vjwd3SC@;%igP#sYhXiqsDMB*Faw28MgRhwb7XLE(yYeX`tkO}6On zdDlJi5HjR!cE!y`d-yN|#v<;3t;84fw5b}U7!$*ni2Cj+Jvpe0skGAq9zIKAK(Gr1 zsl7tBxPk}w^ip5(#0@|1McQ9t7K4S4IU(N;)G&+S%Hb7-FSsu`qnq zzV`~C0G$+S%sQY3YX`Ewo!eXOr5<~imF=8d4@@-;Md@zUo8vh%$`Bb97Wbu|UmU@d-i z0;0m}CO3KRR(4az9HNa(BAmr9T<%eGZne8)hG+m9qI;qGcdcT`W()yH*d`wOllrm0qO#lzSN}x7Cl8PKyz9d;b+je!aV-io`8V!4Q zSzzibUK^2({BJ*u4b*xpekc*T?pOK_QReb>EmT)}F-wCD7e;cBE_2jC4IYN?OlR-0 zmN2MM?|G~xkX#xRu~Op;a%|y$`Coi?CrU7xPp%8o?wlxA&p^5i0n#MJ?YphmKC-JG zZItJS-Zgz(P#apoCa>*UcjmFQ@CAGda!{CtiTDUIQu}Wbxv)^5u;>b)(>|p zo}BoWXQB-#It~;J%~(3WX94pR!BLKfTK`3fRdU!Z826>(JX6_YiN{&u`Aq?>t{B{$ zLKcnRL{+&dW0NT^;(LerDvzhy$c}Usg2w33bfrT9l zpK0$SCkORa$ZY?VBX35-@bVe;&~LL=3-QCJt+4fRN7OJ{c$M<+ey-%NTYc#}Hp;<>fx z|6(pB!##2HjT&sw$A=X}AM0UF>aIjdJK_V^!M9%ViL4x{dw6afC#+X3nA#Ly!4419 zdtt)DR(v)FPI&PJ4gDtVK%8w&jYz2CkuTqlH`#%dy$OcJ1!OTldvHA!zUetko19ec zpW^xS`@2=*0KSsZ;hl5Oc>7jGTt(V(7;75fn?L{6s4hF2ux#zl5Pke-wizo%oYM>!K#%^wgB? zWhC2VV2VAXBdF(6VnVt8wE9f!MFq2wixXw9%V`n#Wv>|4+0AE5st_U$rLzhCslZp7 zbGnZDutcw~W&Girv8dgrh2dckHr9{M`5TY)>BD|B>Z(?;2~;&@KwFoRiyZdeU99Z9 zOaI2JI!vG&2%->1!hro>I>6wB)lqL}t&{uZ`q?J39pV~*=ip%8oy-WURtx(|h+-@g zlN|2XsAAM!1_!JWNK;e__LdEZ+~4dfEmcYQJ|(yOzqos=*hrfoT5QbrnwfdcjB93Q zW@cu#*UZe!%*@QZW@ct)cKqL5MUn1(i1HNWVf3|Tq@M2jy1KefRrP@s=kxh#GVL+HRT<&0|vdsqg&|MP18{`x1rEGne|jc$MvhTMhG zm*ZHD2!Rh*bb4KhdU*&`vhexLn6z*PcZ-{ zAHJ8G!l`wMQ8kSlNrM`up_h_QIfWV(%pM}fApVl4r$+henUc;pjUJ&901ULpbGFH9 z%8Ux_6{+E6DD!rpWB&fblhbf-ODOZRFr1}3?zsM51qYLFD;JKobU5ukM;`AJ4&4f9 zBSVbd^os)52FdXGb)%<^aqGe2%M!sR%m}c%SCObQFg`4T`-BUlGJS0s{+$;N9fy?3 zof>&>S)n#?1V8(34vfhMgr^0Yfe|r0{5QhU1r}wSh7Z+4w-CX)d*{!UlvURy(vw#G zv;Uij45Kd>Z-{YR{5KkFPlh88;k58^BOBphM5;ztCD&FfM~VMEbtDXdtgmWATAcV* zt#C5Jwm?M=?v=pQb%Qeo(}yzs?XNE#L;s#^iJMLN=Ho8h%17=PT&pO9IQ@W)gPF$Z zU`LynzTP*n*O0Vqs8OmC#fJ00dSE=qEnN7vUCljH7{<>8cZFP^U8%-aPZ+zy$$YOo zo9mu_)z-fKJn=Fm8Cxv!uQgzwCNXP}cWKOI%W3S7cxSUl;EMHa8 z7=Ohl!4Md&oD&%{)rKlV9OAD=pYa^&<(QG9~S;C7&f z7Y@1Q07EvX2#}Y&>IeEoE%GI*|tnyQbX0#iH`{%*gh2y(176l zM+4B1`eLtLc|eWK^=n9wn=d-HCL&R0pH(*sjj#y4+uJ*O&w zDb*T%XN&s=rwfl}9Z7+}U9S{)EXk;A!+rroM?sE|rCYoV3aQvqllz{duAX#?ofN4v<1QikC}bw%^dIGt^3Of8L0%OpjYV6>x$uU^k@_TI<&Q>G@xLNj`}a9oc=?=QCd@J_46n%ihIKxf9(81zi*f2gQ;|0k_@;^Mr4f|vRAnWSr76d2q$MM2t4f!Dz zOVxn$taz$AG_Q*K>=mVio0q`u+J;CEz+u8!8swpFp|Uq2-gc~6XPYS$e&JF>8U&1^ zq0dFqonYLKN{g7Fpsiy3-D;pv=cn)GZB^aB+r;ycb&;{g#v57FZXZ}TRo|M+fVqF& z`T%c@N!;c$AQe`Ll!6V*c3ewD2NUv_JukZj)V~INQrvtuhG%gK=gE;RfsgRyL7T(@ zQiE5Mk7O9n*RsRw$?1*b+9b=h<^e=?aV3Vm9)w>e zu0@z$x*4G@-YTj`TeV>+zOyp~X{}+*XrnyFdwAeuqrx1I0L*+ds9;*1ypLG2=gG6g z9xVNlfy`7bX%-dl(yx7rZQimC%MUB}&R3o+q9-Ry2Qal@D#77QB@SmC6nXING#xUb zEPdy820xgL-koocB)Kp`toRBguGd_7_*kHE-1!8VgB&-v0RMV^@$b5Ub(cn)Typn$0=KyM`%>Y)giBQ@ep-OemDSsaKu-Wu;CBIo?&wW;ivl zV1@l`ByrhDx`Q^s1(4EggFhO~Cc4E6-eb{B9JVtQyn7dtQc3vWi!*4Z2?Gk=>c_uo zUS|WBy{WZYitbvT_CD^`)Xdw$WvgEdLROk6@$@hSA;(mexb){sA?QU@i5FhK6RQgK zd~~l_a1>$b$i*sg#Nb?3p>y$(2Ite@2>+-KVs~%8a^mNx!Bz)r7CY%~)r72UqS@x; zs#7PV>Q@Q1HCS;9{Dz}b3I%-x1ZxDjWu8hLhTvEQwU=q+ebkroGZ2~vH;%`oWu4zu zebjri9TjQ}-%ebgMZ{nnz`f_UD;Z%&dsO)yOgPf?O#r;A4OH zlEc(5NdUqi(2ByuZv0B3RG}TTbuzuwM0>|uf={#|^ZH7DydAbwGCm9-^#o45kFBOg z-2GGTMgW?fsaCnymnL$5VD2uF9UE!{0PmHFPR4<*;+7i<-_-6=o=p*nkPSY|Dc<9+ zc&8JJ%+{{5FHmB15MM`@{R<^CX-S!O0%kI5XN?L^`jNDfYmbR$KSF6-dSEI@3_{N* zYbROODi^Ox-$Dz~?3ZG_uFC+e!%E%W8Qeepf;SrIGQI5sUQyJghhcl^G$qIj?QQxCjwa@Yw+gG7w1U zRUlGyaJ!njWY8Q^kV}6z4hJa6;g?g}-&A9ob z7Mhm`%67eG2iGi0TU&D@K$q|pak8vPoB_dm;aPK=ZB}l+VY+KVc(fuNPhNfqKQRa- z$RZFWa>QTRQX5z%O40HYIaYSu^7i5KQ2m)vKtG?e@3_=`G(q=HM?>Ho0D-y)E)2m+ zsrJT>{O3rx!$DB=>mpEb8w0;8e_u@mXTG%6twx6^AEA^?*ohkC(#dS|^U2jC^_sU9 z$(l2bQw?mE9#wuYp=v`Jhn_H1p;f}g*8KmJi(WU1r{bnRbTKo)+Pj!njcvI$0q6ir zK7QE}lpZ=TtoTF62=F@8p__uHkFVN%6MClfgs}Dz>HZ2H3PZ3R`n-Slv7%?(i)|xq z4!HSF0uOw~9K45x$K>lqydF8U&)hGl=Fu6*YG*K4Piq% zvX{opiyZ?9_&MuAYEOm-yW(V2x8c4<>!VK0sike4l|FpaZ2L%&5L08d@#zzC0uJDu ziF^93Bj-29bDZc_hBN4=2KsLO3~Ie=4F$_jSNVbwpo{>)J4++uSBGdF1fjU__L_`e zXJq9o!$Jt~aPgna4X+7n_x$$sms<_&0YX99I`~vc-rs5M{&Qsy&Xm~}?$wn0$E9w8 zH|KrF6>k0canMGgm9+{zigo#av2nwqIVFdfco!d-RTNW7-G0MDi!3j*8>gJV^ylwO z|J)bU5nkbZr~eQ^rTEWB;Z`~}BtwAKy>1*?N3(d*oA|Img`dLq zK<(N@rp%`Q(YW9fl^&nT=TAzPMx%st!y$>5JpZZ{LND(!2^lijWGCEc6fK1Tp69x$ z##)|3U-WfdODPR+b%@O1zi~&G^e{F4l!A`AJQou5>{EQ}3aJq=1Rxs;_TMFHweq%W zJ4-~b{%lDrcS3?R2WFb;6d=+k$A;DKT*btTWJ(pk7G@5Vj^)URRP~dFJ7i(bq656n zpFgj5BL;g7mh$n$-s2DC!-!_Rr@I4zy$C@@0S}Z*AEY7{XLW$%oXi85#kcGAE^FvK z0M)0?0akqQ4#frYq!?Es1StfB5of863ed=iKm*?2YupA#EO}5 z{F=RY1nFAk?i-(OCVdv|ek?|hd(Y#DdYUOZUmu=h!TLq0VY=~Xb~bQCx^B4$B z-iRM13Ev4qdDb<++a6ju@{z3H2*_~AFEF6KqiEa^6(ls>^UDDqf{#2)d_YT@dTSRtX}}kL#vfFKy0~dd&RBjJ@e1I-03CKx zopxzhx-IYMXP8yq{Bg$QH3BcsqlZ!s@06vwf(T~ zwF*XWQo1RnXups2@Vab;L5wquobyLKtuF64@tz4re~I*qWA8l~=6V6N?TN;e?dk>L zfc7y%q4Z_?*1T)umAD@2W!MrotYV>T^UzQyU2XB^rg__kw4pEcY@iQy%G-A(azOIY zVCi{vsVNiu%&p7Z;R8WGXmLrJ4`t%9{>P#B03>UJ9_uM$@*Qu$u)YZCIGv`q;-M&X zEhWv$Z_KwDcb{@uj86(d97|~$s`2q6g(Sis+jWA#m^%?-)b_-|#k@IYj(a7yCW(H& z1nEK99GrxQ<~*2&;i|NUP*(P$RL%DMTd=q<7Rf9uCx~$gitaWSW*Tx2R^s~RHEYFz zsYTREW^kTtRGR7Me!>fwWN6zF@Ug4(=xj&HIoW?z5{-fN+VL>CRBP&9HI5N7heUU! z>gaS^QbnJyroS_qxJBiXELJA-5KV6=l6OWJA`FL;VglCfFj%wkeFaUlaTxXl$29V; zJoQr7bHy?cdK<*;d@g0Cy(#Cx8mk{;8@QXTX@a!=o>L#c{*!Ni63oeK59 zn68{+ek@smU9PNTT)az6r*ovlZN%c$b51b4OaZI-CJM)eVP!N(m!1Ls(9iXsa2yt%y#= zG^|QfXV{S*9dwdLB$sX0jyQe)D?s-{eKn{W$Q;?{LXa5gk*2Q^rM+37JN#S)*`t zj|>*-Zqw{jO3&xJF+e*pQvWrU3M<sEM57qHfm2^-XeV%czy(K^#;0|$JJ zP_YIgbv;7`WVoGy?RoJy#I!g3a5XBbPQ&gI{%|r!QBEX%HxBm?f$!XoNJ}s97_!YYVvjtcT^XdS7tH9cSkX>7u5}_?f zQjJ~xYwKSTmqK^Df(5krTel`?Hc@^3fT`o>n8sEXpm2AhGY0aBb;j}N`gpb04n6Pu zU7!LOy>k5_{1^@uXsjp-Qg`10G%21*{+q1`(vK`IBS4ne!D$0=_lU_e|LYgAtZ=Ym zWGvkPLd8yvu7wgH-8`o*Xa(QC1CclN=_-M5dQ66848+w8T{eu-{UZ{p=U}Xwgpnrb z<%y7B-!pzob3|`x-(%9F@sjux@>WH{k!O^y$n?E&A%6=Cdb$I9hSG83 zD6D`8Y|RFlpIQYG`4c|#9Oo#;pUA-}|D+XF`uRZJI}GJPC5&6+VBbi>dhK`8HWGTv z7V?ICrsH80l8u)4T}z*qa2Bg8N`NN@W$s3gsO^r6H2fQ!tMP60%Tffb{xnH|TYIr; zL0Lir z16MfLS#&2;4fs;mDR}wCL9VSSZf{zx`IG+47VVO9@XobM=+ND2$djM3qvQwC)Ec5b zFTOhE{tO;zvI%H8KCo!kXlv#JpF#EjlSn{J?mpKFFB`p|Wye>^wYZ>B=?qJLv&js4 zfOf};6xZg6wyL`j?ei>!;yo~o5h@pQZS+u8cb<*Er-}If)#b;Ev}C$xpuGZ$$*1b{ zKKg9o^qP>lw|bL4Jp@AO&k#8(x;V4;ok1+LcKj7UQS%zpm1dEo*v%lS_e-%$x$)k6 zMxiJ3AdFr47PZE?_>>2cH_%-37GYeDHkJR0*N$;SJ{Cgr{FMmg1T%#vfpR~<;7;ij zl5SY>1ExRgwmlz5T6ZszQ>vsoz>j-a@oW6D>`xBM_RWi%zuj zv}AQ7+-M&>X`{OF&FoZs!$i9Dy|nstvnQgFt&MB-CFSZgt7i;B+Ds z_zyQE@yo_$1&)PGRV0i}noOn!0M1bk-q#YT07`Gb7L-D2VHjNP{yurEskP{*NTvUmd zP9XT57<~zh$hj>+3+rUUV7nl&U1*t+g7Ki{%a08h&IyUV>HBcok%vDQ^}OqhygTjr z5wezm{A2STDiLG5CO(Arg;Pi1t^A&;Kxx>Axh0LvUc67w@M$FKcS1@}i~y8Qp~=Xg zwRPVXl_0t{^?JceIFi3UsySLNJV}ELd+}87^x^%&Wx#UYHzdi(?!H$-bWh8$GKK6p&xI+XOyh6FW$`d1EVhO6h~1YGt{zRX|_-?eRuR+L+zk3sq~q}Pj>=lCR8 zV4MtNn?4umOXwG;pp$<5_9HTolW_3AbZo#5s2CCye|pG|zdg&zmoV%+np=^)zj3)| zJtgL`digl9>c|ir(vr`g;ScI*b52FC0g_6FiU6=tfY{<27w}JH%b(=W7kgxQ zJTwY;`R|5pf}g#>77taK83yz}*dfX23Hzt<_OBp69O?gSkxP0zgcl#w>3TNzhPmAT z!rA}(tmDRMHO#i3Uw{9UyHfu=|GT8)|CVU%NT=&yZ1un99@GB!ZRB*{uYP(M@STnw z&cqGt7F;2tOIo4}%6lM*6z8ET8f(<&Co~uPojyqdsBd(IKiBR=bTG4Q6M2PT2#w>9 z!xnJQR~~FYVd85#GE+n$V8qM@Jr%ZWV~K+H%slaxE2H{SV>y@+7K7>{XIyKYm|CgE z=i>dGjhXx*>~*a?l?Au~@Tu{O6aF_*!87d67nOt3F9IO-?0=zivk5jnj!fW$_Ot2 z;O`YCn5gC-1dUGy-QI0mTye$zyx};_ zecXNBCa{px4tj=EDw#{`_y4qkQHB&t%wmW-n&MS1d@+v@Ba0NwAWq33|BIa;YLPq; zhw4;yyekm_R)AcQJPtJG2q7mqmI#as8jO)3(L)fb4b1H`w+@V%m5PG(*T^b;tc)$2 zQ`rmWo}bbug$l4U2sxj>Wi)cf*zgNX*#R>}B&mL>iP^pq`MC{PEHo|{_$}Non<_h_ z8YG#Vc#EjDcpa8Y{aYC`gATXAb|6qW-z4k&*~BCH(xDhWnkZfdZ3#?xgeEI;i85v+ z&8T2~FpU`0-L5%k(NabZC;Pf7-x9v3Xi5%%`@v7zA7_%E% zbHD^I3D&R-y{Y~ThpdGCK`5=h^id*GjGXL z>}{88UA;*|gvu_$L=H|%@? z_H74Hm(@p^Y7*glRAa+X*y^W6hugY*|5`ReSxQhXdD~|l9{o6)xZp43jY}INB*U!M zS#n$!H0_4legx#YYI>;otOrkmC1f+$yx;I93C+a+))U2OtgcXesKkksg`9-2e;Bsy zeVOC8{r58cu4ITb+A69f#&~;6RrG%^QqASNW*JuTI+u+KWlY&wxHgBbpbTVE@8x5H zFTogR5f*X4^mxLIP+viB5@82>RX8Z9vN}hkgcqoE)rl4YacvR}r-dE3=4RgKm($2I zb%W`1`(u4FOg4ObtEV(I7f2MN_JuH1{2LU=d;`7nWNv2~$uC-GLTYlF6#Cf zRk-!|&0G;W8p`OK#3a<8naPFEvgb-94=B>%yX>BnpA!7cn3vUy6^oEo{??1d$LA#U zZY7M`pOu*Om-nhwD=q`(i*OBU;%PEFqSQy1tkKwu!T1rnY_=Zcqan)EL4IJxpa`L| zD@Vaq=9V?DB1#oySf_`~-j178Hf3TaNI&vOtN?4dE>yJCaZym6ZYoSB`~ zCFN&`n=%wb;S_OJmra`W{^fyG^(WQ}5lk-A19_P!x}N#f+Eaz;GJ*54ETS;AA;2gm z;GXgCS|LQg!4=bTa+VvNF)D$Nhr+zhBwBRPAE3rQ7S@UjE=4SvHlrs)ppy*fBWxxiz^+|11J zq}5ff&Zo>3cbs{bZvi~k_e3Qy&-;p-{`Q9=ea`6?gI7wLZqevKA=gB6Y5`NpBJL-^ z9sx(T$Y8_m_SBADT}v2iWOU5M+@~f5sWbsSG?Ptba6R$|$P7xhA1r zj!JaZuy|*Nj(GnHN<(2bEe)JAgYBN%FyF>umT9{!Uj!Vix!gmTdCQQ`=GRfiLw>XLZB;Z-)mv&ViM*=7-rpXkMg0K7qjJ!u?#vQcAfswTkkw*4TPK z?{$(FLFApG<66D7O8KhnYuRY+#7nt_>K8xHkg=u4zp?-em9B5`rQeR^kDL5$LIJZ9 z#*)TAb7j9N9|ov2hjK^R9}SE?Fz_>8J<%n#LQ0=s45WnrX=S4?cTNc%>Wp0DXPn*$*qF!W{jtgcVcPyhhqUAA>^^S zFw|a?-lFc?A8SIKBL4A%YFDtuj`-;9=$wG}gd1gy2abbp=52%O`;KRhch4F6hhqZ% zJq-?%_`vdmo;~RSUk*DrJI~SXeobq;vrI$hi!BBU8Vec+s<&nM-v}Gaa`3eyfcBuU zC8dKW{dN3j14*!=RHCpwqK7Vu1MT^?CY_-vh3!UboP3|C2=TN&nVsQ<*Y@hG8=Wgu zW4)T_@h#7CRt|d3rm9y(Fq25D5rqd+x=s*LUxTbv2$m~c-8)XVP&7o|ljDCFY>Ta^ z)90!uh!?G{lQkju#c5I8H4-J8nTD@JwH;tw3`}D*hf>yYqwY7EvlR&#>|Y}N~AFIgdMP8JXpXt%;4NLxKOI))Zxrg2x6r*ej2)pk|!ji)bRy~2Ma0t+9_Q4 z6P$wfzxYPZVVO2%1j4ztdq(eDLvr~RA2Re!iFePR~muy$yCUdj+|pA-iw|M zv;N(3)yqZOK_51&XcVX25*=nzJ5tENmjce*Ia3I$*G2-#HGz)QEjYvsQTMkoUz#ho z2i;hI^mKw&sa=&jgSk5y-djM39mlKkeUgJcRVZs0AYlM3tCkFF6LNHBG_NhK8dK1{ zFwseJ2$Sxy`D;H06Gd9Y9)SsyDk{&mtS)iQfkjgsy#Fm!#F5FX9fkE3xx#R~%h=F+ zatc;;jjx!I3W{2m_mfuB;gUI**^I%Ach;%RtgTV6=O3umH{Md`o@01p0);|)yT53vkvzWttS=Jr z1dYk$wl@w)$T3_OQFI+$>Bf8xxG^(&L=`z`HPZ1URnz3N-E($MO~^VZz@C zne=HR$~Eu8-UnG*?MGzfzab>%7C8T4>SYb(h_DD~;rdnIbe6fxyHAA<0!}Cu9zItc zvkr>fe{+@x39w$X@Gzv%weHMZnxBJDMi#bW+-z{|QKHNt&Y{w77g|cnaP#8g-FnK}&IZHpg^J>Lxsc%vHw0w(UxoM`1WR`N2`*)kOdY7ua5 zFidVUb6=w?H683s&%mU@wg&8jRCWp%tHfQ-(js)L=;ts$^K&`6R;mbvF?}f}9cQ0$ zhoBJW1Gg_rZ<>Tw9P1&a&!lm3r-s-f&$@V5SV5BfG$g_%d|?__H= ziS`wepyejMfCpZmR{&I9)exJ4C=jVucx!I*{mRP0dJjT zhw{L9@b0CcldH&oCH&Hn#^LPC9HQi9a|z5J$}E@jM%r1x^Mv(2sVRkUT*L?XsqhlX zEg|RFFz{Yn-9HQdLX7TWgx+C&Q|y+fr(#@VwohE>3hYO(0tdnXlm!LHw!GcKsb5RC zhjwo7h71IuZ-Dg^1m--W@1eS?=SX&m=$~ZNdp^q>iqA(*{bPR`|42sbX0y+$cs17G z+qbhoWGxh|vFn7G5#Bxl!vw&#%e~{DN}>YD$A~h4n%FWmf_A4Wl;v8t?LP`uEp;8k zS8@iRKtQ^{aCoe2rny~Zvj=t;h$5Xrox=9Boa$!6eEnev&{R$BVf2AUB-odb&`O5= z7HD?scVy+V-O9lWJ#ZG?wQ=8xTMVsLn0eBDZ_EiDnuoO+c?C3)mDP~7A(3%BQTCOPUg0= zg98dN&{N>Y0c?Ij{B1^yNw!}*mEGFf1R5al6?^!{;Lq_?^1}3Ndv{+krsMQ#unK6h z2`a!oF#J+JRwmvi*qEgeXwZ1l^(g>JRM#2AVq~PBQ6b`GdUa`YCu0*Ryn5zUwh_{$ z>bKdJb_;_7_0dh-R^pZmQ$2+mZIwfRI_G?hKpU%r`I*x^l?^$_iLb8b1CyyI;&`xl zUTMuQPK;N0a5Kz}7-7Y(Zg^?bYa5Z{Bb@bWbVCud4qJZ!!M_^E8>}FGeqHB=PQgE% zVxodvd9kuK&VO_+CuUphSAih#&1=6@FLZOM9$aa46@-qDGU5DllY4?>W$~h~ddYs? zSYQ#;nGEdqJKSk0xHSY@BGBO8-3zWf_g13E?v9LS6NJ$qxV{~SFV-suZNN#6%$wZC z0WO#w=$#%Wr!(xFk!$O4A;X@A-|6NP69!0EELpUEjs`AnFm8PtUr+EK07dfQ>^2Dx z(|T1-{&GvygcWta%~)g6)#_@ImIpnDD@*!7nRu$qNaBlAsu!3Ikl8YBAV&akw51Q; z-VQP9Q9C<2ut+bLf{gAw8oV+a3=0eobH)LYPSlYb1({TZp~56ggCKJ)Q0g4luK_Au zFXl1ZM_Ub&*(p>{yVJhibLU3D=q`qclg(5ar`*+|8LjQ1 ze_V82^=k=P6uS!I*7BwV5|n)Rly097Xpez00@O3`fEZF9UHGnr z6I)rbNG*c0A^xEg(Gh)RfCl3+u=d2+C%lG02i#Y~GDL?D<#)W;Xs>C27ra;e`LinL z4%F@pyIQ01jl00ov`B|vSW(#EeY0_+2cCP-xFPm>{R1mFDZQ*1^2i2x)mR~V=AR?) zglb=CdOwsnulo!--G0CHQQ-Vtm{-Xr8g^vk*KfpvoxRUEu)Ez@xecQOD^kC7!yTnR z#ThACII&{2ApqekTFi{v`K(ZJ4_Q_*W3Meg;mEBS*mXXC`Qh3}DmDfpGjyK-C@6sw zA~yXTgX>yG#H{|TW9CjaVy5!bH!(|qY>Pf;QGu%?NpL)mnAGv^#ESlHhFmfrIQi&(WW)X}TEZ|dIMNDK(AHp3q zB_1Ax85a`h_3EO~Y{kj>y|H6x;_9cwc_4~D10 zsxu_U<;iTpWv0)X#-ya(ztSitj~L%p4Wi*z#}70$@g=j>h6g|b4ZRBp(}!J!u} zCpb8G(2F-SvY+NAy^mrE)k_nRx7~Z!)m8o3@AUX{2L+CpZCV@XIJO+4c#%8mN@1xH z+!qMBBLV@AV`Xu~A`!nBh&TMS*N~-?=3mz%A}7N297SUM9Zt`_+k8hQuV6B~*<2>> zP!n&WNXU7n=JB8^bGl)^<7)nx=7C<;)u~eo#vB%a1DJHAt-xX$s5)G{`N{RZVi4Zp zeiJAtUP3zwJNa9tB1ZhQXG~h+IONsdp=Xxlhr(m8=5uV$>s0z()y)(lTqKZIv;H*s zT(!ot^9m`)14Qma;qxg_EQxABzEF^=MXm3XOB9+r={=*pGVAT5#JBu8l`?aFIg|S7$ljkH;@Ws$yEzx1nL#3jrjIQGT=GAmlF&YY6M(J* zcSedwo7F4gQHBM!;#gwW{^V=ThYnbLQy|bo{DKx(T`(T z>%`*M%v=LaywPDSs?d5T(rUIk1b)mgG|YxE6iy zgakli+XzzCj{Rs}FbX=YEn(P zxBI~HIPzxvFuqm0bpcYA#*0J@AdZivANx4G5=PZ~J1c?4`XZs)W&%|7%?#NO>t~ft zJb!!l-?9Fk&~}JXoqJ63)g6)>&bC?Y9-xy@`(D+#lj{7;`<3U5JOiItC~eokY!-(b zyspHNd4~5J87&TP*ABAzp9~E@)eTkz*$|1hPTu9?l^QS&+q+hyL$Fva29O`WRfYq+tS%q!C1Q(6ex0af4iraFX=iX&y{l#7?3^ci0-r}^=4R=_?w@NnS$+L;UL_i=QKzObdA+nU-dBb!o#)QFLR!}V;j8LHtB(_} z)g+<(ouNN=CDK57Wlb~SAM%&2KkHd^nsmi+LE)D5D6i(YwhWDTRLW}%I%E%|dj&cf zcA#CLFh%=>b*yg*hDn|? zHQlEEYl!Lzwv%F{0_HX!6~cYK_39E)Bk+2c-YPwYxY0Usuu01oo#gsCIvfI#X2?xG zzHzF|b8U)bhphCEJP49QonHPq$eXkxXfR_7Hc)D59kN0HVqZG-2yz*W!m*A7gUgH; zYxLX&ZNC78+tCe4%crxoJHH0rcF|8CX?yb!Aehmv z2%oR{ZptbWc#dGjAq;Zp77f}SYjr4X{|KIo(s2?%xb{0bOrjr)?DrJkTcw{toZ0S9 zvR^-&v!#7e?b_LQE*Qs2qKjiPI=HrrpUR#Lof<35X72uSW4dC)w(wW}$Vi86A)2EV zm%B^cX(CTMA*n-HuEE-5A5<|50HA zD$P*unV);m9dgV-HcnT`PaNguWa#I2d`TM_aRTVN4oJS=D_tV=LZ(2<{ck-e-2Ir( z=mx)iMRAt60M%ctHo$M2@il~IXdxzs;fMBSd8cU6aOwNzPP4)2aGMq2K_9ksE1voi zlee5Mum5SUE3QB&zT=6R^OLO96JCei?Ksr@S+ov@$R=2kU5n#cy4oTm_>aV~^$M#^^WH8JbOSj=+Gq$sr_U z)gv106zz1~1&Bfa881o|5Kg<&2QJuqG{k2gL1ncJ!{k`^%`d>)+P?&IxGYJmrf=zg zS^nCgdwa(NaHlBW@b_gsq?}ZJ89UL}I-~iy#)!G?;{+uTkkqbS`+h+} zGM5UloisSt)xHc?krFQ|gj;r{dRvXSGxNZX>|rHRU)v$9DsRX5~f1GPW&fHan`kppDf_oar?D9<|oYR*5)A zI4|*Tu|6)ghl?Oq$l5IPnC&GYmQFKeOhee9jQ|pCf4yYfg7)`CpkeJ+xU;4TtD{+! z*J=|!uwbSghyG+FD|Ob)MEf4Q?T)QECTO!}$@Qcy2rx^)p+h*zDX;vx;V4;N?Zbg! z0+cP?04szzzdTsCxycVKO-14Roeujf&RlY}X5_3b4sJtzC`GKKG$UMqVxZ-Iojl!# z1YLgI?(tse5uR;Gs%ZdJ4SQuiq*jNqTMJ0D}&}Z6&endXs_wyzd%X zWx2lT*xAj=uYV!kbvcHd&RN$&<}X^r#2bIR!q8o~1GU8*&wFlpT=K(=E-?VLqAT3v ztSd+IAUzLHUux+s7no2D?%8WwThg*=#XmCPI{j-=O_NnKO0>^WfIfUyzsg2hCVB+b z!i9N(2fnJ2)w!7G5`>mKwXd3CYKbSTA-|=1^nwPcZT6faGuHK4j zURM5~byD}{@91Xqi`PbHGPkWAFsk2?k$jOXysBbaJ!~4d0nzR4XQBjjT(v-QT#(0k zoi78tNvSMcxevN_l05hkf>5+1)W+Xr5Okm>-sBAEEH^+uhNu*O9>@bOBmj3K%>(GB zgB^!l-AFO9WbQ`@ZOM{!)G#tFUnEvIXu1W48o2+6@x}p}k#E*IAG+XG?O zABXJ-O5wUF3Kq`yxD;D_47q8tO1^V2KTdCUnK8du-%~(_~^a(UZi7X zoKA$)j#ao2t=87m*S5IMdV4m0Jw?w8-n`Slkpse1^sdg(?bwK1PBoZ`Pw$Aa;h91k zu~k_4HUAd|Qg{3&8LNOyAv$j`rO9I0zcbvdZom%@+fq0-+g(KDobnZ(Gr$N(Z#E{B7)=n%Ykh z*`2MTuQwwYpBAoBt#m*699*CgwUtP&}g|Q6iG|siZU$7eO^vZhFNwZw2 zC%1&&^$22YcF{K|H7N}_NNa7J^n9V|Kx_3Gfs4&n z-90DVDvf}ScF?T7m!_uWQfw_Kny6yVcc!H|7cTz<+%p&mLu-Vr}uth33@Ol;d;`sy{1RB4*-Jibk=SnNF zBR6k)qfOI|FPYkRHg>{YukseY-f!yWoDwBNE1y4WTt6c?PHz?e{*YU;=~l)W8vdE_ zEAyV+wrtk+2>jRcmH25P_5HYTpVRJPPL0Xs`e>BKIlfK9My9J|BDZ&E{KtHY34R65 zd-;86{glYblRvs=Iv4yht^Z5^{pwDHZReNWJD+=t&ojNW#F;+^K;`)}F^wELhiImp zvTJ0k7edldNUR{E)7(C6>xQwyZlq?8F|iMEv08YgiaqTH(bo;>26s>vF(hQkM{SgU zb#uNT{zi@e{G$?&quB!I&4H2YXFT{HuIm@Bi3aiN_W!7RRKLHz^K-(ijzYX#R!j27-=>X9oSnJ#n3$ z*%^G6Hs6rX!Ku^}tPxM2I8ymOjH2@vm^`G9(dP^r@3e zPIS;CLeWls$|68|aO^(tK1S`Vd8CEIX(Q+sp>4$m=>vTI1*b#`q+e^#ISmZSNF-2eAV{oSDqG_cMC0zOKq)Hd`6GLm_?LK4HZrF~maWkaB z@r%lzxD{8D2E|Xo%1T}?H5f}%aryJB0syAhZfL9ylh<)YzWgsR46%jvlG zqOgj;Z3f-{p&>;6$1e-5&1KZe4CXO?3!E;$<@n<)$%QcLM@^%rWCzDbYbLXDgJSOM zQteyT27?o~==6+xo3fO8DzLU$w%lGw|a9GP_p4{)}&%`UvVa+(0AuSNb zdrtQYeb_!8O+iB(HRBhnhOF<(zbMHoT0lR`I>49xS;ZF5@lj(`k(ejCX(UO;O4?fX zkCxa+blLs9x=pO0CCS9O0Q#pioCEJE$(KD}&`I%|Xyvr`Fh4MXIH}?s%jq^j*FT4j zdiUEXuu@&KOIqXnvBazZc_@tLmuNg*?6K#SBIzu2i)zMRh9HwUoP%1sGt<9tJT5hf zd9>iC_OU~wcCwGn!T{|pI-PGb7y*(dkmxiJwuEH_o=9i8D$U8GDkGa|$oUdm32qhs z@%%nCLUkmq=l>aEmd)jgi&fT5IQ%-`O}OCo?Nkx?%j1=*#3(_A&1kwiQvB(Z`;j(P z{MQYtrC{ShN!&A->sK^#&DuD>^0{a}9^cEpeLQeR(xqmce*b5oO?7kb+f~d#W6BD> z&7z0{ky3{u$hC(jby*5|ezMO&xXD617gc}xu8hZBCQ1D#UbNOI!HiHWj4D{7&pdnX zo#x;lVF|HywbQ?R6`7o?$?|6n;$KKvho9QKFx(6%fS7*@93c_UP_dW3B1Pr|9y3VG zHdRyTcp#4>!kkf9&g2!cvw!SO&>2jw1Q7Fdv5Qknvuk8FbD-Hzbk(@6cgIZkk3}Bx znRpyBzj1+@he^lFN|Ev2C}g|;fj3FafFA0T#ipJ2o@5pM_w9S8J7o;6Z_|B5!)EBz zF<%Kb*(xka#z-eC#vI$dBc0}9*u3)qC4VH}6WSy80I;s(x(xE4t8n>n^4 zb;d5g=UIcF8EwTzK0M~dWUcJ~>N-OrLkY{wZ&iwY)hqXVj;Iu_<=9ZV{%CGv#@l&! zVm;0YYckJv%a4pwmlMs7LUlMH{)6{xBO-3mo1TrCRfQG(sDhtcbMWM56jm3=zQ5}V zse#Iw6EHnYcpn=(!y7(Fr~E`UL3M1t*`Yz_#|!-5fe%k~RnY7b3qt!$Al%EsFXP?3 zhu`F$6gn5!@N-+-Usy*xh?X-sEE5NREa_r2%Hae zuNQZf8QST{daQz$_Mlj43sN3xag?QjBG_WaRkJwyvuW>@cWvnp{+oYnhRdkOLZfHN zeqd|Q79QF?*%y@i{YQ&arb!fqtAjGx`UAe7dp5mNW8`)sUpaLVo|>-I5pAW-nG73S z3@ZrUaki-(5%}u)CQm@O5v#dxg7L&JG?DkiVWo|1X(zT|CMh%Jx4y33h-b?YP`ZMcU!&m?mwu9u%W0{#0( zy!XeI-|_iX*nTt2b%HC5ynJ0aY|dJvA>wo0?J9^RI{lO54TT~qO&n~z*mS&4S5puX zE+iiN{VaJX*NEf4)lvAp7e&4Ax_J0pcKWf?&}{`|^o;6)e;(zFhzxP233BRi<1wC* z|$lS{2ocy?{1f zmauEW{=1)&ON8B}Dn{j|c0Tam5uKp?PC5w*(Qbjp7=8U17B+h$$MB9)4qKnQU=(E1 zbA&$(eN&fuODqueae(5;S4{r9%ygI!jPDy0Wf5g?7Jb@OMFC-2!7syq&>iN$)9${h zcP3!Xq6qvGKca4-^POK%6HH0z3A*O=gMmk19t}U5>vvEgFMH+s!eJ~+_^Fll<_H$9 z7nNv^v6l6+RVBVRU7Y$!-6x{7DDAZucas*e-V9_UjHsp-Jxvu!9mzFA`6%~BU)O_f zhhmWE_{~=<^uvcJq0p#0r$R2C%2Qo_?1+5nxjRQ`IZ6pCW9m_x#OrE9sK2mO4XF;U zT;p)3kiZunS6`teT&jLyy<3snq|?DMDbaqVij87>0VUimehE8?mBqopcEq@`sQnQ` zo9Tv}-6I)vKi8k7(Bf)kS36oBH>qcScAWEE&Y9kEl)B#R3aEwRu>I8+pXG35UhaCP z&z;H8t3UJG)EL4PO<1rFxqZ(#pJ9QTInf^LEG`FSdB8%jG39s3b+3-c3{{^V&^u|8 zdzn9Gu(o2}n@r&lB(fQzgg_TAixUP|EO$*(4gZ!K)}fA?pT0xgLt)Y4iU2XUMmF~~`vEoP4>%zIcw0+gjS!f3Jfr+8LEN##) z#kKbPAlfuKp&ouSJ9dtBAugrSxQ8qY#H*%X7dD+p{>|$$-ziB7S*TpP|MG!=O;keo z_$ggLvHzc8Kh#M|8Bd?OYm-j)76Xuv2}{kc%C$Bzhu^pNPf1_ zX8i+QhM(UB3nrXL1ypJziH=;t;D%quDof_?4DM&e@%s9w&sM57>KL#NA66aYxuLb2 z1b)FBP#Srs#9-QtbEsyR5s^!Is`MOx?bBnj2N_>!g}$Z4r$l^IW8}M%QUCH`$(1;U zun4la&&t-y9;D=ME##2j-oNqQNKyGaw#ax={&**Z8{H9RCQ}CqcoJAsNwqYUkyr?*-{1p2r$nfh=kw04|Nwqd-Gy*pmG3L3qQWY|dk9`RLATPCMpcCQQ+uG{yAj@MDZ#$fLs1eD1TZeidzF z6uKl<{h9Zkbv~gro%Nxr zVQG$EFZYEwa@D(;&&(Ffo8xUVWV16WgGQKNTi{I4<54r)y*-2lxUq#!3$pBob_R}k z=X?;4yP4Y>TWm8PljZMv53QYvAM@o^BZm0WKGwHa#CbU>>zPl*{@j*yHI+Uyv82E} zK&yF+=OT^P&iZSpprfOtk{`F*OTfQLcPNUoD0T`eHR;da0E>zhNt}$*)a!J+7rUo3 z32{JYd|c5Q9^9$HeE7YTu-+Em>P~I_D`#qM4&wbiN-Uyy6)eDDk=zrnJKIwGLY_bA>xPnp?C6aEP z6yf*Z`t_}kgUg7j9{U8Fnngz>)L30+c}03ocMXwgbltN#|S$>F52O4*mYkQVoE$9Y5hf!8{~RNvdDql=sbwz^T^iXfIbqjq7{-rmJmEh zWC0$;5h>uD8`0o=Jm+#axisa$x&R$t{(!9Y$p0`-O?eo=B{dHYkefW~s?+~UXsLh?oRxoB#h za~VAU4|CC%J&Mmb#Dzc*pMP`5g#8zLJk!7}IPJf6E_z&o%fIS;HT0Gmsc;PoE~}P# zO(y9|tf&^tK(yFBE)p$ooE#Ce=rpltbU#|L!L*1QS0xNd9xBPb7Nh1qeLyGHPu{c{ zB|462l_rliD$-i6u_ERjS)L!gDm=B<<@r5fZ_;J2yQ^+~@<8EZ70h-r$#HGZlMiM) zH(7Iw;Fh=fL$e2s#Hh(Bvz#o1*)*akDplD(&dvsKB?tS2CkI#wH4l=1VxJLf$fP2jD#9>iy=R3#L*RzN%9H~FQ6%DDVl&>|u zwsd3@RTmy12^UNuut~zT`(?M0Xe`=zAf$g|P$cX?>X2?t;K6hTnzsXa0hEMUpYHB) z3k@nsns_lqE+Gm|F(I+n>@_fXno+!=UMX4&{B_x+fa&XAl09#|?bCe}3!_ralO7EhH*xh3o;K#uY7wYbY2)ix7MDyv@|nmb0h$ZX(oE}- zNR(zMf>>cP`!-~|(0%`4-FtTk7E*$v;^X{W$d)U|OTcTV(&}__o#x<5^tw}* zw`vWnQ)hK6`>h$iP4B)K=J}GO84R0FygR(Q@=PrdpWtik#Jb{BGF8&|5aPkZF>|#O zIXLw3eVo4HmAqS7hY8V!g@`6&suQli-HB|4Haf}nyv#$&K(FRmI%^}jQw&6efBxgi zTWjH;5bg32?M9phUM-obAV(Rf)3$1smnzL(&Lo9$!$hat8ca&p3NfiJeyfQBue+_Q z%(HF+VkkG%b;>AmQ>9CMCAr_!-b#mD%?lgPAL@NiAq&QNHG^&ZCa8tQBIHQi`sAi2 z5@ms>)^{|{f!U>A5W9m8D@u(s+JR{#Fg@GV8A%97r!y}9ao|&1;_iI{>!w^{P6JG( zg{g6_JFs^+bvU_XY2n<eV;Q)eqkD&G!jx^&PKgz8-E?t2exnu6`efgL$htIeckvNAYfb zzeTOytgQ7)Jd;`Kjn8$|7-q28t@6Aj(*gVv986aNvqtqPc#cfL!D z5~IUlGqUQXdxP)in?tN~go-s59m);!%eW-^%I%L|IeZVCdX@Dw@<7!`TF_x)+1skl zO0OiBzvQ_4yGPit^6z%SMQ@L~TBqLT456X1JvRaklEIOYesP!A=|s=x-WIC8LJEX!SV~MZuKQ#miCkffke7-DYg`=?I~5#^J!cj<$w|LC)a@eXoG> zrO~j_GYx`vmpyRsUL&~%UL}DC*-CtE$p?iu9b~C=b-2BeDNj_5t)`?0xNYQELz>Xg zHV=Cq|DMi@Gwyv$_WrDYXY+9PM;OeBG7Qz}g{x#xlEau7-$^xr?0Ueu1w~2Cp2p&u zXJTlofKHZ|h5f3#`*1zu+3{Ga@d%pb0}_Hfi?N)Hn`w}6RHfnOsO!CN_(bZ}zjQBI zc9NopG@wn5-lJ@AsHolj^`-pSOz7pF4+iwx*bjQgwL@PPk6!}TA-xJ$Q3Kic{ns^E zQc@TV-`BV%v1lByCUBgE2IeyjbuOd~vA3@UjdVW%vvZJ2g{9e7ueVRu}evUKE@RrKy zCN1BFo2owWJc4jOAsEVj}@r`Tkpnf`gQfkYg_1ib7YuEF(mz|*d&Mn{E zn2II_54u2Tiv&K++vg}Ym0oVMB7sM!V=Vm>EW(p^qk(!gPu32s^t#JuD4|xe^ZK{H z)fSvm6?+dkezce~9Wo4dt=V1X7MyR+h<$ezn&mlnvNP}Bj#A~nyQblZ!Sc2}{}fu> z2p4>6vy;?&syl4mBFZu`P&L~2$wt+OBB3e!`ouGEVbt~Ise}nCE0}$yc+a@zV%M{LH&)CSapw`=Z z6Mq5-{h#_rePc~7xAgTc8!wEIDOq+lZQvFT2OTuN&V*8ev*zPH*wRXJ8I>V*+(5{(AjzgfHl>^##nooO;jlrm0_wU75SW?c} zg{JZ}pE8bE?@QoK4DgM%aoMW+@D=+>|GWZU&3FHd{?3iLo=HdOOz%&c7j@9peScf` zNFu|LyM^=9Q)Rd~90V8^1-^)`H)*}uYbnf2LX&b$5I*z!KY$q&A&~&(8pngi| zDt=9ht6M$Kj!h6>^MdcD+as}ksopF1Ia=`C%FuB*XcDXhdZ(O&)e#fqFoX4ClSYejjaw88YR?qTvxofk~B|>V#p;@jm`0=Uwm!LF@Ef7nk|VwAPC1AX){b+F~n1&SO`2dN8t$yG@-} z+!f3!xr;;O3Vx>lWG^70@Tq^_;`Tjg$HR}0B`+JPSAu0*fzk6KjH-!Gz1g}7lMLw zgV%8&0hm@e!J9m?1mojDmcUyuqBCH}02T-+Fc$EF^Wcpb1_LGnFc5Bp$pX9}^B_rH zq>Y1vjR%H&{f5I4wgW&S>RYf10)Z!5{6hCK=C2$Ilw-{0R2gBS%b8yr;f0$rX{+&o|ufCp*D0mc@D5_!Q?5t6{dBc=*S9>9#WM}f8o zvlggDD4h>r08s;Y!OXcpcZedefFKw^b0`#G3}6#E%zr_yJgDX71NuN9mkTBiNEi=t z#vJhTfq^&JSSP6s)3Dj~SRu6F+)B@!ob%j_2 zFj8<9cCmVhZot|imBR@zja+!-T5?<(=QubJZ4lie&=2E5+Tpms1q4O`K+1)H6hH|K zbPMcYFfebv^EKdNSPr0ngj6tM zE?yu8LBe5jh(!j* z%c{~+n?Dtzl`yxmVujLDn}DMbEu94NAL6FQZVEn*E~di&n(nj9%y=7(2m(QT{>}Fa z^#8LqC_?f}8x;04`8G0U1P>J#Q5g%a$FEt4Y zZJN@4jsq>Vy(lB<1JU#i)!z?9XML2=gMGwiK74)Y(}I$YbqyupvtkS}%1bmcLTXf; zfK(<1RH7^Xw4&%FI3j8a=y&k{*LTpnjrrokhb#MWY$!3PU&US;K1>VNqiIiNXaD7K z@5gWpR##a`dw&$ffx_q9cHy`Gw*UcaY} z#b0iT!TJ`Cp1Ly0RH}Ep&FRkHqgRV((tAcxI8}Kti;?w>h()^bvBy?ZV}woLaW`fJ z)M%-u3Jl6nu}soOu?vra^ZhHL3LEg}pB%4$b`|Lga^G9~u*BmOg@z(acuo3S+0QF| zHAj-=r%BCnrzYNORg1TCu~?T61^+HE=!X*YNgQx(^z(pEXt<6-FS1gNxzh+z!t z<&$b);M7LyRjoJ)?u}sVJIImb8x@&E4$|pUpw4wBQr?yDZ>CgZuKpx^u*9uVZOF}X z;LLsVV5_pz{gk=XuyMKXowWF_3_;*cJ`e55`i*%#gO<^bZ7!#mVUAh!So_ZtBCp-z ze*4;Fi}%Sht{HT>BQJRVlZp;&zrdBrv9upY>!Kfat*KoLbbg zaetjAj7aer%2WIJhTwzJpu_6nRdOD4eiqG-D#@$Ej&}?j6l=t4;H*u}&3??3%j;w8 zcrIcVL)tTFlXnR!MTR%UGvAf0g)DJ$>QQtx-DcU)SE=qf*EYcI%Pn4v}uPEU#F2_rv8aKgAkX z|F5K-_5rQVRBr-FpKN?!cBhpHlk5=5{_Fk15X*KolE z2es23L9b(t4$dLMhES`?>z#{(A56)HJsG=xXU_X`p<9jBLLV{C_m-*cw_|UN9E516 zBoOU~L-)@J?S9U&)@UYhx{2*i3-3BT7kM*F8j2R4LoC@So7<~r$zv1HUev(jc{JnH z7Z4JcX75++qJvAy0%?m6pZOE@a#wIidYI)&nq1E8HKjtl{WvC+`h%^p>RamD)%LZ$ zgIMt^wZ>Z#J|_$h`z$de>pr%BjPd5^P1488RsB)uFr}+w^$jjF#ZA1d$z`p5d(yoI z`%#Vt)rNEq>78lYJf6ncOlIoSY2{Vpd*4)QeMKxr-lFZr{caF99C*UkyYkXrxnEna zOykYxl^l(>ESHQ!XZ`MvRaVi0=o{bOF>lVi=3O5vcg77)Aig^FAk5bn!=u|~*L%tI z@UdMcj&ZtV+^&mwu^#E>m{Mg2CN*crkmX3zdYPC~^;2lgxK|OWzXOn!ZR^@T6ZIn{ z^=;IIK^GIp9d-2&ab zN6`;v6CB}FpJVcdo63{jD_?{LU3 zZ@gZN>SCC5=p)LCHUC3ri^{=UN9DMNvCZLI*PG4d$v${7@qL! zf$%Yki_mZ>hVpF}{1*m#WbR9SZikAGnei1x(s%a{qJtY!44T8Yavh)BC&t%T z#I!4)CBRUUO{UgIaW~>`B-GepZ!g{Mi4Es37M*I@xKERFP?fU=XwAA9A#0m`UOa{OBT~h7FI6c&tRIOhhqfz*9%d~l3 z!57!A{n_n<7CHUAEHw8tU>VAavh}N@mEyx{r6bulH^YuiwVSBUmKYA^Fa|li{ zXQ+v4f&GF0J>K+<9J;^=)esTK`N;cnd{_MnS6*~6KVTiJs~eK$AECB8MO}{#QMf9mq6R_mz7b{D|=)5-OY4#zYKnmKZfF$xNo_X1}arQfQ}MUUh$r)0X8E8JuwdT ztvCa;G-uh7Q#*143t=t2kRrStEJa35BDFBRNIPtZL{KX^e_?y@n;U&qWO}{t9$=xs zN~KV~F+3Dqy-{0%>+1tMQvPP5Bzl{N^Bu=l?b`67__Mu&FAAQP+u0PGzcuzB!V*@$ zETuk)od^n{*b#;8~IUa-xdTOb$-TBItNscV_Hi~w*phr8T#|=fc*+yZZxWuX? z$}4?EWng?mSbsEaGM``|_}i7{UoH#dBXiGtbkh8_2pbC+?Cz5V(&9gT^E76Jlj@K2 z>q!ZTD??mPwEWpF&ii^3d%Q{nx8!}wlb_dYqt4m9_t(1C_~FMkg=5-YV|qDChzcW{ zckrP_{EY5Upb(0E$qqq3aZ{q(8k0k;TjeKHMPY5Igdq#+{&3Ta$;2k-RaGAHh0+I5 zk?XSVuMNJE@1nP~a*>ZH60RHv;@!X`fhpc^+5h?0IWhU2>|mjC_x0XBMr%A8YT*-p z3*EW}Qjh6A<&2g0&s9XJpAQR;=KM)pYkLQ0JZUEJnk%;w$J)oIJk6`%ZoEdU+Hlfg zEunOuJ+M)#ya4^V3bRV&>T4BP@yE!)9WyMHL>}`-3aD!nQRPvEJv6E6>%AF&Na2^# z05WwDLG}3x>JY09-%zqoWnqN_hVVP{P@jXl6=}vZVs<$nH0}NfV#*C@IWbTNerxS8 zeP}lxK>LN+EPlQ+%9HF1{kvDw^~~eOC11H+scv=IndanvWQv_1*^raP)cPskk2k+=k+J1izjq|2Nn1^{oKPT8bM{8H;32GSuGN+5dI@=c zC#O|FOWj!|&hZC!{KL{W(?aEnm@oMV`__u$x^d74165&$HXTXbmR<#%mcxc3UioKp zBGn=&WoK%_=Ai*rrzWLgfx^Pa1CQw@)vJk>YEs0%Fs2NrkCw73dl$6{yta$_mh3a% zvt{sECTI7XC;X<FQOt4if{RLv{nwA^I zx*D#ivpD%zt=v({ocf+g<`wlAdshHJugN`kS;#X?)i z(K&(-KDECozcoI@ZDZp8=Y&f{B02M@${?MOMAnW{<@-*yy0fGioV}>aO7;jdG+t3( z@jJ?Ib^awEh)ukZ(UOKu=i~gjUL%I-pOdMMe+-?nCv&8lv4d}{{P6B8S1HsqZu|0l zU#4+&X?Y0WAH5v6l5mP9xv$s`v)=sBdmKaJ>a7;B_rGRX;6Kc?)Q)KzYlkH+^s2jY{x&U9OD5HP*dU^R*F0G#-a1Z*h`3f3B6&5AF%t55zszP!(iqB+X{SW#^5%;*;*y8O?;L z#)LUKd6%4iDn|cF<;2{6wpsew^k?kgY5i^gjV79MuQcXj#@;$CeQ(?S1?lqX^)*($ z)yxE6pI77LpXuI9GGzY=gubwke*UfV&#%Qh!6|$r*9kO_xJUzD=Ox3QX9Pce=7g85>~xYY8S?r4zI*S|7T|e2?P^@1y0gH+{J5kT7V;> zm--*0k&~IRwJ|&LHz(UOYpazf-651bBn@PTB6yCj$J{@|uQ7}o2_!z{dGawa`es?V zV1@>aGqRSF7?qxHM}_fyW}KLIMo@AhOGm2qrd zr(+mSx)Qu!@Y@+?1(zz{M3-*;{z%@$K{P*#$FO1b`B~^4CpQf$M<>+hMw*3cOs^e6 zrDplDU)^7Q-Qgcv?3n$in(Xn{D!7J;&PUMCEPS79x21n_aK&_-F5#3j0;fDIvFm?T(Q3hSTNw zw(HO0GBN~@BU(Vl%0Dk1qgsnaJJI)p8OcvYhpwM#R|eXv&E)a#vxx5{@qonT<%k2|AEAJM(}=Fs zg|9?H(w6E*dR++gA%j_HiR1FCtGyYLb}O9;!B^SnQ)IP0Dk9xw+EqC0kF+M3D?ce^ed!Vn@yEr27@Sbt$*L$C>hv6tcjW!qK;GSHHyU?V&rZL@5 zjJLe=tzPYJJrQzL?@bzl-7ZM!kRkUZ{8YWxuQ~g!*5)w-5WY6-=ka!ki{%LA*VV7^Eb@lC+P{rW=!2KR;yrZnEOLT`5|Ly zX~~5cJ)-MN`myF~@shjW`XyjBU$pW@>Xh^<3b7c+Drnv$cHL2~h%hU})DssgT6v`L ziIqiD#*+s3q;wnSrUJeS+0XhoPG38}2r6cg%uVL?lZx zF^OysFhCD#o7=c|RGnNknD#-gL_TBe@LIjP^iw*XzLpg}hT{1p;cSZZCvC}%A_{$> zrfG`Vasg)XPT${X-#FCa>3469Rd`Jcc0zCmH5aeC>x`ZTF;>2JbF{=_Jg0q^T9m_^5}t^iE74;P(lamZs<(a zbWeWeo5EPF{%6aP*2)h|2{ls~51yucc6OI%sKD=ba#S<%u8Pl4;#;g!{4s)SeW%+O z?LqR}-Qzzq_y;%hSk@`?2L|gBmdEq7A3Mp^o`H>cvGOKL-~t+a)f1-5g5~h7K)iGz zly~);KFneWr6iZx*>-scE>Mm8W-7?SSs_yj#1!2>xRtLfmz5wIUih(7Xt9fLv2u^u zYXsNAODXr$@%@fG_ZXGV^$G!tk`?*v3%95 zmZ_}wwT8AyH9niA!3k!ACbO5{`nBS&6AA0l!V34-Dm9b0Vr#vM)GV&N*3Fs1dV69Z zvZ1v)gEqo9tY4%>Q2QlK&EkyO(Dh zz_;B0oRS5qPiRSq2Z10yq=3T?WTmk-erj&OZf$&R0$-PP5V%@xLG>tM>x z$-%*a@Yh_h@ISLMx3Tortqq=oI#pvMX9sg9H&!_VOJhAa7cI4;lY_0Lu@J3| zt&Q;|#dT=Q?X1iV zY>Yr}7v8G}4`5te;y{)I7&J9PakSKK$lw2kh7lex6~Jp?V`^o5>GiTRa5AF?74lq& zXn5dY1OfA)2t&9^d8mOO?Vl3xHv@+#R2<=41Kvt*;OgW80pSR590iQa&f_-;(&xAe2P45FgWny0|y;1B0B#c5)KF6ymMwba72(7qQn8o z2^`Ir9i8uFKn~%&h!_}X1BMQKp&U@aPt66kL~tQy1$?QXA8t3jKc&m+ zfAp#;4~GHIFfTP6ga+^d?SbQeAjL09gy$6Kha31mfm<5RjSREk2JU&VP2!RQ9(>?< zzNEnB2rh1FApN}I1$o|!92ao)c{}})mP$L-4 zWwUeYq6-)=vhJdX3+jRs27Khe$$KFa1~dQz8bD48Y#=zN0ND7zRs(L}WT%EB2?Xqr zLje&5eAFI6>;sOhLO>2E>!Q`=1kPoExp5*Ua6$0_4W2gxUU{(6 zNUdDRge)#Zq73?QiWl;4a%{!DA`dVlAaDu23led$Bk+8=7?{KlILLi+xCJy@8}YHmmOVT z?~?f(dzX?f7VIy1j=jGm5^aB5o>LdSoTKfslMCu%G8fpp6mx;S3-S_sTmU3ssu$S1 zpf0foc=>pNTF$Y@#SH>s01_{5beEME;Ja*kIhS*}m*D$bdk((Kwin>Llzf4{zqRM+ zyKD>AAA!EV;m{*l88%_8+^YbmXYWDf&#UOfGQA~2JZ845Of9Z*L>ho zM?8-p>cFN-5QzpR1Vw!PU)%%Ei(q}=d>r6O0~ve<=ivlT8pt9iH$X9H$;l0#cYwYw z1i`t$6AcJugYh7rhMhGvjBuJIFbPw$@QQ0i@0-eBPaJCwErKs{PF&M zVEw-gx5^Fi6yd!IfgnEr?j7R4$m@s#vS6aHAou*ad4@TImk$(26-hBjVb9G)K=>PL zNSnyZLzqAr3xa_{1VKZvfd3Gb8^}G`pahXYq5NA`L1Db$L4`nq%pvGVeh5Sp91%qy z#IL_cv^11|B&MNWa-*=Mq5V@vva}2E(c;Q$;G7W_wZ<2J97!4o3VMhosNo2N_!`S) z+mWDN11y;ThvolQdU<-|=e;n@NYP;*u?{NrI}`y2kz)dioX>wtYd(M5!f#~nEwGfB zS(nRp`b}M(u3$M2l@C9O(+@yKBI$UKlU3f~3x4FWXPbsd2EFTNjt(ki77Dj9?1SO4 zLE7$4xQy!J^PDrMgh6j@rtaZ&60Ay^2zb%c@z^t*9~wr)_fQx4gx*gd5x?IEa+h6i zzALTX;QKzbp{`ojV%~#>yU6=)*}4aPNo@K1ZSjmbfZ?w2^m)4W3CH&&Cr>|a3++NW z77~8C9aUor+|YUtTu~|qgA)TB-T^())mTKL#kAy3H8gv|9_$nzWA>31ZFT}t(NwnD zl@ed6Jmhmvci*)0thcBvL6R}TAikuP5$`9{eb>XHnjR-J9vp=#c+Rsux6&<9h9A!u z=RBW5dqZx^p-qijfbB~<-p5an-xlG;dHe;IxflJi=L<@)*|9@Re*LMm`M#AKq_zn| z1YB!gN(7>*C%uA?0<|4gzD_ASyDmVN@h!hOu6K+lro0KO&RT=F9Rw1J7USV+xc*p$ zev*=y^eQB|$y-<>-`cxwWgQngL^@Dit}Y%Y8Z%a7}jwM=|JL_po)nS2Zuz!Lm}-xtg;l z?Yz$VsyE$Y-@{EipU90Sg}XTX*AvIe&Ar>q7*|&AxXVTJbD%+nk zHI*adD*B`DQG=i&6ICMJ&X$aGR?3iZI7{rQsa(mN&#lOfj0~cofvvSLk+;w1u3f!Y zyJrg#^y(QVN$j5C0vzcQmL|P%JFt|vtkz{B{$A#vc$V_BK3icCvyS)`lP`W(+mt(t z$FT5iDVRTbGIw|rubb9KKY^5eZ&H)JR`Lg*{2^6o!?NSs$FZGD%T!U-1lMbX84?1Q z?ClrIK1fXw6F8h?kE&NaiA~}be;ZdU3{5EclV^?I$-XJQ<~sP}Tju&BS3}a}mFSNN zMV*H=x_H0%>yJ;qd~Fx-GBFNVSbz1FsG#-3Wc6=cl*gv}PjO!896kRM-T!c~m*#Qm zFU|aM_>lA>UqhU8g$S8ci3-i5^}hO)=iHQ=o;K9{pN=w7!BogU}w^8^VgDpSh*u6%En!B6Z^9aP^vx1h14^iEX79 ztIn+D4S?BBnst_H=g2(Fg*;vy(!|N2uBrIV-6Z6>ZA?mXW|?Y?8oMV;XVw&Ra(6*k z`F$>>(uuevXHyT8x+w2}pjCP_FR%Ae6gzYXNXObx z{ji%3)c0Ph;q2E&7@Wi#@D5A0jtFz%KX|5=E7&~ zGEtemQ88-TW~}o3LmOs4g?)|pxj8m`=`w@L9A6h^hvIa4ANV*~xp*lTSTbZgGm#w! z)|@RZq-dtRk0e#;q6fk$1v);>QIe*5`~Somo;=Ra{^e@GCR04fld536FK;TX8Qua9 zk?HIT?p;)o4IKP(ljIER&UL=ClrznM8@zoTbiN#``Mk=s$C8cW=`08DUzFS=uME5LpyGj469(-oc-fSfd2* zJ<%L5z^;t`MXYbGut~v?8MHEUVjTX2=hflVRAIJcQ@}8ueUa+t(H%1Xp8=99tQqSK z8q2R_xGMF(mJOI=_YMy@7AdP(u~xDPdPKgTzgs@?PILUz*mz3*@gE-JEv+6`H?5;z zQ!Us}<l6?ucFyz!Y#l4IM|813br_QLF%Yz?iT zK`qzRs-Hp99Xj70%6qo|unvB2On=&!?(pn)=uPUAu(QH#VJ8)j3=Nmc@{FmvpWh9f z!&BK!^P-ufCePSclSONGd`~*X3tvA~sbN``4Src_JFux7?wpvC$jnqx_jY&MIp=uF z)wuh$Vu+^7gFj(Ddv7*-cr-uKq-|>P36)2S2r@?+W=53747E!zANdz%f8SivQRi%t z*~zPabMtK0_8~p}`)86q0xatqS^1g5lIsi>_ClGy2B@OW1@eg5*4o)H^o$ zjKtkzVy^x?uF3op5@XPkvVhr)Dt(L|Kna6@JSE8f9`SHbE-A6=BUrV zr}>#F>Pv6>kB*c#Ux-p;XOm4Pp4!?7ig?iC=LXD_*?Q5$3|H;kW?kIWNqeh4V7W=9 zvi@bRmZw{b z{sYWp9=5f34S(b;E&NXF-ic}L%m)1_3#VyL`Z%*870)^7^y|utST)jtjSiKzLL=+d zk4q!ov6IwfQ5*m3E$ z!u;yp{(YTD9Z%Y}k;(1QM-7KLyV2iE{4#r$r~1d0#<*Yf)itYxs0|4Ogr@N6gvV#3 zTwBPtC5p+dbX&w!9G7*WJ2-m%rk_BUHlfb_v@}mc@W0GS`@Z9=Y zqyInJJM(a;zqWyoG1X9ZDzYyTitJ@4OJpx5lZ+VqzGf-LE?WsLDA_``Y!NDyB|=CT zlA_3-k`V71e$O*zsOR^4ulK+AIbFx~ow??Gy3aZHxzByp@8|eE@e5y;E;=q-I8^k{ z#0Q~A96sAV^!uJZ^!zQ0ZFKfPjDq!E`5*EVx{Q85=fdB34r@*CDjSpZzZL=GTa=+RZc6lv!FJFz2W*$zb!*swCyZVpwQg_cB$Jh&$k)y4k;w5rJ zKi^BJea(Ym9{X8hZ+@MSgeh?$nvFf$6F!`RESQMe9x)L*Y$s4vP#Tjf%UzPcC!78U z?kCe>Q9LkxwbZ!>Z~EJc!}i)tD8#_xcrcB4Hzg1B!;$%VZoH>ArdFGiRD60e$A zM9*~l?}?7=x$<%}Gm$>0(mdXYY?g8Yxp!qJhMPK^XCUikp?F>YtVet0qn1=tRxaBv znwNW_@V!P*Se&}Tqp|)RWZAS{{=1ut3y1anriVFC_6{~Sho!#ZLMTSUSA(wvEG2f> z*ame4Bsk}I6w|FPA@vSCQLSW0=*7sH>yTj>ZnVc6Qa#zx$|8B9L3X)NWUSMiD@kW} ztwuACCa>PXRL}I)rKYv;`^7o8zMp;cT=VcK&iNEsXg5+1wKVfUc+Vd;LvXcJKvfhR zWb_=-TxaBSzwI9|BB#8Aa&UNh|JxlAy-qhD?hz*;fzR0Kc2i!>_NSW0hKaoH1o>-ANi%HvXdGenCvP&k2|vRv=)A z<2@;+tzmDD&+4VKe*F%`v(JZ4zMA}5P}9VJWPsDSXIepz4{k`G*1A8MBbAopNQq~} zdA}uxf~O{}UxttkE90H&)m=(OQI+v7Vj8e+?XKNA6(@TJ=c>Vd-pLwm*%*D-nUD*a z10Evck6CL)j{8Zm*+Nr}_FWumDIV*_X5?2lxMbH*vI>!At@XZcvmk}FjEoKYa>K=r zAZ%)|kNb@2YkFL&Z7ux@%1U|jcGQyFSuh%9!?VAMYPKcQw0}uGfbfYu#pwBq@i<-j z#LX}?-4o1Hss5~k;$d&nAv>U0TI<5x8=WPVP18avRi5qjfxo=2*RjnAh!>7ax(}8+ z7+h8>vgZ^Z$)$6!)py%pt3hGaro50oyGr$B+y|xg%#-$4^asSaD1NToXJESd)Knz9lYY*~G znp=~G)?+w3z=$l`v@o%ntiI}-=4ju`6ya0dX+_B%9>Vcllp zI^cU_gE3Vr&Twc14Q{Zq081DX5(MR~$<3%{K_-?^@HR%)_u|F4Rpp6lbr{&vJC7&XONk)6^YUGrX5rso|8%Xh7`1)<5@V4Kg@ ztYlSJgd5pW`!O*~mdMzy`C^BOQx6o1PDSotRZ86rO<}5i*`#H^`{9w>RIMB^0pWYk zXyB8_F$h6Rf7kG@)m(@Lv#g!a25R;8a(|Y=zD~a^oZO8-!8 zisPkLFwo^sh%&J;LE0Fh2V6jLSzP|?{>UY=o|VR#Hh#KcDCbgaD2>xWt5%eQ+hMyp zAWw0giUJReothr{(~z9e#O8dtqLIUCmO%9B3g^90X}TtP=SL}2j&2#N*U?x%k!2%T z%jDwlCEzJ72wc768(o~)(brAeegkcXLhJ}cBc3_$18O_wJ4w>NZ`y+`;R<4Rdc8h% zUeSp-mlLr8;z2cIQHT0njKC-e>150kh&FycyAL`8c#S=HUT)LQ=T zIeC_N?}_LY9SIbttJLhAj?VSk8!Y#uRY4o?q)9uOZd(LT)M{#8vmial85YF4M)G-0 z-Bp#MLp6PJ_-wxqoq#vD*iqX>W*aDQ(VE|zrlg`fz!+LA*!p;VPc0_`d2&_=wue2n zI4p6%1C#NiL!LQ5X|9?i{p5fOOu)r5nS{g?o-MnxQN}%IB&yv1bpi8(loEw6pN@Qc z(P-gy1;vvjJf-}M6w3cIT6cG zJpHfqA5nVLeCO+}_WRfqdvAGPExCz0qwY;Oa1-OAD!wx}^M4tY%6m+;PqVMyNvi*r zJ#fUCYv`Azt7+sVnk??>TWK>QyKDD_4AjX;^1Hs?NgdT-qCrFr(JR`%|`~eQ*@DS7%U|<1+BAuYh8kUQuAlV?XAfM7in3j0~7d;PI6p@ zLce7CjF!x3^eGo=`i_30|7NYa51z>AQr7~f4nLa&2C)JOxoc~}t6hBqOc*_0i4!n^ zqvsLI&qSd|?HIKp%XH83U>__yM|2w>ipD;ekhPPKqToPC=u!A-I~{ncC0jim<9sj~ zdz2MemCo{q#-Q?$U9>MV(+h0W=;Z9cyo!W#;GHgPgM&F$l3Z*nVm9=cHdMYI8d^mi zEO zPuv2tK%--#p78yuU{ouJs@RR;1DJj4&Yr*dCG`58UpPH%d z86~d{d0IG;10F@akS_2+gfpa7ipiV~}pkNC!nlpS#h&mu(7mQkvioFvC zW53D-J!Mxkd~R+88`oF(EUO1wuVq^3VtAffZ6FUSmLIaORy*Ms?T`eN942CLvp`00p zbHWcl;Fo!>WDr3eaEY_DXo?c}_=Yd8J9&kXe)bH4OjeP^8qjf4Gu86@k5J_JeVQSo zVEs5vr`yWlOAgalWOq29opjXDt7cf0N$Iv_n zww=R+9a$5XNI%3j-HnVm&vDfrde58tlmuUY7zDNghGjq5NM!;buybHW^;}@x9w_zf zT}a@l|DIW}e&Bo(QtL`aE(%w8<`3G@+RA1LIoag03E)O zDjf7*=zq)ff1y$se@M4LCQXR^ygP2y?WBtKi2@~5Ans-d{3iWpPiyDxz#85Tuog%I zeudkvh}(gv>+0m}hTEYZrQhOMCrn*!^hF-=WFK#-F4HyVoc`Tm8W}an7&<|o@=@`t z-zKWO=lGZ_yuCadMD2u(JkG?`xTi+N*hrD_T{FIUYMe7`XuPp2kaqT*RkfILL+LdI zqvntGovOY(RHiYh0iofI?h`f9`$-=rFoZ=s)aOb(VB`{;DS-I2ND}fOPAdr2#$O=D zvN+B9q}h#Uq>83W!*(cA>a1(*C$k5FQML=L;uGAdry8FW#iOJKDHG*Qo|iYAbxLmS z5%~eTY`!GnOUWl4rf=>$f|fv*QdcEn^wD2WU(vetoq^<)gRNZ3%L`2Id!GkPR$}4j zKYXn(pmMk-=nWIM8M0^656loATR~M-zP41m6CGs`(wU(uocv)~;^NKNm@p)^@U+u0llXcTM9$4FspUfr9WmPPuCMNHhBolY9*q>nk z=@Ct;{uNyReH|I`gyu97_$^nBM*stY0|d9_sIwXYWD??>n7T|eKZ7<_Z-70<(tNddheb9lK@ z(+{ zX6O0mTgvNCJ&yItaIn{x3n`R4XV~1F!zAOi16-5WqYyeyY00f=hV(pak=y|_4@@e( z_%lJP*jD$+KF7th7mA)iSGfAvWb%Eisu}BZC6_vRi$Ccdx9jfYuf6fZhuVNb zSOH66>^u{l9JjNi6r)n z?|3a|4O4qnQCc3GLRDtLEc3K%urCx!M2{9Or8^I|MXdTJCn1lO*R>2&++N!)RudX$ zH*)OAP|Rhv`6-=k>yA-XaDX0c2w>R(flx!>Bo(wS?=Io5K80={<624U2#(@9d zA>*{3Q@=1cm0r4r8m+nM&Z68@k(*6Tg;wD#ZFltJ=wX&FmNi_M@N&5gAwBaY@&3&8 z6TeEoC!$rC^2Pcv^Dl4P#8HNlkz7aSw0hpQFaG&PibD?06;i%4tC`i$wME|lf`FBs zvm%C<&um5Pka9L}{8DwW#v(}~g(3L_KaH?E(l%0Q)Y)nNF2hZQ!mxUpkhc)k!0KGz z+Ke;FlXXw8Xe3Gg`gz~pG@aGz7KM^kF7$HB1$UXvFflkG(@o+|>G-7X2NE~e|(xYkYWNTu}Ekh4M_pAAC_sl}y%_><_@eT6! zLQl9&3*2KC@iHq8l0m3dFGcgpYcxg9c1Ru9@~k^#rqtQl&wjyV`TgR+?f1j8@`14N5Eh+w8;EDjU;lZDVG(b`_)7k#1_}qPV7mG4cB3Dl%GSqzZJGS)L&LY zW}%~hu-q+dX{n-y^;NK;kamp`7nLnCG%~8OLVKk3Ju6G-UFP=rTLy#jYu|5(BHz?a zKI}-}g}%I~mD1-+lbY1h#f`jChk1T@=5x7D(T?LI?)7&Q>g*LgljoI6`gNup8oOSj z!gbCKA9*`z?L{%Sy%pSZ_cRX*w3B?$nrJq+By%TM^naTY-h2ed4e104QwI!bt+1&N z-P8Rvz=VppEn8{L8QJhCOSW9q`Xutl$EW*xQOM-EsUtrI-%gY@+Z!dk+ZmN$oXJP7 zG=lkHtX`(^TIB9B-N@O-cvPn0)ihazSc{_*?RkR&ifSg4AQ#%aw>RT6tF>SESKhv0 z|C5Q|GALA6>tRRMg@Ti>$lpf!KV(4BhMJ$lmjHBem%-(K!UC+Pt(syMszFkjMN#tw&L!GqbV6i*8u0Q%Hyt9DVADDMs_yiPF1?y9_|FCwDFbXZ)MXc^f=ZD zcuxTtw?z;i%q2F+j!y1qH-pW^kN@WPbwHilCAb0#PYK)|$AO1}r%RICNW5MX8?vr5 zi3@;FaiCli;Ix3#Oo*$H`7>_)z%end;hyc3C~#!tz&=YtoRZ?7aiZJly^=}FWHyk_ z7PJ~dT&e1xabnxy_Wkrq*$IwN|6(P^C29T{C%zp{V?v{&8+hE`K$9et?!DfhaT43% z9#Wpb_ygQm(3S{s^Jo5yTh~J3s^|+Fbj}4;A-#_n_wekWaZ=k!$7JFk=m&7Sw%~4? z{uy^{JDi<(iz&_q1OdI{Bv9is=s)AY^_1IK$VoSk(po7dQ6TDGx_>kaT9lH0({%6}%WTZ(^3?grbp|1){rr2Rv3zvtf}|K6UfFnk-Q z05?1cgIDfhb9=X4Q`X(Zi4>9 zB8bFnBLB9lT(>I!kbEuh?~vCG%zq>wCa^L$g8mM9!`A#m^qt_ph5o%t5a0BH7d$g$ z1HFFZ$Hu)Mo3sG`TDWUPXq`e}32_nh#G67=)COVm8S3?S9&L0VctrO3=NFv76ecbb zA}*zDMXbMQju=5cDaR=$2Z7)sA%d-ND`NfDTVe!Repog?5DFIw5usCC5fZq=;KT^g z_#{PB(8b^)A>!kYtq4in-Mhqyv_MVyOVhx^0+A5m0eo4UUD;fmQrjV1nnxwD=OGYW zBt-C#LAM}|ZHJ%_J1KVrv}s%r! zqMQ>1V1>WLR1#uJoh$Iq$N00o&hEg7YPyfo@_;kZYPE7J`6_w7zBcgz#-Wb z4mCm{|DHl~xAt(j;Am!Jf5g@qy`@@7p;Q{_z~RD0LOD{v$s3}q08_AyayeN_udM=8 zi;K9Mobka8wgs_mtp-H-l)M6?Gh8Gjr0>~6*rZzc(PcFa*^Uz6nc1@t_aJEpHVErZ z#J_rwO&_+k9Ul|qdYnLZaFI};c#bUsZQESX7p9;OfqLK~Awm4m7J>v`L-1KDZAUOx zg0kcWJsDvywqJdlEN%2+#2MRUw((|dM3H(qKnw!GMMBvQoZKSY`oS<_V?g}MO?;KV zy0nF`tz9I31s$HS7Py75t#KxPF$JC=5W9u2enkdxE{Lxn#}k4Qwh%U%W_%s}zL%=F zzd_j4OKln~;_HI=ZV$W+1qEAW*ftx)NBi)IuaCDPHq|FSAH+*`c!bH@4Ftgg-bO*< zlM}Bi;gkR9{i_%VSDA None: + """Process Add or Update Events. + + Args: + params: Configuration Parameters + regions: AWS regions + accounts: AWS accounts + + Returns: + Status + """ + LOGGER.info("...process_add_event") + + if params["action"] in ["Add"]: + enable_and_configure_security_lake(params, regions, accounts) + for region in regions: + delegated_admin_session = common.assume_role( + params["CONFIGURATION_ROLE_NAME"], "sra-process-audit-acct-subscriber", params["DELEGATED_ADMIN_ACCOUNT_ID"] + ) + sl_client = delegated_admin_session.client("securitylake", region) + if params["SET_AUDIT_ACCT_DATA_SUBSCRIBER"]: + add_audit_acct_data_subscriber(sl_client, params, region) + if params["SET_AUDIT_ACCT_QUERY_SUBSCRIBER"]: + add_audit_acct_query_subscriber(sl_client, params, region) + + if params["SET_AUDIT_ACCT_QUERY_SUBSCRIBER"] and params["CREATE_RESOURCE_LINK"]: + configure_audit_acct_for_query_access(params, regions) + + LOGGER.info("...ADD_COMPLETE") + return + + LOGGER.info("...ADD_NO_EVENT") + + +def process_update_event(params: dict, regions: list, accounts: dict) -> None: + """Process Add or Update Events. + + Args: + params: Configuration Parameters + regions: AWS regions + accounts: AWS accounts + + Returns: + Status + """ + LOGGER.info("...process_update_event") + + if params["action"] in ["Update"]: + if params["DISABLE_SECURITY_LAKE"]: + disable_security_lake(params, regions, accounts) + else: + update_security_lake(params, regions) + update_log_sources(params, regions, accounts) + if params["SET_AUDIT_ACCT_DATA_SUBSCRIBER"]: + update_audit_acct_data_subscriber(params, regions) + if params["SET_AUDIT_ACCT_QUERY_SUBSCRIBER"]: + update_audit_acct_query_subscriber(params, regions) + + LOGGER.info("...UPDATE_COMPLETE") + return + + LOGGER.info("...UPDATE_NO_EVENT") + + +def process_delete_event(params: dict, regions: list, accounts: dict) -> None: + """Process Add or Update Events. + + Args: + params: Configuration Parameters + regions: AWS regions + accounts: AWS accounts + + Returns: + Status + """ + LOGGER.info("...process_delete_event") + if params["action"] in ["Update"]: + if params["DISABLE_SECURITY_LAKE"]: + LOGGER.info("...Disable Security Lake") + disable_security_lake(params, regions, accounts) + LOGGER.info("...DELETE_COMPLETE") + return + + LOGGER.info("...DELETE_NO_EVENT") + + +def process_event(event: dict) -> None: + """Process Event. + + Args: + event: event data + """ + event_info = {"Event": event} + LOGGER.info(event_info) + params = get_validated_parameters({"RequestType": "Update"}) + accounts = common.get_active_organization_accounts() + regions = common.get_enabled_regions(params["ENABLED_REGIONS"], params["CONTROL_TOWER_REGIONS_ONLY"] == "true") + + process_update_event(params, regions, accounts) + + +def parameter_pattern_validator(parameter_name: str, parameter_value: str | None, pattern: str, is_optional: bool = False) -> dict: + """Validate CloudFormation Custom Resource Properties and/or Lambda Function Environment Variables. + + Args: + parameter_name: CloudFormation custom resource parameter name and/or Lambda function environment variable name + parameter_value: CloudFormation custom resource parameter value and/or Lambda function environment variable value + pattern: REGEX pattern to validate against. + is_optional: Allow empty or missing value when True + + Raises: + ValueError: Parameter has a value of empty string. + ValueError: Parameter is missing + ValueError: Parameter does not follow the allowed pattern + + Returns: + Validated Parameter + """ + if parameter_value == "" and not is_optional: + raise ValueError(f"({parameter_name}) parameter has a value of empty string.") + elif not parameter_value and not is_optional: + raise ValueError(f"({parameter_name}) parameter is missing.") + elif not re.match(pattern, str(parameter_value)): + raise ValueError(f"({parameter_name}) parameter with value of ({parameter_value})" + f" does not follow the allowed pattern: {pattern}.") + return {parameter_name: parameter_value} + + +def get_validated_parameters(event: dict[str, Any]) -> dict: + """Validate AWS CloudFormation parameters. + + Args: + event: event data + + Returns: + Validated parameters + """ + params: dict[str, str | bool] = {} + actions = {"Create": "Add", "Update": "Update", "Delete": "Remove"} + params["action"] = actions[event.get("RequestType", "Create")] + true_false_pattern = r"^true|false$" + log_source_pattern = r"(?i)^((ROUTE53|VPC_FLOW|SH_FINDINGS|CLOUD_TRAIL_MGMT|LAMBDA_EXECUTION|S3_DATA|EKS_AUDIT|WAF),?){0,7}($|ROUTE53|VPC_FLOW|SH_FINDINGS|CLOUD_TRAIL_MGMT|LAMBDA_EXECUTION|S3_DATA|EKS_AUDIT|WAF){1}$" # noqa: E501, B950 + version_pattern = r"^[0-9.]+$" + source_target_pattern = r"^($|ALL|(\d{12})(,\s*\d{12})*)$" + name_pattern = r"^[\w+=,.@-]{1,64}$" + + # Required Parameters + params.update(parameter_pattern_validator("DISABLE_SECURITY_LAKE", os.environ.get("DISABLE_SECURITY_LAKE"), pattern=true_false_pattern)) + params.update(parameter_pattern_validator("DELEGATED_ADMIN_ACCOUNT_ID", os.environ.get("DELEGATED_ADMIN_ACCOUNT_ID"), pattern=r"^\d{12}$")) + params.update(parameter_pattern_validator("MANAGEMENT_ACCOUNT_ID", os.environ.get("MANAGEMENT_ACCOUNT_ID"), pattern=r"^\d{12}$")) + params.update(parameter_pattern_validator("AWS_PARTITION", os.environ.get("AWS_PARTITION"), pattern=r"^(aws[a-zA-Z-]*)?$")) + params.update(parameter_pattern_validator("CONFIGURATION_ROLE_NAME", os.environ.get("CONFIGURATION_ROLE_NAME"), pattern=name_pattern)) + params.update(parameter_pattern_validator("SUBSCRIBER_ROLE_NAME", os.environ.get("SUBSCRIBER_ROLE_NAME"), pattern=name_pattern)) + params.update(parameter_pattern_validator("CONTROL_TOWER_REGIONS_ONLY", os.environ.get("CONTROL_TOWER_REGIONS_ONLY"), pattern=true_false_pattern)) + params.update( + parameter_pattern_validator("SET_AUDIT_ACCT_DATA_SUBSCRIBER", os.environ.get("SET_AUDIT_ACCT_DATA_SUBSCRIBER"), pattern=true_false_pattern) + ) + params.update( + parameter_pattern_validator("SET_AUDIT_ACCT_QUERY_SUBSCRIBER", os.environ.get("SET_AUDIT_ACCT_QUERY_SUBSCRIBER"), pattern=true_false_pattern) + ) + params.update(parameter_pattern_validator("SOURCE_VERSION", os.environ.get("SOURCE_VERSION"), pattern=version_pattern)) + params.update(parameter_pattern_validator("SET_ORG_CONFIGURATION", os.environ.get("SET_ORG_CONFIGURATION"), pattern=true_false_pattern)) + params.update(parameter_pattern_validator("META_STORE_MANAGER_ROLE_NAME", os.environ.get("META_STORE_MANAGER_ROLE_NAME"), pattern=name_pattern)) + params.update(parameter_pattern_validator("CREATE_RESOURCE_LINK", os.environ.get("CREATE_RESOURCE_LINK"), pattern=true_false_pattern)) + params.update(parameter_pattern_validator("KEY_ALIAS", os.environ.get("KEY_ALIAS"), pattern=r"^[a-zA-Z0-9/_-]+$")) + + # Optional Parameters + params.update(parameter_pattern_validator("ENABLED_REGIONS", os.environ.get("ENABLED_REGIONS"), pattern=r"^$|[a-z0-9-, ]+$", is_optional=True)) + params.update( + parameter_pattern_validator("CLOUD_TRAIL_MGMT", os.environ.get("CLOUD_TRAIL_MGMT"), pattern=source_target_pattern, is_optional=True) + ) + params.update(parameter_pattern_validator("ROUTE53", os.environ.get("ROUTE53"), pattern=source_target_pattern, is_optional=True)) + params.update(parameter_pattern_validator("VPC_FLOW", os.environ.get("VPC_FLOW"), pattern=source_target_pattern, is_optional=True)) + params.update(parameter_pattern_validator("SH_FINDINGS", os.environ.get("SH_FINDINGS"), pattern=source_target_pattern, is_optional=True)) + params.update( + parameter_pattern_validator("LAMBDA_EXECUTION", os.environ.get("LAMBDA_EXECUTION"), pattern=source_target_pattern, is_optional=True) + ) + params.update(parameter_pattern_validator("S3_DATA", os.environ.get("S3_DATA"), pattern=source_target_pattern, is_optional=True)) + params.update(parameter_pattern_validator("EKS_AUDIT", os.environ.get("EKS_AUDIT"), pattern=source_target_pattern, is_optional=True)) + params.update(parameter_pattern_validator("WAF", os.environ.get("WAF"), pattern=source_target_pattern, is_optional=True)) + params.update( + parameter_pattern_validator( + "ORG_CONFIGURATION_SOURCES", os.environ.get("ORG_CONFIGURATION_SOURCES"), pattern=log_source_pattern, is_optional=True + ) + ) + + params.update( + parameter_pattern_validator( + "AUDIT_ACCT_DATA_SUBSCRIBER", os.environ.get("AUDIT_ACCT_DATA_SUBSCRIBER"), pattern=name_pattern, is_optional=True + ) + ) + params.update( + parameter_pattern_validator( + "DATA_SUBSCRIBER_EXTERNAL_ID", os.environ.get("DATA_SUBSCRIBER_EXTERNAL_ID"), pattern=r"^(?:[a-zA-Z0-9]{0,64})?$", is_optional=True + ) + ) + + params.update( + parameter_pattern_validator( + "AUDIT_ACCT_QUERY_SUBSCRIBER", os.environ.get("AUDIT_ACCT_QUERY_SUBSCRIBER"), pattern=name_pattern, is_optional=True + ) + ) + params.update( + parameter_pattern_validator( + "QUERY_SUBSCRIBER_EXTERNAL_ID", os.environ.get("QUERY_SUBSCRIBER_EXTERNAL_ID"), pattern=r"^(?:[a-zA-Z0-9]{0,64})?$", is_optional=True + ) + ) + + # Convert true/false string parameters to boolean + params.update({"DISABLE_SECURITY_LAKE": (params["DISABLE_SECURITY_LAKE"] == "true")}) + params.update({"SET_AUDIT_ACCT_DATA_SUBSCRIBER": (params["SET_AUDIT_ACCT_DATA_SUBSCRIBER"] == "true")}) + params.update({"SET_AUDIT_ACCT_QUERY_SUBSCRIBER": (params["SET_AUDIT_ACCT_QUERY_SUBSCRIBER"] == "true")}) + params.update({"CONTROL_TOWER_REGIONS_ONLY": (params["CONTROL_TOWER_REGIONS_ONLY"] == "true")}) + params.update({"SET_ORG_CONFIGURATION": (params["SET_ORG_CONFIGURATION"] == "true")}) + params.update({"CREATE_RESOURCE_LINK": (params["CREATE_RESOURCE_LINK"] == "true")}) + + return params + + +def enable_and_configure_security_lake(params: dict, regions: list, accounts: dict) -> None: + """Enable the security lake service and configure its global settings. + + Args: + params: Configuration Parameters + regions: AWS regions + accounts: AWS accounts + """ + security_lake.register_delegated_admin(params["DELEGATED_ADMIN_ACCOUNT_ID"], HOME_REGION, SERVICE_NAME) + provision_security_lake(params, regions) + add_log_sources(params, regions, accounts) + for region in regions: + key_id = f'alias/{params["KEY_ALIAS"]}-{region}' + security_lake.encrypt_sqs_queues(params["CONFIGURATION_ROLE_NAME"], params["DELEGATED_ADMIN_ACCOUNT_ID"], region, key_id) + + +def provision_security_lake(params: dict, regions: list) -> None: + """Enable Security Lake and configure Organization Configurations. + + Args: + params: parameters + regions: AWS regions + """ + all_data = [{"region": region, "key_arn": f'alias/{params["KEY_ALIAS"]}-{region}'} for region in regions] + sl_configurations = [{"encryptionConfiguration": {"kmsKeyId": data["key_arn"]}, "region": data["region"]} for data in all_data] + delegated_admin_session = common.assume_role( + params["CONFIGURATION_ROLE_NAME"], + "sra-create-data-lake", + params["DELEGATED_ADMIN_ACCOUNT_ID"], + ) + sl_client = delegated_admin_session.client("securitylake", HOME_REGION) + LOGGER.info(f"Creating Security Lake in {(', '.join(regions))}") + role_arn = f"arn:{PARTITION}:iam::{params['DELEGATED_ADMIN_ACCOUNT_ID']}:role/service-role/{params['META_STORE_MANAGER_ROLE_NAME']}" + security_lake.create_security_lake(sl_client, sl_configurations, role_arn) + status = security_lake.check_data_lake_create_status(sl_client, regions) + if status: + LOGGER.info("CreateDataLake status 'COMPLETED'") + process_org_configuration(sl_client, params["SET_ORG_CONFIGURATION"], params["ORG_CONFIGURATION_SOURCES"], regions, params["SOURCE_VERSION"]) + + +def update_security_lake(params: dict, regions: list) -> None: + """Update Security Lake and Organization Configurations. + + Args: + params: parameters + regions: AWS regions + """ + for region in regions: + delegated_admin_session = common.assume_role( + params["CONFIGURATION_ROLE_NAME"], + "sra-update-security-lake", + params["DELEGATED_ADMIN_ACCOUNT_ID"], + ) + sl_client = delegated_admin_session.client("securitylake", region) + LOGGER.info(f"Checking if Security Lake is enabled in {region} region...") + lake_exists = security_lake.check_data_lake_exists(sl_client, region) + if lake_exists: + LOGGER.info(f"Security Lake already enabled in {region} region.") + else: + LOGGER.info(f"Security Lake not found in {region} region. Enabling Security Lake...") + key_id = f'alias/{params["KEY_ALIAS"]}-{region}' + sl_configurations = [{"encryptionConfiguration": {"kmsKeyId": key_id}, "region": region}] + role_arn = f"arn:{PARTITION}:iam::{params['DELEGATED_ADMIN_ACCOUNT_ID']}:role/service-role/{params['META_STORE_MANAGER_ROLE_NAME']}" + security_lake.create_security_lake(sl_client, sl_configurations, role_arn) + lake_exists = security_lake.check_data_lake_exists(sl_client, region) + if lake_exists: + LOGGER.info(f"Security Lake is enabled in {region}.") + security_lake.encrypt_sqs_queues(params["CONFIGURATION_ROLE_NAME"], params["DELEGATED_ADMIN_ACCOUNT_ID"], region, key_id) + process_org_configuration(sl_client, params["SET_ORG_CONFIGURATION"], params["ORG_CONFIGURATION_SOURCES"], regions, params["SOURCE_VERSION"]) + + +def process_org_configuration( + sl_client: SecurityLakeClient, set_org_configuration: bool, org_configuration_sources: str, regions: list, source_version: str +) -> None: + """Set Security Lake organization configuration for new accounts. + + Args: + sl_client: boto3 client + set_org_configuration: enable organization configurations for new accounts + org_configuration_sources: list of aws log sources + regions: AWS regions + source_version: source version + """ + LOGGER.info(f"Checking if Organization Configuration enabled in {', '.join(regions)} region(s)") + org_configuration_exists, existing_org_configuration = security_lake.get_org_configuration(sl_client) + if set_org_configuration: + sources = [source.strip() for source in org_configuration_sources.split(",")] + if not org_configuration_exists: + LOGGER.info(f"Organization Configuration not enabled in {', '.join(regions)} region(s). Creating...") + security_lake.create_organization_configuration(sl_client, regions, sources, source_version) + LOGGER.info("Enabled Organization Configuration") + else: + security_lake.update_organization_configuration(sl_client, regions, sources, source_version, existing_org_configuration) + else: + if org_configuration_exists: + LOGGER.info(f"Deleting Organization Configuration in {r', '.join(regions)} region(s)...") + security_lake.delete_organization_configuration(sl_client, existing_org_configuration) + LOGGER.info("Deleted Organization Configuration") + + +def add_log_sources(params: dict, regions: list, org_accounts: dict) -> None: + """Configure aws log sources. + + Args: + params: Configuration parameters + regions: A list of AWS regions. + org_accounts: A list of AWS accounts. + """ + aws_log_sources = [] + org_accounts_ids = [account["AccountId"] for account in org_accounts] + delegated_admin_session = common.assume_role(params["CONFIGURATION_ROLE_NAME"], "sra-add-log-sources", params["DELEGATED_ADMIN_ACCOUNT_ID"]) + sl_client = delegated_admin_session.client("securitylake", HOME_REGION) + for log_source in AWS_LOG_SOURCES: + if params[log_source] != "": + accounts = params[log_source].split(",") if params[log_source] != "ALL" else org_accounts_ids + configurations = {"accounts": accounts, "regions": regions, "sourceName": log_source, "sourceVersion": params["SOURCE_VERSION"]} + aws_log_sources.append(configurations) + if aws_log_sources: + security_lake.add_aws_log_source(sl_client, aws_log_sources) + + +def update_log_sources(params: dict, regions: list, org_accounts: dict) -> None: + """Configure aws log sources. + + Args: + params: Configuration parameters + regions: A list of AWS regions. + org_accounts: A list of AWS accounts. + """ + org_accounts_ids = [account["AccountId"] for account in org_accounts] + delegated_admin_session = common.assume_role(params["CONFIGURATION_ROLE_NAME"], "sra-update-log-sources", params["DELEGATED_ADMIN_ACCOUNT_ID"]) + sl_client = delegated_admin_session.client("securitylake", HOME_REGION) + for log_source in AWS_LOG_SOURCES: + if params[log_source] != "": + accounts = params[log_source].split(",") if params[log_source] != "ALL" else org_accounts_ids + security_lake.update_aws_log_source(sl_client, regions, log_source, accounts, org_accounts_ids, params["SOURCE_VERSION"]) + elif params[log_source] == "": + result = security_lake.check_log_source_enabled(sl_client, [], org_accounts_ids, regions, log_source, params["SOURCE_VERSION"]) + accounts = list(result.accounts_to_disable) + if result.source_exists: + security_lake.delete_aws_log_source(sl_client, regions, log_source, accounts, params["SOURCE_VERSION"]) + else: + LOGGER.info(f"Error reading value for {log_source} parameter") + + +def update_audit_acct_data_subscriber(params: dict, regions: list) -> None: + """Configure Audit (Security Tooling) account as data access subscriber. + + Args: + params: parameters + regions: AWS regions + """ + s3_access = "S3" + sources = [source for source in AWS_LOG_SOURCES if params[source]] + if sources == []: + LOGGER.info("No log sources selected for data access subscriber. Skipping...") + else: + for region in regions: + subscriber_name = params["AUDIT_ACCT_DATA_SUBSCRIBER"] + "-" + region + delegated_admin_session = common.assume_role( + params["CONFIGURATION_ROLE_NAME"], "sra-process-audit-acct-subscriber", params["DELEGATED_ADMIN_ACCOUNT_ID"] + ) + sl_client = delegated_admin_session.client("securitylake", region, config=BOTO3_CONFIG) + subscriber_exists, subscriber_id, external_id = security_lake.check_subscriber_exists(sl_client, subscriber_name) + if subscriber_exists: + security_lake.update_subscriber( + sl_client, subscriber_id, sources, external_id, AUDIT_ACCT_ID, subscriber_name, params["SOURCE_VERSION"] + ) + else: + external_id = params["DATA_SUBSCRIBER_EXTERNAL_ID"] + LOGGER.info(f"Creating Audit account subscriber '{subscriber_name}' in {region} region...") + subscriber_id, _ = security_lake.create_subscribers( + sl_client, s3_access, sources, external_id, AUDIT_ACCT_ID, subscriber_name, params["SOURCE_VERSION"] + ) + + +def add_audit_acct_data_subscriber(sl_client: SecurityLakeClient, params: dict, region: str) -> None: + """Configure Audit (Security Tooling) account as data access subscriber. + + Args: + sl_client: boto3 client + params: configuration parameters + region: AWS region + """ + subscriber_name = params["AUDIT_ACCT_DATA_SUBSCRIBER"] + "-" + region + sources = [source for source in AWS_LOG_SOURCES if params[source]] + if sources == []: + LOGGER.info("No log sources selected for data access subscriber. Skipping...") + else: + subscriber_exists, subscriber_id, external_id = security_lake.check_subscriber_exists(sl_client, subscriber_name) + if subscriber_exists: + security_lake.update_subscriber(sl_client, subscriber_id, sources, external_id, AUDIT_ACCT_ID, subscriber_name, params["SOURCE_VERSION"]) + else: + external_id = params["DATA_SUBSCRIBER_EXTERNAL_ID"] + LOGGER.info(f"Creating Audit account subscriber '{subscriber_name}' in {region} region...") + subscriber_id, _ = security_lake.create_subscribers( + sl_client, "S3", sources, external_id, AUDIT_ACCT_ID, subscriber_name, params["SOURCE_VERSION"] + ) + + +def update_audit_acct_query_subscriber(params: dict, regions: list) -> None: + """Configure Audit (Security tooling) account as query access subscribe. + + Args: + params: parameters + regions: AWS regions + """ + lakeformation_access = "LAKEFORMATION" + sources = [source for source in AWS_LOG_SOURCES if params[source]] + if sources == []: + LOGGER.info("No log sources selected for query access subscriber. Skipping...") + else: + for region in regions: + subscriber_name = params["AUDIT_ACCT_QUERY_SUBSCRIBER"] + "-" + region + delegated_admin_session = common.assume_role( + params["CONFIGURATION_ROLE_NAME"], "sra-process-audit-acct-subscriber", params["DELEGATED_ADMIN_ACCOUNT_ID"] + ) + sl_client = delegated_admin_session.client("securitylake", region) + subscriber_exists, subscriber_id, external_id = security_lake.check_subscriber_exists(sl_client, subscriber_name) + if subscriber_exists: + LOGGER.info(f"Audit account subscriber '{subscriber_name}' exists in {region} region. Updating subscriber...") + resource_share_arn = security_lake.update_subscriber( + sl_client, subscriber_id, sources, external_id, AUDIT_ACCT_ID, subscriber_name, params["SOURCE_VERSION"] + ) + else: + external_id = params["QUERY_SUBSCRIBER_EXTERNAL_ID"] + LOGGER.info(f"Audit account subscriber '{subscriber_name}' does not exist in {region} region. Creating subscriber...") + subscriber_id, resource_share_arn = security_lake.create_subscribers( + sl_client, lakeformation_access, sources, external_id, AUDIT_ACCT_ID, subscriber_name, params["SOURCE_VERSION"] + ) + if params["CREATE_RESOURCE_LINK"]: + configure_query_subscriber_on_update( + params["SUBSCRIBER_ROLE_NAME"], + AUDIT_ACCT_ID, + subscriber_name, + params["DELEGATED_ADMIN_ACCOUNT_ID"], + region, + resource_share_arn, + params["SUBSCRIBER_ROLE_NAME"], + ) + + +def add_audit_acct_query_subscriber(sl_client: SecurityLakeClient, params: dict, region: str) -> None: + """Configure Audit (Security tooling) account as query access subscribe. + + Args: + sl_client: boto3 client + params: configuration parameters + region: AWS region + """ + subscriber_name = params["AUDIT_ACCT_QUERY_SUBSCRIBER"] + "-" + region + sources = [source for source in AWS_LOG_SOURCES if params[source]] + if sources == []: + LOGGER.info("No log sources selected for query access subscriber. Skipping...") + else: + external_id = params["QUERY_SUBSCRIBER_EXTERNAL_ID"] + LOGGER.info(f"Audit account subscriber '{subscriber_name}' does not exist in {region} region. Creating subscriber...") + security_lake.create_subscribers(sl_client, "LAKEFORMATION", sources, external_id, AUDIT_ACCT_ID, subscriber_name, params["SOURCE_VERSION"]) + + +def configure_audit_acct_for_query_access(params: dict, regions: list) -> None: + """Configure resources for query access in Audit account. + + Args: + params: configuration parameters + regions: AWS regions + """ + for region in regions: + subscriber_name = params["AUDIT_ACCT_QUERY_SUBSCRIBER"] + "-" + region + delegated_admin_session = common.assume_role( + params["CONFIGURATION_ROLE_NAME"], "sra-process-audit-acct-subscriber", params["DELEGATED_ADMIN_ACCOUNT_ID"] + ) + sl_client = delegated_admin_session.client("securitylake", region) + subscriber_created, resource_share_arn = security_lake.get_subscriber_resourceshare_arn(sl_client, subscriber_name) + if subscriber_created: + LOGGER.info(f"Configuring Audit (Security tooling) account subscriber '{subscriber_name}' ({region})") + if params["CREATE_RESOURCE_LINK"]: + configure_query_subscriber_on_update( + params["SUBSCRIBER_ROLE_NAME"], + AUDIT_ACCT_ID, + subscriber_name, + params["DELEGATED_ADMIN_ACCOUNT_ID"], + region, + resource_share_arn, + params["SUBSCRIBER_ROLE_NAME"], + ) + + +def configure_query_subscriber_on_update( + configuration_role_name: str, + subscriber_acct: str, + subscriber_name: str, + security_lake_acct: str, + region: str, + resource_share_arn: str, + subscriber_role: str, +) -> None: + """Configure query access subscriber. + + Args: + configuration_role_name: configuration role name + subscriber_acct: subscriber AWS account + subscriber_name: subscriber name + security_lake_acct: Security Lake delegated administrator account + region: AWS region + resource_share_arn: RAM resource share arn + subscriber_role: subscriber role name + """ + subscriber_session = common.assume_role(configuration_role_name, "sra-create-resource-share", subscriber_acct) + ram_client = subscriber_session.client("ram", region) + LOGGER.info(f"Configuring resource share link for subscriber '{subscriber_name}' ({region})") + security_lake.configure_resource_share_in_subscriber_acct(ram_client, resource_share_arn) + shared_db_name, shared_tables = security_lake.get_shared_resource_names(ram_client, resource_share_arn) + if shared_tables == "" or shared_db_name == "": + LOGGER.info(f"No shared resource names found for subscriber '{subscriber_name}' ({region})") + else: + subscriber_session = common.assume_role(configuration_role_name, "sra-create-resource-share-link", subscriber_acct) + glue_client = subscriber_session.client("glue", region) + LOGGER.info(f"Creating database '{shared_db_name}_subscriber' for subscriber '{subscriber_name}' ({region})") + security_lake.create_db_in_data_catalog(glue_client, subscriber_acct, shared_db_name, region, subscriber_role) + security_lake.create_table_in_data_catalog(glue_client, shared_db_name, shared_tables, security_lake_acct, region) + + +def disable_security_lake(params: dict, regions: list, accounts: dict) -> None: + """Disable Security Lake service. + + Args: + params: Configuration Parameters + regions: AWS regions + accounts: AWS accounts + """ + for region in regions: + delegated_admin_session = common.assume_role( + params["CONFIGURATION_ROLE_NAME"], "sra-delete-security-lake-subscribers", params["DELEGATED_ADMIN_ACCOUNT_ID"] + ) + sl_client = delegated_admin_session.client("securitylake", region) + if params["SET_AUDIT_ACCT_DATA_SUBSCRIBER"]: + subscriber_name = params["AUDIT_ACCT_DATA_SUBSCRIBER"] + "-" + region + security_lake.delete_subscriber(sl_client, subscriber_name, region) + if params["SET_AUDIT_ACCT_QUERY_SUBSCRIBER"]: + subscriber_name = params["AUDIT_ACCT_QUERY_SUBSCRIBER"] + "-" + region + security_lake.delete_subscriber(sl_client, subscriber_name, region) + + org_configuration_exists, existing_org_configuration = security_lake.get_org_configuration(sl_client) + if org_configuration_exists: + LOGGER.info(f"Deleting Organization Configuration in {region} region...") + security_lake.delete_organization_configuration(sl_client, existing_org_configuration) + + all_accounts = [account["AccountId"] for account in accounts] + for source in AWS_LOG_SOURCES: + security_lake.delete_aws_log_source(sl_client, regions, source, all_accounts, params["SOURCE_VERSION"]) + + +def orchestrator(event: dict[str, Any], context: Any) -> None: + """Orchestration. + + Args: + event: event data + context: runtime information + """ + if event.get("RequestType"): + LOGGER.info("...calling helper...") + helper(event, context) + else: + LOGGER.info("...else...just calling process_event...") + process_event(event) + + +def lambda_handler(event: dict[str, Any], context: Any) -> None: + """Lambda Handler. + + Args: + event: event data + context: runtime information + + Raises: + ValueError: Unexpected error executing Lambda function + """ + LOGGER.info("....Lambda Handler Started....") + boto3_version = boto3.__version__ + LOGGER.info(f"boto3 version: {boto3_version}") + try: + orchestrator(event, context) + except Exception: + LOGGER.exception(UNEXPECTED) + raise ValueError(f"Unexpected error executing Lambda function. Review CloudWatch logs ({context.log_group_name}) for details.") from None + + +@helper.create +@helper.update +@helper.delete +def process_event_cloudformation(event: CloudFormationCustomResourceEvent, context: Context) -> str: # noqa U100 + """Process Event from AWS CloudFormation. + + Args: + event: event data + context: runtime information + + Returns: + AWS CloudFormation physical resource id + """ + event_info = {"Event": event} + LOGGER.info(event_info) + params = get_validated_parameters({"RequestType": event["RequestType"]}) + accounts = common.get_active_organization_accounts() + regions = common.get_enabled_regions(params["ENABLED_REGIONS"], params["CONTROL_TOWER_REGIONS_ONLY"]) + if params["action"] == "Add": + process_add_event(params, regions, accounts) + elif params["action"] == "Update": + process_update_event(params, regions, accounts) + else: + LOGGER.info("...Disable Security Lake from (process_event_cloudformation)") + process_delete_event(params, regions, accounts) + + return f"sra-security-lake-org-{params['DELEGATED_ADMIN_ACCOUNT_ID']}" diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/common.py b/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/common.py new file mode 100644 index 00000000..30236a1e --- /dev/null +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/common.py @@ -0,0 +1,169 @@ +# type: ignore +"""This script includes common functions. + +Version: 1.0 + +Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +SPDX-License-Identifier: MIT-0 +""" +from __future__ import annotations + +import logging +import os +from time import sleep +from typing import TYPE_CHECKING + +import boto3 +from botocore.exceptions import ClientError, EndpointConnectionError + +if TYPE_CHECKING: + from mypy_boto3_organizations import OrganizationsClient + from mypy_boto3_ssm.client import SSMClient + from mypy_boto3_sts.client import STSClient + +# Setup Default Logger +LOGGER = logging.getLogger("sra") +log_level = os.environ.get("LOG_LEVEL", logging.INFO) +LOGGER.setLevel(log_level) + +# Global variables +ORGANIZATIONS_PAGE_SIZE = 20 +ORGANIZATIONS_THROTTLE_PERIOD = 0.2 + +try: + MANAGEMENT_ACCOUNT_SESSION = boto3.Session() + ORG_CLIENT: OrganizationsClient = MANAGEMENT_ACCOUNT_SESSION.client("organizations") + SSM_CLIENT: SSMClient = MANAGEMENT_ACCOUNT_SESSION.client("ssm") +except Exception as error: + LOGGER.error({"Unexpected_Error": error}) + raise ValueError("Unexpected error executing Lambda function. Review CloudWatch logs for details.") from None + + +def assume_role( + role: str, + role_session_name: str, + account: str = None, + session: boto3.Session = None, +) -> boto3.Session: + """Assumes the provided role in the given account and returns a session. + + Args: + role: Role to assume in target account. + role_session_name: Identifier for the assumed role session. + account: AWS account number. Defaults to None. + session: Boto3 session. Defaults to None. + + Returns: + Session object for the specified AWS account + """ + if not session: + session = boto3.Session() + sts_client: STSClient = session.client("sts") + sts_arn = sts_client.get_caller_identity()["Arn"] + LOGGER.info(f"USER: {sts_arn}") + if not account: + account = sts_arn.split(":")[4] + partition = sts_arn.split(":")[1] + role_arn = f"arn:{partition}:iam::{account}:role/{role}" + + response = sts_client.assume_role(RoleArn=role_arn, RoleSessionName=role_session_name) + LOGGER.info(f"ASSUMED ROLE: {response['AssumedRoleUser']['Arn']}") + return boto3.Session( + aws_access_key_id=response["Credentials"]["AccessKeyId"], + aws_secret_access_key=response["Credentials"]["SecretAccessKey"], + aws_session_token=response["Credentials"]["SessionToken"], + ) + + +def get_active_organization_accounts(exclude_accounts: list = None) -> list: + """Get all the active AWS Organization accounts. + + Args: + exclude_accounts: list of account IDs to exclude + + Returns: + List of active account IDs + """ + if exclude_accounts is None: + exclude_accounts = ["00000000000"] + accounts: list[dict] = [] + paginator = ORG_CLIENT.get_paginator("list_accounts") + + for page in paginator.paginate(PaginationConfig={"PageSize": ORGANIZATIONS_PAGE_SIZE}): + for account in page["Accounts"]: + if account["Status"] == "ACTIVE" and account["Id"] not in exclude_accounts: + accounts.append({"AccountId": account["Id"], "Email": account["Email"]}) + sleep(ORGANIZATIONS_THROTTLE_PERIOD) + + return accounts + + +def get_control_tower_regions() -> list: # noqa: CCR001 + """Query SSM Parameter Store to identify customer regions. + + Returns: + Customer regions + """ + ssm_response = SSM_CLIENT.get_parameter(Name="/sra/regions/customer-control-tower-regions") + customer_regions = ssm_response["Parameter"]["Value"].split(",") + + return list(customer_regions) + + +def get_enabled_regions(customer_regions: str, control_tower_regions_only: bool = False) -> list: # noqa: CCR001, C901 + """Query STS to identify enabled regions. + + Args: + customer_regions: customer provided comma delimited string of regions + control_tower_regions_only: Use the Control Tower governed regions. Defaults to False. + + Returns: + Enabled regions + """ + if customer_regions.strip(): + LOGGER.info({"CUSTOMER PROVIDED REGIONS": customer_regions}) + region_list = [] + for region in customer_regions.split(","): + if region != "": + region_list.append(region.strip()) + elif control_tower_regions_only: + region_list = get_control_tower_regions() + else: + default_available_regions = [] + for region in boto3.client("account").list_regions(RegionOptStatusContains=["ENABLED", "ENABLED_BY_DEFAULT"])["Regions"]: + default_available_regions.append(region["RegionName"]) + + LOGGER.info({"Default_Available_Regions": default_available_regions}) + region_list = default_available_regions + + region_session = boto3.Session() + enabled_regions = [] + disabled_regions = [] + invalid_regions = [] + for region in region_list: + try: + sts_client = region_session.client( + "sts", + endpoint_url=f"https://sts.{region}.amazonaws.com", + region_name=region, + ) + sts_client.get_caller_identity() + enabled_regions.append(region) + except EndpointConnectionError: + invalid_regions.append(region) + LOGGER.error(f"Region: ({region}) is not valid") + except ClientError as error: + if error.response["Error"]["Code"] == "InvalidClientTokenId": + disabled_regions.append(region) + LOGGER.error(f"Error {error.response['Error']} occurred testing region {region}") + except Exception: + LOGGER.exception("Unexpected!") + + LOGGER.info( + { + "Enabled_Regions": enabled_regions, + "Disabled_Regions": disabled_regions, + "Invalid_Regions": invalid_regions, + } + ) + return enabled_regions diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/requirements.txt b/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/requirements.txt new file mode 100644 index 00000000..b9435de8 --- /dev/null +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/requirements.txt @@ -0,0 +1,2 @@ +#install latest +crhelper \ No newline at end of file diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/security_lake.py b/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/security_lake.py new file mode 100644 index 00000000..74ff92e7 --- /dev/null +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/security_lake.py @@ -0,0 +1,981 @@ +"""This script performs operations to enable, configure, and disable security lake. + +Version: 1.0 +'security_lake_org' solution in the repo, https://github.com/aws-samples/aws-security-reference-architecture-examples + +Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +SPDX-License-Identifier: MIT-0 +""" + +from __future__ import annotations + +import logging +import os +from time import sleep +from typing import TYPE_CHECKING, List, Literal, Sequence, Union + +import boto3 +import common +from botocore.config import Config +from botocore.exceptions import ClientError + +if TYPE_CHECKING: + from mypy_boto3_glue import GlueClient + from mypy_boto3_lakeformation import LakeFormationClient + from mypy_boto3_lakeformation.type_defs import ResourceTypeDef + from mypy_boto3_organizations import OrganizationsClient + from mypy_boto3_ram import RAMClient + from mypy_boto3_ram.type_defs import ResourceShareInvitationTypeDef + from mypy_boto3_securitylake import SecurityLakeClient + from mypy_boto3_securitylake.literals import AwsLogSourceNameType + from mypy_boto3_securitylake.paginator import ListLogSourcesPaginator + from mypy_boto3_securitylake.type_defs import ( + AwsLogSourceConfigurationTypeDef, + AwsLogSourceResourceTypeDef, + CreateDataLakeResponseTypeDef, + CreateSubscriberResponseTypeDef, + DataLakeAutoEnableNewAccountConfigurationTypeDef, + ListDataLakesResponseTypeDef, + LogSourceResourceTypeDef, + ) + +LOGGER = logging.getLogger("sra") +log_level = os.environ.get("LOG_LEVEL", logging.INFO) +LOGGER.setLevel(log_level) + +BOTO3_CONFIG = Config(retries={"max_attempts": 10, "mode": "standard"}) +UNEXPECTED = "Unexpected!" +EMPTY_STRING = "" +SECURITY_LAKE_THROTTLE_PERIOD = 0.2 +ENABLE_RETRY_ATTEMPTS = 10 +ENABLE_RETRY_SLEEP_INTERVAL = 10 +MAX_RETRY = 5 +SLEEP_SECONDS = 10 +KEY = "sra-solution" +VALUE = "sra-security-lake" + +try: + MANAGEMENT_ACCOUNT_SESSION = boto3.Session() + ORG_CLIENT: OrganizationsClient = MANAGEMENT_ACCOUNT_SESSION.client("organizations") +except Exception: + LOGGER.exception(UNEXPECTED) + raise ValueError("Unexpected error executing Lambda function. Review CloudWatch logs for details.") from None + + +def check_organization_admin_enabled(delegated_admin_account_id: str, service_principal: str) -> bool: + """Check if the delegated administrator account for the provided service principal exists. + + Args: + delegated_admin_account_id: Delegated Administrator Account ID + service_principal: AWS Service Principal + + Raises: + ValueError: If the delegated administrator other than Log Archive account already exists + + Returns: + bool: True if the delegated administrator account exists, False otherwise + """ + LOGGER.info(f"Checking if delegated administrator registered for '{service_principal}' service principal.") + try: + delegated_admins = ORG_CLIENT.list_delegated_administrators(ServicePrincipal=service_principal) + api_call_details = {"API_Call": "organizations:ListDelegatedAdministrators", "API_Response": delegated_admins} + LOGGER.info(api_call_details) + if not delegated_admins["DelegatedAdministrators"]: # noqa R505 + LOGGER.info(f"Delegated administrator not registered for '{service_principal}'") + return False + elif delegated_admins["DelegatedAdministrators"][0]["Id"] == delegated_admin_account_id: + LOGGER.info(f"Log Archive account ({delegated_admin_account_id}) already registered as delegated administrator for '{service_principal}'") + return True + else: + registered_admin = delegated_admins["DelegatedAdministrators"][0]["Id"] + LOGGER.info(f"Account {registered_admin} already registered as delegated administrator") + LOGGER.info("Important: removing the delegated Security Lake admin deletes your data lake and disables it for the accounts in your org") + raise ValueError(f"Deregister account {registered_admin} to delegate administration to Log Archive account") + except ClientError as e: + LOGGER.error(f"Delegated administrator check error occurred: {e}") + return False + + +def register_delegated_admin(admin_account_id: str, region: str, service_principal: str) -> None: + """Set the delegated admin account for the given region. + + Args: + admin_account_id: Admin account ID + region: AWS Region + service_principal: AWS Service Principal + """ + sl_client: SecurityLakeClient = MANAGEMENT_ACCOUNT_SESSION.client("securitylake", region, config=BOTO3_CONFIG) # type: ignore + if not check_organization_admin_enabled(admin_account_id, service_principal): + LOGGER.info(f"Registering delegated administrator ({admin_account_id})...") + sl_client.register_data_lake_delegated_administrator(accountId=admin_account_id) + LOGGER.info(f"Account {admin_account_id} registered as delegated administrator for '{service_principal}'") + + +def check_data_lake_exists(sl_client: SecurityLakeClient, region: str, max_retries: int = MAX_RETRY, initial_delay: int = 1) -> bool: + """Check if Security Lake enabled for the given region. + + Args: + sl_client: SecurityLakeClient + region: AWS region + max_retries: maximum number of retries + initial_delay: initial delay in seconds + + Raises: + ValueError: If the maximum number of retries is reached or if the Security Lake creation failed + + Returns: + bool: True if Security Lake enabled, False otherwise + """ + status: bool = False + retry_count: int = 0 + delay: float = initial_delay + max_delay: int = 30 + while not status: + try: + response: ListDataLakesResponseTypeDef = sl_client.list_data_lakes(regions=[region]) + if not response["dataLakes"]: + break + + elif response["dataLakes"][0]["createStatus"] == "INITIALIZED": + if retry_count < max_retries: + delay = min(delay * (2**retry_count), max_delay) + LOGGER.info(f"Security Lake create status ({region}): 'INITIALIZED'. Retrying ({retry_count + 1}/{max_retries}) in {delay}...") + sleep(delay) + retry_count += 1 + elif response["dataLakes"][0]["createStatus"] == "COMPLETED": + status = True + break + elif response["dataLakes"][0]["createStatus"] == "FAILED": + raise ValueError("Security Lake creation failed") + except ClientError as e: + LOGGER.error(f"Error calling 'securitylake:ListDataLakes' ({region}): {e}...") + raise + + if not status: + LOGGER.info(f"Security Lake is not enabled ({region})") + return status + + +def check_data_lake_create_status(sl_client: SecurityLakeClient, regions: list, retries: int = 0) -> bool: + """Check Security Lake creation status for given regions. + + Args: + sl_client: boto3 client + regions: list of AWS regions + retries: Number of retries. Defaults to 0. + + Raises: + ValueError: If the maximum number of retries is reached + + Returns: + bool: True if creation completed, False otherwise + """ + all_completed: bool = False + max_retries: int = 20 + regions_status_list: list = [] + while retries < max_retries: + response: ListDataLakesResponseTypeDef = sl_client.list_data_lakes(regions=regions) + for data_lake in response["dataLakes"]: + create_status = data_lake["createStatus"] + regions_status_list.append(create_status) + if set(regions_status_list) == {"COMPLETED"}: + all_completed = True + break + if "INITIALIZED" in regions_status_list: + LOGGER.info(f"Security Lake creation status: 'INITIALIZED'. Retrying ({retries+1}/{max_retries}) in 5 seconds...") + sleep(5) + retries += 1 + status = check_data_lake_create_status(sl_client, regions, retries) + if status: + all_completed = True + break + if "FAILED" in regions_status_list: + raise ValueError("Security Lake creation failed") + + if retries >= max_retries: + raise ValueError("Security Lake status not 'COMPLETED'") + + return all_completed + + +def create_security_lake(sl_client: SecurityLakeClient, sl_configurations: list, role_arn: str) -> None: + """Create Security Lake for the given region(s). + + Args: + sl_client: boto3 client + sl_configurations: Security Lake configurations + role_arn: role arn + + Raises: + ValueError: Error creating Security Lake + """ + base_delay = 10 + max_delay = 20 + data_lake_created = False + + for attempt in range(MAX_RETRY): + try: + security_lake_response: CreateDataLakeResponseTypeDef = sl_client.create_data_lake( + configurations=sl_configurations, + metaStoreManagerRoleArn=role_arn, + tags=[ + {"key": KEY, "value": VALUE}, + ], + ) + api_call_details = {"API_Call": "securitylake:CreateDataLake", "API_Response": security_lake_response} + LOGGER.info(api_call_details) + sleep(20) + data_lake_created = True + break + + except ClientError as e: + error_code = e.response["Error"]["Code"] + if error_code in ["BadRequestException", "ConflictException"]: + error_message = str(e) + if "The CreateDataLake operation can't be used to update the settings for an existing data lake" in error_message: + raise ValueError("Security lake already exists.") from None + else: + delay = min(base_delay * (1.0**attempt), max_delay) + LOGGER.info(f"'{error_code}' occurred: {e}. Retrying ({attempt + 1}/{MAX_RETRY}) in {delay} seconds...") + sleep(delay) + else: + LOGGER.error(f"Error calling CreateDataLake: {e}") + raise + attempt += 1 + if attempt >= MAX_RETRY: + LOGGER.error("Error calling CreateDataLake") + break + if not data_lake_created: + raise ValueError("Error creating security lake") + + +def encrypt_sqs_queues(configuration_role_name: str, account: str, region: str, key_id: str) -> None: + """Encrypt Security Lake SQS queues with KMS key. + + Args: + configuration_role_name: configuration role name + account: AWS Account id + region: AWS region + key_id: KMS key id + """ + sqs_queues = [ + f"https://sqs.{region}.amazonaws.com/{account}/AmazonSecurityLakeManager-{region}-Dlq", + f"https://sqs.{region}.amazonaws.com/{account}/AmazonSecurityLakeManager-{region}-Queue", + ] + session = common.assume_role(configuration_role_name, "sra-configure-security-lake", account) + sqs_client = session.client("sqs", region) + for queue_url in sqs_queues: + try: + response = sqs_client.set_queue_attributes(QueueUrl=queue_url, Attributes={"KmsMasterKeyId": key_id}) + api_call_details = {"API_Call": "sqs:SetQueueAttributes", "API_Response": response} + LOGGER.info(api_call_details) + except ClientError as e: + LOGGER.error(e) + + +class CheckLogSourceResult: + """Log source check result.""" + + def __init__(self, source_exists: bool, accounts_to_enable: list, accounts_to_disable: list, regions_to_enable: list): + """Set result attributes. + + Args: + source_exists: source exists + accounts_to_enable: accounts to enable + accounts_to_disable: accounts to disable + regions_to_enable: regions to enable + """ + self.source_exists = source_exists + self.accounts_to_enable = accounts_to_enable + self.accounts_to_disable = accounts_to_disable + self.regions_to_enable = regions_to_enable + + +def check_log_source_enabled( + sl_client: SecurityLakeClient, + requested_accounts: list, + org_accounts: list, + requested_regions: list, + log_source_name: AwsLogSourceNameType, + log_source_version: str, +) -> CheckLogSourceResult: + """Check if AWS log and event source enabled. + + Args: + sl_client: SecurityLakeClient + requested_accounts: requested accounts + org_accounts: organization accounts + requested_regions: requested regions + log_source_name: log source name + log_source_version: log source version + + Returns: + CheckLogSourceResult + """ + accounts_to_enable: list = [] + accounts_to_disable_log_source: list = [] + regions_with_source_enabled: list = [] + list_log_sources_paginator: ListLogSourcesPaginator = sl_client.get_paginator("list_log_sources") + for page in list_log_sources_paginator.paginate( + accounts=org_accounts, + regions=requested_regions, + sources=[{"awsLogSource": {"sourceName": log_source_name, "sourceVersion": log_source_version}}], + ): + if not page["sources"]: # noqa R505 + return CheckLogSourceResult(False, requested_accounts, accounts_to_disable_log_source, requested_regions) + else: + enabled_accounts = {s["account"] for s in page["sources"] if s["account"] in org_accounts} + regions_with_source_enabled = list({s["region"] for s in page["sources"]}) + accounts_to_enable = [account for account in requested_accounts if account not in enabled_accounts] + accounts_to_disable_log_source = [account for account in enabled_accounts if account not in requested_accounts] + regions_to_enable = [region for region in requested_regions if region not in regions_with_source_enabled] + + if accounts_to_enable: + LOGGER.info(f"AWS log and event source {log_source_name} will be enabled in {', '.join(accounts_to_enable)} account(s)") + if accounts_to_disable_log_source: + LOGGER.info(f"AWS log and event source {log_source_name} will be deleted in {', '.join(accounts_to_disable_log_source)} account(s)") + if regions_to_enable: + LOGGER.info(f"AWS log and event source {log_source_name} will be enabled in {', '.join(regions_to_enable)} region(s)") + + return CheckLogSourceResult(True, accounts_to_enable, accounts_to_disable_log_source, regions_to_enable) + + +def add_aws_log_source(sl_client: SecurityLakeClient, aws_log_sources: list) -> None: + """Create AWS log and event sources. + + Args: + sl_client: boto3 client + aws_log_sources: list of AWS log and event sources + + Raises: + ClientError: Error calling CreateAwsLogSource + ValueError: Error creating log and event source + """ + create_log_source_retries = 10 + base_delay = 1 + max_delay = 30 + log_source_created = False + for attempt in range(create_log_source_retries): + try: + LOGGER.info("Configuring requested AWS log and events sources") + sl_client.create_aws_log_source(sources=aws_log_sources) + log_source_created = True + LOGGER.info("Enabled requested AWS log and event sources") + break + except ClientError as e: + error_code = e.response["Error"]["Code"] + if error_code == "ConflictException": + delay = min(base_delay * (2**attempt), max_delay) + LOGGER.info(f"'ConflictException' occurred {e}. Retrying ({attempt + 1}/{create_log_source_retries}) in {delay} seconds...") + sleep(delay) + else: + LOGGER.error(f"Error calling CreateAwsLogSource: {e}.") + raise + attempt += 1 + if log_source_created or attempt >= create_log_source_retries: + break + + if not log_source_created: + raise ValueError("Failed to create log events sources") + + +def update_aws_log_source( + sl_client: SecurityLakeClient, + requested_regions: list, + source: AwsLogSourceNameType, + requested_accounts: list, + org_accounts: list, + source_version: str, +) -> None: + """Create AWS log and event sources. + + Args: + sl_client: boto3 client + requested_regions: list of AWS regions + source: AWS log and event source name + requested_accounts: list of AWS accounts + org_accounts: list of all AWS accounts in organization + source_version: log source version + """ + result = check_log_source_enabled(sl_client, requested_accounts, org_accounts, requested_regions, source, source_version) + accounts = list(result.accounts_to_enable) + accounts_to_delete = list(result.accounts_to_disable) + regions_to_enable = list(result.regions_to_enable) + + configurations: AwsLogSourceConfigurationTypeDef = { + "accounts": requested_accounts, + "regions": requested_regions, + "sourceName": source, + "sourceVersion": source_version, + } + if result.source_exists and accounts: + configurations.update({"accounts": accounts}) + + if result.source_exists and not accounts and not regions_to_enable: + LOGGER.info("Log and event source already configured. No changes to apply") + + else: + add_aws_log_source(sl_client, [configurations]) + + if accounts_to_delete: + delete_aws_log_source(sl_client, requested_regions, source, accounts_to_delete, source_version) + + +def get_org_configuration(sl_client: SecurityLakeClient) -> tuple: + """Get Security Lake organization configuration. + + Args: + sl_client: boto3 client + + Raises: + ClientError: If there is an issue interacting with the AWS API + + Returns: + tuple: (bool, dict) + """ + try: + org_configurations = sl_client.get_data_lake_organization_configuration() + if org_configurations["autoEnableNewAccount"]: # noqa R505 + return True, org_configurations["autoEnableNewAccount"] + else: + return False, org_configurations + except ClientError as e: + error_code = e.response["Error"]["Code"] + if error_code == "ResourceNotFoundException": + return False, "ResourceNotFoundException" + else: + LOGGER.error(f"Error calling GetDataLakeConfiguration: {e}.") + raise + + +def create_organization_configuration(sl_client: SecurityLakeClient, regions: list, org_sources: list, source_version: str, retry: int = 0) -> None: + """Create Security Lake organization configuration. + + Args: + sl_client: boto3 client + regions: list of AWS regions + org_sources: list of AWS log and event sources + source_version: version of log source + retry: retry counter. Defaults to 0 + """ + sources: List[AwsLogSourceResourceTypeDef] = [{"sourceName": source, "sourceVersion": source_version} for source in org_sources] + auto_enable_config: List[DataLakeAutoEnableNewAccountConfigurationTypeDef] = [] + for region in regions: + region_config: DataLakeAutoEnableNewAccountConfigurationTypeDef = {"region": region, "sources": sources} + auto_enable_config.append(region_config) + if retry < MAX_RETRY: + try: + sl_client.create_data_lake_organization_configuration(autoEnableNewAccount=auto_enable_config) + except sl_client.exceptions.ConflictException: + LOGGER.info("'ConflictException' occurred. Retrying...") + sleep(SLEEP_SECONDS) + create_organization_configuration(sl_client, regions, org_sources, source_version, retry + 1) + + +def set_sources_to_disable(org_configurations: list, region: str) -> list: + """Update Security Lake. + + Args: + org_configurations: list of configurations + region: AWS region + + Returns: + list: list of sources to disable + """ + sources_to_disable = [] + for configuration in org_configurations: + if configuration["region"] == region: + for source in configuration["sources"]: + sources_to_disable.append(source) + + return sources_to_disable + + +def update_organization_configuration( + sl_client: SecurityLakeClient, regions: list, org_sources: list, source_version: str, existing_org_configuration: list +) -> None: + """Update Security Lake organization configuration. + + Args: + sl_client: boto3 client + regions: list of AWS regions + org_sources: list of AWS log and event sources + source_version: version of log source + existing_org_configuration: list of existing configurations + """ + delete_organization_configuration(sl_client, existing_org_configuration) + sources: List[AwsLogSourceResourceTypeDef] = [{"sourceName": source, "sourceVersion": source_version} for source in org_sources] + auto_enable_config: List[DataLakeAutoEnableNewAccountConfigurationTypeDef] = [] + for region in regions: + region_config: DataLakeAutoEnableNewAccountConfigurationTypeDef = {"region": region, "sources": sources} + auto_enable_config.append(region_config) + response = sl_client.create_data_lake_organization_configuration(autoEnableNewAccount=auto_enable_config) + api_call_details = {"API_Call": "securitylake:CreateDataLakeOrganizationConfiguration", "API_Response": response} + LOGGER.info(api_call_details) + + +def delete_organization_configuration(sl_client: SecurityLakeClient, existing_org_configuration: list) -> None: + """Delete Security Lake organization configuration. + + Args: + sl_client: boto3 client + existing_org_configuration: list of existing configurations + """ + sources_to_disable = existing_org_configuration + if sources_to_disable: + delete_response = sl_client.delete_data_lake_organization_configuration(autoEnableNewAccount=existing_org_configuration) + api_call_details = {"API_Call": "securitylake:DeleteDataLakeOrganizationConfiguration", "API_Response": delete_response} + LOGGER.info(api_call_details) + + +def check_subscriber_exists(sl_client: SecurityLakeClient, subscriber_name: str, next_token: str = EMPTY_STRING) -> tuple: # noqa: CFQ004 + """List Security Lake subscribers. + + Args: + sl_client: boto3 client + subscriber_name: subscriber name + next_token: next token. Defaults to EMPTY_STRING. + + Raises: + ClientError: If there is an issue listing subscribers + + Returns: + tuple: (bool, str, str) + """ + subscriber_exists = False + subscriber_id = "" + external_id = "" + try: + if next_token != EMPTY_STRING: + response = sl_client.list_subscribers(maxResults=10, nextToken=next_token) + else: + response = sl_client.list_subscribers(maxResults=10) + if response["subscribers"]: # noqa R505 + subscriber = next((subscriber for subscriber in response["subscribers"] if subscriber_name == subscriber["subscriberName"]), None) + if subscriber: + subscriber_id = subscriber["subscriberId"] + external_id = subscriber["subscriberIdentity"]["externalId"] + subscriber_exists = True + return subscriber_exists, subscriber_id, external_id + + if "nextToken" in response: + subscriber_exists, subscriber_id, external_id = check_subscriber_exists(sl_client, subscriber_name, response["nextToken"]) + return subscriber_exists, subscriber_id, external_id + else: + return subscriber_exists, subscriber_id, external_id + + except ClientError as e: + error_code = e.response["Error"]["Code"] + if error_code == "ResourceNotFoundException": # noqa: R505 + LOGGER.info(f"Error calling ListSubscribers: {e}. Skipping...") + return subscriber_exists, subscriber_id, external_id + else: + LOGGER.error(f"Error calling ListSubscribers: {e}.") + raise + + +def get_subscriber_resourceshare_arn(sl_client: SecurityLakeClient, subscriber_name: str, next_token: str = EMPTY_STRING) -> tuple: # noqa S107 + """List Security Lake subscribers. + + Args: + sl_client: boto3 client + subscriber_name: subscriber name + next_token: next token. Defaults to EMPTY_STRING. + + Returns: + tuple: (bool, str, str) + """ + resource_share_arn = "" + subscriber_exists = False + if next_token != EMPTY_STRING: + response = sl_client.list_subscribers(maxResults=10, nextToken=next_token) + else: + response = sl_client.list_subscribers(maxResults=10) + if response["subscribers"]: # noqa R505 + for subscriber in response["subscribers"]: + if subscriber_name == subscriber["subscriberName"]: + resource_share_arn = subscriber.get("resourceShareArn", "") + subscriber_exists = True + return subscriber_exists, resource_share_arn + if "nextToken" in response: + subscriber_exists, resource_share_arn = get_subscriber_resourceshare_arn(sl_client, subscriber_name, response["nextToken"]) + return subscriber_exists, resource_share_arn + else: + return subscriber_exists, resource_share_arn + + +def create_subscribers( + sl_client: SecurityLakeClient, + data_access: Literal["LAKEFORMATION", "S3"], + source_types: list, + external_id: str, + principal: str, + subscriber_name: str, + source_version: str, +) -> tuple: + """Create Security Lake subscriber. + + Args: + sl_client: boto3 client + data_access: data access type + source_types: list of source types + external_id: external id + principal: AWS account id + subscriber_name: subscriber name + source_version: source version + + Returns: + tuple: subscriber id, resource share ARN + """ + subscriber_sources: Sequence[LogSourceResourceTypeDef] = [ + {"awsLogSource": {"sourceName": source, "sourceVersion": source_version}} for source in source_types + ] + resource_share_arn = "" + subscriber_id = "" + base_delay = 1 + max_delay = 10 + done = False + for attempt in range(ENABLE_RETRY_ATTEMPTS): + try: + response: CreateSubscriberResponseTypeDef = sl_client.create_subscriber( + accessTypes=[data_access], + sources=subscriber_sources, + subscriberIdentity={"externalId": external_id, "principal": principal}, + subscriberName=subscriber_name, + tags=[ + {"key": KEY, "value": VALUE}, + ], + ) + api_call_details = {"API_Call": "securitylake:CreateSubscriber", "API_Response": response} + LOGGER.info(api_call_details) + subscriber_id = response["subscriber"]["subscriberId"] + if data_access == "LAKEFORMATION": # noqa R505 + resource_share_arn = response["subscriber"]["resourceShareArn"] + done = True + return subscriber_id, resource_share_arn + else: + return subscriber_id, "s3_data_access" + except sl_client.exceptions.BadRequestException as e: + delay = min(base_delay * (2**attempt), max_delay) + LOGGER.info(f"'Error occurred calling CreateSubscriber: {e}. Retrying ({attempt + 1}/{ENABLE_RETRY_ATTEMPTS}) in {delay}") + sleep(delay) + + attempt += 1 + if done or attempt >= ENABLE_RETRY_ATTEMPTS: + break + + return subscriber_id, resource_share_arn + + +def update_subscriber( + sl_client: SecurityLakeClient, subscriber_id: str, source_types: list, external_id: str, principal: str, subscriber_name: str, source_version: str +) -> str: + """Update Security Lake subscriber. + + Args: + sl_client: boto3 client + subscriber_id: subscriber id + source_types: list of source types + external_id: external id + principal: AWS account id + subscriber_name: subscriber name + source_version: source version + + Returns: + str: Resource share ARN + + Raises: + ValueError: if subscriber not created + """ + subscriber_sources: Sequence[LogSourceResourceTypeDef] = [ + {"awsLogSource": {"sourceName": source, "sourceVersion": source_version}} for source in source_types + ] + base_delay = 1 + max_delay = 3 + done = False + for attempt in range(ENABLE_RETRY_ATTEMPTS): + try: + response = sl_client.update_subscriber( + sources=subscriber_sources, + subscriberId=subscriber_id, + subscriberIdentity={"externalId": external_id, "principal": principal}, + subscriberName=subscriber_name, + ) + api_call_details = {"API_Call": "securitylake:UpdateSubscriber", "API_Response": response} + LOGGER.info(api_call_details) + LOGGER.info(f"Subscriber '{subscriber_name}' updated") + if response["subscriber"]["accessTypes"] == ["LAKEFORMATION"]: + resource_share_arn = response["subscriber"]["resourceShareArn"] + sleep(SLEEP_SECONDS) + done = True + return resource_share_arn + return "s3_data_access" + except sl_client.exceptions.BadRequestException: + delay = min(base_delay * (2**attempt), max_delay) + LOGGER.info(f"'BadRequestException' occurred calling UpdateSubscriber. Retrying ({attempt + 1}/{ENABLE_RETRY_ATTEMPTS}) in {delay}") + sleep(delay) + + attempt += 1 + if done or attempt >= ENABLE_RETRY_ATTEMPTS: + break + if not done: + raise ValueError("Subscriber not updated") + + return resource_share_arn + + +def configure_resource_share_in_subscriber_acct(ram_client: RAMClient, resource_share_arn: str) -> None: + """Accept resource share invitation in subscriber account. + + Args: + ram_client: boto3 client + resource_share_arn: resource share arn + + Raises: + ValueError: If there is an issue interacting with the AWS API + """ + base_delay = 0.5 + max_delay = 5 + invitation_accepted = False + for attempt in range(MAX_RETRY): + paginator = ram_client.get_paginator("get_resource_share_invitations") + invitation = next( + ( + inv + for page in paginator.paginate(PaginationConfig={"PageSize": 20}) + for inv in page["resourceShareInvitations"] + if resource_share_arn == inv["resourceShareArn"] + ), + None, + ) # noqa: E501, B950 + + if invitation: + if invitation["status"] == "PENDING": + accept_resource_share_invitation(ram_client, invitation) + delay = min(base_delay * (2**attempt), max_delay) + sleep(delay) + if invitation["status"] == "ACCEPTED": + invitation_accepted = True + break + else: + if check_shared_resource_exists(ram_client, resource_share_arn): + invitation_accepted = True + break + attempt += 1 + if invitation_accepted or attempt >= MAX_RETRY: + break + if not invitation_accepted: + raise ValueError("Error accepting resource share invitation") from None + + +def accept_resource_share_invitation(ram_client: RAMClient, invitation: ResourceShareInvitationTypeDef) -> None: + """Accept the resource share invitation. + + Args: + ram_client: The AWS RAM client to interact with the service. + invitation: The invitation to accept. + """ + ram_client.accept_resource_share_invitation( + resourceShareInvitationArn=invitation["resourceShareInvitationArn"], + ) + LOGGER.info(f"Accepted resource share invitation: {invitation['resourceShareInvitationArn']}") + + +def check_shared_resource_exists(ram_client: RAMClient, resource_share_arn: str) -> bool: + """Check if a shared resource exists in the organization that has AWS RAM access enabled. + + Args: + ram_client: The AWS RAM client to interact with the service. + resource_share_arn: The ARN (Amazon Resource Name) of the shared resource. + + Returns: + bool: True or False. + """ + response = ram_client.list_resources(resourceOwner="OTHER-ACCOUNTS", resourceShareArns=[resource_share_arn]) + if response["resources"]: + return True + return False + + +def get_shared_resource_names(ram_client: RAMClient, resource_share_arn: str) -> tuple: + """Get resource names from resource share arn. + + Args: + ram_client: boto3 client + resource_share_arn: resource share arn + + Returns: + tuple: database name and table names + """ + db_name = "" + table_names = [] + retry = 0 + resources_created = False + LOGGER.info("Getting shared resources") + while retry < MAX_RETRY: + response = ram_client.list_resources(resourceOwner="OTHER-ACCOUNTS", resourceShareArns=[resource_share_arn]) + if response["resources"]: + db_name = next((resource["arn"].split("/")[-1] for resource in response["resources"] if resource["type"] == "glue:Database"), "") + table_names = [resource["arn"].split("/")[-1] for resource in response["resources"] if resource["type"] == "glue:Table"] + resources_created = True + break + else: + LOGGER.info(f"No shared resources found. Retrying {retry+1}") + retry += 1 + sleep(SLEEP_SECONDS) + if not resources_created: + LOGGER.error("Max retries reached. Unable to retrieve resource names.") + return db_name, table_names + + +def create_db_in_data_catalog(glue_client: GlueClient, subscriber_acct: str, shared_db_name: str, region: str, role_name: str) -> None: + """Create database in data catalog. + + Args: + glue_client: boto3 client + subscriber_acct: Security Lake query access subscriber AWS account id + shared_db_name: name of shared database + role_name: subscriber configuration role name + region: AWS region + + Raises: + ClientError: If there is an issue interacting with the AWS API + """ + try: + response = glue_client.create_database( + CatalogId=subscriber_acct, DatabaseInput={"Name": shared_db_name + "_subscriber", "CreateTableDefaultPermissions": []} + ) + api_call_details = {"API_Call": "glue:CreateDatabase", "API_Response": response} + LOGGER.info(api_call_details) + except ClientError as e: + error_code = e.response["Error"]["Code"] + if error_code == "AlreadyExistsException": + LOGGER.info(f"Database '{shared_db_name}_subscriber' already exists") + else: + LOGGER.error(f"Error calling CreateDatabase: {e}") + raise + subscriber_session = common.assume_role(role_name, "sra-configure-resource-link", subscriber_acct) + lf_client = subscriber_session.client("lakeformation", region) + set_lake_formation_permissions(lf_client, subscriber_acct, shared_db_name) + + +def create_table_in_data_catalog(glue_client: GlueClient, shared_db_name: str, shared_table_names: str, security_lake_acct: str, region: str) -> None: + """Create table in data catalog. + + Args: + glue_client: boto3 client + shared_db_name: name of shared database + shared_table_names: name of shared tables + security_lake_acct: Security Lake delegated administrator AWS account id + region: AWS region + + Raises: + ValueError: If there is an creating Glue table + """ + for table in shared_table_names: + table_name = "rl_" + table + try: + response = glue_client.create_table( + DatabaseName=shared_db_name + "_subscriber", + TableInput={ + "Name": table_name, + "TargetTable": {"CatalogId": security_lake_acct, "DatabaseName": shared_db_name, "Name": table}, + }, + ) + api_call_details = {"API_Call": "glue:CreateTable", "API_Response": response} + LOGGER.info(api_call_details) + except ClientError as e: + error_code = e.response["Error"]["Code"] + if error_code == "AlreadyExistsException": + LOGGER.info(f"Table '{table_name}' already exists in {region} region.") + continue + if error_code == "AccessDeniedException": # noqa R505 + LOGGER.info("'AccessDeniedException' error occurred. Review and update Lake Formation permission(s)") + LOGGER.info("Skipping...") + continue + else: + raise ValueError(f"Error calling glue:CreateTable {e}") from None + + +def set_lake_formation_permissions(lf_client: LakeFormationClient, account: str, db_name: str) -> None: + """Set Lake Formation permissions. + + Args: + lf_client: boto3 client + account: AWS account + db_name: database name + + Raises: + ClientError: If there is an issue interacting with the AWS API + + """ + LOGGER.info("Setting lakeformation permissions for db") + try: + resource: Union[ResourceTypeDef] = { + "Database": {"CatalogId": account, "Name": db_name + "_subscriber"}, + "Table": {"CatalogId": account, "DatabaseName": db_name + "_subscriber", "Name": "rl_*"}, + } + lf_client.grant_permissions( + CatalogId=account, + Principal={"DataLakePrincipalIdentifier": f"arn:aws:iam::{account}:role/sra-security-lake-query-subscriber"}, + Resource=resource, + Permissions=["ALL"], + PermissionsWithGrantOption=["ALL"], + ) + except ClientError as e: + LOGGER.error(f"Error calling GrantPermissions {e}.") + raise + + +def delete_subscriber(sl_client: SecurityLakeClient, subscriber_name: str, region: str) -> None: + """Delete Security Lake subscriber. + + Args: + sl_client: boto3 client + subscriber_name: subscriber name + region: AWS region + """ + subscriber_exists, subscriber_id, _ = check_subscriber_exists(sl_client, subscriber_name) + LOGGER.info(f"Subscriber exists: {subscriber_exists}. Subscriber name {subscriber_name} sub id {subscriber_id}") + if subscriber_exists: + + try: + response = sl_client.delete_subscriber(subscriberId=subscriber_id) + api_call_details = {"API_Call": "securitylake:DeleteSubscriber", "API_Response": response} + LOGGER.info(api_call_details) + except sl_client.exceptions.ResourceNotFoundException as e: + LOGGER.info(f"Subscriber not found in {region} region. {e}") + pass + else: + LOGGER.info(f"Subscriber not found in {region} region. Skipping delete subscriber...") + + +def delete_aws_log_source(sl_client: SecurityLakeClient, regions: list, source: AwsLogSourceNameType, accounts: list, source_version: str) -> None: + """Delete AWS log and event source. + + Args: + sl_client: boto3 client + regions: list of AWS regions + source: AWS log source name + accounts: list of AWS accounts + source_version: AWS log source version + + Raises: + ClientError: If there is an issue interacting with the AWS API. + """ + configurations: AwsLogSourceConfigurationTypeDef = { + "accounts": accounts, + "regions": regions, + "sourceName": source, + "sourceVersion": source_version, + } + try: + sl_client.delete_aws_log_source(sources=[configurations]) + LOGGER.info(f"Deleted AWS log source {source} in {', '.join(accounts)} account(s) {', '.join(regions)} region(s)...") + except ClientError as e: + error_code = e.response["Error"]["Code"] + if error_code == "UnauthorizedException": + LOGGER.info("'UnauthorizedException' occurred....") + else: + LOGGER.error(f"Error calling DeleteAwsLogSource {e}.") + raise diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/sra_ssm_params.py b/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/sra_ssm_params.py new file mode 100644 index 00000000..62411a46 --- /dev/null +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/sra_ssm_params.py @@ -0,0 +1,65 @@ +"""Custom Resource to gather data and create SSM paramters in the management account. + +Version: 1.0 + +'common_prerequisites' solution in the repo, https://github.com/aws-samples/aws-security-reference-architecture-examples + +Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +SPDX-License-Identifier: MIT-0 +""" +from __future__ import annotations + +from typing import TYPE_CHECKING, Any + +import boto3 +from botocore.config import Config + +if TYPE_CHECKING: + from mypy_boto3_ssm.client import SSMClient + + +class SraSsmParams: + """SRA SSM parameter values.""" + + def __init__(self, logger: Any) -> None: + """Get SSM parameter values. + + Args: + logger: logger + + Raises: + ValueError: Unexpected error executing Lambda function. Review CloudWatch logs for details. + """ + self.LOGGER = logger + + # Global Variables + self.UNEXPECTED = "Unexpected!" + self.BOTO3_CONFIG = Config(retries={"max_attempts": 10, "mode": "standard"}) + + try: + management_account_session = boto3.Session() + self.SSM_CLIENT: SSMClient = management_account_session.client("ssm") + except Exception: + self.LOGGER.exception(self.UNEXPECTED) + raise ValueError("Unexpected error executing Lambda function. Review CloudWatch logs for details.") from None + + def get_security_acct(self) -> str: + """Query SSM Parameter Store to identify security tooling account id. + + Returns: + Security tooling account id + """ + self.LOGGER.info("Getting security tooling (audit) account id") + ssm_response = self.SSM_CLIENT.get_parameter(Name="/sra/control-tower/audit-account-id") + return ssm_response["Parameter"]["Value"] + + def get_home_region(self) -> str: + """Query SSM Parameter Store to identify home region. + + Returns: + Home region + """ + ssm_response = self.SSM_CLIENT.get_parameter( + Name="/sra/control-tower/home-region", + ) + return ssm_response["Parameter"]["Value"] diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/layer/boto3/package.txt b/aws_sra_examples/solutions/security_lake/security_lake_org/layer/boto3/package.txt new file mode 100644 index 00000000..1db657b6 --- /dev/null +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/layer/boto3/package.txt @@ -0,0 +1 @@ +boto3 \ No newline at end of file diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-lakeformation-slr.yaml b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-lakeformation-slr.yaml new file mode 100644 index 00000000..fb1b3c31 --- /dev/null +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-lakeformation-slr.yaml @@ -0,0 +1,19 @@ +######################################################################## +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: MIT-0 +######################################################################## +AWSTemplateFormatVersion: 2010-09-09 +Description: + This template creates an IAM role to configure the delegated administrator account - - 'security_lake_org' solution in the repo, + https://github.com/aws-samples/aws-security-reference-architecture-examples (sra-1u3sd7f8p) + +Metadata: + SRA: + Version: 1.0 + Order: 2 + +Resources: + rLakeFormationServiceLinkedRole: + Type: AWS::IAM::ServiceLinkedRole + Properties: + AWSServiceName: lakeformation.amazonaws.com diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-meta-store-manager-role.yaml b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-meta-store-manager-role.yaml new file mode 100644 index 00000000..19e4a9d4 --- /dev/null +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-meta-store-manager-role.yaml @@ -0,0 +1,76 @@ +######################################################################## +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: MIT-0 +######################################################################## +AWSTemplateFormatVersion: 2010-09-09 +Description: + This template creates an IAM role to configure the delegated administrator account - - 'security_lake_org' solution in the repo, + https://github.com/aws-samples/aws-security-reference-architecture-examples (sra-1u3sd7f8p) + +Metadata: + SRA: + Version: 1.0 + Order: 2 + AWS::CloudFormation::Interface: + ParameterGroups: + - Label: + default: General Properties + Parameters: + - pSRASolutionName + + - Label: + default: Role Properties + Parameters: + - pSRASecurityLakeMetaStoreManagerRoleName + + ParameterLabels: + pSRASecurityLakeMetaStoreManagerRoleName: + default: SecurityLakeMetaStoreManager Role Name + +Parameters: + pSRASecurityLakeMetaStoreManagerRoleName: + AllowedPattern: '^[\w+=,.@-]{1,64}$' + ConstraintDescription: Max 64 alphanumeric characters. Also special characters supported [+, =, ., @, -] + Default: AmazonSecurityLakeMetaStoreManagerV2 + Description: SecurityLakeMetaStoreManagerRole + Type: String + pSRASolutionName: + AllowedValues: [sra-security-lake-org] + Default: sra-security-lake-org + Description: The SRA solution name. The default value is the folder name of the solution + Type: String + +Resources: + rSecurityLakeMetaStoreManagerRole: + Type: AWS::IAM::Role + Properties: + RoleName: !Ref pSRASecurityLakeMetaStoreManagerRoleName + AssumeRolePolicyDocument: + Version: '2012-10-17' + Statement: + - Effect: Allow + Principal: + Service: lambda.amazonaws.com + Action: sts:AssumeRole + Path: '/service-role/' + ManagedPolicyArns: + - !Sub arn:${AWS::Partition}:iam::${AWS::Partition}:policy/service-role/AmazonSecurityLakeMetaStoreManager + Policies: + - PolicyName: sra-security-lake-org-kms-policy + PolicyDocument: + Version: 2012-10-17 + Statement: + - Sid: AllowKmsDecrypt + Effect: Allow + Action: + - kms:Decrypt + - kms:RetireGrant + Resource: "*" + Condition: + ForAllValues:StringEquals: + kms:RequestAlias: + - alias/sra-security-lake-org-* + - alias/aws/lambda + Tags: + - Key: sra-solution + Value: !Ref pSRASolutionName diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-configuration-role.yaml b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-configuration-role.yaml new file mode 100644 index 00000000..51886474 --- /dev/null +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-configuration-role.yaml @@ -0,0 +1,187 @@ +######################################################################## +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: MIT-0 +######################################################################## +AWSTemplateFormatVersion: 2010-09-09 +Description: + This template creates an IAM role to configure the delegated administrator account - - 'security_lake_org' solution in the repo, + https://github.com/aws-samples/aws-security-reference-architecture-examples (sra-1u3sd7f8p) + +Metadata: + SRA: + Version: 1.0 + Order: 2 + AWS::CloudFormation::Interface: + ParameterGroups: + - Label: + default: General Properties + Parameters: + - pSRASolutionName + + - Label: + default: Role Properties + Parameters: + - pSecurityLakeConfigurationRoleName + - pSecurityLakeOrgLambdaRoleName + - pManagementAccountId + - pAuditAccountQuerySubscriberExternalId + + ParameterLabels: + pManagementAccountId: + default: Organization Management Account ID + pSecurityLakeOrgLambdaRoleName: + default: Lambda Role Name + pSecurityLakeConfigurationRoleName: + default: Security Lake Configuration Role Name + pSRASolutionName: + default: SRA Solution Name + pAuditAccountQuerySubscriberExternalId: + default: Audit Account Query Subscriber External ID + +Parameters: + pManagementAccountId: + AllowedPattern: '^\d{12}$' + ConstraintDescription: Must be 12 digits + Description: Organization Management Account ID + Type: String + pSecurityLakeOrgLambdaRoleName: + AllowedPattern: '^[\w+=,.@-]{1,64}$' + ConstraintDescription: Max 64 alphanumeric characters. Also special characters supported [+, =, ., @, -] + Default: sra-security-lake-org-lambda + Description: Lambda Role Name + Type: String + pSecurityLakeConfigurationRoleName: + AllowedPattern: '^[\w+=,.@-]{1,64}$' + ConstraintDescription: Max 64 alphanumeric characters. Also special characters supported [+, =, ., @, -] + Default: sra-security-lake-org-configuration + Description: Security Lake Configuration IAM Role Name + Type: String + pSRASolutionName: + AllowedValues: [sra-security-lake-org] + Default: sra-security-lake-org + Description: The SRA solution name. The default value is the folder name of the solution + Type: String + pAuditAccountQuerySubscriberExternalId: + AllowedPattern: ^(?:[a-zA-Z0-9]{0,64})?$ + ConstraintDescription: All characters allowed except '&<>\%|' + Default: '' + Description: (Optional) External ID for Security Lake Audit (Security Tooling) query access subscriber. If 'Register Audit (Security Tooling) account as a Subscriber with Query Access' parameter is set to 'true', then this parameter becomes required. + Type: String + + +Resources: + rConfigurationRole: + Type: AWS::IAM::Role + Metadata: + cfn_nag: + rules_to_suppress: + - id: W11 + reason: Actions require * in resource + - id: W28 + reason: Explicit role name provided + Properties: + RoleName: !Ref pSecurityLakeConfigurationRoleName + AssumeRolePolicyDocument: + Version: 2012-10-17 + Statement: + - Effect: Allow + Action: sts:AssumeRole + Condition: + StringEquals: + aws:PrincipalArn: + - !Sub arn:${AWS::Partition}:iam::${pManagementAccountId}:role/${pSecurityLakeOrgLambdaRoleName} + Principal: + AWS: + - !Sub arn:${AWS::Partition}:iam::${pManagementAccountId}:root + Path: '/' + ManagedPolicyArns: + - !Sub arn:${AWS::Partition}:iam::${AWS::Partition}:policy/AmazonSecurityLakeAdministrator + Policies: + - PolicyName: sra-security-lake-org-policy-lakeformation + PolicyDocument: + Version: 2012-10-17 + Statement: + - Sid: AllowPutLakeFormationSettings + Effect: Allow + Action: lakeformation:PutDataLakeSettings + Resource: "*" + Condition: + ForAnyValue:StringEquals: + aws:CalledVia: securitylake.amazonaws.com + - Sid: AllowActions + Effect: Allow + Action: + - lakeformation:RevokePermissions + Resource: "*" + - PolicyName: sra-security-lake-org-policy-cloudformation + PolicyDocument: + Version: 2012-10-17 + Statement: + - Sid: AllowCloudformationAction + Effect: Allow + Action: + - cloudformation:DescribeStacks + - cloudformation:ListStacks + Resource: "*" + - PolicyName: sra-security-lake-org-policy-sqs + PolicyDocument: + Version: 2012-10-17 + Statement: + - Sid: AllowSqsActions + Effect: Allow + Action: + - sqs:SetQueueAttributes + Condition: + StringLike: + aws:ResourceAccount: "${aws:PrincipalAccount}" + Resource: !Sub arn:${AWS::Partition}:sqs:*:${AWS::AccountId}:AmazonSecurityLake* + - PolicyName: sra-security-lake-org-policy-lambda + PolicyDocument: + Version: 2012-10-17 + Statement: + - Sid: AllowLambdaFunctionConfigurationActions + Effect: Allow + Action: + - lambda:GetFunctionConfiguration + - lambda:UpdateFunctionConfiguration + Resource: "arn:aws:lambda:*:*:function:AmazonSecurityLake*" + - Sid: AllowLambdaListEventSourceMappings + Effect: Allow + Action: + - lambda:ListEventSourceMappings + Resource: "*" + - PolicyName: sra-security-lake-org-policy-glue + PolicyDocument: + Version: 2012-10-17 + Statement: + - Sid: AllowGluePolicyActions + Effect: Allow + Action: + - glue:PutResourcePolicy + - glue:DeleteResourcePolicy + Resource: + - !Sub arn:${AWS::Partition}:glue:*:${AWS::AccountId}:catalog + - !Sub arn:${AWS::Partition}:glue:*:${AWS::AccountId}:table/amazon_security_lake_glue_db_*/* + - !Sub arn:${AWS::Partition}:glue:*:${AWS::AccountId}:database/amazon_security_lake_glue_db_* + - PolicyName: sra-security-lake-org-policy-ram + PolicyDocument: + Version: 2012-10-17 + Statement: + - Sid: AllowRamActions + Effect: Allow + Action: + - ram:GetResourceShares + Resource: !Sub arn:${AWS::Partition}:ram:*:${AWS::AccountId}:resource-share/* + + - Sid: AllowResourceShareActions + Effect: Allow + Action: + - ram:UpdateResourceShare + - ram:DisassociateResourceShare + Resource: !Sub arn:${AWS::Partition}:ram:*:${AWS::AccountId}:resource-share/* + Condition: + StringLike: + ram:ResourceShareName: !Sub "*-${pAuditAccountQuerySubscriberExternalId}" + Tags: + - Key: sra-solution + Value: !Ref pSRASolutionName diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-configuration.yaml b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-configuration.yaml new file mode 100644 index 00000000..0d62d870 --- /dev/null +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-configuration.yaml @@ -0,0 +1,807 @@ +######################################################################## +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: MIT-0 +######################################################################## +AWSTemplateFormatVersion: 2010-09-09 +Description: + This template creates a custom resource Lambda to delegate administration and configure Security Lake within an AWS Organization - 'security_lake_org' + solution in the repo, https://github.com/aws-samples/aws-security-reference-architecture-examples (sra-1u3sd7f8p) + +Metadata: + SRA: + Version: 1.0 + Order: 3 + AWS::CloudFormation::Interface: + ParameterGroups: + - Label: + default: General Properties + Parameters: + - pSRASolutionName + - pSRAStagingS3BucketName + - pSRAAlarmEmail + - pOrganizationId + + - Label: + default: Lambda Function Properties + Parameters: + - pSecurityLakeOrgLambdaRoleName + - pSecurityLakeOrgLambdaFunctionName + + - Label: + default: Custom Resource Properties + Parameters: + - pControlTowerRegionsOnly + - pSecurityLakeConfigurationRoleName + - pSecurityLakeSubscriberRoleName + - pDelegatedAdminAccountId + - pEnabledRegions + - pCreateOrganizationConfiguration + - pOrgConfigurationSources + - pSourceVersion + - pCloudTrailManagementEvents + - pCloudTrailLambdaDataEvents + - pCloudTrailS3DataEvents + - pSecurityHubFindings + - pVpcFlowLogs + - pWafLogs + - pRoute53Logs + - pEksAuditLogs + - pRegisterAuditAccountDataSubscriber + - pRegisterAuditAccountQuerySubscriber + - pAuditAccountDataSubscriberPrefix + - pAuditAccountDataSubscriberExternalId + - pAuditAccountQuerySubscriberPrefix + - pAuditAccountQuerySubscriberExternalId + - pDisableSecurityLake + - pSRASecurityLakeMetaStoreManagerRoleName + - pCreateResourceLink + - pSecurityLakeOrgKeyAlias + + - Label: + default: General Lambda Function Properties + Parameters: + - pCreateLambdaLogGroup + - pLambdaLogGroupRetention + - pLambdaLogGroupKmsKey + - pLambdaLogLevel + + - Label: + default: EventBridge Rule Properties + Parameters: + - pComplianceFrequency + - pControlTowerLifeCycleRuleName + + ParameterLabels: + pCreateResourceLink: + default: Create Resource Link + pSecurityLakeOrgKeyAlias: + default: Security Lake KMS Key Alias + pSRASecurityLakeMetaStoreManagerRoleName: + default: SecurityLakeMetaStoreManagerRole + pCloudTrailManagementEvents: + default: CloudTrail - Management events + pSourceVersion: + default: Log Source Version + pCloudTrailLambdaDataEvents: + default: CloudTrail - Lambda Data events + pCloudTrailS3DataEvents: + default: CloudTrail - S3 Data events + pSecurityHubFindings: + default: SecurityHub Findings + pVpcFlowLogs: + default: VPC Flow Logs + pWafLogs: + default: WAFv2 Logs + pRoute53Logs: + default: Amazon Route 53 resolver query logs + pEksAuditLogs: + default: Amazon EKS Audit Logs + pControlTowerRegionsOnly: + default: Governed Regions Only + pSecurityLakeConfigurationRoleName: + default: Security Lake Configuration Role Name + pSecurityLakeSubscriberRoleName: + default: Security Lake Query Subscriber Role Name + pComplianceFrequency: + default: Frequency to Check for Organizational Compliance + pControlTowerLifeCycleRuleName: + default: Control Tower Lifecycle Rule Name + pCreateLambdaLogGroup: + default: Create Lambda Log Group + pDelegatedAdminAccountId: + default: Delegated Admin Account ID + pEnabledRegions: + default: (Optional) Enabled Regions + pLambdaLogGroupKmsKey: + default: (Optional) Lambda Logs KMS Key + pLambdaLogGroupRetention: + default: Lambda Log Group Retention + pLambdaLogLevel: + default: Lambda Log Level + pSRAAlarmEmail: + default: (Optional) SRA Alarm Email + pSRASolutionName: + default: SRA Solution Name + pSRAStagingS3BucketName: + default: SRA Staging S3 Bucket Name + pSecurityLakeOrgLambdaFunctionName: + default: Lambda Function Name + pSecurityLakeOrgLambdaRoleName: + default: Lambda Role Name + pRegisterAuditAccountDataSubscriber: + default: Register Audit Account as a Subscriber with Data Access + pAuditAccountDataSubscriberPrefix: + default: Audit (Security Tooling) account data access subscriber name + pAuditAccountDataSubscriberExternalId: + default: Audit (Security Tooling) account data access subscriber external id + pRegisterAuditAccountQuerySubscriber: + default: Register Audit (Security Tooling) account as a subscriber with query access + pAuditAccountQuerySubscriberPrefix: + default: Audit (Security Tooling) account query access subscriber name + pAuditAccountQuerySubscriberExternalId: + default: Audit (Security Tooling) account query access subscriber external id + pOrganizationId: + default: Organization ID + pDisableSecurityLake: + default: Disable Security Lake log sources and organization configuration + +Parameters: + pCreateResourceLink: + AllowedValues: ['true', 'false'] + Default: 'true' + Description: Indicates whether to create a resource link for shared resources in Audit (Security Tooling) account + Type: String + pSecurityLakeOrgKeyAlias: + AllowedPattern: '^[a-zA-Z0-9/_-]+$' + ConstraintDescription: + The alias must be string of 1-256 characters. It can contain only alphanumeric characters, forward slashes (/), underscores (_), and dashes (-). + Default: sra-security-lake-org-key + Description: Security Lake KMS Key Alias + Type: String + pSRASecurityLakeMetaStoreManagerRoleName: + AllowedPattern: '^[\w+=,.@-]{1,64}$' + ConstraintDescription: Max 64 alphanumeric characters. Also special characters supported [+, =, ., @, -] + Default: AmazonSecurityLakeMetaStoreManagerV2 + Description: SecurityLakeMetaStoreManagerRole + Type: String + pSourceVersion: + AllowedValues: ['2.0'] + ConstraintDescription: Must be a valid version number. Currently supported version is 2.0 + Description: 'Chose the version of data source from which you want to ingest log and event sources' + Default: '2.0' + Type: String + pCloudTrailManagementEvents: + AllowedPattern: '^($|ALL|(\d{12})(,\s*\d{12})*)$' + ConstraintDescription: 'Enter "ALL" or a comma-separated list of AWS account numbers without spaces, e.g., "123456789012,234567890123" to create log source. Leave empty to skip log source creation' + Description: + Accounts to ingest CloudTrail - Management events from. Choose ALL to enable for all accounts in your AWS Organization. To choose the accounts enter a comma + separated list of the AWS Account numbers. Leave empty to skip log source creation. + Type: CommaDelimitedList + Default: 'ALL' + pCloudTrailLambdaDataEvents: + AllowedPattern: '^($|ALL|(\d{12})(,\s*\d{12})*)$' + ConstraintDescription: 'Enter "ALL" or a comma-separated list of AWS account numbers without spaces, e.g., "123456789012,234567890123" to create log source. Leave empty to skip log source creation' + Description: + Accounts to ingest CloudTrail - Lambda Data events from. Choose ALL to enable for all accounts in your AWS Organization. To choose the accounts enter a comma + separated list of the AWS Account numbers. Leave empty to skip log source creation. + Type: CommaDelimitedList + Default: 'ALL' + pCloudTrailS3DataEvents: + AllowedPattern: '^($|ALL|(\d{12})(,\s*\d{12})*)$' + ConstraintDescription: 'Enter "ALL" or a comma-separated list of AWS account numbers without spaces, e.g., "123456789012,234567890123" to create log source. Leave empty to skip log source creation' + Description: + Accounts to ingest CloudTrail - S3 Data events from. Choose ALL to enable for all accounts in your AWS Organization. To choose the accounts enter a comma + separated list of the AWS Account numbers. Leave empty to skip log source creation. + Type: CommaDelimitedList + Default: '' + pSecurityHubFindings: + AllowedPattern: '^($|ALL|(\d{12})(,\s*\d{12})*)$' + ConstraintDescription: 'Enter "ALL" or a comma-separated list of AWS account numbers without spaces, e.g., "123456789012,234567890123" to create log source. Leave empty to skip log source creation' + Description: + Accounts to ingest SecurityHub Findings from. Choose ALL to enable for all accounts in your AWS Organization. To choose the accounts enter a comma + separated list of the AWS Account numbers. Leave empty to skip log source creation. + Type: CommaDelimitedList + Default: 'ALL' + pVpcFlowLogs: + AllowedPattern: '^($|ALL|(\d{12})(,\s*\d{12})*)$' + ConstraintDescription: 'Enter "ALL" or a comma-separated list of AWS account numbers without spaces, e.g., "123456789012,234567890123" to create log source. Leave empty to skip log source creation' + Description: + Accounts to ingest VPC Flow Logs from. Choose ALL to enable for all accounts in your AWS Organization. To choose the accounts enter a comma + separated list of the AWS Account numbers. Leave empty to skip log source creation. + Type: CommaDelimitedList + Default: 'ALL' + pWafLogs: + AllowedPattern: '^($|ALL|(\d{12})(,\s*\d{12})*)$' + ConstraintDescription: 'Enter "ALL" or a comma-separated list of AWS account numbers without spaces, e.g., "123456789012,234567890123" to create log source. Leave empty to skip log source creation' + Description: + Accounts to ingest WAFv2 Logs from. Choose ALL to enable for all accounts in your AWS Organization. To choose the accounts enter a comma + separated list of the AWS Account numbers. Leave empty to skip log source creation. + Type: CommaDelimitedList + Default: '' + pRoute53Logs: + AllowedPattern: '^($|ALL|(\d{12})(,\s*\d{12})*)$' + ConstraintDescription: 'Enter "ALL" or a comma-separated list of AWS account numbers without spaces, e.g., "123456789012,234567890123" to create log source. Leave empty to skip log source creation' + Description: + Accounts to ingest Amazon Route 53 resolver query logs from. Choose ALL to enable for all accounts in your AWS Organization. To choose the accounts enter a comma + separated list of the AWS Account numbers. Leave empty to skip log source creation. + Type: CommaDelimitedList + Default: 'ALL' + pEksAuditLogs: + AllowedPattern: '^($|ALL|(\d{12})(,\s*\d{12})*)$' + ConstraintDescription: 'Enter "ALL" or a comma-separated list of AWS account numbers without spaces, e.g., "123456789012,234567890123" to create log source. Leave empty to skip log source creation' + Description: + Accounts to ingest Amazon EKS Audit Logs from. Choose ALL to enable for all accounts in your AWS Organization. To choose the accounts enter a comma + separated list of the AWS Account numbers. Leave empty to skip log source creation. + Type: CommaDelimitedList + Default: 'ALL' + pControlTowerRegionsOnly: + AllowedValues: ['true', 'false'] + Default: 'false' + Description: Only enable in the customer governed regions specified in Control Tower or Common Prerequisites solution + Type: String + pComplianceFrequency: + ConstraintDescription: Compliance Frequency must be a number between 1 and 30, inclusive. + Default: 7 + Description: Frequency (in days between 1 and 30, default is 7) to check organizational compliance + MinValue: 1 + MaxValue: 30 + Type: Number + pControlTowerLifeCycleRuleName: + AllowedPattern: '^[\w.-]{1,64}$' + ConstraintDescription: Max 64 alphanumeric and underscore characters. Also special characters supported [., -] + Default: sra-security-lake-org-trigger + Description: The name of the AWS Control Tower Life Cycle Rule. + Type: String + pCreateLambdaLogGroup: + AllowedValues: ['true', 'false'] + Default: 'false' + Description: + Indicates whether a CloudWatch Log Group should be explicitly created for the Lambda function, to allow for setting a Log Retention and/or KMS + Key for encryption. + Type: String + pDelegatedAdminAccountId: + AllowedPattern: '^\d{12}$' + ConstraintDescription: Must be 12 digits + Description: Delegated administrator account ID - Log Archive account + Type: String + pEnabledRegions: + AllowedPattern: '^$|^([a-z0-9-]{1,64})$|^(([a-z0-9-]{1,64},)*[a-z0-9-]{1,64})$' + ConstraintDescription: + Only lowercase letters, numbers, and hyphens ('-') allowed. (e.g. us-east-1) Additional AWS regions can be provided, separated by commas. (e.g. + us-east-1,ap-southeast-2) + Description: (Optional) Enabled regions (AWS regions, separated by commas). Leave blank to enable all regions. + Type: String + pSecurityLakeOrgLambdaFunctionName: + AllowedPattern: '^[\w-]{0,64}$' + ConstraintDescription: Max 64 alphanumeric characters. Also special characters supported [_, -] + Default: sra-security-lake-org + Description: Lambda function name + Type: String + pSecurityLakeOrgLambdaRoleName: + AllowedPattern: '^[\w+=,.@-]{1,64}$' + ConstraintDescription: Max 64 alphanumeric characters. Also special characters supported [+, =, ., @, -] + Default: sra-security-lake-org-lambda + Description: Security Lake configuration Lambda role name + Type: String + pSecurityLakeConfigurationRoleName: + AllowedPattern: '^[\w+=,.@-]{1,64}$' + ConstraintDescription: Max 64 alphanumeric characters. Also special characters supported [+, =, ., @, -] + Default: sra-security-lake-org-configuration + Description: Security Lake Configuration role to assume in the delegated administrator account + Type: String + pSecurityLakeSubscriberRoleName: + AllowedPattern: '^[\w+=,.@-]{1,64}$' + ConstraintDescription: Max 64 alphanumeric characters. Also special characters supported [+, =, ., @, -] + Default: sra-security-lake-query-subscriber + Description: Security Lake Configuration role to assume in the delegated administrator account + Type: String + pLambdaLogGroupKmsKey: + AllowedPattern: '^$|^arn:(aws[a-zA-Z-]*){1}:kms:[a-z0-9-]+:\d{12}:key\/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$' + ConstraintDescription: 'Key ARN example: arn:aws:kms:::key/1234abcd-12ab-34cd-56ef-1234567890ab' + Description: + (Optional) KMS Key ARN to use for encrypting the Lambda logs data. If empty, encryption is enabled with CloudWatch Logs managing the server-side + encryption keys. + Type: String + pLambdaLogGroupRetention: + AllowedValues: [1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 3653] + Default: 14 + Description: Specifies the number of days you want to retain log events + Type: String + pLambdaLogLevel: + AllowedValues: [INFO, ERROR, DEBUG] + Default: INFO + Description: Lambda Function Logging Level + Type: String + pSRAAlarmEmail: + AllowedPattern: '^$|^([a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+)$' + ConstraintDescription: Must be a valid email address. + Description: (Optional) Email address for receiving DLQ alarms + Type: String + pSRASolutionName: + AllowedValues: [sra-security-lake-org] + Default: sra-security-lake-org + Description: The SRA solution name. The default value is the folder name of the solution + Type: String + pSRAStagingS3BucketName: + AllowedPattern: '^(?=^.{3,63}$)(?!.*[.-]{2})(?!.*[--]{2})(?!^(?:(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])(\.(?!$)|$)){4}$)(^(([a-z0-9]|[a-z0-9][a-z0-9\-]*[a-z0-9])\.)*([a-z0-9]|[a-z0-9][a-z0-9\-]*[a-z0-9])$)' + ConstraintDescription: + SRA Staging S3 bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). + Description: + SRA Staging S3 bucket name for the artifacts relevant to solution. (e.g., lambda zips, CloudFormation templates) S3 bucket name can include + numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). + Type: String + pRegisterAuditAccountDataSubscriber: + AllowedValues: ['true', 'false'] + Default: 'true' + Description: Identifies whether to registerAudit (Security Tooling) account as a Subscriber with Data Access + Type: String + pAuditAccountDataSubscriberPrefix: + AllowedValues: [sra-audit-account-data-subscriber] + Default: sra-audit-account-data-subscriber + Description: The name of the Audit (Security Tooling) account data access subscriber + Type: String + pAuditAccountDataSubscriberExternalId: + AllowedPattern: ^(?:[a-zA-Z0-9]{0,64})?$ + ConstraintDescription: All characters allowed except '&<>\%|' + Default: '' + Description: + (Optional) External ID for Security Lake Audit (Security Tooling) data access subscriber. If 'Register Audit (Security Tooling) account as a Subscriber with Data Access' parameter is set to 'true', then this parameter becomes + required. + Type: String + pRegisterAuditAccountQuerySubscriber: + AllowedValues: ['true', 'false'] + Default: 'true' + Description: Identifies whether to register Audit (Security Tooling) account as a Subscriber with Query Access + Type: String + pAuditAccountQuerySubscriberPrefix: + AllowedValues: [sra-audit-account-query-subscriber] + Default: sra-audit-account-query-subscriber + Description: The name of the Audit (Security Tooling) account query access subscriber + Type: String + pAuditAccountQuerySubscriberExternalId: + AllowedPattern: ^(?:[a-zA-Z0-9]{0,64})?$ + ConstraintDescription: All characters allowed except '&<>\%|' + Default: '' + Description: + (Optional) External ID for Security Lake Audit (Security Tooling) query access subscriber. If 'Register Audit (Security Tooling) account as a Subscriber with Query Access' parameter is set to 'true', then this parameter becomes + required. + Type: String + + pOrgConfigurationSources: + AllowedValues: ['', ROUTE53, VPC_FLOW, SH_FINDINGS, CLOUD_TRAIL_MGMT, LAMBDA_EXECUTION, S3_DATA, EKS_AUDIT, WAF] + Default: ROUTE53, VPC_FLOW, SH_FINDINGS, CLOUD_TRAIL_MGMT, LAMBDA_EXECUTION, S3_DATA, EKS_AUDIT, WAF + Description: (Optional) AWS log sources to enable for new member accounts in your organization. If 'Create Organization Configuration' parameter is set to 'true', then this parameter becomes required. + Type: CommaDelimitedList + pCreateOrganizationConfiguration: + AllowedValues: ['true', 'false'] + Default: 'true' + Description: Select whether to automatically enable Amazon Security Lake for new member accounts in your organization + Type: String + pOrganizationId: + AllowedPattern: '^o-[a-z0-9]{10,32}$' + ConstraintDescription: Must start with 'o-' followed by from 10 to 32 lowercase letters or digits. (e.g. o-abc1234567) + Description: AWS Organizations ID + Type: String + pDisableSecurityLake: + AllowedValues: ['true', 'false'] + Default: 'false' + Description: Update to 'true' to disable Security Lake log sources and organization configuration before deleting the stack. + Type: String + + +Conditions: + cComplianceFrequencySingleDay: !Equals [!Ref pComplianceFrequency, 1] + cCreateDLQAlarm: !Not [!Equals [!Ref pSRAAlarmEmail, '']] + cCreateLambdaLogGroup: !Equals [!Ref pCreateLambdaLogGroup, 'true'] + cUseGraviton: !Or + - !Equals [!Ref 'AWS::Region', ap-northeast-1] + - !Equals [!Ref 'AWS::Region', ap-south-1] + - !Equals [!Ref 'AWS::Region', ap-southeast-1] + - !Equals [!Ref 'AWS::Region', ap-southeast-2] + - !Equals [!Ref 'AWS::Region', eu-central-1] + - !Equals [!Ref 'AWS::Region', eu-west-1] + - !Equals [!Ref 'AWS::Region', eu-west-2] + - !Equals [!Ref 'AWS::Region', us-east-1] + - !Equals [!Ref 'AWS::Region', us-east-2] + - !Equals [!Ref 'AWS::Region', us-west-2] + cUseKmsKey: !Not [!Equals [!Ref pLambdaLogGroupKmsKey, '']] + +Resources: + rSecurityLakeOrgLambdaLogGroup: + Type: AWS::Logs::LogGroup + Condition: cCreateLambdaLogGroup + DeletionPolicy: Retain + UpdateReplacePolicy: Retain + Properties: + LogGroupName: !Sub /aws/lambda/${pSecurityLakeOrgLambdaFunctionName} + KmsKeyId: !If + - cUseKmsKey + - !Ref pLambdaLogGroupKmsKey + - !Ref AWS::NoValue + RetentionInDays: !Ref pLambdaLogGroupRetention + + rSecurityLakeOrgLambdaRole: + Type: AWS::IAM::Role + Metadata: + cfn_nag: + rules_to_suppress: + - id: W11 + reason: Actions require wildcard in resource + - id: W28 + reason: The role name is defined + checkov: + skip: + - id: CKV_AWS_109 + comment: Actions require wildcard in resource or condition provides constraints. + - id: CKV_AWS_111 + comment: IAM write actions require wildcard in resource + Properties: + RoleName: !Ref pSecurityLakeOrgLambdaRoleName + AssumeRolePolicyDocument: + Version: 2012-10-17 + Statement: + - Action: sts:AssumeRole + Effect: Allow + Principal: + Service: + - lambda.amazonaws.com + Path: '/' + Policies: + - PolicyName: sra-security-lake-org-policy-cloudformation + PolicyDocument: + Version: 2012-10-17 + Statement: + - Sid: CloudFormation + Effect: Allow + Action: cloudformation:ListStackInstances + Resource: + - !Sub arn:${AWS::Partition}:cloudformation:${AWS::Region}:${AWS::AccountId}:stackset/AWSControlTowerBP-* + - PolicyName: sra-security-lake-org-policy-securitylake + PolicyDocument: + Version: 2012-10-17 + Statement: + - Sid: SecurityLakeDesignateAdministratorAccess + Effect: Allow + Action: + - securitylake:RegisterDataLakeDelegatedAdministrator + - organizations:DescribeOrganization + - organizations:EnableAWSServiceAccess + - organizations:ListDelegatedAdministrators + - organizations:ListDelegatedServicesForAccount + - organizations:RegisterDelegatedAdministrator + Resource: "*" + - Sid: AllowCreateServiceLinkedRole + Effect: Allow + Action: iam:CreateServiceLinkedRole + Condition: + StringLike: + iam:AWSServiceName: securitylake.amazonaws.com + Resource: "*" + - Sid: SecurityLakeRemoveAdministratorAccess + Effect: Allow + Action: + - organizations:DeregisterDelegatedAdministrator + Resource: "*" + - PolicyName: sra-account-alternate-contacts-policy-organizations + PolicyDocument: + Version: 2012-10-17 + Statement: + - Sid: OrganizationsReadAccess + Effect: Allow + Action: + - organizations:ListAccounts + Resource: '*' + + - PolicyName: "ssm-access" + PolicyDocument: + Version: "2012-10-17" + Statement: + - Effect: "Allow" + Action: + - ssm:GetParameter + - ssm:GetParameters + Resource: + - !Sub "arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/sra*" + + - PolicyName: sra-security-lake-org-policy-logs + PolicyDocument: + Version: 2012-10-17 + Statement: + - Sid: CreateLogGroupAndEvents + Effect: Allow + Action: + - logs:CreateLogGroup + - logs:CreateLogStream + - logs:PutLogEvents + Resource: !Sub arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/${pSecurityLakeOrgLambdaFunctionName}:log-stream:* + + - PolicyName: sra-security-lake-org-policy-sqs + PolicyDocument: + Version: 2012-10-17 + Statement: + - Sid: SQSSendMessage + Effect: Allow + Action: sqs:SendMessage + Resource: !GetAtt rSecurityLakeOrgDLQ.Arn + + - PolicyName: sra-security-lake-org-policy-acct + PolicyDocument: + Version: 2012-10-17 + Statement: + - Sid: AcctListRegions + Effect: Allow + Action: + - account:ListRegions + Resource: '*' + + - PolicyName: sra-security-lake-org-policy-iam + PolicyDocument: + Version: 2012-10-17 + Statement: + - Sid: AssumeRole + Effect: Allow + Action: sts:AssumeRole + Condition: + StringEquals: + aws:PrincipalOrgId: !Ref pOrganizationId + Resource: + - !Sub arn:${AWS::Partition}:iam::*:role/${pSecurityLakeConfigurationRoleName} + - !Sub arn:${AWS::Partition}:iam::*:role/${pSecurityLakeSubscriberRoleName} + - Sid: AllowReadIamActions + Effect: Allow + Action: iam:GetRole + Resource: !Sub arn:${AWS::Partition}:iam::${AWS::AccountId}:role/* + Tags: + - Key: sra-solution + Value: !Ref pSRASolutionName + + rSecurityLakeOrgLambdaFunction: + Type: AWS::Lambda::Function + Metadata: + cfn_nag: + rules_to_suppress: + - id: W58 + reason: CloudWatch access provided by the attached IAM role + - id: W89 + reason: Lambda is not deployed within a VPC + - id: W92 + reason: Lambda does not need reserved concurrent executions. + checkov: + skip: + - id: CKV_AWS_115 + comment: Lambda does not need reserved concurrent executions. + - id: CKV_AWS_117 + comment: Lambda does not need to communicate with VPC resources. + - id: CKV_AWS_173 + comment: Environment variables are not sensitive. + Properties: + FunctionName: !Ref pSecurityLakeOrgLambdaFunctionName + Description: configure Security Lake for the Organization + Architectures: !If + - cUseGraviton + - [arm64] + - !Ref AWS::NoValue + Handler: app.lambda_handler + Role: !GetAtt rSecurityLakeOrgLambdaRole.Arn + MemorySize: 512 + Runtime: python3.9 + Timeout: 900 + Code: + S3Bucket: !Ref pSRAStagingS3BucketName + S3Key: !Sub ${pSRASolutionName}/lambda_code/${pSRASolutionName}.zip + Layers: + - !Ref rSecurityLakeOrgLambdaLayer + DeadLetterConfig: + TargetArn: !GetAtt rSecurityLakeOrgDLQ.Arn + Environment: + Variables: + LOG_LEVEL: !Ref pLambdaLogLevel + AWS_PARTITION: !Ref AWS::Partition + CONFIGURATION_ROLE_NAME: !Ref pSecurityLakeConfigurationRoleName + SUBSCRIBER_ROLE_NAME: !Ref pSecurityLakeSubscriberRoleName + CONTROL_TOWER_REGIONS_ONLY: !Ref pControlTowerRegionsOnly + DELEGATED_ADMIN_ACCOUNT_ID: !Ref pDelegatedAdminAccountId + ENABLED_REGIONS: !Ref pEnabledRegions + MANAGEMENT_ACCOUNT_ID: !Ref AWS::AccountId + SOURCE_VERSION: !Ref pSourceVersion + CLOUD_TRAIL_MGMT: !Join + - ',' + - !Ref pCloudTrailManagementEvents + LAMBDA_EXECUTION: !Join + - ',' + - !Ref pCloudTrailLambdaDataEvents + S3_DATA: !Join + - ',' + - !Ref pCloudTrailS3DataEvents + ROUTE53: !Join + - ',' + - !Ref pRoute53Logs + VPC_FLOW: !Join + - ',' + - !Ref pVpcFlowLogs + SH_FINDINGS: !Join + - ',' + - !Ref pSecurityHubFindings + EKS_AUDIT: !Join + - ',' + - !Ref pEksAuditLogs + WAF: !Join + - ',' + - !Ref pWafLogs + SET_AUDIT_ACCT_QUERY_SUBSCRIBER: !Ref pRegisterAuditAccountQuerySubscriber + SET_AUDIT_ACCT_DATA_SUBSCRIBER: !Ref pRegisterAuditAccountDataSubscriber + AUDIT_ACCT_DATA_SUBSCRIBER: !Ref pAuditAccountDataSubscriberPrefix + DATA_SUBSCRIBER_EXTERNAL_ID: !Ref pAuditAccountDataSubscriberExternalId + AUDIT_ACCT_QUERY_SUBSCRIBER: !Ref pAuditAccountQuerySubscriberPrefix + QUERY_SUBSCRIBER_EXTERNAL_ID: !Ref pAuditAccountQuerySubscriberExternalId + SET_ORG_CONFIGURATION: !Ref pCreateOrganizationConfiguration + ORG_CONFIGURATION_SOURCES: !Join + - ',' + - !Ref pOrgConfigurationSources + DISABLE_SECURITY_LAKE: !Ref pDisableSecurityLake + META_STORE_MANAGER_ROLE_NAME: !Ref pSRASecurityLakeMetaStoreManagerRoleName + CREATE_RESOURCE_LINK: !Ref pCreateResourceLink + KEY_ALIAS: !Ref pSecurityLakeOrgKeyAlias + Tags: + - Key: sra-solution + Value: !Ref pSRASolutionName + + rSecurityLakeOrgLambdaLayer: + Type: AWS::Lambda::LayerVersion + Properties: + Content: + S3Bucket: !Ref pSRAStagingS3BucketName + S3Key: !Sub ${pSRASolutionName}/layer_code/${pSRASolutionName}-layer.zip + Description: Boto3 version 1.35.10 layer to enable newer API of Security Lake + LayerName: !Sub ${pSecurityLakeOrgLambdaFunctionName}-updated-boto3-layer + + rSecurityLakeOrgLambdaCustomResource: + Type: Custom::LambdaCustomResource + Version: '1.0' + Properties: + ServiceToken: !GetAtt rSecurityLakeOrgLambdaFunction.Arn + LOG_LEVEL: !Ref pLambdaLogLevel + CONFIGURATION_ROLE_NAME: !Ref pSecurityLakeConfigurationRoleName + SUBSCRIBER_ROLE_NAME: !Ref pSecurityLakeSubscriberRoleName + CONTROL_TOWER_REGIONS_ONLY: !Ref pControlTowerRegionsOnly + DELEGATED_ADMIN_ACCOUNT_ID: !Ref pDelegatedAdminAccountId + ENABLED_REGIONS: !Ref pEnabledRegions + MANAGEMENT_ACCOUNT_ID: !Ref AWS::AccountId + AWS_PARTITION: !Ref AWS::Partition + SOURCE_VERSION: !Ref pSourceVersion + CLOUD_TRAIL_MGMT: !Join + - ',' + - !Ref pCloudTrailManagementEvents + LAMBDA_EXECUTION: !Join + - ',' + - !Ref pCloudTrailLambdaDataEvents + S3_DATA: !Join + - ',' + - !Ref pCloudTrailS3DataEvents + ROUTE53: !Join + - ',' + - !Ref pRoute53Logs + VPC_FLOW: !Join + - ',' + - !Ref pVpcFlowLogs + SH_FINDINGS: !Join + - ',' + - !Ref pSecurityHubFindings + EKS_AUDIT: !Join + - ',' + - !Ref pEksAuditLogs + WAF: !Join + - ',' + - !Ref pWafLogs + SET_AUDIT_ACCT_DATA_SUBSCRIBER: !Ref pRegisterAuditAccountDataSubscriber + SET_AUDIT_ACCT_QUERY_SUBSCRIBER: !Ref pRegisterAuditAccountQuerySubscriber + AUDIT_ACCT_DATA_SUBSCRIBER: !Ref pAuditAccountDataSubscriberPrefix + DATA_SUBSCRIBER_EXTERNAL_ID: !Ref pAuditAccountDataSubscriberExternalId + AUDIT_ACCT_QUERY_SUBSCRIBER: !Ref pAuditAccountQuerySubscriberPrefix + QUERY_SUBSCRIBER_EXTERNAL_ID: !Ref pAuditAccountQuerySubscriberExternalId + SET_ORG_CONFIGURATION: !Ref pCreateOrganizationConfiguration + ORG_CONFIGURATION_SOURCES: !Join + - ',' + - !Ref pOrgConfigurationSources + DISABLE_SECURITY_LAKE: !Ref pDisableSecurityLake + META_STORE_MANAGER_ROLE_NAME: !Ref pSRASecurityLakeMetaStoreManagerRoleName + CREATE_RESOURCE_LINK: !Ref pCreateResourceLink + KEY_ALIAS: !Ref pSecurityLakeOrgKeyAlias + + rSecurityLakeOrgDLQ: + Type: AWS::SQS::Queue + Properties: + KmsMasterKeyId: alias/aws/sqs + QueueName: !Sub ${pSRASolutionName}-dlq + Tags: + - Key: sra-solution + Value: !Ref pSRASolutionName + MessageRetentionPeriod: 345600 + DeletionPolicy: Delete + UpdateReplacePolicy: Delete + + rSecurityLakeOrgDLQPolicy: + Type: AWS::SQS::QueuePolicy + Properties: + Queues: + - !Ref rSecurityLakeOrgDLQ + PolicyDocument: + Statement: + - Action: SQS:SendMessage + Condition: + ArnEquals: + aws:SourceArn: + - !GetAtt rSecurityLakeOrgLambdaFunction.Arn + Effect: Allow + Principal: + Service: events.amazonaws.com + Resource: + - !GetAtt rSecurityLakeOrgDLQ.Arn + + rSecurityLakeOrgDLQAlarmTopic: + Condition: cCreateDLQAlarm + Type: AWS::SNS::Topic + Properties: + DisplayName: !Sub ${pSRASolutionName}-dlq-alarm + KmsMasterKeyId: !Sub arn:${AWS::Partition}:kms:${AWS::Region}:${AWS::AccountId}:alias/aws/sns + TopicName: !Sub ${pSRASolutionName}-dlq-alarm + Subscription: + - Endpoint: !Ref pSRAAlarmEmail + Protocol: email + Tags: + - Key: sra-solution + Value: !Ref pSRASolutionName + + rSecurityLakeOrgDLQAlarm: + Condition: cCreateDLQAlarm + Type: AWS::CloudWatch::Alarm + Properties: + AlarmDescription: SRA DLQ alarm if the queue depth is 1 + Namespace: AWS/SQS + MetricName: ApproximateNumberOfMessagesVisible + Dimensions: + - Name: QueueName + Value: !GetAtt rSecurityLakeOrgDLQ.QueueName + Statistic: Sum + Period: 300 + EvaluationPeriods: 1 + Threshold: 1 + ComparisonOperator: GreaterThanThreshold + AlarmActions: + - !Ref rSecurityLakeOrgDLQAlarmTopic + InsufficientDataActions: + - !Ref rSecurityLakeOrgDLQAlarmTopic + + rPermissionForScheduledComplianceRuleToInvokeLambda: + Type: AWS::Lambda::Permission + Properties: + FunctionName: !GetAtt rSecurityLakeOrgLambdaFunction.Arn + Action: lambda:InvokeFunction + Principal: events.amazonaws.com + SourceArn: !GetAtt rScheduledComplianceRule.Arn + + rScheduledComplianceRule: + Type: AWS::Events::Rule + Properties: + Name: !Sub ${pControlTowerLifeCycleRuleName}-organization-compliance + Description: SRA Security Lake Trigger for scheduled organization compliance + ScheduleExpression: !If + - cComplianceFrequencySingleDay + - !Sub rate(${pComplianceFrequency} day) + - !Sub rate(${pComplianceFrequency} days) + State: ENABLED + Targets: + - Arn: !GetAtt rSecurityLakeOrgLambdaFunction.Arn + Id: !Ref pSecurityLakeOrgLambdaFunctionName + +Outputs: + oSecurityLakeOrgLambdaFunctionArn: + Description: SRA Security Lake Lambda Function ARN + Value: !GetAtt rSecurityLakeOrgLambdaFunction.Arn + oSecurityLakeOrgLambdaLogGroupArn: + Condition: cCreateLambdaLogGroup + Description: SRA Security Lake Lambda Log Group ARN + Value: !GetAtt rSecurityLakeOrgLambdaLogGroup.Arn + oSecurityLakeOrgLambdaRoleArn: + Description: SRA Security Lake Lambda Role ARN + Value: !GetAtt rSecurityLakeOrgLambdaRole.Arn diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-kms-key.yaml b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-kms-key.yaml new file mode 100644 index 00000000..6b8018b6 --- /dev/null +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-kms-key.yaml @@ -0,0 +1,138 @@ +######################################################################## +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: MIT-0 +######################################################################## +AWSTemplateFormatVersion: 2010-09-09 +Description: This template creates KMS key for Security Lake configurations - 'security_lake_org' solution in the repo, https://github.com/aws-samples/aws-security-reference-architecture-examples (sra-1u3sd7f8p) +Metadata: + SRA: + Version: 1 + Order: 4 + AWS::CloudFormation::Interface: + ParameterGroups: + - Label: + default: General Properties + Parameters: + - pSRASolutionName + - Label: + default: KMS Key Properties + Parameters: + - pSecurityLakeOrgKeyAlias + - pAuditAccountId + - pManagementAccountId + - pRegisterAuditAccountQuerySubscriber + ParameterLabels: + pAuditAccountId: + default: Audit Account ID + pSecurityLakeOrgKeyAlias: + default: Security Lake KMS Key Alias + pManagementAccountId: + default: Organization Management Account ID + pSRASolutionName: + default: SRA Solution Name + pRegisterAuditAccountQuerySubscriber: + default: Register Audit Account as Query Subscriber +Parameters: + pAuditAccountId: + AllowedPattern: '^([\w.-]{1,900})$|^(\/[\w.-]{1,900})*[\w.-]{1,900}$' + ConstraintDescription: + Must be alphanumeric or special characters [., _, -]. In addition, the slash character ( / ) used to delineate hierarchies in parameter names. + Description: AWS Account ID of the Audit (Security Tooling) account. + Type: String + pManagementAccountId: + AllowedPattern: ^\d{12}$ + ConstraintDescription: Must be 12 digits + Description: Management Account ID + Type: String + pSecurityLakeOrgKeyAlias: + Default: sra-security-lake-org-key + Description: Security Lake KMS Key Alias + Type: String + pSRASolutionName: + AllowedValues: [sra-security-lake-org] + Default: sra-security-lake-org + Description: The SRA solution name. The default value is the folder name of the solution + Type: String + pRegisterAuditAccountQuerySubscriber: + AllowedValues: ['true', 'false'] + Default: 'true' + Description: Register Audit Account as Query Subscriber + Type: String +Conditions: + cCreateQuerySubscriber: !Equals + - !Ref pRegisterAuditAccountQuerySubscriber + - 'true' +Resources: + rSecurityLakeKey: + Type: AWS::KMS::Key + DeletionPolicy: Delete + UpdateReplacePolicy: Retain + Properties: + Description: SRA Security Lake Key + EnableKeyRotation: true + KeyPolicy: + Version: 2012-10-17 + Id: !Ref pSecurityLakeOrgKeyAlias + Statement: + - Sid: Enable IAM User Permissions + Effect: Allow + Action: kms:* + Resource: '*' + Principal: + AWS: + - !Sub arn:${AWS::Partition}:iam::${AWS::AccountId}:root + - !Sub arn:${AWS::Partition}:iam::${pAuditAccountId}:root + - !Sub arn:${AWS::Partition}:iam::${pManagementAccountId}:root + - Sid: Enable Security Lake Role Permissions + Effect: Allow + Action: + - kms:GenerateDataKey + - kms:Decrypt + Resource: '*' + Principal: + AWS: !Sub arn:${AWS::Partition}:iam::${AWS::AccountId}:role/sra-security-lake-org-configuration + - Sid: Allow alias creation during setup + Effect: Allow + Action: kms:CreateAlias + Condition: + StringEquals: + kms:CallerAccount: !Sub ${AWS::AccountId} + kms:ViaService: !Sub cloudformation.${AWS::Region}.amazonaws.com + Resource: '*' + Principal: + AWS: !Sub arn:${AWS::Partition}:iam::${AWS::AccountId}:root + - Sid: Allow s3 service to encrypt its events + Effect: Allow + Principal: + Service: s3.amazonaws.com + Action: + - kms:GenerateDataKey* + - kms:Decrypt + Resource: '*' + - !If + - cCreateQuerySubscriber + - Sid: Allow use of the key + Effect: Allow + Principal: + AWS: !Sub arn:${AWS::Partition}:iam::${AWS::AccountId}:role/aws-service-role/lakeformation.amazonaws.com/AWSServiceRoleForLakeFormationDataAccess + Action: + - kms:CreateGrant + - kms:DescribeKey + - kms:GenerateDataKey + - kms:Decrypt + Resource: '*' + - !Ref AWS::NoValue + Tags: + - Key: sra-solution + Value: !Ref pSRASolutionName + rSecurityLakeKeyAlias: + Type: AWS::KMS::Alias + Properties: + AliasName: !Sub alias/${pSecurityLakeOrgKeyAlias}-${AWS::Region} + TargetKeyId: !Ref rSecurityLakeKey +Outputs: + oSecurityLakeKeyArn: + Description: Security Lake KMS Key ARN + Value: !GetAtt rSecurityLakeKey.Arn + Export: + Name: eSecurityLakeKeyArn \ No newline at end of file diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-main-ssm.yaml b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-main-ssm.yaml new file mode 100644 index 00000000..899bdeae --- /dev/null +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-main-ssm.yaml @@ -0,0 +1,709 @@ +######################################################################## +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: MIT-0 +######################################################################## +AWSTemplateFormatVersion: 2010-09-09 +Description: This template creates a custom resource Lambda to delegate administration and configure Security Lake within an AWS Organization - 'security_lake_org' solution in the repo, https://github.com/aws-samples/aws-security-reference-architecture-examples (sra-1u3sd7f8p) +Metadata: + SRA: + Version: 1 + Entry: Parameters for deploying the solution resolving SSM parameters + Order: 1 + AWS::CloudFormation::Interface: + ParameterGroups: + - Label: + default: General Properties + Parameters: + - pSRASolutionName + - pSRASolutionVersion + - pSRAStagingS3BucketName + - pSRAAlarmEmail + - pAuditAccountId + - pLogArchiveAccountId + - pStackSetAdminRole + - pStackExecutionRole + - pOrganizationId + - pCustomerControlTowerRegions + - pSecurityLakeConfigurationRoleName + - Label: + default: Security Lake Configuration - Properties + Parameters: + - pDisableSecurityLake + - pControlTowerRegionsOnly + - pEnabledRegions + - pSecurityLakeOrgKeyAlias + - pSecurityLakeWarning + - pSRASecurityLakeMetaStoreManagerRoleName + - Label: + default: Security Lake Configuration - Sources to Ingest + Parameters: + - pSourceVersion + - pCloudTrailManagementEvents + - pCloudTrailLambdaDataEvents + - pCloudTrailS3DataEvents + - pSecurityHubFindings + - pVpcFlowLogs + - pWafLogs + - pRoute53Logs + - pEksAuditLogs + - Label: + default: Security Lake Configuration - Organization Configurations + Parameters: + - pCreateOrganizationConfiguration + - pOrgConfigurationSources + - Label: + default: Security Lake Configuration - Audit (Security Tooling) account Data Access Subscriber + Parameters: + - pRegisterAuditAccountDataSubscriber + - pAuditAccountDataSubscriberPrefix + - pAuditAccountDataSubscriberExternalId + - Label: + default: Security Lake Configuration - Audit (Security Tooling) account Query Access Subscriber + Parameters: + - pRegisterAuditAccountQuerySubscriber + - pCreateLakeFormationSlr + - pCreateResourceLink + - pAuditAccountQuerySubscriberPrefix + - pAuditAccountQuerySubscriberExternalId + - Label: + default: General Lambda Function Properties + Parameters: + - pCreateLambdaLogGroup + - pLambdaLogGroupRetention + - pLambdaLogGroupKmsKey + - pLambdaLogLevel + - Label: + default: EventBridge Rule Properties + Parameters: + - pControlTowerLifeCycleRuleName + - pComplianceFrequency + + ParameterLabels: + pCreateResourceLink: + default: Create resource link for shared resources + pCreateLakeFormationSlr: + default: Create AWS Lake Formation service-linked role + pSRASecurityLakeMetaStoreManagerRoleName: + default: SecurityLakeMetaStoreManagerRole Name + pCloudTrailManagementEvents: + default: CloudTrail - Management Events (recommended)) + pLogArchiveAccountId: + default: Log Archive Account ID + pCloudTrailLambdaDataEvents: + default: CloudTrail - Lambda Data Events (recommended) + pCloudTrailS3DataEvents: + default: CloudTrail - S3 Data Events (high volume data) + pCustomerControlTowerRegions: + default: Customer Regions + pSecurityHubFindings: + default: SecurityHub Findings (recommended) + pVpcFlowLogs: + default: VPC Flow Logs (recommended) + pWafLogs: + default: WAFv2 Logs (high volume data) + pRoute53Logs: + default: Amazon Route 53 Resolver Query Logs (recommended) + pEksAuditLogs: + default: Amazon EKS Audit Logs (recommended) + pOrgConfigurationSources: + default: Sources for Organization Configuration + pCreateOrganizationConfiguration: + default: Create Organization Configuration + pSourceVersion: + default: Log Source Version + pSecurityLakeConfigurationRoleName: + default: Security Lake Configuration Role Name + pSecurityLakeOrgKeyAlias: + default: Security Lake KMS Key Alias + pAuditAccountId: + default: Audit (Security Tooling) account ID + pComplianceFrequency: + default: Frequency to Check for Organizational Compliance + pControlTowerLifeCycleRuleName: + default: Control Tower Lifecycle Rule Name + pControlTowerRegionsOnly: + default: Governed Regions Only + pCreateLambdaLogGroup: + default: Create Lambda Log Group + pEnabledRegions: + default: (Optional) Enabled Regions + pLambdaLogGroupKmsKey: + default: (Optional) Lambda Logs KMS Key + pLambdaLogGroupRetention: + default: Lambda Log Group Retention + pLambdaLogLevel: + default: Lambda Log Level + pSRAAlarmEmail: + default: (Optional) SRA Alarm Email + pSRASolutionName: + default: SRA Solution Name + pSRASolutionVersion: + default: SRA Solution Version + pSRAStagingS3BucketName: + default: SRA Staging S3 Bucket Name + pRegisterAuditAccountDataSubscriber: + default: Register Audit (Security Tooling) account as a Subscriber with Data Access + pAuditAccountDataSubscriberPrefix: + default: Audit (Security Tooling) account data access subscriber name + pAuditAccountDataSubscriberExternalId: + default: Audit (Security Tooling) account data access subscriber external id + pRegisterAuditAccountQuerySubscriber: + default: Register Audit (Security Tooling) account as a subscriber with query access + pAuditAccountQuerySubscriberPrefix: + default: Audit (Security Tooling) account query access subscriber name + pAuditAccountQuerySubscriberExternalId: + default: Audit (Security Tooling) account query access subscriber external id + pStackSetAdminRole: + default: Stack Set Role + pStackExecutionRole: + default: Stack execution role + pOrganizationId: + default: Organization ID + pSecurityLakeWarning: + default: Security Lake Warning + pDisableSecurityLake: + default: Disable Security Lake log sources and organization configuration + pSecurityLakeOrgLambdaRoleName: + default: Lambda Role Name + +Parameters: + pSecurityLakeOrgLambdaRoleName: + AllowedPattern: '^[\w+=,.@-]{1,64}$' + ConstraintDescription: Max 64 alphanumeric characters. Also special characters supported [+, =, ., @, -] + Default: sra-security-lake-org-lambda + Description: Security Lake configuration Lambda role name + Type: String + pCreateResourceLink: + AllowedValues: ['true', 'false'] + Default: 'false' + Description: Indicates whether to create a resource link for shared resources in Audit (Security Tooling) account + Type: String + pCreateLakeFormationSlr: + AllowedValues: ['true', 'false'] + Default: 'true' + Description: Indicates whether a Lake Formation service-linked role named AWSServiceRoleForLakeFormationDataAccess should be created + Type: String + pSRASecurityLakeMetaStoreManagerRoleName: + AllowedValues: ['AmazonSecurityLakeMetaStoreManagerV2', 'AmazonSecurityLakeMetaStoreManager'] + Default: AmazonSecurityLakeMetaStoreManagerV2 + Description: IAM role used by Security Lake to create data lake or query data from Security Lake + Type: String + pSourceVersion: + AllowedValues: ['2.0'] + ConstraintDescription: Must be a valid version number. Currently supported version is 2.0 + Description: Chose the version of data source from which you want to ingest log and event sources + Default: '2.0' + Type: String + pCloudTrailManagementEvents: + AllowedPattern: ^($|ALL|(\d{12})(,\s*\d{12})*)$ + ConstraintDescription: Enter "ALL" or a comma-separated list of AWS account numbers without spaces, e.g., "123456789012,234567890123" to create log source. Leave empty to skip log source creation + Description: Accounts to ingest CloudTrail - Management events from. Choose ALL to enable for all accounts in your AWS Organization. To choose the accounts enter a comma separated list of the AWS Account numbers. Leave empty to skip log source creation. + Type: CommaDelimitedList + Default: ALL + pCloudTrailLambdaDataEvents: + AllowedPattern: ^($|ALL|(\d{12})(,\s*\d{12})*)$ + ConstraintDescription: Enter "ALL" or a comma-separated list of AWS account numbers without spaces, e.g., "123456789012,234567890123" to create log source. Leave empty to skip log source creation + Description: Accounts to ingest CloudTrail - Lambda Data events from. Choose ALL to enable for all accounts in your AWS Organization. To choose the accounts enter a comma separated list of the AWS Account numbers. Leave empty to skip log source creation. + Type: CommaDelimitedList + Default: ALL + pCloudTrailS3DataEvents: + AllowedPattern: ^($|ALL|(\d{12})(,\s*\d{12})*)$ + ConstraintDescription: Enter "ALL" or a comma-separated list of AWS account numbers without spaces, e.g., "123456789012,234567890123" to create log source. Leave empty to skip log source creation + Description: Accounts to ingest CloudTrail - S3 Data events from. Choose ALL to enable for all accounts in your AWS Organization. To choose the accounts enter a comma separated list of the AWS Account numbers. Leave empty to skip log source creation. + Type: CommaDelimitedList + Default: '' + pCustomerControlTowerRegions: + AllowedPattern: ^([\w.-]{1,900})$|^(\/[\w.-]{1,900})*[\w.-]{1,900}$ + ConstraintDescription: Must be alphanumeric or special characters [., _, -]. In addition, the slash character ( / ) used to delineate hierarchies in parameter names. + Default: /sra/regions/customer-control-tower-regions + Description: SSM Parameter for Customer regions + Type: AWS::SSM::Parameter::Value> + pSecurityHubFindings: + AllowedPattern: ^($|ALL|(\d{12})(,\s*\d{12})*)$ + ConstraintDescription: Enter "ALL" or a comma-separated list of AWS account numbers without spaces, e.g., "123456789012,234567890123" to create log source. Leave empty to skip log source creation + Description: Accounts to ingest SecurityHub Findings from. Choose ALL to enable for all accounts in your AWS Organization. To choose the accounts enter a comma separated list of the AWS Account numbers. Leave empty to skip log source creation. + Type: CommaDelimitedList + Default: ALL + pVpcFlowLogs: + AllowedPattern: ^($|ALL|(\d{12})(,\s*\d{12})*)$ + ConstraintDescription: Enter "ALL" or a comma-separated list of AWS account numbers without spaces, e.g., "123456789012,234567890123" to create log source. Leave empty to skip log source creation + Description: Accounts to ingest VPC Flow Logs from. Choose ALL to enable for all accounts in your AWS Organization. To choose the accounts enter a comma separated list of the AWS Account numbers. Leave empty to skip log source creation. + Type: CommaDelimitedList + Default: ALL + pWafLogs: + AllowedPattern: ^($|ALL|(\d{12})(,\s*\d{12})*)$ + ConstraintDescription: Enter "ALL" or a comma-separated list of AWS account numbers without spaces, e.g., "123456789012,234567890123" to create log source. Leave empty to skip log source creation + Description: Accounts to ingest WAFv2 Logs from. Choose ALL to enable for all accounts in your AWS Organization. To choose the accounts enter a comma separated list of the AWS Account numbers. Leave empty to skip log source creation. + Type: CommaDelimitedList + Default: '' + pRoute53Logs: + AllowedPattern: ^($|ALL|(\d{12})(,\s*\d{12})*)$ + ConstraintDescription: Enter "ALL" or a comma-separated list of AWS account numbers without spaces, e.g., "123456789012,234567890123" to create log source. Leave empty to skip log source creation + Description: Accounts to ingest Amazon Route 53 resolver query logs from. Choose ALL to enable for all accounts in your AWS Organization. To choose the accounts enter a comma separated list of the AWS Account numbers. Leave empty to skip log source creation. + Type: CommaDelimitedList + Default: ALL + pEksAuditLogs: + AllowedPattern: ^($|ALL|(\d{12})(,\s*\d{12})*)$ + ConstraintDescription: Enter "ALL" or a comma-separated list of AWS account numbers without spaces, e.g., "123456789012,234567890123" to create log source. Leave empty to skip log source creation + Description: Accounts to ingest Amazon EKS Audit Logs from. Choose ALL to enable for all accounts in your AWS Organization. To choose the accounts enter a comma separated list of the AWS Account numbers. Leave empty to skip log source creation. + Type: CommaDelimitedList + Default: ALL + pLogArchiveAccountId: + AllowedPattern: ^([\w.-]{1,900})$|^(\/[\w.-]{1,900})*[\w.-]{1,900}$ + ConstraintDescription: Must be alphanumeric or special characters [., _, -]. In addition, the slash character ( / ) used to delineate hierarchies in parameter names. + Default: /sra/control-tower/log-archive-account-id + Description: SSM Parameter for AWS Account ID of the Log Archive account. + Type: AWS::SSM::Parameter::Value + pOrgConfigurationSources: + AllowedValues: ['', ROUTE53, VPC_FLOW, SH_FINDINGS, CLOUD_TRAIL_MGMT, LAMBDA_EXECUTION, S3_DATA, EKS_AUDIT, WAF] + Default: ROUTE53,VPC_FLOW,SH_FINDINGS,CLOUD_TRAIL_MGMT,LAMBDA_EXECUTION,EKS_AUDIT + Description: (Optional) Comma separated list of AWS log sources to enable for new member accounts in your organization (ROUTE53,VPC_FLOW,SH_FINDINGS,CLOUD_TRAIL_MGMT,LAMBDA_EXECUTION,S3_DATA,EKS_AUDIT,WAF). If 'Create Organization Configuration' parameter is set to 'true', then this parameter becomes required. + Type: CommaDelimitedList + pCreateOrganizationConfiguration: + AllowedValues: ['true', 'false'] + Default: 'true' + Description: Select whether to automatically enable Amazon Security Lake for new member accounts in your organization + Type: String + pSecurityLakeOrgKeyAlias: + AllowedPattern: '^[a-zA-Z0-9/_-]+$' + ConstraintDescription: + The alias must be string of 1-256 characters. It can contain only alphanumeric characters, forward slashes (/), underscores (_), and dashes (-). + Default: sra-security-lake-org-key + Description: Security Lake KMS Key Alias + Type: String + pAuditAccountId: + AllowedPattern: ^([\w.-]{1,900})$|^(\/[\w.-]{1,900})*[\w.-]{1,900}$ + ConstraintDescription: Must be alphanumeric or special characters [., _, -]. In addition, the slash character ( / ) used to delineate hierarchies in parameter names. + Default: /sra/control-tower/audit-account-id + Description: SSM Parameter for AWS Account ID of the Control Tower account to delegate administration. + Type: AWS::SSM::Parameter::Value + pComplianceFrequency: + ConstraintDescription: Compliance Frequency must be a number between 1 and 30, inclusive. + Default: 7 + Description: Frequency (in days between 1 and 30, default is 7) to check organizational compliance by invoking the Lambda Function. + MinValue: 1 + MaxValue: 30 + Type: Number + pControlTowerLifeCycleRuleName: + AllowedPattern: ^[\w.-]{1,64}$ + ConstraintDescription: Max 64 alphanumeric and underscore characters. Also special characters supported [., -] + Default: sra-security-lake-org-trigger + Description: The name of the AWS Control Tower Life Cycle Rule. + Type: String + pControlTowerRegionsOnly: + AllowedValues: ['true', 'false'] + Default: 'true' + Description: Only enable in the customer governed regions specified in Control Tower or Common Prerequisites solution + Type: String + pCreateLambdaLogGroup: + AllowedValues: ['true', 'false'] + Default: 'false' + Description: Indicates whether a CloudWatch Log Group should be explicitly created for the Lambda function, to allow for setting a Log Retention and/or KMS Key for encryption. + Type: String + pEnabledRegions: + AllowedPattern: ^$|^([a-z0-9-]{1,64})$|^(([a-z0-9-]{1,64},)*[a-z0-9-]{1,64})$ + ConstraintDescription: Only lowercase letters, numbers, and hyphens ('-') allowed. (e.g. us-east-1) Additional AWS regions can be provided, separated by commas. (e.g. us-east-1,ap-southeast-2) + Default: '' + Description: (Optional) Enabled regions (AWS regions, separated by commas). Leave blank to enable all supported regions (recommended). + Type: String + pLambdaLogGroupKmsKey: + AllowedPattern: ^$|^arn:(aws[a-zA-Z-]*){1}:kms:[a-z0-9-]+:\d{12}:key\/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ + ConstraintDescription: 'Key ARN example: arn:aws:kms:::key/1234abcd-12ab-34cd-56ef-1234567890ab' + Default: '' + Description: (Optional) KMS Key ARN to use for encrypting the Lambda logs data. If empty, encryption is enabled with CloudWatch Logs managing the server-side encryption keys. + Type: String + pLambdaLogGroupRetention: + AllowedValues: [1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 3653] + Default: 14 + Description: Specifies the number of days you want to retain log events + Type: String + pLambdaLogLevel: + AllowedValues: [INFO, ERROR, DEBUG] + Default: INFO + Description: Lambda Function Logging Level + Type: String + pSRAAlarmEmail: + AllowedPattern: ^$|^([a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+)$ + ConstraintDescription: Must be a valid email address. + Default: '' + Description: (Optional) Email address for receiving SRA alarms + Type: String + pSRASolutionName: + AllowedValues: [sra-security-lake-org] + Default: sra-security-lake-org + Description: The SRA solution name. The default value is the folder name of the solution + Type: String + pSRAStagingS3BucketName: + AllowedPattern: ^([\w.-]{1,900})$|^(\/[\w.-]{1,900})*[\w.-]{1,900}$ + ConstraintDescription: Must be alphanumeric or special characters [., _, -]. In addition, the slash character ( / ) used to delineate hierarchies in parameter names. + Default: /sra/staging-s3-bucket-name + Description: SSM Parameter for SRA Staging S3 bucket name for the artifacts relevant to solution. (e.g., lambda zips, CloudFormation templates) S3 bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). + Type: AWS::SSM::Parameter::Value + pSRASolutionVersion: + AllowedValues: [v1.0] + Default: v1.0 + Description: The SRA solution version. Used to trigger updates on the nested StackSets. + Type: String + pRegisterAuditAccountDataSubscriber: + AllowedValues: ['true', 'false'] + Default: 'false' + Description: Identifies whether to registerAudit (Security Tooling) account as a Subscriber with Data Access + Type: String + pAuditAccountDataSubscriberPrefix: + AllowedValues: [sra-audit-account-data-subscriber] + Default: sra-audit-account-data-subscriber + Description: The name of the Audit (Security Tooling) account data access subscriber + Type: String + pAuditAccountDataSubscriberExternalId: + AllowedPattern: ^(?:[a-zA-Z0-9]{0,64})?$ + ConstraintDescription: All characters allowed except '&<>\%|' + Default: '' + Description: (Optional) External ID for Security Lake Audit (Security Tooling) data access subscriber. If 'Register Audit (Security Tooling) account as a Subscriber with Data Access' parameter is set to 'true', then this parameter becomes required. + Type: String + pAuditAccountQuerySubscriberPrefix: + AllowedValues: [sra-audit-account-query-subscriber] + Default: sra-audit-account-query-subscriber + Description: The name of the Audit (Security Tooling) account query access subscriber + Type: String + pAuditAccountQuerySubscriberExternalId: + AllowedPattern: ^(?:[a-zA-Z0-9]{0,64})?$ + ConstraintDescription: All characters allowed except '&<>\%|' + Default: '' + Description: (Optional) External ID for Security Lake Audit (Security Tooling) query access subscriber. If 'Register Audit (Security Tooling) account as a Subscriber with Query Access' parameter is set to 'true', then this parameter becomes required. + Type: String + pRegisterAuditAccountQuerySubscriber: + AllowedValues: ['true', 'false'] + Default: 'false' + Description: Identifies whether to register Audit (Security Tooling) account as a Subscriber with Query Access + Type: String + pStackSetAdminRole: + AllowedValues: [sra-stackset] + Default: sra-stackset + Description: The administration role name that is used in the stackset. + Type: String + pStackExecutionRole: + AllowedValues: [sra-execution] + Default: sra-execution + Description: The execution role name that is used in the stack. + Type: String + pOrganizationId: + AllowedPattern: ^([\w.-]{1,900})$|^(\/[\w.-]{1,900})*[\w.-]{1,900}$ + ConstraintDescription: Must be alphanumeric or special characters [., _, -]. In addition, the slash character ( / ) used to delineate hierarchies in parameter names. + Default: /sra/control-tower/organization-id + Description: SSM Parameter for AWS Organizations ID + Type: AWS::SSM::Parameter::Value + pSecurityLakeWarning: + AllowedValues: ['Accept', 'Reject'] + Default: Reject + Description: (Disclaimer) Resources created using this CloudFormation template may incur costs. The pricing for the individual AWS services and resources used in this template can be found on the respective service pricing pages. Please refer to https://aws.amazon.com/pricing/ + Type: String + pDisableSecurityLake: + AllowedValues: ['true', 'false'] + Default: 'false' + Description: Update to 'true' to disable Security Lake log sources and organization configuration before deleting the stack. + Type: String + pSecurityLakeConfigurationRoleName: + AllowedPattern: '^[\w+=,.@-]{1,64}$' + ConstraintDescription: Max 64 alphanumeric characters. Also special characters supported [+, =, ., @, -] + Default: sra-security-lake-org-configuration + Description: Security Lake Configuration IAM Role Name + Type: String + +Conditions: + cRegisterAuditAccountQuerySubscriber: !Equals + - !Ref pRegisterAuditAccountQuerySubscriber + - 'true' + cControlTowerRegions: !Equals + - !Ref pControlTowerRegionsOnly + - 'true' + cCreateLakeFormationSlr: !Equals + - !Ref pCreateLakeFormationSlr + - 'true' + +Rules: + VerifySecurityLakeDisclaimer: + RuleCondition: !Equals + - !Ref pSecurityLakeWarning + - Reject + Assertions: + - Assert: !Not + - !Equals + - !Ref pSecurityLakeWarning + - Reject + AssertDescription: Please Acknowledge Security Lake pricing disclaimer + ProvideDataAccessExternalId: + RuleCondition: !Equals + - !Ref pRegisterAuditAccountDataSubscriber + - 'true' + Assertions: + - Assert: !Not [!Equals [!Ref pAuditAccountDataSubscriberExternalId, '']] + AssertDescription: Please provide External ID for Security Lake Audit (Security Tooling) data access subscriber + ProvideQueryAccessExternalId: + RuleCondition: !Equals + - !Ref pRegisterAuditAccountQuerySubscriber + - 'true' + Assertions: + - Assert: !Not [!Equals [!Ref pAuditAccountQuerySubscriberExternalId, '']] + AssertDescription: Please provide External ID for Security Lake Audit (Security Tooling) query access subscriber + VerifyEnabledRegions: + RuleCondition: !Equals + - !Ref pControlTowerRegionsOnly + - 'false' + Assertions: + - Assert: !Not [!Equals [!Ref pEnabledRegions, '']] + AssertDescription: Please provide Enabled Regions + ProvideUniqueExternalIds: + RuleCondition: !And + - !Not [!Equals [!Ref pAuditAccountDataSubscriberExternalId, '']] + - !Not [!Equals [!Ref pAuditAccountQuerySubscriberExternalId, '']] + - !Equals [!Ref pAuditAccountDataSubscriberExternalId, !Ref pAuditAccountQuerySubscriberExternalId] + Assertions: + - Assert: !Not [!Equals [!Ref pAuditAccountDataSubscriberExternalId, !Ref pAuditAccountQuerySubscriberExternalId]] + AssertDescription: The external ID for Security Lake Audit (Security Tooling) data access and query access subscribers must be different from one another. + +Resources: + rSecurityLakeQuerySubscriberIAMRoleStackSet: + Type: AWS::CloudFormation::StackSet + Condition: cRegisterAuditAccountQuerySubscriber + DeletionPolicy: Delete + UpdateReplacePolicy: Delete + Properties: + StackSetName: sra-security-lake-query-subscriber-role + AdministrationRoleARN: !Sub arn:${AWS::Partition}:iam::${AWS::AccountId}:role/${pStackSetAdminRole} + CallAs: SELF + Capabilities: + - CAPABILITY_NAMED_IAM + Description: !Sub ${pSRASolutionVersion} - Deploys an IAM role via ${pSRASolutionName} for configuring Security Lake Subscriber account + ExecutionRoleName: !Ref pStackExecutionRole + ManagedExecution: + Active: true + OperationPreferences: + FailureTolerancePercentage: 0 + MaxConcurrentPercentage: 100 + RegionConcurrencyType: PARALLEL + PermissionModel: SELF_MANAGED + StackInstancesGroup: + - DeploymentTargets: + Accounts: + - !Ref pAuditAccountId + Regions: + - !Ref AWS::Region + TemplateURL: !Sub https://${pSRAStagingS3BucketName}.s3.${AWS::Region}.${AWS::URLSuffix}/${pSRASolutionName}/templates/sra-security-lake-query-subscriber-role.yaml + Parameters: + - ParameterKey: pManagementAccountId + ParameterValue: !Ref AWS::AccountId + - ParameterKey: pLogArchiveAccountId + ParameterValue: !Ref pLogArchiveAccountId + Tags: + - Key: sra-solution + Value: !Ref pSRASolutionName + + rSecurityLakeConfigurationIAMRoleStackSet: + Type: AWS::CloudFormation::StackSet + DeletionPolicy: Retain + UpdateReplacePolicy: Retain + Properties: + StackSetName: sra-security-lake-org-configuration-role + AdministrationRoleARN: !Sub arn:${AWS::Partition}:iam::${AWS::AccountId}:role/${pStackSetAdminRole} + CallAs: SELF + Capabilities: + - CAPABILITY_NAMED_IAM + Description: !Sub ${pSRASolutionVersion} - Deploys an IAM role via ${pSRASolutionName} for configuring SecurityLake + ExecutionRoleName: !Ref pStackExecutionRole + ManagedExecution: + Active: true + OperationPreferences: + FailureTolerancePercentage: 0 + MaxConcurrentPercentage: 100 + RegionConcurrencyType: PARALLEL + PermissionModel: SELF_MANAGED + StackInstancesGroup: + - DeploymentTargets: + Accounts: + - !Ref pLogArchiveAccountId + Regions: + - !Ref AWS::Region + TemplateURL: !Sub https://${pSRAStagingS3BucketName}.s3.${AWS::Region}.${AWS::URLSuffix}/${pSRASolutionName}/templates/sra-security-lake-org-configuration-role.yaml + Parameters: + - ParameterKey: pManagementAccountId + ParameterValue: !Ref AWS::AccountId + - ParameterKey: pAuditAccountQuerySubscriberExternalId + ParameterValue: !Ref pAuditAccountQuerySubscriberExternalId + - ParameterKey: pSecurityLakeOrgLambdaRoleName + ParameterValue: !Ref pSecurityLakeOrgLambdaRoleName + - ParameterKey: pSecurityLakeConfigurationRoleName + ParameterValue: !Ref pSecurityLakeConfigurationRoleName + Tags: + - Key: sra-solution + Value: !Ref pSRASolutionName + + rSecurityLakeConfigurationStack: + Type: AWS::CloudFormation::Stack + DeletionPolicy: Delete + UpdateReplacePolicy: Delete + Properties: + TemplateURL: !Sub https://${pSRAStagingS3BucketName}.s3.${AWS::Region}.${AWS::URLSuffix}/${pSRASolutionName}/templates/sra-security-lake-org-configuration.yaml + Parameters: + pComplianceFrequency: !Ref pComplianceFrequency + pControlTowerLifeCycleRuleName: !Ref pControlTowerLifeCycleRuleName + pControlTowerRegionsOnly: !Ref pControlTowerRegionsOnly + pCreateLambdaLogGroup: !Ref pCreateLambdaLogGroup + pDelegatedAdminAccountId: !Ref pLogArchiveAccountId + pEnabledRegions: !Ref pEnabledRegions + pLambdaLogGroupKmsKey: !Ref pLambdaLogGroupKmsKey + pLambdaLogGroupRetention: !Ref pLambdaLogGroupRetention + pLambdaLogLevel: !Ref pLambdaLogLevel + pSRAAlarmEmail: !Ref pSRAAlarmEmail + pSRAStagingS3BucketName: !Ref pSRAStagingS3BucketName + pCreateOrganizationConfiguration: !Ref pCreateOrganizationConfiguration + pOrgConfigurationSources: !Join + - ',' + - !Ref pOrgConfigurationSources + pCloudTrailManagementEvents: !Join + - ',' + - !Ref pCloudTrailManagementEvents + pCloudTrailLambdaDataEvents: !Join + - ',' + - !Ref pCloudTrailLambdaDataEvents + pCloudTrailS3DataEvents: !Join + - ',' + - !Ref pCloudTrailS3DataEvents + pSecurityHubFindings: !Join + - ',' + - !Ref pSecurityHubFindings + pVpcFlowLogs: !Join + - ',' + - !Ref pVpcFlowLogs + pWafLogs: !Join + - ',' + - !Ref pWafLogs + pRoute53Logs: !Join + - ',' + - !Ref pRoute53Logs + pEksAuditLogs: !Join + - ',' + - !Ref pEksAuditLogs + pSourceVersion: !Ref pSourceVersion + pRegisterAuditAccountDataSubscriber: !Ref pRegisterAuditAccountDataSubscriber + pAuditAccountDataSubscriberPrefix: !Ref pAuditAccountDataSubscriberPrefix + pAuditAccountDataSubscriberExternalId: !Ref pAuditAccountDataSubscriberExternalId + pRegisterAuditAccountQuerySubscriber: !Ref pRegisterAuditAccountQuerySubscriber + pAuditAccountQuerySubscriberPrefix: !Ref pAuditAccountQuerySubscriberPrefix + pAuditAccountQuerySubscriberExternalId: !Ref pAuditAccountQuerySubscriberExternalId + pDisableSecurityLake: !Ref pDisableSecurityLake + pOrganizationId: !Ref pOrganizationId + pCreateResourceLink: !Ref pCreateResourceLink + pSecurityLakeOrgKeyAlias: !Ref pSecurityLakeOrgKeyAlias + Tags: + - Key: sra-solution + Value: !Ref pSRASolutionName + + rSecurityLakeKMSKeyStackSet: + Type: AWS::CloudFormation::StackSet + DependsOn: rSecurityLakeConfigurationIAMRoleStackSet + DeletionPolicy: Retain + UpdateReplacePolicy: Retain + Properties: + StackSetName: sra-security-lake-org-kms-key + AdministrationRoleARN: !Sub arn:${AWS::Partition}:iam::${AWS::AccountId}:role/${pStackSetAdminRole} + CallAs: SELF + Description: !Sub ${pSRASolutionVersion} - Deploys a KMS Key via ${pSRASolutionName} for encrypting Security Lake + ExecutionRoleName: !Ref pStackExecutionRole + ManagedExecution: + Active: true + OperationPreferences: + FailureTolerancePercentage: 0 + MaxConcurrentPercentage: 100 + RegionConcurrencyType: PARALLEL + PermissionModel: SELF_MANAGED + StackInstancesGroup: + - DeploymentTargets: + Accounts: + - !Ref pLogArchiveAccountId + Regions: !If + - cControlTowerRegions + - !Ref pCustomerControlTowerRegions + - !Split + - ',' + - !Ref pEnabledRegions + TemplateURL: !Sub https://${pSRAStagingS3BucketName}.s3.${AWS::Region}.${AWS::URLSuffix}/${pSRASolutionName}/templates/sra-security-lake-org-kms-key.yaml + Parameters: + - ParameterKey: pSecurityLakeOrgKeyAlias + ParameterValue: !Ref pSecurityLakeOrgKeyAlias + - ParameterKey: pManagementAccountId + ParameterValue: !Ref AWS::AccountId + - ParameterKey: pSRASolutionName + ParameterValue: !Ref pSRASolutionName + - ParameterKey: pRegisterAuditAccountQuerySubscriber + ParameterValue: !Ref pRegisterAuditAccountQuerySubscriber + - ParameterKey: pAuditAccountId + ParameterValue: !Ref pAuditAccountId + Tags: + - Key: sra-solution + Value: !Ref pSRASolutionName + + rSecurityLakeMetaStoreManagerIAMRoleStackSet: + Type: AWS::CloudFormation::StackSet + DeletionPolicy: Delete + UpdateReplacePolicy: Delete + Properties: + StackSetName: sra-security-lake-meta-store-manager-role + AdministrationRoleARN: !Sub arn:${AWS::Partition}:iam::${AWS::AccountId}:role/${pStackSetAdminRole} + CallAs: SELF + Capabilities: + - CAPABILITY_NAMED_IAM + Description: !Sub ${pSRASolutionVersion} - Deploys an IAM role via ${pSRASolutionName} for configuring Security Lake + ExecutionRoleName: !Ref pStackExecutionRole + ManagedExecution: + Active: true + OperationPreferences: + FailureTolerancePercentage: 0 + MaxConcurrentPercentage: 100 + RegionConcurrencyType: PARALLEL + PermissionModel: SELF_MANAGED + StackInstancesGroup: + - DeploymentTargets: + Accounts: + - !Ref pLogArchiveAccountId + Regions: + - !Ref AWS::Region + TemplateURL: !Sub https://${pSRAStagingS3BucketName}.s3.${AWS::Region}.${AWS::URLSuffix}/${pSRASolutionName}/templates/sra-security-lake-meta-store-manager-role.yaml + Parameters: + - ParameterKey: pSRASolutionName + ParameterValue: !Ref pSRASolutionName + - ParameterKey: pSRASecurityLakeMetaStoreManagerRoleName + ParameterValue: !Ref pSRASecurityLakeMetaStoreManagerRoleName + Tags: + - Key: sra-solution + Value: !Ref pSRASolutionName + + rSecurityLakeLakeFormationSlrStackSet: + Type: AWS::CloudFormation::StackSet + DeletionPolicy: Retain + UpdateReplacePolicy: Retain + Condition: cCreateLakeFormationSlr + Properties: + StackSetName: sra-security-lake-lakeformation-slr + AdministrationRoleARN: !Sub arn:${AWS::Partition}:iam::${AWS::AccountId}:role/${pStackSetAdminRole} + CallAs: SELF + Capabilities: + - CAPABILITY_NAMED_IAM + Description: !Sub ${pSRASolutionVersion} - Deploys AWS Lake Formation service-linked role via ${pSRASolutionName} + ExecutionRoleName: !Ref pStackExecutionRole + ManagedExecution: + Active: true + OperationPreferences: + FailureTolerancePercentage: 0 + MaxConcurrentPercentage: 100 + RegionConcurrencyType: PARALLEL + PermissionModel: SELF_MANAGED + StackInstancesGroup: + - DeploymentTargets: + Accounts: + - !Ref pLogArchiveAccountId + Regions: + - !Ref AWS::Region + TemplateURL: !Sub https://${pSRAStagingS3BucketName}.s3.${AWS::Region}.${AWS::URLSuffix}/${pSRASolutionName}/templates/sra-security-lake-lakeformation-slr.yaml + Tags: + - Key: sra-solution + Value: !Ref pSRASolutionName \ No newline at end of file diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-query-subscriber-role.yaml b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-query-subscriber-role.yaml new file mode 100644 index 00000000..e6ee17f0 --- /dev/null +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-query-subscriber-role.yaml @@ -0,0 +1,168 @@ +######################################################################## +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: MIT-0 +######################################################################## +AWSTemplateFormatVersion: 2010-09-09 +Description: + This template creates an IAM role to configure the delegated administrator account - - 'security_lake_org' solution in the repo, + https://github.com/aws-samples/aws-security-reference-architecture-examples (sra-1u3sd7f8p) + +Metadata: + SRA: + Version: 1.0 + Order: 2 + AWS::CloudFormation::Interface: + ParameterGroups: + - Label: + default: General Properties + Parameters: + - pSRASolutionName + + - Label: + default: Role Properties + Parameters: + - pSecurityLakeSubscriberRoleName + - pSecurityLakeOrgLambdaRoleName + - pManagementAccountId + - pLogArchiveAccountId + + ParameterLabels: + pManagementAccountId: + default: Organization Management Account ID + pSecurityLakeOrgLambdaRoleName: + default: Lambda Role Name + pSecurityLakeSubscriberRoleName: + default: Security Lake Query Subscriber Role Name + pSRASolutionName: + default: SRA Solution Name + pLogArchiveAccountId: + default: Log Archive Account ID + +Parameters: + pManagementAccountId: + AllowedPattern: '^\d{12}$' + ConstraintDescription: Must be 12 digits + Description: Organization Management Account ID + Type: String + pSecurityLakeOrgLambdaRoleName: + AllowedPattern: '^[\w+=,.@-]{1,64}$' + ConstraintDescription: Max 64 alphanumeric characters. Also special characters supported [+, =, ., @, -] + Default: sra-security-lake-org-lambda + Description: Lambda Role Name + Type: String + pSecurityLakeSubscriberRoleName: + AllowedPattern: '^[\w+=,.@-]{1,64}$' + ConstraintDescription: Max 64 alphanumeric characters. Also special characters supported [+, =, ., @, -] + Default: sra-security-lake-query-subscriber + Description: Security Lake Configuration IAM Role Name + Type: String + pSRASolutionName: + AllowedValues: [sra-security-lake-org] + Default: sra-security-lake-org + Description: The SRA solution name. The default value is the folder name of the solution + Type: String + pLogArchiveAccountId: + AllowedPattern: '^\d{12}$' + ConstraintDescription: Must be 12 digits + Description: Log Archive Account ID + Type: String + +Resources: + rQuerySubscriberRole: + Type: AWS::IAM::Role + Metadata: + cfn_nag: + rules_to_suppress: + - id: W11 + reason: Actions require * in resource + - id: W28 + reason: Explicit role name provided + Properties: + RoleName: !Ref pSecurityLakeSubscriberRoleName + AssumeRolePolicyDocument: + Version: 2012-10-17 + Statement: + - Effect: Allow + Action: sts:AssumeRole + Condition: + StringEquals: + aws:PrincipalArn: + - !Sub arn:${AWS::Partition}:iam::${pManagementAccountId}:role/${pSecurityLakeOrgLambdaRoleName} + Principal: + AWS: + - !Sub arn:${AWS::Partition}:iam::${pManagementAccountId}:root + Path: '/' + Policies: + + - PolicyName: sra-security-lake-org-subscriber-policy-ram + PolicyDocument: + Version: 2012-10-17 + Statement: + - Sid: AllowRamReadActions + Effect: Allow + Action: + - ram:ListResources + - ram:GetResourceShareInvitations + Resource: '*' + + - Sid: AllowAcceptResourceShareInvitation + Effect: Allow + Action: + - ram:AcceptResourceShareInvitation + Resource: !Sub arn:${AWS::Partition}:ram:*:${pLogArchiveAccountId}:resource-share-invitation/* + Condition: + StringEquals: + ram:ShareOwnerAccountId: !Sub ${pLogArchiveAccountId} + + - PolicyName: sra-security-lake-org-subscriber-policy-glue + PolicyDocument: + Version: 2012-10-17 + Statement: + - Sid: AllowGlueDatabaseActions + Effect: Allow + Action: + - glue:CreateDatabase + - glue:GetDatabase + - glue:GetDatabases + Resource: + - !Sub arn:${AWS::Partition}:glue:*:${AWS::AccountId}:catalog + - !Sub arn:${AWS::Partition}:glue:*:${AWS::AccountId}:database/amazon_security_lake_glue_db_*_subscriber + - Sid: AllowGlueTableActions + Effect: Allow + Action: + - glue:CreateTable + - glue:GetPartitions + - glue:GetTable + Resource: + - !Sub arn:${AWS::Partition}:glue:*:${AWS::AccountId}:catalog + - !Sub arn:${AWS::Partition}:glue:*:${AWS::AccountId}:table/amazon_security_lake_glue_db_*_subscriber/rl_amazon_security_lake_table_*_cloud_trail_mgmt_2_0 + - !Sub arn:${AWS::Partition}:glue:*:${AWS::AccountId}:database/amazon_security_lake_glue_db_*_subscriber + - !Sub arn:${AWS::Partition}:glue:*:${AWS::AccountId}:table/amazon_security_lake_glue_db_*_subscriber/rl_amazon_security_lake_table_*_sh_findings_2_0 + - !Sub arn:${AWS::Partition}:glue:*:${AWS::AccountId}:table/amazon_security_lake_glue_db_*_subscriber/rl_amazon_security_lake_table_*_lambda_execution_2_0 + - !Sub arn:${AWS::Partition}:glue:*:${AWS::AccountId}:table/amazon_security_lake_glue_db_*_subscriber/rl_amazon_security_lake_table_*_s3_data_2_0 + - !Sub arn:${AWS::Partition}:glue:*:${AWS::AccountId}:table/amazon_security_lake_glue_db_*_subscriber/rl_amazon_security_lake_table_*_route53_2_0 + - !Sub arn:${AWS::Partition}:glue:*:${AWS::AccountId}:table/amazon_security_lake_glue_db_*_subscriber/rl_amazon_security_lake_table_*_vpc_flow_2_0 + - !Sub arn:${AWS::Partition}:glue:*:${AWS::AccountId}:table/amazon_security_lake_glue_db_*_subscriber/rl_amazon_security_lake_table_*_eks_audit_2_0 + - !Sub arn:${AWS::Partition}:glue:*:${AWS::AccountId}:table/amazon_security_lake_glue_db_*_subscriber/rl_amazon_security_lake_table_*_waf_2_0 + + - PolicyName: sra-security-lake-org-policy-iam + PolicyDocument: + Version: 2012-10-17 + Statement: + - Sid: AllowReadIamActions + Effect: Allow + Action: iam:GetRole + Resource: !Sub arn:${AWS::Partition}:iam::${AWS::AccountId}:role/* + + - PolicyName: sra-security-lake-org-policy-lakeformation + PolicyDocument: + Version: 2012-10-17 + Statement: + - Sid: AllowGrantPermissions + Effect: Allow + Action: lakeformation:GrantPermissions + Resource: "*" + + Tags: + - Key: sra-solution + Value: !Ref pSRASolutionName