From 87d30868bc435d50803e3714cf2bf19b7749014f Mon Sep 17 00:00:00 2001 From: ievgeniia ieromenko Date: Tue, 3 Sep 2024 09:35:35 -0400 Subject: [PATCH 01/15] adding security lake solution --- .../security_lake/security_lake_org/README.md | 91 ++ .../README.md | 7 + .../documentation/sra-security-lake-org.png | Bin 0 -> 173918 bytes .../security_lake_org/lambda/src/app.py | 668 +++++++++++ .../security_lake_org/lambda/src/common.py | 170 +++ .../lambda/src/requirements.txt | 2 + .../lambda/src/security_lake.py | 1017 +++++++++++++++++ .../lambda/src/sra_ssm_params.py | 64 ++ .../security_lake_org/layer/boto3/package.txt | 1 + .../sra-security-lake-lakeformation-slr.yaml | 19 + ...security-lake-meta-store-manager-role.yaml | 76 ++ ...-security-lake-org-configuration-role.yaml | 188 +++ .../sra-security-lake-org-configuration.yaml | 811 +++++++++++++ .../sra-security-lake-org-kms-key.yaml | 138 +++ .../sra-security-lake-org-main-ssm.yaml | 711 ++++++++++++ ...a-security-lake-query-subscriber-role.yaml | 169 +++ 16 files changed, 4132 insertions(+) create mode 100644 aws_sra_examples/solutions/security_lake/security_lake_org/README.md create mode 100644 aws_sra_examples/solutions/security_lake/security_lake_org/customizations_for_aws_control_tower/README.md create mode 100644 aws_sra_examples/solutions/security_lake/security_lake_org/documentation/sra-security-lake-org.png create mode 100644 aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/app.py create mode 100644 aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/common.py create mode 100644 aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/requirements.txt create mode 100644 aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/security_lake.py create mode 100644 aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/sra_ssm_params.py create mode 100644 aws_sra_examples/solutions/security_lake/security_lake_org/layer/boto3/package.txt create mode 100644 aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-lakeformation-slr.yaml create mode 100644 aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-meta-store-manager-role.yaml create mode 100644 aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-configuration-role.yaml create mode 100644 aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-configuration.yaml create mode 100644 aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-kms-key.yaml create mode 100644 aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-main-ssm.yaml create mode 100644 aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-query-subscriber-role.yaml diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/README.md b/aws_sra_examples/solutions/security_lake/security_lake_org/README.md new file mode 100644 index 00000000..ad73c225 --- /dev/null +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/README.md @@ -0,0 +1,91 @@ +# Security Lake Organization + +Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. SPDX-License-Identifier: CC-BY-SA-4.0 + +## Table of Contents + +- [Table of Contents](#table-of-contents) +- [Introduction](#introduction) +- [Deployed Resource Details](#deployed-resource-details) +- [Implementation Instructions](#implementation-instructions) +- [References](#references) + +--- + +## Introduction + +AWS SRA Security Lake solution will automate enabling Amazon Security Lake by delegating administration to a Log Archive account and configuring Amazon Security Lake for all existing and future AWS Organization accounts. + +**Key solution features:** + +- Delegates Amazon Security Lake administration to Log Archive account is Security OU. +- Assumes a role in the delegated administrator account to create required IAM roles and data lakes. +- Adds all existing accounts including the management account as members. +- Configures log sources + +--- + +## Deployed Resource Details + +![Architecture](./documentation/sra-security-lake-org.png) + +### 1.0 Organization Management Account + + +--- + +## Implementation Instructions + +### Prerequisites + +1. [Download and Stage the SRA Solutions](../../../docs/DOWNLOAD-AND-STAGE-SOLUTIONS.md). **Note:** This only needs to be done once for all the solutions. +2. Verify that the [SRA Prerequisites Solution](../../common/common_prerequisites/) has been deployed. + +### Solution Deployment + +Choose a Deployment Method: + +- [AWS CloudFormation](#aws-cloudformation) +- [Customizations for AWS Control Tower](../../../docs/CFCT-DEPLOYMENT-INSTRUCTIONS.md) + +#### AWS CloudFormation + +In the `management account (home region)`, launch the [sra-security-lake-org-main-ssm.yaml](templates/sra-security-lake-org-main-ssm.yaml) template. This uses an approach where some of the CloudFormation parameters are populated from SSM parameters created by the [SRA Prerequisites Solution](../../common/common_prerequisites/). + + ```bash + aws cloudformation deploy --template-file $HOME/aws-sra-examples/aws_sra_examples/solutions/security-lake/security-lake/templates/sra-security-lake-org-main-ssm.yaml --stack-name sra-security-lake-org-main-ssm --capabilities CAPABILITY_NAMED_IAM --parameter-overrides pGuarddutyEnabledForMoreThan48Hours= + ``` + +##### Important + +Pay close attention to the `--parameter-overrides` argument. For launching of the AWS Cloudformation stack using one of the commands in the options above to be successful, Amazon GuardDuty must have been enabled for at least 48 hours, **and** the `pGuarddutyEnabledForMoreThan48Hours` parameter in the `--parameter-overrides` argument must be set to `true`. If it is set to `false` the stack launch will fail and provide an error. + +#### Verify Solution Deployment + + +#### Solution Update Instructions + +1. [Download and Stage the SRA Solutions](../../../docs/DOWNLOAD-AND-STAGE-SOLUTIONS.md). **Note:** Get the latest code and run the staging script. +2. Update the existing CloudFormation Stack or CFCT configuration. **Note:** Make sure to update the `SRA Solution Version` parameter and any new added parameters. + +#### Solution Delete Instructions + +1. In the `management account (home region)`, delete the AWS CloudFormation **Stack** (`sra-security-lake-org-main-ssm`). +2. In the `management account (home region)`, verify that the Lambda function processing is complete by confirming no more CloudWatch logs are generated. +3. In the `management account (home region)`, delete the AWS CloudWatch **Log Group** (e.g. /aws/lambda/) for the Lambda function deployed. + +#### Instructions to Manually Run the Lambda Function + +1. In the `management account (home region)`, navigate to the AWS Lambda Functions page. +2. Select the `checkbox` next to the Lambda Function and select `Test` from the `Actions` menu. +3. Scroll down to view the `Test event`. +4. Click the `Test` button to trigger the Lambda Function with the default values. +5. Verify that the updates were successful within the expected account(s). + +--- + +## References + +- [Managing AWS SDKs in Lambda Functions](https://docs.aws.amazon.com/lambda/latest/operatorguide/sdks-functions.html) +- [Lambda runtimes](https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html) +- [Python Boto3 SDK changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst) diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/customizations_for_aws_control_tower/README.md b/aws_sra_examples/solutions/security_lake/security_lake_org/customizations_for_aws_control_tower/README.md new file mode 100644 index 00000000..b8c25d5f --- /dev/null +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/customizations_for_aws_control_tower/README.md @@ -0,0 +1,7 @@ +# Customizations for AWS Control Tower + +Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. SPDX-License-Identifier: CC-BY-SA-4.0 + +--- + +[Customizations for AWS Control Tower Deployment Instructions](../../../../docs/CFCT-DEPLOYMENT-INSTRUCTIONS.md) diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/documentation/sra-security-lake-org.png b/aws_sra_examples/solutions/security_lake/security_lake_org/documentation/sra-security-lake-org.png new file mode 100644 index 0000000000000000000000000000000000000000..403bce5335934452e5947f7a011838ec9202aa3f GIT binary patch literal 173918 zcmZsC1yo$ivNp~D!8N$MyA1B`?hq`vyASS8a0wy7A-FriAq01Km%;ftSKhn-J#W_9 zYqwQZS9MqIZ`baLQc;pdM#M*ifPg@jm61?`fPlt;fPh>Ez`eH^w^!srKp+;`h>NSp zii?w~xHwwc*jYe8$V8>3!>g$4;trkr9+HuX9H@yo{?><}D~wpn{tluPp(TR}iC)k( z2yP%HhdPR8*6h)wtBa1L#gV8rHBOWiHN-_K3TZ{f>pcsw@8ocG4RCcid&_g(U;P3N z@ueRFpk_)3@%vu47mY<*Ps8m4G7lmv1k%@FvMI}24%pZNQsJP5_O~|wW~73Tfumkh z$Hs4O)zssgmUWOpA!zaYpXz4NgrX{}?1EX5AT+2j=Jmc%Wo{~gEW%`h0qc32{d~l^ zoA-QqdE*F3&d?BXZecXFI=vDQGW0Sz>ElWgZZh&{+}o~RejuwOcR6|aeNsOdQ-4b7 zpo>@`!B-aksKA+6T-!RGD6_m{i@A%lb_G#-+uJv9qPOMWYLeGh2jnrSls71%?UXK7 zV71@=17iuOfE+7gEAGJb6p6LX>#+&9m@if+qpRBOJY3z5d6-^#3bjf&9CmpvUx*8@ z85K~`^V3M(%*Qz7o1Lm?sSF5}x7Y_B`D9I#u5-p?0Gaz^sVeJXggnj$w20{Qle@kx z%sIz&XM#-EEH77?TOGQxrfXYkx=6RK53#W0W3;0-6*4Yd$LX%g$j523rFsmr0*T!N&9P66tq!pE^#C`YBKt00wjCPB7ix4NNKFwLrwgh<^ha&xR z`s0E70l6DrE6!@jnbf)%YT?kdG25qD#6f_0f~i>%YgA@hrk?`cH~g8{mY|l9)EYS!PWdNlUpd4WtAp+qPbPPi8#Zt}s zF6~Acj-C=l5M|LXwFSFHu_b_jfS`yV5M_dp*AExP9%YV^K^aadl=Mj^oRUY4QC4C} zs*KD%`7C8EY50?29TH!7j^vtD6-7RcFj-*gSGg=1b}GK)V=4wpeM(2U&TnY6{8(@n zd{hx?a(tpKO5RkGiNDiaQp{v4Q_2$gsklhF$Q0AKGf+~MQkavgGCCOr=|fYd(=HP? zf9(ttCiAgyC`hU{e0R{`cIUWdy@hg@z+ot-8BJA8XG#^MU#1aYrlGK+!X;~xs}ehl zT`2&{8ENOy<eUL93d=@JiH^ZC#A=C#jaH2I#1dwhP6ei_ zrFzge&K41mlxSOsX)4aj zYZkO>-?kqyaCvj#HhgNpXh3OTb1!R6;aBdEc&T_q$|8&tl`lz~ZnfFQr^jEzCyxuo z_s3Vy^2yrF%I3`GB(X(rIM74TqtY|f+g>_adR=N+LS9031Ms`$QsxTs3-YJ5`m`ps z>bvQ?OW$JMX8Q2?Ap0cT3_nghetgt?Y(lPqa|^`^^@rp6U@C6gN7;wicPv$t6o)=( zov-?4HfGi~@I0Uy10O3p_+i^_8*ZBn(;HJbMUlFax>~V8(OkhZ>n<~Z>nFE7mw?^f zl)>Q2kY9>-+k-xmI8viz*nqu!T}kP#&nWjOkCv2{LHUaoxZ=m$>zsZ?TSeEx!VW7Vcj`HuTe_ipI)&56}R#`(J^o?%fFsBPyW z*;HClI(=JoNR%c^J!d9CDRcsVf^naIzm!>znK0vX#{LIrDfVr^c0>7>@~MVJ_uu1d z_Lcgj0wb%V9o-$1;)4_`#VgxUrQfWItU~vjGaBactCbvMo2tP|=aAp%Q^qUID% zCdJ0YUBrFFeiSl@9g7QtTEgv7eetSDm=VvT3ncob{zxiFwMyeiqey*`s*G#JuOu9g zafs;|km%PKQeeE*Y4tsnsc^RoI9avu8P#HHYd7%rKDy#ypk>fuQ0h0`BHupR{-zsT zK|dz}kAlm-b{5GY>rzdn~&N2u>n3X3aFsuN5#iIAExl0I_FS zG+GRki>p@47~kYt(=OAskw0yZM5fVb$yRSw9~s&=`y3zb^X2ggSBh4fRv(Vc{#wlx zs86rG+u*l0d~U6})jPhPOR&3GQfW(SX0zCCP_)dB=IK}`Y-tfx=5iEYyYMtx=h~6q zL%N1<aTlbpFVk- zcwTs}tRA-iY}9GxE%oxsc&kds(32G%ep+SlFlK)D#+ry`>3XZ0vFZx@>bo@}-_p^P zk#mh^El$lc4Ts8{m7zsX*RIjmLFh7gL{z`mB=B}es1dw=nOnIWswt`kiH`^GmeZv2 zP5x0?S~*gA*PjbpI9u`0ZO3-UM@O1RO+4MmMd7s+wbBlR?!rrR)+=5$vYkIJ@OY{D z@3!`v^UsOFf@|&}0Y#TzCx%BXKf8(|{i$oUXy^LjUc=N{`Ib8Qqsk-VZqHaD;0Ir& zbL&>@%9m53{`mHIM=RF}B{xKV<6L!!BQwkPI$qh`11>#YZ3smVq8 z_zWfE#xB1j#22|^&Fpffj=7HU`HE^T@ZwE_K~u+?N8g#0?_2U~eD(y-Ca8i+wDCqtEs}l;E4|0FEWr4NM+o(gR^ZaCl`C@w z6*K(V?tj0|f{%+GZPq&xbj0RPXoJLXauOlBm+>KfO+%(u%wY8{X`IUHgrbUuIDGQLgtonzX-1dpd>fe z7gnBMGg{vcdt%G5?@Qk>UD{x()siMYzk^mS3msWYMMVhu_c8ziGQtJ|=Dh^@e&N4g z@Ax)390LCR{tj~?BnqJZ-3yIT0R8VWNV+8+u`LAXc za?*bcakCX9*HKg<6?b&8AmwIeWo9K8LL?<61-g8)1yF3?r8rm(oN`pSLR>D z|JnI3LLkdun*WC-{%Piaw7%O}2ocEgKWiq07>qOd1p-0@LRLal!wd2x7v98BI_)*V z=iDLLH%8t7W2kl}S1Ec1>8r@=Arh#Dk*nqg%_O5v*F=}pl#DVlQA+l_18h0ud~Vnw zfA{v3Tgo6joXj+we5^p;1$Ou%aJ}lQENq3rU9M{l85|@cLQ0B;1^~doKtcVZT0j7x zbhUGJ{rSqRd;M+CA!jL6+|XjtPSo=d(ql9AzX`gTB}mE0dXiI8UM9OZ(py`7+Q6L= zm5q&6juF)R(yp$>n(384$FsR_PaDL}{||xHWQkc>pCgEUzAI*PkE^MvjR|77-`;x6 zkT^Eg)m<62sYnx1QBvy-cfa0+I{Hu7v2*bAQ`#Z@?~MPgfQLAYR+WJbOXq!&;um&{ z81m__Q{NsR;mWIioX(KZP*G)3Q7&C<_EnM!S1VUz^S{IWe=GfO7CxxK5`3^m0S~)# zoUpQYg|PoU;4dSck)dHloo!;rqx_u#NJNFQ*Zlu8=s$V85kM+8uC3{o-F!kAv6qpP ztCM&sh%V>;VQ@md{Pj6n(UdOwR21(H{=X&O(ZjTUm!Z^CH4Pr;wJt+GSXV}rEaKwi zT#`n@S=2xGGih-5H{kZD4go4q|Nl!#N?Nl|QDZ0x#nK=2DtQ;>s`PVy-Dh%dLZ6hX zNOV`9!+t3^#ct`3>|N>ddF{~=K3L_XDzOGYjAUh3?S9*QdW-pg%*PU@v0UcU*V4t4 zl=u{k%c_p&BmKFlg#)U5wBd|u0}C2ro>3u>XGY(nMO?v~D2zH<>}(&?o|dvQdi{Fq zBy1d+B841Fb~cx)`Jdw<cfTDT+_=acEI3EG!x=$MN4j)gn)v&sXQG?tLCkrb^GwKJM~;WM##D zBw_y)IUT5-nw4k7kc0c58~m^JII#Uoi4$Sd91FRNfX&_c${#;k+<`l?8nUKdTZj9n zGuj4r+h78F0{KzF2q;uZZ%GT=xW&1Y)`#7e{k)%({%5Y-zIS#{cTHWV(fz1__u>SC zKJ|{$x(|CiT{h=kZ=I|D;MGo{fo#W48=h6S6n}8rdc(YN;A+6jvGEi8ngKr5cDeCO z85kECmI{jOZAkdFw&QNewyL0JVKCt7)JphqI)PC=FQeN3)YfCod;fuCNSev$V}OAtBuRLh><+ z;n1mP;C;-?W~0DqE_i?GVSlXA&70k439X-C_rdFGn8toE_9OGgHe2^LtNW3Lc+Yor zBdMPl9oiK-o6+6!EFC);zDGYwSA2uvHzx$n>k|T>w>_5an-))-)*WU_m7AoAz56HQ z2Bm}p@B2vFCyif@w5vcX&O=1Z2kSn^l~wI%BLfX82HXxS*4O)!o-DA4fVIS>CB5?R z-_fKLU;X>SkzaE=AA}s&fWoMf-*|vr(+ho8{~fDLw8^G^NRxkAiG+Ny`?Z1Ldoye$ zKtuv{2k*My78D!yx;wvCudd8Lhmy%Yz2@&&Rh>@cIB;HH+)M;mmd{{z4}M9>fBwn< zIVt?so*VFZ=&@iLvB=c4VitqT;(-cHrVQe$eLML%=@GWE;yQVIL8Uci`SJYu*^hwh zbE@Hcm=K!S*^&Wul7)eB#x}8V0;?U?%a|S+i@4E?YR!l2yw-ucnQ4w zncpBy;{S)9fnilXWPfx0^>lqjytg6nVboa9$S5yDzt9?l^WS@QfdK7biX!Q2d(g@X zVcV8^e$BqI&+J^~`of`sDuxR6y+pHvon4*qichIx9_w0F=Lxwtx|-n1j~NvH1<}Cs z_Um|GQflQqyT4-W%Vk1feO4Aefp9>(7T(qI{0CtrG+Me6Hc0OKM(U9J#s^ZPY%}#}J1UyPcsc!4BMQoO1cwJgT`rl8BRqxb$9l8kY_L~D+ zys~K;mZL=C(c**Na?kySh<#7ko;E^J4VX#OlE^&2j_u$Z#C2gB@Z@-W1K5Z3P$3Bcb^`CPVI`Atkj=&`F{J5>&*-rs!9QN%>PPGrUIHx-PwmZm(}!q-auGOPijy47mHMjmFt zOzop*Lm>$GZt}cpk%_(n(a>iNAj%HS1~zFs!e)+y9mp3e_X~%W&;1NtY0j1y@WqL6 z1V%Gogyv9H!k%bF{s9>nfE(K|d9AR74G6?&6PzGW(^t&7&rVewt z3}f-@k%}igd_bY4-%<73CRk_fjYE4z2!8yX(Ye#L?hiHuV;OiXT6nyN##S}7+fnD# zloCdU;b||zgN$dyG9VjqaubbW)+dm{G>;M7T+#i*WZ)SeJ}rtD&04^dy|xA~>cIAI zc^1vyM+mT#iePlO7$#N};N{}u{~r`;O34#RMZK@H+>cMklnrc-dHR#f5G1qe-e3eg z=1lXBRl+>QwBD5T+h@cWW=-ACjWw+24g8~4{YFo@9be7BN|aPoO9x35Cv(}a@^W%U z5v!Yq-Pu7kio&XO9Lq&$42_pWWF!et$mj5BX#l$DiA}u5%OTIZLSDBWvd!o3s1v2e z@o|rPDeEAbX_D*?cP9Om)xv34ytoJGE ztA)}~s8GkESR=(wb2c=?4669@v<{khI`jC(;s!AR*0{Yc!gLr-YtGde)wm7x5YEz` zkJw~w6ru#8IbGie0*_P-j|Kcq@%(t4)PX8UL2%Eo!79Y&u0+}1?titNQMN**<5k_e-KD6Os z+4S7p+0vPBgtk6fWA0EVjkdGQ^}qM-U)cEM z6;PiVxN0ZciRgB8CcMSk``?on5i!Z2m@1NS^C!&C=2_hPwzsgZWaP>W=_ny(02uhV;mT3$x34zv?*>ty%Yn*G&7>b+hA^RcPm;eRkZ2}KaF+PxGrm1T8x z&R(+UN7g2Ie7 zd`dii+DI-c1grI9FY7V4O6F@ko=Ir6K+|N<2cmzP)E@)VJIi*zs-`upTp;&#ZxC*(KBqndom75nQdD~7r{5WSTrc^i=bxym*%+ahI!@m^Q#-!EgU2*DD%HNRtG z7~MtkXr#cO>_A&$=L~E5cH<4m!E0ccekY}WY`cXpz)cppDyzBhF^_E>m*$_dDK`~~ zWLFNm*>$7(Xw>wx8(=IEz8^2&Km6~60$>8fzx%OmCY8^ui850Vrge^{!X9QHaPnEe1Qot|HMcP6<~+`x=uqhQ6Gly_&3U z7R_R=_jijprrHtj(NOYfCeFT|f7)W7G%+!A!)Tj|N7xRTfT7K8x?U8Pd#f&CvG?sU z+g|O;LrtnIu6gUL4za|qumgk6n|Wdm|u5*fT>X^{ z@PhFfra)h}nD10yt6o=4v0GJl)K}NcMdmfl(i}HlY)Dxqp$Z9u`uU?uH4yprOHRH; z>d$C1m*xDrzApE1>$G`^frl(S3vGhig$_Ec%=69=1~Q}7gW_Ag=@nTGjX+sl8?|3p zE!dph-bKO+L2E!17*733EYIRa6-#hNHocPU!l+P)TkXu?9eNF(=k zar7MS?vsRuT9pX$ROFl*g(n9#a!(ghPm`vlhc)ghezZY89<4ko#@1?c%l#l5TCw#) zRVfYL8QmM)!$YP5L*Xxtho$njQJB+{-sfGoYsbx5W=ROYE6D78Ts8NqL=z5upCX;ajbw zar1C`z_xPZ#*y*Tqp+}j_RSPnGW1uf@M~k`%S*8uEh(O%9XX)kT5IW1Ag^KX3ZJ3l zjZ5Em6thxJ7T4EC@WYnQ?U6J$xPriLdOz^EAK9!$SHfYI<@_hA(nFPI=dqRCb*;MeM`j$f z1!owHTnAKedJppPq&)WWiS3f-KR(FWq~_59^OlVdGCb%J#d;=d(h)vys~Fe^gp=3|`8O zwhdP@=r4O3nt*E-&jjg?HQu-{5|eYim3fs{rE3j*Kf7!h0;>#2m?oAx$x>2fg>)W% z`lbn#y$~t?yybkE0w{LvZF_E8aO|O7M1BXWxAMa98T_ zxSU_IE@U_B$Z~d*$t}PcG00`ncr+N;%sy>td|#_fF;z~CQ2%_hC6;}$sw_t$Q$rh! z51OtwB_Dlz{;FRcZsb*;*1YY zk(Y={tbT$FxtJX(PvJBD-eba$pTBK{kclh-?Wj02NN-DDUH9kJJKZ34TPuF=$VXn~ z%|PHNzs2tNT{u^XknmnkYRabh0Qt0xOUVRT7nN);1g}Gxqmvl)1ReCXKO0@uB4Yxk zxix)xV`>1OgGHHf?b@Zx$f%nwV2JaFGV4a3DeMk0?_Dp1Wghp}U(R+qhL&k86StS& zuy#kblaHoc4FNYK%qgHe3E!`ChS*OjjXVe5+gZbl_^y^^>+|30=xJhqAl7bo zl0$H6|Iz6iiNklS5{5=-4II~OcqQa8&QHO!45^5(eHb_+xmHY38}nxfyfOr%)#g8u z=!uwAONi9xVtZImOO!&MkrVAvbt8q_)C8Eq}# zh8RpZiTF$>350zd%prpQXqd^dy~jT#GuRmB$z{D#R#PIx&GYLTbMj4M^7DRmvXju{ zl`?P5saS36TM23hnUL;||0VEi0$pu#px|ot%y+h`*Ym(;69d0f8@4q{dCxxj>19Y* ze9zW|Q9&?24?gbGrBip;aLEdcVuW$bw@@lz-{h?8M!URUMml$W*XycX8hi6Bi&61N zGFN($c}oOd9)`sq&_vsQ--A=A^&6Zp^VMrV1C+tfz14xO7x79tIEDCeQcnFie?@jQ z?mqRK;f@XO&lNax__%(IAM;9&T?v~@4}@mm{El?GgzY@@Dz7&bFO1G~tMW+p&R=@+ zwQSasISvx`Tb~cXjGBJ9Yp`#dym|6_=j-l{UmQn7Omiv&K*sNJRB!2faO-*K%g3Bg;t%ZEvyMRm&?6$UI?H@(~T7-{3Z4#vm3f)1?RV|qGu?S9cce0i)gA2F5fJ^9k z^n2)Lm^4|C`%%Sme0N^8UIw8?r?}GBFSMH^L@J()ecIFHd>yB_yr;>^#Jl{10iKPO zkJW+wc#!>4y>~SPLKfI{LKQ6!=(uQnIFRi->l5`yJh*zR(hM)K#uVekV#^wOhcIT% z6QP?MwL!s!Fa^9fZ5y;S1=;k+cH8SlE|z~NE$7d-rI+}yT!X1rn*hw;r^fn^3R@Wqd+XUe0QkXu zs#MtnDvoF92@7*v_>h!=_tr%JwWCXC?GnDZPOmiDOb0LK?e>GY%>zFh?O?NPh*Vz1 z&oAoIdT}-3WS=H;_9wr2;=RAFpD+RH6G>vFraFD5YxQ)C9#BqY(}L=C>m$LHKAWHQ zt68-=X-p|q^q&?8v}iV2`(QhaU?guUo&8HHA95=y9hsfTK9KoLSt&X9Ao)a357>0A z&6}>bP1T{|AG;;1n*3Vy0wbmS|MCjurm)*R?ug(PD;_2B9fj9-dqtnH8;kLD$-dL<{0r(`eH)BBFp~%*j4Lknts~h67CYew2&n_d;}VFrFP|L zr8}Nu(YVKh+5@%HJ@=L}q&Em6bI`0ZW=yE`_!^Ue6?n!OXP?XJ+b^}|l{Rx%vfesg zSDJA9I`?`R#q_K^SYS4NhkVso#8{cE#=1q5;R=haHWHsowx@Sh^3xoS%s$+sc+9k4 zmS{z}-KogF`N^Arl0PA+YwufxztNa^(7kJ3ZytKP`5>8hK_EG5ILIlla;1+(FA!ms z>zoNE(5t&Tsvr(c_@)i_C}(_v=RQs)m(Lq?i}{*Xch}d&a}=;E`w%?er(U?+GNk0( zu8Mex-=ZoXUayGJxy(79;QS|Y^0w<9Z>aXJ54*P}b67su$MD*x=TK;VQ03Q)!OcMS z3m<1(z9$5+=5_E0k^F=BmyyIv$J^>NurrrT5@X;E(|!zX@Gq87A>XoVIxU|`A?tb| ze_+hVUwVUiTo$0&;mBVk;WG_y;7no6jo)u?L{_(3CA*XDG_Z{0X;F~cIR~zG2HJZ` z1bp!4`^3maj9wFLiD`bXoGkkZqBtcuunq@J%rz%A#V@N{LNJm=<1@9BuLmzv)E&>M zP?UEK&y}#1fwMl{f>Ih!rtAbeOUzS!0vpZHFV!ZG0gY#ep5~XJ)pjB@5k@(OVd^{d zGP)Q%7LyJ$XLFd6IriH+{NxJkj7%)RRG2_&sdGu|aUvHFd;99>oH0C zu+nvJX`MYtiiT4(D?C=@NAd5H-gs9HuB*NEQc#~inTpBcKhL`6;%PPkE-zU{zmt(R zJAOghROgFORsmWwI`D>zHbg$@a_hX%jF78d?)WO{v;^eA9QPP&!ZO{eS2}U5%mL;I zkMV}1LANDpu@%ohz&Vf~I?sSKWg99FN5Jy;ldG7Ldn%>J8T9q=NW`&JZy;zt2jo@~ z9WJ>}zjUl9H>*ZX{tRdHT72@b_@^4tGbaELCn>;efmRuLbZ&G;jSkj1nJVVch2^3^ z0@+bwR^FA#DjcX@N_cYL$7m`=aOSr*6w=GPQHQz09;Rutnx9`+bdB0Xw$8hrU#LfC zVkb|+)*T*jy{$z`WtJPs9{mw7gb5iIab-pC+k?0@e2g=>L8=^Ek6LO;=EVvHjow7z z_Djx%@;iDF6RB@!7-!0N9BZ;@5;7fqy=i9ZI7QGeJD10{RAbg#Sw=o**vx5P$MZvD zK9-oQ*>HRwVz|<(_Q(o{nE#rC41~Ho))u*D`?W*Fp$i8(WK*t&k$xOtAN33W^*sdM zbu~ZFiDGJ_I)A?&kWeF=I8YFl1hb_1dXRnA5IG$~Ests61AxsfpL;H}y-36s?i`Jy z7Vi&abs>Rfx9;uyn2w>2o?X_65t;+SCVJZor+g^-NxuzkF{Yd;LSAhXzHhE0qx|*aVtoa@%6&QwsjAI(Xz3=0 z!x3B{LXoQyK=4u*Ullw@II-nd=jt>r_^@zX6w{9bu;r=)t|ZNpq`K*Z?T~7#|22pUBExR6%`13Inz#29D1*9{)@7(f|`OpX>x zQcdULn+V_|ZuD$cHu2@XCO|zL0EIlZBFW4EOHo5QP;=<8DZ!YyoYVVTo#re0G1l3RC6Kr7 zLd05|)&U1h*JWCOW)e>ZialkeR#w8D8{_$+!r(7e`8@2|pEU0U=uvO5r!aV-^9ijt(9Wd)f`!#!2Q2_DiT*eGdL9yN|{;MeFvitDuyM+?| znGs%Z8^HWR1$Ogi6IHA9HS&8Jy^0({QF)TCrl=3BJ^PKkJW<7ndRw%(qQ`%_=-&T; zsIU|ix+C{Rx_e*&;&cR$VTola{sQ}aQ4+1n=ahnHqrgkV@!~7FwYahDpK*Stuhxeq z-t;?P(2%=Tf=Y21Sj31-GXNeo6ma~=F%`Sh1{^e~o{%U$VJdh(|5)+mhEbbp-c4am z3ybL&1an#wjGz-=roA<&y45WWX_A(NdQYRSAz1HDIT|0-XBnUZ$uHspaK~Is-5yZS zE-u-mbS%;bL&-+_e2YcJmK(o%c^#-QyrrPS^GC2Mit&+ES1Q8sq(U<;fhOJNR039t znKtoQAjqUa&&kXCUZyp{{fMFTlGq!fdejLu47f|$47>0`JQp*ik&bs@zGMcO(7cQ_ za2fDdlYnus@fLy%8Y(DbtJYelbxr(Ny8oL;(@Ed;LAAs5=gV-_ta?d>CMJWjlf6AJ&y zcLkE}oN_w+@!A~_>lC3T?TXqD^9*(3jql?~_r1T@iH})R^|G5lfAXb-bnTJBxyGV1 zV5koYLR+AU1|bEzOmF@kEK-I=P3TLJZ@w)#9Xu6fWl~q5*7|N>vjgH54I&%i^Dzb9 zsj?Id-N$rOF?6N^AsO+|IO-h$iie@qqsg6OwSn+0w?37qNGP#=lQR!F@JTmDq?~FRz(!S&ocqTd z1X57zvC5P8A`t=TPr7YWu*^`miJBauKjR67#IMQeOZQ$pC>=@$wY5uif4k`w-oYnN zN2Q9uLAiKX99*pM+d3^L-AwjgZdawH3NGQV5Z!o}%wLa|pqcsRqV&dn5o<9hN*!Tr zQ)wzB*_v$R8&C`pA%1DfU|8xTmd@Wg-UwQVP1Z?>9S5w$aR8`6a;@$*hD~6t4JDyAN*B2hRV1SS7rX9zU^Vj458v= za>eSthsgyhS>RRG!cy6bh zGNtZvx2aX))a`3}7~gn@4scmYB26(@(SkG%v`gSib4_pw*m<|fn`W@&6?_(d$JuWbW{ z2q?jkJJ*0$yCp~rD(%L+_(0l?(rVd=w98yGoE1Aj_!{OEQKJ;n# z1KDImjB`*yV9W{L+vDH2xWK}138IzolFuY~Fan(8g&)A1a_P5xnzDJk5r*-*JO85Qq`j~xkJ!l&@ zv|{tU3f2hkDSAS1?A$&sj|_-DJHkQvDf4N9&j9)vVb=`hVQU*pzvn0P>ji?al)sB3 z0FoKF&l;%3usa+cNKR3JN19DzmaD=>m;&zE;Wo(ug3{dP|Q^6qpI)g8+q=b)^@>>MC` z2{`cI@ZR{cqX(2ecJLpez`7bz04H+p%Nk_3x&g2EayN)K!#?Y%pUv;TqSc`o?>+2z z)2z@pGARYGu-{zRlSmXOVPjEtj^`S%(7T~QkR+Ai6BBq#NzAvTfkx|2?jb+eUWK*y+^ z9?hm76fHpr?2!a!qGq+JbAQ+vQFJ0N$RIS+{?V*KFM-_r45R!U;?(9Y&Ei)y2&F1I z9i(zy)E9)0O`*?ZHo`rax@Oj)$B-ae<|5-%+iOQ!#CAd`L<5Yak}?pH-=B#Xl$k9* zIW&*;LpC#2-}&K875!qM4+C|K%q(kFFukI;hkgq^vk+_Xp4YM!n&V9+gc#Nmdum2tb!ez1$3=OAFDa z@C*#kln+Zzbv89Oy=-yKaq<}BOYr@1{mVY+Fhn&MN9>c5I97ZrmpfLs&R&jb9!1}a zb4;w64+4Y9SpOhSphIINb|2{(pZv&yPnce+->!ita^H^X4t<{Q`Z+ELzntQ7nz9#j zG}d;RZF}*K?Xw-woM{p%k7~>6(sDx+fr+$6o19b>1~ypYXlxUjOH!7$9o~nATTWy& zC9HXCRk9O;2#PqWPMn2*u1>NEA#k;D&rPvKRe89zx~>k+9?PB-wcw^xdj&e1Jh)mb z9NA^NX2E=z3XI6Y00)U%h88Wkj<02YSbc-05=|{q`q{!DgxH+W*=O{Lx%C(hYdj3d z`vDJ-y2Dlfo0~?@`KJ323d*}|U$0V40hoS%Vq>1uXmTTV-!CJMf)9s+@y!O%2uc^T zMW735+HxL>R)#GkM`)Zn;KE00k9ZE<6mIQDX1~CSr6D-?pNi~gex#M<`QT&WsM##pDMXde%lSzMet=a<~Z2~Q$gWb*3 z_kD4M{V^`ZyysV35~A%(AIt6!6hz>D?~YVNAT4Ox+pBgjKNB$lLLd*`6h8cwfbn+z z%I-d(X4Y{v9&i1|e`(K8Pm1G`uN?^*YfeIjsaJ3kxJGtQx`rd1FT^P{7#FdEO=8-| z=9QsB%3HN}I`GO^T%U|2P6^wd#!B}o`kUQNEXltcmhsfJPilmL}0gx8c$ zrx0Ju?gmdbvX}!J9jbzhQmCij%Nq!kg@IszfvFZ@yG28TAz%{;YC3wK~a}ocM#KDGzHFDbfQh zw=@_F7#1%n%68EvfUR?ATq@cXWkCuc3yl*nb6F8GLhtYlqLX(z%;sL`51&C=PL5Ak#HO&{nkNO#>nsgpAwsr$kX!K{d zSK+{ve{U$8PtVVS@rNyfv22V@E_#GmHSv3Va|^}`!!xRIX^o z6wm72prg1Ag!SSY1in}eP>5$RkzYKbf=OD5ldu;~G?yHj(MvEEipXNrebYTXaaJ7- zmTut%YheD31E|rHR78eml7us8-$%c)zW&eN*cWpS%dwhNtZ8Y4v~2D7!|m&Dui(@9 zuGibfiCceU3}$1Yrzfp4m&!BhPvup7S4ZlG_r~6n*Xc30X~FfZu)?Y=66TT(TAW1Z z!rIT82pV;X94lBIU!VM6FuC7KJ$)lbrsU(npNVaW{bpe`g+<>|Wgz+P=c*-ymjj|j z*@zi=0M%#+Z}QzlG@|;;xop-77IHd${Nf>Ou_=g{6agM#U2bRO^R;M?TE~37HG7!3 z%7K+~sZzlvYtdl=LqHOr!{(~N{(N7_ev!kJL9fW!{-d*Hy$cu5nu)%walR^%63x0|hE#-5re=sg|0gp5(lp74z)Zo`z?p~3RkKZ?gIdXLV>@fBjK z**f9P-Lo1BN-Y&ARC z*aEAA;rI52t{7_#=eIjAV;`UlR-ohJga{owrNLqupLlQ3bz`1Qt$g24P^^A{Jotb; z#|lFV^7ym&c0%m?Mi6MdnnoUM@rSE)x#+E99XouE$l18SG*n5Te|@zfq5bR}^?WfA zDZY`u;!sT}+}NY2(*K!Bn>)wo;F%NQ_@~i*i-pN_c$NF_92DylO8A*)mFaXHJf$0l z7-Csg%hH+GuC5(E6~Km$(GNAyEq?2O07|73eh6C0o*U@&+2d+fEMc~ghU%EeGb^H( ztQ9KPz65?sz#0u1zaQRDWc=_;EMWlCsri|b@zOL=y!)e+@$|w$%%zV`66y%p`#v#X z(AoeAHNP3cWiF{Y=FBo%C#973yZHL{CG;H z6Du26yG8ZG&$Pz@ zlvi|laeu+uVEX087kU-EPjUA_@(RvhKzR>%0S$5Xaeu}wi+@gd2|aYO)@%Z=dqWa% z8qYK2ip+K4wpL_*A<=Da@NLSy$hl=-9GvZ{f6fD*&Tqk48*m->xA{o(oc$0)@Z#dw zf|JQ1lH8tQ92kMC?+lyC7uKjvD&jypQkWs{;61^gy$}M6baK{q-uTzaQFabZrLLdQ zzV(Kvj8!6x8bn-1-NALw+Uk(-g{ni>#G;guljhDv)MZjPUv0M96=Yw#n@&mZwuV5a zM$tLqL*5nUKkyJQi=deWMYB2?h0(BH=uTVh;oCo{Zc8e}K2@H+eirD7Mv3;PuTvqc zHIG|0UTKVYs{VT7;V%v-n(JxE?N*25eyyp;AuqW$Ay$?DbBAXd*I56%Y5~q2Q*aN<^5?Ik-1A2p23>X%PPY^R%t|-gHSXl6 zGECX}wkAvkJ}}V{n>St>t9{NsmK<{Nd)n_C>V^C)G}P?7X_T~3b@6^= z_*{&XddBWOV>i2dr4rk&wwt3}c9bP%$sYb=BZRTeme^|+HqG9nCO3B~121kdYoc)< zo^46ks6H^M?52I^92_*Ne6yq0_2H(0;uR7(s`$sH_}0?ty7PhEpMoU71QAzi?mf=s z4=;Y)(}dFEY3|aOQ)^tK#rrwk{0aD_X|W0O*WpvP1-Li)$bD2M-0(BCF(_2%7F(Sz zfnF~BeeR(J7nP?=YRX}G7Dtp81Q53BW4pv`S&^iDi;*wCqBcU^j`X;5{B}Yo5%G6d zfpm%uB>nZ#J23TNOrt?Wz%pUVQfESA*LFgjpzw5Llb_3&Ry$!>DMgRbq>1lyQQp!d z4c)5|hr=*`<+f<4Y5+hL!fS`WUF(nY{Yoj?fuUp((v;?eE{^_J8J2SWYIhWe6OERu zUtgSJ9B>~G56Rkj`xDj7W|@e6oDDWkpwv$exxiW1Un@)v={xs0b(y{bdcDXhSV!Mc z=3fWKd|^H@mZ>iME?O5ddC_QGyzU$MZ1)2dNj<+;>Ps&NWUwqCxh^f5)+~y3~6AS3)G(!jJdVsn{U{ ziC&j(ir}KdX|bc%MDK;XQjH4}vp8(R9lp!|qv@Q&GwHf^8{4*R+qP|XY}-l4PRH!n zww-j$j&0l7Pru*4PwT3K;;LG6-D6C)S%dGGrU!#-Pr?%=Fmf%@r=WMd5-g-u3J?~u zvA68CB+=#5g2HC3*kzj>q8NlM^ohhWC7inxs0=CPBwBP!cOBTKfKs7L4M!1#w}vpE zzrRlGmpHeeMM_MJv2-sHaG#XH+$%_gsZhrSh88jM{L5my&de<6%w_)QRt`@Vz6?%Z zi8rDp;rpasv_{EBy&zaO8(Pv7=#LaOR6i%s!-_dAJ2x#6X5a+gwfj&YTNY5=n^5&KL=kt$V=}@MalYUX)deDd z7O|}tViyx{s`|H-@L^c1jp3c+G!Jbm`toD0O(2%}Hpk{2tBJnZ+>j5V$ME}N8OzeQ zJoDH-GRRSJzWbo(;nby0(g?}t$qQwF8=MP6fiVD~xpDMbgclC1Q?PaI!tWm8_Uk5l zw&jtbE}pZv(Ie=6TtJ{x4AE6SZeM%n^O^->79p0q5Hcq6nYZ2C_fHWcZrV--IBoSo z)u109e>+AvDU8uhtb6c6vcdp&CnE@7O2MT*RH#pf$L5Sdy8JZ_ib-hot?N3LUQPuc z-PhD7LD8AC=tQF9)%dFk9RcRpD|7DFnrcY;g<_t886zV->L8_XxdSd-M}S0!zQ+ZX zZb$u=fv%nvc9a93iCk`XQ{4c~dFJKpT>Amd-^pmTJ9W5^n>jCz0K4jHy4u#cPgdKB z9lFlrsYeDiIfA6ifr)q8RM*@L6AQxCZF_HpSCUMN-YPR*PqP|+fzm~E)F=K|F_p6*r$lrU%TEEQ*H8_{`Mm}rL) zure=ul>zm&vR?YXN*1*(Mvi1ymec41J4mrv5ERG|u**x{f<l65McvGKVTv7z#tTxjS?8(rgJ#@uKa9rmNQ(yu${&mew?NX7EnS z5us5OI2e{>yR{oULQt&iYM(k^)0}P+IIJ0E)B7;tcGJGLNLRml@Q}d=JUSGJ9fCn3 z-I<`XqVx36FktV$owO!c*|zB+y>t-6-o4f*ZS<(~D&Fa! zE~YTx7_yoBaDp92acqHLuR=72RuA@2ye`ZhYS3w<1nvo zzwU{Parn&$g_Mqp}q*_+#YC*c?S6Mh;MZD%dGO<}q! z0{(#excXlD@@25_=r)wa1hv%d0MD1%X9K!B(3sywruv@CaL&vKjKsw(xcMKWDPV$u z{~NW1jN(P|Jt{b?CPW1UCg1Q`htJf-jU{oS#Jrsn={ql>*KhuG8UT}?FBH43bh!x#{$-n^yGMd5yL8|&%3sJvf^D= z!YlOijgMPeG{=8j=r-IQ<$iNf4CXkwS!L&9bhnHi=6DJ*Z;n$6vm-xMtzO zxa@7R@$08iv+bGnQb`-Zz{-F5WdNv24ALpSRMH&ZZG}!q7fH_W>`3B|Bd42W+q{gH z&u8sB7#p7-`xuK9*kdnEgD)GRNHXR?8`aADz84?+J>9$qD`MAOD_*$U=T86C<=*N2 zXz|WG?6H;OcRM-~P}=*_Zrjahlz?UBcDvK+8$VhTvbny6=Cjf2CpT%35<9K)?t>Aa z_wIMwyWi`g@S)eTwIVqq-09WaYoFEL#M?5}^Fnyp(|XPNY{E{<)XC~ zTZkFZq6*?&e>|)Hf27655!8c@B`R|b!Er}4rCc_%h~R)=fl|=uh3r#zR9_b(YLMLKk)9A8GNx4B}}kjTH}Tf4)R}WCi|K=rmY$6O-X*V9m-* zDo?vq`h4~xYVlvx8~}j4LtUsxf!!nkc@M`J6D$NgciJ=++j**8i(+~IkGSY02r>>k zO`C%0u7}GoAXM5qNYvnJSd|F4im^*O-TF@Jn8#Gm7mcCR2kh_i z8wQlG+yqSRBa?}0A?kkq0{XK=YqWkp{DlJX%n` zzMop;=Hm#@y3(elDC~R{nc!6Ni?Q)9e1nVeZx_uKt(qugIl|m?aV#njVPW_v=dRYm zwP^i6D#%bZ+QlGH`|Jc!2ui-7qPQ!16@}QeYH*=?nJ(%=dz>>>59f%Q%z=AdYP}Sr z2L7Iro7K0ri=J=CzdebOnTR5;JoS@BP+}rTkQ&vnfZ(8bk1|8ppGMWQ1C=^W)h>cb z@X-eHe~$iLFc~KA3nW3OT|yj|TQe0R1RQ5~J~);h4V;0BaRfIFK~j+k7~ovSn#I7y z{=W+V3JZ@kdqtDIB2XL-6vnuV29E0IfG5?H&@QwAd{hV>=21*9KZGdkf~}PQMW&JC zU*ll|I&e5D6UT#9zW32}Ts>n!1uUi~?t#FGKs5b)D)85={X=ZL!X5$}>Rgfj_?0v@ z9C4yPpbZCq0S!y@@R3HHVO**o^AMm@rDTFj;h5$xUH#`tgAji!X)bPpn8p-joj(A( z$74Xm+~cDw79{N{zaPG`dp(UngGTl8-CRM85)I^7)JlmfQuQG7LyA6J2+JCvEgRi@ zhxTu)pM)KwbWwra#E9ovnXqn5x_O6VR>vDVrf!A#JX|;_dQni5h~C07y(|`l_!u0BK*cE5(6MElLbBe`+ zsNds6hUi)_>Qc%zUrUut^E5_hBC<`b7u*i+AC7=);0z-V^I=g3`UyghmQ`>A^&AmQ zi)I`YNz*oVvZtH*Lvp~arAx2g}BuMe+$ElYfV-B(Pna0n0GuViLbS5!CEnLr=|bV`mC%ANoBIzu}{~CQ;mkb zZNG6XE>;U7;F5P-PhGv*$%o5`@$TV;VTxmE^r4(TBJO}>g;z`J5rtRcmjtkQ-}?q9 z-OnY}{IgKjFZMY>ptq?P(x1%2aT ze$6t1l>H)dIE73bbK{P`bt4Q(^SY9OOaJ|~t;)2MfqYQ?%=kvY4|!q6u<3=srP1oz zIuz(Z+9St5bIvd-WOR#Q|E<5O;_vhRkbmz{u#VN1SWG(;^!HrF2y(oQStd&P;ZLB` zdy8svbv?-;=F$4ec5b))kKsW?;5$LeFdPntV1gew2WgP&)hciE4csk_$pPoEYCl}1 z|2WUh5$iQJ^o(QJRW%QWAFm(BW9<&L6q)`Vc^ogNnviLBh~lQFkG2ZV!6$6_AN;k6 z9u!8?40}IlvdJE`=EG{0hEi|T5AuG<7+{4c_)$l%*EYL~v7PI6guTzm&HdND_tU-e zAW8OOA@8fn+{{c$$*wYeD6h4$cd*E)FQYuig&HhxT1WBOZj1%7m;n?TjCvN?@y;BhKauio^<;82*VH=Y<&|Q2a>PhQi z`P!ZAx6NjWHE_X~q~hNapU%RluOPZ2pf~(H7rfXWcH(`r_Ze*LEZDe~^dB zUbLCUH;N+gFTSCpyN%PR7qFw*jz_HHlQ9&3`#F_&_m)^^0U?YjG{YiL)q7~DuXdb; zUq0a?{Bw~!*@JOR{^=}NDB#i}cQ-K&J040QNZemmHfbK2*tD*;+FWQgJUc(X1OUKw z0iP=Y&Hro?qM{*mr*_?)x1>V->AW5_|2Y@3>^sK&0TP0>amu`lU4`4x%P|kS`zzAb z_Esm!aJ*^w|3Jd-I3Q!|P$PTV6jw>cHM{AsO>$v#Wn8m(J>&i zstGTj+@^%_w@_S@WW@c0h~D!MQE8=CLGIK>mWJ<%MK$u=M`b)puIog9eOtyV^yZhxZ)0--XL2mG+0?L?Ik_Y*<5 zSUi}4d<=S>gX1_X<^c-%%!A|0lNadZwuc>J4br!ORv7ym?Ei7BtC+|}wInQEl;2lJ1%C9t3^URR3iirw zMLvDHA9L2^R{lUp9xa?F$gWfm_6VHIZ%Uv7gg4l73(=!ZqlSJcrW?B*Ko4sZ7*067 zZR0wX`GPmDTG)1SbmIMyk2lfhj&MngH(fV*)jG9E zxp|N#CzoHISgRLkGmuj#aCp1(j|^JU=Cc?Ztit$AOoGx5;>2k*>@*iVF6^4cJf33; zZt(lX0bk-?jzL3L{S$bJC*9KB_NN41Y;$EVH|JM&+BHuOODgv}{FY4lQOxWU8yH%M zfwEn+|9fDfR(AHUrD5nHLCM?gPR9;|-}9P+i}%U4po+OQrF7oY9gg;$qEz1W*Jk$aP8arU5H7@O-hXHk%##5>BiB^#hyK-A9Q&==sZfuPnpmp(34Tanov$e>mx1G2ys3B!XyHrV6!sSzA+&sHwUB z#ghvedEsAytppunr^c(LOhM68vBs6#16j@jq>ioRk7bxzBOexnUU897O@ocv>{rK! zuO{5LFB%3llv^(9qIODBJyUNhc>J=Rl@+?s``ypM_gPbnLH(;_k{$&=9eTTyVGIEB zX^Y4tO?h8gq$M#HG}aQ9Fw9Wnt-64rA=b_py>B~~A1dN*-rIM09{uQ+oFNF%_aNw0 z@EIvXy6@-RJVdtEX&=qD4E5f3=*v#Vvd zfkQ7`Ak&mUGxj+S{rn#y>LCe)XlE!f%=B%bN(OMnUUK%n##U=Lj-*1-DUr>|=Lu}m zE1a*?{>m<%Ks2FJyW|2m8ZL)14PE2GvK~GEXMfDTu?hpq`0wH*uy2$2Z*6f5KkY zBg)W=7I#WKO)6!y!4%1$i3mt1KcZa4E4Q=Bcz0JhJ3t~#J~Azk9kH&uo?H;7<{W5L5>w(~$mSl)P484THqE*KvMcq)i<%fkBsg)|R%b-V5T}Vc zR3I=$?G2FT3`b^k9S+#`$Fw2z+r;>|%cHSt_lrJ$@>y?}WTOeS_*A{t8hpE34cjNA z_=EXz#A=Oy8UN(ws<$Y)!3;eCJeI?@;rvXvTaY+cvw7Ai9xtb)WoYvD1U`$8&l@EM zQZr^?i3JKJxq)0O;SnB0B20kyfNKsEKXkTKc{zgX@Nhkf=Moc9QD}sQh6XT-3|_pQ z*S0oJ^Guc~+pKJ7U;A1)%m!zvNKMQsC?ay z9Am6+G%pGKvID%m|6{`W!GUFZN!CXiZ?*`0YN=3|5&{09zyEwz8j4`d4NOVbzQ??| zpvcrHpb&6%wf>Kl(?b6|8_z~nI^z0v+E=u+mp$)SjjS_#3vbWY*BCXqa_LN2{tY6j z2PGagct1S^8y$=E1x(BIJ&htazm{c4)2b-pohoIP=|rLmQT!LbrqXs4GP+mPXK;YC zdHM!nZ7vw^FqGDDXjg+8jtJTKMyrkSe6p=mdW(4mQ!aQc#o|^dN)T>;C)qxW@m1-p zF6vIpsNz3yoxe(|C_p(3bOs&=Wlj}An&HTR6C+Z}(Is$_Y@!FY-?0!mDjB|QSbldh5;r6~tpAaGybhdZvB5bBcqVO_;g}q7W`M5`FKZUR!Ip zX`%kZu>E&+fX<9V01%|il&Yt+saG?+z_ZjO0juY;IvLg#!J5Q4QDP?E=3q}A7+cnv z92J_fC^29>xc>gS2B=(Wv0VwpL5fhKB;@5|m4AjblQGeW$0}(K==oF%PhR;s#CA6{ zRV^@3TV>|u+8!&?x3H`0Oy)NotG^e{7bYIYpGT*>(Sis@Wm%W*pPnLEa*Qy)NH5OH z-_o#-(o;$Lw0=fvM!URuZ>$rD1Jpr)5B-BPEctfRTdqb=Xk&X#8gxDTaWD1_5 zHhAqC$v>&6ylZb%idu-7C?hM(-UyY{EhlaQTHzPVfC*hF?&tRXfL^lfoM3kRbKr24 zK+-H?2x(}A+9>i?C`$jMwrzw;n{o(qp;Da`@_@9lMnjz9L(d7X;r?()QpxQ=72gOK z54Z2t6BOGDZGiO5Kzac0x~L}#deJtGli1zQE7k!M7q=W*Jn93u6YTzb(fY98Rj%u5 z+m@l8YiBh=kd;bffyYin}O^ij@{zhd{tL{4;X3m<+>oUbd`n=rViW7|rC7{(Z|2LAdMX zz3y5#^?7X)KsVvCaCvN`9WK3Nt6)QLR*&Df|=v`YR7$T}^6VbS3wL|O1PsH?P^n=5?c zfKXR{77Uw&0WB1_6L(=B zh;I}%#i`TRI$<<*NEyMmpf%R?O3=lXQ81#N`fdtsiu4=_h~=wj#%1zTCo*=lUXn_d zylp?)Om&}|1D@r;$~w}Rf9ILU;}^~s;cK3(Ev}l;UiJO2iFucqOp^Ird0TmVc(b-Y(? zgDw;`U3W5yE&c!z(+2HSTR~!#E5HATr~g$-TKVy36t-wpS51BKj>OC$YP*fvH0Zlj zVxKHfHMuR?HT@`;;sWLo?wlgUBx^(vWC$FjNy@Il2q%~?0vTM*Wv*5~yavX|zJ6g? z>5loV9h~GZ8+OaPHA`hrQQvJ>St^G0HZs4#yiBNe8*ETh)0o>W`01kImxna*8x!5Z zUcmoB-&L?s@3Oeex@z1OuCXq)KjhnRNFXP%H5H5}l@bXNhbL83^r46b0ysK9fN&lk zXGV*A8F9MY+`4`5yu&{XB3~;XL6a4@n9%0ur6B2o`ba#CuuHT6HqItr)E@W*J;bVG zrb8WNS|S_+p}froI>%@wE(M zQ=#0hc3o*2MkYMtfqQDj8I=FYq*Qj(^ym9@^UB<+7hr*b6}?lxIT;#i%QXZJBh;yD z#4!lnkK>)T;x;ay{dnH;nOO-nB6KAr5E7@rc|}t@8N81{rUqoGz-;c0cA$AH6IEh4 zJBUb!Pc`8WqK~^H-~|TX#1C5LUgCsdiSZ4Z3agY03YV_R^VvArGEFd|Q|~p_>&Clx zhrP-f#%k5j`+)D%R5w6CkqJOjKwkd#WvgWsZm`j)ij!gDd38hmI>aks)2m#ww_lrADsFA#EC<=XQ)a2c^b47kl3o|0sx=g(350lg-f5m?PWQjK%!ylX44u zk@+*If5>Oj9HZiSKVDR1B-NF)haVR3Z<$#?3aA0k+1RiJ@V{BsH1vj?5*UjE#vn5^ zs4^TZu4XRMPE@*=_x({yc`QD9FMTRhrI*M~=D&UQfsA#$lJmHs4x0gv> z;Je%gqFDGtA37!QtDOv$Y&8`oOhj7g7LoR8mOLFoF2d~0mN}Z_G3?jDo+t$O!mhPi5RYNxGEqT)@b|cxc*Tr$1d#~!u_SxrrXOvsEVCWYIbRWtGhjamu z)DJ>l1ZBD2CPeTe__4JOoSq@pQ~TD{2d;otyN-UShy7l^M7s(*YW>aNXx-pu!psrE zR=jME_eFekSusxt#LHvs+l1bIm`QY-ch{hwoZ@V zpP$W7PGKDNM?>E|O^dRI=eO6&`)SG1Ph|rcmZ3GvQo{MXCtuZ!)$Z3rLh2)cg<3ZQ zV?-VA=ks%0C4;Dii-@iD{Oj_T-jpC8H#m?!By9Vu1P^Re`2cF<8ULo~us2e%R@D7a zP=5DtW~dovf=EtvZAQ%xka(z9ht{q(ouwBR{dO-A221jqsaH$mdn z$UNjEV65EQ+c1*1g#6~8H_&<#ZE=yuQybvka9?hro=~KG&oASvpbE%b0yJE)NJg>D zQPOBA;Gi?7A`@4rfP2l~Adzt)1_L|4hrIn-ckH<%hU|o0>Ny@TSix zk&NwyfwhSDu3tNRXZi2NJG{mUaqSFQrKMny(>9vUSTY-XOlm>%>wM1qsE+~elt9xTN*Jw10Eyl#uIr0b z+mx~)H%Y)blu2U~``Z^Sr796rpSbeF$ZGOhxW-d$THBiXDsh#Wse-)C#5|6Fl^4?L zWazXs?<)7_KmVrz6KK4sCT`PL!z6b=xQ5 z#fsy&`c!Z7{`i105DxMbq(hkd4I^1<3-6T#0%rW-t8?EZ9} zlXe3pd=IFS>-nk{T1gY`D&&^QXj)Z=&9 zYLYnRQArZhdnw4V7ogsy$sdp zlW*20)^X|iw!rn?WmYNsp?zvY_;+5AZx3efMtPWEx%pz5vijubXR%a@R#-~#Fekqm zIO~XZe-rZ+^81P4^?cXpn!h3UjP%+rlnx&kJ04fxIE57s4=;_?~ z8AS`@nQwm)_00!ZMJD4)&phU?1SoyVHQ_<1&_u`(U!XJ0wM1dOOgBbD z*oCuYX)E*ZJA`jHGJba$UENg^xjBXyyqY}vsWpngNL}by^-wm!U!w03lk4(Yc5!^u zp}QlTHB&t?X}3-YBbc>H#gVUCZVG85>IF8In*Tj?_TfP0--+ifCfnUy(+0_b4Gj%? z(D?`3@7KN8Q6gQf1&z#uT(@EeM@Jn#?>B>p*9+``O6+J)3;u9;9r>3L5K|X_djS&N zFQDk1fAXc(lF%QzG{A`F#t+RFZNYU9@$v2XQpJU2uRECESHzWunpdM1@$~iWE8oL2 zgicH24TXrU<^f(4)l-8E0?R9cTE6%9C}fy_Z)6qg21F@WlePsf+Ch^8{F`YBd^r47 zx~RajQh(s)1{i`kw8y@mz1pjLL{iv0+kr2oQA)m;b{jq&Q`)sV%1$HSCIyG>wN#SB z!QrG}hzCy1%sk`K4Oq3<%kZQcvE77PEq|v|t4OK-PA9MxkBD9IZ4&9$U?$A>3u7Ja zyvs<*u>bra-|_(}IeOJ=i48N{wC!gwQC!ucqIF*q*CZ|2Js)3sroI;FoAt0i=^Goh z_+cx1Uh7-F@S~%(h`vTQ-rh$S%5Vc6{+jvK!IJ`k|3Qgy_Y<(@vM8D}miSX7=Y}ic z8={u$`{Ulvn5TlTzM64uf#&*iFKK$Rcf=4CmT!D4aUQ$3mUi0#h;6zauJw83cdMIVSE6^f6c zO$@1^9|=K=5Er&P7AlVXSCy~xArV4AQ|EZUlfPsa2l)}Kx!2nJSzW6lf7<(Ua6U~G z-maL-_t(_6{3@uJrYR@7&!8WQ42sR#4orhwqE9vjC>klkF*}<+J~VW^tGwv97F%1O zWH9qPG{0~ksXxENJk%r=bwksDo;q_)vH+oNy^-N*P}8$5=5 zJ|%|=*j6?K-gc7(^xItC7M!8l%cbq7C0Q4Xs)}yJ7&^`B3maOYH9}D$I)Y)EGT2f} zeu{~G*9*&n<=`@|OL?sb{;2Z@#xe-1e>zji;?wiCNu15&uomBN_3ja{Ov}SkmN%`% zHrM*1?hp8jkDEi)-On%Z1+jD#xUXdy+K1ult7ZN3v&k+(lICn;*2N<<3meSO=ziHAd!%3IOz9wZN? z9qqdCDK8BVU`DppIG#pE)85^R-(T=h(B><2O}SA7sDNdAAlm)OwDY)|^WXxQ-AXT^ z_9Rhz{w+0j!h)c~7!Qr@@^$eio)rr}Ws>xJ8j=082`7?Dt^wB5EWcky1uvd^zq>WB z`e?+tP)Ch|M2!1z+#Z)S-$7hM*%LYER7XIR>Nh~z1Dg9ZYN{eZU78GntLW7_q3o_D z0+ouC^Kvhf<>-^lHT0ZrUL~ccQ&Y7;i1S1raKk_*S$cJ!Wvv2TP-YZG$BCR;JfC9H z)2n(=AADw|7fg>;8?kr{B$tl&7}|V1<1eR)pOqKD+$J=xQ)>KE~~u_YE-ekHWekU6DDPtN<#? z-H4%Fes{Abf)HW5uF%(`Rzb>Wh$01LNoa(@GV>fOByiA-P&2q&p^UjqYBHcp=_nU> zq*44sGG;TCw27jU&RjAhKMUa)|J<&uEPFGWgyOolbQBedMM=dsb+_9+ zvluj#MpK}*W2QyoX9)==`lBAZ=6T-_rGj2#%4C);-1(RRJBdP(M2ks$)${Wz{~$cy z>X2y003T$lnZf&z>S$zpS_#A3ysvvU@)&XG5%hjKRyJHA@h)^{ zigc;}e8*zs8M&Hu2w{3~a<(_w#grS}?i7(&j*3p16fKHIq3Ps}%u=v7e`A@J+ozqz zzkV92Kw0hcUQ%G|7_rpXMNZtc9yS3|!5+>4XX{NuhrBx9@Z`mPCt{+jt-Cw~&SA zu;=2pAr$CYf!z)4dk3;v6O2jx0N}Q8pmynfF zRG-gQg-zTT)K_?@n#b1C3m=jv)xX9jNymZaW|c(gc(o@L`yRabi(Dx2sNOfGBrwvl z(FVb8n`uC3=Fz!J2K!ft?6*Ozkdjq^rt3s3r!rC@L&fM8ZKgI3GV_84lRyTGIXQFRcs4m)&e-${e*A0I;cf_aWCM>4hnl;NrVZuo)uyW&YtYj- zeTI+-(ONIbJgh8WmN)z44^|iWq)8R0>wTCbbVEM(Ylf-`FvVFl?bR*-ss9|W3A9am zH?W}I)xh8m14}S00PV6?t&&N8k~Jp(6}XLE(WUA>jM6OFy5w6vN=Ga_V5?m7yriUKW%Z^|rnTrkeEw58v+egElfZN>7xLOQ+IX&_Pzsy!>E;)OJX{bhV4=j>+p4YSjPA`hgBtGmmZf&nSO-3)B)Aj4cCLO`s3EA{EjcsN|xpGGCbFn892$SXsCQol#!vmvN22r-e+;5foxC^ zA7+qHlCy6CJEwV(JOhhT*R3e^^Itj6e;pGyfq>~c)y&t_R*c^LE`6&VH*IOJycH&d zir^E4#=g{_dv@L<41BX;TPN)U)-uib3Esv{yYY_qvIw8tfMlk5HX0-_X>CufDpxvy zKota52mLg@F2O73aDYM4?~*yaLaX17CtHqoS8U%1d(b93SK%E`&XAPS_i&93)sXHm zwCVQ{PPN8wqO4T)2|ASF*t4Xlxie85Xg=eIz?hCM)oaEAU>jA$D)b1pSoA z_iC(oY&#b){@d~GsZ};D&f>pZCj8Y2K*CfHtc+rzQLgV1vCK_-95v*O=U>}t+<2cR zk9DHZsGclhsaq2B`03MrS36QO6*Mty!M+tE0l`2-iH~AQhOB>4CaT}62et%AaG4lN z1g><|iV{4T`wnh^f^>p{3?914A-nus^)`&LidP|%Vj|^8#+rVZ^1B|O^rF`X(eO3V zHQWfDwO}ObYb=<}&MdYuHKtY}lEV9O2}#4gt6!#H-=A4wZF(+z($i3aLV$V^WGoav2k&;=nKGoz(t^@oZ&`Bz5YT4LoNuB>}EnJLv4% zY^D@Qkph$leqk-LTix_IPMe&Y&2F7_?DZ#iLS~9y^1t3bl2_gD%D<(Uj?{kxL9%71 zW@^*LjxznvuU*GTOoUr;Cmu<9!V7Hv@1nhR+{Q%q(3}_--JAKHua5%55@Te2&upm! zwYceDlIo_JXJml5r(>1pXl`{>hqQ#$6uIkbYGE(C>1P<5kFd$FvHgLI zBmU81`@QXPa7-0NFWX|KJKY&c*Zs_p`@ZFO+!^uW%%XZ-0)(ySZEUgu<@19CzkM>_ zMnUPZr0fDMRSIr|SzW{Pk44m|nn!~L1+8eh%c~R3_|7z+M-=4O_8bfm$qqu=AEJ;H z?%luRxtaNY%$~|wfkluGq%$VAvhD9u87?Jotha4x3iNa7dUtlCU`<1SE$TjxmYVG##;4K6)E}(F zH=LKpv(Fl} zkfAYwbnQuVr$J0yNN(6SqsX?s(Pu6jCoWnrHJ^)9(e5ezNPyHPW(oVjDG!s521Nw! zPErEb-8PpYT1S>(=Yj}~Cq`6BBBK1tDr4%Kk7w1dEI@MRASOz-5%zrDIEM!QU1yEgU?JKcQ#=_Tt8O@f^eJT{IUX`L z?%g--7rIRnb^>b`f_)H617&8~4W2nN3@60Vk!~jrdW`xV!X78<`$k#TM8v_aqs&B8 zskKuh-fv`G)53tRcj~an?cOn83W7hPAo5A;e*Y$R>j#79k(36DSKYZwBMKIZd63HH zksI0eD<)vg1?wL^={2ZQfvgalgYsiDaZwuRHwD(hc6|g;rj^mS7{lrc(&BxM9Ep00 z$t_uHhKZWQxX~xY@k&uiP{=$RN*2JIi;#`j$siQqaxf1VFm1n^5+uQ#Jg9#Mf>DMu zhO&F9vp9H)IAl;Z5_X4zm_1d6ASWQe>0znGw+w8t3>+04i!l>t*vlyEuE7o%{XPP8Sq zBJ73WSfVUo1j;#18I<`{SB?NWPIk$%LWeMu!G?=K#l`Nnr#F1UE&$7A>b5WQNE17{ z#t`HJ;i#CGX;L5{J%?4;1PQ2dH{6SOLqm-mTMU}rz}sJyEFy_8ttj|l?!jT2Hb&7Fw}G(DD){%^z?$U)Xhu8cq12oCf6nGGSwVGa zwqKD3RNQbflJkTS(j~7dgNBB0K)l?w5*(H4p!SRX+>FY>uFxL&9ViX_?{@j-_gy9N zJRX$R+f-I@xRT=KcX}Fy8 zAoKTSaQ}4=!CKd znalu0pAA+qmOe1@#ra6EHFoZm5@wyBms?ColcT3~jD-KP(_K7gWPbhmB8GB|^N0s- zvH%q{v%nuSl|H~B2O<3yk{3k{mcWTNa)dwv9ITmEOQXuk{Dd3@xDGWCMZ(*O8u@9B z*vRV*BDikXx!3e7lp+In(l*1lIZW=e9|z?X7>|l-%nYK8|I4jee!0Ub}JY z8rzWK&Lc>9pBrw>RB}Fy=?FQi>(GM=X!7Qz> z&TSdEm}PvZqZRX*C5*-kyFbK$4v4-ne0~Zg682Xt-M&}>VpIa#0x^?+OaNyfv|TC$ zb8&RyOOkG5J_ZbZm48K5!_M#c@cF*oiyR!(Fqjr}i)4va#d}G=?Tzpp>$C-xAVCe` z!BUPfoMVh*#)^#9yBl4md+e&?^HF{*QI23JeaeLc^5 z5>rK^zEy-ULdIY8&pkm}WG;(JT_+2v4WDx!;bH8lN&bw=6=XZM})mnHW)vW$hE1t+K*jZ{FI1;SBRQ?oS08k*X5v;^W5aOs-1nVXw~lnj-CPNS!% zPc18>$}{D7c**DI4RlhOVEa7W7Bva1AIvS<=Due;YeI+k;FIjkd@!Y`d^a?h5ik$` z4Xic`&a^M`8=qYn7~IsRuI3=4$ZXApv#pD(Uy9e;s6)>0O_Qso-;x)?6+Po?&tVs+ zZ_ZpO(@>ca8$&m*H90*E6_N<}hM?=Y@HoeqAnU&&gouo~4i)!$JVAzR;M1ng-9Q9E z%8}xoQsNAji_Bu_!qt%qh+3q#@yHS{@Fy6P<;_}(|Am=4em(I7Q#Z#cvwODPPgvlH zi3uVO5-fau=XreFwM5k2m0lc`a5i%^)uR|y!S5Jgq^r6?@)OHVX^ujIdv7-1?+9Bw z=++ENTicZ3Xv|4`j}79)#2eo*A(zO=NaucV%&|77eKe|%E05k}!;d}8`QCu<>!e~Za5tNrv9Ms( zQx@%LsryVl80GmO+KBpQmG`;eP*}EjU&cW`Kx+*XOt42^e)t4Qg`vYI9h?X(^$0z* zv%1l3t5d7G08P{_{0NSmR+^&oy#25hd8dLnWea<>KhjJaX^x`f&Oq16KC0`hA7Xd;|hl4CnRdWM_o&hGjFu z;1xX41kb?u)*z9=!5~f~h0lO>K3YD1KsoC0Ujp^xefvADsfkUy!_}&CD447u#RM=f zy#s7DP~f{2o9Z+kglPYKS|_KbmYzXQ3Dw!_ZW7#m29CIb99wc`Y&tqF-1Oe*@OMlD zb;i?+@bMD#Uq|Y0LfnYLk82~K2}cro>Jhs|5x~(c_UeVzQ4c#9^4x;zb^wb|i04w& z+6Tjxo05MaN-s&o3L+@fO4V6Fe;~e9!VYnGJzASaOupT8ramzoc~9LQxz6WYi@+UI z2z*$FakGnGQ6K`eB@+sMc1Qhsn81`KvKXnFbb#?>39Nw}_4L-^gJ`e!%8gDLcFwOJ z40=pNG}4#wgD|Z7UcE+mZU8Yha)$zvh{YivA0KA{bm`;X4MjcJj~7e>Bni*+w@_^9 zbeg0_;_zvI>APpFUb>$G`XmO&1_0teEPx7_w7fijS+*Am7aCUPQ398bW9(V*g3Gt{ zlzg1?>Bm!xB;qx>g>V5^!QSy7MxdfI5Y!gn&!M!eqFd&`FgCtgwpCim$wSO;4O}JiiFKBqmoOBV7*)dV4OSo`~}x4a2I9Rd87G>EaN z8~DValVJ=Xypnpho{En3`|MvwdxK`#rnyfO*lMN*4B5HkTC;pJt!}nW{ZFw1O{ul5 zxulnHZ%!Lc9_d_8g)%g2-WiSv91dG_swHw(`VZWcq>^zd4Gk=Rn{9qUlXW;X0HU}m z&$Y_JPqTBeqSlSnFflmo$wTl9J3WN!w%ea(tX+=mdj_@o^)gZ4?`&A}B4yHh%@af+ zQd6E1buUs}i(upF6xm)Cp`*jW+?#|=v)uys9*)$rS~?VN=bTdg_|Gz`=3!!HKS0>X zWd0=H4@JqxcfjK|gSy$Qkk0V8&1EOKo(`k%2E>I92jUks6(UmB+&?}(s%UFdA08fx zEUEW6yxO0~4LwtA6F1Eiv1Rpo#a)wA6cO6tWC z>Jyhg)YR3RVIibQ*Mw)sG9wxDJ34si2OE5`AHv1@R8>?8quuD-aoZhnKh3_|e?rnE zVthD$NRZ@EWe_v%e*&nG053rnLBo=s6yuzOYD949%cB7t>DWd$v5_79<3?aBQBvFB zieC)L4Vv3Xu)!)42>2xRqj+K0{YDDNWh@*JC{Z9*W0RN`#))cvU&R+)FEEk(PgIe) zer;m0_^5SdNBy|Agk>4`VHOqk_Zrl|tCjlQ8szZIl7G~MEP}{Vb3X^_FaW!PBViTf zzMi#SD_M!3%GSy(X+o)Z&EJ|3^2-dM?7dgHMqUH_0#?^8KF{|0oHjN#x+|Y>|D)*~oa6f6HXPe%*x1g-PMS20ZQHhO+itjVW7~Ebqp|Jex8Hf^{Rehu z&YnH!8lvEda@`KhUtpq-w?rXV~S z0YT6I!xftRzgz&cH|{6xXegb4K$j|`d0!B8d&6{iwk-kQtq#faE)Ugy_7Tn8jvNY} z2)R%#f$8&Rb~39R1X)~3U7bSr%OOD~A~vNl=@ExthRrp<*z6++68go|eoUs>=2QYf zD@6{2Lbximo=3!X6?j(Lqj#0P{eH+bUeHk6_|bZhrX9k}XiW51-8gS!rilxNyw>sK zAYDHVme@x@B$f54cmYJw(>0jS*j2Avj5HuGkKnw3zQCO4qHzIh6yFwiTUA8IF<3t-XK3C1%Gs4tQEx7qVi8{8zo&!yExN2^4 z^z1#&Z(FMeAEpp2^9InXvqK``;oI@BQQT(?Rrsj7VtHf4wdes`W47Sm)p>d)FCx5q zG&&zLT&;d-)7yR&TG!5%CjL6w=5{b$;>Z_Lm3{5Ct~qq9IcQ|nv$Lb5E|Y-T!rbUw zCu*3i8r4lbyZ^5dUq`UB|Ekq+AS zIDUV!5E?^3EJy_bj{kPM0jgnD9cjez4Vp~H2|Q}xffkV}MBV&LmOtGaeTyW%gqtG&V;`F>5ZcShU(Z+TMO7_N@ZP&44azHy;5pcIW_K{V0NgcQkQk1bg6bL6nGi10a zDd^RzW&wyeOe*4Owhzl<*Vi9U+w{&;g7XPk7@43Iol1R>C)YFnpUM~1+;PhC0;-^% zBQ>Zyqeu`L6NBV=Glb*naeuv-2Go#`@m&I{{&Bz3%N2r{W;Gs`aCL2(rhk(#7_7eu zmE5sd^+dzE?IxYwiB5T;q22KvcJleF^g5`^W~}GAeY2(6<<%4fJ|FEe7J>jh(Lh|4 zzLWMu=zqt5MX)t8`3oNYO7$@~@`+;IsN*~z{FLAFNp-Bk9B3 zEKLh2LGE~x_{_J*JlgW97eP>TnF&UKsj8q=@OR_^x9tB|Qqd(3b>AXa#2l`W!gO!= zo;)o56@Hl*B`=uV-*K5*9L=173!Dmw13@IX=; z3H#TZnxD91<`3*)KzmWn@H78>5}=7Z%4M8uKv9QRp8t7d97m{hd+)4-W|x{$$)sAL z?BKQG+;rU{O)ds75Zcfd|WXsZ?hX1|>8SnY>jfb{Nq_n?6 z7yAC)I(G`gI(QMHQ(yDDha&E$93-T!%0+Rq zxMUNrENy1yFgdF!uQ7j*=7@Vu&rQk#JLWP5FcapvicP%>``A*Sy zABV~Fz+x~w4uBHq>6yoWGl+Q$dK#V9aH(dFp0g$LkS|D==6Cd%T#vaVlJ4Kwwro;~ zhNCPwfmQ%FQW%U3NKF1hCqE-2A3+5H7EWB5GE|`Z;lHwHP$G_=hsfsdKXKkyUFvuv zphk!so;1*)>tR{j2^3z@{g$O2O;y*kWM4V!rj;uZ7?k(B#VoTvR$K zRd0bwm_hLU{ztEO*s02-{}8r1%_fZ|Ig4RFjV1Z)$Nhpl2eHWDe>-x4dxPE)PY&9a z(u&n<5){p@^{BbOtrnjBHm{oENs8?D&1gd|`Bin{2>Tu7DfArTR$)+j?cBnEBMFPL zsjEXnS&DZb2&QuI{O88M=p9Hf3A`75j<>m_#u}JuA|mqGDmi9NiL-!2-x0b1==Z7o z4}=t`9OKWJxU1mj=L2C8*kJm>srZxFT!?gZC4M7vw7!>=6&_#474OH&k{>VeLxN_F z6ghqX8(oaz{YKIVEZE z9-~Yz{}-SXtgh$zGn35=Zg1d6t`kI9ZO^Bc2xO)Ppwr~Mru)@O6`NF4-t2M!RVd}{ zvO^vQ3Aey2^J2~rRRvdrxDU!btAgkOwCP+5)Dta6$|Zd%cp|&}kxW`F7R2|~I6z`N zx@ii??czb_o?Q;fZ^q~Yx7=3Si{qnY%7G+TWE@#7;hJ`R;(8Oc#5&shug(a#he8&5 z?nBjj)6&tY!l3agAzPU7G$Wcfo=9W#ibvz#^#A%m$l#9W+VU{21Y+qPC;|e9($=8{_^YC0?lIg>?H{Ui7WF3u;A9cjjhOIdVQ^?yn<&g;6BT$$NVw<*eQvdZ>RnC425w z*`GwvqJwt5QF_stDD zs8ddIIRc$r1)7!`1dr_s4BF%G-0`j#-1lh%Zqa6yg8DKDU8<$y)r;{;C{wi1%9Zv+ zIH=MJ@v&9^9b-q^dD?^aM!OEIe~U19BL@^{BcXEw&lhNU@G(SB>0FMuS&3Dn(|gfoQWsgST2!Bn$rSvQ zl2UmdF!e}v7gnVK3IX%v^R2fZsH&$4uM5@`mmttBC}KH`$9|PNGS4&PzUN8~-dRlY zv-&F`%ak6AokG{4S*k!P-(Rvss`}t{FTT4w<35Q85i+*{?TQo`y&N*PsBi@PoEw7_ zmO|p%GQvu#(W+E59KvLLEMP7mi;h!;&-3%;DD}pe5Hh%p>`rP4^{`NocS3RVU)R%? z@)CL4Z(k_)qA{%7_7<^RSKvGUgd0*WYwjR-b2u+MY#hE0tpZ)qY_`l z2(w-^judMTuZ2=#5)hS#&xYq1BmprBf+l}`UWW_OC=|4RqtpnaL)TrzFk#VyDN##d zz}-p0U;@1Ygo1h&o%(PTw1unz80)ub8hKVuD%oV*1yNXilma~U43y|9x%)iJGj5q0 zVZMd++~6>jl=lC54gy@(yYVZ^L;p>9yLY;BP}CsH*hOM(>Fy5_vXdHU?q0al`|cS; zNPl>Gz4V26mf?X??F7~muCf@R4I1|T>5dyJAYe z3+1TGHev%tnWCe~u)?=QCR9z2Z@yBaBRtW#tNQcy&n4`}#unS62|muja5LuY{DP`} zuh2+MyMWH%qwTUsFHI`_75k)Q^h1AMzF&E~?m;nQVD@HfwXXu%KBx}C{J7cV-UULc zif2l-w;jfU-;NEi@9Wd-rqht=UG!Ii?Jl$a>Lkzz!$fy9H#(F2{>cXygaC|CpbRB3 z?hk<<_etE%2AK>1VH=92yck^qjz<|WlovP}cA){^PJgG}Ca)?g?@4j8 z$wsT=YvDMy$oEY5AaE&oZhQ9TQby=ZH_=nE-rhlLjeIV)0!+gc7j zJMi0^UFA;K-EhJ$w!EG`KK;x?rJE|UvnU!g9v-;%1`i>-*eLbA5<^BvN`<4@=gaJN z^6IYh0(`|FiqRSi3)VFND7%u8Kx=(?NE=fbU*PQIzgUQ-$`y%^$J~rs2FX_;T&abL zBy%#bUKlh>IgWC(@?s1ci*r;6ULAEXZkzH!rVPZ?Qr!e8k*u*J0*oKi<_}3%um5r! zKmL{d9^}$u*f5tPP9WK5+c)u`%R{^qSV8}b(k>@;#aNpj)0^w%^Z7KV>VMwiK$oP1 z&9-JeVO+^eb-<x&mReuyNIz!Ypscu94@ebH!%vvbJr;T2 zJP*OiPOZf2l|U{f-#LLz-e~)#$Ye!#h|BwYVBZ5 z`TJUl1SEV{Qsu(N9 z6yaIhT1YqMMDlR*4BhrcpQo<&aLOHSEX@3&exR49E4ER|&dz}BTXA0s@Wr1#AnyLh z5+Ri3bc9T}SG(0!*RH=gDibkwue^JV2@)9Qe436&jCL;?FGq3E&A#t zbisjuaGha*mektu&zL6+aN0NVSNur3xL80KZ>r;CjHS6Zql>KA#1Zc86FHlDLODjz}gRFmMGGo}FV&p1Nx0c#IL zd;zJ`7Ms*zjMiekZY8&`f9V)(?wr%)`0w{h?;3(rH-u?IQM|3e_QCljh{X~>HkFPPqsI|& zyJ!15{GrfyLhluiQW-F#`b@#xm2(T26U%=-Y(MCB^CZ9$5$F?>`;oHI?EtmRY~QB4 zGTMVI_NjZ&a@RyLJMZuJ#UK-l!c zSvb&+HsE3EJB%U=tvyvTgr5=#+7t3wLDWJhj$V08S&u6~5Hk1>-9$kkif^lNrQlQ0 z7T{$~7A##WvSE27$BTEpg%HF|Z95gsr{GZ5zy;IQ1z_0L<7vL|jD2Wb`RU~}{UVEI z7$7&}*OBgc)o^rW%15^|H4UzRO4?TCjZ(I`@3b0N{MKLHs2%K&Q~o%wqF30AtX59C zJG`b3&IQx0UAogRXcZDNG-5dmXosgX|HnYH_}*mQ#~|>i&(UnR+AdqQN*O=G#I-pF zSk?Tuqhl#XaA4of2ydPb|Jwiz{mJdI#p3f;9DD-@3Q~@nmSmRVyXAGa5NR_Qg_NQ) zl_dX)7TD``iV6HLtXmfT;A!6>;N@Z+HR_H-*DwOD$B}QU7KOf7J+L5^|DzM@>xed& z7$~yDpkGL*qT+fg9eI{i8<|B$e@FlC6(sR%nd{FHGa~nJ>ha)lRB7*QBtvB-GcY%z zqBZS|t}~MiVT%+l6`w@z+Bk7(XVeX}A&0v1iT3HPSD~q4O_mJID-t%xvjBu{WR|)Y z$Q$U3=x>^k;ME3NF?4aJ~5io&2jOh=s zzf~ThSD4MMb<9Bt)_>bro&@OBEk$E=L<~;lf*q72P}{MCo{6WB|Dt3R&m+|j*h!y< z!jLk~{{mZ7-0L+6h+&z|4rX6^>F1bV2%i8+a&5gZEct|6#U{S(mXIK97^tj5vl zioM~<+{wwPega*h02Kuqij>U9p4O&Y=p=MQQD}*Tymg(Ml4ZnB0`VWb#(s&~tSRR3 zFe&?eUBZmjR^6>{MPi^ekBmU-*9bjN8Cdfl$s2hBu^jKhl#*&F9wP&yK7L142>BXn z+9fE=;vWwhy1LqYfA}w-wZGQF#d5lxGEpMIq7_ah!1rb&W7qX{Lf@Ze2N$=Oy>}Y) zz<0@&`t6F}u|R;~J}=-t>wSj%>eX``5|pUh@ho`$U{a*-LZG)OB5S~(8{wk!@E1qv zb(~8eGJi6J^PBx+z)&)uURH;Ee@ot@raDFiCD&WL zB`%LgRH?QdDXcv*g7zj8D4j?i#b*}So?HzYbf$EDE*A#EK=OM+`8*`ttN2~lr}W$f z1_{AL8~66C8po*!8wO7W15;QfNOT64?N(`GUqa`>uKd20^8>n}M1sV-!ajo2&e9p< z21*f(!xpO#?D)vO&+z@&ljoN^-yfDjwlyDR-Sf$p0oRlHh9sMaDPA(hNNk(dh3y(a zbs@BQ>ETZe(aj-YWfNjFm=z{28Fo6InY?g=JmV$kbZyfH!D>nL=@XyBLn#YG(UxQF z;zl&FgLfir<7B_7PLDG^n!p|Q=aJQsm~5=C`%OMRE~_9Vivs@8d+jOFZE@YMUCzja zS}ZEnZ}7ig1B$jc_t^99a175pr;wEqw=u3pzt)Z_H}}|_%!+_ z_gCI%BE2XmFq@QK z_vn>E3S5BwP$%g5iQ-^l^hWN3MobY;$9t)6%-`s7l_yOvPMZ=e{#EFPKm!#MBWegC z-D~H-uxi@+E;;ytOW-l(>C{z6HPtr;NOk6?|2jqU!Vi_ zY!MvZGkKQ#A~x@9u#Ou`%EfWLsnLZgHKNUq!Qm5(rt6@vjiIx4%zUY!+k+ug?28IP z$E*))UAPnI2tD7{iLWxD4@su(XQNm>nbfka0^Y%)ESSB9ngFs*cvZWg>k(7l|DlvGFGfggfD!(D z5~3@S7b*kF#hoZr_ce*HDkR((g5%$=?M{ttX7GiSRd~0f;ICY5FqSa)#JyN0+;6{Y zk^L!{h7v~qrdpXeLQnER8~Un&d7+My&ji1sU#0{LjhbQ;sJV#h9rKz|)&>rKvGb$( z+tZJ~1olSV=@lviV+M&4wEY~38%31;K%j++HJkDXmPT`#4v}7`GE+tl>FMo&XmCmlzt>IK&UN28?8gEm~ogxgLLi4xQ3)VhET4fn#ar zu3|UL7*Ycd%v(Kehgv7|C?$-?Xvc4>^26)}tgOc0Gb&mXz-rmM6JI?5_X)uqlcS`; z6!>2E*u+0%VVJb&1z*MRWC7{O4)o)j$0?QmAq6H4Luq_yUQdjZG<;&EivqjI)|TSu z=wPu`>tAH9*)783iZo4?%K@69h}Nq=SeC)TCAjlg0e#DhDZyuswF~cE`49yyjC{%^ z(5B2?RNnTVl|WinQA`yUybQSuJSOg6dtlEt!Oq&fc?2G-`q}fj&LY}4BgOCvk_4!# z&HGCe*);hXGKS=iwSw0~an&TFq0x4MeHx@sIf%D=0nC0zB zn9{EJFoT33(g}FUx4$&*Q@ zb5911mdhu^&?v-&wafyOQU1`P3|y+Pt#3G0hGEo$(yy^SDIQR9m72{zPPy#nFZkE5 z4HKl06w?bP_t)kg4cVfZ9em)p&qc!}ob8y5P-Vn(8DV-&q$=in`8Nm=_Yj2!OWXG^ zlgu2pvtE-cDNc&+7UhcE2B>goq(v1Jy+nfpJEfuxARWPu@6`B?0$h!);I50n=u)gp z?j?@GS6-aIHasht7Hb@JpUiEkB};oT7aER4t5GR#(=yU!81oI+(0!V^RHAkTn}dz2 zRc{sXvc6F^^i48vs*!3Jwl_G~{22`Xs~={NN(lvR9i{48@ogR&$XYVESRv(OCzT?_ zJilKszN|#PZkh?eb8kT){*n)RtbClhKb{se0H{|?`UGT<|zStBN^ zFPe1*fl>?>;dMSQP8`Ff6Myp>e>wQKc{~cF92M5y`@Ymj?M4GitvQ3c@(357F3u6x z)B8^1T-YH-`h>Gsp;UG=i-=fW#v|ILNqj111yIMe3X%e;H$SRgI_R-_r-ZLG4O!<{ z>}CQS@7WKIQNWOO+YA-dRF~W5M??$GZ#$jZz%TWEp`j??Z7JT>Z2Ns?TfIO)9KJ-) zy=`D;XO)B>JD+q36coyW^FD_>{9@v1;iXA@odhZFsaFJBj%=(FJZ+eF)S&C1lvFTG z6@8<8xNkzl3a>DHVCIith{GIco4j{bTe9ReFziAn4<-Z#`pGqv zDs%uzszm~9vF{*y1juD!-cdNOLY53WED}3H)`%k=s9x6OU1<~0KQ%afA@D7;9FZWHGmIkDJfGtL6cKS8wk~dE#sl7$C00YR=!st zb~X5d{owG0z)|sWhy#0YR!z-KO`4Wv%BV*Xwe_Rw$jn_9;aL;+-n0Yc=DvYm}qk`>lQT?E+HM@@RkOMkOfk;ewC9o>) zrMqj(VJ3e}o$FK9wmmRkjk087Zo!>0^q%mNzlIZF599?nelR4ZleC!1sbleh4Uy4i zCjAzF$&hAwcqd5NV20pVhF@3`;(|j0A5q5YDhgn!@GaxV;?nM0;dl@qF(>8GM8dIg z`ae-e;wt z#AsYaE!~wUpq{UqDHb-T?G4Z8gtxS`bh>C-8Q&Xf8G(h zQu8_P4XRoGG+$=}(Mr%tB$r2a8v640#YXL4muC$&akbR6y-#uK!^vPp@bj=96yzQb z%d5quKnSLoN-g)-jtG5=*x?@RhO$oM&tl&zp{;(7#7Xrw zQAG-SBjtsQjH8Phxza!ZAd|>Uz-*ucvs8YLJI9R0v1D>FsP%{Lz zONJno2ltYQii=b0WdXryo}jjy&Mg4!37)!%Z}3*|pYh zXVWLKl!2*fU}w(|+FvgpdA5tD(zUFue)U@70StqoO+Bd2t7s!nx5xp%FDa#jgE^PH z9Mj>M8$&y>&ea(2bNw1P8?HCk(+mFynWFP{=P~I>u`ae)(Zm%Q2umQaa4D3-Hs~hE zT+52rf;&AqV8jR@p{ml;d-v+_I?d&w5P=!yuzsidt>;JJtP}3!dWqxnys7q0* z@WO{RwfQE)w?9}rMn8ldL7b-qCxo`H$8M;Sq9Wxc^Z{%xeO}FmRc31T)qw@-1zMhUgs5RA!BB$Ps3(*He;+C2Pk^&k~f^m zd)qFpU>WrM)~I!Z-;Prco>KyBIsYtHsk%9O*=1PgW)%(4uidz zN7MQ5O0^c#c@Djn&*zr~?Kg2%ae_Qgc#7LQV7MkFBe7>1+v&q& zE{whMY5kaQ-4=q&o)+lDzkzPb5!*V($Ewv3AsHwr49=8=)!-Kt;9z3*+)+~__n&Jv zlfybKhL8tPF7wO$TZ5qRqn;4d>C@WH?Zq7@hJtO0`8WSM4E>#$z#nDMjjT!>&>kYc z+jpLC_EULoOoKG-F4mfyKymlzY@ukXVJ9f2$4Y@ZZ6n!#JQCmN8iiWxK1`e^WUC?m%F1gxyGK0guF&ZzNZam)A1BqJv_OY z_P?J|*z_u|+FDw`yFQL|rgs0g_3cwa&mhH`A@@z!bl!39yGb_R?iT*_OY9NY8%=JJ zY&dg)q5yR;2`o}!;(!oJB{xlQCWo54F^fsc>hfCDWJYhY;&w8OD>j^wD-?<(j7mz{ zVer)Nt9%BsEO|oiW}9~{M8SonR-JDgkC`LGJpLmFjZ^l&QTB7*>gQl;+l~%K=?zKZ z=KnMZD)pgXkS8Z6W7oAy>%CuSSB_AHdf1JQZAW$fL**d>f0g!szU81An^>Kcrh8fr1Qu(8j$AoOznVw>RE0kzx0!Bh=E*GY z^aZCn9$YENR;pDiaZCw)-o&3mc+VC6yxogt9&fZPE(%Y^FKs{+SpCLm2GjTCz=Obi&2zx z;!@!=sU^Fd_0)I<1!s(jD{qAU5u{pw^*`PAdSbc-8~D5Q2_N2VCi5BI*5kTK|e$M7n@Xf5S#Fij$RMoSh9$4 z>Nm#N*p_bn0&ho+89+=`)T`fKdgH|{Ao4{dh^*joOz3{5O5I^1$#e@kr?2f)qLRl9_$~afWy@fK&$e+cD}1&{UJ6!~NZE&@p71jS?S9+kM-& zWj^jsdS}Sf#1n!!?Q5yluY`a(UB@X>Z~y({+*~NxI9}ipOcKI91Rm*m7ylXLDLq-6 z@H$qEmt*nRzSeubiTB@-@(PL*`Z$qCpwi$P>G!VVDudi2{&%=80F)7*rs6Oz%AEp8UPz)It2FG|Y zj6L%e^hP<~chF4f`xcW!Wxz*AYh73$Om2T0N-NAmNF;%M(~xJ3DU}Sp&v2lH;4Z*V zg1}f**6Sc|r(`f2L{Pq_L;aUX6-4+N8-;fef7990P}p|A+Pl^6E!oNwt- zdDe{fw78I)5?=CHpY-)}?I{$%g6(5Z9RT&#%L>c(-wS8G&|d|z-+zi^S
    2CDcd zXnKF<%RuV8z(@3Y^-7aah#R;86tD_roW-LrCP;!BjnL>n@2K(k=ETL^(hg8qGZmx= z^Sn-J+um;{u)!RTUO>EI!y0k@28heA;ai8AZ4@agHrQ-;9lur{7op0N`QSOqAve!) z40{Ke$`+lWo;MDt2Bd~FFyJp8*o2l)L2l?CpzcCNSssun4<4&re83A%O9SVj82$&G z&S>YB-`fSiWE4%csc-=JQxQHtU z1oyNMWKhzhIN1lhR%Eh0}k+a3nUQ! zO)`{_f&1{3W*-+%EM*B7vzBhd5&YLSY3b!40)LBQ8H+z2912}<4st`l{c~Y|H*d*M zbOU67+7M+m;KqpNMi<{>4W*NL{|;FZmgtd#wa>eE1=V6YEWqsF5Vx4d$zdODNyc*=FRE5JE(kLCynKTQoJVz)>D>M4dsVxSWxdr~>eHqpdI zBH7ST2Qfo1LO@ByfOO1!ZJ?mn#jn|J6PQ$_uJ5b5Gzte8?NydyaXZ)8lqrNn06at4 zs8AM}1i2iUzuX>JS&Jz2d+z1v`rHihQrmalgl!R<6bWQ9O(TBSLDQK33{1kX+i=*@ zfW0Dk4BgK8MK$fNrdU> z;!N+`#}!U;o(+f%X#ciSZo6{+rfHXz(8Fm%v&MMxm*>g&X}hZTWA&p&Xoa6|PhNn? zG@JCr)7>>PhmUb;KgvGbd*Y1UfmpYfh?{$R{4I(8zqlhOnW|S>oO&*kS&a4W|GJwb zi!^ntJ>p@3W2IinN8a>{!+X^|Z@?T-Zy07|L?nr}_!KRZ9|(_3EU4qIGgg3qDsFNK z4>L-Wlt>9V?qqT}rqSHPhWG%rICZ8XYvc*&F&P|9P|OWI8Wl^b=LmqBNI3aA68fTD zD3f2wwOIqNlZQf)dFK=c$J0-v-XVpQzD`O`{{6E0tNE%rK8scC6Aj8C{A)LyIBfuh zPbPM4+yBeAgc2O{b06~#{}C&vtYzCzdtyN@ z>=7kJj#0N=M5TNLUnn8Hm<`>J zT~z<_-ax(=lS}uDHOfZX(Wxm_SISE-W!JDHWR7o7FP70S`#gY_s&L_egOjDmW>gRk zwjlN03rLL)hZ}iN9wz~l_WA$?Q>k9Noa+k6G118P|MXNnF~pN1p_0iU>G}G&N>!vB zkd~L*_-SrcY41e}^(B+VE_ousENwE5Y>DcAXUQ(>rIZ@E6XX2rBmlff0@ka&&?W3n zI2&Fn(Iby|`YhLdi}oJkr-FDk4g|zNT%e2T+Xdxv-`Rf_cA(N6!6FE=EfWqbh$rgR zAXY6NO;}hCvQlX@-|svGjr}dla+m3kqK(-Cpz?8`F;;Vgal<*2Zip=Ql?ckp)7UuK zzQIhm;iddz2^1q>x4OdOaG>hzgIa3kO*S$l-wU{a1;T6nF$gct6qof$C>L5)v|^}E zsuuEAfe~_w)!;RJo>Tnzu3J_(A+)tkt3ERow$7X!coLy^=n9IrmBA)yHs3hZ(jyyO zY8P#^sa!kMq(yJ+TA%1wbeFEnx$CLSq)b3vmGMjxbjiOMM92il^k9B0>I^-w&c|39 zutNVT9MO}Y5C#3q3h;n1OO-9s7q6R1K8IDDk%xn8Jr~rd6FVa{L;UV7Kkh%7x|*Db zA?Amy8`b=`VmDY1JK{QqOvuKL7rFziq)gN*nB^_SP%;FhC^GT`f+rd97}kC&_=d*N z)+YWn@&n?qw(~!nd&cSIYH-EcRU{2^B6G#5WE8;kR=fmtTs{WnH0;cRS>Oo& zOg%nPJq>sPMYur%1|smg;!woMr2Mrws&rLwZ%9D!k%anm^4zzjX&OZX-A?sY;%UUQ zGL=Z-um^=T;j9M1!=rZ$ja$Mi`p4LZKRscuct^1^-u5zt1Xs2Y+CYoy)i(LGrP7JE z2G~j|o?0#gzo=*gle5>RKj`^Wsoyk{0lN6RO%+{O&`qVv!^IQF_Zps$Zvre9cFL2E z3XYfk>Rjyo&PwD+nYu~5Zfy+~r;CI787od#x?5VFI7&t~Uc7JAhK zJSOcQ?%?{h)Aoh$4x=Q$U6j~kxa%)id?B3`8jgQ32>Fo-$r1@Dj=~yU4nbMNP%fyf~ zsaTD_NvK?k)en~i&J~|Z&ah^8g_UluqQmOo5Fv14?7s~~RAbIt0NghIQt!|F`$Qq# zmq^6}NDX@ejxNVoid=<$UH1YuK1#JPmP*S31G#oV2$u>CIf~R1NiQ52nVNo}DiTK! zq5;$P97)_C4NDpa3CU#TTF-{bT^I)u)2L`gCNZ(-vQo3K;5-p}SsID#Oj;Nc=jFf1n>v;w7#Y=*;@h;y-eSL5|7cf0 zFa+UQsQriBx_#j}rY}mc!ix3hjI>@KYLOCCiGw^i(u;Ki3HeNnL5)tK{9TYj0mzMs z67fzySuX}$wiEOj_ra)+3xR9{F6LMQ=6&lNGo8b%6ADA2?YAiivz3@40gCB2w*TzU z*3yfY4 z860JO`N-DR(k7&<{TRQnA$F^4mXP3|!Oy46tWUfh-TUs)x8~=kzm9U?!=8OBpK0@D z0WYQ@nDHNzU`qi?^BB~pV^16Tsthm|tJaH!M-{>7V;hPTfNFj;L;3I8{p7zX?Zzd6 z?P6m;M0eFJS6en8`gBa*IHu_7n&ndW{UNj|(Xm-x&%D?OhwCb7Kv zL}q&Ah*6kaBV##Hzz?A)azBzeW$B(k zW6gTw{W#eF)%K!#VboJzD*7}fH>hnvuc%9lPXKi!JD#TDBUER>w@3GEZZWBWQnG}s z6x@nz6E8dx)x^p~r^BV$S@G1kR7O{>s@iYBLrGO6E$7F5d5d4BV)*f=|Ct|MF9lb$ z2$GS^*Oy3$6aL*!yX)*(=S!?(cmw`0>pxe6$^KMd_6A6PAcNqN2%%u^q=qH=vX}l~ zOw6seSC-GTM1UhX_UkK%4s(&O|H&KN3Rs!MQqFCf^W~l@sNoR1QjP8wnd`tHJj6o# z@lH#tea~;hu#;zLdP(-FU5B_TV?EQms*H94BqqgwMZzJkiNMR+h8gTtqkg4nf0gY3If+nz73yy(&EF+Bx;nAb`TWrN?9IIY)(y%PM%&wg~A zh@obotaxYxGJthRF~fTsmj8Q(iqD%6{6L$>zu&&0HJ!P~rJ93W2sVsA9R4)Y1Y%3) z%f+Zzi{7sWZ|!ZeTj6U9f%xaw!ftLnrqc(ug1<}Z`qf)rtJnao@t9p+Wao;{`{Up7 zK=hiv2)vb!iZe4dD(LqjFk1q*R322i1+Q%{r+L_e`zt8CdnXB!;eUg4$un+Pb&fI=U@ZSn1cqVe)q(qlv6+ zjKs+$=?*pB=Ku6Iy{r=hgTEp`EFO#75zt)PXN>j5uV{Yz4e28Dq% zMf9GqEmF{=St1#z_cQPiW>w5akB%~5fL1ZMOmaSGVh}%_PL_KHI$ST~{9^=o(^wDo z(+uTjCM6hrt?0*z7&O8#$9F=cs)65zIUa+d8jb|TNJ()K_k9=wPR$`ArsFbwzrpm? zd~P}({|4Rl!|7f5)_Q)op}?rG90gMs0H-=03nxlBmb#y0n^CD41ijvrh@2nJ*6JBu#fLMMYeT zq{|-C)739hL6iaz<-i^XzjqN6iv>N$!L(Rcm9ZGJww5Nz)l=0=205LLstleo_a3gr z&OX&nMH#t5KS>vb7>jwvUz?LPeWncih~hIVc7TpoXsV;OuR(J~@&Px`|JJ9*|QHK3&d0W2BQ` zBIs5!5SEuo{7YWAj75IKHk~5y^;xfC|Egs)@>MVdwq6Y$1ivabD9fjMO43IIk`&gL z^iPo$W5WiZw2&Rn)F_h>G1Ind7W4klmjgP?4Tw^Z?ATF)gLOg7anQtPrZH$1)hwPU zM%HNKT?M`%q4k}`mHLqjcu-b|8?yEyRfYsKAfTIJI)%a{}h(Ll04PgE?xQAjV&W+BBrly=ol(+ z@)qIdp)(R70!`-*0X&vI2s%aLqrc9i(6Xy^4#lX(lWY&1PK#Ayp=2F|wNXUJ6(Dx5 zvBzU4T}G=&;r|c?>}OXW0I-w{){H6o>E{!{5Z9lUta1^>shS}o9a!$#B78+1#Iehs zma!&WuIswJ{{GH|jB=wx7Vp^5M>tHvOA;odgV-xBNGegjGyMjjMFU`2giUm>Rc}jP zOsgifU-JfppkMdyYN6no#0B(eW>F7aZPpqWrI7A_UCw);H{X*Q5wpmRcYDbd!N~Tt z`N77nLuA8gYsFDaa!cRpw@Lzc#h23rN3qTK3N{WSg%tvrxi>u#4hhK7zF!!9_i;Q! zYz-fg6gvH{fh~pKZ1a~4N5>%$A_~NzsQf0$ci-~F*Wat@xSTH^BjmKD{12dawU+|x zd&d0FTiprzRe(gM0f|gWqYQRR1=3hMzN4skv-Zs^qho9+RdGnHLZ79fZ1nswA7IJ?6!|Zu`H_SmT*B=S?8e@3kF187%A{bVbTPm4W^beuhNz1 z^D|;^cU90yyFe0fy@=6zoWv`2Jv!s6=Y6`!$Y)mvHfvHU1PxgVt|&D*#c20YPkavJAZ};ql$547=aCP)_q- zqTVz1mS&BIxFSlxV>Z*n*tll+fjo^3~QFs`KKzdhzRuW)Ho(T3({Nr6gI;LXDA#w z(eF5h0Y4VjGT2^rFiZz_n^xOp9T^9wx`c4}y5|dZ@lXXjb9Yz@F6-?V;az8Kwm=2_ zKbp>gI}$BQqhZCi&5mu`w$rg+I=0P@)v;|G9ox2TPxZ{2KTxaIt-3n*e0u|%H{!cg zM0&ANp1w?LllMkfOb_>-U^m*A>~$&Gc{QXi7Je7yxnsrlXgZ=0W|H4FO#OcAj8O?Y zhrqX^D3?~Q7v_au(``(xsj5HX{-%xxSLSnDdh^Wh%SXZm6($1*cT&DHY6;p(NWcww zE6%i60lyHB!W?}){=<0P^WDw&^|F6=)p0#WQ<9Z06fj#(<%W1fh7=Y!0G2840;gGP93oge%E$bmX2)fK4iuo;G81od`gASN1&1mVj2 zL=n6|d%Z(ZvXKemLGl(T^IEp`59S`w10f|$40A3imi_fJ&Gtum!m8-L89X_b9#6^P zptMG({75FMsrn?Ar$zoVm8TPrv3LDZQ6wt=0Rbnaw*CYn=+0k%FYP&+B|=KHH&Y*> z5J1e|hBcVFj~15E)G_iG*-fXTljcIA7`wHK;BYswp1H`h=lwGn-+(ltbRazWVy#KG2$7qc zd+gxf8xX9J0{^30I-f`VKZwe#BoTe5ePDP_x@^PZ6HTvIVqg%)D+3(^X?>4yC~r+uhR-V9->9?!s4QgUF-NOsLd`cms_}O|42-Q z#DQrBH#NZT6$K~VICb|l!QDV#1umze(s`_-0@hfHpazcx?^z>XuJS=Pw+n*&3fsc^ zS8EnLlQ784nG4MIympXo;1fHUBf(u3S1iLkx7;$>iFJWD^a-2;o`JtBFZf1*tz?DF?z?|ZKWd`hjcf|-HH{JhR(pk}Wz_!T|YQ1XB z;1igj{uBjaVYT~L>3l{kh!&OMxT3082&lQ$h}UeDGn1bj((sY!dJ-RE@Eb9J}7 zwV8bcm&KsJX?XAO?Awe6KLl!XF>YDl_-S#wBS9Q9hpD$+^7)iA z2@JV`t^ql)IC!PNlWv!eegYg+lNBv(_?D`tpnW07q|Vr(?*E3oP+>%^0EIsc-`ao1 z<}jj+eilA7d`nHNK;rJMG5^evp}}5=Wu`oNT4dGkClMBl=WQ<270SVx*!NfRANFS$ z5ZtH0kGJ+RrZA%BbC0~bDzw;uQj{p7cib@u?b(d$==e7G0^$nuLAD_GSv#e;AC(`x zvGW3h^q-E}X|2jvs3sQ=S2Ai+=Z-Avgyc(&9cWy4)isZI7;0&s563@O3UFX?X>Bg+ zJu$i%+O)IvHXbzpaI!$(7T4Y0;rsmeP6 zvZ%(5Xo*7op8~7^6W@P4w;f){4E0k~MN~|sX)!0q%PDphaMOziXZwJ$MDgzujGjwA96z~sr48sx|$3-SWxXTyFt0ZOj zZD1GSCSvp^$X)(F3&3>Ju_COdWJ#11nlkG^QRZi~&Dh00YMe*RVcJHd<>Su#BQE1T z?ma8x;_V|Y98OsgqA$)eh^gM@PZIiVx@*(>EWo~NY4sYJ9qONW>Pc+HV0zTz=vo|B z9@B;MCw-mE1tIsX-ca2qg->`Ok;?=hA&?MOA|yLQxglOU0Fhcq`By8rTnSnN7l~`L zm=fJaeg3Yd>7hU=V;5t>r$iJ1kqlbC?LGkA9gO5s5^7{KB zZ)i)$kU_n)?28U`;+i3g73mhln_FvzE_a7YDk~|I9EOL-u)v_9`#|J`|N+VQ`_jqV$;GU5?eNiNSKOoF0 zwd(V;tj-}vnH->~bfMId4ilZj@m40Lq=CJC_&qr6k@ZD zLbgs#l&4SXYPtKkm&V)6LA0{ch$OD2gyrBIMk85%G22X}w{&KAVFn828l$|Imgq{x!7ooU{a}91k|eDq=u#%19nKI$!vj@=pT+-U^EaEh+zAt=Ke9|>O=$g zD$RibH`FhU0A!lai=IT!v6y(7!AR2ulyX>g_@~H1Q#&H~Prn{>Jqpf8c`mwBk|UfA>$vXW2DO#^305VXFfW53 z7}agtxE&RckwE^C?>gNw7|m7yoMuYjj$qoMs~mdUH5m{(o^~2^ahV-l*4<9rX_%Xe zMM8dVU}v{LPh>+{vtateEt9Ttj?QhBw$5i0_%UTl6))7@!yr*bohP*JkI%nsX$1N^ z=-sO~QPBd4_zxD0eaQW9ZE=v!IWD) zzMi|4i7lIt(;?Z!t0A*FrH;z^sfMlbtVyiYViTiQ^{Qr4l0}RHf(8NJ7?#^ojO}g{ ziNmiLAd2oUa`@~ZdUc(ZPT-Ra=rH|h>v?8$!z-KCb^vkiYVuQq*DWV-QHZe& zhz!Da1(e-y!0|u~C+*}NlpPnIRn+8t>r4@hDETMS*`a$yGBzFv{~))Xpw6y&vs=e7 zO5(c@TyWT;MbS=A^nOL6u>RmmrgKr{^b%)03|h#ILuV%%rMAX((&*0FCzE`&n2x?=NQ2j?K} zA4(2)mpT2iW-qgxOHxSJq~4R6qj(4?i_+_2@yzj^FLncL>M^)))L&q1DWrSv?Fjz> zDdmW0ynfY#_}p02;RK0%AOxPO!o585N^aIGUApBxx(pQ4UDWJ9G^HmharV-9#QROU zY{daS=wTAz^6cy?_nXfucL&aMYU&gb7JnF?W($aeL&jhcoL=k1K|oZjVMmaaJj#bQ zuDo8DN8cwWVc}J4+Vn{48xRo!o1zn^v0UCZ(L9(2oR#?CGfb_mhg4$t?Cu(8CM|Bk zD;#U8AKh5=T8oEQ3c+{;A(LIoUFJMzKb(*uEft;kNKM_yZE|_AZj6*vfysicsu~|d za$rIcn$~z?3>YpjgAE=bw}uZ-j3Zjy`4tVS++vZvK%D5ZQHVB}kyiGE{0O-;u z$blFt)|WCzq!JNgZKR*tLfDL2Kt2KBbapCxo8*N03|~H`mwX+HH_sy1(7QhjnM*w- zoTyW-I8~~}E4Zp3$0Sc%cu?UK78cG+5_nEb>Us+mQ~W~ zk7KU;e~pE&g~F%&H5R4t9A;a6o-tK%Jnl;Twd;ZE_Q4!}4EA7AoU7zd9EcjeHF^Y(e~TJ~~dDwT;TySw=;3j~mz z;?G?b)le0|06g5Me2;M;Pyq2pd`YbuR-txcs%i4L)>TZXh^cQp zrKI`z7hzq+`x3=t$*cgNyFT*3;g2n7Jd-J+2L(2RZ(W_7f`~t#Lxge{na+hs=i&KS zQ#??4Gn$9N6QldTv}>VbYGm^m^kM%}tv6h9IK?tp74|~7sYJeHftkf0ZfWI9zQz8; z=6knLgIPxKkt?HA{k@(jwiG%3b&vR|Y6ZsHu3G2D@wt}EgNE} z*_n)nGL!fsHCnYOmpdVsvie=zilp#WL4{Wvx3#xm*5x&+`Cf!-09Nxay)ykSi8HtU z7+7o-ma?VjUv-D@@$F6LMF*=`z#A)!u-IJ@mh=Ql!ypH>Cd-#&ftpX7ROFQpG|&5E zqWct%I~$YJM;eVIx__P5kQb43-}YAkJK~k(_!zUH4YMFP#Z&1ks?W=>B5phFGqo4lh???Y~;m5}|QX}G?$HymJ zZu_+_nq80KpGF^G?HUBBC?v-Of(D8E1?*^K?5P7+Ki`|lwcGk>&Ret(v%?+P8=r=o z5^5Sm6D38>*F4)Ux}I9rw-}d3rRFcr^OF98rIJC@Yz}$KZs_G7m&KA}ZJnK*=m6&g z?zh|tmT9}+rKS1gIVEJLGRU;D*qM+t*PaNC=RG3L=baS-u^3iWa=4|P_H$8+eRYjQ zXLy00D>_>WE9%&~3e*m+iIn$y=)yqI?{2L=IVbUw@s+V;BB{rtqT19Kl)yy<)^ze9 zSK&8&2b)PbJbtb< z^VwzCW`PW7wC6d8Eg0*29{Pr77)#TrV5bsk7*cXtn{)3%wQBY!6GTcR?-O<1jBb27 zmddm5HpS8bxwOBG>cuSF4PHmo1BZ9XBC#>t(Iik2V2g6+}g`sbVJS z*Z>(K6*Ak)$|)%tXEDp%R_dA6)W?%?yP^7@7BroxA)_8>4SBKq*}|@m!4r+D0vl@N z;*Ms&s4p2+4{d)^!k6)C!MTYXCL3Ip!mcSB1Qmbz0&@#HAoQ(2B7|V&M5%+{<)>Xz}mZiBa2#^mYoNvWty0S-$z{&$^mssW#3kDz-IJjpo{%`x(6A-yr zs=ESFnx{-3lZc@E?MtwX6WB-@z7v)hjPv;l>@d9LLF)@G5q|1x^WjxRAg*(lEUTpV zkF@38gJc<=4ZrC$l49uuu1VLmCDh_d;VD-y3&{H-=$a()5U9(jDHIKpG1zz@u+y&@ zQXwh}7@#79y_AI=sHY9?HX-oRF4BQ(Hf~Iv>}^6hL_yXy^{!LT5I?pQG`$6@INPpQ z!83ku;h*J+YIi;8mKoe-zvUj;+p5|Tz#rugaySy}4aH!L6y7o*A-PASjTQ>k6oF76 zf`CWdGcH;#n<+V!uQ%Z)hO!Pa+X4&*8)BP8gynf(pGh(7xGEZIMQ*$Al&8n&ogIVd1B@2q! zh6ij32UEekRti50JeDj=^$C8#1fBayk71iG#1HQLZ?8 z)2lTrtW0rvYyt`|ORc9Q2eYB%BmYK-H(?6WY z4sI3Qq_!Ke(ePo%ZOCgXH4q8XX&b^Sl0~m)b% z7GNh+LHZ0ZGpBVw23`FcY|^pWBbFApA+Jy)Aj~YCu1&$Pt^}VITHMNzaWSQBc!5^w zOsV-0>QCC0(aa-1^*1FamHy+^VlNg(|6ERR$WrgtNp8&_aV2MU^J-=)2EJl^zi^zf z2G%-SnDt-2nKA6VNsJv}(N!fYw)fl)w^de8>>^D$#kKKeNVBjySLvrxrk4w&WnjSC z24C5-J7BIUf2Cn;PkycOrQ~XP_slw_G6gEI_Ws(VH?Uzq%^14^C;RVOhp$5QHU3Z^v$9tU!^v&U|SB<;YFmmJViic+I1seOc8O&al+>Xmw zBy>qDydHM`x{5Zbh9h+>DPYuk^$~)_fw6k&*II%`7>NS-u+4)At)>H`#*yAB-4JsD zJK0&w$lz%rW-+w; zjruXL4v@4f4|5za*1NR|=EbU1Bne z@ZI~0Eg916+D+IR{(qa4AbwhHD1b$QHdZD?@T)ndSv(TTq;?kLqzfcwN&4A|NJKCB z_r}nW#%4X^7O1JyvO{vKWH;zov(51EaR{?=PO^ZK7Jp-J`m>wmx;eTUg`GbgL4n(C zt9<@i2tm4D&_d=oK!k&|+JG9{(*IdqQARaAuU2DSHgGLkHLF$TR8+=T6aO}+vd(%I zDdTFYlqqhNB_>vG|8{}XE;$H~XT5fje{9%He2Lv;ujJHbI~#^t;uV2MRfp$e_f_QO zI+SWyMyyPFdmpfB5HA1q5|-lzsCxdnJP$mS(#MXmWO08{^jwVL@o80)1_0HbA`c)zCL)(EBpZQ@s% z(|;3xHlDS97LEtkmBUS*1?igbEN4fKn(#@O31?kZDodRaip1bBW3 z$1Y|dRJf{HzJk*8lue73!2)enC5opMQH{-$LQT*_GlI&5pFhKrECIA{0Re)axdvyk zhO|){Smig!RvJ0j7y?sEr~m~M_?t$Onz^e{JtuJ!TMM~MvoVtE*Xu6=N*gzgG5?1n zG&ZH^YI@9+&CixEP2e&>>@9EKCct${Th`>8e`zI62eA~E_39VTL&1Zi6JPw0Eq*lJ zt_rv44kq`Aph8L4?q?{?cjqY0|0w3-fNMk)c`Slpt3qAy(rMSjdUPfGcN@Ry ze>G0b$ZYVy)UPTiF@snB;1izRVrhl*lGJMCbD{U6BqiHI^1=Bf9yuwAdU^qgPV^PA zv^rL?<>VN8`kYN1dYv#{$$Fh4e0(4HB^I7m3zT5AtkO}HmqL|BN%d;|qBXQwVabnJ zekqA?YIV-kIZiB@Ax&BOUaU~`J`+v!!e;S^BqrxjNc{%JgH4|vjE0JtO2tDRYWhz- z7w`qzu|+)2bRm)Wr?0yB07K^B5Knqc=&#zRVDU@W=}N{Q%eHcUiIEhQ>TP9#tH-92 zG05tWvWMl1t^_Xp(A5emkVeVXHbeC_?BJRa2Vb8IXmYh;#QqDmYjn(_fJ_nQ8`jeg z!i40CM;r%O!ri`m)Z)R=ip&IuWy+4JKS{HV^TR#5q=rAOJnt&-xiugowu#vF?7eN8 zY-uYW<}<$sbQcbftKFK@hy$XKB%z;ajUiEMc~FtR--)A58O;CT6x+rxPD6^q_jP^qwRF|}+%me< zPwN5~HFqN{-%v3i7F(qf1!3BY>vUg%XSV1Xm%O@6S378{wp)-#vbub#KeB>mQZQhb z(}4(hk&M^A1&Pz>5cRxB#jNnPqvyAOcXyy*fJWk8{#2$-J{gqHq2|4QixabQOg7t1 z<1!#s`+<^>PQ#AJA+?y{qEeZTADQDV;T$p@pY(g7NIIyAh4HiMd#q_kalWZbv zLXR`GoWmM9e}c1j@m1D-b5!yFE|j}Q8DROTHZAstL0v(x*6*jCNbc*TvFPC%9V- zswI)A#$_{Q2Nw|L#eJnL|Nh_CR%vxEj{Tb^6hV#y;i)nIzAKH_6CYk{Pk6+N)4gGl zNKp9z+X<|c;I}QwA(1w*qt$;LXmHI-^0}S^5(xcY{Sc937!~CEl7h7eB=&dY(!Bd# zxV*RFDAhok{@et9M-zDfUemfNwJAtG^umt;kv<~H^VKcxStKFDuijZYryBk%r~>q2 z_%i!i2)!_Na%*2l3{u>Yzfx8F`?ke?e$S6C8#r*s8F&pfHk+pTz8#B4ZZ^CHrvvR& z8Y!hq*S!H5v8`l6+j*g5GGzuGTfvaQ;r!U%5G~SBY2vtf{)OO71y2m;9jL3atly=) zs{PTYn1;ge5Ov5yHC@${XLiY?>Nx6M=2c4tTxzsE1|$?ZA>0}`Mp$d1pw5i*t>Jr| zTPfwq6&EIv6L~LiapJ3azm%K^E6UvQXlW<=)v7V`tYaM5+5yhxee4Gc3>PC>J*(+27iZ6>aq}(8KjFkWbYv`TNQG4Zp(TdVkV}qEd zHQCN7_UGT1kZvSbtBFcVB{r{pprBIdPw5L5hS0cK)6>(by90~tG;@O7xtH~3u?k4uX9w-E4fSj!{@N5b|chywUWGtnG#K1Bh?;|M}C16L9lOn{b@@yraEs& z>xq8bqA4jDW++#Z$}wfak44PI=s&iOERyHy%!RKKcg!mvZFN05kD#`YR!t0C* zx!Z9#xf5burFMWJntM!r8Aneq)o+xA*Uotn6%9s%&-}NSA z#j6lu$4O2StjZoX#os&(m#g~8^qAc2Y`nbogD`Ti8Pj`S$_9zJq|u5eSf5$-{#aT- zLQ2M{f&Pp+_N=}v_OJOmMN@OPXAwMU_Icp4g`cQlbbNv}JoY9aQ`l`v=FODgW1|?>5>qAkxcwsJx!~YPm$U;!YE!<%}gVtZp^K_na?ni_Uva9 zWs8xoT($soC*|sp?hm-bMYC6+N>ll{$P`G{@pKUukpg+y>)!pi!LMiJt=?zJI(2%p zt@g)2?(Du1@!($C=`uH$KLt`0$HPX2y9#@AUDwqV=uLRhP)$X>SU)r)xRT&h?i zeT<&xyOPrJSlCL#q_oA=iwWx8NcUP7BtOnLFFH=vOgm+@ANxt;eFRD4c_mJ7>s*e< zI19$`+%ms7*4hb#)7HD3YrGyZ`q9AfIbTAg-4)5Ej;Sj0Q*drL1~I?O!$`-xq4ogX zTX#Sp!q`6ng0%EkQ>VJR`jR5jq!5QuF9@D`BkVNL*R@V19LOzr(+mDD&58pIQg#Am z2P{ge)RL#g*COjoO!=w9Ql)w* zULq+@Bkj!yhR~w>d!gB7_4{qJ!l4JQYQ$eh+J+5B=E|-mbC1!WO7!$Ni{zHJb@AXL zelFxXt>ZQ}^UFkiK$}dZuh@z{{Ny4)1Bz6RmB|wuRxxt>jkHRlx(?L?7fQOAGVtJc zET39XE%3DH)q#nrN6}hlT!c)gw28jL2yNnPZB-UMi;QaMFRNfY| zs!&2^Sg_FQ?EYJwotRy?v_pMbcBPCpc|msWs)4=loA*_$Uuo`rmWPSph+D7}izBK! zk+A~}3ynD_j$awV0W%XCI=v7r*DCc2DW0?@@R{SP5KjSH+hkNP>~AiC6WjrrD~lN@ z4yOj1R4mHkw?e;8=OvMrA*!mtwG;`H-c@B~YUtOXP%a(2AR>y6zvlZXpIEZU?DctO zfx6hyGOUQ7A2>Lk$aRmrp62bcOSmq`+#419jy%C0=nsy+-s#cM`Lt$}n3_tZTB4AA zyFW61wwS>z9Rdmw>W+Yz#bOruPi^LT?#$tQBsc%yupD!}<#o-D@cqwg)U~jfukqPt zHR3X4oiak|Uu6871=v4UL@Pz)vY_mWR7u+DJhh_0wF_~cS?5$Of>U(-$Ik$f`v4iu zyZh_S#%8*;l@k-`Er-(~=izdF`3=}h7iTsUiNRtTI*e+SM+K1%32j2PIe7YkI zJ=G&~JPc01^<;15Z6V6VXvrn5On@Y74$W#Ut6TfVye$w0MilAtE($NAZqyi~)vN{e z6rpY4sfK-6!w?njC+&%b2GBFgod? zRY#-r5EP45FAI69|2L`~y{bZ%O(5v$dL3oDZt;_G?gOW%ke@Sml;$}~z|zmfa^>?x zbym%%>b!Otdc3og%2Z^0#kXf{45p4BJI~u%EtAvei{tq!^nzxOEHf35UVt5Muk15a zLE|(2=q?McH)}j_K^v_|Z8$C-?M*6azz{dKZ}G!nvC3+iq1AEsqL8Ht&)-O~Bk~4- zO{Q_z-p^WCB>(+#v6w$!YZ8jOhG_3zNv=}`Bb-*2uUw8org+EK#oH)nv>_pd6!`m* zMQRnNhoGOl4-hcf0(cShIzq~`E9oqb9@fM5rDZA6vVK3!Px-w~tcvZBxsp28K6hIo zbIaMvf+sm(F(^It9>7=M#<$a+NHy-Y_Z6eW^CfWT*z_1$u`Ln7nQoY#{wc5IEyGo9 zmj4-5+P>b-4}qY$)PDvHARB@%3XAcdX>k6`bWupC*HZ`&+b+$)*EHMz_BhB4G{6K% zY^O}p^LbpPjPCuIzYanYp#FS+-WD%Kwl{h~(IGbQxuIH`e0f@TNHrb^O-HUZ>H}+_ zH0pZ+YF4O#A>`DJ4L$81->#3RmY(E)G7W*39qx42Q|KZ`lf#P{Sqi3mbY2T%Zl@airM~u$~iO78=nI-COS)Rx(Mh`<&4byNT z_tS&tr)9aBm$mn=O4%Eci*8QGt$hfyn$G7k{hqG(o!lDcE9(i5&mDzBQ`)Ubx>tZk zic$ZTq7>6Lrhhj~Z(m%Dcb78LMF8Nk=i@VuoP}RLu`xG`ku)H*Kw=(rDb<>pp~)Z| z^B63=Bz)dhq0sN~1L)##Y#vm={vkfyP0d^&A(f@UKw*dPLW#;Y9tOt%$QS?-qtVbO z|3?xfIWitiq^Nh?713@mk3spb@e%k>Dq{ZBqBd%D()>pWI>-$|WRd@h;oP#+KwR?y zLb52yXY3bBmG72&z83dT9hKjJ?u?%)Ai;2NlDWMi{=|D)xWp?_{o)!Tru5L;WDGHZZwisW+WGEi#FMVoP# z=+D;<;aOtC$ieI%&lCQz-|U|@<-VPL9)j5p*Uot#ys{OVf7oc|>GH7=P!M^}m4*BZ z1cuTok4(t{tk= zT)?RStC1>2_82ddB0q^W(&}$RC^U6GFU^2Velr=apY3m20+y#ACl;F9vF!)|qdDV~ZykG<;9!&x?+oN!ybSI$7Q)75`=dj_qdpwYh- z+uAL5s>Qszvu};sj3!z|xcgSMG_%evuR%tz8IRjyZ!2}0#@^(X7DfkScVdUU+t(!y zcXIi+f5Hd!ASUK_^NYfcv8yFe3|$&*$P-@|_d7?^22h)ur>8xnFEsv;xnCq0<_ecE z-#%}%d%SFu5bXH#qG5Q-@el@T=1v2Rm$T?KjTzIrb#KJ`Wj)Q)vd^J^ifUPZSAKW; z2Aj?~`Tf^KeLaS$P7vgpE)J}ThzBo8%qkixvfyas?(zv%mL@YEXWeA|X^Q3m0)~>u z&hZ|SYb^?%RsVXyI`vF9qHQ5^!~-RM1!aIPlI}+M#fs|eMx7pgvWU=`@ zCe8N+99-=W-&c0lhT=ayq3POX(fThdzcJIouFVfQf3Q*8qH;7oA+B~+XBvY5M?E}F z;O#HASvYqz>xeJVI+X5(#vmG-yE6ziGxd5IlL*v_XrwS2+JkN|ZCifNKJAPAS}_hw z_d*t)*Wxi+`?vg$Q~mKaiRN)alm|W9T1IgP5w#_rQls|9#8U9n&bwo4YI)Uth zxY4eWs_h*8TC*xyZLRYsW^&B>I(Y_8<#^#Bz$$i~FY#Y4AD&N7INm9rr)7uo>R6?3 zJ!${S>tQdq0Vo`$;YT|^(m;*fpyQNdtdNAvvJQ3X^9P9-o2AqJ6LWA!%c|!_e4dFq zf+80n4@u+AQo|c6%O=a=xb>Yt3qINol3*|@ERBVA4`8JWEi9Zbyrrc~OvW~;Atd}s zj8|@ht9o5_C(YjcB1mhozpBLK7KdZE1n6KC8<%}-`LUI^D?~5h)@daJN8~H#`gLwl z<=#H=JQgZnyGCk&`s42!~1Z`@8H`}`)x#Q z7z9<}IQEp^^FDpCncj|lf(C>e ziH!|PV^xP$7*e$b{l7qnzdyu`T#ixodq(}%@-S2P*kb@JJq!6AeGW(nhRmnQ*T z>>u}xMIQx2xb97pbVzD5KZ(&hNDN5z*hkbFVwK0m=Vm2Oj-|>}HDh&RN{r^=RNbgp zypctPLsU)Yz}Vybi3ctVS(*LKb`oV75`ZU;?NHF52`DV0jo9k;Gurtj-e~TL_JI{c z$393(y57!dAZ#jD;LY;fG;dgSXDqk_Sx&IOmw556=cXTSxNx5H`B3`+J76Pdx(Xa`?7V)Nzuf6A%u7;pbeQ%9v+H8sg;IAkNAXG&B(*)DB2}( z$FY)HiwYYJ4Dvo-@knF?vWFmG$V=~i-y!M8X@)QazN-bXEG!IXU>mcm#Yda7GxH28 zAeUrDLoZWcU5jCUq_^~<_{Rm7w;E&lVkTKpT%5n{F(Kjh$L2E6NVdb&x22BX{r)s# zP0B#%Q@nQ2{Nd*#Wc^Q@XS%232_M65j8A&Z%Ytw8qSV252-RCu;Lm`xSqKWD^X|u_ z+rfoU{z;(_fL^6;vt-S*34QAE$T)$koF^js1smP4N}jY4^IPNMYaaZdXCGhnTsa;A`~3_8Y=y*>=N!UA7(2~}hi6a;q z3K;@fEdy+sgo$e>2J8Bj`}q0UA(B!#fn8wb7Cbxp#CGz~zLv^iezf2}2O?I9RVx3+NVvOyv$n=dK!9sKxT6vHt(k^dHk2l?{<3j5PkRgdy3>om0ZX* zJ{ohi4JE=Dq}D)%dl;LW>6$Vr(r3D@3;Gi5dD%X8tPfLvnbj^;-1(_D2g*z~eR}OH zPfAEeNL%0o1@sVE11cDrZ52e(Nl0qZ$M0!!`KT50sUEu~iMj62P zhB7#yL~iT;@b+x{^VFnw$UiEe*~s6z;&9O=v6>mRJ-Ov@F5X&};n_;3b(E-gqVEM| zB`yRZG^v%4&Wwpm>!kLV6aFrG=(KUPk%_dV96gr5GjyAG=lW|$i*weyGg2D$+fTV} z2&a;+=N4Aqs}YCcfhKz9x-FmJHHRaZoWBRaNF~cSp`-*?qF}A-4ylrm&MAGylnc;v zl%j&GId+7O79F#~h^o2+Si`TqT4>KRK+;$gitT872b|-pku$Gx((h)I2-}un@>P_s z{yw$X>NLc>9)3%%_w9aHegHnUir*Sdh=#4wgFZRun={&3`9k9hODi0NEXJdeyO$B^ zcIq>5t5tznZaslY!K8B8grf6*W*uyQ*ZK;^aoH__M}mu&a+3r(}~!n2}AR9<{w-l{{gM(0infxa_?*6^fy-4bCnp_}RAef1~O%2%?=S zb${$Iur+ekF>zQ+cLDwdVvcB@#MVcS=bsKli#Z=)2|ar!8@xu+iN~Jb|2npNSw>7?st1# zEIo$ot~RTl=*w8%tN3g0V_te#ROq;cE@Q+8oUuTN>om-tDM6l`sbA_g)uovvi)mc} z&j1pFacAqub|1}?*C|@CYQF5Arbj~O(of3I^NR8N!-*i4+x}-bwWHW2z^*(xkfd)p z5&<0dG&1M_=531^sOYn#&+Bg0&BP_0Jd!h!K}0+{l=32CXSDv%HV*L?5+rsc`=qy` z$1@r=u^2)Y_vNi_n~gOIs`_bFM_xzff1?Y6ja{Iw5TtY47L}VGQ^);GUmvsSahzR@ zL23D2QPW-TNl8xA3waF`ey04>I8n+e$tCQ?#=;RS!Llta@Cd8QCy1E@U9}w(R?G&b zV32^?KxO<#hoQx2^wx$cB(&?mlBaB!lOMYv8o*pYzdW$Q^&I?KI1D?1brqWB1$5C~ z^1)zIbB+2KTV{Ki<_QUzR8MuCX1=HWfO(gN25rq-p>XB{@&e`k^OY!Zwm@z~>mm1w zskJu4WgCllTc$TY3iRzfB`!3#)oK4+8Xn+AFO<*reh zCyHxx_Kxo~h|*!w-}!za)8m0SYIQUFX3f1OIr?KMT2aO}?I*>hM)-dOVCd5%b#|i> zFo`%sWS@_#i17PMJal~&qz8o~6;XPYU5Hhgxy{y-of-#86}qa8@M@_uMhPMD=;Wmg zD>};k9GMxc}p$*2JkkL>%&hE$~6$N0w0g_jfU?Xbx5!VEtte2 z8{5lTy6a)4wt&bEu7G8&^%hyV$91nqVV;JN!tMh^-J?+whdP5cow{8!H!V2*t`Tl5<6|}C+>(>*vPcn7fAr_bT+p^0m`<$#cHB>Lu zHQ2jY^qp4N<8*w5BL2Lwcg&Un&{Hy!=LgY%oymGU^^!BA7{Z!u;jB~vr=`6g0XGL} zS#8xZ-4rln_skFGyK8|bv%p!CUIHwr+QK6{mEYFG+_V^i^vO(2EK2nd1Un;SK;FHH z{+$(LUys|yWAh6XSk0Qr;>xHxs&SkK9_!rUmH6?@$3m*ZKrQpbIM_vx+qY`h`AE;C zk~GU)SEku!gAIPoiVxom(CsY+d!a7Q&+-+J6xZ`sOENjj|3>UhBD3vPGeOD4CTEb* zLUeS(VKxcY^E@r8HyMI$yKG*M2K50>tVtKx;@kG~YF3HmbZniIp(rd}&%=(Zc3B0! zTe10^?@I^2-$07u_8jm2+&z%sX_({tX0>i=REWa&_Hb${M{n9c1mlLYcK7VydyluC zY2^a_2Icm0(zKv3g%1GbslG;mV}X!xbVVE~Fe)}=*d#A5W=64=og+_6Ih)g-33px~vzu%znwU6^;u_;iO4lk6%)R>xUGa|vyH z_@B)g492G4c}Po(Gnl86Z~>%0V=#?tsv%@2z-&T$y}DBaofS=fv` zsX$R{#ISU_X&R)9E{38<>W;DnFkK)c5W3gX-}IYe24}wQcgw;+6D6KNW>%PR*ckm9toqh40w73i!&j0AM2I&f$ z9Zm%B4^cqNGp7J5F(3>?ZMr~1kwVZWNNy1zKJ)7&0)ovmKf$WF8kg$`MYmt|Ra8tK z@Z4}5{EG+DNWE(fXE4vf-=V9Op`oMSeVdf9gNos4qM1fOu+?IDqgkqTp@~8E&Ge=O zggTVKkDy{}+jqqMT>?Lo9!;jrzK48ZIN5;!i6_Beq&;b5+LxG{zO8T@)T^I65x$_u z>#qpiT8vL>8x#LZ0DUsSX5mdHa)`C&7wfH>pwVzhkW1hdm|#C_#xrIa!3d|}Q)rXo z`GP>aAL&ho( zdI>IfXH;)$=cRw-2fy)tB{6na+l<#Cqmwtz?Qz9eSyGNc1O`!pRH3cG8Q5|l8rY{1 zLr())MfBhRc&2=DX2wPZ^be8qAlG9cdb|XMy;0jT(lIXIkPQ}@wo$>B+!hQP{6%z* zs#qZ$5)VuVv3eI9w`N{}cT%n~HY6A!5_TAwoP!e@0}L7WM>xfi+g0D^sGe|7+67AV zOinI=L_w&agDjG&E+K47RTL-|cwQK&o^QU3sdQ}2%xC_){VI@|lX#l(#a<_@p6y!< zGdW^GaD+UBD%=jCCCW>46^@BZfe;ARi0&WS&)2`h9nB3-2}`w+Y4jfoY3?NOrMWmO zqhQS$`^{J^7^H`Fz)U*7Fb4z0Qs6y54*5*G7+e4E{(&($na% z3beeTj5rz>`D}i__8Q`xKj=2(vu79{i!rEc8ZSy0U5nof^(n!+H#wcr_0xxicPePykw6hEVV8cDQeld zXz9_RX4*Q(BbhDiB%X)^*a4+@!UV4$eg{jmfBT1@$+*8Dt-+1 zVBZ=$4;eyiA4IBdbN8_(nU{J8K}&G`^vH2u#!5y_Tg9eCVc_c!U--p)=Z$-xcYIe- z6rlpzp zgb3oP)%>Q=2b)(3DExVxjblEu%Ub;3d$2Lm>l0x<*qlY{44VOV_Q2M21OU%s)X1NWbUWpkS~FJv7q2NRjvAtA)1jdl0ZX z*qu9F85cuBzMLm6-+u|E-gibW;DCc!kabovoe=F2V8zms=lf@vJ;YuR_C|1!R0dv; z`u!<=Ron!P3m3=cbQgBcrn;21-z>MRdlQL?PLvHh$O$LzzI&aP){36VJINolVCQoa zu?LMM5YoX%Dy`|77o2z*!KfQ-lCiKbB&DL9F4zOt#PH9l@vkZZw;|UAGi9`AEHI2Y zj3LQna%Mtsah7OCz?h&3i0h!+hQbi;#tfq3Aub?x(by91hQDi&p@BJ&^P@R!6#pDv z%kaHjA0V|5Gz7lu>a8RUBs5Z(bpvA#j> z-}qSwdoxSWJm4zyqoaw_1YjDUd(d>|pZ|FZ+xrGNb|Nb8knd@5L`al$ce0X>&F-+Z zQ|el9QCH@SzxZoFi2yh6aE$WJ-{|?8k5`&r*ofYuv5zosR&T*hCr-FBX6|KO{Uf!GCwzSr3X+Y$6&+d&`c(izrwL=))YFfQ%|K6)i~$bW=LB%BiOGKw3wyMP*+rz3`8 zQz?-|0%Fnp4=~79vp`$DKVaT2WPkkbT@0}T1iUYUsVv1lASPp9{iy)Cm6{3xLIa(F7;AARI=3v+Inn;qVZ7$N!EH zc=4bpV%?;wF=Wp_N#5WEbm`|?eb`ZaD~*TTs-)w6_DJx3o?$au<8|0}+QkF2S}qa| z`s<~h2kf`~;*Fs})2#hyuIZ(FJ$h{EYSQxYDGz)cLup)!$wSB%+Ih34dDo)uFXq5* z+#*cGrVJ7dI`A+C7K8vA9T6w(9j20m>cUI zOeZ}$RCoj=OhM2|;pao;v0ZdEx&vl~Bi>U5RM9oZT}m z@-;3}0I07VLrzPL;_M3T$0|~>J2|6d6<2NN^b#Z<^rr4=8<`=knCbYKf(nED6z!Y8LU@+u zF)1Gw47$rTERmJ(VzEgK^`iqo)9)#&O#N>^fBqc%V zh$Ny*x(Lm0X%{l+U47dZwznrA%^GYhdP@|7ux5fY>XrUxR_wf0!m4*q*g+2kNkheC zHZ&Qe39+jUH0~uj`Gprf;XD?VoZDU4d@4gEByTjJ;Qtj}JwD5?40KiD>kS&T+VQxmYK!^=y1x7g4`YkKcN2DG%f zRyNCNJYVMbM^d@*W=Vz1zD=Pi-^)GtSqgHg?dxUOUEFyXmXQM4N!xDw7#1wRTNZ(i z`Ah;rcFvV7&VD0B%qltxngS3rBqS`SPOmxnwuD0A)+OYONa9zM0JHKe8(cWgUctyX z;R~U7Fg7H0p|P+b7R0R%Wt5Iv7!t(qv0r_C!Dex-bgYgy&Ay4vbmVqE^=}=q!J;NX zR(Z&TQZXlmi4^Ad%w6+btn-x%N0oMQ)ZV3dn>5Yqb^b%095+FjR*~5FIWughLUL55 zSG{K(W_$U?DCo^D#VVt`c;1_9!ssJ#aWv!z)dmw|e=nQo$so#Qe<_g*V1>ob(WxjEBf<&bu@D8&lKU0lafg8b|vEuMLfdN^* z3v>U!cxI&{PahR?5gzlSUuKtCM1}@GnBAyfN$veKvdTt)JFs=A>10xm8ypFvflm3} z5wGVQXe77{=t62#mX~nwOT(V&MgdG70$czVo09zxV=Wom zUg-&}I<`oVKKhS&B~CH9Z2lZ7h&Cx4zEJL_s6z=a##bH}k~jpMTYu52C3_f4RS?}I z>yp!ckl7s>35|lSH?IMAUOrQ zwx2>H2`6(}-h9=S5w%T>Y_KF47u<2Y4)F)R$$PUknu4+?la(SG^)1w1Kqw3{dvWNS zdTb1t_n4%I1CZ|^ilQ#?1-v2D@St2Yj@l3kE*Z3??14%@w%P*BeoGiKdV?r1n?1=` zkyVndH-Fw}#XfmOYx>yFapg-Of(!s|+)tu>B7!e=x*`wX_Nq7SnK0DF z_?H&n=8NQoReCmOLvO0yD}i<2nwh8;j3pN27U*Vx`9oA)8N!`}oTf;C%t%D_@UikK$gtF>i=<%cnED!s)#@|?fr*a>Z)k}a@vIeTvC(ncZDV#Sl@XB&Y zImmitrgxcYJvO;I4l&0!7;UXw1gOu)G2(ot=JXL*14-3CuB(`^6ujm^i;B1P{gjN= ziiZf=66&_0(hVDMdWD`_At zs#tJMh2$;D5FVrPbJ9Tl3YT{pg95!)vp4t15yGoS$Y=N{oL^Yy?>xWLR;TKJz78{H zm&RfoC@$3N&O?+=9MRW>`3bY#@M!vsEc(#?lz??=nn{E!2q^N&^ z&~^j~Mu8t5tq>|F(FBBLnw3Hs2#jFMF@ukIUNri1wC9rraYciakyCxz z%?lpy2|6n~#!3;M$rjUZbk0vG1fL8o*6vOJd%3FK3=Yx#8f{^TaS zcn4w*1=9o(@o#FW<(``;ZWc8!rr8?3U-12|7^MKR#X!G|zaNL-)!QvIhu6!&hn|k* ziA^BZn;L%oPeVLi_;VZVIx09mF^HqU#=liKwXb}?QAT)Hm>0~EKm*n8?*d}Q8Csgvc0ACMXr6 zByt?>RolH%OLhbqCxZ^mtsGOXkk;1YY|v0NgVz?ds95S3a;Z#vKcB5lP&1VZ?i4YB zTNYiG&J%Lm#U*xI_`ZbMH3EjOh}~tT4*nq91I$I}A$wRZRi{MucmRTfD`V+pb0;nO z99)9z$}FGoUOoWKT6&&;Y?Zw_{?+*OU|HQ3pMP%i2gjyNF4ebS^3T@?~2w_wI1Bca_s9F{Ppzm1(FVL{4^1f=CDhz=R78F0Pz3e`TgX$^;Bm)`NveXId;( zB4|OJ-EK?BhmS!FyWI}K5(c}3!S+wMf7gqGKl#pf3o13a+NnV_4YKmQ-s-|}mf7+1 zOIVlCKjp{!qoq;*Be%_3*YA0D>*223l+W2XC8@lolvFHB>itZWvYBS@TDp%cOO11z zwU)KwWz20FJj{`EulIW|&n5KB#jmLDCLWlx&$fPP7s8v2wUNX zes_|w9?m}SSOz7eVS-_3^wwtBLn$LUhXj(qm%{`BrKqXBAI^h!T0v6ZG)(hNuX>hr zLkVH$B-0;<$8qN?q+-njy34hcv}`24E`8=zSejwuk|!JclmAH;%6$JBu2ql#;Ejqn zC#W{;lB(&~r2{#QQUcDpFu1A$D}RvpCgT`ok_v~!DSyp=_62570l{HgC?>{*^X+nhMkH0h`Y?#~x zRb~l%V`?Maj^xAupKE`JU~q1+0x$hMXPQ%`TvM{!C2U~SQro-BRUe?&ggb{ke!-K>Gqfx33#x383=?7fIj@!5QoP$91)9%EY1f$Xin~0 zkKV71p69ULy^@lX)Rpv+;-5uH1KRk=4$|L&e1GevnqvvXcEd1tm~g&2$Z+iu!6!V9 zs;n=p&z%L$0rMO*m=qz!W;Vw8=vbX3cCcnHb(nDImlv03|Jld<9#^!rl9Jl4baGE| zaj8w2;ih4{l~l-pEj}*={wJg!1&?s~Z(id+8CgH2ugrvJt`X{rN^??j%(5I} z%oB2*Az9+^P@5illR7()hoXx0!@<5x|7V+M`FU^Y79Ct1raH<6BL*>KS`2(~y95H*vWWCV|Ad1MqA3!cqzXL;|62%ig_%3|Al~Ak z!HbZ6*-wl=>EtdRhS=(4%krRKavvo{C3u5ShROc(x#MULea-ATzY<^B4R444{5P~wAG?0dV`mW-Ra3|^AG!J2e};v6xf%XLk+8co%eg;yR`koV zKi=)hrG1KILsgB5&Sh`lm1`pt-hF@NQHZI{fkxq!Tveu%7zzdaSDkD(4|g2MnS{^w z&7VjYg%ht=2jsiw(58WcS7?T^FqsK@Sx8i0=njpz-WeMe6=e&GmQ6dl8pQbop(RW_w1{T z#5;XiAT0zDL_s?^FTfU~xOvyXlh79^;Lw-I1;BBheG^=BHagkKb2DYh`|KUyOANw{ z8T^Buw`Ze9e^FNA?ZlnT?PuJB$QfZO{i6@*AIA^Pyea8i+rQqu1N^u7j~sc9Zdn8v zt&w(P6*$hi8mhJ6Hw8f2ZfmjZFObVq#Sybp$;CmprAq-=G3sfZ2Zg~O20nwa3a3z` zgoaIb=4>*I6}tj%0v-}7p=^m#huG4d5Dz)NrOGt|@!4-4>-o@qLc)X-Yq5X6M0#ND zxt+bpnPyPW2FDSZyNOqkL6cS3s!jQy2<)_# z7{B)a@2dasAeons$oRQGw@U?)*P&Y<>N|r@zhq5#L3dthMSi7%igfi!(zs6JBNVL> z<-ZpdM_Z^mR7z@M%DOwnS7}AKr%-94Ghw1#q}12D342?hjCeFOZ0o`*3|2bf$NLzX zYUjIm(Dt~Gv}=T^y4DeWXrw#vlD6$(>v_+tUiDloXt=~`N6Cc&SeZgMI&#b;0H!P$3J&Wd`f^bB1IBor!W!^7iS}7HPy? z+coV3RoWCw^!zq*$*(`2uX ziK-bGpXPN(W65Lo{}JBD8(ioU<^6PKSTyc{vU6o%{AJ)1((>k`$U2CbjulrBx=hnQ z5E(DC6cbC#<8DYVjB+b}m%>Lniym}BtZ|fA%JiA}vUs3A;qw2VB)`^reT2!0bkfs; z9<9KUkfe_Op1D>#lWpRe&#+(v!GwQ5l7Z1NakqX9jlY~uFdG6-G$SUS*mor&130I} zKRe3oag}#0ZmYgKR@JO(G_rA*u|fq&S(A-<_%?8YT>j#i6}(aTtYcxYEj%ms6RIY~ zN~Th%na=gwW)NY9gd~;lEYxwU8<47b1wOq{YUkCR5R#>$bNGJ{mUo07uRF^LC{XR$OLF$m~cDBRoY;|H<1oGk4 zrecyNk&rU~knR5=>lVEjtVH++nnMSabnh|`*J=`0lQS}+oTwzBIU)^U_TUq6H`3sc z3lGr1iz4Jv!$`=Z)7-7g2&1r+@y@9bS^MS*-&*;j+>YKjGw`8H!dCP0PqZ!I_e^S8 z>cgL&*z)rWO)))cce>l*S^k$Ebb(%qhgZAS#&Q3~&;BQZk&E>3WJn;5r}bC`nbP>x z#;9neNfCRcs9gU}mBiQ=8qqWQhIfG7t-fh*nKI$o*SBYdN@L^ihUG|$_ELY5oGfJp zEbN1OZKO=oDh;K)3e3sSkDoxl$siuxRX}M4Trzl*F1YtZMP+gcGDSp|x!NP~O>Wh`k=pcSVYxd9! zdo>da45}L?t5ZW|q!!mOuu+2-RBYzQ1~Vsu{|zC~jMwH$-O;2#DpRpjbeB~zDf#=# zLwP-T_Y@BhdJMU#m0v=sUT@Q!+*Pj~=BZtVAhlsu0c_rv`7O{;%Y@k+hFKw z=fTOn&gBt1U25U}Anq`P2f5X~L*|!_gB?A9eYwQb6&0OT9vKx&KOI+2GF^*T1*e9# zZx|%9aIB1C#zSEqO*pC`o#xa4wrWQeZG60p(1|(S%X6t(t4XXiRQCvpdk`gw@b`b8 zo<{S~@P8x!gK50<&)kfM`ixWq`=D)ptsMaNbwKvO>6sbwod|5t+-|(v(BMCH?)yuY zDmlwVwrKA%SBF`!nipa?iL8pUR`{$MIxfYBtgNaA!oNI_y9G8PALCN-m{L}-@lzA@ z9G;axVm>J(ZTB0c^zWeMKC@#Y6G(is>!_@T*Y27kbt7Hsa(dC_IYAlrhF%?d;ZN~N zkrxHqRVSRSLT7b3bq469_r5N*hg**JoAR%}`ZMPmbaZf-ULw>B-&?7!A}eJL0+K27 zoy*b$dqmGYk6}HMbyM}tRuWw0zc#*a=Y~L&)5tWb7Vz^eaXJl&$80wKx4L|?sWj5v z#|*5~3he4Jj~dmdPCC4*HHu5R>y}U=-!RxLNy`G$_A$13-KeOV*=M=Ym+AvL-C`nwK!Arx3ksBRR!ilj(2$COm{>0kCx-chCoS;>dXVcGeE9^v!R z2q0mV%h>-H;ms8nz9NXf}TPu}|HK}6!3A^8C zGEpaoJx-1B#gpjmUeLoH47;ZS~P&`aUWW{L|eK60UltKcVxQdzM+0`b_E&LK;A7Ech89$K`kU5v~8_MF803NI2 z5?D$tJ0#6u{$^Jw`#5Wg@47B1%W5**f$HEJacy`=2>G#OD#$F-uk4ju8qKCl#u=4s z+Jjy`Hz4cUD{}7JCtqV$2V~9`-M*gPMubcN2iS_8#dSF7mj>;Y=6arXGBqnxj)v7< z#5q~Uc>=#xU8LUJ8(;`gYgnIas|}vJiLrG%$0z@OpE)9+xC=wTAfPC|A685D`Shat zDnylMf`q}X*ef|$2l)q1x*sA#7FjKntX+DO-n>eeiC0u=jm7=JW zrJ6=8U1Lahh~o(}j5skQ@Y^Wz@3gv~OYd`G+#l>!uGEiQ9xaFQEEZFkH?oapC@BGz za~VvD12kPuH6mv)$~#x5(;Bk5>PH9*lhA`^Kbs0cM^v*dbC{&gAA57LBk?SjBmR>fEXjrxrX+$sJhVee65t zEMmAcs3r5yD>0S5o#7(6Z^j(O`C*~#SS z6OIw}4KGBLNRug@pWQ!!;BZ*MOQHrp%0YqPG1L@c8e&Gm8(#zH*f}bHpfx_QRh{x1 zvu;dAUHVmH0KMIfw;>Zcjm#Vc%|r&xZt6iPwO;q1+pIlk-`DKn0FO=?MA}EWCu^|p zu4|4*wx9#E1`0{aH?|tOOZ)Y-X=biX*EX^h8a3dmc=cKznZo_}ChQuVkdd|yT$DEr~5L0)~v zf8h~-J3xNQ?KnvpO(-CBP)TAP0<9Tua2pRku34cg)vs9Vm%Cv_Dt3jpJ_d3MsDq z`WtBtm?m9Gu8FyAj6;%OlZU{4ne8J%^~<}wVs?dYLETOYuW!VNat^JDOLIozI*aQz zCUHzK>x>^JI{x;7&_Wvyi%}yRI`-n*i;Y^kURg#Ii^aU;xa^HtrHp$7j3&d7VlIfq zNQ0X0E zLzm$Jz~P*ZMlNkp+I6l64GQVhO&rbPD8{MWd?+_$k)dW_v3UPGS5|wW1nQ~NMOe{z zzhQ2w*|5|^2u~S^Je0y}mP1J_EbYIOI@4FaRK7}9WNp;_S4e_6O2Z&EnV2+x0cNJF z>sv$)TJgP@jqbloyMpX9eR`ZgI_yHm^+z5NIo#gbkTKt$M4KLiHSYwNqrjK?4lS(T zKh%A>HvkOSC#89j%`yItb>h6Wv9 zsLXYJO|3kv*7i|%;$z%EcbiqK#j#rn1Erv5!(f}0UoU)BX&SU}$V}uSQa!T-X6j<+ zEcScFlo`4AOO(+jONyErT9cyr{~+VmW#SsR;<+zBt+vw0%A)HFcxGr-38P2Zi0*Fi z#lKNyFsfLd_+@c^s4Xwy7q?vNboX#_QVW)C9I*Q&a}fw-S*b{1IV_a`W3FBafhe_a zRU1y`pq&JFUCOG*1Q1Pnj@wfz!R|wyiF-D`LcHEN4WyLYJV!uuAg$7A(O8@V_Lt?~ z2_03HDCh*)#H(F=_x9_hBzCE?bjG*4ku90dc(|WUS@hcNu$$7vPkkJ}ptSsxl(dce zPEmb7Hwe`tycyshzsQ&T>9tFz>fbsoZjR$lY#N3D&sKB02`z`(#e8!OTlP|}{dgbq z&<&JxlSd3S^E5$4619V=l%9-I_(GuTWn#(8!OA&Dev;uR=Tyr5SX?Vuf6!SPcplUZ z`ZT7kKdsSd-J-IKC*Q2pTj&>31Od&+J}%Hp7b(Y-!PB0|in-Q`ROx-5py_^IA%j2) zI>4PL8m7zw%cFUdGQ0MZnyxkpF115S$3<|0Ds=`Ms{-oLM#iMAfo*c=L?Lqg%uktv zv3Q%At8OL2ZBBF|ghD?l=#Uf2yZIl~X!~EezMEINI03cr$R^Frwm)T){-{z=dT!}Z z&4yCdXe*xut{IgpFyXyE3sG(c_~ygHb~ks=PvEJDOP{Y^HTrD;gT2wE1JoEotVC+0 zQyxSvSg~_T8B-4hMOL_pT=*2du zvh5~4*06|})}6Il4JlWFy^{0;x-}2Z?P-C)aIAr+3VKboHW|%8_}D~_D{l8z5Fg@- zmswF(P5|@dRJtA=^1A=~zw4hW&k+LUjBu&0GawzxgiBIbCy_qF0}&`JeKHIOBoPSZ}AZJr0U-V+WOD&0rPtck<{ra z7Oo2kylZRb%i$n?`ri>Dx@XziOsUJPSBN!f4`0vs7_W-lcwXcxcu@&ROQ!D8Ok+Z5 z0+Eu#?KfmhqM-N9o`j(zbLu4^I#@Rm=dGHBEGgzrV{TioXkvWcHmiT{pZ^N z<$Yyl4US_KTYkRauMgmp1p#H>>z&v02zZ#(ZnMGs!;JwAK_G2#4Cxpz-YyuVt4#5O>lgs|YQms|%6c84a?1}fH$+fBr4 z1vvCh$Ag+5#lsRQ2$=Yp28{c%vN(jW4kulWEKFQiJQ-UDCx&VNl!a5f4=`kfpJ?5D zuU@AL<#r6d*rq(@3cm`0MyPHEA|Iyxk2HT$8H7LdpHIKw+2YW<1J`Qg9YNVWnY`pPeI0KXzL8Z!hKDl{O9)b)U3c)y`y!Xpxp2( zYPnv=!-zu!>N}wDEzEZWSKYS^P?hHNv^SpL|5YdYiyD9mMyAU+YAoi+thsf zY_=6IXjdLfWJxQdK;<})^o6+gJf&VfX$;gdnhCJHMp+$(DKUa`jYfcmMy;JM>x?>2 zwGb{BYU~v^<$9uER3jz5iNy4y+n?=`o*8E8Hx0qe$o^}V*sj=evNDjimFu*07|4?< zoKt*FkVFFa4hujv=%_oal)E`Zv3=$4Za_YtmDrBH)dBEVB@H?$d{~C7hy|Nz^fW95 zwGPi|%PTm=C#q`GoXd?oUYQL2VcPxe(9D7-qjvAnlSf2?^_)Mq5QcykUCl$%J=Nm7A@4A_d4aMgNSlJ8T*)^(L z4if{D-(kNP`U2d_M>Q|S)bn$DcI$ryE!LcS5K|9zL-Y;6?v$ln|J;md%h%%Z6u;<2fVR(BmHFjxanGARQLqmox2Xa zz}v-G3UW{Kq{_uXVMyruCH(|w84J`nu`pn)#Z-vdh%;)KXN+;28sftZ(!T-dHK|c= z;YL4!M4LQAbvOYe{(+f*GjGtHcF5Tl=5A=LQ*(I#IL?r$e)zNhi&F8!gw22B7`^yZ z-DWNbR|=ml>zDwW_8+PD2%Opkp_A;Y$3W`~Jm*7}YRB#a?qkn;xy{+LOO#k&ubSdZ zSI3un_HTadoC^85LWAo&>=j&yF&7ro8fAL#iI+R*6!se(#NW)`r)<^ho$H*Q=mhQs zpTF)I|1{kOD#PoNzDF6HQX-xDm~dIc&o^k<&$N=A_tVTJg_-ytZHfp}->ut5^M3aq zeDlGp$Qf2ct}~?OWAV2a`;#2)qV_OKaQ5@TJX+4C;17Tk=Gkuw?=%^0<@DeBznu0h zy)_3mDuExgEm+g>E{*H=D72|R-iH~EH?lovvr__|&OXE8Zcx&+Ft&0ZBVR4EL7x%u zp~-xgQDsVTuEXkG5zTg^FPhR!*~pppIOUzpo&mi?aBFOZKu`>P+P4Umjg}(vrvAZp zqg+@)Hjnbf*a9#+9>w1BFI* zF5Wg7d;k=@bC|1{9}fN`KdxD|h@hg{tPo%c#smj^R9p07f~*n%Hr0_)ONMLX*yspc zlQM7q`ED##SY%fQ*IA>TYV{eKm?ev{`&FR*G0pDEd6FTq1=Ziu7x>1|s&v_TG}DQM^Xc?YYMVmJWo!Z;3Y zkLLC@qhg+>^VtIfY&|S0vT6Oh3H+TO&t60$l{hyTyF_}1UN?jaH*Qu22#k15Ze zYbiBitJ#r?ZPSY7wH^T+z2&;s5N_+!ohmjRBJv|UnS}R23>pU}t;^8#s-Ew!TCL8N`EK3p4WV38 zroCy_f(FBFbQr~FW(L**FfxExL^c~klZVz%=X%>B>9!36Bt(X0OuG974rttl-`0sP zVzCPZWS}NHvR8sN)8NOqF0x=W^m1muyBfGUrrL~<$qK?Ks}JLXg=S`5ZSs1yfDX$Q zAuW`LEC=7W{mq=iZC$sUhUJJeQjucm*zYx3P9eJQQz3BVHp$+{Q~G?qwl`!YlCSjf z$gK5Y?8?mqWZQ2*JB42hHM#VMqn2X!V5rPEaHf#c2yEU>V~YBelIKA6QUG4b+ta#U z>uyahRC99wD-?njqd`NQQ5b?sJ=VA0$g(h)3#g1}8Lqp-MQj1fvT~s|GHzti#^uju z_pI2oXTbH%o|)*G+}+}1%Tcvt4`&aWA8ee|MWFuxk9x|uWi6t584~Xa-0RaZjm1Y_ zp3gC{T#(pQAP*FQc6LjIBl&wAsVPJhLqwWLONvvq)BsR3)t*3AUZH2QsQ$|SLi&l)QG}QSj z{xrbERo_-yF)8~jvPsJ_R+wN%Z9wjk8OFYk)K=81vM-zB3_0&I;=z2!rqy zU)N&Mi+E8c1H76Qf=_nYPY+z|*T;we(QTRar}xMfVB?(5`$*NRmF(`#Y+9bSaPmrr zum!W4!Cm$Z%7u^t;Gxfb>GXP7Lbn%4;I&7&;GWs{+`qCg#O?qf)ip-T@hymIl;Kll zIHG5w+<}N97Fx7b(m3xw6n|q?X;dJMRvAujme6UPR&dsHfbNT63$g2KpI8@lC@@wuyR0lL;z(1dLOH2gMaU}7vQ*zPJ^@PGwIU$G z(SM$`Bak|nGAI0|@E?Pw>$>}*Oh3Fw6jFRDg-ZT!-}6qYrY`tLNi1`U$HglAp*6}R zXT?*2?=@R6tVt!GD6i>dqR>+oqfvkFXn*b#^o5L6MTP``cgA_Lk`KJfX4m0E;4dQv z)O!4Nsg0E8FMNfn754^n#u!454NR5o*?2@4L6_s99Dc1<{Awvg2SI#_+fBx01sT?J z1C$4FmL*0Uw7=%aI8NsY;&(!Ibby?p5&Djrft!ZKXj_s5jR~P|Oe=-%HK7c}(3nOzTxNGN7_8m1B`LYdu%S<<8hH%#N==`YVHlMo{)@0P ztsuu*UG~+T$C55VN$Rl;;66|zU%Mou%G$$$Uo<@Vs^zLHvFxUrqyBT`cpPW4BQQWb zqV^VDL?v`~i|aY@%`@)@pijI-tt4D0`Z{g{{EUssvEWLya91A9uePm<=z&%23}?d{ zc1WXz+4lzWeu5?N%Zw10t~nYu6u-W4xlSxPhf1ctm5m}oPcgd6FdN4=^5QZf_p2gY zaUgBvJId-a!{RwADB0|?l#jc>(!LoO5=K*Y953QrLRXVl5Oqg^j&NejHQ#6XOKK@) z&3<+HD1I>mO&C{W7w9?6${}_d7 zbn4SJA?c8IkSAvpEG)`ufUIldN0OnI+ZmqSKaX&%dYUTnOI9Ji6dHBwm)ekxQc7zps zUSpa3^R$Mr{JkfhM7KgAkqLqf%2Dkefr@H z)mZ)HA4b;>UrA6FWiHPqkc*W{U6*@IO&r%+ffwHq_v?2$WdY`;jGK!Mk;-%X|JuHD zu#j6P`-i=j{4gs3d+k9_llej*G1XYYsXm_j5BeP-n=8+R!fv{pnUU?Qp4RQiuflHq@u0b3soj5WN(A9=%GL zDJRbP#LiKEG}XV03x)nVGH%CQfN?=CT=3;d#> zGk8f@9FwSC@0C0}Qfjfc*6FY18N&_N zIf_a5WUldIi7ozv+UyVl$^_p0opKdXY z@y3R1Mki|A*G1z1v)8sqCXxHR7`xAdbvCC>3fpaC@4uM$`@*j@m&36MP%!uJf7m&Y zwMI_(^)Kct2mwacsZ3omNG6MI`&x`hd@JnE z7hU+o4uge}qW@hK(05J~-en^(Xa@I!e!XcI!Ga=4U& z$qe&HE-;U`Z{kRWajy7u8Y@~MCY9^U+t3zaD(nxuJcZs-b>BC`cb!zFEs@ROVA|8< z(05OLQu@qWZ;#)C>xgM2C2+$&##-7txWe(nP(Mz5tTXseK?=%r+lk-=KUnK=4Ooce zw~xA|dP}i{#oipnT(0#IyiJapjKI=2x$J9l3TOu}&`B>>o-rgAv3@XUzhAd04U&Xs zOX}OmZp=8;cAzt;x1i}mu5lf5ujL^$z2xsBPrW17wZf0JuUST{uCJHMmFyxi;&q}s z=0OV{(DA9~XD&XDo0{`i`J<f^UiG-Hk&03iz8WJ!z3?KwYcdm~m35J%{F> z+3d`#1sPx_DatyG;j*O21CJyKfe6ykpkl{)kJ8jBDJXtHVIL5{AQMpPwc97NnT`F? z$;l;s9!v=?68D7)7kS@DaPhIz$-kF?|0t_{PC)(7UWNqjR~vmR+8@16+05D~ ztCTMrX4H4#1B1{O-a4x@fF2jEq?7HqA{hmdib)zCm9AUm?*WZ-V|%5L+goS*sR(zrN|vsz(hP-P;}og9NNYs2CSR2uW!GT87PO z$q!aEL98aZu<9nU74tM^EE+0HW)U_qT8+qg@R>`O1O07C7+dbj&CBlg-qZrbr=>5C zMoCr8_l*lJBy2_rTE|@REPBXhtaK)z%7sE*2i8@^<{_L`zED%tzmCp5d>0$T=QGrnt z$qy$G3n-K(W_;ofyo5tb9^yPa57=!O_R(lTH%!dTaMeN!5@^BV{cQVuR}>hGw%EhF zR%Cr2TY4Sja+Dq?4eVvqz%Bo;0X+yD@-kFqiHNLf&vNvor7fwEqSqPuP^ZVU-ayHj z=Ws&X301!sEeEZnrL~o*iFn^C(HCHPQ*o`^vWgdzxa!`=KW_ZrJeBcw>kePbm|`9- zxXE~UHt<%p`rWpg$r%KW%F-Nay9YKIdkhk76gf<2#>@8nn`-n#rt&#On;BlvKA=|C zc&-TUF$E_xPB&s&69yy|0DnILXBrs+=b-VRSuN3kb1RZy5p7IC>LE zL*$9!)VdD55L75a6>!oS1|H+mU@@8UD)2b=!WYf3&M9ypf=ixBkL^A^JV2F#Nq>L3 zQQcMj;!60YSZh3Ryl~4^;5NXI0$I+$GnF$SvQ|MjR+T;k6|JQoPNwt@b!LJIc#>E_ z*^Ya&ux;k|z(&Flvm0&dc1Q(vXRw!m+F|Ts-uCQq4In+b%2!gdv5r7dd=nX3NrXc0 z)q}30XX^qEmVpt!quSMm)GMC%^(^@`dfHf(ZZdC>W6P8)LPa>+y#Wd}vx30mnG#^P z-VCd0tC9fXlF$Xb$<^gd)!O4C7h>W9=Mf}O{^*>`vlq{&eAM!=l7yCyUgqKb2phz2 zRDhwkAF+vpa_qkRviuliKN4@n+goo?pL&iYwELS?eN`#{aR0ERoV)r7BCIw4f!NA1 z?v7pwdZnq@A4X*11c%`H7Bci&r_(&VmDnT$0;=pXVneA@m^(8KEqBtppqes087~uB z!L}y8p|2OCh`c+$o+$^~Hly(Dc$YpdV8OSIrpMr6G>F{}J)VOYc1fiP{FA24O``KG z&t)QGKX?6~CvNwD&HNkkz}0sS9(6GeHerri0N1Ji9#PR&#Y zTVYiVL5Q?Xk`)!j#duBtF`$Nzs#E~T_6X5(mv-&;srg^Mn|{U<(#Xw?K%a7;8uQ9> z)zq^7RW#(Sl94XJGJm{Y_D$yXdIHoo0KvUc6~WKtb#W|?L&;4Jm8@h{<^K8d;@ETS z6YC^;k;3lOki9*nIi+=bdZ?w}SX`l7;`7}8;H7~$N{mRVs&*i0Y10SiacJsV#!{!X zR`q3dBM8R8aQ-2({;<=&#yF*hn>0HNf!Ojujev7m5>!&9TzIoi(mrq{r0R!?C8ny{ z6y&brbK`GfGxgM;Yo2QF^BO2J;C6C+?3$|B(nSu>k<|BGz+p8z?PVF@Zy9x8|FQYF zad4}2<;}I3PSo*x6%?W{l@@=s4R}qbZIi-0b{HSBeMA9DKUA51UONsj^z#-;oy^UD zI}47g{^pm*rrLS0@kTg5C4LM}KB(l$devO8>g3>|nXdbi2f2+0T;*n1t^#@mHr-O8 ztTFPQir&j*o)HB{ypgmiQtMLsxmG}Jwr5z!+KKDHzsAwv^#gxZPAUg1qqO~kl&=%Y zRl*_($oeV7DiX;Zh`0U_XD}w3rgj-rtziku44EXN;7S6$j6Swp~(euM`yR* zO_ZSUJn2<$*f`;#&Y2C3U7u-lzKeNe@wu=ce*dWFUm`NSueqKTk+m*U2Tq6^Dent= zhvp^@LG(H&as|Gyg2x?^XfOUA_B`_+ss1nmM(FMEdfhTHV8!x`RhE^dpwPrDF^K7O z4KfC|^t}I@a)6~|e5Gu+6*{jfWz>L|7ny602;oBY#`ru5{2a$oZ+!wU&KH>-y`6+A z0Q-dVI`9wtdfUC?YwwkG+2^<8!oaj}P6VKN3)99rxGIDALice+(|el6!8|`zb-hn0 z^Si=vkMwqd89gA}>=p>U?R3G%+y^QR{o#s>*a#ZpJdngd9lFk};_z6Bw+T}{ zN&U55t8lMSt&}Mm>T7RaU^=JO-r7$19=bRvUiY~B*&hY;+01B^7>Nj7YNF;6dJEb7 zKeFCBEUIw*0wo4!=pm#TQb6gDh9RV+MWtbAlx~oQ0Yq9-=|)AQJBIF(?vn0?q3(Fj z@7(9P&;57y?EUTi^|#h~*Zbp_<^fF1y@8J~^x50YGd`}S1nYd=QZ)ilmXo_@wcz~w z;dI;~>L7eQDP3&@H)NkuMwj&6-R88ha6uRJ*2DLYf6bt+_r?pwMimXQ;r8me0vXT# z7rji*pM(qoN&MfUhBBp=RSxywu%HEjP1X!+iq!K*#8+~Ig=0iV=}u^u!w|*eqAZ54 z`6}uB&W2LX^TaM5EvmDt4(pG^z2DhAXi0?Q$S$s=GeO?rctML~cmu<r<#e!53$j%Ad z3ChQ+L0Jmw&AdAYM*Le3x;twcr!-Psl*=FbdgHPSI^MZj4LNn4CVKXMQT6uXoASGF z9n=P7t=X}Y(0od4zEa}qo%)DplDvrX$ifszi!j-&hMv_BJJ2QK4 zqvy~w<@s^n1j1qFiN0Y%&5~yae~<8uDvs@$Sl5kXH}Pp4VVbuVc~vX?95(41enp5P{e08Nk&Q) zTGKy`iZMt}iRWTgXdtP2-;T9KwfG^qj7ZXMI!2oEH7L{+lhET7m8!G@nY0bw&S2jx zHUFO%z(d8~zNZplM)!lZjMNLiMA%J`-==>5h`Cm6Cpppxo#HPmS59lfDNOvnwrLq> zo$kt_oAN0GXZ-v9$B+I~WLW_U zE9n|IxnO~M`+fCd^j&ijO#}~rx$dBUfHjKx9r-L*p87$gp3xVuifXaGdV-7D*BYYH ze-UBb*W+%Y=+9O&xn+rdam^I1vvI)j>qkUQfP9W-o1Z1!c{6HC8U52-HRI6xMJzLe zmh}Vi+l~+-TNRL~^5WPO&A-qB^&({;ITUvQ#v&4-q) zdF*RsqM9j!;X9gbpTR5-;6Dt+aVx2h+y{kcmEMF$qIXH1HNV&i3b&PyY2WZa{NlHG z=}L($N6m`?Y6o4V&&H*t9YGAoSBEK`o;msR;2I5})VAje+P96i+O zgBaFeW~}zKA-=5;6ZU+4)TpX8vSaDZ%>x%Aa80?$RU>reYTv`aKo1H;1cGOVJnX3F z!^hBj&rcVsxT+xF6-HNS28K8ibXjNJMuf-rdT*>lIc-!&)Fvn4z9dDj^f>=kThFDx zvo!hCl3VTcpjeyK`D$NWu8}*RPoZWSf+PIjhlAu{1($fs-ey4@uf4`~)vGl2@a1qp z0DuAmMz0M!Nr}dafJqwh!i8J4kFR`!8Pe75xnFtXMkp6Kw_rdK$yKoW59`R+e}IJP z+YVFB_Q;{(^j`1ZC5}}-JqLO_$yUmL{}OJ7 ziE1yc2!v257(p9fep{mz-M`tz5e;iQd{f99y%E-JK-+?RIGI?MvguU z`fMrNi1l)z<$Um-qys@*)i^Du_Uu_C6qqz`|9ZswDr1$1dC;knqdG`k!m{qr)2dE% zo%E<4a-~b^K9hdv+2UzpLjOrEW!@;~rIZ@i*qla>Nn*n?@%@tRhoIJtVJREgJ8=_| zv%_x_F&6lQrKfwr0t<<+xh|*AV1vt-uS?0|-3A8o)Z<~Rz0JR;8YJ^iEDLnEDpe9st#$_K)G3yi z4%Njm`iiw#MrHLx_{p-JR7GzIE1|rKze&eynIoD%PnYPeZw{qdJ2d~r>3l$>=k}tr z*qMjzITn-7L47z|QMpe%wsDTuM#*Y;XjE@SL`kA%D8Bxh#MZ~|nSi1^`#t`O1Ix=o zX~KW+H`msTPnH7fq!LKOdz_r`49d%OIo@XewQhI3#QCJY48TKXOyn%qZp(G+pL$i{ z-(QDsJqtg*SI&@_D)~j+jF+}N$VTFg{e?ZnQRuoU0$4Xkc#(JX<6Jt!JNr2u;7nWS8Dq;x~5emsoIz_N6G z0`b{jy_~hCpI?T4eHb@+Ar>BTXLr-5hZa&mm5zhf-IV1DSaCmQ^`N0v{hDrdw-Q1` z-TK$NKZkx>poOhAlutH*k9!s=Fv%^AvYeKcRA9qU5q?pRBR^Zpt}(As)Hj&u9Zv!{ zNBQ)ZVG7j%-|D!g{k-22C|#Qf$#o^Gxk7-K!<9EJEbAgFS`LaE!<2moxN2vX;}s#Z za!O$gau(NTfKb~znU$M$u`I(7>89(o$isgJ%JmuI)cS7vV3H$Q#MXINwHO*96V8}) z{fhS~J{ECK`al13k8jLJJ~taFi~r)_K9hu39dqxtX9dv1XKN#l5@qJE)o)EuhMnfU zU^)29Qs-C+2&PG)W95+t8JN&RuimAAI3V>FW$9)uE(O5?rr%X2_MJ^mPR8VIT`hW= zh`$VLi0^5Q9f@lo&eot(^ykd0bJpM5pRJ5mc46A`zdf*?@qkV~I%-JWKIvefAKkLp57#2oBHUFIBSYM{o;)`&EAvJcO-sT*FjjZ zCLXSbiZ%4}_`qFs&My%~A_*F_{;1T27y=zZflT zz1!eXFbD5SW}W&e_@tmx1B8F}hJ2Y3&Mf+pwHM)aM&sLtS;D@D>H>UXeJ^aNix@k$ z5TEZ@PJ@_7ko>%&5yludQEAaTPSBfdv8(q zueU7^zE?-JgR5DA2nH~W0Jy4F0^AuuTRxuH;|@4{lk)btd1SY-368u!DrbmQzEx?I zSS*0_#-Gb(_H9ueVOQT&b5Q8YEy}}jzrn2JZWyW8!xYBRRO^+N6$EW8M(IqscjwI*$ z41HyQh-qNPPj~yH{0^GxqO=GK92*IEaP8QEKAu5`PM_We>UD`U0p-`Uvyg9y!WQn& zFI%~cn`R_YX2;$5I=_wWadG>fV&D};aO;*Kx{v>5F1h;U=r@3*WKB&4?}IlrXGpOy zPp_pEL}jkq+9^?+D=#4Y&TeY0E!pGOr~R&r;J|Rc4HO#WNq;-jW7ot-ulY%DF^0r`f%*s@cY78Uc)In7xkpI%b;`m0Y9CM2Oha`mjmC<{iUzH(Cpz3-d5S#TYx zkK}2Y@xr(7lnY|>+4)ltmPOIKW1T6!S5jFL%MN@BK)7)KMwG%c)qdx1wfbf|dP@h9Rn@ZCnGx2f&hZvW*kS+u~mp*F`g&n)tr zpfbjL>;$coj=YAPe?toRix!BolR|QiMJWNi-176Sgqu4Lk^)Ex5;F)AxX{hxf3-MY=18Q3oo|stRAQYt7YaygJn{|%cfx__q#gLFeXhVk+qmEAL)z} zDZ{6>w59-BMUCK-Hl;T5U?TI76D`)ySO#!;)N@?9>rj`Z`Xt}_lAoNZ7T4#54I>Rmvo%(54@e%Kbx>b*`YGU)>6F7g4}zzc^M z&;$&DyrNT};C<$!5jGy6C_Vqd`tCevRnH4iYsMNZXJ*GsPDvikSe-P=(n6YG+@Mavt`wf=Da! zx*gNa{j)@G;PF3++FXu23i&bLI2(8||hWhX)cGafgETi=&oBu0i`py=)@oRqsl z)hNc};8_3jyh1Qy2XkgwJfDr*T>a*bbq52`fz|83LkO3(G( zUBfb?@9&U+Ll{KlvT_Orm*bPOHAX$l0On+&|BU(%|ETc1;30NHTv3Ra0`j8SmCpJ6 zx-V|?ot){IDeS|bW8tF=$2SXGQr4>u3wiiWTjwZ=jOsS)-6ufCSr|8dDCPV%W;d2O z&=O-rJ~w+rGRljc=~z5b+yby0+OBjn0VI;J)VAggjL8%Eqr=X{{-&fB=We)x=}tfi z@XqeNhr8NN(pLqeC{Rv4(DrCGeK2P{D79173Yudo=tT^+___~%2K`EmU>pXMfvA${ z{S(4n81{8(7&sR?=A~up)`>8JFoG@dnL<`VlW@&;mZ7~TX0citC9EI|u&Dn!d5>Du z3a|~{dtzL2J3(QlVo(?MC1`~(DCF1=1+)k;#y2oVwcnL>j`_o7$>o{RawVKHM$zXo zQrRiwaaYMV!{mwZ5nny>e1iz4Bw~XC=)GZ_ys#ylnibmD!WdC6kWUOHgjPPg;9_E{ z06YK$-RSq~{${SkHY8c=;v=RP@IDf&a>J8eUQy0U-5%H=h-IlOHa8G~*#TG1V_~}H z9ftjY+l@Ld7E-d}fn=ta8 zV6#Rsv;0<)uJz45SOK=4q`BP9x8A3D=N`*S_iTIi_w>rQufGIf+yi(N<5fD-TvnXV zF)ce3GAJ(B!DHZBKo=9QNHOU-bWR$fQtJ^d~KTOzmraLb+WxNnbP&Y3dN$Oa5lmJQA3Vz35s&1_NAO?&C7M}Hxn^h_*Z|4hA z5A1{jRWeKfEhY3mG!E_qk*BJaXs6tWXAg(+AWm?YEz?gO;9STImwWMpwquP}Fncc* zn+6w)WP76tQS_9mUvCG(L>X>lZIY zp3;+>!lfme5`&IGj)7J=oUU}g1&&nJ2RW9|e_0QE{iYSf*N@5__K|2lKVzw!4&6#$Y5eW z(C~S@#>y*tge{JV95FNPr?M9Suk9yQaT@K}yh<`@$L#U1R|&ZCM!cb3?X7&QOcQx; z`2DkMN58j_SavLHeeP8eq48^TpHuQF7WeCYVPl-+MSsv`K8PeFWBk2vc~R=b!!SyL z(YPDeytA=SnJm>Zs-1NBQ;2yR(hqn%urWK8%?DRG`<1?B+qsb?Y9)OLOLafz*$337C~FckIMNdDHwHP$NTBZE6^f(!!<7g`_bnC(X2x5B zy-HNk16}FfYi4@U$%cK;n>8$&Jlo%hDK@|fzc%cHI~)U7vv zA+8s#4|}buXoV6};$=&OIVlaum*UxJ$K=}rSI0==FLKT7nEGlot1^j4dqFO;#x`t> za)W+eXie7nPd6pok&05M#0IrMdH|0XKZb6ma*V|5WqTne{nDLFlvHZ&b1J#yoQkkP`6kx~wx#^&i z{*Zk{B^ULAOgb}(~pmEHWku&X=VSKfU=WBY=<3%$gB`#{2BVbFg|ed zhNuvJ08L=*UJex+!4L#|J}8Kpvv-(HDRpx7cMTfoo#V^#^f`LvPXBZ*zQ8@Exik7} ze!n1Kx{OyQiUA*!*a@6pR(dSa*$LhIWemp8>KzaVFL=BOI<`b=^eY60^q#7N3N*kU zURM}QFE1~#83X%6KncESH-Eo5o?Z5zT(#k{;u=R>oL`l{a}8kOmoe$7y(RSp_m^v~ zy_J@h)$91t9jrn2B9)$8yp)(kALaQY-}E8{rDMh>mv*R4^jE)`7_C1a(T_VtS)|<$v^v$Noz3IP-!|?j_Yb~r zx;|~NFMSox`NZaA<&tEb^ka|6saxN;0-(>L0dMG~$T>#yh>DcPd>yvhS|wC4ag;6d z!t%BCHvgI6S0TsWlHU(Ig|BsV$XBhvnKOx!tqZJWlZB8{6-h%S$i%uPV^omAj5?IBr(L z8LEl{i%c96(Tv8~ZAaO^+ZJ0% z!$iQ+D+=seJbccJc-If&uU?w1d7f4;ogynpvJ_90RPWSVy6^wm_PJkJUVGjyuT}~&G)EtlxIdm>qfPaiad@SNnpLwi&JuT>RcC>Z`x@cYfu{9!2 zrfE7R^TXmTO~Vn4>Vn*mvqV?3S-wVGXTp9@i6z4)=`k^*QFwJPE7=V} zfu8Sgr#H_J14VYpaISk$%!CEoMM2}h*X_=P$}?iTYTfK=L%d2qeDfbyq|1GW;2@=Z zSvEr&LICW?9l={OP9JRb{SzD0Il0M)vDbu=yEQg=Gv(?&5UoK+^Pe8d)bL-}b~AIS z?m<${(a~r#kb2>LUKYMfMVH*eeZpSZ)$(sMp)reT5`K9@$A&eX@@+~%$$^+0dhBya+)!V=IeFdVp&Je)ZzV*gO>^E0uIkf^ba5REQ`RN^XUdShkd2JUk zal`?~tOt=iMs8qmn^2*hiK0}=J6$CPr@yB2uWQ;YY#UHy_q;OG;sxPGt1B^V(Cj4m zeMPgQ+3CBtt$8?mOsN`69SSoH0s9Z_AF&Vll0{eIjFLps<1#eCZ~QMSvu3B7c;)-e zo6cxQ1g!74UnGVccd-Th-AH)pcby0Mdo@kEN855mAB1U@R7ZHB_xm>YvbC5v!_`-- zhNE|ilA6K9BE8af)-D4RA@to&dk|;Ji%FAr=4rTuSH{u!<&P-8;e}PP&)8dNPBFL! zeW$e6gk^plz{#7F0f}shnoBDKyPB#^Df9Hj-c-eXK(EKLo%1V56Ua^yHx~AAZ8R`b z|7mf|iw8pHg|pFNJ)=y31q?xV{p4A;N7YzfzQGY*T7F^kGg6O46B&}kT;g_TZ(p2b=bSd3m1Z`mV)n$kzr4qb;spmhmS z*~>GZletWu;pzA2N<&us&WX>HrObuJBna7Yqh1WFnbopw^EWPyT}3_1G~Y8pN}#CC z2Cz-y*rKfQ*?E{CK{bk3M)P=EQ1e!eV)t2psA)E*bSEPdm=x58N}J{5iORP$_b_5- z-$$Ni=cycATuvkeq%V)XpntqpobR9yrhko^V~C|0Vf!v|3*txW>pkG3D2c}I1U#YHvPz}dFi;NN9b%3l@NPBd(wMC)AlK0VwQ&PHv~w| zFMOO_#v}C#6FA0*VARb(VTY`4(NEi~MQ&3)n=4wzhW^wPn@bLTjXOH6tX`i%qxlT( zF?9vau?*8lizxEJ9Gtu;a|CoFXa9irq}(zpbwq54pJq76kPOkv+Q3WKbL1E-RRu;w z*aDr0Xb}lL^#IVX^sJE6K>ldUjE*sp+n|%9Es}P2YX~m|-%CDWZy>q*CUX;D1jqgF z0_9Rf+-I|nn!)sOxkcizKJnyD(yGXV@1g-=m!_j~Ik`ug6QG^7CLnLlZ;@DZ$dLOr zpCDm6csoahJ?Z=em4VDwcVTVi0sf2sm=5=9qDAEIU=G&kbe^13cKh*^Mnn(`AT#aNW0VUE}bk`{|Y#~$t zGAQd@2Y|DU7%o;YBe^vofKcmY-IfFyK(9Zz#q|NVDnnGkjE$d+gbZgBLsqgMnC#Lm z)cz|g)~ix074{IFQ)tD?O+QG%$fV!r+cLQ_Rp>`D#K74=bSE6FJ&+ z`&*v4(l$zX9CF39QW+}=0m3~K@vnLOwj{x@ent=WD7Fl@FBdQTI;5`8>DSR3upQXL z+0kf!yrOrpq3u_23FclSSaWmj#tUCK;e3^KWWCJ+3~*s*^6M3m=6kuylG7{AyrV-F z5r=`XBa0A``8L~zYAUqbo3{iGZNmjS?e|<8vT=+kiH|O=?hJ}Ow0wysi@_*e9$0q` zZ=?za3P{_mN%I(vp!O$WH0a%oQzG5Zj6nc`)MY>1WmtN9R5>D^=mJC9m7e}eNX#N68uL{_?{2X(TaC}==(FsCSXbwz|7gmYlqqe59?Os zexwawuVjIam%sRdF%h=z?l>=w{c$GqcQH}9xi4{hy9nGtfCq#rTg+VYDMYV6d<=vh z=RDvguPhzWogky9dv~IKTdpPrctz;K(u8A5{D8u9HpFuR6QgruU=g8dSIoVy+2Dqo zv{{2Ra1$~x83b-E>s{J>sgHNmrX745gE1^Qg_E6{?F0i;+T!fDeFjK*Dclf9VlsPi zEwLie9-_=-vI2{Wo|U);#gZ1jTz1WnV3BHz_AkiVHaPTgM88*nTuU6~5uVdzMG>|4 zdksS)r!nSw-|tXrW!JL@vh)`O+&3PWU9&O7VFND5xIH;*rUaD?sNExf;hdW7L80~I zVX7stB}|#XZ7@e4@nxM#`DQL9SUkc#WJV3n2f`bH(FNNuu$z7jbOy*XEjB;t2clC# z+6j{103cGz#-GB2PI~HCP36}i!EemWXgi$BTg<#I?E+Bgx?k{MLU8*78P}ZGNo68k z>IelCvsbAHzlb@}S!pb?r$J9$V~?a9&FI>%9+-Kpef{0$T&bxP9&Hm^(tT99XeTb0 zLFpi0_9jq-7c0oUZO1zgA&YV|p3=(XW*<(l(+cC)|{YA*u z3VKnDZY!~aR_9k0Pz_~ix4xMq?h>61))J^Gr^Fr2F%iEB&%crspY<;$5t48&1RYF^ z!)7)PDk})MVdfL^0;c_tKDz!Zx(%t?LD8gT5AC)x##1KQf-nh2mgp9_ww30)cy^+e zSkI7$zfut`vI^2#1gLF>Iw0BJ!Q*0RZi71-yHIN@o*{P!?$eR0^@pMONv&7U@2P z5jt%>bfg%;^Yqw*XA2>-XKBY$0H)oScf6(kvJ#rAnoaePKPzA_^~|~Ygww_I({ei3 zW-ql6@!}sA2!VXGD$`vHoReLwYH7UQI0RdPiS{@M%k49-h=NUYx5^e>g>GaPn_ z#Ev-}3D!iJd*YYgM6!Z85yun&>&^4>9taJE6%c;{9acl!k zKft2bu(>*1KXwu;rXq+oUy^5+1wF+@yQ8*j^C2PU(zo~w@dLF)QQ>pL9;$!)4au$? z^E(}&7@-<>!Ueh6Jl{leWJbAkJBQ1#=oV#k0X>y@)RQKri4>P6Up`q=qDkrvkW&~S z^4HMq6K$vP24$+}O?a}OLIEjk*a~1kiEo%EF%zy)7v>P2|Xz zKp62by0bLMtX&RJ20H0;Uwcztu~yUl1+d;m9eE7U+VXxVo0Bam`x8b6R-(X&(rdD~ z>TB=6KF23`iiUMvGw&c^6$XPdR2s^XL_UBOdQ~7~cmSU-wG|}cQSwg;C^tX51XU9} z4RnrnX_r8(0VPfENJ&1)sx=AaPz=&ja$}%l5SzZ?l>JNHPUh|BHy%2o%Y9Xf5{;!q zU^#pYMfwHe=lwJipJ=XXf6>~|{Wi0j;i>BX=a9QBWqqkO;^+Y!;dUmC%;|gf^V=!Y zIVFd{sy8TM)S{cSidKcMib{;=zWYZkLtm==^}3iVT;suO_zdgtOycv4b9x>uM*hEf zs)u}~-b5qLbjEFG$Jk`P{ej`fQoB3LT@vjd2(oevC5R@{_*2v1s(f3-x_v#qFJ~0C zFE$ELRDf~*uaf%UcVGp8x|d2Dh_elRw@0bA-z!B_BW+b+Jq6V3y1QUgkn-(v3OuMtl+>g5- zLaXdUBQB&UXh}9DP5^t6vKW54u;$*0NBQnABb>bK%{mt^_aM{|A<(LS!tsTdsY!i z(oPUH8?J#!^^+}=$!>QUa2s$pJC2(Xs3R<08Pqt~<$-!js(mqD9- z5qDBghlvBCH2}(93jE6}kPRj~R#r0H2NKd(vMx8gwhv!OlfAOQ##%EcR#7jW1`7p~ zcH_WZ$@7ZZhqumBS^Nuk6FP5wt)oV-?qu?gouqr3a^uqJ=XyBASQV{WCx}kwQsHnVCIjI}o8Ok0uiiC6Sdp^d=8CGYWiP zaXcr`WPy)l-tTZDhJVq{JspyiCDLR8mm;+tT)bDW42W0a)X5EF-RHcn7b;}zANyx4 zn#xVPbyWv#+ikl)$oBR)#oII~SsQ4*yQZ-Vjwz(J^?DND|-gg3;`n!LcMgZe|ZoHy#wABGkTBv)&~Sb7qh-9@Wnz1GamrTZ65C`(NZ zn3}4o%WYECVeN4L=;LIwD?alYqSr7<$NN)+pB*KNBP7p0HbjZcz~E1eFc$tHHy2a^ z`|%Gedj^Y5?-y4oOgjN6Xdy%nEhiJ)w5rPf+>0@o&CEt?WcZ7)k}354CY7AQj!fbd z=g5E)yoNCM!)pA0RcpE6)SvFIyrFJ$z~z=FuHtC!MQc?NlZ4MuW&MLjm;fGA5hI~B z3TAf9{FO|Oh{(PkA*LL6l;{$rdV7J9My+r3Gm2;DTssz}MY*g=xcuQZ`<0f3v_m25 z!Ip@fZ>a0gxjDRm+dr1Ao?=mrldWO=K7As^ODZ#BYch{rs3od)Y5kR_=-BUV*?gj| z%;?F!<)f2_d>^S;zwX1Xy#z0TRY=MWmBxwBSeoxW>A;Q_P?D0D(jR~Ow^vptl5;6M z!es6K>%_=k<+`naZu;nD6$o(A9C-i%PF!RJqDM!Kl#}@_QegjfuyLzd5mOAexk%qR zDTUyf=!=WlYZKEXTx#G8s5*q1jGQ=nUApsxy)7vgaXIn-6fIenr?O9<^>z8x-TpzQ z3__lh)78;)-}JK*h=q1;1@p&>ltAH|HQYVqfv}3BD5fi9H|umZ zrf^~6M#Jp-*#fiU%c75v;^uChNx{Yo1B0R0SBHxOi)thGLXg>6=3^C6^W^@(Z#q z8{m6Rv9AO}l&v91{^UwNUmzV|#&-#AlQ2D2#SdwA7c-Mnfuq-v=H0bZn`VDhB|Q}2 za9zw((S~Jn^$^Z}rwPe;Q|nP}T0oBWL}?`_1A@6*JCKi2EzmCc6uZ6Xml0*L!^#n# zSBg`Bt82nf+g+!G&^FrUt<@P3w2MS0l>7RJ4nBO;z`G@TmmDANu(o(==BNn$r1hR9JmlhYe9Aog_P`Sj3{0ept@f<} z?~KWPHA=_v>w5&Rh(6^4Ne8TOcSv1C#e9QTBQwTSx^7TvJkp-l?Z@z$;HB<_$`UAq zP_fbU4HEBtw`PTs#<(r*jK_$AgSRo!V?AjjQ-ti;JLbs7tW{+o;o`Fv( z_kZ79HEq(nzQ1~gh3o2k=#Deyj1T8HOT7tCT8hQwoyn$Kekbtg!vEs3VQU#*uika? z9W)aWUOsYX-V^C}q0W0kIchxcvmPyD)h?uPN_~uB2wFWf0^J;X)B*i9NV*fTACo5Ggm(?sE+uELUs=` zb!=5%m9P(bz?8D0wP&M9ox;`QR|trj-r1VdQZMG#*S>O1bDJ3+6Bjmkw2FM#6x&28 z9do7!pKK2sPbf-+3F^3&%0|-P5cokg1$QGh#;%|947&I{b4&63QY>DTQm-N=6IONm z#mU9X>E&{}4B|L6s}X*r(xz|3VJ_nop1#Yv?0Hz}QjECm%@f7^Dc{GU3L@4am@P#pRFqlp3R< zie18pz;fWC>3-6CU(IkIlQEIEW`oi`Iz8P>%076Qi?(n4X68s~jiaI^cQH+7vYla+ zEK!nW`F_7kY~4`u-?sbTlavIe`$K8^`Nt>vc>+-(UAD|p8gwzSrf7$~`h#E|xu?TW zqqx5w{=Z+c`Ti8&@X46-I6v@lFN1$CG2F!7giEYD z164fAj4`m0{3dQU=ojMWlFkn@wmTsyq3D8Hi6W0*Hk4?5_Fg=8T0e(B^~I`>wxHZT ztDd0@i;;FH6FC`~*7piT*f42|+-^25$gSZdi z6O(g?4Z78fie{b-pDsH*5Bq-Y z81{c}6-5gWOPe>`xFtNOmfeSuj6Gxl=axBMtt$NI50ri&>3I%yaSP2S^kqzZ+|Zr_ zw^?f=>%5v=^N}hP-148b9;V6=r7zXQAev$Vwh7?5h7bJrQWX;~xA1&4M=#xk z9x3KK7Jios!{mpmu``=4jtTMq)yyYp1@#)60FUf@%uX%~qW^q>IaN?uuPNu1gU$bH z{J-DzZ*!prLV*Knh_L^J4E$%e^1rG>-Gv@5RL;G2pi51B38EV4;H~096+=l3lD5%% zoAI20`QWGk`}>C{rT^Dzh!`f=OPxpj;A=wNcpGDrb?OwynX%_Y*Edmv&fILmJttJJ z|F5?288POBLw=dK7QU(5k0^MC=U}XJK&@k^>g`y}Q&EjNrfy3bL=gp-6S(`yqBeG@ zH-o7%GstN@IE))9Tn0{J2(PeBEuI(q+{_2izLQvG7F}0ae1JknHr|jC?KO4`{HI0{ zx{86WEZorWAsT$7H}nz8oh0wmUweXle+Fyz&}}1$+3thjjC)hgE=D~BXgdvf+H6ztrm_M>zaWK-Q<=O_?LgN7J&$H za8T)`dP>g0BZ^WSx80ky_N}uCC~P9W@p)T+_dThNdCWEzPV?U{u>ltcti70?ER@?3 znKTVFUIDWS3i^Rx;rw5R`+wV^DGy9prnp8Is%~TVe>Ha=6G(1#RU_1R6~6Sb=%)a! z1M=OQ_N4#Z!h1?QV=B*NZWuPeIp|v8Gvtx(`@tce&c;(mG2B+ad6wLbw3g<7Z4e~^ z;FmvQT(mxmDp~Wb-Hr8ZOpZ3NZ@cQXeP68gzhc7>gd8O5jUUK{zwTQ3 z+r`^@*;nt`=|sJSYAXyTTGkZLWLDJczgevC{%PQ`GgSKXQU2mA`u`o{_*fY0ZvF1F z{^E^lS1l`I-@e_xWwE8NP{A`AU`-6;7UpIfP!siQdB$vr_rGm1Dn3QLL@68J;>l)1 zcM{D)#ek#h!G+qrob-rg%99Vmg(TC(i?R)7xJnzQK6U+AXK%XEbbQW_elhC&ubW|E z@IScK)HF6wq|{ICBK?zeoqHV|wsvH6&DQrk!aB{>|7(_QHVl4RVvNW?WyrbP#X%x^`_|hVw_fu9n~Rvq zg6J-l@C%JPyJE(3C^moxYd`3{`-ZN2#~k|Pbp|;2u3r#mM01rk7q(fxe{`al8q)N6q3L=<`<>MIU!JUzJ(pkTs^{%~ zMNg`j5;-d7F284{oDI^|2a^5kK%+p6Zv#?qUhwHqF#bfY8!zSa=N0|@-8%9%!zXuu zl+MPuQk3sDyG2e|Og%g#qFfvAVwQ7N0?X66Y06Ygsqi9ETxPs`nSi2-$_g7{LQZQLQP zl+i^5bOb|Tifb62*PC_0Gw6ZJNdJ6sT-UOV*BJK+1%CTG z%f7*B!c}HBBCmX!*$g+ADY)Wcy0$U>{kqXZ>G(n+bZO7( z{@A?quq{P(hD-9}5d{BBMAgON*1>UMUzX&UeRDwhyjK@Ann7%m*&693yn)BI2S-r- z2%#?Z?7Z4gqdop!>N>P_;=Yl9aSnZHdhmGHfr=S%s@l4>wKcrK0oLL3jX*lPp#up_ zzIy@gX+HzbpJ=nr6&!2!IO8h*^j$VBeSOk*B6W6DqoZ&n*yPq+`MvAcHIhE@5uCym z1RJ=BZFrUi?XuJ%k8c!znnK)~$4_mr*uA`DX-T$k^u*dBS>E1JySU@e8IOB?C96KY z#Rf}a1}+cee3~@kS8I2jN=a<_V_s1%wZ?UuHii|xiZ;$qc zK0yv_+CNpErUmdackY|`c5l2UDsXRYnuYIt)+X}!8E`EuyfvNWDtaT9B8!9WaWLZO z_M%o2l|A0r7Mp4;j?*s->3HOfmAjmrP5jEph-C2Twbo{*2B%BC0GnGvGG)g5dCfhc zhgFF10mqT^e5TL%uhw%R;jPn=`aukwGzHr?aY;o1`{TGV+ghjY#=F|jKU!J*WQ)F> z&3SM1VL5pZLOx{goG>iPt!~@);YO#_?Z9A{+47kJeUYKp4-QFL#xAPo0`XS6Y~5MA z0TR0iJ_EeH=-)RfHy@8xnYb=m>ow*{2L9^pvK#CB4Um>1k&3zZd+wq?D>~KgX2wdl z5%tf!M6kX~o3LWJM*QVl6F=JB5Ni)OXw8g1a}i4X^ ze^Nx7f72h7)Y7!wvVr%A&w(NLLkV`lKJ&g}N~)J*1?W&BdTH9~v|wfVAlR-zN7Sf@wP7g`x7g^KwV1< z`DDwMgyJH;u(|Hu*F0DV<-WdU@6UYb9x)%hPTkGPJv6mzKv?VgAq__4XJOXK4JSv? z1^3V86Q7BnL@=sfU-MO*Dru54&)%hkFPuB3TZTY_mkPVqc{#}0z9D|Qh|CaSWJrFW zh)!@fv3OBoWg0r&w4K;BSfcbJrIy?DKGk;#$I3K>Qiw}$<5lcZ&u-Y$p%TLKit_8T zv=P*(?^BDLE?VuIUI-g-@DvC*CQhNzW<})5H(Hoxw2@33g%M``aQIYuyIA*96@jLp zCRx#syH-BrMN;A$Ozp~u`ChSICTk1g; zu{13?{rK@wp;Js!4Kp$XyKV!H=D!s>j?>P)-Dko#LZ&;Ym5MK$h zx=CGZ)Y9%mP#|OlV4ib~PriSK%BhDYi}r65y7T7lNtlVt=f%^|sP8^Bg)O@0$t-}% zFpMACU<>4DXJ>1qDUH!ED~FIKl18~?Jh*bx2=so1hg`0|p{y!}M^o7Ge zkX~X9iQh3XUoFow=C{Sx@C}w8zm2Z?3042kX!D>>EYxF|yI>=~*-|UzHkVsdXD~7v z*_@%~1};LzwDz{KDvt%KDd25PlLC6wrwf+5RdkL39-pj1mazAZ%Rd141q01ZZ(zhbn z>XNcfVS3v}FLWZjL zSjYdO68!46HM#eF7Tb)(U>o^vgE3f$rIx5ej%+xppHt4kN9MqOv5ZaatMnp>1KGd! zdqVa>a&%C?F9fDjvE*CO6RiK0#JCKGUf7!45m6zN=(F?*=y?s#nWp(YSG+#vtOvys z*(6uKhNjTih0^P^G+X__&OcxF5x2jZlXbD3<9KQ>PEl>WA?EGFr2R~Nv+})na+7QNaKfa!;25{Pt2<6rq^nyrlnEWc2AzEj9@!#H$>G% zD@5$z`a1FDI_OhgAG3RBIjzTGNprrusnVa;FrAI9LEBR*6}gOpy~WBpbS(MRa;T;% z<8Ph(*0z=a##Wh>ly^Sxv9ai-$8HGMYs#PMa+T7o&I8D}F=MnBhl?zTiH=nJ;ivdg zPmSwf=WS86Mqz^V#695p{)XMs(K@%@7HMZcXZ$ca%e~Gpp{Z)?sNC%s;&pe|UFTpf zrstAMVwHM!>^RxyaMy_Z!<>eb$}AfB>%UNV14isN0M=MrOj>`30|3s}5JX0tFT&xSrZAg)7Vs2l15HcLlS{in_C8&c@3(Z59BGh*E#}MFkdh z3~Qo}))}ZKvbFTNYw96oH9-H9^#G)e_aU;R)up>-RPOcOq3Y*VP*++{!TVhIi?2tS zUR-U#X64(9T$TM+Rut0Y=hoeNM753y5EqOajNF-!SIcM5$o5QUIt|QEkao`hrIgxx7e}q;4WV9B*$kqkDVk3C9X`AHzz#WWFw5(@?Vk~)HD!r< zd)@_Eyy9~Lgk%&KepScZq-?id#y0_S1Vdl>x=x8hE+>wF5lf7F^jlk;In#4q7X3H(KN~}LCEdT z8qMcS9ocP2uO9qU+69%*p?mW~Hg+L_js0Ng_RhXMSZTp zEQ^WCNhW!{N_1u)-LWfo*F0n#=D%aca>{7HhDg10ylBY2EhSa!f&D0@T`DTZAf|O# zi#`##SC87sFszbrc!Y2*3sHG%*U2=pc?<(5B&!zdI>xBlhzd;*4Kj_wh`4^wb00`V zUAQC1$=vYj6;xIk|Ao*rtI_$7QNf84(`ZmK9CzfsOdi0m%{V!=Evpvm&vEdo^XHF^ zkgfN**I?g00kQZ(M)s*Eo#%7^o;W(RAckJC&F2@ybbgx~>{`CLpE-P#5kg5t`3hi6 znns&1tG~4a(|=CS?*HX>MqXklpYr=d<$6&m-|A3Tj7J{ZRg*czTfQxXjz z5y>=wju^X zcS`c7{bu74(Y8b4#Lg?|WA~p$oUo)5lQK)~j&c+wjg(qf-ctwDX}k6*Xl+3pUDFi1 zAS@!Ie=!{VG)TB(6C`sVA4|j-N?ILTnKQ(CQd`^s4B^XehCb%=IXD1_miy99+19^Z zJ1oI)QX+|iR^u+QEwp<4;sb(u6HgLLq~*{y_|)Y}#V}?G7|hDnh6bYQeCE_q5RoJw zfkiA@$-H4cKNrNfM8pD67-86#dr*pL5&RX(<$iZJSnH2Sa<%@XzOKAbQVYc}LTO5{)rCizh>ye~*&aQN1a^ z|8YU!xh@#a;JGx((9gc%qSfTqQG(^bo$to>=leVve32yzBK@jcOz`Z__vdzNgdo>Ok;+2;-qMaR$Jaa&d0 zzMl+pWK0nxkbMt@`%eLi#x5TN18BB3_;oDwX-++alZa~Wv=R=DBUJZ5j3zwk$gHcs zX^y*qG6f6Y@7K5!@q48n$28q!f6aN)=P+0zm3nrH6LwU5H?{(@hTc>n|o zxu+(S#XP!iP63T-3}2!AdbbT4D+3jwO&*8tncUmj2H<@cH|#1Zp9l?FU>D>PGvef_fH}=LNME`M5rOL@4piy7OEcN5DHWg z^!#{(klG3rbz|^|?XI{|z2Ikpq_Q2u7{#THiV2j^1{matqnp$#Mel{+*0O0VO7U2e zcD8Zx&Uv)kXA31OtRW_`%!@eY>^#(xR?#r964%VBT*~i{raLuL7*OucMTroA5bRw! zVIC2v^imqQA)Fub-?>j&SSy{@S-HEaLFk!%ISy_H2q3+-*#y2g?| z^kBzBw`tBaXloXnf;d~ndC3)6X!S4WztMY?Tr*4nmWyRIL2o4Z|AH#(<{`3mo73aL zFW=z0AB0O+?r5kxZU+Xn_Q}uDf?Z)Fjp4BKLXQ!QG`e?tXR_$Fv#xartIZV8DXI8@ z@v#1jlMrmW7Jv4KhSwfe{qQjyyvgYh60~VUZvo0xzR@vps^!tk1<;RH( zEXgp{slu{Z-Z&&$HXcv2IeaVa_Eh4Vq>6%(Et|F^W$J3tGGn+D7^f4(H?d1O4Vanh zw6K=?Nkb-J5ZN4!%g2ceTdIF-G zskEv>7)UTb9s5=TN(zqsT9ad&=IM<=xyXN*ob244qwdmX=xSMQDdMq3!Vi!vrGvyK z`TI(u_93=OV^L$!+7F@olSxYT7;AuP^!E`%;0OCZD;iqR+9mfjDzGZZ%EYcnz7(%H z0c0!uB(%{&GGJND;vc$!a|+kT<(jm0FkCQLfFSM!8C&n?|2}QpBl|CR;DjF`jl%n2@Jrr5QdJ|fPfR+s9>J}`lNja`z z^ooLsSZMdyR_ss|2t=4AgvLZ_?(kUa6}P)IVxx}3<`dqtUb9R=6hSq`T#M=AS#d-V zy}P1rY_Y=UsBa_5*qyrqcayv^`q6Q*OE{~LI(=b@C9J4KS~p{npH77Eyioc73J%l! zlGTfS)IM0mFo~;XsDOszmk0Z?I-&a5|{4dH+mUGaA7EcUp_765U}!|a9SuErU{y=BkULi!uE9izK&t7FT({+ zOI5%)z_ET4v^@qGxX`^ze9g5O#2p>$u0$23$?h~aeZ|u2ozE{GRGBnR-*tklG_`Ng zI~PY!j`fZ}0C3a@t2>3N?p4yurvY~-*|ST);0bacBke$(PQ;bDD=Ph=EB$j@fu?{= zH=1*l;aULVD}-8?OT0o_m+blel=y37h;WS71EovxXC#H>byY_eRV&&k+e*UtM9pGV z4c}(yZ~%Z}sF+q$sZAk9Q_ar7N`-1Oyh?Rc%u{me9+pXsG>r0=#$f*r)}-PwXL>AE z{X|pEn$@2$Gd#*%=^oaF)X={)Hf<}-!tqBtg7Y3GX&?VUAk?&O35Rr)8wT}0$dLD0 z2p${5(69=a*i3}BM?l=%HRr(;fn7WyPZ|DRCU4(Y+S@o&$2w-YcD@|zzBHVLJ1UOv z0EYs@r+nbRA1J=$JX^y*fIm%vkPy)Dou;W3SdnDF641!&mWS*k#?Pd>P7_F~ey^~L z;Rp~#>O<6C9vR!F=0c)}h)Y)Yf|ehxghezJ?fa&|n1mK^kT+ilpN;?CN$m&bRXd&( zEKZdPRnfz6bs-scnv4Repl{+C>%fFd`5K1;!lNHD!_88|bZax9oX0=CDIYRUd*@LC z{$eM4g<*A*TCU0L6V;kP+kUas&&5~9jO(?Vx4=1&98 zEwZ3xta$SQFVatDd=u}9WB>-5ZU6U2YY=>cYruEG5D5wmTH=o=szsI#uArl%Da ztQmx)W(^_~U{g)@wrdf>YwFVt6I?G)9QSZ&(MP7N`@&Cr@|W5sCM65|Q1Rzk*Wp$0 z^nV%u7(W=)`xu-iXx+rq~&gW@D5@nBSbesY37mPjxPgQp55O zn#3KIpEQ3hS(NLBB-}LeD*Z^hVc{7Ana;qwz~ep8P>HIyN;Xg7o+H_uVO~(t4Z^;o zr}FmwknTJYP z7#8^;%{gm^M~#O6!!Ij;I|9o9Wekn6qzO; zkYgZBU38ZY{xRF8N*fr>-@8@euC&NuJqIRGfyD{SktYXOEHsXWkcC@fj{0*Gm6WF= zh7b^)4?-HUoHDKy6bueoe4N`Vfl@Ow-yfA&EfN`6w;wa1C`)Ogx^>;MddBb$Rhh0p zw?5o5L|SYrvJ;E~9ZM-T`f1F8?%$iVPLe`%Q#u%GKG}om*7k#zNnM^nk1R0}^S7?v zf}}f~dP;1>)OgJ)n5s2}PcPH)|9Pzq?jKzkL3dLMk`zp^WB zBLr-CDbQqGN^))`kT4IEH%=JbMb3W%u|y`e%0r+KRts*`jWq!TojK~#SjxLoAqpv0 zwSrc(*ZL@*LAN96&$im(UNCAs0U}{oq>xyeJyj%q{jrnWoR;7NY0v6d zKmR?o)cvn{?+=P!F-@8RRqVn19Fhy+@VQw4&0WL;)Pj7+X+)!GnP|Y~YPW^%DLSd! zB6ZBdYnb$^pOKu(2*{WCG6#Lz#xclZ4CD`vA)Rab59QqQivSeG}QBc6vNH`~4 z`bn{Y1#Gv{u%t&iC)tf*sJm5-4AP_jz)d|2nLlb0!krrE$#wP5%J89a*Jk}BW6TV- zrP3|2!k<<9WwT#9n^R`ReL)8c53$-vTVvj@11-v?>;j#1VnGvKnITql@Z_#Ciw3sh zz}(xRHP|mt%w~}ncGYivP*ZH5c9AT98`X9atAXZiMATjH8YEp!)Day@m|v(^Wh^)B zkNK}$rY;>}>2?*KzG~PKqiCz*L#PPd7h32HGOLH9w73vV|B1-N)3dV;aAf}NpWiT$ zi>?j{G0#1n>7l#X*%z`1>kqZ+(UH;l$$z^mZ2a;--rtaH)NO{XKpbV;!QB5`g=lA;WpnV16FoWJp zwgQ`nMB)R8UF2S2_s~28jUBgI2tDmMhFo%6Vi^#J7?hJgkYxLgid-}U<+m06SvGR1 z{AnskeH^R4qonN`+$aYqkIE&DP$;gE;L)vP;giAUyJW*UspKiNq#Ei>HIBVv>MGGm z;FQt9w~2^5A+3EhH|)aKJpdUoqGm3vY+l;m`u@9MQ#AAd5e)wRG~fA7Bw8eO?;qGx zY`aQdaTP3OcR|REDhNjm$}=!Uef`1+7V(Lg9W3`+9|hIvS_@63m`xIZ!FN*KmSHE% zv0u5tR+EOR!Isdngr1X$8h|kF> zu!&KM)^Uo0*>ygnIpZEM{7#{5(v5LLiTS||Ki$J774(539}5jiZ3*U%F z)*3suHkvo@xc7@5Q&5d2jpFvvS=^_zia}9Eef2_z9+_n`mnTHf}_aw^%Bcl~5WpCF`eQh53Ru zOMmtun|cEZ6czvSWUXp;B~vuCG4rO)kI*En&l6^_phh+|>nKa_`y@+C%k^*m+PVm| z#fNHBN4g`bOQlZx;(t2LPANLB8hX>Kokc0@$5_8F#@q$9n+O=Ve0Mf&U+gaJDe=@t z9jXxoseJ0GZr7{3raSK+%C*N|E%6Ctb7}uktwh*OZV@{lq^BmqA6kT#oY@4tVmr9c z_DM2-7lU+%(Br5v0Q0F6*8^d0L+vLxjc5n}G`G(k<_m{0D!8)`BRrzZs8!;Er0ggz z^!PUF1L-yo>VCudwp0S>|29h=PnvGe09gdIgk&SGItZ~(!rB)CWq}&$DkaY@r_wjt z=y~kp$$3lsq`DUZUvBqU#QFm1m4=JPC~zbC+Urf=3%u>`cy8b5;%= zrd5YDALGms%;yl`7xU>hqw%4?B5nw(kNJb*#-M^jv)1p@DipX?`LDaE)}FtCr%(k= zZF`o~%u5y}tD+k|LI5o5cNzqS+Rw%KSL)3#^|0^qz$gQV+|X#|O2AGgB83vA`K`=W z3!N|g)$LF0%+utLQ`IH9UfN%VT|a%Uz}CbHUgJ}2szlAMbsMA{di~gCfI||r#E7h7 z9(cg8`S@7v^IP#JWm>cu@~#kJmcxeVz$sp6iPhISzaBP5okg`R|&29Axm2d zxi4YjB} z^|5~%{25hU(-6FUe9=t*uvS5HB4*7BTKO5UNY(d9YPO5_ZHX$tI$jg>!by=%}Z((6&m> z8)gBKjlHW#0?Co!MAjFDLi63@Ul%{D$e~1n^fx*7)`%6d8Yr1M6n+ntyN7kfEQHIu zmp+g-WM18e*R8lUW*EC43+!{P2)|TJzcd^T2p+?~X1HE=+c(q@jKU3t4y++qjqMA% zDCF}`FI@zD*1E#WbZp(@yRa||{u z?-F>`m_=-mJm@juA#H|3%8#=0|*CC{oM zscCsx#Y3AdyOPK7j(Jm_#k+?sg!anB+7H*{?Pf&1@riBILQ)DG2y$iKioxf)e1D(c z43^BKb6VAY$?Mh&iQN(ahHLFP&YgPJQpvUT=53AgcrFdJSWbeihE&DJl8+~0SFbP5 z)@G%Fx@hEn-dVgqUw#o6q*ce1D zOUSQm2bmir{Y@%@oJq6iJnO+bZCD!kp54)PBl(Tgp#o@Z?J6}TPnH8yrxS_(_4GAaTi$Lg&& z!rD<%M!SlI*Pc z4%xPvFX7Iy@GvEvGeP^W_9Wk!aT4UEU80y}(MR7Du>`bJiy_hj!lk6jKxO257vveK zzF+FL51_>h$3^R+-c7LQd0mC3f@6xf)3kDf^Ia<7caOX+ z%)bbKF*lN^dZicl2v@&GSUW`H6@5m}W6g|)_}q_NT~9cCa*u7H;a@7*ulsQMN(-+` zCNnXWZ0DfbtmC9w5<0n2>0tlnzMR)%cu#HS0E*Gax%fx@&f_9NAO21I!U7G~5VUqO zGXIRr5fuRW8l&dMGtcBUuRns`M^Nr*QJHV8?J{4E`pi60a5SZ*HK|rfe~*Sw*~Zss zahsL7@PZLXxP??a1&KGRjtfMF)MO2?X*D&rb$8WFH5R!~yAl!4T*$JNJ0Ydx(xTuE zYm_-{VQhl~1_J<61;8 zLsP=;fn1%5Yh#H4Bco! zvI%_%Y&3SHjR|j-5-f<9oqE!rBlB&5>6!b1$$UvOt=(TMtnxRzS+ za51TJ7^dr?7}yOiqGQ`kJ&GpDM(h6)%Pa0Kw*+15ks>o1w9;tVv5-VZn<81z!>o}( z;4;_kJRsq-iNcxEFpvO(U=S+FW+ewnk`W`??Tj2Uu`Vk9?bvJ6Z`oC46sa!{>a})A z(kR=BlUi47xE?uS%uL7aKp! zFts#(E49MlN?vFlF522SRG((ejX7>es^k!_H}wV8=ujWD>ri92@L^dUA;VVW2wAqh z^&6dSgtV!Sd#$#UA)r*qV?oh3H?$n7TFKjHefqRre(beQR%tw}c!f+M;pQCKqCrsr zTAmg(>CFrsV%`P}5;iE^Bykj$OfoXo$Ir+Rx|k43&*%&QZuwZIs)w!ZDf2i`dOWTn zUdAV?PsbT9w%@WSeAY)eP>fkIZNKcSoRGUNS!mp1ndc1I7JRZ}ot9%gRSb#Ps)q21UUZ1;`3bI=dFEvl)Y+m@9fRoGZ&@|kek`g&L*-yVb%z<$ zNa0j0|J&Eqd{aem&5pY=jh*H~Q26ZXFb{cc`iW!hk`%0A+q=%{Rx;GfX<&aUm{iqN zyCHzmuRlw4aQXLumqO-hT^{G0rLpJZMiF3t8KyJF(WLb-1rr!MI0T9_krsFKn6A5T z>qXkPT@PQFz6ujaU~nx6P{{Z@z1auCZ#Qo@ z1{ny=9`bh@!r=NZ1VYS8=X#B|L-gV*O!XJHL2~=!D59;2OZ|{i*P6z`dXa-4*h7&~ zaXa-q(-5!~z>S9BT%Fh2pGAhy#Ocxk9psWdbWq#3eUkKGYhzQsrsm|d*+BLbD!GIY z6?)c+x6}CDOP-PM(6esLq@Xr*)t>m3j01H<%rmJ|@cJ$1bmnJ^@H17-z{bDzB*jqUh;@muG7T@_XptYX9ww0X68ovbvGPLaa-%(|JQM5b{S+p! znowx&D*!U5bnzF|ts$EX)s1aq1_W zfo`1IAb?s zf%asiXVl$(MY(mv(*ovlq_t~z%=knT`NxO&&(iOwtJ(@W(qDu$!9QNSYIAOQsTKv= zma@2Bh+M#|a$|6;YYnc6{QgSj z?{^Bj<4WW;ZWC0p%YP9Yvxp+I!mxirNg34FMH%Y+M^{>GpvDcTebiGV%{;cz>x_kG)^Vhwmf{3s% zg%mTXzc3i=NvE0DRsF;7?5BxlFV{K~Q&-dadLBJiuhpd~uPKkMtBbCS^WjGyPRc+w zb!pr^K(2&o&8}C@qtTn-T23S&7h+2{#FJ~d&ug1c?`=KM2if~A3Ipfbr!kL?kEX9q zUQQHOHW6n~j__9?K`?v2ayUQSBjyZ>j|WL!tJ#O3dEtq%b#kL9JI)T}?iVs6ZCqli zySW@{F@Xspd-^qG>NR7;hWSoLL^IEM0jL&_}T#cKb+WM%E41Ajy|I zc;MB9g;&~r0krnfCRdh6Tp1E|p;K?eSzQdAQB_9&@kc89nf}eH2vw8IGFtj*Q&gx! z0+GIPZ@%gPs3pgU)40tr-?w0xJzTb`qUH0FDQg~4evj8!3prC~8*CbBg7{tPsh|o> zn5;ue|Az>Tq5%gMcb9i#>7VQX-QdPh(N2ih!h0__X%)eYkb5Jbu@}$Kqo0Qel>ibb zYmUmJ2Nw?$Xx0hH^^05`T>AbUO2hNwL(qjpzyk?Po5^lBz>{mi$3dy$n9M4xrAE+g z>h-(hKMn5X?b)u@#Zf@#LG5N7*4K>&sw?s7hQHJ+Xuab#WMH%?>`5As4I3!p=zClG zmjInIBOU@gkV`?U0*0O-4B{Ygg!yEm*>gA;2^>MNWfBM(Q^266FPb*NnG%;K#uR!% zmYA`B$|Us9ET@P@j=yz)E+Ts)LSK43f- zw74nB1gIGxJ0=^~Y;e(2hc~Uy%z%Y}P~~?pP+mhrf}n~)s!iYI{iF^9es?JsOvT5D z3Z~u@6bvXG(vDGUK4H^?VdOH9#!=XghpxPDpTR!}Mc5*m_|Zc?SO5=#j6 z&RME))E7CI)#qs-eH_EOOt9&smCAjZQ!L7kCstRd(RD9-D`juQ8k@Oa z_a?G)lU{udo%%+J0Y12G2w=ET>`72;VeD^)A#KPegTV+GaH7ThL?KjsXrje9G83xZ zw{3Vp=Z5uz#r$PM(ogIvGmuR4Yt-N|q`XS1z(JwGkRYb8AVz``45$Mosf=nIRXNZo zgrmLWN8;b&CvpE|?69K+ZiroZ)a(%ra29`w)dUxFOV7mNm|6eu458ci`@7peM2iIR z->Za4!6=ML{Lb&-4*EracObt1!IR)hvMt=>?+5PRLt+o1*$Nv z6bk81{by+2hVR@g@LFw6Ym*`=>^w2&&$nzQx5$MeG+vS^h%xIiiu9y7xf2@q;P->R zUl|n!beBcO9T+c#0|ONn7lMq4&QcecxfeB{9idDyOF?n0yo>SQ$OvFEBT;e*vStbU z!MY(tio8qxogc^i zh=%tn3JN4@IxfMoS(*rkea${! zmn!5ALpUF22(B3LAtomSDlfy0bNl+g>ep}E-Jr`)Gu{5TYCSC>Aj+_X?YrzFqAe7M z{%mOK!B*#15!e0VwNUOA{(t8ge>Ej-pUF0I{yHR9Ph}1*%P^U%)eK@o+$8RoO)4n8 zM-*mRMSSS&@dy~rWP1?pEPC9$JTf3cEYMH=5FRQ-C)Wz`+Vr0o{d@L3MLpXn%faS+ z_3>tXm`tVtc#zN8EPc8dWKpTW3sDb`R{od$gxhZdfGQHPAcKvK&F+o63LC1jtL7sy z4}}BF!^ibr?3kI*n?~!m?y&LhKsXxlR*KE?J=Z@*xir^A&M{B`s{AEgiuV4(bx93j z0e*A{c(c%*!|8vgXj@pn5Ji80x+=I|1I&~{Tbe2D<3Wqk7dRAGZp38y_we%kTqWS& z>wq>XcRU zgnSjcbMbu1n4O5W=&?5J@<{l7!eEHNFsP!6g+Ltm)55;tN@LC4A2uErjZ1}jc_KGm zA52o<&qf~KI_M^AO*VC&50)?QM?%bJia}PFBZQ+I4JkqD;+$tp# zqPr6JBD*739q#4|Ic<5b_EkLpHyaEgU9S&a^5TQ66wOkN@|cYicsZFc$G3x#MC ze&NPj6bAe7!zUD%Zxi2Cj+cx->GD>vj0Pr&IrMHoRSq@n$@QJrhs2jkT3ZZBnXc;( zMHS!Wa7gI&aXT@0(4(1t>l64mWodnni1+bs-Awf?E9}aL2q%sG*%$E1R{u#u3EHSw55`D`(w4uGx)O`##XOz8q$JSYX*_A(2#m`R=tO za(ISV%R~MB>v zBy;#%QIV+kd7E-OBZ@37Egf!2vAVYAg1P}mR`;1^M)5g_eef-76;EH?p=8^7fYo~c zPi6r&7B3PN`(DK2{fH@*-&hTHCS*o!SEf8-ziTNrnp>F@e8jQWrZ8ZgI-$2u8%y@S z9$p$q^85!#GNSTm8DZ~MapwgAh@!}txdZCH00CUpG9Y{@7o{n1kt@P2y`C|=wd3{+i|*s^-u z>%KgRcV$RktC1qIFufp3!`rObwZXE>14W4cpsMrr|0)F2WR}l z_+zU}BV^Ds-?Y!$)eVvL=MZ_XN)-R=Pe@jeHq2U~)=DJ~f+$=&$@>YxvGdpoXQ}AE z49QcDdh)bD0ZPVOusR7=Q3~9o(5A$3wI#WKQ4wcuDzI!EMCIRZXMyr2RfEZ#jCG72ltCtx5job6S z^!=NAmEd*RYBrAxi#?Hcsm>yuy{^O5K89Ch0@3A&F~Z-{DqE!!SELaT4(4&0Qk^n# zadhz4rZ!VCTk65MZYSB6jfo1Th^RzP{pViEDbAA1txyFV~qDdlaWC zJ`|jGlw7~SJ{#{vg9JcuR6I$%enX7B_b$5Q@l2j>#_~>&44GKK{l=BA8g5v%&xI9v za~k9TjX+6#)+`bNSFD2eRgkg_qEcZ-N8M!HB3m@?_#ruB#Il`Ea{0uds9j3niMa|} z;mQoZHaM7bZihHgZ~n)ahXyMy{Ii{aiwXz&!X%?RrkLq|Ya&Tz4_VGCq$R;QM1TiC z3S`73nKXlRu5+t{LekJ6zv09_3jpbDAVJ2CRy(GmP*6i`G&SNfS~-3j=ea@Ny{wRb zcR<`1(}m`|*+F!&JQ~MNuKIBXefBE@SUEk+lnGKP9&7(|p~a0oekYLc5ozcAfBTpW zW|qNuV!t1M5P%6A`_IqeTDOz4TM zY>^mXEq%`Zvpc!qSG)BK@_YMW*nfWl1{CB>JLJ75*^TG~!p6nm85`5kRm}0-()+ zNhE*hrBFB$$i~o>_;=Go`7I&r%sYg_`KQBw4#z!dPY;YXLP&ysYC9SE%@}=ks^|u5 z7*tjXbIUf^N{d55c7f~eZX|PZrB?HgA3q`_tX8{x+IM|bbI~~=73P0Nxf+0Vzi|;J zFl(z&;9hcjc-lc8V)7%AcZuEU7W={52O{GexJpdkW&blBy!j5)k|Ik=#_wj(a?1QI z=)s&&Vwq@URijzJT`Kw>?*5{J=$FbBcN4xDfka0Z7nS2`F;6IjgXMSxhpj@&1sLFL z@@(dEcY)gbzHj`%e4cr~cnw}*WgIRVRsVv?!-CW=6t#Yfzq{KuG82e>{Ml^HtzHs9 zzq$2CdbAFXs$yPOId_1EZDxdE*+3ab0`LEv^zSYK^SnRngyaG!NHnal{qw*+DSJ?l z_h$!>Z_1Y!2dcQZxZ@Bf0J{7=@1BXV@rX%^PKf%h^1+H(&Mym$BBk>{&gMk* z_%xDP(t1>BaY{LL>x@BeN>TpdP_;NDCsF{|_vZB;C;6b>DWMpb%5rb+FmvuD>~yJk zNU~VQ+9)(tqyWSB?>T|FfG1+QPpF-lmW@b~F*O-6hW$gT|5hL6498HpW-%H{o zTu+@&VbX(P$m~sW*drEx6GA)68vG##!u2+FBau{5L@^YA;xRuFju1PQp!~oI5Swdo zYx*x9i6Vk%GRTv@Ftugq%Sw-BmF-8DM>Wgnqi{Nzk?_7RAYQnx9@sJ_8_~A^y;P;6 z^y?SpH!klqbct3r-vhllj|n3Yqem|a7}pEed%rxT#Nlun6!rm`+OL#=B1>unbdqNp z34dBaE_xVv@{-Xq=F3JVe_rsf5$Y_^l#`M4GDZUWH^=EDcF9t%O$$u#D3yK@eZUaH;y*<^emeq$Ci^% zm|GTn{aNJgZj#MPlet$^|L<3z1DcURLiCMIrmX#ZSOP$>&ReOuu7~uwH2A^J_Q~#8blZ&RHrhX#l)-;IvBxTtZ zP$oC{tv@eV+6sESY$=tJZCm+Aa{EjeQAF?^g=TOCd{^WIH4T<&idK<=R6oZ#yI7Q) zFtgc^MLq|X%mK~*M}k6SbDYJAO=PRF2%ktj)vGoEWM8+lYY0EW=-g}8FFKBKu=-ve z2Fb({>SndE@B704SmO-&Q3faiHo;@dm*(fX;2Fc(bXO99SGJNoz-QUI-v6$bNkUmc?q3fyezi_fh^`GW6v1)N*ucDw$TfSjxen zR<~f0l#5G^Ml4@1GYixJGTZD;0ehE4;;=lFQ@^w?PX=}6Bp@Hb<7DRA*Cp^V*tey$ zm?ZQ`)G5yg<)8CTE5MWJV|YYr1|i(EV&KD=6^?Yj6(fMyGEqwe{y1eOh7)fBOzMSX z6&PM^Po7;At^}LvFRsseu1_v1Oy&RSaGoQ3P)GZ>ES@`TPX#7`rsYQ{h=rs~JuB?} zU$3u!1SaYu5d2WD#>=9t7zj{(FFLS#@Nl&w^KscT1f0|yKTqIJu*e~l&IIY0w{nqt zTK|_9V1_Vv9BDM?mKnhbPto=KyA&Q16rh-q>U{hk$Ss}!hAK?^XfmV3@@kmKOV-9( zSy`DQExuLyM`bEuk}Ql|E?FK*+FbE{#uDZe`8N7a?DYkHFtN~e>#`6t<{9IJ{ z)XG+Ct@>HrrhuB9Ke=lP8U!n$v2N*OKD%Y_00tuN+nHQZ*=Cmoi#NSg_|2Cx4DlM= zt|XX*5NwQGJKvA?7WtvjJEPiZX?gD7|D{H7Fky`KLCbIYBn{Xt@dclIku7r(kR(n0 zyO49<_o+GHh|{9_`hb(zwH|k-FFVM;OYx4r^?K(%8jy{pk{Pv%qohkqaV%&&JUou)%Pf>M#yF*irs~40vwsw< zmuo}_?@Lb)A9__*j44W2u9Gxhytc&5ohjI0&@HZ=L1lvoE_dHD!@Llc8n5j!-r?N8 z0w)Gkb2u3GZ59qbN`5)qD5q`nP$$jZ*z;RetMLs0u2u z7^}r)O&-jg^RZ)IO*v7p;`zU|v4K(eH&H~OsM8`O$qF(rjDd;y*N6ibcGvoKSm0q^ zc?@Uf%D)S3;KgdOLQzCnMn*=crm(2!FS#o>K_x8oE#!bhKbBA#!V>4jKGIV_Z#%p8gX-xx#LFBDfHu(+~Y3D1XWv%NsIqa z3*ZgMpG_Nph)XW=i!ujTT$BN5;JYG@`&w^zbY`tK|bjsS8Mjadwik_D{&{9k^esc*gz-0 z=8Rx?z{;j}NT_15AE#0$Q{QZT+nMvuHgpiMBX0YC=tda0C;PW%-ygWPb9SskfMzH& za+xKX*sgDp8IJi9$J5_|$>e_Vi(mAHdgWMj#OBXljM=OGTtY&EOrJhoa|w~zh~%PL z251fJ3v4n0)HYB{L>~j1C_S;gN*DaA;HyB>qr)&2QlAVwu0$-<8MJ~-2u)R~nV>n* zQsf4rDe3btZRKK~;khS+A+bMUj!SI;$euDYG>c{ES4M5(;(zVzba@qQ-*JJ05-XQPog<;R|0-bvMnJOd%j=%$Ok)CQQ(m$ea&k``|mL z1F3$_*QJ(YN)~_qWEVf@!4)+&Q@*-xvYN+|LEs$dFF}pPRr4}6lsL5%+n|}|wHsmDY6{Jz zZiaakH7ALP>cp|hgsgU7WTpD9@kxW zo#f@^^}ZZ>(fQ**U>rk$h@0O9zXyIR26>OxE%VzW(x%-zlZO$J6SZ&6*bOZ{Nfko_S;0{4i^I>(KYe4pw@wXu#jP({{*!W=9pRxYEtZlNA&9($=LS(oc*y20WNe& zix?E4va(YBRVf_idGi|#znDd`xz1zz{&08Ay2QuSR8mMmJi&e94AYNq9|MgsR9)Zp zfgGED?PL134-^KxH$!`QuZAA^_B)beTAIYc+%cRbB#Z0?7JirqKQ4ph_5e$Lq+Ul1U!FqBXW^e z;ePQV@Lf=b6o2p<_3jfI_G9j|XuDn();j0=m$)P*2JfKT1zeE{O=X(6UBD5**M^z! z#pULhZ7GmrF?h*-jr+dGzT=y=rk?M0_G>RZHg(Ou{n%dD?E79P{v*RgUorlO6GL5? zYJkz?!dXJbNRTkEUAtCjvhx>Dxh`hRwSl&LmYGN% zv}#J0CT?SR)o>L?tMGYu!ZnoB?>P(sYUQYfVA$j1Cr(I7X}PqtL8WYAUxS6c7+TSH z@4gqW_Z}-4%}Yzvo+Untccsx_g**M=%l;{yi2Xd`(`~BJ%KHb6?uD)InUU* zSVi7hnVGtfCGm=i>SNZleFXkt?Eh>;2BKq~K95nn2NFZK+b#Frd#~Jj>#dqMXy?wI z`c9KsV+5x)Yu2d0TqfWi&SGAFK636;z&?UtOyQjBS?!y!p_U^jh1$pPE;P>SjXHw| z1OcwwCr_dJY;Q@DwjLxjGq^RN-u$o3?=>3hK`bRD3BIjKNzt+-y+N`PErA8G zJeKaL#Ra_8FL(^yw~nooN(Qh?hL~r}HTG|gS%*bi;17@aBQK)+-fL{jV}nEN%!IjS z+If4^`ev@IZ;u4WVRcMwRUi&pl$x3*JyFoaxZDzln>S1os)VNS-a^yUpuL2Qk>Ci7 zAAZk0_s9)5+#q+~eYY^|pRZQJJ`)0&Dy*-4?Q8Pc&wf^IWeLQg3Z*EM(h}vHmrwUH z5<}M?s;}X$@#UedsZ$&Xgc|~s+|sP6vbJ7cYe<$oGEF))Zpv^Y8?-dodupx^)(_f2 zQ5fw3lCA^ua3WehRZuHaTnImjZ;^{|B1)ogGB(`un59p;!hH)t@){AOL7x14D9l1L zt;FxiEb8OmHGp0S96#gy2QxrVj#c4UUJ=Ere*Gz_Qq>Ft!` z$H&D>a%zXfCnSnH8QGu{kjDjsvztgR2KE;8M*mLuT*x#mU%p(WgUlCXy+3?sEVG5- z@cT$-t;8Ac5$Oa2Zp7goX1G&^EcGjT(?}=aw09s7!4Tm0YD{fu(p2B#k)2U9r9L(p zSa@_WWE8F4n-FZEHCn2oQ{`ju#d)u+TgscdWqM|`3QFEN-41#rvZ^>ys#|(wPq{~O zz<4a5?3R}fz&sc}JyX+>kP^|&HXdt3xMh)bGhFh@VGp!#RygH#Gu`sy!B&l8wyM}A zRjpB)oY#fW{O_BWBrhInmCELBnVAh{8v>e5$J>EVL@p_cliiiwQrgrd`6)5TKjW4s zcQz`sv9vHjIzY2_l(Zo@0rS|n7Jf3!G>5P$P zWGD8IkqFUUbD>QHj$eDuJefBqRgTwnBO7{;t?SqwzGqqJQUam~(+lZs}MswT_S z@%*9$*>{ul75+vio zm@z%Fq#(f>6W3A_t>lmUDmVu?pytO*8OE$Z2+sPZ80iG@>1k?}`7rNb?v+R`^ATZ( zcJF7i7>40&nk?PExIm*NHMDieZHp%$QCgQg@YYEzF8Go=#eskWfuSH^=n)x;F8;9I z>O!j7(PAWYZunFau%7(rMU!RKv`o2VF>|Xxdya)Xzv3J4hXNvoI%a}j@C_<7!c=9| zJjljy41*G_bLBE({vI`jU$p?H^|(fcfMw+zs}7I3&?b)HKG&4C8Qb&PLM#PnNwC)mO9fh)GKYi%gV}BRYo%=G7?j#P8F)SX_Fm{ zl&ZA8U1M{H11L_P4g^LM0z}*_+*-fU9R19(u2_&K3#VkrA|I@?a@Lu3&6zoq&7QSA z&vrO-itPZqvwe>3SBtE?hP|iG@7)st4d_>9`;2M7IK$`KvKf6>7xwK6V{Ch{(6pX_ z?Lq|ZGR)_6WE?)%%b$0aouNr)Vl}5Y5O5$632G!hPqHtN2V(;6@PqadZ@+RW0W#nA(*MYQrT;$bu_=*+Q-XtlM#Awja>4a5 zc3O2nWY?(+X1);qzC~ka{-Kx&&6k=HH{B@?1RMwi2LaL}^Ya&vBxAupB?IO`E$vc) zoK##GJH>wp(8^|Bfm@j{|6BQ2lT4UzBsTwA`d@2w*gXH|<9E$D6WqO-p8am*RCFLP zh9O`fZ~rEk;fj+_u9ztIUO7|d<%QO!(!Uvuk6KK?n1kPVSa#3KPtxcdzKrSkcv8+? zI1q3kFjgUO)BHU7-R+CypVv;8RD>IKN?;Hm<8=thDQSij>QaE5FR5_Y@R3)BbeM>J z;(JS56U$PG}u$o6wnQf6Cr#+_dHPL5|~J~ z!?cOn-6OqF8=+3_;~Xc_j3No<4uuH1VG)4vJ~?Ww=#NLKp;H_PoC^>zX14y`>)!Gv z_^)-!;hGlxPF!>j@S{+JX!$st+Zqhg<0enHI)(cIwt%Xfto6WeF;0CK18NvR<%ne@ zX!F`04$qVTfOpPS#oOLPkEd>!4xF(P9e~IVaEdS+_KjWhCe+j%`d$oQA{=%#f+2K;7{KVGt^_-c|N28>X|mY7zJsc>5IoI{Np+P zv-g*lF7nl{ARJH1*#t#M$L9U9n5{pZGo0mNAn#0=IDKm6Bx!?GeYir2DzjV?dEfo? zUa5pF>$zSE(-E!@c|0iPj`U*xo+ABThMGTZey?4SrTAi~dd@Wm0uBU%hd?0oh@;R) z>)q4!vcIxfg)@VVOjOH|%%8t-GW;nz5LFG5t#g@)0H8>HC;&3iqy~dsFz2V`xYSua zoHQ)f9MfzgD3p-0x%{}nzyOXPZJms3b4M=kF_g~F^XnC0F)KVM23Jo3x8 zPa$-7U{UkfwdRDumZRvp1AiF4mHUAf;uEe*(0s&&Qh)Zx`{cUD-@^M~N&_+yd8rBh zHuI}qV_O%5?md#`3ZJGrVi}2j2nN5R$p73EenH%+mx#Tdl9&w^ChSmp{BN_ z1Nj~XW((N0INAG;yaBl3WY>!Pg0ponQC-7tMYwx4X08y00- ztB6RNyfaq^0uca#URp#18^XdMA)h*Ll16s=b)Gs+d>neEUi4g?$s zgd75v)qwSV1tL}VXCl+GTrxd7NghM4mtcKd%RoQ2Bmd7bFb+(#MtZX8P`w;LLbs2A zrZ7Sg3zsOo3*UR-g58{>V3K(j3N!kw90qO2PHk;@XbStRZtjqW->#68ps{3X0%0U* zb~H675i2Ql6yn0Z1K_QK8a-ke3F{@o^c{K<)PoPU5kHt-m8UNH`2cLI|6XPS=X~E@ zQ>`0qqWQtt+8V~hcB>&Wg!f13e;v|3S0lc6eoBIzuJ;K2D*`F{ z%+cVyq7+#+B~>*EObGeh?i$H}ntIiYbTzZ`z}B@LnL&x%RVsvM$#;d>LMg4GBN^{8 z1=lZ~l>t?2tZKGAu&r%r??&PwIGgDLF$(z*ps7M#GBJFOn5@V5b*h6lVZ*^Xd2w%z z%$<bc^AT^Q*|DtHH#)CgHcG3+U8E#cA`-khuqY76(B8|l%m=U<|QMo*?O!|PSmu4 z-bBkB(3I)$FW~Xfsx~zrrkT*B%tWPybQT9HQo6&4RnP9KR{BNZU7&^cRNi2jHl;#q z6Us6LT52orT4P_rPYqrxT_nTnzW%m|K*nSj6ttADzPS z5c!Mv0(mFzk3W7d-UWUiGr=zl=lPN0gHn?v-ZNLDEWOMG_Vs%sOuQ%2Cp8m8nK|); zV^`w=k_3lu3G@|VeJ-$va-`Z;(x8uv{t;ZzzXxQ_sApN|l!jtTE9gpi}-7EPKa z0x`d^r$*|*q_EGOr<>)~1GUH!-3>FLM7eH3w#0!c*i+K1i+v*Ld?4>6ID20(HC5h& zM2Yp9V3M_dXSGyADnxC^Y*yv733$0yhFmoAc8wQ^k>OB}~|6`>+F$v8PmV>Dsw}@b@0Na_zIST>O z+CU0%j~fecF7ine1}lfETcqbe6`ZZ7$nUqEmJLU0R68+vi!*y7Jz-eW2G9U%VyTtR z0exbq=AEaToohiu zNQ)K}CP^6tWjjElzPxUdYT}>VUMcf&p8fv~3){8}FJE{?Fx=_K6!3$>IV}33 zlanNNLO!-gl;-hBcXhS&)YVzc#2M{43${gP;38<|#D!xIQ^lM9S%n417IMS2aa0V# z=9b{`w-9P>Na`6+ziF6kzGY1wc@7ewdoGdiyJYDk8 z+vVcMH%t?$t;ZYW@oklI+wxpUfjp83M&yENY07l0-&rMhtt!;W76v|(AsPA%2*mc2 zjX=VEs%dlGpDh_GPY2-cPvtRQhv8pmfH0T{De<u@XqljnT>!IH!jWwgVH4ryk4TT zhdx(N%FNC<@eL=Yw29V;F2;kO|TVrl_5p-GdakpN)Eap8No zaAJ}re;CL2>D-zFfwKt#Lzn!W1GNON9j=xGU<`b5wQnE9P?Y9(Vl7aH=uLsrb!x3| zg}{kU*3Uz`a2Q#kx!?!6ktRs?DInT|q{ZxaAv6i36%;@eWK=VU8lQhrqT=Hv?b@rvebM=ROC`$XQmsQ&LV_gDnWg7w^5i*uL~4HZ zJE^?yr_%cFcFFkIhrx7YN>p6IlO)n5Vjk?aSce2f>*yA*gd%LD3IX!tqLDGjSq9V_4A!x>82%5nDv*VZ zi}$K1I}xU1JKlE{wL-Er6IzNa4UiEJ|zoI z{*1weIzzf1tHGjPVeL<=;OdYrFhWxf7zzrUepYo_O^&Edpx*?|Z_kJ3ff@ovQOd$O z;`$vBa8Vfc9)w?HJWQd$(;%lBQQ)ld7NoLfT78CFcvDmiVc~ zD#ag_8wk-LWFpRFB(P9SOBMI!>!jh)$G}7!mgvL;iNU#^<`(HVbXb~@$S(OqAC#Em z$E9=M{=V55Cc$j=3SW4dIni;de`r`8yRY@Q+ap5px3DU;3XPDY3>N;?-@b;cN90Ll zOU8gXT!_4Xzqwo{!!~s$%xQR@W`;B1$3O?@oRoOU_S$5=j$>Zi1>033YoaoArGy|G z(vn^9qsT`6_h6!wh<@14AZ*sv{Xr(E*U@9J$eo&%*7i=x8wWlTRAGlx>NLnB81>U! zr2G|T4UCN96bAx>LV(EB_%OnXfI>hr5uKHlUcmuEiKnK*^msC?1YlD_e?~GD!6K7E zClYxVdg=VIQ}+@qvo28X9_IofWJ8TXpHux2(_4j$ZPFrhhP3AWOLOIqFq0)CaLLSc zdGwtM;D{>qz2L%}rccWeEQG!jJ3xn;U<#W6;TP!;En7&x*3Hh4-@jF+Z5dL05(H;7 zks@QEfkH4m>vL@T_-0<*^19WpnVtRW;QItu2TYBl!eH8T1eOAs2#TT%N?_9(e8N6g zB9@ULXB8%x_<#t9c*-3x(<%G6?@8;9ohmJFKY0oaLxvrgRDy5I}o zA;a8XG&*9g*5!nF95$%Y2Uk7;#Vw}jy?Nu z&$fFrOoX>j>!NkiH#F>cW+eQ(H$DJwQOAD3iC8F9h#Orq@gSMFzC|erE(@R;B<#~ckmh7G z`}97lNSJoObL2A%=2-_kkkcS?Apm^HAShj69%_F32l4DXAZ<*fYLFQ3j6qURj{?E8 zTW*r{_gxQP#@qMy;AMw|&n52FVq(NNR)5Ml_KXF06YB9D# z0JaUk1eh>=;nG5FM>_K5%O9w@z?9xV$alc6z z@5^f^>fC&<4FwK}OOfZnqL04q`snabJq&Ygs7E9q6Ks-5$c%tH9d&hzWSTbJz^qX&x`oBISEt|JU)lYsZ z-3<+ra`{?FKvHDFf8HyVKm0GL_|N~R%mf({ukOj}V+{W#>tH!j5s{FY;~6aSQj=BE z(~WzNojeKWM5?~~eM!0XW=S}2g|s~T9I|3pNc{Zy*2mZX`%^?Tw3(9*r^sLogJ(oj zGmGXyJ0a5M4@k8KYS~UtJQ9q<4z#0{;*3F?1$v>iwMCknkBbuEkDr%;R}=`j z-6PS^y7AhLi(sCIe`E^MCMC(-e3vo|4DXrl&^@K_q(9Lt$kBy*ahNmFMN$=<|fMQyhJcK zcsG5n+v^UrpOX|L03$wIEIRb9ZCdEQ~6c5vK{qv!G)6Q zCVA^nm1HHwYA_F`5Qvjbi9&-em{+qM?=}rtpxLgclObWT>n%|H_ZFVEUFtp09rgh- z8Bn2FSW|Nw?h{r930P5i=}$ChZVY@+xi$A5P{*iDtqPf~e5 zIrw0jU*9AR>z~8h8LiIL*`N6oA~FFP4N{_D))Nhcm38MQB=xE*(DqsNk?5{(ko4Pb zQK#(m+i#W9fBKd*{_S~5d;d);6&a+vv2~i?7~s;&HRG7M9eVf$13n6})>e(!6jxj< zF);ILQ&lo5!bd_E!Tc!jaVYbI4+d{|?~kEh`NDG;?TmXkX+?8Fa}IDW76mMpy6vs_ zwE-R-(&lQD+KMjetgn>r0DL5d17AhyX*m_u)LYFUwK(|nB*6cNKkgH`@!64w;rkGe zeYna1DF+ z6q+ZjL>S>QTll@2;(ZUzp|cGW1VF31VZzk<&UOgu?o;|f1|nfo(zbh#)IRj6lz;a>CG(DtOUk-6FwuqW^f~zah(GxQ z5YK#AIMvey?L%8L;8rg^t?)O9>6X%C?b1|QgD94*npfz|hPLi3G~K_7&rluE3LHP& zBPq?Py^I7K5GRucB_k?iN=l0EbFppkd;d=RXu-U!F3FDVhTlYsTrxQh$xsnGwytJC zTH)J=zsF_{cKYMn)`DvvJ>qo=>kcD?I&N9wJKcJZq(QvTM7)D!n0Vi&f8RcbI%bZG zm}r;_4^?S|*CLjYs6=#_CJ&qo3HfkA2p>{MMJ2Qmzf;aT?fPpZ?;BsS!kYR4csf(Z z1BqpS@iU5y>K^|K9I_K7?Z)dRarP|9{_LGn1rsRO(#4WEZ;l^5p8YC7FZ$tWE(xw# zfMmN7hrhF`O5Eq4hpzw$VqnJ9yzxy*x$bId-Lh5M;9!nM5{odnG<}MJ#v-n`NTMl8 zU>B-xrUaPXSz8!4O6Q*4($mn08dxTJL&L`SARAna_+k(Xx5V88-XbLPJ)H=v*HS0l zjWrN?v`Aw|yquB>X)i06PC8GU?_j_Ve89xIgVZ|&%d@B|M8)wIJ`*A_BD7T46!YhT zIe?Lru$moln)_k9RTH5(nGmZ{E;PzoTdgobwn2#2J@;n-*dMRk`!QqKubDplscYuv zTlW-VjMGOVsXG}=P>eE2ytgEn=MjmUb{u!Cm)#{z8vd1> z^l-qKc0($zA2a4f(;0j~V`+xtaxUEvVAVhMH)#5QfUxU}C1veusYPVPTA0^rAQU%z z7*Xi&$jFN%ILVh@0(yL{B*LdL>Ea6!eQ}ml{rAtM>c0Pm#nk*ERIWv4SZ7u z?{aJQ``4t{A20+1(N$jo8eJ{zJ?(PZRV&TNQPc@dbSMOV?GTC_+1DgJ6>imDn>mo~ zxbZC0)6*q0GgJ2sEiyF0j(WKWLn|8j(b{b;8 z#`C5h)7G~x>)WsKn1yoKN<>4XRz0c1qOFGBX24>_+@DoDu)mCs2o^;1Gnu>>f%Pza z?TBS0sKyExPz>0JaN2h5kq#`>;wMiAL-1KeNalJV+ssdXRN^KUNX;*QE3QQgCBAry zs#~jm`ha*29fo7}jEF#3y3jQUhTk0NBR;-%L9N+MMuOiuKX5V=H0>GJ zg*Q9E3ZINb2g2kvBe`5%IgofGa!15UNw-@%s%uqsdnQ)p-GO55xI^0b_O=@n=n)=Kv0?~<7GG|Bzim!%29 zy}Bo!Qo56R!!;2>n|)yt>~ViQIS78Ic`fLXKr0bVjZXf2*#-L0SODoagjx{qj=1!I z@VphBAUj+7Ya2Mf*jB6&8sjCQqFa`x)yu+EM2N)tz!Z`tyLA<57(Z1ObB%|*JH5sW zIKgW)GqUvL^uMsIBiJ?yxvjJdSV(ZstUo!9)?!CiH@&Vn)-`JkUgNQurCG`FSo?+T zR5!*bDQf^sV^x@ia5Lg^L#UNV<^p5VAtb;;VS6HcH@wpeu(f~HBbJe%XMVUtjP+oF zK|co~sWdoZ#ZAcT4^_ThSm5eH#k{3_Bh0hLlhcn93+8Anyxa(nYMD9xR&wEJt$7z_ zOjC!j9uF4WSeT9d;`Na*_p4t+w{$f%OWmKJkj#&LL=kq&n{P>1Rkg%Il}wFG(z;8f z39zK|wX}JJj080igbz)ldiQw@twu~i0lqkxN)aGB7J-VvctTI|!uTkDA#UC@-!+&u z#kDtsp><2m^i{G2V2Mq~V#Q#k5P;-)Af5OwgYM8FLEitz6DL~f z5V2eRSao>}O)ZePH*q1_vTxQUV)x(x8{OxY(reC#cJ&@_0zM8wzm9fB$-q3~@m`hH zbb@g}yzQheiFYBibaT6O$9764wPx%n0!kL5lh8?!&t$xpE9b#S;w%@^g>EcXTfjgt znjdjEedc0dZjl6rAvP^d+72F8{6&FO)5bTX=GPBm!TM>~;Ln9$S*m5?86of2SqAsu z!{Zz7g4uBSz267TsnXmdaR@)`q6u*VP5RLw&7@-9Ix$^^u#Ecof{{cPg-NHhUpX(#B!**Lmjj)EON`n zqljP$V#j)Uh&1)uVK8CnXT_vA*;k3RCWM7)@Q=89cC!3wM~g%^Ma$e2WZ5nkIl8wJ zPTue<3<9`J8rx1H8paX{E7t*U|LtQ9NM(-9$>A)t_1?ZiVyQl(*^a$nQAbThC(L-d zAT_62l|QS1lwPON!x8 z(1XS9iNqALR$4;2bcE#*aw`l__;`T8U6^0$ghI(L&OzL8OG+~n=1WIvX@A-+sqSbg z%7P@Rq)lUW&&o%}&$b>pRfjNoP~FZiOpqO=9UAT~Cpk(|5M^jz1w7(V<`>3GC2;y_ z#O{tqqPRJ^@v^JDLpp&7XM-Sc3cGPkcbjS1F>B|xh##CpNlJU+*kU9MEiznrq*A<_gd&N7$h(HX!Q4O=#j-$sF=OtZyf#P}1 z4}|ZTPQJ;PtxliYv&n#3WAY7+88(OJ6= zj7Ij~e@>Ii4%**1x?q?HG7_N&6#eMtSTQa-@UEi+m-8-Z2 z1T`c-K~zJ{dqH2q0LwOnRcH9u6lgWVMH?cPk!bcn3eE*)xC)5{K9Wu>a#P_OL9--N zNJKm!2qjetbWeiE2eklpI+a9)i@2gE6^c#v)YDVRtapHdeqC z$UF?+WcI^4U8u`_mO1dVKvg~Fsl`Q> z)`3?^57;+`&@q=5_l?0bd|xakO=NmL9KBJW?btW#vas!(NqnoVYn<=o>?A~zvX~pK z6ajzsm$%3)NS{pPs|c8K@Kf}@8^L!FWJ|nH)I>D=?FFg*{X@zKxR)$~qwZeV=RXbm zdvMx1H@tUP$i^2JA;RBMWi%3IP6u8rmLx<5s{iv}q~sg_BB?iAE7^B_(h@WUIi+*C z8EJ9*u@f2{F&5@ydH?zkl62nkfV2l{833p2g8%rARQ}HcQuZ(RO5uO~KtsXie*MdG z;^Uu2K$KF6&Cc>Z+wl!?G7zLimaiBbe_J7(7_bnNGAITFq}W%MIPN%hT=Px1NO+*?u6y#YASh45dA3n1APp(J|A(rv7^~7L zF4(x(qDDd&`@XLt7W;7%Cn;R0E~bwOS9x?cR2$Zfo0M?I6&Fh^G&2p4{8_`pMuVB4 zN?HpEwXW~1#iMFJxZ)%(Lx?s#)>-%t9=XSSpNP2W;Hyz6>Txgd1w8XMtp`8`Ito93 zK38-|e55-wuFI4}-%Cv5neHf(~(6gCuK3P?bDu-G$;d@>FhAG%GW6?G%eL@Ojx zl&~uUfmy}EY$svr6lENu5WT1k8jAAo{D-QxsevHkV`w=#b~V2Cy0pCcwrW3U?qg?K zMgf!o4WWxsu4k>)z9JX9yn^cDE`-w4dR)BX*9oH9)7GZuPE_xc_{JgZts8z59we#j zAl&ehD=NYRWm`0}`rtVHsYar2+<+!MhAS&m3dGIuZVYFa33CWH!WzXQhIKbo%GUc0 zIARe@lP7M$Px*xu$V6ONlp&WwbMV-XQrQoip>X>ZjbTs+G_?+x;Z-z7mPTTBev&)QuBw0rRKqhr19lfCFd(&MAW{SlJ%*NYf{si-#jQTMD0t4dCidKIHq4`+Xn$? z_nTgLMd6-${ndbV$)E)qnp&8lQUsHk1j9;F(9F5_YUfkR~M{OdOF<+unUr^;Bk#nS(=^Ia2gYRV>xd|L zsTnzm3<7Y2;$tEZ{>V@;YDpdZKbX*`b=!LuQvioV!c$>{Xb*HyY3yecC?LO`G>0l*f_g!c^3j++BIf!{kkEw+_YXTM;2K= zR>Hi~wR92e@N>@WXV}S|yA|knM_QbOKql^GOZx!9=LO+a^J^PbgVYW`7KU;seOEdS znoTF{gy~Z?npVnXmq`4yX%KAfM;7e;5De~-(trN8xE3!^rmy-}zf)gG`nHVsLVCog zb<~olB_+xO@I{&pX8>v{NS8aI1*)yBm4gQ|orn$;Sig!v^{nJWC4++2yv&Q#{A3CA4_q zh=IVcSdt`b1{{056~e(F??i;Yy(H5km&~0ms~1i|rebKsaMNvoQ)NZD?A;wLyLYw9 z&iWX6a|l2XOsxoo^tXMLQk3bE$9I;)2^n#;*`FVU{tS#T!O*Sa5ah!`fK2j5)6<5n zH?}HR-{#nwQ|M>I_c#;TX-Bo-duWE%m;xVa4f4ME4=`m~*iU#g;C#GMU(U(?5P+6}k(P)b<3NY$i`ZLm zjya3!9(z(v$rzSAB^PFjz-J5vOMFWPj>lvg%D?-6BpP`MXpKNRoqo$rnh&WSxu2+! z=&Gx;B5r-*(-H&P-%I#<2OK{;gbfQBhc0NvpW53h3+MEO`erOe&A9`3)1NO!gM$pc z%B9cS=Hs<;)vRnJB~6nVS;I4AoCXCt?O+zy@2img6;@=W@dIi9?u2k)lv3|w@vo7s z7TX2e*4E9CyQ7Sahn!157Z(;%jUQTxVRt=Djw-7VQ~FZ%edxk5e=Tos)hHd5q%&(Z z6W0*Y#1&1JXlN}4LMqG)LH`Oaipf+oJolm^HZmlXh|mWE7!VH_QmdRSbr91Kb6mlU z<$_hE(H3yEuRaU5DaRt(1?_~%L=nN`KMIgGU_ea+wK>rUUD^TWfp0gtY$gk$c@vh? zB8V&yJ7bzeBidEx;UhYhw-bemov9ehUgpmtRHN4OpeCaUX{CR-;V7g>h{$mcauR%R zU)^6P#TVue2Hr7uo(pWtX9eHUI4>Vu;S-8GocBvS4%60(AN&}j^r)X#5`sqrWaa|A zP6i}#-dxE+1Ry$ElNRLt!`)ceX2C>il?t2Ep}iLP-#KMy2#|h~o^+goMSww2#8dom zy{o2p(C55=y+`5BXQgIOq`Sb2S_gEPTPB?&qfr0M^HTSx$J8<2y?CK&)LY-%1)2p7 zAKEv=)R_?pqhXdd{=YDS2J{`EYHTNwHpg7ESa+{m?plXKJ}`ou3_(?Mhdg(nQd%iw z9HeNM7{djv`*m~jWI{@UJn~-YAhpN;X+DFO;3M(z3xcCXjBcu-&i!~!!9p`)8421i zry^`*s0xuhV@h)Y%&g2!uWmp%IYh@H*9~UWxE6{MAL4%P93m45SApu7C(Mcp+@y%#5*z-P8kFOq&;8;)Yoq7 zyPD@I8VS2PpqXe#Fq626-cajkuD*^4&+a*NM70m?Cr)a>6ZM$@ory0lQnMyE5(UOh zo+MeH_&e!=;ExOge|%;xT$}jwpQvVoj33RPb#*<+^v2U^(s+{NLWCP1sPMYA4jAa_ zz~^dP+Yv6dNot3Ph)4A0hNSHM3nxe?#`ycE_DFqOVE$@ohELJ=JG9mqyr)15`(p{F zt<}={Yt0M$+(Bpl;%b_6a!n9SIatvu=`d@e!?iz5Uoc~YZY3Vf=p$%T*3d4KGNBC! zVTpy^D;?o9X&N3hvz0O*geDGxM1uB_(QqaXy5Pl$&B^WyBgeOLq;F=>lL@w=*W5*4 z>b^G{)=RqB*L)I(k4ZYEHc;pD*9~=X%_EOPaf1&T43sXGp~cXx7Y0;eS_@=uag84u z2u2j`r+9*25!#%I9D==%vDwZ-&QN7eOO^!qHTV{Vk?+Z2jtMgegN6*3Ovmg@B<=a~ zsv>#mP_=A0QX_3Jjp}>CLl45oMGc5?2;P~*@NC<$OL0&_@f7uW=+#04 zKhX)Bi`#BUwL7qICEaMJ#+A4WB_3us)Y8Udv5KsRkZ>dC$#vJLDN`eI2=Tldf)@t* zXvd;gU{b3e&)B&Au`>(6$8+?URR7N}HQa7AtOFQ6m!?WIIV(l9B|1$riXxK&Qp-(e zcjkeL&B~C(#f#LmSdkI%3r(MzV6I#T1|b?*uW5;p2;aW6n{NdCaoea91DdZ6+hicT z&vWbmB>XcW4xf}hu=-o+cR-kZ`1x`jkdhE9cVAL0r44QJ!`F@=PY@jDNfi7nq(S@O zL;Kurn3sDKl(OH6>7#2SJpcee07*naR0+aFmYMJu2&6E)?TdSBk<>0$RurYGzhNNl zOrXlCZas%F)UbXXwROgc)%JtHmXaa-Y+q7hDQeTI5BVi}1f zBwk|Frcf42i=v=bjxU-L%5MAm;#bLE1Q+Xr#?ll>l?2f&>`5|JGl7g{9{50zxH6<+ zTz0l*4((3C(T|#H3rTtK5c#)VVUkho}ro07xYwL5*9jW@hC9 zuxFqWpuYPb8ff&R_?NZQIpvjw2ElU!iq#GG%T7!Zi=Tq}lJ6 zu&;0R9|rceXKSAc00=?%zKe!XI-RX)g?wB-y9rE5i|08Sg}98GWNMEYzE!oz-hr9@ zxb_bZgVES6?I%xK!Vd=CKwUB$Y7PrJ)q{HRFxh0ZKPEe?`RyN6V$L8G&B%D21zbtT z>=p#5NJEr6`sw-q!HfnJ&i)w0DRmG?HNNnYB(H*h;)icT$kqwUJP@YT7&UKtQy2b> zpygh=SaRQglZI61^I$|lnkgA3p{KJ0rpL%|j6|voA=~uwYwD{QKW(ZqiybFVTQ`mO zto`IEQQt@~D3RdH7>cLG1#Az9_SO?^^1ciE_t-1Y3d1+Jv@lhsf*$?;ozu`nbPh-d z`_HET5y@slYbR)kM=qOkdpyTPpJu_Y+G;W=xJF#WcBB`q$1U5_#FUQB_^*Z6JkToqWqYL*W+cdztVDSk z=1RWd{k ztjh4gKwnO=K>**g`@CgfBwki6H*<3s&5-BNVGUrypeLzUUx8>#3*ijE$ns+`t2tX& z+=VxqnjVwsNLqc7Mt>snz~{suAhB@H)+kzF1d|a!giIh43Z6@a?&~I+b(MDw+xK7z}tU*c< zR@DV2VfmC)$xn@!8Z6kiooJBS=1#Ojh+EKs)o^r9M9wn)NQ?GB+d+*7*C#V_-O31* z!$Rh0RjbsaJ?T^tXx?(rK_l$u-0Q*2aNSD58mZJt2;B}=w8%`*%%K81}H>XJW;{p70nuzY8J9RurY^;$d_s$`}K{S(=U_7QETy=4q;gJ%HcROmO|r z52PDv{&uMN%MdD2zhHc|yU&3o3 zAw{^P3Pj$gp-R5@%9-*X2ooDj&IvwZhM6k@vgCb`S$OAoqcpZbq6>svQs+@1RMo*L=<|~oPmn1< zj(^=zB}ag~Pu6&pfw*pAwo0IkDHNqcbAY4^Fc!z*{Fwcj#9+8W*!O#9hifnfu2(}{ zPNF#8OB+lLp50ZW#NUoq!g1d;S?WUAS4Ib-nJXpV_CjVM6?uYa{vus4!60|5k`}x` z_|IGuWInj4rK2v97o+%9{O~?$SpO`oba#xK!XE*=;mYh zz2+Q;6#@o{kgF#%VYyrr$$B3ME^rY?CW0?N7r*@;m0=e6ML~6Hu_Nfq%-USntyc10 zLCpY>iRm(uwuIN3Y3>0T3Bo?m!iBX9$TQAY17z?(@m-^xMo4NY&ul0j6*h% z9g#5!fcN#0I<$Lkca6*d5?s72M-GA!V4c4^KVLNxe6eW$MC}LdSQ#eIFcRD@gH0=$ z-UcB0*ALdoG%z`oEDcwPa4(vU?8y;SC=H{ke7qN81f|B|x>4dUgah{=JU2~cnqGfH zO_gZkRQK2ul3Z1V5Z>wP*xQA8`Yl_xA?e&n@xa-)8+mZ3S)k25Bl^)KiY865F!9vz zuX%a!hd56%{_aE4Syl#o)-4GLFG?nZK6;u2Rhf}+-CSh%OJ*V}#)UAs9|RKy(?c(E zqP7T$57e1G=sN_XaITmw4F@CAAclV>x!rcMMJ|{}x}#s7Hsy8m8?G<=^@7wy`OuPr zVNGW_QX(|WTpiqZ<6QaH^9SVs5~>DT=r_hf?eZcp1lKRhRt+`j6q6b^LyMl98mDGY zq%}uCM?Q+^NQD`RDsXxow23g_dWOGUr<&DQ;%W%GNQ~uB8pQ9_ZKqSv-hXjl@LQnZ-eMo~mU!v+ahavC5lK zn*G&4#Z0@_o0sJF+Lr$NGsmRG)1|K#B}a;k@t)C%jeXNT)x34wQeFMTyOk<6x?xd{ zUtyy;_PZyVlBnI@G~B4pEm(Q1(sMfXw(Z+*X*BpC%?ljL8yhcu;RWDxaZ30h0GSTVU40hB7&cfs zOwII(x>jf%NZ5xj2P&JCZqZjF&_Zp>^^3Ap1MxgeT2I1fg3A$_(UMoEfQcqdT=+9Y zDg|NqujaGyXq$$ppuQ_iYD1}Mr_ThjBO1=VzObF*^KNsPKg zBpqbw0MTG!#>YSlKRgcz6z9XjMPoc1z+wlmxix*WE`J>ngcq!5utXGa`9EL6>W=Wt~@C&6G&5ayQCU?j~t@VWB2KEJ0{?phTd5299R80!A~q%cBL z&fQ;vtvs?#V^B)NbH4OBX?Xr6m>@l(67iHPE|ZLpen=gqEkVke_rt`d3>(@CN9wjc z`w{l_X_zAIPDUcqkKxR&oHGstMil}?#mNc16uaNpq{T{) z`9bmWF1Rrv8V(Oqi z5?p|nl$6NNfBtjXv15lW*q1C>B6r<&m*hdc9B65Ws(bzV^}_8 z`Z*_lJBFF?b-?CzH5vBeqBFj;UM7JxsmQb#lwQ+%Vc87?^KK2X6Xdj9*gMt~RZ7Sflo1 z(ZnRxk_>hiJRc7s1#LzhIWCz5V4sV$V&Ycb^MK+G|`fd4XIbvhzB<-QVC>Lk(jZFURj7h3aUto*8u&vz0iTB5 zB~8$9=Rg=yBfosTL`ldJqshkYbMZOd_M5GiEu zUL+Eu`W!!w$FX^xj77{ak!J<~%ZN@fyJs8-oeMU#y%T>!Kgn9!HH+wYI{_`-CRLJl`NP`$OZq>3<=LxBlU! zMzcWL4n2wz4|HedgGVW8kn*G=6E}w;@|^+X$Ho8llT^#Pu)5a31zbBJikbd`?b4@R7lIscePrk-jjrcUaLMdEd}rW+ zG^s7xEGTf}++6GA$hKtgCC^iJpo8yj4(v5lK7$?9GD&v)Kj>1jMg zWk#Bj-?c}t+X3w52 zS6_X#Ezntv-+Jq<^1uTR7?W_?X{X7B7hWj0+;WRN{q)neSf4jcc0{|E$nf}9VeGwda3;R&wrLjAAQv7pK-<+a@l2< z8I$6Gk15lP88d|Xj=}imH@|623LnDHe)cmtsGAyzlo4WZh+L{0(_oG`56=Gd$Lu$ldO_KNL%MYv( zeo@*q^$&>KLtw;8@90qJZ5JCV^=~gq3-NEO*-xjo+19RF1^q|L2Ene>uy%R`v2#S5 z`o@(L`r6a=`&DbEnQbWxdj7H4-?X<;E?i!2pDa%5I{j(qa0=~lO*AWJ@a z#x(VRAU=19Db<|wmz8^M>s;rI&y~-dJ;ScMAyk^m)mP(77tFHr@IMF|Vx`vhPPymB z12T8~G=n*1nUnj)sykYFFkQfBtS1N~+Ae(@NlCWgS6_y_rAzF`MrATN^dJu4g7b_;wGi(b`yV>n3nB$>C^Q8+B$$ zm#&fAJu^xV%_m2TPb;R5(gLLiEjrQN)eW+CTeS(M@ZmdsVYxa;>sY(Iwy6rkq1H^A z^h#+DohNfc zkj&4`J6e7AtnmB>y*WfHH=O(7(;7}&BU+a*j`=yoW&>xeU0CmE6yE&iH_I2k@CCX2 z^2=r7#EE8-gqhH$O`GKV-~YaR=}TWSM&mP|`HU=Bu)s{9koL1k|Lb4>D!={hZ-s?E zngg^JJ9g|ajR6b&Z-4vSW;TTefj*j>o8_lJ{i$gf$p6SkJ|femO_MXvJhOLXXcRDS zqP=7%%s7(W3p>rSYb{Y&-20U5K7;lH2pmoj03Y&0E^*{k4V^vM$-_h_vhHbB zs}E%yq^n(8+OuWm&&^5X9x)-`!yscNT&c^%)@i`&81&>#f2&blL< z9{F*>Uif(Y*Dw;z^)*sc zoh@y7s&!Y|%G?lQGe71UtzG)rcA(Wl(Gog6UWBOdaSil3Z5atv_^}=;dHlZfo$nX} zfJ7fH0uulE^XE&ghV8rm{`>7=Q0_H#dgB4DTD8iUi{pge%8nmDUY0CbV$RTi`qQ7}Z-4un<>5zx*%1$!KKu!DrIjmJnq~uy2ZpznR|krQTV zRG3({dxuO@v7kyfy4#wir|F<>qNP$FWhk0Da%EQuaqxHcIgUAG?2vb)>+n2Ze;pbX zY0tJ6c`>`T*Vlk=hxeQJo*xTtKk{~Sa|q8})AhoVZke%IB}aNuoU0~$HR>F#{Zp25 zuB^LeDB zv#NBDsRJs7S5bX9jp5qgk^efptZy{Cb-#zTvd``?Zs-n+YfR2DF=ss%iyk@p;+nM3 z^?Fg)kRf&MrXFeAPmg?A13qj(5P|# zdAT;ik1!%`PT_fpx=ve0Vyc=ypstCQFl}NnzGlrDfhoYDd4k6BW&vMWS!s)&qmDYt z9tJNP3wRz7FCPyOCSlgBS@QFr|6DM0nlopPE#&EsmlO>I3w&M(Oq%eaAf0&PiM>7( z)OU$CS%{o|`srpy1;c{o0|o@MC|-yb-9eQ$X&bGEdyzQ8f#NKVW@YNssrDlA!6YL2 zUuxH9BHB$>8;p0L<8*TyX!&G~c_8ij$M{N(ng_+GJtskW~WIUB6%B*&k3p zmR4zO$(HR|)f(GgH+(}c8!>^sWAvu*?#u5H7>U;k4$2E{d(8=raq~^&=YzP54SDA& zQ<0^dkVT^j^+^wYIuW|<-L)<P{xYLM2p4B3~XYaF$(u#FodwdqG-9xCoD<v%JR+8rP;;%H7pD(l}`PyC<6er1UtU(^-}xs^-2c%Ddv1n}q1oh$$T@Bc1mpMAD5 z48Q;V@8#l)FSdpJFMjb0S+{PTF$`!bFhOE*;1Y|5cfRwTa>W%_m~R3vB_9@P;lhPh z_J=?Gp&>pr6_`NbWAU$l{mc5j?Y7(Gth3H?&GkFd&XGqRX<82IaemG@=a?xK1@FA` zPC5DHlY9Gv0f9kz@WBV=q?1mPn{K*EKJbAL^c!!#4hC@n;>JJ2Aw^&i5BWN0bINi~ zc?X+8bRD;->&K0Uv2qVY!Fc(>{JFkeKIJLHHH;ZYq~-qS8@KaOD!^R$?Q7HpyJD_r zaf1$d?ZG&zkw6O6)2w!=4F}Y*Ggq}&YWG>I+6iSc6kw5O#qC2H^c8jaq3Ye88M42w zSzc1?VWC(RlLFiP{5C0R>XMSiZmB5DSI6rt-Ox^h6DX3!2OFp7#&$1^YrZZ~3pKA*+rTyz6keuMuLjKn zLFa0pz><6t?X-l-(te(fp;5!^0v6gKv^nE}FlaUo?Fk61&i6<;D%JSvQO&Bu?D7U(&u`4)30J)WTP) zbo@10^6_J4>87T+@{CILJ9JoQ&drvc4Qdi~pi_zz_a8eeU!Ksto0^qAt(cZ0r5ZB! zp)E}+MCy^_XXa?RE~#$rmPtwvPMuRAH?C90MbnZ=*;1(HMr(I9n}hZnjwqDdUv9Nf zua)KFWU=Poy{W};@~N}O$u?DSurEhhUWTlgnk^4+M;NW`OwLxP?`$1|*Uss>A?*WO zn{~eprD?f3reiZigG?E1I(cfY{A+KgRPP~>$bR|!dFnu(6Ube({SIF$pGtu&|grk-q-*uN!j! zli@TI+=l@nq7oVn%o$(|KqSkSEi*p_kRJWK@r`e^`Z!B-kA*+cm@rXt2~7t+8)zx0 zL&CwEg)v%&x4!kQ7P)D!?siH!`b4tA0+{^Ie)hA*q=3Xe{pn8&&fKmY*T+zfM76@V zg9SGUO~~rit8K3I9iBj@H{X1-^$k<=o8SD#OtKhbA`|9Yn27;zG&b}La|ZH$)0^HT zcinZD`Ix{^p)n$1sst`>L6Dx~^%}CpnV<^}0ph4W%Xe)l1TAZb3SL`_5ZBa3%=4%d>S;BlQK*>se*vq^6~B&xeH?Hg|h%he>QI@(ID0 zY3(rGS*3d3)MJbVjKgGgPIi4V9yTJaRfj<6CPZM?5nd#aV*Lz?l@r>h3=)oe8~1n0 z$~+yng`gbhpL{4D(oUV5ZcH$g|-(nH8jTrtH3m1 zsQ44X1c5xt%gYVd4;Cok@T#gR!%KWK&gVr4_J@A2s z!b|`oCqRNJ;0JB=aHTT-dQBN<=U2Y+6{C&2cI`5{3B7e?9o#5Oq8^EM+|iwr=h~+} z!YRh^_~Vb849qzgN)>#_-VcZCR&RM9YoT2doJ3suq zd1)s>rm}T-pPw~Uosv1CiNAj-B{_B zs#Xhai(oJCkqCnnFM;CosEHRGX#tuBJ_wM%|3k*C2~7Zr`y{0P{)85S#ivUkIhQzJ zv0{b3RDB;7=2Ms~ImF@0a>O)g_3G9BTSh=&8eDqA8{S~Z$UjcE@I|{)Sy^dC-FRKS z;T%EYXk>8ahM>U+efi5@HmwSM(ie+*<^8Di?ciq>M)0xs1Z&VCwYemhXc1{)MfrIt(n&sdepsR?r86a_sY8BeMj2RUtLSP z5;a|sXKUEFP;MN2)7M6vGe$|9uHAmc$<*IbmE|&LYKhF%XY5aktD~kFVZ5l~*xocX zEN_-?E11gOQr^iFU!W-N_}i)UiuC>s@3S{UPo_`uUx_RTUH<0ry|$b7(DoVa-)17O z>XZqZ3}rO3+8^$T>}S;5(y0w}cHkgz0eIs9jnc=rgRtZq-}r{%Z}1Og96lnSbN6%K zoWmL12Zzz#$3FHki@?V{+Mo>eN&Yrn8xC&Zu4}Hj#&9Y3Xb*Y>ZgQG$*Pg3O#6hA6 zLL*#%)Q!e?ke4nA0TFl`;T}vLzJ&O6{`qp?zyT8?L3}aPLLmlm*#qNKB?w}hh{HwnyW;` z>|o9#)pv-0FzxuuMjEHfkJO*b8_p4gyheRVK+vmo5suUjY0!WE=YPt!ZQFzeI>Z>p z3C0JcOM(C*`5_E0$d@QmEc_`CVyEuici(MlYuZ2e+;a_S^0 zBCHUgYu8_Yy}=Gz!+ukY1ECaA6A>_;aKZ`JF7FS|9*Y3>pMnlzh6TNX(IH?8?+fk0 zD8Ll)zR@RR;vJz~uF--)7n4QDlkxm9uf@dFPaAmGc=vct#p)ARSg2ZXqGR|A4Ph`W z_{ZtD#hcu2%>57=IgF|RZUs}^#2yq_1GvajaVrd=Kp%D+Lgmq{vPZWlFSAXll*>#{ z96Fldi`qAY6RpaB|M!2}&e~`vFx_Gg4G1vmbr$j*LD-lRVM+vHzT}cii~xefDUZ|+ z<^nS#d_g!80Sn>)F<`U3U;gr!7M2&}3t}d0u0ymSaoWfC1fq|m2h9fkQwHJ!vjWkE zKwuO5$}6uJ0fKR1PY`wvhq&Y9e#I46qzA!O3<0v{pG$t^jYPGOINYr+cW6h}9;mJ> z)E=}!H#2Kd<58ujL5c%`^K=ngfD=WErApn^+I%EZY+Q*RPKTPxJ+ZA`j+w1yK7F4^ z#BTU*z*Q{v5F}JqR@#El;SjW%-}=_K?0aK@h~ytLPr`A7-_QbpQ@~d+@;~{>PfSXF z!wokW7%EXt5p6P@px zYp$`r86&=OEJCRR(}J`foXXgk6F8A;a6&pJo)2@uw96%@&Efh1)d?k$2QBS_I9fQb{E=fyKu z+FjRXo9>nBzDn`RM(-_lPTDdOY-E+}kXErlH+FMDARr4C{UAiN4j@79BPnx;o@E#G@>5SeWyqa=Nh}7?U_ewr^e{K5vtf{6MqJxgIEDT&H!$*%(=;Lj z!sSq6zD^2+I=!^HP4YTD+hD`sDw*i%%Cv||9g6)swS1g4mPvmuS~5|-ux6h8`T4!_ zlSj9k-KFa@I7WuRGdmjP^aZJBtG;nhlPp&6@FJ!A@t%F;nWe{Fz7TdSA4uZ6LE6m% zAO9&N#w-%AP@w`6Vgw+V#$0g01*Ww?TK$%{yu}vu;3jYkQff>-(QtxqkTSEVL_@%y zK={Ia=tCcpC!c)Ma2*;~{I+Nl6C6x-U_cxr!MLeUNO8iEgJ%(xAi1VJr0SSrVsb;@ zuY29=Yyrys8*jYP#)dBdI1B~{0ZzIy62Jlzq8DF$(WLy~f296s8F)^>2e@+|8iE#r z#W=7;K*VB}=LjqujwFwB63hqr;7(w~eTVyjCqK05&g6))Xpx{FFpE4JgktmqZl)c6 zu6^hkZSbDJu+j$_BJOkKU199B>*%HpEKUAEj#f5!qM`zsT%@L8>Tfo_ zyhI(dJ=4Ih_7-VTr{aSeY3N{PqtxjAjyOnZdRdDh><*0 zyC6gmEC>^3!Jj~s?1us2MOyTOAN;@w0LTUj4+x)g7zY>;htRnXkwkh#KkVD#kUZ^E z2TcN61+)!F`4|@_1eAlQK!72x5Chr*$&=XBk1?|-fI!2zAZ>)XVI2N`tU^lt@pgyy zzut@&;sudJ8aHP`j$E~LmTs7%!3K2f-QC`GxEx=J|Nznj+*Dy0e!VgXX2ZEb0Z$VH(U9_ky1QC*efA|)`nV3+rkjH%K z^{;=uErMZ2kW|wqCP{p|EH?d#g(bKN;R^U~_3G7z?_e-seB8p6aWHL_g*6Exuc|{|QPaF6i!OtK5@CW(PkA7rADjc!VF5|1f5B%+C794ZnaHKl|Czt@D zHKN%-;N*Pypjr4-Ko_8AXm)7FwZ%Jt01TQ0zNJ3TfODQHbcB9jKq@OMEv!5YCFW^7 z6W%F5!{OScPP!z<3Oc#trDi$3&pp(J&wPMyuF|8*!XCL`dcOSIg-1$xf#-9Cc8~Y= zg%>*H`AyyOCyjUq>mLg{J-e%3ZrixuqH#_t%29zx{N<^mkxlJg8Vm#9%XES6@W%GGZvW% zi9@9#N$#PZ#l#3zEl9+lki6iFKvXRJ5jcl%g6v@&AiPNCAQ&JYmq5yB7;yB)_W}YD zo)`m2pZ?K!pmrw8770X$su}4W+6<7lOArW50w4xxOqd_-L!iUQ@9Lz&kvZvq*|5)x zJfwU=Zz2!)@hjITLaP@|mdc3*#!z=@NC}AFmXa2EzH_f^>Zq2Nlv9Yc#AwqPsdsHU zAQvu~q|uDpWaSLqCt(1H7?eb@CwCmwNJj%O((IkV*f_~ih6|IhR7-Qzw28&{zGEcZIQ#NL;{K^meaaTm+((N`duW02 zzaXDF^v7OE;4sW*Sg*p1!n5K&^o2P?cYq0t zdEm=6Wx$U-V>GugCeQ#J+3}Nr832Y?s74BH5A`sSg~k9++JX+k81mfFhI39`7zk(y z%pNAW)a7~M!vU?i?6S*@(PS>rJj}Hi6XT&>#>8_>w-gQ4xw&w}H;V{)JP(q4U%56D z-2qIyRcY9MWd`1~VyZ^w)4(li!Wb(7N`zoD%kpL2o(8$mmlgNu+5sNJg+tuVLInW#NpsaVDh}MA(@@zH zi&S%@f~I&($3XiIFPFBA1n=14pvDh>V2QrQw*dkhEwL!ah84tO(gpocAZ9Khv2h8a z>`yqPfv`z#0gtAD9|`+Y?3O{)NS{EsE`hXRF8m2ICVnJ;C|(f0ON2*siA4d-2$DzI zc1X|Vr`pjWZ{+>wFXE$*ooqhw3dL^1a&fYLU~9F!pi-S^3FKOkohffPa*7;m>5yMO zu~YYB7`Qe9BEk2Hy(Y;aYLG6Bj~BZ;TJMM6N1e;2a~!EZQplT;Jhrt?&R^E&9D3;J zM(55Rb*d{?jfAH!O2CUTI@5^TE2N+IX&{O39-M)+n}t2h0t-o)0;i1tzu{YjKm=h2 zf(q_Ae8J)ni8DBiI^aRHsF-|$r^v&10>23GDGO5iMEHWa6FwMz+=j3Qyz1~NObTX~ z_yaHo{2o{U(=Tn(C;h=lpq+pz+P;0eEw-5l<(_j{d$bq+9HNcU)k*au^a!cMhP|zF zQG~(r+}v+dRhyg^?VB6~Dgvjssb->1eP9uaL`p37Cuo3>cdwcuTdSMpRyBvJZu0gZ zic~(*Jr@3dd#*~hSGRh;h&o10dykq`tU(-#&Acj7y-4=}(}Bhgd1OnST(V+2s1m&<;Km;lI5EzaW#W4_(Mv1Bz2WZsQ zsE(77Ky(n4bV?wIKR&17UuQE2o(=-FF|{ zrW?r(P89(%dueZz{P@0IYJP)%lQ&2-A(tFAL5`fx&hY~uIFWnqTwiT%owA^8#E>^5 zY-!gW)?-M^20n|#mNe6X!2mI_-H%vnXrUq41Dz^30Oo;TcydAv1Q{-|0AvB`5{px` z4E}@!-6gaX{QQab{B8R4XxraD_z9+j9|>)$+ho(#gBfv&bN{uw9~}Eb0NR7YHlbUC zGRcC#%iHW$w5@XZgeshtI4Q&ICNie%naGr&?Yym-90FQmTRo%=4NByk|gzHyyL(dzY+9y*=a%A2_&j$;JL;v>^bTJ+9KQs&pzb?^LD3GBvIoq@x z2*s$=saz4(0?wq!E##qH@ER~g;mMVuZk7rxA{6PZqVfu9(rAnHA1h5O&9x0)d7jBi zY0F3uGu?omEXV}yCLIDeP$OxBkj7#-l0J|W>VS_u*5_{dTBb&KeSS@McOI`1F8s(Q z8OVY*XQ|EV3A4-PYxiu?FtL#(MX|u>P#s9^@>LTp)SsnY5 z%Xhfnmo=lMd5uC$4T{{ju}aQ4y)qbW~pua~tu8w@sON>f&<27~ozwb~mqw*Be=eb2@kscG&s z^Q#MvP=6l9%QvsB5=?{l)U})D_^c)6GOHrb=n=H4wz)&@+E8Om%d6EIVm~KSHQyC# zk`y_x1T=2dY&9c~MXVIkjmB)C#nt70oU%iGFloz3ppu%X9AJ=A4+5z6U6c}-1duq_ z&cw*s3zNq$NPQ469$Q%~C(SE0755EK?KeaV zLT1kII$?@Dqqd*e$+Dol_oW(nad(s9$;DF&G$h`5lQ{kEUwc(jl%qR+cUt6%w;w;H zUtIL9`&;C;bsB+1$JU^XNTCvhcb}*mi>byl8iIxag7HYT#Nv91&K+VkmJ_hwqR%Zz z0R;RIfbQT|LNq354Z+1PDj?fQHKhspI?%!XbR(+O=!V zxe*6x7R)aB5t6%iSRWNMM^DZ6Y&RnS0@&rLn5Z!4P}y@YTz&A3&_usmz#nAhr2qXg zLl_mqFg!m4LkIm`TP&-1tnD ztXGEQ`h?4l81Pm6Mv%78{?rxZJq3 z2=GlRz=Fo(LjWlcOatK*iAF-Kb?j6zW5Q7lBo5*xfv7>)ZUG#Q$Q`1J-|N^Y;UQm< zhqkxNDMyG((Id~RSeb~5d=Pcyd_R7QT*AA{g46sImQI#qXU5(gm$Im@vlZF>=S7R< zeScY}>f8Q^G*(|=WK_Ut5Slga_dj2(l{NYuqZ%e55!$6voxeS|-y|rQP;FLK^8wv_ z?3DSX#tfi}epH>E{nOsOzu8pOM=F8_5kI2{ntL!3sE1do105QMnTpu4`Q=@6?-h&E z3MCAybPQ<6CzoV<4&hn`3)n~rVwbEPLL>Dz(0eSd^OZpHoW^oOD|O|`Q=`87V|nhu z++st3?;7WIm;(Gr&@^0g%{3N9i|AQIa3YL3w25%!XewNyEK#;#EJz5!@T)nTnF+99 zbBvwj9NmTvMWaQ7K}QIJ=8i8gfe0GwcnLq*b$c5$;$Rd)8KVJwtyV59mX$M$WtVEj zfBEok*|blEMCvnvb_4ALVN)5?k<*J!c){YoLh&pTe%`fQ#YKlCg$4J42lS4F7M1da zN{^s9&`={WVU;OUteOu}Zpfz0gRxc$OSI3};w9)SeI-*XF?i_58}$g~Kcx?p1xXP8 zb%X#uh;DfCLCS2(M5sJ=lO{y#DW{xbCQhiH2`LLRfz#r7=bdMWo-mC>GkM~PCrq-$ zhE4uxCxaM5+7<c89ws>Ez5*QZesELW10fOA7&TkXdEUC7o!R%Dg zinJ&Lf{naCK}@)Ze}(j9SlB>^z(JnbijX;ib0eW$oZ~!%j1!!P;A1_5XSoLlZ$j41&PR8gw-XQ6L^^YieN&}pbsbDNGiiB*4Tgn>*R$KBAXwRPvW>} zg6?k=VNLB7u)hQP0}g+9TaEnVB@O=?hUcR-z$l;%ZamS-^}7!(&>stW7zXIh>yDlv zx4lp;%XM8@p;`%O0cNq#tjE<138B=2$pvPT^sJgRAq>OBe!2QsxP&<}f+<3-E>MQ# zc{Ob!k{-cgWN&ZsF?}rN8E1iZ`iQGcBf{OAQ%r~s~@(KAjOR5 zEsAUx>3>W}IR?aa_$wW9u8VVJ2%bx6 z=jn6RNsa!DdC;Ss>jg)D0C)$tb!JI5D+$R4Sdkfs4E&+I2`qNz66VT^}G zgGJ5aH5j|o90r6A->T3Z1XOHZie~)DC!aL4CQO~6M=yD?+Cl&TKmbWZK~%i(g8V^u z%|=_n-V!hz&UXTHTtfD;#|R0{1yKd#g^3-@&_)20li3~fGXsb2sqczeW}q;Frgf?& znw_eXxxRx*Fzvbune@~`zoNOu!TSD}bw3z2bv;f6M)=PW78Yh;$yD7>Lkr_?cZ-_O zGGT;JFb@c`ILBn^9CgaZ{PyWr8%#rve*}yKyGuj=fGKq_+lAJ6$;+b+G_JIbR)cH) zMN633E(k@KidF`?NdOUJw3uuXQra>SIKafR=}rQyf+hz60bW|9K}dq`zWZ*|IG|y` zW))<;dGls#jZlj(zWAbPE3UilI=SSMON^;t6QX$B`yhssUPbj=e|&qhs$IPWvw!fw zm0ww2rc5bTGnVAw1%HfycBo_r^CBF>9@<=IJ|Jf- zDwBmO0m9C-L#0!gE0wFXhsa7Gh0q{TPgd;^4EERA^fz8r7;zrfQTZ z(^~2*CQw%$z5R&Ujma2_j2@Y!<15v6W4(I~ikLe?Qp|(_CunHE5P-N6?>z>69dKJg z!LbDazFSP2*!df+0~`CX5gjY|Knf<@Gs)q0J>tMu1ozn`Hgv4WRrn5xyE+Tf@zQn1D8+*`yFpng=4jdejTbV z-@!YVr^TPkkZFcItE+b6_VzzZf5*T5nMfIq57KvI#;M>?P~h{$te7b}0&d%E8?pg* zwd8REBH1z*S06IiLUU4iQ?q|i1)fo9jXcimRYej=gTwix?9Csc-@4#^ki zNKMLQl1Fb@Wy(2*#G;_BgUp6Xs&00HG=6@_;M+>a$dqzvEF?*<|K`o@YMh*$~x@lthKm{iXk*TSf9s*W6hv=^73S0)drIE<$9Lsrv z&aU-j*T(uTxX;Je)cfi@<(cnaX=KTPLzJG=O$&t~@x-V*gp{auWLp1}1gacX znf8wF@~VJ$1^HN8#ZpCvsd+kGGJiuMN8PF?~{F-JI6Hiy&(l=pU)A^`s_q{V(wf#&((EMJqhK4i_C9+lGJ zVdwj7*ykwlw}QX-+|Mk%5Bo%PW+Xh?h|MuaUT7I$`}N}^N+0+!9~?2Xe2ga%SZzh> z(PA1UJp!IO)hc=ELfuGSA0Gy6Na@i z3Y6%=N1(13pSy6zGtJ1G;@jOf=}9>hrYUQBH{na-#IZ4%mxWRR6Np2?e1q^5VXd@i z-m4B(o3<0md6~R?t{;h^S?up;OQzf|@hk|2`qWGm^0Z@fZhu2%M1Fi~1`_4Aa_1NK z49w_>&0|I%USnh7rhKwA&f+UOybg7}e3Vu&u&N@e0Q`kTdS>yPVIDP(a*UYXpOBXw z`*JV&R&ZQjL!1Mym>ILsv;gm+qc$A_UEeTdDJNxg=1Xv+8Ek)f+3J2nP7(fu5dqMk zOn|{;I>xb1K*U(Sj|6JJPM@=<$M9Jy40W+kpCm^7B;oDe zy3Vv2da=$kvFR^^eTj9qLkIvUCRB6Ob~!~_q(sx;(}b(z#jG1{+~}(r2?oI_T*M!3 zUJ;i^OoeK+bhjpdK4WI@+}m=+Sg^W7V>mi5g#wt~qMy1h%PpIuwf6Wz4CMuG@mPLS zN|xL*HoawNXB0kKkj?AQ$U2bt>5Ikj!So2>v(jyyKNj`^D+M?-_D1GVjdxKZvULWJ zBX!AfuC&=f(9*iZ<3U-f(Xo@_+v7*v)s}8)EQ?Vw-dWRR!YAPgN2+J1XBrkO7w+uR ze83Gl&N!^u*#>U>xZdn>&9f$yFjF%CTsjos6qJS*NqH#7mj5uH^=GPDZztkQAVAEg z4z1CA^Vw^ookS9;fr)y3>ANA7gE zz&Rm)E@gL{4acr>)Quv5LlPaF5DnAf>Nx6U63gOw53VT~87qpHJO+wd{Zz%~Acp~3 zj@@JVkk&{l?q2;&VG#@+72bi=^K{MWdt`ynV^5uBlpN!mrJIkD(&j!&RD8Phxn5iX z+A=>#21k2#dxZj@1^^leu+WYj;-!m=xX4aK4YC-;=G2=_UVX*{qKQ!^tnp>} zPnNbqUn1gM0$dq({8qcI&c3b^Xz#HfL%)8aj+bWtvZx+nk;KbyD_6tQ4j7&%14%^k zcA3JC|1Ky<)POiGs0rEgt<1#A)}dq~?R#oUij-*~%ct@&&iMA{?BUPvQJ%aw1EZQn zk}#;UcYC34lyhosjeWv?HbUa_De)`y-GdypxHI(Vx?zJU65huamd!?g4;lWHS$dkZ z-<$LOQvZq5mPf~DlWZKlOyDwXaUY8RK|(>;5C2;%@TJ!FI~*o7O?{}Cvt#N6;?9rD zUMXTQaQD>Y6d4K7BpcDaKNOoafsZ;?d>^rKiJnn$bQ)V{uU}X;l6#9E&oVeVHvmJ3 z*iXoT7!cUwVDgeAD%w6r_HxQHqbzSfaIx@o zZ*bz|kT$iCH$K@#)IqQ2twaI^byO#=i^G$9LbI9c1Wd12vHEh{|R->5glVH zpqh?3?||~69xj-ToSBDarh=rUrLF(qWjXui|7a3>ys9a-j^xKF=qkj>&GOLKU4Qok zzOh%JG`Wed>}o_PE9w2wiFh(JR}|0+M3G{K!4}N}lJgewG7`97Cu3@L0Lzn`yYd;= zZon6#QZc@b?G|v9Pco*SoW^n{_|xY3y0_JxNIi0^#KtqAe0Dwhb=(E5?C9SVpDQ(J zT$`>#a}V^EGLSJh@F~KIr~9xrqeqvz&lNpu(4Rqo#Kif;Tv$$bxIS#}_ZB~{^O6dwiYmMG z>eYgwS>t^dP!ssAGon-*O0rfPj87B9=iIgeRo+7JjJKM*s1gM}>~Tu14K6W2<;o7q zwquPAtTc*OIuk16h3#>|@+ptW&ylu%64=m=29^e6ji!-cIyyPhy;F+Uu<+c=%Z0zc zrTfx_nt807UG6tyeRmV{k)gKy@&CIm)@1R)f~94a^hQmvcH~LQXH3^N*zpQg;mkh0 z#=*C`^gNogIPcYjfGL6p=5gjN@|mm`Qb;C7{0ASQYU>ujn2$Iz-!Ye9MKeCFkpAJ< zH=JR!?B{tYwxPxxBUW5h=qdCjk6`u*I-q|0Rw>8)hqt`EMIjf=QdSI{k-We+s zYOiPdOXJb|uASw^h^XE}ceS1&DdpSW3M=t%j9W1n z54g?v{7oEjY@IjJ6|nf+YU+6vw^qTn6~($u7ZtE@%Z9~k)S-eoNQhsr3y)CTzAtXx zupwJ|Ga>+g0Qd*VHa2kod3dVli^L^E3m3$nX%b3p7_UbPXF0wN+}kD*x^ENN;G`DA zEaa$d?$V`&3%ssD1sfp!S%eR-v(!cW)_n(YQeByd(DZWVX5Ad+yY)@QZH*=;Ji%8v zpRPS;3JHX}|4M$5WCwsU1dF%Znga^)P2z^R)Ii&pT6b!3`Et~ehFzky=^ z{Tv*-MDTIz*dZ?cJ|{|_kDA7VtR}k{>r-NiYn{OF`A6=31iI)t37wowpA$i~8%Ad` zh_j{(BZ-dt%BuWpSohFr!@E{NhLKN0J{Qh-tVv^hv&Kgj>2ph-o3Ag)YAL4@ba3vqm%0F(lDcTbjSUnPS!5dVX)@Sg$*dA#-==0yOd&T<&cg3H%Pi0$!j(Q_2 zI|yuLyr#r6ksZzwb#b=Vvd!nV{ zN<(YojwT`p?9DZV?n$Z*48AX$E~3sK%SrQR@d{>)>iT8IKMzP0V7lw1T*gGL7)>f~ z28cGjm`sMT5a|7SH2nZvItP69ZYmh;feHyMMMkFknp*8)*U%D1CrRsNvL!J81?bol z17Ni~%jm1O!!~Mk78Joz5JnZt>bL)ggB*}oV2lM-4DCY!Ie##s`!zkKfPPiF1vL5_3)5F{16)p;Ub*CPsLC z8?tg+#;A9p;p;m&A&9njMJL!H(Q-Yn3Up6|PM^i@9l0O1X?A9Kb%6e#v$aSVkdGNN z2TvvO6mJ($gXrlTYO++ptkSt#vd>^*`w|3MbI{8 zW1}S!lI?13JkDV)+&>{l_3eu=vVAI6O_19JS0omdFmmlPFtR-o7B;*p?;Bk;2TB6a zV-lBAIkn1Ggq!iyu-j2)Tuq026{3^3d?OTI`*kNWOp_mxzi`#HV{)^J5^+xSeZn;8 zk6(H*?g;n*8R=#%TEA#T+#;by}MFj z(qOO3gG>YYQo;|ACzcn}!k~^@6SG9ocGqI``ZJl}mmcn$6b7>M6hs9y+3fXndlh}m zTsq`S=R++#m4|BVT8Qh}lQQ{wkcFGGVfPf@|e^*rF<+O zrMo0SIl>sK!}T<0`kl+;0*yA!_OhqHS6a?>-5sV?`BJCU&+X8mKQ`r-7YP>3+Y9Aa zCiUo|LBh2`VsM+A1n#*Hso{e0K7u%>L`l7AY-{O_6}abL@TPt{0VTK6|cu7ZUnS^o525-p|>O`<40pVpZF%1 z4LwiFXxvHR%H%SW+b(P{LYOz`F%Mp4vICUKCRFU8D)VN$M4MZpzZ>&lsP+pafiqeD zTHL5?D3xQ@4@KD6A1}Uqg>p{nQeNY*p3S|qs)8?!;rBGjdKI`HXmeH!2c>mnd7Xthe_Y3VI zl%Esz3uY<;!e0Lz@96igOm{3X9uZDX<$S86`Ns4+e$R2307Uu_^taF?7F~BZl6wvz zWD!NR4kgum=qpOSu}=RAYKRjXTy&HS8Rbrb&TfT(x_ERc(b}1Sd`QTOQSC^~41j-B z*f>p!^E0fGPsnG!okah9C^4%vUTq}x7L@4v${PlNhe81J#F?N=CzQdIvS7cfenE3Y zL?z|vq)9QPXIKtPnFM$Sh60rFVsll|Ql(cqy0vKGR{BL#-)82?i$H6+#HpiT;m`+D z6%fAy7OE4}KEk}@fUO&CD5vY~`VOfK@w<-G3G2ak7hoo}%qf&?nB;v!9P9R}=iOf< zmhib@H2SYuPV5{NcMrKH(?{JuP340kCUe+T;bL@69s&eIseoBdp{x3B{g*S*ZS953XM+Xl}t0LcSkMcYjuvTXtDXWKY^R8LNH~t`xo1N;yWdjC=UL zI?>F0{5Le2MKjsFUa-c$czVOkOW8-@8CsrBGAV|f0qg5ic4fR9uxS{iK=@ai3X4!V zzde{zG7NQdOQ=S_(lWK6!(OEVXhgolJaa=)k=6A$#6(finU@U!2LmDn0}ucu^3zvV z@prMjY`MG&ElqmfJYv;9z!PYLAuO8Q3LDYFRybURgJro9C`wgXcI{b#^oQ21ap&plG(-a8INVX9unp| zOw|P-fK-SB6E4%YjcEA_3nf)5_GJTcv9RTd0#X{D7cm+&L72vGZ(Wbpe+k;Xj~Fde z2Q_Xo7EL#2@Av2D>TN`Oqy{_%jQF~-Zca6P``091`hI_+yGW(C@4?p_%h>;(<`kX! zp@|(od%SgeUA>KS|KFjlzNicvOC(&;^>6mM*FF!6wj&=_#j!cvt(TOwW~)Vht<&P; z$yC|Hr1H5Y%hYt}AtTDL!~Nip#V(PJ=nxClRL-5Qmy!{je0^2>;R~@q=&JDy@dLuU z^y8txM{pP*%5gBj{Esq$^B%?fOF_PPtjzTIJBr;{P4=qG`^n3XfN!Wm-SHc23YIP#yZ3?`#7dd3v5Ma}(kBC&XzADlPnM9G1i zpYm%Qwu{ILg&gHu;)8#;tRDV0et+O-YU|AffD7fR>O&WC&8p~HHZQQbj@?ImQsA=& z0C!Ia7#!XUK3`zFRrn4qWa9jvNSf^DOQlV<(ihH}fsQ%8yWt7lx8`pO8J{kZK8kO} z535ZHm0Q9M8L%Fd3i-3lw#L9q^JWX3Nhs#n-FB)I2GJt#4Ueb9_os!IVw&=TTvh?a zr}%3Qa5)wji6-|Pfz#K-dv1{O{XfJ5paZEQTW#HJiC{A^^i3R7VJw{XTQker)WYs_ zJ5y*g(GST`!1Q5}dvT|Bt~tfuq(ISQq)j<>8PJkNO~s8_($N~`PPm_v*?-BGdLN<| z9@mDfqtvPv7Nd|yrvhkSNjw|*ZHKALnZBZz9j$Y9p3TO|DR4-0+zn>ZvpA))o4diA ztaHH%Z&S-fM$49Sc2Avc8Uq_DACYGh(?8!mH)*u?==efJb7_6BnW&kV{*?=T>_wHs z6sln@7$5VJRjUQO;lE}#_sNkqnMGGDNikXHbnLOIu-UnP?%F@BD>qcaej5sM1qIDK z?uRE-ZOLz3eU^QqnaSq-I?=vtljLdcrVYl@C7$Hmu)-5~WFeLN%Zz$yPQ=Y%Su#CA zBRVa~b1~ntj_!2VtR{QroH{R_csFTF-x`uz$m{6hw4pqI*vU967(Yv3JmU%QXAAKw z6pzbeJsd*%g6p(s@`ig=Y>8!bbI8BJt)cAYAphXyL#U}p!u&5Lwv$4*Ndkww&d`EB z^m)hcJE*q>Cr_97$<^?*Xsz2VtexW_;cz&e2nq$e(2xAIyoC%63sTqQPqrGB!H6ifmysSTY6M9o(U?oDL4VV?C`6oM)`#oPjj@T3L;F}f& zMO_B`EfP8mw!>0uS8b^-Bb2I`R1(QgQH0>&MQuKk@U(tTMx!71syD3Y+0aN*rh~8v zS}ImxklOm|)D)@R3OxFM8739^EHaXQTc{T4%73sdxRR=-KggMkS$`t%iWPNO#u_+R zQr1dN!pUP)$+a+}LlutL-6AsQm)6RVL9F&7w#&KxnPNx&P{ZHYK18cz1KuPQQV!6f z?L(r#5XS*v{FeR$!{!WDa_M&XfYkY@4~PT`_4M))vTO4d3vrenkWj`l7J-VH`$s4( z0bTAoV6g8bt%k%7U2f`9^mo~#u8#`#vOkbYIj`Ktis|&LxQ0XAI>@I4N;GtDQrBd^ zR5#}a11ktI1fob#cG}Gh3WZUkPyWAia7pY z$tju<&KPa1{uSF^v|DA1_KrOx;$$?Jnpm~9LP`UI>Jpri%~pGs8Jp(?##q;6ptCz( zeb9s$zn|A6xV~DP`d81+Gg*tY{FII^oLCsujh(mwP38}>C`>9CV}!URO<_ho(ht(v7@Yy#2i z7&fIlW5iGH#U-*SQ*5%=FjbJvQ1D=l2#TF+23>uH^5JtX&QZ96RD3g^2DxHx?i314 z=+C^hWbFC+lTZG!G{ir4X5gyPVZcxr!+3SJI`P>fJ+0a$z|M4;h}M)rKngi(m_72w zG@S+2rxhG-`{Hk*fB0H>|5Psv-v515tq>;mf4tx=Iz;A_no1B?@!D}865Fph%)j5b zQltDCx}6%NrHYIn|B7RBLK%b8W-F_xQHrImRhU<|S{SUZZVI7Fc^3Fs)!p@iWV6su zw^4w>I#h_Gx7S~0{T6{x=+mZVk|Q~Zz)>ihdh{)dwUZdYfLq#^>BYXqNKc=jaf+hx zBCZ}fRVuwV*hBw}ei6r&uqbAS(vJQvjRDMHV6(LmkcW8%Dy4}-b0FyYQ$X+doW z%mf3@!GRO&q=kv-YNnPWD?A8rKtu=xyCh3Ao_xped?K-p_eR9UC-y*x9lODNh{x@3 zF4JX4bmrWm4W=Ua&d<~RJHo+)=}%>@a`=TCVwFY51(8agXLZzk2ch$X&0JiauIHm$ z0#hRz38i=|v=OnD3dv;XChkqpf*`9Hxn##3Ho;H$OkeCE-@$d#cz=$cerzKkzT1j0 zz+b%@u0bXlsp;t$s-WpKwj_+BkV;G*5S;oF-xh8a$PwLQG{sbps25|iiY3> z3o;F@SdqqfqM8cBOt$OS^j>o0s#MlQ8ODx|&mj^t(3weJ)c91r1gqE`;vC8G~}9{1;Y(_ z5p<}yWJgt}1ia0V0H~o!mE0eMD%IGJ4@XgE$cq~v;sIg3yy->Fq~Wk!WmQKu@3*=2r45#J{^=Og2TT;U7)`qbtf9;kRSTpJZ6(wAjNpmy@=V|{B0=ACIFtY_s38%6t+Hv7q^@5Gi0ZU3l!qE zUY*4EzqT3&$FyW+{8*B-j!j7MSr9D9VSaPWSp>e4PUNO>&TR}`ARmsAVe)}}Wui9! z(*9$w(BW>N*+pvyUzoxwk&I|JcnQoxYz_|Zd!;9o=oO96WaHqF zY-u^`FD`g|-!9>B05}b-|K|v=q^VOyc&v2dCEsvVtF6tt96a5XAq z+x&_%w!~<-T+=>L8494bSe-99VZ4DZZZDA#9ZtbRO?c$^TRY2!(x&t{JzXI7P{#n9 zuE4_?(E2T&56PWo&Rqp{sCqt$lZe&gw<2rbM4%2BFaa5?`T8Ee+SB;p{8KrzBxzqt zQqmuvFO8(hUJ*RFVP$Q__bFw3MARlC6t}K+{aU7 zHc{K`jXXme`MVW31G4D$#>N+c73$i#9@-I8+_I%{Bp0V~8?W1Wdnxv1s3{%KJjRf$MBk8<Ktn2DSvygdbeqXv&TW_8CqN1wSjd0Ar$Glci7HU20Gvl&z zYhJ4C?xAHBl)~#eaH--*O{VZsvUEi%>=>~z@p!79UfoN0>*;zOrt4GWpue(6eMj|e z#5fuI)RJXrenjwz8EMAA19XZ(g2f`ahlTJ*uWV6FQ#F!qQH+RKH%RQMz7yGfA<_2p zx|9nYfCw&HT+DpOHeW88i}fV>u74CvLER7dr7Lj^io%PW z4L|N(axqsA92%Qzeb>6Fk@5H;L_B_qXl6Q$r5H(JGUde?u$n}Na49|ALO^Uh6wodA zdh7pRYj)z=8f6I29x^ehZAWvJ|BO)ZsleSryx`HCge*`SIn~EhDM>Y&Wv*|W>mrb8 zzFXJb6pZ3t1S95)M8=X#3Y3A=uxJv$Hm;>J{ftV~go43+*_DpPUJZ@Km3fy;-lj{A zDr-E}e55_ys;ar?n$qI;-Mfhi>CWegfs<`{PT32h&*?@ah5F=tqlYQci9lx5e9!$G zWUG-Z%~3~1SPXMEOnfwsMI}+G_iR{=g1>|cp2>T6McYg;Um1n8AM;qdqOADlkj@aG z#$E~oxKave#HZ;Mi~Fza4M&Uytz6sgI}*_EsR(W3jvh(vsCO!M3>+a+aX}xKhd=g;CEM1 zEptzU?Gg`z5>#6mz@o~cL(L?&%u?(4m{jpvqnZ0$BRo;xg3(ywrNt{Sp^0_JFw}iJ z_{(2oO;?zBJ7%A-fI~R1TYGuDX$JroP)&rMOdYbqUUw#@yWC7BRw!5Zbn4mNW+w(_f>}eX{xYLbz1MoeKcf1FO>SF zz!EG8neA;H84?tW;8TYP8U{hza3|nt)#26(`{3zAZq94c#(8LoS#7 zdwhP*))1ZFh*~3P+q?LLX%`(H_QtihhRd+k!Xcpa{rNVIjbmq`5Mmp<$(iT{>(%0is7Y>uL9t^mB367`T_j9th zRkq%;r)Ouu0*@De&Aj8bDikUfTrb-GtYe?hNriF(3-YavIM^J;^iaJKm9y90%&)pP zYdtrcN4?)}yjM8U4&P=niD=E1Uw>?P$4Kd}H)SVYtP#9i3AL-Atc^V3U0LftX&1gu zIpMzVCCeXqZFfud`~Lr&Xf_nk(t>^#&BbN!94&^gqP93=^EvRZ z2wXZ`ojXy?n;*?zi&>3Qo@D!~fLO$Q1=%ia<!$^+CY}cAS`_KFKxZ8ur&EA zymQ+Du}Oi6qucGAb#4YcKCgq<428AT!wO7ihe(2UUW@Eu^Oi30U~&RDbO!Y3(I{np z>v|z~<=@)#rbxX)5HO&k>AXVK&;mgMJnLRYKJ|A7Z;B~@nV0U#Z;>_DGevZK$wke~arzN`fV`8^mRi^Y%&0&D{}Mo$0HoBhF6sT$GYu^5xu z+IU*8y59C>^(J9_M8vf|bV;-3>|=a8)xHZjV?U|J|JC>eF|ubr#l>chjYIdqGH z=6c6vFHxPPrMBsjQ4t&+5gv{3HgO^cTr+v&4VK@(tNoP$A-TX!cC*4)r5?EBd?+zY z&O($((h!S8GEzp>8Fv%NsKks5=AC4EYeDxP3}&E*KcYP!9Vs~0e>CP5BPmPf69B`v zqrd9PkUk*>I{$Q%(CKE%*j@}hrHN-H@3zsj;mmBD&Z?R-D8UZFBz8|LYd8eqFgbHS z&ds7Jxi&oCLZ(x z^NY=`tk|j`GZKjj1W>NO>shkBpV@54JN;@^EZ9QEz;U=r;m~T5BIga)cQ?)9afqfW z>27X;YF*_rq+JM^C#mV;C%qSN|M1Zx_~K_kp>;GTJj_v7$B9N*+%<`+Rh&(i9aEi? z1V{W9Gh)QwR4IL?i)U%_at|6d5dYKNm}F4wEOQb~kEHbwcmknrlE!|_C&bPv4gY9< zmda{v`JFl>k+}`3O3SJ7&EDLMDPRqU-0o*Xl5wAO7W~QifW(oJMlswHOI12%U1&_; z^ebPVPu-b+0Q$g*z}vgKXy)xO2>?1tBiO!S-@vf2jyYP^3(Avb4;JPx1ozHZ9F-i# z0%}QzF8KQ+v^A8mLi^{{X&=)EW=C8>A1~Xt9pwxIJ8VvCBOmcb>Q@(|BL1OcZ1QCd zJHB^f6vZ}HwD@33JrDn+8UbDq{at{)nrsRLaSvab3LQ_A7j2u97uXf#NP)c_{r+mEDo$~wi>|Bm;M zrY-z4)?(($_sjDo_UjpW9`HW>^&Xp!x+ABns!Aq_Zy)qRtCX6nv*PIV35{=vKSTQi zgh9KV_We|SyxOvzfODt7B_i^L!43tb1*rXVDpa0{OkHlYYk&ydq|d($Hl4;9npXlt zwS)o#0=dFJXM^}YpZ7SHJTF^^vGK=xJ7!Yx3VE9&dUN~1!HJPlX>VCgWbBQJU~A-J zf9GVD&cSJraSzj*SiKM^!0K#2YStl1!eVz2qMX;|#8rS!EMriMnWhi$Z}b=P_6!Mj zjpi_znd@EZhY$oA=L)X+@fuIMgg>2yiv+^#wDTyHA~+ILK*lFcmZ~1BnvVi`%;jeZ zFAy9fHTUcN=oa*Ooh^DLdIzC24Hb&W3&?ib{Wy02q3uD)u?!12hG}52x1M2)Zcd-grD{i?Pq{ucxmGHn_>*ivKFDZWO)O0$_V;z)Da4Azam= zsch#!8493A@G#Ss11j*5sqS@%v&-Q>mErDPm3rYrAU1`)CD2XCB)C9i}H?quVqEEAiY->WhZaH}>|J=+$o^&~LmVC?TD zFpcMp0>H}=!J5Mce}``q)}ejs2%uqBn#XYhU{I`6<;_0M0;Cp)Dz(r}mF&*}r2i3I zcY+?0FfyO@EHr1vh2~{RZY}e@VLwNfIUiEOx-wU^k0%g}{}zO8*u*@bADU(JdZ^TA z9|D&EZUG4qN<@7@Jj~w$2++&V3LT)J0C1y#6vL;>jiI1g$w5#kkFhm(NRYTd6ojNt zP(tud9SFX#^MvQ5XqfmvX}0K4z$6)wM- zw-rP|_VHjLe3O^9bwxC)e>4zy@;*5U8T!MQ9m{P+`dvfX=NEKs$W+bsP%6x8CN#&x z3FgUO5RKY$9xabQ4V2HpjAx~dMYrSI`<*ZU1V)ib@RK?Isyl{l=$a$otPT+jg$oUq z2zi6oP-p-2$seW9b}fhqIX_%lU4P4Y*x*V1F?$B-fV=J1OEg^Jd=iwXn(6brgiU9( zm&Mm*w%m+|Wl}C`%s!^H#C-Z`JJ2LdDCp}w*6ISyQ)8xQ9amml-W*nCahU`=_#7#u zMcRo2k!`5N_^(d_fY*@#J`bQj*EKh2N{4sJ8_VVYyQsG^J?98q_ZJ1&3APssW6DoO zYK4!4%XL^G)WmQA@pp5y6DX2tA?KD^ zWKQGnQZUM46}AG_b$!8a@@D&gT!Csbw(bHDGI|;NxR4N+{a|J%6%seVOnqbxcvuRn6m9>xE za!J#PgOe(NK#5QuROS^k(;)L*`!N$IMGtIC;+D3D#)`S+L8o$N42vL!UZnqc@J%V? zE-}8(uF6N47RO`$Q<{!218EKV{n)^s8W>L$FBwmDxeLxn&FLIL!wsTG#9pa^wf26n zG6%1&U`SU~jExU5!a_z-v{h-AwF-+R{~Tjbd%r70 zLYo17vZUC6ZbxxFdt0ho+zKwoltQ!esVw`m8X3j?SXKUrDBoNf}}prNHemurzx-jj~*lw z%yQtK4YkAYhFPm`kPTgeUoX?07quGjynPM5WMJq559Nxhhw*e8)r~@s=kTII?5Qv( zUY$_-emlgpYyX^Akp&Xl5MF7|)inK@+-B!CHjO(|8_&z;Bc1DRpoEn>RK6*~TvyF! zscVIrjpAv}@D^Vnk4|njLL1x(z!$?uSg@?okZyC6hIf62*&)i=S-qJ`=Y! z)emyS#rd#=a89q=J(vz19|8se5}XND%2#NeYm4Yy`S6cUonw?@URUzP_A46vPyDa= z%e$C*X0k)~f5{>jy5e-#p!#Udn>6+X2M7ZlHTaKu%G-zT=O<+X${?wo#G1ve#e(}3 z0iqlDBkk4OZgp*5`TIevA7uullc=$V+xPY;J^p`s&3W!F8_GGFBEeAjqaVSsMJRXe z8(;e%YwW>zYUVVWHb(PtsdpMg8qQGc_xT#12fDvbXo!##5Sc;+vqJSDOOTGDY@}E} z?EKSNY}Q+5y$WXZuH|i4=IKkPu2@5hV%4O+UsrTDSj3Q$E;m!4U-O^}xxlEiK?hIH+Fv-7RbzCg`Wb zSFIBJ_*VmJj_Hjj@}qrBg&7~GMk!LIXu<)(S_4M0{FI!VZiS$bo+}iNKV)??KjU}F zQ}D0a&KPxs>PBvk9540PqXd9~s72_&EMQnL8~n!D3A%M64mKn?;%2PlRfene%fjc5 zzD2(U`!zagAI@7T@q;9pkR4bxY-$u`UuR7kZrvX5+&jp^G(VB;mfQW*d9_+VluOb_ zJ5LGkzy_X1mw(}Q*?I)DhH7uRT5TA{{G{LSN8cKM>i+VEkA6Q<^wmyb)cq9%clfW< zV=wU+f;Q)aaqv?_14eOYfuO1-gMKe7ZO)ZmAV@9Oz>n~&q^rmFt&eJE7$#UIvVQ>P z3m0VNq7Bf0_AWWdqvu^yjnzG|z*>oaTxzb&5O`>eL9zT9GQ7`d4R!JX-6&`#V%5HV zpJT}M3i?{YgGoyEq^Av%s;y~#cQ}eu1EKe+(uloemc3A~OjwIC*r-x}anXb>G!(1{+9c9i7@P{yYk>hmvuI8G3QNdnczTjMZOTgf(sWG#Z6Zu z^ZjPjd#(hJwL0rR`fre0x6{sVMNRqYhu_#n{t!5`G?$5|`ycb)FxF$6fld0*(NE37 z3E{g9Z(WCQ-m{>iAY((i7@7Hd&q-6IOYBY^A+1N}6$Ke=J?1md|NiT$ zF4}uAV5`8_ARC>ZIiJzDa1n+(-0z~wxj`kHb-p4F8|06@Eigxjo!v}Q!$U}j08=34 zCsy}!umyn+=-aQ&O;_ZLEx0DKX83N-IpdaR-BT1%ryBCoa0LH0o9Dgr3~ItOi`Z_Z zSKAWg2d``Bt7X}c3fqL%xQ0)Oth{3@)uLxsat<}Uy?Q%_0KlH$88WIgk8ykVKZN7T ziPNKlCX{{_s=`+P{a1+3+Aj5o<$~>lD6l%f??oC1apm^xlP-Z1bYgc;XHRx)Ndr1; zkUM_RRkekknzhez)&ynMnfLBsSOYU>^5c7cgD1jZvi!r_9)wfn)CLof=)|A%$O9>{ ztn@-LFi+0^)6g|BC48C#uzWFmWFM(dbnYUwC6|7+kk%TilgYK;wpxtu0grPuk2GS4@b<$jp1 z{zN7C5^e#`WKy83wx0G;$2kUiG}h0?d%b=B=?e_oH?{`$ND$kKC=^{-kMcX2fv9%v z1ERl~=tSD>J70MWTp%5LIY*wL?*RSC^WcSw-tQ#u;T$8S-f|T)a(NcQ{a}1JymC_% zsXu-mrEwV|1-n2-!(4Euj^O-0`>AR?JCInqRGYk(!#D?trRhIJvGTnU>X#Pj>t z;}l!V)M>|_W!sS-oCOcmwgy?FcYrm&h$Q}k54yUdB?B# zkGQ9`a?8@}1?L6ML4@ZQc~q^#A})yR?|FS_$7m1y-9(Ku3NB z{lZDVEoRrCF0M*IrrAlWeyf8?R*skv!14m5cp!iP5wVsqN*T)AINnCM-^ehjU%cFM zAZNxGM+}NCK$hkR8BRn?TuN-Cq6s@9GOAHWHMVEj!eED9bKscgZp##N#5+h-+EpW4 zl3^+c_5D#;*Ix!!NTBI!rj53PG7Qp2IQT$VOv8({CVS)HyU|y;zU{PGtoI{6D4KBS z`9{-;G}OKDFYNRm%{ICnu_2HrhVp|Te72)Z|Is8OG&H_~!W>7|mK+_|+$i7vu8j<} zY}l7wg0m*20r&^1P#4mD{!#Hk-m=vFupRXgs=uu*A5&h-ReWs}fgH}*M1Zvvn|f-9 z1C6W}4+cI)EJ!?K;sXgcJ5#(@QE=E1m=Wk>Xb}i-=yyw6E#bR?Mr-K9QF66(h=0`z zf>zUoFo7uhE#zPJP7n7E^8MkZdxA-(n5ss<<3j-RUf7TZx&t8H4KMjFl+c5kBS;Hg z?6V}k=Td_D8K1Q?+(Pz#ecsJf20em1g0r2@dcB2t9TZP@!xz~~LzF~TLPjzFh0QO; zD?x8QGh?tVS{PXFcfJtx#l}Y+8fDBx0o#3@X`vK}^*sjUXAtZ)?+3MG1^&_!5@^H6 zkkJ%5g@$5*{!NN(WwnHgqWkmb$0@cuGI_Kj>D_ zXtXkXI=CCQ^buUzVNZ3t+b1Ta?jWu1r2D}lqyU^%r*9JMuBk0wpxzpoU@W{K(?h>(XqMh_V$sGx6`SIgUF zdttx;->)PF2|T5)G$VP407AW_YO&Ry+8A(A*|5ga#0>O*&gZ90(Kyx)c-x=}-H2(& z@W~4S)T{fpxH$Ccrk#Kn%wWReOl5dns^6kQ>4)4UFMN+HMpP06=3(zu5@#b%Q5a0t z;TDqg8KC^R@VO~%i1XTQ-?beg)i5{AFN<2GrDyq-=RtOfFYJr{Y0yvl?jgLMULh73 zz@QI{_r;yd_1^Enf6}X1z2P)3zY~II6V{CK2{OYIPT%o;qU$dS+7n`0R7Wx{@O(pD zj%5o?R>fTU*6uTD!<6ab8e}qG>&r5?8L(#rP6_ZYQjN5gzV*8xdvIPk2=7^`qcDtL z5-d6^VRhdq|8`lt;U{T0bqI-JCHk|!`mx1wGQH>E3_k+8Gm)D4-BjSYA6XDTnc72c zwVMz!OxGrjcZ$y@3HdN@I+OGJZ_PT=$IrRFv5$M7wR9nMAew)|8zbyrq{pl|h#-;4 zBe@s}a3YW0`RXfesA`HQ%BTFa#Np}v|EuacfSTC4FbD>aARsCMj6tdbLV{FjL1_v| z?-)W85s@Y(fIvWc7cjI?6;QhL(0c@>_o`Isy#xsU@x6ck|Gk|vJ3G6#ob#Q#JKx5BGhSRRwU?npP8ylFui>Kyj=CP6E&g$TgB_w zyqV8OpD})F^2sbDTh=HV@n3u06}BZlsp|8k@NPkMdCl>a<*P|>Mn)A@Cay=_C+oW^ zemwG_#?L53>D(Zj1J49R);-vx8C6iOFE)~K&;j3f@?|%99@Zd(F>U=RUyDS&9o1?w z444$}tXNymc+4dVwon7=^KJ`r!yM)Oc5 z!`FjzW>X_cd>utKXlm-#gLs&xI z)7T6)UE!kS_Ng;dZpl2VdkusZC*v*Q3v3dECt{ra8jUmW92_>%X%gXS)LgrHYMD1UTf>gv3xZo>_=3_?SWQT5ZBg2D3PEJdPP~t@xH;*Js!tr z7l53c)kez_>m9 zt665C7{f@8YsSvjpL2~mpF?9FRo9!Zx?8X$+YF9M+-D5(VdPCyZCPNAnm09mXO}8N zSRWriRoYR&*r$3;Cb{-BD!wZGvhD17GPVa-hUya%D3NOkR=j+T*Qb9_MHiDEBT=sy15LMB?R6M3lSAW2hTL zHS@>Q3@ag>2|FwPPxY!DdaiO(!+HtPG^Z1|`MLQQ#HA!RR}q7*^pnp6C3_5j@$!Jo zC;~&ygk+|?SmI%&YkRDhl1nJXE||L>VP5Hac)Lg@%;wSaf;*ADrDAAk-h~NQY)899 zpuC52g*t~5@03_OF;Uv0>y8vJm`5$J`J|{7Ea|IZ$?ltI8z7T`hyP?4#lr{nJAV=0 zk~=$&HWz_L6RUmB^%N=4H5GisDd(PC5>~MM8fRVLeEJ?+B~`XRnZFcEEb=Jp@d4!< zTq$SW**Jpc%Yb94=iL&=&>x75yYnNP5?AiFa>x?KmB&ZF65fse&hrW6_xhJeXsfWRZetq#JPQfyeQ?y@RtGN`Sm#$fgthHBI%QS zRrAmSH-~9okrJkhEvYk!(Up~oz9CX}%ww$Ob>&>9Zdy-)6wMl@)khCuO?T_yKsO%X zgX6>0plx)Ebk?!DT>00vbTatTv7Q@}5W>^SH7MTu9pWdL$ZkZ5X{GLk;`}7|WK}uTd;iHcm`y6;a|dao8q-v7okO@W#)u zm5Xe|vN|_2VRR;=iYFSB1otzO%$DXm*#DuMknq-8$1bZcKaTzBZSx@iyW=-r8+Fzw zkzZmRRN@&~>e8=B%SJ<8O*P8jN8(!`p2iIL{dj0Xj++0a=DL^0>fUKk&E5B_2rE#% zlIn2yROU@K&*Z*V$qv2G@_re1+R^m&0@MeDxO@vx%}uU31epKbr9fEOCk{2+7{{Ud zHjJIbOQ{mF!c6U>uExjHsvwa|01J2-QXT^MZVOngP8?C$8XeP=6dj$vN&%MtohJ>G z)?JS}B18$`&XLW>78;)iZ7y6?^*af{-R4_4X>fZ*+6&aZT9(s3s}ayzyx?wp6N zbt63ozrI#qW#R$b+A2?(hi8+E#$^ALpS~}T^&9$XRP8_9Hooe}WsLbg$33pWbc~~9 zfPS^n4tVRa6@ZWS{QCKWMwU`NPw2dHVN{%5s)iiq2Cs15mgwi;1>;$-wS4C=duJK2 z(wpLe6jQrCr`_5HgC(9$SDPJD?vi(2gXX#eF4Jq(K7v3C>Rm1x-W~T3-doZ`*MgTi z^_Y)XLt|SeccA1mEX5L6rQ%RK|s}UAy6Nb|l@xXl@MahX^PLy3wTs?g`AuSvO4I_St%Zqe=9m*;gi$ zNm5r6P948`$t|*tdxG_w*TNCT)q93g4Oz~JoHTYD;5*zfV+lPzf3Pv8kn(A4*(tJ8 zZGAu4k7gmENpV7*uZn1gsF!Ik^9RQwU+AoROL0relC*}R`yXW}MTR_|&B7I;)rYaBMTmJIZCyCbAYO*wcY_F7xSQ8_D@+U%w zZ8-k$*zoaK+3s@-pVlWSBsS1Mjnrea8#fxEy(m>-Yw^_R#(2(0y=HGC$tCKt@55u& z7@v@!(nJkaDloefsKp{N*mBdF6lkYKmV{+eweG*PEghi6f1Q-nw3 zif{i8>S>X_f7BuI%WSIA0JFlqJ|LRq*Z9&5|7O1c<{pXqeq+sfGua0zAixsU0!dTP zaV{N$hD!BrOZ&`S0klPXRg0$sRcL|K?tQ>EJ>OP5J9B3pOf$=6s~7^Xcz}?$ll>J; zz7EwnAL7z(T4EhHmGytN(<|z6|{}rc?F!kXQD2SF`-rDQ46(Z`rL& zz{{XXdoGLCuH|>p4D-dQ@1C3CBb@z1l4AVt&4dLnf8t!msC|m;NJp4e$z3{wJRP~= zbI|{4BYA)+c^F?~uBCH4>R#CyQDS->Jg#NEoY`}G+ZX5k*kiLEY@V(^(3`+=I1x4g zg7BqW!-xfIR8<7JN=;_VgL!lz6{Wwlr>&)TR|JR)*{duaeTcWePhhx$GKzVM`swv*W{fM^)iN=MhWXlye% zOoE5MtHQi=?tBjc7{wGfh^NFQDm zeI?_lOX&|%qwBrX`z5>OrP2D!f}VCNK$Vc)<@Bn`zzT~#F52!7cg-CMimsVYwxTVs zV-cLHnGOYV3{kIdGUZQrZ1rB{A&}7~=T}t)f~gXUPQLuw(kZqNCpZ^@M7pS_yi(|u zt8;kez-j+*W25COS?=1}C;e;PmIHjay zcHdW8Gp9*id<4JaAIhr9=oYJRoDtuky65bcea~XRWE-*qglzYz6L8V)F?(7ov{c{S zmVpTRC6U8OKUvk5K?mrf=zdL1H>glT#k{Q{!gFWrjSMs0_mB8pfJ^v^+vW|mD_jA~ zUi0@dE2T+1PY}W`?URQhu(`Xp?UEg>wf}H8TaWa=2{1G#$|bOYG^1(&s%JI!<8QY$ z94b1LuI!AL?5T|5MB%C$u`ZAhmU6p{63kNDgC+g)Tsab0cwYT<9gt3w--u> zU>`jrB}(_u$N#c{1PX0 zzCm9*RPu|)umJn9mp}igqe>YkYd|cs)~H=ggz?ofwG>~4Sb=xbKD~7KEXdyIv?XQX zr`7VQ9*9tbWq8L1^L&z?;qyJe)sD>BHRVuMVMZ|mL|S|V0Byv))kL|ZSrAcziDFky z_>M4qCcIf}(P6dpYdtWJ4GEVCb5@x86prE*@-9(bb_T`-#)GHmnZ??nOn`X))$v0F z%8Zu<{szR7*N{2IzLpcxEZ$CRr}x@xE(j_quIC?F#*awhNBV$I^$Os=Mz zeE>~45fq$e!7S{jqo3D(YIrg9A*U&xn4vP-4*?>0$EC?HxF_cicy6u5{)|gF!eeMC zj{9y$xYmH0i0uf#J*!2JsQn8I{F_v?$ywi~rc&tfnBO!32vqb9g>(LJg{R9{_29M) z9sTI;R&kq=bfjYf=mrDDu5OvtP1M$kxUr?F(3Jqm&%v>zS06<~*tL>9{(8+K1KKZ& zZyma5a`?LK3t2!_8`3~1z{#TIF)+R^k-jpVT-f{FDr7G1nO{Ve%|8du~gg;=bI~k{;G9+fO!}I`$PrTt+ydvRPmGf&xV5o z1~mF;`|jS>;RQt$Q@dPS+R|I@{}J5Wm+ z7)OG)rn`!yIvTr}mAsrSqeLC5)M3r`_ES`&00dYb9 z<~V;k{ac!F^iqGw-aiGzMJ~<-p!rsn;`fKF{ZBj;T2O!K@Q-GxDFKbd{6n41{t-JF z@Y9K!`7s9nea^pI=L~IfvKRNLQ|(xX#`i_@_lsq(f0}U7HIZ;fL2Dsuvi5(}2vmlj z9=tCJ-e#D}V7t;e93ruO8vXDzxiHg8#88g)g07s!U&R#s015{A>so5ItKt*f)*mxB zP4*tH%@VJy*%4=!Y5(prP!Xx7hXU#7B$eT$@OkvOTd>VjOi&N_)J2R-Si}*Ae|_xs zm$m53E1I=GJdR2=#cWL*W#i*9L80zXAzQ6K-edo=8Scc;B&JzTCr;Vz8t_Ub{z)Fa z_kVF!qDM=t7iMm~3;WU^_dIv#k7Lw+6i^0<-C8X`oMinUvp?X$OPL%WW{u63kfuog zh5aw^Sr{B2a!}-v<^=x-l;mKnAKR7o^B}D3znp^iBi&|!S783x0*~f8$*s2!#n<;q z|DONns6;q`a_+GB0CRKs~?CT%@@%)ccnM}`ZZD|%47c)PME-AcJ(bdxn zBxNlWt|LVN2d2q(&i+d)HFk;%A{<2xC#y~Dltl~Grta?U5^n2;XI2b3^& None: + """Process Add or Update Events. + + Args: + params: Configuration Parameters + regions: AWS regions + accounts: AWS accounts + + Returns: + Status + """ + LOGGER.info("...process_add_event") + + if params["action"] in ["Add"]: + enable_and_configure_security_lake(params, regions, accounts) + for region in regions: + delegated_admin_session = common.assume_role( + params["CONFIGURATION_ROLE_NAME"], "sra-process-audit-acct-subscriber", params["DELEGATED_ADMIN_ACCOUNT_ID"] + ) + sl_client = delegated_admin_session.client("securitylake", region) + if params["SET_AUDIT_ACCT_DATA_SUBSCRIBER"]: + add_audit_acct_data_subscriber(sl_client, params, region) + if params["SET_AUDIT_ACCT_QUERY_SUBSCRIBER"]: + add_audit_acct_query_subscriber(sl_client, params, region) + + if params["SET_AUDIT_ACCT_QUERY_SUBSCRIBER"] and params["CREATE_RESOURCE_LINK"]: + configure_audit_acct_for_query_access(params, regions) + + LOGGER.info("...ADD_COMPLETE") + return + + LOGGER.info("...ADD_NO_EVENT") + + +def process_update_event(params: dict, regions: list, accounts: dict) -> None: + """Process Add or Update Events. + + Args: + params: Configuration Parameters + regions: AWS regions + accounts: AWS accounts + + Returns: + Status + """ + LOGGER.info("...process_update_event") + + if params["action"] in ["Update"]: + update_security_lake(params, regions) + update_log_sources(params, regions, accounts) + if params["SET_AUDIT_ACCT_DATA_SUBSCRIBER"]: + update_audit_acct_data_subscriber(params, regions) + if params["SET_AUDIT_ACCT_QUERY_SUBSCRIBER"]: + update_audit_acct_query_subscriber(params, regions) + + LOGGER.info("...UPDATE_COMPLETE") + return + + LOGGER.info("...UPDATE_NO_EVENT") + + +def process_delete_event(params: dict, regions: list, accounts: dict) -> None: + """Process Add or Update Events. + + Args: + params: Configuration Parameters + regions: AWS regions + accounts: AWS accounts + + Returns: + Status + """ + LOGGER.info("...process_delete_event") + if params["action"] in ["Update"]: + if params["DISABLE_SECURITY_LAKE"]: + LOGGER.info("...Disable Security Lake") + disable_security_lake(params, regions, accounts) + LOGGER.info("...DELETE_COMPLETE") + return + + LOGGER.info("...DELETE_NO_EVENT") + + +def process_event(event: dict) -> None: + """Process Event. + + Args: + event: event data + """ + event_info = {"Event": event} + LOGGER.info(event_info) + params = get_validated_parameters({"RequestType": "Update"}) + # excluded_accounts: list = [params["DELEGATED_ADMIN_ACCOUNT_ID"]] + accounts = common.get_active_organization_accounts() + regions = common.get_enabled_regions(params["ENABLED_REGIONS"], params["CONTROL_TOWER_REGIONS_ONLY"] == "true") + + process_update_event(params, regions, accounts) + + +def parameter_pattern_validator(parameter_name: str, parameter_value: str | None, pattern: str, is_optional: bool = False) -> dict: + """Validate CloudFormation Custom Resource Properties and/or Lambda Function Environment Variables. + + Args: + parameter_name: CloudFormation custom resource parameter name and/or Lambda function environment variable name + parameter_value: CloudFormation custom resource parameter value and/or Lambda function environment variable value + pattern: REGEX pattern to validate against. + is_optional: Allow empty or missing value when True + + Raises: + ValueError: Parameter has a value of empty string. + ValueError: Parameter is missing + ValueError: Parameter does not follow the allowed pattern + + Returns: + Validated Parameter + """ + if parameter_value == "" and not is_optional: + raise ValueError(f"({parameter_name}) parameter has a value of empty string.") + elif not parameter_value and not is_optional: + raise ValueError(f"({parameter_name}) parameter is missing.") + elif not re.match(pattern, str(parameter_value)): + raise ValueError(f"({parameter_name}) parameter with value of ({parameter_value})" + f" does not follow the allowed pattern: {pattern}.") + return {parameter_name: parameter_value} + + +def get_validated_parameters(event: dict[str, Any]) -> dict: + """Validate AWS CloudFormation parameters. + + Args: + event: event data + + Returns: + Validated parameters + """ + params: dict[str, str | bool] = {} + actions = {"Create": "Add", "Update": "Update", "Delete": "Remove"} + params["action"] = actions[event.get("RequestType", "Create")] + true_false_pattern = r"^true|false$" + log_source_pattern = r"(?i)^((ROUTE53|VPC_FLOW|SH_FINDINGS|CLOUD_TRAIL_MGMT|LAMBDA_EXECUTION|S3_DATA|EKS_AUDIT|WAF),?){0,7}($|ROUTE53|VPC_FLOW|SH_FINDINGS|CLOUD_TRAIL_MGMT|LAMBDA_EXECUTION|S3_DATA|EKS_AUDIT|WAF){1}$" + version_pattern = r"^[0-9.]+$" + source_target_pattern = r"^($|ALL|(\d{12})(,\s*\d{12})*)$" + name_pattern = r"^[\w+=,.@-]{1,64}$" + + # Required Parameters + params.update(parameter_pattern_validator("DISABLE_SECURITY_LAKE", os.environ.get("DISABLE_SECURITY_LAKE"), pattern=true_false_pattern)) + params.update(parameter_pattern_validator("DELEGATED_ADMIN_ACCOUNT_ID", os.environ.get("DELEGATED_ADMIN_ACCOUNT_ID"), pattern=r"^\d{12}$")) + params.update(parameter_pattern_validator("MANAGEMENT_ACCOUNT_ID", os.environ.get("MANAGEMENT_ACCOUNT_ID"), pattern=r"^\d{12}$")) + params.update(parameter_pattern_validator("AWS_PARTITION", os.environ.get("AWS_PARTITION"), pattern=r"^(aws[a-zA-Z-]*)?$")) + params.update(parameter_pattern_validator("CONFIGURATION_ROLE_NAME", os.environ.get("CONFIGURATION_ROLE_NAME"), pattern=name_pattern)) + params.update(parameter_pattern_validator("SUBSCRIBER_ROLE_NAME", os.environ.get("SUBSCRIBER_ROLE_NAME"), pattern=name_pattern)) + params.update(parameter_pattern_validator("CONTROL_TOWER_REGIONS_ONLY", os.environ.get("CONTROL_TOWER_REGIONS_ONLY"), pattern=true_false_pattern)) + params.update( + parameter_pattern_validator("SET_AUDIT_ACCT_DATA_SUBSCRIBER", os.environ.get("SET_AUDIT_ACCT_DATA_SUBSCRIBER"), pattern=true_false_pattern) + ) + params.update( + parameter_pattern_validator("SET_AUDIT_ACCT_QUERY_SUBSCRIBER", os.environ.get("SET_AUDIT_ACCT_QUERY_SUBSCRIBER"), pattern=true_false_pattern) + ) + params.update(parameter_pattern_validator("SOURCE_VERSION", os.environ.get("SOURCE_VERSION"), pattern=version_pattern)) + params.update(parameter_pattern_validator("SET_ORG_CONFIGURATION", os.environ.get("SET_ORG_CONFIGURATION"), pattern=true_false_pattern)) + params.update(parameter_pattern_validator("META_STORE_MANAGER_ROLE_NAME", os.environ.get("META_STORE_MANAGER_ROLE_NAME"), pattern=name_pattern)) + params.update(parameter_pattern_validator("CREATE_RESOURCE_LINK", os.environ.get("CREATE_RESOURCE_LINK"), pattern=true_false_pattern)) + params.update(parameter_pattern_validator("KEY_ALIAS", os.environ.get("KEY_ALIAS"), pattern=r"^[a-zA-Z0-9/_-]+$")) + + # Optional Parameters + params.update(parameter_pattern_validator("ENABLED_REGIONS", os.environ.get("ENABLED_REGIONS"), pattern=r"^$|[a-z0-9-, ]+$", is_optional=True)) + params.update( + parameter_pattern_validator("CLOUD_TRAIL_MGMT", os.environ.get("CLOUD_TRAIL_MGMT"), pattern=source_target_pattern, is_optional=True) + ) + params.update(parameter_pattern_validator("ROUTE53", os.environ.get("ROUTE53"), pattern=source_target_pattern, is_optional=True)) + params.update(parameter_pattern_validator("VPC_FLOW", os.environ.get("VPC_FLOW"), pattern=source_target_pattern, is_optional=True)) + params.update(parameter_pattern_validator("SH_FINDINGS", os.environ.get("SH_FINDINGS"), pattern=source_target_pattern, is_optional=True)) + params.update( + parameter_pattern_validator("LAMBDA_EXECUTION", os.environ.get("LAMBDA_EXECUTION"), pattern=source_target_pattern, is_optional=True) + ) + params.update(parameter_pattern_validator("S3_DATA", os.environ.get("S3_DATA"), pattern=source_target_pattern, is_optional=True)) + params.update(parameter_pattern_validator("EKS_AUDIT", os.environ.get("EKS_AUDIT"), pattern=source_target_pattern, is_optional=True)) + params.update(parameter_pattern_validator("WAF", os.environ.get("WAF"), pattern=source_target_pattern, is_optional=True)) + params.update( + parameter_pattern_validator( + "ORG_CONFIGURATION_SOURCES", os.environ.get("ORG_CONFIGURATION_SOURCES"), pattern=log_source_pattern, is_optional=True + ) + ) + + params.update( + parameter_pattern_validator( + "AUDIT_ACCT_DATA_SUBSCRIBER", os.environ.get("AUDIT_ACCT_DATA_SUBSCRIBER"), pattern=name_pattern, is_optional=True + ) + ) + params.update( + parameter_pattern_validator( + "DATA_SUBSCRIBER_EXTERNAL_ID", os.environ.get("DATA_SUBSCRIBER_EXTERNAL_ID"), pattern=r"^(?:[a-zA-Z0-9]{0,64})?$", is_optional=True + ) + ) + + params.update( + parameter_pattern_validator( + "AUDIT_ACCT_QUERY_SUBSCRIBER", os.environ.get("AUDIT_ACCT_QUERY_SUBSCRIBER"), pattern=name_pattern, is_optional=True + ) + ) + params.update( + parameter_pattern_validator( + "QUERY_SUBSCRIBER_EXTERNAL_ID", os.environ.get("QUERY_SUBSCRIBER_EXTERNAL_ID"), pattern=r"^(?:[a-zA-Z0-9]{0,64})?$", is_optional=True + ) + ) + + # Convert true/false string parameters to boolean + params.update({"DISABLE_SECURITY_LAKE": (params["DISABLE_SECURITY_LAKE"] == "true")}) + params.update({"SET_AUDIT_ACCT_DATA_SUBSCRIBER": (params["SET_AUDIT_ACCT_DATA_SUBSCRIBER"] == "true")}) + params.update({"SET_AUDIT_ACCT_QUERY_SUBSCRIBER": (params["SET_AUDIT_ACCT_QUERY_SUBSCRIBER"] == "true")}) + params.update({"CONTROL_TOWER_REGIONS_ONLY": (params["CONTROL_TOWER_REGIONS_ONLY"] == "true")}) + params.update({"SET_ORG_CONFIGURATION": (params["SET_ORG_CONFIGURATION"] == "true")}) + params.update({"CREATE_RESOURCE_LINK": (params["CREATE_RESOURCE_LINK"] == "true")}) + + return params + + +def enable_and_configure_security_lake(params: dict, regions: list, accounts: dict) -> None: + """Enable the security lake service and configure its global settings. + + Args: + params: Configuration Parameters + regions: AWS regions + accounts: AWS accounts + """ + security_lake.register_delegated_admin(params["DELEGATED_ADMIN_ACCOUNT_ID"], HOME_REGION, SERVICE_NAME) + provision_security_lake(params, regions) + add_log_sources(params, regions, accounts) + for region in regions: + key_id = f'alias/{params["KEY_ALIAS"]}-{region}' + security_lake.encrypt_sqs_queues(params["CONFIGURATION_ROLE_NAME"], params["DELEGATED_ADMIN_ACCOUNT_ID"], region, key_id) + + +def provision_security_lake(params: dict, regions: list) -> None: + """Enable Security Lake and configure Organization Configurations. + + Args: + params: parameters + regions: AWS regions + """ + all_data = [{"region": region, "key_arn": f'alias/{params["KEY_ALIAS"]}-{region}'} for region in regions] + sl_configurations = [{"encryptionConfiguration": {"kmsKeyId": data["key_arn"]}, "region": data["region"]} for data in all_data] + delegated_admin_session = common.assume_role( + params["CONFIGURATION_ROLE_NAME"], + "sra-create-data-lake", + params["DELEGATED_ADMIN_ACCOUNT_ID"], + ) + sl_client = delegated_admin_session.client("securitylake", HOME_REGION) + LOGGER.info(f"Creating Security Lake in {(', '.join(regions))}") + role_arn = f"arn:{PARTITION}:iam::{params['DELEGATED_ADMIN_ACCOUNT_ID']}:role/service-role/{params['META_STORE_MANAGER_ROLE_NAME']}" + security_lake.create_security_lake(sl_client, sl_configurations, role_arn) + status = security_lake.check_data_lake_create_status(sl_client, regions) + if status: + LOGGER.info("CreateDataLake status 'COMPLETED'") + process_org_configuration(sl_client, params["SET_ORG_CONFIGURATION"], params["ORG_CONFIGURATION_SOURCES"], regions, params["SOURCE_VERSION"]) + + +def update_security_lake(params: dict, regions: list) -> None: + """Update Security Lake and Organization Configurations. + + Args: + params: parameters + regions: AWS regions + """ + for region in regions: + delegated_admin_session = common.assume_role( + params["CONFIGURATION_ROLE_NAME"], + "sra-update-security-lake", + params["DELEGATED_ADMIN_ACCOUNT_ID"], + ) + sl_client = delegated_admin_session.client("securitylake", region) + LOGGER.info(f"Checking if Security Lake is enabled in {region} region...") + lake_exists = security_lake.check_data_lake_exists(sl_client, region) + if lake_exists: + LOGGER.info(f"Security Lake already enabled in {region} region.") + else: + LOGGER.info(f"Security Lake not found in {region} region. Enabling Security Lake...") + key_id = f'alias/{params["KEY_ALIAS"]}-{region}' + sl_configurations = [{"encryptionConfiguration": {"kmsKeyId": key_id}, "region": region}] + role_arn = f"arn:{PARTITION}:iam::{params['DELEGATED_ADMIN_ACCOUNT_ID']}:role/service-role/{params['META_STORE_MANAGER_ROLE_NAME']}" + security_lake.create_security_lake(sl_client, sl_configurations, role_arn) + lake_exists = security_lake.check_data_lake_exists(sl_client, region) + if lake_exists: + LOGGER.info(f"Security Lake is enabled in {region}.") + security_lake.encrypt_sqs_queues(params["CONFIGURATION_ROLE_NAME"], params["DELEGATED_ADMIN_ACCOUNT_ID"], region, key_id) + process_org_configuration(sl_client, params["SET_ORG_CONFIGURATION"], params["ORG_CONFIGURATION_SOURCES"], regions, params["SOURCE_VERSION"]) + + +def process_org_configuration( + sl_client: SecurityLakeClient, set_org_configuration: bool, org_configuration_sources: str, regions: list, source_version: str +) -> None: + """Set Security Lake organization configuration for new accounts. + + Args: + sl_client: boto3 client + set_org_configuration: enable organization configurations for new accounts + org_configuration_sources: list of aws log sources + regions: AWS regions + source_version: source version + """ + LOGGER.info(f"Checking if Organization Configuration enabled in {', '.join(regions)} region(s)") + org_configuration_exists, exisiting_org_configuration = security_lake.get_org_configuration(sl_client) + if set_org_configuration: + sources = [source.strip() for source in org_configuration_sources.split(",")] + if not org_configuration_exists: + LOGGER.info(f"Organization Configuration not enabled in {', '.join(regions)} region(s). Creating...") + security_lake.create_organization_configuration(sl_client, regions, sources, source_version) + LOGGER.info("Enabled Organization Configuration") + else: + security_lake.update_organization_configuration(sl_client, regions, sources, source_version, exisiting_org_configuration) + else: + if org_configuration_exists: + LOGGER.info(f"Deleting Organization Configuration in {r', '.join(regions)} region(s)...") + security_lake.delete_organization_configuration(sl_client, exisiting_org_configuration) + LOGGER.info("Deleted Organization Configuration") + + +def add_log_sources(params: dict, regions: list, org_accounts: dict) -> None: + """Configure aws log sources. + + Args: + params: Configuration parameters + regions: A list of AWS regions. + org_accounts: A list of AWS accounts. + """ + aws_log_sources = [] + org_accounts_ids = [account["AccountId"] for account in org_accounts] + delegated_admin_session = common.assume_role(params["CONFIGURATION_ROLE_NAME"], "sra-add-log-sources", params["DELEGATED_ADMIN_ACCOUNT_ID"]) + sl_client = delegated_admin_session.client("securitylake", HOME_REGION) + for log_source in AWS_LOG_SOURCES: + if params[log_source] != "": + accounts = params[log_source].split(",") if params[log_source] != "ALL" else org_accounts_ids + configurations = {"accounts": accounts, "regions": regions, "sourceName": log_source, "sourceVersion": params["SOURCE_VERSION"]} + aws_log_sources.append(configurations) + if aws_log_sources: + security_lake.add_aws_log_source(sl_client, aws_log_sources) + + +def update_log_sources(params: dict, regions: list, org_accounts: dict) -> None: + """Configure aws log sources. + + Args: + params: Configuration parameters + regions: A list of AWS regions. + org_accounts: A list of AWS accounts. + """ + org_accounts_ids = [account["AccountId"] for account in org_accounts] + delegated_admin_session = common.assume_role(params["CONFIGURATION_ROLE_NAME"], "sra-update-log-sources", params["DELEGATED_ADMIN_ACCOUNT_ID"]) + sl_client = delegated_admin_session.client("securitylake", HOME_REGION) + for log_source in AWS_LOG_SOURCES: + if params[log_source] != "": + accounts = params[log_source].split(",") if params[log_source] != "ALL" else org_accounts_ids + security_lake.update_aws_log_source(sl_client, regions, log_source, accounts, org_accounts_ids, params["SOURCE_VERSION"]) + elif params[log_source] == "": + result = security_lake.check_log_source_enabled(sl_client, [], org_accounts_ids, regions, log_source, params["SOURCE_VERSION"]) + accounts = list(result.accounts_to_disable) + if result.source_exists: + security_lake.delete_aws_log_source(sl_client, regions, log_source, accounts, params["SOURCE_VERSION"]) + else: + LOGGER.info(f"Error reading value for {log_source} parameter") + + +def update_audit_acct_data_subscriber(params: dict, regions: list) -> None: + """Configure Audit (Security Tooling) account as data access subscriber. + + Args: + params: parameters + regions: AWS regions + """ + s3_access = "S3" + sources = [source for source in AWS_LOG_SOURCES if params[source]] + if sources == []: + LOGGER.info("No log sources selected for data access subscriber. Skipping...") + else: + for region in regions: + subscriber_name = params["AUDIT_ACCT_DATA_SUBSCRIBER"] + "-" + region + delegated_admin_session = common.assume_role( + params["CONFIGURATION_ROLE_NAME"], "sra-process-audit-acct-subscriber", params["DELEGATED_ADMIN_ACCOUNT_ID"] + ) + sl_client = delegated_admin_session.client("securitylake", region, config=BOTO3_CONFIG) + subscriber_exists, subscriber_id, external_id = security_lake.check_subscriber_exists(sl_client, subscriber_name) + if subscriber_exists: + security_lake.update_subscriber( + sl_client, subscriber_id, sources, external_id, AUDIT_ACCT_ID, subscriber_name, params["SOURCE_VERSION"] + ) + else: + external_id = params["DATA_SUBSCRIBER_EXTERNAL_ID"] + LOGGER.info(f"Creating Audit account subscriber '{subscriber_name}' in {region} region...") + subscriber_id, _ = security_lake.create_subscribers( + sl_client, s3_access, sources, external_id, AUDIT_ACCT_ID, subscriber_name, params["SOURCE_VERSION"] + ) + + +def add_audit_acct_data_subscriber(sl_client: SecurityLakeClient, params: dict, region: str) -> None: + """Configure Audit (Security Tooling) account as data access subscriber. + + Args: + sl_client: boto3 client + params: configuration parameters + region: AWS region + """ + subscriber_name = params["AUDIT_ACCT_DATA_SUBSCRIBER"] + "-" + region + sources = [source for source in AWS_LOG_SOURCES if params[source]] + if sources == []: + LOGGER.info("No log sources selected for data access subscriber. Skipping...") + else: + subscriber_exists, subscriber_id, external_id = security_lake.check_subscriber_exists(sl_client, subscriber_name) + if subscriber_exists: + security_lake.update_subscriber(sl_client, subscriber_id, sources, external_id, AUDIT_ACCT_ID, subscriber_name, params["SOURCE_VERSION"]) + else: + external_id = params["DATA_SUBSCRIBER_EXTERNAL_ID"] + LOGGER.info(f"Creating Audit account subscriber '{subscriber_name}' in {region} region...") + subscriber_id, _ = security_lake.create_subscribers( + sl_client, "S3", sources, external_id, AUDIT_ACCT_ID, subscriber_name, params["SOURCE_VERSION"] + ) + + +def update_audit_acct_query_subscriber(params: dict, regions: list) -> None: + """Configure Audit (Security tooling) account as query access subscribe. + + Args: + params: parameters + regions: AWS regions + """ + lakeformation_access = "LAKEFORMATION" + sources = [source for source in AWS_LOG_SOURCES if params[source]] + if sources == []: + LOGGER.info("No log sources selected for query access subscriber. Skipping...") + else: + for region in regions: + subscriber_name = params["AUDIT_ACCT_QUERY_SUBSCRIBER"] + "-" + region + delegated_admin_session = common.assume_role( + params["CONFIGURATION_ROLE_NAME"], "sra-process-audit-acct-subscriber", params["DELEGATED_ADMIN_ACCOUNT_ID"] + ) + sl_client = delegated_admin_session.client("securitylake", region) + subscriber_exists, subscriber_id, external_id = security_lake.check_subscriber_exists(sl_client, subscriber_name) + if subscriber_exists: + LOGGER.info(f"Audit account subscriber '{subscriber_name}' exists in {region} region. Updating subscriber...") + resource_share_arn = security_lake.update_subscriber( + sl_client, subscriber_id, sources, external_id, AUDIT_ACCT_ID, subscriber_name, params["SOURCE_VERSION"] + ) + else: + external_id = params["QUERY_SUBSCRIBER_EXTERNAL_ID"] + LOGGER.info(f"Audit account subscriber '{subscriber_name}' does not exist in {region} region. Creating subscriber...") + subscriber_id, resource_share_arn = security_lake.create_subscribers( + sl_client, lakeformation_access, sources, external_id, AUDIT_ACCT_ID, subscriber_name, params["SOURCE_VERSION"] + ) + if params["CREATE_RESOURCE_LINK"]: + configure_query_subscriber_on_update( + params["SUBSCRIBER_ROLE_NAME"], AUDIT_ACCT_ID, subscriber_name, params["DELEGATED_ADMIN_ACCOUNT_ID"], region, resource_share_arn, params["SUBSCRIBER_ROLE_NAME"] + ) + + +def add_audit_acct_query_subscriber(sl_client: SecurityLakeClient, params: dict, region: str) -> None: + """Configure Audit (Security tooling) account as query access subscribe. + + Args: + sl_client: boto3 client + params: configuration parameters + region: AWS region + """ + subscriber_name = params["AUDIT_ACCT_QUERY_SUBSCRIBER"] + "-" + region + sources = [source for source in AWS_LOG_SOURCES if params[source]] + if sources == []: + LOGGER.info("No log sources selected for query access subscriber. Skipping...") + else: + external_id = params["QUERY_SUBSCRIBER_EXTERNAL_ID"] + LOGGER.info(f"Audit account subscriber '{subscriber_name}' does not exist in {region} region. Creating subscriber...") + security_lake.create_subscribers(sl_client, "LAKEFORMATION", sources, external_id, AUDIT_ACCT_ID, subscriber_name, params["SOURCE_VERSION"]) + + +def configure_audit_acct_for_query_access(params: dict, regions: list) -> None: + """Configureresources for query access in Audit account. + + Args: + params: configuration parameters + regions: AWS regions + """ + for region in regions: + subscriber_name = params["AUDIT_ACCT_QUERY_SUBSCRIBER"] + "-" + region + delegated_admin_session = common.assume_role( + params["CONFIGURATION_ROLE_NAME"], "sra-process-audit-acct-subscriber", params["DELEGATED_ADMIN_ACCOUNT_ID"] + ) + sl_client = delegated_admin_session.client("securitylake", region) + subscriber_created, resource_share_arn = security_lake.get_subscriber_resourceshare_arn(sl_client, subscriber_name) + if subscriber_created: + LOGGER.info(f"Configuring Audit (Security tooling) account subscriber '{subscriber_name}' ({region})") + if params["CREATE_RESOURCE_LINK"]: + configure_query_subscriber_on_update( + params["SUBSCRIBER_ROLE_NAME"], AUDIT_ACCT_ID, subscriber_name, params["DELEGATED_ADMIN_ACCOUNT_ID"], region, resource_share_arn, params["SUBSCRIBER_ROLE_NAME"] + ) + + +def configure_query_subscriber_on_update( + configuration_role_name: str, subscriber_acct: str, subscriber_name: str, security_lake_acct: str, region: str, resource_share_arn: str, subscriber_role: str +) -> None: + """Configure query access subscriber. + + Args: + configuration_role_name: configuration role name + subscriber_acct: subscriber AWS account + subscriber_name: subscriber name + security_lake_acct: Security Lake delegated administrator account + region: AWS region + resource_share_arn: RAM resource share arn + """ + subscriber_session = common.assume_role(configuration_role_name, "sra-create-resource-share", subscriber_acct) + ram_client = subscriber_session.client("ram", region) + LOGGER.info(f"Configuring resource share link for subscriber '{subscriber_name}' ({region})") + security_lake.configure_resource_share_in_subscriber_acct(ram_client, resource_share_arn) + shared_db_name, shared_tables = security_lake.get_shared_resource_names(ram_client, resource_share_arn) + if shared_tables == "" or shared_db_name == "": + LOGGER.info(f"No shared resource names found for subscriber '{subscriber_name}' ({region})") + else: + subscriber_session = common.assume_role(configuration_role_name, "sra-create-resource-share-link", subscriber_acct) + glue_client = subscriber_session.client("glue", region) + LOGGER.info(f"Creating database '{shared_db_name}_subscriber' for subscriber '{subscriber_name}' ({region})") + security_lake.create_db_in_data_catalog(glue_client, subscriber_acct, shared_db_name, region, subscriber_role) + security_lake.create_table_in_data_catalog(glue_client, shared_db_name, shared_tables, security_lake_acct, subscriber_acct, region) + + +def disable_security_lake(params: dict, regions: list, accounts: dict) -> None: + """Disable Security Lake service. + + Args: + params: Configuration Parameters + regions: AWS regions + accounts: AWS accounts + """ + for region in regions: + delegated_admin_session = common.assume_role( + params["CONFIGURATION_ROLE_NAME"], "sra-delete-security-lake-subscribers", params["DELEGATED_ADMIN_ACCOUNT_ID"] + ) + sl_client = delegated_admin_session.client("securitylake", region) + if params["SET_AUDIT_ACCT_DATA_SUBSCRIBER"]: + subscriber_name = params["AUDIT_ACCT_DATA_SUBSCRIBER"] + "-" + region + security_lake.delete_subscriber(sl_client, subscriber_name, region) + if params["SET_AUDIT_ACCT_QUERY_SUBSCRIBER"]: + subscriber_name = params["AUDIT_ACCT_QUERY_SUBSCRIBER"] + "-" + region + security_lake.delete_subscriber(sl_client, subscriber_name, region) + + org_configuration_exists, exisiting_org_configuration = security_lake.get_org_configuration(sl_client) + if org_configuration_exists: + LOGGER.info(f"Deleting Organization Configuration in {region} region...") + security_lake.delete_organization_configuration(sl_client, exisiting_org_configuration) + + all_accounts = [account["AccountId"] for account in accounts] + for source in AWS_LOG_SOURCES: + security_lake.delete_aws_log_source(sl_client, regions, source, all_accounts, params["SOURCE_VERSION"]) + + security_lake.delete_security_lake(params["CONFIGURATION_ROLE_NAME"], params["DELEGATED_ADMIN_ACCOUNT_ID"], HOME_REGION, regions) # todo: remove + + +def orchestrator(event: dict[str, Any], context: Any) -> None: + """Orchestration. + + Args: + event: event data + context: runtime information + """ + if event.get("RequestType"): + LOGGER.info("...calling helper...") + helper(event, context) + else: + LOGGER.info("...else...just calling process_event...") + process_event(event) + + +def lambda_handler(event: dict[str, Any], context: Any) -> None: + """Lambda Handler. + + Args: + event: event data + context: runtime information + + Raises: + ValueError: Unexpected error executing Lambda function + """ + LOGGER.info("....Lambda Handler Started....") + boto3_version = boto3.__version__ + LOGGER.info(f"boto3 version: {boto3_version}") + try: + orchestrator(event, context) + except Exception: + LOGGER.exception(UNEXPECTED) + raise ValueError(f"Unexpected error executing Lambda function. Review CloudWatch logs ({context.log_group_name}) for details.") from None + + +@helper.create +@helper.update +@helper.delete +def process_event_cloudformation(event: CloudFormationCustomResourceEvent, context: Context) -> str: # noqa U100 + """Process Event from AWS CloudFormation. + + Args: + event: event data + context: runtime information + + Returns: + AWS CloudFormation physical resource id + """ + event_info = {"Event": event} + LOGGER.info(event_info) + params = get_validated_parameters(event) + # excluded_accounts: list = [params["DELEGATED_ADMIN_ACCOUNT_ID"]] + accounts = common.get_active_organization_accounts() + regions = common.get_enabled_regions(params["ENABLED_REGIONS"], params["CONTROL_TOWER_REGIONS_ONLY"]) + if params["action"] == "Add": + process_add_event(params, regions, accounts) + elif params["action"] == "Update": + process_update_event(params, regions, accounts) + else: + LOGGER.info("...Disable Security Lake from (process_event_cloudformation)") + process_delete_event(params, regions, accounts) + + return f"sra-security-lake-org-{params['DELEGATED_ADMIN_ACCOUNT_ID']}" diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/common.py b/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/common.py new file mode 100644 index 00000000..97afb3b8 --- /dev/null +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/common.py @@ -0,0 +1,170 @@ +# type: ignore +"""This script includes common functions. + +Version: 1.0 + +Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +SPDX-License-Identifier: MIT-0 +""" +from __future__ import annotations + +import logging +import os +from time import sleep +from typing import TYPE_CHECKING + +import boto3 +from botocore.exceptions import ClientError, EndpointConnectionError + +if TYPE_CHECKING: + from mypy_boto3_iam.client import IAMClient + from mypy_boto3_organizations import OrganizationsClient + from mypy_boto3_ssm.client import SSMClient + from mypy_boto3_sts.client import STSClient + +# Setup Default Logger +LOGGER = logging.getLogger("sra") +log_level = os.environ.get("LOG_LEVEL", logging.INFO) +LOGGER.setLevel(log_level) + +# Global variables +ORGANIZATIONS_PAGE_SIZE = 20 +ORGANIZATIONS_THROTTLE_PERIOD = 0.2 + +try: + MANAGEMENT_ACCOUNT_SESSION = boto3.Session() + ORG_CLIENT: OrganizationsClient = MANAGEMENT_ACCOUNT_SESSION.client("organizations") + SSM_CLIENT: SSMClient = MANAGEMENT_ACCOUNT_SESSION.client("ssm") +except Exception as error: + LOGGER.error({"Unexpected_Error": error}) + raise ValueError("Unexpected error executing Lambda function. Review CloudWatch logs for details.") from None + + +def assume_role( + role: str, + role_session_name: str, + account: str = None, + session: boto3.Session = None, +) -> boto3.Session: + """Assumes the provided role in the given account and returns a session. + + Args: + role: Role to assume in target account. + role_session_name: Identifier for the assumed role session. + account: AWS account number. Defaults to None. + session: Boto3 session. Defaults to None. + + Returns: + Session object for the specified AWS account + """ + if not session: + session = boto3.Session() + sts_client: STSClient = session.client("sts") + sts_arn = sts_client.get_caller_identity()["Arn"] + LOGGER.info(f"USER: {sts_arn}") + if not account: + account = sts_arn.split(":")[4] + partition = sts_arn.split(":")[1] + role_arn = f"arn:{partition}:iam::{account}:role/{role}" + + response = sts_client.assume_role(RoleArn=role_arn, RoleSessionName=role_session_name) + LOGGER.info(f"ASSUMED ROLE: {response['AssumedRoleUser']['Arn']}") + return boto3.Session( + aws_access_key_id=response["Credentials"]["AccessKeyId"], + aws_secret_access_key=response["Credentials"]["SecretAccessKey"], + aws_session_token=response["Credentials"]["SessionToken"], + ) + + +def get_active_organization_accounts(exclude_accounts: list = None) -> list: + """Get all the active AWS Organization accounts. + + Args: + exclude_accounts: list of account IDs to exclude + + Returns: + List of active account IDs + """ + if exclude_accounts is None: + exclude_accounts = ["00000000000"] + accounts: list[dict] = [] + paginator = ORG_CLIENT.get_paginator("list_accounts") + + for page in paginator.paginate(PaginationConfig={"PageSize": ORGANIZATIONS_PAGE_SIZE}): + for account in page["Accounts"]: + if account["Status"] == "ACTIVE" and account["Id"] not in exclude_accounts: + accounts.append({"AccountId": account["Id"], "Email": account["Email"]}) + sleep(ORGANIZATIONS_THROTTLE_PERIOD) + + return accounts + + +def get_control_tower_regions() -> list: # noqa: CCR001 + """Query SSM Parameter Store to identify customer regions. + + Returns: + Customer regions + """ + ssm_response = SSM_CLIENT.get_parameter(Name="/sra/regions/customer-control-tower-regions") + customer_regions = ssm_response["Parameter"]["Value"].split(",") + + return list(customer_regions) + + +def get_enabled_regions(customer_regions: str, control_tower_regions_only: bool = False) -> list: # noqa: CCR001, C901 # NOSONAR + """Query STS to identify enabled regions. + + Args: + customer_regions: customer provided comma delimited string of regions + control_tower_regions_only: Use the Control Tower governed regions. Defaults to False. + + Returns: + Enabled regions + """ + if customer_regions.strip(): + LOGGER.info({"CUSTOMER PROVIDED REGIONS": customer_regions}) + region_list = [] + for region in customer_regions.split(","): + if region != "": + region_list.append(region.strip()) + elif control_tower_regions_only: + region_list = get_control_tower_regions() + else: + default_available_regions = [] + for region in boto3.client("account").list_regions(RegionOptStatusContains=["ENABLED", "ENABLED_BY_DEFAULT"])["Regions"]: + default_available_regions.append(region["RegionName"]) + + LOGGER.info({"Default_Available_Regions": default_available_regions}) + region_list = default_available_regions + + region_session = boto3.Session() + enabled_regions = [] + disabled_regions = [] + invalid_regions = [] + for region in region_list: + try: + sts_client = region_session.client( + "sts", + endpoint_url=f"https://sts.{region}.amazonaws.com", + region_name=region, + ) + sts_client.get_caller_identity() + enabled_regions.append(region) + except EndpointConnectionError: + invalid_regions.append(region) + LOGGER.error(f"Region: ({region}) is not valid") + except ClientError as error: + if error.response["Error"]["Code"] == "InvalidClientTokenId": + disabled_regions.append(region) + LOGGER.error(f"Error {error.response['Error']} occurred testing region {region}") + except Exception: + LOGGER.exception("Unexpected!") + + LOGGER.info( + { + "Enabled_Regions": enabled_regions, + "Disabled_Regions": disabled_regions, + "Invalid_Regions": invalid_regions, + } + ) + return enabled_regions \ No newline at end of file diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/requirements.txt b/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/requirements.txt new file mode 100644 index 00000000..b9435de8 --- /dev/null +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/requirements.txt @@ -0,0 +1,2 @@ +#install latest +crhelper \ No newline at end of file diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/security_lake.py b/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/security_lake.py new file mode 100644 index 00000000..a775fb6d --- /dev/null +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/security_lake.py @@ -0,0 +1,1017 @@ +"""This script performs operations to enable, configure, and disable security lake. + +Version: 1.0 +'security_lake_org' solution in the repo, https://github.com/aws-samples/aws-security-reference-architecture-examples + +Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +SPDX-License-Identifier: MIT-0 +""" + +from __future__ import annotations + +import logging +import os +from time import sleep +from typing import TYPE_CHECKING, List, Literal, Sequence + +import boto3 +import botocore +import common +from botocore.config import Config +from botocore.exceptions import ClientError + +if TYPE_CHECKING: + from mypy_boto3_glue import GlueClient + from mypy_boto3_lakeformation import LakeFormationClient + from mypy_boto3_organizations import OrganizationsClient + from mypy_boto3_ram import RAMClient + from mypy_boto3_securitylake import SecurityLakeClient + from mypy_boto3_securitylake.literals import AwsLogSourceNameType + from mypy_boto3_securitylake.paginator import ListLogSourcesPaginator + from mypy_boto3_securitylake.type_defs import ( + AwsLogSourceConfigurationTypeDef, + AwsLogSourceResourceTypeDef, + CreateDataLakeResponseTypeDef, + CreateSubscriberResponseTypeDef, + DataLakeAutoEnableNewAccountConfigurationTypeDef, + ListDataLakesResponseTypeDef, + LogSourceResourceTypeDef, + ) + +LOGGER = logging.getLogger("sra") +log_level = os.environ.get("LOG_LEVEL", logging.INFO) +LOGGER.setLevel(log_level) + +BOTO3_CONFIG = Config(retries={"max_attempts": 10, "mode": "standard"}) +UNEXPECTED = "Unexpected!" +EMPTY_STRING = "" +SECURITY_LAKE_THROTTLE_PERIOD = 0.2 +ENABLE_RETRY_ATTEMPTS = 10 +ENABLE_RETRY_SLEEP_INTERVAL = 10 +MAX_RETRY = 5 +SLEEP_SECONDS = 10 +KEY = "sra-solution" +VALUE = "sra-security-lake" + +try: + MANAGEMENT_ACCOUNT_SESSION = boto3.Session() + ORG_CLIENT: OrganizationsClient = MANAGEMENT_ACCOUNT_SESSION.client("organizations") +except Exception: + LOGGER.exception(UNEXPECTED) + raise ValueError("Unexpected error executing Lambda function. Review CloudWatch logs for details.") from None + + +def check_organization_admin_enabled(delegated_admin_account_id: str, service_principal: str) -> bool: + """Check if the delegated administrator account for the provided service principal exists. + + Args: + delegated_admin_account_id: Delegated Administrator Account ID + service_principal: AWS Service Principal + + Raises: + ValueError: If the delegated administrator other than Log Archive account already exists + + Returns: + bool: True if the delegated administrator account exists, False otherwise + """ + LOGGER.info(f"Checking if delegated administrator registered for '{service_principal}' service principal.") + try: + delegated_admins = ORG_CLIENT.list_delegated_administrators(ServicePrincipal=service_principal) + api_call_details = {"API_Call": "organizations:ListDelegatedAdministrators", "API_Response": delegated_admins} + LOGGER.info(api_call_details) + if not delegated_admins["DelegatedAdministrators"]: + LOGGER.info(f"Delegated administrator not registered for '{service_principal}'") + return False + elif delegated_admins["DelegatedAdministrators"][0]["Id"] == delegated_admin_account_id: + LOGGER.info(f"Log Archive account ({delegated_admin_account_id}) already registered as delegated administrator for '{service_principal}'") + return True + else: + registered_admin = delegated_admins["DelegatedAdministrators"][0]["Id"] + LOGGER.info(f"Account {registered_admin} already registered as delegated administrator") + LOGGER.info("Important: removing the delegated Security Lake admin deletes your data lake and disables it for the accounts in your org") + raise ValueError(f"Deregister account {registered_admin} to delegate administration to Log Archive account") + except ClientError as e: + LOGGER.error(f"Delegated administrator check error occurred: {e}") + return False + + +def register_delegated_admin(admin_account_id: str, region: str, service_principal: str) -> None: + """Set the delegated admin account for the given region. + + Args: + admin_account_id: Admin account ID + region: AWS Region + service_principal: AWS Service Principal + + Raises: + ClientError: If there is an issue interacting with the AWS API + """ + sl_client: SecurityLakeClient = MANAGEMENT_ACCOUNT_SESSION.client("securitylake", region, config=BOTO3_CONFIG) + if not check_organization_admin_enabled(admin_account_id, service_principal): + LOGGER.info(f"Registering delegated administrator ({admin_account_id})...") + sl_client.register_data_lake_delegated_administrator(accountId=admin_account_id) + LOGGER.info(f"Account {admin_account_id} registered as delegated administrator for '{service_principal}'") + + +def check_data_lake_exists(sl_client: SecurityLakeClient, region: str, max_retries: int = MAX_RETRY, initial_delay: int = 1) -> bool: + """Check if Security Lake enabled for the given region. + + Args: + sl_client: SecurityLakeClient + region: AWS region + max_retries: maximum number of retries + initial_delay: initial delay in seconds + + Raises: + ClientError: If there is an issue interacting with the AWS API + + Returns: + bool: True if Security Lake enabled, False otherwise + """ + status: bool = False + retry_count: int = 0 + delay: float = initial_delay + max_delay: int = 30 + while not status: + try: + response: ListDataLakesResponseTypeDef = sl_client.list_data_lakes(regions=[region]) + if not response["dataLakes"]: + break + + elif response["dataLakes"][0]["createStatus"] == "INITIALIZED": + if retry_count < max_retries: + delay = min(delay * (2**retry_count), max_delay) + LOGGER.info(f"Security Lake create status ({region}): 'INITIALIZED'. Retrying ({retry_count + 1}/{max_retries}) in {delay}...") + sleep(delay) + retry_count += 1 + elif response["dataLakes"][0]["createStatus"] == "COMPLETED": + status = True + break + elif response["dataLakes"][0]["createStatus"] == "FAILED": + raise ValueError("Security Lake creation failed") + except ClientError as e: + LOGGER.info(f"Error calling 'securitylake:ListDataLakes' ({region}): {e}...") + raise + + if not status: + LOGGER.info(f"Security Lake is not enabled ({region})") + return status + + +def check_data_lake_create_status(sl_client: SecurityLakeClient, regions: list, retries: int = 0) -> bool: + """Check Security Lake creation status for given regions. + + Args: + sl_client: boto3 client + regions: list of AWS regions + retries: Number of retries. Defaults to 0. + + Raises: + ClientError: If there is an issue interacting with the AWS API + ValueError: If the maximum number of retries is reached + + Returns: + bool: True if creation completed, False otherwise + """ + all_completed: bool = False + max_retries: int = 20 + regions_status_list: list = [] + while retries < max_retries: + try: + response: ListDataLakesResponseTypeDef = sl_client.list_data_lakes(regions=regions) + for data_lake in response["dataLakes"]: + create_status = data_lake["createStatus"] + regions_status_list.append(create_status) + if "INITIALIZED" not in regions_status_list and "FAILED" not in regions_status_list: + all_completed = True + break + if "INITIALIZED" in regions_status_list: + LOGGER.info(f"Security Lake creation status: 'INITIALIZED'. Retrying ({retries+1}/{max_retries}) in 5 seconds...") + sleep(5) + retries += 1 + status = check_data_lake_create_status(sl_client, regions, retries) + if status: + all_completed = True + break + if "FAILED" in regions_status_list: + raise ValueError("Security Lake creation failed") + else: + print("Security Lake creation status: ", regions_status_list) + except ClientError as e: + LOGGER.info(f"Error checking data lake status: {e}") + raise + + if retries >= max_retries: + raise ValueError("Security Lake status not 'COMPLETED'") + + return all_completed + + +def create_security_lake(sl_client: SecurityLakeClient, sl_configurations: list, role_arn: str) -> None: + """Create Security Lake for the given region(s). + + Args: + sl_client: boto3 client + sl_configurations: Security Lake configurations + role_arn: role arn + + Raises: + ValueError: _description_ + """ + base_delay = 10 + max_delay = 20 + data_lake_created = False + + for attempt in range(MAX_RETRY): + try: + security_lake_response: CreateDataLakeResponseTypeDef = sl_client.create_data_lake( + configurations=sl_configurations, + metaStoreManagerRoleArn=role_arn, + tags=[ + {"key": KEY, "value": VALUE}, + ], + ) + api_call_details = {"API_Call": "securitylake:CreateDataLake", "API_Response": security_lake_response} + LOGGER.info(api_call_details) + sleep(20) + data_lake_created = True + break + + except ClientError as e: + error_code = e.response["Error"]["Code"] + if error_code in ["BadRequestException", "ConflictException"]: + error_message = str(e) + if "The CreateDataLake operation can't be used to update the settings for an existing data lake" in error_message: + raise ValueError("Security lake already exists.") + else: + delay = min(base_delay * (1.0**attempt), max_delay) + LOGGER.info(f"'{error_code}' occurred: {e}. Retrying ({attempt + 1}/{MAX_RETRY}) in {delay} seconds...") + sleep(delay) + else: + LOGGER.error(f"Error calling CreateDataLake: {e}") + raise + attempt += 1 + if attempt >= MAX_RETRY: + LOGGER.error("Error calling CreateDataLake") + break + if not data_lake_created: + raise ValueError("Error creating security lake") + + +def encrypt_sqs_queues(configuration_role_name: str, account: str, region: str, key_id: str) -> None: + """Encrypt Security Lake SQS queues with KMS key. + + Args: + configuration_role_name: configuration role name + account: AWS Account id + region: AWS region + key_id: KMS key id + """ + sqs_queues = [ + f"https://sqs.{region}.amazonaws.com/{account}/AmazonSecurityLakeManager-{region}-Dlq", + f"https://sqs.{region}.amazonaws.com/{account}/AmazonSecurityLakeManager-{region}-Queue", + ] + session = common.assume_role(configuration_role_name, "sra-configure-security-lake", account) + sqs_client = session.client("sqs", region) + for queue_url in sqs_queues: + try: + response = sqs_client.set_queue_attributes(QueueUrl=queue_url, Attributes={"KmsMasterKeyId": key_id}) + api_call_details = {"API_Call": "sqs:SetQueueAttributes", "API_Response": response} + LOGGER.info(api_call_details) + except ClientError as e: + LOGGER.error(e) + + +class CheckLogSourceResult: + """Log source check result.""" + + def __init__(self, source_exists: bool, accounts_to_enable: list, accounts_to_disable: list, regions_to_enable: list): + """Set result attributes. + + Args: + source_exists: source exists + accounts_to_enable: accounts to enable + accounts_to_disable: accounts to disable + regions_to_enable: regions to enable + """ + self.source_exists = source_exists + self.accounts_to_enable = accounts_to_enable + self.accounts_to_disable = accounts_to_disable + self.regions_to_enable = regions_to_enable + + +def check_log_source_enabled( + sl_client: SecurityLakeClient, + requested_accounts: list, + org_accounts: list, + requested_regions: list, + log_source_name: AwsLogSourceNameType, + log_source_version: str, +) -> CheckLogSourceResult: + """Check if AWS log and event source enabled. + + Args: + sl_client: SecurityLakeClient + requested_accounts: requested accounts + org_accounts: organization accounts + requested_regions: requested regions + log_source_name: log source name + log_source_version: log source version + + Returns: + CheckLogSourceResult + """ + accounts_to_enable: list = [] + accounts_to_disable_log_source: list = [] + regions_with_source_enabled: list = [] + list_log_sources_paginator: ListLogSourcesPaginator = sl_client.get_paginator("list_log_sources") + for page in list_log_sources_paginator.paginate( + accounts=org_accounts, + regions=requested_regions, + sources=[{"awsLogSource": {"sourceName": log_source_name, "sourceVersion": log_source_version}}], + ): + if not page["sources"]: + return CheckLogSourceResult(False, requested_accounts, accounts_to_disable_log_source, requested_regions) + else: + enabled_accounts = set(s["account"] for s in page["sources"] if s["account"] in org_accounts) + regions_with_source_enabled = list(set(s["region"] for s in page["sources"])) + accounts_to_enable = [account for account in requested_accounts if account not in enabled_accounts] + accounts_to_disable_log_source = [account for account in enabled_accounts if account not in requested_accounts] + regions_to_enable = [region for region in requested_regions if region not in regions_with_source_enabled] + + if accounts_to_enable: + LOGGER.info(f"AWS log and event source {log_source_name} will be enabled in {', '.join(accounts_to_enable)} account(s)") + if accounts_to_disable_log_source: + LOGGER.info(f"AWS log and event source {log_source_name} will be deleted in {', '.join(accounts_to_disable_log_source)} account(s)") + if regions_to_enable: + LOGGER.info(f"AWS log and event source {log_source_name} will be enabled in {', '.join(regions_to_enable)} region(s)") + + return CheckLogSourceResult(True, accounts_to_enable, accounts_to_disable_log_source, regions_to_enable) + + +def add_aws_log_source(sl_client: SecurityLakeClient, aws_log_sources: list) -> None: + """Create AWS log and event sources. + + Args: + sl_client: boto3 client + aws_log_sources: list of AWS log and event sources + + Raises: + ClientError: If there is an issue interacting with the AWS API + """ + create_log_source_retries = 10 + base_delay = 1 + max_delay = 30 + log_source_created = False + for attempt in range(create_log_source_retries): + try: + LOGGER.info("Configuring requested AWS log and events sources") + sl_client.create_aws_log_source(sources=aws_log_sources) + log_source_created = True + LOGGER.info("Enabled requested AWS log and event sources") + break + except ClientError as e: + error_code = e.response["Error"]["Code"] + if error_code == "ConflictException": + delay = min(base_delay * (2**attempt), max_delay) + LOGGER.info(f"'ConflictException' occurred {e}. Retrying ({attempt + 1}/{create_log_source_retries}) in {delay} seconds...") + sleep(delay) + else: + LOGGER.error(f"Error calling CreateAwsLogSource: {e}.") + raise + attempt += 1 + if log_source_created or attempt >= create_log_source_retries: + break + + if not log_source_created: + raise ValueError("Failed to create log events sources") + + +def update_aws_log_source( + sl_client: SecurityLakeClient, + requested_regions: list, + source: AwsLogSourceNameType, + requested_accounts: list, + org_accounts: list, + source_version: str, +) -> None: + """Create AWS log and event sources. + + Args: + sl_client: boto3 client + requested_regions: list of AWS regions + source: AWS log and event source name + requested_accounts: list of AWS accounts + org_accounts: list of all AWS accounts in organization + source_version: log source version + + Raises: + ClientError: boto3 client error + """ + result = check_log_source_enabled(sl_client, requested_accounts, org_accounts, requested_regions, source, source_version) + accounts = list(result.accounts_to_enable) + accounts_to_delete = list(result.accounts_to_disable) + regions_to_enable = list(result.regions_to_enable) + + configurations: AwsLogSourceConfigurationTypeDef = { + "accounts": requested_accounts, + "regions": requested_regions, + "sourceName": source, + "sourceVersion": source_version, + } + if result.source_exists and accounts: + configurations.update({"accounts": accounts}) + + if result.source_exists and not accounts and not regions_to_enable: + LOGGER.info("Log and event source already configured. No changes to apply") + + else: + add_aws_log_source(sl_client, [configurations]) + + if accounts_to_delete: + delete_aws_log_source(sl_client, requested_regions, source, accounts_to_delete, source_version) + + +def get_org_configuration(sl_client: SecurityLakeClient) -> tuple: + """Get Security Lake organization configuration. + + Args: + sl_client: boto3 client + + Raises: + ClientError: If there is an issue interacting with the AWS API + + Returns: + tuple: (bool, dict) + """ + try: + org_configruations = sl_client.get_data_lake_organization_configuration() + if org_configruations["autoEnableNewAccount"]: + return True, org_configruations["autoEnableNewAccount"] + else: + return False, org_configruations + except ClientError as e: + error_code = e.response["Error"]["Code"] + if error_code == "ResourceNotFoundException": + return False, "ResourceNotFoundException" + else: + LOGGER.error(f"Error calling GetDataLakeConfiguration: {e}.") + raise + + +def create_organization_configuration(sl_client: SecurityLakeClient, regions: list, org_sources: list, source_version: str, retry: int = 0) -> None: + """Create Security Lake organization configuration. + + Args: + sl_client: boto3 client + regions: list of AWS regions + org_sources: list of AWS log and event sources + source_version: version of log source + retry: retry counter. Defaults to 0 + """ + sources: List[AwsLogSourceResourceTypeDef] = [{"sourceName": source, "sourceVersion": source_version} for source in org_sources] + auto_enable_config: List[DataLakeAutoEnableNewAccountConfigurationTypeDef] = [] + for region in regions: + region_config: DataLakeAutoEnableNewAccountConfigurationTypeDef = {"region": region, "sources": sources} + auto_enable_config.append(region_config) + if retry < MAX_RETRY: + try: + sl_client.create_data_lake_organization_configuration(autoEnableNewAccount=auto_enable_config) + except sl_client.exceptions.ConflictException: + LOGGER.info("'ConflictException' occurred. Retrying...") + sleep(SLEEP_SECONDS) + create_organization_configuration(sl_client, regions, org_sources, source_version, retry + 1) + + +def set_sources_to_disable(org_configruations: list, region: str) -> list: + """Update Security Lake. + + Args: + org_configruations: list of configurations + region: AWS region + + Returns: + list: list of sources to disable + """ + sources_to_disable = [] + for configuration in org_configruations: + if configuration["region"] == region: + for source in configuration["sources"]: + sources_to_disable.append(source) + + return sources_to_disable + + +def update_organization_configuration( + sl_client: SecurityLakeClient, regions: list, org_sources: list, source_version: str, exisiting_org_configuration: list +) -> None: + """Update Security Lake organization configuration. + + Args: + sl_client: boto3 client + regions: list of AWS regions + org_sources: list of AWS log and event sources + source_version: version of log source + exisiting_org_configuration: list of existing configurations + + Raises: + ClientError: If there is an issue interacting with the AWS API + """ + delete_organization_configuration(sl_client, exisiting_org_configuration) + sources: List[AwsLogSourceResourceTypeDef] = [{"sourceName": source, "sourceVersion": source_version} for source in org_sources] + autoenable_config: List[DataLakeAutoEnableNewAccountConfigurationTypeDef] = [] + for regioin in regions: + region_config: DataLakeAutoEnableNewAccountConfigurationTypeDef = {"region": regioin, "sources": sources} + autoenable_config.append(region_config) + response = sl_client.create_data_lake_organization_configuration(autoEnableNewAccount=autoenable_config) + api_call_details = {"API_Call": "securitylake:CreateDataLakeOrganizationConfiguration", "API_Response": response} + LOGGER.info(api_call_details) + + +def delete_organization_configuration(sl_client: SecurityLakeClient, exisiting_org_configuration: list) -> None: + """Delete Security Lake organization configuration. + + Args: + sl_client: boto3 client + exisiting_org_configuration: list of existing configurations + + Raises: + ClientError: If there is an issue interacting with the AWS API + """ + sources_to_disable = exisiting_org_configuration + if sources_to_disable: + delete_response = sl_client.delete_data_lake_organization_configuration(autoEnableNewAccount=exisiting_org_configuration) + api_call_details = {"API_Call": "securitylake:DeleteDataLakeOrganizationConfiguration", "API_Response": delete_response} + LOGGER.info(api_call_details) + + +def check_subscriber_exists(sl_client: SecurityLakeClient, subscriber_name: str, next_token: str = EMPTY_STRING) -> tuple: + """List Security Lake subscribers. + + Args: + sl_client: boto3 client + subscriber_name: subscriber name + next_token: next token. Defaults to EMPTY_STRING. + + Raises: + ClientError: If there is an issue interacting with the AWS API + + Returns: + tuple: (bool, str, str) + """ + subscriber_exists = False + subscriber_id = "" + external_id = "" + try: + if next_token != EMPTY_STRING: + response = sl_client.list_subscribers(maxResults=10, nextToken=next_token) + else: + response = sl_client.list_subscribers(maxResults=10) + if response["subscribers"]: + for subscriber in response["subscribers"]: + if subscriber_name == subscriber["subscriberName"]: + subscriber_id = subscriber["subscriberId"] + external_id = subscriber["subscriberIdentity"]["externalId"] + subscriber_exists = True + return subscriber_exists, subscriber_id, external_id + + if "nextToken" in response: + subscriber_exists, subscriber_id, external_id = check_subscriber_exists(sl_client, subscriber_name, response["nextToken"]) + return subscriber_exists, subscriber_id, external_id + else: + return subscriber_exists, subscriber_id, external_id + + except ClientError as e: + error_code = e.response["Error"]["Code"] + if error_code == "ResourceNotFoundException": + LOGGER.info(f"Error calling ListSubscribers: {e}. Skipping...") + return subscriber_exists, subscriber_id, external_id + else: + raise ValueError(f"Error calling ListSubscribers {e}.") + + +def get_subscriber_resourceshare_arn(sl_client: SecurityLakeClient, subscriber_name: str, next_token: str = EMPTY_STRING) -> tuple: + """List Security Lake subscribers. + + Args: + sl_client: boto3 client + subscriber_name: subscriber name + next_token: next token. Defaults to EMPTY_STRING. + + Raises: + ClientError: If there is an issue interacting with the AWS API + + Returns: + tuple: (bool, str, str) + """ + resource_share_arn = "" + subscriber_exists = False + if next_token != EMPTY_STRING: + response = sl_client.list_subscribers(maxResults=10, nextToken=next_token) + else: + response = sl_client.list_subscribers(maxResults=10) + if response["subscribers"]: + for subscriber in response["subscribers"]: + if subscriber_name == subscriber["subscriberName"]: + resource_share_arn = subscriber.get("resourceShareArn", "") + subscriber_exists = True + return subscriber_exists, resource_share_arn + if "nextToken" in response: + subscriber_exists, resource_share_arn = get_subscriber_resourceshare_arn(sl_client, subscriber_name, response["nextToken"]) + return subscriber_exists, resource_share_arn + else: + return subscriber_exists, resource_share_arn + + +def create_subscribers( + sl_client: SecurityLakeClient, + data_access: Literal["LAKEFORMATION", "S3"], + source_types: list, + external_id: str, + principal: str, + subscriber_name: str, + source_version: str, +) -> tuple: + """Create Security Lake subscriber. + + Args: + sl_client: boto3 client + data_access: data access type + source_types: list of source types + external_id: external id + principal: AWS account id + subscriber_name: subscriber name + source_version: source version + + Raises: + ClientError: If there is an issue interacting with the AWS API + + Returns: + tuple: subscriber id, resource share ARN + """ + subscriber_sources: Sequence[LogSourceResourceTypeDef] = [ + {"awsLogSource": {"sourceName": source, "sourceVersion": source_version}} for source in source_types + ] + resource_share_arn = "" + subscriber_id = "" + base_delay = 1 + max_delay = 3 + done = False + for attempt in range(ENABLE_RETRY_ATTEMPTS): + try: + response: CreateSubscriberResponseTypeDef = sl_client.create_subscriber( + accessTypes=[data_access], + sources=subscriber_sources, + subscriberIdentity={"externalId": external_id, "principal": principal}, + subscriberName=subscriber_name, + tags=[ + {"key": KEY, "value": VALUE}, + ], + ) + api_call_details = {"API_Call": "securitylake:CreateSubscriber", "API_Response": response} + LOGGER.info(api_call_details) + subscriber_id = response["subscriber"]["subscriberId"] + if data_access == "LAKEFORMATION": + resource_share_arn = response["subscriber"]["resourceShareArn"] + done = True + return subscriber_id, resource_share_arn + else: + return subscriber_id, "s3_data_access" + except ClientError as e: + error_code = e.response["Error"]["Code"] + if error_code == "BadRequestException": + delay = min(base_delay * (2**attempt), max_delay) + LOGGER.info(f"'{error_code}' occurred calling CreateSubscriber: {e}. Retrying ({attempt + 1}/{ENABLE_RETRY_ATTEMPTS}) in {delay}") + sleep(delay) + else: + raise ValueError(f"Error calling CreateSubscriber: {e}.") + attempt += 1 + if done or attempt >= ENABLE_RETRY_ATTEMPTS: + break + + return subscriber_id, resource_share_arn + + +def update_subscriber( + sl_client: SecurityLakeClient, subscriber_id: str, source_types: list, external_id: str, principal: str, subscriber_name: str, source_verison: str +) -> str: + """Update Security Lake subscriber. + + Args: + sl_client: boto3 client + subscriber_id: subscriber id + source_types: list of source types + external_id: external id + principal: AWS account id + subscriber_name: subscriber name + source_verison: source version + + Returns: + str: Resource share ARN + + Raises: + ValueError: if subscriber not created + """ + subscriber_sources: Sequence[LogSourceResourceTypeDef] = [ + {"awsLogSource": {"sourceName": source, "sourceVersion": source_verison}} for source in source_types + ] + base_delay = 1 + max_delay = 3 + done = False + for attempt in range(ENABLE_RETRY_ATTEMPTS): + try: + response = sl_client.update_subscriber( + sources=subscriber_sources, + subscriberId=subscriber_id, + subscriberIdentity={"externalId": external_id, "principal": principal}, + subscriberName=subscriber_name, + ) + api_call_details = {"API_Call": "securitylake:UpdateSubscriber", "API_Response": response} + LOGGER.info(api_call_details) + LOGGER.info(f"Subscriber '{subscriber_name}' updated") + if response["subscriber"]["accessTypes"] == ["LAKEFORMATION"]: + resource_share_arn = response["subscriber"]["resourceShareArn"] + sleep(SLEEP_SECONDS) + done = True + return resource_share_arn + return "s3_data_access" + except sl_client.exceptions.BadRequestException: + delay = min(base_delay * (2**attempt), max_delay) + LOGGER.info( + f"'BadRequestException' occurred calling UpdateSubscriber. Retrying ({attempt + 1}/{ENABLE_RETRY_ATTEMPTS}) in {delay}" + ) + sleep(delay) + + attempt += 1 + if done or attempt >= ENABLE_RETRY_ATTEMPTS: + break + if not done: + raise ValueError("Subscriber not updated") + + return resource_share_arn + + +def configure_resource_share_in_subscriber_acct(ram_client: RAMClient, resource_share_arn: str) -> None: + """Accept resource share invitation in subscriber account. + + Args: + ram_client: boto3 client + resource_share_arn: resource share arn + + Raises: + ClientError: If there is an issue interacting with the AWS API + """ + base_delay = 0.5 + max_delay = 5 + invitation_accepted = False + for attempt in range(MAX_RETRY): + paginator = ram_client.get_paginator("get_resource_share_invitations") + for page in paginator.paginate(PaginationConfig={"PageSize": 20}): + if page["resourceShareInvitations"]: + for invitation in page["resourceShareInvitations"]: + if resource_share_arn == invitation["resourceShareArn"]: + if invitation["status"] == "ACCEPTED": + invitation_accepted = True + break + if invitation["status"] == "PENDING": + ram_client.accept_resource_share_invitation( + resourceShareInvitationArn=invitation["resourceShareInvitationArn"], + ) + delay = min(base_delay * (2**attempt), max_delay) + LOGGER.info(f"Accepting resource share invitation: ({attempt + 1}/{ENABLE_RETRY_ATTEMPTS}) in {delay} seconds...") + sleep(delay) + else: + LOGGER.info(invitation["status"]) + else: + LOGGER.info("Resource share invitation not found.") + else: + response = ram_client.list_resources(resourceOwner="OTHER-ACCOUNTS", resourceShareArns=[resource_share_arn]) + if response["resources"]: + invitation_accepted = True + break + attempt += 1 + if invitation_accepted or attempt >= MAX_RETRY: + break + if not invitation_accepted: + raise ValueError("Error accepting resource share invitation") + + +def get_shared_resource_names(ram_client: RAMClient, resource_share_arn: str) -> tuple: + """Get resource names from resource share arn. + + Args: + ram_client: boto3 client + resource_share_arn: resource share arn + + Raises: + ClientError: If there is an issue interacting with the AWS API + + Returns: + tuple: database name and table names + """ + db_name = "" + table_names = [] + retry = 0 + resources_created = False + LOGGER.info("Getting shared resources") + while retry < MAX_RETRY: + response = ram_client.list_resources(resourceOwner="OTHER-ACCOUNTS", resourceShareArns=[resource_share_arn]) + if response["resources"]: + db_name = next((resource["arn"].split("/")[-1] for resource in response["resources"] if resource["type"] == "glue:Database"), "") + table_names = [resource["arn"].split("/")[-1] for resource in response["resources"] if resource["type"] == "glue:Table"] + resources_created = True + break + else: + LOGGER.info(f"No shared resources found. Retrying {retry+1}") + retry += 1 + sleep(SLEEP_SECONDS) + if not resources_created: + LOGGER.error("Max retries reached. Unable to retrieve resource names.") + return db_name, table_names + + +def create_db_in_data_catalog(glue_client: GlueClient, subscriber_acct: str, shared_db_name: str, region: str, role_name: str) -> None: + """Create database in data catalog. + + Args: + glue_client: boto3 client + subscriber_acct: Security Lake query access subscriber AWS account id + shared_db_name: name of shared database + role_name: subscriber configuration role name + + Raises: + ClientError: If there is an issue interacting with the AWS API + """ + try: + response = glue_client.create_database( + CatalogId=subscriber_acct, DatabaseInput={"Name": shared_db_name + "_subscriber", "CreateTableDefaultPermissions": []} + ) + api_call_details = {"API_Call": "glue:CreateDatabase", "API_Response": response} + LOGGER.info(api_call_details) + except ClientError as e: + error_code = e.response["Error"]["Code"] + if error_code == "AlreadyExistsException": + LOGGER.info(f"Database '{shared_db_name}_subscriber' already exists") + else: + LOGGER.error(f"Error calling CreateDatabase: {e}") + raise + subscriber_session = common.assume_role( + role_name, "sra-configure-resource-link", subscriber_acct + ) + lf_client = subscriber_session.client("lakeformation", region) + set_lake_formation_permissions(lf_client, subscriber_acct, shared_db_name) + + +def create_table_in_data_catalog( + glue_client: GlueClient, shared_db_name: str, shared_table_names: str, security_lake_acct: str, subscriber_acct: str, region: str +) -> None: + """Create table in data catalog. + + Args: + glue_client: boto3 client + shared_db_name: name of shared database + shared_table_names: name of shared tables + security_lake_acct: Security Lake delegated administrator AWS account id + + Raises: + ClientError: If there is an issue interacting with the AWS API + """ + for table in shared_table_names: + table_name = "rl_" + table + try: + response = glue_client.create_table( + DatabaseName=shared_db_name + "_subscriber", + TableInput={ + "Name": table_name, + "TargetTable": {"CatalogId": security_lake_acct, "DatabaseName": shared_db_name, "Name": table}, + }, + ) + api_call_details = {"API_Call": "glue:CreateTable", "API_Response": response} + LOGGER.info(api_call_details) + except ClientError as e: + error_code = e.response["Error"]["Code"] + if error_code == "AlreadyExistsException": + LOGGER.info(f"Table '{table_name}' already exists in {region} region.") + continue + if error_code == "AccessDeniedException": + LOGGER.info("'AccessDeniedException' error occured. Review and update Lake Formation permission(s)") + LOGGER.info("Skipping...") + continue + else: + LOGGER.error("Error calling glue:CreateTable %s", e) + raise + + +def set_lake_formation_permissions(lf_client: LakeFormationClient, account: str, db_name: str) -> None: + """Set Lake Formation permissions. + + Args: + lf_client: boto3 client + account: AWS account + db_name: database name + table_name: table name + + Raises: + ClientError: If there is an issue interacting with the AWS API + + """ + LOGGER.info("Setting lakeformation permissions for db") + try: + lf_client.grant_permissions( + CatalogId=account, + Principal={"DataLakePrincipalIdentifier": f"arn:aws:iam::{account}:role/sra-security-lake-query-subscriber"}, + Resource={ + "Database": {"CatalogId": account, "Name": db_name + "_subscriber"}, + "Table": {"CatalogId": account, "DatabaseName": db_name + "_subscriber", "Name": "rl_*"}, + }, + Permissions=["ALL"], + PermissionsWithGrantOption=["ALL"], + ) + except ClientError as e: + LOGGER.error("Error calling GrantPermissions %s.", e) + raise + + +def delete_subscriber(sl_client: SecurityLakeClient, subscriber_name: str, region: str) -> None: + """Delete Security Lake subscriber. + + Args: + sl_client: boto3 client + subscriber_name: subscriber name + region: AWS region + + Raises: + ClientError: If there is an issue interacting with the AWS API + """ + subscriber_exists, subscriber_id, _ = check_subscriber_exists(sl_client, subscriber_name) + if subscriber_exists: + + try: + response = sl_client.delete_subscriber(subscriberId=subscriber_id) + api_call_details = {"API_Call": "securitylake:DeleteSubscriber", "API_Response": response} + LOGGER.info(api_call_details) + except ClientError as e: + LOGGER.error(f"Error calling DeleteSubscriber: {e}") + raise + else: + LOGGER.info(f"Subscriber not found in {region} region. Skipping delete subscriber...") + + +def delete_aws_log_source(sl_client: SecurityLakeClient, regions: list, source: AwsLogSourceNameType, accounts: list, source_version: str) -> None: + """Delete AWS log and event source. + + Args: + sl_client: boto3 client + regions: list of AWS regions + source: AWS log source name + accounts: list of AWS accounts + source_version: AWS log source version + + Raises: + ClientError: If there is an issue interacting with the AWS API. + """ + configurations: AwsLogSourceConfigurationTypeDef = { + "accounts": accounts, + "regions": regions, + "sourceName": source, + "sourceVersion": source_version, + } + try: + sl_client.delete_aws_log_source(sources=[configurations]) + LOGGER.info(f"Deleted AWS log source {source} in {', '.join(accounts)} account(s) {', '.join(regions)} region(s)...") + except ClientError as e: + error_code = e.response["Error"]["Code"] + if error_code == "UnauthorizedException": + LOGGER.info("'UnauthorizedException' occurred....") + else: + LOGGER.error(f"Error calling DeleteAwsLogSource {e}.") + raise + + +def delete_security_lake(configuration_role_name: str, delegated_admin_acct: str, region: str, regions: list) -> None: + """Delete Data Lake. + + Args: + configuration_role_name: configuration role name + delegated_admin_acct: delegated administrator AWS account id + region: AWS region + regions: list of AWS regions + + Raises: + ClientError: If there is an issue interacting with the AWS API + """ + delegated_admin_session = common.assume_role(configuration_role_name, "sra-disable-security-lake", delegated_admin_acct) + sl_client = delegated_admin_session.client("securitylake", region) + try: + response = sl_client.delete_data_lake(regions=regions) + api_call_details = {"API_Call": "securitylake:DeleteDataLake", "API_Response": response} + LOGGER.info(api_call_details) + except ClientError as e: + error_code = e.response["Error"]["Code"] + if error_code == "ResourceNotFoundException": + LOGGER.info(f"'ResourceNotFoundException' occurred: {e}. Skipping delete...") + elif error_code == "UnauthorizedException": + LOGGER.info(f"'UnauthorizedException' occurred: {e}. Skipping delete...") + else: + LOGGER.error(f"Error calling DeleteDataLake {e}") + raise diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/sra_ssm_params.py b/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/sra_ssm_params.py new file mode 100644 index 00000000..f968f61e --- /dev/null +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/sra_ssm_params.py @@ -0,0 +1,64 @@ +"""Custom Resource to gather data and create SSM paramters in the management account. + +Version: 1.0 + +'common_prerequisites' solution in the repo, https://github.com/aws-samples/aws-security-reference-architecture-examples + +Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +SPDX-License-Identifier: MIT-0 +""" +from __future__ import annotations + +from typing import TYPE_CHECKING, Any + +import boto3 +from botocore.config import Config + +if TYPE_CHECKING: + from mypy_boto3_ssm.client import SSMClient + + +class SraSsmParams: + """SRA SSM parameter values.""" + + def __init__(self, logger: Any) -> None: + """Get SSM parameter values. + + Args: + logger: logger + """ + self.LOGGER = logger + + # Global Variables + self.UNEXPECTED = "Unexpected!" + self.BOTO3_CONFIG = Config(retries={"max_attempts": 10, "mode": "standard"}) + + try: + management_account_session = boto3.Session() + self.SSM_CLIENT: SSMClient = management_account_session.client("ssm") + except Exception: + self.LOGGER.exception(self.UNEXPECTED) + raise ValueError("Unexpected error executing Lambda function. Review CloudWatch logs for details.") from None + + def get_security_acct(self) -> str: + """Query SSM Parameter Store to identify security tooling account id. + + Returns: + Security tooling account id + """ + self.LOGGER.info("Getting security tooling (audit) account id") + sra_security_acct = '' + ssm_response = self.SSM_CLIENT.get_parameter(Name="/sra/control-tower/audit-account-id") + sra_security_acct = ssm_response["Parameter"]["Value"] + return sra_security_acct + + def get_home_region(self) -> str: + """Query SSM Parameter Store to identify home region. + + Returns: + Home region + """ + home_region = '' + ssm_response = self.SSM_CLIENT.get_parameter(Name="/sra/control-tower/home-region",) + home_region = ssm_response["Parameter"]["Value"] + return home_region diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/layer/boto3/package.txt b/aws_sra_examples/solutions/security_lake/security_lake_org/layer/boto3/package.txt new file mode 100644 index 00000000..1db657b6 --- /dev/null +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/layer/boto3/package.txt @@ -0,0 +1 @@ +boto3 \ No newline at end of file diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-lakeformation-slr.yaml b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-lakeformation-slr.yaml new file mode 100644 index 00000000..02ad2b5b --- /dev/null +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-lakeformation-slr.yaml @@ -0,0 +1,19 @@ +######################################################################## +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: MIT-0 +######################################################################## +AWSTemplateFormatVersion: 2010-09-09 +Description: + This template creates an IAM role to configure the delegated administrator account - - 'security_lake_org' solution in the repo, + https://github.com/aws-samples/aws-security-reference-architecture-examples (sra-1ssgnse80) + +Metadata: + SRA: + Version: 1.0 + Order: 2 + +Resources: + rLakeFormationServiceLinkedRole: + Type: AWS::IAM::ServiceLinkedRole + Properties: + AWSServiceName: lakeformation.amazonaws.com diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-meta-store-manager-role.yaml b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-meta-store-manager-role.yaml new file mode 100644 index 00000000..f163c46f --- /dev/null +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-meta-store-manager-role.yaml @@ -0,0 +1,76 @@ +######################################################################## +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: MIT-0 +######################################################################## +AWSTemplateFormatVersion: 2010-09-09 +Description: + This template creates an IAM role to configure the delegated administrator account - - 'security_lake_org' solution in the repo, + https://github.com/aws-samples/aws-security-reference-architecture-examples (sra-1ssgnse80) + +Metadata: + SRA: + Version: 1.0 + Order: 2 + AWS::CloudFormation::Interface: + ParameterGroups: + - Label: + default: General Properties + Parameters: + - pSRASolutionName + + - Label: + default: Role Properties + Parameters: + - pSRASecurityLakeMetastoreManagerRoleName + + ParameterLabels: + pSRASecurityLakeMetastoreManagerRoleName: + default: Security Lake Metastore Manager Role Name + +Parameters: + pSRASecurityLakeMetastoreManagerRoleName: + AllowedPattern: '^[\w+=,.@-]{1,64}$' + ConstraintDescription: Max 64 alphanumeric characters. Also special characters supported [+, =, ., @, -] + Default: AmazonSecurityLakeMetaStoreManagerV2 + Description: Security Lake Metastore Manager Role + Type: String + pSRASolutionName: + AllowedValues: [sra-security-lake-org] + Default: sra-security-lake-org + Description: The SRA solution name. The default value is the folder name of the solution + Type: String + +Resources: + rSecurityLakeMetaStoreManagerRole: + Type: AWS::IAM::Role + Properties: + RoleName: !Ref pSRASecurityLakeMetastoreManagerRoleName + AssumeRolePolicyDocument: + Version: '2012-10-17' + Statement: + - Effect: Allow + Principal: + Service: lambda.amazonaws.com + Action: sts:AssumeRole + Path: '/service-role/' + ManagedPolicyArns: + - !Sub arn:${AWS::Partition}:iam::${AWS::Partition}:policy/service-role/AmazonSecurityLakeMetastoreManager + Policies: + - PolicyName: sra-security-lake-org-kms-policy + PolicyDocument: + Version: 2012-10-17 + Statement: + - Sid: AllowKmsDecrypt + Effect: Allow + Action: + - kms:Decrypt + - kms:RetireGrant + Resource: "*" + Condition: + ForAllValues:StringEquals: + kms:RequestAlias: + - alias/sra-security-lake-org-* + - alias/aws/lambda + Tags: + - Key: sra-solution + Value: !Ref pSRASolutionName diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-configuration-role.yaml b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-configuration-role.yaml new file mode 100644 index 00000000..d6107ed2 --- /dev/null +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-configuration-role.yaml @@ -0,0 +1,188 @@ +######################################################################## +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: MIT-0 +######################################################################## +AWSTemplateFormatVersion: 2010-09-09 +Description: + This template creates an IAM role to configure the delegated administrator account - - 'security_lake_org' solution in the repo, + https://github.com/aws-samples/aws-security-reference-architecture-examples (sra-1ssgnse80) + +Metadata: + SRA: + Version: 1.0 + Order: 2 + AWS::CloudFormation::Interface: + ParameterGroups: + - Label: + default: General Properties + Parameters: + - pSRASolutionName + + - Label: + default: Role Properties + Parameters: + - pSecurityLakeConfigurationRoleName + - pSecurityLakeOrgLambdaRoleName + - pManagementAccountId + - pAuditAccountQuerySubscriberExternalId + + ParameterLabels: + pManagementAccountId: + default: Organization Management Account ID + pSecurityLakeOrgLambdaRoleName: + default: Lambda Role Name + pSecurityLakeConfigurationRoleName: + default: SecurityLake Configuration Role Name + pSRASolutionName: + default: SRA Solution Name + pAuditAccountQuerySubscriberExternalId: + default: Audit Account Query Subscriber External ID + +Parameters: + pManagementAccountId: + AllowedPattern: '^\d{12}$' + ConstraintDescription: Must be 12 digits + Description: Organization Management Account ID + Type: String + pSecurityLakeOrgLambdaRoleName: + AllowedPattern: '^[\w+=,.@-]{1,64}$' + ConstraintDescription: Max 64 alphanumeric characters. Also special characters supported [+, =, ., @, -] + Default: sra-security-lake-org-lambda + Description: Lambda Role Name + Type: String + pSecurityLakeConfigurationRoleName: + AllowedPattern: '^[\w+=,.@-]{1,64}$' + ConstraintDescription: Max 64 alphanumeric characters. Also special characters supported [+, =, ., @, -] + Default: sra-security-lake-org-configuration + Description: SecurityLake Configuration IAM Role Name + Type: String + pSRASolutionName: + AllowedValues: [sra-security-lake-org] + Default: sra-security-lake-org + Description: The SRA solution name. The default value is the folder name of the solution + Type: String + pAuditAccountQuerySubscriberExternalId: + AllowedPattern: ^(?:[a-zA-Z0-9]{0,64})?$ + ConstraintDescription: All characters allowed except '&<>\%|' + Default: '' + Description: (Optional) External ID for Security Lake Audit (Security Tooling) query access subscriber. If 'Register Audit (Security Tooling) account as a Subscriber with Query Access' parameter is set to 'true', then this parameter becomes required. + Type: String + + +Resources: + rConfigurationRole: + Type: AWS::IAM::Role + Metadata: + cfn_nag: + rules_to_suppress: + - id: W11 + reason: Actions require * in resource + - id: W28 + reason: Explicit role name provided + Properties: + RoleName: !Ref pSecurityLakeConfigurationRoleName + AssumeRolePolicyDocument: + Version: 2012-10-17 + Statement: + - Effect: Allow + Action: sts:AssumeRole + Condition: + StringEquals: + aws:PrincipalArn: + - !Sub arn:${AWS::Partition}:iam::${pManagementAccountId}:role/${pSecurityLakeOrgLambdaRoleName} + - !Sub arn:${AWS::Partition}:iam::${pManagementAccountId}:role/Admin # todo: remove + Principal: + AWS: + - !Sub arn:${AWS::Partition}:iam::${pManagementAccountId}:root + Path: '/' + ManagedPolicyArns: + - !Sub arn:${AWS::Partition}:iam::${AWS::Partition}:policy/AmazonSecurityLakeAdministrator + Policies: + - PolicyName: sra-security-lake-org-policy-lakeformation + PolicyDocument: + Version: 2012-10-17 + Statement: + - Sid: AllowPutLakeFormationSettings + Effect: Allow + Action: lakeformation:PutDatalakeSettings + Resource: "*" + Condition: + ForAnyValue:StringEquals: + aws:CalledVia: securitylake.amazonaws.com + - Sid: AllowActions + Effect: Allow + Action: + - lakeformation:RevokePermissions + Resource: "*" + - PolicyName: sra-security-lake-org-policy-cloudformation + PolicyDocument: + Version: 2012-10-17 + Statement: + - Sid: AllowCloudformationAction + Effect: Allow + Action: + - cloudformation:DescribeStacks + - cloudformation:ListStacks + Resource: "*" + - PolicyName: sra-security-lake-org-policy-sqs + PolicyDocument: + Version: 2012-10-17 + Statement: + - Sid: AllowSqsActions + Effect: Allow + Action: + - sqs:SetQueueAttributes + Condition: + StringLike: + aws:ResourceAccount: "${aws:PrincipalAccount}" + Resource: !Sub arn:${AWS::Partition}:sqs:*:${AWS::AccountId}:AmazonSecurityLake* + - PolicyName: sra-security-lake-org-policy-lambda + PolicyDocument: + Version: 2012-10-17 + Statement: + - Sid: AllowLambdaunctionConfigurationActions + Effect: Allow + Action: + - lambda:GetFunctionConfiguration + - lambda:UpdateFunctionConfiguration + Resource: "arn:aws:lambda:*:*:function:AmazonSecurityLake*" + - Sid: AllowlambdaListEventSourceMappings + Effect: Allow + Action: + - lambda:ListEventSourceMappings + Resource: "*" + - PolicyName: sra-security-lake-org-policy-glue + PolicyDocument: + Version: 2012-10-17 + Statement: + - Sid: AllowGluePolicyActions + Effect: Allow + Action: + - glue:PutResourcePolicy + - glue:DeleteResourcePolicy + Resource: + - !Sub arn:${AWS::Partition}:glue:*:${AWS::AccountId}:catalog + - !Sub arn:${AWS::Partition}:glue:*:${AWS::AccountId}:table/amazon_security_lake_glue_db_*/* + - !Sub arn:${AWS::Partition}:glue:*:${AWS::AccountId}:database/amazon_security_lake_glue_db_* + - PolicyName: sra-security-lake-org-policy-ram + PolicyDocument: + Version: 2012-10-17 + Statement: + - Sid: AllowRamActions + Effect: Allow + Action: + - ram:GetResourceShares + Resource: !Sub arn:${AWS::Partition}:ram:*:${AWS::AccountId}:resource-share/* + + - Sid: AllowResourceShareActions + Effect: Allow + Action: + - ram:UpdateResourceShare + - ram:DisassociateResourceShare + Resource: !Sub arn:${AWS::Partition}:ram:*:${AWS::AccountId}:resource-share/* + Condition: + StringLike: + ram:ResourceName: !Sub "*-${pAuditAccountQuerySubscriberExternalId}" + Tags: + - Key: sra-solution + Value: !Ref pSRASolutionName diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-configuration.yaml b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-configuration.yaml new file mode 100644 index 00000000..2010045b --- /dev/null +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-configuration.yaml @@ -0,0 +1,811 @@ +######################################################################## +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: MIT-0 +######################################################################## +AWSTemplateFormatVersion: 2010-09-09 +Description: + This template creates a custom resource Lambda to delegate administration and configure Security Lake within an AWS Organization - 'securitylake_org' + solution in the repo, https://github.com/aws-samples/aws-security-reference-architecture-examples (sra-1ssgnse80) + +Metadata: + SRA: + Version: 1.0 + Order: 3 + AWS::CloudFormation::Interface: + ParameterGroups: + - Label: + default: General Properties + Parameters: + - pSRASolutionName + - pSRAStagingS3BucketName + - pSRAAlarmEmail + - pOrganizationId + + - Label: + default: Lambda Function Properties + Parameters: + - pSecurityLakeOrgLambdaRoleName + - pSecurityLakeOrgLambdaFunctionName + + - Label: + default: Custom Resource Properties + Parameters: + - pControlTowerRegionsOnly + - pSecurityLakeConfigurationRoleName + - pSecurityLakeSubscriberRoleName + - pDelegatedAdminAccountId + - pEnabledRegions + - pCreateOrganizationConfiguration + - pOrgConfigurationSources + - pSourceVersion + - pCloudTrailManagementEvents + - pCloudTrailLambdaDataEvents + - pCloudTrailS3DataEvents + - pSecurityHubFindings + - pVpcFlowLogs + - pWafLogs + - pRoute53Logs + - pEksAuditLogs + - pRegisterAuditAccountDataSubscriber + - pRegisterAuditAccountQuerySubscriber + - pAuditAccountDataSubscriberPrefix + - pAuditAccountDataSubscriberExternalId + - pAuditAccountQuerySubscriberPrefix + - pAuditAccountQuerySubscriberExternalId + - pDisableSecurityLake + - pSRASecurityLakeMetastoreManagerRoleName + - pKmsKeyStackSetId + - pCreateResourceLink + - pSecurityLakeOrgKeyAlias + + - Label: + default: General Lambda Function Properties + Parameters: + - pCreateLambdaLogGroup + - pLambdaLogGroupRetention + - pLambdaLogGroupKmsKey + - pLambdaLogLevel + + - Label: + default: EventBridge Rule Properties + Parameters: + - pComplianceFrequency + - pControlTowerLifeCycleRuleName + + ParameterLabels: + pCreateResourceLink: + default: Create Resource Link + pKmsKeyStackSetId: + default: KMS key stackset id + pSecurityLakeOrgKeyAlias: + default: Security Lake KMS Key Alias + pSRASecurityLakeMetastoreManagerRoleName: + default: Security Lake Metastore Manager Role + pCloudTrailManagementEvents: + default: CloudTrail - Management events + pSourceVersion: + default: Log Source Version + pCloudTrailLambdaDataEvents: + default: CloudTrail - Lambda Data events + pCloudTrailS3DataEvents: + default: CloudTrail - S3 Data events + pSecurityHubFindings: + default: SecurityHub Findings + pVpcFlowLogs: + default: VPC Flow Logs + pWafLogs: + default: WAFv2 Logs + pRoute53Logs: + default: Amazon Route 53 resolver query logs + pEksAuditLogs: + default: Amazon EKS Audit Logs + pControlTowerRegionsOnly: + default: Governed Regions Only + pSecurityLakeConfigurationRoleName: + default: Security Lake Configuration Role Name + pSecurityLakeSubscriberRoleName: + default: Security Lake Query Subscriber Role Name + pComplianceFrequency: + default: Frequency to Check for Organizational Compliance + pControlTowerLifeCycleRuleName: + default: Control Tower Lifecycle Rule Name + pCreateLambdaLogGroup: + default: Create Lambda Log Group + pDelegatedAdminAccountId: + default: Delegated Admin Account ID + pEnabledRegions: + default: (Optional) Enabled Regions + pLambdaLogGroupKmsKey: + default: (Optional) Lambda Logs KMS Key + pLambdaLogGroupRetention: + default: Lambda Log Group Retention + pLambdaLogLevel: + default: Lambda Log Level + pSRAAlarmEmail: + default: (Optional) SRA Alarm Email + pSRASolutionName: + default: SRA Solution Name + pSRAStagingS3BucketName: + default: SRA Staging S3 Bucket Name + pSecurityLakeOrgLambdaFunctionName: + default: Lambda Function Name + pSecurityLakeOrgLambdaRoleName: + default: Lambda Role Name + pRegisterAuditAccountDataSubscriber: + default: Register Audit Account as a Subscriber with Data Access + pAuditAccountDataSubscriberPrefix: + default: Audit (Security Tooling) account data access subscriber name + pAuditAccountDataSubscriberExternalId: + default: Audit (Security Tooling) account data access subscriber external id + pRegisterAuditAccountQuerySubscriber: + default: Register Audit (Security Tooling) account as a subscriber with query access + pAuditAccountQuerySubscriberPrefix: + default: Audit (Security Tooling) account query access subscriber name + pAuditAccountQuerySubscriberExternalId: + default: Audit (Security Tooling) account query access subscriber external id + pOrganizationId: + default: Organization ID + pDisableSecurityLake: + default: Disable Security Lake log sources and organization configuration + +Parameters: + pCreateResourceLink: + AllowedValues: ['true', 'false'] + Default: 'true' + Description: Indicates whether to create a resource link for shared resources in Audit (Security Tooling) account + Type: String + pKmsKeyStackSetId: + AllowedPattern: '^sra-security-lake-org-kms-key(?::\S+)?$' + ConstraintDescription: Max 64 alphanumeric characters. Also special characters supported [_, -] + Default: "sra-security-lake-org-kms-key" + Description: The name of the KMS Key StackSet + Type: String + pSecurityLakeOrgKeyAlias: + AllowedPattern: '^[a-zA-Z0-9/_-]+$' + ConstraintDescription: + The alias must be string of 1-256 characters. It can contain only alphanumeric characters, forward slashes (/), underscores (_), and dashes (-). + Default: sra-security-lake-org-key + Description: Security Lake KMS Key Alias + Type: String + pSRASecurityLakeMetastoreManagerRoleName: + AllowedPattern: '^[\w+=,.@-]{1,64}$' + ConstraintDescription: Max 64 alphanumeric characters. Also special characters supported [+, =, ., @, -] + Default: AmazonSecurityLakeMetaStoreManagerV2 + Description: Security Lake Metastore Manager Role + Type: String + pSourceVersion: + AllowedValues: [2.0] + ConstraintDescription: Must be a valid version number. Currently supported version is 2.0 + Description: 'Chose the version of data source from which you want to ingest log and event sources' + Default: 2.0 + Type: String + pCloudTrailManagementEvents: + AllowedPattern: '^($|ALL|(\d{12})(,\s*\d{12})*)$' + ConstraintDescription: 'Enter "ALL" or a comma-separated list of AWS account numbers without spaces, e.g., "123456789012,234567890123" to create log source. Leave empty to skip log source creation' + Description: + Accounts to ingest CloudTrail - Management events from. Choose ALL to enable for all accounts in your AWS Organization. To choose the accounts enter a comma + seperated list of the AWS Account numbers. Leave empty to skip log source creation. + Type: CommaDelimitedList + Default: 'ALL' + pCloudTrailLambdaDataEvents: + AllowedPattern: '^($|ALL|(\d{12})(,\s*\d{12})*)$' + ConstraintDescription: 'Enter "ALL" or a comma-separated list of AWS account numbers without spaces, e.g., "123456789012,234567890123" to create log source. Leave empty to skip log source creation' + Description: + Accounts to ingest CloudTrail - Lambda Data events from. Choose ALL to enable for all accounts in your AWS Organization. To choose the accounts enter a comma + seperated list of the AWS Account numbers. Leave empty to skip log source creation. + Type: CommaDelimitedList + Default: 'ALL' + pCloudTrailS3DataEvents: + AllowedPattern: '^($|ALL|(\d{12})(,\s*\d{12})*)$' + ConstraintDescription: 'Enter "ALL" or a comma-separated list of AWS account numbers without spaces, e.g., "123456789012,234567890123" to create log source. Leave empty to skip log source creation' + Description: + Accounts to ingest CloudTrail - S3 Data events from. Choose ALL to enable for all accounts in your AWS Organization. To choose the accounts enter a comma + seperated list of the AWS Account numbers. Leave empty to skip log source creation. + Type: CommaDelimitedList + Default: '' + pSecurityHubFindings: + AllowedPattern: '^($|ALL|(\d{12})(,\s*\d{12})*)$' + ConstraintDescription: 'Enter "ALL" or a comma-separated list of AWS account numbers without spaces, e.g., "123456789012,234567890123" to create log source. Leave empty to skip log source creation' + Description: + Accounts to ingest SecurityHub Findings from. Choose ALL to enable for all accounts in your AWS Organization. To choose the accounts enter a comma + seperated list of the AWS Account numbers. Leave empty to skip log source creation. + Type: CommaDelimitedList + Default: 'ALL' + pVpcFlowLogs: + AllowedPattern: '^($|ALL|(\d{12})(,\s*\d{12})*)$' + ConstraintDescription: 'Enter "ALL" or a comma-separated list of AWS account numbers without spaces, e.g., "123456789012,234567890123" to create log source. Leave empty to skip log source creation' + Description: + Accounts to ingest VPC Flow Logs from. Choose ALL to enable for all accounts in your AWS Organization. To choose the accounts enter a comma + seperated list of the AWS Account numbers. Leave empty to skip log source creation. + Type: CommaDelimitedList + Default: 'ALL' + pWafLogs: + AllowedPattern: '^($|ALL|(\d{12})(,\s*\d{12})*)$' + ConstraintDescription: 'Enter "ALL" or a comma-separated list of AWS account numbers without spaces, e.g., "123456789012,234567890123" to create log source. Leave empty to skip log source creation' + Description: + Accounts to ingest WAFv2 Logs from. Choose ALL to enable for all accounts in your AWS Organization. To choose the accounts enter a comma + seperated list of the AWS Account numbers. Leave empty to skip log source creation. + Type: CommaDelimitedList + Default: '' + pRoute53Logs: + AllowedPattern: '^($|ALL|(\d{12})(,\s*\d{12})*)$' + ConstraintDescription: 'Enter "ALL" or a comma-separated list of AWS account numbers without spaces, e.g., "123456789012,234567890123" to create log source. Leave empty to skip log source creation' + Description: + Accounts to ingest Amazon Route 53 resolver query logs from. Choose ALL to enable for all accounts in your AWS Organization. To choose the accounts enter a comma + seperated list of the AWS Account numbers. Leave empty to skip log source creation. + Type: CommaDelimitedList + Default: 'ALL' + pEksAuditLogs: + AllowedPattern: '^($|ALL|(\d{12})(,\s*\d{12})*)$' + ConstraintDescription: 'Enter "ALL" or a comma-separated list of AWS account numbers without spaces, e.g., "123456789012,234567890123" to create log source. Leave empty to skip log source creation' + Description: + Accounts to ingest Amazon EKS Audit Logs from. Choose ALL to enable for all accounts in your AWS Organization. To choose the accounts enter a comma + seperated list of the AWS Account numbers. Leave empty to skip log source creation. + Type: CommaDelimitedList + Default: 'ALL' + pControlTowerRegionsOnly: + AllowedValues: ['true', 'false'] + Default: 'false' + Description: Only enable in the customer governed regions specified in Control Tower or Common Prerequisites solution + Type: String + pComplianceFrequency: + ConstraintDescription: Compliance Frequency must be a number between 1 and 30, inclusive. + Default: 7 + Description: Frequency (in days between 1 and 30, default is 7) to check organizational compliance + MinValue: 1 + MaxValue: 30 + Type: Number + pControlTowerLifeCycleRuleName: + AllowedPattern: '^[\w.-]{1,64}$' + ConstraintDescription: Max 64 alphanumeric and underscore characters. Also special characters supported [., -] + Default: sra-security-lake-org-trigger + Description: The name of the AWS Control Tower Life Cycle Rule. + Type: String + pCreateLambdaLogGroup: + AllowedValues: ['true', 'false'] + Default: 'false' + Description: + Indicates whether a CloudWatch Log Group should be explicitly created for the Lambda function, to allow for setting a Log Retention and/or KMS + Key for encryption. + Type: String + pDelegatedAdminAccountId: + AllowedPattern: '^\d{12}$' + ConstraintDescription: Must be 12 digits + Description: Delegated administrator account ID - Log Archive account + Type: String + pEnabledRegions: + AllowedPattern: '^$|^([a-z0-9-]{1,64})$|^(([a-z0-9-]{1,64},)*[a-z0-9-]{1,64})$' + ConstraintDescription: + Only lowercase letters, numbers, and hyphens ('-') allowed. (e.g. us-east-1) Additional AWS regions can be provided, separated by commas. (e.g. + us-east-1,ap-southeast-2) + Description: (Optional) Enabled regions (AWS regions, separated by commas). Leave blank to enable all regions. + Type: String + pSecurityLakeOrgLambdaFunctionName: + AllowedPattern: '^[\w-]{0,64}$' + ConstraintDescription: Max 64 alphanumeric characters. Also special characters supported [_, -] + Default: sra-security-lake-org + Description: Lambda function name + Type: String + pSecurityLakeOrgLambdaRoleName: + AllowedPattern: '^[\w+=,.@-]{1,64}$' + ConstraintDescription: Max 64 alphanumeric characters. Also special characters supported [+, =, ., @, -] + Default: sra-security-lake-org-lambda + Description: SecurityLake configuration Lambda role name + Type: String + pSecurityLakeConfigurationRoleName: + AllowedPattern: '^[\w+=,.@-]{1,64}$' + ConstraintDescription: Max 64 alphanumeric characters. Also special characters supported [+, =, ., @, -] + Default: sra-security-lake-org-configuration + Description: SecurityLake Configuration role to assume in the delegated administrator account + Type: String + pSecurityLakeSubscriberRoleName: + AllowedPattern: '^[\w+=,.@-]{1,64}$' + ConstraintDescription: Max 64 alphanumeric characters. Also special characters supported [+, =, ., @, -] + Default: sra-security-lake-query-subscriber + Description: SecurityLake Configuration role to assume in the delegated administrator account + Type: String + pLambdaLogGroupKmsKey: + AllowedPattern: '^$|^arn:(aws[a-zA-Z-]*){1}:kms:[a-z0-9-]+:\d{12}:key\/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$' + ConstraintDescription: 'Key ARN example: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab' + Description: + (Optional) KMS Key ARN to use for encrypting the Lambda logs data. If empty, encryption is enabled with CloudWatch Logs managing the server-side + encryption keys. + Type: String + pLambdaLogGroupRetention: + AllowedValues: [1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 3653] + Default: 14 + Description: Specifies the number of days you want to retain log events + Type: String + pLambdaLogLevel: + AllowedValues: [INFO, ERROR, DEBUG] + Default: INFO + Description: Lambda Function Logging Level + Type: String + pSRAAlarmEmail: + AllowedPattern: '^$|^([a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+)$' + ConstraintDescription: Must be a valid email address. + Description: (Optional) Email address for receiving DLQ alarms + Type: String + pSRASolutionName: + AllowedValues: [sra-security-lake-org] + Default: sra-security-lake-org + Description: The SRA solution name. The default value is the folder name of the solution + Type: String + pSRAStagingS3BucketName: + AllowedPattern: '^(?=^.{3,63}$)(?!.*[.-]{2})(?!.*[--]{2})(?!^(?:(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])(\.(?!$)|$)){4}$)(^(([a-z0-9]|[a-z0-9][a-z0-9\-]*[a-z0-9])\.)*([a-z0-9]|[a-z0-9][a-z0-9\-]*[a-z0-9])$)' + ConstraintDescription: + SRA Staging S3 bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). + Description: + SRA Staging S3 bucket name for the artifacts relevant to solution. (e.g., lambda zips, CloudFormation templates) S3 bucket name can include + numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). + Type: String + pRegisterAuditAccountDataSubscriber: + AllowedValues: ['true', 'false'] + Default: 'true' + Description: Identifies whether to registerAudit (Security Tooling) account as a Subscriber with Data Access + Type: String + pAuditAccountDataSubscriberPrefix: + AllowedValues: [sra-audit-account-data-subscriber] + Default: sra-audit-account-data-subscriber + Description: The name of the Audit (Security Tooling) account data access subscriber + Type: String + pAuditAccountDataSubscriberExternalId: + AllowedPattern: ^(?:[a-zA-Z0-9]{0,64})?$ + ConstraintDescription: All characters allowed except '&<>\%|' + Default: '' + Description: + (Optional) External ID for Security Lake Audit (Security Tooling) data access subscriber. If 'Register Audit (Security Tooling) account as a Subscriber with Data Access' parameter is set to 'true', then this parameter becomes + required. + Type: String + pRegisterAuditAccountQuerySubscriber: + AllowedValues: ['true', 'false'] + Default: 'true' + Description: Identifies whether to register Audit (Security Tooling) account as a Subscriber with Query Access + Type: String + pAuditAccountQuerySubscriberPrefix: + AllowedValues: [sra-audit-account-query-subscriber] + Default: sra-audit-account-query-subscriber + Description: The name of the Audit (Security Tooling) account query access subscriber + Type: String + pAuditAccountQuerySubscriberExternalId: + AllowedPattern: ^(?:[a-zA-Z0-9]{0,64})?$ + ConstraintDescription: All characters allowed except '&<>\%|' + Default: '' + Description: + (Optional) External ID for Security Lake Audit (Security Tooling) query access subscriber. If 'Register Audit (Security Tooling) account as a Subscriber with Query Access' parameter is set to 'true', then this parameter becomes + required. + Type: String + + pOrgConfigurationSources: + AllowedValues: ['', ROUTE53, VPC_FLOW, SH_FINDINGS, CLOUD_TRAIL_MGMT, LAMBDA_EXECUTION, S3_DATA, EKS_AUDIT, WAF] + Default: ROUTE53, VPC_FLOW, SH_FINDINGS, CLOUD_TRAIL_MGMT, LAMBDA_EXECUTION, S3_DATA, EKS_AUDIT, WAF + Description: (Optional) AWS log sources to enable for new member accounts in your organization. If 'Create Organization Configuration' parameter is set to 'true', then this parameter becomes required. + Type: CommaDelimitedList + pCreateOrganizationConfiguration: + AllowedValues: ['true', 'false'] + Default: 'true' + Description: Select whether to automatically enable Amazon Security Lake for new member accounts in your organization + Type: String + pOrganizationId: + AllowedPattern: '^o-[a-z0-9]{10,32}$' + ConstraintDescription: Must start with 'o-' followed by from 10 to 32 lowercase letters or digits. (e.g. o-abc1234567) + Description: AWS Organizations ID + Type: String + pDisableSecurityLake: + AllowedValues: ['true', 'false'] + Default: 'false' + Description: Update to 'true' to disable Security Lake log sources and organization configuration before deleting the stack. + Type: String + + +Conditions: + cComplianceFrequencySingleDay: !Equals [!Ref pComplianceFrequency, 1] + cCreateDLQAlarm: !Not [!Equals [!Ref pSRAAlarmEmail, '']] + cCreateLambdaLogGroup: !Equals [!Ref pCreateLambdaLogGroup, 'true'] + cUseGraviton: !Or + - !Equals [!Ref 'AWS::Region', ap-northeast-1] + - !Equals [!Ref 'AWS::Region', ap-south-1] + - !Equals [!Ref 'AWS::Region', ap-southeast-1] + - !Equals [!Ref 'AWS::Region', ap-southeast-2] + - !Equals [!Ref 'AWS::Region', eu-central-1] + - !Equals [!Ref 'AWS::Region', eu-west-1] + - !Equals [!Ref 'AWS::Region', eu-west-2] + - !Equals [!Ref 'AWS::Region', us-east-1] + - !Equals [!Ref 'AWS::Region', us-east-2] + - !Equals [!Ref 'AWS::Region', us-west-2] + cUseKmsKey: !Not [!Equals [!Ref pLambdaLogGroupKmsKey, '']] + +Resources: + rSecurityLakeOrgLambdaLogGroup: + Type: AWS::Logs::LogGroup + Condition: cCreateLambdaLogGroup + DeletionPolicy: Retain + UpdateReplacePolicy: Retain + Properties: + LogGroupName: !Sub /aws/lambda/${pSecurityLakeOrgLambdaFunctionName} + KmsKeyId: !If + - cUseKmsKey + - !Ref pLambdaLogGroupKmsKey + - !Ref AWS::NoValue + RetentionInDays: !Ref pLambdaLogGroupRetention + + rSecurityLakeOrgLambdaRole: + Type: AWS::IAM::Role + Metadata: + cfn_nag: + rules_to_suppress: + - id: W11 + reason: Actions require wildcard in resource + - id: W28 + reason: The role name is defined + checkov: + skip: + - id: CKV_AWS_111 + comment: IAM write actions require wildcard in resource + Properties: + RoleName: !Ref pSecurityLakeOrgLambdaRoleName + AssumeRolePolicyDocument: + Version: 2012-10-17 + Statement: + - Action: sts:AssumeRole + Effect: Allow + Principal: + Service: + - lambda.amazonaws.com + Path: '/' + Policies: + - PolicyName: sra-security-lake-org-policy-cloudformation + PolicyDocument: + Version: 2012-10-17 + Statement: + - Sid: CloudFormation + Effect: Allow + Action: cloudformation:ListStackInstances + Resource: + - !Sub arn:${AWS::Partition}:cloudformation:${AWS::Region}:${AWS::AccountId}:stackset/AWSControlTowerBP-* + - !Sub arn:${AWS::Partition}:cloudformation:${AWS::Region}:${AWS::AccountId}:stackset/${pKmsKeyStackSetId} + - PolicyName: sra-security-lake-org-policy-securitylake + PolicyDocument: + Version: 2012-10-17 + Statement: + - Sid: SecurityLakeDesignateAdministratorAccess + Effect: Allow + Action: + - securitylake:RegisterDataLakeDelegatedAdministrator + - iam:CreateServiceLinkedRole + - organizations:DescribeOrganization + - organizations:EnableAWSServiceAccess + - organizations:ListDelegatedAdministrators + - organizations:ListDelegatedServicesForAccount + - organizations:RegisterDelegatedAdministrator + Resource: "*" + - Sid: SecurityLakeRemoveAdministratorAccess + Effect: Allow + Action: + - organizations:DeregisterDelegatedAdministrator + Resource: "*" + - PolicyName: sra-account-alternate-contacts-policy-organizations + PolicyDocument: + Version: 2012-10-17 + Statement: + - Sid: OrganizationsReadAccess + Effect: Allow + Action: + - organizations:ListAccounts + Resource: '*' + + - PolicyName: "ssm-access" + PolicyDocument: + Version: "2012-10-17" + Statement: + - Effect: "Allow" + Action: + - ssm:GetParameter + - ssm:GetParameters + Resource: + - !Sub "arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/sra*" + + - PolicyName: sra-security-lake-org-policy-logs + PolicyDocument: + Version: 2012-10-17 + Statement: + - Sid: CreateLogGroupAndEvents + Effect: Allow + Action: + - logs:CreateLogGroup + - logs:CreateLogStream + - logs:PutLogEvents + Resource: !Sub arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/${pSecurityLakeOrgLambdaFunctionName}:log-stream:* + + - PolicyName: sra-security-lake-org-policy-sqs + PolicyDocument: + Version: 2012-10-17 + Statement: + - Sid: SQSSendMessage + Effect: Allow + Action: sqs:SendMessage + Resource: !GetAtt rSecurityLakeOrgDLQ.Arn + + - PolicyName: sra-security-lake-org-policy-acct + PolicyDocument: + Version: 2012-10-17 + Statement: + - Sid: AcctListRegions + Effect: Allow + Action: + - account:ListRegions + Resource: '*' + + - PolicyName: sra-security-lake-org-policy-iam + PolicyDocument: + Version: 2012-10-17 + Statement: + - Sid: AssumeRole + Effect: Allow + Action: sts:AssumeRole + Condition: + StringEquals: + aws:PrincipalOrgId: !Ref pOrganizationId + Resource: + - !Sub arn:${AWS::Partition}:iam::*:role/${pSecurityLakeConfigurationRoleName} + - !Sub arn:${AWS::Partition}:iam::*:role/${pSecurityLakeSubscriberRoleName} + - Sid: AllowReadIamActions + Effect: Allow + Action: iam:GetRole + Resource: !Sub arn:${AWS::Partition}:iam::${AWS::AccountId}:role/* + Tags: + - Key: sra-solution + Value: !Ref pSRASolutionName + + rSecurityLakeOrgLambdaFunction: + Type: AWS::Lambda::Function + Metadata: + cfn_nag: + rules_to_suppress: + - id: W58 + reason: CloudWatch access provided by the attached IAM role + - id: W89 + reason: Lambda is not deployed within a VPC + - id: W92 + reason: Lambda does not need reserved concurrent executions. + checkov: + skip: + - id: CKV_AWS_115 + comment: Lambda does not need reserved concurrent executions. + - id: CKV_AWS_117 + comment: Lambda does not need to communicate with VPC resources. + - id: CKV_AWS_173 + comment: Environment variables are not sensitive. + Properties: + FunctionName: !Ref pSecurityLakeOrgLambdaFunctionName + Description: configure Security Lake for the Organization + Architectures: !If + - cUseGraviton + - [arm64] + - !Ref AWS::NoValue + Handler: app.lambda_handler + Role: !GetAtt rSecurityLakeOrgLambdaRole.Arn + MemorySize: 512 + Runtime: python3.9 + Timeout: 900 + Code: + S3Bucket: !Ref pSRAStagingS3BucketName + S3Key: !Sub ${pSRASolutionName}/lambda_code/${pSRASolutionName}.zip + Layers: + - !Ref rSecurityLakeOrgLambdaLayer + DeadLetterConfig: + TargetArn: !GetAtt rSecurityLakeOrgDLQ.Arn + Environment: + Variables: + LOG_LEVEL: !Ref pLambdaLogLevel + AWS_PARTITION: !Ref AWS::Partition + CONFIGURATION_ROLE_NAME: !Ref pSecurityLakeConfigurationRoleName + SUBSCRIBER_ROLE_NAME: !Ref pSecurityLakeSubscriberRoleName + CONTROL_TOWER_REGIONS_ONLY: !Ref pControlTowerRegionsOnly + DELEGATED_ADMIN_ACCOUNT_ID: !Ref pDelegatedAdminAccountId + ENABLED_REGIONS: !Ref pEnabledRegions + MANAGEMENT_ACCOUNT_ID: !Ref AWS::AccountId + SOURCE_VERSION: !Ref pSourceVersion + CLOUD_TRAIL_MGMT: !Join + - ',' + - !Ref pCloudTrailManagementEvents + LAMBDA_EXECUTION: !Join + - ',' + - !Ref pCloudTrailLambdaDataEvents + S3_DATA: !Join + - ',' + - !Ref pCloudTrailS3DataEvents + ROUTE53: !Join + - ',' + - !Ref pRoute53Logs + VPC_FLOW: !Join + - ',' + - !Ref pVpcFlowLogs + SH_FINDINGS: !Join + - ',' + - !Ref pSecurityHubFindings + EKS_AUDIT: !Join + - ',' + - !Ref pEksAuditLogs + WAF: !Join + - ',' + - !Ref pWafLogs + SET_AUDIT_ACCT_QUERY_SUBSCRIBER: !Ref pRegisterAuditAccountQuerySubscriber + SET_AUDIT_ACCT_DATA_SUBSCRIBER: !Ref pRegisterAuditAccountDataSubscriber + AUDIT_ACCT_DATA_SUBSCRIBER: !Ref pAuditAccountDataSubscriberPrefix + DATA_SUBSCRIBER_EXTERNAL_ID: !Ref pAuditAccountDataSubscriberExternalId + AUDIT_ACCT_QUERY_SUBSCRIBER: !Ref pAuditAccountQuerySubscriberPrefix + QUERY_SUBSCRIBER_EXTERNAL_ID: !Ref pAuditAccountQuerySubscriberExternalId + SET_ORG_CONFIGURATION: !Ref pCreateOrganizationConfiguration + ORG_CONFIGURATION_SOURCES: !Join + - ',' + - !Ref pOrgConfigurationSources + DISABLE_SECURITY_LAKE: !Ref pDisableSecurityLake + META_STORE_MANAGER_ROLE_NAME: !Ref pSRASecurityLakeMetastoreManagerRoleName + KMS_STACKSET_ID: !Ref pKmsKeyStackSetId + CREATE_RESOURCE_LINK: !Ref pCreateResourceLink + KEY_ALIAS: !Ref pSecurityLakeOrgKeyAlias + Tags: + - Key: sra-solution + Value: !Ref pSRASolutionName + + rSecurityLakeOrgLambdaLayer: + Type: AWS::Lambda::LayerVersion + Properties: + Content: + S3Bucket: !Ref pSRAStagingS3BucketName + S3Key: !Sub ${pSRASolutionName}/layer_code/${pSRASolutionName}-layer.zip + Description: Boto3 version 1.34.153 layer to enable newer API of Security Lake # todo + LayerName: !Sub ${pSecurityLakeOrgLambdaFunctionName}-updated-boto3-layer + + rSecurityLakeOrgLambdaCustomResource: + Type: Custom::LambdaCustomResource + Version: '1.0' + Properties: + ServiceToken: !GetAtt rSecurityLakeOrgLambdaFunction.Arn + LOG_LEVEL: !Ref pLambdaLogLevel + CONFIGURATION_ROLE_NAME: !Ref pSecurityLakeConfigurationRoleName + SUBSCRIBER_ROLE_NAME: !Ref pSecurityLakeSubscriberRoleName + CONTROL_TOWER_REGIONS_ONLY: !Ref pControlTowerRegionsOnly + DELEGATED_ADMIN_ACCOUNT_ID: !Ref pDelegatedAdminAccountId + ENABLED_REGIONS: !Ref pEnabledRegions + MANAGEMENT_ACCOUNT_ID: !Ref AWS::AccountId + AWS_PARTITION: !Ref AWS::Partition + SOURCE_VERSION: !Ref pSourceVersion + CLOUD_TRAIL_MGMT: !Join + - ',' + - !Ref pCloudTrailManagementEvents + LAMBDA_EXECUTION: !Join + - ',' + - !Ref pCloudTrailLambdaDataEvents + S3_DATA: !Join + - ',' + - !Ref pCloudTrailS3DataEvents + ROUTE53: !Join + - ',' + - !Ref pRoute53Logs + VPC_FLOW: !Join + - ',' + - !Ref pVpcFlowLogs + SH_FINDINGS: !Join + - ',' + - !Ref pSecurityHubFindings + EKS_AUDIT: !Join + - ',' + - !Ref pEksAuditLogs + WAF: !Join + - ',' + - !Ref pWafLogs + SET_AUDIT_ACCT_DATA_SUBSCRIBER: !Ref pRegisterAuditAccountDataSubscriber + SET_AUDIT_ACCT_QUERY_SUBSCRIBER: !Ref pRegisterAuditAccountQuerySubscriber + AUDIT_ACCT_DATA_SUBSCRIBER: !Ref pAuditAccountDataSubscriberPrefix + DATA_SUBSCRIBER_EXTERNAL_ID: !Ref pAuditAccountDataSubscriberExternalId + AUDIT_ACCT_QUERY_SUBSCRIBER: !Ref pAuditAccountQuerySubscriberPrefix + QUERY_SUBSCRIBER_EXTERNAL_ID: !Ref pAuditAccountQuerySubscriberExternalId + SET_ORG_CONFIGURATION: !Ref pCreateOrganizationConfiguration + ORG_CONFIGURATION_SOURCES: !Join + - ',' + - !Ref pOrgConfigurationSources + DISABLE_SECURITY_LAKE: !Ref pDisableSecurityLake + META_STORE_MANAGER_ROLE_NAME: !Ref pSRASecurityLakeMetastoreManagerRoleName + KMS_STACKSET_ID: !Ref pKmsKeyStackSetId + CREATE_RESOURCE_LINK: !Ref pCreateResourceLink + KEY_ALIAS: !Ref pSecurityLakeOrgKeyAlias + + rSecurityLakeOrgDLQ: + Type: AWS::SQS::Queue + Properties: + KmsMasterKeyId: alias/aws/sqs + QueueName: !Sub ${pSRASolutionName}-dlq + Tags: + - Key: sra-solution + Value: !Ref pSRASolutionName + MessageRetentionPeriod: 345600 + DeletionPolicy: Delete + UpdateReplacePolicy: Delete + + rSecurityLakeOrgDLQPolicy: + Type: AWS::SQS::QueuePolicy + Properties: + Queues: + - !Ref rSecurityLakeOrgDLQ + PolicyDocument: + Statement: + - Action: SQS:SendMessage + Condition: + ArnEquals: + aws:SourceArn: + - !GetAtt rSecurityLakeOrgLambdaFunction.Arn + Effect: Allow + Principal: + Service: events.amazonaws.com + Resource: + - !GetAtt rSecurityLakeOrgDLQ.Arn + + rSecurityLakeOrgDLQAlarmTopic: + Condition: cCreateDLQAlarm + Type: AWS::SNS::Topic + Properties: + DisplayName: !Sub ${pSRASolutionName}-dlq-alarm + KmsMasterKeyId: !Sub arn:${AWS::Partition}:kms:${AWS::Region}:${AWS::AccountId}:alias/aws/sns + TopicName: !Sub ${pSRASolutionName}-dlq-alarm + Subscription: + - Endpoint: !Ref pSRAAlarmEmail + Protocol: email + Tags: + - Key: sra-solution + Value: !Ref pSRASolutionName + + rSecurityLakeOrgDLQAlarm: + Condition: cCreateDLQAlarm + Type: AWS::CloudWatch::Alarm + Properties: + AlarmDescription: SRA DLQ alarm if the queue depth is 1 + Namespace: AWS/SQS + MetricName: ApproximateNumberOfMessagesVisible + Dimensions: + - Name: QueueName + Value: !GetAtt rSecurityLakeOrgDLQ.QueueName + Statistic: Sum + Period: 300 + EvaluationPeriods: 1 + Threshold: 1 + ComparisonOperator: GreaterThanThreshold + AlarmActions: + - !Ref rSecurityLakeOrgDLQAlarmTopic + InsufficientDataActions: + - !Ref rSecurityLakeOrgDLQAlarmTopic + + rPermissionForScheduledComplianceRuleToInvokeLambda: + Type: AWS::Lambda::Permission + Properties: + FunctionName: !GetAtt rSecurityLakeOrgLambdaFunction.Arn + Action: lambda:InvokeFunction + Principal: events.amazonaws.com + SourceArn: !GetAtt rScheduledComplianceRule.Arn + + rScheduledComplianceRule: + Type: AWS::Events::Rule + Properties: + Name: !Sub ${pControlTowerLifeCycleRuleName}-organization-compliance + Description: SRA SecurityLake Trigger for scheduled organization compliance + ScheduleExpression: !If + - cComplianceFrequencySingleDay + - !Sub rate(${pComplianceFrequency} day) + - !Sub rate(${pComplianceFrequency} days) + State: ENABLED + Targets: + - Arn: !GetAtt rSecurityLakeOrgLambdaFunction.Arn + Id: !Ref pSecurityLakeOrgLambdaFunctionName + +Outputs: + oSecurityLakeOrgLambdaFunctionArn: + Description: SRA SecurityLake Lambda Function ARN + Value: !GetAtt rSecurityLakeOrgLambdaFunction.Arn + oSecurityLakeOrgLambdaLogGroupArn: + Condition: cCreateLambdaLogGroup + Description: SRA SecurityLake Lambda Log Group ARN + Value: !GetAtt rSecurityLakeOrgLambdaLogGroup.Arn + oSecurityLakeOrgLambdaRoleArn: + Description: SRA SecurityLake Lambda Role ARN + Value: !GetAtt rSecurityLakeOrgLambdaRole.Arn diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-kms-key.yaml b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-kms-key.yaml new file mode 100644 index 00000000..b7d6ef07 --- /dev/null +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-kms-key.yaml @@ -0,0 +1,138 @@ +######################################################################## +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: MIT-0 +######################################################################## +AWSTemplateFormatVersion: 2010-09-09 +Description: This template creates KMS key for Security Lake configurations - 'SecurityLake_org' solution in the repo, https://github.com/aws-samples/aws-security-reference-architecture-examples (sra-1ssgnse4k) +Metadata: + SRA: + Version: 1 + Order: 4 + AWS::CloudFormation::Interface: + ParameterGroups: + - Label: + default: General Properties + Parameters: + - pSRASolutionName + - Label: + default: KMS Key Properties + Parameters: + - pSecurityLakeOrgKeyAlias + - pAuditAccountId + - pManagementAccountId + - pRegisterAuditAccountQuerySubscriber + ParameterLabels: + pAuditAccountId: + default: Audit Account ID + pSecurityLakeOrgKeyAlias: + default: Security Lake KMS Key Alias + pManagementAccountId: + default: Organization Management Account ID + pSRASolutionName: + default: SRA Solution Name + pRegisterAuditAccountQuerySubscriber: + default: Register Audit Account as Query Subscriber +Parameters: + pAuditAccountId: + AllowedPattern: '^([\w.-]{1,900})$|^(\/[\w.-]{1,900})*[\w.-]{1,900}$' + ConstraintDescription: + Must be alphanumeric or special characters [., _, -]. In addition, the slash character ( / ) used to delineate hierarchies in parameter names. + Description: AWS Account ID of the Audit (Security Tooling) account. + Type: String + pManagementAccountId: + AllowedPattern: ^\d{12}$ + ConstraintDescription: Must be 12 digits + Description: Management Account ID + Type: String + pSecurityLakeOrgKeyAlias: + Default: sra-security-lake-org-key + Description: Security Lake KMS Key Alias + Type: String + pSRASolutionName: + AllowedValues: [sra-security-lake-org] + Default: sra-security-lake-org + Description: The SRA solution name. The default value is the folder name of the solution + Type: String + pRegisterAuditAccountQuerySubscriber: + AllowedValues: ['true', 'false'] + Default: 'true' + Description: Register Audit Account as Query Subscriber + Type: String +Conditions: + cCreateQuerySubscriber: !Equals + - !Ref pRegisterAuditAccountQuerySubscriber + - 'true' +Resources: + rSecurityLakeKey: + Type: AWS::KMS::Key + DeletionPolicy: Delete + UpdateReplacePolicy: Retain + Properties: + Description: SRA Security Lake Key + EnableKeyRotation: true + KeyPolicy: + Version: 2012-10-17 + Id: !Ref pSecurityLakeOrgKeyAlias + Statement: + - Sid: Enable IAM User Permissions + Effect: Allow + Action: kms:* + Resource: '*' + Principal: + AWS: + - !Sub arn:${AWS::Partition}:iam::${AWS::AccountId}:root + - !Sub arn:${AWS::Partition}:iam::${pAuditAccountId}:root + - !Sub arn:${AWS::Partition}:iam::${pManagementAccountId}:root + - Sid: Enable Security Lake Role Permissions + Effect: Allow + Action: + - kms:GenerateDataKey + - kms:Decrypt + Resource: '*' + Principal: + AWS: !Sub arn:${AWS::Partition}:iam::${AWS::AccountId}:role/sra-security-lake-org-configuration + - Sid: Allow alias creation during setup + Effect: Allow + Action: kms:CreateAlias + Condition: + StringEquals: + kms:CallerAccount: !Sub ${AWS::AccountId} + kms:ViaService: !Sub cloudformation.${AWS::Region}.amazonaws.com + Resource: '*' + Principal: + AWS: !Sub arn:${AWS::Partition}:iam::${AWS::AccountId}:root + - Sid: Allow s3 service to encrypt its events + Effect: Allow + Principal: + Service: s3.amazonaws.com + Action: + - kms:GenerateDataKey* + - kms:Decrypt + Resource: '*' + - !If + - cCreateQuerySubscriber + - Sid: Allow use of the key + Effect: Allow + Principal: + AWS: !Sub arn:${AWS::Partition}:iam::${AWS::AccountId}:role/aws-service-role/lakeformation.amazonaws.com/AWSServiceRoleForLakeFormationDataAccess + Action: + - kms:CreateGrant + - kms:DescribeKey + - kms:GenerateDataKey + - kms:Decrypt + Resource: '*' + - !Ref AWS::NoValue + Tags: + - Key: sra-solution + Value: !Ref pSRASolutionName + rSecurityLakeKeyAlias: + Type: AWS::KMS::Alias + Properties: + AliasName: !Sub alias/${pSecurityLakeOrgKeyAlias}-${AWS::Region} + TargetKeyId: !Ref rSecurityLakeKey +Outputs: + oSecurityLakeKeyArn: + Description: Security Lake KMS Key ARN + Value: !GetAtt rSecurityLakeKey.Arn + Export: + Name: eSecurityLakeKeyArn \ No newline at end of file diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-main-ssm.yaml b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-main-ssm.yaml new file mode 100644 index 00000000..17eea1dd --- /dev/null +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-main-ssm.yaml @@ -0,0 +1,711 @@ +######################################################################## +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: MIT-0 +######################################################################## +AWSTemplateFormatVersion: 2010-09-09 +Description: This template creates a custom resource Lambda to delegate administration and configure SecurityLake within an AWS Organization - 'security_lake_org' solution in the repo, https://github.com/aws-samples/aws-security-reference-architecture-examples (sra-1ssgnse80) +Metadata: + SRA: + Version: 1 + Entry: Parameters for deploying the solution resolving SSM parameters + Order: 1 + AWS::CloudFormation::Interface: + ParameterGroups: + - Label: + default: General Properties + Parameters: + - pSRASolutionName + - pSRASolutionVersion + - pSRAStagingS3BucketName + - pSRAAlarmEmail + - pAuditAccountId + - pLogArchiveAccountId + - pStackSetAdminRole + - pStackExecutionRole + - pOrganizationId + - pCustomerControlTowerRegions + - pSecurityLakeConfigurationRoleName + - Label: + default: Security Lake Configuration - Properties + Parameters: + - pDisableSecurityLake + - pControlTowerRegionsOnly + - pEnabledRegions + - pSecurityLakeOrgKeyAlias + - pSecurityLakeWarning + - pSRASecurityLakeMetastoreManagerRoleName + - Label: + default: Security Lake Configuration - Sources to Ingest + Parameters: + - pSourceVersion + - pCloudTrailManagementEvents + - pCloudTrailLambdaDataEvents + - pCloudTrailS3DataEvents + - pSecurityHubFindings + - pVpcFlowLogs + - pWafLogs + - pRoute53Logs + - pEksAuditLogs + - Label: + default: Security Lake Configuration - Organization Configurations + Parameters: + - pCreateOrganizationConfiguration + - pOrgConfigurationSources + - Label: + default: Security Lake Configuration - Audit (Security Tooling) account Data Access Subscriber + Parameters: + - pRegisterAuditAccountDataSubscriber + - pAuditAccountDataSubscriberPrefix + - pAuditAccountDataSubscriberExternalId + - Label: + default: Security Lake Configuration - Audit (Security Tooling) account Query Access Subscriber + Parameters: + - pRegisterAuditAccountQuerySubscriber + - pCreateLakeFormationSlr + - pCreateResourceLink + - pAuditAccountQuerySubscriberPrefix + - pAuditAccountQuerySubscriberExternalId + - Label: + default: General Lambda Function Properties + Parameters: + - pCreateLambdaLogGroup + - pLambdaLogGroupRetention + - pLambdaLogGroupKmsKey + - pLambdaLogLevel + - Label: + default: EventBridge Rule Properties + Parameters: + - pControlTowerLifeCycleRuleName + - pComplianceFrequency + + ParameterLabels: + pCreateResourceLink: + default: Create resource link for shared resources + pCreateLakeFormationSlr: + default: Create AWS Lake Formation service-linked role + pSRASecurityLakeMetastoreManagerRoleName: + default: Security Lake Metastore Manager Role Name + pCloudTrailManagementEvents: + default: CloudTrail - Management Events (recommended)) + pLogArchiveAccountId: + default: Log Archive Account ID + pCloudTrailLambdaDataEvents: + default: CloudTrail - Lambda Data Events (recommended) + pCloudTrailS3DataEvents: + default: CloudTrail - S3 Data Events (high volume data) + pCustomerControlTowerRegions: + default: Customer Regions + pSecurityHubFindings: + default: SecurityHub Findings (recommended) + pVpcFlowLogs: + default: VPC Flow Logs (recommended) + pWafLogs: + default: WAFv2 Logs (high volume data) + pRoute53Logs: + default: Amazon Route 53 Resolver Query Logs (recommended) + pEksAuditLogs: + default: Amazon EKS Audit Logs (recommended) + pOrgConfigurationSources: + default: Sources for Organizaiton Configuration + pCreateOrganizationConfiguration: + default: Create Organization Configuration + pSourceVersion: + default: Log Source Version + pSecurityLakeConfigurationRoleName: + default: Security Lake Configuration Role Name + pSecurityLakeOrgKeyAlias: + default: Security Lake KMS Key Alias + pAuditAccountId: + default: Audit (Security Tooling) account ID + pComplianceFrequency: + default: Frequency to Check for Organizational Compliance + pControlTowerLifeCycleRuleName: + default: Control Tower Lifecycle Rule Name + pControlTowerRegionsOnly: + default: Governed Regions Only + pCreateLambdaLogGroup: + default: Create Lambda Log Group + pEnabledRegions: + default: (Optional) Enabled Regions + pLambdaLogGroupKmsKey: + default: (Optional) Lambda Logs KMS Key + pLambdaLogGroupRetention: + default: Lambda Log Group Retention + pLambdaLogLevel: + default: Lambda Log Level + pSRAAlarmEmail: + default: (Optional) SRA Alarm Email + pSRASolutionName: + default: SRA Solution Name + pSRASolutionVersion: + default: SRA Solution Version + pSRAStagingS3BucketName: + default: SRA Staging S3 Bucket Name + pRegisterAuditAccountDataSubscriber: + default: Register Audit (Security Tooling) account as a Subscriber with Data Access + pAuditAccountDataSubscriberPrefix: + default: Audit (Security Tooling) account data access subscriber name + pAuditAccountDataSubscriberExternalId: + default: Audit (Security Tooling) account data access subscriber external id + pRegisterAuditAccountQuerySubscriber: + default: Register Audit (Security Tooling) account as a subscriber with query access + pAuditAccountQuerySubscriberPrefix: + default: Audit (Security Tooling) account query access subscriber name + pAuditAccountQuerySubscriberExternalId: + default: Audit (Security Tooling) account query access subscriber external id + pStackSetAdminRole: + default: Stack Set Role + pStackExecutionRole: + default: Stack execution role + pOrganizationId: + default: Organization ID + pSecurityLakeWarning: + default: Security Lake Warning + pDisableSecurityLake: + default: Disable Security Lake log sources and organization configuration + pSecurityLakeOrgLambdaRoleName: + default: Lambda Role Name + +Parameters: + pSecurityLakeOrgLambdaRoleName: + AllowedPattern: '^[\w+=,.@-]{1,64}$' + ConstraintDescription: Max 64 alphanumeric characters. Also special characters supported [+, =, ., @, -] + Default: sra-security-lake-org-lambda + Description: SecurityLake configuration Lambda role name + Type: String + pCreateResourceLink: + AllowedValues: ['true', 'false'] + Default: 'true' + Description: Indicates whether to create a resource link for shared resources in Audit (Security Tooling) account + Type: String + pCreateLakeFormationSlr: + AllowedValues: ['true', 'false'] + Default: 'true' + Description: Indicates whether a Lake Formation service-linked role named AWSServiceRoleForLakeFormationDataAccess should be created + Type: String + pSRASecurityLakeMetastoreManagerRoleName: + AllowedValues: ['AmazonSecurityLakeMetaStoreManagerV2', 'AmazonSecurityLakeMetaStoreManager'] + Default: AmazonSecurityLakeMetaStoreManagerV2 + Description: Security Lake Metastore Manager Role + Type: String + pSourceVersion: + AllowedValues: [2.0] + ConstraintDescription: Must be a valid version number. Currently supported version is 2.0 + Description: Chose the version of data source from which you want to ingest log and event sources + Default: 2.0 + Type: String + pCloudTrailManagementEvents: + AllowedPattern: ^($|ALL|(\d{12})(,\s*\d{12})*)$ + ConstraintDescription: Enter "ALL" or a comma-separated list of AWS account numbers without spaces, e.g., "123456789012,234567890123" to create log source. Leave empty to skip log source creation + Description: Accounts to ingest CloudTrail - Management events from. Choose ALL to enable for all accounts in your AWS Organization. To choose the accounts enter a comma seperated list of the AWS Account numbers. Leave empty to skip log source creation. + Type: CommaDelimitedList + Default: ALL + pCloudTrailLambdaDataEvents: + AllowedPattern: ^($|ALL|(\d{12})(,\s*\d{12})*)$ + ConstraintDescription: Enter "ALL" or a comma-separated list of AWS account numbers without spaces, e.g., "123456789012,234567890123" to create log source. Leave empty to skip log source creation + Description: Accounts to ingest CloudTrail - Lambda Data events from. Choose ALL to enable for all accounts in your AWS Organization. To choose the accounts enter a comma seperated list of the AWS Account numbers. Leave empty to skip log source creation. + Type: CommaDelimitedList + Default: ALL + pCloudTrailS3DataEvents: + AllowedPattern: ^($|ALL|(\d{12})(,\s*\d{12})*)$ + ConstraintDescription: Enter "ALL" or a comma-separated list of AWS account numbers without spaces, e.g., "123456789012,234567890123" to create log source. Leave empty to skip log source creation + Description: Accounts to ingest CloudTrail - S3 Data events from. Choose ALL to enable for all accounts in your AWS Organization. To choose the accounts enter a comma seperated list of the AWS Account numbers. Leave empty to skip log source creation. + Type: CommaDelimitedList + Default: '' + pCustomerControlTowerRegions: + AllowedPattern: ^([\w.-]{1,900})$|^(\/[\w.-]{1,900})*[\w.-]{1,900}$ + ConstraintDescription: Must be alphanumeric or special characters [., _, -]. In addition, the slash character ( / ) used to delineate hierarchies in parameter names. + Default: /sra/regions/customer-control-tower-regions + Description: SSM Parameter for Customer regions + Type: AWS::SSM::Parameter::Value> + pSecurityHubFindings: + AllowedPattern: ^($|ALL|(\d{12})(,\s*\d{12})*)$ + ConstraintDescription: Enter "ALL" or a comma-separated list of AWS account numbers without spaces, e.g., "123456789012,234567890123" to create log source. Leave empty to skip log source creation + Description: Accounts to ingest SecurityHub Findings from. Choose ALL to enable for all accounts in your AWS Organization. To choose the accounts enter a comma seperated list of the AWS Account numbers. Leave empty to skip log source creation. + Type: CommaDelimitedList + Default: ALL + pVpcFlowLogs: + AllowedPattern: ^($|ALL|(\d{12})(,\s*\d{12})*)$ + ConstraintDescription: Enter "ALL" or a comma-separated list of AWS account numbers without spaces, e.g., "123456789012,234567890123" to create log source. Leave empty to skip log source creation + Description: Accounts to ingest VPC Flow Logs from. Choose ALL to enable for all accounts in your AWS Organization. To choose the accounts enter a comma seperated list of the AWS Account numbers. Leave empty to skip log source creation. + Type: CommaDelimitedList + Default: ALL + pWafLogs: + AllowedPattern: ^($|ALL|(\d{12})(,\s*\d{12})*)$ + ConstraintDescription: Enter "ALL" or a comma-separated list of AWS account numbers without spaces, e.g., "123456789012,234567890123" to create log source. Leave empty to skip log source creation + Description: Accounts to ingest WAFv2 Logs from. Choose ALL to enable for all accounts in your AWS Organization. To choose the accounts enter a comma seperated list of the AWS Account numbers. Leave empty to skip log source creation. + Type: CommaDelimitedList + Default: '' + pRoute53Logs: + AllowedPattern: ^($|ALL|(\d{12})(,\s*\d{12})*)$ + ConstraintDescription: Enter "ALL" or a comma-separated list of AWS account numbers without spaces, e.g., "123456789012,234567890123" to create log source. Leave empty to skip log source creation + Description: Accounts to ingest Amazon Route 53 resolver query logs from. Choose ALL to enable for all accounts in your AWS Organization. To choose the accounts enter a comma seperated list of the AWS Account numbers. Leave empty to skip log source creation. + Type: CommaDelimitedList + Default: ALL + pEksAuditLogs: + AllowedPattern: ^($|ALL|(\d{12})(,\s*\d{12})*)$ + ConstraintDescription: Enter "ALL" or a comma-separated list of AWS account numbers without spaces, e.g., "123456789012,234567890123" to create log source. Leave empty to skip log source creation + Description: Accounts to injest Amazon EKS Audit Logs from. Choose ALL to enable for all accounts in your AWS Organization. To choose the accounts enter a comma seperated list of the AWS Account numbers. Leave empty to skip log source creation. + Type: CommaDelimitedList + Default: ALL + pLogArchiveAccountId: + AllowedPattern: ^([\w.-]{1,900})$|^(\/[\w.-]{1,900})*[\w.-]{1,900}$ + ConstraintDescription: Must be alphanumeric or special characters [., _, -]. In addition, the slash character ( / ) used to delineate hierarchies in parameter names. + Default: /sra/control-tower/log-archive-account-id + Description: SSM Parameter for AWS Account ID of the Log Archive account. + Type: AWS::SSM::Parameter::Value + pOrgConfigurationSources: + AllowedValues: ['', ROUTE53, VPC_FLOW, SH_FINDINGS, CLOUD_TRAIL_MGMT, LAMBDA_EXECUTION, S3_DATA, EKS_AUDIT, WAF] + Default: ROUTE53,VPC_FLOW,SH_FINDINGS,CLOUD_TRAIL_MGMT,LAMBDA_EXECUTION,EKS_AUDIT + Description: (Optional) Comma separated list of AWS log sources to enable for new member accounts in your organization (ROUTE53,VPC_FLOW,SH_FINDINGS,CLOUD_TRAIL_MGMT,LAMBDA_EXECUTION,S3_DATA,EKS_AUDIT,WAF). If 'Create Organization Configuration' parameter is set to 'true', then this parameter becomes required. + Type: CommaDelimitedList + pCreateOrganizationConfiguration: + AllowedValues: ['true', 'false'] + Default: 'true' + Description: Select whether to automatically enable Amazon Security Lake for new member accounts in your organization + Type: String + pSecurityLakeOrgKeyAlias: + AllowedPattern: '^[a-zA-Z0-9/_-]+$' + ConstraintDescription: + The alias must be string of 1-256 characters. It can contain only alphanumeric characters, forward slashes (/), underscores (_), and dashes (-). + Default: sra-security-lake-org-key + Description: Security Lake KMS Key Alias + Type: String + pAuditAccountId: + AllowedPattern: ^([\w.-]{1,900})$|^(\/[\w.-]{1,900})*[\w.-]{1,900}$ + ConstraintDescription: Must be alphanumeric or special characters [., _, -]. In addition, the slash character ( / ) used to delineate hierarchies in parameter names. + Default: /sra/control-tower/audit-account-id + Description: SSM Parameter for AWS Account ID of the Control Tower account to delegate administration. + Type: AWS::SSM::Parameter::Value + pComplianceFrequency: + ConstraintDescription: Compliance Frequency must be a number between 1 and 30, inclusive. + Default: 7 + Description: Frequency (in days between 1 and 30, default is 7) to check organizational compliance by invoking the Lambda Function. + MinValue: 1 + MaxValue: 30 + Type: Number + pControlTowerLifeCycleRuleName: + AllowedPattern: ^[\w.-]{1,64}$ + ConstraintDescription: Max 64 alphanumeric and underscore characters. Also special characters supported [., -] + Default: sra-security-lake-org-trigger + Description: The name of the AWS Control Tower Life Cycle Rule. + Type: String + pControlTowerRegionsOnly: + AllowedValues: ['true', 'false'] + Default: 'false' + Description: Only enable in the customer governed regions specified in Control Tower or Common Prerequisites solution + Type: String + pCreateLambdaLogGroup: + AllowedValues: ['true', 'false'] + Default: 'false' + Description: Indicates whether a CloudWatch Log Group should be explicitly created for the Lambda function, to allow for setting a Log Retention and/or KMS Key for encryption. + Type: String + pEnabledRegions: + AllowedPattern: ^$|^([a-z0-9-]{1,64})$|^(([a-z0-9-]{1,64},)*[a-z0-9-]{1,64})$ + ConstraintDescription: Only lowercase letters, numbers, and hyphens ('-') allowed. (e.g. us-east-1) Additional AWS regions can be provided, separated by commas. (e.g. us-east-1,ap-southeast-2) + Default: '' + Description: (Optional) Enabled regions (AWS regions, separated by commas). Leave blank to enable all supported regions (recommended). + Type: String + pLambdaLogGroupKmsKey: + AllowedPattern: ^$|^arn:(aws[a-zA-Z-]*){1}:kms:[a-z0-9-]+:\d{12}:key\/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ + ConstraintDescription: 'Key ARN example: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab' + Default: '' + Description: (Optional) KMS Key ARN to use for encrypting the Lambda logs data. If empty, encryption is enabled with CloudWatch Logs managing the server-side encryption keys. + Type: String + pLambdaLogGroupRetention: + AllowedValues: [1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 3653] + Default: 14 + Description: Specifies the number of days you want to retain log events + Type: String + pLambdaLogLevel: + AllowedValues: [INFO, ERROR, DEBUG] + Default: INFO + Description: Lambda Function Logging Level + Type: String + pSRAAlarmEmail: + AllowedPattern: ^$|^([a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+)$ + ConstraintDescription: Must be a valid email address. + Default: '' + Description: (Optional) Email address for receiving SRA alarms + Type: String + pSRASolutionName: + AllowedValues: [sra-security-lake-org] + Default: sra-security-lake-org + Description: The SRA solution name. The default value is the folder name of the solution + Type: String + pSRAStagingS3BucketName: + AllowedPattern: ^([\w.-]{1,900})$|^(\/[\w.-]{1,900})*[\w.-]{1,900}$ + ConstraintDescription: Must be alphanumeric or special characters [., _, -]. In addition, the slash character ( / ) used to delineate hierarchies in parameter names. + Default: /sra/staging-s3-bucket-name + Description: SSM Parameter for SRA Staging S3 bucket name for the artifacts relevant to solution. (e.g., lambda zips, CloudFormation templates) S3 bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). + Type: AWS::SSM::Parameter::Value + pSRASolutionVersion: + AllowedValues: [v1.0] + Default: v1.0 + Description: The SRA solution version. Used to trigger updates on the nested StackSets. + Type: String + pRegisterAuditAccountDataSubscriber: + AllowedValues: ['true', 'false'] + Default: 'false' + Description: Identifies whether to registerAudit (Security Tooling) account as a Subscriber with Data Access + Type: String + pAuditAccountDataSubscriberPrefix: + AllowedValues: [sra-audit-account-data-subscriber] + Default: sra-audit-account-data-subscriber + Description: The name of the Audit (Security Tooling) account data access subscriber + Type: String + pAuditAccountDataSubscriberExternalId: + AllowedPattern: ^(?:[a-zA-Z0-9]{0,64})?$ + ConstraintDescription: All characters allowed except '&<>\%|' + Default: '' + Description: (Optional) External ID for Security Lake Audit (Security Tooling) data access subscriber. If 'Register Audit (Security Tooling) account as a Subscriber with Data Access' parameter is set to 'true', then this parameter becomes required. + Type: String + pAuditAccountQuerySubscriberPrefix: + AllowedValues: [sra-audit-account-query-subscriber] + Default: sra-audit-account-query-subscriber + Description: The name of the Audit (Security Tooling) account query access subscriber + Type: String + pAuditAccountQuerySubscriberExternalId: + AllowedPattern: ^(?:[a-zA-Z0-9]{0,64})?$ + ConstraintDescription: All characters allowed except '&<>\%|' + Default: '' + Description: (Optional) External ID for Security Lake Audit (Security Tooling) query access subscriber. If 'Register Audit (Security Tooling) account as a Subscriber with Query Access' parameter is set to 'true', then this parameter becomes required. + Type: String + pRegisterAuditAccountQuerySubscriber: + AllowedValues: ['true', 'false'] + Default: 'false' # todo: test and change to true + Description: Identifies whether to register Audit (Security Tooling) account as a Subscriber with Query Access + Type: String + pStackSetAdminRole: + AllowedValues: [sra-stackset] + Default: sra-stackset + Description: The administration role name that is used in the stackset. + Type: String + pStackExecutionRole: + AllowedValues: [sra-execution] + Default: sra-execution + Description: The execution role name that is used in the stack. + Type: String + pOrganizationId: + AllowedPattern: ^([\w.-]{1,900})$|^(\/[\w.-]{1,900})*[\w.-]{1,900}$ + ConstraintDescription: Must be alphanumeric or special characters [., _, -]. In addition, the slash character ( / ) used to delineate hierarchies in parameter names. + Default: /sra/control-tower/organization-id + Description: SSM Parameter for AWS Organizations ID + Type: AWS::SSM::Parameter::Value + pSecurityLakeWarning: + AllowedValues: ['Accept', 'Reject'] + Default: Reject + Description: (Disclaimer) Resources created using this CloudFormation template may incur costs. The pricing for the individual AWS services and resources used in this template can be found on the respective service pricing pages. Please refer to https://aws.amazon.com/pricing/ + Type: String + pDisableSecurityLake: + AllowedValues: ['true', 'false'] + Default: 'false' + Description: Update to 'true' to disable Security Lake log sources and organization configuration before deleting the stack. + Type: String + pSecurityLakeConfigurationRoleName: + AllowedPattern: '^[\w+=,.@-]{1,64}$' + ConstraintDescription: Max 64 alphanumeric characters. Also special characters supported [+, =, ., @, -] + Default: sra-security-lake-org-configuration + Description: SecurityLake Configuration IAM Role Name + Type: String + +Conditions: + cRegisterAuditAccountQuerySubscriber: !Equals + - !Ref pRegisterAuditAccountQuerySubscriber + - 'true' + cControlTowerRegions: !Equals + - !Ref pControlTowerRegionsOnly + - 'true' + cCreateLakeFormationSlr: !Equals + - !Ref pCreateLakeFormationSlr + - 'true' + +Rules: + VerifySecurityLakeDisclaimer: + RuleCondition: !Equals + - !Ref pSecurityLakeWarning + - Reject + Assertions: + - Assert: !Not + - !Equals + - !Ref pSecurityLakeWarning + - Reject + AssertDescription: Please Acknowledge Security Lake pricing disclaimer + ProvideDataAccessExternalId: + RuleCondition: !Equals + - !Ref pRegisterAuditAccountDataSubscriber + - 'true' + Assertions: + - Assert: !Not + - !Equals + - !Ref pAuditAccountDataSubscriberExternalId + - '' + AssertDescription: Please provide External ID for Security Lake Audit (Security Tooling) data access subscriber + ProvideQueryAccessExternalId: + RuleCondition: !Equals + - !Ref pRegisterAuditAccountQuerySubscriber + - 'true' + Assertions: + - Assert: !Not + - !Equals + - !Ref pAuditAccountQuerySubscriberExternalId + - '' + AssertDescription: Please provide External ID for Security Lake Audit (Security Tooling) query access subscriber + VerifyEnabledRegions: + RuleCondition: !Equals + - !Ref pControlTowerRegionsOnly + - 'false' + Assertions: + - Assert: !Not + - !Equals + - !Ref pEnabledRegions + - '' + AssertDescription: Please provide Enabled Regions + +Resources: + rSecurityLakeQuerySubscriberIAMRoleStackSet: + Type: AWS::CloudFormation::StackSet + Condition: cRegisterAuditAccountQuerySubscriber + DeletionPolicy: Delete + UpdateReplacePolicy: Delete + Properties: + StackSetName: sra-security-lake-query-subscriber-role + AdministrationRoleARN: !Sub arn:${AWS::Partition}:iam::${AWS::AccountId}:role/${pStackSetAdminRole} + CallAs: SELF + Capabilities: + - CAPABILITY_NAMED_IAM + Description: !Sub ${pSRASolutionVersion} - Deploys an IAM role via ${pSRASolutionName} for configuring SecurityLake Subscriber account + ExecutionRoleName: !Ref pStackExecutionRole + ManagedExecution: + Active: true + OperationPreferences: + FailureTolerancePercentage: 0 + MaxConcurrentPercentage: 100 + RegionConcurrencyType: PARALLEL + PermissionModel: SELF_MANAGED + StackInstancesGroup: + - DeploymentTargets: + Accounts: + - !Ref pAuditAccountId + Regions: + - !Ref AWS::Region + TemplateURL: !Sub https://${pSRAStagingS3BucketName}.s3.${AWS::Region}.${AWS::URLSuffix}/${pSRASolutionName}/templates/sra-security-lake-query-subscriber-role.yaml + Parameters: + - ParameterKey: pManagementAccountId + ParameterValue: !Ref AWS::AccountId + - ParameterKey: pLogArchiveAccountId + ParameterValue: !Ref pLogArchiveAccountId + Tags: + - Key: sra-solution + Value: !Ref pSRASolutionName + + rSecurityLakeConfigurationIAMRoleStackSet: + Type: AWS::CloudFormation::StackSet + DeletionPolicy: Delete # Retain + UpdateReplacePolicy: Delete # Retain + Properties: + StackSetName: sra-security-lake-org-configuration-role + AdministrationRoleARN: !Sub arn:${AWS::Partition}:iam::${AWS::AccountId}:role/${pStackSetAdminRole} + CallAs: SELF + Capabilities: + - CAPABILITY_NAMED_IAM + Description: !Sub ${pSRASolutionVersion} - Deploys an IAM role via ${pSRASolutionName} for configuring SecurityLake + ExecutionRoleName: !Ref pStackExecutionRole + ManagedExecution: + Active: true + OperationPreferences: + FailureTolerancePercentage: 0 + MaxConcurrentPercentage: 100 + RegionConcurrencyType: PARALLEL + PermissionModel: SELF_MANAGED + StackInstancesGroup: + - DeploymentTargets: + Accounts: + - !Ref pLogArchiveAccountId + Regions: + - !Ref AWS::Region + TemplateURL: !Sub https://${pSRAStagingS3BucketName}.s3.${AWS::Region}.${AWS::URLSuffix}/${pSRASolutionName}/templates/sra-security-lake-org-configuration-role.yaml + Parameters: + - ParameterKey: pManagementAccountId + ParameterValue: !Ref AWS::AccountId + - ParameterKey: pAuditAccountQuerySubscriberExternalId + ParameterValue: !Ref pAuditAccountQuerySubscriberExternalId + - ParameterKey: pSecurityLakeOrgLambdaRoleName + ParameterValue: !Ref pSecurityLakeOrgLambdaRoleName + - ParameterKey: pSecurityLakeConfigurationRoleName + ParameterValue: !Ref pSecurityLakeConfigurationRoleName + Tags: + - Key: sra-solution + Value: !Ref pSRASolutionName + + rSecurityLakeConfigurationStack: + Type: AWS::CloudFormation::Stack + DeletionPolicy: Delete + UpdateReplacePolicy: Delete + Properties: + TemplateURL: !Sub https://${pSRAStagingS3BucketName}.s3.${AWS::Region}.${AWS::URLSuffix}/${pSRASolutionName}/templates/sra-security-lake-org-configuration.yaml + Parameters: + pComplianceFrequency: !Ref pComplianceFrequency + pControlTowerLifeCycleRuleName: !Ref pControlTowerLifeCycleRuleName + pControlTowerRegionsOnly: !Ref pControlTowerRegionsOnly + pCreateLambdaLogGroup: !Ref pCreateLambdaLogGroup + pDelegatedAdminAccountId: !Ref pLogArchiveAccountId + pEnabledRegions: !Ref pEnabledRegions + pLambdaLogGroupKmsKey: !Ref pLambdaLogGroupKmsKey + pLambdaLogGroupRetention: !Ref pLambdaLogGroupRetention + pLambdaLogLevel: !Ref pLambdaLogLevel + pSRAAlarmEmail: !Ref pSRAAlarmEmail + pSRAStagingS3BucketName: !Ref pSRAStagingS3BucketName + pCreateOrganizationConfiguration: !Ref pCreateOrganizationConfiguration + pOrgConfigurationSources: !Join + - ',' + - !Ref pOrgConfigurationSources + pCloudTrailManagementEvents: !Join + - ',' + - !Ref pCloudTrailManagementEvents + pCloudTrailLambdaDataEvents: !Join + - ',' + - !Ref pCloudTrailLambdaDataEvents + pCloudTrailS3DataEvents: !Join + - ',' + - !Ref pCloudTrailS3DataEvents + pSecurityHubFindings: !Join + - ',' + - !Ref pSecurityHubFindings + pVpcFlowLogs: !Join + - ',' + - !Ref pVpcFlowLogs + pWafLogs: !Join + - ',' + - !Ref pWafLogs + pRoute53Logs: !Join + - ',' + - !Ref pRoute53Logs + pEksAuditLogs: !Join + - ',' + - !Ref pEksAuditLogs + pSourceVersion: !Ref pSourceVersion + pRegisterAuditAccountDataSubscriber: !Ref pRegisterAuditAccountDataSubscriber + pAuditAccountDataSubscriberPrefix: !Ref pAuditAccountDataSubscriberPrefix + pAuditAccountDataSubscriberExternalId: !Ref pAuditAccountDataSubscriberExternalId + pRegisterAuditAccountQuerySubscriber: !Ref pRegisterAuditAccountQuerySubscriber + pAuditAccountQuerySubscriberPrefix: !Ref pAuditAccountQuerySubscriberPrefix + pAuditAccountQuerySubscriberExternalId: !Ref pAuditAccountQuerySubscriberExternalId + pDisableSecurityLake: !Ref pDisableSecurityLake + pOrganizationId: !Ref pOrganizationId + # pKmsKeyStackSetId: !Ref rSecurityLakeKMSKeyStackSet + pCreateResourceLink: !Ref pCreateResourceLink + pSecurityLakeOrgKeyAlias: !Ref pSecurityLakeOrgKeyAlias + Tags: + - Key: sra-solution + Value: !Ref pSRASolutionName + + rSecurityLakeKMSKeyStackSet: + Type: AWS::CloudFormation::StackSet + DependsOn: rSecurityLakeConfigurationIAMRoleStackSet + DeletionPolicy: Delete # Retain + UpdateReplacePolicy: Delete # Retain + Properties: + StackSetName: sra-security-lake-org-kms-key + AdministrationRoleARN: !Sub arn:${AWS::Partition}:iam::${AWS::AccountId}:role/${pStackSetAdminRole} + CallAs: SELF + Description: !Sub ${pSRASolutionVersion} - Deploys a KMS Key via ${pSRASolutionName} for encrypting Security Lake + ExecutionRoleName: !Ref pStackExecutionRole + ManagedExecution: + Active: true + OperationPreferences: + FailureTolerancePercentage: 0 + MaxConcurrentPercentage: 100 + RegionConcurrencyType: PARALLEL + PermissionModel: SELF_MANAGED + StackInstancesGroup: + - DeploymentTargets: + Accounts: + - !Ref pLogArchiveAccountId + Regions: !If + - cControlTowerRegions + - !Ref pCustomerControlTowerRegions + - !Split + - ',' + - !Ref pEnabledRegions + TemplateURL: !Sub https://${pSRAStagingS3BucketName}.s3.${AWS::Region}.${AWS::URLSuffix}/${pSRASolutionName}/templates/sra-security-lake-org-kms-key.yaml + Parameters: + - ParameterKey: pSecurityLakeOrgKeyAlias + ParameterValue: !Ref pSecurityLakeOrgKeyAlias + - ParameterKey: pManagementAccountId + ParameterValue: !Ref AWS::AccountId + - ParameterKey: pSRASolutionName + ParameterValue: !Ref pSRASolutionName + - ParameterKey: pRegisterAuditAccountQuerySubscriber + ParameterValue: !Ref pRegisterAuditAccountQuerySubscriber + - ParameterKey: pAuditAccountId + ParameterValue: !Ref pAuditAccountId + Tags: + - Key: sra-solution + Value: !Ref pSRASolutionName + + rSecurityLakeMetaStoreManagerIAMRoleStackSet: + Type: AWS::CloudFormation::StackSet + DeletionPolicy: Delete + UpdateReplacePolicy: Delete + Properties: + StackSetName: sra-security-lake-meta-store-manager-role + AdministrationRoleARN: !Sub arn:${AWS::Partition}:iam::${AWS::AccountId}:role/${pStackSetAdminRole} + CallAs: SELF + Capabilities: + - CAPABILITY_NAMED_IAM + Description: !Sub ${pSRASolutionVersion} - Deploys an IAM role via ${pSRASolutionName} for configuring Security Lake + ExecutionRoleName: !Ref pStackExecutionRole + ManagedExecution: + Active: true + OperationPreferences: + FailureTolerancePercentage: 0 + MaxConcurrentPercentage: 100 + RegionConcurrencyType: PARALLEL + PermissionModel: SELF_MANAGED + StackInstancesGroup: + - DeploymentTargets: + Accounts: + - !Ref pLogArchiveAccountId + Regions: + - !Ref AWS::Region + TemplateURL: !Sub https://${pSRAStagingS3BucketName}.s3.${AWS::Region}.${AWS::URLSuffix}/${pSRASolutionName}/templates/sra-security-lake-meta-store-manager-role.yaml + Parameters: + - ParameterKey: pSRASolutionName + ParameterValue: !Ref pSRASolutionName + - ParameterKey: pSRASecurityLakeMetastoreManagerRoleName + ParameterValue: !Ref pSRASecurityLakeMetastoreManagerRoleName + Tags: + - Key: sra-solution + Value: !Ref pSRASolutionName + + rSecurityLakeLakeFormationSlrStackSet: + Type: AWS::CloudFormation::StackSet + DeletionPolicy: Delete # Retain + UpdateReplacePolicy: Delete # Retain + Condition: cCreateLakeFormationSlr + Properties: + StackSetName: sra-security-lake-lakeformation-slr + AdministrationRoleARN: !Sub arn:${AWS::Partition}:iam::${AWS::AccountId}:role/${pStackSetAdminRole} + CallAs: SELF + Capabilities: + - CAPABILITY_NAMED_IAM + Description: !Sub ${pSRASolutionVersion} - Deploys AWS Lake Formation service-linked role via ${pSRASolutionName} + ExecutionRoleName: !Ref pStackExecutionRole + ManagedExecution: + Active: true + OperationPreferences: + FailureTolerancePercentage: 0 + MaxConcurrentPercentage: 100 + RegionConcurrencyType: PARALLEL + PermissionModel: SELF_MANAGED + StackInstancesGroup: + - DeploymentTargets: + Accounts: + - !Ref pLogArchiveAccountId + Regions: + - !Ref AWS::Region + TemplateURL: !Sub https://${pSRAStagingS3BucketName}.s3.${AWS::Region}.${AWS::URLSuffix}/${pSRASolutionName}/templates/sra-security-lake-lakeformation-slr.yaml + Tags: + - Key: sra-solution + Value: !Ref pSRASolutionName \ No newline at end of file diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-query-subscriber-role.yaml b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-query-subscriber-role.yaml new file mode 100644 index 00000000..0402db8b --- /dev/null +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-query-subscriber-role.yaml @@ -0,0 +1,169 @@ +######################################################################## +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: MIT-0 +######################################################################## +AWSTemplateFormatVersion: 2010-09-09 +Description: + This template creates an IAM role to configure the delegated administrator account - - 'security_lake_org' solution in the repo, + https://github.com/aws-samples/aws-security-reference-architecture-examples (sra-1ssgnse80) + +Metadata: + SRA: + Version: 1.0 + Order: 2 + AWS::CloudFormation::Interface: + ParameterGroups: + - Label: + default: General Properties + Parameters: + - pSRASolutionName + + - Label: + default: Role Properties + Parameters: + - pSecurityLakeSubscriberRoleName + - pSecurityLakeOrgLambdaRoleName + - pManagementAccountId + - pLogArchiveAccountId + + ParameterLabels: + pManagementAccountId: + default: Organization Management Account ID + pSecurityLakeOrgLambdaRoleName: + default: Lambda Role Name + pSecurityLakeSubscriberRoleName: + default: Security Lake Query Subscriber Role Name + pSRASolutionName: + default: SRA Solution Name + pLogArchiveAccountId: + default: Log Archive Account ID + +Parameters: + pManagementAccountId: + AllowedPattern: '^\d{12}$' + ConstraintDescription: Must be 12 digits + Description: Organization Management Account ID + Type: String + pSecurityLakeOrgLambdaRoleName: + AllowedPattern: '^[\w+=,.@-]{1,64}$' + ConstraintDescription: Max 64 alphanumeric characters. Also special characters supported [+, =, ., @, -] + Default: sra-security-lake-org-lambda + Description: Lambda Role Name + Type: String + pSecurityLakeSubscriberRoleName: + AllowedPattern: '^[\w+=,.@-]{1,64}$' + ConstraintDescription: Max 64 alphanumeric characters. Also special characters supported [+, =, ., @, -] + Default: sra-security-lake-query-subscriber + Description: SecurityLake Configuration IAM Role Name + Type: String + pSRASolutionName: + AllowedValues: [sra-security-lake-org] + Default: sra-security-lake-org + Description: The SRA solution name. The default value is the folder name of the solution + Type: String + pLogArchiveAccountId: + AllowedPattern: '^\d{12}$' + ConstraintDescription: Must be 12 digits + Description: Log Archive Account ID + Type: String + +Resources: + rQuerySubscriberRole: + Type: AWS::IAM::Role + Metadata: + cfn_nag: + rules_to_suppress: + - id: W11 + reason: Actions require * in resource + - id: W28 + reason: Explicit role name provided + Properties: + RoleName: !Ref pSecurityLakeSubscriberRoleName + AssumeRolePolicyDocument: + Version: 2012-10-17 + Statement: + - Effect: Allow + Action: sts:AssumeRole + Condition: + StringEquals: + aws:PrincipalArn: + - !Sub arn:${AWS::Partition}:iam::${pManagementAccountId}:role/${pSecurityLakeOrgLambdaRoleName} + - !Sub arn:${AWS::Partition}:iam::${pManagementAccountId}:role/Admin # todo: remove this line after the solution is tested + Principal: + AWS: + - !Sub arn:${AWS::Partition}:iam::${pManagementAccountId}:root + Path: '/' + Policies: + + - PolicyName: sra-security-lake-org-subscriber-policy-ram + PolicyDocument: + Version: 2012-10-17 + Statement: + - Sid: AllowRamReadActions + Effect: Allow + Action: + - ram:ListResources + - ram:GetResourceShareInvitations + Resource: '*' + + - Sid: AllowAcceptResourceShareInvitation + Effect: Allow + Action: + - ram:AcceptResourceShareInvitation + Resource: !Sub arn:${AWS::Partition}:ram:*:${pLogArchiveAccountId}:resource-share-invitation/* + Condition: + StringEquals: + ram:ShareOwnerAccountId: !Sub ${pLogArchiveAccountId} + + - PolicyName: sra-security-lake-org-subscriber-policy-glue + PolicyDocument: + Version: 2012-10-17 + Statement: + - Sid: AllowGlueDatabaseActions + Effect: Allow + Action: + - glue:CreateDatabase + - glue:GetDatabase + - glue:GetDatabases + Resource: + - !Sub arn:${AWS::Partition}:glue:*:${AWS::AccountId}:catalog + - !Sub arn:${AWS::Partition}:glue:*:${AWS::AccountId}:database/amazon_security_lake_glue_db_*_subscriber + - Sid: AllowGlueTableActions + Effect: Allow + Action: + - glue:CreateTable + - glue:GetPartitions + - glue:GetTable + Resource: + - !Sub arn:${AWS::Partition}:glue:*:${AWS::AccountId}:catalog + - !Sub arn:${AWS::Partition}:glue:*:${AWS::AccountId}:table/amazon_security_lake_glue_db_*_subscriber/rl_amazon_security_lake_table_*_cloud_trail_mgmt_2_0 + - !Sub arn:${AWS::Partition}:glue:*:${AWS::AccountId}:database/amazon_security_lake_glue_db_*_subscriber + - !Sub arn:${AWS::Partition}:glue:*:${AWS::AccountId}:table/amazon_security_lake_glue_db_*_subscriber/rl_amazon_security_lake_table_*_sh_findings_2_0 + - !Sub arn:${AWS::Partition}:glue:*:${AWS::AccountId}:table/amazon_security_lake_glue_db_*_subscriber/rl_amazon_security_lake_table_*_lambda_execution_2_0 + - !Sub arn:${AWS::Partition}:glue:*:${AWS::AccountId}:table/amazon_security_lake_glue_db_*_subscriber/rl_amazon_security_lake_table_*_s3_data_2_0 + - !Sub arn:${AWS::Partition}:glue:*:${AWS::AccountId}:table/amazon_security_lake_glue_db_*_subscriber/rl_amazon_security_lake_table_*_route53_2_0 + - !Sub arn:${AWS::Partition}:glue:*:${AWS::AccountId}:table/amazon_security_lake_glue_db_*_subscriber/rl_amazon_security_lake_table_*_vpc_flow_2_0 + - !Sub arn:${AWS::Partition}:glue:*:${AWS::AccountId}:table/amazon_security_lake_glue_db_*_subscriber/rl_amazon_security_lake_table_*_eks_audit_2_0 + - !Sub arn:${AWS::Partition}:glue:*:${AWS::AccountId}:table/amazon_security_lake_glue_db_*_subscriber/rl_amazon_security_lake_table_*_waf_2_0 + + - PolicyName: sra-security-lake-org-policy-iam + PolicyDocument: + Version: 2012-10-17 + Statement: + - Sid: AllowReadIamActions + Effect: Allow + Action: iam:GetRole + Resource: !Sub arn:${AWS::Partition}:iam::${AWS::AccountId}:role/* + + - PolicyName: sra-security-lake-org-policy-lakeformation + PolicyDocument: + Version: 2012-10-17 + Statement: + - Sid: AllowGrantPermissions + Effect: Allow + Action: lakeformation:GrantPermissions + Resource: "*" + + Tags: + - Key: sra-solution + Value: !Ref pSRASolutionName From 62a79812aa1aed818b7e6965477943aa56659fe6 Mon Sep 17 00:00:00 2001 From: ievgeniia ieromenko Date: Tue, 3 Sep 2024 09:50:35 -0400 Subject: [PATCH 02/15] linting fix --- .../templates/sra-security-lake-org-configuration.yaml | 2 +- .../templates/sra-security-lake-org-main-ssm.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-configuration.yaml b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-configuration.yaml index 2010045b..0c97dc97 100644 --- a/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-configuration.yaml +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-configuration.yaml @@ -306,7 +306,7 @@ Parameters: Type: String pLambdaLogGroupKmsKey: AllowedPattern: '^$|^arn:(aws[a-zA-Z-]*){1}:kms:[a-z0-9-]+:\d{12}:key\/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$' - ConstraintDescription: 'Key ARN example: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab' + ConstraintDescription: 'Key ARN example: arn:aws:kms:::key/1234abcd-12ab-34cd-56ef-1234567890ab' Description: (Optional) KMS Key ARN to use for encrypting the Lambda logs data. If empty, encryption is enabled with CloudWatch Logs managing the server-side encryption keys. diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-main-ssm.yaml b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-main-ssm.yaml index 17eea1dd..19d401ed 100644 --- a/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-main-ssm.yaml +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-main-ssm.yaml @@ -308,7 +308,7 @@ Parameters: Type: String pLambdaLogGroupKmsKey: AllowedPattern: ^$|^arn:(aws[a-zA-Z-]*){1}:kms:[a-z0-9-]+:\d{12}:key\/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ - ConstraintDescription: 'Key ARN example: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab' + ConstraintDescription: 'Key ARN example: arn:aws:kms:::key/1234abcd-12ab-34cd-56ef-1234567890ab' Default: '' Description: (Optional) KMS Key ARN to use for encrypting the Lambda logs data. If empty, encryption is enabled with CloudWatch Logs managing the server-side encryption keys. Type: String From 2c7d3b656f52106c5bcc3061f4aea2df14730ace Mon Sep 17 00:00:00 2001 From: ievgeniia ieromenko Date: Tue, 3 Sep 2024 14:45:25 -0400 Subject: [PATCH 03/15] adding documentation --- .../security_lake/security_lake_org/README.md | 147 ++++++++++++++++-- .../documentation/sra-security-lake-org.png | Bin 173918 -> 154956 bytes .../documentation/sra-security-lake-org.pptx | Bin 0 -> 259168 bytes 3 files changed, 132 insertions(+), 15 deletions(-) create mode 100644 aws_sra_examples/solutions/security_lake/security_lake_org/documentation/sra-security-lake-org.pptx diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/README.md b/aws_sra_examples/solutions/security_lake/security_lake_org/README.md index ad73c225..e2b3e021 100644 --- a/aws_sra_examples/solutions/security_lake/security_lake_org/README.md +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/README.md @@ -18,10 +18,14 @@ AWS SRA Security Lake solution will automate enabling Amazon Security Lake by de **Key solution features:** -- Delegates Amazon Security Lake administration to Log Archive account is Security OU. -- Assumes a role in the delegated administrator account to create required IAM roles and data lakes. -- Adds all existing accounts including the management account as members. -- Configures log sources +- Delegates the administration of Amazon Security Lake to a Log Archive account in the Security OU (Organizational Unit). +- Creates the required IAM roles for Amazon Security Lake. +- Configures the ingestion of AWS logs and event sources in all existing or specified accounts. +- Creates an organization configuration to automatically enable Amazon Security Lake for new member accounts in your organization. +- (Optional) Creates an Audit account (Security Tooling) subscriber with data access. +- (Optional) Creates an Audit account (Security Tooling) subscriber with query access. +- (Optional) Creates a resource link to shared tables in an Audit account (Security Tooling). + --- @@ -31,6 +35,103 @@ AWS SRA Security Lake solution will automate enabling Amazon Security Lake by de ### 1.0 Organization Management Account +#### 1.1 AWS CloudFormation + +- All resources are deployed via AWS CloudFormation as a `StackSet` and `Stack Instance` within the management account or a CloudFormation `Stack` within a specific account. +- The [Customizations for AWS Control Tower](https://aws.amazon.com/solutions/implementations/customizations-for-aws-control-tower/) solution deploys all templates as a CloudFormation `StackSet`. +- For parameter details, review the [AWS CloudFormation templates](templates/). + +#### 1.2 AWS Lambda Function + +- The Lambda function includes logic to enable and configure Security Lake + +#### 1.3 Lambda Execution IAM Role + +- IAM role used by the Lambda function to enable the Security Lake Delegated Administrator Account within each region provided + +#### 1.4 Lambda CloudWatch Log Group + +- All the `AWS Lambda Function` logs are sent to a CloudWatch Log Group `` to help with debugging and traceability of the actions performed. +- By default the `AWS Lambda Function` will create the CloudWatch Log Group and logs are encrypted with a CloudWatch Logs service managed encryption key. + +#### 1.5 Dead Letter Queue (DLQ) + +- SQS dead letter queue used for retaining any failed Lambda events. + +#### 1.6 Alarm SNS Topic + +- SNS Topic used to notify subscribers when messages hit the DLQ. + +#### 1.7 Lambda Layer + +- The python boto3 SDK lambda layer to enable capability for Lambda to enable features of the Security Lake service. +- This is downloaded during the deployment process and packaged into a layer that is used by the Lambda function in this solution. +- The Security Lake API available in the current Lambda environment (as of 09/03/2024) is 1.34.145, however, enhanced functionality of the Security Lake API used in this solution requires at least 1.35.10 (see references below). +- Note: Future revisions to this solution will remove this layer when boto3 is updated within the Lambda environment. + +#### 1.8 Compliance Event Rule + +- The `Organization Compliance Scheduled Event Rule` triggers the `AWS Lambda Function` to capture AWS Account status updates (e.g. suspended to active). + - A parameter is provided to set the schedule frequency. + + +--- + +### 2.0 Log Archive Account(Delegated Administrator) + +#### 2.1 AWS CloudFormation + +- See [1.1 AWS CloudFormation](#11-aws-cloudformation) + +#### 2.2 AmazonSecurityLakeMetaStoreManagerV2 IAM role + +- IAM role used by Security Lake to create data lake or query data from Security Lake. + +#### 2.3 Configuration IAM role + +- The Configuration IAM Role is assumed by the Lambda function to configure Security Lake within the delegated administrator account. + +#### 2.4 Lake Formation service-linked IAM role + +- AWSServiceRoleForLakeFormationDataAccess role provides a set of Amazon Simple Storage Service (Amazon S3) permissions that enable the Lake Formation integrated service (such as Amazon Athena) to access registered locations. + +#### 2.5 KMS key + +- AWS KMS key to encrypt Security Lake data and Security Lake Amazon Simple Queue Service (Amazon SQS) queues. + +#### 2.6 Security Lake + +- Security Lake is enabled in the delegated admin account within each provided region. +- Based on the specified parameters: + - Natively supported AWS log and event sources added in required Regions. + - Organization configuration created to automatically enable Amazon Security Lake for new member accounts in your organization. + - Audit account (Security Tooling) subscriber with data access created. + - Audit account (Security Tooling) subscriber with query access created. + - Resource link to shared tables created in the Audit account (Security Tooling). + +--- + +### 3.0 Audit Account + +The example solutions use `Audit Account` instead of `Security Tooling Account` to align with the default account name used within the AWS Control Tower +setup process for the Security Account. The Account ID for the `Audit Account` SSM parameter is +populated from the `SecurityAccountId` parameter within the `AWSControlTowerBP-BASELINE-CONFIG` StackSet, but is specified manually in other environments, and then stored in an SSM parameter (this is all done in the common prerequisites solution). + +#### 3.1 AWS CloudFormation + +- See [1.1 AWS CloudFormation](#11-aws-cloudformation) + +#### 3.2 Subscriber Configuration IAM role + +- The Subscriber Configuration IAM Role is assumed by the Lambda function to configure resource link to shared tables within the Audit account. + +#### 3.3 AWS RAM resource share + +- The resource share invitation is accepted within the Audit account. + +#### 3.4 AWS Glue resource link + +- A resource link to the shared Lake Formation tables is created in AWS Glue to point the subscriber's account to the shared tables. --- @@ -40,6 +141,8 @@ AWS SRA Security Lake solution will automate enabling Amazon Security Lake by de 1. [Download and Stage the SRA Solutions](../../../docs/DOWNLOAD-AND-STAGE-SOLUTIONS.md). **Note:** This only needs to be done once for all the solutions. 2. Verify that the [SRA Prerequisites Solution](../../common/common_prerequisites/) has been deployed. +3. Verify that the AmazonSecurityLakeMetaStoreManagerV2 IAM role does not exist in the Log Archive account. If the role exists, either modify the sra-security-lake-org-main-ssm.yaml template or delete the role. +4. Verify that the AWSServiceRoleForLakeFormationDataAccess IAM role does not exist in the Log Archive account. If the role exists, either modify the sra-security-lake-org-main-ssm.yaml template or delete the role. ### Solution Deployment @@ -53,15 +156,35 @@ Choose a Deployment Method: In the `management account (home region)`, launch the [sra-security-lake-org-main-ssm.yaml](templates/sra-security-lake-org-main-ssm.yaml) template. This uses an approach where some of the CloudFormation parameters are populated from SSM parameters created by the [SRA Prerequisites Solution](../../common/common_prerequisites/). ```bash - aws cloudformation deploy --template-file $HOME/aws-sra-examples/aws_sra_examples/solutions/security-lake/security-lake/templates/sra-security-lake-org-main-ssm.yaml --stack-name sra-security-lake-org-main-ssm --capabilities CAPABILITY_NAMED_IAM --parameter-overrides pGuarddutyEnabledForMoreThan48Hours= + aws cloudformation deploy --template-file $PWD/aws-sra-examples/aws_sra_examples/solutions/security-lake/security-lake/templates/sra-security-lake-org-main-ssm.yaml --stack-name sra-security-lake-org-main-ssm --capabilities CAPABILITY_NAMED_IAM --parameter-overrides pSecurityLakeWarning= ``` ##### Important -Pay close attention to the `--parameter-overrides` argument. For launching of the AWS Cloudformation stack using one of the commands in the options above to be successful, Amazon GuardDuty must have been enabled for at least 48 hours, **and** the `pGuarddutyEnabledForMoreThan48Hours` parameter in the `--parameter-overrides` argument must be set to `true`. If it is set to `false` the stack launch will fail and provide an error. +Pay close attention to the `--parameter-overrides` argument. For launching of the AWS Cloudformation stack using the command above to be successful, the `pSecurityLakeWarning` parameter in the `--parameter-overrides` argument must be set to `Accept`. If it is set to `Reject` the stack launch will fail and provide an error. +- To create an Audit account subscriber with data access, add `pRegisterAuditAccountDataSubscriber` parameter in the `--parameter-overrides` with argument set to `true`. Provide value for `pAuditAccountDataSubscriberExternalId` parameter. +- To create an Audit account subscriber with query access, add `pRegisterAuditAccountQuerySubscriber` parameter in the `--parameter-overrides` with argument set to `true`. Provide value for `pAuditAccountQuerySubscriberExternalId` parameter. +- To creates a resource link to shared tables in an Audit account, , add `pCreateResourceLink` parameter in the `--parameter-overrides` with argument set to `true` #### Verify Solution Deployment +1. Log into the `Log Archive account` and navigate to the Security Lake page + 1. Select Summary + 2. Verify that Security Lake is enabled for each region + 3. Select Sources + 4. Verify requested sources are enabled for each region and account + 5. To verify that Organization Configuration is ON in each region, run command `aws securitylake get-data-lake-organization-configuration` in the CLI or CloudShell + 6. Select Subscribers + 7. Verify that the Audit account query and/or data access subscribers are created +2. If an Audit account subscriber with query access was created, Log into the `Audit audit` + 1. Navigate to AWS Glue + 2. Select Databases + 3. Verify `amazon_security_lake_glue_db__subscriber` database is created + 4. Select Tables + 5. Verify that resource links to shared tables were created + 6. Navigate to Athena + 7. Create a new query and verify that the query executes successfully. **Note:** The Lake Formation data lake administrator must grant SELECT permissions on the relevant databases and tables to the IAM identity that queries the data. + #### Solution Update Instructions @@ -70,22 +193,16 @@ Pay close attention to the `--parameter-overrides` argument. For launching of t #### Solution Delete Instructions -1. In the `management account (home region)`, delete the AWS CloudFormation **Stack** (`sra-security-lake-org-main-ssm`). -2. In the `management account (home region)`, verify that the Lambda function processing is complete by confirming no more CloudWatch logs are generated. +1. In the `management account (home region)`, change the `Disable Security Lake log sources and organization configuration` parameter to `true` and update the AWS CloudFormation **Stack** (`sra-security-lake-org-main-ssm`). This will disable the AWS log and event source collection and delete organization configuration in all regions. **Note:** Security Lake will stop collecting logs and events from your AWS sources, but the existing Security Lake settings and the resources that were created in your AWS account, including AmazonSecurityLakeMetaStoreManagerV2, AWSServiceRoleForLakeFormationDataAccess IAM roles and KMS keys, will be retained. Refer to the Amazon Security Lake documentation for the recommended steps to address the service and resources. +2. In the `management account (home region)`, delete the AWS CloudFormation **Stack** (`sra-security-lake-org-main-ssm`). 3. In the `management account (home region)`, delete the AWS CloudWatch **Log Group** (e.g. /aws/lambda/) for the Lambda function deployed. -#### Instructions to Manually Run the Lambda Function - -1. In the `management account (home region)`, navigate to the AWS Lambda Functions page. -2. Select the `checkbox` next to the Lambda Function and select `Test` from the `Actions` menu. -3. Scroll down to view the `Test event`. -4. Click the `Test` button to trigger the Lambda Function with the default values. -5. Verify that the updates were successful within the expected account(s). --- ## References +- [Amazon Security Lake User Guide](https://docs.aws.amazon.com/security-lake/latest/userguide/what-is-security-lake.html) - [Managing AWS SDKs in Lambda Functions](https://docs.aws.amazon.com/lambda/latest/operatorguide/sdks-functions.html) - [Lambda runtimes](https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html) - [Python Boto3 SDK changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst) diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/documentation/sra-security-lake-org.png b/aws_sra_examples/solutions/security_lake/security_lake_org/documentation/sra-security-lake-org.png index 403bce5335934452e5947f7a011838ec9202aa3f..9e0e7829730293319bd64c3339e00eeff4e7bdce 100644 GIT binary patch literal 154956 zcmaHS19YW5^Z2cAZ5vx|ZQI^%wY6>AHnw)V#dd4E-P*Qo+yA~F-}C$S{O`$gp4?0_ znapI8nPi?Y1vzne7#tV?001v3A@T(P0RPB?ngAg`N(cz5;sF4dd^2HT1xaCHA_aRJ zV>3%506-$_dlHm_k~(JpxyNA?00g`sa1HzrJQl?r@IzG*S`wHWhy^5ZHnfA7_YVaY z(^P+jQ2jALO^xw6)R*KALLF_!sY+Mah>#(0^>xY9WN+_fZ)fG5cYmyf843WCN{jNT zyBbgcobK&fv%VQ9Hs!Jg-|)kWg$VcU*((T3@$-8FRH?tac=$jGD7_^eCeC%dz3a$E z4@++Y01za2{j%EyM4l+>@|+}gT!3OGvho^gEtcMWBo!o52og_^@JD7Ird~Vd7b7kT zmIZtO%M^Onh;hUtAa*vEgEydC+;JcRi4D^pLMX84$VpC8a+kytTu+!xJn$lskMxY5 z>!ri2Pm*=fvOUqnJ(aCBgh)1VMEli8yZ^mD(Qxnt`)PoLBGk(tnLc1;akbzpKNakD z68K29FLx&YC^SlTrTSh$llVAO^64hUYIJl?5Kts6t)^Z8iHx`_QQlX=ZU#ON~5;<4qY1X6=-#vhGQgoC;~<(sxOH(@a7i zwc`-&t!;8{5KtG}{c7Mq{XSKKL3g5E!U3k-QV*468;inKA|PG@9l225w0O9r2N*R3 z8dw@?A$5<+#ynwc0*cm&3TD_arOO2PHtz@07g#YPXuxwgF#)^J4vec{00jqtsrkM{ z4>mL7%?u(W5(qja06ho9(Rb6)sJ;`q5mbHy7F2*T6m%E_s)Q3Fw2QhD!xFTKi0}m5 zLjalsh!9|Ii-rd^y1~MMNEdLNgL~r#r3-)yz|@6ng+fIF-z0(&3HVARD}l)5_n8=S z2hL6CO@RRoqF2aM0w|eNH(^XkNbM_?Bdh>_!|Vvdg{T$ep5rk=!~)ai$Jb4n0!Pz% zRLR$hWZWsUfQS&3+~w)|DFb4^b9qz05swd)y=#B-*p`q7(Ba#!2oM#b%B@u>q=X#8 zNB0dE>&@>ezAfhYiu@B#ImTSnDaSe&Qh{DEdqRx`URFFk4}X&HfPn?74W*5s4PMK? zT#P-JKF=l>YSQ4q1`9?E-oW3kvyveWi_aLH98)Q**|v^zMI5Wr7bO?E-Bn5Y)T8YLJSRfIDSWHJm(N`}mu z1OxRrEIAZ0%tn$do^3D-O#~&DEk0bbUqV$Ppg`Wxt(tK$6HhoPwjrT(V1M9#z=jGf zoUivgimYUjWzmcRodSUp-_V5Nh@l#jW-2_>4<=crHl~VV@SgPrf z451j_8m$^FRv#Nl8_5se4Mz`8?tI<>-TAUpKR7$2^&K~^fADzNW5{9GVFz(oCzdcT z*OZIJ1t+9FRYkBx1Xrb#8jG?L4F&xQJ(}8)Dw1l5<{M2gjWKl+b(SKYf)LdqO;uw2 zcV|j`)#m&gx2z|gJ)X7Jvg@P$+p*^y9-T$y)S`@{m7JBL7xkd>t&;eHYUv;9yK&Ut zX4P0FoW37{%u4^H-=`UI$rw+~W`BQpc{Z<1tNK>Cgj3gTo@u^)gmbiZL~`qOggK*Q zPHEO?PG*i~UTYR(<`vls~r5o z%(B&-SBa3~?uoE@su{C+?CIGVtzRuF4RZJG1cEWS$vF+G6~gBM?S9^YZy2w}ugG9V zU`c{Wf|*^y!r{3Qn^N8O-OFNXq``{ulivB(1`7*)99@kw4~5W{`W7S%i#Ag=fSOKk zKU={^e{ZE~s%e()+A+ronZc3u&&$6SPiBQygC=2JXiwB0MpycH7F&P6_yx5FRfyJ$ zmiFRG8%ReRmF!y4gnv(-g)GG=ou4D0<2eSKbFngIi?FI+s9pA~tE)j@o?DJyI$Y{q z`o4I}jE3bGX%$IxhvmWk41ZU2%FnsLRltqs^3Xjw!#G$qXJ;7KMY5I`E-EayBxhM9 zEC)8`xUaTPmtGPh8ODC`Cq}f#dy?i`HY(!)ad5?zOfxSv2e;LXJ>fY&WpGSdU zjlhjSE9)vtFY8lQOj~W+gSL~l!5Z6|MeF#ZuIG!V^W#m;j5?kQyv4};m`molD1Wt1 zs7}~As*izBmCv!hYt{MIY6KzOqy~xR6dnLn4WtE(00IZR9PZ^45El*WE6xqe0*R}Y ztvHa@P*lQd;8~$z0zVh=H(WQF-s$GdMao6m1tKy5G6XVM94zU)sCLYkC=`)8k?p+h ze470JWOusN8b^*ka&q>)F{S{c)ZubERjsVnml2pFn7eS)s+5J$g{1}h6M!?P2TwG* zDh7L>-TujL>qfIZY*RiDg*M2!daIJB;0tg)tRtO2Z6jVG@#4z{9VK$B+>Inp$^$VK zQ3y1f)7y$p)B%&f$y%qenesJ$o{4Zg~mIw$!Zs%oL2+3?i2DfHOf zVkLdbM>(dH%?!n~OFQLug++MbR)#x^VHF_O!)nU19*>V@qi`dIAV;!@;R@d#^@0Yod`8(6a zx#{F5T`bK2HP%v_tBVqG8$-p#Y8JXjIfgnW{)+Sp%_6tLiOx#3yvzESmyQ&Q)RWYz z6zP<@iu!uaaCN9V1;tKe;@~0dQc3oQ zxsmtoJhk4efRpWQFHTEZ+PAtTd?(w?0_z)zk+`#b0&$Ha*<(ajO4c1huzs@starTU z>&$KM{$+UvxtZ)4ZuL0{ixCU|G!^zJRtgrxT9LY&j4R&RwWEclhloXb<)S*dhOvt)>&FMgxf>K_(_t}H_V31`$<^Y0#OnIR! z9;_|6wg=kN2KsJJc`EscEHl1R>?%A?-XqqfSI@)iP0Tz@RC))W}2}}7I`J6nXA6_i=XE9fjw<^SR zG&&x=JUCLBIH~j_7N_$8FzU9RJOG=YfE*DJfn!MDMn~hMEH+c)w`}r@Y**v8EH(`Q z!aW#LGbG?07jQx&D5frwjRPh?gdWBXx-cZwY`njAi0w5ravaCG=K{{u)lrrD_)72e zJ{>@%Y;hs~PVu`H+`Y+|gXY6(RWVYNG?tYGP=Dls0FV$f0Qg4^tH~XsQs3t4J zWng1Pr)OxRZ$$U8Wc<|xz~jpGk+m{%)FX1Wvb1*Ka^)rYM-8rz{9ncNBt-wH;%LE3 zq9&_ABy3}EM8rnNK*vDB2SY?e#A9!0%=JY?>|f14{_&ESIy%~N(bK!QxX`&U)7jXY z&@*y!a?&#}(K9j8e$=3KaI<#QbEUO*ApIwjf8!A`axkzrvvoAHu_pQpub#e*lOrz) z$zL7)=l4%Kja<$C+mp4!zlQZOK>EKR^o(>2^#8&A(Uj+}QZ5BES0hVx5i_d~_I&ig z$HvIY^N;%f1Nm={e`~4s-8!P_F=YN!bFq#jBhyFi8rkgQa{s^@m44K}SdP5C*|j5m0bH{{&6!M-~|9xu0p6ls;z2S0ljhZ{ zm!Dt79bXLuh3J1$F)esT7bIP74)tnljlXh<_Al5!pqpU<)zj1KwGPXL>b12E0+;ap zzsZ~(1O}q+`Fejf;eY87U<5^j3E$j+`4ejE519G={&)+;{}4yyrw>kvhSuGM{wK;; zKVUOw(Tuu7YMp;?^M_~jDqz3t4k8{e3WjJQ6 zJa3>@n-1Dz_Hj8K4M_GQCb(#Of3t2m_hCBEe%E|%{F6Az6nKG&l9U{l0{on>JKMXh z(l)WbPEPb)8g1739(N*ajJi4^jIJDFhD24@KI5`mQ8~k@{;w=PN`A8WF@0igeV((} zsrMkHCPv|~vAbQmz3Q2!A6#wFBz<+iPxP>EQ4!Pf_G6Keu_eH$-VK7q96FjUjriW- zda1A8;q6sr)#7{_@ALL3&StZwY55$D&pmS2+R8KUoblX?sWUK=%KV9zcC>DF{`Xp& z$L_q2&v*42HLqK2vy7RE{ia<`-7bF!`wc&+p)M%G&mMOt^1oac zjgkjB_cN4!9jI!%iMrpP(I#uVn^m30@V_f8f3@C5tE8V#_sGGa$feJ?iS}q z$BRYb3~IToe!9rHFkWz(RaTYM*Uy8)<4_2O!zPKsWly51X#D~M12bYa&T}1^Vf!0; zEu3=R8Hm)_@JTu;u@o;$=6`0K!ZYxJ7VYMARoMGuujzo+ayfpr@7iS_Qe7X7pI>`Z z(004_YPyQQe&OSf1)F@dnJ$d#q}k|3n4};S2d9CZ|=}DRN-XD1W z7zJejBz*kAfvMYNFXrxc41ZD>D#cJRJZ>aZCp`NKQ4G&jXzTSDcllK&ED|VP$BVt7 zR$mmZNh>a!)e@P@id~3I8jEC>#~J7TrY8CS2!P0sTC~$9H^=S^sZ)#mean@_oK@_q z`tvoG=i?}%{my2H#FzXDSM;5|y|l4s2uw{~u?rp7O$b#jVl>_NY@au?`Yu+VyOTxx z^S1k+4Z@pD&brwBcn%|sdySk9dlJugr@Kd`6-i078dCG+S`Y+KUe9;m-`}n?eqA=K zdnc&scq#WqVw1A3x#rheEvuxl+t9hJxfNx2KOKsBb~>$C?T=-Oi8Ma$rSC49WPeXg zd}S7Yx$Gyr+Do^=;D!+DJ@0rwTViuL({%fo7&5Ob-Bg-Tc7FeNar#gQPoxVfG!_|4 zBGhagir42G7A4{*%JF0CP)I_rySi3RvsNC*cPo_A{Ku|ZdA>)HFG@WZvs*NZ;Y}%VcY(VJC2!9)*l2wh^7V~R44+2 zR)zu}m!UaE0n8P+@$xYx(=;L0J+GrU*QN<0-x|zkhcwr{_zPoi3>LUACbCPby=6ZKU;;!bah1#U~qjtZGfo3 z?F>f1H*bZTs0vm9_yK}l9LpJDL0Tbyv4h+Ng@g>`Vh(+U>wL(YpzqwX4 zK_1Ol(5I%Ra;(}213|7xh-5&56(D9{naLlRTzQBnx~YmX^p9|Jw-8Vmrv9)96Cr{A zfPnx*Jf+t$wf0k3=%?m`!{H#J6z$$6V1}2;W0b3Oc#JW|Zhb^9?*3;LV8m56zH zwb-mz)b#lSfv(Vv=K<`3Aqe>4_%SO$b#?V}E9ZLf77#ro1|VMLT$x6?%Zs0`5a}P* z0s&wm^@obc#GaOz`6V7-XIL$NVX4x~8{hWC_eHp|sAw}T#1V-Xcow2)G3bvbHzqXd z?9P!)Air8Lh>`U4Y)u74UXE)4C}HUvgN1@2q3Jpu&$0INyvIBv+5Gqc>Z}HM} z$bonnZhNUrR!b}naNvNEVgMo--nKOqo~^H>V`v6+vX*n|rLF)R5D)CT+o)du_MCSmwHHeE~0j!>_-iXngh{wlAW5Ph#K%v&R zr{ltCV3+IL)%NAngUW6&kS5SrqRWphkf{lJ1KU@wgf-ttu^wjVQ}LeCt_8k+ha;eu^AaBRSAd{pq`phIILG{;PE&@c%~CMe*Ld2692PF3xJ-1 zPpCQt&po5T#2%cVX;j1sBOH-Byrq;@UA2UxD^N0@bjbK&t#;LQxmB4)JrlZ0_^3B~ z{@}S7n69?Ce>3zdM|I4lhJhG+vP=ELE@KYk#{>&;*B7@?sTyN_v`1*d=0<=|k6jZJ za9ZVI?_hNH5>%~>ik)PP1|yZHB%UvWkD4`U%y z$b?Qz8>!@4$2yk#Bi#AJv>qCZH2H&nAQ1IQAUCJaySA0_54JTW_lGraWYWj{hjlHd z4<$!I!GQnU8rGi_FcT2uU(LLY{fD6`7(gpf7FQ9{+C=_=cSCZ%LV}B_mvDcer??9I z!wa%?`EWwM)M8DHdZRel3+yZRNS0}^l!Xpo;QX^UG4a9grF^KWJ0Li*#eJPV`^-1f~fL1c8Qv2l%8DwIuyQTx^>;UixNCXiwVf zAB$|<_1Cx*9H0fr9?Fl61UtI&lUwm_nEsC8E4W`QEW`zwuLOg~#wc-1c2@@v`j?oX zSmg|ef4Y2MJwV%ZTIJ^2@5)Xdyv*u4FxUR(3i=Av4J!H~XLmXDl@e_TE(2k=izNTW zCv>?S!EA&nR|%U#w!Iga4mSF~>25BGf>oeD-F*gWRT-{y`a5?sS%klT{Bq;J{Wu|+ zoMYbop%;rRW>qteN{`TrzAefBIH)=Lz^|~mfHiP5TW#{k)0nZxUqn7pOym*^sS#88oZj9yf~TvkCgZK;((XS=ulV zP5&NWEAO4KQg$dvS>-8ulGPz)KW9m!LrgG+pxor4#6;#WhO)?O^CP4*+>n0R^zM9B z<EnlI-$V^e!^5kpR+H`v#oc2^gtE@yFNIJ>Cl+rAvGk9@zq z@5oQ3|6QjUYMqEXj3kJKw(4UisEVg|gV_$I^1-T0zP5 zu0}pQ?jdy4BO*D@86)lbs#ejj5`^EBK4o|tm2lJY?1Qq}uC82+ax4JK2fg9Oypiwm z>GMcUaQj`dAfbZ8hE|#vGT?7<^7_ppa(liZsB&=DZz^wUYjz?mbJEdVbAR` zrBfcL4c(5l6#5JK%<=l*_75WM5Q>?EgL+w>Gx~F}&|jOk24r`>;RdQ}T+duS<4ac6 z4tE{#48M{kTpLf+>x|y1p5XdkKP-f=zYUJh*3S&6j@Rqrvr}m&Gc_8eMfr(eshySR+2oCCV z1*OozHK{nI-=l}3(*GQzcqIQWHMdk&K2^rv)xIL6NMx{?CRE`c5j>cd+~JI`niZrx z-%i=`{*7+bhEF+u47&jFb6jQ(#?TYv`OpL|I!&a+#!@E)CP*m9s2IFUna4MY z*9()9eE1HprBLbD2X-_2O~ovPQl{l1#U?eTA4J}89EH>x?Iswv1&uBumdto+EAPxg$K7a$8Z``YdDSUUJW*qV?E%*tkssHS&@@BWtaB zbo)X(uR&~<{Z55@%N)jE9pdQu!#1{Wxyso?{qg(@{qn6rk;HSD>T@fh2mHMY5PW$( z>qq9xeV}eQL+&Bm{b`?Rz(#Sa69PbJSvmT%yYyxhb!cpz7Q7 zEz)}oMbDV}FBJw3>O6Z^HG`|^odo+=)UF0%O>Hn!9hnp@Gg|GB@D$S57I!XlI3+pA zacVj$+INwbZkIG>PWS5miqORmc}MJGE;w24p)=EQNs-x@*m@ui^kfL<^w|8g@jVF$ zNv6t;*UU9!PD^-$>Q$0=yC>fl2&~8sR|LO^E1$|_N?DBmEc?>nr8HedH$Wd7Xy7jG zsVMZT_4M!y1=rNdUHyDV@=N6Bh|b&S5Vx-p!SQv50Vgvai#66Q*iP0AzZw*s756Py z8&rj<*!Z8DSX!Q3?UEw=ZQ%$|4g&k`EJ>prYYA_KDM7fZp!@GwZX?%Kgva-3i93EG1 ztE*hYX;<{oWxs9;nvY0=6h8z;;s}vBdos&kxtuWFXFA>?lfMVGokNP>V|emk)#gTq zcmEZe4&PCS|UP2y#9b(BjCT&d_y zA179itNGxxB`!IMikrm~s{XYsbxNY?i91hUZi^75_z3)~Y~M^r*%;?kYsT#8@^{i( zu3BKT!bYo@=x39chYDoq-`fTd_^($$i1s5~smtc(uwS~n(mZQFz;LmdG1KwH^bBPmc`{sD%Lwc3!BH-41F zg@h^Cqk)`_(X0hIeX5$GlO!nBzG z8|ItWj4G%Rh|vIFyy};WB;+WeCJ_k__2or`T;H{3NH$^z|9y+KA_x4E7d8&Hzlqh`8E^dKwa*vvZXujZ zzKL2?1;JXzjW(RwR)#>(^>wsY{t@;1L0dr$NPWKO#k)Sla*aM0SRn%NJgp9T=Im*@ zR~?#xWeUlCd@3v=5Cd0deO;1oP&+uKswBU|iO@RltjA+V$34kqXKKJUsZ9w_GMYMT zaY=C~Qjn4x*G^$$XmLb@2FR9vn`Y~8fUk?Yy5wX;)9aW-?-HUA`5nm;-3ST#+L?5w z{X|?=b3%-`MLMrN+}0uUc)b&P+HLI1V%3l}LFO;Wf+Ot;Z4ok=|JJf!&O%y`1papD zl*#wtj@JCGM4@u8aB#_%`ejoz0FM90D!X}vCEWI{`Z{|C>Yhm>u|D?d$Lh7JbRJtI zLwwss9@qQ%RuBTS2Z7tg))w?S?xT^0t4{DBEL0M$DOv1DXDDFy1wRv1)MASeq1L%eUa$1(*SWAB2+zG(oO zwIzeieDHl>gGaDJ88bc&YOE7>$ve>a+STBzzN)2-aJnyiHfz@kw`J5t;&Aw}SBWh)_>{tod{62}Fwk%uj0>r`X!yrFq!L8HsH8G-a zQWTf-Lr>;W;xJWo>??$R%ABZ20Ve~(Ts&#m9|;#`8oGYWj_EsA7bi&;SQTTd1ws7R9?&2c zlZu$?3$=BLcFl(xxRGa^T1JqTA)41eJ2qJcmT; zWxE2kE=%Q2G`G)gwPqoD+~8g_h}u6N-Zl8H?5?@>#|4|nTZMy!w{ySUyxZJ|u!kmK zuxA*mL`meHZVOz?EigTP9C;}`f(y~39mI&{)ISA{zjD{%&HF~QDS=-&3U0q4e!?k4 z6mKjitwKe!DXxKjs)UaCED{zA_N*Wjkn`c)9t1dsLF)`?*UI5a;QkOmw@OZp`>t(_ zo_~JuLV_@xF8I3oaKN%Xwt90VBp;!2pG7O{h#i&iv5$XU)iF5=L$EVT`hhPsLx?CH z3SJppgr~nUQC&;Cg#uH%4gaCWk>peU(gtS1fkH@x&IbdE2Iw%(rVAjN7bN&$!JWsx z=l!YG6Lx*VmJNK3y3cnzl8xvvt(wd8yytUVbMupsA4nm;A7F1K3t4jK+-&ffokcaezSc3tnh{w1@hF7E4Tp?K`i{i^j_X`;nBn%* zX6c5r&>>_}E)qw7hQ;a0W@_thI^t8maIw~MQN={u9PeJ!j%;G>yy^8qZ(j{u*!Uao zmfZAUpn@*^II*kTCg=Q<-?fY>rhRoFdnoJH%hU7P71hvE^@a9#(K&%$12}M9G7h0- z*t@3FR+D|EEcCwG(JB++pO&6m2Bau6N`i&E_$C8MnC&e1qK-(*ybeFEzYb0-hyz(F zjj8nw96d+j6J#j(w1n?|&vJLVvK_t68Hh_Iz7hUvd6u0HW1%?AjwF0z%-;s;^hj`n zKV`1J8~lb(e_2qNitNSc{cTs*8t`oxx^$ zyD}|sEm<^ooIkuEUh{_B>ypA_u9krD+s1^5N20?FeX-`XTCOGV$Z{uZH||03Oy+KP z4!BHOeA=2f-dSry82bn;m7Uldl!hQqLJ}ofAZGbJ*Gmww6Cp-6!KS}Y)sW6M@J-eh zzhn*aV!?ua(_XzCOr9as{K0b~sd`S6mmKEmS{7G6)9sTA6wVT#TNstYYs!73@66q$ zbitu=e@Wv-T?AEoGO#IVA=DvF+b-i|W*m8~z|@0Hp#r(6s}xilGUA=%x|?F|XWc4I>sFzCQHi=spZM(vi7| z#fExu20G7R&4#pxEpB1Ktn4L_3nY* zv}GOk(ol&07;ZEzonS@Elo~L^ahRS0E>Xx|8Ue$({8|z$cS!faaTKl?wT-td8i8)& z;%KBVDQ2L%q+j#Pjr+yb0;XHFK2(kr*1nOnhA|MIg-tJI7c}^JT$x?W0=RAK4K*R) zoXYo$G(O`v=r{D8aBs-P=4aR@0!t{IezX?EXY6N?sbHDTS5$fnBv*zs|49Kd+yI3Q zmh{}#S}&|k;e+655~r`fJ?X>Sape?Ci5dznzMizdyjXKo^c$fRM}wzj*~Z?u?x3i% zUOF&a*#xZN?}RSK46j6FGaaLQ$sd?@ZsbA)0J4hnQ*51rff1F=&=sW6OI0C)FM$-A zPxB6=&Ci65#@kJho7fehJsi`5!c#nCFLjWN=;LBM{Zgo(+4H(f`n!0sgD2%3KQl5N zT1!$}>K0(&OC`pbfM0>2hhMjgs%vN~W2%E;#N1x{HoZG9KRdTCoAA^J9q!xoy6!Of z(lq05Ed0oSJ_{Cv2MY9kHC_0zY5maF&unzRf-Y9j$G0;lNI{sC6NcVU+7QS}b{Hgq zsED5_lL#^_J!z7}cU~47gAIEz66k^tH}7YXVP(0Y9>gQRh|>(y?Se~eH^3WsAscz) z!MwBK*OdTq8j)gM7O4Q(gd@O^Fjq^mj}wP>3Nb-wC1C)962m)*g)G;@w#`B{0f^K( z^|@Ht13oqKyF^%~QR;DR0EqP#)nn4|gs>O{qA3I2W~`dt7o)g1mgyQ*i$X|vTrS>g zPj}BXPk{`jsJOc@mx2#eDMF#urwp!TBqw0{07wcV`wiyW0Q}+_q&{vT)RMgU!#{_O<>`0;jAM5bcE|x`W#i*Fic`vL*^3k4Oc_^Bf@2` zJ*DAcu%S=^7F_yUla0clqJ}AAXJE;0Sj6@D@GUGXopXfc{tt06ld-{9YI(slmae+t zzve#=0qr`Qr8{n7V>=Mjd33~(QzIg}pF0UV?R$5kJ?*xxE-R zDfq(1Q8X0c2$LP%+@*w&3obF&co#i?e?IARbc%De<4M5PJ2NFBi3W;{0~*Ylczy)E z6!nB~Nswo^L=i;r^}(th`{5PY$V%}$Z8ZtYq}cm^F}pAI>7>W*QZ3@-Q1!TL)qiKz@=b z;;`(PIO8F(g1}mm9XJJJzMXa`Xvkv{(>q zM1}d7ri-MZd*_oA9d6VY?sF2fjOUa2o)28UbVhhnDgEpg_d>OFbp|Ok%QEkiq@J_cJ&TM>qb$mmU_xo zutykNUnnKobGr*vc!Us+^w1V;IXAp=^daU{tapBgMT&v?wCU)hZ+_}Xu~^9T3w`26OVkgZ4N$U$O! z;uxMJ+aSumopPDbyTj!BiQf`-BBGO`(pXo+!S6O?WQ~)`-}|FjI%I}^K{z`EwF)Bz zGC+4t?9o+KjWTLE^`U2KK|K?L{&ih413kFIgWU=pYgySp9@8WiWrtU|ExZPXN@#Oy z-(STLbQ0Tt)u z5~)iMNmi5`=BB3S`wAZXI1#-CCfCz3#>SizR z4l`x}27!=Spu~r|k}AEA$dZnFj zbHK;gRKKa5xA$q##yeYHoku1~{qcyf#hU8$oLv6##SJ+;KBE=q?Mc%;zla*SeOM>Mfi6^sCALJ0Ws$yEI$%&HZeV6FA#@Utat@}KuSMm- z8VWPE#qT2&OW_qdv8*3w;FSvp<*A13mX*eGyr}#_?Ms06sT0DnQ1AT)mCIlf{d??g z%=vl7XSWNj!}q?jsn;&p-HsORYc(+0&2ZhmOBdD?Ka zp8$v>XW@Nak|wZcm??eFE12YiRVXGhf>rn)(0lx{j^(B8H5xH>Tl1`W560TQ8aQk? zT2_&YKpHK&UztgM(QV3IjgIT!8H_|?t6id!I1bo^3S}2rgG^~7-87-|4~ z*(*_0_MM3DH6f{nYQ+_|cebY!5G)16Xha^Y@t(PgRkz>IM=arNA$r@0?g0c(+V@&t z51t|dl?Rfd`#{>SM{T%zHGlpHj`)Rh>mTMM767;$8tB%=5laf%ZrOOT*8L_LxNJEo z5@8CS_ZbIz1{~B0w_my*CL;@O`It*Mi3k5{w3P(M9$LO4nwS}?Jdaxa!DrfoP}X^o zyoa)YVOFud%g+Ja{308y4J9choG{MsHDdO)0sC~{x^byw4VsD3G;)_!FsJu~C_5<` z!4+L-WGj2lrPblKXyUtm^Ws6fl|9l7sk9F)EdZHa+jH_8lpR14dt1Z$DZ%{tvLeQi z#5CA`)4m=0B-p7ofI&P&YOHEddgs#V27osn1d^bEY!XVio0>FK8Fhhy)19X9;Z$9y zi6MaWv=}%O)iPT0JZ)`@<07)S&^J>$#fVD~T!9M&)(=9(y#tJSH7_&;O$AGz$64=# zZBu`k@S8_3mJugE5Kx#_%kZco%LN$rMMO90^rGCBUyu}cCP3E6bj8+IEY4D-7`^y4 zRy_nV7J^0nwRz1eON3%xjP#C34-EQ(hsAMq#;Ky^`QE|syj?8%KOP-xGu7ZW{xr-U zZ|({vBl4rPXY$Kr9SJw$CAR;10^&fXFJcNFA7wq0fr4bs5DON-4(g3-Y3h$w=V$5W z+V6}0xmgSKdW`?$PGL4(;2;PTD%%mCQR`{~O*Le)YWTCUsXk6*4;eh)#0!v16co=_ z(cev#msFfSjZB)*d!20Aj-GVF$?@~0KkQQbFFe(gjG9&zmn>pe_2nY|iS+Ep8OmK} z70||UVam=>_LWwyHn*A*3hxoC?$RjoO~0=6+#ky?U1QNCg$*@xF1v;;2bcKRx4A6c zvg3T7r+!%KXRPODsO^4no+eFBvsMJyXO|md-JlNd-?}4V&gO%}!L+mB!eB3}AweMN zEwBb%l0pu{Wb##Jy&5ZWg-=fuxMD=H$1F(Yh0X3;U&{!|gw%ECz_7N?-tZlZj+q6t zE*3jyk?EqwT;=8OSGW6xAlA?deI}6mVIeocZmsRM2gxY{+AwRB-tia=GPGFE8L5*v z&*7o_zOA_#>p`v96=d!WRSnjKA|sh#Bh`L0g(93zAeM}0Rbsb!W@!aPT_iQcFht2k z0=dMc89pLCbO@N&X*^vv*&@|(esNaBSdEQCt=E8gyAD*sSL`o~&Ls`H{B=ilkzwvO zM--!U{X1Q^+oMLv0ru$`c<&wPz**MbhwkFOT_`m9Ey$3JF|a{}cXU#}`w$6sO|ocJ zbS*`8o1Zbi+wPSsWf3aFsH+qPdod2Rb5-UIH;Po;q$5uLy+^jQqgE6-g<{rc0;(spcjA(NFEa^pIfX-LJ`{%mj_8x-_ z1XUkWfJHwpJ_oag-)Ut@a!S~|Dly1oEE3|nCT|bYG=eZL)Mg@*2htvt9oFR=tu?;h zT}w=~u!4@)_OS6c-p~y!2>}!%vYPOxU{f%R! zD@bA4ar>aq?vq&ook1cQ9?A>;rXUS32npqkYj#M$jYWSv#WF&k^%ZvG4FNvCvV;!S z-(cY2n#`z=7Vo4^yT+dSb2O{rHasS!T@eL{eiOk6;a)cVrkMqbbIIz{SS{;r&{(C7(G_On22#m*h3$7V z1(%(_RiQdqT|;oA@pBR`SW7@jO=IS=dU#3Xz|Y&H0eWZSu+lNH~TEFUYwEp_fZ zN41#UYz4h`^t;=J9g(uJD>uLG^cI^Oqw@I1BiyOk-$gWO2N8tl1z9J8(+@d4>;i^I zh7q465P$<6D=f z#Wj>odLI$~<2&xp{dnZa*-~gd@s9}5;J9gH)l6M*OG_QQOYj8VRjq;AeekDfgq#*# zY*Y2MF=272F#A4s;|HiHRJeDRT-ZR_Qa z3yr*(OtuNHjtZxp8o_#R;7+}R`VuD)R|IMzT5em-Rg^>(DXT*E<8~4BHdwqctt5_^ zMNi7eq7fq=gj;LtlrJ$eIZbcK&iUv4&wIElf7c^h5*}nX_Ke%A-S7LnUw4y=b1Gf5=ZL2^O{Rz%EAb%F#RNNu zfEk0Rv<6!BB9}=usCj;eOE(c5elL>nos|>|%Sm8LBpjUeQE9&|P5=T)!Rqy%xleLk zl3n82LN0#whzWnarmWyN^k8MUPgMXysw1#r43(+cm7+DRwGp|nV=EuC<;|z_(fBb=Az?|D8yR6P9F21X z8z_$j1jOL#i-6?3mLh$}evCa2aKs@N_~k%$gYsze?xU7n4*#6(QJ7)6!3lEc8%F}J znzi=*tmu0ejpCu(`=_<&05uft_3O1M4$kolGNgsqz2}Wx56z@^qa9D*g$V`J-+#q= zn?w3hQ=wVD>$N++IR5(F{9cyV*qn)CWOVV_oaM%XiZXoI#?n#iF}GtOb|fgN zjh`%os`BxOyBmcs0_|Rd_yH*jw0>b)I2(__a&*VY&X8XNLHvSVxbP0Sy~}OILGz_M zx;$XrFGD%~M^kX3`xRcv1J31NVT)ZvNbb2gBD%@v=I2w9ry3nkO0g5RXFud6ttTA? zZd*Pb%K%*leOx+JJYm`Z<(n-SJpTU*I%`E8P;Ag_{TaYIQ&84RDSn||{7!CX=nKVhi}|0~2(F2^aNaLQ$OC(S#( zmH)pSqGShgM@z&dhW#(4|BtDwjH+sFw{*84NC}c6UD9m2ySqE3Ltqoq-616n(%m4^ zDc#*2(sdVl&iU?G4u9!bd%f}Gob&k)Jnow+1SW=M+o|46|NF%O;EwMa)iC9A)n;kq zmDWdnWKr>*{_x1lXW#y}JRlho02xgAIkW}-@4K^Jfk_x$4%Nx9+&&QY&TfcC5z`s< zgrB)k*Z=RsK((Y8tl8ko%&Bb_Gm*dW%g-2~pttV?G*EgsL^`u*C*5fO1*C#h$bo-N zGL}}I!{oGw5>GPvmym!!=}RgUh{xay8Vpbeo6Q5jd}unqo&Wda@~{e7vpbqB*O$^X zFgqj17~v)f-rN4A4kEz$o`=HJp}Bcy(}uz(BCPy}0xf>!i~q{^8~KD8GerYg>JTLo1~5*%UU6a_~P4ZlO374h^e0?2TK3wG^v06D4cH^AWe>1_>4`K;?M z+!gVHv;Ff&CHVyhbBchF2wVMKe=20_?+z);L1lNLm2#pQk4=y5nGtskhJ(fx4BXTH=_Yt`=9xun$D7&Z9c z4<(n!K~xTwhp3m5L!}7sdtoXN>##q5+7oVc+WQ`=_hCBZaVkaDB3W|>~909TNf zq2<(X)&25zC$rhM7~llPW@OO2ySvB6#gTEl95Vj!J%FJ9?-E9X*eK-<1bw;58XUbZ zr_>yNiQr0f1)_!>(T7PDP(glEH_-lPPkbQ|0sy`afn5vf3t=H!CgBcQ$`WZp~FRrZ)|Lg zmox%!RT4N73I4f@SuHS(k7b@g-s?X@{LH49dI`zgo@Z@l-wJ!7 z`gad)*iTZY&%w{=HReWo+MZ7$`0HV3_}BunT2j z_LW_Lp5ukdN}E?cK5&j$GGO}1ZFIQ!Z&v*kb+`a#oAz9N$H70Kbw?T$|J|y>Wf%r$nG0E%M_|Gy8 zNJ4N%`q|*b=0GHf9-39)>%I1ixUV@-k)hUqD0no!`NQnMk?K(5$tbYNu*3=9!4dXL zVKICCA!D@AkmG*@2Y`W)-KQXLkPUx~ny=5eCN9HBUG;}dQJ4XG2Indn4OTMoUnD-cybPkUIdX0bDizg+e&QBw(mxwIfr@PW1-+M>+12+wHD8iu2^ZB}^#;W&ZV&~`A{ohKP2eb%B|6_y~uE890 zX3LD7R0zhtX_~=DWnj&ZuGT-Ctvqh#E!%Ko?Kvez@z*kQ5De$JAH?rp*5Wu2WE?R0 zhlPS8M1uXsn|F$EG+m$9lPBS%jgE{;&i4Lu2;l;!glV~?fDh-#o6oj`kc-##}njGSLlz@+J+A(|guNDAc zMQHp%)XWd6Jzj22lr1MC92Jd(6M2;dOL?{>xH$C4^~M7sSYIVf&SE|-} zBIQ|;#pQ<|OVMHl*eAGp3*E3#q~>bX6kWC?XG}XY%en9_js7L_V9-J(&|||Khz=;C zEpZJBhV{n&y@l{ls^lEk>F!lL6dwvz0;wGjAyK#dgi>)nxQ+n*nypcr^TWn;awhhw z*|t#a{uMQnWz)_=0!+%BNNbA6`AG)X1aI{!p*F2}$~cBY&EqQde`7dh6R286>JE6p z`jO&?TH~d^ws}C1BpwJV_7&!O(T-Ag9ayGf2&ny zn+Prqw8`lH^@d=WP)vj`K_*8yNZ2+i4hOVX68}g6bWr)q8{b^I|DtgNJ*%QhHwaMk zAP#smyK_}NZ&W#HH1cYFn>uP&EAep1YSTwRo&9Ej6mcLnpl8K0{6xk@A+GF}JT&fD z<#^o>pi}acCe&w4lI#X!+oz2O%6MlA8G6i7+F#bX3Dc?`ob-KVkp?~CfP z^HZKHJn2WxG0E(qdT22$pj}C&h*@*awR7Oz`&CsD*>IYe?zxHHx;-7Pz4z;#EXFVx zBapBEl0vOJh)Baz=Td57EG$LJweM=Eb-T@;U*>meh27LeR)jA43~Urk>5PKrv*;zw z=*16}Pye{wNouImVq}+Q^XG{g(QKsQVf&wytlAnhf6@}cmzx4zBxaIXEyi8${NqQi zt#Ep@s!6@e^e=Z8O;g!6E1ctJbSoi~B9{&=is=OD^wzbs=kXzg=U~1Flg>b$^X?zY zEX7f>&&Bc9x9+#Hn8OtEYTZyn`~f4Eab_;@`KfBF1zUT}d%ZG>{9M|xHIBSm-2r-R zlWT2jHhHq|4Sh=lo4{NT^%nI%t=>$((*F^T%IvC>9|~7!)YiD&=btu!$V<@wy0!hD zUx&`~0y(#K8M+LSyTu5a44ZbgVIhF{tDAl-=hgCF3CsgGdn9In!RMlD*K0(ZJpVGE zN4sKcB}h`mlTt6m@FMO30v{JKGWle`+rL~eAawyj7=EsZ5cJIy7NWzlo{h19I zydo^SpOBk=V7ms=U~5Z=kPc--D9;{ zT%R<@b6vWv!MMHY(h~;puJfk`!PbllckPC*dWNTt>E7-W{{iv|zgQ*} z-dPa*kK0r&$o|*Q8krWtek`mkzl&&eH;YIZ6}qtUpIV0}KMlOqiV#1Y)F6@>`Lgm` zb98voyaj2o{4#?$%xv1Iz%_asbzicWlB>mLAIV+qz-uMMW_S&Qnt1B*GKWn2x|x!q zAbBRhvr+pWTkcy7%5w0`Q1J!7buL7xABoz@ONN_v+;O2-%}JkgKW{IewuCCmPZcj# zsPw{VWwtqX*`VLwYwBvE82B=eap4-@tMq0Tu3mZZQs9 zjM67O2A=EHMzB3}!(Pq>ntv~pb*)Pc`ic2#sR!Q$pZe{}?M40?+ho|a)9ylE&^ke^on0m)WrKZYtwsTDm0JL!k3nKu9lu^ zywjE&Cm)>4zgD^h{hsd8JDJ`Zq(QwNmqNF*)#lT|UHeP91ewczNYE(A zFrALhgvhx*izI}cUO*xGglG7e6Dmmlz2fk9Vl^ggbEqIb37YjxjE7ZnV@IMzJ?BcZ zl^Br$Oa-Y9mNR7l+kS0@#xZ|odVh%i;IJa*J2N|jAYRo1S>eV8mq6WmrO79ZNCZ@Z z)9t0euSgN8udnlg+=>f#sq81$AWc)FAl8Vcwl_=2ZO%I{5MC-u-Zm$MQ-(dDg`O<=CsR?3Jc!%@rV&tPYzWn5IojT`%Ai&I>3r1pR1?b6qI&&YjQ~UwU~g z2m$Z9>{Li|yi_?aI<_6GlX^_bu(%G4BKK&`S~%;6b`p02dhSpxh&&F(@QE39HUwhCX~?+sM8HmDlv"nHc*EFO0I@%cmD2JZPZD8%Kz&`vnA zw*9t};c;&7QLUqQKy=n!m|(^i4_*s!X0XJ&qj3%F$!jb7R0KpB;RSH9ItBrG>7m4Z zu3%3vHr@5tcv{1>DN+LD14ddIdTTzD}Re0Xd%~pU212L=8j5n=M84E56;##N8!mZAv zy^Q=#Zz{?KEn(p$x4I)4$=gm(E)&DZZCJmcu0eh~=67rkuL+l0vs=zDOx+LDoVS4` zp8JMNkjp~YQeuD^=QB?pbigb~6peC*-RcSyk^hD@t}oo_Q^Y_`S`g1R-P^KLO|k|F z*;~gFCtG|nSHhVd<7wneO?$jIhW{G z5Bx2dB-qkv&BF~E?|xwk!${vc&4`t33fTxReRitq^#CFUi5wPXi1z5W5%0 zfd-{2D6{0FPx9)$^qRdFaI9>)5D02ux2M+75vlsa#0)N*cNva=MM-V_VuWUHo{_dv zJo}h~goHs9IbkCnk05j|Trj7ihw^pD{$J}r69y{9K{~xDv$Rb=#lmwo&JN3a6zo8K zn}buKk{TcpC!S{g%LV^?ms7x|%#oW>r0ECj-*l4LUtlCr*$P0OMCn1|5M706+O!57 z1!W_e;0hS4mvtZAZ*Hm@~!5*p{h-XV_#|~fK&u2prBS|+>bRg@>1J5UF$NLtuS!d zj1g<9bNr(=^A%>fsixU+s+LE)0P*J_et>1msz%`Kllc*k7WaKtzF!iXH0ka!Y6)BrwjixNz-s+&lMP`%sY-v4xWt(bk6;>eXI%a@Ud;9h-|E;}0R z5yjseHwOcG*K?iJEO@*c6NHO0S^=y*%XNJIby_Yb;n#N^8)itAhlNYLDo+$qo zzW^DM>#t*!(G!xq1=C2dD!)o!NyII_60sRw;6w|R@M;Yg3!^RFkB^I*X)gv2EVJ>mz$h!osrS0F~6%pJ?gs&P2_ zx-bGGH}X?$#OgK;Z;;c{s2kplv)0*tdnm=B3-x0kAgN&ji21~3w)?a>4jMl_+*aAI z3A*oQ2N`en#W=hOIYpBS9on|Vff6V&LQ&dP?gC2`wlMH8NI zC1^&-o>9-Q9==To80xRBeoJ}twRhfx$2B#cspdzj=)-8) z$1Erb5%GHVUAjj=jRo5&nBt@G6Z*T$ACtv;H85FF`&(T#VslOsTX3 zO@sYB%6MJ^@{B_Agvl&rvqO763sd5fS(Jz&ZK@g6DG3KqQ`m}El4W`a($q{9i|NR) zfeipEK5CI%`_ymPEaR8DuSqaEc0K_DNs^g-Ub%ppMGq`N$mr=0_QNiwnyObX_qA%q z&uo$$>U5kSI~)4c{Qh?)_J)Lgn(Pd6Im~|sNd@YyMP!pc!52UMSEvT=yT)YwD-0i8 zkz#L#Cvs)WEr#-BRZ58-ez+G6I^2?RvB|rRc%6?&5wN{x8I*RsNu_)vTn6KVD)CBg z0!F?M>9JGqi=$4GDt)Y?!S)x8RAWp>b+Rk$>-GLnBN8yzWFSXi>OzOq`x?)|K~z{lX5kvQGuIPHMm`aL0+1Sr=CuePqC+;{lS z2728Ljc}jvbaJvjzoe@XFn$sc8D3<+QvzW+`;PpzxjKon5ly``UjJis142QisJsX` zW1zvy?cnYWRp;5E37+XFnsg0ad_R!FlUOk8ey~=F7#6s8{`9wbe(ny~2Q)P$3 zP`7P=bRk2!A)B5ZMIt70)A72TV*a%Lvq~pk?0@BOz=wb^5Cbg4I)1~9F;UAE=-UPj z=A8`m3w+m{3$tXs<8GJZ%6E(MT266^%iozFnj(4H>eR8{JW1q#*0B!DZAn$VD{uENfLxik-2<%}ddPq{?e0 z$@!uuwWq(meLQNVkl`5?8XDW?bwBWx({Vsax|9nj#=#_>o}Plc@jdBVkdyVRewUBl zmeZc65{^u;^iR}{mt!op*6zK*(RQGX__sSjA`kUc=d*YT!QDW(>+G&efeBLG)(?g$ zYuiX}VBf1ega-enbw$6sCD88Y@I|D{*Ugq;P2;z;m#ebDca`^>Bj#u6A zVX%(aFk!|JTL8lPPot%}(i)Y%*B>68y{wmQ_z`an78l*x)-K^hfaDa=5=-38Lc?e6 zbAxd@nxERhfkVO5znUr6(_8+0ArsY`)s>o&as27+$73q+vyPin0|5`0uJ^5p`+5k~ z=8DfVU0pL!UUyh>o{=b!O_%NqzIc8M&&A7SId2DI!q`$52-Gt!ESF%<70NE0DRFP9 z2`>NO;?=n=EipW=6=$1p{hvMxP*DQJSpv}EiTo;!dP6;XJ2Y?(yO4V$hEz| zw;XN}XfefQYr2iLtT0prRPju*K|NfV{7 z4k8Q(`8`1vnP|kx;!c6rAXG!h^|3)E(X5$mca<~Dxg(SK1jwm*(EeDd;?2;OV)r<20*m#ksOeB}yB^aDWSa~oiWW9rFMCFO>){&nh$C$!k8)J(Oz{fewSZTPA01o2!T>^&(ug;Dq79vZ66K30t#Yf}+0%S(yLr!FZf@G_OsK`vnP(Ja zRcRXsv*)%^gtgRS{6lI+K*b3XU1a3*>SLF$c=YYI%{v1w$}D0S-&sHkc09Rp;pTDfkS4bT9@ZPBk^bO>7n0)YISePRMTIWWnWWE0Ijm{sSs(LR12E(`~V z6I4bqU4$00z3lqjn9{EO!Tk4M5ap!GMdq$wi~9ylMZ~M_pp_*G3IOHf#B{?c-mYMn zZ-xrscaX;@f@Cm4NRukpj%C5AYZvH=XU*8Ov9y0GSAtSm(}=Ly-5OO+g{ShrmQd4S zjfJk+HN#?70Nu!Cr|rejZmxm!$#vm9+-m-_go2HM=F*jc{w<)tss;f`PAr56xwsfZ zx1u*VaL(7No$I2@z;&m*SNLg&K+;KhNvy0@M}hl&_t3RF=A{wEUNA8h=3A}9q2d;- zV6onp7UD#{%&Q@92!^QPw2w&*B2Hr?Emv5a$DKivhsZsFTTyZeTXM3m=63EK5qmDx zMY}Qk?zTl@?7e>OBn^2fOlyJ|YbKmWQdkPU7hK#}%7XogrXHY;FM-m!C9JQ!o4O)3 z!kHR8k%ub*hkaJd_8hnJ@FK4?iEAH;P~8B4 zAB~+kQq#33TjO#F%XQxh%cHX=`UsVL{U>P7!@*BjD>*XuNZ-MVP-nYfsgI^2Ab9I* zTN(PD&Qs0|)^+6&Ym6NOyW5XndW93(qa|rcf%>SBJ9jTteSBzN33z8D8lI2F<-@6N z<94c5E})Bd4#<-tIG8tRSwOKD95@xIa8IARZ844E( z`W=Aiqrn7_0XZF|EId4m4Jge=S5|B-vPAte7FhfZb}hdTmKVw${T!mvEbZ=Y)aK5o zGOI>yQaiHZ-~JGUy4(fL`qo#VBOr*A_XgHnqtgT5)T&o{cX-CCvjd1Bl5=xw<;$ki z#8JtyXEP^nb)+&t67+s*l9ejCYRO?aVI7KvmMeT|_A(A1^uG16&UdNJux`8J9`u9g zT=__aN&gZFfmUJoQtNd@f7=kcK@yMT%CAC7GJb62H&(bRtzWj>u57;;;pWvvB84~m z`YCYKdcwyn$w}o(o#f**K9sqWK|DN>G&#wK5`%%CfQ23~iUPQRkOd|u68+JW{e+p(95(P>nd%~VqA!VQNqD|DP`iWF4_ydk!!h5eI@LKu?M-$6?&u5>Hr z0e-QbB~OW29!}H@tS!A!Z}l$iTCl8wjRSF*1ocAd@y7CaWo9@5^}&fwq2R&ir)z$e zg%Bm`Qwsf@cQ-a?iBe=)q35|Yavfe3WPE(O#NIaszNat@I8Ik->^3w9Gvyzz*R6aK z+6`0zp%JeN<6Tz~H~j>1Fxm&*V2W<@cZ)IU zWWnk4bxAGGMGl9ULYs$7AKk7u@N#0VN={hB95a z+WymLV#TP)d6;UrWvlw_gruxjhNKRLs~-(^$FfZ&M?jd*OKayKxl4EASG#w@%6ssv z7URNgk5^h3M1CYkwry9z4U$3&(%uy<1s?5qq3X0hpeJ33ciz~7y$ST zmnk3<%hPDz9UF0zpRa8!zrz6SI4?GQVzyi6nFtXPdtJ_-??twe1J{q*HFB;+UdZRF z)5!KktQVdCfrLyfk`+gQYBVe7FIkgm*p4dE2(Jv~wRkll98zupJT!3Rf^foU#ILg72TpCSh3xmjbD=T!2{ZI!; z#C8XW&$}SOaYv&}EO?u}ahYqiZcab>8+e*fVT7`aMx0Y~JST{#(Cgx)`^XW)T3A?M zy?L{D_j=K7BcjZNmP7zUH!p=Mo211%T$r_(!M!L2P`uKa-&+)eB1Sx%Yg2NeTOt84 zU{dkkNrDEAMQ>s&&C`Ew;7gokHwfn??H&I*+nbCsUK{T&^Qa9CPNGIk^517q;)5N| z-KnFD<#mYt{60>*H(vdeJuJH%8$)+waAo6JIhA5x5tjX>%!kuZ>Y&!?)ijcuOTM8I zFa}M)We-3-(ng5$w+{h)Lt}n3_(&J?^DtZwd9&TN2i-e}>^(3v8Y2UFeEkSS~0 zrwIYj7o&XlLmN*oGR#@5Zl|kQ3k`qjFXAMOP+=cEGXy?Vj3bQ}D+mg>0}2D$)Z1?E zSjYp8!ymBjLs@>4l&NuBxbM8dS}0A}v|V~1BZDtq=W@l)%cSG-SlhyrwBA@7-Z5?W z6pJG#9rv0HPV)Sjh_13<#!nO?14W~xeqes4EnzrwB!=EKldN>4Y%W6Np1^)bL~T$H zmycA#st#skB8gsv z+zK7;(AQZXiHH~Gy;x?f7$L7a(KhSAtDCkXooI6ROHsXC-UR<787fJDf*{h3b#(mD z3VcEPl&`!#-CBcpEYBUG#`EfZ)y6@)2&*g)EweUOkWm9{cZ+wE2B`SapQo?=DKsMZ9hfi=@XM4{u1Ncn<(RjdPfSo9a}Q|cn?|B zd5v-I7pelM}B>?(wYo9T4S^= zHh?+R`SD@ap9q6Qp8jw8NWuXl7*kUIVh9ryxT2#bM(p19H6HJ@Onz>#QhE`RdgySk zI((oaH=BDB4u(xNx9!FC=|6_G$~~BDCb#-_aJPQz`{}qFkA}`18 z!z1P}UC;*^rTq@oqmJ$^ztn_+!-jb!X0>ibwe*Dsr9M=@}%^HvDrRxC^8bw_h` zLhD>Lj62Y%bw|3568r2DC=Jru1-~%i#f|+N@P(T#mj}cy6gM-rak@AQC!A?UT4C=u zw?%`LWh%a_h$99VRu}=O7t&G|Gl`wF*xgEzRN>|rhRF+2u zAPS;=g{m!gY-r!c>~MXr{(7j&PlYP+kG|qmIz-%?yBiqD!s3sF+24d%!2~O_l}28R z3Twwg3oc0u3=N8KE+T#7z3=DFPvp%{} zb>)7#+1Lssu#J9Eur1dL2@Xrl72v&`5;D~K$iBnMy`~>xk+OMC-O&@^oxa&|rY5Ny zBL-Qwb~EDomBNOeZ{7_%K;$)-e{JIpo)R$+l68tq6u^k-m z+eb^|;nRv51_U?&7svj?w^ieS39Ny7+O)bL5qs5tQU%B(c?Qp1v!m;&3sO^$H6GTt zvkW@R-i6IB zMwRjv#!B~5Rcuf%_J-KTI5V(U*$mLzUfBdv=tLnj&Y!H_UWjnwNbaivA7ly^Dba=1 zA$4ViZeIRM7Tn13;QW}f_0yjVSy$E{&p&CRB_ZW=r+i#Zm2J*G=Y_CH)EIXPToqyH zjeyU-ZxJTb%HtqIJMBr^ec2hKz3k`#Ei^IA<-V{)Trfvt?XT={J>EHV}Q#~$`y<^Fmf)VHst%Y=yG zmC*-niR!ypBRzNeWE~2W zhg4NTI0$PJ7$~bct5S@8GK0~VCl4eMXb1GD=tr-A;NR*w^|V`&U(SfcetuG*vR~v==H^j(54EPqIkQ3l14{`pWpgc0|@yIPX-uI}~Z?az~voGd2pq=8! zBja>)n@Krm5QJNnNQsLQV`KLqzwO{AI82W58i&*XlglcQa`C`^segQP*E>}%>!ECK zO;hyTT}+~el3AN+&1mkdSFtDu%CB9OI7!W?Tp?rQyFS?BM^6+3XS2XnzOu&oYV-K* zNOf_ze1+E)l*Uybe2*3+B4tUM$~1yk*4Ggq6NS8>-nqyHK+sydULjTdh^wy>W0^#? zVBLo9LwTyYGxSbrmn^PY&TZPvJj_L-9TUvUo@Z+7pd5wzJxe?qDXRW z@WnUYOfP;3Ev7?5b)fowCbq13{yS@1+o{(xG5udWGPq-XSOe?OMIizUiH14H$>cMI z9AL!~R^2X$#W%IePuY70^9ied`;wZIguQ<-d@Dtc%{!?uoFcFh!?Z`2e{%ItGekro&;AF#kJuOVH$GP*&~2fH_ZvY0PEe%3 zmpvImVUfS7cbvL_RCGYWRo;J{{ZNfxfgenW`V(6ogVPdqRD2)hkbJl|Lp^)sW6Nm-d2L_( zUDtKorJN7_LR)&?y+J;e&)GcEr3FEEA>6uU2z<3@QQ1B;ap#kc_|ysDOwa46#P z`vUewZT2m&2)y=5@sCoCh^NfUsIm@;*zbr7XStHw0;DJue(>4~0Gg zS9;AHZYnxb5TvkQ*ol`|Y^sT*<^m-?^=zYgEv@Id(Oj)}$H0YJZxx_D)tegykb4 zo4Tc0{sD2QBeL-Y0YBUlfq^4!gtDb>19GCygY=l!EZnamUllW*tS&eRLy!|9`b?|PUK$l0Iyo*YmK~N^`4+3g$W1{Hu|`PL!OqNGzoDCHu7?e_ zi2b(IBI9EH1a+33*N2&_!vqhetmS)gd*e&2kSt4_%n?y1wlbgFC~w2Qi~0Tv)487p z(QP3@yfIkPwW0V_z6J{8($SQ(5wU-rgi+2d-dC8TNK%&&Z;C2xqE+n|$;F=J-`1cN z1o1`|q6(Fjr=@;e%SK{p@YUGqn65)duj?+#t0K<{^6^BC=Oyk73WY}(D~iNekW1UA z_?p&JJRHi{_4PLhb#fr6yC~6+y64+p_%xLT#!-h%MQBrX&4t+aD_CyO20g+n*sw5 zNah#B3SRaTedzlv5-hyDu3JVy<%Yf5w*%?lqzAY}CZn7Hd)E2FbdxE{(aCmJcPN=dkiyf- z7FlPGw7v7ZBjjoksJuQKZ6(wN^z(5pS~%n?9TTD>e+Y zvbJO>B*VvSlG5xm!c|RISv?vHFPyWlh6+Jh752kz=uD9(HztrDKBz+Tu~ppmw&&U( zM7BCZq=qAd9T&`SBmJM|Iik4hrAC`%x)*wj57jF)y`N`vJht2G2fV>*J?mn8(IWM& z*%9A$qx5Kp<+#MBy&g&cFe&W&#b`R6V?Hr1J=dzuA)WV*J$wvWDw31aIZ^S;QAs^F zBaNnCzk6JI_7g7Z(9BaUBEo-m3W9U}CUd=}e-pt@q}=VMwd_<(u0q1nbIvp>b?}^C zBq4>Hew9UR`E}rPY@wiyo0&$44r&9zbwa-~1YU{IXv3f z%e%gxji=M{zFp9}q~Xpe612wJ&sUkdE#4RQ40W-h2gkog{lXd}?l2);R03|x6}=>{ z^tM3ZIPmbA?=Ra<*>~HcrMsMHu2Uq&Z6>d^QNm5^a^aoIFv8i3tK6iKqv$cEc)&-f zmD0Zv)AoS#2?%t)I>`04+EP`v6_-ULtU9i7H?Ohw_LNLPLEOTh^DCSIGwn7;4}f80 zMQXeqThuDD){>>1)uA_oOL10waY`V8$2T?K*B%%;33v&W@NpbB57$Cg64v|d!&p5Z z=56sHsXm|Rz@pLqlC*rD>}I~MNUPZa70i^MeFtVBb%!abvA3SLTI1moVixY8*;wRS zcAO$J^8G-Sb^}rO9H7#YeC@<|xBZ?t0Q7@EkcoI9=*(l!k=;H9$>t z-fYQTgO31${uB}ll4Cm3D#AydEGA+=9MFPj^A*SJ`H_sL#VW~x=iOBlWd9RA(6J@o z4g`5^29p8lI#+rlo~U#F-LrBzs4G|83O*f^+1*9K)UU3&#)K?chY;8Z5Wd+3c?hyl$XM}HYT?HzwD19h z0am6f5E!y2u#WUU(7&sr{(Y2np_yQ@m34{g;Qwy)sW}NBoyPtN5ag$o#K&O1`}@*( z^R#Squ?PKx#gAL4AP?d6cQHr2rp>vMvUYM*l2uxZJW%|22P9ScXZQYpTDAW^h$M;rvq z<`a{S8O>_L8R%3wi8=f^{t>>Z0nPm6H$DjgR4?aStGk@YGse^Da=O3HJ(vPDV1s}x zAM9sOO^rpIMUj&kJ)e>nzWdap6sxsb9?EO`V(d`yspZRN1~c!q@rmb^@ZT1NJHp~& z<6<{Kbj%m^&+D%!DbqGzOrEG?_VrRwiMPCSHKwfRXqPVybLP8mXyt*YDE=-C8B)8x z!FKIiG72RkUsR=?c%Y=?sy*Ju_wn&G$ynx5YhI5}P*GDjvOp-So@(B7cNCvr?^}c# z>6oX%fd*=WRYzKOWQ<)0BnaX)8Qz^J$}UJJar}2sp0kYSe(J`pPa+gj{M;eDd1vS! z_cY$&cj=C`fAS45(%%vk=2wJTJO|MXDh+`z!f3^(UTl#`A;)^yYDMa?lQ;L;2p4{7CsvG4enW$tPL7B$0VDuik(_J9YO;F#LT^+&Xku?D zJE%7X6)aDbxt(t;$87ouXWqYd+CPFqp*AM0`4mgkM6-bU_aNd;cKp;xGckS^C2g&G z`4T!^wp`b77gIJ2L)4b%r~4|)DVilKfRRW}M<;W&V8{Q4QU9&)T=*N7&6hE5FOz}} z=3I~F^A29d&2_V%!~o2^0Rea-a-d?{^>pHVO3D*GncG&=>=Zz5I<1fbx4)Y)(Oet5 zT|iVkFs}0+Ng`+V^QM4eeENsIC9MOGNxRR+dJ-0M^33qgzm^dQ_0xVQ?&)Y9A1KvY zJe_n+dTXZeX@&EsBh?>cjD*Br&B-y}xnlLaj=(|-Trr;%YUt6{;w`z1TKL#?aKuv^ zKNAKR*YIahcU--%r>7Z_(P=g1Bm@b#R_Rolkv!z}&{Q|1e-15~@U z)&vlvb!5V2_&mA4jOfc13PMvg%ruhf<6wLSdWPP%M=IKi zp88is9}pE_t04q-2*fzUe!HYy1R{nhr4rX?R&Y=x^Q9jhx|p*u{t3g!BFn7pz8us` zj*MPVJa&|spu5cudYn+rDK#u~VQMMAVg>u2pir%*4iB|6ou+#*g28KV7V7 zy14#0szIO!4~TCx!~!GF2BjEU$zS-Qu*k2)f!T0mJ5WdB-z1@bUGc93N(xVHn7|(h zLH~RvD2If`NS^yVjdwBm3I9HyTPf3PqKELJ#$|_!G0T^w1Zp(^^OeIY8c*_u%S(g? zT=FpdRRXff6%oL+tBdZbe?B~76G?@GL&Yb58Rdv3cFM-yfV{rGz6p#Ee6MD6y4pD( zw+ak)tN;mc9?klJfDkWm1vF{{Sf5E_R6L_ayhpqT%G{3KZZM4LipESlY!&+&vg~R0 zq*kY=)yNhMR?AF{*k4O;Cx*rC_#_YD$tw<%lebXQStimc@VH9*CO$abtfr*LO z!00|2SAiFL>&qlkV8G`fQ8lb8w67%z5W4ziEKFD97xv?WslabMQCzO&p`NkbpE{?H`8EPq|XNhl2K^tSB420qZvb%S?}=GD-FNo78FPU z?BvmHWAVP>;RI9yc5wg{FgUr?@F@p^)#+$Ile$z|sM&}Oqx(_;{$7-FJu@_lrw@J2#^RSoou0ZS+K3%yU~%-(Mc=TsD+LM@yIKwd=}q zAF=999afUCF@91_TpXvR>r<_3ngVTFb_|`09U~m|{oNDGKseDWE4*{$2w+=M@$!Vc zsceE&p$*0$mLYPP7F#_5y<`sW2e(cVO5SgnkqW)sqp9RZ6SAS9r06+XMBi5egcje+U?{CIs1Oe@{xV*)Yp^c#ZIePh0U zCFBG^4Z~%+D=rH*=k3praw8lYDDUa%6JM|aFTHUu>(vfl#by_q+xF*s{ud^5I6hmk z^n&>Edm5T?VjM8Bn+QZ|$K0xv`Kz~Y%R`8k4zdX%IlEhjyjCW+ydMBephpsRd{I%+ z%ZSkd;1zaC-L-Jyg(@Y9Gs^MDJ8l3NPunJ);P~=uZ?Vx!Ha7K%Xv#~L;7WDLwIkyt z#s2${oU>x!x(ij2o#*-j&23R)_f5?Aw6sn{rgcfo+5r*vU#oz2?iltSTMuz{GlFP0 zVD0GvI7fn(U8@S;-7XpLMhW^nzbdpR8{jyoz#3ImRjlHxLx%PM_^vTB&Eq>HVz|CC z;4M$8oDWo6rPJ7D`hrgZM4^=&tP%tM^iYkNnc1K}I$xpLvBaxAnNuF1lkJaIDJ~^7 zk%8l;C!NWs15IA=)ghG9DHr_*>kV%mfTk-%?hwS6yjt^X01#v?={;t*zzj_%YT=9R zVOS`MW7rL`kIyHN%YL4z7YPz0Ey1c4Err`ziB0zD&rc!xy}ggRZA{CJ4h zospgYElGzZ$rUS*S5Y?<48g^=6W5zkL4XAWhOPl{bo|jy2qN|67W@sUKVWA^CK`=txykM_QroU^#yD#9`}yHwG+*2w?(zOQNhXcmf&>hWM><xC%i7)ZX=aLybU;&4^3{ zaQ@YA)q-5QfK>%q=`S@o`a&*|6Emar@9VHmd!&UWU!P`Sf2e@Hk^@q_niBn1^ zXFXGm0aJfB!10)jU@KN#*lj{L!Zi_Q(;>XQiGrvXgylR-Ct>-BbItHrCY!gnbMaut z!vEiFQML+wFWtU!+I%n+UY?OcvV!q+Ow>cB_npM{aN17O5LpzDV)7QtkMJ#Es4^LV zE_86mKV3stx1UrHLp&RA2xLjK*wlNzOM1HL<(+#8fx%{|`XsM_kpMv@ZEF_xey;fx z^mlI06@mH~>!LjV>fs>v-FUzSH@lp@-d}32x5~WWTxdeOne8wNmM77!8I&gzvH=*G?kx|9{pBuvd)u$s8q< zuUM1WpZ0rzoZ05A_{kQnmuVL`Cq_08LU=(;YtkWb@?ZiM+aE)=Bk9~~qms-li00r9 zaddld^Y36xvKm|{IOq)cmnp9p$T|6p8yea57rqpqX8 z{RZJF32%;Wz&l0sO8x(6I?J%A`tR#cz|b%V%Fu(9gmiaFHzJ^vq;z);EeL{u0@6x~ zfP$3N05YV2bV+w3-Ou6v{hy0ByyD`V>zwo5d#}%0+hKX#{8?u%GMoB=zwU3@B*j=! z8`|^@%XkBDE<{ES*s&~VD1$F7g4Y!z1<mP5>p`;$_5ESmV1}$_Ozq z*FR}IZXAwQJ98`P%UeN__{pie>&zQN@rJFB*VAquKCNl#30rwD+2Z6Ps7*?gwl)@I z@~-(|p2ppX;6Vjd7Zmj}?7NHmXG;_h2ObJo#Z12)cm^d0-cM;NWUiS-Y)lNxxH#b< zoZ%rt{D>(93UTrY0*Ii^#8K}ShGBnoQ15q;C|cR zJJl(?X(R5cVWLkpW%mCoA)gcN|LzoKqV&Zr;J;kGmAq_KuA52^Hp+0qSl2LGXU=+B zcWxN*3(9gEGZM_X+3=3<7;)rr1RaL$=50B;XjP9SXxtjiKMcEG5LM!@YJV~ml79LW z2qy3r=OHqG3a3MnwoTzu5-Gch09>0%#2P5VvW}R)3J*->4*W~1s;aT8?5KrIN}1Px zCZdpk*hV60NZZ@~>u_HQ$f&9Whx=YXEs}BWL1Zq0Kxe?g=qW@lLU84l0?^QS1ixb6 zJ&efkgT9t*N|t!9zfvt@gLq5fr*9fAnR@pIdD^2~0%ag9nYgr;p`92I%=rCxs3G+d zCM7*+Z8U>VkCl99ogPY%`1kK1e&>1LgvQ)Lvs6HHmv4WY8-3qltP)!?Kc}PK?#8*h zltbPG3(YX~_mJE<>A2zbDBg|~CE2e*5epjVPVwak2`fc&)uK3ropC6z1NqDF`vaaz zC#>u+hw^&GXj+8u%d`P7f%!9Fv-M#CkYqxoj4DDKX!;Hp0p;!45c)0{ri@x8r{dy! zFsE*uy)Ud0@Ak!2DAte2X%ur3R+O2Gj4V?;|5T^kBm5ci+w*~tA4OE-(7GdFA-R1p zwS*o#j#$oUs@kEb-N-ZV0?Gq?MC~b?ge`IRs9*cxrM6FFyS)GS-~@B4+IHQg97g=< z$p>z;^7cfaSNwE4e)wDVwZ49g-)?#1KUK-|R{rSLE%l}?sRzCmX$qn{KZdcmD`YyZ zjYDg~DWYsM_qiLpGbF$WAb@Hlnw?`;VQg(Pw!= z=-T2eMW+O%SPEr(o1JmmNo&n#ZcE37`woPUJ?N^0ECttix6B7@rz1~pMy-NA+ETpW zWMfm&>f8TqB?EaI{i3aPltNENw$4RH|Ab^w%@>SmBx5os{6%({#KbKI$S#ox$hUXx zmCjhXAl@r1$KekN;<|-RUuH^3rxt?=&&)gQb3ai{)Hr3(l;aAg7hss@RIMC9a>F$` z#GB}S@yeF?OOmx@4B>JIg&Ak*v$A`*eBcbyMm^sID;t~5Q*!GFH0dfv9D6|M@a556 zu}Ss{LO$c#PV{fToy37L_QuqIgE{NtArQSZdL?$GM}{SX?IP0#T_A{sodZkb1t|zl zv$fe@fAE8KUAZqrQatNs28kTR9dI7-65I9xCCvtY!;t_kh;3>VL?pKO(42VClM-$CK4Vn${wO6SultrP0O4GzrYvVUFPtyG`VNiZ*K6XbJuM9ZP z9yEHl+nwOi*=A|Q4_-_hJ3$~#qowj60v8+xj{%9pI9MSs59zG6FH*Z-mnV_3o_21~ zm^0H;3_7hTBpGWiZ#NpKcWSm)-iZDF#&jL$CPf?XG?K)>s2{p9JzWhEKn!SIEKmWo zvt)va|4)jDyN@@^{ARrP@1Hc|H7oe09U7<^Z6XQ#^_42rSLYk zynW$i{T`9_ADt)K;=PY(XMVpXuU(&4baGJo1lwl;A!Q8BfI-JtDe|663awtXz4_u- z&iVqQq0dSre~HS6^Fe}gs-_@t9I*@(1(AWoO?-YU zrb_(~;fHv%Do?;IVl#4{`-M#oMp_rv#Uf{j^D+cx9GUTIq*zDnJ?}zvpyT2}Entk? zdGfmUe?=_y&E8u|e#Ig=*xA~IJc(p}6(jFb0_i$=B@^lHH=Ey7JENh0dK~%k=zT@Z zQy@33|otiR!)nclte+eCI zsY5MEY{o|pyw6n+Q1#XwvG@OBs9o0mTW)U}h~NFv$hpA_SP)<%e?u3asPe$0}71 zl=#=hc;}Dm0$gRr47z<&mREpd>9?j}%Jk~gfvRDN&22i7!mY%q=E4PnyQG)_WpkCe zH))$Qnk?qa0iQK*;{gSC#X|SU#GdTe$`R0~7$cSKKl!z2zAg&EBKbGdJe`-#M z&%(PIwQgdqGzOi{)K{~E*aZH|{>UB}Pg-L^Udr~f1)NQUyA6O-EyX@Gs&z`8bxC|! zX*TV7?%zt>G?3Fi&D=E>_MFc)D6f>0e8-+GH&-WX%Khp1vwt0xA}UjQX7^%;S3X@2 zTRS;71~yokJ)c#Ivh6ubZ}?UBqE>b8vt(a(X3`4PF!pt_)p5Vbxwl($X&dgeP=V~*`C8RK#D8mbicXZ}frCkr zy;dJ80o%@$%&)G8)5NndL^T1+39H)@-YcuF2l z%XmMW1mLRZnm}++qeU@vC|6hx_Gjzr{P0-)#$!OT$a3}%{ZDLP^C*Nl_%q#t1Y-Lr z90&bsrG^9v)&`r0W=K$)fP#3OdFgmjZdsioQA*%bA3_sMe-q2}y?GMevwSN>Tmtiq zuc|2QJ0^*a3?u1f#1qH6SszRo)b(*AHBKF+hRZ-~^{TZP)7AN!wSyB4{YeSX&q5QF ztRR@>QvENHke%xBBSH7CcEg4K^xr<0;a5R&bIpoCoJSkOO3(+l7vn8QX_VsT#At#w zh#~kR6)T;IHmyK3R7OkfyDQ8=KgQTnfb z*DnQ2ImZcyit=Bky!cLqTLjy_y>hiT`0-K&K{F#1xSScVTkk(c0VQsI#rS|so&_iZh zf`kYw{5&_DIElYsL_VCiZ`1Nu$mw4n|EP~f7I8MaLQs^ht=0-=}QJVAA8|q zw-1)5l~eEU<^Q))l%u-Ve?#;%E|Ac6N(?)k7MvSKNCpp2B*sd>m7vMAb2tXqN~7>V z@p&8f3|%F$wa42M4W=iU4ug7hL5PbrhF;BNqyB&PltpWH4j^rGce-rCHb22H!qoevp{{o5y3DB3TkTWow`Z-|34bQ(%l8nM zh{vyEEHR0#byy1KHk7$2BR%=tfG&pUSC#~yq$CK^n4ir5Z53%F2*rNMLix}Hmn_{b z-s>fX`ZH-iPEoJO!7XA;5o7{i{6VUG36C@T)prJ8jeN`Nyx{LjXE}Cuwv;d~LxPcn z_+Zh25p{|a7;}L~+W{|%iiz7V>2rFq_7%NHz18TFWf*4IJA z=rBI7_dH%k6IX?gfBZEopEQ&!jWS@9H`%!#udDs5@HI%={A(3F7$ppHzQV=SklL)^ z=`92T36q6}1APtNBT>>OX+M3XLH6LE^VMNEancNNQHcZ(JiDsmod4vJ$~nfZMS?r( zpBdi(xo^6mYZ2ngVYQ$uNJJ_~QN&A)9{05Ks67Z==gP`UXq9Qx_}{c2E=pBbf#3AE z{UDxHj}Ci5JJD~%wHsQ!wi3S2hx&o}l>v9aM89M3 zuC-#yWN?w2M>lioI$!&$X52AAM_2Q9){r(5l-I9P(R!QPw1V%YiR}O{czF1;FSI1w2RUad-rEn7UBm+p+)q&+@~p*DhLPz9tal& ziGc10VZ|_fzd|X&AK&|lZU|SWKv95T{5E}qu*!f(8MV9z#(d>K)~o{;SjIulDD68d zR@5L-QR2^WzxW>=YA|Hjo+t=X2M5)vBVaq=rt||PpE$~(Jc1)4T+lddfPWn36QNg^ z6QS-pa31BU3UqWoaG+QzGi11h3r@&5h$)U7$zA&-FAbqAs&e@sHFGEcOu4cnE*c&c zO5mHP5J%7Zivr#EHG_N{Edggu?zkdPqRc0GHXhkSciA*vbP!pp*33kvn%D2P`DZ>=0=CtdOl%Tan$3^aY4A#aN}yCjf~+pT@eiC z3X}^Xdnz*u z%=%RM35XLDbl%GLgf-()EL?&U!m}j<)iWh=Q^7>ux-dPyo9gy^q*H_+ zrirGOtTnszY@{Ndti_R7J}e)pTh!?c)K2rBy;!RAGpeuUb=ncT5I|R1XIHILH_^KN zutSgE25J$uWcPge_c18Gmc5e{Z!PSI*h1Q780z&nA;L{*5wVXz5pqxL5uvc!a16sp zZ#q3R39V%CeHKK11^edv`nPzPPTl*oNG?GJ)`-K2Jxr@`s)M8jtzD#7uT96fur~KX z?hmQ85y8K5`My2qk-2?ODuQ>`yeO90CQQGlfB4tnkDI&J8C`p_C7?7->9tx(DtEnN zxi!%K_;19|*=(A_nd+fevP195)kC{mw3V5@yu0I)ll;-OS8z*IzU6exs7#t5kIN2m z=wRY)?0o#r4t+Ej@+JwL;M8)gepEW93RPUfrXvk21F}DZMEqh;b?ABju^x z=cvGJIKPF%-ekvoW>h4@N~eGni_I(Kwy9B%nV9x9)&c%1$LoKeB&&$~X7^<=ZpO(JWU z*!8f3XAhX>uULA))0!{UVNAJ=pO!pNHk`kzo9cX295(8lJBh2F_PSqnVlYPs5E3O+ zhIPEsU$`X!Dn+}~+SOJ=Bs7^}V#bXy&{mygCAS)LKi;^r?#)ZIyk@wJ?~>;L4xaFK zO&y&(p)+J=RhfH*>)TS&W)~++9ZBa3R5VkMiBq*-7jQLf^Zlh+$~q)#z|rHq^o62D z)Ft5##tcTdtRPPmZyE*n68b*zsUik@F<}i0BbDz3A~=$jpy$VheLpFLwlRSi_WRG4 zleIjhtY?mu53D-=8{i{92o9DR9lLh_s?^-6HX_OegIJpja9dDk1FF7)u02}?R%u1e zyc~_Jl}#^*6zXA8_&?&>WSbvUS~Bt?A+7e?p*MFXJExy6F(~R)ehww!f_*rX3{RU zn)NEM)8rU3`iCj45EZz%!Rn0+^AX&53OFoJ$gbhZIJf_w z*)tcolkv^_UACV8N02CFz-Hu0-fn#0BB;^dX7`uitCk~DI<{jGCfY!Lp35-FJ1P7V zc3i(HKC@lo_4r*%goxd9VIAFjOSCxb&FR%u%9Y*^zK9&o*GYs)F0~QW4}CRF8c~a3 z8|E|=oVa*D2x^JeRs%4vi07h5(K_mJ2=!V`hBa;pEE1`++$zJObMRAFn};B6q!T>s zK*KkTbmo}U_?*<%+459C{AXCSG-lnq#%tisHXTl^5=t6O17bqXk_@q7@RdTPrNEda zHJr@x>nAHNoF{ev6I>c#ZLRxT!Nd(N|C?Gn0N_JkV6?`I`p>G|E`6;|%U@cZtbcI~ zTQ3yGQVVr32SiYgTsFIN+TYe_J?nbE$N7QsHe&TB%j3QeN-dAY?I`RcuWK9|W)3@~ zD_!MHiyLaL^{Zf}(iIMZ3Aye?wcp;;U%%9DIa_=qMnt@Tliz-)?e$-)eZ2+p3``57 z$uvb|4{;LJ(rAVN1*?RGnTFpcuDtWBg!9d^2uud~o7fl}0ZIIVJEQ>QOZJZjf>}DA zrYG0!fNY*JaaX<&Uh!6W7YTAl)2UzNR5V}oyw5;rVVx1pG%;UoZqGDL$i zPfQ>SsLL=YV4Zsct@yJKTqa-Utg|mz#1k4) zGm88d9x)OUTS#Cz(+v$Q{IM-~3RPECPvemd33p8Za$b;k%0RD7{sXsb_(r6za&^}- zB$+M$$^)M+5%8*5VlBL6BABy;YbR$9nkYkKY+2@9T=@^CBbF(zKXy}}3cdU00)ia2 zg!4MR+-3i4ujsSKn^h3<#-HzM#jf(Pv_N*ge8X7kyKA)=i#Oh>U4hn)Ez(ZOaT%4* zFj=Ed7MD^oWSOnZGd%6yy?Yu%*C_nA4E=V%#h`H?gWBL{uPj5wQN|64H}9q?>MwU2s$a%0 z1Oa2#9v~fN&EHOb7pI;<@%Bzx1T){8W)u?O^oSp<&)hrG`aU-sSI4eJIq|ln+lKt!Tl*-GxHsl4ZM^y;H#1O3N-Io&DC| zNwG@?g2~C3BXS+LwM)x>6z$!UC@(geeD&#`QG-+J*1c56o@Ae!nMd3=KQx;&TJ(8_ z;+H8N^p12)AAQ$K`SX_Gw5SKAgn$1mF{_rF|JT^e!*f>~Hh8Q5@LRdz_`uQ&lYA6@ zBV1%4Vk5)q4Zg`f%ifoRKoO6sqgM}RzrkGAYF8GyuD3qAWUw(n?g(=L7#5FFr7D#nw!uU!)by>)~o$l*X*Fe0w zkO1_Eh>nc?)+0bUboeAI$DC;wEYp#7r`?PBM5^O!`T+@f#tlD$=0kCg2>vWHu{>sK zJF8ceQl6)DZT4;4KvB}$N?wHG{6|v)N)h0X5wbwX2J*;+sTHQ(=Xh3UV;*v`!MY=h zs-=d#VP#PG`VjfmZmmR%@BHkL4y16J@@3#^&ZqfMB=zumy?KuYYI?sv#ee^F{*R5- z`M(wG*`kyT2e<6u5nH199l8%|5_G?(eQ$X^1}x<0Sv50@TOqrQbdUN_$)jB+jeq4g z>*)^*Ej|0KVh=AN6$qET011SjbLK#}hw<$0{k1hiAojoN=d3qERIAj< zlV=qk238W}4UOOvfbTo z`mwILFB+Fo-Es(-mj`qzuPc~YkL(_KjIG+6zf{3@+cqmFG7y8@Idow>Jtpd*P|#F7(`p_hYtfb zdsAecU&%o9Y{rbC$WYdU0;txp)BnNyJXFQ8x96>KtRr4-1h)V`>ZSZ~SR>=B2&e|t zyDQfPV)MiESPJqwnY7(XsT+Z6W2n*pZLG*Yf5Jnzk6a3ote^VZzNt>F zZ{Y^%TdEx$13QXkWrnPgnnRDzZos(~l~Cb;6Tg1nw`t0}VWApAj73ERr(S3Kz~N`= zLEJ{>>ny^3ZH{Ja-o1Y|A~_>An=*d*nVEptk(4mZEoa+r<4J3M00iTU@6wdtv$chg~A4 zR@SW1jgLh@{nh@1N-MqQtDk`lSM_{K;aF?*GwSpK|K_ro9{;KGi%^0fTjg1O62;%T zuqMQB<_Ft8bSb@w2Wd+bT+}%!ybyKJCfkwx&R2@2;i{q=DKGc5&wO6kxBKe@?59xt z?&a2bD*VN1m#K!JgE>$kyRT*W*q<61zXDVAwMlgrTQXk=qNAJc&ryAA!I`_jTYdG! zW<7jEdc-R{o?bxlfsx}3w!AffNbPn^Wo6oKj~bYbx?M)}nE=|`PdW@Oow?#!6GRc& z7iR%_DFcy%TdZ>R5zhhGXE`>BNW|pUo%{r>swuOqK6u@Z{G}Y(i<9aYC#bt{?+a)R zOy^qXo%}YHM^Uo*$WOsk2l~JlX{1_|z06?sK2O2X1gH95RPg6Z((@ zE7yiyRsKE?ONJ_nCuJMII5rq_Fr?QGd1kfZparQULlUL<$R(`W{hX0tG|@+ZgOE<| z4Zx5(^8y>dCt|CxHQM=fUG~Rpgdwdky*={iYZG3lVR2_PeZDN`vrl@^K&$5mU%`i& zRVOSo{KwmStr;Ia)k+xh$#-2O%7hpo)b3Wy%$l?@ee7*kKc{yfeWx{ea@dmTesNB3GZLGa~=oLlCc zpp$gCJBpVC5%KO8$b5RmP1FeXtJ$aXy*XbK9E7yoTVUSj1>c)jbpe5<^fV`Ma-kTZ z(@<;@$ORfM+;-jWYV(p4g{?&679sl8FB25a^W#7YWQ>eJOPoGE@~l{2yX&e35T@Xf zP7&L9AKctwAmyq&6pl^=7|@B1UJxpZA_hDMlHZpy4}5)SWSz5?d;o{Olk?~~E(P{`eh5|?6;NOK9)Uzp|4#Bb{FTy5395$7ZI%-r^PjkU zq9)wXHM5p8WUILPY3fY>M>FYuNNazXMNk|kUIuL-7)q}4GW-XYQFXNp7`xij#A7V( z>Afe{*SN^Possy@Tw*Px;$OR1(l(vY%ZtciasSt9KnLnZZ(&p}%{?k3at#}6s$`6Kvlo|9oF=yT3&A)9#Z6Ld)0wc_@wSBppHD|>7sb@G31oQ_4T)KozIHz!5=|v zAjU^HAP9WX$eMR?!<4jH#TTq7VabpZrmci#E2m~4#Nf7&X6r-gIW9d zZQg=$b8#B+K`OX^c^N1RiP86Sac{T4_#kro*uI9{L3}fI#iJ!w&(!wLYtsd(8EWrm zythS1E}VO8_gZUjCXf__&Rp@EESvWGB*uZS2%55r&hAO&R6Tia%fcoF>F~%Sye?oT z&+9c6KB$jP1w23a^WB)e?g*0Gvdx;}9CGhnY^|m5*3Y1tM4W~>tpD?8{wI!i@I{N| zq_fYhK8e|SW&H~T3rrC+TYbM##ZtSHovSxC8)3Oxhwad4$9CrKX&*w;y7hSQ0bmv+ zI-1efA!&~maj=oik^%D$_Wh72ev@bY3!#tb?dyM7XJdKA>ktn^g#QpJ3BjSel2G9Q^|8Sq$UTLSsF4})^M;ZTU8sGc*`E)$;^19#I=5{zL2(+g_T zXamR1+o5ovrd+;)iId%IR!SflqyWlCa)5Q9;qb=)rvVBoLG7Ez^TtJj3RklA1?m7A zh|WVHxF6I|iqnBvm>`L`d$?`frrcg7# z?A+-)@@s&w+E<=*U{QOa;?zp_zA2Hw9y;MoO?NBpCSD%sZ$?4SUav=f2|lGcb)xy| z7uw2@X>WJKHNx|w3QoV^&F7+WksO=`dAJVbonWh|T{*?bTKzK!B@wK2N7`WdRaiUO zrI2TZ{b?EOi!osPbMh|0CmQWuk{i`wIwAx3$#=O`+6j4;itjum^0s>?T{NbEv9Kf+ z969KK!#N+`T!>aOE4nP`8F(SuuQlw zNE_3nh%1TKr?0)e8x3qF2PmyFXNzYG+ZLn#Q0CsNx{Y|K9UTy^qbU;8@Nz(1oPQq# z+BIc|b3qUbqT#Lhb*)XyHy8J&7(hC%g!`OJyISIn1E^YDTblupZ)s# z`i)*TJ_WlL#1{v1TWKo&B9&%LZePgP%#Uj3d{Q+_=wJq#VNV=-QG)l+tivwx19^qs z{qi}}VqBPB4+vXT<9XC^SBhnTO%JzPEdkfc*90AF;GND-==9KyPBW3C4vgW&1djh3 z4VQdSLRGhsraLI5+qvdq3^eWYdlowf`+(m=k(oQtwC!2gIOr$A1Ei}o0SZhnc|up` zfVpkHmOLBR(J1AuG~4L3;u()`#VM6$a&ZNl8_I&Z;)>nogfWz8NYyU<_wn|m-T=mO zy%mgt>%GkjcZ&pT1~$7jw5)u1As|W%qlcxkLjNErc9%Nqei{Cnw-BlWgg`109{z#s zsdPRwhnw5Pn9zMtIT0~d9ofFA`RW5jf19v_kGM~9Rs&b5CWM_dj5xpIF@~CfAl(M< zmGHxwc~*%?um}FUdV=5OD1`!FVS#iJiZmu$vzRhoctKimx z>Ex_0w|!^M_-C~$Exz2c>1%J%$Q81_6_TIbV~Re|!x0!Fm_F!9iY9qEg2q(pAJ7V@ zYiXktO8f@gDjCv(jcT7V;JIYZm8qxCx?RdE%Oj6xK2H99G>C2^@*65pi4FeH=lVCt zQjacX>-lEuSc^TZ$)`$gDRXk+;YQ1L2Yxk?KBG-4rHD>GmtoL}$WZrhp5!+VM!=Voc6u=>f|5;zU#M_%taxwPQKNk|DXbXr6W zn4C%XZSyKJRH3qe-O!!bbr|%u6!|0-RR%Rhh7eTL_WUB@gT|8DEM5e~BPzgzG!Kf* zY2Gn_3_P^xIlgsRI_fjwNH|Z_g+LV|bU_TR+?{Ej_;Z|b<1b=OUBp~ZbjWIe12aV3 zFzWE*LC?G>Pt|f`I37h_`S83?jhl133W{`hhYqlAPum3UQ`bqC&TeM7H-geSe572A zSy2-JQn(EniXx&e)C;BpxTqf;9MNlESa4hJ2VX|e9W)>%a6joupn|)d9}#>!CVEcv zVpmL+YUUuzzDR`G_{Y8S_}t6GQS)Ps0#lvr8{2bx+qdc7Uw_w#!n9pa*EkAn-w04n zJolS)WJ@f0Q`^mkj}*z%+Mh4q7%wk_4WdQ42T~3CcRtK{M#%sGy^V_3u?@BiI{PW~v7J|aiCzLro9cIIm#%8GqO_lL^`3z5fRMniyoMn3Y z8ux4Tzv}gbV53CIjwiZFsf-=i;#OKOo3|%TihI1bEUOnC)XJt}bUApREG7>#b5)m* z#Bx8`^NOU}?@Yc)|K3JKGrtX(`A&)>fvo3EN{*o*KeEe!iK6sZmpLS9w1nvk%^Z*a zTG&WxzdV^pHh0XJ)YIyOf*B;LKNDIGBQj?Sm*i=%Ra%te>)+!4q0|F zqVuSQ+Wj$%(QK|Pbj>-kCMbTuAR2B)^-oPN!4aBo644HIp^?zuk7X2SW&2Ueh73LY zIq6LW-t7#V!(q~XcL<6gfpve#RXuH-`0D7L+3@(b?s9_EPo=Im6UiXh{0%^-PP<2+iy&cMfRlr2MacQf z3j0)8t^kT*L*=!WjS%&zrcWpywXlYAxw1I6QA)$$9>eAFJLr^fqKN~AYU`KDN{7D> z*?OKoX0Cs6|5ajX#xK?)731fHOahL~D!&_)-M6HYMn09!mYZ<@;E&(6j01u{TX2+{ z(mLFAW*WdNw@=tL=x_$Zo`|{v{LY?RVuwL!*ORbyJ9Jyy0jMRAJwB;0UjE z;aevI|2c;*rm_EgUJbCW9XezyWvkTu=3T4OeYf+!v;u9?f+?ZAKd2(gr~WLaY*tjc^vGtp0VWDE8G>E+WbLL{z5tV<@Mi&s!LU<4Q9@SGT-MP zYyxhHFM^f~TgM9%u(6crcCxHU9M{qYB|vcQQPq6-h1tp19AIRUDr^45MgqxK2;wAP zv+3P+qGs}G9jM$Xs%6#*g|X3|8hAykK0j?Q@V=h#K0P`LK<~Wo(CY$My~v+?82n+v z$ZWC1#q8Mf+z{|hTN;_2OnrsfhrvJ{6+q5p(@4ZtS(l(#{IVT~&uc5Jxi>KUeI{+B ztjetSWP2rtRscl`aJx^S_gQ`CU)B1$nK-HYZDEW_=3+6(0FD!D>owV8#N?rw&U-92Klw^HmijO|g-`%zjF~p{>>A`Rpsky&_4XuAO zy_cG~UQ(LIbtsVh8{6_M`BN+<(2SRm^Yi5H%;31_HhR3t{~`UHijbZoMnfE*4szf{ zuAFGBv}n(|VZ+?uqoUHP$u?Vp4%?wFaBbJ^e!=s^yZ=JhyZ_o$w}JS>MRew8P`G@- zGr7uIz0qQKq@|kC6wRx;wM!>BBE(xllVQz%EJ5p2VaZf7#$&qxk%ud zE2WrcF^#i)Q{40Isc4vQwqajDv=gI*yw$Y%ZwqEV0dqppF~yokwy0PT_K)!eSOh(L zVlIi9D$_2?OqH2p$bA#4bId<*l3O^kb8c`SI*)by-a!y}XK~9%X$KRPAxv z%r$IFb;C0JJDJ!1(KtaG9u z(_aX2l4|*ZSSD>!MLU<+?<=i#C=&3RQdq?pkA-|;do(+NT{IHO$CfZN{V^e~?$^}4 zoR6H5FTA^Uv(A&WD>zjQ`Wy8tm*0`(|IxW-vNUH^`4TD#cnd0PNEj*U+7QJnZC%kC1QP5HKOVANaeSfihU83scFtl_qJG# z`7%1ys`DtJ!2F!Bo5uh92)%zEgmS3&M?z$lObAIMXWDg`K214s#2kbxVK$gVa*3*^ zh>i7`vc}B!&%%u+yR~|G{f?h=|7TkL6DuB9L+5Q2iA@a^Z+eymH5&Dax zUAo>biro1(8xHyQ>^trkA=#`ALN2MW@Bmed>j{1-Np@C+$Z#0Zkd+n!hsB`2wtT$V zHwJ&F)mj~Rved?G>ZRck^Q@u5b%3esO<44z2$E$fwwwWJtU=k9x z#rBU&M)OyaGLBs?p@H)ei^vp>Oc9-MJ8SZKA6xS`Z*?p5akQeZKJ2jRaN8X(kaOr# zTA()vWdZx`wF%Co4e||<0-*@@Bn!bjpC+KuDiSO+wM z$wou#H-D0qY-GdJs?&gOLIyz?ld|MRCI0DZ*+Rf9F_vEWr-u@``hN8hM+Z>;!< zviqe5R*yje<7L z2P1Wh)YQhmfBdn)@%SMfwy!(lDcwKin)FcsfvOQQqzCN7M4O3n-O1bI0;Z-(~N;wXJasylhDl4~ey+5mEhUCc;&S4(qw1Ggkdq z`7)Tqlz6<@!VCa^bisb?rK*wo$Kqc?Zf~a4&>&E&DF;7YqDz0KDE~xZO>mqYGUax7 z`}W(H5D^fpu|VmrMVR@SXDJg-H6-gt_7I=O_cBh(z2}Xzn&}B_vi^oXy~_Oiw$7D8 zNvE;SbJnn1=bzWO*Vjt}pOInQt;CNN1$fK~Gg{2xC|2=K%A0FH3= z)Ar9zLDw_W+BS1rDnto)BD#)Kx5E2*<;Yx1>BFJv@}a#Q{-m_3H7Ec}xN0Ny02CRR?rjT}_e01VK!>XYq zUBXW(GTJ5mKJ0y!)pe;s_n6AkeUerNE_ZpYpPF{VN*{A>;~agrV3Q})m-kY24L)WD zyYxjcJY7AVS1~K>I}hNo7W8wn3I6m1XW=#dk@pT1hdAZ@a4mr7<-u6L5wW>4{gGhM zh36VWgGsx9_MaG#mi;I0wdmp^u^P@sDm22pRm3l#=A#Yw?c}l>h%w;(J<>zTgWYW} zzQzE{$x63c$KoavFm_L!D*{0${yI_a^6E)f{I~YR%coPz!1yr6P{S}6Y2l)AL=;GQX0tU`CdM^jya$L3PD0qH%QDNcQg}%tKa%r* z?C6#IyO(BHI`x$5ezPcCethv{^GK}HnATR-BAFP_RunpfY_x(jY_+>+yp8(cG*L^Z zz`BUPlK95G+4WCrG+uCu>kGa6D_YOal=p#2uqW}zxvby@Y{Fa?G@N*wopsv6;%sm~ zeF0E@zUaBN`REwsk)R9hB2yd2xDHx^hA(9Mut{wRRL*0pNyajXPDPn=K5Z??RmMcg3Z5JZs!Fa zNY8rZlYgCC{OE^%gM4Bwplmm)yhv*fTG4n*`6$apLVxqb{>5sgTC8{P$J3&&8EVs{ zm4QHZQG#b2Z)w{xFAD9|w|SC@4B^C-0gE?3r-O)9tOp8V`H$)nHbZ;RE0gH&3b2ZK6VJ zcNCQJVKx_{X}NL|LSFO-pF68KP)vMfp(ITLzDI$opVYw2=aGE3s|MED&%K>ySa!H* z8PYG=PU(sU8cV&m9eFO>gK!H5=e+PAftV&l4?VhX+!{^YM}*kO;`6)oo-{s|@is@wTlX$v1jBg4ew#yFr(jJ9PRqa*i|Lg6w=JLfpFD zHl(=kKKsqp*zn3A8%giC_Z8jWn7MnwWG=~LMf6>4JR= zJOVFDjHq0NSFa_t6vg2$O??+4#Y*3>d6+do;k%tX!LJ0(C8Ufp)ImUI17E(<@L=|% zu34%A=AJTn@t*U`QFZ4MVGyI z4UTq>)0g6dTqDqMKHiDGi>=ft)6Y_7q?Ef;X=OzETC53LDoIEEkKa#UNbQDgtVy#_ zx17mudfKx|(zh5=(M)I*?7S&anoVZ+q>L)ywvewNlBAh$9-O-nR&6J%4Dr<|$bD@P zL-I86^Xh{-vmu=9T;uWg)Sss+q?ZFb^m!EB*EBw)oIr!z@23rqZg{0^E-_7to{F#N z^B8T?2L2Q!C)?_|p{umz#1mn*$Q()w!2h)vCTDapp;UPklQ44qI<j_C&cEk$IO;#Fg6v$CwKiOLl#M+18Y(Y#=vOM#vOffKn?9zzo>HRedTsRo#CGXBzO&N{M5@o zJT7{qcr&D$RUvM4K(_rss^^iaw=314Y8K_Gp560(67u4Md_xrVg$xyO zi(=AqPYNB;WKvz~)hj7k_reg)k}Q&>Dau$Pl~8QpS8c24CMK6zCN>(^MyA@G(yhx2 zveXoo<7m@I;sxUzRS%F(gwF~9nN5r?(Q?mj04vA) zjW_D7D6HeH@$m)hxxmAC0;XIGQ`77~Ain6o?MFZ~#KXO&HAzwECS{ zGG|Il9JwbRt5t5_rXfddOO*gJRCjit_1F&n-GCHu^Zw{4RovDiT@0FxP(j|pFb<9KJzg8DPr(EOG+UrgWWTrf_!Z!$&cOU=d(tOY5MOiOk>>iYB;>p zh22%w*S0NcpBXPzufbWKTZGkgN3CUr9OM4ut2>p;e@I5_i48JgI|4BoTjp_2=F1t( z2sA3drcpc&hyi(_x=KosX2RCros`tLQ+Yi=!tAl$(eurK>D?wH6GK&G{@y9~6fMJ?)}_KS>o++s|tst)d{GMSxL?N8hwq(+dvK?bOaj+7qK@ z%L6K->oKPH!Id>fx^_?WriGK=4}>tN7`o&MoLWe`s}*t3~AL@JzA_7Edkw!KLN;S!Gq#%7~uUV_`*` z819xUcRxV+#m)`gj|9AW?@N`=!hqBfqg(RFE!mkCa(Ag-@9Rpk z#1a{zsoYL?Cn`!7eP2!K+?=lSi$#De$5OW^o75s{NB;2NMi5wO1(_sG|38|}GAybt zT*EUA-AG8Mw1jjsgwhRzGzdtCASK->N_Tg6N|)5oE#08BbaOV}Ip>;x{NZBu-t4vB z^*r}|F=v8Y|00IIe5flX4-}AQMa8`7n}h&fxZP8x3a^Z1E?&mg=6&7jO^;*0 z<6Z-Rx9L%Q8Q*-InB2KHsd@W=tR3;BYe6ArmkY{9jRvNkMugcf(uG_my%2YZ-q;9O zO}+x~H9yikc9Mmr{Y>+q^t`(2>M^h1S3${KhPj9c39Tv+rdBF!8j#&z3RpY>Z^Mqq z+tTMYx~`SkF!jTmu{g$mR~i4N`x3MaA%0-w*GvZef1i-L&J~4k*L}kVGoU1QgwZc% z=A`;v;#)#oDrB9P8Mx^s7>0E?o^H&1g72!Z%AXf;UZ($bS)P$CJ^lsKXHxisri{xb zn*g{mm!>T~v`f6^u+m)8t1dbnZmA>qNVe^oo+mda;*U5T?3UF#7%KZ^4yIn|fRafK zz96HRRS+`tj-j==gYGP!fBW3BsmL25CV3fT84naN2Z6hq0r1^c&k>tejDV1Kgu=B# z0)F7zCoUn0E1Y3u#Me~>j?h%@i?(2x-;Fu2`d+`1`^%{cMuccycNI>a{9&b+3nr(2 zo^(lw>uH-%9q(s#jSzoWcgwf;^-5BewT-5d>Xl zw6q8PQ7D;m-~A{#>5uO?Blvhc{?5l~2ze6fZzrs6tD1pGReBfAE=nn21Yk4gkz(+^ zX*9YC%k59=dmcsM`9~p%U<|O-{K>vDe_-rj>0E#1TUcJR$$77m1x|&lTvryu3e-frS}gS4J2j14Go1$9xIVrAgiEwnVp}dT!L|J)JNH}rhj-D(0Mssw7OU0AaL!NE_r+nY24_ht6r58}0mRzRXvAWsF$JZiyqSBQXYKHTe_c?cXeDm0e$dJ9wGW zv0rkuneB>p{#lez$@EWTQ58T|KWe|TS1Ft}_wZG8rWkrKZMG4%8;8nK)bXbcYgzN> zyoC^-y&gRYRQ-m|GPEOLfKQEVt&Ct00#rCiE9|+bCtXgfzl7EqKv2lig4PHrrTJs)N zc8XhH&Y?%mQLd4Be}LAc+mbIqlZj5j#l0^dd}-fMvwH4~r8rGjQlHPb>rzL-yer*7 zUc47Ib9U5C*+dqsGmP=FQMlG_HUloOQ!FyhWpwCvw50RyCWwm%`CMN%MU6EKaQ7K^xD7Z zhH{R3ds&MXPdNk~B%P(3c|Tf0pTGaJ$H<88LbG}B|JV#Oww%1f`vZde6Zp_Z1 z9=D0{r$8Fbp9igE^a38{u$aZ8bhvikD{!M=uE0N+Zf*(imT)Ph^-5sFb)ST`P>~Y$hwf0*rxUpSASeB6OBjF zeMhyj$F&&9=&yl{O%QjK904T0R*%39 z{%g5CEHNp6L=~3GfUlE|zuwE)steg*MVr*n@-7KF)Bw{aE%g@ituun}H0*D5BEO#f z#HgNm_Rv0B@`4oVDpUlw2}YzHDyp?gVeA}Hi18)k%w2ghpBpef3%{wg<%`}3pk@A@ zR1OLtK%%CXS8G7XnLd{exLtl5BTdGr#AJc(wHyjS31r$IZ*86#R}gHe(^)FB&>)_P zLOj!H5=Rhj)=28+g^AlScyGfb>S^~g63cz2A!$U@Faq+sWVIUP*Th_Ava;_KjNTp8 zn(?Ud+MKa{m`&p)sEzVN(n2FXU|*pN?xl~(*m_DWr%fr3&6E6~A%FLA`JF#<2Zshp z?X+TBblUy$>1K{?mlSC8scMvDlG8gAWp}Aw*!*&DQZ7y6a36gI9i`Z%1U+#8wk8#Q zi~P>D^a3bGn9c8a$tj1$iou6E-APYI-&fu`z&O+j%9pZxsE`}v5;NG~DhC7v#Ze(x z9!{2pm~;Q|Z+YTY6LtsSWe6AqNn|fg_A8XGl+d+YE!U|PvBx;dYP5B`F4t96kwQPD z-i$+6;81L$Xi>RH#Qj?qU?8#9ylTU{};?ZrHrL4n~~DGe8ykL*?ysr#D+ z3f*|fts=7rFn5EvSXS1IJIMqQJ~b|!KP7Tl8oJ0KeS${cI3Hn+uZ`N5c!K~wr$u_}~w@#xvyeZ}t_6%SF(*Ledz6_Y*C-deTGwz(`wuunlxAiF@cn#vI^7Efi->Uql z+4b`mK6R32%P4Cuj>Ulg^FR9H_Ct)@yUbT7d_rezn(=^OL#M+uk^F9w$K&pM`(%k> z&C>O@Iejr0LoOGT& zh~wC`2iD#VKla>G5g6NzqS&6aC?QA2VCtUOLYEKj>^en$kUX_7^MfebNG)oIq-%yU zHP7Of!EX(w&ekAEO#?FG9&^IQt8J2~X#pv9;kZ6^?!bB5U(|ysA~Ff3_lG|SH@}3? z3ZFB2Y7&E2&_BsNKG6^{^Ihkwc(V*;JW7*dAJG`t3mR~@-wDg)QSL&pk-f#bsiV*} z2Y7HZ(+ZY`&hmreLg7_cuY$m~5B6yX%nSLV$Qv)zd0t9dH{g9wL^KGx4XyHw`xjQ@d|` zW#q{wm;SVln@*{Q_rhKy8$&4+M?G0W7hb~eqY7FkDz2Oi>lR(hI5fQ)_0qYReKnZT zF1?WEocEZ{?r|-}3@au|CFiCl?m`c0S&XJJ|Hr+QI?Uv|^H;@}CRuU;>;q&HXof67<|BuM=WjChCKYZLTogYAug?UFrx5KwbVo)%$xS_2- z0`d_ExM^tj9}Ta1VexN<-3IbI@XoN*XJXQgUNN@uNo9yP6}Eo*V$|f=O+KhyyO$kR z$XFizs&^=mb@}rC!+dcV%0E)#*)|@6%bw&^f=?f+MckcGfUaAf2;#S`g0DmIsZR_| zPO=Ifn^#y1ti}gwvcSt z#-V~L16opga38z&KIc~seUY+~u0 zjw6zsEV#hKF2tOT(i#=s)QrU;ylq96qv;IfXC78RGL7_NV$FC`=Wc<#n5HUH{f*mi z{6*MT01ie`7FZ9;YN^l?R@>M!ldq;_e9ip(FCi1t^)APt);a`@g-)VRqHzCgoUeY7 zCMHi7vr(CpgCuY)Za9}Cv22Vo{*VPRd*a_*@lrgxl8S6hNWTG{O=btw9P0j7eE}y* z*ARr(*ZF>9k}DqEG8WA72O~THnWObY^0$l*E4%V3%q}KB()X34@8{-Av%~aSO^=DZ zI{R1UV?vTC6b#2iIg^ux8#9vmoyVRsK2*$G3_8+^UiJlb9c+rS(4waO>r-snj%w#x z|BmN0IW%RyJbUPJ^p2x`VO3HP;nhOdsZ##J%G0Ik7x@Nc9O+cFEi>~03uk`h1-N|_ z4MzO8rx>i>oGtJ9HW`h<632)(?aG1-C^!XuT&ykiueX%Bu7V*CT0+^?9pVRTp;pQ9 ze#`(L!qQKnw0mt&_~zZE!{qFuMG9F|+3?>s#bf^Ohu=&B#v!CY^`~mNc061IQ2dT+ z5LE!S%rSGR*u4Zy`x$!%>Zn`OLtzH0ujHd7YE z+@AB#>{Q;@7h&ooul$&Qxx9q&m+f7DblUuA#vOt~q8NHtv)pSZfeVRUB8za-!)U2`>d>nbrX zrAz(9#+7?!4T9QrO2|;S2!77WzdfZU*ob*477z2pio=#+7RO6Y=DKU%-D+%EiR&Hn zroDz5=QMh2WFs$f_L6*F{JUT=u#{>P(|t1(?>xwre0KcOyfAb${s5-5KU>WdA9025 zZP4PqH&r_WU+!#%X_THmYndY|-gumvB@2AYQOrC-@hvKISZ$9KjGqa3_vQ%)~kZnvY9{rl<;#Dvd_$S z{HZB^w&dyV%XTv7dXBm`7qQ2d*v4PjpoIvh;LD2#5kV_`I&>LWE}s5b$3OitSo~YZ zCZC$+j{u%!!AF!5)%0-$S4jM*ouEI_m_qkO*;zXHrvge^Yqif|iOZ4CV$x0~7*C*q zh$T5+`P{~^okmTDS(XlCRgePZJE5Ovzt7IMI@978b2glR4W`#2pl__JEewiylIvj` z$Bf@inwmXK8xf$Mq#%Qql;{3{qcK$D*>#&?p7su9Uc^B;33RvePh=`H*3-Oi1yHqA zg!FC3i@p-=G>+cLyAqVaOt9lW28YWhJmydk(Vp`!Z-;ei8O^)0T_-XbA=$-2q=tz| z8~$Wbkl9~ff0`G%a~`x>)kDk20wB}xgOyv~!^B+L%e?PC&M&!yadBAEvb{?$&t*)K z|0^}P7aYTHOy#|tH+SXT^*#9XB5D8L7J$O&yov0*--)^zlZ9z?1d@CCd=@>VW=?BV z^bvb9nZKB^$vgXWXU&$8AWQ-0Ov>2-R)>elb7R>7ag|bvstsy=o8G&b(c9hQAaa{t#P{9!CChMjiv#M3G8f37jNEbO&D?L{ z5zN*)lr&@T4(iSlu-sS1!TxQ*EO?abe37|1;T;Q!>+sspC%GCb*)opFeVK%0y#KT^ ze8E*@ngP3UC`}`(c+C_Y9+xbUfWVYB2rC-`~$L;39b_V~^-X0haUtn@Z?hLq* zhh+J_)kKJGOhxbiX=z~gXkNe^wbrGQC|}voQBAtn_v_x_wQ+gWphaNkg8}i;VS^lOqYR>eQ{b7O&NtfLW9PU%fSDVYO@m_wxY)}uC;c>)% znTZ(Op%}ekUK_9Ko4|!;iT6{#c?ZYEuEvblf$>H-5-*dBd%$vBH3d^#GFZU2;GRe^ zT3xF$n?VXEI;|p*@DHcfjj+4qTRC@GdCfMlOrzikCX{pk_HoABkAs1bVYybm$g)=^ zKI8vXJmtqQBBsSe+QqhXw^L065G+$^Wn6*GKUK$#O2BuFu+?S^~*8JwMT^7ydllw1f6!tpiW7-QKDzUH!AeJz8` z3SB?*NZq2}E?vVS%)t!}GOUxS{Mfvb*sjMWUV{6bYHTHojv2&Pr?HMjmu;7CetNFW zTBj0-x10iRWRdS-ED>u6X2}W2-`eWbmwENW?7&3Vir^Jppj~G7nxCXb_?+!zcmH0b zPmF8m0j(VlDZ`HzRzi*oJTmt)BeTP;OqZ~R8p)24gqGQN6uNSW8rV@HT789*6nl}z zsF{%UAc@b7(Gk0-mxAfHrK+(8W{YVYd4p9wnn?rlKfcGrpT%`P6}##u@f-UhAzmAi zw4ZV@!x#`3;{v-ALiMTV?L4nNDw5*L?}>Tlw`J$gd(YHc|5yy#PZ_NCBg2oOb3?1q z6!78fwS8@1b{ko&wf}<=TJXmakU%>|(SLhr#*`Cdyu+Evnh!XZWMoRgWTxv2SYKR2lnzq;MzYaJV$ zU+K->q5qh7-m$J})nv13jg4osI&sea_2s@MEux!Lkob23YEJW!6-x}&%Ef6AH*$wj zV1Iro0@myNm(N#QGEhq7mcqV=F8|D`Rhtxi%1o5ab8VC>+MTgta3@sAHoQZw5ew2D#BSlWrH^ z4Z=_%>x+eKD>)M2VIHeMZ((yv$Mpea7RhdT52zJ_vB|jJTeY96@u5ZGga*qT={YLr z9`QW!BHC7*1Vsaw@vY?E3DY_EGBU3np zIB^E1yLfymw!QVpuBji3FMu?&)Vn1ZvITE|7?7IU++rmOZ>xH{c3Di+(YXCy!|Spv zAKlc??;J=GR==wGA`TDkXyFT4@3TwUhg?5 zZj58USyvs@b7+Q*U(GlufcfOlKq$F>$ZS{SSzXO(mu&G4fhuNQfpC(ITeivl$=rCN z?!g6_t{e-o7>~wQT4B?W@mzb#+I^u0P3AGPH(FtY#!{9qrU_qhx*$O?iZWfl!zAh! zxDOY+Hw26`^MCylqhxDAnq8=qqtId-)MM|Nt}%( zia{`WQpX>AEOWw0Td#tsA;fJ&TaSvu>5WPPl_CQStM?|(hpjte3>iOk-f;!x_8JYzI$HdGh)y? z_^My3Q_JBikHB}us$Z$(|AJY%k(6IZS-QuuT7=cHu}p%!vsDs407qPbEkjw0W8-2N zd}BJaz3^dBC%cqK>ljQ;)~Tg_1`o$csAvGc1j9pg0Zr}2IFw1JMebJLqjgeQKwmz7 zvxgpzw?VXhN8P9=jKmWq+#Y9r?4?Nm;U7&T(p)-g=ewVgFyU#LJO~deCog9fXr16| zT-A|DsTMAqA)}P&rH*_^i|Tx+CF*5-{oBm}#%*~=j@4=dE0P-OydYqsdL}oqCV_Yu zq*hT>BpY`6A?S@Ye}C7tX+*C-<(X6DG^tQY2 z%^0Jn1=WRInE3FU98nH=)-391%6zFMeotmZl+!rX$+y9lbm$0|W75Kola~SIT)TaV zd4IF)CwFVA!6x{jcKPy_%*%CJDFU5-2Mr^27H-p}yCpND**KY%u(q>wtp!sY>@6(v zV(rJq`|F6)H;zeM6xXq~sZZiS4Djid?>HEp=RM8#TaC|hX~g!oih@H!4)ixt*m1}# ztvRVY*PLc?-+VZA_)1zqU=nz!e|AiKM=?$g)x_?U?sfPJ0j)(3cqG`nnm`ZxMA(L_ zs&vKL8m%_;kv}a5)atb@zD38Zri>-bDvm6`KmAc`&lKhY)7JPg(L#xV(=oAcus6GP zj^D}R`+8t#8q^6gLQ0qng#Z_+-O~z@ZmL${vXb&}Kp(^6xPl{%E8b%o6Urt=ZF$VZ zOq7WpJxmT^>#>$j(Q)LQ8}XJM;z140(jrrLQw7(VJG&Sszr5bgqC^m)SY(I3PmTR^%)F#sq9}o}# za7Sz35}W2En_F0Ddn%`2O?#7L7#Xd7H;ZiefG5 zN+RJKZ2ZG&hkW#@a24R|Aow{chi>6h=8Xy>Cg8}VU`oms3lMH7)5gP%i0kvdLeJ9{ zRK2SC)Zv}4cC}t})9+T#0V#VtNB0McGB54ad|iv~V(93@E%x}xn93oyP@~uMFHugv zxQ<8QI4?9rdAPN+r&>JHn8Sw)XW9elI~*A88lu7|`++4eZC|vl-HX|A+|v8#C=E`Y z6a>RBr|Fem+G0pr2*0w_BS6 zLO&kA4t3%>0{Z;FRM-4bb8ygw|QngmTQ+^MsMh9 z87)oO)2TM$tV5}~))mf>F|IJDJ1Rb~u!jKkac^1*7;K#jRY{ z1Z!@~$;>Zo=H%MZgMSye@T-`KbGJnEz*wJ9uez8@&1I~-|MbQzI=_5aciSBr*5c?2 z5v-99-tQ5YXxX&aTtK{Qs-1W4^=Dbfv)Ksq6w`V$_WNc6BY*REn+*%axlp#;-Tfx9 zRkfbD&cixR%wp4z&#Gc?N!_%>*j@+s`dgMFhRj$}a3kSgf)P3K{JQZDCKN%RIWGk1 zs9wWph?Rc7&9#C)FgQ?z8izBYp#&_e+`aBSMkb+&ZOhKrV~JGKedSrGN+BnhuB}4? zB8Ve+Dfe$jNxguG#%po9q~%+HrcUK;kq7#{gs$^t?RNOjo)IA%;@7&yC&>HQ<;?zx7Qh&cqUH{|G|q?^_z`yySuY; z+|;nV4%7P#*{LaXCRyId$>^1`+XUa`xmvTKGWtn%GzPY-KSnOsds0!0#qqc6O!XJy zFuAkzhfxDX23iJ8-&?Ah%c;!#k%4r@n&r?n=)0bGlN+72!BwGT1x&u+`KHOEpj7%o zZ>^O*mN+`e)6g8u_`**eZ4Xd?b+*qMe;0adZZG!D_YXMowu@?A7I|m>R`g_eI%e5B zi$$Wd#&VIFD=b0?PYU=HqMeP?PLsS1FvYf_uU>sdyGMa`4P)aT;2vQKjvzU?m6rG$ zd*K-uMm&MT?(H4B(o#=nRs1uxiy!C26b3y|(gPd~Jc%Pf_$65P_yjNQV%77l{;)2+ z+Fs=QS|g_+*CO~BUh$x`hrL#RUG=$%Yu(_F4@ULe- z<^a2fwemXmmU!pu`Eo(}^@3n&rmlDi-2)iWkEVYa89x2&&M7+PE%Se#+ZwbSVE zbGwB5C6RgkrOsD!RZgoy@E->m^!o~2+llc4>gQ8~!n=dJ;jVu!!%(MT9;70&H$5po zIW?TT;7zVN_&1C8H#N3430_dtja>-tJ)be>4{4wL04NILYd-Cr#Vi+u)`>nMZ~r_o9@LcVcxj0b)7aAr z)Q}>7xq$+94kWru|0oeqm1M!~@rgPv)Tq)SMmt5jty*3o*nyzC>7V*B!B)>Ynz3JO zfIn&hRv|+G9upSGWEig*26{32j5^Lq{P&Sv=dk-c77@diWFrG5^N4JY(($tzoSjMdNncL1RL{L#&LD~u0sa`HLWiH6 zoI8Ps-`jVot;K5tnXrMEE34B0Wfzspc70MzR8M{^K~TMpUL~R2kVdJd)(pBR!faWk z#22LZb;Lq2YKNS-QjrLZ{^ITW$T|Lu@M6U_6cxMfcYS4*&NnO+PAN;lTam%PBC>ow zHvzMVOle|jr&_2zeUQta@0>F6VnjlON=bsYzdwGuMaaY@s#m`(5q{-j^Oid}+Mej#w4@0wB z-Am&f3|Y7L6XfSZW;Pa^75_~`vZi9oXUpSB}urg~`QeYLW4 zNeG!=XW5@xnJj*f?^P<9m`tE7VV?6;K4O`#4EH(Q-!mrE9Rskl_ZsJ3 zi~)F}as0d2^p8Hja#4_}LFAninV;H;A{*?;5+DhX89`2q?S`Uj@=vpAFsMX{dz|YE z$kSFZ3Y~mF-56TirV`WIm78bQE5fWJru{8(c)UNjwm`Oti;YR66hSrcokvWuB0g!u z9<2xDQjNMtb@1=Bk(1En6e(&kr{QA%^cwWF$bA8DtTv@U7e)7*CXVi$Zd!P7i)Mrk zBy<)mRA9(>0yW%3>5`UoOe|!B(EhBPKik^$^H2r`7+zO>%XF~r5o>|F3GWB$4q>Ar zXVb(;1~ARi$*8il-^PdS-wt|3F_$UZe%sJjU(I5J0H73lqeg-7TJu^+>2o7moJ#1XXT3!R<9CJ3(eT3fB!Kl@#Dk%32`$PrGLx#`TZ1Ac z!-jkB$cmZ|&ebAkJvGgm=0m#JuLx0&lIk=o#PXcGZ-EW5ME6fivIg=Z3v%d*!+2i& z%HI6=p(7iL^@x9UkEZP0E85!0uvRm6;rKBXOT+*G4iT0b+2pkA23W= z<2~B6RdCO+&NYCjZ$|?{!S#Q^eiF2QX5V;k|4bM9Q=n}RTi@9!K5tr$JPKxiir4m_hWnY zV~@snzEI}J-sC85xI!X({Hl))0|wF7pYb1+C=QcnaFrqSt=}|<`C0Cv!$!OOf#<`P z_-rVXNf3^7Ue3K-4DkrL>C_0H;Mru8a}R5qy8nK+EDSquL6}MdP2u_GO@Mse^82TP zTP_A7Fb*&V1y(5CXTOlcu;A83J5ZvCzC0W}PJsVvve_=d*?|XK)K`0l)xAw!b)ps{ z|FbG~j}-EJx+I@VJuf2Pzl&E>{vP}JGp+L9<$l=8qo{wrue{em-9Ka5=R4}pcs5Km zs5~1i3KHQ(>spH^CDU8{+k=}Tmn`@!<@z^*Kkup@ou>XQgpSxJFRHGjHL0`vxVaV; z9PkeL|NLZpaB`wVWNK0n1zgdkqZGRVr_TRA)a&G7!J(@`IB?hh`#~Q$r=-xx_tXZM z>)|qAA6rO8J3Gj~c4vrjH2zaZnG-{>%MvxW)RDN8-??Qn>(lL@#ws}CP*4@Dmp`{# z(TVJ%{9VC(OzJZA`|7aCIYRqHm*D)#4sS#0ZQGsc&CWx4{C_u7cl2eOL`<^8`x+hV z^)_>GfEdEQ>T_3qe!OZFA#y7Fcf9LZk%2NdmCO8_?b1)RXU}pn(B&x8Z&C-en!nt6 z>=ys`rU*-d6n|vF`vec@W+u1p<)((9-9*lR(oGW4FLh;ljmj(DR|d)A zzU}%zgF~08+p|0t4u_`|YDN6}vj6I;=}foi%YUiJ^~SusUpjB&Hz|Z&H3i)=5N*OA z-=0DCZMhBmaYWCfS}$hx-q;-h+7&E?>pXm54Ic}j6Br5}zPfGmg01{)p1J2iU&L&t zEP94|!(R>oZd?u|BqV=p5TfN-bw4FWUb$hL?(<1`F&g4EAfz(`kc-%H7_OWq-9gr% zw^gkZvXQ{kV0q5^o}#*n3Uf9=sqw$3-_hCcCfpfVd%IYuEVu=GH2C@3;BpTo;W>r>h*=11;i}gzZ%LAFsQ1CMmXSKIv^s_Jou#ZXa6N z@Zfg&j3i7#4X9X00zFC_&~#C!FLokr%-XmNPI3_PwfyB)C$W0JJpG#9)^(;KT?^6n zWf1Rfxmo@vn++ z%(CmEQvaW2z?-z)a@;;Om*#8V@o?!k-<Ly2asp6JBRE^)4~{5qQ+aR9EE~(_cL+ zt$6I0-UGHwCZL-|5*A800eEQ*!jM{lNTnrBLO>EPx%c@*OlBqrV3>`cQWjR?b67bz zkkqAsgvBMmd@Pp&ogvIe&K8fxa{>9OH4{WRN^R9EGU$1NcN+LAX&&kQM@}NEOH#uD zn1BsJ4tTs?-T*Q@r5L_>nzR`(3OTOqX6J}!XGghSX=oZc(m^o7MhOor6#s6t5^`p% z_TSS3?)9$?*_}?oL8f-JhDck(*AUq^(1;FzcXqz{_T($ZOW1Ec&EI`GtPS#0@38VT zoW(n+u0JP>2)YE{w>QZ8ysy(aN~@C=yEboYf4MEczt%Ol*ZkrDZ(;SpBc0ERxH8Dy za_6*M=*Om3s=_wB(KpdeGh=4YJz&9z`^e3JV~+6wU=1e!lr_9xWzo@6WuYoMBV)MF zu461=pN@9RMIZ-#dAvB1ywL|^DDcM(oT2}6e@ugoZeqD zC6HgQK0Pu%SCfGmnYI-&O$y-zcIZQaN#-gVFMP0W9D9xJfy>N|TRRHC0e?N);JB4rqT%MT(jG}rG za@2AxcC!|U^I5M*?-G)EZy2!k|WaIEb5@pf-dECMibmyG3L4E=2eWEzv06Z+gI(vV*5H>Osh z)`+1B!pIX0#lzI3!(qKqc6kKIB7oLJAEQsfhw&s~m6FF{MFiXlJ=+18lB)ko9!66@ zeV|{UjsUQ&^Um-@M>LSOx9r4Wqdh$pM*O|MP+$7EydN@61+51thE`SOo>xb2cv$8Ia5=Pvxzf|&Q#Yvo;&Jle5s zVyl?ZsP8tvPII+%#BzT5n!u;NNj5IKK_WqAkGhVBB*W88{M!M0(G<9zczJX=z4>Vy z0=ADS*|Fdn?p6xf1ZTO+ z&U|{nTi%{tUbOPX44)-Lsc6A*-Cxn9RK0N!Z7#&zOJWq~C@(o&8+8~n?f3tO#;0@c zv-g4DP|umv5yWc_@>4zU#^6AW#hXr-`A$s3zx+8ClaxocDw02l2o%87Ef53>iu!Uo z$cWMXRW0>hm_#Ruhmg)yYhw*doTf`8)A z_s{gh;23y+cw7u^u+txljL*^$C$>xWZ^NQJMyob0o6YH2I>;Rv{F>wYuy5o9 zw1)ofl#k_}90w%wL0P~#WZ?}%6Jt-W?BXf|UaBnU$S|V%o_9GnXzd^iyNt$W*pbR* zPclFqJ1)oV1C9|a{U>StU@TaEiPQ2=HsWPOb=dOp36KIbOA?U&K}9E|NG|uamQlNy z>(h;?LG-zOEGtFI4KJbYHve?D=wIZ{zpFGVa}x7M<<2gIei&VrK?vwvtlgHbHZ!u{ zq_(hNp-PeBC?DSRhqbjUk>3ztAoo_^F;5Y&rYZZ6&wqlUt2(@sB?kC7uw(wYA22^b z3;GuyE=U)w3e(Rs;%x_7*FgBBe6~eXxRY#9^24DW>>mCXT3+sJ3|C3#ta{Jzn zcRKIu>fP&-MN|RQx8=I^lZk4BV%u>VTSFWj)4Kw;UMF2BN@{EZG*!v>{us<({Q7#I z)0p*df1-dSm*@%~gd`d8S^h*xVNd9i`9YJDlXVq3na^|I`h7(X3PCQF0r7}GoX4^^ z0_}SA#nQ_5lCu*O&JZU{*5MT1QuG1SBQ0v@7|I~vmS{OboEfhHy_Y&eR{ar1*@bEs zpxP?k1Bs<1XFwoW(?&!f1|dp1L;6EdZ&f*0UcP*3Ny5E zhOMSfpf;a$W0-IJ`l<`*D)-MLE8oo2Oo`%}*2v6YtG+D7Ew$tkk-2V!_MndBNJ}Tb zIo2cFE{G6M;|zBmd&9ByK#2w(KWj$?{s_P#?^E=;+il)z<=rdoxDHO=Yw{iPIW~ltI6$Z!r z1z8*4_U?u`=f$gJar3^7?5BS(O80i2=u@NGqQwQVNsnBbX@6uhclY(dd~NCPCOYZ! z{W%WRyn?Smcn8J(xKz%tnm0J8?<|?9&o?l@*?p)DeHlW(L&=Shi_BAJ^iE9;{Z5eA zWBug>$XK^foj-oSE8{4R8x6ud!{B*C{E`~2yJ(%v^vxP}KS;##E3pp(yTDlv#Rt?X z6#uC*V;W2{ryV-1D3lDyYZA{dXRnjE23t{NHw7MOx@qVJ0#zx{ttF@T7>g|GTl1zP)U{l$!Hj8WO}c|KEjzLF}}Yn%MEz*cZuD!h@@YvWf@I0Cxp5%gM&_cz?kr>bw!x-M z5px0l!uIT7k( z4mgMZOE9`|h{X}JhmV$raB(vx)0)<30T4Yh6v*}cP0@>IUdLSS7ob_I{o``vySBGi znwrOs6x^B#0mE>=`a-5Yd4_=;mv;OKaJdtSl-62*WfPjCqlZ;ochU)DUk*tBVqW^W zFU8cwmocLfR3m)cs$ua-*wQ)C)Fo~ZnL5F-k~@l6B7>h&7H>^y#|qBg3H$W{p1LLHPJBQYT^%=!e5<Fhhs#01)5amye@q#aH(pM@_qR zmk9j@Vi8z^jGPQ?q@Mf3RWaewLK9{#Jj9s2tJk=vc}$w;a9p4;4}Z7utQ^K9%<|9! zNBGxLIhge2jfXg;&-Hr1Uz#0*KEM>ftDG_jSwp9WiVgE8*{mg^jIeLI`L`S2CLNfi z;nW<*Q0XIy8g7Qo@^74ebv7Sw)39l~XxhhUIuLcp>R@jb0P-NBy8JO?J9aTm@rk6 zylr9ncz@7-3<(Eb(Xy7bmU1t2Fq>nxj!bosxCmCpp@`|33?09MROAstT-nb~Yw{ zMUH7Ka?HIOG8+J_43d25pqLrlX*g1^)w7s;?-B5sGMI_Df1f?}*8*rWFl4=D^ z4C~a1w5Tf7#ylSgAQakF@chEg3YgZ^pZX)gwmsg(w!M#p(_=)0Z1lwzx1HeG!sfLj^+fpE3Npt(63=NpIUs^s#7!MR$W_gq1u7l$3QCt0 zHdxR7O2^HBQI?XjkIJlko}{I++jJ-7g9iPhBM6m!a}MlmQ>D6m{b&$5_<~HJ$S|`X zQesdDW7Fb?9RC!0T})*oWIt38*6#r>D|tdskKOkpZ?3>IijCe(rR<8=$)FnbDS*3B zPH_qtaS^ALM`VCu!jkidejye^lBEmh4PC&mXZuh(MOLUB`J8)%st*4cGBu7jXiLJ= ze~=`ab*=4gMQ~BMz|_4{I^`=Dlr;8T5R+d$up-iRn>qQ44=KrRhwo8zC*W(E24lPE z?yb4G{x%6kI+9^BROg3+NxAwGK~}i2*06^(s07mr1T#ynvrV!Sa!oVL)S<*Mhx+3j z&tyuF&)4R%a=p_J+lQOMnQ}z5TeZlNr_LN^ql4Egjfsztp|RqEDmyx(#^a4UfZO11 z?-B84ySt0EwEtr-;g52l!LMdhK^+Gs{WrSn7P*5i8BepYOPa-M3@(M&{Q!=Hi97gO zhron*)PKn$xOGO5P}g-fMFSGPTdkH|PvT5ZdPI;=MT;%5wvWCc(IB7VZ@F>?Q9=|E zKp^ZKB^2VV=@aTb@G-OBPRHX#Wi$0ho3dY~r)FWhU1*$1pD&ZrnmQ!%&dBGsR#9sa z7zLF!K+NAe=uU}ae>(PUmrar5f0(`2r}^PVX}T-eCjxOAB}^i7PqzB=-Rd^F0JL zc)f(Wspyu~V+n|vNb9wI`tH%i+|rnc?`FqHhTf>K&wvGqKyC6F`=q7B++1f%P!oCd zNL9J;p*HS+sCuigsQxxwc<64B?(XgyDWyA=?k*{*A*4G5qhWOFZqWWAn2T$~8r2 z2Twv079kacg2ccKbrl&SmI@Lp@nbo(hn-e)=f`6m#6#EGA_1ZFeTAvX!YfznC}R5t zKkoTHL~qa1T|>FU+AQV;6D}!#BpSO1e%S`^doGR+eCLu^^M|x8E#F;p7My4-VKKfN z8hpv@iYBL_48#F55B#^W1k?7_t#WYi$a90l^q|~iH8^X_-^ej&gdDS=TwYbExz=wV zm4A{_l8$H3F4Y#{?VF0C9sM9By)*vctl#NUS7j2$aFBN)aS;s2PoN{@HI=+|pbvg_ ziOOm&#|xi|0TUI-tx+D62(|PhBwC~2I8SlroWQ5T$`cC>qy>b!L2T<3C%RPr$6D{Jw0T!OBV%=JmNitjm4Ln zAiJ2#0fQ(?B)uSRs<(j4F?bIiCF^P`43Eym$lPrZo}U~U^2rYG$%RQrsUsY2y2vCC7gdma^ezQf_t!@<Ur6o_X7VFmN0S zNw6T$n~MOk-~*#ePToo#gh1KSL3#2Zz0fdJDT$3R?sqbz2#n2%*bsVIz9Qn<$?98@xPbuYW9|UtEcl0Ie zUI_m4I8MN+o}_6Xydz>LXTlOL>#x}_czU6XWVj@-={;!}MjLepgKShpbCy2{-$e-R z%H&x(SpE2o?AE(fS+lor8E(+~1T@Yywc;h(O`^KvQio!=cAq^vNBnyy#3jd1`2z0! zna&8`PBDUymcJr@?0a}fc{d5mg>Ux}$R8=6PXe3pQztSHHH4ZQfwBBP2{j!pOT_&= zImWUbmI3ft)E&hZi`la1{G8(VECT+~MKNRc!Y0CM!$Eqt`--eHA$p%vsyi^Q{~rO? z<3{C%8Ix(Wx4?Nmov+9>9B0KxV&JZ_oE`k7bub5tC=~R=iF`M_l1@6ks8;GvcVHlU zPlG|MPbjsQf90*l*Hj0;G;Ho4tx021C$nXmS5cfE>E|H0g`W+Z(I9jpGabLqCAYZY zk1Y@TWIZ_fq;$}niqEJe_W9u8efkc~N%VDn8`_by|}LnVoWjPxT`QZnHBw#(@xli8|1`S$%ufPcA0&=j_4K z{U%o0ah14saX811L$OFjse5nP#1%xHL&dM%L5#AmM3JZ1_M0VFIRe(ab>o-&wC4ma zY7abHAsZf6T_rZx$Hiz7TwSNaJOdOR?`Jdf_a#f zfqnaiK)|0V3i_0tB=P>+E0R+C81ebgeb)RFJ^dexR4o6XIi<9(uBf(CW~~&W1_RRA zy7QcY${_1ZuTh|=v$}tiBmp9zrjC^c$_P=15;*n1ae}Dz3ylcC~&I0%GJk zGA|Lkjt-yWS?ZZ&^xi&~p^Ox{LFlwFA^I(q*=BEKR~vklqk@wTk@zMRzA;X8h4 zJXgo|I$lJSb^~eiIH1?D@`q|tIq2YYFskOTg&<+gH&=SgS<#PR=fu|l9T((Cq#u5Z zUoS|9bC}7JJ!tOtGVqg`5!n4qpcX+CyQ{PPQ9X}M-ETvgD#n=q#_M8C(7wq4{=>b6 zn55`M@e+6QK&60ai;K^&UIum#DQDlGreu%@`VqiC7$msV5VieEe>{|K+8#~g80z)L z!K9RUzBPAbRT;en^0933NCJFciAsRzP?5O%o6O>HZug6|N+F+$v5B3qsI5^su9&x9 zh8rV+FgDma*I$QATIk`hf!`$o`n=%Dj>LwvIRw+CJRbYi9xj5U3jR7VUHa%xLvalG z^jl{%L45f?k6ArFHD5P|a^oq78~|}b-4>W_hvGuJH`l0Rl(@=#4dD6jb-`jc2sAaWjZ{2oYHjCJtC zXJyA?(vu7e>gALAUmONAuwVpiq~Pw?$gP0uQxdF+4T9@Dr@nSED?}if$~ILIXfo@-6!n?@aKigTW@Ebih<(o1R1{(s8n`Erb&= z$<|5z0fHWtA!4e4S+nHlALs6>imiuVf`trb)f=-^mCS*)2Qv2Q;_Xh|s*eFZcr@O# z)={%5y%6~H2w1VOX)ce8tNfZb!?Gu%=gTF}>colthT}OOFpFrBb}B2;-;q_F6%(jo zE5=VxnR$!MUjQ#)`(W=-J7y(CM4hm1k}wQkzB^#Ua1<-JI%#_g`*VDJ9+q~0`ZXvI zBKz8*lI3?kT>r|e>5UKA3=+ah$v0SyHTK~DJQR8@V%-Mr!5PdZY%@Ju1SXJ0M5x{u z*?-0Uq55QGJUAxkWlF%u%Rw{*87+Xc^3*^Iwzg&0Ymh4O4htUmfBh`{J)`RH$m#tb zuIFHn0V*`Fmsk)QGKlyHmjIJxN|5vrAueu$`DmF$R9>aE<6GMm2;2rsVxRz+?*RW5 zx`B_%fBd>gU1UBCcz8$1#bw?e9RVcYv4uZo4;%=FyLVR*g{yzx8G3F1nc-IX1t9U- zj0Y^NGXbBl6C*{S*~W$-#Z$AR9%hjUQVg@csj2B~m{f$~mM^j}Ngra+EQ3?j(UO{~q?Nh@THw)xu)EK>k9UY0LB?X%+ROyJc=RP>FTu;Qp zZWil2b{9q!twHF_E|7+Id?M)ibFS0!j2SZtzB*munB*)EM=iM@-N*Q0y`>GkNf}`g z!I(RA4$GX3&=5jTX`2kSFl{mhgiDwN5b49~u55i__bWxURDA2TvKg_Nh|rHtX&ILfKITd+vbs|6mPf5$JOyKh*>ii8kUL;Qs)Xz0|L*fQTY?Om9+u%?CMZEf8HO+-7fyT21DC6VD&&;JvDZ(P;@0-r4TN zakzQ|P9s<~892!nbK*ZU*`AE!VIAt-|5S2OP1~I*b+wrNJ1d+8ud=(Oaxv24RZg)a_rzk-m3 zU51K^-L9y!Y1s%m4{eLpvBjGgz7_m{ftNj8!!ekA(^EzgO6UMTAo+YNJzs5DA*e&6 zFU$2e2a94Ae;-aYNVE)SAQmlD`di6a z`K^2bibuTNou;cqfCdn2l zHuD>kDFgTRY9@~qs)-T0eM#z`mKTU;J48_SADkrSn<+kwyHVjI z;dUbDyb3fIE5bf=Y3z~U;c6AEWY!tKdp~4F{vZj5PX#fLa{+3R>|l0gR3+!WA>P75 zBX1LGmwN0xg$7s{lj(KTa6Vy!)$^?jDRf*qBT_%klBmyEnMoUGaLLRt%v7w%6n}xs z^Y$l-%*R|e*HUXeskG={GZ_$H_vsn!!8T=kxH_;_Il$0}pMWWaUAA*Ewulq7>_ z;*J+g+x!I0qG>eo1mnX;q+({()bX4FaNxn54ZIJY&aYX=eLhOOarM-}9N)h`6AdN> zeHJcyUGXSA9rnveAKr~@(!zLnNhm3SV)AwzZptgFr%m9KVHu>MA(|AuEaZ{$^f&M@ zxdcZhpeWx%XjMb7`$1L9J_=O@Sg4>cl!^%2FGKKxoL=>~MfrlwkeDv>TGVvBKeI!2 zgvL;;VpdEEj*1kxZWT*D4V@FznR01E38e5n5rCbihrY`JOSTb1yoVmng$byAKP~@&8^<;nX$l7h0bGFjM)UAeWdvOFW(>p zp@EaEt3FCe3y#r$8VwXMC+gcjoTcv!N2gqK0|r>7OQI$k}n-jnF6kA5z_0JrnN=OVRk|3?%Qnw>(>aTem;N4-&90 z9^N4$(5}wN{YmUX;?3MLbY#+c2%BJV?zoYI##^;p9S=xoXd;fdOvLa?D_IVHa^mF7 z66OMdWg2P{XDtUUM_il)lC5q$c0pa;3!`L_=F+2AiL?t1bAtP?dQ!w4qNyB0VBCPb z+XEKAtD}5$uMP-k!_URLtX^TCp%D#yrJo8eo?!lavEhYF=_ZYQ4MlA;UjNAWsemvW zNOA46iiqT>z*kZM*W!dxF^GFnLt}VDHxr zDNDoRCGMf?6TK+=LgJdV@cp_V#1Sebs^tQIGo7){C7!4EKg11~kK@U#s6cQ+FESs# zq_U3+dB<`4Q^)L%X7Fyy5lrI-tbfFt3t(t*+SHf3HLH)p8<16y{mSEie>s)xww2s7 zth224gcM8acU^gF*_*~6@q+<`wIwEuN;-6I#yFIW;6~>7{IUv5AFnOsZ6jpY_|^VjCOMK0VTG zRIaKpUX=Ht!a-kY=%C$pidCelzg|UgGMLy>s^BJvcwe1HOk-U;6{jMyQ&pHBy@(k+ zSPEg!{dS8q9Zb%|Z<_m!52^hl`$~m>^6){18lF`LQ+UmxF^p88|2~^`J;MYG8@BwTO0QZfwlHm zAU77Q1pDT~I>KhJf5?M;q`XP?Ed|5)$MR&cQc6n{cmCDvkO74%=$rB~V$v-1#l ziM{DG;J>Ug?p__bFc(1JxZ?m4m~yApW_$>4|7k)RBy_$-NEB-mK&54M&zQ%U{j0$Y zx#tymYtmxYsD6`s`GaK;v@tjY@4b!=)>M~$O$L%6fzhC-!7WV^(9UdWR?B_LVA@2= zb}%l!KPqTuE12MpI0jaGnqn~zP z0KY`r9m(NG7)0BlWD~f}n*ryvHAQ9o{T9OGN2DB4W=;D4Hf}&H?*d76Xk??I*MZBb zkSG!R#;8*Ig&|wqlIxwR@fr$6{`>)*78kew+Y1Q6hf!hVyS+>9_0bbCon$M=zI7!u zkHfjHVdELzx841F$z?TN$Awk6={6Fcx-5&>tgW}Cz0_sYadQK5_D&gmjUTCW(%mP3&WY`xoxctCgk=r5z3h#L zvGPTG!#24S2EAMJzgbyoL_eZc(wG$M>!m5tv8oupq{7$ba_!IHU|<6-PUZYhRDKn$ z7at?;$R7N#&TmBFb~G*+4Z=DpQv+s|HZ!IILw5DaQcWkLgeO}g1P?Lb8O0VY3M5=w zA>=eKer?-(xh~h40?M7LlIxYH%ol1)07(Q|*B#-OWzN4?PeqxULG* z#XSWz?P$4*5v)SZGVPZyJ?b2(#+x#0eG#enx{UrI?ifN;RdPARc(J>Tlp0A#*4f67 zeu1qU0|86L!*RQ62xt10DG7X_>reYfI8!-L4-z)>8E^zOQ~y7N8S2t=kohgG zVAA?A8Xq6u#u53E@9cx&|A$4MAYVBy)V{S6Sdc#!GF6N1=k@@x2|vh?g;JN3nBopwVot}@w=SFhdEeJvSP020bnXeP8xfrcN z_hwjBo|ma$3b!Z*j4KIw~`yQ|0pYpGZ zp|u4ASS738Y~G@vpw%bx4(3DK^zxi63b}!StT>>7aNK&m=YuiaZjM*j83ACbFDTvn zHr8|kkN+24k{oJ!!<(+EHf|w1Lw%nN(i_+R13QfO6Wm z83$Hapv3A&a=;)MPq8$D&JTcx(@YVfHx41Mp9KapFKje=iP(zOWs2g}eEmXIrVWL)q(!gKbh)hPm~T%$SZR&&)NmZl4Y)6ZA~T-@0Eqo5(Qc^<4ZcXe=2Vmj zpa`jeaE<$2F93OSLP{zC=cLE=Q^N1{-EFvnEYcUI4&TnP>thalgPTfE7;K9lzn5Ob z61iA3|L>O+q_qt$XoT4xsR2AF#*-kI>Ao*$P5bSrNR{N4n?=*|HX7=Pcy9>8v_x$^ zjCP3<)}vUfC#Ue1fA7zYx-?yHDvIvz;!# zX~%3oUW*5Mb8;NXO#gh%LUU?P)&av%6xST6l^qkIxH}pF?<8o+9mEd16`T81oMyCd zOZeg8jf4EJp#A^MMf+6?`2Tyimm82NSQ8nt_~T5{xn9}+6zXzv)CQiuk8OK^?tc!@ zYhZu*NsfreSUnop=5bJ>y@`ZQlqVh1cCaYsl~cK5ZPAk}jYymV$;v2;o6T|GItc1~ zar^Rulv>JD#bZpRntH%;^4+z~kLA&JGA{_zR^c)j4ogf;^f%uVq6xJbs=7XxGKfv+ zdcm9@YH~gs{)A?IS!1$dvc{Bx_lZlO6G;@D=Q17xzbdIwuK{ z2Gl&u@E*mJjTDKS38gE0b3AEis!Af)sO5D2?36+8D53lE;gnCfSa+X(Y? zfh-z1=9}>9{GZGV5AjcZ637rzHZG|^OX9$>xgJ;u{D?dCmk4BL8??OGAiVy*J}LjW zt#<`v;8$F8=LBf#v3!2KGvgCm?pLzTdzHQbkTr14%OBph?0$tS`w3Gj5VR+0fPf`& znGgT(*5azzA4SyC)RP283MC2gui(}TvzSPA$RnoL+<=}GpVU4S@t zsnTsQhIqQ#P_z|rs%!&_ZCpR%7)_R!SL+M0RO-|EpbyO3)zb>M6Ie8@;Su|Q4dYy0 z5Uf^Klu0j!;Ii5mMxgm@#suwV)j>vpO3SP};OUbQnM@oJx6}iq$CVBTx5Fl$Z=UIt z#JRRHZJdPYP@`&Q2C&?FSm_I%_}{Y$zj=-VRp{FUM+01f zg1T@hJ8kZ{g?w0;cB|9Q5_w;(nLiv++-ezwsiKVUKdb3&PuYNFWrKM1BH{Pf3to)& z57HTLS4g!|6spNfkQ|IuFzokjxsu^V443O_iW=nJzFco`a&ZksTz4?NiagZYN^-w- z8s!T2{K`0${Lt)>I6bXV#bbRN1V^E@4_wp2emGg&CeYBAFc2yYv;D~8tF1u@8=!%j z_QKiC0SXZy5m^8)VfEe#{X>gDc+*n*fi&ql#57S`TiGS9(p$^zw?GVa^Cff)sW9o> zt+n1=S5in#cG3$ZpwRPf5UGF4m!$%SjVh3;MG%BjsfnWS0(e0_Nfs_X(xWm#NH9q0 zVm(QyK1e>uHFN6Yj4|LE=+cd&04B#g7v}$5ntLNKJwb+EE85-ZSdxz}M-fP=!iW1= z1HyaIN%8Zav?4D+2>kA-Sv)&ZQXHK3ZIi|8nv3dTSdSSP-S$ydqDF%51BuDo#(zyKScyBT1nQUbi8F==9?JfXg@5- zEqwJY#9RDncD#qvoT;6!F|KJaVI6GnzFxFGu&yg{yKZ~+liFa)e4yw0WWTC=pr1X zOgEL<*utfEO(n|&5w@&;uE0LW?uPd$J{(orE9tm0ZunK5v{=$)!Dm|z|C_CQMhXrY zDpwAI&C0Y#emOqKgJl@|JF}a5^$%Sh2nPw{Cgq)5`s7hlEe^zPtB#!IcC#)%eI9A^ z%}Jntm&0sd-KF`4(({``_IWIytP-B&Q_ux zYSVxv_tBhJVC}JX0g!CW4!~p`aQQ^P5r4XzX=52Bcr~QiXxksukwLx4hy?w!KmMlX zq}~!(!@KT{uxFr57J67g87#Zce4Yq=);#Whd9Ed@^?&fpKFP4o!D;@*(XIqwwq3O& zOGxjgR@@~n_YjDy;~n)sLraP+$`L9^7W4G=di&~znK3V?q%^gXi9Zxt9W}nV8w72yfnVQb?(PVz~ zE_Vnxfa}~w-{Vw{7uOQ$evZIb&1KJAdsb`qzw6u-k5QB)5v_Exk})D1zEn_}YqYpw z8jJ6>!Ezzv08G>vAuhib{H~JWbd7w9#U4-lxrxQDG`i`31zBu>%Y_kRzC4*I-}D7| z*=;6tQg9$)=j@;R`yAE{HG$v6o$)NqlCDrEf);glNhqE|`a=e7hIhH6`M9eMvQ^3|sqrB8&8%F*0;LFdXew8%G zwP!kZPBG=BwLpKdaJ}8;YT_CCLlGA%BFEQIu{Y>ZZ~Dh9*l{5}D*_N0&aJlDjp~`4 zQY<7Ft=j=S)zDAnnrTy;mErfcLrL3U9v7;NwY%XS%7+#Cu=WHBe<~T`I)KFmJIcx0 z@b2evC=T}n%>Hkqu~iWKA%<)@h6%iJLurl;gs?=iX{GQYZ$niB3!(J4(U47$-?OX;J;W<<}R@E`utEQWp^!jXI5+!VyI zZ|~dNs}rj!B{=WG<5K#tB-7}_a~Ke6Itm*Rt%f(b15+`uBpDYw+nIaT)%R{^4U@dq zSL^TQP@d1(Gy9uU@>?r9rKJY#L9YySv~80uQY^$qo$nw@C)Ytdau?L>ktyhmxs(VP zZ$7GsU(MS6R;TyhD^7#`qpfSG%^okG7qCf~m?14zWhd zt%;ylPt!Tj!=NZHFP}|X8V9iKC>{n1n6C;0>1@$WLWhHo%6Y+U5W*mZf=`e;de&9z z78_bPH@Aw}C2`Srhyo+2?y3EKj96kaC96Iy1~ASnA0+SfP^x%~95jPc(oz%_+paVo zxA+$CH-< z^S`>Q_y1w1|9QE!{(RZq@>e^hqR+oJAC-%n%9i`)33EA3sy5CL}9 zi=xRXK--Z1ddic1k2g?m99CH>7@L}{#!~GJ6}+U$Iv2ZL50Q#l2RxcOzs`Y*lo3E? zv<;BSshTRnvIZ@fj$5-}pTuJE|DJh?u2ebW=to|R^}gorNV`3bEh`L}0*~m3|iZ$*^)59UXn;Q9*7il+@;13b6~FwE-1OfjA3> zwRJi;?WS~AkEcIa-B8fD-=inC`gya>0 z!L=k=796!l&Wfd$h9NuGy`fEx#;5t!%UWNUAlP@Fx8?V&Ru0}N=FPsGGA@Olzyi{ zqWZbOg0*)Jm_Y3}s^yaza(tk_11!Y#H97GZmC~t%NH1w}ngX8ghf8w<_C53^?*GyH z0Jg$n+2}V0?2QaFux5xeIluuY<4#3_H|-s_F~9JUUZ&H}7Ga7F zR>DW%vz?^Jtp%sL!SZXF^^h3mKWUx_{g<;6FAR)zVhW6;J}4KyC!H;E)`9=>!*vdh zo!XB|vJpBT&wur~LQkoUKr&6Jj#8cLAOo1*e}LsR;kBBe!{;K{GI4qNV=sJA1WM)g ztW5q=MOkI1lQ1^>e~}f9_g{a0?&uN);t=9qUBvUOy{|u1j|EL@O0OmPs)$$$cH@A% z;#EMUx!*x1)V!7rV%`4%6a8k~SqgYEcxaI;O@h8Iu>?U4+eaqN0edojk8Msb&=WYE z`+Ui`*lU*){T{Bi9zPJ1Xd~&XFvUtsxro1^Z;Hbb$b&qdx#mtsHlYT8_KZIvF`Io` z_Q%L^r6SBMEY$(>~&-eu}~Gd-na~q)vmcNe5F#SJ9kZP*2V{ z;TYxYy2TWf$QH3B# zrYb0`8AM{Mq87P}r2O6w`!!GD8~{7)-wx`B3$M1#nd&;=9!YSJag8G_dJU^~5Q@9_LSy3=gx#nUELkkoqpLsL8u<8( zmb&{~f4}@!z4b{bNZ|^E#!}wg&bQe^p4{>F!5f2{)d*wmwyL+p&qtr^ytdb`)0+yHxN1o@|G5Dl_B zSR#-ezcwX~?ENK;w*d@7nN`jH71(?&yoxEgS&^ev#y5S)HUT(o)X2b{$&q?YZ*%P- zu-JW|iYRDAH4twiDvYiR>anFc@=2W8Nd4^r=rPrD0rENoH9Qq8Rk$wsau@$93|e{| zTO{Zbga+gF#jTx1GUoh4!58|quywf$&Xw?Ql!WEgSbfnfQJPwc7wYC;!zUx+3G5xf zfaC%CgwOGuun&e@%Zd}7f&9yy)ove29YLX{jPz*U8;8k=$XdaaWKh&MK;RvNEN?(! z*h(AI3mmECLlS-cQRa*M-U%ALCJc;(<+Oe^4Q1`b-tTuje;Sjf5zy!we0Yb&AJuH3 z(~o3off%f0;dEAf4phV=N{yEnW%cIw6B^Y!P9|^mtxL)1%SZPIf)U3>bzb6(MeI#x zk+K1y0gnhTnXp??C@mx-{;(H`k}b4U8Y2bE0qWv4>p1KN!dy4K2OQ1n_|e65v_HO`Rly}>&*8--~#1(*klBItS+N1%g;RoA@uF?`LM+>0LiiM z;#E6`^URzv2f`DNm{Lpmg-wHg+Wj_i3p--NNYU&s;Ov@?!-_6dP6I}`5HKL%&dW>6 zCHM|31dEkre1~hQw(J(s(ApRXJob}DF|0|DN@L)3*#A%C4~u%rL>@1%$Co3a=DoYm zX@%@(QMU(Ij1)9v9HjZ(y`>${H?=1p`iSp<1oD9>6}9&+Wz~nhi3AhS*SUTjL=iCa zHkpm0<1eW+R12@}FCZ=>1j7^p1GF>uEZUc=A%(lozkalHJSrVw3F zH~5>n7PboV_->=B1I74JIxe^ zx?^Df6SsUc2^xQoqo^%Z`}|y5S4~)qXgD$J6_kA^JbHe;yUFvw%8U z2Op{c6Bcwl;q7=lTZDM|27lSXVrsTU$5!OQ413FR0lA3;03T}TLCtREGS26QV&`a< zT&J(uNsCTfoGmYIwg}3PlC9cfQ#-nR6?Brnjyqg0xKRPx?|x@G$|r zcN6%tY(VFCtC2X;-3g1A!Bn^=4D*O))DK*JX}!eB0bjo)$Dw~M9^V5n+nRBYB720L zmciRW&6IrCP~w_HE(q9jBbYy`zhDIo+W?U;UP#hJJ|mloj_?%fBOd?1Rb2{e=ZtMEC!}Mcywr!KJ zfPW#|y6m+2dZ*4^9FMu+NkcvRm-@S{VU5#yZ%eB@onTidx$S3@yHN3y74Of|ZB5fG5^;EW+`dBef>4MDYz0R42 z8Td=U@hf7L!N2@ld{9RI?Ow?=LUgKeL~c2qp!hMDt=sHB7TYX75(zznr>#S~y^OI; zh4zP<8_~>4PyRbRvwYJG9TJ4Ib0+e=!t>XZ4DICizrKtFZp8|QwK>$xnPaY3fKpYJ zbUQk}z8m?r(I5T`U}sAau#6WmnT?vj%}>vT_?)*Y3SWUtqNeD97RSOjn9%l0m(D{b zJs>u5M{&y8Sg~-mU2)5(T|wnx71dO=LRY1zvhnUf7zqf;WBl#$Ga8N1>}=)kUHG`2 zTlsG7=ZR0+zAtj)E^MOfJWU#xYOH3T4Gtz01Za!?$qQt7=T` z_liCVyrU+;GtE4ZS|rYxrZ27gIM3|LYT>aL*p^atEn3mvGkUV9g;NG>?8sSH0BFbM zAGt%3b7sUF2bb+J<25!zZkd$vM^Bj9q1rgUg9)RCceaDgD{VvJ$-j>3)`~ei3?sEn z%Jal1X_4t&RA3edhA*%TRvZ2(^&?BEG9YLAMVcyTo`*$nBCpx9r?~C=yQpZW>+S#Y zN4o%>leY0}NHm+^^4lWrkf<+Dd1Zg>DaV|D*!v^?yFtOz6d4VgfwnK}vGx9oEX;rOsE%ITL;j*41As@H{DJ*= zn%utkFW=>7$ENe)`V_24=)cOG`5`iQyS0I|kWot2sGDHJv;&j!Hh*Y!*( zOGth91xT5($XyAOKRfr)xcz0Zc>5!|{`$$cc)fzK*kXz=k^F~WS=OAExXy1sQH3JC z?Ulzl#d?+06}~Ik#e#hnb&s!(Xii9mO*Fn%!s}x}76H4yH$q)yQ@6*5iEA=O2Xn^P zHp?>IgypIRPk1`!Ve1{^+$YF^-$;B@FGjq=yNvMku#M*z=f#A$9GCcx0C|gso_uN3 z5j7s$d+awgn;CnR8^TRahy`P`+dT%&F#!>{bI{n0hDxj zPU=Jj{twrFu5 zp*EKNskUj@%$CnQmPq)j^7oGp-Jh=ex0yKj{*uxPR!tI|71Qh z(|3=i&ZVueRd95@6;A!g5_WLMg4la)OL4VKkJS?O?^EtQk01{uYw944Ym;yrS z6ntC6#KaP8=#VFot19as)hYg`;i1LUSv8lOb-%$Bp&glth6P#SB=lP-UD3@`?uo;( zm1o1EL(+BJuy9c_WMZM_|nj4 zB)6CindjaZ(|7!bW4f|9Ht?|Qoly7+sZTz(de$ zzY(p|xT+xbd5g}b;|QH!pqT4J>Ud_Y?=Waj65IMkB`kT|CHR;_%<(l*h~Q1a!X~~D z8ofs@Ltzh6cz{zYjmPoh$auo}6dPCg=QDb7ojkvRV-`gY5vS451N`aGH}BTNgoVkt z*{bx9?(f@|$j%G&2{-d=Tjeq_P8c&s)wesX0`-LzfQb8nt_*7TCf@&-1;A3ab$RiH zh-qRX%_}EXT5&hEJy&F@5+jKb466=WSzfW9dnLaC~>cXnRiH<;$|Np|M}WwZv6a z0_=_(tCyw5V9MT(TC?zrPwJ^_>Lb<;u0*v){a>s;M(n?|0{UVeGW{gI&-)d)2+vaU z(w*tInSeMSNNq-QHHlg$gExgLNytwIMuE|&)DpYXq6FCTmwjq9wmq!|(A)<^#t9|g zLJLKl3AZ^vhezr7{g907FMApY)DXi%oMJXKSl@3%kTJaIZ>kg-$*IT*US!fbm^ zryv$Uqxy9dYO!Z5_V49eRN#GVAd$f6&zlJW-rFj0Sy!lf58R(<)U-db7wM>tMO9 z^+@n8H8Q^Vdm^n`9X8T7t8Tr#bzPxyBUYlsTnBIVYT@+^^;NgS+-H`1D;STi6T~Ht zv6rcFMW=kv8I?i~thJHxx^khvf1Q@xFG4z?+7(qKyq`dv0os~(-(pqtWJ)~D0Acc6K|5q`2NhbNBK+5>T?Pe zMFfAnWO78{#=d@wivM&@S~2oC_{Si)r^y*8x*QfNfm0$|ugUY9U|`uejdF#N*6EaP$Mk)4B`)F+0+KH0 znIYfWJBN7UpR8*VDd1Ve(;wT!qe_O}#?)lgKVcI|s)C`%4sw$XNCbX2a1TsSSE~s0 zEJ6#ga55~8(wp^dX6LtYPHL^z@!3U9jP<3@s4UxOeq+?(x-rE+tI3(fnrO98#u6W_ zPvT`SM$X1lRzr6r<32*<1BVVc3MeQgR3BDz6=feWgC>IOyXQp=-A7tAnafqN;+hFK z)G^P6`(WsQ9eOEe)30c5*PHv^_GfxQB&wzU$Bw-K@D0jBvFy~ku z9X>emurxQhW1+;zk`XP1kLzD!mE%-Nu~wUhaH^A8u<7pX1VNgUue|@)wLAH2v15*q2EiIrOk0y#4b=`B-l%JN8P6z0Vc%1bi{{ z!HJ1vYwd(s^>UgPpG8vLp&cWR#7ftx>M{zbSU*2&^7-ClM#mM@(|2p|+Y>G5k{s8qJ{OJc-5T-l zcSNDP$Rfsss~QoEoDf4F%-j-4v9=0R!*+V7cEE%+-5x`OQw z<-D-f<-cKMH@#sR`m-{~3?|q!(cM=0(3s2VQ(L;17Ic4FTNdNi*i) znmMZaQkkO=mU&h#A!^i2lz^tVPyg83B2cg;a3XPz+H&2=@Zh`M)Bs!obkUQwt#ZCM zQ8@e|<;1#_%kXS;4Kmtw#!p#aJn8>>!p_Pf*MXLvE{Js7-9f;Qb1p&577_oztEM~~w3Hs{Qv0^dkq zM`1}ZZqt^iU{CJim;uE~TJMoVl;K|5!y6&b{N;^~K1QYi>>@GA?b|YKEgR$v_1}ll zdDoJf!2C4a#Dk?sM!jYIA4l9(6TBrW^DA7b_)x!zRQDwo66uP%lqWx&M6r7l!#Wr6 zIIE0Au{)o4zj}N#HTw2%Bc0!ykuSbt^78vmEv*-feyW7%y>@k++SbJP#%$M9I4I_| zD<(cxtU1S(RFG=_&Avml(~yP;Ytzq>)#kv;xU`UtTX{)qnI z3-nrg%L5w8Tx(|)W?#E$G!a<}A7&Oji4xL)B27-ny_|(=KvyW|g>LPITzRm?3rSFm z5v}MEy(JM&&sE%(-p&Z8=D~?2$=B|@D>iof$(4+3C156_FbnOXe7HBf!uhKePXeL9 z>zAxItRw1V7IghKHp1x`zc2-=p)?TeA!^o1wa+v0wkJmc;Ci+w5wOgOZA!qjZG?b7 z@29PtXUS+3;2@Rp8_05*16tN`=f^QP1FuGCJ*hdGFfY5W4S3b8{eCZvsA_o3#%25o ziKG{w5;Ke1up+GDnMS@LUn=MY$j%g|K!$}OPrb0#d-3PRCMslgTZQ&!$Rhb7(ktb~ z@?6hoo^y9E9TPnvJ)iexdAhUG!DFj)49^!q`v@qAU#G!4I%u02jpA!1+Oq~9`B^j8 zj&P0JLQ6_LMY(!$LFdskd)AB3^PnK28ru4vp{j(R2nN!c>_@Q(DU->MI%9+yIl}Lc zqG=(irz06sjsnq~Qem@q^SY~j#s+`pFAcKOk>-loB+bLmw%#U6qp36>k8Y!w9YYsB zlBCO|FfMqu#xbsABP{}VFgq$0U9J>v5KTTH$K*$@TMMhUk41E!J9D$p`r;}1*bNm^ z<4UC+x-)f_>7V+ZRRqmC#)PURL~K=e-Wb6# zGU*jSm#tR&K5fj%{Zb23n7`9|%z5g711@OInv?nLtM2&)jDMla2mMuhGW%NZh5_QS zZY+=A6&AhPB%)rh!9PbM+j1PFb9`vGsm$Qq3(}<98vc#T|m0uNy0c zt^~5zfD?mc*f&y@9=2{KuJQMh^&*V1NDNyzQmFhgvs|$}$g49nGOw?3d3UnE^$`D4 zr08QUetKQ8>$G`6b7k98^C>n`r2+=%`i9YaJ{eS$ronb%7VuBCD+?=F5{G+wBm z_b?V<36X;ZD@D&=3Np+dh`ic=LDvkX;`-USy5R97drii;&fk2tYiO$5UuDiUcGS3& z^KyE!GEL!J$@`FVWh@|8L92;LUWKw;!f`+KjOSQgg))%MaoMY?e^vAq{6TlDUXDa| zgI-;1Pe(*@cL&bgWhzkW_IxmAqB2A1hnR{)18?}n+xK7aTfbEHKO=7*qiAnE54fb- z%AKOK!(k}Z)!`jwaO=xtu3*99Id|Z((7=8Ts#TJ#d?Yx$`|0n))2_=%JY&=>{>zd-mfEbA&RZaX~F4Ukc2u#u)A#0Ae$pjnsfy zz_`#;M(|!Z?YRj-=Rk`Gip+cA5ez-S$tJ=#Y3svIvfm!!5R6mQ(36#>5If%SBD5P{ zSFOx(9;a2zvZ9}9oT6n#1xNL&n_+?&jNq z{ig(aUwvg`?Nk_vF_qRH6wy6*beF7sb^10ibq8DXNPJJ&PwSfQYPdKKEzQINx7{EtopPKK{a~qaQ2Q+-R%#f+Wx1XNgMU(0VUEl{VAd^l zp-0d?#+&%k)TTS~v(%t5gg^S+^5?r^`iMd11-6sf%o-6RP_mRJT4Y|nQau3#XGcxR zKX%5{G)rM{|CFdz_vL$Cl6NwQ%LCaWO((^t91vtYqV5?aIJh*a_d^3VEKlJE)!xyZ zAx)*ML$SOppV+#4bDiNfuyFvdVp5S^zr?sONDerd?^YfQR`})v>wNHE(4MRUeZi7FwF`0K~YhnzY zt~z);x(F+KErtXA-FNQcST}utpSBgi`pd6}flA(Ab3ws>lHn_3Qf!Yt&G5QB*>kf< zU~SIDlEx*MKVm<1a&aPO!1px2r+enQ#zJoP_Xa0UHmK%`b-{BBkJHq39zH2{C!j9% zSI6Bh>+JhGgRXUQ{4Xywm&;9`ViPZ_kf}V!Vm*zn>jokq$V#!7KAlK)B?3FxK?prZ zk8K!&HH>KlBxrpG;GL-tBg+{+%^Gg>h>=jG34G4w-c>)*`_WWbNTElP6#Sr2RKf)` z==E4Vl}20$SB05<{3?D_Ji+Qmw}#B|58RAA66G?lvR$4#C2J&O@nXnp$xIjXL2s9m zFqWoDZflmzi-+{h8=8T`M`acG2a#kYVR4Kwd8{!rzz?Am^TY8YydeIQi07ESS?zC| ztUpw^nsWGDg&gGF+jH7Ih?O2BgBUt((k2z<#Z=^C#2thrm48&QprexnPEn{!Sv!u? zYzH`DG-z2H%U~rZmvbhun2Ff)JiEV*r(`WAZ#>TEDHB;?hr}T+vDO1!WazOO7cuJ5Gm9ENM*aEnLR(qRB4mF*4LxYK=H7hX2o$3uX$+zzF=9Fk zW|prmP<9)i^R2z3U_12RZZ8Yb|LnbA5w3k=>Lb1KGil@4hEBzx0f(BbqiiEcSmk)+ z!Qz8(b#PBnT3ol8j;J(Bzbwf)pE9-c3ob_y{gkwNXD9ek>0&?qoFg$x3Po;(1p?mv ziC#6viR_?m2mO64ZfKPl)Y3Mj6$XuTBGdc&o0sJ`xQIZp!Mc}SL{|0t14SHN5c^<# zEFv*Be6vM1w!eQf@#(^xtK>7%qaR+Zc-*o<9+?ywZqkIYG?6wj))0Ejp4beOx18q3 zTurLDxm(3Zu5PPi)Vsw2OSH`6mkN=gL2|K})RSNF+cjD77}NE$`Bd?_*PBJb;Rso& z+rMXI3uoc>UOL}PCZ6uk(C4O+YIl2FRw z+Y3THmD~Q^dVbIong}vE4GlaNX69jLZ&k&!kuOWfzSAvWN4AZ`o)2%>k@p)CPB*c> zR6Xzc%6-4#xUoVs78C)9hP2ahOR-kDgxf?UHyoXwCikyJox(#j52THHzJEXdEV_UD zUy1-unfD#iri>4{9@lMhSKn22_?g52{@^rgA!*m?{+Md2cH zBu?PLCNhHVWp{UXufwdeI{BPq!B%Ce>PLu>=du7pmvg2pRC6WA0p0KYNT4ofUuW%w z^ec4c_26#pg2U9s6~PV5Qq4 z`EB+W{_w*RLyfxB46)x(b*pj2Zj!S+2s844PgjZXL>PkXmOl>ogcQ5--ebZz$h8=T zlzVExGF~q#i(C<{BVCD{$Vi_2&E~wc(NlcOLn3Gc%e-%iV@yluuzT1r=nes5=3rMF zN47W`{#@r$YLlRq0Dk^;UC(h8*^?|a`6p^RlDERr6?qX^Br6y^kP~f&rgCMUhCgkj zNkktf$31}B;4uuO3ra`B!V2f~(FhoMXw~yw$n=>D}IS!@-gpGx55{*sCISUC;- zrF=k`M7{kPp)o>TvnPWa7Nc+kRBRgk_OLF_r`3xT<+#AdnoWjl(C#_b`qtOYm^CG! zW~_ArITkNM)!k3BgI>GpYW>Nq)xYGfTS+t8UK6}ytfxfqORMfrZguC3$b_u-F|z08 zQGagqm*2kXX{tmqSZN`!L0AzLTA$bj8qfkotZ!_$+hP)F@-mNC*KGoHMh=l0F$Xi9 zNxzV#6-S&9xkUK7q~L(tTsAjqoj9zQz01ew;JYS^vtde5AAgq=8N-15a|33{*to)~ z?=Rzy2G{QLrDGYHDg^R{GotDzQ}d;_rMd#2H8shb$Ve*L@>kovY%%p4!V7THI|z65 zELbjp7sOc)t9b3v=dUt}kz`kAa07-Y1C!eGJN8o_s*kPg-yH0=Di_^cmR(Fw7D+#Z zpqNKQHil1$j<_!uMRUKMqXZ#W-INbdZ#i1%PsYRL?NG(MjM6MaYuWQr3cZaJ?1z6@EZ z-PRiqa(+0C)i@eRzv<4H3av>O?8iw$=!|IL$Im}75@H{8qCc_S8p2M(E?z3d z<^T;vU-8GsXxf-q-^4|d(kM!>FE_>BQQxYTQXBV*2}ZD;@BWb^8Db!s%`PP6UwMs% zM3@))egxrte%I--qgSd;a2RgUSta|qP}q8QNkohxte@d?BBjzZ=Qz+NsCtNjGoUo<|+bOY1ifoKHIYRFp!?Zn~}o;-0MZ~H0>Og-go>AvGfGsshc z){AB;k1)Y1nKU^ru~ysaIeqRSKHeM8N2RM?ls|5Fo|Pv(PTpeW_uo4u>3o2xiw6t* z_;im{E6Zro&V<>!TdU}e@E)8&`n0Z=@4McVI~N*0#LZ)^ccQ0(Os+Ul zm*c{Ja`qdl6NN^*K5r~lU3Z!r8YdH)RW?;d9vl@SNKgcwNyHJn9(*3oqq~G5)OP4=W=yhDRxHN)C@Wm=mqx4q- zc&-THUP!kK2H0}u9flX3Jim0bn%_WQ<{5LJoVes;?v;*QwhOL92E4^+a7<)OgilgD zCO<5DH^fcnS%%7w>~|Gj%kK>ufB7a=p^{+YdtmqW!IP4S3_fSZK>~{M4MG}+y`(m* ztN#AFHkW8CnR4*!alV-pbh{IrLxhjMR+$EVp-F?2sB*Qy=SVeq^c$`iI?*>pfB#s? zqE}aX?2E+h&8Ba%X~Ci+OR41>9L6S0oSv|_QH|Ta19HeRQi4a&0K3ti( zUfo~39AvB-nss)Z2>FS;{JJ=7iUhm3zWk`YGo<7Lbt+ty+Z`|JChc_G&<~6 zXr1S|>IM8)X4*TXaT|^1`TQ)UipmzsTT-oY?SoPLxcneh3cMxHmEUrqkxxlTt)9j78${ zyy4<)et$QY9>-Ze8^>MtO+`mZM%>Qb!FLz4uRPb@;vh6taV{V2o zaUsvgQU$AqOQPA>^e(Jz80Lit3^I@>#NaTN(%(CD1(_)?Es@I0%>kfV^~ z!PDNe5f!x%?yoAM=DhkL&H4AtDQ+VrnqzB%o&j&koA5n4yeMbCa(G#Rg)&t4e)3qK zBU-P9XQG%dsQ~u%!{dFPXipOsDYvomxCGLSv-74J_xkL#C>k~XUub@$vDi@j^fG){ z_$}aZJuhdmr@AI^=S}5c7e-kzZ)nYi>*k#Cl5nsfXox3H{pr@RR|4KqDYfJ!j&@9W zR-uAw5Se0Aaq~8F+|j&|2BC9J(MwaE;nw}i8atT;bCOwu23xLYx9HlJIvl8%1nH4E zb8s?*u-8`}lyN3X8NQj-b57{p@dGDJ8Fl3JkSwtlOjDZ6pB>kI6U*sS|2}^3OGVJ3 z@^w~q1An&8)nePvsfOC6cTca6=S*MKEHvi*Zk@^D6vNro(qXhv#dQv3uA30b$Hq`O;~d2DOG7HH6=PCRVS^;@3{b!!nz5_laO660zRFs2`{=6)ou;I^eItJ`m5O z5TVFz8;brzLv{P$`FKfRAj#wg`7)gk4>1PX;=J6MwdB+2Kkpe~^jLUmJ8s2b9-w`l zJ?PoPAD#RY7K4qMRJLjRr7|t}QA{Q1L#+MP>{gJ*IJG{aq&M}M zf)OJj6vUCUq}1vy9dXWGFA{#!V^SYl(VfrU4t>_3XEuI7M~C>=g{r>N#xK_LHGOJ) zDXXwN*&Ve>KsnycsjN%=T8@MQ+q(Sir=MNw%VlQrvmb9X1l}>@mCh{Jl^oi?JW}n~ z5+KHJz{D#ZTc&kapAVmtLusAN202}S`A*^jnm@i8E43AJx7mN0+**YN<$~OwAW8mJ zVS#8$k&f$9IUOZcAtpivviqIn8KuLQ9-Q9OUHg@!J`FSl5F89cvDja`lz0CXl5Qug zusI$WbRrWFKcOM5yUDKlE$E-wgXn+fU6v(N%yEs<=V)Dq#T}*aEJ3nPd}V%Na6a~I z%pxM;&g*v^IOwt1s-tFfVLCJc5zI(YvJaP4^?m9hS5B4M(54p8Cc>a&m4Pu5Ej1N^ zhTLW9nch979u6VMqQ5$~_Hn(E4AfXtQ_|qe@G#%Rq#Y~iP1WNO=>9N&u&!(tc+3S2 zJItfoEhC~hu|@&ju#&DMZ!QikKlLqUTLLRT_Hcw*#aVyzI3*U64khgr4;Xp<^pFbu z_HM|WGFow<6STK61sf{28L7Jn)*`UqiAs%$OG(q1^}i``38b46)0S}@gHfA)&0B{f zgq1J8yU_t%LC3xOpXnKAnFs9NGJ7 zm6y*VVPoH27r4xjN4iVX)(ImW*~1DebV<;}O2m1taB`*&-#zr@9Z8l*VW9;U`V2Dp z^l3o}Lax%q1$X{l1HC7dr~2{oNpU*+p@^YNl2w^J z#!dZ!w{m@m27`el?D)k8__bE6+Rs=SJB*E&tT{BajOy}`cWjEK?(G94S*$bN2aF5X z0PRjB#_{dM8Hkm9pzdNbx#kO-$eW~6wNZ0XD^d)<-IX9k(+OlQ~iSAKCc;$cg90YuuHj>FO^v*BD|?rThFLE7T2p*~E(KpzkO~^*#aDu?HU$5s66i~R z58c+smVp-ONyHM%`Em1D4n>l7`u|8a@~FBvw2HQU%AQb6G;mISuq5gC|9(wX!D%atp~0Qud>yVXP6Ua; zX@0Un*7;}0hoE4g+d9hv%lVyac&w`l=D*c&$>YLKFw`6X3!cC zE0zlsKz0~cr~!IAI9=TCLK4jnvb03a=|;MMH!YC4Vd2A$KZf|_;wg-sK84?nR*T~_ zmzkx*H3>GA39LiKW1BB4jVc@oBnNC3MSfVZ;zvnJ3wp>uwBSH~e)^j6+4PH!VW( z4f2F2q?1{5IKe=M`*`tCZ#-Pyyp{BaTJWnLG>#}HqKq0-<_#EE<3cZmq%gN}Pt0bt zMuAv<{gBUN4P9zN1}V-mpUp`^9IGt8m|p|;n17QC^+cEusFw^?ra2lIxl z{aHQ+iD7V8&9zv`A<4pRb`OYM>GOjPjOOq*>!W7}OKrF~tX*NuV43dsvizHE$VlzA6rLZ!e8ndl zvzx1)x$Ju?Hca~q^lKv)n}m$KKL=afY62mYIj00#GvSs{bYqS$i}RN)xIHK}_Of`G z(5$T*`GK>Ly9bQU6$nmBr2{T?8x{6|X>P>?AiMDMrU7o8p;E=@*>&wn<gKA8M^r1vb5J;2~WD54NOMlrDh*2@lQYG^^>x86fMovL!lVO z@eMqT9_aE{R)`QzF-UtX{gkrYT%FX!SByvCX#J~IQvLaYr}#aqB&sGgqiHd8Vt1o? zfAgJYnyU#mSOKQkm>j$7kVW$OTTAhZcG&)Y5d+rP4aT(q&WoL=$s@Ob;8wL*Ine`# z4p?44$pf@pUSs@2Q?o|qngE#|{fSvu*2Tf1Lb8Z8yY&NZHNOEMMDmLme2|( zq+1@efn~h_Tw32`D|4~Yu4sqzE;;MAYt~a@_p^l-;5Q+;N@~U89ldh;{)3^piY$mg z!TsdU7TK$>1I%DMjKO_!{rj{<1JndgW#da$5}**y9yd<5qK<@;To%;0Ti{I#5oqe|S-*TiBf=i;LGp-6dz zG~MVXob~o1w!5XP84NU3<{EL*xL;9Y_hxga=>O$~5@G?P64BA~CxRJrm2IX$p26nSG*}?s4ys{02nUQ7fLn1tXiyb zIb3Q9kwf?1qJpOhD@&QSIZ3xs8&xlE227kU(BY@&`325ngdb9X&^wt5#;*(TZ-A);^pCG#@!NdczaUD<6t3o&384`m4A|-&72jJR}Pg6RxXdJEWFwnYTmlt zHx7Ri7Z5BRA28vssTv7H`K6|BSJY2c5{k{%y2s0$G>v=-Sfot0Uht*%Gjs6sr!KX< z=H)y$`MsBfEpMMONJmlA9k?JgU0*CyOQqsaWA2z{h*SLJ8n*6#f9$I?{lHiz}VkK?Q|} zR(;3!)$jg#N7FDzHdH2&M$&M&+ zg1MKZ_Q|#{sf#r^INn+<+`!|RUoCCu3t+ry#Zav}*V65hXgt+avo zKcueXvdFe&ZZKTLe^M`r->o&DU%fKmyTNTF%~aivsAbF5mYnEJ5-8KK4@D1!1wB6K z*d`klOT@gAqSSxo53PTZKxzU**Ac|jP087N{OzGn_kf_1^amh!CiFyGXzqWB^0s|^ zkISbUVF-p2`yH4BV}a6vPqS%*|LA5ivr{od8&{^;3brK3DXe52G zD8oJJLaqv%!Gf46m_Mm+CE);KnSsG$O4I@kZ1}qC6oUq^W%oE3m%aVmTLPYx{7WE@ zEkpQEq+Y&RZB+N>28#&116(Tla&Nz-8gk-w76biL2JBd@U=ilB6UQ=h87z;Ee%$$%$E0raMoN|*18;%YQEXC=y( zb>e;r#%fvw*nWJdei$osJnKBYS%i{<3Mm zgxYq)8kGKABZB`GdiL+tz+-X44pS~=vlMJJ47`GW9EGA5#4{(XQR~d$+pANLpmE{( zVP^8fV%d4Kz}n`>SZ-F-b6ZTyuW4c3$ZbUBX8?ny1UxKUD{lRdyZ|0Wya@CI%@RI6 z7F?j0gSnYMXG`uR>gVv|=MC&S*w(%$af0`_K56ib5i z`<+Hk2cc*!YWi(CV7^|1$jt_wm8y?XelK&nl{OsIwFC!R9FYgP+0}k0k~6~M7D+2w zGyeG#0cc4h-NfMa8PBnwES^tzEu>#lKtohe&a*8~NaUNL^IiLRG$#6N^!$$#7kJm4vLC;Z6YRi+iQ?%sz?*juByULbIBi2v-F8hQ;zz zLl`|k&13+2P9gxHaj|f*7Wh*akr6vG(bFPmn&~WvkZOE}zxmZ(zru{knhIw|jG!4_ zoFZG%##jo_fj&8v+i@YbCFx6Y!wpL+P#OqAhsQ_h#`d9y6hLIVzpd4x5|Y%CJQNE1 zi7`w9!$>^kN7&QMgEXT7U;3Dz(EMN+rn1QERqn4`0DFUT08>K?IG7ys-w*dp2W3Q; zPurEJzT>xf`TJ!6Ia}r-3Q52mfAx%I^q5|C#r#gGu zW$IkWH>I@lyQ`k3eo8FZx4z~}j^qEvrwki1_J8`zV3^Mld=nqZ|H;SXHlhD+Ep<^h zdWLIcPT*o@$wPRjKw5_ln1(i!f8c_|!3!8bjUYOWH#ukg=M=vSh3lqk_|^c;EfE;( zcs56B{pXP-o*bm>Y(mmXB{?O=5UDOPvtRpz4?Ainw4$f~%~~Ec0DzwXhAg{eL2 z>dLRrhH4%$nJexYk%Htv|Avc;%OY!dT$p$Q1jApNY|o#7rXkgS`wOQL#9A;$NP8b$ zAMm2u*Ov7Lr=Zbe!!77FSpS00Ae|zKpTvsHZm-!?2&|vLtFzNB(JQhk+7dL#-0Gx=R zL|bP++78X&nqevkB!`#{bl{Hj+g_E2E# zCuo>&hw3(Pn*wUWdJ~1k_vGD3m+;ELysMKiF`n^yx0K!?+VN7OPZ)fH;y23H&2{fv zEig_Qfe*3Mi+4#@T;Oc!dVXW^BAV*XI$4^v>eg*6I<}m!qJE2F30hVoj_K{0#X`>r zWj#}f!Xp&EOl4BRxwiOi+&0&diZAS2F=YKaLFE4KICNU}{*+)*ee^dU$C4hzcDczWYE7VUZ=`Bm(OcOB4IbJWJe@_0#pwcLHBOduswfKf_;z z-4EZM^2U;(-(tfBA@?8)Gk2LAQ`7+M3o6ua1RB2EUM*?pzKj4(;6XzeO^`Mm{*s;% zeXmB_jaTO3)>Gmi??`5fsQvF=^)Dc*eLIZD_o!DG9*(-w<2&r9MqlEHQAVD;IXCqU z4u%If@rFg8CO6%xZxuQENT0W@dOp3;EZ2Q(UUeDtG#9m(_Lsu}yQJk2uns!V7j$54 zk%yy@^zWrD+t1c9WfyKao0(;n-T=R5GYyn)2Ngj^yGN-0dNN;nvlv8sutSoJ>})X`HwF3y3sM8 zUJm}gf&QcJ(zr4M%=tJ-IMZR~aCQusj{D` zj;y)WqA!*&?MM~!=h03f_J%sqI`y~jsZcRYlhBu;*67<1)?fdM1bF~GXw$l&Aw9_H z-L8WEXkdq{)16(Y+l#J67q|Uneq|u|wlEFTwHQJRWD3PO2u2n7GXV)l8G!X0d{>jh zrV5*~=T>#i@M+S;LiN|h0bdIkxr4hgA+U4R&tRwl(ifEV@zMPY%KrkUILWsAykT}i?J+XxU$a82WjA34~S za|$b$5b(l5zj0BVJrp)7kY$7MZq}qfuGMQzLA|)3wAU&2VjT-T-(Uj|-I<}wv(J+g z`U2us0G525`&cGO3_w0=Z=MVB@Mv|#yMAx~`c>263EUQQ)wokaWxuAnn z(4+XWKFwTOt}fvu1?0JqgF~<2IR6a@ie7w;-PlvK2e}ETX|BEi`Y5g->H^n=OL)H=ixBL@EBTxfH!-lrh>+sngeDCI%~!L3 z!;}AdY!qRr6zHy@GJqPCLwG&wEX0Be{gc6%5wigSc~nW@@d-o0v6to!A7!*YQ3P(U zqs(SvpEYNzGR));0NHt~5b=PDxCaOvWGeJiMD<#K3zaPTN`b5);$Oy+!*3lmz@j8R zz&{A&maF`;#8v}E)Xk)ZA6{}yJcp~Uqa7D=_9i3B0~4yJ?YXax-7Cy`YjC46W=pU8 zL+bfK0DgT6m$!@l*jp@H0AfY?9-z0WeFI(^-X6&hJ|CuZ!i!BR+BYxJ!~EuA_CJN( z1?&MKszW2g?OREt{xh+4d2Sb`n9Mr>XBWFw)ifdTg?WEY8!ICtW7rBTgh^-;1dx-x z_A1LI3_b2xyI&qRUoN9ROP!@2 zrX!1v^p#MQ51A1pl13vzG|r+-@8;6u#S>JUbDu_ue;@0G>dl>U984 zOC|{3ca(`iW8%~Phi#^&RXkO27{?{XVB)icI}qR<(Z@V>9LOPf^)GJ6WB;5?r)?f| z8fi04-XX^&)CwFE8S6s#WQ9{s`NO>9zv8V=$rlA`QECssMpXp@%wj-g z{FHVe#wYV1%x|K1;|Vm!IVSc|AK*wc{%1Q~`e8+UhVv<}qf5=euy{tIt^ZodE2p znqP^TcZ~b=77a5KB?sD4+sBkXi^lO@f7x)MNO(ev6b@AHnmmZk1!}@q;P-~L9$(%( z@!E(aSH~h4Fjwl*)i|k5f2gQnue*t%Q)8lFMkUKV+~2Wa4=EegRwdFRFTSoe+J3>R z)>RJdUBcAYYU_=KD_lN*->}|Q=TbOd3uxA#C!o2U;HIqu|5;hOmV_GP@$#guT>!fg=X~@$QkQ#w4G0! z-AW)u*^srjyyjZ}60j_xK3_s1c{qtNde3P-8FW3XwZUo>jynj`1u|JzXJNCQXwUDT z)fMJf7XAu_PQ%*WG9)HksXShA&cLoJGBwFE*|AdC9D$*v#a)sY>EP zD*t@`&|cPnwt~TrM49}2*L`u)gPE=p{kBt8r0%sS(?I7)W_XZ06JW8CcgxDqhi~N! zun5mQ_QplmNUS>B+eMgv+P*bae*4lRmZNGJ1BUw4w@sJBqRfYn2;cl*+NlmOv^xh# zz*KQDq4=JIx3@v*c>o_bWN*5hptPg}cKbM+AN?rvd^G_eV-K@k8TCG)pvp{?u*JERbako`=dSM96t|5yP3HX2&N8$YkU{{CNQld|PZNn(A!!sQl#0{W9N z047!k0E@p36+iIxb zf9HSyue75H>6!=NhPLHX9c89hJjg8*CM*tgVejfW@JxH5KSGT)8Jn}MGQ!32LFK4t+N8)Kj`k+E#_j@La~l$f^;qV01iPNPO4}BBhg`Tjo-kAFr$n| zh=q;IerCz?QrP-h^$P2WDojqS&2>eBfvuk29q@AeQbK)6Fp<7N{tBo~Ha_R~JFz%5 zVn{sg0b&HDAa;w}ty+rTz3FInf3Tt0pY`ZD*7=sEy#tq9f9eAvvQmLC;qy<`Z&WXh zWwT7lHgLvW(_4EkKUJvx2r}O77B>kpHbu=0I(H<7rUZYZYaMTD5L9gQE_}qw_C0?K zoSQg;-L@md54>Qr(sTCQLiy1a?Qzc}arY0)I@g$eU!5DSM-$ukbbTXe2{30N4i~wd z+v=~b6uAhu?mTQ=&gEPm=}r{Jah5u5;_r2^j&A>bbo~8eQ=-w03w6@`XD$H1bf7Zy zSq6tWuLb0+!M(Kb2j#xn(O>5IP2@(n{&Zj_>Pg62LVdXDt8|*#MWBGedtJXq^SI9O zDcPTF8tzdUZ7UZV39tIol1Y;JT5>GV>p7AJcL&?Y(b8{jdeeO=$@zXU4QXJAo!B#? zJ~L#N+OdW^A58Xr#UTcXTo_qeKT+ivN)H|SI5T7LShBLYK`lIYtKw;rrw0Dwf^HLa zlVMom_?pdownGutBIlY@db)!qLu7I8qGclK$IG7!9Y02T67y(ApGRr3x@dT)-qes< zTDzz(+SgKWOuq2ZYcAYxovXX)RzSqE__y&D+E`nSMBNOA2s-=Wzqm2|)mc50LxTLt zfMPZIE!}%r%5eJU)2Ywx)+lB~hO%7!V)gIw6ZQ2BSQ%zF?7o+cmb$$b$7RMo8NWqd z%*X)S6dL6HFSJ;(XP)|?kw+|p@=tQ7DJ+ln)6q!um z#Q|ZW==R6;Fx*{$Y|HAv0)Ge6C90vqFQZ-QPyzjnL=pdFjd6_#cECs3gAH#AEisV4 zVtVPstd;04eSlVJQ7U`(6=XYOx|lu& z3Pt~grAt^q(A2^9%H;3w4HOJAd8#89z0@Ln@ZlH17{U4hKCtia4qqq5NQeO{}c-WlOa}rBUO#juBv5k+;2M{HN3IDIFfFVevO^!@($JM;UZbxnK zOz;{LVh45!2(*LJ*QX^}#x5VdN{oZU7^jxv*Z(zk-+gj~$7E$5hySZ^*zHa%k6iB0lXQisD==M1X07E_KL|z zXrqZ${bAjU{N=5uN5p^w2{MIGi8g~7cY`i0b>72^2gO1}OdLuOsJ;QZCH&nUNz5^~ zfhz!(75e~npcC?1IX{=1eix1SN{?!a1mXds6RBpW`6RR3S%TKN@%;~P452R`fzM1| zRiHKTP%r7cQGQPVg!|8dWAXRHtN(Th2^goPu+ipVvyF>y0h_`_b6g8%uhSckFPN-)Z;^|4x6f0U4 zG-B`(x`>S{jV-qbHWBCH}SyNf-T=NJKg6a+k)C^P$9VvPf31b8) z5*`uc8ba29TEZxlDhJBjbrNO(Jp{uruMpIzlH0;)+B9}7K6`L4+O%?(0R0QO;Bb?D zPm~P7wtufDhWKtlIJ0`+?$_c$WFvFOb+jrTyY=1r;^}to{NL}z@A=yN0H;r^2?1%- zws${;M^v!Z^Vg+8#EgoAs58U&{x!)tGma$40(lD{6Pz$fN&}6zXTLv1SByzO8P1vjdpx5-)-}ZS4Rb9 za2SLZ^ZB6mo)|h3sug|=`&%%A7^(2qiw!7jLE)2P6A}ge=q&$u_vrKQ=hxAfp%Hyv zY$s}nk;jI9rs%8~SM~k!<@yK1hC=c$r}G3pio?C2337#{kZ)KULekf;OOb7FKkcQC^@wOcZV+Yfcn^WKkD&k7uqo;f+l(C5BSgBp5K^{h?V(00@B z5o_$8x|7ymZB0K%zQ!E}0v~O_^`Rlm7oXC=7qwM6ftO>Jt5%k4f+F_~Mi8@o8GFu%`P^8W-F4waCVT298&~nEv-6<6& z?|oK`IvvHnr5Q+#V*7>mfB1UqfGU@+Z<==0Ra)DrBgz>OQfW`yBq12?(Ptj z*np&Tw{&+m?}hjAobx=-{e6FJ*fH14tTk&^{uVl?02c~wx-fb#3T{0W87&*Gbj^$bvN`O<&n|!#E?bg9=LfU6r(1SV| z@V5-7U-M-LM2)^g#Eu+wuu3~r$mE5x0#a;otzVhCu7uF+0718PnD=v0I(hJ~%Ae}f zp$m(AkF7rIe9COWOZz%xq(3{>6e>VQ$>gTazR*RlPbV!5<+w(d6$V*P{3vr(Sj!9Q zH|TMQ8NG-ardI)_-XpTXM;4WSS~aV3dvW4WR;KhZ(9BBX2kRY8rgKIw{PFdd~iMP#M=hqP4QqMSzVZ52|`wEC2VLv z2;i-J2Y627IcI~D!{rPCe^bCTM*BD%Ni7O8@(b>CVGK|#wR8-IAt8rlt}Oq390s#l zn=jn6cWBR@4i_1!W-t}dbVmSg$fp>_UA&g=eD{;~$s_UG#q_%@8mOHyM#pGVz_p27 zM#F!Aul#ZgV9sJu86ox`P-_#JSi+Mk_o`GT`UT z{`oR#l7L}eUz7l}O<_iI3*_7bQb`ms5$kbW&t-?lxy#o7y7Hg&+dNFUj z1kEAyX0sOl=E%Rux?~1YIjj!CI{(xRs1cAHd(BupZD+w$OqnPDvrASVTFME~FgBQ( znOS5NN@jJbbeOIOp}_75!=E$x`}w4%s09)Fw$dyK3=_S#EXpo|2F?2VI`c6plMa-{ zua-0tz&M6Rz{DWKqLF!l0XlMe^AuMvQ|v2Fa`&?lv2B1% zaX4B@6ar{O^(#pb@)hV{SYr$UDdI<v9SmX; zuJSY-OqBpKuQ=`j51O7Kll_*QOZ^e*^D-RcdT%oCKxhg=0c#T7evAiepcOM{1?mfk ztd8tuPB!8d477vc77BJ9`hRq<|L7Gv6c}CgUFhtu-AnczwjPZYfoWv%#gXrG9TMln47Ci*+_ zhimUBTSI*Fi{b;zsEW~*)m5a7z!&W7DiXed0;8vEGGhkEE1hS6TWuK7>R;!-KG4~j zuFCmtAgu_ReE}mpO6W=RRYK=1`yYa2sv}UoXc)5Or%X6N z#IUAWwvC@^9uH?gI*~R6jnYthjsCy8Na4;)*=g>uOfs z&c^+FAE3j$pTR-9nbqq5_3$izfy!h_|7RDj41cC0@RD-rKbewJ#6^p_!q+I7Q~AGL z>`YIWkRy}R$J_F!|Nk?6=upUbbP?a7IxvGB`Pt2(AeF-3--b{ufx)d0O=@1#;G3FO zjj#Vq1cU&y(_iUxy9V|qFjkQLYb$D>!Q2d5Q7zS}|HDLxE+8Sv9I~~;1ntbfeh=%T zqnULXbe{=}y6_b7`txN-5aLVuC1IvIx3;o{BNSA{r%sra0^lMDX^; z?<8yC|E%M8qzTIBud*4qg9`Sn|Lp(oVw6a5RJt+8Kl?xyhmqv4ESK?7=7}Qx!~dqp zf8sfa(_#|bze)N;LJ%7a04XQ}&qnb&?W=2CU?`1>RcWTK98yqFS0XekMpXVfHlBxe za4X}D2ZUbq7nVrdxrey*H5KBX@ZI7T3$FQ4QUsNKX>KbTfHOU1<>zU2?lyPP^0kEo zI$%ak&O}WOAAn~m3eUUGA1e%JWGgDgRro_U_Ym*jK9d%6#ofQ(1lB?}jB)gr#lJ0> zxq!VN`DcIrlG%T~V3-3$$1n$i#U=l+2 z_}6vy?`L_62!z1!`<5vG>%ji|^R__XNVPe3*S7xqvHv16DQ585rv=33%e;WkXTn&SE**MpRTUq-!u95 z^Fb&uC3-13J;P1ooAC>~PMgz*gLg*iM|A&nPFcEP0?c5blWKISCBNv~Z@O!i)T9}>SR$WdYHy@v}H@eC$GV!e@-yAJfM!kE^Z1#Uy zfncEbYZy1Dj`1@HcPeY*fB6Qm)M082x$I2odBbM$f1i_o769P}rhkM^Gm!V+_q`Sg z_}m!lt2(2?pQ-*e<3AHe2ll6_L&EOg=lfsm2T&;7b;)lol{1qtKveW9lloG5ny$Fe z`X2p~hE4hZV^DH{-&nDvqCi-<{1O3X%wNn&&E;FxJ%ayA$J%i6a|JMaaJ}oy{ zKqwaKMcdu+6kARHO_=P}woR+)tMOme>Hn65e{a398De3iFI3~Igs|(Ve@2Fm5CqK$ z3m2EHdED|}9Qx1m{JCH(4fC=*dwpCy{49B6SKREgwKs`HHMJi`8)Mm1PHnIv=&DbP z?C)hlx5omq$7VUQ0%s{cX|fbC7kEE=cad|F=2qn1tu4u8ok{5zeoMIFGyih+E`Yxx zE21DWk-5Iuluo_o1K;xT2sTFpcjtwK-S|`t_d$6<)xK(?vfRjMI7t{432Rh41;Nmm zGETh0aVP^ee<@yoXrST6Ls5jH-Kb2IKQ^%|R;YNgT?&69Pj-`yUfb(`dod~5jP z-0k4Ra3bxx>oV@L^N`hjgfi~@0;bRP)QwB$dQ6I7ZFs}%W3DzhUAD?&H)G4H_0kJ_ ztS0s>i^2@>cAvP=t%MXSbEP^Wo;O_*AxDN(Q{Q_0a^*FC<#$UkK^rjons;%xp8j%U z?8c7dG|3CJiW7~$`zG>xY~HS;_yX)=qdfJlalxb6l){PbZR5`a2LkaRX*^!pj+WL8 z3hoyZn&mpZTpC^%IoKq4(j8u&{9-_JsTH9f;Q%=9aWeGN0f7Kz2GPXq5w1a2?)Wfa!jv&6$_MjHNkB@%%s&PwZHk zc&>EzeKY<{sHMwSv?M@EAnO%1vA{F?)_W;ar@fcObgzInSgU`1VJz85E0AWEuIrfu z*2;9de;wy|z4oq-IDXM55OBxl^yj~Sc#lbYJifb(@&c_7SDGA&2xoFn#A#oE*GMX7 z+GjyamhFaf*}Emq{zwNVYkal5W{08m@}877wGOEmMbh|CEUYN+P_~)))cR?q!Va#I z|LceW$^vkr*EP*+krK48{Lc*b?+=Hk!3Rf0DuRnsKMUzvlWy)VnP=TQ?c(kagmzp9 zdL!tE+|M;biHGB3z;z{Q!Yn$62>c-?P}Dif0eNw^omR|QVtj;H;CIFEe*Q*=dCm1h9ld!xP#a7WX}*pF8ha)cELgwhQ5V-&Z=?v5_@37cCgtU{u+s|P zhQ~EG&ciqDavEKGFFK9--Ykabo39h=!6~`C zs@a*Tw|?xBDxc)qw>;x)*PyW{M#{66j#CkMcou|tGKQ@~NN4?|%^W3Kv$+a-99C0z zdH1YO)TVxp>i-`BZ!HL1%6I}_?C?nlr9Tvq2VQk5fnT{C^^~mmv zv8YHNs3M*V!10&mODFQaCzjz&nj?C3aUs0C0(mceV=`#|tF&Fk@UHnb6b6yZABbX5F5=e;R&ksz0EAf zb@zII=4%pE=UrEF@(ZTxO26H39cH-L4^iwhhxg)sd<~sNNKq_X{5#%_P!~@8+(8uF z)QU=`%Z+DTv;GqHxI4S#htDiA$FQ>YOj4y8aM=GzuCE2rsYbBw36$tS!i^dty_e!@mSH*3 zU#Zmwavg=T5uvvGkWshXwrDO|>kdX=4lt7=xz5|Mqdi2hZeww5v3|Ri+v+Fc+JN(q*UYYxqdS`XDhC8S#W{)!l%ScBwO1%Vd!W;9VurutW zSOT0d^Vid2F-CJ1R!5<>vIGxf9kwk$&-7jNn&nhxh~u57p?hs0eUA!{Q;+L$C7bt~ zeIf*)cR)iad(KZpK))(HGX`vl7NP@6>dE~G(tV}!EI(p!3*(D6VE?iN4;Q35HU`Kv z*~~QOANktUmj{FRbN%1kn_NYLN1}!fUg&(Rwk7=ZXeB7D{QhGggL@Rbm+kkc*S8z@ zw4ZEe3P6a@qu~AcTfzhFNRour;0W-CU70R>UD0oo+`Fs0MB9V;#vgvb!Vwz3!S|Vg zA<{&@PCXpcUm{#y6fa}-087iauSEq zpjOF@5IwX86m>PMN@uKkEJX$qu?VYoqwwu&Hxm*jrKo@$1R6+M*O6J0m?h>NwOO!{ zO2>X|RIbLWn0__=RbK%FgXX`6)G;lkQ$&>Fwe=q9AU4dK=cOUgx})PVb`!Ax@bt6z zh3>J4`ehkRu!nxihSng7^1pW*gDy$O!HU{*+L&^)+{7ZC3Pb2uZo)KX5~)T)0b!Dp zO;CNRp78o#ngF0Qb3WaWMA{B^9V{QPJ~48ihZ!9{9+!6Q({c0Pgh(=1@AXQX!^W02 zmwL)9>(<^T51FMb^}ba}%z`2Pd2x#=RJMF!Owqztf=0UA?!WpCQh6-Q39v@Kl~h8U_Wa2tHcGE1w9u z#!>lG5s|i+!pP7PK3ijfdDb;+2jT?7_fEhR z!V0s2f|GpfkIJ-J36wGY7<()0jG+%>vPHu6f#Wv460h3o>|7PZj_{km|y` zcDeH;gLv)r+n;L-AK+srf3WM=LMdApmOF9XA}XeEB5OHq2=Db+@j0{xNE0~=sSk|6 ze~z;#BY(+BZYd6KH$WSN!2%P#R7ak9y^zLv_1X0%EQH;BUV0qP7|LMaMvxW$rqwlE zpNfe5GIK?{-Ue?7!)5(T+FiWGqO`|@U5Ne)QaIw3B#>hd8o^d@=_G|Y^(JOnT)o3{ zYhv&H>=hBgt&r;UYHIBGO!(#M<02+MyqbK_P*4|gpKdi81;Pdy#+A4CEdQV&GG0a2 zMfXe{XXunU-WWSmw;k81%FkvVh_S>JKSS_J9korhnlrPruh)xfXI0aEl<@Ijx8p zC3gCtOFQiT^$m$eh2Z7?5vrN5VT$GD@M3YLw|^|J&Ynv0Qtu_3r(}RNZAlST>@cYr zuY;Fm3}N$4{qg+Ant0NW9QEBEq!amRq7j(L1Gsqap#4Py-}kh%3~5QuS!Re5GTuZ= zvFpNWS8@DOS|0`pZ2d51&zl~Q+0TrLa4qx2v2&hb)Z=#dXY{w%4~LiP!c@S-(nE~E z%&xdCGwOMB2OW3Vm)D>CF-)I_b9t9(T}SeJ`vFhYl;7q^!miQi#qA=_K2)i@(|42N zxO008U0pVw=P8D2ojY?-BV-stRqkT!`FKLH>ID|!1f29}&1Su0;C9Fk0m9-ie1xEmao1$Kf_*Wq)An1u3G41TYbxQxj`)cF*7c zdRv>A!+hql@r-Wni-en@CuKe|BJB)dmHfbi&3-ZNcF;8LdMrSgen39xCsiH#7Wea& z|1NLs#)QZJ(N=+cef$#s8e5JHBHe7{4;*3nul708m>nkrS!*d`exR?uYqn@ zzaKHabsB!O%v!KZ9KI1Vow%Etzhw`1xrZlkJ!I8z`B`GQd!)MZSmQ)|B(FSkOW7Rc z4|?WWAsL%(20bo{jpAi)CZ_&V1JX_x8d?tbp(?vPbSo5%u!O=F1_l=-=nD3KCMo0! zpsl8IH^wIF8ZtBVO4$w`UY;y|zxO;GFgS3MUB;tq=;B*cA#D<4wGLZQKO-1W^d^0%hc~ozn670qYXfnlIPwdLh~7bo8@N`RMriOex7k3TK<^6 zhAROHFLIf|`vuaAh$wH(Og)%~uheYU6X9{m zf>L_mXqV%HjmxM%q4Fb~pfGjsxdhDM=E9`3Q&V8;fjfemp$Gh;yrt!{VJ@wr>6%AS zz11ZZE%|2Xb?f1~_B6Z^J-1*+w6u2cg}{`mr7|B`L~DI;HhZnIA?f}DpUQynTY93| z)fZm4d~6cWOaI4wo@VC^f+k0v4;V3M%+e@&Mc26uPMDa}qj(#j?**Fl@AaAAN5B;I zgqlVb49NnUIk+>FF^O3CP1|wF48(Gbm2&f?zOZG9uu516FZ~y+Su{B5}C$o*5uhH);gFR>S ztE}GUD(N$FIh6td&^0F_)$PGNL$AYVTB8X|jb|CW(X3tFUO*amVe$R5jyE>qMCsQL zQH@2<@f_O9S4GttXctm1M%EsR`^#4Y6lATVFGcylQHMwZE&S4t6l;&LYo`JgzV0Mz zr#eCceBjT1?j(C&B>1G5ml#on2KKcEk@GZ6o?ceGhYb}s2+UBdxV=!cG}zeWs?l=e{sUo&a<+@ObyK;Q72i1 zi11cMpmKvZ#q~8ras((xdN#{0Tm4#C9s*D6TLOG}#g_00{FkmKr;mGXId86q!g&a` zW&ZoVF_Dvr_MH%E-I$8=KPU6^O2(3%Sb6+h0JPG*Lzgq@Ng&KNhBt;RqM=;DvW|k9cg6q3rHl$CC^`r7z(=$vDZryP!#>SbL{hfKf%T*JX%TPrd?F!CU^9iAv zt@9h(8+p9{@QbkzBGVf=QGyuv$)K-onRr6(lT(ZA@194J4J#pT4f$7i@=fc0<7Baa z+{es@NTZ^}MChGwUuG+3wx%%5ln=gu1|Biv{tB$`TH7|c>XL4$F^ly#NBZCfLt(+j z$H%{9WE2w>4dA-cM%m=1bZuMdb)C=8$jIQjyT6}Mzswm*-y2$V&*R_SLVPXl7uJ4S z+E@RY6CO0szlwoDR7M7UbZl%QSprrD=)uiLBr3qT$g3PVHx`z8bY$%x7+BmHwa8mm z!B2vaScP3g({S`%m$v1ig^3)<5Wq6NyVhA|bl0Z(A|iXa2VZN zK;6X;$79?MIzBAJi-C~H#nAkjKrIuwlzS6W z_labR?aR@x{|HOx=P*r4I@tm#B$X=iWlmD+v6;EKBH{5Bu&}Tb zLWM1zQ6(tUMMn2UD6bcN!bk$BN3QHJaB&SML8I3#ww@ce!cjd42mB1c>FBN$tz}w{ zb8K)Bq0xHdMOhv8lh7PM4ZzEmb|#yB2RE@zSyM@5()ejB76aa^HCFjy2itNfC9d?@ zTH-jD;mQFFtOj{P*MR<|zX5g}Wlkol2bPrS$8=-G*}qRW0W!4q(Y7!*%UXc5jm?|M z4H_Mz?>=Y~b-Vl3=LX?$>zj#=og+eCcS%ZmmR1*6YW;I+$PX6nqqNl;Z^hjl90D8r z*RtBgX^%Q0-NFV;6u>|?`6~}{(oLs};P!+jl`8-esd;MqN=Je8{JK0+oW%?A%axFq zVTv<8-!BjP8wFKYt-B?&*B+h<>FJOzlCKo&YF`Rc&ehx!alAAO%Gg;FCmO#x)f}X^ z>a3-*U4#}k?FKnQ#lpqnnhOf5FNju`^(D(bOsFIbob7Jz|A2$lv+3AIa_Dpa$_9%v znE^>Pb0w$lX9+vzBIdL??K{CX=Zv$e>$<+zv!)DR7?NgQJw>CbG&jQCSe%|R)FlUES0^LT{WOzKwnYoYR1BNBA zqCkR~J{U{CHl(mC*&{04`JDSN`oYc?9QKd%@Iw7gDRpbGA~}#YBa=par%H_)+KZ8{ z91#qqrJsaBE8k?spe*v={kus?~@; zN%f3a1L3=Z^3LD7gLDKG7J@6Rsnl12QgMqD@)=@pl9C0X7+Sx! z_t@cDvOM(U$UHvTY3x8>*F4({_Y(<+$xC+@*E8eK1Zvy9Dfw z_q&aBx)B{(_l=ojWUy00d~>lxr>&Vt;qu~5KkMIgk!8M{%S>WrnN(a%ucfFBM-@4A z)Ga>9^IMTqkJlo;oeA}ToYa`dHu z);{sIJ%jQn4wi{dJB@eB9kaf8>&a{2r7EkKw)>0h&YQzt7qxGcD3KrMankgJcRqJa zq8*BqN)IZ}+?%QOe~hs`8XW4zc)n5r2ok%22Q41zDlQ5a>_d1 zz}Rm4f;QIefLkp<&fxVwwKy$72;TnvOmY_Q7_6$bafpNeOJnbX!7z_9!6m6vt%52f zzrJEqbJ;peD=V`-t%n@`NcJSfj*pk?zFdM?z(Wv{K0d%DOsYi`n08cm$UcfIzG!PTaSs`33!T2& zOuRip!la7COl}kUpugh+;J|P66X0CBf5S^rMD~9vx79=Xm)i1CSVyG5SZlPExMd+Z z@SL{Z3+rmO$)M@C-gkuz+=9+m65-ETx=N{*Ovj{fOSPK`=vB+@>yUzW(nR8)G z(MQ4x!cmfi49#@|3)@yZ^4GG<~ zSqXurJTJx-~oq)ExXQPfYTU(MwU+_j9VzIj&sKDJ-89fVzNqkak|6|P%5JK-0rwvt+ zpS3n#{Av&uzCJa6-F0RR%NGU+YJo9wCL3e-F^2=aA(q!WD|*sJh9a4c@p@A6W(Al! zcChPQ?5wp`vlyBx7ZIk3!0fNmflcDtqM}}Ttu%5 zGtBic`mpILc<*X_mqVYO<+SI3_d^g)~4e$^YXI-|J~4J)Dam0pjY zJU3f8Jwp|{C^{=YLYA1tB1t;Ww#TAV+?dS<_igP#d?Heal}=ucJC}qrcim$Y8HcS4 zF@oGX5CJ@%`-}y8jcX3)+szz<6O8xN2%UYc5dXFaH>pnrA&(p{NHVNA1;q#~c_`(t z>D1mwU}E(cc;Dj!mp&FDcvD|w%95_Q{c8#f#G^VAhP{9@=0kDna}B;tyO-^4GzKk9 zmx=nEVdalxEU1pw&dFG-HRg&3aDS}Qj{-W~wRT!0hDz2@5gYMKXK&54EQRTi0aN{u zyfTXD%WXEb|5tJb5g&x~;JOcwn3V5yfZ~bxF5tm*zv}j-gFqkX`}@T;~L_s6!t(99h33&fQ`;SclozXDwmljzxd2w z7al4OXfo`W&~F+%lo0y!3K678Dw(ou#-1Z>5g6IlbKbYVzKXh|a~H)VcqR^;h4)sM z=Zm5#0oi>XIsJ2PGL-@4_VCaU;KZTNV9+w2fR3?@@ZBX>Gpg~&KOB8++qXHsCA4Op zlGsFaNQvPV%(WUw@9U6Mjow57ZUDoYI<0v@Z49xm=ebrW7U7hRwAOjS1#AoZNE%c?zNOQ5yWr7Og5p=xhYv15Ms@PHq zqOq?)EQlvk>SAsVQKU^1OICh4@bS=(pZ6I>QVt5Qen&K6kg}mz7tuh^hwG4b7RI^c zfJTlBhp)6L=Uz0eGFGKrp>Biw#^?j)HI)X4Fz}#Th9+!;RMO$0{uQ+P?xUm8&IwragK<4d6+F&XP2l{n2rIq$wdC;3GV zLu2#ulUcQQHZ=p4Q4i5YvNVzC?Z6Q_5~ z(1D{KmAZcIymL*3Gi_6fAy58bDDC~ET%(I}h33|BYSaP>ydPWc!Q=E*xv5S?Ij8Tw zQh}QmfJv^TqFyFM!6FYqac1XjNJ?e5yIK`%m3c>N^4j{PG5hl?Pfco)#zK16;rr43 zWKKblP^K5XDZSEpn@6*|gRJD(ajI$6fvEqFo&)*Nt%k=_kGki!REV6xkh_%I*$)Mr z(^5IOyNT144}1g;%+k}z7;q#|8Pc#xua=ks6WR&jE<{pZOw)DjhyHCL0>T+MWA05M z>@?37h{C9&S3shv?hd34@k4;4~{~Ck!4;tU$`j%6-?_BVUDZ%rq2kia#Vz z+xCpVLtCRw-E9d3)5n@!$scm{js@Smlx~eV7#e^fi`$d~q4-LfX)^7a%A_uPF zx?iO3c1WayzjYdc8m0CE?nB|O>||c?MS5#fkS$M=Lq{W1$W|kJxoI zIkZ|8J<8*U*ihKq50G5%yw6*vCt21M8MXANvm^=YYuXr<0g#&a==wKs#1pqBC7(Zi zJGL`Op2EMx3L1YWY4-Wyiy0}POKj^K=x| zh@2e~_@slDxcz7|%iUpU{c7o&Slp=0Pp6jh6x0%lbSl>RLvHVdg@0e4q;k2F(8~t2 z!9%Gv&=do0iQHv9b>Amte)|nGOhJe|$dQ<(xj<|2>bg?(W8!K}OTFsin9E+j90h4Z zWHAQZfxfY&?s{K5K8xXJu^t#|qz2x%zUP_y>Wds*$A~yTH{K9Ii@ZF{Y?Zx*FA$t!&r5-7Ub2`!~d64$qMhw&E^gqRrFkPg`ZyvtHJodMLg zk@D$z2(h#;3bzvm?tpw{Uh1E_28e241F`iTQJM?{YWT*b{z~K~O|S-{YP^DbXSH74 z%ltr-Qe0H%f)OE+kiG(X4=c&Khbg(kqvejH%S+WT!VgJxFrn27(a9=85k>DOQaRb% zo?E;>UM*K@`p$}g75F3P^BqRQnh{0I2SP1=PL;YgYUH0z>zNMTq}BKD<+PH525uEb zYPxuqhH{nSaN@~1IPgT_T8OjP_Sr%>K zOC?8D3-gwM`E9xU9i;*U$QB%QhQ6>d`Nx$tDdPc6ZS8V#-{Nd7rBivy2qg6y2oPS^ zgG6tHula~J=jOhw3m#eB*k};f-jUCR7uA#138X-FmLE?T6-JiT>HLQLL#bAHsy;ec zn9p-ACVVN>T@?PVni2e6G0bKvDPrsSc2J-1tEN-^*MUx9?IU~7h&WaJp)|Pj^YX|! z=utXzN1_sNLt5lNsR_v=Kh)IX3v-F-%tgcG68-Gh;ww|0S(%qwgTooEGg(fK)(nhk zk}}9gpctr-8}R8a#LFeXy(odKS2GuCS${x?Rt|{ zvS|j~yDm@JZ|o62vlm-D+BO0z%DYjr?rKqU>$BwoCot*M86n>hl%x24h+b)>g+3Ba zLi_2pS4I$lJ#XF6HAW6-gXnom-m_}p7-a=xQ@q|@55oCgbF?tadcuw2t)_>>TQD<7_?CwY8Zk9t>+hL{~bt;j916gQa{mm%pd1b=epw>|4G2ycRn zy=h2BzW^?p$a3AH!Gv?^#8FBN_B~S(Kd;z58@_5fyX!}rX^e86Y%{TJXnN?-mAW+( zJKfA_xvtuP#)6HGj^5!lu<-Tv_KuZuE6v$V9{DF3yTc@B!-eHnOjgmNk@lleL%{ zn+ku9nKzxBJo^GDvl#nZQavfG^ zVkK<1>Ii(TDQ0cpr?(S^kHmd)xs1u$s<2Z~9tp#(tb`kjkkBx$8g!bM?hxmWmdMPk zzI-__yV)^|nv9Q#ge0%-Zde8r%OV|{A4Y!|Q|Gyt$1ook5hDDF*8of@cH;li8bn1( zKgL+~T5(UmBXRl3{`^abfhm{z%WIoW=nn7pAeGhgxe@{|1gGI1D^)w!n})Q?)fJ=b zuFY6)_*-jHBCz3g)D^;;;qGT!wn|kv<*)-kbfYK-6c36fxvIFiSGKT!zWCdRZ-#eQ zGZfz06rQ)?nnqDF0kbtR@q7bQvy4M~2kEsp&0=CXCA=6Vvve9*;P+!x`NRy_N$y2)Pr#bK;p!4(HYB<4LuO)9lBW}FdrGbz+kUvEcbaw%C| z9~2Efva5Jo#PCNw|BJoGMInXxO%FPr3sR~FwT(XX4up*n$3c#iP7Di3FuqXaM?hfM z*AD>$xL;t&B(eUc!S4msr5}Ym_9WMRIfIG*{RUbDgyk2h=@FlX5CR|+ItpHq3w~J^ zj;962`VaN^{Jq7TCT3DdNhzMRvRK6a)<&zG2+dm{~ ze>MuZw`gIcFz~@7hPRW{vX2p{E>e+dpSN+t4s1QWzReJA zfyGAEz7@NDxs44T1svm*ouu>F47pI}D4A(N75NhYvMb1Ws*Bu>x|GJbdon(qo z6;(|K}zNfQpo9C}&tf3Cf!pgC!H=fnkhg7YFdlIBt2=_hNem-3hu8<%8yw#AYNyqT> z*GEnXBj)`TRa^<41Yl@4($8Il0jIpj2g6Bk^oana4}luzDlZ|8YV-Iap8%-jRvtPA zipUi^s>PmJLj&&M1|I&$=PZVWZr5W?7|u&R2;)xe`O+y-(b2lGFP79E6>SdG#M;3>jdwU$Xe%J$vR0sqCR9+~VFHsZ7G*sWwQtyA;G+dTz6BX(3Wa7jxxVLXeROjP)79T z>Mcy;-r+YUBUJrRyx?kItYJMGzHdW|Cz`*CSe+eKV9-N3@r!5`&g%fgon-5en zCj!miKWxhPJ$iS!sGOg-zko);f|Gg%grF&Sc!FwG`UFS~{4X$_P0_~XFF_Ji0TLK0eT%=TkeK(GYcKh3>q`*AKl+n;Sb;_3S zdwjVn{8WEQB{Rc)cib1UsdB5TQKL$mdkerrRypo#RHWCSmV1H%(FpV16^$8uZp>1( ze1FkiShZPLOjjJ1X=W-lHmn z$@##aJNb93gNp4IHYpT~k&v87zEGgnS?TSovmeGY$K+X&gGZ4 z_NM&h(t?me!AS;W{5F9!V+9Q*VvT?!r1Qw<>aD9>9!UIIf%mo5U%yx9Q-hG zw<3RTT8WTczqJ-qsFtieRntwQ+!n!PMv=}}Jg6<(O;AxPxqa*b`X_VV0em1`zq$0kBZ`Wq|XHQ6TMe}t_KhR!S4vb zo7jGJn(Rco=yCa>Kb?0j-;~)5=W{|ZqG5m2ar?>4DL#$#7k~Ql1|bG)7n|-dubg=R zpuFMk=o^ z{#NNuWBj6N)BL*B#o*in!8*C#Vvg=3_7kk)%txdGLeccEnBiTG8;1+U#dM-4>pW)a9D1M>|)c!;iceVUFq6 z0MO_M5e!@{eo)DU(Q@x637K<~pUKPgKNTyNqpTM7>80zH38<<C;S4~MwCxnWd;Ufbw9%jJ2jE5GyALe(hqsd-B@tZ# zj;4`1Gu0+w$Ggl=*$(w=@Od$R2`^Q3lPDJVxvpViV(z$D%~Xpf7d$~AaJ^64{W%qo zthFW@6nsghvwz##atOui8e#gz^Uk?Wv25(s&|Zx|t_kK6X=+_i#))QT8c}tQuo$|& zi)Gj$p)gk+dRt6uB;<}il1uv8I7bVr%8eqozy5W(xjCi_Mu4SUrTG?a4mWTG_;=sQN`yKS`%0vJ%S5(UitboE=hQppgr=VqXwCaYTop( z*0KJA=b*yy)9~GpXh}kJ%3;Q;1DO8h&~UA&G_VG;TWjma7qd$JZuE0lzh)}J^;Ek- z`R@Znmc8jcks@wetR9QmqG57MN*p3M{9^#X2QtUU4Em&HCKVkW?vjCF zMV+ol%TXS#&#cd`Im6MYq?)u`x^t4U&HyyE%ELGG$cyv%!H#IoA_|9U-C#6I!{5%e zu8WqK0t4^4|9gbaB0jL;xTjSK=$aByjjS@IR!+nn3_aupdqV<0VEKdS*;-C7H4eX3 zI?-H=2J&2z)9$47%$FJqO76n{N7q|L#T9jJx<~P>;X~tzLxM*(g<{BSOd0 zd9r6Os!awuk%U)Z;SuS}u}vs3;s*vcyMoxP=NU`Q8Jc~JbC2yT8GU}++#9f_)_Gif zZUscuO@J-qV#y+VE>+R@zQ6lYk#NfL!5Uaa;P?Iabd6*};0i5;wZTV|(ZaOccZA(( z!vUIzn)OSGw{wV7r z*AnMVxc1+42PHuIk`O8?bgy-1ES;n}WPYMXi{8GG^b=0iB?4Vk(J^G&CPk4LULKL~ zEzKlmrNP=rO7NNlX;rT@;=F7!iD)M_^woB_Gg#D?F>!Bw1Pc-k$Ko%-Wa|N(Xuec0 zHoIB_c0HaHK-VS*0Upp~BkSppt=7FIyMUt=2{O4Xj2M%kQ z-zsqu5;AJ(=B{^-eZdlvl3U~aXP_`SQ``JEf?l&krvKiVtvJNUXMzj2WS#p`@^@89 z$mxlrDQrF7bkx)w)(}?QRtHy&sAc4ehOLin$JI`rORHG_^@ z;)W-h19dDn#+OJf)t1(@i0)rS{HMW8bPA!d3x&CI>5x`81^cI?n$sp{7bK@QT2WjQ z^iPhgO7Wn^jMU;wgJ)fqU?gqwmE~OlNo+mAGN!EbMfl1|v1~5FcFKC26Onjc#D9T- ztgK10iODWzZ0@4jFJy~pSMkT#?EJjB@}!|IF?Aa9(+E&nAiBUUpAI6V(ZZg?Fr6`GHpTwr#Mj>=z~1kH`sKjgmml_fh9%h9ZCZowAdb5p+q3@`L7 zOHapFm-4xFKnnrc0PWI_3P+@}?S?qZV;i~UW@w#Dmnb?Ptkq6Xrth-di(F{ddj?AX z?y%Ss91N|0mYdyYHp7C$?U<#}I$uG*jk@IRk=_{(gNw;fYDz%uW zoeazJ{3ui|q>n3i0wPFv{7EbgX}Z5E=Z(_{wzq#1%DbHFt|;4oDTArX=)UC3{u*nFh(09_B!+230kaU@!a5jTcxJ8A_8(TLdlS(+b2b^ z!whVGTRV-?zvY{+zz0&EY=REt;+582$>MuX>&>2a5;5^b&HdmVnIEi|)<4 ziyf3RpzgV+zl48R6hgZ_@uqQk_(to&>hZvsv-d{iM0qz@NA zc>-tkcj=h~fKvX7klQAuM#X|I%%|$s+JIFDhg%79AqZmJhy>;w(SHtCP#hi}?i|O^ z7JUA$X`mv3l}^p-XqswoyZ_vi7boz9ZLN)-HShbJhj^C%!9{t)9VSd|t{aOrMXTZM zzrM-$x4)x<1L(M586%K1f3SM{7z((G+H1^xuSSUf^4eqKwFy1@lO~}`ug3hkU5-=;yJ9;i zqPCRVN5qUd3e=)fa#>qe1-b;YlAA%YzQ^sFu5#(8tCYw~XQAPb|I!pfp#}@xVm0t- zDkcZ}u0b4V;Q*>6ZiDOgdGO{p8ynl;_&B$Pwx2d2KpxDnIN7d?ldv92*nbOVrTk}M zE+P9YNaJP%G%~d$(b%+eBv~Fjz1!>Zlc{ewZLZ0|_G7lXDoiEZi!`97b*xI$z={n_h7JA4#%gNu#T=+4pL zn9^n+a?($9_t(w^^o54X`Z9vlhtZw0gKc|k1&G!Qq60#rRb8iH(^x^Yn4IyKz}Qf% z^--g0Qg;nJE0oFHs~{_1|COZ(kL?xHQEfkPE$vM~NTV=Qami%80>n{pQ1*OH6)4({a`g!lCXJnv1sGk%(9B zudF}eFU8I3*(=q!w8#d!@qwqd;{U=JSfV&ppT=vlfLQ+o^M~ND{xs4l9Y1E9-29OX zZNrs!?|-8Q1watcgRB!9mPxfZsbx1&QX2cvTnp1?t!O~NOSYAd23oC4Eo&t2{x^+m z6`0lY>QvYC?TQMt*xD(BeV99U5MI^(r25e1?H?x8{NaN)ESwE-rzx}^%ysIA6m`Ne zgKADM&Pv7VS?rzru)0>worph&SNucYO%i+3j?eN|FQPU>RPcIH;%kqv4zu06;g2dR z20!GBzjz`3qUsEJrXGqFM-KI$)WH5Hza}tZP8IEh@M{RkFxzV*t{yup#!^9f z)n{qM?VhJez9!;5iFPOLilV}VeogH+1>xG%r}Cdh^?ku+d*2Da5e6B$Eu_7;P#1k& z+ZG$U;+mg1S?0ISC@|3fmWIR3uj+It7^!LA>t*m@bMnji4f)fD&od@MF89s!+8xf{ zGwRlLMilV!a`uECX|sQ|k$*i!Qw1S4>Jc%1@Zg%u(wAXY!nSBuM5JU>~faQK*QV8 zmla6_Ip3n)%NUb#AoVSYbf;Fq3oQn|2O}~M#9r<_}5YH=;x~a!#N4kU{C@d+>pON zKfrGX6oXNk{g3tB475aULuAnGLcAxUBrqg(!Eax|qPz0dG%S%AMy8*+6z$1#|2Xn9 zx<{d@MRK~~j@%te>Isw+%Acf#!?z7`%#|qH9wKB_XEAL2O`bWL=O~nG+mDqKGs^Yy zzpmYRQvD%Q#=nu=^exJKdmZ_xn9Vaj6XPkYfpYK>|Zjm27yX?8! z_8p?cr?eYRIO~N9gfM~KN!Qbqbf7AdXV~F4T%B1oK!3s|1b006t%ve-y=}#8ED+{_ za^pQG_Qqe~mJ2!xLB0@}S4^Yn#WbS8eDvyHP)lsyub)ugOCR06W9KPmWO15yM;#CI0utuou0 z>Wc5jD)lJ})wH_FxeJWXppd^`2)@p)vIAGR@LF$4acK}+!_UfJ!g=w5p^FHs4Ydz&10 zNPkk9`GBB6dFkE3cbm}7ud70**aE&MG@2#N>P4nIZn)2vVREj8*tjadySFwN%FacR z5HLZt9t7jha&+b-6njFpED>aa-wE{PWHD4qN4|zL4vKTdBYZ5)nZ`BlENY_Un6 zAH!DNnc2~H3+s!FR|Q#bseX8O^>H&_X_EH{kIR-_G3&CR*K)%iTpd7t39O1zD?Zzl zvdA{Z0vpfGMf|FigvhIm%YIlMJC~&(t`Gi&J}Ap`pXj`6{n*g=S_3%jQ?kVVrLvWA zaHw)>=lqvsdp9A)CVS%uGVr;OJZJN~G;IaO#C|D?&L`Kx@qeHslY9X$BZYjvDLZhu z$?2k(Q>^|pyJID~#!p=(hXiDw0?IC4JI_!9o>NP!g-yQyGE)FshJ`$=>vcj=Yh>8U zQRftE;PDE=<$%s2eKx;j#S1{;w1Hai(8Q+RW=uCw}CHw%seT{+H4KO zF85q@;$hp=V~rGMGS`LT?C-d1bUwOnd)@>660F`&(Zq+?m~i6%MH`$%H6nx5aWdP?*NUEciFF1SA*Z+grAxkKZOMxjpchSZ`IFobiHlj9Dkgy z=Y^O1D4)WA>F4%i;rZ+M$@#I8m3qX+37SK=$Vqp}i_-2??eiWr4}hU)dfl=8cN7336i* z3=J$SRk_=l*mpwr#1gt8m53qSys5cjx75jm*)!-AX}e|op*B|FS@(hqVRUz zY~zQv;@k{uT2=&0bNVVNj7xB1l2WErQH7PE?RM&-oMz`(FrYk_%l zvQo7CR5xZ8BZU7>TG)|cb|XFcrn|e|yUKKpTixtO&N~+Pg=~Ms_L9>x3Elr``S6uz zPI6LzH$Z@fiW?0~`Fw@J-aof6-s*Re%vmCiuPi^Y8S9z(o#Yc>iR(dZ%wlQ39p}M9 z7~(CyiIB5Lb*@BZqZc2Sh5P03**m_)={?4(FlM1NJ7iV}-%&Fw5zPm>AvzwdncDtaFR${kp7 z-&q_nq;}pq+o!}mz@^$7Qi|`eWAPeqLuz4uA$V7#zre`K!$@Ed24HPO&g){iP>L$< z!6xq)=y`k(#V(Y~B~3|3d7|R*d>wW0*@>;jAWQSLcTlKl?FzGpg^INLcC~=>3*VLU^G0oz`0#nGjCNT_QvO#wYuakYdtMU*_JlyaGB_;7wIzwuwZY|u`cC0>Y>oG#bv>zSh%VS<( zKjU5Pr>p_2#d;j<4T@;QX$g9*nm+~G37h)h-Wj`#d-oLi77h$};dVvi-BZ{=OW#2n z(Rr*hVtZ%e=)G;fKgGO_MHWluzUUZMDXfJhz@jE`C(~XVW;@j;Cv&2hb_HgAWi_}y@kn8Y|v1eF)i;cjx zg>l4#TaQQPZ-u55-b2~0!$Z;b6rIGNu!`(5#F1T*RYCW~S?sFWH37E6yv zEC=bM!M%!Y2zYet@z?!6-)uG_?^18K2D#kx-wk}-krx)O^Zi2nWRmCbl$DC>--c%9 zeM9X!EKf6fPf#-QUb*Q>)8xwO#0=b9hXiyhZH3{enR(EekBXDgYltwz2yVO_CvLiX zylajG7bF_@RegfesPojd<%43 z4PpW+CH=2H@rKZ!&(l%wI1xfmo$aJG98>xJl;X1G@o?X?w<%WFm}q~cnT)VHV-i0O zo{4{^KH*e7HpAKw6=C@s4T8l%^07RD6(q4XM=X=<46_Rx!;@$cq26CPnC!?14e!V* z4~NZ?o%&Nx|1hH5D=aiug3}#0qbPaz%fBnW^i;w%VhELQ;r&`_0Vnpde2YRj9Aa;J z$m~duZX(fxm8nzCDt9`f_dGhxeJc&iU1udZAk17BK;9rpH<-0f2(XAtnDB$mAg~J> zg2lihgg|mIq;)+{7J}4gcSoz5GyJG=_jBGI5x(Py&F8BGi8BO3Yq5bg?26J^l!^Ll z+qHB?IrHAX-?!v{s4Rw}$1;7UcuYOeiZbw7;0ed}YWjRx52bsdR%f|?VZxNFS;TK! z%{pNA@NE{uno7sJf0kNoP4-;H-;Tt19mzm{NN=)QVI77DCc+G}h(?=3>!+4DI3|N( z8-I=w^x}3Ae{GN7C%`EOL;n^T=1anTU@eUwP2SJ#k!GR(GYs&;pQ{x=9VA@q#~$rg&&Zmhs;F&9}GL{|Mo2#nZZdoBHMsRu_HVRGbBI{uPsu z7k{x{Cp<9J%jtA^9#|pdKmfbMQxaqxb@oGu*+opOML95k{oAzO^w}t{#6_SISMH{O ze<9!-K0r+*LsIHF5oTBp4;}Q$5NEegR43m7Z#k`yzD68^gq~QUh~4F1A+jPipum;} zj)^pJiX@d_c#A>-E)rRu_Nd8rvZ<>z@2c1F*Br|uQH%8W%jj?zYZyz5kmU^+cl$9G z*dpr_I9k}h#tP0kSJGD$rm(=Hg8jOPtG-8|YB|dt-u%?fm&mZxL}rtqEZ-|~-_^_? ztXo!0QKHb2veRUO9CC>;+P!OY-hnmI@`_cf$wfVaYkv+|Ll znREqX!4tr|mTtMjSw+jF&wb=&2{=`|#a7AKlf=20%4HQb67V2?&UjMDtH;txq@bq< zZ*6Ubhlh&*(B)5fE;3gCH$#1UMYI%+1#q%NAqqT@-`WsMWAI>iht-=V2!cY8chJqU zs<6Cqk(=b>&*Ze~u@^u1>Giie>I8)zw^*d!zpd+9?tMs`&h!a%iX zF#19c+4K6{-@~NiXeH)lFLbfI>(;?%H}oKJ#M}tE zITMNvXd)~Sd=k)F5$Sz|7>z+MZsFI$;OP<+#!;>!-YW`&zD;e{wDxlDyBfv~c(V&G zUXkpP6-XY_=iC|wxCz3{i`{K-sE-?!Z2EFsw_z!~`6wTi*lh}ng8&q$0fR6*J9c5A zDdKFfL>JIKb}(<$Vq8uQ^-Wdah0s-h+YS_w6Ytb^swv#sIrIskcfe&}IJgGymak(7 z9S^my7&IpPsv2x1!CUhGeoCBv+rcX0B!E{B-AnG`1hG!#MLK!IsAx)~Qq zT=j49Zm<`kx)H+WbYY~=6z!!9u_Mj~E2k9c9*M7kQe-|HXEw{*j6R$nx_)Z2tK^Jf z!pYW#AqP!PDicHkxlxF@yYl7~iSR9Pu)g+2b$Sk5^WP@A9z0Y2bA#IYZ@MkVz>=;tVX} z_C**|a}&jTjB5H#oC3zsJ=z8fL>a7N2(ThL_YuoHJAa@=8bA_qBFIfLPq|cbGKtuY ztF9YfWMpI<2CIqEMbtlidY2di4ACX!b%2qT-I9?-mQ+5XD9gX?#7k}P;K8?(b8Rl^ zFnr(YA}j0?iQbnleC*oXUJ;j|5%`qQEFoXqgkReG67Y~j~{}x@2 zDT%)$>8G&xRZL_p(E586)s5*mvQsVcmU%ZhfD4HeId{d(8R0Z+rVk`aea3(A$v8LM z`y2!BKBpuH;*;IzfLvqn$Rf$}^D#(wqU2gZlcHEt)7M%^)6^9DOc3rt4kz0IKSXjE zk8PFnjK#}7%;wKCxAQ=?9ufd#phLUF<($s9c5g7yRr%FtCE%r%Cr`?RB(l8|4aLHi zof?%r;)GwkuSIroH8(HsNmLAe){|t|-@ixU`L(6oKKJ$DHnJl&yd3zS7qOTq(POwo% zMF?~?ib!$#1^;3$vMYo)?fT$J#n)rj-C=b>oFD7Oa4khz&s(?2Hh*X;V4*J-@uxCnTKF!!4&$CLbJCx2>@f75`ReIoD^i}$1O@I}Quz=ZB z@~rLQlnT#M2%p&>jIj9|+4Q{{_5Y8Xjw4XwG1W?zaj_&jmO@q407B3{WWaIE=NWnU zZVX)YTQn@Jf_394Qa@Qx@*;5v7F%{Sq$o8U&R_WN-9%>dpzOhLE7dOJN>tr#Qf~9= zgWZnocbeQO2t5@J43mvhPA1MDPWK6^noi3vIgeYDk(m+7kPCE>SZG#Y4l`MtQ(tDW zxrHSS-oSL+&7||;-#y*I`!j++>&rGMNzZ{bYmZ~vepB&Z=~?LpLl!7I%|X^e2>t5_ zJ~HFzrKL8Q@z2B#ADAbuB?Q6(3`VbhsRd_-ZT@0DX(*^iJ;whMFsfKCem+)UoN~1y z+S>6FKHy~(4LzJ(&c1->mnwd=l}?Oz$y=1irOBl44h_1er!SXS;HD&;;X#DuT1Mv(r2_PDi-0YCHm5`s!$rxY7wI%UtB8SIz%8N_-C%m1jgxd%yp?-uC&yLxQ#}bbo zc0}0uLF(Se1JH<2HNKR~vFKU7Cz&)9{mrNyr{YfjK$I$n zQ^Y9`43${FvPHr?jLzHOPLYLM6E`#G{@8GuR~6P~gN@K!mf?#EjgC~9LJL)ZnP;gJ zbQ`ZMsD~sIT#&-0(M&RpuV{T`!wsFryZGi7xR=s@9ofr#sWLUGDoTrJ_BWlHy~)_$ zi9^vk(Rt40VIesG=`91&*^>`iJmpJxzU18(ox{qd?8t$Bca1#*eMitrEMA_s9@www zFFUa{0B*3VR9#!~KKAVf>0wnjnba5vpe@&;`4o+CF$x%Fa-7UykW(|pEm?0{k zTD<||zN$PjMn`&B*Ul^>rRhz&ic6!Fs;%nq>q+sm&iWy{5I2@`q5a{c;V}pkag}9Q zjL7BMav3MEG6%=q-^SX*`FrCpK9a=A;aetQD=6M6bzo}&{9KbAv)xkJDh~{tSNvIp z8{EQzZMkrq^p{X{R;@_d*n{NlZufbDStiyFxLsPH}$nJ4(Px^f9hfCC- zH6ZJpjH)(q6uzaOA15c#C76BMxBm^UR038roa%D>e#9FRffaz)Qgi;2rcOFaFUm6g z1%d@)#9GY!Bp<^?=Ffva-SWE(USdROFDnBE6+DIs_4|vN_x7XbC!x#N;%h2Bg;!ow z9@?O1%x^zT>m+2-PBN}zgw9TNaSVEEJp-66%A?HQJPH_bAmY;^Eav9okB_97d@bwr z^cm|7f*=r6o(U0@-{VxfZv=OapQ!lVrFd3RiX&1~dDG$AFWV_5M(ziRJir=_sBZc^ zX!&3F4qfqO>!mvgCF5K$!eyynEueY}ifPv2aEcn)yszzb6h>;c*PK}D+esvGxPfa-Q+vBIv(nB&mN^jvsl5zPBW+hu$i-PvtN9qPt? zFKLtrzR6V<+ed9EV6hT($Y#`+Ee$A~RrJ&ld8yO-FLYOLRefb&5`n5RsXoYK)WO6> zBSRDqn~EPSGT(Sa46(9m{)tsJi!!;Rg6ctqk|MLo-rB_T)nJpP9$jljgkQ##DnN4K zz&g|LDJ&vmvqonm;7YQU0Qxom=Wf`h98LQ@TFu5i$P7spB9KGynf4VuwRS_)H8&bk zY`Xe}C-aFIH_eZxln60yM@`8F$%{pA?2GBKw-L5))?+mL2cFr)oyQc3O_FI|$b|r0 zKf;GbAy@T`1AfO`NhNH;akq)c&2-_7uSLv<(f=Ci))2U%(xcwK@RR?RmN?Ddn$#ncD zH0%L}j^plE2~7n===^YP#KVs29-?z04gh-V7TQ15gxmr3^_B=7Uf)>R?A9Iwhh(y0ls(+ z#OZGc$1s~P(rGOX5nH^_Ik~A9gaSmShBvyxw4a{GlINK}y3+zyvJI)tP1?;~*ngLo za^aM5pNZd8S<)gnAgS`eZ%@ma<`&+Z4Lz=cg_*3)@0a@1IWIHGuzxVEM~AGaW>zf3 z;VlkrzQ)IvOz>pnP^0r?#TWbFRry1M4~<;MXuA4)?g^*r(=VCMPxjGTpRZK*@+ngD zh)9Q+H82pF20XoDEuZY2`Glylk#GC4?MsnO63K>8qlnC-&=lF+=^eSUxzzpv*yrJJA$5JG>IhA~;Km z^wrOzD>+(BtK;TiZRpVf`BajT|7nha-~c;k8v(RRrHFdJ!5V9}^u44Qz4+Fp;lJXM zy1A+6S&o^h9i_6o-w_{1&RLKR-z}XQRWpH=7Dyl$IY+v92&vs&nqRbW;6RCc=JZ2q z_FWz!=hG3I|I<%f^}m5;{IwC_@UD}5J|kvHL8HrnkRF0{7pcG{y3W6-Et@^{KkvSB z3SnDzZIs#;qi7eC%n7IRo&k1)p{-5FR{>@@S1>B~XtXK|P z-sR+P)^Gl0*#mzQxVU(*lh&y9`U0Jw|3poUDL*`=sN@p^83*eC*zZN=`4bkHe6voT z%?vJa;vt1`niNKy2u6V->F^HCHzYX(j~Nr6X^?ow(z4;yKB)Z#CDw{1_K4{lSYs3; z?kUxZQe4(lhu;re5BfMVfA!x0zb;xz81lfL96Xaq(+LKY*c^0FGr9|;qic;>QkBWF z-ccF#O5_CGb!B{Ihk^8Kz>;T9SOxFn*1y`M1n@BSP%m*AfphncaRkSnWGqm}!|t;3tDU8NH++ z_sIHIfl6F0-u$2EAqoV|DmECj?hY7&1;Q2YE02gKmS15S`%bD@tvXN6m(o7LCQm&t zI{g?llW4_+#Rwtfzcwd*9muC&NspSG3Cr2mB4#&li)fNQ6Mdp~&pj{VnnzOP9+&K} z714MZYQgnlGi}Q&@Pdbvc7yQ==R}7~4CBkWu&}VaB!d5^AcA-u=7uRND+grqyQg6t zZFC6tM-c@zHSr1nCZc^8->yinoo<677Am#iAl!N*!VkRiKV-nVLuZ}ei~5diN-bjY zD7FdVo<{Gq+PvyZadfp7jD!PX-X`*MCTp^%=A%6t9ihf55)|=#Z*l7ka!1&+I4|jpk3tS!I2tHke-|Q z;V9`U(@5m#@0lVKU`jg}4Nbz+(-s83#+``h17K)dLv-1_WbUib*QWsqza#b}i~r&4 zwcIH%Nu9HN(e?QA$e5|F5CB1;kyt=>P&{FkP5jl}rV}77!tL(FrigrO=fdD&O0Zp5 zB;6*9|73$PDa{VFPUDgGMp;87oe`NBj>f>2hOo<=oy%I+dHU%zTJLvk(jYM7RQn`* z&s5#Y-%Z#RG5;)S+|z>jt$E>ETtucOj^ematXgnnQ?6*1+gRZT?29yhh?+Lez=S62 zKg3J97O6!@*eD>yBQW}$vWJHUl2VwFC~H`KOzvoh2JkN2H|k-Sbw`8n5F;%NeGcBAq=u9$xnWqqil^! zn2GY`3Kr9qZj2KNWZB62usj0sWB&E4G9HKHCA#K049k0h2Jq}@mx-QllF_fV8K&X} zqy333wq}-eRjD4f_U)0lYmAY)Y00MAuC$=`5U~f{o<&C;SS62dVA^JTD)U6cpfqZw z${Jisv|>PI9&A5sVW|=J!uzL%4ji!g7cEeL@6K>37FseEyvah>xhXX3aX4jj4r>1x zg=q3~jQSps7YjHlV=fe4k=VCF_ePRUuJ*_Nc{gIHJ9lBy{hO%MShapR6;87{6qWCP zy4C*r`Mj$@Xv|i}K$x5orS%2tgK#HM48Sd79q*y#Y9)oG1qI`tUxw|z?HS2>WC(n` zF5@Tu3Oi1Vv=o=y^m_Yvp6=Ro*Hm-GI{eGDXznm3vRhD_o~}nxz&n4m4Q?u zEY?8sek*_Q@rl1cm;>qi?_K0rH|od*+mac--xa>Dr+fYU5F_l(BZ~mJH*jthoY4^z z`iSY%AvBgL2c|#wg&W*0dt7Gab;o=kF&-*D>^3yZ$;u+T9WO#fgAk2Jl99M?b_w!UKPZ89dK60Om3?=Co4|Da-P)CP6y~dOHVr7eLLds+D z1?{O&8yH~`^(~tZT;fB;Mb0*XD>vxpJx}%BaChn9K%??^&tBUEksf^&6(|6!ZNEI8 z4al*y6(sH*i-L%|^#X?A<{2T5=&(~2Zsi|c+fRtzA*CtY8*cU~k4Fsz8SfFOquYi}3!iG?SV<;{w1Eq&+p)`(!Nl36#UI9K6 zN>L`qnOnd;DC*N-#i=L!_{%`!i`RQNoG{*l^B&y;${p-~-$jlnq_{*3Xuu5m9hvO< zJ-L!45OuTwa@@+jJ zh;@;y8}8v4j&-SCBX~^NrSj=f2+~o6&=1c0n>(?>h=#RcKKZM@w`(c9j#TUZuf9O` z7@ok;ry_XmBZQ5ziobl3 zfu1)Z49G@?OFv+t}v8 zK~XrIki~Zu88oE5q(mr}23k zl)i+Xb^$~;ms>ecslnmDp|Jw=ME{QJ{~yoW9vHCRcW}YHde}@{RaA%LAs`O{DSN1| zyPhpg@r-h6s|C2{XiGi={8`_OlCb^(9vB1TlY|&x_P7}1*)RgcO0JiCKQ6GUZsmcg z-Z21RkzZCOpBj*)M3FICn5=i!0wM+VS>|6&MDaK7#M zK7zyD&=bvDnwfKS70A!Z3OTl92GF#HXq$t}6ylORf1l*UwDzq~lJkEta$8v150{tn z?Rfu8G{wdAt-y}w@qE3YAviuUIx6rJJ#+Fsr>f!bk~kPR<~$T6l?mebVIpCWh67c0 z0U*c!F+Ctt6(0{Tx2o#AfSWg0deyS@HxrxV%b0Iw8n?A(Brtg;LuR;P9OH*=)us5aD94BdR>=y^0kd^*8r5%Jk#N1X{3ND)*Fj$a&}ahvB6}Ni za)j@nKJw_Rmd1e-ImCmq1OJaCxQ9s)51W?9&d&WowkC)hXTSAuwaOSCAZvt5an7mH zm<4VHdS6bYO7Bl;l5AFE@(c$%0>i}uc(NI@k*$4fmTC}y=U%ge;}-=Ezm3=VLAJk+ zWQBCP%BLCK&)a2%3@Lt4TMl$Nc{j2~#dfWvMDKrTY9n&;>{0zD26zsjGUo2%1gD6W z76Ic1?umK?K$gIK>DUqkAs)w<`-2@|S&(o*Pw>V&{m~z-jV5zMwQ5WwQt9u24?M>e zR&4y~1)x>>fVh8|RD61Rsm&{|KF5tBn$p+#AfP>1J-~XPHT9&lpn5m(t^>Zz=?lZd zT9y2Qu!FW_+y<(je?mgSXdmyGj<;UtJTLErf#5iSBL;N;joZiv&Vo9MO)~KLZPCT1 z$}i#{@;IP0n#~5iDaA<%*wf(tjN{I_$9*nH;LC>>t-8X-&j721)u z$BWgQA+(7II*6EW%2>Xi1*W7Bnp!N(b6CvlsZTk3ZeLof=o=WP?#=ru-ztKSr*r$T z5lBP2RlQvSfzqe!hzmjUNsF;GGXn1^`r;62{Fizy&i%QejuMhu_ur+W5KCEd+Iiwl z|ESTD*Yh6CVfBD|cr73dEnqe=fDxdz7TGrG#7lhhrYzNic|f9zI#wVLKe08=1PAmI z-(z?<1vo6_palNFT|I!{&$aQm=>!xW>3l1Uyacuio`Os%4JUzA&H zvr&Lh&`8UA22R|terF!iU)}BQ){M6rJc`1|WZ%-#mS`>LCGFMCD5{-NoT0Hn`>y{9 ziaLehw&h2JgxbIH1Bq-MttYb6it|?&p_E+>X%UKl;@B_qI43O}?aK(ezf$nM)l+e* zhSF7{XrOHRhAY&_ff2{;%S zDDF(qgGf!{*}D%`MMLwx7kSi3sA4T4hXjb;*0*IG=vgONWXB$_B*aag<}$x~I4<+xqC09(W7v-P&S zFjlz|y`yZ|T)}E6+{%xc!1b##bQo6X}hINMD)x6%x0~KUEbTQI{{9 zsKbK3yYW(unI6LNQNR!bcjEoy#%sm&ZtVYLX%L`RkqSZq8JR3Bo6$%M?yj&oLojXh zj7uz0SkeKGaQV1A_%DNw+$cMk<_?LaeF21pLEFntTG*j z)q~7?Mf62ER8*DCLd^b5<6jR-vzbEadCV+-wIlyI5KFv;uJXp4bVqa$I-YORmqqvW zKhuIdEPg4Zb8EHxd{`thI2g~IW9H!L<{!@J=bzWhB8X~*UxU1YW^?u?UK`!tIH=+- zk^2V*bi#d=z>|c8yC$yxPwln}MiQq4~fYalI{tjSN8Y+)o4aV&66qxgAb+ z5s`VMk^qjONJ-OcBzRc6a{XqPYHr(QUhzcxe5Gt5w|*jvMYaLb9VIIkP;dYQ0>?n5 zjDH5Qrx9V;XddUA5FIyLmSW`p2|-j@R;;!{6x1UdG>UOZRO!Ct-(KbWMf;3v=aVR{ZbDbYdhmXu(y=l+i{QR`cZ{gS0HT+qbA(2L0 zw6N2lo##a8^OyT|3UM9(^Dd-vAVD5e5H~Ao;{mF2dIAn$O$OU40ob>9JF)ybFj8=! z2{<$aLaf%@053vpzn6Op%~0V2@@|c%FmgYK(&>0qJ{eTFA;6G{#l4BpC%`xwO%TOj zc8tRZR|#tjZhGdJAjHy|vY)ji)8*cxGx(?E8!+rV&RVg;>)MufWEeZMfTIwSGtBDwT^Flj#(6=TL)|SDctKDe2#qyOF*YGmiMl=# zZ)_8IA`S@)|1|pq_+I%;{i2`IK+IKIqnU1)U0eTB<|R<@Ah6HOUI{dwzJEc^Suw zbg8xB|N0!$bl$WRQ=1>dH%vrN!QBf)#e&a49yl~+;sNJW21&@|7u|Z!c7V^tv0dv|+LRscT(=Id4;DDo@Y|HSrm^=qSW9p0Ib zC3@u_5(XThMbm}MvK!II#iygQs`}D-VBQ(`wRI1*@m1smm|(#X7tVtq7#-0E12q(u z8;r_^L1Rsk6HU#+-E#iZ2=!&I9yvpjHkzyDIoNf@J2v<%VPoKaTVH>@mUOXzMvUSS zxJGt(UhT)M39Wi}qoSaq+U^dI`rOJVQf>)65&3 zV%A1C@V%asK?DgPdoZ6X2b99t<9dMT<>rIb6hHLEzj;X3U5<5?e`Eb;lQN*@_Xi}3 z`QFX*Gym5WN2ATQf4khmm;-O~4tW63ZYj z)xr;6U?13EGp|^o?xtsLw{BY!!I?S7i70r~n4!IgF3BE0Cf`WW)@V_T3R+d3D|#N4 zH?BUfg=}Ix zWmz164`&PG(Ru6P?^o1U`(WGqL)%Zc!PF-UY|sXx1dZ3n*(8CBR<8DIlyu*H7~NWr zh!&mFo;RN=SE{+swn@YaT?sK^(LhsDfx5BLntZ>m(s5IsZ}DqS+_+GA-(5)|lFl<0 zRx760=FRpNF|5%KppGcV1>xu|Rv2T%l-$LE`NQd|*1`~^yc;Yd4DNUMd_X$`vF@ck zy}!g==#wujcc&kJ(Tu7*4bpVJV-KYm%v2u6`gDth`*9!DY`Oz2?@p96TnwxUvjsL_ z#m4gL{3HBP*nnQ9t`V-4-~|Cs3Be!j6=t1|FrhW>D;70QE|#uMbqI&doi%+*!Yo!N z2}~vI9j$UnTW*eGCLf|Oh)97IOd0p7n*)j!fo_0O^U3I`$Ee3uOl|R;T}=7#0-T!} zL&o3iJmp`}dil|U_wT_5a3wpa25K%+jG#04D5at-uaf9Dg3E&N0+GgDi=rO5&r%*q ztY2hDj zytsEQAfFB8h4VF*7tSWo4Jyhr@-j!32Z7Hwg{@t%6~Al6sA6{q-YN=}EucWz)F~}UQ%bAoNQwL&zNhnS1MgM1{_qCLHs7e) zEV2b@>A04qk=RyOC;y1K=2tRCwMJq)xIVAvtHfsP#ux^A@q4iFo#UTo{zl{%U$Q1U z{q76AR*n)XZ*{iYG$H%K!i4)A%V{6E?=aP$r4sbre!OY2RcI84waQ29G+daFFCJ$Abt@$vZ}+0bu^=!@3L0DXWFO{bO!7-d)hkZDRr z`rsvJ!l|mG@eiT&g9W~KZz08*=E(pj;91W^ND?-F6ru;)CeaQ8W;jsUs-X{Fy!>KQ&UQT@H?$F2a0wyw zE?p|7_-s0hU~U+T>G3_Vc##k4JUWVOPL4Egb4{#iurYi!J|VB8oHbT@!V4bEr@&xc z@=5zf5qrb@rXy)=M`Z)py9b3q%7@v$H`*jZK26SRy)8%v$YT5uGz9u^h;+^L=vPjf zLJ#{K3T%9_5;ZiWU<}CT0PJ6YnU^mHB?>8+y81I2nHxlk1U`g^eG_^KtUwbm`3qV@ z$l1hmOUa2?nD7{e9v$4c2@7usE5=V>ZRr18|Cmwf|8B*47Z6!->=W8!HpxM{$ARVS z**eURWuBXzl=66yo0GxU{QBvXqi;+&6EVsrH47n#=Wnrm;TdY^s#$ubb6R=YQ%L!f zgX%jC4Q>T6=koZm{bL%JomGPsPOVOQng%K<`ZQ~44PdFt3by8@XChi6!T0LrD^FqaW<3Jez6rw%|Bet%0p<6#L|z8L&p zoxOKF)&2hl?i>flK32#&MjT|8nY~9cx)a$el$o8q$qc202uU_&WgasbA=w;c?=AE9 zI`{p#$M^U6{q^g=$dPlKl0~g!#Sk5B; z$f38CJkU~{&5N3st@ne=XR|`do^(WbMnYdT+K9*8w%O2bcw6w;``(PR=V2B^6+ir5Y!k^iUF5xRM;(2lm|oU=^Zv8u zL|#$x{X9>;!k<#xjT6=;H6|6fhJHt_RlA|uNqi+w?3K*lGzW}HmkH4R5IgltA0rmS z>sYBAc}{y_mOU0`+sjFC$GxBAf!9V{^KbjFlUWYU&y5f|E*=d7MLyiW(E4Gvlqa=obG8pu^;@QUpc9Y-V_W6|Lq(S;z&UDA}R)P&y(t!>`X|6sid4Cclb9 zX5joA@baY}@)ov=_Q&85T}zRv;qG#x)ZA=5b?Vf`=~o5;TE-mh;(Me!q@9I1e49u( zoe0D@(Kpq-TLVrvmeAx~X~DFu5CTRF^*6O_saqc$N-0vjsr~A2zr))~G+60{3$aSI z5U0cGBE0bhB@=xXO1^A9i6Dsgd59cp|L{U!jud858d6d7J8}Zj>h8m}@ANjUBE5I7 zTDLguCuXqHWHD6a+e?PGfqYNDUYXiS#3Og^$#y*HpD%t|xX569YSqFP+9anZ1jo>9 zPY_jB5#TFL23KysdmC~yia7MTj3#bC`n_PW7M8UWh^_o*t)37Vojzi;e9gI*pTuHV zxYFka@B7jPpVUa-D*h`^^amTZOY|2*lXQ4~*GUm+bfDHWmSdiK+fcZ5OYqoAv!A`6|v2hpY9s z+H&T84utQsmpzFdn;?J9muZDB+mbTUd&RG*PfiXWc1$=b-eK1)(yjAS@<(2rLn^C4 zzlJ@0Xp#B|U$dZsNEHEJ*G@84%t9g0=nPu;Jp`logxg|-O6mz%{9MA;i|grf3|Fj_ z0+*-C}lQp{yf-~iZtTo{^{b=fp_)LlRDhtrP7}9OV{3Xi6QRrqEB;=Oz92y zjBCDglPn0`M={L)@UGu~=l$+`6`(7XmJQ0=@R-{}@9h}Vra0?kzOqs1zweh^yY596 z&RFdfV2ce!tCRZ6Y3qsMR6(K5ROat`axh2hV?*>LYB5B*%uU(@zd{=`mZb}O5L4N= z(J#K2nA|#gqZ-KCw5LGV2CDb1H=b_ts-$$CNBibWO_TlR$LPE^Ww#cQ7gP|kg-`RS zGW+D-dYGA`NIn_<{cV|WtSxaS*O}R_LKSrl->y2E|AP7LVBK$DT!^oL&CZ=|$6rGM z$%nTd95_~eGVCPa$O_J;`fYV6^~P%~?&o@e??!55M@@gZprPodiIKFw$}hbaPd$n* z#-`ZbdgutjZxf>7o^UCmDzb}Szm(jKC;juiFA1syR~JLnc1qI?Q&i;_Fs3D5#mfRz zn=f+TwEBAi6~X4Uv{b*Q2X{?l2Wr9tK=j{7LwIC4DQ&nz>^#8xbb-k4gR5!04r9Hr zT)nV{qNt`i7=-fKs&ha^P9$B^G0r!>eWD@B~vgZ34M+3vdXI zAcf%hRudh+Mbj@{I9AIaMpriI*UgaaBn7|-?V z?i~Vsr=rWe8XO+WH$qrB97tTb_AuI<-f@ED-ed^Q5DVHC??~NfzMu6jPVLW{$&UqE zqL#vYt|vZJDEk`GlI-5#UGnQo%5d)t1LH1J=U{A;3Pz%A?i{qm4tAdJ505cX2?bc| z_uX+@L1^i;O_eXAx5|Df>6SWuw;q>S-lvYQe(k)|H4C~3a{3HyA_z6Wz25Y5?aZ^+ zi14Cb(5p4h5jwR*k9OQG_UaWG5l2^gABewQ&MYrcej9VKz7_tY)!;1Vnt(`K-qYHZ z_d))g5p9nX-o0*1%UG4-x=K4*=2Jw++p{G$<5$TZ8*`vQS4eiCK{@mC{tpz3^!@ZV zqK;|h=-8AI0IN!2^}1gPH*ZLh4{<<(=kJXU{1kKr%0a-Yr(FNqBhPm`JoUJ1ub zi116fy>pfIv<>jco78?%`p7yC(j`Ft&NfB@{M%2_PXddjE2xbKo+P%XW0h|Ug|iQn zicMk^%(vURy;^!N2c{t=zR%_YPtP+~^X}oG9bNpE4@K^-Yk6KV`?4w)+9vqYC37vQ zN7a01J*Z||qVmqttGHTW*FbJX!_{BUJ~>gI(#MN6qCMrMB652GcFO8OJT%44JLh_k z_8db-YLO~N`5j+iuV_-9?n(o+Th>-DYy(ur>AOZZqCFY)T*+b3IPw}}Ki>FK=IlMD z5-v)8iUP$+6v=QsjE#!(wu?YS4UCqWTAbF}IL*~|+H=Cu#HRy)h5qf@NU5{`Nm0T| zPR13!2Q}s2MSIp!&IHVK$5D78dgzbrg)e2+krep#1{F!+3?lPwH`t4e>r{AWwT1W6 z?Tm|<=PUyOm6MM}@ki7D+?H(}O27>caP%Js_;_wG);}-x#xh>2Uh8v51~VXFGad+qs02 z7d$;!9UCpTGWmErpps)nG3)v?;j~>(qhX6==JWl7>o<%ZP+0SR_ZsFvtPRMc{WZ!o;S$=F45%|=x&BBa9V zl`G#L)UR2IzFl4%HN66x&T!J5*wo^(GDzNUcI{|qnvnTFjSfD{vWv*}7FRB^=BrjtvC;l7)-OX=UlOo>2p%1uL3<3>N85go7ol3H|RjQC#j z2P0gng7a}v2NY2C(i9{y8#*0P=88+;v>u!qdcCDef5fkcO~%brWl6RyE|=Kx@(nj z>g%KRALFZ;lVewB+-v#jZEA{58V42i{F*%DM3w{NMH<#lx>PbgKmK_|AYYp%0>?Uh zep7U!Ni}gQYcryHfpG+-IA)yGqIbq?BT4gAhr29wOY2L*tE)A~pZR9qz>0G|>?yRb zx>SUSL3SDdao$)MV)?Vm(Wv@e@&{7Wxnr*Wm}?ybhoBCYUpY@Qm$s*X^92X5Oi>@z zX`}m!Ug%k3szhIo(%b>4r<7VVSM$bg`Wwg&GDW*_il)DKXcytZ zSdrn4)R%F?o9yx8=odEEqF>~drG&|Ya=z*1p_2QdjqjEzkBsS)*0DRRDJ|RvuGxYN zg_1jAIv+9dUbY=a;L(~+`Up|7CNiJcavAgg6x!)TbhGxT*Vl&ZFp9Y?az9-V7OYJA|z#npK0fk7{;BRxF=4XtHy8ZtGYLFY-`hA))3{YHgg4zojBYT{R=4 zwnlZp*7fLS$>l(ZUc!@S&zp%gu550b>hQGA(U(bdKJt1ske({1Kc;&fJa8dP5n8b) zeW{;L%qa0KQthY>!d@M8Cs{8^4Aj(TBcD2W<8x5fBhYTEgc!?VLRkT0u0Pr|IeTa{ zq%1i0-9XZp-yP~qD-gX+%s|vuv`H}p`2OJAD$S*s%6^#GsS+?eaH4U^KpD^ z_X<_WteCJwrd6^vGjvPJ;pg6+N=Hwj(}3N&3)lMInO>F5RG;(WSmt{vULH2F#cW#z z-$S1%-6GghmXameta%)Xcg06PIHwg?$Gb~x6Hgi8r9Jn zuj;)xap;>e6J;XOYmdh-%J|E;o^7TTQa0H4Kdo6= zNc2&wKg`s;N^2DzZuL%R&IcoL9YxS#N+~UnLfCJ?*-JyWecqfLR2B;Ki(go;g|gta z7j0q&SwLVbOc%U7a{?lsy})7K-|L!d8HlO;My9(*l3&fck~bd|$NP@GOqjBmh!5;Y zYdTF4sjqu`&rwHq<%GxJH~g$>a=n-0AwgziqX45@{Nq{_E}3TE#J2?h@pPICol{{X zQc<41`P+|=;TwAFXQ*%DQ7yLj_D8J}J_7~NFjlz1ev0Gz#syEQ^kiOz%$1Rw3Z$nO z^zRv#t57Isb46s3((VbqxmhwyM;P^uQ#7R^&=pm1iLx#_Rtz9el-!vO<5u#$mGa}x zz6ZQkN9AkY9kY|8tu6fvRu`q{_Rv|N9GPm4N`i+j`&xG|SufT~b>KDODkZrnZ})gp zYPhKH*DKAxv@1cyEaCSvW+N=P6NG*rszai^h+uJ2vR|iTo@~1!Udq$8E~J`mDp&y+ zv+$-bO8Pw12<@CXpHrdt@}(H6?UUj=brifwC^I?iRCvTCO)X5Wkrh##p6Yql$aDw* zcUGfwq1~M1bk^V@H^bVn#G=k)K}>p3rFpD>pw9i%f(g7TQSa(;%Qh{2o60$hq%rYE zztz12vsc5U4kiqEX^ae=>EG_XmT_(%cqnXjJuM}0X3N?|{qyY|o1s4*7y7BNeSg35 zl=gIY6WM*0886c&^M!{&7NLOnUe68o>Z8J6s5QiGioO2sTbWQgGJ|Uy138h>zkemi z^JamQI6kV+mjxk-Q%mCqDeI*o`d((?8X9%E#8SIrMnK1k;R?FP5}v9P368$;;zb2~ zTE2me??=mSKZ0Y)uDyJvPggm6EoiAZ@+QKUoLE#TF3Opm0)O^NiC)ARn3>>k^ZLD9 z9vs=p;m64DwOWubiAOw7WfRrQMS_?4OsQY9hBRI?tx%CnqV2O+GlXCi)K;Zkx&KZ` zc_y@fr%m>9b}bR{PH9N&ZGiB!SE!Kh>}zxuM4pS4+r>|ZB_ZrKJd+pgOkB_1gEvFd5idkF&rR|>EY18oVWi+f_oxUND}o#nQ2Bdf{+8L5ol7o1 z25&CL(Y`)D*u!*$K?m54BmejcQSbuI!3@z^0qV)qsh8}GW_g%b_?!Q7(J8{+6 zwNa%0%-HCnBVtR*={Q)(xBZmLp?7dWB1Gkoe7@Se#m_!by=E)9#Q-XqXolPH%B_|M zuy5v_oAo{=WCB*5pLNTU7DgW)@0_g(THP`-WO_3?NAg&9{-V3izx${dCEU6kPvIP| zN5bo_t`G%L!Ar@rV_m~(^DnAWA@0B{QS?jwsFUh~Z~DuM+o_;x>05F#Q`O@dl6T>W zB>II`4XA5qWL?JX6XQXtd^cl+?ryBPySz>_^2V>Roou}5%v8Hc%3hjh*PB8u_=(MA zGpu$UJ0`e%1*G8ciLZYQ-c-|^jezGL!K_kjQf&L#wp=l_yKbxfO`7ZD$V2S!|YR| z77HfFY2^{xTU)XYM@_V6*@qBlHS-%&xpxSGQRHR1lnd;a#3Puam1<0mHZLU4Oe5twVT^z0BXMfw;U4$ReQyz*F>v0{rr z-1FuUn*-Sl73lc2dbXF(gC5gKS#q-&YlcBaZrsyITXK&l-h}J->7t|7xax7WUz91l zUiOLZ5F9WTiUi;B>3N@!@)7rmTgB1bt)v2#kY%CY{pKVqTw{6&YXAC#V?I#b;LGcY;d@B4@w&tK-^UqvP4J(3n9SGR5#W6F3tM>$Ssa1VHQmm)*?dMs=rdZL_Z;MrDpO4lPeD;dRMUBSa?$M6b zYdV$Ho|nYc_HOz_pV!)zi!}O}zbC&@dU8~K-gC9uxZ3r)VS=2pb)ZpT^`x}kvixRW zu?i=wf;pJ#j(AHkUDIwi?;ZLtI~@!eg#kawuWRGWb$taI)=iZd*B}y(Fs4{WiNTCN zsqcZNwURICAqigsu(YE*jy6p10p)2z1w?`;f~|%}@T!H5H%g5rIyfjXSH}ND+)|g? z&p8UiiJHqiPN}fw$!3bZj>YgtTn;#Mx5sOi-^HXS%{2IWrRpc&Ec(r1y1b^<9r=BaJ|AkX?DkcT3t9r+Isz*hs8%7F{#zv|Z1a!gYNWR0WQs zlSQAmFT2n)1`BmsLW`|K z5p?fjpQ|}_fmgSX{%Mv!o7IUAMyu*+2f6;`8MEN|_`6f)O8nGJ$0n_}vkF9_W3|P@ z8&5wKo0JclOzi(qD6F%WHacsb*Z*D+Iy`FOTR7n9Yb3bOT>0@{(Lk0ayQ4E>uF;v> ztfZpjuUxWjreL06{OWrX99R$u z0>A4esS^_$10o-N0DbQx}2$ zo||iF=;gn2o?sLw+9K>`@U!UiuvuT(Ow;98(WYg0Bar@yNX4nxxe`}AKuS9?m^xhr z5@BV_oj>`c|nS*-JFA!Jp1`-`~udp#L`P@z;`NL4-WI(A_TwIRwtXOEhVV8-^ZPC!ti3ovV ztk?411#MfIXV(6(Su-w}Q9!0ri0^i>GpR!On-C}RWYN1@cnP@rYvgb>j)pAr^lnI~@!ofL*+8*NKM?9EZeYVDbI8TQqiO#{tTFWBL77zvaVV?YR)p|^0lbh;sX zm$qI!VMN)WS?8}U2es|1fH-!tM41PUcda~k^0Xgmejrw2kHRtKm$hVQMF>iJe>MB! z8Ta{-!BpR5PCTjKp^;IobwJ{YW3gimc+}K+O ztQ^IK_Dp!y{&b<`vWACO_PFh3({K4i(pfJfksV^AgO!^`l^oQbG-vpH{);aRde@Bc zShp<@CL<22l|I4#iI83u#p4<%nX88TYVeU2gb>72PG%MFL>)88G~SinnKPV zX>1PEeEbt|!`sN4VP??HU?HoHnk%f!R@a*RPY(})@cH0=I#C)5p#~G4O#C^NL{8ckU5RETv_x9u&MJ!}Lx`^ANWe8%` z3j90ljC|H^*!~$NC|ng%4rVbTLjj%l@I2&Ws3{z1&d)V#d8W;_Ez|dLtDSy^M)5jZ8Mh{Npd95|y}kI*4dLyv;C z5({W5Br}Hx&*p)1yq z4x6ox;wtKCq6w4u4n%J1(qA=Xg)YOOlkP)W{O#<&qQhj(KW#rta8BMPsAq&rBa5H{ zc!%CP2$kS94>oxUG*0uY8geN{xOM!1LKk#2h-$u7O@3La=w|7F$AKaI4-P0Das7SB z%)IS5eegEjk+=S2bnfJl^}ykks)tb=P`xi6mBsl+n9GUd3_2clkCc43sXb1 z>;(<`Y_@-tk%FOUP0^iLGsg`ab69h8(4dU_vQGXF#HqGusOQGGL@Oi{Mko0$JRlIX zm2e7YVOIsjaJnka0ftNteYF4fT;iB?JF0m!hyq5bRMsjt_pL4zLyn&eS~QEZDRvMz z(V1*(Bw{1)pe1P&BSSU#`BA)oB~*b8a0$K?%?8`YHfvSJM;s`Jw|-CWJ){;^1UEg3 zD*Gt8$0M6IJ^0}8p<5x|!gx>d?;m#9o4*b-xCS%?MeYgKf=GOpdHGLeAMgBxRF!36 zlFxBWaZBmKN>y1(;ZLF}TbK}hE(i=wQ29F!3&t>HvnqlNgqO@CJDlccHIGv{&Pq9R zq4O%&LvO1ec$mPgC81LDVayoAO6#wbOFOs(giTad_tzN{5mj1`;46=~3f|mv$$tHX zc8R9|Gr{HmW#i&VVbEqT8&ll*uoDHKW97-1f7>6lb#0gR))%FBWd^pw+`oWQO^)P= zs`3u$6(`rt$fALOP626zKr*rdXm~*t!}3k7SwtNFT^uZ3b?p5eVF9WXu1#4iY(&s< zT5)7upGQ8H|EL089h|X_g{9aSr=&i|xyhj*_m_e(OwI=zhWliF6#Y}2_xIn0@gY9F z4}1Rjz^;%rNul%ccwg?iqWn{rKY0KC#GfKjdlekK87wuRsX(`3@uPY^B3s3Nvo4Ja zT%;B}k@OnPYf)Qep7wj9WKfL+I)YaYGA5(^BIpDM=E4(x?CJ!!BM1K_3N`&|Yj%ZF zVfD1?8E0Shl#yun0}S=)+s}9N<5Qu*D|`A6cwUn~Au%+*vMCf)Vz-%AOWP-Waph}@4K+t>6{GKKFJW~IB(TiapO7~s zlWZHnqb0i|&Mi+VMH*Eng3<6`PmZ57BWTA4C0^dA4nBH;*XM%} zYB!*>E|9c4e_^k|$-5$4Ku6%iy6w{clUpRt>vQfpR*vXNa-#$<5B9Z&`_IMu*G~rP zv0)_eKadexNd8JHj~N_@9S3h@K@oJjyG1FR!j65rDcyxG4zM;|1Vd_(j1e^=fFwoJ zM87{<@_*u91>_9HHhxIieR-MZhyYOE|M16M?J#5Wc2zl08hu+K;xEn5C%s>eFd$1N_ z;K2I@S`FD6Ieva|gWCA%N*-2DZv-4wj^FsIKLNpeb4k<1Q(piSi#^unoTdO@`()$% zd@C@4jy>RPNA+|rM!+FI!?U7#`suf+8FEQ|+1kTz0!=lZ;?tmPu|tCNA?Ev6RTh71 zP-s6}#O}LX1eE;Qp}nFUBgaaxUN*tMVu=5(hFpqZK}fdPl@xu*w&Q?wJo!}P!>hh& z7w-**JKZo~pgv8xdTda|cmfjTJ@~>q# zJ`GJil2yTlu|qmS07pHRCh~Y4+>1La!8As%)Kq#YPwrU0B19+z0aGBV=UB}ba6=Pv z)gXv2UtgGuBV*;+U`g^>W#Hg?{m9IDj$CQq5JRE;lVUC z6_(>*7y9g+7mMUKp2%9Z!IwyJ$mNeVr%XOHvjm>ao;=IO09LEw_ukSiZCw4|JB;S7 zc0u)Ee)hS@`J-t7ndl7q%f%2YFOOB`OCOF}sn|gr+o_I8m;=vT8Kj?nnx_&6F0W!R z^?!bTJfikO>3lz2kopXytoyuMB*w$kWMy5?q&J1{ zVHk}m;ggiu{#FMY6C?Doua1;LbeF-HxJprB^A&rXuZ65sa*3w72aaNmd%lPMsSLlt z{(qF=a>YOof`t9O*QO9d!|>`stV={cAvKQX@WmbO26EhbN0c3iZdwU`befV1(6+$V- z#H5pziBKvF;G?L-qS3oyOy9}tsh;R!9D;7l0e2aXsMO+C2ZM8LdTS+=O|?5hS}7AK z%D#YpO^o&&lazFJ+s&^)`j|Z&+X2iGxCftmq6z2-??~+^O@N&uqq7Sb%F*@&vAMfz{jt-a+~wavHp>OM1DAviMbMec+3^mAVhcK)*m3vQ*Q(2l(_4A2pnb{V!HAg= zSp4ffH~QT@tj=psH@|EEKd1*jg!&xl!3}%U)@qqFR&8r~lkZ4=<^EWdUipmqPy?R& z?QmWxoz&Y|P=F4OIOf>CItuKJy^*ml%(5E2mQZ?^3TI$FjlTk4Gy#&C!RgV6_r59@|}AS zm4xyG4gjoQ@DO+a#KUwYXIY!sgZ87<;;xFMLxNMnimqGH$$hAvaQY%qq3FeSJXB$$ zxx_7}hGT&fZ9SwV=D|B&B$wmzR9WnGz=@~&M3km9?<$?F;GRl&S?f%`rX-==FGq{yCOyJIcAdzug}eg9f5S_#7hA)W{G}CKjO8J zevtu%M8Yi8icH~|mY&k+pl5)rL zTwT5ktFXbAP`BlfV^tO8_)%;$^5V~o>V)Jeu&+yG2CWVkp02tcxiDd4%y7{&U}N&^ zb`U<_Cl$3HY@-({X*_w<`lY!)v?-JK6bvb95`(#+k5O)(6a+i{;p@FgY_B!P>3W|{ zze zjsur5TI-LloqZqPyLH+FxjknA`8T6TPyl-2-&Uym^8LO2BW|TZ|G>`xE&T7afCsw+ zyrWV2D>WkQ`^bUgK&hdon1<@n;BKXCjvpZ;rmYh?@ThPQbw>cSHNlZa}thGg-FPnk68Cuq2{t*feX@QX+1|AZ$o3=FqwizBT%YA~o68P?O^o$`ot~e2F3#vrTtZ;UK-H61x07 z)Wtt=y@9y#^1}Cs(S37r%1g#rY6Z|F5kzDwO>Y-{8m5>A|wTl|Q5SclL-1hZmouKMq zG3wlIzF;n*Ok6rnsV!J;Dp1`1_6?t%{SxjSAM%3t{x~>WrzFrE;H+7I^QnLB5(UkF z7=*2(zGQw4{A8Y%IrbduvHD2!&m#qBH25YGLke3re63vD?wCn48bkIdJ>u4@11B?f zzKstQtT@oGPc(004Lvl??6c~qf&^C_Z5%X#AQG83`x1G;(Gh`lr(_14*sG==zXcUe zcCN_9){H%TQ(JZZmal3Q&7=^b#?#JQS}#1OrNH2wmB_XSPA<=EibS2HdpYkG0MmE3 z?%MQlQUyEM!^ebrYObVEa?HP1Vxolpz1sDZntdt3qiC@oEz6cZT6srp6m4>rRK8-* z<++xq{eBP!hrCiSYcs<;_q3dO>Wc)Pm?=Nb$^2uM-6h>`N ztqd2Y&Q~mhBo{kcsUIufD{bvkW-3xNw~V<_bRK(J ziBDE!Cw#@a*S#R;@0$seqlVTeQ}SwEcv4>%jTi6>2pE*Q-AMXsD)qYI+~_aBD6bh8 zc7n9Vis!q!_X!GFXbQCmBeuG`et}(fK_fxrLQ(wlvI0g`JwD_&?aD01bsAM0GYn>l z8{>8-y;y{XRSu5d5Wj^pNX|_q??$7^E3~R(#QNOdCR7o$Jrq(uG8r}vXG8Kn2uByc z`4>ams|3;Nr%)=8kKQlT-zdc^{@oD*_Zik^kdS^d!oP9VV68)huYOk?vt7KgqP;lw zgC%uzi#PSb&?@hG*OiA}4F}197+X>^VFCfWYO|YW?x1#~SePUSyZ1&}J7r@GK-l++ zH0gc$%_P(YrCEika~X91yN^Lwbsoa%%W=XxeH$u1Ms1I=L^@N;sJ_0qw7c@_rSq@B z0Sa5K_d%7nZkEedPjeXa6?d8eeieTVf(&P0V6yhC<#ev!iD&@la+Tcx+XToHZUBna z!-6d~**(xaU@n?#alA|y)vD9{@dS_7*xYN{Cx2cOJ_FqhHwaOM z-99J}J9gW$p;&ub@Af0QvCqDI0F3A5Db_B-=*0Q*JfrX*PSb~@B0ygBC7-7hIW zQeC2)na`KGU9cQvEm@Bg2=2AaE5q-)UL|zw3)~7z0FD% zp-j@YmqXK_$?;=QNTJ@b;oxWdBsi`c-7FyBP|hDNG91FfQeKczy0_HxdLB&>Ww^wA zdA20G0f5IrugW1Eug)By#C8Y4s}uXkZCrs*Uf<;jYEN$hDW)1}6bNYqN}9?xs6xpr zFF@*P@-rb7XN?Z&$!*!qrpths$kf6tS+FK^nIIrMCo8y0{m*s-PS!3CSUsDOuK!#B z=%rdSp(fxpPzs2xp*^c#?|^);xjmNNN0l zfKF(6gs*yXj)YR$_t4#+t2k2|qGqT-Dd=fl6V!^qLRPKGr)$NBAXu#n@CP%o1jNKa z%{4p2_st~O+W=MU1bWN{8rS;;exijkLwxT0a&%YGzP1?KzU%mZP7D&&Ae!^C{SAW) zYg^E;&z+lT2P#)myOI4mf8us`{@>N)uMh2H0&oCy^dVM zDaF;hW$9-=%oK_nA{HxQPb4g?y z#3WzbCLAi`CiV!}p=fbL7kOs_%U0~Q#=zMCt4TS^*#)9y?K|v({?i(o*Y@NGa(}<% zfmq(bHRx{P-p@*Dwt4dTFAD9emF~XgS77zQ$n|@Ik5^P|?1l3HDLDh;G0}%T zbk)Ll7C5!i#K}UOo6dhO_P^Z{)gL$9Sz;8rKwV2WDo%F6g!fe7^ z)36vEv`T+qvoe|t9U|0B?1wW+FeeYQ!kxwY6fOli6Fv`cm6gI5op89})qB}86g(U- zc;{)$u?vt@PLRu-6&01)qMs>T~m7&R8aE|8cW=Rhu#0k`?Rd+XDcDjEOO^kmB}N; zEw2ge85!^52B)$W2~I(dk8ulUmH@TfcADc?`ECa20v`{5d~riG(FTJReKJC^Rdhby zE0k13gDN7H4&FBq`Uvf97dh4@P#=b|6f%t)cBSkj!2+6k35wn@SWwaNbvYo4w}!2iq_&#IyjnPif`+9q3kFmlAsi--^I$(h9d}=jL_x8VShB~_Eqy24fjh;`Tu}G zn*k`U@eWkOE6`k*HN?kIA(L@7PeAb#&uT0d0yuxXc(>Yqr~`y;w1JPS$&Uzga9_hf zT*A!0hGRjtpYR>0h7u{~FjA87*=_*sLpce8oA&WJTzWE@lV$eQ7eVW=$x2{AFJTUg zHANpCERD802dTn3@K4-8>iU)y3_odEGJ2b+y1)t`%Y;KGUgTgKnYr$~xq*bOf0uHFc?h3Y15|_*Lxlpo+jTDP^{^uGQanv7Gk*sNsF~prn=R{pyk{;BP1aSnhEu zZAJ9Ni)^HjjG@mxv-d^mq8<z~qX9H>5(4E+mZWi2KYYg1 zKQo1>>9Z5+-(V9v0lR4-&K%7RObX3cMIMdHR_XAp>?)fS69@0Jey>x1G&6$sBpvkH zlX6mL#*+~LUGZ)Kll$mD{JaL-8#qlYm!fmH7Mb5QT{-xy|B~_*&vh6NMKJo1^ez#D z9>_P`en|p+VnTp7e{G?n6)DO7&qe&f2KAXcU%&D7wW|1DTiP!QoRo}TItS1OC>H1tnO}rw^;x5 ze2Beajj~O$+R1nby)uSPBM(#YzhAPM8p*A1B6qx)<5FwaL2j*fX&byI6Met{=fk-$ zi?n$pNXx73;2QDyt!v;<64HbaRp08~w2P1b1`J>zwP9zs_*!_&}} zwsc5$*Z*hc{`a;_*+A%Mdglv1m;ryUggkcpK15+ zMTmYPK<&$EhyQbefwBDeJ`wW3&j6>E{P*+!c@qh literal 173918 zcmZsC1yo$ivNp~D!8N$MyA1B`?hq`vyASS8a0wy7A-FriAq01Km%;ftSKhn-J#W_9 zYqwQZS9MqIZ`baLQc;pdM#M*ifPg@jm61?`fPlt;fPh>Ez`eH^w^!srKp+;`h>NSp zii?w~xHwwc*jYe8$V8>3!>g$4;trkr9+HuX9H@yo{?><}D~wpn{tluPp(TR}iC)k( z2yP%HhdPR8*6h)wtBa1L#gV8rHBOWiHN-_K3TZ{f>pcsw@8ocG4RCcid&_g(U;P3N z@ueRFpk_)3@%vu47mY<*Ps8m4G7lmv1k%@FvMI}24%pZNQsJP5_O~|wW~73Tfumkh z$Hs4O)zssgmUWOpA!zaYpXz4NgrX{}?1EX5AT+2j=Jmc%Wo{~gEW%`h0qc32{d~l^ zoA-QqdE*F3&d?BXZecXFI=vDQGW0Sz>ElWgZZh&{+}o~RejuwOcR6|aeNsOdQ-4b7 zpo>@`!B-aksKA+6T-!RGD6_m{i@A%lb_G#-+uJv9qPOMWYLeGh2jnrSls71%?UXK7 zV71@=17iuOfE+7gEAGJb6p6LX>#+&9m@if+qpRBOJY3z5d6-^#3bjf&9CmpvUx*8@ z85K~`^V3M(%*Qz7o1Lm?sSF5}x7Y_B`D9I#u5-p?0Gaz^sVeJXggnj$w20{Qle@kx z%sIz&XM#-EEH77?TOGQxrfXYkx=6RK53#W0W3;0-6*4Yd$LX%g$j523rFsmr0*T!N&9P66tq!pE^#C`YBKt00wjCPB7ix4NNKFwLrwgh<^ha&xR z`s0E70l6DrE6!@jnbf)%YT?kdG25qD#6f_0f~i>%YgA@hrk?`cH~g8{mY|l9)EYS!PWdNlUpd4WtAp+qPbPPi8#Zt}s zF6~Acj-C=l5M|LXwFSFHu_b_jfS`yV5M_dp*AExP9%YV^K^aadl=Mj^oRUY4QC4C} zs*KD%`7C8EY50?29TH!7j^vtD6-7RcFj-*gSGg=1b}GK)V=4wpeM(2U&TnY6{8(@n zd{hx?a(tpKO5RkGiNDiaQp{v4Q_2$gsklhF$Q0AKGf+~MQkavgGCCOr=|fYd(=HP? zf9(ttCiAgyC`hU{e0R{`cIUWdy@hg@z+ot-8BJA8XG#^MU#1aYrlGK+!X;~xs}ehl zT`2&{8ENOy<eUL93d=@JiH^ZC#A=C#jaH2I#1dwhP6ei_ zrFzge&K41mlxSOsX)4aj zYZkO>-?kqyaCvj#HhgNpXh3OTb1!R6;aBdEc&T_q$|8&tl`lz~ZnfFQr^jEzCyxuo z_s3Vy^2yrF%I3`GB(X(rIM74TqtY|f+g>_adR=N+LS9031Ms`$QsxTs3-YJ5`m`ps z>bvQ?OW$JMX8Q2?Ap0cT3_nghetgt?Y(lPqa|^`^^@rp6U@C6gN7;wicPv$t6o)=( zov-?4HfGi~@I0Uy10O3p_+i^_8*ZBn(;HJbMUlFax>~V8(OkhZ>n<~Z>nFE7mw?^f zl)>Q2kY9>-+k-xmI8viz*nqu!T}kP#&nWjOkCv2{LHUaoxZ=m$>zsZ?TSeEx!VW7Vcj`HuTe_ipI)&56}R#`(J^o?%fFsBPyW z*;HClI(=JoNR%c^J!d9CDRcsVf^naIzm!>znK0vX#{LIrDfVr^c0>7>@~MVJ_uu1d z_Lcgj0wb%V9o-$1;)4_`#VgxUrQfWItU~vjGaBactCbvMo2tP|=aAp%Q^qUID% zCdJ0YUBrFFeiSl@9g7QtTEgv7eetSDm=VvT3ncob{zxiFwMyeiqey*`s*G#JuOu9g zafs;|km%PKQeeE*Y4tsnsc^RoI9avu8P#HHYd7%rKDy#ypk>fuQ0h0`BHupR{-zsT zK|dz}kAlm-b{5GY>rzdn~&N2u>n3X3aFsuN5#iIAExl0I_FS zG+GRki>p@47~kYt(=OAskw0yZM5fVb$yRSw9~s&=`y3zb^X2ggSBh4fRv(Vc{#wlx zs86rG+u*l0d~U6})jPhPOR&3GQfW(SX0zCCP_)dB=IK}`Y-tfx=5iEYyYMtx=h~6q zL%N1<aTlbpFVk- zcwTs}tRA-iY}9GxE%oxsc&kds(32G%ep+SlFlK)D#+ry`>3XZ0vFZx@>bo@}-_p^P zk#mh^El$lc4Ts8{m7zsX*RIjmLFh7gL{z`mB=B}es1dw=nOnIWswt`kiH`^GmeZv2 zP5x0?S~*gA*PjbpI9u`0ZO3-UM@O1RO+4MmMd7s+wbBlR?!rrR)+=5$vYkIJ@OY{D z@3!`v^UsOFf@|&}0Y#TzCx%BXKf8(|{i$oUXy^LjUc=N{`Ib8Qqsk-VZqHaD;0Ir& zbL&>@%9m53{`mHIM=RF}B{xKV<6L!!BQwkPI$qh`11>#YZ3smVq8 z_zWfE#xB1j#22|^&Fpffj=7HU`HE^T@ZwE_K~u+?N8g#0?_2U~eD(y-Ca8i+wDCqtEs}l;E4|0FEWr4NM+o(gR^ZaCl`C@w z6*K(V?tj0|f{%+GZPq&xbj0RPXoJLXauOlBm+>KfO+%(u%wY8{X`IUHgrbUuIDGQLgtonzX-1dpd>fe z7gnBMGg{vcdt%G5?@Qk>UD{x()siMYzk^mS3msWYMMVhu_c8ziGQtJ|=Dh^@e&N4g z@Ax)390LCR{tj~?BnqJZ-3yIT0R8VWNV+8+u`LAXc za?*bcakCX9*HKg<6?b&8AmwIeWo9K8LL?<61-g8)1yF3?r8rm(oN`pSLR>D z|JnI3LLkdun*WC-{%Piaw7%O}2ocEgKWiq07>qOd1p-0@LRLal!wd2x7v98BI_)*V z=iDLLH%8t7W2kl}S1Ec1>8r@=Arh#Dk*nqg%_O5v*F=}pl#DVlQA+l_18h0ud~Vnw zfA{v3Tgo6joXj+we5^p;1$Ou%aJ}lQENq3rU9M{l85|@cLQ0B;1^~doKtcVZT0j7x zbhUGJ{rSqRd;M+CA!jL6+|XjtPSo=d(ql9AzX`gTB}mE0dXiI8UM9OZ(py`7+Q6L= zm5q&6juF)R(yp$>n(384$FsR_PaDL}{||xHWQkc>pCgEUzAI*PkE^MvjR|77-`;x6 zkT^Eg)m<62sYnx1QBvy-cfa0+I{Hu7v2*bAQ`#Z@?~MPgfQLAYR+WJbOXq!&;um&{ z81m__Q{NsR;mWIioX(KZP*G)3Q7&C<_EnM!S1VUz^S{IWe=GfO7CxxK5`3^m0S~)# zoUpQYg|PoU;4dSck)dHloo!;rqx_u#NJNFQ*Zlu8=s$V85kM+8uC3{o-F!kAv6qpP ztCM&sh%V>;VQ@md{Pj6n(UdOwR21(H{=X&O(ZjTUm!Z^CH4Pr;wJt+GSXV}rEaKwi zT#`n@S=2xGGih-5H{kZD4go4q|Nl!#N?Nl|QDZ0x#nK=2DtQ;>s`PVy-Dh%dLZ6hX zNOV`9!+t3^#ct`3>|N>ddF{~=K3L_XDzOGYjAUh3?S9*QdW-pg%*PU@v0UcU*V4t4 zl=u{k%c_p&BmKFlg#)U5wBd|u0}C2ro>3u>XGY(nMO?v~D2zH<>}(&?o|dvQdi{Fq zBy1d+B841Fb~cx)`Jdw<cfTDT+_=acEI3EG!x=$MN4j)gn)v&sXQG?tLCkrb^GwKJM~;WM##D zBw_y)IUT5-nw4k7kc0c58~m^JII#Uoi4$Sd91FRNfX&_c${#;k+<`l?8nUKdTZj9n zGuj4r+h78F0{KzF2q;uZZ%GT=xW&1Y)`#7e{k)%({%5Y-zIS#{cTHWV(fz1__u>SC zKJ|{$x(|CiT{h=kZ=I|D;MGo{fo#W48=h6S6n}8rdc(YN;A+6jvGEi8ngKr5cDeCO z85kECmI{jOZAkdFw&QNewyL0JVKCt7)JphqI)PC=FQeN3)YfCod;fuCNSev$V}OAtBuRLh><+ z;n1mP;C;-?W~0DqE_i?GVSlXA&70k439X-C_rdFGn8toE_9OGgHe2^LtNW3Lc+Yor zBdMPl9oiK-o6+6!EFC);zDGYwSA2uvHzx$n>k|T>w>_5an-))-)*WU_m7AoAz56HQ z2Bm}p@B2vFCyif@w5vcX&O=1Z2kSn^l~wI%BLfX82HXxS*4O)!o-DA4fVIS>CB5?R z-_fKLU;X>SkzaE=AA}s&fWoMf-*|vr(+ho8{~fDLw8^G^NRxkAiG+Ny`?Z1Ldoye$ zKtuv{2k*My78D!yx;wvCudd8Lhmy%Yz2@&&Rh>@cIB;HH+)M;mmd{{z4}M9>fBwn< zIVt?so*VFZ=&@iLvB=c4VitqT;(-cHrVQe$eLML%=@GWE;yQVIL8Uci`SJYu*^hwh zbE@Hcm=K!S*^&Wul7)eB#x}8V0;?U?%a|S+i@4E?YR!l2yw-ucnQ4w zncpBy;{S)9fnilXWPfx0^>lqjytg6nVboa9$S5yDzt9?l^WS@QfdK7biX!Q2d(g@X zVcV8^e$BqI&+J^~`of`sDuxR6y+pHvon4*qichIx9_w0F=Lxwtx|-n1j~NvH1<}Cs z_Um|GQflQqyT4-W%Vk1feO4Aefp9>(7T(qI{0CtrG+Me6Hc0OKM(U9J#s^ZPY%}#}J1UyPcsc!4BMQoO1cwJgT`rl8BRqxb$9l8kY_L~D+ zys~K;mZL=C(c**Na?kySh<#7ko;E^J4VX#OlE^&2j_u$Z#C2gB@Z@-W1K5Z3P$3Bcb^`CPVI`Atkj=&`F{J5>&*-rs!9QN%>PPGrUIHx-PwmZm(}!q-auGOPijy47mHMjmFt zOzop*Lm>$GZt}cpk%_(n(a>iNAj%HS1~zFs!e)+y9mp3e_X~%W&;1NtY0j1y@WqL6 z1V%Gogyv9H!k%bF{s9>nfE(K|d9AR74G6?&6PzGW(^t&7&rVewt z3}f-@k%}igd_bY4-%<73CRk_fjYE4z2!8yX(Ye#L?hiHuV;OiXT6nyN##S}7+fnD# zloCdU;b||zgN$dyG9VjqaubbW)+dm{G>;M7T+#i*WZ)SeJ}rtD&04^dy|xA~>cIAI zc^1vyM+mT#iePlO7$#N};N{}u{~r`;O34#RMZK@H+>cMklnrc-dHR#f5G1qe-e3eg z=1lXBRl+>QwBD5T+h@cWW=-ACjWw+24g8~4{YFo@9be7BN|aPoO9x35Cv(}a@^W%U z5v!Yq-Pu7kio&XO9Lq&$42_pWWF!et$mj5BX#l$DiA}u5%OTIZLSDBWvd!o3s1v2e z@o|rPDeEAbX_D*?cP9Om)xv34ytoJGE ztA)}~s8GkESR=(wb2c=?4669@v<{khI`jC(;s!AR*0{Yc!gLr-YtGde)wm7x5YEz` zkJw~w6ru#8IbGie0*_P-j|Kcq@%(t4)PX8UL2%Eo!79Y&u0+}1?titNQMN**<5k_e-KD6Os z+4S7p+0vPBgtk6fWA0EVjkdGQ^}qM-U)cEM z6;PiVxN0ZciRgB8CcMSk``?on5i!Z2m@1NS^C!&C=2_hPwzsgZWaP>W=_ny(02uhV;mT3$x34zv?*>ty%Yn*G&7>b+hA^RcPm;eRkZ2}KaF+PxGrm1T8x z&R(+UN7g2Ie7 zd`dii+DI-c1grI9FY7V4O6F@ko=Ir6K+|N<2cmzP)E@)VJIi*zs-`upTp;&#ZxC*(KBqndom75nQdD~7r{5WSTrc^i=bxym*%+ahI!@m^Q#-!EgU2*DD%HNRtG z7~MtkXr#cO>_A&$=L~E5cH<4m!E0ccekY}WY`cXpz)cppDyzBhF^_E>m*$_dDK`~~ zWLFNm*>$7(Xw>wx8(=IEz8^2&Km6~60$>8fzx%OmCY8^ui850Vrge^{!X9QHaPnEe1Qot|HMcP6<~+`x=uqhQ6Gly_&3U z7R_R=_jijprrHtj(NOYfCeFT|f7)W7G%+!A!)Tj|N7xRTfT7K8x?U8Pd#f&CvG?sU z+g|O;LrtnIu6gUL4za|qumgk6n|Wdm|u5*fT>X^{ z@PhFfra)h}nD10yt6o=4v0GJl)K}NcMdmfl(i}HlY)Dxqp$Z9u`uU?uH4yprOHRH; z>d$C1m*xDrzApE1>$G`^frl(S3vGhig$_Ec%=69=1~Q}7gW_Ag=@nTGjX+sl8?|3p zE!dph-bKO+L2E!17*733EYIRa6-#hNHocPU!l+P)TkXu?9eNF(=k zar7MS?vsRuT9pX$ROFl*g(n9#a!(ghPm`vlhc)ghezZY89<4ko#@1?c%l#l5TCw#) zRVfYL8QmM)!$YP5L*Xxtho$njQJB+{-sfGoYsbx5W=ROYE6D78Ts8NqL=z5upCX;ajbw zar1C`z_xPZ#*y*Tqp+}j_RSPnGW1uf@M~k`%S*8uEh(O%9XX)kT5IW1Ag^KX3ZJ3l zjZ5Em6thxJ7T4EC@WYnQ?U6J$xPriLdOz^EAK9!$SHfYI<@_hA(nFPI=dqRCb*;MeM`j$f z1!owHTnAKedJppPq&)WWiS3f-KR(FWq~_59^OlVdGCb%J#d;=d(h)vys~Fe^gp=3|`8O zwhdP@=r4O3nt*E-&jjg?HQu-{5|eYim3fs{rE3j*Kf7!h0;>#2m?oAx$x>2fg>)W% z`lbn#y$~t?yybkE0w{LvZF_E8aO|O7M1BXWxAMa98T_ zxSU_IE@U_B$Z~d*$t}PcG00`ncr+N;%sy>td|#_fF;z~CQ2%_hC6;}$sw_t$Q$rh! z51OtwB_Dlz{;FRcZsb*;*1YY zk(Y={tbT$FxtJX(PvJBD-eba$pTBK{kclh-?Wj02NN-DDUH9kJJKZ34TPuF=$VXn~ z%|PHNzs2tNT{u^XknmnkYRabh0Qt0xOUVRT7nN);1g}Gxqmvl)1ReCXKO0@uB4Yxk zxix)xV`>1OgGHHf?b@Zx$f%nwV2JaFGV4a3DeMk0?_Dp1Wghp}U(R+qhL&k86StS& zuy#kblaHoc4FNYK%qgHe3E!`ChS*OjjXVe5+gZbl_^y^^>+|30=xJhqAl7bo zl0$H6|Iz6iiNklS5{5=-4II~OcqQa8&QHO!45^5(eHb_+xmHY38}nxfyfOr%)#g8u z=!uwAONi9xVtZImOO!&MkrVAvbt8q_)C8Eq}# zh8RpZiTF$>350zd%prpQXqd^dy~jT#GuRmB$z{D#R#PIx&GYLTbMj4M^7DRmvXju{ zl`?P5saS36TM23hnUL;||0VEi0$pu#px|ot%y+h`*Ym(;69d0f8@4q{dCxxj>19Y* ze9zW|Q9&?24?gbGrBip;aLEdcVuW$bw@@lz-{h?8M!URUMml$W*XycX8hi6Bi&61N zGFN($c}oOd9)`sq&_vsQ--A=A^&6Zp^VMrV1C+tfz14xO7x79tIEDCeQcnFie?@jQ z?mqRK;f@XO&lNax__%(IAM;9&T?v~@4}@mm{El?GgzY@@Dz7&bFO1G~tMW+p&R=@+ zwQSasISvx`Tb~cXjGBJ9Yp`#dym|6_=j-l{UmQn7Omiv&K*sNJRB!2faO-*K%g3Bg;t%ZEvyMRm&?6$UI?H@(~T7-{3Z4#vm3f)1?RV|qGu?S9cce0i)gA2F5fJ^9k z^n2)Lm^4|C`%%Sme0N^8UIw8?r?}GBFSMH^L@J()ecIFHd>yB_yr;>^#Jl{10iKPO zkJW+wc#!>4y>~SPLKfI{LKQ6!=(uQnIFRi->l5`yJh*zR(hM)K#uVekV#^wOhcIT% z6QP?MwL!s!Fa^9fZ5y;S1=;k+cH8SlE|z~NE$7d-rI+}yT!X1rn*hw;r^fn^3R@Wqd+XUe0QkXu zs#MtnDvoF92@7*v_>h!=_tr%JwWCXC?GnDZPOmiDOb0LK?e>GY%>zFh?O?NPh*Vz1 z&oAoIdT}-3WS=H;_9wr2;=RAFpD+RH6G>vFraFD5YxQ)C9#BqY(}L=C>m$LHKAWHQ zt68-=X-p|q^q&?8v}iV2`(QhaU?guUo&8HHA95=y9hsfTK9KoLSt&X9Ao)a357>0A z&6}>bP1T{|AG;;1n*3Vy0wbmS|MCjurm)*R?ug(PD;_2B9fj9-dqtnH8;kLD$-dL<{0r(`eH)BBFp~%*j4Lknts~h67CYew2&n_d;}VFrFP|L zr8}Nu(YVKh+5@%HJ@=L}q&Em6bI`0ZW=yE`_!^Ue6?n!OXP?XJ+b^}|l{Rx%vfesg zSDJA9I`?`R#q_K^SYS4NhkVso#8{cE#=1q5;R=haHWHsowx@Sh^3xoS%s$+sc+9k4 zmS{z}-KogF`N^Arl0PA+YwufxztNa^(7kJ3ZytKP`5>8hK_EG5ILIlla;1+(FA!ms z>zoNE(5t&Tsvr(c_@)i_C}(_v=RQs)m(Lq?i}{*Xch}d&a}=;E`w%?er(U?+GNk0( zu8Mex-=ZoXUayGJxy(79;QS|Y^0w<9Z>aXJ54*P}b67su$MD*x=TK;VQ03Q)!OcMS z3m<1(z9$5+=5_E0k^F=BmyyIv$J^>NurrrT5@X;E(|!zX@Gq87A>XoVIxU|`A?tb| ze_+hVUwVUiTo$0&;mBVk;WG_y;7no6jo)u?L{_(3CA*XDG_Z{0X;F~cIR~zG2HJZ` z1bp!4`^3maj9wFLiD`bXoGkkZqBtcuunq@J%rz%A#V@N{LNJm=<1@9BuLmzv)E&>M zP?UEK&y}#1fwMl{f>Ih!rtAbeOUzS!0vpZHFV!ZG0gY#ep5~XJ)pjB@5k@(OVd^{d zGP)Q%7LyJ$XLFd6IriH+{NxJkj7%)RRG2_&sdGu|aUvHFd;99>oH0C zu+nvJX`MYtiiT4(D?C=@NAd5H-gs9HuB*NEQc#~inTpBcKhL`6;%PPkE-zU{zmt(R zJAOghROgFORsmWwI`D>zHbg$@a_hX%jF78d?)WO{v;^eA9QPP&!ZO{eS2}U5%mL;I zkMV}1LANDpu@%ohz&Vf~I?sSKWg99FN5Jy;ldG7Ldn%>J8T9q=NW`&JZy;zt2jo@~ z9WJ>}zjUl9H>*ZX{tRdHT72@b_@^4tGbaELCn>;efmRuLbZ&G;jSkj1nJVVch2^3^ z0@+bwR^FA#DjcX@N_cYL$7m`=aOSr*6w=GPQHQz09;Rutnx9`+bdB0Xw$8hrU#LfC zVkb|+)*T*jy{$z`WtJPs9{mw7gb5iIab-pC+k?0@e2g=>L8=^Ek6LO;=EVvHjow7z z_Djx%@;iDF6RB@!7-!0N9BZ;@5;7fqy=i9ZI7QGeJD10{RAbg#Sw=o**vx5P$MZvD zK9-oQ*>HRwVz|<(_Q(o{nE#rC41~Ho))u*D`?W*Fp$i8(WK*t&k$xOtAN33W^*sdM zbu~ZFiDGJ_I)A?&kWeF=I8YFl1hb_1dXRnA5IG$~Ests61AxsfpL;H}y-36s?i`Jy z7Vi&abs>Rfx9;uyn2w>2o?X_65t;+SCVJZor+g^-NxuzkF{Yd;LSAhXzHhE0qx|*aVtoa@%6&QwsjAI(Xz3=0 z!x3B{LXoQyK=4u*Ullw@II-nd=jt>r_^@zX6w{9bu;r=)t|ZNpq`K*Z?T~7#|22pUBExR6%`13Inz#29D1*9{)@7(f|`OpX>x zQcdULn+V_|ZuD$cHu2@XCO|zL0EIlZBFW4EOHo5QP;=<8DZ!YyoYVVTo#re0G1l3RC6Kr7 zLd05|)&U1h*JWCOW)e>ZialkeR#w8D8{_$+!r(7e`8@2|pEU0U=uvO5r!aV-^9ijt(9Wd)f`!#!2Q2_DiT*eGdL9yN|{;MeFvitDuyM+?| znGs%Z8^HWR1$Ogi6IHA9HS&8Jy^0({QF)TCrl=3BJ^PKkJW<7ndRw%(qQ`%_=-&T; zsIU|ix+C{Rx_e*&;&cR$VTola{sQ}aQ4+1n=ahnHqrgkV@!~7FwYahDpK*Stuhxeq z-t;?P(2%=Tf=Y21Sj31-GXNeo6ma~=F%`Sh1{^e~o{%U$VJdh(|5)+mhEbbp-c4am z3ybL&1an#wjGz-=roA<&y45WWX_A(NdQYRSAz1HDIT|0-XBnUZ$uHspaK~Is-5yZS zE-u-mbS%;bL&-+_e2YcJmK(o%c^#-QyrrPS^GC2Mit&+ES1Q8sq(U<;fhOJNR039t znKtoQAjqUa&&kXCUZyp{{fMFTlGq!fdejLu47f|$47>0`JQp*ik&bs@zGMcO(7cQ_ za2fDdlYnus@fLy%8Y(DbtJYelbxr(Ny8oL;(@Ed;LAAs5=gV-_ta?d>CMJWjlf6AJ&y zcLkE}oN_w+@!A~_>lC3T?TXqD^9*(3jql?~_r1T@iH})R^|G5lfAXb-bnTJBxyGV1 zV5koYLR+AU1|bEzOmF@kEK-I=P3TLJZ@w)#9Xu6fWl~q5*7|N>vjgH54I&%i^Dzb9 zsj?Id-N$rOF?6N^AsO+|IO-h$iie@qqsg6OwSn+0w?37qNGP#=lQR!F@JTmDq?~FRz(!S&ocqTd z1X57zvC5P8A`t=TPr7YWu*^`miJBauKjR67#IMQeOZQ$pC>=@$wY5uif4k`w-oYnN zN2Q9uLAiKX99*pM+d3^L-AwjgZdawH3NGQV5Z!o}%wLa|pqcsRqV&dn5o<9hN*!Tr zQ)wzB*_v$R8&C`pA%1DfU|8xTmd@Wg-UwQVP1Z?>9S5w$aR8`6a;@$*hD~6t4JDyAN*B2hRV1SS7rX9zU^Vj458v= za>eSthsgyhS>RRG!cy6bh zGNtZvx2aX))a`3}7~gn@4scmYB26(@(SkG%v`gSib4_pw*m<|fn`W@&6?_(d$JuWbW{ z2q?jkJJ*0$yCp~rD(%L+_(0l?(rVd=w98yGoE1Aj_!{OEQKJ;n# z1KDImjB`*yV9W{L+vDH2xWK}138IzolFuY~Fan(8g&)A1a_P5xnzDJk5r*-*JO85Qq`j~xkJ!l&@ zv|{tU3f2hkDSAS1?A$&sj|_-DJHkQvDf4N9&j9)vVb=`hVQU*pzvn0P>ji?al)sB3 z0FoKF&l;%3usa+cNKR3JN19DzmaD=>m;&zE;Wo(ug3{dP|Q^6qpI)g8+q=b)^@>>MC` z2{`cI@ZR{cqX(2ecJLpez`7bz04H+p%Nk_3x&g2EayN)K!#?Y%pUv;TqSc`o?>+2z z)2z@pGARYGu-{zRlSmXOVPjEtj^`S%(7T~QkR+Ai6BBq#NzAvTfkx|2?jb+eUWK*y+^ z9?hm76fHpr?2!a!qGq+JbAQ+vQFJ0N$RIS+{?V*KFM-_r45R!U;?(9Y&Ei)y2&F1I z9i(zy)E9)0O`*?ZHo`rax@Oj)$B-ae<|5-%+iOQ!#CAd`L<5Yak}?pH-=B#Xl$k9* zIW&*;LpC#2-}&K875!qM4+C|K%q(kFFukI;hkgq^vk+_Xp4YM!n&V9+gc#Nmdum2tb!ez1$3=OAFDa z@C*#kln+Zzbv89Oy=-yKaq<}BOYr@1{mVY+Fhn&MN9>c5I97ZrmpfLs&R&jb9!1}a zb4;w64+4Y9SpOhSphIINb|2{(pZv&yPnce+->!ita^H^X4t<{Q`Z+ELzntQ7nz9#j zG}d;RZF}*K?Xw-woM{p%k7~>6(sDx+fr+$6o19b>1~ypYXlxUjOH!7$9o~nATTWy& zC9HXCRk9O;2#PqWPMn2*u1>NEA#k;D&rPvKRe89zx~>k+9?PB-wcw^xdj&e1Jh)mb z9NA^NX2E=z3XI6Y00)U%h88Wkj<02YSbc-05=|{q`q{!DgxH+W*=O{Lx%C(hYdj3d z`vDJ-y2Dlfo0~?@`KJ323d*}|U$0V40hoS%Vq>1uXmTTV-!CJMf)9s+@y!O%2uc^T zMW735+HxL>R)#GkM`)Zn;KE00k9ZE<6mIQDX1~CSr6D-?pNi~gex#M<`QT&WsM##pDMXde%lSzMet=a<~Z2~Q$gWb*3 z_kD4M{V^`ZyysV35~A%(AIt6!6hz>D?~YVNAT4Ox+pBgjKNB$lLLd*`6h8cwfbn+z z%I-d(X4Y{v9&i1|e`(K8Pm1G`uN?^*YfeIjsaJ3kxJGtQx`rd1FT^P{7#FdEO=8-| z=9QsB%3HN}I`GO^T%U|2P6^wd#!B}o`kUQNEXltcmhsfJPilmL}0gx8c$ zrx0Ju?gmdbvX}!J9jbzhQmCij%Nq!kg@IszfvFZ@yG28TAz%{;YC3wK~a}ocM#KDGzHFDbfQh zw=@_F7#1%n%68EvfUR?ATq@cXWkCuc3yl*nb6F8GLhtYlqLX(z%;sL`51&C=PL5Ak#HO&{nkNO#>nsgpAwsr$kX!K{d zSK+{ve{U$8PtVVS@rNyfv22V@E_#GmHSv3Va|^}`!!xRIX^o z6wm72prg1Ag!SSY1in}eP>5$RkzYKbf=OD5ldu;~G?yHj(MvEEipXNrebYTXaaJ7- zmTut%YheD31E|rHR78eml7us8-$%c)zW&eN*cWpS%dwhNtZ8Y4v~2D7!|m&Dui(@9 zuGibfiCceU3}$1Yrzfp4m&!BhPvup7S4ZlG_r~6n*Xc30X~FfZu)?Y=66TT(TAW1Z z!rIT82pV;X94lBIU!VM6FuC7KJ$)lbrsU(npNVaW{bpe`g+<>|Wgz+P=c*-ymjj|j z*@zi=0M%#+Z}QzlG@|;;xop-77IHd${Nf>Ou_=g{6agM#U2bRO^R;M?TE~37HG7!3 z%7K+~sZzlvYtdl=LqHOr!{(~N{(N7_ev!kJL9fW!{-d*Hy$cu5nu)%walR^%63x0|hE#-5re=sg|0gp5(lp74z)Zo`z?p~3RkKZ?gIdXLV>@fBjK z**f9P-Lo1BN-Y&ARC z*aEAA;rI52t{7_#=eIjAV;`UlR-ohJga{owrNLqupLlQ3bz`1Qt$g24P^^A{Jotb; z#|lFV^7ym&c0%m?Mi6MdnnoUM@rSE)x#+E99XouE$l18SG*n5Te|@zfq5bR}^?WfA zDZY`u;!sT}+}NY2(*K!Bn>)wo;F%NQ_@~i*i-pN_c$NF_92DylO8A*)mFaXHJf$0l z7-Csg%hH+GuC5(E6~Km$(GNAyEq?2O07|73eh6C0o*U@&+2d+fEMc~ghU%EeGb^H( ztQ9KPz65?sz#0u1zaQRDWc=_;EMWlCsri|b@zOL=y!)e+@$|w$%%zV`66y%p`#v#X z(AoeAHNP3cWiF{Y=FBo%C#973yZHL{CG;H z6Du26yG8ZG&$Pz@ zlvi|laeu+uVEX087kU-EPjUA_@(RvhKzR>%0S$5Xaeu}wi+@gd2|aYO)@%Z=dqWa% z8qYK2ip+K4wpL_*A<=Da@NLSy$hl=-9GvZ{f6fD*&Tqk48*m->xA{o(oc$0)@Z#dw zf|JQ1lH8tQ92kMC?+lyC7uKjvD&jypQkWs{;61^gy$}M6baK{q-uTzaQFabZrLLdQ zzV(Kvj8!6x8bn-1-NALw+Uk(-g{ni>#G;guljhDv)MZjPUv0M96=Yw#n@&mZwuV5a zM$tLqL*5nUKkyJQi=deWMYB2?h0(BH=uTVh;oCo{Zc8e}K2@H+eirD7Mv3;PuTvqc zHIG|0UTKVYs{VT7;V%v-n(JxE?N*25eyyp;AuqW$Ay$?DbBAXd*I56%Y5~q2Q*aN<^5?Ik-1A2p23>X%PPY^R%t|-gHSXl6 zGECX}wkAvkJ}}V{n>St>t9{NsmK<{Nd)n_C>V^C)G}P?7X_T~3b@6^= z_*{&XddBWOV>i2dr4rk&wwt3}c9bP%$sYb=BZRTeme^|+HqG9nCO3B~121kdYoc)< zo^46ks6H^M?52I^92_*Ne6yq0_2H(0;uR7(s`$sH_}0?ty7PhEpMoU71QAzi?mf=s z4=;Y)(}dFEY3|aOQ)^tK#rrwk{0aD_X|W0O*WpvP1-Li)$bD2M-0(BCF(_2%7F(Sz zfnF~BeeR(J7nP?=YRX}G7Dtp81Q53BW4pv`S&^iDi;*wCqBcU^j`X;5{B}Yo5%G6d zfpm%uB>nZ#J23TNOrt?Wz%pUVQfESA*LFgjpzw5Llb_3&Ry$!>DMgRbq>1lyQQp!d z4c)5|hr=*`<+f<4Y5+hL!fS`WUF(nY{Yoj?fuUp((v;?eE{^_J8J2SWYIhWe6OERu zUtgSJ9B>~G56Rkj`xDj7W|@e6oDDWkpwv$exxiW1Un@)v={xs0b(y{bdcDXhSV!Mc z=3fWKd|^H@mZ>iME?O5ddC_QGyzU$MZ1)2dNj<+;>Ps&NWUwqCxh^f5)+~y3~6AS3)G(!jJdVsn{U{ ziC&j(ir}KdX|bc%MDK;XQjH4}vp8(R9lp!|qv@Q&GwHf^8{4*R+qP|XY}-l4PRH!n zww-j$j&0l7Pru*4PwT3K;;LG6-D6C)S%dGGrU!#-Pr?%=Fmf%@r=WMd5-g-u3J?~u zvA68CB+=#5g2HC3*kzj>q8NlM^ohhWC7inxs0=CPBwBP!cOBTKfKs7L4M!1#w}vpE zzrRlGmpHeeMM_MJv2-sHaG#XH+$%_gsZhrSh88jM{L5my&de<6%w_)QRt`@Vz6?%Z zi8rDp;rpasv_{EBy&zaO8(Pv7=#LaOR6i%s!-_dAJ2x#6X5a+gwfj&YTNY5=n^5&KL=kt$V=}@MalYUX)deDd z7O|}tViyx{s`|H-@L^c1jp3c+G!Jbm`toD0O(2%}Hpk{2tBJnZ+>j5V$ME}N8OzeQ zJoDH-GRRSJzWbo(;nby0(g?}t$qQwF8=MP6fiVD~xpDMbgclC1Q?PaI!tWm8_Uk5l zw&jtbE}pZv(Ie=6TtJ{x4AE6SZeM%n^O^->79p0q5Hcq6nYZ2C_fHWcZrV--IBoSo z)u109e>+AvDU8uhtb6c6vcdp&CnE@7O2MT*RH#pf$L5Sdy8JZ_ib-hot?N3LUQPuc z-PhD7LD8AC=tQF9)%dFk9RcRpD|7DFnrcY;g<_t886zV->L8_XxdSd-M}S0!zQ+ZX zZb$u=fv%nvc9a93iCk`XQ{4c~dFJKpT>Amd-^pmTJ9W5^n>jCz0K4jHy4u#cPgdKB z9lFlrsYeDiIfA6ifr)q8RM*@L6AQxCZF_HpSCUMN-YPR*PqP|+fzm~E)F=K|F_p6*r$lrU%TEEQ*H8_{`Mm}rL) zure=ul>zm&vR?YXN*1*(Mvi1ymec41J4mrv5ERG|u**x{f<l65McvGKVTv7z#tTxjS?8(rgJ#@uKa9rmNQ(yu${&mew?NX7EnS z5us5OI2e{>yR{oULQt&iYM(k^)0}P+IIJ0E)B7;tcGJGLNLRml@Q}d=JUSGJ9fCn3 z-I<`XqVx36FktV$owO!c*|zB+y>t-6-o4f*ZS<(~D&Fa! zE~YTx7_yoBaDp92acqHLuR=72RuA@2ye`ZhYS3w<1nvo zzwU{Parn&$g_Mqp}q*_+#YC*c?S6Mh;MZD%dGO<}q! z0{(#excXlD@@25_=r)wa1hv%d0MD1%X9K!B(3sywruv@CaL&vKjKsw(xcMKWDPV$u z{~NW1jN(P|Jt{b?CPW1UCg1Q`htJf-jU{oS#Jrsn={ql>*KhuG8UT}?FBH43bh!x#{$-n^yGMd5yL8|&%3sJvf^D= z!YlOijgMPeG{=8j=r-IQ<$iNf4CXkwS!L&9bhnHi=6DJ*Z;n$6vm-xMtzO zxa@7R@$08iv+bGnQb`-Zz{-F5WdNv24ALpSRMH&ZZG}!q7fH_W>`3B|Bd42W+q{gH z&u8sB7#p7-`xuK9*kdnEgD)GRNHXR?8`aADz84?+J>9$qD`MAOD_*$U=T86C<=*N2 zXz|WG?6H;OcRM-~P}=*_Zrjahlz?UBcDvK+8$VhTvbny6=Cjf2CpT%35<9K)?t>Aa z_wIMwyWi`g@S)eTwIVqq-09WaYoFEL#M?5}^Fnyp(|XPNY{E{<)XC~ zTZkFZq6*?&e>|)Hf27655!8c@B`R|b!Er}4rCc_%h~R)=fl|=uh3r#zR9_b(YLMLKk)9A8GNx4B}}kjTH}Tf4)R}WCi|K=rmY$6O-X*V9m-* zDo?vq`h4~xYVlvx8~}j4LtUsxf!!nkc@M`J6D$NgciJ=++j**8i(+~IkGSY02r>>k zO`C%0u7}GoAXM5qNYvnJSd|F4im^*O-TF@Jn8#Gm7mcCR2kh_i z8wQlG+yqSRBa?}0A?kkq0{XK=YqWkp{DlJX%n` zzMop;=Hm#@y3(elDC~R{nc!6Ni?Q)9e1nVeZx_uKt(qugIl|m?aV#njVPW_v=dRYm zwP^i6D#%bZ+QlGH`|Jc!2ui-7qPQ!16@}QeYH*=?nJ(%=dz>>>59f%Q%z=AdYP}Sr z2L7Iro7K0ri=J=CzdebOnTR5;JoS@BP+}rTkQ&vnfZ(8bk1|8ppGMWQ1C=^W)h>cb z@X-eHe~$iLFc~KA3nW3OT|yj|TQe0R1RQ5~J~);h4V;0BaRfIFK~j+k7~ovSn#I7y z{=W+V3JZ@kdqtDIB2XL-6vnuV29E0IfG5?H&@QwAd{hV>=21*9KZGdkf~}PQMW&JC zU*ll|I&e5D6UT#9zW32}Ts>n!1uUi~?t#FGKs5b)D)85={X=ZL!X5$}>Rgfj_?0v@ z9C4yPpbZCq0S!y@@R3HHVO**o^AMm@rDTFj;h5$xUH#`tgAji!X)bPpn8p-joj(A( z$74Xm+~cDw79{N{zaPG`dp(UngGTl8-CRM85)I^7)JlmfQuQG7LyA6J2+JCvEgRi@ zhxTu)pM)KwbWwra#E9ovnXqn5x_O6VR>vDVrf!A#JX|;_dQni5h~C07y(|`l_!u0BK*cE5(6MElLbBe`+ zsNds6hUi)_>Qc%zUrUut^E5_hBC<`b7u*i+AC7=);0z-V^I=g3`UyghmQ`>A^&AmQ zi)I`YNz*oVvZtH*Lvp~arAx2g}BuMe+$ElYfV-B(Pna0n0GuViLbS5!CEnLr=|bV`mC%ANoBIzu}{~CQ;mkb zZNG6XE>;U7;F5P-PhGv*$%o5`@$TV;VTxmE^r4(TBJO}>g;z`J5rtRcmjtkQ-}?q9 z-OnY}{IgKjFZMY>ptq?P(x1%2aT ze$6t1l>H)dIE73bbK{P`bt4Q(^SY9OOaJ|~t;)2MfqYQ?%=kvY4|!q6u<3=srP1oz zIuz(Z+9St5bIvd-WOR#Q|E<5O;_vhRkbmz{u#VN1SWG(;^!HrF2y(oQStd&P;ZLB` zdy8svbv?-;=F$4ec5b))kKsW?;5$LeFdPntV1gew2WgP&)hciE4csk_$pPoEYCl}1 z|2WUh5$iQJ^o(QJRW%QWAFm(BW9<&L6q)`Vc^ogNnviLBh~lQFkG2ZV!6$6_AN;k6 z9u!8?40}IlvdJE`=EG{0hEi|T5AuG<7+{4c_)$l%*EYL~v7PI6guTzm&HdND_tU-e zAW8OOA@8fn+{{c$$*wYeD6h4$cd*E)FQYuig&HhxT1WBOZj1%7m;n?TjCvN?@y;BhKauio^<;82*VH=Y<&|Q2a>PhQi z`P!ZAx6NjWHE_X~q~hNapU%RluOPZ2pf~(H7rfXWcH(`r_Ze*LEZDe~^dB zUbLCUH;N+gFTSCpyN%PR7qFw*jz_HHlQ9&3`#F_&_m)^^0U?YjG{YiL)q7~DuXdb; zUq0a?{Bw~!*@JOR{^=}NDB#i}cQ-K&J040QNZemmHfbK2*tD*;+FWQgJUc(X1OUKw z0iP=Y&Hro?qM{*mr*_?)x1>V->AW5_|2Y@3>^sK&0TP0>amu`lU4`4x%P|kS`zzAb z_Esm!aJ*^w|3Jd-I3Q!|P$PTV6jw>cHM{AsO>$v#Wn8m(J>&i zstGTj+@^%_w@_S@WW@c0h~D!MQE8=CLGIK>mWJ<%MK$u=M`b)puIog9eOtyV^yZhxZ)0--XL2mG+0?L?Ik_Y*<5 zSUi}4d<=S>gX1_X<^c-%%!A|0lNadZwuc>J4br!ORv7ym?Ei7BtC+|}wInQEl;2lJ1%C9t3^URR3iirw zMLvDHA9L2^R{lUp9xa?F$gWfm_6VHIZ%Uv7gg4l73(=!ZqlSJcrW?B*Ko4sZ7*067 zZR0wX`GPmDTG)1SbmIMyk2lfhj&MngH(fV*)jG9E zxp|N#CzoHISgRLkGmuj#aCp1(j|^JU=Cc?Ztit$AOoGx5;>2k*>@*iVF6^4cJf33; zZt(lX0bk-?jzL3L{S$bJC*9KB_NN41Y;$EVH|JM&+BHuOODgv}{FY4lQOxWU8yH%M zfwEn+|9fDfR(AHUrD5nHLCM?gPR9;|-}9P+i}%U4po+OQrF7oY9gg;$qEz1W*Jk$aP8arU5H7@O-hXHk%##5>BiB^#hyK-A9Q&==sZfuPnpmp(34Tanov$e>mx1G2ys3B!XyHrV6!sSzA+&sHwUB z#ghvedEsAytppunr^c(LOhM68vBs6#16j@jq>ioRk7bxzBOexnUU897O@ocv>{rK! zuO{5LFB%3llv^(9qIODBJyUNhc>J=Rl@+?s``ypM_gPbnLH(;_k{$&=9eTTyVGIEB zX^Y4tO?h8gq$M#HG}aQ9Fw9Wnt-64rA=b_py>B~~A1dN*-rIM09{uQ+oFNF%_aNw0 z@EIvXy6@-RJVdtEX&=qD4E5f3=*v#Vvd zfkQ7`Ak&mUGxj+S{rn#y>LCe)XlE!f%=B%bN(OMnUUK%n##U=Lj-*1-DUr>|=Lu}m zE1a*?{>m<%Ks2FJyW|2m8ZL)14PE2GvK~GEXMfDTu?hpq`0wH*uy2$2Z*6f5KkY zBg)W=7I#WKO)6!y!4%1$i3mt1KcZa4E4Q=Bcz0JhJ3t~#J~Azk9kH&uo?H;7<{W5L5>w(~$mSl)P484THqE*KvMcq)i<%fkBsg)|R%b-V5T}Vc zR3I=$?G2FT3`b^k9S+#`$Fw2z+r;>|%cHSt_lrJ$@>y?}WTOeS_*A{t8hpE34cjNA z_=EXz#A=Oy8UN(ws<$Y)!3;eCJeI?@;rvXvTaY+cvw7Ai9xtb)WoYvD1U`$8&l@EM zQZr^?i3JKJxq)0O;SnB0B20kyfNKsEKXkTKc{zgX@Nhkf=Moc9QD}sQh6XT-3|_pQ z*S0oJ^Guc~+pKJ7U;A1)%m!zvNKMQsC?ay z9Am6+G%pGKvID%m|6{`W!GUFZN!CXiZ?*`0YN=3|5&{09zyEwz8j4`d4NOVbzQ??| zpvcrHpb&6%wf>Kl(?b6|8_z~nI^z0v+E=u+mp$)SjjS_#3vbWY*BCXqa_LN2{tY6j z2PGagct1S^8y$=E1x(BIJ&htazm{c4)2b-pohoIP=|rLmQT!LbrqXs4GP+mPXK;YC zdHM!nZ7vw^FqGDDXjg+8jtJTKMyrkSe6p=mdW(4mQ!aQc#o|^dN)T>;C)qxW@m1-p zF6vIpsNz3yoxe(|C_p(3bOs&=Wlj}An&HTR6C+Z}(Is$_Y@!FY-?0!mDjB|QSbldh5;r6~tpAaGybhdZvB5bBcqVO_;g}q7W`M5`FKZUR!Ip zX`%kZu>E&+fX<9V01%|il&Yt+saG?+z_ZjO0juY;IvLg#!J5Q4QDP?E=3q}A7+cnv z92J_fC^29>xc>gS2B=(Wv0VwpL5fhKB;@5|m4AjblQGeW$0}(K==oF%PhR;s#CA6{ zRV^@3TV>|u+8!&?x3H`0Oy)NotG^e{7bYIYpGT*>(Sis@Wm%W*pPnLEa*Qy)NH5OH z-_o#-(o;$Lw0=fvM!URuZ>$rD1Jpr)5B-BPEctfRTdqb=Xk&X#8gxDTaWD1_5 zHhAqC$v>&6ylZb%idu-7C?hM(-UyY{EhlaQTHzPVfC*hF?&tRXfL^lfoM3kRbKr24 zK+-H?2x(}A+9>i?C`$jMwrzw;n{o(qp;Da`@_@9lMnjz9L(d7X;r?()QpxQ=72gOK z54Z2t6BOGDZGiO5Kzac0x~L}#deJtGli1zQE7k!M7q=W*Jn93u6YTzb(fY98Rj%u5 z+m@l8YiBh=kd;bffyYin}O^ij@{zhd{tL{4;X3m<+>oUbd`n=rViW7|rC7{(Z|2LAdMX zz3y5#^?7X)KsVvCaCvN`9WK3Nt6)QLR*&Df|=v`YR7$T}^6VbS3wL|O1PsH?P^n=5?c zfKXR{77Uw&0WB1_6L(=B zh;I}%#i`TRI$<<*NEyMmpf%R?O3=lXQ81#N`fdtsiu4=_h~=wj#%1zTCo*=lUXn_d zylp?)Om&}|1D@r;$~w}Rf9ILU;}^~s;cK3(Ev}l;UiJO2iFucqOp^Ird0TmVc(b-Y(? zgDw;`U3W5yE&c!z(+2HSTR~!#E5HATr~g$-TKVy36t-wpS51BKj>OC$YP*fvH0Zlj zVxKHfHMuR?HT@`;;sWLo?wlgUBx^(vWC$FjNy@Il2q%~?0vTM*Wv*5~yavX|zJ6g? z>5loV9h~GZ8+OaPHA`hrQQvJ>St^G0HZs4#yiBNe8*ETh)0o>W`01kImxna*8x!5Z zUcmoB-&L?s@3Oeex@z1OuCXq)KjhnRNFXP%H5H5}l@bXNhbL83^r46b0ysK9fN&lk zXGV*A8F9MY+`4`5yu&{XB3~;XL6a4@n9%0ur6B2o`ba#CuuHT6HqItr)E@W*J;bVG zrb8WNS|S_+p}froI>%@wE(M zQ=#0hc3o*2MkYMtfqQDj8I=FYq*Qj(^ym9@^UB<+7hr*b6}?lxIT;#i%QXZJBh;yD z#4!lnkK>)T;x;ay{dnH;nOO-nB6KAr5E7@rc|}t@8N81{rUqoGz-;c0cA$AH6IEh4 zJBUb!Pc`8WqK~^H-~|TX#1C5LUgCsdiSZ4Z3agY03YV_R^VvArGEFd|Q|~p_>&Clx zhrP-f#%k5j`+)D%R5w6CkqJOjKwkd#WvgWsZm`j)ij!gDd38hmI>aks)2m#ww_lrADsFA#EC<=XQ)a2c^b47kl3o|0sx=g(350lg-f5m?PWQjK%!ylX44u zk@+*If5>Oj9HZiSKVDR1B-NF)haVR3Z<$#?3aA0k+1RiJ@V{BsH1vj?5*UjE#vn5^ zs4^TZu4XRMPE@*=_x({yc`QD9FMTRhrI*M~=D&UQfsA#$lJmHs4x0gv> z;Je%gqFDGtA37!QtDOv$Y&8`oOhj7g7LoR8mOLFoF2d~0mN}Z_G3?jDo+t$O!mhPi5RYNxGEqT)@b|cxc*Tr$1d#~!u_SxrrXOvsEVCWYIbRWtGhjamu z)DJ>l1ZBD2CPeTe__4JOoSq@pQ~TD{2d;otyN-UShy7l^M7s(*YW>aNXx-pu!psrE zR=jME_eFekSusxt#LHvs+l1bIm`QY-ch{hwoZ@V zpP$W7PGKDNM?>E|O^dRI=eO6&`)SG1Ph|rcmZ3GvQo{MXCtuZ!)$Z3rLh2)cg<3ZQ zV?-VA=ks%0C4;Dii-@iD{Oj_T-jpC8H#m?!By9Vu1P^Re`2cF<8ULo~us2e%R@D7a zP=5DtW~dovf=EtvZAQ%xka(z9ht{q(ouwBR{dO-A221jqsaH$mdn z$UNjEV65EQ+c1*1g#6~8H_&<#ZE=yuQybvka9?hro=~KG&oASvpbE%b0yJE)NJg>D zQPOBA;Gi?7A`@4rfP2l~Adzt)1_L|4hrIn-ckH<%hU|o0>Ny@TSix zk&NwyfwhSDu3tNRXZi2NJG{mUaqSFQrKMny(>9vUSTY-XOlm>%>wM1qsE+~elt9xTN*Jw10Eyl#uIr0b z+mx~)H%Y)blu2U~``Z^Sr796rpSbeF$ZGOhxW-d$THBiXDsh#Wse-)C#5|6Fl^4?L zWazXs?<)7_KmVrz6KK4sCT`PL!z6b=xQ5 z#fsy&`c!Z7{`i105DxMbq(hkd4I^1<3-6T#0%rW-t8?EZ9} zlXe3pd=IFS>-nk{T1gY`D&&^QXj)Z=&9 zYLYnRQArZhdnw4V7ogsy$sdp zlW*20)^X|iw!rn?WmYNsp?zvY_;+5AZx3efMtPWEx%pz5vijubXR%a@R#-~#Fekqm zIO~XZe-rZ+^81P4^?cXpn!h3UjP%+rlnx&kJ04fxIE57s4=;_?~ z8AS`@nQwm)_00!ZMJD4)&phU?1SoyVHQ_<1&_u`(U!XJ0wM1dOOgBbD z*oCuYX)E*ZJA`jHGJba$UENg^xjBXyyqY}vsWpngNL}by^-wm!U!w03lk4(Yc5!^u zp}QlTHB&t?X}3-YBbc>H#gVUCZVG85>IF8In*Tj?_TfP0--+ifCfnUy(+0_b4Gj%? z(D?`3@7KN8Q6gQf1&z#uT(@EeM@Jn#?>B>p*9+``O6+J)3;u9;9r>3L5K|X_djS&N zFQDk1fAXc(lF%QzG{A`F#t+RFZNYU9@$v2XQpJU2uRECESHzWunpdM1@$~iWE8oL2 zgicH24TXrU<^f(4)l-8E0?R9cTE6%9C}fy_Z)6qg21F@WlePsf+Ch^8{F`YBd^r47 zx~RajQh(s)1{i`kw8y@mz1pjLL{iv0+kr2oQA)m;b{jq&Q`)sV%1$HSCIyG>wN#SB z!QrG}hzCy1%sk`K4Oq3<%kZQcvE77PEq|v|t4OK-PA9MxkBD9IZ4&9$U?$A>3u7Ja zyvs<*u>bra-|_(}IeOJ=i48N{wC!gwQC!ucqIF*q*CZ|2Js)3sroI;FoAt0i=^Goh z_+cx1Uh7-F@S~%(h`vTQ-rh$S%5Vc6{+jvK!IJ`k|3Qgy_Y<(@vM8D}miSX7=Y}ic z8={u$`{Ulvn5TlTzM64uf#&*iFKK$Rcf=4CmT!D4aUQ$3mUi0#h;6zauJw83cdMIVSE6^f6c zO$@1^9|=K=5Er&P7AlVXSCy~xArV4AQ|EZUlfPsa2l)}Kx!2nJSzW6lf7<(Ua6U~G z-maL-_t(_6{3@uJrYR@7&!8WQ42sR#4orhwqE9vjC>klkF*}<+J~VW^tGwv97F%1O zWH9qPG{0~ksXxENJk%r=bwksDo;q_)vH+oNy^-N*P}8$5=5 zJ|%|=*j6?K-gc7(^xItC7M!8l%cbq7C0Q4Xs)}yJ7&^`B3maOYH9}D$I)Y)EGT2f} zeu{~G*9*&n<=`@|OL?sb{;2Z@#xe-1e>zji;?wiCNu15&uomBN_3ja{Ov}SkmN%`% zHrM*1?hp8jkDEi)-On%Z1+jD#xUXdy+K1ult7ZN3v&k+(lICn;*2N<<3meSO=ziHAd!%3IOz9wZN? z9qqdCDK8BVU`DppIG#pE)85^R-(T=h(B><2O}SA7sDNdAAlm)OwDY)|^WXxQ-AXT^ z_9Rhz{w+0j!h)c~7!Qr@@^$eio)rr}Ws>xJ8j=082`7?Dt^wB5EWcky1uvd^zq>WB z`e?+tP)Ch|M2!1z+#Z)S-$7hM*%LYER7XIR>Nh~z1Dg9ZYN{eZU78GntLW7_q3o_D z0+ouC^Kvhf<>-^lHT0ZrUL~ccQ&Y7;i1S1raKk_*S$cJ!Wvv2TP-YZG$BCR;JfC9H z)2n(=AADw|7fg>;8?kr{B$tl&7}|V1<1eR)pOqKD+$J=xQ)>KE~~u_YE-ekHWekU6DDPtN<#? z-H4%Fes{Abf)HW5uF%(`Rzb>Wh$01LNoa(@GV>fOByiA-P&2q&p^UjqYBHcp=_nU> zq*44sGG;TCw27jU&RjAhKMUa)|J<&uEPFGWgyOolbQBedMM=dsb+_9+ zvluj#MpK}*W2QyoX9)==`lBAZ=6T-_rGj2#%4C);-1(RRJBdP(M2ks$)${Wz{~$cy z>X2y003T$lnZf&z>S$zpS_#A3ysvvU@)&XG5%hjKRyJHA@h)^{ zigc;}e8*zs8M&Hu2w{3~a<(_w#grS}?i7(&j*3p16fKHIq3Ps}%u=v7e`A@J+ozqz zzkV92Kw0hcUQ%G|7_rpXMNZtc9yS3|!5+>4XX{NuhrBx9@Z`mPCt{+jt-Cw~&SA zu;=2pAr$CYf!z)4dk3;v6O2jx0N}Q8pmynfF zRG-gQg-zTT)K_?@n#b1C3m=jv)xX9jNymZaW|c(gc(o@L`yRabi(Dx2sNOfGBrwvl z(FVb8n`uC3=Fz!J2K!ft?6*Ozkdjq^rt3s3r!rC@L&fM8ZKgI3GV_84lRyTGIXQFRcs4m)&e-${e*A0I;cf_aWCM>4hnl;NrVZuo)uyW&YtYj- zeTI+-(ONIbJgh8WmN)z44^|iWq)8R0>wTCbbVEM(Ylf-`FvVFl?bR*-ss9|W3A9am zH?W}I)xh8m14}S00PV6?t&&N8k~Jp(6}XLE(WUA>jM6OFy5w6vN=Ga_V5?m7yriUKW%Z^|rnTrkeEw58v+egElfZN>7xLOQ+IX&_Pzsy!>E;)OJX{bhV4=j>+p4YSjPA`hgBtGmmZf&nSO-3)B)Aj4cCLO`s3EA{EjcsN|xpGGCbFn892$SXsCQol#!vmvN22r-e+;5foxC^ zA7+qHlCy6CJEwV(JOhhT*R3e^^Itj6e;pGyfq>~c)y&t_R*c^LE`6&VH*IOJycH&d zir^E4#=g{_dv@L<41BX;TPN)U)-uib3Esv{yYY_qvIw8tfMlk5HX0-_X>CufDpxvy zKota52mLg@F2O73aDYM4?~*yaLaX17CtHqoS8U%1d(b93SK%E`&XAPS_i&93)sXHm zwCVQ{PPN8wqO4T)2|ASF*t4Xlxie85Xg=eIz?hCM)oaEAU>jA$D)b1pSoA z_iC(oY&#b){@d~GsZ};D&f>pZCj8Y2K*CfHtc+rzQLgV1vCK_-95v*O=U>}t+<2cR zk9DHZsGclhsaq2B`03MrS36QO6*Mty!M+tE0l`2-iH~AQhOB>4CaT}62et%AaG4lN z1g><|iV{4T`wnh^f^>p{3?914A-nus^)`&LidP|%Vj|^8#+rVZ^1B|O^rF`X(eO3V zHQWfDwO}ObYb=<}&MdYuHKtY}lEV9O2}#4gt6!#H-=A4wZF(+z($i3aLV$V^WGoav2k&;=nKGoz(t^@oZ&`Bz5YT4LoNuB>}EnJLv4% zY^D@Qkph$leqk-LTix_IPMe&Y&2F7_?DZ#iLS~9y^1t3bl2_gD%D<(Uj?{kxL9%71 zW@^*LjxznvuU*GTOoUr;Cmu<9!V7Hv@1nhR+{Q%q(3}_--JAKHua5%55@Te2&upm! zwYceDlIo_JXJml5r(>1pXl`{>hqQ#$6uIkbYGE(C>1P<5kFd$FvHgLI zBmU81`@QXPa7-0NFWX|KJKY&c*Zs_p`@ZFO+!^uW%%XZ-0)(ySZEUgu<@19CzkM>_ zMnUPZr0fDMRSIr|SzW{Pk44m|nn!~L1+8eh%c~R3_|7z+M-=4O_8bfm$qqu=AEJ;H z?%luRxtaNY%$~|wfkluGq%$VAvhD9u87?Jotha4x3iNa7dUtlCU`<1SE$TjxmYVG##;4K6)E}(F zH=LKpv(Fl} zkfAYwbnQuVr$J0yNN(6SqsX?s(Pu6jCoWnrHJ^)9(e5ezNPyHPW(oVjDG!s521Nw! zPErEb-8PpYT1S>(=Yj}~Cq`6BBBK1tDr4%Kk7w1dEI@MRASOz-5%zrDIEM!QU1yEgU?JKcQ#=_Tt8O@f^eJT{IUX`L z?%g--7rIRnb^>b`f_)H617&8~4W2nN3@60Vk!~jrdW`xV!X78<`$k#TM8v_aqs&B8 zskKuh-fv`G)53tRcj~an?cOn83W7hPAo5A;e*Y$R>j#79k(36DSKYZwBMKIZd63HH zksI0eD<)vg1?wL^={2ZQfvgalgYsiDaZwuRHwD(hc6|g;rj^mS7{lrc(&BxM9Ep00 z$t_uHhKZWQxX~xY@k&uiP{=$RN*2JIi;#`j$siQqaxf1VFm1n^5+uQ#Jg9#Mf>DMu zhO&F9vp9H)IAl;Z5_X4zm_1d6ASWQe>0znGw+w8t3>+04i!l>t*vlyEuE7o%{XPP8Sq zBJ73WSfVUo1j;#18I<`{SB?NWPIk$%LWeMu!G?=K#l`Nnr#F1UE&$7A>b5WQNE17{ z#t`HJ;i#CGX;L5{J%?4;1PQ2dH{6SOLqm-mTMU}rz}sJyEFy_8ttj|l?!jT2Hb&7Fw}G(DD){%^z?$U)Xhu8cq12oCf6nGGSwVGa zwqKD3RNQbflJkTS(j~7dgNBB0K)l?w5*(H4p!SRX+>FY>uFxL&9ViX_?{@j-_gy9N zJRX$R+f-I@xRT=KcX}Fy8 zAoKTSaQ}4=!CKd znalu0pAA+qmOe1@#ra6EHFoZm5@wyBms?ColcT3~jD-KP(_K7gWPbhmB8GB|^N0s- zvH%q{v%nuSl|H~B2O<3yk{3k{mcWTNa)dwv9ITmEOQXuk{Dd3@xDGWCMZ(*O8u@9B z*vRV*BDikXx!3e7lp+In(l*1lIZW=e9|z?X7>|l-%nYK8|I4jee!0Ub}JY z8rzWK&Lc>9pBrw>RB}Fy=?FQi>(GM=X!7Qz> z&TSdEm}PvZqZRX*C5*-kyFbK$4v4-ne0~Zg682Xt-M&}>VpIa#0x^?+OaNyfv|TC$ zb8&RyOOkG5J_ZbZm48K5!_M#c@cF*oiyR!(Fqjr}i)4va#d}G=?Tzpp>$C-xAVCe` z!BUPfoMVh*#)^#9yBl4md+e&?^HF{*QI23JeaeLc^5 z5>rK^zEy-ULdIY8&pkm}WG;(JT_+2v4WDx!;bH8lN&bw=6=XZM})mnHW)vW$hE1t+K*jZ{FI1;SBRQ?oS08k*X5v;^W5aOs-1nVXw~lnj-CPNS!% zPc18>$}{D7c**DI4RlhOVEa7W7Bva1AIvS<=Due;YeI+k;FIjkd@!Y`d^a?h5ik$` z4Xic`&a^M`8=qYn7~IsRuI3=4$ZXApv#pD(Uy9e;s6)>0O_Qso-;x)?6+Po?&tVs+ zZ_ZpO(@>ca8$&m*H90*E6_N<}hM?=Y@HoeqAnU&&gouo~4i)!$JVAzR;M1ng-9Q9E z%8}xoQsNAji_Bu_!qt%qh+3q#@yHS{@Fy6P<;_}(|Am=4em(I7Q#Z#cvwODPPgvlH zi3uVO5-fau=XreFwM5k2m0lc`a5i%^)uR|y!S5Jgq^r6?@)OHVX^ujIdv7-1?+9Bw z=++ENTicZ3Xv|4`j}79)#2eo*A(zO=NaucV%&|77eKe|%E05k}!;d}8`QCu<>!e~Za5tNrv9Ms( zQx@%LsryVl80GmO+KBpQmG`;eP*}EjU&cW`Kx+*XOt42^e)t4Qg`vYI9h?X(^$0z* zv%1l3t5d7G08P{_{0NSmR+^&oy#25hd8dLnWea<>KhjJaX^x`f&Oq16KC0`hA7Xd;|hl4CnRdWM_o&hGjFu z;1xX41kb?u)*z9=!5~f~h0lO>K3YD1KsoC0Ujp^xefvADsfkUy!_}&CD447u#RM=f zy#s7DP~f{2o9Z+kglPYKS|_KbmYzXQ3Dw!_ZW7#m29CIb99wc`Y&tqF-1Oe*@OMlD zb;i?+@bMD#Uq|Y0LfnYLk82~K2}cro>Jhs|5x~(c_UeVzQ4c#9^4x;zb^wb|i04w& z+6Tjxo05MaN-s&o3L+@fO4V6Fe;~e9!VYnGJzASaOupT8ramzoc~9LQxz6WYi@+UI z2z*$FakGnGQ6K`eB@+sMc1Qhsn81`KvKXnFbb#?>39Nw}_4L-^gJ`e!%8gDLcFwOJ z40=pNG}4#wgD|Z7UcE+mZU8Yha)$zvh{YivA0KA{bm`;X4MjcJj~7e>Bni*+w@_^9 zbeg0_;_zvI>APpFUb>$G`XmO&1_0teEPx7_w7fijS+*Am7aCUPQ398bW9(V*g3Gt{ zlzg1?>Bm!xB;qx>g>V5^!QSy7MxdfI5Y!gn&!M!eqFd&`FgCtgwpCim$wSO;4O}JiiFKBqmoOBV7*)dV4OSo`~}x4a2I9Rd87G>EaN z8~DValVJ=Xypnpho{En3`|MvwdxK`#rnyfO*lMN*4B5HkTC;pJt!}nW{ZFw1O{ul5 zxulnHZ%!Lc9_d_8g)%g2-WiSv91dG_swHw(`VZWcq>^zd4Gk=Rn{9qUlXW;X0HU}m z&$Y_JPqTBeqSlSnFflmo$wTl9J3WN!w%ea(tX+=mdj_@o^)gZ4?`&A}B4yHh%@af+ zQd6E1buUs}i(upF6xm)Cp`*jW+?#|=v)uys9*)$rS~?VN=bTdg_|Gz`=3!!HKS0>X zWd0=H4@JqxcfjK|gSy$Qkk0V8&1EOKo(`k%2E>I92jUks6(UmB+&?}(s%UFdA08fx zEUEW6yxO0~4LwtA6F1Eiv1Rpo#a)wA6cO6tWC z>Jyhg)YR3RVIibQ*Mw)sG9wxDJ34si2OE5`AHv1@R8>?8quuD-aoZhnKh3_|e?rnE zVthD$NRZ@EWe_v%e*&nG053rnLBo=s6yuzOYD949%cB7t>DWd$v5_79<3?aBQBvFB zieC)L4Vv3Xu)!)42>2xRqj+K0{YDDNWh@*JC{Z9*W0RN`#))cvU&R+)FEEk(PgIe) zer;m0_^5SdNBy|Agk>4`VHOqk_Zrl|tCjlQ8szZIl7G~MEP}{Vb3X^_FaW!PBViTf zzMi#SD_M!3%GSy(X+o)Z&EJ|3^2-dM?7dgHMqUH_0#?^8KF{|0oHjN#x+|Y>|D)*~oa6f6HXPe%*x1g-PMS20ZQHhO+itjVW7~Ebqp|Jex8Hf^{Rehu z&YnH!8lvEda@`KhUtpq-w?rXV~S z0YT6I!xftRzgz&cH|{6xXegb4K$j|`d0!B8d&6{iwk-kQtq#faE)Ugy_7Tn8jvNY} z2)R%#f$8&Rb~39R1X)~3U7bSr%OOD~A~vNl=@ExthRrp<*z6++68go|eoUs>=2QYf zD@6{2Lbximo=3!X6?j(Lqj#0P{eH+bUeHk6_|bZhrX9k}XiW51-8gS!rilxNyw>sK zAYDHVme@x@B$f54cmYJw(>0jS*j2Avj5HuGkKnw3zQCO4qHzIh6yFwiTUA8IF<3t-XK3C1%Gs4tQEx7qVi8{8zo&!yExN2^4 z^z1#&Z(FMeAEpp2^9InXvqK``;oI@BQQT(?Rrsj7VtHf4wdes`W47Sm)p>d)FCx5q zG&&zLT&;d-)7yR&TG!5%CjL6w=5{b$;>Z_Lm3{5Ct~qq9IcQ|nv$Lb5E|Y-T!rbUw zCu*3i8r4lbyZ^5dUq`UB|Ekq+AS zIDUV!5E?^3EJy_bj{kPM0jgnD9cjez4Vp~H2|Q}xffkV}MBV&LmOtGaeTyW%gqtG&V;`F>5ZcShU(Z+TMO7_N@ZP&44azHy;5pcIW_K{V0NgcQkQk1bg6bL6nGi10a zDd^RzW&wyeOe*4Owhzl<*Vi9U+w{&;g7XPk7@43Iol1R>C)YFnpUM~1+;PhC0;-^% zBQ>Zyqeu`L6NBV=Glb*naeuv-2Go#`@m&I{{&Bz3%N2r{W;Gs`aCL2(rhk(#7_7eu zmE5sd^+dzE?IxYwiB5T;q22KvcJleF^g5`^W~}GAeY2(6<<%4fJ|FEe7J>jh(Lh|4 zzLWMu=zqt5MX)t8`3oNYO7$@~@`+;IsN*~z{FLAFNp-Bk9B3 zEKLh2LGE~x_{_J*JlgW97eP>TnF&UKsj8q=@OR_^x9tB|Qqd(3b>AXa#2l`W!gO!= zo;)o56@Hl*B`=uV-*K5*9L=173!Dmw13@IX=; z3H#TZnxD91<`3*)KzmWn@H78>5}=7Z%4M8uKv9QRp8t7d97m{hd+)4-W|x{$$)sAL z?BKQG+;rU{O)ds75Zcfd|WXsZ?hX1|>8SnY>jfb{Nq_n?6 z7yAC)I(G`gI(QMHQ(yDDha&E$93-T!%0+Rq zxMUNrENy1yFgdF!uQ7j*=7@Vu&rQk#JLWP5FcapvicP%>``A*Sy zABV~Fz+x~w4uBHq>6yoWGl+Q$dK#V9aH(dFp0g$LkS|D==6Cd%T#vaVlJ4Kwwro;~ zhNCPwfmQ%FQW%U3NKF1hCqE-2A3+5H7EWB5GE|`Z;lHwHP$G_=hsfsdKXKkyUFvuv zphk!so;1*)>tR{j2^3z@{g$O2O;y*kWM4V!rj;uZ7?k(B#VoTvR$K zRd0bwm_hLU{ztEO*s02-{}8r1%_fZ|Ig4RFjV1Z)$Nhpl2eHWDe>-x4dxPE)PY&9a z(u&n<5){p@^{BbOtrnjBHm{oENs8?D&1gd|`Bin{2>Tu7DfArTR$)+j?cBnEBMFPL zsjEXnS&DZb2&QuI{O88M=p9Hf3A`75j<>m_#u}JuA|mqGDmi9NiL-!2-x0b1==Z7o z4}=t`9OKWJxU1mj=L2C8*kJm>srZxFT!?gZC4M7vw7!>=6&_#474OH&k{>VeLxN_F z6ghqX8(oaz{YKIVEZE z9-~Yz{}-SXtgh$zGn35=Zg1d6t`kI9ZO^Bc2xO)Ppwr~Mru)@O6`NF4-t2M!RVd}{ zvO^vQ3Aey2^J2~rRRvdrxDU!btAgkOwCP+5)Dta6$|Zd%cp|&}kxW`F7R2|~I6z`N zx@ii??czb_o?Q;fZ^q~Yx7=3Si{qnY%7G+TWE@#7;hJ`R;(8Oc#5&shug(a#he8&5 z?nBjj)6&tY!l3agAzPU7G$Wcfo=9W#ibvz#^#A%m$l#9W+VU{21Y+qPC;|e9($=8{_^YC0?lIg>?H{Ui7WF3u;A9cjjhOIdVQ^?yn<&g;6BT$$NVw<*eQvdZ>RnC425w z*`GwvqJwt5QF_stDD zs8ddIIRc$r1)7!`1dr_s4BF%G-0`j#-1lh%Zqa6yg8DKDU8<$y)r;{;C{wi1%9Zv+ zIH=MJ@v&9^9b-q^dD?^aM!OEIe~U19BL@^{BcXEw&lhNU@G(SB>0FMuS&3Dn(|gfoQWsgST2!Bn$rSvQ zl2UmdF!e}v7gnVK3IX%v^R2fZsH&$4uM5@`mmttBC}KH`$9|PNGS4&PzUN8~-dRlY zv-&F`%ak6AokG{4S*k!P-(Rvss`}t{FTT4w<35Q85i+*{?TQo`y&N*PsBi@PoEw7_ zmO|p%GQvu#(W+E59KvLLEMP7mi;h!;&-3%;DD}pe5Hh%p>`rP4^{`NocS3RVU)R%? z@)CL4Z(k_)qA{%7_7<^RSKvGUgd0*WYwjR-b2u+MY#hE0tpZ)qY_`l z2(w-^judMTuZ2=#5)hS#&xYq1BmprBf+l}`UWW_OC=|4RqtpnaL)TrzFk#VyDN##d zz}-p0U;@1Ygo1h&o%(PTw1unz80)ub8hKVuD%oV*1yNXilma~U43y|9x%)iJGj5q0 zVZMd++~6>jl=lC54gy@(yYVZ^L;p>9yLY;BP}CsH*hOM(>Fy5_vXdHU?q0al`|cS; zNPl>Gz4V26mf?X??F7~muCf@R4I1|T>5dyJAYe z3+1TGHev%tnWCe~u)?=QCR9z2Z@yBaBRtW#tNQcy&n4`}#unS62|muja5LuY{DP`} zuh2+MyMWH%qwTUsFHI`_75k)Q^h1AMzF&E~?m;nQVD@HfwXXu%KBx}C{J7cV-UULc zif2l-w;jfU-;NEi@9Wd-rqht=UG!Ii?Jl$a>Lkzz!$fy9H#(F2{>cXygaC|CpbRB3 z?hk<<_etE%2AK>1VH=92yck^qjz<|WlovP}cA){^PJgG}Ca)?g?@4j8 z$wsT=YvDMy$oEY5AaE&oZhQ9TQby=ZH_=nE-rhlLjeIV)0!+gc7j zJMi0^UFA;K-EhJ$w!EG`KK;x?rJE|UvnU!g9v-;%1`i>-*eLbA5<^BvN`<4@=gaJN z^6IYh0(`|FiqRSi3)VFND7%u8Kx=(?NE=fbU*PQIzgUQ-$`y%^$J~rs2FX_;T&abL zBy%#bUKlh>IgWC(@?s1ci*r;6ULAEXZkzH!rVPZ?Qr!e8k*u*J0*oKi<_}3%um5r! zKmL{d9^}$u*f5tPP9WK5+c)u`%R{^qSV8}b(k>@;#aNpj)0^w%^Z7KV>VMwiK$oP1 z&9-JeVO+^eb-<x&mReuyNIz!Ypscu94@ebH!%vvbJr;T2 zJP*OiPOZf2l|U{f-#LLz-e~)#$Ye!#h|BwYVBZ5 z`TJUl1SEV{Qsu(N9 z6yaIhT1YqMMDlR*4BhrcpQo<&aLOHSEX@3&exR49E4ER|&dz}BTXA0s@Wr1#AnyLh z5+Ri3bc9T}SG(0!*RH=gDibkwue^JV2@)9Qe436&jCL;?FGq3E&A#t zbisjuaGha*mektu&zL6+aN0NVSNur3xL80KZ>r;CjHS6Zql>KA#1Zc86FHlDLODjz}gRFmMGGo}FV&p1Nx0c#IL zd;zJ`7Ms*zjMiekZY8&`f9V)(?wr%)`0w{h?;3(rH-u?IQM|3e_QCljh{X~>HkFPPqsI|& zyJ!15{GrfyLhluiQW-F#`b@#xm2(T26U%=-Y(MCB^CZ9$5$F?>`;oHI?EtmRY~QB4 zGTMVI_NjZ&a@RyLJMZuJ#UK-l!c zSvb&+HsE3EJB%U=tvyvTgr5=#+7t3wLDWJhj$V08S&u6~5Hk1>-9$kkif^lNrQlQ0 z7T{$~7A##WvSE27$BTEpg%HF|Z95gsr{GZ5zy;IQ1z_0L<7vL|jD2Wb`RU~}{UVEI z7$7&}*OBgc)o^rW%15^|H4UzRO4?TCjZ(I`@3b0N{MKLHs2%K&Q~o%wqF30AtX59C zJG`b3&IQx0UAogRXcZDNG-5dmXosgX|HnYH_}*mQ#~|>i&(UnR+AdqQN*O=G#I-pF zSk?Tuqhl#XaA4of2ydPb|Jwiz{mJdI#p3f;9DD-@3Q~@nmSmRVyXAGa5NR_Qg_NQ) zl_dX)7TD``iV6HLtXmfT;A!6>;N@Z+HR_H-*DwOD$B}QU7KOf7J+L5^|DzM@>xed& z7$~yDpkGL*qT+fg9eI{i8<|B$e@FlC6(sR%nd{FHGa~nJ>ha)lRB7*QBtvB-GcY%z zqBZS|t}~MiVT%+l6`w@z+Bk7(XVeX}A&0v1iT3HPSD~q4O_mJID-t%xvjBu{WR|)Y z$Q$U3=x>^k;ME3NF?4aJ~5io&2jOh=s zzf~ThSD4MMb<9Bt)_>bro&@OBEk$E=L<~;lf*q72P}{MCo{6WB|Dt3R&m+|j*h!y< z!jLk~{{mZ7-0L+6h+&z|4rX6^>F1bV2%i8+a&5gZEct|6#U{S(mXIK97^tj5vl zioM~<+{wwPega*h02Kuqij>U9p4O&Y=p=MQQD}*Tymg(Ml4ZnB0`VWb#(s&~tSRR3 zFe&?eUBZmjR^6>{MPi^ekBmU-*9bjN8Cdfl$s2hBu^jKhl#*&F9wP&yK7L142>BXn z+9fE=;vWwhy1LqYfA}w-wZGQF#d5lxGEpMIq7_ah!1rb&W7qX{Lf@Ze2N$=Oy>}Y) zz<0@&`t6F}u|R;~J}=-t>wSj%>eX``5|pUh@ho`$U{a*-LZG)OB5S~(8{wk!@E1qv zb(~8eGJi6J^PBx+z)&)uURH;Ee@ot@raDFiCD&WL zB`%LgRH?QdDXcv*g7zj8D4j?i#b*}So?HzYbf$EDE*A#EK=OM+`8*`ttN2~lr}W$f z1_{AL8~66C8po*!8wO7W15;QfNOT64?N(`GUqa`>uKd20^8>n}M1sV-!ajo2&e9p< z21*f(!xpO#?D)vO&+z@&ljoN^-yfDjwlyDR-Sf$p0oRlHh9sMaDPA(hNNk(dh3y(a zbs@BQ>ETZe(aj-YWfNjFm=z{28Fo6InY?g=JmV$kbZyfH!D>nL=@XyBLn#YG(UxQF z;zl&FgLfir<7B_7PLDG^n!p|Q=aJQsm~5=C`%OMRE~_9Vivs@8d+jOFZE@YMUCzja zS}ZEnZ}7ig1B$jc_t^99a175pr;wEqw=u3pzt)Z_H}}|_%!+_ z_gCI%BE2XmFq@QK z_vn>E3S5BwP$%g5iQ-^l^hWN3MobY;$9t)6%-`s7l_yOvPMZ=e{#EFPKm!#MBWegC z-D~H-uxi@+E;;ytOW-l(>C{z6HPtr;NOk6?|2jqU!Vi_ zY!MvZGkKQ#A~x@9u#Ou`%EfWLsnLZgHKNUq!Qm5(rt6@vjiIx4%zUY!+k+ug?28IP z$E*))UAPnI2tD7{iLWxD4@su(XQNm>nbfka0^Y%)ESSB9ngFs*cvZWg>k(7l|DlvGFGfggfD!(D z5~3@S7b*kF#hoZr_ce*HDkR((g5%$=?M{ttX7GiSRd~0f;ICY5FqSa)#JyN0+;6{Y zk^L!{h7v~qrdpXeLQnER8~Un&d7+My&ji1sU#0{LjhbQ;sJV#h9rKz|)&>rKvGb$( z+tZJ~1olSV=@lviV+M&4wEY~38%31;K%j++HJkDXmPT`#4v}7`GE+tl>FMo&XmCmlzt>IK&UN28?8gEm~ogxgLLi4xQ3)VhET4fn#ar zu3|UL7*Ycd%v(Kehgv7|C?$-?Xvc4>^26)}tgOc0Gb&mXz-rmM6JI?5_X)uqlcS`; z6!>2E*u+0%VVJb&1z*MRWC7{O4)o)j$0?QmAq6H4Luq_yUQdjZG<;&EivqjI)|TSu z=wPu`>tAH9*)783iZo4?%K@69h}Nq=SeC)TCAjlg0e#DhDZyuswF~cE`49yyjC{%^ z(5B2?RNnTVl|WinQA`yUybQSuJSOg6dtlEt!Oq&fc?2G-`q}fj&LY}4BgOCvk_4!# z&HGCe*);hXGKS=iwSw0~an&TFq0x4MeHx@sIf%D=0nC0zB zn9{EJFoT33(g}FUx4$&*Q@ zb5911mdhu^&?v-&wafyOQU1`P3|y+Pt#3G0hGEo$(yy^SDIQR9m72{zPPy#nFZkE5 z4HKl06w?bP_t)kg4cVfZ9em)p&qc!}ob8y5P-Vn(8DV-&q$=in`8Nm=_Yj2!OWXG^ zlgu2pvtE-cDNc&+7UhcE2B>goq(v1Jy+nfpJEfuxARWPu@6`B?0$h!);I50n=u)gp z?j?@GS6-aIHasht7Hb@JpUiEkB};oT7aER4t5GR#(=yU!81oI+(0!V^RHAkTn}dz2 zRc{sXvc6F^^i48vs*!3Jwl_G~{22`Xs~={NN(lvR9i{48@ogR&$XYVESRv(OCzT?_ zJilKszN|#PZkh?eb8kT){*n)RtbClhKb{se0H{|?`UGT<|zStBN^ zFPe1*fl>?>;dMSQP8`Ff6Myp>e>wQKc{~cF92M5y`@Ymj?M4GitvQ3c@(357F3u6x z)B8^1T-YH-`h>Gsp;UG=i-=fW#v|ILNqj111yIMe3X%e;H$SRgI_R-_r-ZLG4O!<{ z>}CQS@7WKIQNWOO+YA-dRF~W5M??$GZ#$jZz%TWEp`j??Z7JT>Z2Ns?TfIO)9KJ-) zy=`D;XO)B>JD+q36coyW^FD_>{9@v1;iXA@odhZFsaFJBj%=(FJZ+eF)S&C1lvFTG z6@8<8xNkzl3a>DHVCIith{GIco4j{bTe9ReFziAn4<-Z#`pGqv zDs%uzszm~9vF{*y1juD!-cdNOLY53WED}3H)`%k=s9x6OU1<~0KQ%afA@D7;9FZWHGmIkDJfGtL6cKS8wk~dE#sl7$C00YR=!st zb~X5d{owG0z)|sWhy#0YR!z-KO`4Wv%BV*Xwe_Rw$jn_9;aL;+-n0Yc=DvYm}qk`>lQT?E+HM@@RkOMkOfk;ewC9o>) zrMqj(VJ3e}o$FK9wmmRkjk087Zo!>0^q%mNzlIZF599?nelR4ZleC!1sbleh4Uy4i zCjAzF$&hAwcqd5NV20pVhF@3`;(|j0A5q5YDhgn!@GaxV;?nM0;dl@qF(>8GM8dIg z`ae-e;wt z#AsYaE!~wUpq{UqDHb-T?G4Z8gtxS`bh>C-8Q&Xf8G(h zQu8_P4XRoGG+$=}(Mr%tB$r2a8v640#YXL4muC$&akbR6y-#uK!^vPp@bj=96yzQb z%d5quKnSLoN-g)-jtG5=*x?@RhO$oM&tl&zp{;(7#7Xrw zQAG-SBjtsQjH8Phxza!ZAd|>Uz-*ucvs8YLJI9R0v1D>FsP%{Lz zONJno2ltYQii=b0WdXryo}jjy&Mg4!37)!%Z}3*|pYh zXVWLKl!2*fU}w(|+FvgpdA5tD(zUFue)U@70StqoO+Bd2t7s!nx5xp%FDa#jgE^PH z9Mj>M8$&y>&ea(2bNw1P8?HCk(+mFynWFP{=P~I>u`ae)(Zm%Q2umQaa4D3-Hs~hE zT+52rf;&AqV8jR@p{ml;d-v+_I?d&w5P=!yuzsidt>;JJtP}3!dWqxnys7q0* z@WO{RwfQE)w?9}rMn8ldL7b-qCxo`H$8M;Sq9Wxc^Z{%xeO}FmRc31T)qw@-1zMhUgs5RA!BB$Ps3(*He;+C2Pk^&k~f^m zd)qFpU>WrM)~I!Z-;Prco>KyBIsYtHsk%9O*=1PgW)%(4uidz zN7MQ5O0^c#c@Djn&*zr~?Kg2%ae_Qgc#7LQV7MkFBe7>1+v&q& zE{whMY5kaQ-4=q&o)+lDzkzPb5!*V($Ewv3AsHwr49=8=)!-Kt;9z3*+)+~__n&Jv zlfybKhL8tPF7wO$TZ5qRqn;4d>C@WH?Zq7@hJtO0`8WSM4E>#$z#nDMjjT!>&>kYc z+jpLC_EULoOoKG-F4mfyKymlzY@ukXVJ9f2$4Y@ZZ6n!#JQCmN8iiWxK1`e^WUC?m%F1gxyGK0guF&ZzNZam)A1BqJv_OY z_P?J|*z_u|+FDw`yFQL|rgs0g_3cwa&mhH`A@@z!bl!39yGb_R?iT*_OY9NY8%=JJ zY&dg)q5yR;2`o}!;(!oJB{xlQCWo54F^fsc>hfCDWJYhY;&w8OD>j^wD-?<(j7mz{ zVer)Nt9%BsEO|oiW}9~{M8SonR-JDgkC`LGJpLmFjZ^l&QTB7*>gQl;+l~%K=?zKZ z=KnMZD)pgXkS8Z6W7oAy>%CuSSB_AHdf1JQZAW$fL**d>f0g!szU81An^>Kcrh8fr1Qu(8j$AoOznVw>RE0kzx0!Bh=E*GY z^aZCn9$YENR;pDiaZCw)-o&3mc+VC6yxogt9&fZPE(%Y^FKs{+SpCLm2GjTCz=Obi&2zx z;!@!=sU^Fd_0)I<1!s(jD{qAU5u{pw^*`PAdSbc-8~D5Q2_N2VCi5BI*5kTK|e$M7n@Xf5S#Fij$RMoSh9$4 z>Nm#N*p_bn0&ho+89+=`)T`fKdgH|{Ao4{dh^*joOz3{5O5I^1$#e@kr?2f)qLRl9_$~afWy@fK&$e+cD}1&{UJ6!~NZE&@p71jS?S9+kM-& zWj^jsdS}Sf#1n!!?Q5yluY`a(UB@X>Z~y({+*~NxI9}ipOcKI91Rm*m7ylXLDLq-6 z@H$qEmt*nRzSeubiTB@-@(PL*`Z$qCpwi$P>G!VVDudi2{&%=80F)7*rs6Oz%AEp8UPz)It2FG|Y zj6L%e^hP<~chF4f`xcW!Wxz*AYh73$Om2T0N-NAmNF;%M(~xJ3DU}Sp&v2lH;4Z*V zg1}f**6Sc|r(`f2L{Pq_L;aUX6-4+N8-;fef7990P}p|A+Pl^6E!oNwt- zdDe{fw78I)5?=CHpY-)}?I{$%g6(5Z9RT&#%L>c(-wS8G&|d|z-+zi^S
      2CDcd zXnKF<%RuV8z(@3Y^-7aah#R;86tD_roW-LrCP;!BjnL>n@2K(k=ETL^(hg8qGZmx= z^Sn-J+um;{u)!RTUO>EI!y0k@28heA;ai8AZ4@agHrQ-;9lur{7op0N`QSOqAve!) z40{Ke$`+lWo;MDt2Bd~FFyJp8*o2l)L2l?CpzcCNSssun4<4&re83A%O9SVj82$&G z&S>YB-`fSiWE4%csc-=JQxQHtU z1oyNMWKhzhIN1lhR%Eh0}k+a3nUQ! zO)`{_f&1{3W*-+%EM*B7vzBhd5&YLSY3b!40)LBQ8H+z2912}<4st`l{c~Y|H*d*M zbOU67+7M+m;KqpNMi<{>4W*NL{|;FZmgtd#wa>eE1=V6YEWqsF5Vx4d$zdODNyc*=FRE5JE(kLCynKTQoJVz)>D>M4dsVxSWxdr~>eHqpdI zBH7ST2Qfo1LO@ByfOO1!ZJ?mn#jn|J6PQ$_uJ5b5Gzte8?NydyaXZ)8lqrNn06at4 zs8AM}1i2iUzuX>JS&Jz2d+z1v`rHihQrmalgl!R<6bWQ9O(TBSLDQK33{1kX+i=*@ zfW0Dk4BgK8MK$fNrdU> z;!N+`#}!U;o(+f%X#ciSZo6{+rfHXz(8Fm%v&MMxm*>g&X}hZTWA&p&Xoa6|PhNn? zG@JCr)7>>PhmUb;KgvGbd*Y1UfmpYfh?{$R{4I(8zqlhOnW|S>oO&*kS&a4W|GJwb zi!^ntJ>p@3W2IinN8a>{!+X^|Z@?T-Zy07|L?nr}_!KRZ9|(_3EU4qIGgg3qDsFNK z4>L-Wlt>9V?qqT}rqSHPhWG%rICZ8XYvc*&F&P|9P|OWI8Wl^b=LmqBNI3aA68fTD zD3f2wwOIqNlZQf)dFK=c$J0-v-XVpQzD`O`{{6E0tNE%rK8scC6Aj8C{A)LyIBfuh zPbPM4+yBeAgc2O{b06~#{}C&vtYzCzdtyN@ z>=7kJj#0N=M5TNLUnn8Hm<`>J zT~z<_-ax(=lS}uDHOfZX(Wxm_SISE-W!JDHWR7o7FP70S`#gY_s&L_egOjDmW>gRk zwjlN03rLL)hZ}iN9wz~l_WA$?Q>k9Noa+k6G118P|MXNnF~pN1p_0iU>G}G&N>!vB zkd~L*_-SrcY41e}^(B+VE_ousENwE5Y>DcAXUQ(>rIZ@E6XX2rBmlff0@ka&&?W3n zI2&Fn(Iby|`YhLdi}oJkr-FDk4g|zNT%e2T+Xdxv-`Rf_cA(N6!6FE=EfWqbh$rgR zAXY6NO;}hCvQlX@-|svGjr}dla+m3kqK(-Cpz?8`F;;Vgal<*2Zip=Ql?ckp)7UuK zzQIhm;iddz2^1q>x4OdOaG>hzgIa3kO*S$l-wU{a1;T6nF$gct6qof$C>L5)v|^}E zsuuEAfe~_w)!;RJo>Tnzu3J_(A+)tkt3ERow$7X!coLy^=n9IrmBA)yHs3hZ(jyyO zY8P#^sa!kMq(yJ+TA%1wbeFEnx$CLSq)b3vmGMjxbjiOMM92il^k9B0>I^-w&c|39 zutNVT9MO}Y5C#3q3h;n1OO-9s7q6R1K8IDDk%xn8Jr~rd6FVa{L;UV7Kkh%7x|*Db zA?Amy8`b=`VmDY1JK{QqOvuKL7rFziq)gN*nB^_SP%;FhC^GT`f+rd97}kC&_=d*N z)+YWn@&n?qw(~!nd&cSIYH-EcRU{2^B6G#5WE8;kR=fmtTs{WnH0;cRS>Oo& zOg%nPJq>sPMYur%1|smg;!woMr2Mrws&rLwZ%9D!k%anm^4zzjX&OZX-A?sY;%UUQ zGL=Z-um^=T;j9M1!=rZ$ja$Mi`p4LZKRscuct^1^-u5zt1Xs2Y+CYoy)i(LGrP7JE z2G~j|o?0#gzo=*gle5>RKj`^Wsoyk{0lN6RO%+{O&`qVv!^IQF_Zps$Zvre9cFL2E z3XYfk>Rjyo&PwD+nYu~5Zfy+~r;CI787od#x?5VFI7&t~Uc7JAhK zJSOcQ?%?{h)Aoh$4x=Q$U6j~kxa%)id?B3`8jgQ32>Fo-$r1@Dj=~yU4nbMNP%fyf~ zsaTD_NvK?k)en~i&J~|Z&ah^8g_UluqQmOo5Fv14?7s~~RAbIt0NghIQt!|F`$Qq# zmq^6}NDX@ejxNVoid=<$UH1YuK1#JPmP*S31G#oV2$u>CIf~R1NiQ52nVNo}DiTK! zq5;$P97)_C4NDpa3CU#TTF-{bT^I)u)2L`gCNZ(-vQo3K;5-p}SsID#Oj;Nc=jFf1n>v;w7#Y=*;@h;y-eSL5|7cf0 zFa+UQsQriBx_#j}rY}mc!ix3hjI>@KYLOCCiGw^i(u;Ki3HeNnL5)tK{9TYj0mzMs z67fzySuX}$wiEOj_ra)+3xR9{F6LMQ=6&lNGo8b%6ADA2?YAiivz3@40gCB2w*TzU z*3yfY4 z860JO`N-DR(k7&<{TRQnA$F^4mXP3|!Oy46tWUfh-TUs)x8~=kzm9U?!=8OBpK0@D z0WYQ@nDHNzU`qi?^BB~pV^16Tsthm|tJaH!M-{>7V;hPTfNFj;L;3I8{p7zX?Zzd6 z?P6m;M0eFJS6en8`gBa*IHu_7n&ndW{UNj|(Xm-x&%D?OhwCb7Kv zL}q&Ah*6kaBV##Hzz?A)azBzeW$B(k zW6gTw{W#eF)%K!#VboJzD*7}fH>hnvuc%9lPXKi!JD#TDBUER>w@3GEZZWBWQnG}s z6x@nz6E8dx)x^p~r^BV$S@G1kR7O{>s@iYBLrGO6E$7F5d5d4BV)*f=|Ct|MF9lb$ z2$GS^*Oy3$6aL*!yX)*(=S!?(cmw`0>pxe6$^KMd_6A6PAcNqN2%%u^q=qH=vX}l~ zOw6seSC-GTM1UhX_UkK%4s(&O|H&KN3Rs!MQqFCf^W~l@sNoR1QjP8wnd`tHJj6o# z@lH#tea~;hu#;zLdP(-FU5B_TV?EQms*H94BqqgwMZzJkiNMR+h8gTtqkg4nf0gY3If+nz73yy(&EF+Bx;nAb`TWrN?9IIY)(y%PM%&wg~A zh@obotaxYxGJthRF~fTsmj8Q(iqD%6{6L$>zu&&0HJ!P~rJ93W2sVsA9R4)Y1Y%3) z%f+Zzi{7sWZ|!ZeTj6U9f%xaw!ftLnrqc(ug1<}Z`qf)rtJnao@t9p+Wao;{`{Up7 zK=hiv2)vb!iZe4dD(LqjFk1q*R322i1+Q%{r+L_e`zt8CdnXB!;eUg4$un+Pb&fI=U@ZSn1cqVe)q(qlv6+ zjKs+$=?*pB=Ku6Iy{r=hgTEp`EFO#75zt)PXN>j5uV{Yz4e28Dq% zMf9GqEmF{=St1#z_cQPiW>w5akB%~5fL1ZMOmaSGVh}%_PL_KHI$ST~{9^=o(^wDo z(+uTjCM6hrt?0*z7&O8#$9F=cs)65zIUa+d8jb|TNJ()K_k9=wPR$`ArsFbwzrpm? zd~P}({|4Rl!|7f5)_Q)op}?rG90gMs0H-=03nxlBmb#y0n^CD41ijvrh@2nJ*6JBu#fLMMYeT zq{|-C)739hL6iaz<-i^XzjqN6iv>N$!L(Rcm9ZGJww5Nz)l=0=205LLstleo_a3gr z&OX&nMH#t5KS>vb7>jwvUz?LPeWncih~hIVc7TpoXsV;OuR(J~@&Px`|JJ9*|QHK3&d0W2BQ` zBIs5!5SEuo{7YWAj75IKHk~5y^;xfC|Egs)@>MVdwq6Y$1ivabD9fjMO43IIk`&gL z^iPo$W5WiZw2&Rn)F_h>G1Ind7W4klmjgP?4Tw^Z?ATF)gLOg7anQtPrZH$1)hwPU zM%HNKT?M`%q4k}`mHLqjcu-b|8?yEyRfYsKAfTIJI)%a{}h(Ll04PgE?xQAjV&W+BBrly=ol(+ z@)qIdp)(R70!`-*0X&vI2s%aLqrc9i(6Xy^4#lX(lWY&1PK#Ayp=2F|wNXUJ6(Dx5 zvBzU4T}G=&;r|c?>}OXW0I-w{){H6o>E{!{5Z9lUta1^>shS}o9a!$#B78+1#Iehs zma!&WuIswJ{{GH|jB=wx7Vp^5M>tHvOA;odgV-xBNGegjGyMjjMFU`2giUm>Rc}jP zOsgifU-JfppkMdyYN6no#0B(eW>F7aZPpqWrI7A_UCw);H{X*Q5wpmRcYDbd!N~Tt z`N77nLuA8gYsFDaa!cRpw@Lzc#h23rN3qTK3N{WSg%tvrxi>u#4hhK7zF!!9_i;Q! zYz-fg6gvH{fh~pKZ1a~4N5>%$A_~NzsQf0$ci-~F*Wat@xSTH^BjmKD{12dawU+|x zd&d0FTiprzRe(gM0f|gWqYQRR1=3hMzN4skv-Zs^qho9+RdGnHLZ79fZ1nswA7IJ?6!|Zu`H_SmT*B=S?8e@3kF187%A{bVbTPm4W^beuhNz1 z^D|;^cU90yyFe0fy@=6zoWv`2Jv!s6=Y6`!$Y)mvHfvHU1PxgVt|&D*#c20YPkavJAZ};ql$547=aCP)_q- zqTVz1mS&BIxFSlxV>Z*n*tll+fjo^3~QFs`KKzdhzRuW)Ho(T3({Nr6gI;LXDA#w z(eF5h0Y4VjGT2^rFiZz_n^xOp9T^9wx`c4}y5|dZ@lXXjb9Yz@F6-?V;az8Kwm=2_ zKbp>gI}$BQqhZCi&5mu`w$rg+I=0P@)v;|G9ox2TPxZ{2KTxaIt-3n*e0u|%H{!cg zM0&ANp1w?LllMkfOb_>-U^m*A>~$&Gc{QXi7Je7yxnsrlXgZ=0W|H4FO#OcAj8O?Y zhrqX^D3?~Q7v_au(``(xsj5HX{-%xxSLSnDdh^Wh%SXZm6($1*cT&DHY6;p(NWcww zE6%i60lyHB!W?}){=<0P^WDw&^|F6=)p0#WQ<9Z06fj#(<%W1fh7=Y!0G2840;gGP93oge%E$bmX2)fK4iuo;G81od`gASN1&1mVj2 zL=n6|d%Z(ZvXKemLGl(T^IEp`59S`w10f|$40A3imi_fJ&Gtum!m8-L89X_b9#6^P zptMG({75FMsrn?Ar$zoVm8TPrv3LDZQ6wt=0Rbnaw*CYn=+0k%FYP&+B|=KHH&Y*> z5J1e|hBcVFj~15E)G_iG*-fXTljcIA7`wHK;BYswp1H`h=lwGn-+(ltbRazWVy#KG2$7qc zd+gxf8xX9J0{^30I-f`VKZwe#BoTe5ePDP_x@^PZ6HTvIVqg%)D+3(^X?>4yC~r+uhR-V9->9?!s4QgUF-NOsLd`cms_}O|42-Q z#DQrBH#NZT6$K~VICb|l!QDV#1umze(s`_-0@hfHpazcx?^z>XuJS=Pw+n*&3fsc^ zS8EnLlQ784nG4MIympXo;1fHUBf(u3S1iLkx7;$>iFJWD^a-2;o`JtBFZf1*tz?DF?z?|ZKWd`hjcf|-HH{JhR(pk}Wz_!T|YQ1XB z;1igj{uBjaVYT~L>3l{kh!&OMxT3082&lQ$h}UeDGn1bj((sY!dJ-RE@Eb9J}7 zwV8bcm&KsJX?XAO?Awe6KLl!XF>YDl_-S#wBS9Q9hpD$+^7)iA z2@JV`t^ql)IC!PNlWv!eegYg+lNBv(_?D`tpnW07q|Vr(?*E3oP+>%^0EIsc-`ao1 z<}jj+eilA7d`nHNK;rJMG5^evp}}5=Wu`oNT4dGkClMBl=WQ<270SVx*!NfRANFS$ z5ZtH0kGJ+RrZA%BbC0~bDzw;uQj{p7cib@u?b(d$==e7G0^$nuLAD_GSv#e;AC(`x zvGW3h^q-E}X|2jvs3sQ=S2Ai+=Z-Avgyc(&9cWy4)isZI7;0&s563@O3UFX?X>Bg+ zJu$i%+O)IvHXbzpaI!$(7T4Y0;rsmeP6 zvZ%(5Xo*7op8~7^6W@P4w;f){4E0k~MN~|sX)!0q%PDphaMOziXZwJ$MDgzujGjwA96z~sr48sx|$3-SWxXTyFt0ZOj zZD1GSCSvp^$X)(F3&3>Ju_COdWJ#11nlkG^QRZi~&Dh00YMe*RVcJHd<>Su#BQE1T z?ma8x;_V|Y98OsgqA$)eh^gM@PZIiVx@*(>EWo~NY4sYJ9qONW>Pc+HV0zTz=vo|B z9@B;MCw-mE1tIsX-ca2qg->`Ok;?=hA&?MOA|yLQxglOU0Fhcq`By8rTnSnN7l~`L zm=fJaeg3Yd>7hU=V;5t>r$iJ1kqlbC?LGkA9gO5s5^7{KB zZ)i)$kU_n)?28U`;+i3g73mhln_FvzE_a7YDk~|I9EOL-u)v_9`#|J`|N+VQ`_jqV$;GU5?eNiNSKOoF0 zwd(V;tj-}vnH->~bfMId4ilZj@m40Lq=CJC_&qr6k@ZD zLbgs#l&4SXYPtKkm&V)6LA0{ch$OD2gyrBIMk85%G22X}w{&KAVFn828l$|Imgq{x!7ooU{a}91k|eDq=u#%19nKI$!vj@=pT+-U^EaEh+zAt=Ke9|>O=$g zD$RibH`FhU0A!lai=IT!v6y(7!AR2ulyX>g_@~H1Q#&H~Prn{>Jqpf8c`mwBk|UfA>$vXW2DO#^305VXFfW53 z7}agtxE&RckwE^C?>gNw7|m7yoMuYjj$qoMs~mdUH5m{(o^~2^ahV-l*4<9rX_%Xe zMM8dVU}v{LPh>+{vtateEt9Ttj?QhBw$5i0_%UTl6))7@!yr*bohP*JkI%nsX$1N^ z=-sO~QPBd4_zxD0eaQW9ZE=v!IWD) zzMi|4i7lIt(;?Z!t0A*FrH;z^sfMlbtVyiYViTiQ^{Qr4l0}RHf(8NJ7?#^ojO}g{ ziNmiLAd2oUa`@~ZdUc(ZPT-Ra=rH|h>v?8$!z-KCb^vkiYVuQq*DWV-QHZe& zhz!Da1(e-y!0|u~C+*}NlpPnIRn+8t>r4@hDETMS*`a$yGBzFv{~))Xpw6y&vs=e7 zO5(c@TyWT;MbS=A^nOL6u>RmmrgKr{^b%)03|h#ILuV%%rMAX((&*0FCzE`&n2x?=NQ2j?K} zA4(2)mpT2iW-qgxOHxSJq~4R6qj(4?i_+_2@yzj^FLncL>M^)))L&q1DWrSv?Fjz> zDdmW0ynfY#_}p02;RK0%AOxPO!o585N^aIGUApBxx(pQ4UDWJ9G^HmharV-9#QROU zY{daS=wTAz^6cy?_nXfucL&aMYU&gb7JnF?W($aeL&jhcoL=k1K|oZjVMmaaJj#bQ zuDo8DN8cwWVc}J4+Vn{48xRo!o1zn^v0UCZ(L9(2oR#?CGfb_mhg4$t?Cu(8CM|Bk zD;#U8AKh5=T8oEQ3c+{;A(LIoUFJMzKb(*uEft;kNKM_yZE|_AZj6*vfysicsu~|d za$rIcn$~z?3>YpjgAE=bw}uZ-j3Zjy`4tVS++vZvK%D5ZQHVB}kyiGE{0O-;u z$blFt)|WCzq!JNgZKR*tLfDL2Kt2KBbapCxo8*N03|~H`mwX+HH_sy1(7QhjnM*w- zoTyW-I8~~}E4Zp3$0Sc%cu?UK78cG+5_nEb>Us+mQ~W~ zk7KU;e~pE&g~F%&H5R4t9A;a6o-tK%Jnl;Twd;ZE_Q4!}4EA7AoU7zd9EcjeHF^Y(e~TJ~~dDwT;TySw=;3j~mz z;?G?b)le0|06g5Me2;M;Pyq2pd`YbuR-txcs%i4L)>TZXh^cQp zrKI`z7hzq+`x3=t$*cgNyFT*3;g2n7Jd-J+2L(2RZ(W_7f`~t#Lxge{na+hs=i&KS zQ#??4Gn$9N6QldTv}>VbYGm^m^kM%}tv6h9IK?tp74|~7sYJeHftkf0ZfWI9zQz8; z=6knLgIPxKkt?HA{k@(jwiG%3b&vR|Y6ZsHu3G2D@wt}EgNE} z*_n)nGL!fsHCnYOmpdVsvie=zilp#WL4{Wvx3#xm*5x&+`Cf!-09Nxay)ykSi8HtU z7+7o-ma?VjUv-D@@$F6LMF*=`z#A)!u-IJ@mh=Ql!ypH>Cd-#&ftpX7ROFQpG|&5E zqWct%I~$YJM;eVIx__P5kQb43-}YAkJK~k(_!zUH4YMFP#Z&1ks?W=>B5phFGqo4lh???Y~;m5}|QX}G?$HymJ zZu_+_nq80KpGF^G?HUBBC?v-Of(D8E1?*^K?5P7+Ki`|lwcGk>&Ret(v%?+P8=r=o z5^5Sm6D38>*F4)Ux}I9rw-}d3rRFcr^OF98rIJC@Yz}$KZs_G7m&KA}ZJnK*=m6&g z?zh|tmT9}+rKS1gIVEJLGRU;D*qM+t*PaNC=RG3L=baS-u^3iWa=4|P_H$8+eRYjQ zXLy00D>_>WE9%&~3e*m+iIn$y=)yqI?{2L=IVbUw@s+V;BB{rtqT19Kl)yy<)^ze9 zSK&8&2b)PbJbtb< z^VwzCW`PW7wC6d8Eg0*29{Pr77)#TrV5bsk7*cXtn{)3%wQBY!6GTcR?-O<1jBb27 zmddm5HpS8bxwOBG>cuSF4PHmo1BZ9XBC#>t(Iik2V2g6+}g`sbVJS z*Z>(K6*Ak)$|)%tXEDp%R_dA6)W?%?yP^7@7BroxA)_8>4SBKq*}|@m!4r+D0vl@N z;*Ms&s4p2+4{d)^!k6)C!MTYXCL3Ip!mcSB1Qmbz0&@#HAoQ(2B7|V&M5%+{<)>Xz}mZiBa2#^mYoNvWty0S-$z{&$^mssW#3kDz-IJjpo{%`x(6A-yr zs=ESFnx{-3lZc@E?MtwX6WB-@z7v)hjPv;l>@d9LLF)@G5q|1x^WjxRAg*(lEUTpV zkF@38gJc<=4ZrC$l49uuu1VLmCDh_d;VD-y3&{H-=$a()5U9(jDHIKpG1zz@u+y&@ zQXwh}7@#79y_AI=sHY9?HX-oRF4BQ(Hf~Iv>}^6hL_yXy^{!LT5I?pQG`$6@INPpQ z!83ku;h*J+YIi;8mKoe-zvUj;+p5|Tz#rugaySy}4aH!L6y7o*A-PASjTQ>k6oF76 zf`CWdGcH;#n<+V!uQ%Z)hO!Pa+X4&*8)BP8gynf(pGh(7xGEZIMQ*$Al&8n&ogIVd1B@2q! zh6ij32UEekRti50JeDj=^$C8#1fBayk71iG#1HQLZ?8 z)2lTrtW0rvYyt`|ORc9Q2eYB%BmYK-H(?6WY z4sI3Qq_!Ke(ePo%ZOCgXH4q8XX&b^Sl0~m)b% z7GNh+LHZ0ZGpBVw23`FcY|^pWBbFApA+Jy)Aj~YCu1&$Pt^}VITHMNzaWSQBc!5^w zOsV-0>QCC0(aa-1^*1FamHy+^VlNg(|6ERR$WrgtNp8&_aV2MU^J-=)2EJl^zi^zf z2G%-SnDt-2nKA6VNsJv}(N!fYw)fl)w^de8>>^D$#kKKeNVBjySLvrxrk4w&WnjSC z24C5-J7BIUf2Cn;PkycOrQ~XP_slw_G6gEI_Ws(VH?Uzq%^14^C;RVOhp$5QHU3Z^v$9tU!^v&U|SB<;YFmmJViic+I1seOc8O&al+>Xmw zBy>qDydHM`x{5Zbh9h+>DPYuk^$~)_fw6k&*II%`7>NS-u+4)At)>H`#*yAB-4JsD zJK0&w$lz%rW-+w; zjruXL4v@4f4|5za*1NR|=EbU1Bne z@ZI~0Eg916+D+IR{(qa4AbwhHD1b$QHdZD?@T)ndSv(TTq;?kLqzfcwN&4A|NJKCB z_r}nW#%4X^7O1JyvO{vKWH;zov(51EaR{?=PO^ZK7Jp-J`m>wmx;eTUg`GbgL4n(C zt9<@i2tm4D&_d=oK!k&|+JG9{(*IdqQARaAuU2DSHgGLkHLF$TR8+=T6aO}+vd(%I zDdTFYlqqhNB_>vG|8{}XE;$H~XT5fje{9%He2Lv;ujJHbI~#^t;uV2MRfp$e_f_QO zI+SWyMyyPFdmpfB5HA1q5|-lzsCxdnJP$mS(#MXmWO08{^jwVL@o80)1_0HbA`c)zCL)(EBpZQ@s% z(|;3xHlDS97LEtkmBUS*1?igbEN4fKn(#@O31?kZDodRaip1bBW3 z$1Y|dRJf{HzJk*8lue73!2)enC5opMQH{-$LQT*_GlI&5pFhKrECIA{0Re)axdvyk zhO|){Smig!RvJ0j7y?sEr~m~M_?t$Onz^e{JtuJ!TMM~MvoVtE*Xu6=N*gzgG5?1n zG&ZH^YI@9+&CixEP2e&>>@9EKCct${Th`>8e`zI62eA~E_39VTL&1Zi6JPw0Eq*lJ zt_rv44kq`Aph8L4?q?{?cjqY0|0w3-fNMk)c`Slpt3qAy(rMSjdUPfGcN@Ry ze>G0b$ZYVy)UPTiF@snB;1izRVrhl*lGJMCbD{U6BqiHI^1=Bf9yuwAdU^qgPV^PA zv^rL?<>VN8`kYN1dYv#{$$Fh4e0(4HB^I7m3zT5AtkO}HmqL|BN%d;|qBXQwVabnJ zekqA?YIV-kIZiB@Ax&BOUaU~`J`+v!!e;S^BqrxjNc{%JgH4|vjE0JtO2tDRYWhz- z7w`qzu|+)2bRm)Wr?0yB07K^B5Knqc=&#zRVDU@W=}N{Q%eHcUiIEhQ>TP9#tH-92 zG05tWvWMl1t^_Xp(A5emkVeVXHbeC_?BJRa2Vb8IXmYh;#QqDmYjn(_fJ_nQ8`jeg z!i40CM;r%O!ri`m)Z)R=ip&IuWy+4JKS{HV^TR#5q=rAOJnt&-xiugowu#vF?7eN8 zY-uYW<}<$sbQcbftKFK@hy$XKB%z;ajUiEMc~FtR--)A58O;CT6x+rxPD6^q_jP^qwRF|}+%me< zPwN5~HFqN{-%v3i7F(qf1!3BY>vUg%XSV1Xm%O@6S378{wp)-#vbub#KeB>mQZQhb z(}4(hk&M^A1&Pz>5cRxB#jNnPqvyAOcXyy*fJWk8{#2$-J{gqHq2|4QixabQOg7t1 z<1!#s`+<^>PQ#AJA+?y{qEeZTADQDV;T$p@pY(g7NIIyAh4HiMd#q_kalWZbv zLXR`GoWmM9e}c1j@m1D-b5!yFE|j}Q8DROTHZAstL0v(x*6*jCNbc*TvFPC%9V- zswI)A#$_{Q2Nw|L#eJnL|Nh_CR%vxEj{Tb^6hV#y;i)nIzAKH_6CYk{Pk6+N)4gGl zNKp9z+X<|c;I}QwA(1w*qt$;LXmHI-^0}S^5(xcY{Sc937!~CEl7h7eB=&dY(!Bd# zxV*RFDAhok{@et9M-zDfUemfNwJAtG^umt;kv<~H^VKcxStKFDuijZYryBk%r~>q2 z_%i!i2)!_Na%*2l3{u>Yzfx8F`?ke?e$S6C8#r*s8F&pfHk+pTz8#B4ZZ^CHrvvR& z8Y!hq*S!H5v8`l6+j*g5GGzuGTfvaQ;r!U%5G~SBY2vtf{)OO71y2m;9jL3atly=) zs{PTYn1;ge5Ov5yHC@${XLiY?>Nx6M=2c4tTxzsE1|$?ZA>0}`Mp$d1pw5i*t>Jr| zTPfwq6&EIv6L~LiapJ3azm%K^E6UvQXlW<=)v7V`tYaM5+5yhxee4Gc3>PC>J*(+27iZ6>aq}(8KjFkWbYv`TNQG4Zp(TdVkV}qEd zHQCN7_UGT1kZvSbtBFcVB{r{pprBIdPw5L5hS0cK)6>(by90~tG;@O7xtH~3u?k4uX9w-E4fSj!{@N5b|chywUWGtnG#K1Bh?;|M}C16L9lOn{b@@yraEs& z>xq8bqA4jDW++#Z$}wfak44PI=s&iOERyHy%!RKKcg!mvZFN05kD#`YR!t0C* zx!Z9#xf5burFMWJntM!r8Aneq)o+xA*Uotn6%9s%&-}NSA z#j6lu$4O2StjZoX#os&(m#g~8^qAc2Y`nbogD`Ti8Pj`S$_9zJq|u5eSf5$-{#aT- zLQ2M{f&Pp+_N=}v_OJOmMN@OPXAwMU_Icp4g`cQlbbNv}JoY9aQ`l`v=FODgW1|?>5>qAkxcwsJx!~YPm$U;!YE!<%}gVtZp^K_na?ni_Uva9 zWs8xoT($soC*|sp?hm-bMYC6+N>ll{$P`G{@pKUukpg+y>)!pi!LMiJt=?zJI(2%p zt@g)2?(Du1@!($C=`uH$KLt`0$HPX2y9#@AUDwqV=uLRhP)$X>SU)r)xRT&h?i zeT<&xyOPrJSlCL#q_oA=iwWx8NcUP7BtOnLFFH=vOgm+@ANxt;eFRD4c_mJ7>s*e< zI19$`+%ms7*4hb#)7HD3YrGyZ`q9AfIbTAg-4)5Ej;Sj0Q*drL1~I?O!$`-xq4ogX zTX#Sp!q`6ng0%EkQ>VJR`jR5jq!5QuF9@D`BkVNL*R@V19LOzr(+mDD&58pIQg#Am z2P{ge)RL#g*COjoO!=w9Ql)w* zULq+@Bkj!yhR~w>d!gB7_4{qJ!l4JQYQ$eh+J+5B=E|-mbC1!WO7!$Ni{zHJb@AXL zelFxXt>ZQ}^UFkiK$}dZuh@z{{Ny4)1Bz6RmB|wuRxxt>jkHRlx(?L?7fQOAGVtJc zET39XE%3DH)q#nrN6}hlT!c)gw28jL2yNnPZB-UMi;QaMFRNfY| zs!&2^Sg_FQ?EYJwotRy?v_pMbcBPCpc|msWs)4=loA*_$Uuo`rmWPSph+D7}izBK! zk+A~}3ynD_j$awV0W%XCI=v7r*DCc2DW0?@@R{SP5KjSH+hkNP>~AiC6WjrrD~lN@ z4yOj1R4mHkw?e;8=OvMrA*!mtwG;`H-c@B~YUtOXP%a(2AR>y6zvlZXpIEZU?DctO zfx6hyGOUQ7A2>Lk$aRmrp62bcOSmq`+#419jy%C0=nsy+-s#cM`Lt$}n3_tZTB4AA zyFW61wwS>z9Rdmw>W+Yz#bOruPi^LT?#$tQBsc%yupD!}<#o-D@cqwg)U~jfukqPt zHR3X4oiak|Uu6871=v4UL@Pz)vY_mWR7u+DJhh_0wF_~cS?5$Of>U(-$Ik$f`v4iu zyZh_S#%8*;l@k-`Er-(~=izdF`3=}h7iTsUiNRtTI*e+SM+K1%32j2PIe7YkI zJ=G&~JPc01^<;15Z6V6VXvrn5On@Y74$W#Ut6TfVye$w0MilAtE($NAZqyi~)vN{e z6rpY4sfK-6!w?njC+&%b2GBFgod? zRY#-r5EP45FAI69|2L`~y{bZ%O(5v$dL3oDZt;_G?gOW%ke@Sml;$}~z|zmfa^>?x zbym%%>b!Otdc3og%2Z^0#kXf{45p4BJI~u%EtAvei{tq!^nzxOEHf35UVt5Muk15a zLE|(2=q?McH)}j_K^v_|Z8$C-?M*6azz{dKZ}G!nvC3+iq1AEsqL8Ht&)-O~Bk~4- zO{Q_z-p^WCB>(+#v6w$!YZ8jOhG_3zNv=}`Bb-*2uUw8org+EK#oH)nv>_pd6!`m* zMQRnNhoGOl4-hcf0(cShIzq~`E9oqb9@fM5rDZA6vVK3!Px-w~tcvZBxsp28K6hIo zbIaMvf+sm(F(^It9>7=M#<$a+NHy-Y_Z6eW^CfWT*z_1$u`Ln7nQoY#{wc5IEyGo9 zmj4-5+P>b-4}qY$)PDvHARB@%3XAcdX>k6`bWupC*HZ`&+b+$)*EHMz_BhB4G{6K% zY^O}p^LbpPjPCuIzYanYp#FS+-WD%Kwl{h~(IGbQxuIH`e0f@TNHrb^O-HUZ>H}+_ zH0pZ+YF4O#A>`DJ4L$81->#3RmY(E)G7W*39qx42Q|KZ`lf#P{Sqi3mbY2T%Zl@airM~u$~iO78=nI-COS)Rx(Mh`<&4byNT z_tS&tr)9aBm$mn=O4%Eci*8QGt$hfyn$G7k{hqG(o!lDcE9(i5&mDzBQ`)Ubx>tZk zic$ZTq7>6Lrhhj~Z(m%Dcb78LMF8Nk=i@VuoP}RLu`xG`ku)H*Kw=(rDb<>pp~)Z| z^B63=Bz)dhq0sN~1L)##Y#vm={vkfyP0d^&A(f@UKw*dPLW#;Y9tOt%$QS?-qtVbO z|3?xfIWitiq^Nh?713@mk3spb@e%k>Dq{ZBqBd%D()>pWI>-$|WRd@h;oP#+KwR?y zLb52yXY3bBmG72&z83dT9hKjJ?u?%)Ai;2NlDWMi{=|D)xWp?_{o)!Tru5L;WDGHZZwisW+WGEi#FMVoP# z=+D;<;aOtC$ieI%&lCQz-|U|@<-VPL9)j5p*Uot#ys{OVf7oc|>GH7=P!M^}m4*BZ z1cuTok4(t{tk= zT)?RStC1>2_82ddB0q^W(&}$RC^U6GFU^2Velr=apY3m20+y#ACl;F9vF!)|qdDV~ZykG<;9!&x?+oN!ybSI$7Q)75`=dj_qdpwYh- z+uAL5s>Qszvu};sj3!z|xcgSMG_%evuR%tz8IRjyZ!2}0#@^(X7DfkScVdUU+t(!y zcXIi+f5Hd!ASUK_^NYfcv8yFe3|$&*$P-@|_d7?^22h)ur>8xnFEsv;xnCq0<_ecE z-#%}%d%SFu5bXH#qG5Q-@el@T=1v2Rm$T?KjTzIrb#KJ`Wj)Q)vd^J^ifUPZSAKW; z2Aj?~`Tf^KeLaS$P7vgpE)J}ThzBo8%qkixvfyas?(zv%mL@YEXWeA|X^Q3m0)~>u z&hZ|SYb^?%RsVXyI`vF9qHQ5^!~-RM1!aIPlI}+M#fs|eMx7pgvWU=`@ zCe8N+99-=W-&c0lhT=ayq3POX(fThdzcJIouFVfQf3Q*8qH;7oA+B~+XBvY5M?E}F z;O#HASvYqz>xeJVI+X5(#vmG-yE6ziGxd5IlL*v_XrwS2+JkN|ZCifNKJAPAS}_hw z_d*t)*Wxi+`?vg$Q~mKaiRN)alm|W9T1IgP5w#_rQls|9#8U9n&bwo4YI)Uth zxY4eWs_h*8TC*xyZLRYsW^&B>I(Y_8<#^#Bz$$i~FY#Y4AD&N7INm9rr)7uo>R6?3 zJ!${S>tQdq0Vo`$;YT|^(m;*fpyQNdtdNAvvJQ3X^9P9-o2AqJ6LWA!%c|!_e4dFq zf+80n4@u+AQo|c6%O=a=xb>Yt3qINol3*|@ERBVA4`8JWEi9Zbyrrc~OvW~;Atd}s zj8|@ht9o5_C(YjcB1mhozpBLK7KdZE1n6KC8<%}-`LUI^D?~5h)@daJN8~H#`gLwl z<=#H=JQgZnyGCk&`s42!~1Z`@8H`}`)x#Q z7z9<}IQEp^^FDpCncj|lf(C>e ziH!|PV^xP$7*e$b{l7qnzdyu`T#ixodq(}%@-S2P*kb@JJq!6AeGW(nhRmnQ*T z>>u}xMIQx2xb97pbVzD5KZ(&hNDN5z*hkbFVwK0m=Vm2Oj-|>}HDh&RN{r^=RNbgp zypctPLsU)Yz}Vybi3ctVS(*LKb`oV75`ZU;?NHF52`DV0jo9k;Gurtj-e~TL_JI{c z$393(y57!dAZ#jD;LY;fG;dgSXDqk_Sx&IOmw556=cXTSxNx5H`B3`+J76Pdx(Xa`?7V)Nzuf6A%u7;pbeQ%9v+H8sg;IAkNAXG&B(*)DB2}( z$FY)HiwYYJ4Dvo-@knF?vWFmG$V=~i-y!M8X@)QazN-bXEG!IXU>mcm#Yda7GxH28 zAeUrDLoZWcU5jCUq_^~<_{Rm7w;E&lVkTKpT%5n{F(Kjh$L2E6NVdb&x22BX{r)s# zP0B#%Q@nQ2{Nd*#Wc^Q@XS%232_M65j8A&Z%Ytw8qSV252-RCu;Lm`xSqKWD^X|u_ z+rfoU{z;(_fL^6;vt-S*34QAE$T)$koF^js1smP4N}jY4^IPNMYaaZdXCGhnTsa;A`~3_8Y=y*>=N!UA7(2~}hi6a;q z3K;@fEdy+sgo$e>2J8Bj`}q0UA(B!#fn8wb7Cbxp#CGz~zLv^iezf2}2O?I9RVx3+NVvOyv$n=dK!9sKxT6vHt(k^dHk2l?{<3j5PkRgdy3>om0ZX* zJ{ohi4JE=Dq}D)%dl;LW>6$Vr(r3D@3;Gi5dD%X8tPfLvnbj^;-1(_D2g*z~eR}OH zPfAEeNL%0o1@sVE11cDrZ52e(Nl0qZ$M0!!`KT50sUEu~iMj62P zhB7#yL~iT;@b+x{^VFnw$UiEe*~s6z;&9O=v6>mRJ-Ov@F5X&};n_;3b(E-gqVEM| zB`yRZG^v%4&Wwpm>!kLV6aFrG=(KUPk%_dV96gr5GjyAG=lW|$i*weyGg2D$+fTV} z2&a;+=N4Aqs}YCcfhKz9x-FmJHHRaZoWBRaNF~cSp`-*?qF}A-4ylrm&MAGylnc;v zl%j&GId+7O79F#~h^o2+Si`TqT4>KRK+;$gitT872b|-pku$Gx((h)I2-}un@>P_s z{yw$X>NLc>9)3%%_w9aHegHnUir*Sdh=#4wgFZRun={&3`9k9hODi0NEXJdeyO$B^ zcIq>5t5tznZaslY!K8B8grf6*W*uyQ*ZK;^aoH__M}mu&a+3r(}~!n2}AR9<{w-l{{gM(0infxa_?*6^fy-4bCnp_}RAef1~O%2%?=S zb${$Iur+ekF>zQ+cLDwdVvcB@#MVcS=bsKli#Z=)2|ar!8@xu+iN~Jb|2npNSw>7?st1# zEIo$ot~RTl=*w8%tN3g0V_te#ROq;cE@Q+8oUuTN>om-tDM6l`sbA_g)uovvi)mc} z&j1pFacAqub|1}?*C|@CYQF5Arbj~O(of3I^NR8N!-*i4+x}-bwWHW2z^*(xkfd)p z5&<0dG&1M_=531^sOYn#&+Bg0&BP_0Jd!h!K}0+{l=32CXSDv%HV*L?5+rsc`=qy` z$1@r=u^2)Y_vNi_n~gOIs`_bFM_xzff1?Y6ja{Iw5TtY47L}VGQ^);GUmvsSahzR@ zL23D2QPW-TNl8xA3waF`ey04>I8n+e$tCQ?#=;RS!Llta@Cd8QCy1E@U9}w(R?G&b zV32^?KxO<#hoQx2^wx$cB(&?mlBaB!lOMYv8o*pYzdW$Q^&I?KI1D?1brqWB1$5C~ z^1)zIbB+2KTV{Ki<_QUzR8MuCX1=HWfO(gN25rq-p>XB{@&e`k^OY!Zwm@z~>mm1w zskJu4WgCllTc$TY3iRzfB`!3#)oK4+8Xn+AFO<*reh zCyHxx_Kxo~h|*!w-}!za)8m0SYIQUFX3f1OIr?KMT2aO}?I*>hM)-dOVCd5%b#|i> zFo`%sWS@_#i17PMJal~&qz8o~6;XPYU5Hhgxy{y-of-#86}qa8@M@_uMhPMD=;Wmg zD>};k9GMxc}p$*2JkkL>%&hE$~6$N0w0g_jfU?Xbx5!VEtte2 z8{5lTy6a)4wt&bEu7G8&^%hyV$91nqVV;JN!tMh^-J?+whdP5cow{8!H!V2*t`Tl5<6|}C+>(>*vPcn7fAr_bT+p^0m`<$#cHB>Lu zHQ2jY^qp4N<8*w5BL2Lwcg&Un&{Hy!=LgY%oymGU^^!BA7{Z!u;jB~vr=`6g0XGL} zS#8xZ-4rln_skFGyK8|bv%p!CUIHwr+QK6{mEYFG+_V^i^vO(2EK2nd1Un;SK;FHH z{+$(LUys|yWAh6XSk0Qr;>xHxs&SkK9_!rUmH6?@$3m*ZKrQpbIM_vx+qY`h`AE;C zk~GU)SEku!gAIPoiVxom(CsY+d!a7Q&+-+J6xZ`sOENjj|3>UhBD3vPGeOD4CTEb* zLUeS(VKxcY^E@r8HyMI$yKG*M2K50>tVtKx;@kG~YF3HmbZniIp(rd}&%=(Zc3B0! zTe10^?@I^2-$07u_8jm2+&z%sX_({tX0>i=REWa&_Hb${M{n9c1mlLYcK7VydyluC zY2^a_2Icm0(zKv3g%1GbslG;mV}X!xbVVE~Fe)}=*d#A5W=64=og+_6Ih)g-33px~vzu%znwU6^;u_;iO4lk6%)R>xUGa|vyH z_@B)g492G4c}Po(Gnl86Z~>%0V=#?tsv%@2z-&T$y}DBaofS=fv` zsX$R{#ISU_X&R)9E{38<>W;DnFkK)c5W3gX-}IYe24}wQcgw;+6D6KNW>%PR*ckm9toqh40w73i!&j0AM2I&f$ z9Zm%B4^cqNGp7J5F(3>?ZMr~1kwVZWNNy1zKJ)7&0)ovmKf$WF8kg$`MYmt|Ra8tK z@Z4}5{EG+DNWE(fXE4vf-=V9Op`oMSeVdf9gNos4qM1fOu+?IDqgkqTp@~8E&Ge=O zggTVKkDy{}+jqqMT>?Lo9!;jrzK48ZIN5;!i6_Beq&;b5+LxG{zO8T@)T^I65x$_u z>#qpiT8vL>8x#LZ0DUsSX5mdHa)`C&7wfH>pwVzhkW1hdm|#C_#xrIa!3d|}Q)rXo z`GP>aAL&ho( zdI>IfXH;)$=cRw-2fy)tB{6na+l<#Cqmwtz?Qz9eSyGNc1O`!pRH3cG8Q5|l8rY{1 zLr())MfBhRc&2=DX2wPZ^be8qAlG9cdb|XMy;0jT(lIXIkPQ}@wo$>B+!hQP{6%z* zs#qZ$5)VuVv3eI9w`N{}cT%n~HY6A!5_TAwoP!e@0}L7WM>xfi+g0D^sGe|7+67AV zOinI=L_w&agDjG&E+K47RTL-|cwQK&o^QU3sdQ}2%xC_){VI@|lX#l(#a<_@p6y!< zGdW^GaD+UBD%=jCCCW>46^@BZfe;ARi0&WS&)2`h9nB3-2}`w+Y4jfoY3?NOrMWmO zqhQS$`^{J^7^H`Fz)U*7Fb4z0Qs6y54*5*G7+e4E{(&($na% z3beeTj5rz>`D}i__8Q`xKj=2(vu79{i!rEc8ZSy0U5nof^(n!+H#wcr_0xxicPePykw6hEVV8cDQeld zXz9_RX4*Q(BbhDiB%X)^*a4+@!UV4$eg{jmfBT1@$+*8Dt-+1 zVBZ=$4;eyiA4IBdbN8_(nU{J8K}&G`^vH2u#!5y_Tg9eCVc_c!U--p)=Z$-xcYIe- z6rlpzp zgb3oP)%>Q=2b)(3DExVxjblEu%Ub;3d$2Lm>l0x<*qlY{44VOV_Q2M21OU%s)X1NWbUWpkS~FJv7q2NRjvAtA)1jdl0ZX z*qu9F85cuBzMLm6-+u|E-gibW;DCc!kabovoe=F2V8zms=lf@vJ;YuR_C|1!R0dv; z`u!<=Ron!P3m3=cbQgBcrn;21-z>MRdlQL?PLvHh$O$LzzI&aP){36VJINolVCQoa zu?LMM5YoX%Dy`|77o2z*!KfQ-lCiKbB&DL9F4zOt#PH9l@vkZZw;|UAGi9`AEHI2Y zj3LQna%Mtsah7OCz?h&3i0h!+hQbi;#tfq3Aub?x(by91hQDi&p@BJ&^P@R!6#pDv z%kaHjA0V|5Gz7lu>a8RUBs5Z(bpvA#j> z-}qSwdoxSWJm4zyqoaw_1YjDUd(d>|pZ|FZ+xrGNb|Nb8knd@5L`al$ce0X>&F-+Z zQ|el9QCH@SzxZoFi2yh6aE$WJ-{|?8k5`&r*ofYuv5zosR&T*hCr-FBX6|KO{Uf!GCwzSr3X+Y$6&+d&`c(izrwL=))YFfQ%|K6)i~$bW=LB%BiOGKw3wyMP*+rz3`8 zQz?-|0%Fnp4=~79vp`$DKVaT2WPkkbT@0}T1iUYUsVv1lASPp9{iy)Cm6{3xLIa(F7;AARI=3v+Inn;qVZ7$N!EH zc=4bpV%?;wF=Wp_N#5WEbm`|?eb`ZaD~*TTs-)w6_DJx3o?$au<8|0}+QkF2S}qa| z`s<~h2kf`~;*Fs})2#hyuIZ(FJ$h{EYSQxYDGz)cLup)!$wSB%+Ih34dDo)uFXq5* z+#*cGrVJ7dI`A+C7K8vA9T6w(9j20m>cUI zOeZ}$RCoj=OhM2|;pao;v0ZdEx&vl~Bi>U5RM9oZT}m z@-;3}0I07VLrzPL;_M3T$0|~>J2|6d6<2NN^b#Z<^rr4=8<`=knCbYKf(nED6z!Y8LU@+u zF)1Gw47$rTERmJ(VzEgK^`iqo)9)#&O#N>^fBqc%V zh$Ny*x(Lm0X%{l+U47dZwznrA%^GYhdP@|7ux5fY>XrUxR_wf0!m4*q*g+2kNkheC zHZ&Qe39+jUH0~uj`Gprf;XD?VoZDU4d@4gEByTjJ;Qtj}JwD5?40KiD>kS&T+VQxmYK!^=y1x7g4`YkKcN2DG%f zRyNCNJYVMbM^d@*W=Vz1zD=Pi-^)GtSqgHg?dxUOUEFyXmXQM4N!xDw7#1wRTNZ(i z`Ah;rcFvV7&VD0B%qltxngS3rBqS`SPOmxnwuD0A)+OYONa9zM0JHKe8(cWgUctyX z;R~U7Fg7H0p|P+b7R0R%Wt5Iv7!t(qv0r_C!Dex-bgYgy&Ay4vbmVqE^=}=q!J;NX zR(Z&TQZXlmi4^Ad%w6+btn-x%N0oMQ)ZV3dn>5Yqb^b%095+FjR*~5FIWughLUL55 zSG{K(W_$U?DCo^D#VVt`c;1_9!ssJ#aWv!z)dmw|e=nQo$so#Qe<_g*V1>ob(WxjEBf<&bu@D8&lKU0lafg8b|vEuMLfdN^* z3v>U!cxI&{PahR?5gzlSUuKtCM1}@GnBAyfN$veKvdTt)JFs=A>10xm8ypFvflm3} z5wGVQXe77{=t62#mX~nwOT(V&MgdG70$czVo09zxV=Wom zUg-&}I<`oVKKhS&B~CH9Z2lZ7h&Cx4zEJL_s6z=a##bH}k~jpMTYu52C3_f4RS?}I z>yp!ckl7s>35|lSH?IMAUOrQ zwx2>H2`6(}-h9=S5w%T>Y_KF47u<2Y4)F)R$$PUknu4+?la(SG^)1w1Kqw3{dvWNS zdTb1t_n4%I1CZ|^ilQ#?1-v2D@St2Yj@l3kE*Z3??14%@w%P*BeoGiKdV?r1n?1=` zkyVndH-Fw}#XfmOYx>yFapg-Of(!s|+)tu>B7!e=x*`wX_Nq7SnK0DF z_?H&n=8NQoReCmOLvO0yD}i<2nwh8;j3pN27U*Vx`9oA)8N!`}oTf;C%t%D_@UikK$gtF>i=<%cnED!s)#@|?fr*a>Z)k}a@vIeTvC(ncZDV#Sl@XB&Y zImmitrgxcYJvO;I4l&0!7;UXw1gOu)G2(ot=JXL*14-3CuB(`^6ujm^i;B1P{gjN= ziiZf=66&_0(hVDMdWD`_At zs#tJMh2$;D5FVrPbJ9Tl3YT{pg95!)vp4t15yGoS$Y=N{oL^Yy?>xWLR;TKJz78{H zm&RfoC@$3N&O?+=9MRW>`3bY#@M!vsEc(#?lz??=nn{E!2q^N&^ z&~^j~Mu8t5tq>|F(FBBLnw3Hs2#jFMF@ukIUNri1wC9rraYciakyCxz z%?lpy2|6n~#!3;M$rjUZbk0vG1fL8o*6vOJd%3FK3=Yx#8f{^TaS zcn4w*1=9o(@o#FW<(``;ZWc8!rr8?3U-12|7^MKR#X!G|zaNL-)!QvIhu6!&hn|k* ziA^BZn;L%oPeVLi_;VZVIx09mF^HqU#=liKwXb}?QAT)Hm>0~EKm*n8?*d}Q8Csgvc0ACMXr6 zByt?>RolH%OLhbqCxZ^mtsGOXkk;1YY|v0NgVz?ds95S3a;Z#vKcB5lP&1VZ?i4YB zTNYiG&J%Lm#U*xI_`ZbMH3EjOh}~tT4*nq91I$I}A$wRZRi{MucmRTfD`V+pb0;nO z99)9z$}FGoUOoWKT6&&;Y?Zw_{?+*OU|HQ3pMP%i2gjyNF4ebS^3T@?~2w_wI1Bca_s9F{Ppzm1(FVL{4^1f=CDhz=R78F0Pz3e`TgX$^;Bm)`NveXId;( zB4|OJ-EK?BhmS!FyWI}K5(c}3!S+wMf7gqGKl#pf3o13a+NnV_4YKmQ-s-|}mf7+1 zOIVlCKjp{!qoq;*Be%_3*YA0D>*223l+W2XC8@lolvFHB>itZWvYBS@TDp%cOO11z zwU)KwWz20FJj{`EulIW|&n5KB#jmLDCLWlx&$fPP7s8v2wUNX zes_|w9?m}SSOz7eVS-_3^wwtBLn$LUhXj(qm%{`BrKqXBAI^h!T0v6ZG)(hNuX>hr zLkVH$B-0;<$8qN?q+-njy34hcv}`24E`8=zSejwuk|!JclmAH;%6$JBu2ql#;Ejqn zC#W{;lB(&~r2{#QQUcDpFu1A$D}RvpCgT`ok_v~!DSyp=_62570l{HgC?>{*^X+nhMkH0h`Y?#~x zRb~l%V`?Maj^xAupKE`JU~q1+0x$hMXPQ%`TvM{!C2U~SQro-BRUe?&ggb{ke!-K>Gqfx33#x383=?7fIj@!5QoP$91)9%EY1f$Xin~0 zkKV71p69ULy^@lX)Rpv+;-5uH1KRk=4$|L&e1GevnqvvXcEd1tm~g&2$Z+iu!6!V9 zs;n=p&z%L$0rMO*m=qz!W;Vw8=vbX3cCcnHb(nDImlv03|Jld<9#^!rl9Jl4baGE| zaj8w2;ih4{l~l-pEj}*={wJg!1&?s~Z(id+8CgH2ugrvJt`X{rN^??j%(5I} z%oB2*Az9+^P@5illR7()hoXx0!@<5x|7V+M`FU^Y79Ct1raH<6BL*>KS`2(~y95H*vWWCV|Ad1MqA3!cqzXL;|62%ig_%3|Al~Ak z!HbZ6*-wl=>EtdRhS=(4%krRKavvo{C3u5ShROc(x#MULea-ATzY<^B4R444{5P~wAG?0dV`mW-Ra3|^AG!J2e};v6xf%XLk+8co%eg;yR`koV zKi=)hrG1KILsgB5&Sh`lm1`pt-hF@NQHZI{fkxq!Tveu%7zzdaSDkD(4|g2MnS{^w z&7VjYg%ht=2jsiw(58WcS7?T^FqsK@Sx8i0=njpz-WeMe6=e&GmQ6dl8pQbop(RW_w1{T z#5;XiAT0zDL_s?^FTfU~xOvyXlh79^;Lw-I1;BBheG^=BHagkKb2DYh`|KUyOANw{ z8T^Buw`Ze9e^FNA?ZlnT?PuJB$QfZO{i6@*AIA^Pyea8i+rQqu1N^u7j~sc9Zdn8v zt&w(P6*$hi8mhJ6Hw8f2ZfmjZFObVq#Sybp$;CmprAq-=G3sfZ2Zg~O20nwa3a3z` zgoaIb=4>*I6}tj%0v-}7p=^m#huG4d5Dz)NrOGt|@!4-4>-o@qLc)X-Yq5X6M0#ND zxt+bpnPyPW2FDSZyNOqkL6cS3s!jQy2<)_# z7{B)a@2dasAeons$oRQGw@U?)*P&Y<>N|r@zhq5#L3dthMSi7%igfi!(zs6JBNVL> z<-ZpdM_Z^mR7z@M%DOwnS7}AKr%-94Ghw1#q}12D342?hjCeFOZ0o`*3|2bf$NLzX zYUjIm(Dt~Gv}=T^y4DeWXrw#vlD6$(>v_+tUiDloXt=~`N6Cc&SeZgMI&#b;0H!P$3J&Wd`f^bB1IBor!W!^7iS}7HPy? z+coV3RoWCw^!zq*$*(`2uX ziK-bGpXPN(W65Lo{}JBD8(ioU<^6PKSTyc{vU6o%{AJ)1((>k`$U2CbjulrBx=hnQ z5E(DC6cbC#<8DYVjB+b}m%>Lniym}BtZ|fA%JiA}vUs3A;qw2VB)`^reT2!0bkfs; z9<9KUkfe_Op1D>#lWpRe&#+(v!GwQ5l7Z1NakqX9jlY~uFdG6-G$SUS*mor&130I} zKRe3oag}#0ZmYgKR@JO(G_rA*u|fq&S(A-<_%?8YT>j#i6}(aTtYcxYEj%ms6RIY~ zN~Th%na=gwW)NY9gd~;lEYxwU8<47b1wOq{YUkCR5R#>$bNGJ{mUo07uRF^LC{XR$OLF$m~cDBRoY;|H<1oGk4 zrecyNk&rU~knR5=>lVEjtVH++nnMSabnh|`*J=`0lQS}+oTwzBIU)^U_TUq6H`3sc z3lGr1iz4Jv!$`=Z)7-7g2&1r+@y@9bS^MS*-&*;j+>YKjGw`8H!dCP0PqZ!I_e^S8 z>cgL&*z)rWO)))cce>l*S^k$Ebb(%qhgZAS#&Q3~&;BQZk&E>3WJn;5r}bC`nbP>x z#;9neNfCRcs9gU}mBiQ=8qqWQhIfG7t-fh*nKI$o*SBYdN@L^ihUG|$_ELY5oGfJp zEbN1OZKO=oDh;K)3e3sSkDoxl$siuxRX}M4Trzl*F1YtZMP+gcGDSp|x!NP~O>Wh`k=pcSVYxd9! zdo>da45}L?t5ZW|q!!mOuu+2-RBYzQ1~Vsu{|zC~jMwH$-O;2#DpRpjbeB~zDf#=# zLwP-T_Y@BhdJMU#m0v=sUT@Q!+*Pj~=BZtVAhlsu0c_rv`7O{;%Y@k+hFKw z=fTOn&gBt1U25U}Anq`P2f5X~L*|!_gB?A9eYwQb6&0OT9vKx&KOI+2GF^*T1*e9# zZx|%9aIB1C#zSEqO*pC`o#xa4wrWQeZG60p(1|(S%X6t(t4XXiRQCvpdk`gw@b`b8 zo<{S~@P8x!gK50<&)kfM`ixWq`=D)ptsMaNbwKvO>6sbwod|5t+-|(v(BMCH?)yuY zDmlwVwrKA%SBF`!nipa?iL8pUR`{$MIxfYBtgNaA!oNI_y9G8PALCN-m{L}-@lzA@ z9G;axVm>J(ZTB0c^zWeMKC@#Y6G(is>!_@T*Y27kbt7Hsa(dC_IYAlrhF%?d;ZN~N zkrxHqRVSRSLT7b3bq469_r5N*hg**JoAR%}`ZMPmbaZf-ULw>B-&?7!A}eJL0+K27 zoy*b$dqmGYk6}HMbyM}tRuWw0zc#*a=Y~L&)5tWb7Vz^eaXJl&$80wKx4L|?sWj5v z#|*5~3he4Jj~dmdPCC4*HHu5R>y}U=-!RxLNy`G$_A$13-KeOV*=M=Ym+AvL-C`nwK!Arx3ksBRR!ilj(2$COm{>0kCx-chCoS;>dXVcGeE9^v!R z2q0mV%h>-H;ms8nz9NXf}TPu}|HK}6!3A^8C zGEpaoJx-1B#gpjmUeLoH47;ZS~P&`aUWW{L|eK60UltKcVxQdzM+0`b_E&LK;A7Ech89$K`kU5v~8_MF803NI2 z5?D$tJ0#6u{$^Jw`#5Wg@47B1%W5**f$HEJacy`=2>G#OD#$F-uk4ju8qKCl#u=4s z+Jjy`Hz4cUD{}7JCtqV$2V~9`-M*gPMubcN2iS_8#dSF7mj>;Y=6arXGBqnxj)v7< z#5q~Uc>=#xU8LUJ8(;`gYgnIas|}vJiLrG%$0z@OpE)9+xC=wTAfPC|A685D`Shat zDnylMf`q}X*ef|$2l)q1x*sA#7FjKntX+DO-n>eeiC0u=jm7=JW zrJ6=8U1Lahh~o(}j5skQ@Y^Wz@3gv~OYd`G+#l>!uGEiQ9xaFQEEZFkH?oapC@BGz za~VvD12kPuH6mv)$~#x5(;Bk5>PH9*lhA`^Kbs0cM^v*dbC{&gAA57LBk?SjBmR>fEXjrxrX+$sJhVee65t zEMmAcs3r5yD>0S5o#7(6Z^j(O`C*~#SS z6OIw}4KGBLNRug@pWQ!!;BZ*MOQHrp%0YqPG1L@c8e&Gm8(#zH*f}bHpfx_QRh{x1 zvu;dAUHVmH0KMIfw;>Zcjm#Vc%|r&xZt6iPwO;q1+pIlk-`DKn0FO=?MA}EWCu^|p zu4|4*wx9#E1`0{aH?|tOOZ)Y-X=biX*EX^h8a3dmc=cKznZo_}ChQuVkdd|yT$DEr~5L0)~v zf8h~-J3xNQ?KnvpO(-CBP)TAP0<9Tua2pRku34cg)vs9Vm%Cv_Dt3jpJ_d3MsDq z`WtBtm?m9Gu8FyAj6;%OlZU{4ne8J%^~<}wVs?dYLETOYuW!VNat^JDOLIozI*aQz zCUHzK>x>^JI{x;7&_Wvyi%}yRI`-n*i;Y^kURg#Ii^aU;xa^HtrHp$7j3&d7VlIfq zNQ0X0E zLzm$Jz~P*ZMlNkp+I6l64GQVhO&rbPD8{MWd?+_$k)dW_v3UPGS5|wW1nQ~NMOe{z zzhQ2w*|5|^2u~S^Je0y}mP1J_EbYIOI@4FaRK7}9WNp;_S4e_6O2Z&EnV2+x0cNJF z>sv$)TJgP@jqbloyMpX9eR`ZgI_yHm^+z5NIo#gbkTKt$M4KLiHSYwNqrjK?4lS(T zKh%A>HvkOSC#89j%`yItb>h6Wv9 zsLXYJO|3kv*7i|%;$z%EcbiqK#j#rn1Erv5!(f}0UoU)BX&SU}$V}uSQa!T-X6j<+ zEcScFlo`4AOO(+jONyErT9cyr{~+VmW#SsR;<+zBt+vw0%A)HFcxGr-38P2Zi0*Fi z#lKNyFsfLd_+@c^s4Xwy7q?vNboX#_QVW)C9I*Q&a}fw-S*b{1IV_a`W3FBafhe_a zRU1y`pq&JFUCOG*1Q1Pnj@wfz!R|wyiF-D`LcHEN4WyLYJV!uuAg$7A(O8@V_Lt?~ z2_03HDCh*)#H(F=_x9_hBzCE?bjG*4ku90dc(|WUS@hcNu$$7vPkkJ}ptSsxl(dce zPEmb7Hwe`tycyshzsQ&T>9tFz>fbsoZjR$lY#N3D&sKB02`z`(#e8!OTlP|}{dgbq z&<&JxlSd3S^E5$4619V=l%9-I_(GuTWn#(8!OA&Dev;uR=Tyr5SX?Vuf6!SPcplUZ z`ZT7kKdsSd-J-IKC*Q2pTj&>31Od&+J}%Hp7b(Y-!PB0|in-Q`ROx-5py_^IA%j2) zI>4PL8m7zw%cFUdGQ0MZnyxkpF115S$3<|0Ds=`Ms{-oLM#iMAfo*c=L?Lqg%uktv zv3Q%At8OL2ZBBF|ghD?l=#Uf2yZIl~X!~EezMEINI03cr$R^Frwm)T){-{z=dT!}Z z&4yCdXe*xut{IgpFyXyE3sG(c_~ygHb~ks=PvEJDOP{Y^HTrD;gT2wE1JoEotVC+0 zQyxSvSg~_T8B-4hMOL_pT=*2du zvh5~4*06|})}6Il4JlWFy^{0;x-}2Z?P-C)aIAr+3VKboHW|%8_}D~_D{l8z5Fg@- zmswF(P5|@dRJtA=^1A=~zw4hW&k+LUjBu&0GawzxgiBIbCy_qF0}&`JeKHIOBoPSZ}AZJr0U-V+WOD&0rPtck<{ra z7Oo2kylZRb%i$n?`ri>Dx@XziOsUJPSBN!f4`0vs7_W-lcwXcxcu@&ROQ!D8Ok+Z5 z0+Eu#?KfmhqM-N9o`j(zbLu4^I#@Rm=dGHBEGgzrV{TioXkvWcHmiT{pZ^N z<$Yyl4US_KTYkRauMgmp1p#H>>z&v02zZ#(ZnMGs!;JwAK_G2#4Cxpz-YyuVt4#5O>lgs|YQms|%6c84a?1}fH$+fBr4 z1vvCh$Ag+5#lsRQ2$=Yp28{c%vN(jW4kulWEKFQiJQ-UDCx&VNl!a5f4=`kfpJ?5D zuU@AL<#r6d*rq(@3cm`0MyPHEA|Iyxk2HT$8H7LdpHIKw+2YW<1J`Qg9YNVWnY`pPeI0KXzL8Z!hKDl{O9)b)U3c)y`y!Xpxp2( zYPnv=!-zu!>N}wDEzEZWSKYS^P?hHNv^SpL|5YdYiyD9mMyAU+YAoi+thsf zY_=6IXjdLfWJxQdK;<})^o6+gJf&VfX$;gdnhCJHMp+$(DKUa`jYfcmMy;JM>x?>2 zwGb{BYU~v^<$9uER3jz5iNy4y+n?=`o*8E8Hx0qe$o^}V*sj=evNDjimFu*07|4?< zoKt*FkVFFa4hujv=%_oal)E`Zv3=$4Za_YtmDrBH)dBEVB@H?$d{~C7hy|Nz^fW95 zwGPi|%PTm=C#q`GoXd?oUYQL2VcPxe(9D7-qjvAnlSf2?^_)Mq5QcykUCl$%J=Nm7A@4A_d4aMgNSlJ8T*)^(L z4if{D-(kNP`U2d_M>Q|S)bn$DcI$ryE!LcS5K|9zL-Y;6?v$ln|J;md%h%%Z6u;<2fVR(BmHFjxanGARQLqmox2Xa zz}v-G3UW{Kq{_uXVMyruCH(|w84J`nu`pn)#Z-vdh%;)KXN+;28sftZ(!T-dHK|c= z;YL4!M4LQAbvOYe{(+f*GjGtHcF5Tl=5A=LQ*(I#IL?r$e)zNhi&F8!gw22B7`^yZ z-DWNbR|=ml>zDwW_8+PD2%Opkp_A;Y$3W`~Jm*7}YRB#a?qkn;xy{+LOO#k&ubSdZ zSI3un_HTadoC^85LWAo&>=j&yF&7ro8fAL#iI+R*6!se(#NW)`r)<^ho$H*Q=mhQs zpTF)I|1{kOD#PoNzDF6HQX-xDm~dIc&o^k<&$N=A_tVTJg_-ytZHfp}->ut5^M3aq zeDlGp$Qf2ct}~?OWAV2a`;#2)qV_OKaQ5@TJX+4C;17Tk=Gkuw?=%^0<@DeBznu0h zy)_3mDuExgEm+g>E{*H=D72|R-iH~EH?lovvr__|&OXE8Zcx&+Ft&0ZBVR4EL7x%u zp~-xgQDsVTuEXkG5zTg^FPhR!*~pppIOUzpo&mi?aBFOZKu`>P+P4Umjg}(vrvAZp zqg+@)Hjnbf*a9#+9>w1BFI* zF5Wg7d;k=@bC|1{9}fN`KdxD|h@hg{tPo%c#smj^R9p07f~*n%Hr0_)ONMLX*yspc zlQM7q`ED##SY%fQ*IA>TYV{eKm?ev{`&FR*G0pDEd6FTq1=Ziu7x>1|s&v_TG}DQM^Xc?YYMVmJWo!Z;3Y zkLLC@qhg+>^VtIfY&|S0vT6Oh3H+TO&t60$l{hyTyF_}1UN?jaH*Qu22#k15Ze zYbiBitJ#r?ZPSY7wH^T+z2&;s5N_+!ohmjRBJv|UnS}R23>pU}t;^8#s-Ew!TCL8N`EK3p4WV38 zroCy_f(FBFbQr~FW(L**FfxExL^c~klZVz%=X%>B>9!36Bt(X0OuG974rttl-`0sP zVzCPZWS}NHvR8sN)8NOqF0x=W^m1muyBfGUrrL~<$qK?Ks}JLXg=S`5ZSs1yfDX$Q zAuW`LEC=7W{mq=iZC$sUhUJJeQjucm*zYx3P9eJQQz3BVHp$+{Q~G?qwl`!YlCSjf z$gK5Y?8?mqWZQ2*JB42hHM#VMqn2X!V5rPEaHf#c2yEU>V~YBelIKA6QUG4b+ta#U z>uyahRC99wD-?njqd`NQQ5b?sJ=VA0$g(h)3#g1}8Lqp-MQj1fvT~s|GHzti#^uju z_pI2oXTbH%o|)*G+}+}1%Tcvt4`&aWA8ee|MWFuxk9x|uWi6t584~Xa-0RaZjm1Y_ zp3gC{T#(pQAP*FQc6LjIBl&wAsVPJhLqwWLONvvq)BsR3)t*3AUZH2QsQ$|SLi&l)QG}QSj z{xrbERo_-yF)8~jvPsJ_R+wN%Z9wjk8OFYk)K=81vM-zB3_0&I;=z2!rqy zU)N&Mi+E8c1H76Qf=_nYPY+z|*T;we(QTRar}xMfVB?(5`$*NRmF(`#Y+9bSaPmrr zum!W4!Cm$Z%7u^t;Gxfb>GXP7Lbn%4;I&7&;GWs{+`qCg#O?qf)ip-T@hymIl;Kll zIHG5w+<}N97Fx7b(m3xw6n|q?X;dJMRvAujme6UPR&dsHfbNT63$g2KpI8@lC@@wuyR0lL;z(1dLOH2gMaU}7vQ*zPJ^@PGwIU$G z(SM$`Bak|nGAI0|@E?Pw>$>}*Oh3Fw6jFRDg-ZT!-}6qYrY`tLNi1`U$HglAp*6}R zXT?*2?=@R6tVt!GD6i>dqR>+oqfvkFXn*b#^o5L6MTP``cgA_Lk`KJfX4m0E;4dQv z)O!4Nsg0E8FMNfn754^n#u!454NR5o*?2@4L6_s99Dc1<{Awvg2SI#_+fBx01sT?J z1C$4FmL*0Uw7=%aI8NsY;&(!Ibby?p5&Djrft!ZKXj_s5jR~P|Oe=-%HK7c}(3nOzTxNGN7_8m1B`LYdu%S<<8hH%#N==`YVHlMo{)@0P ztsuu*UG~+T$C55VN$Rl;;66|zU%Mou%G$$$Uo<@Vs^zLHvFxUrqyBT`cpPW4BQQWb zqV^VDL?v`~i|aY@%`@)@pijI-tt4D0`Z{g{{EUssvEWLya91A9uePm<=z&%23}?d{ zc1WXz+4lzWeu5?N%Zw10t~nYu6u-W4xlSxPhf1ctm5m}oPcgd6FdN4=^5QZf_p2gY zaUgBvJId-a!{RwADB0|?l#jc>(!LoO5=K*Y953QrLRXVl5Oqg^j&NejHQ#6XOKK@) z&3<+HD1I>mO&C{W7w9?6${}_d7 zbn4SJA?c8IkSAvpEG)`ufUIldN0OnI+ZmqSKaX&%dYUTnOI9Ji6dHBwm)ekxQc7zps zUSpa3^R$Mr{JkfhM7KgAkqLqf%2Dkefr@H z)mZ)HA4b;>UrA6FWiHPqkc*W{U6*@IO&r%+ffwHq_v?2$WdY`;jGK!Mk;-%X|JuHD zu#j6P`-i=j{4gs3d+k9_llej*G1XYYsXm_j5BeP-n=8+R!fv{pnUU?Qp4RQiuflHq@u0b3soj5WN(A9=%GL zDJRbP#LiKEG}XV03x)nVGH%CQfN?=CT=3;d#> zGk8f@9FwSC@0C0}Qfjfc*6FY18N&_N zIf_a5WUldIi7ozv+UyVl$^_p0opKdXY z@y3R1Mki|A*G1z1v)8sqCXxHR7`xAdbvCC>3fpaC@4uM$`@*j@m&36MP%!uJf7m&Y zwMI_(^)Kct2mwacsZ3omNG6MI`&x`hd@JnE z7hU+o4uge}qW@hK(05J~-en^(Xa@I!e!XcI!Ga=4U& z$qe&HE-;U`Z{kRWajy7u8Y@~MCY9^U+t3zaD(nxuJcZs-b>BC`cb!zFEs@ROVA|8< z(05OLQu@qWZ;#)C>xgM2C2+$&##-7txWe(nP(Mz5tTXseK?=%r+lk-=KUnK=4Ooce zw~xA|dP}i{#oipnT(0#IyiJapjKI=2x$J9l3TOu}&`B>>o-rgAv3@XUzhAd04U&Xs zOX}OmZp=8;cAzt;x1i}mu5lf5ujL^$z2xsBPrW17wZf0JuUST{uCJHMmFyxi;&q}s z=0OV{(DA9~XD&XDo0{`i`J<f^UiG-Hk&03iz8WJ!z3?KwYcdm~m35J%{F> z+3d`#1sPx_DatyG;j*O21CJyKfe6ykpkl{)kJ8jBDJXtHVIL5{AQMpPwc97NnT`F? z$;l;s9!v=?68D7)7kS@DaPhIz$-kF?|0t_{PC)(7UWNqjR~vmR+8@16+05D~ ztCTMrX4H4#1B1{O-a4x@fF2jEq?7HqA{hmdib)zCm9AUm?*WZ-V|%5L+goS*sR(zrN|vsz(hP-P;}og9NNYs2CSR2uW!GT87PO z$q!aEL98aZu<9nU74tM^EE+0HW)U_qT8+qg@R>`O1O07C7+dbj&CBlg-qZrbr=>5C zMoCr8_l*lJBy2_rTE|@REPBXhtaK)z%7sE*2i8@^<{_L`zED%tzmCp5d>0$T=QGrnt z$qy$G3n-K(W_;ofyo5tb9^yPa57=!O_R(lTH%!dTaMeN!5@^BV{cQVuR}>hGw%EhF zR%Cr2TY4Sja+Dq?4eVvqz%Bo;0X+yD@-kFqiHNLf&vNvor7fwEqSqPuP^ZVU-ayHj z=Ws&X301!sEeEZnrL~o*iFn^C(HCHPQ*o`^vWgdzxa!`=KW_ZrJeBcw>kePbm|`9- zxXE~UHt<%p`rWpg$r%KW%F-Nay9YKIdkhk76gf<2#>@8nn`-n#rt&#On;BlvKA=|C zc&-TUF$E_xPB&s&69yy|0DnILXBrs+=b-VRSuN3kb1RZy5p7IC>LE zL*$9!)VdD55L75a6>!oS1|H+mU@@8UD)2b=!WYf3&M9ypf=ixBkL^A^JV2F#Nq>L3 zQQcMj;!60YSZh3Ryl~4^;5NXI0$I+$GnF$SvQ|MjR+T;k6|JQoPNwt@b!LJIc#>E_ z*^Ya&ux;k|z(&Flvm0&dc1Q(vXRw!m+F|Ts-uCQq4In+b%2!gdv5r7dd=nX3NrXc0 z)q}30XX^qEmVpt!quSMm)GMC%^(^@`dfHf(ZZdC>W6P8)LPa>+y#Wd}vx30mnG#^P z-VCd0tC9fXlF$Xb$<^gd)!O4C7h>W9=Mf}O{^*>`vlq{&eAM!=l7yCyUgqKb2phz2 zRDhwkAF+vpa_qkRviuliKN4@n+goo?pL&iYwELS?eN`#{aR0ERoV)r7BCIw4f!NA1 z?v7pwdZnq@A4X*11c%`H7Bci&r_(&VmDnT$0;=pXVneA@m^(8KEqBtppqes087~uB z!L}y8p|2OCh`c+$o+$^~Hly(Dc$YpdV8OSIrpMr6G>F{}J)VOYc1fiP{FA24O``KG z&t)QGKX?6~CvNwD&HNkkz}0sS9(6GeHerri0N1Ji9#PR&#Y zTVYiVL5Q?Xk`)!j#duBtF`$Nzs#E~T_6X5(mv-&;srg^Mn|{U<(#Xw?K%a7;8uQ9> z)zq^7RW#(Sl94XJGJm{Y_D$yXdIHoo0KvUc6~WKtb#W|?L&;4Jm8@h{<^K8d;@ETS z6YC^;k;3lOki9*nIi+=bdZ?w}SX`l7;`7}8;H7~$N{mRVs&*i0Y10SiacJsV#!{!X zR`q3dBM8R8aQ-2({;<=&#yF*hn>0HNf!Ojujev7m5>!&9TzIoi(mrq{r0R!?C8ny{ z6y&brbK`GfGxgM;Yo2QF^BO2J;C6C+?3$|B(nSu>k<|BGz+p8z?PVF@Zy9x8|FQYF zad4}2<;}I3PSo*x6%?W{l@@=s4R}qbZIi-0b{HSBeMA9DKUA51UONsj^z#-;oy^UD zI}47g{^pm*rrLS0@kTg5C4LM}KB(l$devO8>g3>|nXdbi2f2+0T;*n1t^#@mHr-O8 ztTFPQir&j*o)HB{ypgmiQtMLsxmG}Jwr5z!+KKDHzsAwv^#gxZPAUg1qqO~kl&=%Y zRl*_($oeV7DiX;Zh`0U_XD}w3rgj-rtziku44EXN;7S6$j6Swp~(euM`yR* zO_ZSUJn2<$*f`;#&Y2C3U7u-lzKeNe@wu=ce*dWFUm`NSueqKTk+m*U2Tq6^Dent= zhvp^@LG(H&as|Gyg2x?^XfOUA_B`_+ss1nmM(FMEdfhTHV8!x`RhE^dpwPrDF^K7O z4KfC|^t}I@a)6~|e5Gu+6*{jfWz>L|7ny602;oBY#`ru5{2a$oZ+!wU&KH>-y`6+A z0Q-dVI`9wtdfUC?YwwkG+2^<8!oaj}P6VKN3)99rxGIDALice+(|el6!8|`zb-hn0 z^Si=vkMwqd89gA}>=p>U?R3G%+y^QR{o#s>*a#ZpJdngd9lFk};_z6Bw+T}{ zN&U55t8lMSt&}Mm>T7RaU^=JO-r7$19=bRvUiY~B*&hY;+01B^7>Nj7YNF;6dJEb7 zKeFCBEUIw*0wo4!=pm#TQb6gDh9RV+MWtbAlx~oQ0Yq9-=|)AQJBIF(?vn0?q3(Fj z@7(9P&;57y?EUTi^|#h~*Zbp_<^fF1y@8J~^x50YGd`}S1nYd=QZ)ilmXo_@wcz~w z;dI;~>L7eQDP3&@H)NkuMwj&6-R88ha6uRJ*2DLYf6bt+_r?pwMimXQ;r8me0vXT# z7rji*pM(qoN&MfUhBBp=RSxywu%HEjP1X!+iq!K*#8+~Ig=0iV=}u^u!w|*eqAZ54 z`6}uB&W2LX^TaM5EvmDt4(pG^z2DhAXi0?Q$S$s=GeO?rctML~cmu<r<#e!53$j%Ad z3ChQ+L0Jmw&AdAYM*Le3x;twcr!-Psl*=FbdgHPSI^MZj4LNn4CVKXMQT6uXoASGF z9n=P7t=X}Y(0od4zEa}qo%)DplDvrX$ifszi!j-&hMv_BJJ2QK4 zqvy~w<@s^n1j1qFiN0Y%&5~yae~<8uDvs@$Sl5kXH}Pp4VVbuVc~vX?95(41enp5P{e08Nk&Q) zTGKy`iZMt}iRWTgXdtP2-;T9KwfG^qj7ZXMI!2oEH7L{+lhET7m8!G@nY0bw&S2jx zHUFO%z(d8~zNZplM)!lZjMNLiMA%J`-==>5h`Cm6Cpppxo#HPmS59lfDNOvnwrLq> zo$kt_oAN0GXZ-v9$B+I~WLW_U zE9n|IxnO~M`+fCd^j&ijO#}~rx$dBUfHjKx9r-L*p87$gp3xVuifXaGdV-7D*BYYH ze-UBb*W+%Y=+9O&xn+rdam^I1vvI)j>qkUQfP9W-o1Z1!c{6HC8U52-HRI6xMJzLe zmh}Vi+l~+-TNRL~^5WPO&A-qB^&({;ITUvQ#v&4-q) zdF*RsqM9j!;X9gbpTR5-;6Dt+aVx2h+y{kcmEMF$qIXH1HNV&i3b&PyY2WZa{NlHG z=}L($N6m`?Y6o4V&&H*t9YGAoSBEK`o;msR;2I5})VAje+P96i+O zgBaFeW~}zKA-=5;6ZU+4)TpX8vSaDZ%>x%Aa80?$RU>reYTv`aKo1H;1cGOVJnX3F z!^hBj&rcVsxT+xF6-HNS28K8ibXjNJMuf-rdT*>lIc-!&)Fvn4z9dDj^f>=kThFDx zvo!hCl3VTcpjeyK`D$NWu8}*RPoZWSf+PIjhlAu{1($fs-ey4@uf4`~)vGl2@a1qp z0DuAmMz0M!Nr}dafJqwh!i8J4kFR`!8Pe75xnFtXMkp6Kw_rdK$yKoW59`R+e}IJP z+YVFB_Q;{(^j`1ZC5}}-JqLO_$yUmL{}OJ7 ziE1yc2!v257(p9fep{mz-M`tz5e;iQd{f99y%E-JK-+?RIGI?MvguU z`fMrNi1l)z<$Um-qys@*)i^Du_Uu_C6qqz`|9ZswDr1$1dC;knqdG`k!m{qr)2dE% zo%E<4a-~b^K9hdv+2UzpLjOrEW!@;~rIZ@i*qla>Nn*n?@%@tRhoIJtVJREgJ8=_| zv%_x_F&6lQrKfwr0t<<+xh|*AV1vt-uS?0|-3A8o)Z<~Rz0JR;8YJ^iEDLnEDpe9st#$_K)G3yi z4%Njm`iiw#MrHLx_{p-JR7GzIE1|rKze&eynIoD%PnYPeZw{qdJ2d~r>3l$>=k}tr z*qMjzITn-7L47z|QMpe%wsDTuM#*Y;XjE@SL`kA%D8Bxh#MZ~|nSi1^`#t`O1Ix=o zX~KW+H`msTPnH7fq!LKOdz_r`49d%OIo@XewQhI3#QCJY48TKXOyn%qZp(G+pL$i{ z-(QDsJqtg*SI&@_D)~j+jF+}N$VTFg{e?ZnQRuoU0$4Xkc#(JX<6Jt!JNr2u;7nWS8Dq;x~5emsoIz_N6G z0`b{jy_~hCpI?T4eHb@+Ar>BTXLr-5hZa&mm5zhf-IV1DSaCmQ^`N0v{hDrdw-Q1` z-TK$NKZkx>poOhAlutH*k9!s=Fv%^AvYeKcRA9qU5q?pRBR^Zpt}(As)Hj&u9Zv!{ zNBQ)ZVG7j%-|D!g{k-22C|#Qf$#o^Gxk7-K!<9EJEbAgFS`LaE!<2moxN2vX;}s#Z za!O$gau(NTfKb~znU$M$u`I(7>89(o$isgJ%JmuI)cS7vV3H$Q#MXINwHO*96V8}) z{fhS~J{ECK`al13k8jLJJ~taFi~r)_K9hu39dqxtX9dv1XKN#l5@qJE)o)EuhMnfU zU^)29Qs-C+2&PG)W95+t8JN&RuimAAI3V>FW$9)uE(O5?rr%X2_MJ^mPR8VIT`hW= zh`$VLi0^5Q9f@lo&eot(^ykd0bJpM5pRJ5mc46A`zdf*?@qkV~I%-JWKIvefAKkLp57#2oBHUFIBSYM{o;)`&EAvJcO-sT*FjjZ zCLXSbiZ%4}_`qFs&My%~A_*F_{;1T27y=zZflT zz1!eXFbD5SW}W&e_@tmx1B8F}hJ2Y3&Mf+pwHM)aM&sLtS;D@D>H>UXeJ^aNix@k$ z5TEZ@PJ@_7ko>%&5yludQEAaTPSBfdv8(q zueU7^zE?-JgR5DA2nH~W0Jy4F0^AuuTRxuH;|@4{lk)btd1SY-368u!DrbmQzEx?I zSS*0_#-Gb(_H9ueVOQT&b5Q8YEy}}jzrn2JZWyW8!xYBRRO^+N6$EW8M(IqscjwI*$ z41HyQh-qNPPj~yH{0^GxqO=GK92*IEaP8QEKAu5`PM_We>UD`U0p-`Uvyg9y!WQn& zFI%~cn`R_YX2;$5I=_wWadG>fV&D};aO;*Kx{v>5F1h;U=r@3*WKB&4?}IlrXGpOy zPp_pEL}jkq+9^?+D=#4Y&TeY0E!pGOr~R&r;J|Rc4HO#WNq;-jW7ot-ulY%DF^0r`f%*s@cY78Uc)In7xkpI%b;`m0Y9CM2Oha`mjmC<{iUzH(Cpz3-d5S#TYx zkK}2Y@xr(7lnY|>+4)ltmPOIKW1T6!S5jFL%MN@BK)7)KMwG%c)qdx1wfbf|dP@h9Rn@ZCnGx2f&hZvW*kS+u~mp*F`g&n)tr zpfbjL>;$coj=YAPe?toRix!BolR|QiMJWNi-176Sgqu4Lk^)Ex5;F)AxX{hxf3-MY=18Q3oo|stRAQYt7YaygJn{|%cfx__q#gLFeXhVk+qmEAL)z} zDZ{6>w59-BMUCK-Hl;T5U?TI76D`)ySO#!;)N@?9>rj`Z`Xt}_lAoNZ7T4#54I>Rmvo%(54@e%Kbx>b*`YGU)>6F7g4}zzc^M z&;$&DyrNT};C<$!5jGy6C_Vqd`tCevRnH4iYsMNZXJ*GsPDvikSe-P=(n6YG+@Mavt`wf=Da! zx*gNa{j)@G;PF3++FXu23i&bLI2(8||hWhX)cGafgETi=&oBu0i`py=)@oRqsl z)hNc};8_3jyh1Qy2XkgwJfDr*T>a*bbq52`fz|83LkO3(G( zUBfb?@9&U+Ll{KlvT_Orm*bPOHAX$l0On+&|BU(%|ETc1;30NHTv3Ra0`j8SmCpJ6 zx-V|?ot){IDeS|bW8tF=$2SXGQr4>u3wiiWTjwZ=jOsS)-6ufCSr|8dDCPV%W;d2O z&=O-rJ~w+rGRljc=~z5b+yby0+OBjn0VI;J)VAggjL8%Eqr=X{{-&fB=We)x=}tfi z@XqeNhr8NN(pLqeC{Rv4(DrCGeK2P{D79173Yudo=tT^+___~%2K`EmU>pXMfvA${ z{S(4n81{8(7&sR?=A~up)`>8JFoG@dnL<`VlW@&;mZ7~TX0citC9EI|u&Dn!d5>Du z3a|~{dtzL2J3(QlVo(?MC1`~(DCF1=1+)k;#y2oVwcnL>j`_o7$>o{RawVKHM$zXo zQrRiwaaYMV!{mwZ5nny>e1iz4Bw~XC=)GZ_ys#ylnibmD!WdC6kWUOHgjPPg;9_E{ z06YK$-RSq~{${SkHY8c=;v=RP@IDf&a>J8eUQy0U-5%H=h-IlOHa8G~*#TG1V_~}H z9ftjY+l@Ld7E-d}fn=ta8 zV6#Rsv;0<)uJz45SOK=4q`BP9x8A3D=N`*S_iTIi_w>rQufGIf+yi(N<5fD-TvnXV zF)ce3GAJ(B!DHZBKo=9QNHOU-bWR$fQtJ^d~KTOzmraLb+WxNnbP&Y3dN$Oa5lmJQA3Vz35s&1_NAO?&C7M}Hxn^h_*Z|4hA z5A1{jRWeKfEhY3mG!E_qk*BJaXs6tWXAg(+AWm?YEz?gO;9STImwWMpwquP}Fncc* zn+6w)WP76tQS_9mUvCG(L>X>lZIY zp3;+>!lfme5`&IGj)7J=oUU}g1&&nJ2RW9|e_0QE{iYSf*N@5__K|2lKVzw!4&6#$Y5eW z(C~S@#>y*tge{JV95FNPr?M9Suk9yQaT@K}yh<`@$L#U1R|&ZCM!cb3?X7&QOcQx; z`2DkMN58j_SavLHeeP8eq48^TpHuQF7WeCYVPl-+MSsv`K8PeFWBk2vc~R=b!!SyL z(YPDeytA=SnJm>Zs-1NBQ;2yR(hqn%urWK8%?DRG`<1?B+qsb?Y9)OLOLafz*$337C~FckIMNdDHwHP$NTBZE6^f(!!<7g`_bnC(X2x5B zy-HNk16}FfYi4@U$%cK;n>8$&Jlo%hDK@|fzc%cHI~)U7vv zA+8s#4|}buXoV6};$=&OIVlaum*UxJ$K=}rSI0==FLKT7nEGlot1^j4dqFO;#x`t> za)W+eXie7nPd6pok&05M#0IrMdH|0XKZb6ma*V|5WqTne{nDLFlvHZ&b1J#yoQkkP`6kx~wx#^&i z{*Zk{B^ULAOgb}(~pmEHWku&X=VSKfU=WBY=<3%$gB`#{2BVbFg|ed zhNuvJ08L=*UJex+!4L#|J}8Kpvv-(HDRpx7cMTfoo#V^#^f`LvPXBZ*zQ8@Exik7} ze!n1Kx{OyQiUA*!*a@6pR(dSa*$LhIWemp8>KzaVFL=BOI<`b=^eY60^q#7N3N*kU zURM}QFE1~#83X%6KncESH-Eo5o?Z5zT(#k{;u=R>oL`l{a}8kOmoe$7y(RSp_m^v~ zy_J@h)$91t9jrn2B9)$8yp)(kALaQY-}E8{rDMh>mv*R4^jE)`7_C1a(T_VtS)|<$v^v$Noz3IP-!|?j_Yb~r zx;|~NFMSox`NZaA<&tEb^ka|6saxN;0-(>L0dMG~$T>#yh>DcPd>yvhS|wC4ag;6d z!t%BCHvgI6S0TsWlHU(Ig|BsV$XBhvnKOx!tqZJWlZB8{6-h%S$i%uPV^omAj5?IBr(L z8LEl{i%c96(Tv8~ZAaO^+ZJ0% z!$iQ+D+=seJbccJc-If&uU?w1d7f4;ogynpvJ_90RPWSVy6^wm_PJkJUVGjyuT}~&G)EtlxIdm>qfPaiad@SNnpLwi&JuT>RcC>Z`x@cYfu{9!2 zrfE7R^TXmTO~Vn4>Vn*mvqV?3S-wVGXTp9@i6z4)=`k^*QFwJPE7=V} zfu8Sgr#H_J14VYpaISk$%!CEoMM2}h*X_=P$}?iTYTfK=L%d2qeDfbyq|1GW;2@=Z zSvEr&LICW?9l={OP9JRb{SzD0Il0M)vDbu=yEQg=Gv(?&5UoK+^Pe8d)bL-}b~AIS z?m<${(a~r#kb2>LUKYMfMVH*eeZpSZ)$(sMp)reT5`K9@$A&eX@@+~%$$^+0dhBya+)!V=IeFdVp&Je)ZzV*gO>^E0uIkf^ba5REQ`RN^XUdShkd2JUk zal`?~tOt=iMs8qmn^2*hiK0}=J6$CPr@yB2uWQ;YY#UHy_q;OG;sxPGt1B^V(Cj4m zeMPgQ+3CBtt$8?mOsN`69SSoH0s9Z_AF&Vll0{eIjFLps<1#eCZ~QMSvu3B7c;)-e zo6cxQ1g!74UnGVccd-Th-AH)pcby0Mdo@kEN855mAB1U@R7ZHB_xm>YvbC5v!_`-- zhNE|ilA6K9BE8af)-D4RA@to&dk|;Ji%FAr=4rTuSH{u!<&P-8;e}PP&)8dNPBFL! zeW$e6gk^plz{#7F0f}shnoBDKyPB#^Df9Hj-c-eXK(EKLo%1V56Ua^yHx~AAZ8R`b z|7mf|iw8pHg|pFNJ)=y31q?xV{p4A;N7YzfzQGY*T7F^kGg6O46B&}kT;g_TZ(p2b=bSd3m1Z`mV)n$kzr4qb;spmhmS z*~>GZletWu;pzA2N<&us&WX>HrObuJBna7Yqh1WFnbopw^EWPyT}3_1G~Y8pN}#CC z2Cz-y*rKfQ*?E{CK{bk3M)P=EQ1e!eV)t2psA)E*bSEPdm=x58N}J{5iORP$_b_5- z-$$Ni=cycATuvkeq%V)XpntqpobR9yrhko^V~C|0Vf!v|3*txW>pkG3D2c}I1U#YHvPz}dFi;NN9b%3l@NPBd(wMC)AlK0VwQ&PHv~w| zFMOO_#v}C#6FA0*VARb(VTY`4(NEi~MQ&3)n=4wzhW^wPn@bLTjXOH6tX`i%qxlT( zF?9vau?*8lizxEJ9Gtu;a|CoFXa9irq}(zpbwq54pJq76kPOkv+Q3WKbL1E-RRu;w z*aDr0Xb}lL^#IVX^sJE6K>ldUjE*sp+n|%9Es}P2YX~m|-%CDWZy>q*CUX;D1jqgF z0_9Rf+-I|nn!)sOxkcizKJnyD(yGXV@1g-=m!_j~Ik`ug6QG^7CLnLlZ;@DZ$dLOr zpCDm6csoahJ?Z=em4VDwcVTVi0sf2sm=5=9qDAEIU=G&kbe^13cKh*^Mnn(`AT#aNW0VUE}bk`{|Y#~$t zGAQd@2Y|DU7%o;YBe^vofKcmY-IfFyK(9Zz#q|NVDnnGkjE$d+gbZgBLsqgMnC#Lm z)cz|g)~ix074{IFQ)tD?O+QG%$fV!r+cLQ_Rp>`D#K74=bSE6FJ&+ z`&*v4(l$zX9CF39QW+}=0m3~K@vnLOwj{x@ent=WD7Fl@FBdQTI;5`8>DSR3upQXL z+0kf!yrOrpq3u_23FclSSaWmj#tUCK;e3^KWWCJ+3~*s*^6M3m=6kuylG7{AyrV-F z5r=`XBa0A``8L~zYAUqbo3{iGZNmjS?e|<8vT=+kiH|O=?hJ}Ow0wysi@_*e9$0q` zZ=?za3P{_mN%I(vp!O$WH0a%oQzG5Zj6nc`)MY>1WmtN9R5>D^=mJC9m7e}eNX#N68uL{_?{2X(TaC}==(FsCSXbwz|7gmYlqqe59?Os zexwawuVjIam%sRdF%h=z?l>=w{c$GqcQH}9xi4{hy9nGtfCq#rTg+VYDMYV6d<=vh z=RDvguPhzWogky9dv~IKTdpPrctz;K(u8A5{D8u9HpFuR6QgruU=g8dSIoVy+2Dqo zv{{2Ra1$~x83b-E>s{J>sgHNmrX745gE1^Qg_E6{?F0i;+T!fDeFjK*Dclf9VlsPi zEwLie9-_=-vI2{Wo|U);#gZ1jTz1WnV3BHz_AkiVHaPTgM88*nTuU6~5uVdzMG>|4 zdksS)r!nSw-|tXrW!JL@vh)`O+&3PWU9&O7VFND5xIH;*rUaD?sNExf;hdW7L80~I zVX7stB}|#XZ7@e4@nxM#`DQL9SUkc#WJV3n2f`bH(FNNuu$z7jbOy*XEjB;t2clC# z+6j{103cGz#-GB2PI~HCP36}i!EemWXgi$BTg<#I?E+Bgx?k{MLU8*78P}ZGNo68k z>IelCvsbAHzlb@}S!pb?r$J9$V~?a9&FI>%9+-Kpef{0$T&bxP9&Hm^(tT99XeTb0 zLFpi0_9jq-7c0oUZO1zgA&YV|p3=(XW*<(l(+cC)|{YA*u z3VKnDZY!~aR_9k0Pz_~ix4xMq?h>61))J^Gr^Fr2F%iEB&%crspY<;$5t48&1RYF^ z!)7)PDk})MVdfL^0;c_tKDz!Zx(%t?LD8gT5AC)x##1KQf-nh2mgp9_ww30)cy^+e zSkI7$zfut`vI^2#1gLF>Iw0BJ!Q*0RZi71-yHIN@o*{P!?$eR0^@pMONv&7U@2P z5jt%>bfg%;^Yqw*XA2>-XKBY$0H)oScf6(kvJ#rAnoaePKPzA_^~|~Ygww_I({ei3 zW-ql6@!}sA2!VXGD$`vHoReLwYH7UQI0RdPiS{@M%k49-h=NUYx5^e>g>GaPn_ z#Ev-}3D!iJd*YYgM6!Z85yun&>&^4>9taJE6%c;{9acl!k zKft2bu(>*1KXwu;rXq+oUy^5+1wF+@yQ8*j^C2PU(zo~w@dLF)QQ>pL9;$!)4au$? z^E(}&7@-<>!Ueh6Jl{leWJbAkJBQ1#=oV#k0X>y@)RQKri4>P6Up`q=qDkrvkW&~S z^4HMq6K$vP24$+}O?a}OLIEjk*a~1kiEo%EF%zy)7v>P2|Xz zKp62by0bLMtX&RJ20H0;Uwcztu~yUl1+d;m9eE7U+VXxVo0Bam`x8b6R-(X&(rdD~ z>TB=6KF23`iiUMvGw&c^6$XPdR2s^XL_UBOdQ~7~cmSU-wG|}cQSwg;C^tX51XU9} z4RnrnX_r8(0VPfENJ&1)sx=AaPz=&ja$}%l5SzZ?l>JNHPUh|BHy%2o%Y9Xf5{;!q zU^#pYMfwHe=lwJipJ=XXf6>~|{Wi0j;i>BX=a9QBWqqkO;^+Y!;dUmC%;|gf^V=!Y zIVFd{sy8TM)S{cSidKcMib{;=zWYZkLtm==^}3iVT;suO_zdgtOycv4b9x>uM*hEf zs)u}~-b5qLbjEFG$Jk`P{ej`fQoB3LT@vjd2(oevC5R@{_*2v1s(f3-x_v#qFJ~0C zFE$ELRDf~*uaf%UcVGp8x|d2Dh_elRw@0bA-z!B_BW+b+Jq6V3y1QUgkn-(v3OuMtl+>g5- zLaXdUBQB&UXh}9DP5^t6vKW54u;$*0NBQnABb>bK%{mt^_aM{|A<(LS!tsTdsY!i z(oPUH8?J#!^^+}=$!>QUa2s$pJC2(Xs3R<08Pqt~<$-!js(mqD9- z5qDBghlvBCH2}(93jE6}kPRj~R#r0H2NKd(vMx8gwhv!OlfAOQ##%EcR#7jW1`7p~ zcH_WZ$@7ZZhqumBS^Nuk6FP5wt)oV-?qu?gouqr3a^uqJ=XyBASQV{WCx}kwQsHnVCIjI}o8Ok0uiiC6Sdp^d=8CGYWiP zaXcr`WPy)l-tTZDhJVq{JspyiCDLR8mm;+tT)bDW42W0a)X5EF-RHcn7b;}zANyx4 zn#xVPbyWv#+ikl)$oBR)#oII~SsQ4*yQZ-Vjwz(J^?DND|-gg3;`n!LcMgZe|ZoHy#wABGkTBv)&~Sb7qh-9@Wnz1GamrTZ65C`(NZ zn3}4o%WYECVeN4L=;LIwD?alYqSr7<$NN)+pB*KNBP7p0HbjZcz~E1eFc$tHHy2a^ z`|%Gedj^Y5?-y4oOgjN6Xdy%nEhiJ)w5rPf+>0@o&CEt?WcZ7)k}354CY7AQj!fbd z=g5E)yoNCM!)pA0RcpE6)SvFIyrFJ$z~z=FuHtC!MQc?NlZ4MuW&MLjm;fGA5hI~B z3TAf9{FO|Oh{(PkA*LL6l;{$rdV7J9My+r3Gm2;DTssz}MY*g=xcuQZ`<0f3v_m25 z!Ip@fZ>a0gxjDRm+dr1Ao?=mrldWO=K7As^ODZ#BYch{rs3od)Y5kR_=-BUV*?gj| z%;?F!<)f2_d>^S;zwX1Xy#z0TRY=MWmBxwBSeoxW>A;Q_P?D0D(jR~Ow^vptl5;6M z!es6K>%_=k<+`naZu;nD6$o(A9C-i%PF!RJqDM!Kl#}@_QegjfuyLzd5mOAexk%qR zDTUyf=!=WlYZKEXTx#G8s5*q1jGQ=nUApsxy)7vgaXIn-6fIenr?O9<^>z8x-TpzQ z3__lh)78;)-}JK*h=q1;1@p&>ltAH|HQYVqfv}3BD5fi9H|umZ zrf^~6M#Jp-*#fiU%c75v;^uChNx{Yo1B0R0SBHxOi)thGLXg>6=3^C6^W^@(Z#q z8{m6Rv9AO}l&v91{^UwNUmzV|#&-#AlQ2D2#SdwA7c-Mnfuq-v=H0bZn`VDhB|Q}2 za9zw((S~Jn^$^Z}rwPe;Q|nP}T0oBWL}?`_1A@6*JCKi2EzmCc6uZ6Xml0*L!^#n# zSBg`Bt82nf+g+!G&^FrUt<@P3w2MS0l>7RJ4nBO;z`G@TmmDANu(o(==BNn$r1hR9JmlhYe9Aog_P`Sj3{0ept@f<} z?~KWPHA=_v>w5&Rh(6^4Ne8TOcSv1C#e9QTBQwTSx^7TvJkp-l?Z@z$;HB<_$`UAq zP_fbU4HEBtw`PTs#<(r*jK_$AgSRo!V?AjjQ-ti;JLbs7tW{+o;o`Fv( z_kZ79HEq(nzQ1~gh3o2k=#Deyj1T8HOT7tCT8hQwoyn$Kekbtg!vEs3VQU#*uika? z9W)aWUOsYX-V^C}q0W0kIchxcvmPyD)h?uPN_~uB2wFWf0^J;X)B*i9NV*fTACo5Ggm(?sE+uELUs=` zb!=5%m9P(bz?8D0wP&M9ox;`QR|trj-r1VdQZMG#*S>O1bDJ3+6Bjmkw2FM#6x&28 z9do7!pKK2sPbf-+3F^3&%0|-P5cokg1$QGh#;%|947&I{b4&63QY>DTQm-N=6IONm z#mU9X>E&{}4B|L6s}X*r(xz|3VJ_nop1#Yv?0Hz}QjECm%@f7^Dc{GU3L@4am@P#pRFqlp3R< zie18pz;fWC>3-6CU(IkIlQEIEW`oi`Iz8P>%076Qi?(n4X68s~jiaI^cQH+7vYla+ zEK!nW`F_7kY~4`u-?sbTlavIe`$K8^`Nt>vc>+-(UAD|p8gwzSrf7$~`h#E|xu?TW zqqx5w{=Z+c`Ti8&@X46-I6v@lFN1$CG2F!7giEYD z164fAj4`m0{3dQU=ojMWlFkn@wmTsyq3D8Hi6W0*Hk4?5_Fg=8T0e(B^~I`>wxHZT ztDd0@i;;FH6FC`~*7piT*f42|+-^25$gSZdi z6O(g?4Z78fie{b-pDsH*5Bq-Y z81{c}6-5gWOPe>`xFtNOmfeSuj6Gxl=axBMtt$NI50ri&>3I%yaSP2S^kqzZ+|Zr_ zw^?f=>%5v=^N}hP-148b9;V6=r7zXQAev$Vwh7?5h7bJrQWX;~xA1&4M=#xk z9x3KK7Jios!{mpmu``=4jtTMq)yyYp1@#)60FUf@%uX%~qW^q>IaN?uuPNu1gU$bH z{J-DzZ*!prLV*Knh_L^J4E$%e^1rG>-Gv@5RL;G2pi51B38EV4;H~096+=l3lD5%% zoAI20`QWGk`}>C{rT^Dzh!`f=OPxpj;A=wNcpGDrb?OwynX%_Y*Edmv&fILmJttJJ z|F5?288POBLw=dK7QU(5k0^MC=U}XJK&@k^>g`y}Q&EjNrfy3bL=gp-6S(`yqBeG@ zH-o7%GstN@IE))9Tn0{J2(PeBEuI(q+{_2izLQvG7F}0ae1JknHr|jC?KO4`{HI0{ zx{86WEZorWAsT$7H}nz8oh0wmUweXle+Fyz&}}1$+3thjjC)hgE=D~BXgdvf+H6ztrm_M>zaWK-Q<=O_?LgN7J&$H za8T)`dP>g0BZ^WSx80ky_N}uCC~P9W@p)T+_dThNdCWEzPV?U{u>ltcti70?ER@?3 znKTVFUIDWS3i^Rx;rw5R`+wV^DGy9prnp8Is%~TVe>Ha=6G(1#RU_1R6~6Sb=%)a! z1M=OQ_N4#Z!h1?QV=B*NZWuPeIp|v8Gvtx(`@tce&c;(mG2B+ad6wLbw3g<7Z4e~^ z;FmvQT(mxmDp~Wb-Hr8ZOpZ3NZ@cQXeP68gzhc7>gd8O5jUUK{zwTQ3 z+r`^@*;nt`=|sJSYAXyTTGkZLWLDJczgevC{%PQ`GgSKXQU2mA`u`o{_*fY0ZvF1F z{^E^lS1l`I-@e_xWwE8NP{A`AU`-6;7UpIfP!siQdB$vr_rGm1Dn3QLL@68J;>l)1 zcM{D)#ek#h!G+qrob-rg%99Vmg(TC(i?R)7xJnzQK6U+AXK%XEbbQW_elhC&ubW|E z@IScK)HF6wq|{ICBK?zeoqHV|wsvH6&DQrk!aB{>|7(_QHVl4RVvNW?WyrbP#X%x^`_|hVw_fu9n~Rvq zg6J-l@C%JPyJE(3C^moxYd`3{`-ZN2#~k|Pbp|;2u3r#mM01rk7q(fxe{`al8q)N6q3L=<`<>MIU!JUzJ(pkTs^{%~ zMNg`j5;-d7F284{oDI^|2a^5kK%+p6Zv#?qUhwHqF#bfY8!zSa=N0|@-8%9%!zXuu zl+MPuQk3sDyG2e|Og%g#qFfvAVwQ7N0?X66Y06Ygsqi9ETxPs`nSi2-$_g7{LQZQLQP zl+i^5bOb|Tifb62*PC_0Gw6ZJNdJ6sT-UOV*BJK+1%CTG z%f7*B!c}HBBCmX!*$g+ADY)Wcy0$U>{kqXZ>G(n+bZO7( z{@A?quq{P(hD-9}5d{BBMAgON*1>UMUzX&UeRDwhyjK@Ann7%m*&693yn)BI2S-r- z2%#?Z?7Z4gqdop!>N>P_;=Yl9aSnZHdhmGHfr=S%s@l4>wKcrK0oLL3jX*lPp#up_ zzIy@gX+HzbpJ=nr6&!2!IO8h*^j$VBeSOk*B6W6DqoZ&n*yPq+`MvAcHIhE@5uCym z1RJ=BZFrUi?XuJ%k8c!znnK)~$4_mr*uA`DX-T$k^u*dBS>E1JySU@e8IOB?C96KY z#Rf}a1}+cee3~@kS8I2jN=a<_V_s1%wZ?UuHii|xiZ;$qc zK0yv_+CNpErUmdackY|`c5l2UDsXRYnuYIt)+X}!8E`EuyfvNWDtaT9B8!9WaWLZO z_M%o2l|A0r7Mp4;j?*s->3HOfmAjmrP5jEph-C2Twbo{*2B%BC0GnGvGG)g5dCfhc zhgFF10mqT^e5TL%uhw%R;jPn=`aukwGzHr?aY;o1`{TGV+ghjY#=F|jKU!J*WQ)F> z&3SM1VL5pZLOx{goG>iPt!~@);YO#_?Z9A{+47kJeUYKp4-QFL#xAPo0`XS6Y~5MA z0TR0iJ_EeH=-)RfHy@8xnYb=m>ow*{2L9^pvK#CB4Um>1k&3zZd+wq?D>~KgX2wdl z5%tf!M6kX~o3LWJM*QVl6F=JB5Ni)OXw8g1a}i4X^ ze^Nx7f72h7)Y7!wvVr%A&w(NLLkV`lKJ&g}N~)J*1?W&BdTH9~v|wfVAlR-zN7Sf@wP7g`x7g^KwV1< z`DDwMgyJH;u(|Hu*F0DV<-WdU@6UYb9x)%hPTkGPJv6mzKv?VgAq__4XJOXK4JSv? z1^3V86Q7BnL@=sfU-MO*Dru54&)%hkFPuB3TZTY_mkPVqc{#}0z9D|Qh|CaSWJrFW zh)!@fv3OBoWg0r&w4K;BSfcbJrIy?DKGk;#$I3K>Qiw}$<5lcZ&u-Y$p%TLKit_8T zv=P*(?^BDLE?VuIUI-g-@DvC*CQhNzW<})5H(Hoxw2@33g%M``aQIYuyIA*96@jLp zCRx#syH-BrMN;A$Ozp~u`ChSICTk1g; zu{13?{rK@wp;Js!4Kp$XyKV!H=D!s>j?>P)-Dko#LZ&;Ym5MK$h zx=CGZ)Y9%mP#|OlV4ib~PriSK%BhDYi}r65y7T7lNtlVt=f%^|sP8^Bg)O@0$t-}% zFpMACU<>4DXJ>1qDUH!ED~FIKl18~?Jh*bx2=so1hg`0|p{y!}M^o7Ge zkX~X9iQh3XUoFow=C{Sx@C}w8zm2Z?3042kX!D>>EYxF|yI>=~*-|UzHkVsdXD~7v z*_@%~1};LzwDz{KDvt%KDd25PlLC6wrwf+5RdkL39-pj1mazAZ%Rd141q01ZZ(zhbn z>XNcfVS3v}FLWZjL zSjYdO68!46HM#eF7Tb)(U>o^vgE3f$rIx5ej%+xppHt4kN9MqOv5ZaatMnp>1KGd! zdqVa>a&%C?F9fDjvE*CO6RiK0#JCKGUf7!45m6zN=(F?*=y?s#nWp(YSG+#vtOvys z*(6uKhNjTih0^P^G+X__&OcxF5x2jZlXbD3<9KQ>PEl>WA?EGFr2R~Nv+})na+7QNaKfa!;25{Pt2<6rq^nyrlnEWc2AzEj9@!#H$>G% zD@5$z`a1FDI_OhgAG3RBIjzTGNprrusnVa;FrAI9LEBR*6}gOpy~WBpbS(MRa;T;% z<8Ph(*0z=a##Wh>ly^Sxv9ai-$8HGMYs#PMa+T7o&I8D}F=MnBhl?zTiH=nJ;ivdg zPmSwf=WS86Mqz^V#695p{)XMs(K@%@7HMZcXZ$ca%e~Gpp{Z)?sNC%s;&pe|UFTpf zrstAMVwHM!>^RxyaMy_Z!<>eb$}AfB>%UNV14isN0M=MrOj>`30|3s}5JX0tFT&xSrZAg)7Vs2l15HcLlS{in_C8&c@3(Z59BGh*E#}MFkdh z3~Qo}))}ZKvbFTNYw96oH9-H9^#G)e_aU;R)up>-RPOcOq3Y*VP*++{!TVhIi?2tS zUR-U#X64(9T$TM+Rut0Y=hoeNM753y5EqOajNF-!SIcM5$o5QUIt|QEkao`hrIgxx7e}q;4WV9B*$kqkDVk3C9X`AHzz#WWFw5(@?Vk~)HD!r< zd)@_Eyy9~Lgk%&KepScZq-?id#y0_S1Vdl>x=x8hE+>wF5lf7F^jlk;In#4q7X3H(KN~}LCEdT z8qMcS9ocP2uO9qU+69%*p?mW~Hg+L_js0Ng_RhXMSZTp zEQ^WCNhW!{N_1u)-LWfo*F0n#=D%aca>{7HhDg10ylBY2EhSa!f&D0@T`DTZAf|O# zi#`##SC87sFszbrc!Y2*3sHG%*U2=pc?<(5B&!zdI>xBlhzd;*4Kj_wh`4^wb00`V zUAQC1$=vYj6;xIk|Ao*rtI_$7QNf84(`ZmK9CzfsOdi0m%{V!=Evpvm&vEdo^XHF^ zkgfN**I?g00kQZ(M)s*Eo#%7^o;W(RAckJC&F2@ybbgx~>{`CLpE-P#5kg5t`3hi6 znns&1tG~4a(|=CS?*HX>MqXklpYr=d<$6&m-|A3Tj7J{ZRg*czTfQxXjz z5y>=wju^X zcS`c7{bu74(Y8b4#Lg?|WA~p$oUo)5lQK)~j&c+wjg(qf-ctwDX}k6*Xl+3pUDFi1 zAS@!Ie=!{VG)TB(6C`sVA4|j-N?ILTnKQ(CQd`^s4B^XehCb%=IXD1_miy99+19^Z zJ1oI)QX+|iR^u+QEwp<4;sb(u6HgLLq~*{y_|)Y}#V}?G7|hDnh6bYQeCE_q5RoJw zfkiA@$-H4cKNrNfM8pD67-86#dr*pL5&RX(<$iZJSnH2Sa<%@XzOKAbQVYc}LTO5{)rCizh>ye~*&aQN1a^ z|8YU!xh@#a;JGx((9gc%qSfTqQG(^bo$to>=leVve32yzBK@jcOz`Z__vdzNgdo>Ok;+2;-qMaR$Jaa&d0 zzMl+pWK0nxkbMt@`%eLi#x5TN18BB3_;oDwX-++alZa~Wv=R=DBUJZ5j3zwk$gHcs zX^y*qG6f6Y@7K5!@q48n$28q!f6aN)=P+0zm3nrH6LwU5H?{(@hTc>n|o zxu+(S#XP!iP63T-3}2!AdbbT4D+3jwO&*8tncUmj2H<@cH|#1Zp9l?FU>D>PGvef_fH}=LNME`M5rOL@4piy7OEcN5DHWg z^!#{(klG3rbz|^|?XI{|z2Ikpq_Q2u7{#THiV2j^1{matqnp$#Mel{+*0O0VO7U2e zcD8Zx&Uv)kXA31OtRW_`%!@eY>^#(xR?#r964%VBT*~i{raLuL7*OucMTroA5bRw! zVIC2v^imqQA)Fub-?>j&SSy{@S-HEaLFk!%ISy_H2q3+-*#y2g?| z^kBzBw`tBaXloXnf;d~ndC3)6X!S4WztMY?Tr*4nmWyRIL2o4Z|AH#(<{`3mo73aL zFW=z0AB0O+?r5kxZU+Xn_Q}uDf?Z)Fjp4BKLXQ!QG`e?tXR_$Fv#xartIZV8DXI8@ z@v#1jlMrmW7Jv4KhSwfe{qQjyyvgYh60~VUZvo0xzR@vps^!tk1<;RH( zEXgp{slu{Z-Z&&$HXcv2IeaVa_Eh4Vq>6%(Et|F^W$J3tGGn+D7^f4(H?d1O4Vanh zw6K=?Nkb-J5ZN4!%g2ceTdIF-G zskEv>7)UTb9s5=TN(zqsT9ad&=IM<=xyXN*ob244qwdmX=xSMQDdMq3!Vi!vrGvyK z`TI(u_93=OV^L$!+7F@olSxYT7;AuP^!E`%;0OCZD;iqR+9mfjDzGZZ%EYcnz7(%H z0c0!uB(%{&GGJND;vc$!a|+kT<(jm0FkCQLfFSM!8C&n?|2}QpBl|CR;DjF`jl%n2@Jrr5QdJ|fPfR+s9>J}`lNja`z z^ooLsSZMdyR_ss|2t=4AgvLZ_?(kUa6}P)IVxx}3<`dqtUb9R=6hSq`T#M=AS#d-V zy}P1rY_Y=UsBa_5*qyrqcayv^`q6Q*OE{~LI(=b@C9J4KS~p{npH77Eyioc73J%l! zlGTfS)IM0mFo~;XsDOszmk0Z?I-&a5|{4dH+mUGaA7EcUp_765U}!|a9SuErU{y=BkULi!uE9izK&t7FT({+ zOI5%)z_ET4v^@qGxX`^ze9g5O#2p>$u0$23$?h~aeZ|u2ozE{GRGBnR-*tklG_`Ng zI~PY!j`fZ}0C3a@t2>3N?p4yurvY~-*|ST);0bacBke$(PQ;bDD=Ph=EB$j@fu?{= zH=1*l;aULVD}-8?OT0o_m+blel=y37h;WS71EovxXC#H>byY_eRV&&k+e*UtM9pGV z4c}(yZ~%Z}sF+q$sZAk9Q_ar7N`-1Oyh?Rc%u{me9+pXsG>r0=#$f*r)}-PwXL>AE z{X|pEn$@2$Gd#*%=^oaF)X={)Hf<}-!tqBtg7Y3GX&?VUAk?&O35Rr)8wT}0$dLD0 z2p${5(69=a*i3}BM?l=%HRr(;fn7WyPZ|DRCU4(Y+S@o&$2w-YcD@|zzBHVLJ1UOv z0EYs@r+nbRA1J=$JX^y*fIm%vkPy)Dou;W3SdnDF641!&mWS*k#?Pd>P7_F~ey^~L z;Rp~#>O<6C9vR!F=0c)}h)Y)Yf|ehxghezJ?fa&|n1mK^kT+ilpN;?CN$m&bRXd&( zEKZdPRnfz6bs-scnv4Repl{+C>%fFd`5K1;!lNHD!_88|bZax9oX0=CDIYRUd*@LC z{$eM4g<*A*TCU0L6V;kP+kUas&&5~9jO(?Vx4=1&98 zEwZ3xta$SQFVatDd=u}9WB>-5ZU6U2YY=>cYruEG5D5wmTH=o=szsI#uArl%Da ztQmx)W(^_~U{g)@wrdf>YwFVt6I?G)9QSZ&(MP7N`@&Cr@|W5sCM65|Q1Rzk*Wp$0 z^nV%u7(W=)`xu-iXx+rq~&gW@D5@nBSbesY37mPjxPgQp55O zn#3KIpEQ3hS(NLBB-}LeD*Z^hVc{7Ana;qwz~ep8P>HIyN;Xg7o+H_uVO~(t4Z^;o zr}FmwknTJYP z7#8^;%{gm^M~#O6!!Ij;I|9o9Wekn6qzO; zkYgZBU38ZY{xRF8N*fr>-@8@euC&NuJqIRGfyD{SktYXOEHsXWkcC@fj{0*Gm6WF= zh7b^)4?-HUoHDKy6bueoe4N`Vfl@Ow-yfA&EfN`6w;wa1C`)Ogx^>;MddBb$Rhh0p zw?5o5L|SYrvJ;E~9ZM-T`f1F8?%$iVPLe`%Q#u%GKG}om*7k#zNnM^nk1R0}^S7?v zf}}f~dP;1>)OgJ)n5s2}PcPH)|9Pzq?jKzkL3dLMk`zp^WB zBLr-CDbQqGN^))`kT4IEH%=JbMb3W%u|y`e%0r+KRts*`jWq!TojK~#SjxLoAqpv0 zwSrc(*ZL@*LAN96&$im(UNCAs0U}{oq>xyeJyj%q{jrnWoR;7NY0v6d zKmR?o)cvn{?+=P!F-@8RRqVn19Fhy+@VQw4&0WL;)Pj7+X+)!GnP|Y~YPW^%DLSd! zB6ZBdYnb$^pOKu(2*{WCG6#Lz#xclZ4CD`vA)Rab59QqQivSeG}QBc6vNH`~4 z`bn{Y1#Gv{u%t&iC)tf*sJm5-4AP_jz)d|2nLlb0!krrE$#wP5%J89a*Jk}BW6TV- zrP3|2!k<<9WwT#9n^R`ReL)8c53$-vTVvj@11-v?>;j#1VnGvKnITql@Z_#Ciw3sh zz}(xRHP|mt%w~}ncGYivP*ZH5c9AT98`X9atAXZiMATjH8YEp!)Day@m|v(^Wh^)B zkNK}$rY;>}>2?*KzG~PKqiCz*L#PPd7h32HGOLH9w73vV|B1-N)3dV;aAf}NpWiT$ zi>?j{G0#1n>7l#X*%z`1>kqZ+(UH;l$$z^mZ2a;--rtaH)NO{XKpbV;!QB5`g=lA;WpnV16FoWJp zwgQ`nMB)R8UF2S2_s~28jUBgI2tDmMhFo%6Vi^#J7?hJgkYxLgid-}U<+m06SvGR1 z{AnskeH^R4qonN`+$aYqkIE&DP$;gE;L)vP;giAUyJW*UspKiNq#Ei>HIBVv>MGGm z;FQt9w~2^5A+3EhH|)aKJpdUoqGm3vY+l;m`u@9MQ#AAd5e)wRG~fA7Bw8eO?;qGx zY`aQdaTP3OcR|REDhNjm$}=!Uef`1+7V(Lg9W3`+9|hIvS_@63m`xIZ!FN*KmSHE% zv0u5tR+EOR!Isdngr1X$8h|kF> zu!&KM)^Uo0*>ygnIpZEM{7#{5(v5LLiTS||Ki$J774(539}5jiZ3*U%F z)*3suHkvo@xc7@5Q&5d2jpFvvS=^_zia}9Eef2_z9+_n`mnTHf}_aw^%Bcl~5WpCF`eQh53Ru zOMmtun|cEZ6czvSWUXp;B~vuCG4rO)kI*En&l6^_phh+|>nKa_`y@+C%k^*m+PVm| z#fNHBN4g`bOQlZx;(t2LPANLB8hX>Kokc0@$5_8F#@q$9n+O=Ve0Mf&U+gaJDe=@t z9jXxoseJ0GZr7{3raSK+%C*N|E%6Ctb7}uktwh*OZV@{lq^BmqA6kT#oY@4tVmr9c z_DM2-7lU+%(Br5v0Q0F6*8^d0L+vLxjc5n}G`G(k<_m{0D!8)`BRrzZs8!;Er0ggz z^!PUF1L-yo>VCudwp0S>|29h=PnvGe09gdIgk&SGItZ~(!rB)CWq}&$DkaY@r_wjt z=y~kp$$3lsq`DUZUvBqU#QFm1m4=JPC~zbC+Urf=3%u>`cy8b5;%= zrd5YDALGms%;yl`7xU>hqw%4?B5nw(kNJb*#-M^jv)1p@DipX?`LDaE)}FtCr%(k= zZF`o~%u5y}tD+k|LI5o5cNzqS+Rw%KSL)3#^|0^qz$gQV+|X#|O2AGgB83vA`K`=W z3!N|g)$LF0%+utLQ`IH9UfN%VT|a%Uz}CbHUgJ}2szlAMbsMA{di~gCfI||r#E7h7 z9(cg8`S@7v^IP#JWm>cu@~#kJmcxeVz$sp6iPhISzaBP5okg`R|&29Axm2d zxi4YjB} z^|5~%{25hU(-6FUe9=t*uvS5HB4*7BTKO5UNY(d9YPO5_ZHX$tI$jg>!by=%}Z((6&m> z8)gBKjlHW#0?Co!MAjFDLi63@Ul%{D$e~1n^fx*7)`%6d8Yr1M6n+ntyN7kfEQHIu zmp+g-WM18e*R8lUW*EC43+!{P2)|TJzcd^T2p+?~X1HE=+c(q@jKU3t4y++qjqMA% zDCF}`FI@zD*1E#WbZp(@yRa||{u z?-F>`m_=-mJm@juA#H|3%8#=0|*CC{oM zscCsx#Y3AdyOPK7j(Jm_#k+?sg!anB+7H*{?Pf&1@riBILQ)DG2y$iKioxf)e1D(c z43^BKb6VAY$?Mh&iQN(ahHLFP&YgPJQpvUT=53AgcrFdJSWbeihE&DJl8+~0SFbP5 z)@G%Fx@hEn-dVgqUw#o6q*ce1D zOUSQm2bmir{Y@%@oJq6iJnO+bZCD!kp54)PBl(Tgp#o@Z?J6}TPnH8yrxS_(_4GAaTi$Lg&& z!rD<%M!SlI*Pc z4%xPvFX7Iy@GvEvGeP^W_9Wk!aT4UEU80y}(MR7Du>`bJiy_hj!lk6jKxO257vveK zzF+FL51_>h$3^R+-c7LQd0mC3f@6xf)3kDf^Ia<7caOX+ z%)bbKF*lN^dZicl2v@&GSUW`H6@5m}W6g|)_}q_NT~9cCa*u7H;a@7*ulsQMN(-+` zCNnXWZ0DfbtmC9w5<0n2>0tlnzMR)%cu#HS0E*Gax%fx@&f_9NAO21I!U7G~5VUqO zGXIRr5fuRW8l&dMGtcBUuRns`M^Nr*QJHV8?J{4E`pi60a5SZ*HK|rfe~*Sw*~Zss zahsL7@PZLXxP??a1&KGRjtfMF)MO2?X*D&rb$8WFH5R!~yAl!4T*$JNJ0Ydx(xTuE zYm_-{VQhl~1_J<61;8 zLsP=;fn1%5Yh#H4Bco! zvI%_%Y&3SHjR|j-5-f<9oqE!rBlB&5>6!b1$$UvOt=(TMtnxRzS+ za51TJ7^dr?7}yOiqGQ`kJ&GpDM(h6)%Pa0Kw*+15ks>o1w9;tVv5-VZn<81z!>o}( z;4;_kJRsq-iNcxEFpvO(U=S+FW+ewnk`W`??Tj2Uu`Vk9?bvJ6Z`oC46sa!{>a})A z(kR=BlUi47xE?uS%uL7aKp! zFts#(E49MlN?vFlF522SRG((ejX7>es^k!_H}wV8=ujWD>ri92@L^dUA;VVW2wAqh z^&6dSgtV!Sd#$#UA)r*qV?oh3H?$n7TFKjHefqRre(beQR%tw}c!f+M;pQCKqCrsr zTAmg(>CFrsV%`P}5;iE^Bykj$OfoXo$Ir+Rx|k43&*%&QZuwZIs)w!ZDf2i`dOWTn zUdAV?PsbT9w%@WSeAY)eP>fkIZNKcSoRGUNS!mp1ndc1I7JRZ}ot9%gRSb#Ps)q21UUZ1;`3bI=dFEvl)Y+m@9fRoGZ&@|kek`g&L*-yVb%z<$ zNa0j0|J&Eqd{aem&5pY=jh*H~Q26ZXFb{cc`iW!hk`%0A+q=%{Rx;GfX<&aUm{iqN zyCHzmuRlw4aQXLumqO-hT^{G0rLpJZMiF3t8KyJF(WLb-1rr!MI0T9_krsFKn6A5T z>qXkPT@PQFz6ujaU~nx6P{{Z@z1auCZ#Qo@ z1{ny=9`bh@!r=NZ1VYS8=X#B|L-gV*O!XJHL2~=!D59;2OZ|{i*P6z`dXa-4*h7&~ zaXa-q(-5!~z>S9BT%Fh2pGAhy#Ocxk9psWdbWq#3eUkKGYhzQsrsm|d*+BLbD!GIY z6?)c+x6}CDOP-PM(6esLq@Xr*)t>m3j01H<%rmJ|@cJ$1bmnJ^@H17-z{bDzB*jqUh;@muG7T@_XptYX9ww0X68ovbvGPLaa-%(|JQM5b{S+p! znowx&D*!U5bnzF|ts$EX)s1aq1_W zfo`1IAb?s zf%asiXVl$(MY(mv(*ovlq_t~z%=knT`NxO&&(iOwtJ(@W(qDu$!9QNSYIAOQsTKv= zma@2Bh+M#|a$|6;YYnc6{QgSj z?{^Bj<4WW;ZWC0p%YP9Yvxp+I!mxirNg34FMH%Y+M^{>GpvDcTebiGV%{;cz>x_kG)^Vhwmf{3s% zg%mTXzc3i=NvE0DRsF;7?5BxlFV{K~Q&-dadLBJiuhpd~uPKkMtBbCS^WjGyPRc+w zb!pr^K(2&o&8}C@qtTn-T23S&7h+2{#FJ~d&ug1c?`=KM2if~A3Ipfbr!kL?kEX9q zUQQHOHW6n~j__9?K`?v2ayUQSBjyZ>j|WL!tJ#O3dEtq%b#kL9JI)T}?iVs6ZCqli zySW@{F@Xspd-^qG>NR7;hWSoLL^IEM0jL&_}T#cKb+WM%E41Ajy|I zc;MB9g;&~r0krnfCRdh6Tp1E|p;K?eSzQdAQB_9&@kc89nf}eH2vw8IGFtj*Q&gx! z0+GIPZ@%gPs3pgU)40tr-?w0xJzTb`qUH0FDQg~4evj8!3prC~8*CbBg7{tPsh|o> zn5;ue|Az>Tq5%gMcb9i#>7VQX-QdPh(N2ih!h0__X%)eYkb5Jbu@}$Kqo0Qel>ibb zYmUmJ2Nw?$Xx0hH^^05`T>AbUO2hNwL(qjpzyk?Po5^lBz>{mi$3dy$n9M4xrAE+g z>h-(hKMn5X?b)u@#Zf@#LG5N7*4K>&sw?s7hQHJ+Xuab#WMH%?>`5As4I3!p=zClG zmjInIBOU@gkV`?U0*0O-4B{Ygg!yEm*>gA;2^>MNWfBM(Q^266FPb*NnG%;K#uR!% zmYA`B$|Us9ET@P@j=yz)E+Ts)LSK43f- zw74nB1gIGxJ0=^~Y;e(2hc~Uy%z%Y}P~~?pP+mhrf}n~)s!iYI{iF^9es?JsOvT5D z3Z~u@6bvXG(vDGUK4H^?VdOH9#!=XghpxPDpTR!}Mc5*m_|Zc?SO5=#j6 z&RME))E7CI)#qs-eH_EOOt9&smCAjZQ!L7kCstRd(RD9-D`juQ8k@Oa z_a?G)lU{udo%%+J0Y12G2w=ET>`72;VeD^)A#KPegTV+GaH7ThL?KjsXrje9G83xZ zw{3Vp=Z5uz#r$PM(ogIvGmuR4Yt-N|q`XS1z(JwGkRYb8AVz``45$Mosf=nIRXNZo zgrmLWN8;b&CvpE|?69K+ZiroZ)a(%ra29`w)dUxFOV7mNm|6eu458ci`@7peM2iIR z->Za4!6=ML{Lb&-4*EracObt1!IR)hvMt=>?+5PRLt+o1*$Nv z6bk81{by+2hVR@g@LFw6Ym*`=>^w2&&$nzQx5$MeG+vS^h%xIiiu9y7xf2@q;P->R zUl|n!beBcO9T+c#0|ONn7lMq4&QcecxfeB{9idDyOF?n0yo>SQ$OvFEBT;e*vStbU z!MY(tio8qxogc^i zh=%tn3JN4@IxfMoS(*rkea${! zmn!5ALpUF22(B3LAtomSDlfy0bNl+g>ep}E-Jr`)Gu{5TYCSC>Aj+_X?YrzFqAe7M z{%mOK!B*#15!e0VwNUOA{(t8ge>Ej-pUF0I{yHR9Ph}1*%P^U%)eK@o+$8RoO)4n8 zM-*mRMSSS&@dy~rWP1?pEPC9$JTf3cEYMH=5FRQ-C)Wz`+Vr0o{d@L3MLpXn%faS+ z_3>tXm`tVtc#zN8EPc8dWKpTW3sDb`R{od$gxhZdfGQHPAcKvK&F+o63LC1jtL7sy z4}}BF!^ibr?3kI*n?~!m?y&LhKsXxlR*KE?J=Z@*xir^A&M{B`s{AEgiuV4(bx93j z0e*A{c(c%*!|8vgXj@pn5Ji80x+=I|1I&~{Tbe2D<3Wqk7dRAGZp38y_we%kTqWS& z>wq>XcRU zgnSjcbMbu1n4O5W=&?5J@<{l7!eEHNFsP!6g+Ltm)55;tN@LC4A2uErjZ1}jc_KGm zA52o<&qf~KI_M^AO*VC&50)?QM?%bJia}PFBZQ+I4JkqD;+$tp# zqPr6JBD*739q#4|Ic<5b_EkLpHyaEgU9S&a^5TQ66wOkN@|cYicsZFc$G3x#MC ze&NPj6bAe7!zUD%Zxi2Cj+cx->GD>vj0Pr&IrMHoRSq@n$@QJrhs2jkT3ZZBnXc;( zMHS!Wa7gI&aXT@0(4(1t>l64mWodnni1+bs-Awf?E9}aL2q%sG*%$E1R{u#u3EHSw55`D`(w4uGx)O`##XOz8q$JSYX*_A(2#m`R=tO za(ISV%R~MB>v zBy;#%QIV+kd7E-OBZ@37Egf!2vAVYAg1P}mR`;1^M)5g_eef-76;EH?p=8^7fYo~c zPi6r&7B3PN`(DK2{fH@*-&hTHCS*o!SEf8-ziTNrnp>F@e8jQWrZ8ZgI-$2u8%y@S z9$p$q^85!#GNSTm8DZ~MapwgAh@!}txdZCH00CUpG9Y{@7o{n1kt@P2y`C|=wd3{+i|*s^-u z>%KgRcV$RktC1qIFufp3!`rObwZXE>14W4cpsMrr|0)F2WR}l z_+zU}BV^Ds-?Y!$)eVvL=MZ_XN)-R=Pe@jeHq2U~)=DJ~f+$=&$@>YxvGdpoXQ}AE z49QcDdh)bD0ZPVOusR7=Q3~9o(5A$3wI#WKQ4wcuDzI!EMCIRZXMyr2RfEZ#jCG72ltCtx5job6S z^!=NAmEd*RYBrAxi#?Hcsm>yuy{^O5K89Ch0@3A&F~Z-{DqE!!SELaT4(4&0Qk^n# zadhz4rZ!VCTk65MZYSB6jfo1Th^RzP{pViEDbAA1txyFV~qDdlaWC zJ`|jGlw7~SJ{#{vg9JcuR6I$%enX7B_b$5Q@l2j>#_~>&44GKK{l=BA8g5v%&xI9v za~k9TjX+6#)+`bNSFD2eRgkg_qEcZ-N8M!HB3m@?_#ruB#Il`Ea{0uds9j3niMa|} z;mQoZHaM7bZihHgZ~n)ahXyMy{Ii{aiwXz&!X%?RrkLq|Ya&Tz4_VGCq$R;QM1TiC z3S`73nKXlRu5+t{LekJ6zv09_3jpbDAVJ2CRy(GmP*6i`G&SNfS~-3j=ea@Ny{wRb zcR<`1(}m`|*+F!&JQ~MNuKIBXefBE@SUEk+lnGKP9&7(|p~a0oekYLc5ozcAfBTpW zW|qNuV!t1M5P%6A`_IqeTDOz4TM zY>^mXEq%`Zvpc!qSG)BK@_YMW*nfWl1{CB>JLJ75*^TG~!p6nm85`5kRm}0-()+ zNhE*hrBFB$$i~o>_;=Go`7I&r%sYg_`KQBw4#z!dPY;YXLP&ysYC9SE%@}=ks^|u5 z7*tjXbIUf^N{d55c7f~eZX|PZrB?HgA3q`_tX8{x+IM|bbI~~=73P0Nxf+0Vzi|;J zFl(z&;9hcjc-lc8V)7%AcZuEU7W={52O{GexJpdkW&blBy!j5)k|Ik=#_wj(a?1QI z=)s&&Vwq@URijzJT`Kw>?*5{J=$FbBcN4xDfka0Z7nS2`F;6IjgXMSxhpj@&1sLFL z@@(dEcY)gbzHj`%e4cr~cnw}*WgIRVRsVv?!-CW=6t#Yfzq{KuG82e>{Ml^HtzHs9 zzq$2CdbAFXs$yPOId_1EZDxdE*+3ab0`LEv^zSYK^SnRngyaG!NHnal{qw*+DSJ?l z_h$!>Z_1Y!2dcQZxZ@Bf0J{7=@1BXV@rX%^PKf%h^1+H(&Mym$BBk>{&gMk* z_%xDP(t1>BaY{LL>x@BeN>TpdP_;NDCsF{|_vZB;C;6b>DWMpb%5rb+FmvuD>~yJk zNU~VQ+9)(tqyWSB?>T|FfG1+QPpF-lmW@b~F*O-6hW$gT|5hL6498HpW-%H{o zTu+@&VbX(P$m~sW*drEx6GA)68vG##!u2+FBau{5L@^YA;xRuFju1PQp!~oI5Swdo zYx*x9i6Vk%GRTv@Ftugq%Sw-BmF-8DM>Wgnqi{Nzk?_7RAYQnx9@sJ_8_~A^y;P;6 z^y?SpH!klqbct3r-vhllj|n3Yqem|a7}pEed%rxT#Nlun6!rm`+OL#=B1>unbdqNp z34dBaE_xVv@{-Xq=F3JVe_rsf5$Y_^l#`M4GDZUWH^=EDcF9t%O$$u#D3yK@eZUaH;y*<^emeq$Ci^% zm|GTn{aNJgZj#MPlet$^|L<3z1DcURLiCMIrmX#ZSOP$>&ReOuu7~uwH2A^J_Q~#8blZ&RHrhX#l)-;IvBxTtZ zP$oC{tv@eV+6sESY$=tJZCm+Aa{EjeQAF?^g=TOCd{^WIH4T<&idK<=R6oZ#yI7Q) zFtgc^MLq|X%mK~*M}k6SbDYJAO=PRF2%ktj)vGoEWM8+lYY0EW=-g}8FFKBKu=-ve z2Fb({>SndE@B704SmO-&Q3faiHo;@dm*(fX;2Fc(bXO99SGJNoz-QUI-v6$bNkUmc?q3fyezi_fh^`GW6v1)N*ucDw$TfSjxen zR<~f0l#5G^Ml4@1GYixJGTZD;0ehE4;;=lFQ@^w?PX=}6Bp@Hb<7DRA*Cp^V*tey$ zm?ZQ`)G5yg<)8CTE5MWJV|YYr1|i(EV&KD=6^?Yj6(fMyGEqwe{y1eOh7)fBOzMSX z6&PM^Po7;At^}LvFRsseu1_v1Oy&RSaGoQ3P)GZ>ES@`TPX#7`rsYQ{h=rs~JuB?} zU$3u!1SaYu5d2WD#>=9t7zj{(FFLS#@Nl&w^KscT1f0|yKTqIJu*e~l&IIY0w{nqt zTK|_9V1_Vv9BDM?mKnhbPto=KyA&Q16rh-q>U{hk$Ss}!hAK?^XfmV3@@kmKOV-9( zSy`DQExuLyM`bEuk}Ql|E?FK*+FbE{#uDZe`8N7a?DYkHFtN~e>#`6t<{9IJ{ z)XG+Ct@>HrrhuB9Ke=lP8U!n$v2N*OKD%Y_00tuN+nHQZ*=Cmoi#NSg_|2Cx4DlM= zt|XX*5NwQGJKvA?7WtvjJEPiZX?gD7|D{H7Fky`KLCbIYBn{Xt@dclIku7r(kR(n0 zyO49<_o+GHh|{9_`hb(zwH|k-FFVM;OYx4r^?K(%8jy{pk{Pv%qohkqaV%&&JUou)%Pf>M#yF*irs~40vwsw< zmuo}_?@Lb)A9__*j44W2u9Gxhytc&5ohjI0&@HZ=L1lvoE_dHD!@Llc8n5j!-r?N8 z0w)Gkb2u3GZ59qbN`5)qD5q`nP$$jZ*z;RetMLs0u2u z7^}r)O&-jg^RZ)IO*v7p;`zU|v4K(eH&H~OsM8`O$qF(rjDd;y*N6ibcGvoKSm0q^ zc?@Uf%D)S3;KgdOLQzCnMn*=crm(2!FS#o>K_x8oE#!bhKbBA#!V>4jKGIV_Z#%p8gX-xx#LFBDfHu(+~Y3D1XWv%NsIqa z3*ZgMpG_Nph)XW=i!ujTT$BN5;JYG@`&w^zbY`tK|bjsS8Mjadwik_D{&{9k^esc*gz-0 z=8Rx?z{;j}NT_15AE#0$Q{QZT+nMvuHgpiMBX0YC=tda0C;PW%-ygWPb9SskfMzH& za+xKX*sgDp8IJi9$J5_|$>e_Vi(mAHdgWMj#OBXljM=OGTtY&EOrJhoa|w~zh~%PL z251fJ3v4n0)HYB{L>~j1C_S;gN*DaA;HyB>qr)&2QlAVwu0$-<8MJ~-2u)R~nV>n* zQsf4rDe3btZRKK~;khS+A+bMUj!SI;$euDYG>c{ES4M5(;(zVzba@qQ-*JJ05-XQPog<;R|0-bvMnJOd%j=%$Ok)CQQ(m$ea&k``|mL z1F3$_*QJ(YN)~_qWEVf@!4)+&Q@*-xvYN+|LEs$dFF}pPRr4}6lsL5%+n|}|wHsmDY6{Jz zZiaakH7ALP>cp|hgsgU7WTpD9@kxW zo#f@^^}ZZ>(fQ**U>rk$h@0O9zXyIR26>OxE%VzW(x%-zlZO$J6SZ&6*bOZ{Nfko_S;0{4i^I>(KYe4pw@wXu#jP({{*!W=9pRxYEtZlNA&9($=LS(oc*y20WNe& zix?E4va(YBRVf_idGi|#znDd`xz1zz{&08Ay2QuSR8mMmJi&e94AYNq9|MgsR9)Zp zfgGED?PL134-^KxH$!`QuZAA^_B)beTAIYc+%cRbB#Z0?7JirqKQ4ph_5e$Lq+Ul1U!FqBXW^e z;ePQV@Lf=b6o2p<_3jfI_G9j|XuDn();j0=m$)P*2JfKT1zeE{O=X(6UBD5**M^z! z#pULhZ7GmrF?h*-jr+dGzT=y=rk?M0_G>RZHg(Ou{n%dD?E79P{v*RgUorlO6GL5? zYJkz?!dXJbNRTkEUAtCjvhx>Dxh`hRwSl&LmYGN% zv}#J0CT?SR)o>L?tMGYu!ZnoB?>P(sYUQYfVA$j1Cr(I7X}PqtL8WYAUxS6c7+TSH z@4gqW_Z}-4%}Yzvo+Untccsx_g**M=%l;{yi2Xd`(`~BJ%KHb6?uD)InUU* zSVi7hnVGtfCGm=i>SNZleFXkt?Eh>;2BKq~K95nn2NFZK+b#Frd#~Jj>#dqMXy?wI z`c9KsV+5x)Yu2d0TqfWi&SGAFK636;z&?UtOyQjBS?!y!p_U^jh1$pPE;P>SjXHw| z1OcwwCr_dJY;Q@DwjLxjGq^RN-u$o3?=>3hK`bRD3BIjKNzt+-y+N`PErA8G zJeKaL#Ra_8FL(^yw~nooN(Qh?hL~r}HTG|gS%*bi;17@aBQK)+-fL{jV}nEN%!IjS z+If4^`ev@IZ;u4WVRcMwRUi&pl$x3*JyFoaxZDzln>S1os)VNS-a^yUpuL2Qk>Ci7 zAAZk0_s9)5+#q+~eYY^|pRZQJJ`)0&Dy*-4?Q8Pc&wf^IWeLQg3Z*EM(h}vHmrwUH z5<}M?s;}X$@#UedsZ$&Xgc|~s+|sP6vbJ7cYe<$oGEF))Zpv^Y8?-dodupx^)(_f2 zQ5fw3lCA^ua3WehRZuHaTnImjZ;^{|B1)ogGB(`un59p;!hH)t@){AOL7x14D9l1L zt;FxiEb8OmHGp0S96#gy2QxrVj#c4UUJ=Ere*Gz_Qq>Ft!` z$H&D>a%zXfCnSnH8QGu{kjDjsvztgR2KE;8M*mLuT*x#mU%p(WgUlCXy+3?sEVG5- z@cT$-t;8Ac5$Oa2Zp7goX1G&^EcGjT(?}=aw09s7!4Tm0YD{fu(p2B#k)2U9r9L(p zSa@_WWE8F4n-FZEHCn2oQ{`ju#d)u+TgscdWqM|`3QFEN-41#rvZ^>ys#|(wPq{~O zz<4a5?3R}fz&sc}JyX+>kP^|&HXdt3xMh)bGhFh@VGp!#RygH#Gu`sy!B&l8wyM}A zRjpB)oY#fW{O_BWBrhInmCELBnVAh{8v>e5$J>EVL@p_cliiiwQrgrd`6)5TKjW4s zcQz`sv9vHjIzY2_l(Zo@0rS|n7Jf3!G>5P$P zWGD8IkqFUUbD>QHj$eDuJefBqRgTwnBO7{;t?SqwzGqqJQUam~(+lZs}MswT_S z@%*9$*>{ul75+vio zm@z%Fq#(f>6W3A_t>lmUDmVu?pytO*8OE$Z2+sPZ80iG@>1k?}`7rNb?v+R`^ATZ( zcJF7i7>40&nk?PExIm*NHMDieZHp%$QCgQg@YYEzF8Go=#eskWfuSH^=n)x;F8;9I z>O!j7(PAWYZunFau%7(rMU!RKv`o2VF>|Xxdya)Xzv3J4hXNvoI%a}j@C_<7!c=9| zJjljy41*G_bLBE({vI`jU$p?H^|(fcfMw+zs}7I3&?b)HKG&4C8Qb&PLM#PnNwC)mO9fh)GKYi%gV}BRYo%=G7?j#P8F)SX_Fm{ zl&ZA8U1M{H11L_P4g^LM0z}*_+*-fU9R19(u2_&K3#VkrA|I@?a@Lu3&6zoq&7QSA z&vrO-itPZqvwe>3SBtE?hP|iG@7)st4d_>9`;2M7IK$`KvKf6>7xwK6V{Ch{(6pX_ z?Lq|ZGR)_6WE?)%%b$0aouNr)Vl}5Y5O5$632G!hPqHtN2V(;6@PqadZ@+RW0W#nA(*MYQrT;$bu_=*+Q-XtlM#Awja>4a5 zc3O2nWY?(+X1);qzC~ka{-Kx&&6k=HH{B@?1RMwi2LaL}^Ya&vBxAupB?IO`E$vc) zoK##GJH>wp(8^|Bfm@j{|6BQ2lT4UzBsTwA`d@2w*gXH|<9E$D6WqO-p8am*RCFLP zh9O`fZ~rEk;fj+_u9ztIUO7|d<%QO!(!Uvuk6KK?n1kPVSa#3KPtxcdzKrSkcv8+? zI1q3kFjgUO)BHU7-R+CypVv;8RD>IKN?;Hm<8=thDQSij>QaE5FR5_Y@R3)BbeM>J z;(JS56U$PG}u$o6wnQf6Cr#+_dHPL5|~J~ z!?cOn-6OqF8=+3_;~Xc_j3No<4uuH1VG)4vJ~?Ww=#NLKp;H_PoC^>zX14y`>)!Gv z_^)-!;hGlxPF!>j@S{+JX!$st+Zqhg<0enHI)(cIwt%Xfto6WeF;0CK18NvR<%ne@ zX!F`04$qVTfOpPS#oOLPkEd>!4xF(P9e~IVaEdS+_KjWhCe+j%`d$oQA{=%#f+2K;7{KVGt^_-c|N28>X|mY7zJsc>5IoI{Np+P zv-g*lF7nl{ARJH1*#t#M$L9U9n5{pZGo0mNAn#0=IDKm6Bx!?GeYir2DzjV?dEfo? zUa5pF>$zSE(-E!@c|0iPj`U*xo+ABThMGTZey?4SrTAi~dd@Wm0uBU%hd?0oh@;R) z>)q4!vcIxfg)@VVOjOH|%%8t-GW;nz5LFG5t#g@)0H8>HC;&3iqy~dsFz2V`xYSua zoHQ)f9MfzgD3p-0x%{}nzyOXPZJms3b4M=kF_g~F^XnC0F)KVM23Jo3x8 zPa$-7U{UkfwdRDumZRvp1AiF4mHUAf;uEe*(0s&&Qh)Zx`{cUD-@^M~N&_+yd8rBh zHuI}qV_O%5?md#`3ZJGrVi}2j2nN5R$p73EenH%+mx#Tdl9&w^ChSmp{BN_ z1Nj~XW((N0INAG;yaBl3WY>!Pg0ponQC-7tMYwx4X08y00- ztB6RNyfaq^0uca#URp#18^XdMA)h*Ll16s=b)Gs+d>neEUi4g?$s zgd75v)qwSV1tL}VXCl+GTrxd7NghM4mtcKd%RoQ2Bmd7bFb+(#MtZX8P`w;LLbs2A zrZ7Sg3zsOo3*UR-g58{>V3K(j3N!kw90qO2PHk;@XbStRZtjqW->#68ps{3X0%0U* zb~H675i2Ql6yn0Z1K_QK8a-ke3F{@o^c{K<)PoPU5kHt-m8UNH`2cLI|6XPS=X~E@ zQ>`0qqWQtt+8V~hcB>&Wg!f13e;v|3S0lc6eoBIzuJ;K2D*`F{ z%+cVyq7+#+B~>*EObGeh?i$H}ntIiYbTzZ`z}B@LnL&x%RVsvM$#;d>LMg4GBN^{8 z1=lZ~l>t?2tZKGAu&r%r??&PwIGgDLF$(z*ps7M#GBJFOn5@V5b*h6lVZ*^Xd2w%z z%$<bc^AT^Q*|DtHH#)CgHcG3+U8E#cA`-khuqY76(B8|l%m=U<|QMo*?O!|PSmu4 z-bBkB(3I)$FW~Xfsx~zrrkT*B%tWPybQT9HQo6&4RnP9KR{BNZU7&^cRNi2jHl;#q z6Us6LT52orT4P_rPYqrxT_nTnzW%m|K*nSj6ttADzPS z5c!Mv0(mFzk3W7d-UWUiGr=zl=lPN0gHn?v-ZNLDEWOMG_Vs%sOuQ%2Cp8m8nK|); zV^`w=k_3lu3G@|VeJ-$va-`Z;(x8uv{t;ZzzXxQ_sApN|l!jtTE9gpi}-7EPKa z0x`d^r$*|*q_EGOr<>)~1GUH!-3>FLM7eH3w#0!c*i+K1i+v*Ld?4>6ID20(HC5h& zM2Yp9V3M_dXSGyADnxC^Y*yv733$0yhFmoAc8wQ^k>OB}~|6`>+F$v8PmV>Dsw}@b@0Na_zIST>O z+CU0%j~fecF7ine1}lfETcqbe6`ZZ7$nUqEmJLU0R68+vi!*y7Jz-eW2G9U%VyTtR z0exbq=AEaToohiu zNQ)K}CP^6tWjjElzPxUdYT}>VUMcf&p8fv~3){8}FJE{?Fx=_K6!3$>IV}33 zlanNNLO!-gl;-hBcXhS&)YVzc#2M{43${gP;38<|#D!xIQ^lM9S%n417IMS2aa0V# z=9b{`w-9P>Na`6+ziF6kzGY1wc@7ewdoGdiyJYDk8 z+vVcMH%t?$t;ZYW@oklI+wxpUfjp83M&yENY07l0-&rMhtt!;W76v|(AsPA%2*mc2 zjX=VEs%dlGpDh_GPY2-cPvtRQhv8pmfH0T{De<u@XqljnT>!IH!jWwgVH4ryk4TT zhdx(N%FNC<@eL=Yw29V;F2;kO|TVrl_5p-GdakpN)Eap8No zaAJ}re;CL2>D-zFfwKt#Lzn!W1GNON9j=xGU<`b5wQnE9P?Y9(Vl7aH=uLsrb!x3| zg}{kU*3Uz`a2Q#kx!?!6ktRs?DInT|q{ZxaAv6i36%;@eWK=VU8lQhrqT=Hv?b@rvebM=ROC`$XQmsQ&LV_gDnWg7w^5i*uL~4HZ zJE^?yr_%cFcFFkIhrx7YN>p6IlO)n5Vjk?aSce2f>*yA*gd%LD3IX!tqLDGjSq9V_4A!x>82%5nDv*VZ zi}$K1I}xU1JKlE{wL-Er6IzNa4UiEJ|zoI z{*1weIzzf1tHGjPVeL<=;OdYrFhWxf7zzrUepYo_O^&Edpx*?|Z_kJ3ff@ovQOd$O z;`$vBa8Vfc9)w?HJWQd$(;%lBQQ)ld7NoLfT78CFcvDmiVc~ zD#ag_8wk-LWFpRFB(P9SOBMI!>!jh)$G}7!mgvL;iNU#^<`(HVbXb~@$S(OqAC#Em z$E9=M{=V55Cc$j=3SW4dIni;de`r`8yRY@Q+ap5px3DU;3XPDY3>N;?-@b;cN90Ll zOU8gXT!_4Xzqwo{!!~s$%xQR@W`;B1$3O?@oRoOU_S$5=j$>Zi1>033YoaoArGy|G z(vn^9qsT`6_h6!wh<@14AZ*sv{Xr(E*U@9J$eo&%*7i=x8wWlTRAGlx>NLnB81>U! zr2G|T4UCN96bAx>LV(EB_%OnXfI>hr5uKHlUcmuEiKnK*^msC?1YlD_e?~GD!6K7E zClYxVdg=VIQ}+@qvo28X9_IofWJ8TXpHux2(_4j$ZPFrhhP3AWOLOIqFq0)CaLLSc zdGwtM;D{>qz2L%}rccWeEQG!jJ3xn;U<#W6;TP!;En7&x*3Hh4-@jF+Z5dL05(H;7 zks@QEfkH4m>vL@T_-0<*^19WpnVtRW;QItu2TYBl!eH8T1eOAs2#TT%N?_9(e8N6g zB9@ULXB8%x_<#t9c*-3x(<%G6?@8;9ohmJFKY0oaLxvrgRDy5I}o zA;a8XG&*9g*5!nF95$%Y2Uk7;#Vw}jy?Nu z&$fFrOoX>j>!NkiH#F>cW+eQ(H$DJwQOAD3iC8F9h#Orq@gSMFzC|erE(@R;B<#~ckmh7G z`}97lNSJoObL2A%=2-_kkkcS?Apm^HAShj69%_F32l4DXAZ<*fYLFQ3j6qURj{?E8 zTW*r{_gxQP#@qMy;AMw|&n52FVq(NNR)5Ml_KXF06YB9D# z0JaUk1eh>=;nG5FM>_K5%O9w@z?9xV$alc6z z@5^f^>fC&<4FwK}OOfZnqL04q`snabJq&Ygs7E9q6Ks-5$c%tH9d&hzWSTbJz^qX&x`oBISEt|JU)lYsZ z-3<+ra`{?FKvHDFf8HyVKm0GL_|N~R%mf({ukOj}V+{W#>tH!j5s{FY;~6aSQj=BE z(~WzNojeKWM5?~~eM!0XW=S}2g|s~T9I|3pNc{Zy*2mZX`%^?Tw3(9*r^sLogJ(oj zGmGXyJ0a5M4@k8KYS~UtJQ9q<4z#0{;*3F?1$v>iwMCknkBbuEkDr%;R}=`j z-6PS^y7AhLi(sCIe`E^MCMC(-e3vo|4DXrl&^@K_q(9Lt$kBy*ahNmFMN$=<|fMQyhJcK zcsG5n+v^UrpOX|L03$wIEIRb9ZCdEQ~6c5vK{qv!G)6Q zCVA^nm1HHwYA_F`5Qvjbi9&-em{+qM?=}rtpxLgclObWT>n%|H_ZFVEUFtp09rgh- z8Bn2FSW|Nw?h{r930P5i=}$ChZVY@+xi$A5P{*iDtqPf~e5 zIrw0jU*9AR>z~8h8LiIL*`N6oA~FFP4N{_D))Nhcm38MQB=xE*(DqsNk?5{(ko4Pb zQK#(m+i#W9fBKd*{_S~5d;d);6&a+vv2~i?7~s;&HRG7M9eVf$13n6})>e(!6jxj< zF);ILQ&lo5!bd_E!Tc!jaVYbI4+d{|?~kEh`NDG;?TmXkX+?8Fa}IDW76mMpy6vs_ zwE-R-(&lQD+KMjetgn>r0DL5d17AhyX*m_u)LYFUwK(|nB*6cNKkgH`@!64w;rkGe zeYna1DF+ z6q+ZjL>S>QTll@2;(ZUzp|cGW1VF31VZzk<&UOgu?o;|f1|nfo(zbh#)IRj6lz;a>CG(DtOUk-6FwuqW^f~zah(GxQ z5YK#AIMvey?L%8L;8rg^t?)O9>6X%C?b1|QgD94*npfz|hPLi3G~K_7&rluE3LHP& zBPq?Py^I7K5GRucB_k?iN=l0EbFppkd;d=RXu-U!F3FDVhTlYsTrxQh$xsnGwytJC zTH)J=zsF_{cKYMn)`DvvJ>qo=>kcD?I&N9wJKcJZq(QvTM7)D!n0Vi&f8RcbI%bZG zm}r;_4^?S|*CLjYs6=#_CJ&qo3HfkA2p>{MMJ2Qmzf;aT?fPpZ?;BsS!kYR4csf(Z z1BqpS@iU5y>K^|K9I_K7?Z)dRarP|9{_LGn1rsRO(#4WEZ;l^5p8YC7FZ$tWE(xw# zfMmN7hrhF`O5Eq4hpzw$VqnJ9yzxy*x$bId-Lh5M;9!nM5{odnG<}MJ#v-n`NTMl8 zU>B-xrUaPXSz8!4O6Q*4($mn08dxTJL&L`SARAna_+k(Xx5V88-XbLPJ)H=v*HS0l zjWrN?v`Aw|yquB>X)i06PC8GU?_j_Ve89xIgVZ|&%d@B|M8)wIJ`*A_BD7T46!YhT zIe?Lru$moln)_k9RTH5(nGmZ{E;PzoTdgobwn2#2J@;n-*dMRk`!QqKubDplscYuv zTlW-VjMGOVsXG}=P>eE2ytgEn=MjmUb{u!Cm)#{z8vd1> z^l-qKc0($zA2a4f(;0j~V`+xtaxUEvVAVhMH)#5QfUxU}C1veusYPVPTA0^rAQU%z z7*Xi&$jFN%ILVh@0(yL{B*LdL>Ea6!eQ}ml{rAtM>c0Pm#nk*ERIWv4SZ7u z?{aJQ``4t{A20+1(N$jo8eJ{zJ?(PZRV&TNQPc@dbSMOV?GTC_+1DgJ6>imDn>mo~ zxbZC0)6*q0GgJ2sEiyF0j(WKWLn|8j(b{b;8 z#`C5h)7G~x>)WsKn1yoKN<>4XRz0c1qOFGBX24>_+@DoDu)mCs2o^;1Gnu>>f%Pza z?TBS0sKyExPz>0JaN2h5kq#`>;wMiAL-1KeNalJV+ssdXRN^KUNX;*QE3QQgCBAry zs#~jm`ha*29fo7}jEF#3y3jQUhTk0NBR;-%L9N+MMuOiuKX5V=H0>GJ zg*Q9E3ZINb2g2kvBe`5%IgofGa!15UNw-@%s%uqsdnQ)p-GO55xI^0b_O=@n=n)=Kv0?~<7GG|Bzim!%29 zy}Bo!Qo56R!!;2>n|)yt>~ViQIS78Ic`fLXKr0bVjZXf2*#-L0SODoagjx{qj=1!I z@VphBAUj+7Ya2Mf*jB6&8sjCQqFa`x)yu+EM2N)tz!Z`tyLA<57(Z1ObB%|*JH5sW zIKgW)GqUvL^uMsIBiJ?yxvjJdSV(ZstUo!9)?!CiH@&Vn)-`JkUgNQurCG`FSo?+T zR5!*bDQf^sV^x@ia5Lg^L#UNV<^p5VAtb;;VS6HcH@wpeu(f~HBbJe%XMVUtjP+oF zK|co~sWdoZ#ZAcT4^_ThSm5eH#k{3_Bh0hLlhcn93+8Anyxa(nYMD9xR&wEJt$7z_ zOjC!j9uF4WSeT9d;`Na*_p4t+w{$f%OWmKJkj#&LL=kq&n{P>1Rkg%Il}wFG(z;8f z39zK|wX}JJj080igbz)ldiQw@twu~i0lqkxN)aGB7J-VvctTI|!uTkDA#UC@-!+&u z#kDtsp><2m^i{G2V2Mq~V#Q#k5P;-)Af5OwgYM8FLEitz6DL~f z5V2eRSao>}O)ZePH*q1_vTxQUV)x(x8{OxY(reC#cJ&@_0zM8wzm9fB$-q3~@m`hH zbb@g}yzQheiFYBibaT6O$9764wPx%n0!kL5lh8?!&t$xpE9b#S;w%@^g>EcXTfjgt znjdjEedc0dZjl6rAvP^d+72F8{6&FO)5bTX=GPBm!TM>~;Ln9$S*m5?86of2SqAsu z!{Zz7g4uBSz267TsnXmdaR@)`q6u*VP5RLw&7@-9Ix$^^u#Ecof{{cPg-NHhUpX(#B!**Lmjj)EON`n zqljP$V#j)Uh&1)uVK8CnXT_vA*;k3RCWM7)@Q=89cC!3wM~g%^Ma$e2WZ5nkIl8wJ zPTue<3<9`J8rx1H8paX{E7t*U|LtQ9NM(-9$>A)t_1?ZiVyQl(*^a$nQAbThC(L-d zAT_62l|QS1lwPON!x8 z(1XS9iNqALR$4;2bcE#*aw`l__;`T8U6^0$ghI(L&OzL8OG+~n=1WIvX@A-+sqSbg z%7P@Rq)lUW&&o%}&$b>pRfjNoP~FZiOpqO=9UAT~Cpk(|5M^jz1w7(V<`>3GC2;y_ z#O{tqqPRJ^@v^JDLpp&7XM-Sc3cGPkcbjS1F>B|xh##CpNlJU+*kU9MEiznrq*A<_gd&N7$h(HX!Q4O=#j-$sF=OtZyf#P}1 z4}|ZTPQJ;PtxliYv&n#3WAY7+88(OJ6= zj7Ij~e@>Ii4%**1x?q?HG7_N&6#eMtSTQa-@UEi+m-8-Z2 z1T`c-K~zJ{dqH2q0LwOnRcH9u6lgWVMH?cPk!bcn3eE*)xC)5{K9Wu>a#P_OL9--N zNJKm!2qjetbWeiE2eklpI+a9)i@2gE6^c#v)YDVRtapHdeqC z$UF?+WcI^4U8u`_mO1dVKvg~Fsl`Q> z)`3?^57;+`&@q=5_l?0bd|xakO=NmL9KBJW?btW#vas!(NqnoVYn<=o>?A~zvX~pK z6ajzsm$%3)NS{pPs|c8K@Kf}@8^L!FWJ|nH)I>D=?FFg*{X@zKxR)$~qwZeV=RXbm zdvMx1H@tUP$i^2JA;RBMWi%3IP6u8rmLx<5s{iv}q~sg_BB?iAE7^B_(h@WUIi+*C z8EJ9*u@f2{F&5@ydH?zkl62nkfV2l{833p2g8%rARQ}HcQuZ(RO5uO~KtsXie*MdG z;^Uu2K$KF6&Cc>Z+wl!?G7zLimaiBbe_J7(7_bnNGAITFq}W%MIPN%hT=Px1NO+*?u6y#YASh45dA3n1APp(J|A(rv7^~7L zF4(x(qDDd&`@XLt7W;7%Cn;R0E~bwOS9x?cR2$Zfo0M?I6&Fh^G&2p4{8_`pMuVB4 zN?HpEwXW~1#iMFJxZ)%(Lx?s#)>-%t9=XSSpNP2W;Hyz6>Txgd1w8XMtp`8`Ito93 zK38-|e55-wuFI4}-%Cv5neHf(~(6gCuK3P?bDu-G$;d@>FhAG%GW6?G%eL@Ojx zl&~uUfmy}EY$svr6lENu5WT1k8jAAo{D-QxsevHkV`w=#b~V2Cy0pCcwrW3U?qg?K zMgf!o4WWxsu4k>)z9JX9yn^cDE`-w4dR)BX*9oH9)7GZuPE_xc_{JgZts8z59we#j zAl&ehD=NYRWm`0}`rtVHsYar2+<+!MhAS&m3dGIuZVYFa33CWH!WzXQhIKbo%GUc0 zIARe@lP7M$Px*xu$V6ONlp&WwbMV-XQrQoip>X>ZjbTs+G_?+x;Z-z7mPTTBev&)QuBw0rRKqhr19lfCFd(&MAW{SlJ%*NYf{si-#jQTMD0t4dCidKIHq4`+Xn$? z_nTgLMd6-${ndbV$)E)qnp&8lQUsHk1j9;F(9F5_YUfkR~M{OdOF<+unUr^;Bk#nS(=^Ia2gYRV>xd|L zsTnzm3<7Y2;$tEZ{>V@;YDpdZKbX*`b=!LuQvioV!c$>{Xb*HyY3yecC?LO`G>0l*f_g!c^3j++BIf!{kkEw+_YXTM;2K= zR>Hi~wR92e@N>@WXV}S|yA|knM_QbOKql^GOZx!9=LO+a^J^PbgVYW`7KU;seOEdS znoTF{gy~Z?npVnXmq`4yX%KAfM;7e;5De~-(trN8xE3!^rmy-}zf)gG`nHVsLVCog zb<~olB_+xO@I{&pX8>v{NS8aI1*)yBm4gQ|orn$;Sig!v^{nJWC4++2yv&Q#{A3CA4_q zh=IVcSdt`b1{{056~e(F??i;Yy(H5km&~0ms~1i|rebKsaMNvoQ)NZD?A;wLyLYw9 z&iWX6a|l2XOsxoo^tXMLQk3bE$9I;)2^n#;*`FVU{tS#T!O*Sa5ah!`fK2j5)6<5n zH?}HR-{#nwQ|M>I_c#;TX-Bo-duWE%m;xVa4f4ME4=`m~*iU#g;C#GMU(U(?5P+6}k(P)b<3NY$i`ZLm zjya3!9(z(v$rzSAB^PFjz-J5vOMFWPj>lvg%D?-6BpP`MXpKNRoqo$rnh&WSxu2+! z=&Gx;B5r-*(-H&P-%I#<2OK{;gbfQBhc0NvpW53h3+MEO`erOe&A9`3)1NO!gM$pc z%B9cS=Hs<;)vRnJB~6nVS;I4AoCXCt?O+zy@2img6;@=W@dIi9?u2k)lv3|w@vo7s z7TX2e*4E9CyQ7Sahn!157Z(;%jUQTxVRt=Djw-7VQ~FZ%edxk5e=Tos)hHd5q%&(Z z6W0*Y#1&1JXlN}4LMqG)LH`Oaipf+oJolm^HZmlXh|mWE7!VH_QmdRSbr91Kb6mlU z<$_hE(H3yEuRaU5DaRt(1?_~%L=nN`KMIgGU_ea+wK>rUUD^TWfp0gtY$gk$c@vh? zB8V&yJ7bzeBidEx;UhYhw-bemov9ehUgpmtRHN4OpeCaUX{CR-;V7g>h{$mcauR%R zU)^6P#TVue2Hr7uo(pWtX9eHUI4>Vu;S-8GocBvS4%60(AN&}j^r)X#5`sqrWaa|A zP6i}#-dxE+1Ry$ElNRLt!`)ceX2C>il?t2Ep}iLP-#KMy2#|h~o^+goMSww2#8dom zy{o2p(C55=y+`5BXQgIOq`Sb2S_gEPTPB?&qfr0M^HTSx$J8<2y?CK&)LY-%1)2p7 zAKEv=)R_?pqhXdd{=YDS2J{`EYHTNwHpg7ESa+{m?plXKJ}`ou3_(?Mhdg(nQd%iw z9HeNM7{djv`*m~jWI{@UJn~-YAhpN;X+DFO;3M(z3xcCXjBcu-&i!~!!9p`)8421i zry^`*s0xuhV@h)Y%&g2!uWmp%IYh@H*9~UWxE6{MAL4%P93m45SApu7C(Mcp+@y%#5*z-P8kFOq&;8;)Yoq7 zyPD@I8VS2PpqXe#Fq626-cajkuD*^4&+a*NM70m?Cr)a>6ZM$@ory0lQnMyE5(UOh zo+MeH_&e!=;ExOge|%;xT$}jwpQvVoj33RPb#*<+^v2U^(s+{NLWCP1sPMYA4jAa_ zz~^dP+Yv6dNot3Ph)4A0hNSHM3nxe?#`ycE_DFqOVE$@ohELJ=JG9mqyr)15`(p{F zt<}={Yt0M$+(Bpl;%b_6a!n9SIatvu=`d@e!?iz5Uoc~YZY3Vf=p$%T*3d4KGNBC! zVTpy^D;?o9X&N3hvz0O*geDGxM1uB_(QqaXy5Pl$&B^WyBgeOLq;F=>lL@w=*W5*4 z>b^G{)=RqB*L)I(k4ZYEHc;pD*9~=X%_EOPaf1&T43sXGp~cXx7Y0;eS_@=uag84u z2u2j`r+9*25!#%I9D==%vDwZ-&QN7eOO^!qHTV{Vk?+Z2jtMgegN6*3Ovmg@B<=a~ zsv>#mP_=A0QX_3Jjp}>CLl45oMGc5?2;P~*@NC<$OL0&_@f7uW=+#04 zKhX)Bi`#BUwL7qICEaMJ#+A4WB_3us)Y8Udv5KsRkZ>dC$#vJLDN`eI2=Tldf)@t* zXvd;gU{b3e&)B&Au`>(6$8+?URR7N}HQa7AtOFQ6m!?WIIV(l9B|1$riXxK&Qp-(e zcjkeL&B~C(#f#LmSdkI%3r(MzV6I#T1|b?*uW5;p2;aW6n{NdCaoea91DdZ6+hicT z&vWbmB>XcW4xf}hu=-o+cR-kZ`1x`jkdhE9cVAL0r44QJ!`F@=PY@jDNfi7nq(S@O zL;Kurn3sDKl(OH6>7#2SJpcee07*naR0+aFmYMJu2&6E)?TdSBk<>0$RurYGzhNNl zOrXlCZas%F)UbXXwROgc)%JtHmXaa-Y+q7hDQeTI5BVi}1f zBwk|Frcf42i=v=bjxU-L%5MAm;#bLE1Q+Xr#?ll>l?2f&>`5|JGl7g{9{50zxH6<+ zTz0l*4((3C(T|#H3rTtK5c#)VVUkho}ro07xYwL5*9jW@hC9 zuxFqWpuYPb8ff&R_?NZQIpvjw2ElU!iq#GG%T7!Zi=Tq}lJ6 zu&;0R9|rceXKSAc00=?%zKe!XI-RX)g?wB-y9rE5i|08Sg}98GWNMEYzE!oz-hr9@ zxb_bZgVES6?I%xK!Vd=CKwUB$Y7PrJ)q{HRFxh0ZKPEe?`RyN6V$L8G&B%D21zbtT z>=p#5NJEr6`sw-q!HfnJ&i)w0DRmG?HNNnYB(H*h;)icT$kqwUJP@YT7&UKtQy2b> zpygh=SaRQglZI61^I$|lnkgA3p{KJ0rpL%|j6|voA=~uwYwD{QKW(ZqiybFVTQ`mO zto`IEQQt@~D3RdH7>cLG1#Az9_SO?^^1ciE_t-1Y3d1+Jv@lhsf*$?;ozu`nbPh-d z`_HET5y@slYbR)kM=qOkdpyTPpJu_Y+G;W=xJF#WcBB`q$1U5_#FUQB_^*Z6JkToqWqYL*W+cdztVDSk z=1RWd{k ztjh4gKwnO=K>**g`@CgfBwki6H*<3s&5-BNVGUrypeLzUUx8>#3*ijE$ns+`t2tX& z+=VxqnjVwsNLqc7Mt>snz~{suAhB@H)+kzF1d|a!giIh43Z6@a?&~I+b(MDw+xK7z}tU*c< zR@DV2VfmC)$xn@!8Z6kiooJBS=1#Ojh+EKs)o^r9M9wn)NQ?GB+d+*7*C#V_-O31* z!$Rh0RjbsaJ?T^tXx?(rK_l$u-0Q*2aNSD58mZJt2;B}=w8%`*%%K81}H>XJW;{p70nuzY8J9RurY^;$d_s$`}K{S(=U_7QETy=4q;gJ%HcROmO|r z52PDv{&uMN%MdD2zhHc|yU&3o3 zAw{^P3Pj$gp-R5@%9-*X2ooDj&IvwZhM6k@vgCb`S$OAoqcpZbq6>svQs+@1RMo*L=<|~oPmn1< zj(^=zB}ag~Pu6&pfw*pAwo0IkDHNqcbAY4^Fc!z*{Fwcj#9+8W*!O#9hifnfu2(}{ zPNF#8OB+lLp50ZW#NUoq!g1d;S?WUAS4Ib-nJXpV_CjVM6?uYa{vus4!60|5k`}x` z_|IGuWInj4rK2v97o+%9{O~?$SpO`oba#xK!XE*=;mYh zz2+Q;6#@o{kgF#%VYyrr$$B3ME^rY?CW0?N7r*@;m0=e6ML~6Hu_Nfq%-USntyc10 zLCpY>iRm(uwuIN3Y3>0T3Bo?m!iBX9$TQAY17z?(@m-^xMo4NY&ul0j6*h% z9g#5!fcN#0I<$Lkca6*d5?s72M-GA!V4c4^KVLNxe6eW$MC}LdSQ#eIFcRD@gH0=$ z-UcB0*ALdoG%z`oEDcwPa4(vU?8y;SC=H{ke7qN81f|B|x>4dUgah{=JU2~cnqGfH zO_gZkRQK2ul3Z1V5Z>wP*xQA8`Yl_xA?e&n@xa-)8+mZ3S)k25Bl^)KiY865F!9vz zuX%a!hd56%{_aE4Syl#o)-4GLFG?nZK6;u2Rhf}+-CSh%OJ*V}#)UAs9|RKy(?c(E zqP7T$57e1G=sN_XaITmw4F@CAAclV>x!rcMMJ|{}x}#s7Hsy8m8?G<=^@7wy`OuPr zVNGW_QX(|WTpiqZ<6QaH^9SVs5~>DT=r_hf?eZcp1lKRhRt+`j6q6b^LyMl98mDGY zq%}uCM?Q+^NQD`RDsXxow23g_dWOGUr<&DQ;%W%GNQ~uB8pQ9_ZKqSv-hXjl@LQnZ-eMo~mU!v+ahavC5lK zn*G&4#Z0@_o0sJF+Lr$NGsmRG)1|K#B}a;k@t)C%jeXNT)x34wQeFMTyOk<6x?xd{ zUtyy;_PZyVlBnI@G~B4pEm(Q1(sMfXw(Z+*X*BpC%?ljL8yhcu;RWDxaZ30h0GSTVU40hB7&cfs zOwII(x>jf%NZ5xj2P&JCZqZjF&_Zp>^^3Ap1MxgeT2I1fg3A$_(UMoEfQcqdT=+9Y zDg|NqujaGyXq$$ppuQ_iYD1}Mr_ThjBO1=VzObF*^KNsPKg zBpqbw0MTG!#>YSlKRgcz6z9XjMPoc1z+wlmxix*WE`J>ngcq!5utXGa`9EL6>W=Wt~@C&6G&5ayQCU?j~t@VWB2KEJ0{?phTd5299R80!A~q%cBL z&fQ;vtvs?#V^B)NbH4OBX?Xr6m>@l(67iHPE|ZLpen=gqEkVke_rt`d3>(@CN9wjc z`w{l_X_zAIPDUcqkKxR&oHGstMil}?#mNc16uaNpq{T{) z`9bmWF1Rrv8V(Oqi z5?p|nl$6NNfBtjXv15lW*q1C>B6r<&m*hdc9B65Ws(bzV^}_8 z`Z*_lJBFF?b-?CzH5vBeqBFj;UM7JxsmQb#lwQ+%Vc87?^KK2X6Xdj9*gMt~RZ7Sflo1 z(ZnRxk_>hiJRc7s1#LzhIWCz5V4sV$V&Ycb^MK+G|`fd4XIbvhzB<-QVC>Lk(jZFURj7h3aUto*8u&vz0iTB5 zB~8$9=Rg=yBfosTL`ldJqshkYbMZOd_M5GiEu zUL+Eu`W!!w$FX^xj77{ak!J<~%ZN@fyJs8-oeMU#y%T>!Kgn9!HH+wYI{_`-CRLJl`NP`$OZq>3<=LxBlU! zMzcWL4n2wz4|HedgGVW8kn*G=6E}w;@|^+X$Ho8llT^#Pu)5a31zbBJikbd`?b4@R7lIscePrk-jjrcUaLMdEd}rW+ zG^s7xEGTf}++6GA$hKtgCC^iJpo8yj4(v5lK7$?9GD&v)Kj>1jMg zWk#Bj-?c}t+X3w52 zS6_X#Ezntv-+Jq<^1uTR7?W_?X{X7B7hWj0+;WRN{q)neSf4jcc0{|E$nf}9VeGwda3;R&wrLjAAQv7pK-<+a@l2< z8I$6Gk15lP88d|Xj=}imH@|623LnDHe)cmtsGAyzlo4WZh+L{0(_oG`56=Gd$Lu$ldO_KNL%MYv( zeo@*q^$&>KLtw;8@90qJZ5JCV^=~gq3-NEO*-xjo+19RF1^q|L2Ene>uy%R`v2#S5 z`o@(L`r6a=`&DbEnQbWxdj7H4-?X<;E?i!2pDa%5I{j(qa0=~lO*AWJ@a z#x(VRAU=19Db<|wmz8^M>s;rI&y~-dJ;ScMAyk^m)mP(77tFHr@IMF|Vx`vhPPymB z12T8~G=n*1nUnj)sykYFFkQfBtS1N~+Ae(@NlCWgS6_y_rAzF`MrATN^dJu4g7b_;wGi(b`yV>n3nB$>C^Q8+B$$ zm#&fAJu^xV%_m2TPb;R5(gLLiEjrQN)eW+CTeS(M@ZmdsVYxa;>sY(Iwy6rkq1H^A z^h#+DohNfc zkj&4`J6e7AtnmB>y*WfHH=O(7(;7}&BU+a*j`=yoW&>xeU0CmE6yE&iH_I2k@CCX2 z^2=r7#EE8-gqhH$O`GKV-~YaR=}TWSM&mP|`HU=Bu)s{9koL1k|Lb4>D!={hZ-s?E zngg^JJ9g|ajR6b&Z-4vSW;TTefj*j>o8_lJ{i$gf$p6SkJ|femO_MXvJhOLXXcRDS zqP=7%%s7(W3p>rSYb{Y&-20U5K7;lH2pmoj03Y&0E^*{k4V^vM$-_h_vhHbB zs}E%yq^n(8+OuWm&&^5X9x)-`!yscNT&c^%)@i`&81&>#f2&blL< z9{F*>Uif(Y*Dw;z^)*sc zoh@y7s&!Y|%G?lQGe71UtzG)rcA(Wl(Gog6UWBOdaSil3Z5atv_^}=;dHlZfo$nX} zfJ7fH0uulE^XE&ghV8rm{`>7=Q0_H#dgB4DTD8iUi{pge%8nmDUY0CbV$RTi`qQ7}Z-4un<>5zx*%1$!KKu!DrIjmJnq~uy2ZpznR|krQTV zRG3({dxuO@v7kyfy4#wir|F<>qNP$FWhk0Da%EQuaqxHcIgUAG?2vb)>+n2Ze;pbX zY0tJ6c`>`T*Vlk=hxeQJo*xTtKk{~Sa|q8})AhoVZke%IB}aNuoU0~$HR>F#{Zp25 zuB^LeDB zv#NBDsRJs7S5bX9jp5qgk^efptZy{Cb-#zTvd``?Zs-n+YfR2DF=ss%iyk@p;+nM3 z^?Fg)kRf&MrXFeAPmg?A13qj(5P|# zdAT;ik1!%`PT_fpx=ve0Vyc=ypstCQFl}NnzGlrDfhoYDd4k6BW&vMWS!s)&qmDYt z9tJNP3wRz7FCPyOCSlgBS@QFr|6DM0nlopPE#&EsmlO>I3w&M(Oq%eaAf0&PiM>7( z)OU$CS%{o|`srpy1;c{o0|o@MC|-yb-9eQ$X&bGEdyzQ8f#NKVW@YNssrDlA!6YL2 zUuxH9BHB$>8;p0L<8*TyX!&G~c_8ij$M{N(ng_+GJtskW~WIUB6%B*&k3p zmR4zO$(HR|)f(GgH+(}c8!>^sWAvu*?#u5H7>U;k4$2E{d(8=raq~^&=YzP54SDA& zQ<0^dkVT^j^+^wYIuW|<-L)<P{xYLM2p4B3~XYaF$(u#FodwdqG-9xCoD<v%JR+8rP;;%H7pD(l}`PyC<6er1UtU(^-}xs^-2c%Ddv1n}q1oh$$T@Bc1mpMAD5 z48Q;V@8#l)FSdpJFMjb0S+{PTF$`!bFhOE*;1Y|5cfRwTa>W%_m~R3vB_9@P;lhPh z_J=?Gp&>pr6_`NbWAU$l{mc5j?Y7(Gth3H?&GkFd&XGqRX<82IaemG@=a?xK1@FA` zPC5DHlY9Gv0f9kz@WBV=q?1mPn{K*EKJbAL^c!!#4hC@n;>JJ2Aw^&i5BWN0bINi~ zc?X+8bRD;->&K0Uv2qVY!Fc(>{JFkeKIJLHHH;ZYq~-qS8@KaOD!^R$?Q7HpyJD_r zaf1$d?ZG&zkw6O6)2w!=4F}Y*Ggq}&YWG>I+6iSc6kw5O#qC2H^c8jaq3Ye88M42w zSzc1?VWC(RlLFiP{5C0R>XMSiZmB5DSI6rt-Ox^h6DX3!2OFp7#&$1^YrZZ~3pKA*+rTyz6keuMuLjKn zLFa0pz><6t?X-l-(te(fp;5!^0v6gKv^nE}FlaUo?Fk61&i6<;D%JSvQO&Bu?D7U(&u`4)30J)WTP) zbo@10^6_J4>87T+@{CILJ9JoQ&drvc4Qdi~pi_zz_a8eeU!Ksto0^qAt(cZ0r5ZB! zp)E}+MCy^_XXa?RE~#$rmPtwvPMuRAH?C90MbnZ=*;1(HMr(I9n}hZnjwqDdUv9Nf zua)KFWU=Poy{W};@~N}O$u?DSurEhhUWTlgnk^4+M;NW`OwLxP?`$1|*Uss>A?*WO zn{~eprD?f3reiZigG?E1I(cfY{A+KgRPP~>$bR|!dFnu(6Ube({SIF$pGtu&|grk-q-*uN!j! zli@TI+=l@nq7oVn%o$(|KqSkSEi*p_kRJWK@r`e^`Z!B-kA*+cm@rXt2~7t+8)zx0 zL&CwEg)v%&x4!kQ7P)D!?siH!`b4tA0+{^Ie)hA*q=3Xe{pn8&&fKmY*T+zfM76@V zg9SGUO~~rit8K3I9iBj@H{X1-^$k<=o8SD#OtKhbA`|9Yn27;zG&b}La|ZH$)0^HT zcinZD`Ix{^p)n$1sst`>L6Dx~^%}CpnV<^}0ph4W%Xe)l1TAZb3SL`_5ZBa3%=4%d>S;BlQK*>se*vq^6~B&xeH?Hg|h%he>QI@(ID0 zY3(rGS*3d3)MJbVjKgGgPIi4V9yTJaRfj<6CPZM?5nd#aV*Lz?l@r>h3=)oe8~1n0 z$~+yng`gbhpL{4D(oUV5ZcH$g|-(nH8jTrtH3m1 zsQ44X1c5xt%gYVd4;Cok@T#gR!%KWK&gVr4_J@A2s z!b|`oCqRNJ;0JB=aHTT-dQBN<=U2Y+6{C&2cI`5{3B7e?9o#5Oq8^EM+|iwr=h~+} z!YRh^_~Vb849qzgN)>#_-VcZCR&RM9YoT2doJ3suq zd1)s>rm}T-pPw~Uosv1CiNAj-B{_B zs#Xhai(oJCkqCnnFM;CosEHRGX#tuBJ_wM%|3k*C2~7Zr`y{0P{)85S#ivUkIhQzJ zv0{b3RDB;7=2Ms~ImF@0a>O)g_3G9BTSh=&8eDqA8{S~Z$UjcE@I|{)Sy^dC-FRKS z;T%EYXk>8ahM>U+efi5@HmwSM(ie+*<^8Di?ciq>M)0xs1Z&VCwYemhXc1{)MfrIt(n&sdepsR?r86a_sY8BeMj2RUtLSP z5;a|sXKUEFP;MN2)7M6vGe$|9uHAmc$<*IbmE|&LYKhF%XY5aktD~kFVZ5l~*xocX zEN_-?E11gOQr^iFU!W-N_}i)UiuC>s@3S{UPo_`uUx_RTUH<0ry|$b7(DoVa-)17O z>XZqZ3}rO3+8^$T>}S;5(y0w}cHkgz0eIs9jnc=rgRtZq-}r{%Z}1Og96lnSbN6%K zoWmL12Zzz#$3FHki@?V{+Mo>eN&Yrn8xC&Zu4}Hj#&9Y3Xb*Y>ZgQG$*Pg3O#6hA6 zLL*#%)Q!e?ke4nA0TFl`;T}vLzJ&O6{`qp?zyT8?L3}aPLLmlm*#qNKB?w}hh{HwnyW;` z>|o9#)pv-0FzxuuMjEHfkJO*b8_p4gyheRVK+vmo5suUjY0!WE=YPt!ZQFzeI>Z>p z3C0JcOM(C*`5_E0$d@QmEc_`CVyEuici(MlYuZ2e+;a_S^0 zBCHUgYu8_Yy}=Gz!+ukY1ECaA6A>_;aKZ`JF7FS|9*Y3>pMnlzh6TNX(IH?8?+fk0 zD8Ll)zR@RR;vJz~uF--)7n4QDlkxm9uf@dFPaAmGc=vct#p)ARSg2ZXqGR|A4Ph`W z_{ZtD#hcu2%>57=IgF|RZUs}^#2yq_1GvajaVrd=Kp%D+Lgmq{vPZWlFSAXll*>#{ z96Fldi`qAY6RpaB|M!2}&e~`vFx_Gg4G1vmbr$j*LD-lRVM+vHzT}cii~xefDUZ|+ z<^nS#d_g!80Sn>)F<`U3U;gr!7M2&}3t}d0u0ymSaoWfC1fq|m2h9fkQwHJ!vjWkE zKwuO5$}6uJ0fKR1PY`wvhq&Y9e#I46qzA!O3<0v{pG$t^jYPGOINYr+cW6h}9;mJ> z)E=}!H#2Kd<58ujL5c%`^K=ngfD=WErApn^+I%EZY+Q*RPKTPxJ+ZA`j+w1yK7F4^ z#BTU*z*Q{v5F}JqR@#El;SjW%-}=_K?0aK@h~ytLPr`A7-_QbpQ@~d+@;~{>PfSXF z!wokW7%EXt5p6P@px zYp$`r86&=OEJCRR(}J`foXXgk6F8A;a6&pJo)2@uw96%@&Efh1)d?k$2QBS_I9fQb{E=fyKu z+FjRXo9>nBzDn`RM(-_lPTDdOY-E+}kXErlH+FMDARr4C{UAiN4j@79BPnx;o@E#G@>5SeWyqa=Nh}7?U_ewr^e{K5vtf{6MqJxgIEDT&H!$*%(=;Lj z!sSq6zD^2+I=!^HP4YTD+hD`sDw*i%%Cv||9g6)swS1g4mPvmuS~5|-ux6h8`T4!_ zlSj9k-KFa@I7WuRGdmjP^aZJBtG;nhlPp&6@FJ!A@t%F;nWe{Fz7TdSA4uZ6LE6m% zAO9&N#w-%AP@w`6Vgw+V#$0g01*Ww?TK$%{yu}vu;3jYkQff>-(QtxqkTSEVL_@%y zK={Ia=tCcpC!c)Ma2*;~{I+Nl6C6x-U_cxr!MLeUNO8iEgJ%(xAi1VJr0SSrVsb;@ zuY29=Yyrys8*jYP#)dBdI1B~{0ZzIy62Jlzq8DF$(WLy~f296s8F)^>2e@+|8iE#r z#W=7;K*VB}=LjqujwFwB63hqr;7(w~eTVyjCqK05&g6))Xpx{FFpE4JgktmqZl)c6 zu6^hkZSbDJu+j$_BJOkKU199B>*%HpEKUAEj#f5!qM`zsT%@L8>Tfo_ zyhI(dJ=4Ih_7-VTr{aSeY3N{PqtxjAjyOnZdRdDh><*0 zyC6gmEC>^3!Jj~s?1us2MOyTOAN;@w0LTUj4+x)g7zY>;htRnXkwkh#KkVD#kUZ^E z2TcN61+)!F`4|@_1eAlQK!72x5Chr*$&=XBk1?|-fI!2zAZ>)XVI2N`tU^lt@pgyy zzut@&;sudJ8aHP`j$E~LmTs7%!3K2f-QC`GxEx=J|Nznj+*Dy0e!VgXX2ZEb0Z$VH(U9_ky1QC*efA|)`nV3+rkjH%K z^{;=uErMZ2kW|wqCP{p|EH?d#g(bKN;R^U~_3G7z?_e-seB8p6aWHL_g*6Exuc|{|QPaF6i!OtK5@CW(PkA7rADjc!VF5|1f5B%+C794ZnaHKl|Czt@D zHKN%-;N*Pypjr4-Ko_8AXm)7FwZ%Jt01TQ0zNJ3TfODQHbcB9jKq@OMEv!5YCFW^7 z6W%F5!{OScPP!z<3Oc#trDi$3&pp(J&wPMyuF|8*!XCL`dcOSIg-1$xf#-9Cc8~Y= zg%>*H`AyyOCyjUq>mLg{J-e%3ZrixuqH#_t%29zx{N<^mkxlJg8Vm#9%XES6@W%GGZvW% zi9@9#N$#PZ#l#3zEl9+lki6iFKvXRJ5jcl%g6v@&AiPNCAQ&JYmq5yB7;yB)_W}YD zo)`m2pZ?K!pmrw8770X$su}4W+6<7lOArW50w4xxOqd_-L!iUQ@9Lz&kvZvq*|5)x zJfwU=Zz2!)@hjITLaP@|mdc3*#!z=@NC}AFmXa2EzH_f^>Zq2Nlv9Yc#AwqPsdsHU zAQvu~q|uDpWaSLqCt(1H7?eb@CwCmwNJj%O((IkV*f_~ih6|IhR7-Qzw28&{zGEcZIQ#NL;{K^meaaTm+((N`duW02 zzaXDF^v7OE;4sW*Sg*p1!n5K&^o2P?cYq0t zdEm=6Wx$U-V>GugCeQ#J+3}Nr832Y?s74BH5A`sSg~k9++JX+k81mfFhI39`7zk(y z%pNAW)a7~M!vU?i?6S*@(PS>rJj}Hi6XT&>#>8_>w-gQ4xw&w}H;V{)JP(q4U%56D z-2qIyRcY9MWd`1~VyZ^w)4(li!Wb(7N`zoD%kpL2o(8$mmlgNu+5sNJg+tuVLInW#NpsaVDh}MA(@@zH zi&S%@f~I&($3XiIFPFBA1n=14pvDh>V2QrQw*dkhEwL!ah84tO(gpocAZ9Khv2h8a z>`yqPfv`z#0gtAD9|`+Y?3O{)NS{EsE`hXRF8m2ICVnJ;C|(f0ON2*siA4d-2$DzI zc1X|Vr`pjWZ{+>wFXE$*ooqhw3dL^1a&fYLU~9F!pi-S^3FKOkohffPa*7;m>5yMO zu~YYB7`Qe9BEk2Hy(Y;aYLG6Bj~BZ;TJMM6N1e;2a~!EZQplT;Jhrt?&R^E&9D3;J zM(55Rb*d{?jfAH!O2CUTI@5^TE2N+IX&{O39-M)+n}t2h0t-o)0;i1tzu{YjKm=h2 zf(q_Ae8J)ni8DBiI^aRHsF-|$r^v&10>23GDGO5iMEHWa6FwMz+=j3Qyz1~NObTX~ z_yaHo{2o{U(=Tn(C;h=lpq+pz+P;0eEw-5l<(_j{d$bq+9HNcU)k*au^a!cMhP|zF zQG~(r+}v+dRhyg^?VB6~Dgvjssb->1eP9uaL`p37Cuo3>cdwcuTdSMpRyBvJZu0gZ zic~(*Jr@3dd#*~hSGRh;h&o10dykq`tU(-#&Acj7y-4=}(}Bhgd1OnST(V+2s1m&<;Km;lI5EzaW#W4_(Mv1Bz2WZsQ zsE(77Ky(n4bV?wIKR&17UuQE2o(=-FF|{ zrW?r(P89(%dueZz{P@0IYJP)%lQ&2-A(tFAL5`fx&hY~uIFWnqTwiT%owA^8#E>^5 zY-!gW)?-M^20n|#mNe6X!2mI_-H%vnXrUq41Dz^30Oo;TcydAv1Q{-|0AvB`5{px` z4E}@!-6gaX{QQab{B8R4XxraD_z9+j9|>)$+ho(#gBfv&bN{uw9~}Eb0NR7YHlbUC zGRcC#%iHW$w5@XZgeshtI4Q&ICNie%naGr&?Yym-90FQmTRo%=4NByk|gzHyyL(dzY+9y*=a%A2_&j$;JL;v>^bTJ+9KQs&pzb?^LD3GBvIoq@x z2*s$=saz4(0?wq!E##qH@ER~g;mMVuZk7rxA{6PZqVfu9(rAnHA1h5O&9x0)d7jBi zY0F3uGu?omEXV}yCLIDeP$OxBkj7#-l0J|W>VS_u*5_{dTBb&KeSS@McOI`1F8s(Q z8OVY*XQ|EV3A4-PYxiu?FtL#(MX|u>P#s9^@>LTp)SsnY5 z%Xhfnmo=lMd5uC$4T{{ju}aQ4y)qbW~pua~tu8w@sON>f&<27~ozwb~mqw*Be=eb2@kscG&s z^Q#MvP=6l9%QvsB5=?{l)U})D_^c)6GOHrb=n=H4wz)&@+E8Om%d6EIVm~KSHQyC# zk`y_x1T=2dY&9c~MXVIkjmB)C#nt70oU%iGFloz3ppu%X9AJ=A4+5z6U6c}-1duq_ z&cw*s3zNq$NPQ469$Q%~C(SE0755EK?KeaV zLT1kII$?@Dqqd*e$+Dol_oW(nad(s9$;DF&G$h`5lQ{kEUwc(jl%qR+cUt6%w;w;H zUtIL9`&;C;bsB+1$JU^XNTCvhcb}*mi>byl8iIxag7HYT#Nv91&K+VkmJ_hwqR%Zz z0R;RIfbQT|LNq354Z+1PDj?fQHKhspI?%!XbR(+O=!V zxe*6x7R)aB5t6%iSRWNMM^DZ6Y&RnS0@&rLn5Z!4P}y@YTz&A3&_usmz#nAhr2qXg zLl_mqFg!m4LkIm`TP&-1tnD ztXGEQ`h?4l81Pm6Mv%78{?rxZJq3 z2=GlRz=Fo(LjWlcOatK*iAF-Kb?j6zW5Q7lBo5*xfv7>)ZUG#Q$Q`1J-|N^Y;UQm< zhqkxNDMyG((Id~RSeb~5d=Pcyd_R7QT*AA{g46sImQI#qXU5(gm$Im@vlZF>=S7R< zeScY}>f8Q^G*(|=WK_Ut5Slga_dj2(l{NYuqZ%e55!$6voxeS|-y|rQP;FLK^8wv_ z?3DSX#tfi}epH>E{nOsOzu8pOM=F8_5kI2{ntL!3sE1do105QMnTpu4`Q=@6?-h&E z3MCAybPQ<6CzoV<4&hn`3)n~rVwbEPLL>Dz(0eSd^OZpHoW^oOD|O|`Q=`87V|nhu z++st3?;7WIm;(Gr&@^0g%{3N9i|AQIa3YL3w25%!XewNyEK#;#EJz5!@T)nTnF+99 zbBvwj9NmTvMWaQ7K}QIJ=8i8gfe0GwcnLq*b$c5$;$Rd)8KVJwtyV59mX$M$WtVEj zfBEok*|blEMCvnvb_4ALVN)5?k<*J!c){YoLh&pTe%`fQ#YKlCg$4J42lS4F7M1da zN{^s9&`={WVU;OUteOu}Zpfz0gRxc$OSI3};w9)SeI-*XF?i_58}$g~Kcx?p1xXP8 zb%X#uh;DfCLCS2(M5sJ=lO{y#DW{xbCQhiH2`LLRfz#r7=bdMWo-mC>GkM~PCrq-$ zhE4uxCxaM5+7<c89ws>Ez5*QZesELW10fOA7&TkXdEUC7o!R%Dg zinJ&Lf{naCK}@)Ze}(j9SlB>^z(JnbijX;ib0eW$oZ~!%j1!!P;A1_5XSoLlZ$j41&PR8gw-XQ6L^^YieN&}pbsbDNGiiB*4Tgn>*R$KBAXwRPvW>} zg6?k=VNLB7u)hQP0}g+9TaEnVB@O=?hUcR-z$l;%ZamS-^}7!(&>stW7zXIh>yDlv zx4lp;%XM8@p;`%O0cNq#tjE<138B=2$pvPT^sJgRAq>OBe!2QsxP&<}f+<3-E>MQ# zc{Ob!k{-cgWN&ZsF?}rN8E1iZ`iQGcBf{OAQ%r~s~@(KAjOR5 zEsAUx>3>W}IR?aa_$wW9u8VVJ2%bx6 z=jn6RNsa!DdC;Ss>jg)D0C)$tb!JI5D+$R4Sdkfs4E&+I2`qNz66VT^}G zgGJ5aH5j|o90r6A->T3Z1XOHZie~)DC!aL4CQO~6M=yD?+Cl&TKmbWZK~%i(g8V^u z%|=_n-V!hz&UXTHTtfD;#|R0{1yKd#g^3-@&_)20li3~fGXsb2sqczeW}q;Frgf?& znw_eXxxRx*Fzvbune@~`zoNOu!TSD}bw3z2bv;f6M)=PW78Yh;$yD7>Lkr_?cZ-_O zGGT;JFb@c`ILBn^9CgaZ{PyWr8%#rve*}yKyGuj=fGKq_+lAJ6$;+b+G_JIbR)cH) zMN633E(k@KidF`?NdOUJw3uuXQra>SIKafR=}rQyf+hz60bW|9K}dq`zWZ*|IG|y` zW))<;dGls#jZlj(zWAbPE3UilI=SSMON^;t6QX$B`yhssUPbj=e|&qhs$IPWvw!fw zm0ww2rc5bTGnVAw1%HfycBo_r^CBF>9@<=IJ|Jf- zDwBmO0m9C-L#0!gE0wFXhsa7Gh0q{TPgd;^4EERA^fz8r7;zrfQTZ z(^~2*CQw%$z5R&Ujma2_j2@Y!<15v6W4(I~ikLe?Qp|(_CunHE5P-N6?>z>69dKJg z!LbDazFSP2*!df+0~`CX5gjY|Knf<@Gs)q0J>tMu1ozn`Hgv4WRrn5xyE+Tf@zQn1D8+*`yFpng=4jdejTbV z-@!YVr^TPkkZFcItE+b6_VzzZf5*T5nMfIq57KvI#;M>?P~h{$te7b}0&d%E8?pg* zwd8REBH1z*S06IiLUU4iQ?q|i1)fo9jXcimRYej=gTwix?9Csc-@4#^ki zNKMLQl1Fb@Wy(2*#G;_BgUp6Xs&00HG=6@_;M+>a$dqzvEF?*<|K`o@YMh*$~x@lthKm{iXk*TSf9s*W6hv=^73S0)drIE<$9Lsrv z&aU-j*T(uTxX;Je)cfi@<(cnaX=KTPLzJG=O$&t~@x-V*gp{auWLp1}1gacX znf8wF@~VJ$1^HN8#ZpCvsd+kGGJiuMN8PF?~{F-JI6Hiy&(l=pU)A^`s_q{V(wf#&((EMJqhK4i_C9+lGJ zVdwj7*ykwlw}QX-+|Mk%5Bo%PW+Xh?h|MuaUT7I$`}N}^N+0+!9~?2Xe2ga%SZzh> z(PA1UJp!IO)hc=ELfuGSA0Gy6Na@i z3Y6%=N1(13pSy6zGtJ1G;@jOf=}9>hrYUQBH{na-#IZ4%mxWRR6Np2?e1q^5VXd@i z-m4B(o3<0md6~R?t{;h^S?up;OQzf|@hk|2`qWGm^0Z@fZhu2%M1Fi~1`_4Aa_1NK z49w_>&0|I%USnh7rhKwA&f+UOybg7}e3Vu&u&N@e0Q`kTdS>yPVIDP(a*UYXpOBXw z`*JV&R&ZQjL!1Mym>ILsv;gm+qc$A_UEeTdDJNxg=1Xv+8Ek)f+3J2nP7(fu5dqMk zOn|{;I>xb1K*U(Sj|6JJPM@=<$M9Jy40W+kpCm^7B;oDe zy3Vv2da=$kvFR^^eTj9qLkIvUCRB6Ob~!~_q(sx;(}b(z#jG1{+~}(r2?oI_T*M!3 zUJ;i^OoeK+bhjpdK4WI@+}m=+Sg^W7V>mi5g#wt~qMy1h%PpIuwf6Wz4CMuG@mPLS zN|xL*HoawNXB0kKkj?AQ$U2bt>5Ikj!So2>v(jyyKNj`^D+M?-_D1GVjdxKZvULWJ zBX!AfuC&=f(9*iZ<3U-f(Xo@_+v7*v)s}8)EQ?Vw-dWRR!YAPgN2+J1XBrkO7w+uR ze83Gl&N!^u*#>U>xZdn>&9f$yFjF%CTsjos6qJS*NqH#7mj5uH^=GPDZztkQAVAEg z4z1CA^Vw^ookS9;fr)y3>ANA7gE zz&Rm)E@gL{4acr>)Quv5LlPaF5DnAf>Nx6U63gOw53VT~87qpHJO+wd{Zz%~Acp~3 zj@@JVkk&{l?q2;&VG#@+72bi=^K{MWdt`ynV^5uBlpN!mrJIkD(&j!&RD8Phxn5iX z+A=>#21k2#dxZj@1^^leu+WYj;-!m=xX4aK4YC-;=G2=_UVX*{qKQ!^tnp>} zPnNbqUn1gM0$dq({8qcI&c3b^Xz#HfL%)8aj+bWtvZx+nk;KbyD_6tQ4j7&%14%^k zcA3JC|1Ky<)POiGs0rEgt<1#A)}dq~?R#oUij-*~%ct@&&iMA{?BUPvQJ%aw1EZQn zk}#;UcYC34lyhosjeWv?HbUa_De)`y-GdypxHI(Vx?zJU65huamd!?g4;lWHS$dkZ z-<$LOQvZq5mPf~DlWZKlOyDwXaUY8RK|(>;5C2;%@TJ!FI~*o7O?{}Cvt#N6;?9rD zUMXTQaQD>Y6d4K7BpcDaKNOoafsZ;?d>^rKiJnn$bQ)V{uU}X;l6#9E&oVeVHvmJ3 z*iXoT7!cUwVDgeAD%w6r_HxQHqbzSfaIx@o zZ*bz|kT$iCH$K@#)IqQ2twaI^byO#=i^G$9LbI9c1Wd12vHEh{|R->5glVH zpqh?3?||~69xj-ToSBDarh=rUrLF(qWjXui|7a3>ys9a-j^xKF=qkj>&GOLKU4Qok zzOh%JG`Wed>}o_PE9w2wiFh(JR}|0+M3G{K!4}N}lJgewG7`97Cu3@L0Lzn`yYd;= zZon6#QZc@b?G|v9Pco*SoW^n{_|xY3y0_JxNIi0^#KtqAe0Dwhb=(E5?C9SVpDQ(J zT$`>#a}V^EGLSJh@F~KIr~9xrqeqvz&lNpu(4Rqo#Kif;Tv$$bxIS#}_ZB~{^O6dwiYmMG z>eYgwS>t^dP!ssAGon-*O0rfPj87B9=iIgeRo+7JjJKM*s1gM}>~Tu14K6W2<;o7q zwquPAtTc*OIuk16h3#>|@+ptW&ylu%64=m=29^e6ji!-cIyyPhy;F+Uu<+c=%Z0zc zrTfx_nt807UG6tyeRmV{k)gKy@&CIm)@1R)f~94a^hQmvcH~LQXH3^N*zpQg;mkh0 z#=*C`^gNogIPcYjfGL6p=5gjN@|mm`Qb;C7{0ASQYU>ujn2$Iz-!Ye9MKeCFkpAJ< zH=JR!?B{tYwxPxxBUW5h=qdCjk6`u*I-q|0Rw>8)hqt`EMIjf=QdSI{k-We+s zYOiPdOXJb|uASw^h^XE}ceS1&DdpSW3M=t%j9W1n z54g?v{7oEjY@IjJ6|nf+YU+6vw^qTn6~($u7ZtE@%Z9~k)S-eoNQhsr3y)CTzAtXx zupwJ|Ga>+g0Qd*VHa2kod3dVli^L^E3m3$nX%b3p7_UbPXF0wN+}kD*x^ENN;G`DA zEaa$d?$V`&3%ssD1sfp!S%eR-v(!cW)_n(YQeByd(DZWVX5Ad+yY)@QZH*=;Ji%8v zpRPS;3JHX}|4M$5WCwsU1dF%Znga^)P2z^R)Ii&pT6b!3`Et~ehFzky=^ z{Tv*-MDTIz*dZ?cJ|{|_kDA7VtR}k{>r-NiYn{OF`A6=31iI)t37wowpA$i~8%Ad` zh_j{(BZ-dt%BuWpSohFr!@E{NhLKN0J{Qh-tVv^hv&Kgj>2ph-o3Ag)YAL4@ba3vqm%0F(lDcTbjSUnPS!5dVX)@Sg$*dA#-==0yOd&T<&cg3H%Pi0$!j(Q_2 zI|yuLyr#r6ksZzwb#b=Vvd!nV{ zN<(YojwT`p?9DZV?n$Z*48AX$E~3sK%SrQR@d{>)>iT8IKMzP0V7lw1T*gGL7)>f~ z28cGjm`sMT5a|7SH2nZvItP69ZYmh;feHyMMMkFknp*8)*U%D1CrRsNvL!J81?bol z17Ni~%jm1O!!~Mk78Joz5JnZt>bL)ggB*}oV2lM-4DCY!Ie##s`!zkKfPPiF1vL5_3)5F{16)p;Ub*CPsLC z8?tg+#;A9p;p;m&A&9njMJL!H(Q-Yn3Up6|PM^i@9l0O1X?A9Kb%6e#v$aSVkdGNN z2TvvO6mJ($gXrlTYO++ptkSt#vd>^*`w|3MbI{8 zW1}S!lI?13JkDV)+&>{l_3eu=vVAI6O_19JS0omdFmmlPFtR-o7B;*p?;Bk;2TB6a zV-lBAIkn1Ggq!iyu-j2)Tuq026{3^3d?OTI`*kNWOp_mxzi`#HV{)^J5^+xSeZn;8 zk6(H*?g;n*8R=#%TEA#T+#;by}MFj z(qOO3gG>YYQo;|ACzcn}!k~^@6SG9ocGqI``ZJl}mmcn$6b7>M6hs9y+3fXndlh}m zTsq`S=R++#m4|BVT8Qh}lQQ{wkcFGGVfPf@|e^*rF<+O zrMo0SIl>sK!}T<0`kl+;0*yA!_OhqHS6a?>-5sV?`BJCU&+X8mKQ`r-7YP>3+Y9Aa zCiUo|LBh2`VsM+A1n#*Hso{e0K7u%>L`l7AY-{O_6}abL@TPt{0VTK6|cu7ZUnS^o525-p|>O`<40pVpZF%1 z4LwiFXxvHR%H%SW+b(P{LYOz`F%Mp4vICUKCRFU8D)VN$M4MZpzZ>&lsP+pafiqeD zTHL5?D3xQ@4@KD6A1}Uqg>p{nQeNY*p3S|qs)8?!;rBGjdKI`HXmeH!2c>mnd7Xthe_Y3VI zl%Esz3uY<;!e0Lz@96igOm{3X9uZDX<$S86`Ns4+e$R2307Uu_^taF?7F~BZl6wvz zWD!NR4kgum=qpOSu}=RAYKRjXTy&HS8Rbrb&TfT(x_ERc(b}1Sd`QTOQSC^~41j-B z*f>p!^E0fGPsnG!okah9C^4%vUTq}x7L@4v${PlNhe81J#F?N=CzQdIvS7cfenE3Y zL?z|vq)9QPXIKtPnFM$Sh60rFVsll|Ql(cqy0vKGR{BL#-)82?i$H6+#HpiT;m`+D z6%fAy7OE4}KEk}@fUO&CD5vY~`VOfK@w<-G3G2ak7hoo}%qf&?nB;v!9P9R}=iOf< zmhib@H2SYuPV5{NcMrKH(?{JuP340kCUe+T;bL@69s&eIseoBdp{x3B{g*S*ZS953XM+Xl}t0LcSkMcYjuvTXtDXWKY^R8LNH~t`xo1N;yWdjC=UL zI?>F0{5Le2MKjsFUa-c$czVOkOW8-@8CsrBGAV|f0qg5ic4fR9uxS{iK=@ai3X4!V zzde{zG7NQdOQ=S_(lWK6!(OEVXhgolJaa=)k=6A$#6(finU@U!2LmDn0}ucu^3zvV z@prMjY`MG&ElqmfJYv;9z!PYLAuO8Q3LDYFRybURgJro9C`wgXcI{b#^oQ21ap&plG(-a8INVX9unp| zOw|P-fK-SB6E4%YjcEA_3nf)5_GJTcv9RTd0#X{D7cm+&L72vGZ(Wbpe+k;Xj~Fde z2Q_Xo7EL#2@Av2D>TN`Oqy{_%jQF~-Zca6P``091`hI_+yGW(C@4?p_%h>;(<`kX! zp@|(od%SgeUA>KS|KFjlzNicvOC(&;^>6mM*FF!6wj&=_#j!cvt(TOwW~)Vht<&P; z$yC|Hr1H5Y%hYt}AtTDL!~Nip#V(PJ=nxClRL-5Qmy!{je0^2>;R~@q=&JDy@dLuU z^y8txM{pP*%5gBj{Esq$^B%?fOF_PPtjzTIJBr;{P4=qG`^n3XfN!Wm-SHc23YIP#yZ3?`#7dd3v5Ma}(kBC&XzADlPnM9G1i zpYm%Qwu{ILg&gHu;)8#;tRDV0et+O-YU|AffD7fR>O&WC&8p~HHZQQbj@?ImQsA=& z0C!Ia7#!XUK3`zFRrn4qWa9jvNSf^DOQlV<(ihH}fsQ%8yWt7lx8`pO8J{kZK8kO} z535ZHm0Q9M8L%Fd3i-3lw#L9q^JWX3Nhs#n-FB)I2GJt#4Ueb9_os!IVw&=TTvh?a zr}%3Qa5)wji6-|Pfz#K-dv1{O{XfJ5paZEQTW#HJiC{A^^i3R7VJw{XTQker)WYs_ zJ5y*g(GST`!1Q5}dvT|Bt~tfuq(ISQq)j<>8PJkNO~s8_($N~`PPm_v*?-BGdLN<| z9@mDfqtvPv7Nd|yrvhkSNjw|*ZHKALnZBZz9j$Y9p3TO|DR4-0+zn>ZvpA))o4diA ztaHH%Z&S-fM$49Sc2Avc8Uq_DACYGh(?8!mH)*u?==efJb7_6BnW&kV{*?=T>_wHs z6sln@7$5VJRjUQO;lE}#_sNkqnMGGDNikXHbnLOIu-UnP?%F@BD>qcaej5sM1qIDK z?uRE-ZOLz3eU^QqnaSq-I?=vtljLdcrVYl@C7$Hmu)-5~WFeLN%Zz$yPQ=Y%Su#CA zBRVa~b1~ntj_!2VtR{QroH{R_csFTF-x`uz$m{6hw4pqI*vU967(Yv3JmU%QXAAKw z6pzbeJsd*%g6p(s@`ig=Y>8!bbI8BJt)cAYAphXyL#U}p!u&5Lwv$4*Ndkww&d`EB z^m)hcJE*q>Cr_97$<^?*Xsz2VtexW_;cz&e2nq$e(2xAIyoC%63sTqQPqrGB!H6ifmysSTY6M9o(U?oDL4VV?C`6oM)`#oPjj@T3L;F}f& zMO_B`EfP8mw!>0uS8b^-Bb2I`R1(QgQH0>&MQuKk@U(tTMx!71syD3Y+0aN*rh~8v zS}ImxklOm|)D)@R3OxFM8739^EHaXQTc{T4%73sdxRR=-KggMkS$`t%iWPNO#u_+R zQr1dN!pUP)$+a+}LlutL-6AsQm)6RVL9F&7w#&KxnPNx&P{ZHYK18cz1KuPQQV!6f z?L(r#5XS*v{FeR$!{!WDa_M&XfYkY@4~PT`_4M))vTO4d3vrenkWj`l7J-VH`$s4( z0bTAoV6g8bt%k%7U2f`9^mo~#u8#`#vOkbYIj`Ktis|&LxQ0XAI>@I4N;GtDQrBd^ zR5#}a11ktI1fob#cG}Gh3WZUkPyWAia7pY z$tju<&KPa1{uSF^v|DA1_KrOx;$$?Jnpm~9LP`UI>Jpri%~pGs8Jp(?##q;6ptCz( zeb9s$zn|A6xV~DP`d81+Gg*tY{FII^oLCsujh(mwP38}>C`>9CV}!URO<_ho(ht(v7@Yy#2i z7&fIlW5iGH#U-*SQ*5%=FjbJvQ1D=l2#TF+23>uH^5JtX&QZ96RD3g^2DxHx?i314 z=+C^hWbFC+lTZG!G{ir4X5gyPVZcxr!+3SJI`P>fJ+0a$z|M4;h}M)rKngi(m_72w zG@S+2rxhG-`{Hk*fB0H>|5Psv-v515tq>;mf4tx=Iz;A_no1B?@!D}865Fph%)j5b zQltDCx}6%NrHYIn|B7RBLK%b8W-F_xQHrImRhU<|S{SUZZVI7Fc^3Fs)!p@iWV6su zw^4w>I#h_Gx7S~0{T6{x=+mZVk|Q~Zz)>ihdh{)dwUZdYfLq#^>BYXqNKc=jaf+hx zBCZ}fRVuwV*hBw}ei6r&uqbAS(vJQvjRDMHV6(LmkcW8%Dy4}-b0FyYQ$X+doW z%mf3@!GRO&q=kv-YNnPWD?A8rKtu=xyCh3Ao_xped?K-p_eR9UC-y*x9lODNh{x@3 zF4JX4bmrWm4W=Ua&d<~RJHo+)=}%>@a`=TCVwFY51(8agXLZzk2ch$X&0JiauIHm$ z0#hRz38i=|v=OnD3dv;XChkqpf*`9Hxn##3Ho;H$OkeCE-@$d#cz=$cerzKkzT1j0 zz+b%@u0bXlsp;t$s-WpKwj_+BkV;G*5S;oF-xh8a$PwLQG{sbps25|iiY3> z3o;F@SdqqfqM8cBOt$OS^j>o0s#MlQ8ODx|&mj^t(3weJ)c91r1gqE`;vC8G~}9{1;Y(_ z5p<}yWJgt}1ia0V0H~o!mE0eMD%IGJ4@XgE$cq~v;sIg3yy->Fq~Wk!WmQKu@3*=2r45#J{^=Og2TT;U7)`qbtf9;kRSTpJZ6(wAjNpmy@=V|{B0=ACIFtY_s38%6t+Hv7q^@5Gi0ZU3l!qE zUY*4EzqT3&$FyW+{8*B-j!j7MSr9D9VSaPWSp>e4PUNO>&TR}`ARmsAVe)}}Wui9! z(*9$w(BW>N*+pvyUzoxwk&I|JcnQoxYz_|Zd!;9o=oO96WaHqF zY-u^`FD`g|-!9>B05}b-|K|v=q^VOyc&v2dCEsvVtF6tt96a5XAq z+x&_%w!~<-T+=>L8494bSe-99VZ4DZZZDA#9ZtbRO?c$^TRY2!(x&t{JzXI7P{#n9 zuE4_?(E2T&56PWo&Rqp{sCqt$lZe&gw<2rbM4%2BFaa5?`T8Ee+SB;p{8KrzBxzqt zQqmuvFO8(hUJ*RFVP$Q__bFw3MARlC6t}K+{aU7 zHc{K`jXXme`MVW31G4D$#>N+c73$i#9@-I8+_I%{Bp0V~8?W1Wdnxv1s3{%KJjRf$MBk8<Ktn2DSvygdbeqXv&TW_8CqN1wSjd0Ar$Glci7HU20Gvl&z zYhJ4C?xAHBl)~#eaH--*O{VZsvUEi%>=>~z@p!79UfoN0>*;zOrt4GWpue(6eMj|e z#5fuI)RJXrenjwz8EMAA19XZ(g2f`ahlTJ*uWV6FQ#F!qQH+RKH%RQMz7yGfA<_2p zx|9nYfCw&HT+DpOHeW88i}fV>u74CvLER7dr7Lj^io%PW z4L|N(axqsA92%Qzeb>6Fk@5H;L_B_qXl6Q$r5H(JGUde?u$n}Na49|ALO^Uh6wodA zdh7pRYj)z=8f6I29x^ehZAWvJ|BO)ZsleSryx`HCge*`SIn~EhDM>Y&Wv*|W>mrb8 zzFXJb6pZ3t1S95)M8=X#3Y3A=uxJv$Hm;>J{ftV~go43+*_DpPUJZ@Km3fy;-lj{A zDr-E}e55_ys;ar?n$qI;-Mfhi>CWegfs<`{PT32h&*?@ah5F=tqlYQci9lx5e9!$G zWUG-Z%~3~1SPXMEOnfwsMI}+G_iR{=g1>|cp2>T6McYg;Um1n8AM;qdqOADlkj@aG z#$E~oxKave#HZ;Mi~Fza4M&Uytz6sgI}*_EsR(W3jvh(vsCO!M3>+a+aX}xKhd=g;CEM1 zEptzU?Gg`z5>#6mz@o~cL(L?&%u?(4m{jpvqnZ0$BRo;xg3(ywrNt{Sp^0_JFw}iJ z_{(2oO;?zBJ7%A-fI~R1TYGuDX$JroP)&rMOdYbqUUw#@yWC7BRw!5Zbn4mNW+w(_f>}eX{xYLbz1MoeKcf1FO>SF zz!EG8neA;H84?tW;8TYP8U{hza3|nt)#26(`{3zAZq94c#(8LoS#7 zdwhP*))1ZFh*~3P+q?LLX%`(H_QtihhRd+k!Xcpa{rNVIjbmq`5Mmp<$(iT{>(%0is7Y>uL9t^mB367`T_j9th zRkq%;r)Ouu0*@De&Aj8bDikUfTrb-GtYe?hNriF(3-YavIM^J;^iaJKm9y90%&)pP zYdtrcN4?)}yjM8U4&P=niD=E1Uw>?P$4Kd}H)SVYtP#9i3AL-Atc^V3U0LftX&1gu zIpMzVCCeXqZFfud`~Lr&Xf_nk(t>^#&BbN!94&^gqP93=^EvRZ z2wXZ`ojXy?n;*?zi&>3Qo@D!~fLO$Q1=%ia<!$^+CY}cAS`_KFKxZ8ur&EA zymQ+Du}Oi6qucGAb#4YcKCgq<428AT!wO7ihe(2UUW@Eu^Oi30U~&RDbO!Y3(I{np z>v|z~<=@)#rbxX)5HO&k>AXVK&;mgMJnLRYKJ|A7Z;B~@nV0U#Z;>_DGevZK$wke~arzN`fV`8^mRi^Y%&0&D{}Mo$0HoBhF6sT$GYu^5xu z+IU*8y59C>^(J9_M8vf|bV;-3>|=a8)xHZjV?U|J|JC>eF|ubr#l>chjYIdqGH z=6c6vFHxPPrMBsjQ4t&+5gv{3HgO^cTr+v&4VK@(tNoP$A-TX!cC*4)r5?EBd?+zY z&O($((h!S8GEzp>8Fv%NsKks5=AC4EYeDxP3}&E*KcYP!9Vs~0e>CP5BPmPf69B`v zqrd9PkUk*>I{$Q%(CKE%*j@}hrHN-H@3zsj;mmBD&Z?R-D8UZFBz8|LYd8eqFgbHS z&ds7Jxi&oCLZ(x z^NY=`tk|j`GZKjj1W>NO>shkBpV@54JN;@^EZ9QEz;U=r;m~T5BIga)cQ?)9afqfW z>27X;YF*_rq+JM^C#mV;C%qSN|M1Zx_~K_kp>;GTJj_v7$B9N*+%<`+Rh&(i9aEi? z1V{W9Gh)QwR4IL?i)U%_at|6d5dYKNm}F4wEOQb~kEHbwcmknrlE!|_C&bPv4gY9< zmda{v`JFl>k+}`3O3SJ7&EDLMDPRqU-0o*Xl5wAO7W~QifW(oJMlswHOI12%U1&_; z^ebPVPu-b+0Q$g*z}vgKXy)xO2>?1tBiO!S-@vf2jyYP^3(Avb4;JPx1ozHZ9F-i# z0%}QzF8KQ+v^A8mLi^{{X&=)EW=C8>A1~Xt9pwxIJ8VvCBOmcb>Q@(|BL1OcZ1QCd zJHB^f6vZ}HwD@33JrDn+8UbDq{at{)nrsRLaSvab3LQ_A7j2u97uXf#NP)c_{r+mEDo$~wi>|Bm;M zrY-z4)?(($_sjDo_UjpW9`HW>^&Xp!x+ABns!Aq_Zy)qRtCX6nv*PIV35{=vKSTQi zgh9KV_We|SyxOvzfODt7B_i^L!43tb1*rXVDpa0{OkHlYYk&ydq|d($Hl4;9npXlt zwS)o#0=dFJXM^}YpZ7SHJTF^^vGK=xJ7!Yx3VE9&dUN~1!HJPlX>VCgWbBQJU~A-J zf9GVD&cSJraSzj*SiKM^!0K#2YStl1!eVz2qMX;|#8rS!EMriMnWhi$Z}b=P_6!Mj zjpi_znd@EZhY$oA=L)X+@fuIMgg>2yiv+^#wDTyHA~+ILK*lFcmZ~1BnvVi`%;jeZ zFAy9fHTUcN=oa*Ooh^DLdIzC24Hb&W3&?ib{Wy02q3uD)u?!12hG}52x1M2)Zcd-grD{i?Pq{ucxmGHn_>*ivKFDZWO)O0$_V;z)Da4Azam= zsch#!8493A@G#Ss11j*5sqS@%v&-Q>mErDPm3rYrAU1`)CD2XCB)C9i}H?quVqEEAiY->WhZaH}>|J=+$o^&~LmVC?TD zFpcMp0>H}=!J5Mce}``q)}ejs2%uqBn#XYhU{I`6<;_0M0;Cp)Dz(r}mF&*}r2i3I zcY+?0FfyO@EHr1vh2~{RZY}e@VLwNfIUiEOx-wU^k0%g}{}zO8*u*@bADU(JdZ^TA z9|D&EZUG4qN<@7@Jj~w$2++&V3LT)J0C1y#6vL;>jiI1g$w5#kkFhm(NRYTd6ojNt zP(tud9SFX#^MvQ5XqfmvX}0K4z$6)wM- zw-rP|_VHjLe3O^9bwxC)e>4zy@;*5U8T!MQ9m{P+`dvfX=NEKs$W+bsP%6x8CN#&x z3FgUO5RKY$9xabQ4V2HpjAx~dMYrSI`<*ZU1V)ib@RK?Isyl{l=$a$otPT+jg$oUq z2zi6oP-p-2$seW9b}fhqIX_%lU4P4Y*x*V1F?$B-fV=J1OEg^Jd=iwXn(6brgiU9( zm&Mm*w%m+|Wl}C`%s!^H#C-Z`JJ2LdDCp}w*6ISyQ)8xQ9amml-W*nCahU`=_#7#u zMcRo2k!`5N_^(d_fY*@#J`bQj*EKh2N{4sJ8_VVYyQsG^J?98q_ZJ1&3APssW6DoO zYK4!4%XL^G)WmQA@pp5y6DX2tA?KD^ zWKQGnQZUM46}AG_b$!8a@@D&gT!Csbw(bHDGI|;NxR4N+{a|J%6%seVOnqbxcvuRn6m9>xE za!J#PgOe(NK#5QuROS^k(;)L*`!N$IMGtIC;+D3D#)`S+L8o$N42vL!UZnqc@J%V? zE-}8(uF6N47RO`$Q<{!218EKV{n)^s8W>L$FBwmDxeLxn&FLIL!wsTG#9pa^wf26n zG6%1&U`SU~jExU5!a_z-v{h-AwF-+R{~Tjbd%r70 zLYo17vZUC6ZbxxFdt0ho+zKwoltQ!esVw`m8X3j?SXKUrDBoNf}}prNHemurzx-jj~*lw z%yQtK4YkAYhFPm`kPTgeUoX?07quGjynPM5WMJq559Nxhhw*e8)r~@s=kTII?5Qv( zUY$_-emlgpYyX^Akp&Xl5MF7|)inK@+-B!CHjO(|8_&z;Bc1DRpoEn>RK6*~TvyF! zscVIrjpAv}@D^Vnk4|njLL1x(z!$?uSg@?okZyC6hIf62*&)i=S-qJ`=Y! z)emyS#rd#=a89q=J(vz19|8se5}XND%2#NeYm4Yy`S6cUonw?@URUzP_A46vPyDa= z%e$C*X0k)~f5{>jy5e-#p!#Udn>6+X2M7ZlHTaKu%G-zT=O<+X${?wo#G1ve#e(}3 z0iqlDBkk4OZgp*5`TIevA7uullc=$V+xPY;J^p`s&3W!F8_GGFBEeAjqaVSsMJRXe z8(;e%YwW>zYUVVWHb(PtsdpMg8qQGc_xT#12fDvbXo!##5Sc;+vqJSDOOTGDY@}E} z?EKSNY}Q+5y$WXZuH|i4=IKkPu2@5hV%4O+UsrTDSj3Q$E;m!4U-O^}xxlEiK?hIH+Fv-7RbzCg`Wb zSFIBJ_*VmJj_Hjj@}qrBg&7~GMk!LIXu<)(S_4M0{FI!VZiS$bo+}iNKV)??KjU}F zQ}D0a&KPxs>PBvk9540PqXd9~s72_&EMQnL8~n!D3A%M64mKn?;%2PlRfene%fjc5 zzD2(U`!zagAI@7T@q;9pkR4bxY-$u`UuR7kZrvX5+&jp^G(VB;mfQW*d9_+VluOb_ zJ5LGkzy_X1mw(}Q*?I)DhH7uRT5TA{{G{LSN8cKM>i+VEkA6Q<^wmyb)cq9%clfW< zV=wU+f;Q)aaqv?_14eOYfuO1-gMKe7ZO)ZmAV@9Oz>n~&q^rmFt&eJE7$#UIvVQ>P z3m0VNq7Bf0_AWWdqvu^yjnzG|z*>oaTxzb&5O`>eL9zT9GQ7`d4R!JX-6&`#V%5HV zpJT}M3i?{YgGoyEq^Av%s;y~#cQ}eu1EKe+(uloemc3A~OjwIC*r-x}anXb>G!(1{+9c9i7@P{yYk>hmvuI8G3QNdnczTjMZOTgf(sWG#Z6Zu z^ZjPjd#(hJwL0rR`fre0x6{sVMNRqYhu_#n{t!5`G?$5|`ycb)FxF$6fld0*(NE37 z3E{g9Z(WCQ-m{>iAY((i7@7Hd&q-6IOYBY^A+1N}6$Ke=J?1md|NiT$ zF4}uAV5`8_ARC>ZIiJzDa1n+(-0z~wxj`kHb-p4F8|06@Eigxjo!v}Q!$U}j08=34 zCsy}!umyn+=-aQ&O;_ZLEx0DKX83N-IpdaR-BT1%ryBCoa0LH0o9Dgr3~ItOi`Z_Z zSKAWg2d``Bt7X}c3fqL%xQ0)Oth{3@)uLxsat<}Uy?Q%_0KlH$88WIgk8ykVKZN7T ziPNKlCX{{_s=`+P{a1+3+Aj5o<$~>lD6l%f??oC1apm^xlP-Z1bYgc;XHRx)Ndr1; zkUM_RRkekknzhez)&ynMnfLBsSOYU>^5c7cgD1jZvi!r_9)wfn)CLof=)|A%$O9>{ ztn@-LFi+0^)6g|BC48C#uzWFmWFM(dbnYUwC6|7+kk%TilgYK;wpxtu0grPuk2GS4@b<$jp1 z{zN7C5^e#`WKy83wx0G;$2kUiG}h0?d%b=B=?e_oH?{`$ND$kKC=^{-kMcX2fv9%v z1ERl~=tSD>J70MWTp%5LIY*wL?*RSC^WcSw-tQ#u;T$8S-f|T)a(NcQ{a}1JymC_% zsXu-mrEwV|1-n2-!(4Euj^O-0`>AR?JCInqRGYk(!#D?trRhIJvGTnU>X#Pj>t z;}l!V)M>|_W!sS-oCOcmwgy?FcYrm&h$Q}k54yUdB?B# zkGQ9`a?8@}1?L6ML4@ZQc~q^#A})yR?|FS_$7m1y-9(Ku3NB z{lZDVEoRrCF0M*IrrAlWeyf8?R*skv!14m5cp!iP5wVsqN*T)AINnCM-^ehjU%cFM zAZNxGM+}NCK$hkR8BRn?TuN-Cq6s@9GOAHWHMVEj!eED9bKscgZp##N#5+h-+EpW4 zl3^+c_5D#;*Ix!!NTBI!rj53PG7Qp2IQT$VOv8({CVS)HyU|y;zU{PGtoI{6D4KBS z`9{-;G}OKDFYNRm%{ICnu_2HrhVp|Te72)Z|Is8OG&H_~!W>7|mK+_|+$i7vu8j<} zY}l7wg0m*20r&^1P#4mD{!#Hk-m=vFupRXgs=uu*A5&h-ReWs}fgH}*M1Zvvn|f-9 z1C6W}4+cI)EJ!?K;sXgcJ5#(@QE=E1m=Wk>Xb}i-=yyw6E#bR?Mr-K9QF66(h=0`z zf>zUoFo7uhE#zPJP7n7E^8MkZdxA-(n5ss<<3j-RUf7TZx&t8H4KMjFl+c5kBS;Hg z?6V}k=Td_D8K1Q?+(Pz#ecsJf20em1g0r2@dcB2t9TZP@!xz~~LzF~TLPjzFh0QO; zD?x8QGh?tVS{PXFcfJtx#l}Y+8fDBx0o#3@X`vK}^*sjUXAtZ)?+3MG1^&_!5@^H6 zkkJ%5g@$5*{!NN(WwnHgqWkmb$0@cuGI_Kj>D_ zXtXkXI=CCQ^buUzVNZ3t+b1Ta?jWu1r2D}lqyU^%r*9JMuBk0wpxzpoU@W{K(?h>(XqMh_V$sGx6`SIgUF zdttx;->)PF2|T5)G$VP407AW_YO&Ry+8A(A*|5ga#0>O*&gZ90(Kyx)c-x=}-H2(& z@W~4S)T{fpxH$Ccrk#Kn%wWReOl5dns^6kQ>4)4UFMN+HMpP06=3(zu5@#b%Q5a0t z;TDqg8KC^R@VO~%i1XTQ-?beg)i5{AFN<2GrDyq-=RtOfFYJr{Y0yvl?jgLMULh73 zz@QI{_r;yd_1^Enf6}X1z2P)3zY~II6V{CK2{OYIPT%o;qU$dS+7n`0R7Wx{@O(pD zj%5o?R>fTU*6uTD!<6ab8e}qG>&r5?8L(#rP6_ZYQjN5gzV*8xdvIPk2=7^`qcDtL z5-d6^VRhdq|8`lt;U{T0bqI-JCHk|!`mx1wGQH>E3_k+8Gm)D4-BjSYA6XDTnc72c zwVMz!OxGrjcZ$y@3HdN@I+OGJZ_PT=$IrRFv5$M7wR9nMAew)|8zbyrq{pl|h#-;4 zBe@s}a3YW0`RXfesA`HQ%BTFa#Np}v|EuacfSTC4FbD>aARsCMj6tdbLV{FjL1_v| z?-)W85s@Y(fIvWc7cjI?6;QhL(0c@>_o`Isy#xsU@x6ck|Gk|vJ3G6#ob#Q#JKx5BGhSRRwU?npP8ylFui>Kyj=CP6E&g$TgB_w zyqV8OpD})F^2sbDTh=HV@n3u06}BZlsp|8k@NPkMdCl>a<*P|>Mn)A@Cay=_C+oW^ zemwG_#?L53>D(Zj1J49R);-vx8C6iOFE)~K&;j3f@?|%99@Zd(F>U=RUyDS&9o1?w z444$}tXNymc+4dVwon7=^KJ`r!yM)Oc5 z!`FjzW>X_cd>utKXlm-#gLs&xI z)7T6)UE!kS_Ng;dZpl2VdkusZC*v*Q3v3dECt{ra8jUmW92_>%X%gXS)LgrHYMD1UTf>gv3xZo>_=3_?SWQT5ZBg2D3PEJdPP~t@xH;*Js!tr z7l53c)kez_>m9 zt665C7{f@8YsSvjpL2~mpF?9FRo9!Zx?8X$+YF9M+-D5(VdPCyZCPNAnm09mXO}8N zSRWriRoYR&*r$3;Cb{-BD!wZGvhD17GPVa-hUya%D3NOkR=j+T*Qb9_MHiDEBT=sy15LMB?R6M3lSAW2hTL zHS@>Q3@ag>2|FwPPxY!DdaiO(!+HtPG^Z1|`MLQQ#HA!RR}q7*^pnp6C3_5j@$!Jo zC;~&ygk+|?SmI%&YkRDhl1nJXE||L>VP5Hac)Lg@%;wSaf;*ADrDAAk-h~NQY)899 zpuC52g*t~5@03_OF;Uv0>y8vJm`5$J`J|{7Ea|IZ$?ltI8z7T`hyP?4#lr{nJAV=0 zk~=$&HWz_L6RUmB^%N=4H5GisDd(PC5>~MM8fRVLeEJ?+B~`XRnZFcEEb=Jp@d4!< zTq$SW**Jpc%Yb94=iL&=&>x75yYnNP5?AiFa>x?KmB&ZF65fse&hrW6_xhJeXsfWRZetq#JPQfyeQ?y@RtGN`Sm#$fgthHBI%QS zRrAmSH-~9okrJkhEvYk!(Up~oz9CX}%ww$Ob>&>9Zdy-)6wMl@)khCuO?T_yKsO%X zgX6>0plx)Ebk?!DT>00vbTatTv7Q@}5W>^SH7MTu9pWdL$ZkZ5X{GLk;`}7|WK}uTd;iHcm`y6;a|dao8q-v7okO@W#)u zm5Xe|vN|_2VRR;=iYFSB1otzO%$DXm*#DuMknq-8$1bZcKaTzBZSx@iyW=-r8+Fzw zkzZmRRN@&~>e8=B%SJ<8O*P8jN8(!`p2iIL{dj0Xj++0a=DL^0>fUKk&E5B_2rE#% zlIn2yROU@K&*Z*V$qv2G@_re1+R^m&0@MeDxO@vx%}uU31epKbr9fEOCk{2+7{{Ud zHjJIbOQ{mF!c6U>uExjHsvwa|01J2-QXT^MZVOngP8?C$8XeP=6dj$vN&%MtohJ>G z)?JS}B18$`&XLW>78;)iZ7y6?^*af{-R4_4X>fZ*+6&aZT9(s3s}ayzyx?wp6N zbt63ozrI#qW#R$b+A2?(hi8+E#$^ALpS~}T^&9$XRP8_9Hooe}WsLbg$33pWbc~~9 zfPS^n4tVRa6@ZWS{QCKWMwU`NPw2dHVN{%5s)iiq2Cs15mgwi;1>;$-wS4C=duJK2 z(wpLe6jQrCr`_5HgC(9$SDPJD?vi(2gXX#eF4Jq(K7v3C>Rm1x-W~T3-doZ`*MgTi z^_Y)XLt|SeccA1mEX5L6rQ%RK|s}UAy6Nb|l@xXl@MahX^PLy3wTs?g`AuSvO4I_St%Zqe=9m*;gi$ zNm5r6P948`$t|*tdxG_w*TNCT)q93g4Oz~JoHTYD;5*zfV+lPzf3Pv8kn(A4*(tJ8 zZGAu4k7gmENpV7*uZn1gsF!Ik^9RQwU+AoROL0relC*}R`yXW}MTR_|&B7I;)rYaBMTmJIZCyCbAYO*wcY_F7xSQ8_D@+U%w zZ8-k$*zoaK+3s@-pVlWSBsS1Mjnrea8#fxEy(m>-Yw^_R#(2(0y=HGC$tCKt@55u& z7@v@!(nJkaDloefsKp{N*mBdF6lkYKmV{+eweG*PEghi6f1Q-nw3 zif{i8>S>X_f7BuI%WSIA0JFlqJ|LRq*Z9&5|7O1c<{pXqeq+sfGua0zAixsU0!dTP zaV{N$hD!BrOZ&`S0klPXRg0$sRcL|K?tQ>EJ>OP5J9B3pOf$=6s~7^Xcz}?$ll>J; zz7EwnAL7z(T4EhHmGytN(<|z6|{}rc?F!kXQD2SF`-rDQ46(Z`rL& zz{{XXdoGLCuH|>p4D-dQ@1C3CBb@z1l4AVt&4dLnf8t!msC|m;NJp4e$z3{wJRP~= zbI|{4BYA)+c^F?~uBCH4>R#CyQDS->Jg#NEoY`}G+ZX5k*kiLEY@V(^(3`+=I1x4g zg7BqW!-xfIR8<7JN=;_VgL!lz6{Wwlr>&)TR|JR)*{duaeTcWePhhx$GKzVM`swv*W{fM^)iN=MhWXlye% zOoE5MtHQi=?tBjc7{wGfh^NFQDm zeI?_lOX&|%qwBrX`z5>OrP2D!f}VCNK$Vc)<@Bn`zzT~#F52!7cg-CMimsVYwxTVs zV-cLHnGOYV3{kIdGUZQrZ1rB{A&}7~=T}t)f~gXUPQLuw(kZqNCpZ^@M7pS_yi(|u zt8;kez-j+*W25COS?=1}C;e;PmIHjay zcHdW8Gp9*id<4JaAIhr9=oYJRoDtuky65bcea~XRWE-*qglzYz6L8V)F?(7ov{c{S zmVpTRC6U8OKUvk5K?mrf=zdL1H>glT#k{Q{!gFWrjSMs0_mB8pfJ^v^+vW|mD_jA~ zUi0@dE2T+1PY}W`?URQhu(`Xp?UEg>wf}H8TaWa=2{1G#$|bOYG^1(&s%JI!<8QY$ z94b1LuI!AL?5T|5MB%C$u`ZAhmU6p{63kNDgC+g)Tsab0cwYT<9gt3w--u> zU>`jrB}(_u$N#c{1PX0 zzCm9*RPu|)umJn9mp}igqe>YkYd|cs)~H=ggz?ofwG>~4Sb=xbKD~7KEXdyIv?XQX zr`7VQ9*9tbWq8L1^L&z?;qyJe)sD>BHRVuMVMZ|mL|S|V0Byv))kL|ZSrAcziDFky z_>M4qCcIf}(P6dpYdtWJ4GEVCb5@x86prE*@-9(bb_T`-#)GHmnZ??nOn`X))$v0F z%8Zu<{szR7*N{2IzLpcxEZ$CRr}x@xE(j_quIC?F#*awhNBV$I^$Os=Mz zeE>~45fq$e!7S{jqo3D(YIrg9A*U&xn4vP-4*?>0$EC?HxF_cicy6u5{)|gF!eeMC zj{9y$xYmH0i0uf#J*!2JsQn8I{F_v?$ywi~rc&tfnBO!32vqb9g>(LJg{R9{_29M) z9sTI;R&kq=bfjYf=mrDDu5OvtP1M$kxUr?F(3Jqm&%v>zS06<~*tL>9{(8+K1KKZ& zZyma5a`?LK3t2!_8`3~1z{#TIF)+R^k-jpVT-f{FDr7G1nO{Ve%|8du~gg;=bI~k{;G9+fO!}I`$PrTt+ydvRPmGf&xV5o z1~mF;`|jS>;RQt$Q@dPS+R|I@{}J5Wm+ z7)OG)rn`!yIvTr}mAsrSqeLC5)M3r`_ES`&00dYb9 z<~V;k{ac!F^iqGw-aiGzMJ~<-p!rsn;`fKF{ZBj;T2O!K@Q-GxDFKbd{6n41{t-JF z@Y9K!`7s9nea^pI=L~IfvKRNLQ|(xX#`i_@_lsq(f0}U7HIZ;fL2Dsuvi5(}2vmlj z9=tCJ-e#D}V7t;e93ruO8vXDzxiHg8#88g)g07s!U&R#s015{A>so5ItKt*f)*mxB zP4*tH%@VJy*%4=!Y5(prP!Xx7hXU#7B$eT$@OkvOTd>VjOi&N_)J2R-Si}*Ae|_xs zm$m53E1I=GJdR2=#cWL*W#i*9L80zXAzQ6K-edo=8Scc;B&JzTCr;Vz8t_Ub{z)Fa z_kVF!qDM=t7iMm~3;WU^_dIv#k7Lw+6i^0<-C8X`oMinUvp?X$OPL%WW{u63kfuog zh5aw^Sr{B2a!}-v<^=x-l;mKnAKR7o^B}D3znp^iBi&|!S783x0*~f8$*s2!#n<;q z|DONns6;q`a_+GB0CRKs~?CT%@@%)ccnM}`ZZD|%47c)PME-AcJ(bdxn zBxNlWt|LVN2d2q(&i+d)HFk;%A{<2xC#y~Dltl~Grta?U5^n2;XI2b3^&))-x;Fj6sShDn9?WaU6 zQuu<67>YD9*p`L67hP#YuFMe00Ti7^-M>EjdWV-ReLM}SOrU3EidopD!)bwYvxQH! zM(pf+;b%1Wlzt0S784oMT%SALK2ATInf6nZEb$vVi+cBW%pNPk61z z*ol2gOaU7(IBv6`3F{NQp)yjsW{8st`EeJ<(~~%)x?Z{XNJP-Rx@_( zDzUQH;8gsK6xFOYp-*^yQN~cP!m2rwl)`d)*VX=tLvD@PNxzU?=oL|Wuo=}p^P97F z{vL23&G}9xJ+Ze$-1d$4MA)u#y|Pr0C3gZBCYeDxsYI?xnGa@OS+a);fD@y!@GRm{ zqELes6DPNHy%lXKH;*8J5y%eZcUR9ER6Nhx-IYOon98#BbTbXMPajko($|B?i|LL; zSZkp8h5tz%BzGLKC*RLjhl<;C8up;ive%`V30`+BhIh}xV|A6zoGUtZ&o5ktfW+(@ zlW@W+T&94;oGUiwf=@JWfl0DpU3Us@zdy!CbLC$G`(g@IT(xEox@ z_bo5Jp~F%2G?0wMfzsXn1c4;!p`T5}m5!>w0xLUQX6Jz5k7a*-fdVQ17kIFEb}0n? z0}p$DydU-tJQz5c+Bh@N|0Vw)Ec`FVg8wx1nxu7UP^Ley0KQE$<;$^7P5jHoUi5eF z*ej4Ra~IAgu4LJ--k!o8BO|(?o~bDTf^AYQ`$s#}tCa8X`u*Rlgc6qfHMeOz>+09!TZqz&cs4La3*Tt<|G>Q}nerkG?|@14IdLK4I&hNhiK*Cb zpy;SN!^!kxF34mYUZRxLaRx8q6MZGn;RdjdQMyVtM^wsEw3=ef0Zt>)G71P}xCl_x zh=Ox4v~x8g!gIZEEJm?X>-8V7E5GC{Ufc_Rx~k9n{^XI!JMJ!vv@gfh8WHV4jXzQ0 zaPgHVT4V7PIl3=4ipdvux@E~m__sbI$Db$e_Qz-7|17D5f9`N_aA9z^u{1GtX87BE z{!w81Yia$5BXy_uTMaV8grh+O-+9kg2VWIZxNgyyzh0?QVa7)9a%+G^|t;+d8N zY1}Be#T`rHztTgR)_mM-ord~3W{yBisF9mPX>fFo_k5q;8xSKAM$*b$(VZQI8Q9O> zx)y0#$%o?Kdry3kn>6#IeW5;zm3vo=&AVOr)}G6pM9hVKaIF@z_XZa#T(ZopIA@8L zigU(Wr-mEoj6XIjN52l-)D}^n528fE*>x!kv*?%Npr;j$$3j!82EQ{2+{iw*qMtHD z$gXe#Nh0zK5hj0npoJ(QN+ZDg;L5<5%#1LRyoubMBr1OZ`vd`1M&vaH{)R3clgn+S zFYvd{c7nUZ;1>X4KI*el9Wh@>S)e!s)kZnl)vD0 zB@g+p316k=DiRHMvGslIalHq)AjC*^s0Lug?^VTLZ#msK&;bQN$Y2b5RN>a4XD2(89*sFu<^(fi2+uZ*d9gyDt1V{+w^@ z`gtE``JYc;uj$!OlPAMKad~vx2m(2Jwdx#K+dVpQbtB7zhX{AsH*mdgyau`m8rR2r zx0}O&XS5kFK3@r@w5z)CFBalU|p_&y`SrhdG6^($%gjZ1qFkAc3NUE0N} z-6PlfG@v_VUR9!g^H=`PxOjdU#>>;~(ekiIPMev5pYDcF=gVZ#>+6@_%OrrYBjAP` zXDV!&k=Fbwiy>>XO2FKpD%Kq*+@Ljk@Tt#VU-x+X+9r5gAg6!Fe^OxkaCW4x9-{bl zaBj1_xY_`J#oYysVC7BEJJ9`!J}bYfx8q`TZu8CuH-4woKzdcMl z#o=+AN{IrnN7;|Qx8is}%t5JCMxr*ZLjFZTAb0RK2hfdu$nWA3Iau=U%!@(4JAA)8 z4WE1O^xVDZ4%86!V6ndK`E-X_5vv9R*_V_Bp|Qp2zQJyeJHTNIm}*MolDnlT%VyUzt3AnlV4d zfx~&SEetX^#6Q$s(7)`j^2(LXpHk1S?$GE4Q|tES9Qtr~jBTs?AN1qCodB*)IX@g) zUwe8kdwRAGomFSG1n}PVeY4}voc(eA!;r$l3m(RoXE|_V4L1{BtE+d1+dnl8pO^J3 z_=-9Za~Q8au;@2)ySVxXkLwiX&kf+uj%OLUH~Xhm1l%0lMO_bH&M$Y)#%+2%euK?- z(Ja3$gQ_A-O}{N(+4GQoYZ-4RQApVr#B`^%@ew5{&ARp-dE6*IWd%l0zq_K+7)Vs=8$E_IB z`X2E4prHw5?of0H(;Hx1<-dN1AP)J{kX_Ta3(Frr4#?pgz?_o@Zx`0|g8Vsz%0tT( zzJ1}3+nZY>u3_oHmpSmk_-yFHrb|0o&4a6p|B`Z5l{j9m|1th~G57yhFAGd*U#C^69#7vfK^=`IFa! z^sr08|DzFW`ptdJ9bWT;b#YHS<~wTL(SuV9<{)pa#O~#sI}C+g%&u9w10d@_O)Ij@ z>6&b|$*L)T50s&+O+Qv*LKfmJ&P+sRfALp@%738? zDP~$AMhV}8Jd3wlm^6v^QXJQmKy-mVj}QinkwGGu;=`e2^s+q^C>x4bJ8$$Th`^h} z2ZzAd#t-xMiePA0Za{_B80Ep!SLYwQBfc@>tz4~Ku>_6A`-h;yeW6GS-No>beQF4v zBA8Epb>h*FG-PS02-Jtz(7Dk;-LP6hH1O~7BUH5Z$x7X+TMNA>c)SZNe?^v6ALV}I z=*2`JNbq}!p8M`O_BiBOb43rCec!BM#{ijq{&({Jce3|)a{G63`gijBcXHIMQOA(p zcGWLkt_MeB3uvw?I9D=LXwCS*F*y-{ub*WI3x-^I7P!nPso?{;TU8PBjLB|n8<>ts z=y$G8JPsnkZ;(jC49mGGD55NjMWEOiH@nY`!ZVJ^E$2`sNzoN$Y)TH_y6=ZY+X#3u1vWN=h z@85+x*n?2MYxWDCNx&n*k!8plKW@;cB|K9V^4P#X&mabeV_Jlqi<)xsMl|zLi8f*` z`%+M?Lz#L>!=7Lkt6d&+T>-z@*BHfhK`^m0=DJQ;kli!RgjgC3y&IwB0%vP+@n8?Y zJ8ACwS?#sqm{R4Bz(uuew|~i2&xc&tP(@W^QHiz}32TD71ckB>_al9ms8-;YLh|Y} zRMXX2I17ozh55>dO_#Av9Yr;h;n%_IVCJP8cJFL8`wV^6#i9dqZQB*RSnr2kK%=FH zKdJ=T*3ewT}HJ7aIs?hh9v?RgEO-lzSS4(3tMs1b}nHL8EQ~E^*gKJKC3ZlGa7Y!(cH2<9Cc4h4_l*8 zbauhBKy?1LA|~3%BW&#O&?I42bR0JJ@D7T?@NaR^-mBdsmmiB7YrrII%B=G>zbg21 zY6Y_=fL(HpF1pY=AxVnp{j80X@HwV0IDh{@tm*>IN91?KnEVucR`r{_p!Uj1ji9@z zt8W%1uSFw+qe^FDArEzt#<$GG+{geoL*9mN^z*;xJf0G0T?2#bJ9#rLdPNk5)CfzkBT7UD2J|Q)@D=-KSUYk{23YBKrLR0 z3?H5#nq*viyVpUJ*YzL5??72TyukR28#2!kEWgp zp#wo;43dEd5Ux}Nkz)|w)d~UkgEHh>U-?K$)A`xp!V!CXr9_F}Gg#pxZhj!9%Y)1<;8Ri5hVe9{;3qYD zQ@#*pP{p3DZABL|QltVOET53eeoWMzRTqu<%EOL)r7YV$#>2exz-uy~Kau zt(E#nQW1Rje@WP!zlJZm=$oz|4UXTR{J6WuZz-sp$#us-ZR{Etrs27diB|Ov&LJy! zXWCCx>lh1jr7kOJdMPp=79P7iwezh+7e3XjOiqC%0+Qmb-;j22gr>d~k7O1RWj|GS zs@~#P>qm_0Dp}xx0Xb``Pn^_01gXFTM}gl+av9An2;Zp^CQ1y!l5^yl*{15_Iu~63)@tq--GS3PP_NQiNn1P zpZt7wwb2JrpM+CZPxZy6-KA2zE2t5XW~d=rkZZi*;)a!A+>g2{8T)4nM}y#&#s?{8 z0HPzIxCa!>>JG{PGt~(wOaD0zz1qrRbpuVpIK-Jcxr~@And4O^I44?rrQD~F+rtR> zwqMRQaFeS3BA?zslySx;GFB1jUK~=1$b`}X@NaCDZ^`MbGW`d}ot3c)m8{aLcW3w% zC8AY1xSEc_@|1|91JJM(v^fn918qN`Pnte(S);dY1Al2m>$tIc#F4<{VeN!W5tU1c zs_KZdctJMWq!J8&qC2rDs>XErht^GD`5^#DZ{k5Vst;eVpK(Wq@>J>df-NYJ=BYvgY^qUzw?Pe~;(%_(C0-zd3YZ>&0Aw)wE02 zT{mGfc)wG^%w9FK>9W@CaZ(2f6f#L6!juo=R6-h3gBhbK75lC`Dk+VT{pr@Im3$lJ zG?zc($!eaoc(#Kfm>{H&@u3Swk2#qvIR>kMm@Z5b%_c#O^WnL`ABAx-IobTP=4gYv zjd(4BwkXJPX-SiCVMm={<>uR{N(RT|jY=*8LhH6|E@-L!)!9vZ+(7?G(I)2=|H=1A zh{4t0R=w>QqhE}3>pUxcH&5Lcn*Oh#{9z6h>yAi0wav6Gg@F*!E;A-aTT~@fGGpN2 zx-;KRM43kK*KnII)77oIp3NhpIa5-3Q89#Gu`z^-_h_YJgs&Syuo6%y8ih5%s!0%J zrC*X9kyM$BPw697DZyE6g0m4Pq}C}C88d?3Gf%k5=!=HLQ17&Ee&v$W?@`ioe@~4} zDV0?KmzLy&u}^4)0gD3B+A~QR!&aym$_RIudaVgX!Ousj8#k#PR)?|O4S{qTu+i(V zuLSs(1`mNt)WAkm>EfZ5hrm&Kjsdfy&?LniBn%XU{}LKzgRpIbu^JG~h%G1sR8YrM zVpio%%8qS?Rb90hw$tGBHGu}7)BK{sQ7hskE>Ok}By^9UoJ0)x_Dy@vVyri=QV$+8 z@0ZE0A0C|;o1r}(HA%>>(>yyUYDwteRlAM*^q=HlzZOW8}(Fh8K1a@e2C1ob^ohO&8pU25c z@0;ZJTZ-@OkGl=XxeuJ@YKDSNQx$dBAx6`JVK#e_AZWFfy;}D96X{)x_peB~=c%CB zxWQN`T(`)_BT3vu01M$bh^Y_~(YNwctr|K8oamihm==Wbutcyu4?le(h)lx~ks{b_EH~Z2GdH6-uj&?d%@4VTi-t9VdpQu|- zo@}{S$Ed$`sNt{JPuKpsV%n@IS&OSwDq)UEVe%cwuv>_*9Z3m<@<61W%(!GK!&$Un zXIj+ek6193eZrjgJ$tQtDd+f@i_g#qpI=m{R|oT`J#{ork1WV!Xr0NCV2B4W&~{jt z6&rJAwbiKIBN)~(OPxWb3x^>Fg&aW}8L@2$OHU*Oq^@zic4kz|o7E{NArqfQ$;IsI za(fMGi?yK31qPeFnPfuRkLsr4CI*p*mXKl389F5xAX9>;r8tLpI7|9$pJh~|DwP2; zJn1RLJJuR>%?udFEtQ6~)oRrKf5ZcOty=u=9lbo8<&36!%kQc`T9oMtC5Q$$8T#guB)H07$P0 ziu-c%XZaQA?J*WZd<~^O_T#1i{CrVjK3xm)1~eDfl%WSHMJ1>raVG%)01%rnCd{A& z*_EEE*_X_PORlGUf(Q8RnxPitp;8!^1$8!X)`-i++}VXnW_K6dkowvq``1tALCQ2q z8d=3(S~JLlNZ*iAW>e6W@oZd%1w9(xJ(-8{-(_Byi~ zYtK;RD4MoMFoH>-b7}$IzI4OUEiv2}yzXn92MuyRY}mwwq=;>lvnsb9hN$+;HU}rL zx==V&cj0Y!(1zhph>^UmjMOx>Pa{Q$UjhUN4s0-CbkY)cDwf&tlbGLJ0+aR7nR$eq zdoz@U?UrtdSeF%y#CE!o0*${OEqBWA)}!Tr;}+N2Vs!m9EqQ2(H;16K1EVFgLQ5Jj zG|@zj5TC*;NNfvvlp8vyN8iFhnjaa@DXOeR%sTDt#xxRVZc*BbH2!vK87%qmI4&wH z(ZY>1uTf{(01(oO^+^EhFMvP=lO?{2xgDUOV&sX97`L*l8%b@Hp>9&^>BB_a&XRZb z^<$z<8+;4Rjw>EZtV82n$Vz1gp|Wb%0+$MOI0hD>W!ur z2UR5`zR)fUUzmMCW}utu?LuXPGv}@ICFwz)j4WwAfHdDBQZb4={u}jZ3Vb+TimMNU z>n#WEdlx46KYviXF#%|a)8Ia6aWIk@osfDaKXY;6yOODLKJO&WcXo zq-TW2xhT0H$&L#SaQ{`Ahe+t_%aRLcUVKC77f8kT?9tWc`sKYCfAUmK@U%38m6_0= zjZ1992$RNxN~sbdiUfi|&-p&F7+*Q4!tV9)?` zOCnxf+rBH_b!n6=A6tx;L>Qhcr27^DR|6p`CmECQTV$_%{8u7%n_Oiud9z7S3TGYi zXiLlYR^m`^>u+IHHK=XC;ATt!UMtdC)Cj3_%1HX_=6bI7A;%tR-1H%7H8~q*Qb!=t zUSKI%shl25HJJjhH8v3to0>F`jM*XGloMh^i{}!{CpcSgsq})1&Vy6fO^Cjg~UG&#d|RpaaFr`2d`XqNq>? zle(f*l2}?19W*mi8J$Mg-QSm#G7$rIak#08IwG-r13O(pEBnAyzMk?0;6HueFQD$< z>-G({xgs3~&LlyYl@(EW68s0{XX`(bcr(9ISI6LI}ja5bAvO&gJqMYN}N!rpzR&;q5 z<0oceKJ2q<@>PIHf1I@E3CB(JqDgQ*Km2;>*LCgG-bEj#Pft!9{WuK&($SwGtu;+G zZB+?3>|lzpN&Q-WLc5RpBVeP%2D7Qe_MN6qp00*#*bJs51rsRrzTGf~S5`)19f(n`ys4-1MPS z!czAE0>$W25`0M$4#X1|TaH<3$o6X^qGkzVh>;`}#@o|2W@mk|7fv6t^JC)O=>5j0WC{PXB&ZhEaa&@VgYa%>42vW154 zhOZd~blht>e5H%e@S+AC&I9VA#!%9th^WPE5!?ic?n_>p95bgPL9__$8EC6MHDi%j#K-&J5P3z=xI9;IIdD{Hdk(A?gI&ovFLoP=hwh;ary z2dN3j`<`l{-NlsvU(GnE!!X~S|`VQMn zKaKs}lmps-S?6@lxkRtfev++dzY#O?_T)hJmT%tJx!BAAwM~3(9xBKeUM#6QVLm(H1G*ZKYgd!edX78 zr*IE{PgqeJn(P;*KD}6s{5tyHZ!_g>(eZ=4^$sM~w<^q=Va%pUs*xYG8>dh|z-uO7 zPVJKy7t5=S9!D42a_x67mC6U_>>oJg?CZiF!r$?IEgtJyySh3k7C2OhU|gx(k^vkY zXL{P1vJeMQ-O_FsBi#BeUBx>zI8~{zYtTUzad4ieSVh;+%)(T{Bnv?5y{Rz^1s+$*zfX=V^Y`7cTa}+#Exu0CU zQg&Iib%|iYta>K^WB$=}xLXM%WF0*mvEpe9{h*FW$he^C@5{iE}JP zIrr*)Q4T{u>(g-EKLGjG4;hc7O4cDr4X8S{;u)(p;?v&iM*NdJ)EEz~>FM#a3 zuZkTkfe#vgMd0qqhJ91gSjyb=r%EUSzHW@NotPN%^8uh6x8L|6&6Qwu^5p`+Ix}~* zf9UiRH589_G@5}?0wQ_N=TXES#}-SzVv!P1mB5%sXx1zyKNlbdH*oSSo~3Uu(VZ#A0E7}2~~u;?;22AFf~TEsmN@EeeBz$SH+ZO6;r=FB5aqs}D)GIO?IeHi7mMH~`Dv4Hc+V|1NSRtQ^aXdM`# z+|Yt*LkF%S)4%lJvZg`?9hegALTmYur6$&2TXN>upI}`v@w;+s6MH&sVqcs+czw`= zP4e7QC{)Ut;3dgFB*9UT+#;ofNymD9C);{jcRk(pvbHeubo$Pv;AWF>6z@)(nSgb1 z?qb;mc_|(_9xSph0BY3gr5dcf?ox%hyB+mZK+0zpns$N+*MY)ykA${El$I!_h9ef+ zU*bkdnA6U-@e|jwT#Gn%RzX|3-bsZW+t~94X{p$v z%{_w-uSmm8Za~N8Jiu^)Xv8~^NQR=uF0RoyPkqNB8+mjolcysqEvt+mtlV|&%0@QU zImhHrA-{{1Xs}f6lP9R@}u2uh8)_sOXU)veCOQ2*}27 z5wDx6g?5Yfi_6RlGvXw4rDIisNJ`2?w$S48*2X!6^2xrFiuKjo;g1}KAwf~P)jx%i zhsVT;c@hh3m~KHDb-d5yo;uC1N`?6v6CcNyPNM6|6xxm_=Kvtpemloav&oa|Vr=e^ z1jqBm9^Zz_js-8+b^9)fC)1$tNJUVsgP_pRZ){xqM?A~vT9xsduJ4qrdY<~m-QW?+ zD<5V`)QKVEF6*vrWc6EGU<=mx)zWPj7iF(XrZ3Zo_4Dk~RqKFZgA+X3o zU8Nl8o@|32cr8WXN@-z}wbv|~w7LjNkXTAi>NHE_u1e*O?EJXSTi2$A0 ztGN-0e0o}8EJd~Ml8h3GtEJjj}6vitEJ#aILkhFFtYlDDEHKIR$`JQ9k!db z<$(&#XqJO2E+uB&F_LwXF3Kv7`J37GhEZDZaSy&)R;W410(>qn-r~(|&<|{myVyC_ z!ncLfnyMutki-^LtlugYBp%xc9hE|w2Yoz}6PrZ2;)1^ud=91vP1KvdsPULY+kCek zskZ*;!=|PH$T9-CJv4z6w1^xUIZKnq+5Fle0^veYbRUdT`k{VcpE7*ql3>f?rCeI%E_)4p@W;Pfp^yr-cm)7!(otG|7Md&*0v?x zKozBlP)EGzh!FQjoRw&<%kq!4=xlS8hoF&VMHclm2?cE(!4s38Jivlw>YJrnqJosz0FhzJMb9u9KQ=RoHPm9arIZj-ah+@{@fH=jH+~YCM5xoUnk750k zVx?N=@EYv7jFQk|v_GA?xrloA;!V4lO45k3_{xEEh&Q1^No+(!aB_elNnrxWz446! zL+9&dmmRpVjAdYSZvRkjT%5)1lWSI;m13;L!@_Cd(urIYvF8C4f+WiYk^@ z26I*H-P!GxCqk{|0}YWDc4++PcN&!Y@E6sN7H9U36eB6*rsfgFVu>Xsg{Y$baa-Nn z5b7xeDnU1o5W1OFd-x)z(lu_yzh{&Ozld*p*>Y)rPS#+5&P8zwj4Gj2iLekwh#eC| zno^NNBy^tP6f0qhaXMR+JqU{k4e-~;{+SMsh>^J6Gu?Oz7T;J2XLZR%M`8&c5%%EIfqPf>Cp)`cT zluSbC81dVP;I1mny}~K@BGYxn1}ri5Fbs>l47%!HM#o?&G5^PA9&&)^mvaI`@RXte zVD|Jx!y$r1obla1l$9oS=kJpu#2fpu8nNTd*lCK;{~q28?#0U-jvDmvTf)+EN#Ia! zxwI%LCR2n{HR8N@&>EHUfiU9Uq73@>k07bIv(D^=AMc4|e#M5`{msP^C42&Y!3U;Z z2=mM%52y<<4*ZzW?P&O7dC186)+R{^Njk-<_Y6>0;*_;c_%@-IVW28B8S0F+hT31> z7oqhPaK|v0=Q-C=O<~B1sFNkeK_sFJz75cEo<|NU&808!T^$P_dRfL`SpVrQ$g=0a z@~jdRYu`&-jgoWF<~oAKa%W(m2&x9z(mL6E#h6~7nSPp5@cW1eVaQMoeS!X89rZW+ z4VNbROtZMPDT!{XQ^mcor;H{wzi*eF4mRd|hCwQ4&|TmIDv_`DZlruxUL zD^uN;XxCJAEksQYOOn@xldy*{FJ`Ds5(t@Q8Shij9j#eICy@_MjoqWIx#6R}XK`Qh2YY=d6aU?2>gSd8A+-{d4lJ!hNr z%f(M_FkMq&)s5kq&`sSPS7&oewzKvlEYG*ji#5=ny1D~$^nP7ELf4oa*DJ@#CngW@ zb_A16#k_v5!Jk&&c;NWszRujfV-9YFJ0H#Y^=ZSIPf9K3Ie3D$_vXy>4ZsDqIXHHW z^^P%&xRLopRRv6JdQ;YaI1KGd@LU+US=sKTHt=i z8O=U06z)e5fm5`h?FNo4uyDBu(bk{t8)10CmB60!`Lzge^5oM0;aUCgv}?nEH$VQH z<43ks+P0|K{O|X7fiE}(16S6yW6Dz2lenrZ#tTNXG|q;gE;9-V8f3e?q|lW z)-AL~jqm>dmd_|ahn0u@hc#yo1_VR^1O@yTpYd-Zql1&F^PgA&BNt11yZ=LH{KE?d z{u3_n=Yjv-S4~R4^w3{)`JgMrBfI&!&M2Es45UZGh&qG>+j3h*Ibmdtx5qFw>rUEX zk+?haquEgbqUr~8hH?B_6m2HT@3>G^(#ygvaQbZs7;S<%$5ltlG$xD%!LFWutzP2e zzL-wAjB#KXhnOx~**wyEi$=40W$;xFzbw|B38dGR2dg=@i1iL$lGav0Cn70U7vRpz zdcnTq!F`VEaKu(z>uX%`QTy+~R5eRHjpa(<*mT&=u|y0>NhE^%7nC>JDFZxvlb`n> zu?FxOi5Fe;4)AlQ{XjePL{~PG%2x%-|FO;w#$z)BYBx*9Hw<%PE)#@b=^V zWOg(&OYh3!)*&_-)(U%vMc@iS>#kW*3B$jr(!f*sX0YPyH$V_DI|;Ypv>xEPUjBI{zIi3L28dqt0g|EB8P=6@SBrE^)p+2OQNoN zsFhIy5yEs}c*!9FEgDkaq)z3GdQR1p;*P{VC44eeK~$waaAf?(%hbnIj-%MY*Ah2H zq3dlXG^d{cdt-?HFIeK=LBG%H^m74_kO=S40f8Hok66;bI2Tc#P~+8jU}Bbr;){~i zrIy-DPxHzV_RmY7V{Gx5l~v{}wf= zALEUs*ZT-^VtQynGQH{;;Ptldd+hI_5n&o-LN~!8GL99EL}~l;qQ|}VrAJ?X4EMjY ziWldSZo2=paQrcR+JBn%Kj_4=MxOSrF8_rO{&y9}|AEn%*&dhyMnuSKy=%OI3-a3F z2v%35{(iB0;JAY|h;`C~qTlP;b3wuTz8{~uP5yGl9?AfW?l5h2!m(__+$*+?y3s{+ zF!Ou#(H*J5Y|O_Cr#W4VA>B9+heR zXH{zz_qKvOEW_hgk`y|@?Y$%)#^H6&Vc+_B$!}jILiXmgxJk^VLx&esmIx2s{aaNh zk%6mh7tS{yLI0f=r0ZR|e*GDJ-ybbd|5FQg_AaK*D*u@j{~tB~!Hlm-XtV-lf(v^R z-tM=E_f02CK{iNJ9!n@KK`^x0%pK3Qp(P`=HxQ8-7Yh4^_aO6nUwCoJt#BF?YD^4U zYbQwbf=UdJ&L4kOjiE>z7nF@$7>dJu-g#Vp0VywkiX6|>RD}wFEtd3S3;T#@GR|dI zzPPWPlDE==NX`}L0G{r&WG~xbDbQhDGM0a6WlHnRE{7BIqwiNQD8RqV&=^iMS9POXn@X-Y_YoM%gSlb@ zop;`(TH3dEbMz$n+#ED>ymWO#`w)SBg#WYm3in%{=f_cZT}y0%gSz$X>149 zO6G&rttjxkIxW7rQtcPBHAS=hz;1e4L#>%==BCE-XK!yc_8Qg97*g5xR&!%WB^YYt zM4v`_Zi6vPn~=33V4PZ2GC9)6`ruBv7r(r2(mCI`dQI9`Z~a(XS2bmWaA(0|E@wd(UX&PhWF6xw zk~5&6n$1Zblj9P@^@>t`}9g5s9AKGVfT)}9;ZVK+k$Vw83($db@ENG&?>&073 z^+|1eD2dk6|3O-Yl1x1@OAl|%0}nvuqL-LL08KHBFODenL*84t6L~kK1{&gRf%W_R?^X}SSHLpY?e09j}o##F(^UNz|L!*8h%`*2vVr^!k3`k>n zvwDDU6L(NU7WCXwbJ$C7uv5mZV&Neo>Z$OjhCV_lhY%0X??!Zlu#r#x=7H>jlW*8O z`0Dc4hUdAyvH>WqUEvof2BFuiHsG8_O?d1?z3ge_Ml?U5*VhLhEAB9<>j8fiwvA|Z zBpf}#b%5np`tjMFTdD=%b%6PkMG%@Y`QxSLS4)y*VfITVoEq(_LD-%2E3}$cWGYc8 zB5oK#@*iNmm7ev2N0~ng_AqD!z5FKDI*yowZ{bkB3es9>E_w`-RqKayRNQSB6R!GCew$N zs`wCT#z>tiDChND_EE_-vndtzCwENR&gQi@t!m0!8aTd%Rx&m-D(FJ}DyPJ_qD(L- z9Ktb7aCYOKzdu7r&SAR6Cok&dmPAg>hCgPpc8Q|A^{ZA7R~0_QS>iYzPS^%EF{C{Z zL#6hDdpsJCiFjn0K#oXIcNZSplaT?V0=u-DXo^ibTm%X>vuDhac;NauoMXrALQG}Q zQ9kX4xNn8|qWXyK>GUj=(l`;9y+^kfX99h`Z?9J@?a_8e`LE84uJ*s=QNd$|dW)i+ zM3aAr5Si2O)rnZ*z7XMFr@C>=+FLhgvO;fw_7pEXSKX;+X z6^pygQSYTw`&(3h+Aj61TO}^M-r=7W%0oNnbY>Sh<$t|#z5j`_`tQ(5DYVfl^9MTR z{JQqB^B9)i$_G3$9Wx%iMgHV{^jPYxyoQM$eC{)zlhtFtWp1oD_*QBoJ`iw-&b*V2%XbskPvkEt&KTIuRCI4ur(<5^nNJm^QYs#!6D+j_7g z_cfcJ^qr>eWK+G%>oi7crAsWAZMiptlxF(twV9kxt=sY{-0QWX#S*D-)*NkUX5Jqz z_t@)F)tKnfgI0~bKBBFf4ETv|4usX=YsrSj5vus9hP zWeCp)lVq(;BIK3ZNQ{9S;hPg`4S_u;W*rLcB_6{k03F`3W>MxaZ82R#NAz~> z40ml=b%03kbMLrOFa=bO+VLq%pW?5Twj|=PWr=ZDdv~O~Wo4$z z3&h|E11qWMHP(RJr-QcN;x4P*%p`39Ov!3Bn$u-9M|!C(OT{2LLn?b1VRD0w%!A(7 ze?X#Klf2bdXQA6npDAPA=2O8l-jd*&Lpv}%0tYdIFiHw1h*=(hM>C31dP-xf9$peU zfk3!mzuWq1EC|d(#l{ecenF93>M-T`Z%-tl>9!1I*=qTQh<}Y@*Dt4X>Kk1fhlbdP z=n~W-;TJY)`%3K2E~4d}QkN(Bs;Ty~&{Z)aY%&fZL46+sXBxshz;Y7`7-XC!oG8fW z^R=fd?W}pPB`$oB<|%`<<@_bDY)RvKnQfs0;>!?%b)3ncX$n`i?W-_&%$&FlK;9A_}615ZnN#J1{9#95E)j#Z3vF50D$#uwYvsyK2RP zTnvwqy#U?99N5G6I%%_>Emn>vAcTCX9ZEt>v(tgJ9Y)AJj1r)ZMi5>EUXFX_MWdi{ zNZpU?iX6VE4z5A@4O1tKQl=Tu1jJ>?m0&JG=!M;VQW+=Ia!Ze8Q!jYS>TaIa4xi8a zS^Io}5AUE$K-fvV`9x=C?1m6!tWOSM0Iwvf*`JLJa%eyZa0n(D);IJlo?J)*CkZIK7n=KxM1Gwr1~7fh_Bw22@ zDWQA9BIA6&;MqUX(f}HL2^T; zBt8Z+onLmyUUjlu4-w}x&XU01VK9s2RA29aS4&ul;0eW~5sVE=3=!1MJ|UjDJFn2zxx z*Or(THTTW@Wk6qMHJ@unvBonQL7_9R?R2#YMUH;4w%tiOu}`HjdrheBj7v_x7RGntXqcu!o6r?D**oSX~(Z#GWSYsfVfeBz> zg2<$Vg$qx`DdbFX040Q#3e2Zt|0i$+E&BpLl>MWu#t+#MnCnKM^`>FyW=`<#k=~HYKfWb zqg~4%x3ifn_{K`RD?3i?tvQ9LUrrHBdEZ+a7G;}M-5@&scUI1#Z%`&GXC49vbgsR) zW{76@JE^y{zc+bkNu7D}OVZOO3OVv_aJ`zV6+1J)w?^a*G z_u?HfS)6bjD)*kdiW%+l#Wl}6dE8>uYnG6%h4sEeX9>`H}*kDI{uDn#7RvqzCOIuz}dwO@z50P&i%Dj0*d|@ zP`$$S-1>#m&0nR~(dvHuzHNMzdI+vv_;1%<3j)(0WkOp9nHKjGh8i&b-lav`7G;W9 zy1ii{srM9dsGiQss zjWNV8fN?-?L$9_*22OEe>g!l`FD_J2N(fL`9jrxx4D%^C;W%+dC{?6UnG;{IGVVmx zu9j;H()*z}Hq4duBsMnIGOxWmOv-U!FrMh6mGT|V%=#@eM#q+*`_PMjv$%P!sb0CO zPX)VEk(Ej+sTfgdKuO_*7nDfCO9b$#DSixQ(aA;SXkvK+GgCQCU607_G6SF$9oK9#aT8%j%za-t9iG&rb~b{GWHA z@)+||{_RIK*;^&KlrX%gO;D8BEP_ctAdQZc5|m^maT^&&DwpID#*f#Of=4aOueKcL z+*4oRp*E%X%QSz`LxZTPsxZ&7TA9SFqx3DDY1q=`9e+&LB1suH*W|NGx&VZGe*ia&clE0q5kaasRD-1Gknafzas0gzsB(IE0RE;-;@X=hpDV~Re2_Q^sYs~|Hs~21;-UE*`i{WEV7uHWm(M3ELqIV%*@PeF*7rR#mvkW zGc(?{&%8Nv-#Za==l9&#p}i|RYPTY~I%-u`u9aC{_92$F+Utbp6A&FSk!d9&ht?qh z2ey+`O0YwFLoaq*B`f(+6$l&68TlltwjeE8z&qq%B(TW9(cd(3VvC{XT#Q)@AcIiR z5_m^bHDWh=>q}u)0GP`Sz+9riae8=C5|qTjv1V~pd!g1Z7-W>gvp<0ojeu48{E356 zM(rM~C43*;@T^cbQ7=)S;QFWWT?S5nnQ_7={&MO+SJwxdi+p!KNEn$RVdZH^&`Ksp zD;X=Gu8xdTac_ut=I1UcY%2@uJf0Y6BVsFnQ}K zC&01TRb^5+0LB(<)=>k~nW<+J{C3;3i}@7xK53STuD`KR$P$Q036FT&$Mk?1%CHMW z&jzjrMR=9K6eWl?O%vTk4j;_A`q`n4=|bnyoBg{NcYpHRTybKh!LS^k{FT{0WGufq zn3OOI4qxQTL>r#cy`i~*2?7!Pe4QjRZD}TaXH-mOVp8f zl*y^YMK$79b*u|^>7s`PiHB*0vX0zS%_^x*nbw^rXVH3@)saDOb~v5gPNRF ze7Ql@j9h%x_GG0mWm+(TclEA5XqTTfo4RzHG%7m@qogqn_JWfX;p|{g$S|{DuGEUJHUDhhH>11dwYj~r zXb~}~x~^g@{xxI?i$}ReFr|xO*5{3*hgi=?97n3z{1Vw~>UV$gMR!eNB+lB$#=caM zmGL4g`I0d5wMj07ael0gD(F^!uA>c@&8xt7NH6{=mK10=)c@N6*fyLzpJKM$yFe5= zs*g`kNZUMnJIbwxdQdfo(RUr6*&SVIE67ZANs{bW)-RPd$Zaa{tdMweGS zI{eMg+qIC#Pw#-a0fbxnIQCO#7CUlrqHu*MZ4hWkk_Z7rhcX=mU@{VE)r>Uz1rLJO z3Ea*We3zFCf#I(5GhX5&*}Ij4A`@uhEm4d)=)yQ6P80YGNt7-;i)XG&*`{RTD63e7 z_IZHPH;)qu<>f8r?1=YYMhDTKT{0mcfPmid{(G2X{tI(z|8y+pY(#bx6OlNlBZPs; zSk6(*X3FD@Em@&rts2KhBqS8#O}Owl>u}K_PVnR6hx6l*T4w zF^t;L&!^C|R4!AEvFT@t%(s3xsgJtcmQm)(Y_c30&kCUUQ zKXXOQ<%FjQt2=XxB^=0;pWC3TZA6>iqc*gOYe46lY%!I#mlZZ|2s^pExy$2bzB4f1 zZ5xx~_pSKd@$!tIHddV`_4C_84u^wNG4wJfP!PxE4m#7yPHyv*d-$fW6s6OVgj7Y;2IvzT-Vva_B zSao7B7e1I`EOpOk-qT$c{4^Lk&~ymF3<}*O!B$6AFovfQh@>!bO&`N++dQS~q-s@| zn=&kKL_6QNa+%fIFYPK_5Kf;F3%?a34QK$vmwi!c2j!jGkrh$FG>dl{d@VVj9h}Y@ zu_TnAZ+nNJ`ee#!)mB}z?=HA%EJ%zPaziZ!6ja!wItnU-MY?b}Ywd|A0>yyD z)dV@giB=c>wPPIf9B_!i6%U_0ZMroBW}Fn?_`xF(4~_G2<^rl)uHWe@1*)GQu!u8I zAgLx_3H^DGwwT}^JF3U05_6&d)0EM?nAI1%^_0agVFnOZ1yc>}7Sz$X;de``Cyh<+ zm6abljbGcVoAT%zn{I@*U+^Fa1L&@5_JPP_xl1+a`{{mH-BwV(IIAxfpXATo;NCBY zsC!pdYoC^9UR%UmV+(1y6T7ZRzN>$IO6EfaCBZ@G+k^G>q#$0dON{_cZ}I2x@k(;^ za%#Lrfqux&xrEby5AxJ6n7A!?Ttounmng`uG6Ft9{L+%hPJoDqYAxnTv8Np)B972r zAtvnHWjUK~R7|<995;iOnO!XJhC8(3XP}P~*O<2Vl6L!@JvvP+Q&EG%Gjj2%gjrsR z3fr=5!n@SG9xP526ylpMM&OMcWFj)iH&_~fkjYfoY#poHsuiX2zDrLEuh1QDnuSTR zd+{vN(rZ1n3@fBb9g5$0b)opHEZYbsJ-f+<8?aVAp2J`WTCg4$w|cSC&J$OKL?*iOI8Vr6c=mOWi)t5BJ&lv09Fd zAA;-`Z5QyX*IXfl*&aOsLO{rDEVkhJd~#Bu6;GP@ArhR-B+ZS)_%d@cT3Q9tT1GE6 znx^nKYQi^9&KL*DiP3a}QdXEb;3w1pVu%;)b1x1{%0Af zn*_!PJN=s1t*{=|%P-9S&4Ui^QGAJv=E~K+v43p>}2`WQmN3~Ze~$*skZDUCumyh^ejSJi-Xpt zVSCh+U3uaR?mY>$cYL+)vTo}xWfrT0S5u;xDk@-P`o1Vie1dK*Ak+16y!wz*XVcQi zKtv1n(0Jc`IQrleGqputh5;rbpMzo>x8R&8{m#mzjCFB^)fx`e-%FPnz zFd&V1b3tA+Y-rIy~pR1afp8Ruu#tQf@WGIUg zVSDacS$&=bnfW-}oUQrZrtv-NWtu$K<{*z9D^*; z^dQ!KPEsCFhPy+pYd70f8BilzT)XxKj9*L!-R)x~;x_9I35rPo2N`=kNz`GOoLikx zXE9*4#DMlJj};#~c%E;5T~l?&KPDYXvyse6$@4$_V@@6lLR^oou9?*caa*Z5Aw698 z;($)fn@mA;xG5C!0i-XV5U|W0q(HnO^gsktly&+^jr=JJzE z(51HT?R$E;wF!#LH$b%qM}#g7S7z(S?eqc< zT1NQQ)7eK3+l}60q!eNbykdvhzlP%!8z7#dMs#8tJ%?T+0!YOTKF|BZ-37zoU@K=v8uDk(Yol(1VN-uqn8bKj$Sx*W;i~+2(RUUwK z#=7F=>#A{z!5pJ3r4T_bpgGLyRVkyI!Kp4M)z_}t?dl*a4v-EiR3wpv|1R)Y-gbv4~( z^Nh_nRq}b#LP-BDfwlD*LVe8C7@cXLY2*E^J=MzR8|JT^x(;)`Z*o`b*1yEXa~24@8eu9*20fRr9BZ%<5j<_TZaJ^6I(Sra7Y5nR()apKH7c#?H znsk7o>7)XAg9f3TAqOQPRYvPdC0j%d3j&o?O*xN-oPnskf)8Vm04~o7Io`&BKF637 z8+8-T>%wo}5Qk3a-ptV*IKwQQ9L9#5O#7be%vgE>X0wFeH?UDd3**X{9HOFLZ5`ckx-I>7gDJ1g3ZtbepE+*ky75z zF@=`MUXPVqmG6->cRxr8oL1~uo-tBfxRsJ6pGdFGue)_$R$U_DedGlW{R}q3DGcp* z^HoSQp@<9sdoKS*8(#tC72n16`${P|i+j}V3Z!{_l)kP&Gst)8iyX8HC6xlkH@Z14 zE#M29woW4vX|pd2-1qj+*YB50fH`~%*Bp_02D$3IQDJXD`>e=ZWbYZig`?z;wJC_QB*CM-}!?$PB|DJ|VS8oY-Z-e1{c_ zcf8VbD0nOY2^t52BxR7vR8OYLg$}FzU4`=#{a-EUDpc~Hr z5TEaVh)>sUwFp#71^xtq>^|QH_=7uO)UfErV+-VS4r-XY#wLJfB(k8t-)?=`4x7fO z!s6xXD*o_Dd!%}+qI_2Ux{5yS#Suhj1tnrhEdl-h{&=s?2xPhcL|FaMY-Rq<(Z26> zB)uN6C)~)oGxE;bWRlbqk8a}?mnDZKTunG`m_qB2cvX=evv^+XI4=7!T)lD6bU7On z-%eFL+_Yhqgm!P3v4#7+J9R1|QdGLB!j%>xK02i|_W3a)?;Kvk14?7(doD0dqizBXgqhzWSYu7^0 zs883KHH~)jvd1{W71G@t?WZ+OnKLuVqb=vK#pe9f_e+&--euM}lX@R|#>;=oCEJNI-)wg8q82(4UDy29l>8~=*$ySQ!Y zcszP+lhfWXCg-vIv1rGVY{r+GU4gcSJ;L zYvLwiDa84?hEj`=_9imX6|X|6r*0Aybz#R0^DBZ zX26J+&7qwl$6(?CODDx#Bz@ZV6xdvJb9s6=s9a~Lk_en_1IU0_0&G{L096>AA-~%U zG}@bc+&x(R5^`ccVkO+QN;G||iv z`p9M8_gtw#1z*Q#u)b)rGQQf?4TyMk%C(iEtq(f$Jy5*%-&H}VN+Q2zt!_Z$^v zm(`_2+Qj#hj^*zX2HDSaJzeKO7;OlA^ACI&qfQ2BqI!nBKE*2c7I`*V!s?Ss=BG2- zLrva>C>)FVHh113{9+_8oDtRb)iF|{(9b}GRo-VVA^ z8hs#!%bSk!g(MEH74#n#nbOg4xX!8T<$t$HR(`jBHwB*8X%IcQA@w;Tffk9?#pl~< z0=~8d^4xJJkO2Al#DJhjG_^`X%8V*Jkg(&va{VZoOS;~ayr4ovp^l0n@l4x9j4HGQK4Cc_eo1%O8u6M=!ycjoiM25y?^1?#$_66)$oR|50XGGu7 zX&@3{0fI19u(RQNOs53jmFrvB&6HNI`pmRTH($=OQ6cB;nQ!($l9pfsp~Q&ao`Lm- zJ<-7DZ-=dtj*|)+$1kRLZtll;yFK4;F29t}z36|eF%?(k&v5c@w^A4aLlMXTMRUQt z^^+11A`I&FyiJECxu}QYyNe>=9b`5=54Sf_-evbp%HSDUg*b?pmeb^tMpAV+TSwnVO+!OZlGVgBR@m*D>pW~1nD?%%Nh&nn~G3oxespCE# zd*kXfOP*E0aPo=IT7{)tOIWFxLd%nQMVF>Fzu)?U^JQxn?#V94qCr|ojC*XG6%rAv zc(?6>H|ftE!$RwZV-oZBK*vI<63ido@(u5Si+KKv&Uq@|$UJ<+Zi4ksMHDUj?HEBPpARIpjuPj6~bMGyl=gu21qC!*&5=Sr4NI4APf4 zg>3i`$-Z-n1KXWkjU0~EXD?we$0cN`Y`Cq+=HNzn@kc%%Stg|fAs*#I{#zghjDDmi zpCASZy&Vpp8Y*bE8x6m_0CzY~3`))*mzMO``r6IftFXT~|D{ujHJoDNv}cV>pFmM( zZJ>m@^w2aC`-3U!oMuas!3i{5p%0g=3;C31#d@1)?*%k$+988MKV=lSl{?O2agUYb zwX=;1W{yLH$sD{3|J#_h_Gr4o&xf+WU0-{KPet%YpYmd>8CKx7&V=O?{Dh^_g6|8- zMCMl)_O8KP5u-$}x+8Hw* znNT8%#uoyn8Iw#wYEP+*K=w#5gu?oOU=yH(7+mx*+z~{dj!DZZWMfP^qj)q+z!cD< zCE!b9kXBU6AiWCq4HCmkFWm+E2_?M5vXqmY4+s0gIaIQ$(#b5IMXWT*PB~AQr5l2< zmX`TlLoasBVv(jccEAyL1FjwSAY=m~U0ov}wREa)K!G#0_@cgp#N+aXmsIT{`C=J? z-8K0_$;*atgUIDa`hFnf#K1em0L@bn6KsH(H}r|GfC6mY8qg!8&$t59#8>Vg^UuPo zg&gO}5j=ya*T%(*r*=z78zv{AJpGZubl~eI456Aa0Tli?{YZD7SvAA3+jE?G5BO_W zO=4rurqM?x&USl;?Y$J`^ z;a@==w0v;|b6AJu@@KyQ<*|&$(gwGjWaRzmEmg^K+dA`k2}+RK#45J`v_j!kw1J0q z2~(#6n)3zvG7Cjwhw8r^hWQ&IH&-@mQ^Ub+NbPseN5Glf7`v>-7H|rjK~a&F@`95*6JLJauJnPtjDCy=eKFnW{sZmzCL?Kv$hh=Rj!yS)v*j|C z%prYzKHmI4^;1gHi^)6a9hglX?LRWnTSQx>&T4vM^wH%m2oU*kKt&e51R}wkjlU5P zV5b~27dB#TkGv+(=PVXn`&ed}d z=cAzo-#t7G+tg{t2_3QXEV6lYv)>{Am5*-0Jf`y}TPgq`P9*y8blu{K(|D6 zZ5?aukKyjm<~k~i(Ggvi=|S*1ElmUI9kind04a=?JmRu4y_#Z8nblJ-&()^4)59q} zeY=~^*Tb`E>%u}uruPimv#7+4b-NeOK8wX}Q_js2ms90=sj|WrdzfE56dO+au2rX; z%+%N(T=X*RTUAR&lXEOviyd(R$iJw`l0M&y&R)bdT*8}VuCz-Tif!6RzGQ|glZsS5 zG#Tyn%bfGQN(E)nm-m{hRZID60I`D7y4r7ug0E9BE?mPI>?|ieLA8Kg3GW6C(Bb7T|PQ2MH!^p-Mvh z$J1x}1wY8WuwHI8Z3Cw82l^S0wth9yIm|qqt9K2rxs#0aGlNt26IZN`#W4C)IC{Z& z;vnt$?5i~hd!^r<(wLJs&7KK$qN1c2tt?_j< z<56maPYwoD0Es~D1mtHBDk2>Bw}9FhBz`p}*o%j}-RuXn? z0(S;M4I416>}te3{06Nb(Y+x`gjr?ZjN-Q_cVFJ!D<(9#P{*8hTx1B}s1M?e_OFZ703z!c0h zY70_2dcT+0E0@e%yuYA)6;atGzit!IyjniYg#&*f>DP-pYaCR~ziIorkU ziBXdnWyy5y#QKVP?TXO|J35a*00U%)GJ1k*2^7i%42+GhpOi9E?&;1_Ly}?o{E`-h z$_ZuHyJ*fQz%B;1k(a--V$@&5rs=+2!#BYM#x=*&5rZ;0F24 z%vH@U&yUAu`s`1Sz(2ypPt(7`#jxG!$9Mt=h94;o8NrN*^4UNVh=bxdLeQg3E*znk z_M%oam`!Z(q{DFVs z&q|qFdqnQ=qv_)8!}?F)e+5%#4o*KZ0Wf8V_~lbT^^c2b6J^5jpOL^uc#?AxfQKnE3eR%z^u&4i8qL7vQ)^>xLcS;GblxjG zm2(=}bTnGlso7#f$CgvYSkggz3m^x2JCOrkckY&SvL49=wX*hAHk8>{ML9F}U|sTm z`0N1K0VIHq=Jbz_=JX#rnptY25A9cL^DlxJe|0oWI(UrT8r9{0bTn1~9S!*(9nDjS z^um|=<_`>;PSgNr0}~%uajkm}^-K&W`BHTfE4Nw~Tnl=a7ifD~Czx<0Ee@;ABfstj zGo`&ogLB+WhC_j~BxdXvSjxcT#`Z0v?vts)%y)Aay38`BO)~l_R_>qUXIAa?xR<&w z`|A_34;Cvwl}(0L=ryHxl3Lx3r2=fj?P^*uX<4c-YiL=s7A?bH<;r}9$fP_(LH z`11TUcR6Y&C0LKS^aya$M!U>(T%m^T3G)V}Vl%C;mpBXTc@>Gb-|-V;qodSq7*-?r z8OWA|EO6afztPmaIvs8;WNw7x#tNdAPmuM|wVYJTaH@sRs^EMaPKdrdm}$tI|2| zOc?_5I3_VtsIC-{kT;kDS|EWyEF`52lGNN#^@)PY^%cKp{L*P_))4xu3+!qZC&K9k zXHwIm2?4g%IJ5|`IFJMZ7{3&TnEyA3)XjC*IugnqjwMEliQF=*U*%(!sMXB}1&$iR zlhY*)Xl@=_LnllRo?jBMnUC*j53Ss?#@?pZINo^GVT~&R;+gheOXkF~Kdih@46qbH zX2Af;oI!r*2q0LZao1QothgbSHT4mBfOy6MAfBPVfUJ%Up}06yz@7Y2{fFTwx4M1s zz1l9t!3Avm6N&v*MW5dn2$#3xurA_Gm;auGdK(_d8jG6nh| z7s?7M{k_H7A+2Oz5Sw@O$irXsgeCm2ecq9LTGf*hCrCQ0f7Uo5PO#O=wNpwMt(u+? z&mlS%_&Yu&78ifot;W{|LKHL8~dJuIc92Z|ycQ?i9s_Z99j_Ynyw_tL)D;F!1(>+%z<% zJTBlO+DS<~GK%><@SCb)`3ycia?d0m2j_1d+BNL74&Ax9;<>cTCxcPG`MV`c1@POj zz`o2qGaWn4x+Mz7xawd5q042!=4RhoP^H_6^m`YakvI!!$Ucsq2e78!W+y-8YY}~$ z;f=H+ajcf~jVb(_8Nt7QHKdO~Vv#m!C~zx%oMM%A>q?utO&m~aQ?HA65x`QGLwIS9=&(*|c%hs< z32r11;pxnu#jK$3r1@@_spYc8Ti=>&(yU85C)C3~r0_i=Tts6|KX0lkj)%j8_ayZ- z&b6ho8f&n>MDufcKILARc0{kXp86xc>XWRfijMLJUYnoea-z2-Bn?J z#io*QIM2d*oFm6g`@)T~5%L!saeqONG(=**IR5cijNge*BL1{C;Tt5q$+zvUSnRtE zddLl5Qtf&6xPUxUivhY~hYz~S;;n;qu)Nn@})`O+3}J>B`j9K+?MFdM&??e7`Qa=U%sCoecza zx_4PCAT*)*pjuDe^f-}5CmRr3UV_9(VXs8%B8C#dt~D8)Z%Yh0&E4RuHqQ6!=CRW3 zBU7{me|4@17e1LcQ;2!CQZ;h%cYsjw#kYs%>Mlu>ZBzE7SPQ!#7TDg<+(cX(u$_Z5 zG3I3K2rUzM!KYP>Wt>sm6w{IjUDq8bciXg>?^KZbO545X0-kVMHIPEWnj^LJI2a7jp~u1e z`U!jcx8j4j9`9h(xdRN9GC@Avnv<)-spP_#Zlll39%rRMJ2a4!&b|H}yO88TT$$?Z=d4dRp9!e(fEtLnq zH=N|O;P28mTLONh5ib974W@12mb3|YYN1NSjigId_o!Wh%3g~ zo>+jFIWlXcylx=d1Dq)~QJ-LySz!O5;#yb@_dEXGq{Efran`5i420AYr03Ex5BYYO znOmLgGWseI8@!S$laLF1!#c}q-feSKm9 z5*C3kU5McwJrROSkLS{vR>ERQ+qkl{)jB+%uYYcb*z+oG^5oW|r~4%_8;DKyY&QbL zfwl}{XYC@fY%FKav;uk4utXMA`pqJHdS@WlX0;kB-E~D(_HHs^<2;_ELKuW|!qMj? zY{&YJ<&{t!A8!n_Y4~Q96IDnJ`Z#`GHhPI0J*Li4;P9|mXiOM0Oh%-T(cU=}s`4yc z$$6^b0;oY0;gu9kd2HbzBM$O=`|uconvPc5Uwtm2%;z(W1(Ml{T^7Q9hTTaZ5-&Os zky2cf1wBJEYjc?Jzo+^>+^!N$qE?@se7VX4uC|0ixY_}(4m<>^X5LO(IRc``yyDRL z-3Zxnq2iheT+KDb)^m#B`d)qIE=XgTh^M;=ERz%+(sQeks;5BLhNj!%U45|=QjW&V0ReHh3Ug9Y>`?cIAW}3W<)(9msoW!kF6q}F zgOyJHWW_m7(qm;o8Yt<6On6{bC!lfahg@1Dj;ZK*D?kEmInrZKMcNa}NOB}@c|Ol? z)zKWbkTfn(^uH1Id0Z$STLs;garY2y2wk`|s6Jr`nq#1^(ItVl5CK^rF)fY4I4ljx zHP6sDCIWO(&U>-286LwUK=!^W*2OZhys-9nST}7wts(1piS~2Oq><#qTX=gQhj{iT zK&?^37G_(3hfwVO9KN)2`mVchp3BB|a}R@0a_?=T*+=N=-J$H+ApPy;^nkYMy?nDhRMeb4Kg;P-F_!MC9p&oj@-+2kQH z+n#w))0+5MBF8)L+`a4U1JC|B9NE}`X6v!!$$KzAo#W$A}QIPO@4Nn$;(=#Q^iRy{J zKiIWu;PpiCy760d5`i67K!83OEs4byjlA+@9e=We_BW4A;C&iKc1qxfg5I}V zrX8I+X)Twpc+yUoa=d^QIKPYQxbDh>yN_J)wdMJRaP3zE*e^JnOkJkRqD?w zCt9K_HoYd*uH0(;>q2<{^DW$8ec!*C!}>oTg}>sLf8$Z0{Z|a~f0=6kC>F->mq-5p zhvDCG6Xzk=q16wF;7$?zvqYw&sgact{ongP_HAkt5!kG#-RLj8a1JhS%)2p&4vOob?J#XjZIwns*K;`JFrneNZIcdC<+Qw1Z=nyXZb+kJMUtkNg9svXUL<@F;~(K zEKoqS=$GRU9<#jNFOQEa4|)qd7@VRR&;v|Jx*;^&0C{mDKLpg zk=O0eRROi4ygydJ9koT+1`&qIceqYk;u7m`_v~)PKadcC~b8rN4 zH&CxqqKdMQ6x-o|4(C6Q8VQW7aVYuGhOROSiQ0usIo}g{16qiMjf};arMwWM8tQ9* zh%plldmFhjLfA#F6+%S#n}4YCC`O~pHMavTua1v}oOM3Ca9u%{tI~`e53drOd+HHu zqtP2a#~z#26agz>P(2$WX9h|+&7Q%D#lo+-|A5bIF0Xy-Y^fZAr?|T-=ecZ z^{(lvPcL@m8>B?~2ioRkqlcGbH$>sYAX=B&@k3{k-%?I!ykT2V)l-yvjruv(cRj}; z7@OD48a0hx#vknHTBV*u5&EoJ@;*8^Sa-? z{jMHsZQgg5Lq6Eoe!rXG<@G#%1LT%e9wnyColN9APP>iJ2cY$I!YZDd8fM$uC#ND|=tWDdC#lf6O zgg%eOc&n>H0`tLcT4_JO!)PqM+%-Uf_5hVnmym*I)E03F)2B8-o#V1c9~l<8(fuVF z{3{4dHst4blW&6p%ZAohLHv(c1(@w?k4Ho-ahma^@U0OTW5lnPSV9z8YU~LlqXyNX zlz|lX52+3Dx(5jIURR(JFdJU!x_ukfTWie(@GGD~+^G(0$vxxiF|Zu`%S9by2E+r- z?6o4IHh5UMoe_Y_Fs6~U4yWPpQ^vs)jI%1l!&IEh#_8q5kxC1)HNNWNUs=(Hko5x3 zfDzPyvpWYwcGPl6L^{N7?@KYigR-6ITXf9M%!?HUmP=cZ+X?m$zQ8nIhz>(hFQ7lT zYT5Sr*whX29b9k@Z#O6V^?wXDu?x-rB!K-X2&NQFyWt=D`$I~|ikz0Ec~p8_I=wZw zL;kLx#LWu4LH_j#zxd%=v=_l}Q_V)JX;6H?9NkRZl9E^R}X zd7ALFri{t9K(yo9Zz*qnLr271Oew_$#z6g24%Ep=Xo~E+8l`5s?t^PQ?Be`|lM`nY zu-Ngz+&A?o!CJDp84;8hG6)LjyIm>Y{cQtc@u+zVZ>TS`+KMA0&FI>V)wDJ2xN&8%N$h_c#}5bT zfrShmTv5KZWwy@e6id}g=dZjVb}5S+60=VCpRtqI9G>u$VCJd~W%lsOOh=mJ$d*V2 znf`QKkJH3@(fU3X3A-XnB%${r-}doSY#diYKlHu>+ce&;d@;>DDx0F!d4H}x<70#q zQhXKjnYJ%Z+>-JG?&;Fv-6#)r>o_fDvlBzpMJ6V$fafc3h^q4LctQA9FN;3b{OIm^3h&)P)i@QUs%hMY zKxd)%4$-Yn?HzE5STp`EVzpe=>=C8VzKNUM;a#m{4jH9gx&@W?uE%?&asC^0iG5MG zTH{N{V2+ackAR##W~y-SaxHWBM)f5NXARKmS6wp;)#nozBkhUPo$mj#-GBkue_n(@ zaWzJ=)c|SAp9@f1>u+IbD?*qQbWvu0E(Hv&!_|1Kc?@W+kdv8Il%w?k2xU!`SfrO=s)d0 zpBosh-2gPuwqj}yfOH;&KNs+LQ*Hnd(3gI3A^sn(z~`A7&ZMPC!qw((6!*JLV~REI zhGkf(dz39!kFqg^M$vLd3ZbG`5(KyFjcvEW0ySZRK&ho|8&AZ*$OQi$e|}ETToo3p zPPDJ@r(5{)ue>%ocoPS^kNXcVQ!xQOliAH7KF`J7>mQ!ar}&?4*HgEuqP`$Ac3AN+ z0=`iF*E%-MLxkX+CgxbL!a_p7kHi!SIApXGR)(*x0>?!n_$_Lv)4JcUFE3YLtKy?U zFqdbkVTe?;kl=_TNrnCPxQeb`qVvR*uJ0eNc1PoaK*ZfbZqmMjBlB`qes@$ztCAs$ z+c($G<(sFwVb2wcs1M(9060-XU(dAoX;8(+VUZ6-VL>|^0TsE)$07IFnw?UDMXRH= z_$g4uCU-MVJA()X5RoFiwXe6TKcAvc_}Du0H`NZQP(z7*m#yjbLJ7u+E@Ni&Ll*{k z>GRxLI(eR#%%i8sP+>@ZgL4P!317c}4pb0@t0u|oz|E)+*ptP{5g^$-zn?ZAuIdfT zbTjwssf|+PveX zis_n@X6qt9T9z^v%T7}oqbmTHGBH!gUc&F~@|5*fmGHAKfGXX5y#Sk=a5Oe1&(iJj z(*iG%zvCmt|HC1{BihPC6xs+qE<=W3b%Baa;FA7S2=1q0uQc=I*1=?RdT6nWR*%Wu z=n?`EdlFy6j;WJG>lVxo8-rMDDQyPAk_WVLgPbz@h#6QOc&0tw1T!^EK_sux{GNjl z7Lw$csBDcQhrc|M{F-zA0G4@zB9ss;8yKI1HMxBM$y~sU805k#>ufM$`#E?XICh!m z#rjbeqsm9<>2{E(MgFK5*=iHl4ed6dSF4uFt|?ANPJigAK|KU+g`tdmY4vUlzZ-X_ zJp>gQWPLXSt*EJ@9IEe7e#|aWj46WFw48WzZB?0|G3ta9GP;@yE=8DjDwPORscFne z(r=!nNW*T0w~RdgMtN(o2KRT#YBQn8lxP#GShd?wXt0(Rkov1c(D%IjnNUNaR=Rxp zi(d$@rY(5R3OHuruHgtG$3Gs+UGKqh(KBAWo2B&;bwc&!-%|~a>8Z=TYCA8l&m}Ps2AiFhB z(C*%Ly>kL(Pc>(*h!7MS>>#2s-IOem3hZYdYd*(HKIWzc$2pfQs3b1dS%K-he~`nE zt73&3+^vx-a7#9Sr2k)cK^S3*u8J*FzOut(2%r4lVcuTkT@Ut#9^m zOZQCJtgDc;>t8QD_Z;yTpJJJoTK4D)uJZ&l3&Z2aE}F=kbYVRJR~PNSYAM9^DN2bZ z5?iaTfF}}@yqjj(o`UbmM+PB{D_DXd0*g&gc%ZU4hMJv40g@9JWVFHs7DA@AK$&T$ z`7}qiYo+b@=Q?e+SviTRfVr2KdEh z0&b%{^JBzvwKh%~XA>icD2j(1;*7u*u(|EGMc5#38^C&aJ}Y{?Czku%ZjBm6%Spj! zk-3j59H6%w6FYW$2b~WmI{p1AW+e>7{pOX!XY!LZFJEsYYq^8@oc##i9Xpv7XendU zek)neF0O(9)XDJmHY(>1ALhkFZ7!;e+y_%&?AYn&y1=WiGIf8%Lvem{a4h9$5-9`p zpm5vADge1zk@&sI!Jcn?hnt0}Eew`~E`UJIgCuC=+wL@g%F%KZ+-lO3v##5$BdAH_ zbLW1?nOh%k4E8lXZg#>*JSEV$(UBl1?4zb3x8E-tw2J8>=bbk{-j`2*o3+=E&3P_W}=GJT{_~} zS>rkB4+#gO7kMxy1kJUvh>2$;;Z~p&B(dYSfEmGc{bDPg@cFwN0o{K4&+i~{687oj zK;-eCH>FGBxnV@K2~K<2WmeLGFOpP!`Bf{=Aq+atoMTs`=d>H77t_sf*1K&52N@JU)s_-MiN3_t(#Xr&mNuf?JF7kKCmwVL^1VsyMT-W`YNi%04LlEA zYZa$JIO1-=G4O`BTzX|tZN`0<>WZhJE2o%TdBFP;b7*i zPvV$(9~HweCuadGs~v^6Cf!u&KN9E{zE z3e!(YXP^$DWXSRE4Rm*FR$Ejj-Af_u$p3kaI#|Y8e!u>l%?Fh_5#<&)^swIPk+Jsm zg7U&+4xA`qxn2CYGYh53QT(x-efu%-a4SGgv$kb2_;v`H!sklGd<)qDv2vy!=W984 z(KUXfbF|E%1Ka;%@2#Vve!l;4KvY0bKtTb8rIp-X7HLpQMd|L4?rtzZNht{drKD53 zMGz?gkp>YE>5{JREU2&d`+VNN^Zx4>=XXAP=iK`Z#_xpAH}HjKMdEUsQIY{wM1^Iz%zUAU6TBA9kaULc4_7U)-$ts z&$WzRT;ThimJ83-bC;d#nv>Gcr8ceJF*xLJtI!v7dJGX9Upb?q_NhaES_9{WNdzQ&Fi3w=m$ynX-DKnaIIf)l!!6^l>1;W zvsHVmd!jSpdSR-&Rbh1pZ<_x$@$@gFv80@d20Ox)`_xAh6SPm5+i3U(AS8y+ZwRAh zlIc78(z%Uyuj%XMmCZS>|rnqoxquWtX z5#p>jLhtTB#41dImoVlzE$Y^PU!d={+H6C|`~I@mPxmf)moPJWN4iff2R!(|NHEJt z%17Q@(Mh=avGh6zCkufNp3QF9m1iU}EVo_LgCtpeZ8WySYWBxNyb|B$~1G8U1Lz(A0gMvqQ1zkhDP!d<7xABKsQoWCsP&+ELBmn>;T^}K+l^>k^phf3`ukr2F#W>XY3 zx^ENIHqH&gcQr4hGxN8qQ^-+$lnLp*nU$kh*8L`6dR&|<+8~E;bSE0yd&&2g6TPif z$0>HQo}nj;TD-xzRjJ|Vp%2=H>o&f>?DQ2Ogjx!WnbpReuhn{0M|&q>oPYO#;k5XU6T8C_twugRpTRwDz+P+1VcJk~* zQgiF=4p<{~TGtRX$okHZcA8G+y;)iYZz_t@X`7U7t0lTb83dhK#k!B^>Fv-JoCjR%@&V3 z<{FTqJTFOKzB$A3*jB(fh}`VShrG$B31bX_L0M|@kn0XJuym2)0&EvK{m2}#;b|td zMYc=N#MDEEsR_({lf(LM>EFVarQsIwt#cx{MG*cyB;k>CY+ z83@l4<_}C11QDe)*3T+8ejK8Rkms6OShA`4lHBLzua0$yD|0Oz9MqNCw|y5P4#WHZ z^*^7G`XhY*zS?*_YVHl(W?%Z&J&8OqUBCOXrwIQ!;dravq;E}uhll(7PbVBm9(yMf z0q_TL0#~)bkE{tY!FXUy5NA_EhlhepC@2r~_{9WyXk=>g(Ba=mPNqiAV%9E#On-Vo z{x<$HLjJaxAmDp)t?UJv9y&PK@bmIIJA*GVMetbLnef8F9K1k?-(C1!EKIG;|5Ha8 z7K`OQewPViYADDA9!we8=>U1Hf%wK2*3N**)X>n#ib+VoM$h3P1oVO2gi{Rsdp%LJXV=4v-gJB^^G!F)agrNX8mIsQ( zAh0k962pVUO$f%p@*r^n!XS4bNYuYjQ71BrLy$-wECL3@z;OH+6bcUKgCNj6C^!rQ zMMGe49ykid2Sq~QU>+zMivW_tdH7&Z^sz)R3=bTNg!3UF;KU1of`JYYurMee7#;$L z@xU=~Gzfe=`{$4+e2;00a>JkIDWa!g%;F#}fQ22?je>(my094;Dv)0yzN@g@N;-A#fBA z2Iv3{)B=!>!NOrc!Js3s2$T;3L-D}*j#+?G_)bu92S-Kxr2_7gAz^$#ZNOLOcQ0H*)L4P?ilp$G)f0-%By66lBzXLJM_026ou9}EctAVKpWaTYm-Kk^SZ z4p5+t1saC)z)%<@7U%^41%MhiBjAC;0JM&2fEjQD82vR5t|yLqjHBOn{5KjOPF}Ev zfBJ!0&_HQ?kpF@tzydvC2I|3y2&TRRaEm#y2?F(pD2_t}@ErtjT|h;n;b;t4Hv-rU z&IdoHL9s9dA8=gcUv4Cj0t|@+5Cgh`;_P$02B1k?3!v=}4XhSN0yI7VUeJKyY;(+w z11M-CfW}b(1waZo28awnAaL#qhJxU{0GJk71W1NG(K&ec7?rqS2Amxy8V0+pkhQdI|0k}C90=$dl`6qlpdC(YuK?IJ923Ub1AxJn60tsRk^0+4) zg8)GTgqeT1f4epaNjM!GTLL%F2||xU5(f2`dLl6hUcVzP==qxm(2n&2^b2UXe#c=B z;04DGwDF&*P@p56EVz(}2I1|v4G{GY6$wT-9t}|c`VA8CFZSSr9?t+qfCHT#w{f=l zOT}sJ5A_(Gza@hr|4@O0|CJYo1Wa;X@;UZ{o0pgrk8E1DzfRSPTwX zxYhj8GzJ$Ffvx_X3ZfrwRvh(2H^-!1+{X4>MDp)Cqg-|pSL>Vvw5`zV9 z06_vR3MR|v3wvYfzGh0UR7hCO97w4!99KDBuRT9Ki=rbh1jsiIy?IM!>&u zksHVJ7egQp@SR{2aAQtZ4l>A}5(MO*6AlnDa9#j~f*b(k#lqoO42WZ>^*~3&vAnp&9EZB!VdD4XIHx#CAULJ{c3&tD;&)&IRmO=! z;GlOB)Ig8{s)B*i0;CrJT|O)d1(b&4K_QW#wgAuq5fda)T-|fBY#i+*-2+vD1aab~ zfciVRgEV(sr<3kYG#z_`lTOrq%1JXiL?Ol#|>OC`CB{uLj*uPSv{EJw>9BB zAUfbg1>*gVg#c$fXap7s$_m^{5CB~ut>FxV0QC^?3KS>oPvx1u7 z*yV7F`BRbol@8$Hq#wwZzk7lC|FEL}62ZtP`uS^ye=;A?-EV>aB}{`l=r<8Wh7*P2 zO1R$(!nxW>a=>{$Zn|T$o%93CKEV+X__uvJHS4_D-T@7 z48vlupo+i&0||u1fRzEC1^~nbIFL{HuyC+D`5zGYFQ7S2*vFv(=m&*U3oc!O5fQkM z48q@EDnLGNc(64AGXg3KcmxPHz+Rvy9|-Qi=vXMOSo=-GaYIiQjjNq-RGb1%g5rq* zj!Td~RN((`7z}p2L{JXHK#Bt%_S-*W!b6DS`PUm!7poyk8`ToLj+ z0so!nUuYmqpGb6^g8qcf-_jo^Wxx;S$EAzE>%`521$_Yq{_5jD=~EqSCV~9F*NKZC zCpbKo|DU=30~HtFj$bD>`J<`7)c;~!T+RJE!~krbR3*SUL9pUOp+UWmLoC>Sf;>cc^&5gkJ^!9C}1XAJ;f&2H#$e*SBrCXYU z54%~Ig8#q~%Advk+2dMSTN&XtxVS?Op?^Q2Az2V&LJHyG;r{;92@UK&-$B6_0rx>f zj_;s!gr#MH1EBve+(E$?`R5J_PC`69fzE8)?^FM$J1BzEzwe-EoprhTVepXUm0O`< zMeFHa_m-Dd2G8!oJ`fTSKe{hQ6!u74e3=+uY(@_MMc5g_7h#{D!)go^?qbR@gLC}v zj@%_beq0-kuBxdS9d=HX3|(?EF{$-5SssnuQ6DpzOy49rM*$&_fcOzjNvmS=^T7)QfF6F!hw#ea>zUw-_)H=MQwR~l01-n92>9WHpRSXjYZ%@RDLFn9xf-FA zPxv*rF+RY7KU|1KZ2&Y4+VO9yz*%5lP?!`<@T7({{~NT&Rgxq%SXvv?wf`yg4_! z^mXvte9uakWZK4bnS|Rmj{_+^=MO>xmU{9F2CYsSF9)@E604-Vq;1umdn#-KkpkN< zkwW{C4zr};k52~vcpHn>f2(+BRDok7-{uQZSK9LI!iyg>+TqP-9hJ9-?sN^C_)9>f z00RAyw9D!o7ja|sOE0VLn>-GcneD(M^GLkB#->hmYXQK5K2)|w)%G7Q>X z+p!O3{Tg|=Ow+5`CmO+u_6T6V>s;27wv%}|=uE}IXsCc`L@+si9q_2#V3)c>l71S4 zNE&6d`$5*t!-3JSJRM!NT){`K@w=_QHng{1~Vm= zo4e0PDssjaTJ%c$U+>xH$%^_$$_=%K>9v+~3-&_GynkgP1yM%zmuamdewb)ecc%%Sqgc6!PnoPy zqE}odYn=da(URSv?K@2U;_Gtppm~oEA<;eZFY+Y~L-LM4y=sa_*WhwZ3+jbENyl3}A{t;6At(|58Nc3aEVs2$aOn=UNtd2Nwh{vEK4<*oI#>4KLas9BOPw_t z*;M_c(GG3B)#iCuCKltm-257YO%e^`>bY3ImWvYuQk}S=uJm}k8jX}YWa}LJL8tb` z!8@zpcv<@0V7#7r@l37bQGPxB_2`y*&brj5i}?I8U(G)&la1`=vl9q1Z%!ExN+|<{ zu=!luv>{?$uINZSOpgDe!DJL)Ls)cXkzAX0#UeAVH1tyLaxgD~pscj^S2}UCZoAj7 zn?M@`_>|u;*J*)|2wpVlGLIJwt_)($ivhku>Xklxeb7uHvnhwXdEAVC>K4pbQs6>P4iwyKTUPDF#C!#4d{^sC|Kn!_aie4B2zh;W8nE z*VArVnj1gX9#U#{Y`t(~P<|e6V~)O!y6X9Z1>d;SIRCErd+&=Tyyp->`lt{1vr2C> z163MGcIg$aFku8&s~O)rk!42(%R>zdI*Hil+wY$$Gh1WleMUTzRon8Csx+Gyevaa2 zs0jEqmHdvxW}JId=38zezr#w(2MY!{uijLTDZAJ~S!PqRrS=VcCdM-SKWEG#$>Ti|Kvau!9-OkiwB*2RLNL^HO-wjO_c^9lr zb!7sbdFFCcjC?{3lF%2Pq7Rp{ej}n6(cyv*z8h!A}k%6Z|7+G|N)4GLZT zL9#jwK21>|_g<$E!E1Jrsn1uu-rq_jTtnJ!>K11_h|zj!Un7dix;j>>Q+gEqBx9r;->xwCh#V*MEH%?o1)2K*255dSf zP!I{?hg8q=-;hR>R2L2^TqKz)S?M#*my3NpG+RV`Gc~7uWp8y+DY4qDTD|DC0Kjxd zj!k~arr5B9xxt~W$sQTQ-Z^q0Vg0)#ZwTvmsO=_wKc9PL)5gtC?bT?yc)=PH96s|% zK2LtrzLX;1x^}wQWI(8GX2Hfxl8E=>HYCQXs=|CibV_H*>FxZyizxV-RyP98t&OMG zLT@K^(0kZwq-T>QgxYQ@-#{on*Wml4VRRVY_k-_b-HQI%%X49#UMUFDeMq4}4 zNUMxpkCreZ&f>ZpN#A=ynTy+uRfFdaJ@!tGjIqtnkQ0PM>MaHrsJ?vtbvpuo!lI~l zCiL$9^L%%zOO+1Gngs(T)>~pf_ZpZvuLh7mi)ISmU2rr#T2UxY^LhByi$gBRow;#` z*(TdRH(W@dy4Jh&@_9nLM7)_Km)eq=jYR8|a8sk(px$8XRqsvdlJ?k)%Vd8=sp~EB z46QELdjDM~ZKrU0sf%{B1&7?TuR0pHj~1!hh8gkI8za`)YiyfIp?7M-7$RxR^3OPz z6a|iPA}Zt671wu*9`KiB4Zr&NqQ8xRNh_o-ekr=R-G1 zUdJ|5R#?m|3J`0C>B#34w-f)!mt~$pn(CgpqPdqR&^jgFP%8cykNESn4GmEKbN=DB zAo%2a?OT2?#L=FrqU8Zs{e>SD`!&;AxqQ&D`X0DOIJ7MKbkX`SXpJzDy)vik*-T)Y ziBF&XS&&Zr3m?H##1L<22tG!_-#?Vg$d@*&{X98=l#GyiarYd7S^h;AHK&x_rL0%XAQw=A zT!4oRUw8hQmf>F1^*B8kK6y*Y_-!t|Soxl*hv2ub@GZyWHN&!1etYGuTCM5_iMn;< z20b-Jg_wMqA4`w8B}u^$KKS`UODiR67@vKae z$&>YL`+T-Y_TURbW`}N3>@`E{Zyft&W{rDk;v@N|Zec^g&aIyOy>iE0*e6o5EFaIB z?S-yUP1?-LnokjXO0ITwmn=*2V9b7Zlj)`dhYJHQ)mINjg4~&o7yrOmVEqkp?oR$) zRFt;6aVkXqElM-`MBD>ut@YYbD zl55ZA?w$3rUop;7u^e(wblkOvI*Ra_zFh)c6;f+6pLTdsFH`(fNOT#8Yp@WsQmlNf z#JCCzh=a`-1<_To=6W*X(@X>s^}L{P^f!%gJm`BlHhBg3TqLZF*GN#b z*KC>Jyz1Qk?6nBkhdtAK780hjbf_g~{dIm*fGQ-|=o&tcZ?O>JC2(NjYXQpIcIvf- z7|_mP2JKz)`*=(ughe3cLNz`X>)_fUpgk`xf)9}Xks5e_1!I?2AZYXBvTx#&l{xvk zxcBp~TP?-l_#!n(*!(K3K{*myVhC2kx2I~$gc)+{urLJ zt2KUl@1kd1;l)H#QPEO~kJ)Og(v(s&*o(zdd)&C#cBn~85<|{|O-E{vU2}fn@RsqT z1nZ}eeZq2^)-vaaZwfh9s(vZ07d9LmrL{#x*GRTu!?9y5b^LZFxFmVwDvD{=vrBMo zhVp3pc`CTNtN(dIA#L;5WQ5cBN`8yctWp`9U{dbI0ykCnU16@OBaasUTfeX-6s@iV zCA+JvZg_4(L#$n5_L}zKJ>Dt$im=B+VXiJ-^aa z<2Zc%0)oggIqtkLey5f$@xuxA6t1od0)c|JvRNf86t$9xp;D{MP`XwIMHKn>zS_&A zbVWm3$sRYZSaGXZY=2G;sEoS`qpNs;O@G-U?Q^E=Gp8tjZCu^ZDd>u<#S|25`meh1 z&2EM4Jda3xANXdYzf_2JQR%faWI!F5Q7`D?4*U8S(f8SyuinOSZ zet{UL=NYq`w5}tZR?xcxijgk)IKMd#{D!l+d=15h&++sVSs~(bKJ~ei#n|W-D$DY` z>77IN$ztKh)uY+?8_YrgO3$nxnLEdI}eLm1(+3QPV8B{}zCw@{;ewhwU`zDms-W$AG zq}4pQN%H1Ke1X5EpfIQ6oy2c%tJZE@ywhMd2G_WI zKT3{;Prhg)-B9<*q#vL$u;A$JNcz>=i;=%Fk_SU1Os5&f|MX z^bE7N{FYXB=wXP#l}}D1%FocHWA^qVs&Q1==SSs8I9~09iZ>`6ych3X=#Fn&ca-ZP z%T&5MEQ$IRHReG7UD?hL4`yCm(a?ScZ>zNvlX9yGfc7@S$0b8$LCsW+Xd zlw>5bL0GW)?ncm;j{L0q--Vi#hN<=zDFUVqJBY`7X`BNM2G<5>z@>CnPI`8&#}XYeXK-G2cF2L(Z>D7>yR-CH*}bo4HHDsPW%kcmK(kn%5`A_X z?|iAD%2#&5122x=-Rj%xzS@>2Uu8bjR^>Z!&FP#u+E?Yy% zlEti*r7VeHJNHOCL42aug9S0miou_99I7D+Z-q9YnL=jjL(U30hRE-`&pqO!E@jO$ z1;q12>_00iF~k&SW_Q_c1f})8rlgjt8adVTSl;?4uUA~3k%zi!s;zA&d9s6(%y9g& zy4XY$kEPP7A?^2dNtzp|?x$}Yo23SqZnE)Hy)vj=xaKir3*R=}^As-UM(^(tYgouQ zR=rsY$!4iD4znC};J9R68y>WOz{`qGZ7z+SKH9oG?5S66IB!*Zry!vdoD}jzPt@`2 zaBTHkUWxBn`=rscyL%^I-Rzmew=wws&^n75*1_&6o@0Q9wp*`Va+~vb>)L*O1SkVJ zoYZE5HsNpFeeb(`8Fi~rWH1$8p9klXA1)uLM{8|)QyzVv_r0ILS|eeJkv!TkzA=bK zBw~~#uR@r;-Geyv&}t%;{ln#={Y~L~#+mw41$YZMAKE+>u zE3D0X?@nQ*GV%YRKgTe!KUw@0oI5C0tn% z9lr@RMM=1tx^7s`s+S;5Umdc8Z4Y5_^_z|6P2uVxlYO5`Wwg|uJ43#cKt|oqF@-+o z&8UffEy%6&f+Ta^dn%@0`cDGI`_c2_nF6}J^X1P;AYw*J-~g6_-U!&{VVt->g0 z5(9OlaT=WEH*ln$_E`PUFRN*3`1;GdW`Qcl=E#RUx*JzCEh9x;=Pp<#&Rz|rd#OM; zFgn0xRGFmrE_Jq>%PyC<&S($vOUWl#FYRz3_f4GcjlQ?CRf(G}<3`vW2Hvnwr?y_` zsk~wa$FxO3FGm=B(%F+@jQWqP`d;&pX?J6-Uq{{@YNb@s#2b0uCq>If2i;u!JTD(; zbT&VD2yriL2q70H_Egla3OU~Hr@#}L=k=gPL)+!OfWbZE5NKut{GH)QwBHEo+B(u9 zzU^oK>367I@GGECbUaHV7fW6-_nfhEnLr+{Kkz`NO|IvEp-C2zxwc(oAY7~%NWYl? zU7y`{tNo?AkiWG-(R}2Z6dX@m?=qDsuI9P#Y_uX5A~S@?)Z+2(2*!VL_MW=QH{zEh zig#k6D=TK>bVpl3T-|B6d8pd?lUc40>NBT|a*w*+Y)S2ZDn4(%{LxQ=7lC+NYv6g5 z?NBNtA>C?e>TX?HGUp_j?Y7|X)6R{|DCz}UyXiBus-*4_@nX(!efg-RWzo0PbB@$V zcd}J|<|m&%R^?q(B`CiUb`hPPo8R@KywY0V3A=)A&*$oA{domnFJ`GAID8x~=1PE1 zd$%I+FAH1}CJ#`hIdhUf|yJwk3NJk?g zkNl=}=pk7XGIj6eo^?!hW8>k|{_Ta*Q4}pvJ-$UjsH@2GyPP{K1|@MjLxIDaoqJFA z-NLq*r85t^Dd5{p%n=EWPFIG!_aW{>Hx=DAxlYe@>tU3Yxl?LxndsySZI4R)m5vMr;9FAK&LZ;PO2s*<{V4gy_`&Ov1#zxSrW*n&xMuM- z=G;J2{=s0OaeB=89h4wii#pLhIH02xZ$IxQI7+qXx4l8Lt}jrab9xPLRWD(r^W|=+ z>C6kG%7q%KArr5GqZQhus(BTeUIktvG5rq?v2ik@IWpy`G!=cMEqA|-NgVVYEm>z< zqFA#0SzXo=xn|zGDcBtoFMUvMniCvKhWi?ub%xU8`83F5yt6tmvRt$ycxM z{Lq#Yhq6+9pNGZt&@-v>aQ7c%e7LNYPy6VeZ1wIv^ud;?IKMfU(H_V4uR1NNGwUH( zg_w+_n{yPON_K?#`?<`oX@$L(QOy&d@bwhVNIML14|XaaKK0>6uaLhg?~JhzUWLIJ zQ?YFV*EQx4<}|(dQ+scf{L|IzLn_uSW6lrgN=62My*#e!X!=q}7p-K!FmWUBYJc$N zEfeh<9cXQ2AnnuWqSc8ErOBI$z2{l_E7>d2qXsV2bA6rGtb&vB>wLK$K{<^5FN z`x%An^F`7MW{ydMi;KptU-J-9iRBwBjG7lCk>|Q9Wz-Wru{*V~QJ=>X#Lc?Wj|9yx zF+ZLUkv3ocBI?X$JY5vOgm#K5@RE8bk`hAW62mk595Y(a)jC>oi@?D@I@A%C9AzdR zoda+woP0L-9fXgLlTGbWOGNhH|AO z((f1+9`MwyYpcB}V(+=1F~s9_mTXH{zo34q!L+ic;G%A)sqdaJUdoYeeA;WPj85g+ zxXsB&Y_tc%G}|=0m{E}!TmvY^=h`FyP)7`0KZgO;cMS=3@SDRwIt%uefvUI(( zs(Fl?i$(2fsAsJFBZCEHqXJqcS?9NubB9U4`{73k7&;ftZ-o&Uk=}ZNooZTx5s!W%2i=&%vlfu|oPEGsjC)+QH1!f1{9^NZ< z3|$ax`4sGH>AHH2W{N!M6wP44WBIrEju&&8k|pNU)$^D9bZA`3epGhFaElv08uqhB z+ej{mOkKTke|%Qx?oHy)&oh|CE$ef1+r1BUP1AkU8v4hvFjn4>*D(pk741vj8k~n~ zVO(`P^zV9Sm%RDHl3?}?UYh;SZckQHOEK;dpH7Pie3GMmj>z!2+KrJqKW$z6Se>-e zXft^x8IMsjIALgby)ZL$9QN|EEPJ&fT#&iro5+t;N<%8`mCetrim^*Ategc#jl)#d z>SbxukNZ2~yECmH7P={xRR4-*yj@JrDM0ivX?@fw=y|%zDNSTR`kBrHw&rNEqh0XF6A_iUW z1h%rwZ3?H%ynYx(oVpy2TzD2}Q#8&pndzs-jxJZj?aR*-V1-W+=5QYEGWhQJD2ckH zD;jh;n)BuCuxlqHMCbRLJP+P~$e9cCH2ihoEH&K_!AuuYec{3(JHenBWXr@ygqp6s zQc_V!@2qS>p=3YU*D4G>Lf@{Qqqv`A`z=Ae&j3vnOCCV^I);4k(PMDe;fOro3_eF9 zREnqHCrovYjT2h_*tnB}M5@T#_G+6Ri-Op7wy9DZ^#X_61u_?3i(_8u5n04U_nHpp zNP;5)J3=OLp8!969VITuT$#clQ$1^*>Fc#wROYdV&!j&qX8A%#T?pzo&bi8x=hfKc zK6pZSbB6a`+pV@aZPySYiEF+;$&*8nn!Wld^Qo$*jMz8_lKdM}SH0yj4Cw~?c^Wgy zYOu03S4vT@<90)C?t~85e4xwAeh}l_FZEF&O_l8aI?5;&79;h3xmS8TN1X7@BawUV zek`<7T$l+algmBTw=SkIf4W_HJF{RjUvN*tkuxq*>S}+>x7hByJjum?>p8MU5>&Tc zcJkadI*BUoMw>%j@F}D&`hKK$|LLbx3`mz0)+Hv=!)KB=WjX63p3(ZAh4aom@+)d+`l5*N6+&q=8>GYtGyZDfSJtGedPw=IKH1rl zu`B~^kDuzLVsq9<5z@UCs*`6*YZrxbDlXd@7Lgf77jp!PiK+E%%_qFlblRGZNjSA< z%M{ZWw3J?xEpRBzEjgLY$HuKwiWHlXaJh98c)qo2%>#IAGA!;f(q z&1%v#dCndjt{9mUDDt^UK&-p(<%yv(Nc3%A9Pyz!UKW|0>iT#QBGR&uZJF-L$JI_U zXH_-ALfrL5w;|PNI*B22r{xv5efqu#wQ2dzld}wcc(FR?kTrT7x8iR0=Uq~pvMj7Z zN6aivJqxCx`MBWiWOoX|KKVl0!v9O@#t)S+mX1^|GoGTA_H4s1f_2nYm@2jNM?dt{ z+!hzv*v;5Jh%Kp2@h-LL1wHJzW!6OY{-@XhezU_Sp{s%TS@s~F1nI$ql0}wsiPlmL zKGRSA{4Xo0hsf={Y{M^^uW_cHC6c%GbDb@X&%WiiTU|^mXp`BH3mC}+325Jj6M}QrK~r;+r)9L&e59iO<3;r-KniL;h6e^ z&kKtA&rY)+G)^`Abmp6F5tY1p-LXv5xLy5)^4k2P+ts4cHwXBd`(z18=%*S!DhCGB z>MdMf+DV%CmZt-g+l_RV|qJFFgqJi~)-e4^AZ^%%P^J+D1W)Hp{3!T$_4 zCGd$%W#Nczy0P?>Bd_epyH}FR#Uw(NuazcE-juYE=uUnodVPh8cU06w>O2W)hph8h zr|4bpEX8Y;b(0}yuKlRao4hTq3cDhwRqrEyreudb(S%Ooot(v^0b1LGTkt8rB$Cb9 zH`;62*$E_1g^TsqtU~5Ziu5}QpXPpY`H`9wH(58Is@^<*$uwGkUE{o`U*uwC zP3zj%Ey1iKX&>p^wc@=u#4ghH)4cALM_E1#a{YF%;}l&GL$N|dO&(@DGKF<~`nm4P z4dKY@7y9|PZ2Ppko9CrJd=b>rI^`@qbXNk{SvAmi`fc_;7-q;I369Nl6&du1}31<}}-F$X#Bo^P|6b=g7bz z#5tuD?fE&lBF~^%@7Ri|SyyZ@?v_P!{71|20L>6Z3frfdS4T=2p6s%S#6J*wyVoq4 z2ony{znlmeV8{Yj7+?y%`i)cW?`Am{GS(eAlb1F*(?oO#GB0h9m3AGDJlc_&-gU^! z6g+UbG47cW87E?Pish!W{{1BRv(%TVOs7`$`V%si5>8XUdy&*g@6;Bgf=W;?(f;BY z5QeuGRaX2V4+y-m7&bjPbZ`d$@ zGy11@Er&Qq`W-0ZM+mkv>VDvmjN6@-H$PHSQa5K>)Lxv*TedQd0{a*hnZAOmdbaXY z+BP;3=AN_M5y4Q?Bhv(*vofQ(F~ctyDpgmXdP~Kpn_M3?MzqmWFxGhFYoQoA_iC$M zxE`;rvJgY53Q)Io!3{at;XMY~*>Y}+YljydeLa~4A`4nLlHd>Y-Jg*u{*-cvjz4~%i}0(9 zD+^VrqPm{Ktn68~>+_8YoRzU{I3F-Cs!@^VQ6zm{`q0gO!LPmZpkbC^ne9@w!|hRf ze+?w5Z)j5se0*uzEF7O=Wu-G; zw89x7QZo#0KDf^9>!cUQeLBT18!IjsD0G$D{M%v{lYQF`ZXBOg#F#v^eQD&eCCo)g!JD zCk@|3!uDr6jbBt^&NS9j3W5uQt*_+Ygcm>W`*xY){z$Y@*$6Y|(XXyYF%2s&Q?FF2 z#>7Mtn$CMNmSpAIYm$AX5F_O!8No!748rECtD?+l(CwjFc*H6Cd{!mLmaTGt((sH7 z^CY}oR5_yNG%!TdZPJn~hp-Fe=Lw5CgZ9o|bv&YCQSu&6GW@{6P*8ovlvvk?)VVSF zQhWJjQ~E2Zkh{uIW_qV-wHw3d*~~GoCSUGwS8ThPdi`K+GY+G&{mGh<_DhUzz~;UJ zEomfT(7CdaRh+G3($cyee&fb#!KN{)_UmutSHzoYW3TPtUy#U+bzX>_v)gure8YF; z;#>8QUGq1#&42HC4(i{PEfLi*xtBzLlgvc`XTRv(z6xH2j8Oy31R; z!XH~a4rBY`+0ws`_$+G^*HmQX`()EvIpT6gn*A74toOp8S8c&nslXq`=D~mp+UYl|D z&8ru=n7*2qT3^07OLn|Ow||JrRO$FddBt50?0>8?RVZoRB5jyaJrB=gw^&p@QD7F? zvxf8bY-M?>q)|&cZ2XHqRej@NWPJ}sG8fMA&p||44LLQv=95w~GQ-3UJ`o7PP2FzNP?{ah)d^26_$%}yviFS zz4Pc=`<=n^l(aC3T5;l(>7D*mHL`fUPZKH)IrOUpZ76-d=FgT5@Uo2!wI28ZmCh;Z z`iEEZY^ST1ud}W=^^6Pzk`O~FI0T{}5QeS16|o#9CnMx>fHF2P7~d%vf6vga7Ivw1 zAl!7tcPHzm&uFw3{%pwp`+P-;&pZWc^XfUP-;viX_9J*5A`ULvkK_dhB|d${q)o(M z%+c7U+jRfN+uT{Q`YguRL5l|V&+AjpXp`HL-8vIfkatTK!4VzN3==BIY+AeWpdg%- zB+u)L99IL`k2YngjNSMayr5zko$cP!|63#IReLTb2bfJ{3q zhL`ZC#<{-;RJVQ_Nx9di%9m^C$&b}89A~*3=Vj58g}YT9t!ZoDvp&clo-r#Vd3ZRC zObndb_Lwncx)w`(D*A05gkh4B?_)~DsUpUl7fP+Xyzls5y|Z_+WAxV`e|~K&Y*6|Y zWK4t2kO|+IK&jM}y#7K5PuLB8x-*4Mb2-x-q*){9r%19E23^ie`3#B(GI>(x2@Y-E zqv+)g_;4?;u`q>j2kECwp5K+nM{~IfZ8t4I3{|-e_u2BD8gn{L{Kijt4VldKB1?mc z@D=ya=gN@2jadGtkt9wZTFVFCg>%kG`&7VR;8%zCTq`S#%5v!?W378LQks}VC4wN6@IDDa@q^B|u2~Cd765q7tl9?{~rn{v2lT;C0IK}(&7DKF2B04Vo8AkenE}!?~ zCiNru&yS`x($B7vD0nXDoi{fwRlgHl8vdcfRP=B>+3ee^G5^aOQa;+rAJNLTUKb-f_$7^xzVmxqPPwXKKGBy5&sLU@BX_zSlh` zzDyc$_QYX!m#Y&dFbL#IX}`YiK5I!1_h3Q8+T zRMvGmN=oxw?`3u0S-Q!Jjo-KV06wfRm^aLxPwtCgsV5>W(kTlND14ufRavJnPaMAV z>05+1FAM$?PeOktZ?9U?syT~@5&@;~HGLS(;k=Gid!sX7UukY0XRp!1H-(VWEPeO9 zx#Swpq=v>`<0i7pvJJ^H8apqP>XlCq`79b-I!6qBma?=VI6pS}SyoPEarV4v*;P8Y zD%jAAfhRoaqtOv(bT48S=Ik{WlUU82S4>-^r;#&p1BT$V#OmX6x@_veDT4+5-~q(< z+pG;fyGAz~nEUuy>J`H$9navei&q~q+3H{H2hV1T7NXrP!a1)Z$$F48SuzaT}h#4r_wh0cZ^qEXHfFcoUf%;JWAL39H*Yd{OBQD)!rA!+jDd*(`ICiA6_1I z#Jv0Hm!!>=%UjC`9e8K|@ob^;y;0dpy7<%suqCRw!L^lKeq}!*g+(rA$tmry%sZ<2 zDSb?5#ktf*-)^T_Cygt6^J4L;tKF^yYDW?pX-`xdbPp^55aqLQ{@^` zjpO`4TU3SA!SWH$#?e+x-xTMVox$jQRZn+l#d2e`%6Rybvxn^5yw!|vgl#fd>$1d5 zL@uVz1)NGFdZ2kVy1etz4+ifLhkT3e&1a1-zl?gsGGpp$pOXt#f>J|flDSK!|4o|b z)5RlBz4y%pGBxN=eTE-Gs&{D@9u#SNOysBS1k!juZTBX0{h-YqJ$Dax9UdvX@kW~X%;&VW@8F{t((@Y2vpEZ#v*5!%mGNd)>O-KQ_VAvii}j2+J^YH@UWoMxKcHh)u zszAFPl_fj7ol7XgSY|Z4Q5W^3PB>wuNK}%Z>s`jRq?Lp|(Qm%2g2qiRiJf^=nMOOf z&p2n#`+0>BUin3_rdC_sL#bxce2@q}m$1xkG}~A9?B@kxHQ&9j1#O)+(_Yaz-1#BS zJepkRyqp3ZJg^wkh#i!F>JldF@u-7;s^h+pZ|u0857N9kie%pCPZ??V=zRW0|kt~nZe!^s;>9uQILQa5yc z$g6Vb^;mW7|MbkA-p0dyu~8_uKb z1H5g@voGtUz)>)Psn_nU7ABYr{uVd+mgK8t1yo#iBLcQkIyTM_cpSI(Kg#T5O)1O!A&y8bX>Iq}RwtaoUG& zXO`4qh8@jaR@)DjZe*#tNqknmbZ!eTg>Q~}E8!Ep?tWW-+F@s1d7Q6m0OWBTyCFDz z`qfn2l$Eqp>SU_OdiP-Y@JEMntyw^JXdD|+W>koKTvWT~OmdK_*E~bo;x%i#{YLb~ zB_CD|tDgSHDMxzar&#d$X@C4wv;)uUIBv}v&~Zua@U-bjAGslp_nN}{Ot-N@8)UCUSPL3+D~p_;&R4JA`)<8IE>(n;Q9VbG**$vn=w5UF zT33bc<-A1m{uSgEt&#thq_7sdTOiq7QsObNP>r58B<&&xK@xqv$#!9>(6^lZNCr}XLL?;C>t6y#R5EWwxYIB`o0m8^0qzj0#7gPV z%uDJv;9+Uxy-*wUZyk@sK0@rBO)%?xC439_i0ug)@G^j3?5v`D$5FVfA&2e40^z$Y$% z8N~_)B=K+p04XjqfOhcf8h}~x3ugq-CjjWfPo4ip3V_DI3>q*P>Teo;O94U(fJFKU zPyv8*zshof`8W?(f%X67oBWXh+!S6gl7bCv{qK?hOyYs=!AiynAR>Npg#h-&6L85V zKkEiG0z43aAoSB>pl$%w1;BDR9=JjPb`T6>0%TzL6W4!PK1Y`io z3V9mj13*{+5+nfs_}MqW-TWdN z0d<2xaJ;+#Wd*Pjpcn%DEU*lqgK=;H_YK_b6EKJ5Z_qY?mh`|Kd7z*GxH*7%2($|r z><0j#xB)s4z>MO20&w8KGT<-JDPZKsLq7qsU)&S$)c`pK;0XcLFfeZtY%f5p0rxx) zI~xGa0_q01MBuuCo_}a);12)htw8Vnf@XoGV7~&hsQ`~)f5HJ^H^EdVpw9px?&3V@LOf*?K+Z2(dXfO7=nN&wOfKuZCS8Zea+j4TA&ij5QK zeQ*o?g6091KlBN>ZlHyMw%`I2Z2<5hKm!Btc|e~5-2eul0QUpnleoA6F97@w>_dQz z?I+y`?EQehfX5EdQ(%PR69AV9j9mb#0uUzwoF5?L-~w1&z}N+lD&Xb-%KgG5fv*Pq z7qAh4m4T%IR}*j#@YrDmGuZ%`A_o9x0pAZ;_6v*%wBG~w>EUYLpZ*P44)o)%G5ROM z{2q<}6m=eGHUQrUFbQZGU_AfE?*X5GNx^kJbQTaffR_D_Qh?C%4;ubi3PhAYWdWc6 zX~REDIRW+;cntp{nEfgXNVxzkBN(Ivv=$h73bYZpCmu=yvGuQVzh%H3064dwHT@|G zKyLt^6aZ`mM$#WCAp5K2?|S}4_S^bDQh-tPtF0b%{<WO zKv?>1{U7NAVd>X>{*eOr{$J|(o9wqm57ee#CI9p^*aHBc{!0#&{@Hp!OZ|7!-+cni zK7Y#omVz|{R{o_KhzP&E=uhc?mI5*1FDw40;kWcbGZ=0N{sH4rf0zDa^S_b))*%Ou zHh*dOEq%}o%tb%>VL(jy7tLTE*F!A+C+Y9|1~mWC@LLMj48+X8YW$mKz-Rum^tTS6 z2mfgJEd^@^X1iZHfS&(t9T1iNv-GzPASd{v;kWb;&Pn3o=Yd~j{*MeJ_Jnld=M*3i z`1hZZOYVPW7=e0#bhYP!VWjfj1~~HfUl~Sj|8kBN^xw|T68PKMSrY%|>?{R99ay6; z_@Cc@|J~VHJ%6}G4_1L@NspR%?A`LV0x`s9l3`dW6a(`j!q<96N2Y%*gRPc>OYh&%^P37!@j3lb3` z(D#4zzi1}VZZWBs>CI+C6cO{sB$0KY5$W^%eUI6O${`56#T!|ds}EH(HSZ>h$GY91 z^9H+hZtaIYr(N=xFJ2|9jWe*$`PO?~K+YSFppE<}BR5_*bq!oNjDgaDbP2?VCs#jUR*&I725uN_8o5WqwMG5#GW~!@ET3ckR3i;_9@ce?sw5RrwfAsb`tI zp0`84`YZGn=Mb|F{pgjI39!p1pl{A!n5N=OGO15t2>ru=y< z&!I|veBW*=P5bynF655f(y5DS`~IuLapz3YV%F1uD##$R94te4sy9&3@vj0lX}-M2 z#8M2oMRWGVh3eBNB5<1;CCG^J&7gfBjYnZ87yXeoLCknRnivVm#olGi z8T-T!DmQoo_s%2jKda?S!*2_56=M0=Y3Nl#EecGFw1j3uB|I(6QdrU{RgoNmPVQ8V=upOA3_IxD2_CK8-C|X+G7B!$1 z$l=uSq_XT|@gdTQzHkQsu2f;5^Y5z>ihWe2y=K)6hc)ns<)JP*=3n`)VZ6 zjpj?LR31Zma>dS|+$eiol1hvxiB0y(i|za?@4-oTTcmhlAt^0j=j8nhD)b)= z(4UZ8g{(8y<-b8bZF{PPl zi7oU6V^d2iF|Q0xbp{8mNwug)RTC&}Z|c_c=r~!GP?y+E%>)S=vJixl8fCsQdJ_th z{lRv;Yf37VBW8e8pqR@O+B}cxV}j5b=uIPFR_< z63%ug5l(Lp-Ml?rC=tE(i2|1B!nLuYlL2T! z={o`3N8B~0r?T6$c}$Rg)(|1H9t-tc)@C24dZL&maG3b1&lE(HqMYLUZLJvh)2IH%!(-n~S?yR7kt1+Fa$|>94C{>k;ufk)&4AR+GDG_Pk z$+Y=my0VRlHV2nesk`F`8IowAeGDAVL3>-*6xE5^W>;2ydbeHY-wDlY1&hPw7q6a4 zE*86SC+f5=U3rPq!b7Aq^>$lCGH`sMUV6GZ)*>!{KUuUhB>J)L@p}9q5+6#{yU|$q zuk{g%jQ-sn0?W%(;oDr1LoZZp^p4aPzJ;#3wS)A&ih=&sw}O=<~+yzFx{M3kS^R^Gs7`SFIUQ z95?RtIK1SgJrkOSQ{fGobo`fUqD7Z5)#1~_!2)}*@ZWPn-RCHJu^r^R+AgCFF4e5O zb5%g}jJ60EvS;1C=b0vf!;;$RdqX=zJ9UY5ZbtcygI1{Jim#-hr$(z1}tA@Yr^aKe`JZ$)!p$2I#Bu4APqH-J0KjHvOs zCg_&@-sHkCZ!7yaAiHKDptrMWy0N`K$a){k7Zh~8Elt}~s9+f1$|@XfaEhfkU5QQ> z59b-Z78FWyoi9>a7uCp#^|EWFY%#N&lj`PGt{TX{k$nE#DdkRf2Q8f2Fnx_OI=@5% zK4z3%q54j=tJ5Bv8#hSC5)&2Umgkx%Xnl$v)PrqF`Hi#g8IvE*(G&JoOGmt?W=Xr} ztTjvmmsm?*8*n^TdY50kF<`FCwwH4KpnmogA_T8Z!9l<*+?ZXEaGK&>ZqcW74hb)) zd;KV!7Z6)<+*0~56hbubw7fo7*ARWFfP8)s9wf8x=j`}Ro5R|b=M;wAZXerMD1g*M zfU8tLAWR8_(Xin5L7XB{ zn~cOEY}pu1Qh) zkB?Oll@vHc<1{=wuBhhjULh~;^mgS(q8v;ni>kc!UqY@YY{-EulX`>h+rNQRbRHZ; zdC%%W(syf|UCFWe*aWhh%)91LF2DYdY@RsZ+COyEmMv)UX*3ZXOdx@@6uko zYNT%K3Uu(b?!Aq5*s+@S@(tN&&^=GOhS=NG5oo)8|bZL^$?$1E6Gb}MZ8LXsxn-LOf2yrln`>TtNO5mGW?roOzKfS3D5Imw61E3prkBZu(O7YuaiU34TxDSDGpw3Arh zVLF7rwOhhpokpZu5?MZ#voGxpzH}KHDkCWDQw+^r@%NA)KFtrNveIlCv}QS4J+R@y zZ^dh7(s)H5_bBiT6M1gMG4fkkMhqkO!Vl=Z$x92^v_-rEZxoD$w2zSjkW zO*)0)I*c%d7U=j*XoQ>J*XW~gjjroT^PA-dp8IJXpNM3d$-py~#LgdBjD34l;w%SH`z^ho_ewQk~C~onVYt#BccnH}M-?PFHr?zV+`| zj0`shPApNzh3I`zcAR+KooK&Aqa>D+Z?yJ!txJ zI9=k&`6|Y2dF|%WqcC@F_|u%BG7>^kOr7u2H=NH_-YmRYa}7P0Erq$jTr_G1@tQq( z^y6|m#Fc9Zg1{(;#&NUoK2O{Yw(DcyY4Mu1lW8+2tE4gRe%9Nh3%UU&I?Cgg9hEeR z*a0_=JACx%EaH75!ng!9LN5Fv@8X)_brKOI2O)(UE#z*>z*^Pzj2HDbq^Y0(Tr?s$80MpPXgmMC61GTET>z z48)p3z53<2A9?QIrTK2}pc`N=h1~3rYJCZ5Cp&jPBRAI4ZPz$QFTl&P^s;~CWIO!E zQ^?XLbl>Clk%ouRAdwm+@L3J7fU%D@QMaX+StPBEdDMi=hUM@QHq40M+Q|3Vw8T$t zps)9&@lR&s<&4&XqW4-H_?YUN_hx8^Sr#RqBRafFD54hA6|MV9XG!!ZbO*X86&hE| z3}Hfux^{#^Q;{6So^T_+jJ39tLf!8`oU8$Vi(=jJHR6x4AD@jHxv(bv6=1p6v z`d)ecnCS7QBLozAc2tE(SGNAvSh5=sC0-%=^qln6GP@?)drw2XbO#!DT^7 z+J!Do_F|>du?-oXU02Chc5C2BPTvdnJfbeagUJcJOBk#jHVpC1(V)S0b_GF_G6xb4zw$Qh@T%vCqR_yC zEP!5p-1JqRJP@%GlB1qZoxiWzkset7U5;~huF$cFKf;21%yl>`usfh^flZc$_stmZ zTl*Md$gN$2RJSg0>-4yO@ZqT1FH@ecDA5bCKV?O2|8aERhy1!o-OMtH*T*oWjnoJ} zrD(f~3P`hxPHP`y8Fm~w^%2&TOuHcyZj@P5QTQ(Wn73*Bs;FRkJ%QvbSdO0^Vu{Ji zUCv%Q{~_`yP+sA!T`r*w=dALutX?*2bk}Rj^jx287ed`NRc=a12uDxziKEd-7@L>d zX^>MVk5&gLF!7-?oGJ-M6vZm_QF;feOM=eqR)27E;6z6Y;t>{C@B6rZUmr=TvNLZS zM{`Qkx7i-ChLc))X_wrVC7Uj zDp~ZP{!U=%kfdk~OaPx^4?3(-avCj^(;&I$^GsXkXMC)054>O64CSIT-C;<8Y$kYo zYqPE}atxEqgS?pPQLbsY+CYS}t_sW_DaUy6;UGu2vK z>vu#nOUhRyDXd83_s&Ukp*LR{0~9FkTe*>b1hxs42KnT=cH?>Oy{7Pt-)7|@`gG2# zO(c#)0%-s*n7E=0fo5L#^(x1MVQ5m89{zes1t0qcoNuE z#uwMOC&m~r8!-cjsMbro;RUf5rjejYk7V3bgS>jFP1z{|Rvx~> zlpSKiwewkY&$M|xxYbjal!+f$FJKHTAAQsnCX)HgRx~LnSL13DK z!^&glxozkQoyKRf02t*Pgyb-FU+@x<=Hue1fB-bTMDRY4&iE}5R9pJCZ)xGPWQ0GO z8I4BFf@PE~f8UUUD41CP0^1icS-PqnL(qP<^Ftu&xg1}>WYozko=U4(o*`x;W}`Gg zf`u}^;Ll^?MJWAl0WP_9FOTedZ3+|hwBD-Ry#B6oTVVl{6Hhu(@%o(-BpS`YmqNKg z+AowNYwPS)-$2L;34^`BlKx96^+X+y_w;_jO~q&z%I2CQRuwi2;D_hR(}+Sa1Kv5^ zfxh>#C$=mZRLieQvTUJ!;2RFAH&z1c-jnl~aiuf$98${;>Jzx`*s%xlj4B}9V|dfM z3^IVmLi*3h$T(a?9dof;8d4{glraXKW=aCQspW#{wTF~W+7b1C(8~_nre$K>(A}%; z#pZw_Q2X;m&rL}2{kfRStdUG!b`*SZA%gju#-XT#VqU-;H-v!p&=7%d39 z;Z%vAC`$6$6?cIqyY)8aSv##kpmDaoHxvzFo>83sYlzCQ_(6CArebJ|6v5AJ{nmkl zA<7^=tan%$9U@J*11PdN_^#A zKE;AwBTCcq(GGadf+0Jn9~8(KZ;nswvLUe&%M_rCaS}2_%vFPNN>Q05GQ;3QBmiMa z!X&R5Qdl1`c`(BhriBLSr|yfxWveM4{S3tJhL{KqNB2C0(rK)2oUjP_vy%LCG!fzO zfWiU?Iubb~U;iN;yjz3s6K_kn$2=Zj@-83Gwvt7mgSe3ND_(cIxy;v3_`&ld$YeM`(J)xpm2FzpL)Cd zUSg;^51Q%uI+m|ombAx*?Xw|0Gy4nVAf!ezR~6i3Lt#%QTIzN&%hjZY-Y$`PI=GKm z8IRAJ_!ySx>e)ZMg9$Dl+br18X~3h^!DR2MsNIKhYu?Zyo%xPx;%(8mhJ>s27x{pmG8LlmR>w(=8(Ub-#)$QF667WK-?q| z2uzxdbmJ&|Atz^FqWCIiQBI!=-faf*b2>k|oaA2n(wPxDkzv{%9UhOT6o!{ryq>x*O$tBU@FBBA<#Pwgm=3B5Ufd0p!d9xET{adBp=^7IjIo;&=hmT{t;%4IAwnk(MCFpAH{$r&gM?` zP0)*XzBNZWl|Qg=0XKSqFteQFb=o&}MP1>C6{2(KSK{h^o&JtjQmj z;J42%kl*c~^FOWb-S@VF-Y{68XsR#8)DkHcKVPthH$>dD30QrpMOMkKvaho)n2#p_pY5MNB)?^^ z2v9ulc#NcI9&PD=ubY19Uw553Raad7WI@l@d$#=Q$sHY@Y^yyd2$(R#%23d zyCYW2NgM)Rh%Zw=3Q7B;b3G?to^v#+Hfvx4vSCf)M@{ibVmK3uFOFq$=f*wRW%2m-afxozi?-+Pi;@)b2^ttkI-Z~q!|FwTD z8!rB%ba#)1nQGaV$2>i4Ptz^GkV6fZ(ECKL8y;dx)`Klhm1wV~=A&@`LPJ*=T;cFA|TZr+rvX z#i7)nQn{vraL>i4o}+9$rbsq7$Jdt~PgnJ^s=Rxv6KNTp*D+%sp>cbA9e*l!ej%pF zJ*I1uR)rjZJsy#MDonPIY^1w+`cC(K#CjcqV3T3#Fb?C#*dCMn!ezWH-ltS$DytrFF;~B;^w~By;kw)U~bX zG&fW#z1B0{jv2x=GCU6TaH~IiB;&G`Q_Lo4$iIhCayc6{>UezL^NO^Atq_&TUGe)bs&!Ojn z(l*vVyg#V_?$7#tmQi$1F|}H*nqSy}sW@4o5ZyKFiDDm_wnQ2Mzi~?Uydz=xssurG zUkG+J=-YR%@AAQ?O%>B_N7%tU{WRSfa$PX5j2BMCX?K^tYEQU5^=R!gH*L!jN1{DO zQZm^1n3IXQwcxl*801WE0MRu6MfKch6sNhf=4_8f_XR=#%|d*y&_;S4)#ns#ru^ja zpicE_afYeA3=+XgPG!#`r;f1@<#R;ecT~ssc|qUb+2mV?T4$?<7-+BXfZokVo%M96 zN?bTQhy8fQ`u39n=8=S4T0Cljb|>yoO_+vnSF1nO z-h0>q-=^85y+BRyj#ni?XO<8PZpp*;4G(F!3YM-Rx5az)6hV~E`7QT;V&@~l*NqVd zb~@`_C3>$Hne}g=42GHYBqwBC1Z;4NzIkEc1 zbeYpARWYKBPPR`Y-qT!n>}rNcrq+J1VI^v74g?M$r+1~&nr*C~zHKCUy#kqvR>Y9G z&V;`qfeA^2CIM~3@@g3Js7~Ly;;DItfeW6Q43S6{eZ}Jz3yrcv+z^(dwbFsJFdK-p z<=A{OCvz!5Jg(IXlk9JDZJJ|n+w+cXPv>T}6*0C=w8Z)idMl>3ffWklYzT(8ND~FH zxLh(Kv9UfVd)%y-eY@3`!K52Vz?DgwWAobn_jiu@+n~2I$M}<; ziCE1P*dXForvg%htW<0X&0-FP)DZb^ofB0$>6dKEx?hW}(IOx0Ivz;dB@sil`S*h5I~euuSU8a+vmBnn2V z1uwQBOa(|aj32!o)UIPeSp4XfMaoWdd27?sg2I9?Cw_IEwCHN@TS`44g<%EOQ zS7oe2>WqOx_-HvFaMG6j&e^C6HiIo3(lGeTFMaaK-B1H)F^NEzBPPjSKWpxra23K_# zm-6{aA`nC$27GKKM8JrlUr@%I%5#v2Z%7{=e-I2CSsi};5IY_Yi5x)>SqwxxvRObN zl^EM74kENPlS^{}syZ?K#N>H~)ARB9o{GWa@9WE7zjl2)c6!%&y5M>0101_$@TKb1 z%ama?mJ)tS-iQi@zMi)}@0mW`xFrMgGcV@xWvbZ(lWsY`RwyiYtM-o&@f~(iQF)Y} z6bDXJpX~*Tl#Ar-QeoKw_IFCfP%S8DHV{M;&T&#u-&82mTMv)Na;hOrf##V*i9R9g zRoF}!D#}_yI;!^UX}B?&^2Cs;+%&%A}vMD}Fkhsu%A zCq1bAVU%R%rx8^xW$F^5)HkEe5X?0v&$a8N|KAk=}pfP1b$`D(Tv8tmN%e4H6 zU>RpO6Ujj%M$!t!JhYT2NK+{SwuYE0Os`4<8o@={zhie5t~4O*dN2_(x)VfRWIIK%M^$;P!- zRohO>=qP0dzN3d18R4IBp>;u{r2lLc!CxMVZKx!RaGCDNA75I|nrEzjvk4P3CZ#nu z{ix*a-rEAtHl-jVDc*6R%|ay0uqhe`L4UK&9&aQq1GF#kRoAZ;C($YV9WCmYIPRnh zTdGvA(>{qnX$~Kp*VcF-#icPz8IL&!SKx<@drf>guJ99Bvid<`f!zy5IHD-=m3Q$f z7~&1nh=erf^iJ5fh($ZQg~cWd>cL#r)>{(%8#GjYw)DCL!&0C})4YU}OA@f?=%EC= zK`%UKV85&&F_if`U4+_9GpW*{PKw(-djSWnY`&7@kot+S9#WhrXG9e{AXZwZIT025 z(Ew#{O*4Nn8=RbJ5KgQ^jx21TBxiz?z1ttFe9lV$(#W(D*T#V1mr#>K0oNe=L56Y$I(LhY zYs}BZk~hnsXp$>V7ZVTVg9A5>u>` zP&`W~6izNFSt0`!-2nPg&5FKHgIe}piP(|#OEOWsZ*N=Al)RR$GYUNm#vn<=+f$%u-SILA|FvBo{vaoDJ*%6e5fM?i6>H? z>kDuG3}cyO%B_)Q*r}}F5)$DD=`m8inGx0T4ATiWmO{f0=5ihqT@d*$BUIp{OQr}9 znbg$EL&UyhYh?)W; zviG6`Mp{xjpN-Xkea=K*zA_erqPexzm$E*+!p3TJRLN3cB?m-3QHD@TfhYZPV|2ip z`})XQw;>Kk%?w=%VHnt!V1+kYVpx6BpJoS1Ca1PNUq)0|it1Hma|Vxwg%rC|XG3no zg=zZ+sYcFE?}ANt28&$Dt>>yqEfJ%_*_T2Qu1W4HzDhQkE7z8{VOdJfVdEQP)tiKG zW0w3=g%W{_2dUvedpgc=(?bPUEH6pwhLR#LYrEq|>Qz)&*6fWeu~;f;-V;O?bJ`nj{&*ZaHFg0#fU`8fg&?o!Y9=r=@r07XA8ClM!mOScw;ob z9{x8%|_iH;tycLu908h}W_5he9SLtdcE7H~lCV@0hS4;c$YZ zy>Q-uU_iPjuSR%r9)*3IESm0#^QMTY1NU-U!g7jcW{hA%K@8vC4~cAypy19pv^Q6l zBq>4{#3Z&MYO%|>{oQG87q8L9lr_Ad+g&Hd6d8$k8u_?B(zL~{!_}$2t4Ul}g}vHu zzi$~6O9(a_4HhLpjOQ?R1V@N&qU#GSC#gGhiMq2A9L26n0Zf!N(Lxbot&K;IOk!h=5Dco)PAOs^JOk2e!2^Hjetih57Be?E6M7588mZ;# zqXCXa>5}}&k)^`7pO{!PVY|l5rem=utzn|HMd5{rQFO>{?W6`L2;?~H)xUywzIVDV|&>AyP8j^q9 zVFrEP&5o2t*hui)A9dsdrrzCArH?~kja*ehi7C826u!u!1+>X#Vy%y1L^FuG0sn=t zvDTtn06HUd0ZgukXz}Z$T<;@FJ_4mD%GfQf*arIeIF5PBO!^;^9>>vryc8??LMJ5s z0XtMkMoTFcYNgPw5ZzL5KX$bwK~ghehVji_6*N87F=R+0?J1HfzqZsTh<-E<#LhjP z>DC2GHk~3BA{yl#u4Fz!Ch})%1$_xTiJNL-YTJ!SQ5{vm{KQ==)d&}iV>>bg=2qdc zBwfh*as-F*jnp_|bk(-`Y&8O;Z*clz0tJ4?u=kd8qi!(!B_4Uov$fg1I2I7mVBg4b z6gCx|i*qxW{%cCmBon1203unRUvNF1y9OqsOA>`*EV3?dRvw`Ns1*@QmHm2fkYPdL z#heXI5ejn;8;s-Vc!E@XU<%5~whAkL9ZU##!1+N`;GBIcAe4%~Op$c9|EAslMP7F= zj83$Ue(Z3B%O$!|O6z!#HBqM%MnAp8TW!cXNW26^_X441Qs-t(xItrGBOGSPI1E96 zSYbn`Sf^;;RcVVJ@QK+-+`%*x54$9nJv)K?55^eJ+UqF0-y+%)9~ z?dXK@yFi6!FseR*fsv|$wxHD5ox&kiP#$~bL8qcFjqchl6cocbm~%E()JW~XSkQ`J z=ofXwWe`;%OwB}`oS-}1H&yOGC-pqE$K%Pt+1}YA^aKHl>J~8`;2E_S=XovoO%RWg zCMMeCfe1G>7kmW=T{4|b0}o4X!{%z(;@&6%E4S#@_-;6!6hdK;2j<4Ux18z3wux)# zifnb~?cA^C*2RUdL#vM{X<{#`C$r+EDLXIgKkso7-(7=<5%4^Gr~l=}a~e&RxjU}M znXw}f42m(-I2`)xA1aRdbxcrFQOWFRfOs*2(ZT6ZS2uE9-o9vUB7o1j1i9;OqBRl< znS0Bnz~QRBX%|i_!L{qnlPSN#)GgS)4*Ygjn6bXJ_MlaNU!{Q52P+ zo0pUmr50#TQWS7D+*o4-C5abq^qk|LtvQ;Eh6jND0Dc*DOZ@uA3qn#m%Y2wp8eUy+8A*9n^t zh{h*MQ!4w2Vf;)Yx2i1z#Z-sqXV-zF1aB?;Y@44(tJ%e~moLo%b6pp9a@I^Be;vA6 z&|AzIs!VwzC}W-rj#3`&IBB28Y}9=BcHQIyaDr<>npuVxs2QoB711n&VjL1a<`6F{MmQ`?G#mADW#ZY_6`aZf zm_huJXgNk8!KLCtFoZAU@!$!MHRtRlFsHk~l3v}RbKot(e4+`_x-*#0fn-#lYH{tH zi`*aMnB><-%A*;3j9RFffubB49p!-Rd-_;^&Y`10I23+Nc|xLSdRTVQC9`c&4VR!L zje;px88g#)dIn~cBQW7}45z4NYc&kJB?wC5E3UBa)`lO-&f|QqcLkZ_Kvo8+X_%mf zDPOhp&h2>5%*!@hLxl)2KK(S-@6l!tWj&oNLK2@)Z1LV&NWqX)* zTom=6BZ}iNb_`y__A<1{G&M>kN=|Po3-R~t#S6tSIfSw> zDE&(2hPq64rmqh({ECbL10_sFwrb{fSCsb_M?=w@EYu*VnD$FDjr5U#?8br<3vIJP zl42DK@;S4wg%YY2T6iZ)$q|xq1KftPUS@v?*ubz!?dTG|0=yvSxq`FH@1MlI(^B5I zyUnFN?s@$-9~PLser2~;3#3TXp+A$`_zRQTef~jsZz5KtfVYEgNO4hd;B?HaWV9_! zhmu;%&dCWv(u`Ysc`hzKcjk42FoaB+I;M&^YaAr5X$PxtX#hm>x8=N+nSZG`?*U<=pXh?kQGVsX zqoAXTjtB{6jRg)ZryKiVRc)Eqs1K9uN(mHB5VgkU1l1=TaRy7_M!wtJqKs!%NU-E` zUx0&qJa)L=K>AA|aff$9)4?^iwsX?qcF+l{>P60Io2F-^ro3i+ld~^FkXXRy&(_r6jCT`9d1cX1^FaYCe+G}YS*8e(-KD{hb_H+KORVJ&s(PF!N_le9#&vAbv>jPX=DpWTCujgWouT3Qw_7Q_bti<4WSKnus0kb zY-^CXLJ6Ew%gRqaY)s)N`@ckrfk(eVYlHE7?=#s>l;2c^Y!>^OTM?-)0!R_la=n^r zkryL>t!ibh_Bhe>c|83gM>a6~a{OX`TAWkdQz($WC_4XEPXW%Qw>%Dq=Oh(_&tDSA z$H$Zs0HZNd--;yprRk*857Zq%FsLu|L1Oa&A%h;CvVsxFV~{YAU%`}Yrfm|(l;+U& zP?&btVb0FcupH}^Ob+%T6*NNVs@WAm7ykb_(}ECL%^$+5YuIkdGanql#X zzBl)m7P}AZSuyR1y}_0`?s_9s;hwx_)-;~Cs6Ch9K@cK*9?)RjAS5L%TNpMlqaAG) zSW&YGqO(>1^c?k*TJR;vvA3LZ9H-BW9oXfN(N@qscl)F^N3WkwD~GY69TXo`GPG)C zdMpEHzI%ee{AIUf$jk*-#Rmg*uLo@n*p$)wSh`O{raQkR$U3AO<{4BmLV#Vw-dm^EQ!MtRz-velHL)# z+HLL!yM$x94hUB$Iq|LnCX=C2J60-etcw-uxQ$$%>C0Po2T`=#$wrb`3-A~#M6nF3 zQ3+KDZ60yRcG)gOK>4q^Y}$XD%RUF^vNh{y&Jf}iY=tn|Lp3p&C>o3j!e|u< zF}tT?SORHPuNVKR=tLb%4Y0JatfXS9TvpjO4ITkv)rYxa%fy(Z6gH~zypAa0;aoIe zcZ2*}ErMImuA^+*&UCa)cm9hfIJsOlqmMUMbpPL`u}5?@d0I_XEWuXGa3e7G^?yrY zzW~bvoA@+2;%8&i5+kU1=T`oq_DG0gRfQv}+%+SkY}l$wzB@9$Trbq4tj;&F3SSo| zQ>Z6m8C@fpz-y}_BUan!=t2&Qq@{y%7rX7<5dyWDnU~V7*i6Ws^iq+Z6X7dx<5BHV zedMPqrdg@i{J_gG22z%=bR)tu!{zrCt5`rbAn#@2Bjii)&C(xOqSF||1*Ior1tF0k zhU-grit?7I67%)>Ag%F(BUv7J?vf+a^EE}>iOaqou2Z4knoOC5{Ne%xFm<#cs6}l0 zsy%Ce9_lW##L+|!IV|&-*%)5RSg0bIhxAo&y{_rfB9_yH&$lHN&F>Mp?Ab!kXlmr^ z?l#X(iM@DWkL$1Xc_>yU<#wP^z4KFUa2T@`cEKqPrxCRUiI!0FV>~gn9ELlE+JWrQ zUrc_}w*N-K%jiOnPM5m?VV8@SUD7x91;OIm@FGZNEaKQ6X#X_-pE~1%sz!c4rW!vX=!?W3| zkI~og*cWmm<9$J$x2mhN#O1-Kk4N<^Yr3i}RgF;_q-5}lWFT>R-rSmM-B1Ulge76_ zVk*!-=dhZu&_?s;ls#b!{zKM}o*~C6x{N@z?kvCg*BrL48_4tiHHYnc0_w_kraYJ# zSxL%Ii}Z&%H3unat1xRQNf2SZ5SDr)!9yHV`}EDcZVnr1hYUs6dJX@9hU}3Q{ zd9+PHD*0sqhqO87a1UM-zdXG{lF7{T%&K$z&QA1n{Tn7_Z+r}~sN38nEF*S9NTCEOr;5*ZY90B(O#G|P= zld8j?J7DIU^@#pxY>H0AGQgdjYiyE+@RU-^I`UnGveWRT(&cxUE>j^w+6SMQozs78g*&rwQN) z_V?WNzwFO`4gY_(Kid++?3>k={K=g$EUvAIXs#6XBjS!fw_+Sqz=TFR2j~FN4rb8Ws}*-6h0K~&t3!B>p@2Bh~FM~UzX~_ zO|0REnfb-E z;@Jz&D9@B2gNKr~rmA&8z=*9K^Tx;#4MVz)Bb!=UG#9OqbiI{G8N7tbMqUIi4Xrxc z_0dC^GR5&raOh|ff_;Nl)H)W`J8T5wg2@8PBdC5hmYeoT>CsLc?w^(fclX-Il>nhl zh}G3NFPWN|hm|YavSJ&v{z^d8ZiyM?lU~2;`W94`D~958p=1JVgJN@LVCo-}UN1o= zsxvbtwWaoEH8I~c<#4R6E9y<__j#Hzrn2Q^2;K&mmmscTWvoTCr%`@Ltjp#{A91?A zXTU@jNl|Mtz7P;fcB5K>5d!w4B*DR+nKcHh-x#FNh_$~~t+9Afd^;I8Bdolx8*`to_j@T`tFWqq$YQ=$@=9ziG-{jdlJ8nC z9QNaasYi#E-~-@a!|O|tU1wi150_LjywRrmHZkkZXbiNinMJlOW53IGWBSi;Invxw z#Be9GazJc10aF~njxmz{R;&dsNI7zmWLHVv#Zd{jgV(>Pg?^Co96c@N2>nM@bvarI{VKK49JZzR2@BJI?ZyWGICl7CNwSjibJsg`?&K-_l8Qoc zYwB^`em^Q3Mp3-JV^F+EK@MNIm|Em>kg`IBEWaa5D1nkpJ#s|6Ch!Ga0@B(Xu+)-J z76R|ld$y@0&1z&^tFEdlmpj|$u}b@z<16q14vyI~4c?z8j%k0~qIC>x#L9m|xIRdU zAn!mifmhxK@>VH=!4dO7;M=W7)*lkc%ZI?mRQF5Q-JDMZ zrz-O^^R^wVH0OqP3rt~613MsneNW7SPFQcoMt zV3|?MWaV+g=KRF6LUAEU3$3uD39#_)HL?!8D9#-`K~U~wkE4(B<8AC7Z_z0jtlF^z z925M05d{vd+MGIaD{21feekTbrIhlXA%+|ag$!bjRS;6`=?nEdLp(xt-#8CbUNu!> z4G=KvW8+r0c(mvK|1N1AWc@*xF=9cMTmA&xuDulpad_?@z)@=oeFUaDicuFneL{?Z z&-_`Q!MIwOtx9}pz9jDo{4xZkfjsNEt+3xnBbNIoSR7vMq8EsWF?tA75*1_0Oad8s z38$Y`3d-Urj=cSl$*seLHxuQpWjC~>oY-Zch?i|Uh_v6x=s&v006f#z{~#@RXHtN6dJ4Tl^)v4HOAudb&$`USdN|>7(OE@JjiD@@UBW=!PTd zNw#b@+6;_B(v_%1NhJv_h?Htqz^>a^PkxITIxy%sfXNFSa=q6`$7M=Go*MHZ%`E~E zLR}c|k)CErOIkI;R>FOyoqQokRRkt5A$Jn+_Xon%D$Y?6xIq&$$L}k2!8!K4b^&u5awFu5 z>c;<~?JdKqeBbU*x*H^=m5@e4xov}V^UG!15WGPov=ko|+DywuN#r)M<88Qxsb2y^z9d*{9G5djSh71@v zu*(AWufRaF=abYYBhPV`MaWW(jh#RJ_rHxd99>fyIFq1#r(dm<7_cR+`OEjUf#t$R z_CXQf1e<|Emj9#qg%cUHhZXth@>@a0dyW)F=Xjv5d@`>(YT)M)HH7t zrCLa+n94kn@~5p9YrBs#repQpuVr;l%*$jnu(%CwZvHI~gy6 zZNHkklZ`MjEQ8ka^Z%@1HkvBYK5~D#u^7OX+XpHIisc$E*otgJq&-k{2Y@AEyU)!> zuzXr-92zQe6ohh;90Bqal-}9Y_I*0J#0XKd401_8NJw&nGIL*I6<&w+nN#?xzHJ!uu9GVXKT=grT`d2d*8~b9L{hoLp~U+Ps*fBrIkDeHLwam023r#Fm}Ngl z+nd4sDT~h&H?kwlAm26TBm6_Og#^bn^08MDRUK|F@XA;YKn+rtoe?L!M1>#j;;K_; z=+$>%S*qJmkb1x1>;@xUb=QCBj&_jN1XCh4EQ6klTZ6~T$^Ue@$5^_wSos$-m`nBw z7fPz;hJfl8G<*??STnN#zFnJ_*MfS2%OoLQ&j$K(g} z2r>B7y$mS&-|q65&96eluyBqGP`QaaxKknCLM&02l2UXwOCI`XRYtaBK&ImeC-{2|<7S^aUFZq}l&dV~2nm%UUfe5wy6y4G}(Q zT~Sf+o>D0H&eRw9Dt=SsgnW4iP2caV=cDl6Zse~{1R@K*Sw)27;9|AE_cQCLa0*~u zf*>h8Ggn5LQVRS|65r$;^`Ec;-Wduggovr-xI;ysSYTS&Ym4ji7LS6V#w^%B-`ttKZE+$ zB_IA{z8&pwc}-QA%Fp-7d4IQUL!-P4Y5@m-EZEsW6ZL!63yf0+fihCG4SdqvuSH|} zCOk=R8hprPbNK^p^M7%21=c{Z>ye-}(7%g9BM%01m&8SKao^)~zOf0j^5U+U zg99gizPGcg7kQ}C*V`48ytM7iuz#tVz{=H&Zp%I?d5%7m_mG5Kk8`g3 z;|txX(hnW}@6t%ctk5~%GR4R=!E#w11bdW{qG;cPmfNNwzvZ#eh%OicY`MiK<**9}90nh?*>eg2#XyAkKc1_FID@}!56x3+C-rj~7nYji4dpC0GXu4*GO)ex zM-=~b)09~00^POL;wl8KB5)SilLA5;TV2FLRe(SZSTOKfaZ&|NK>%ATNHbfai=g9T zK8v~*vjHt8qt7ZLE`)Qxj?1y(e>da)Qutk)VSzan(eFG|23M^o$qPQCj<~`VG`+uI zUf$*`#nhhH3IBFiX#i^pMMCR6&;T}^WvN9=jSN)`FAkYhxqjXj^U{EIFN=L9IZXZu zkzrhizD6sWHU&kPz^aWwUaATDzd0f5SEnM4UWH81dSKEbQKDShoY~=$N{oQC5fQzV z;(sLv^8bG$2k?P{CHzTYxiuT~FzEQ91B$%MSG}>g$)N#()crE($J*5)OqPF@g@4xD zcP^f^G`VEQKlW(lbpKXX?yuUJ>*g&KL5k~$3W-|coxIFJ)Tf?*+)y1u}~)dige zR|K}Y&@afKWOzV@serOUPDz>jf58lVz^C^r@Er_cx{og&eJ6*rDwq)aiW*UXbqKTS z9D)8*InUKpho!RPieWj*P4e3e(5Q+*2YN871f==qt!0}`30d1T)G}g#C!^4Zk-jgZ zvmkCGR_$|_c>y!>Kyr-~tYSb1o)*g|Aol?`Kg00pqKFu5aq?< zI1VCBv4LS+)rK2M%(RVE|ocQ7y$_PceL7 z&X=zo|)=!5lpPB#_rfzlF?Mwon%WEq~F@;?iht@U3cJuE+J|g(jAkTIm9C#`?z=# zf3c*=^7mv8zU_T~Qt=MzQ%o$BMG7D|FinzbLD?k&7}$J)Y?Q!_KN^T?O;O=Y=-9enq$`HtJlu;SU9n z94ax54TBIc00LQbrqR&`r4oskJnTbKP#7#q6O_jAquD!TnFxa4j1}WBXuko=-AaaCjM&%XUzHUYQQ!cua$m#wF&Q` z&~Aql64Bg~gEfxMMbc5)%I(n6vF?5BQHSTl$>jWYfVu=Tuo>$Uv`#n#I0t?tpIqdA zkus$u(WlS@mQ)PG%_0yWos_0+`lB}E03#OTc#gCUmV_U2vbtko(UJl~j*07s`{D;j z^Lh9$Wza4VASw9^w0t8ahU>|aY-1SvHe!aukH*36@ea&V!nbh1Ycu=vk3W&fvZm;S z0=@`Ze52$?$Gc1%fyMOoeF|K3;>>Ro(I=07M~6M`gO1zee3o3-8NVN>7#v&qn0Tdm zU+h}TQXdj=tQQEKzMCyT1Bb+<1+6Vm*C?`9&G|44olZuiZDj|w*5tt?6HR@T2r&(V zp+AsYG?1`uj%qs0MexrlNNrQ+BZh=E3*D@d>WYb?*R zyF6!hi8KP@Gp4;LKpDZJRfuW+(HwOEt&x^0L@C+%y)l4?s_HJkXh~NoGUSu^s9fNe zF_h3G32=w%$o`&CeSBm!HZ!;^Ye*C22C%H?$p|Y51X5$i)ADIH()Xy!zcN73FVOI0 z0sUD*B8|6%cx0Ai--A|&1sgl3d5{S%f^Dq(#rZF!lOQPI{wO?J6{`4 zN1YIh4G8@#QY6p0cKtiaPsBx=M+0Q_O1}QFjI`G43iRf`lw<7iX4W-HP zi`ZPOWPHuV%QN%>;mU*iLhQAsp>F=w{RT>9O`5$GHUDZ!m=QmeWUkp{c3m8n@}cVR zYSx7kfNY}=t!ROsZv0s9vm_(rp;n=B$sq1oZrZZ@?tU2LtEzRh1kv*K8RuyxU`OLC zk^KiTTiVPpSos}Fv?(bLzfUFOWS|@iI9_0h<~coL<1W|lj|fCappjfd?@zFVc-;7! z#_2B@X^tvkLJrp>$BlSi6RrnwVpK%8ph%AAV&qdg7ALon*5%>WRg;0Y?k`m5RlAJ- zK#S2zr}vJq*m6`nJ@><)e<#?fy$@+%$Pmrv;YGs2y{YsW-$(?Du6z2 zN+Ps-!2}RjV(be(qH%beT(0w*d=qm^Z z0SLbV$AXXz(m=a8FFoa!kLr7dGDKO=(TSSm=R3ZoaK25_4=%sO-0(wMQ|eAbR6!@o z&O&$VqvUtbl`T!{CHl^Xr;^o&XL>C!K7H;QLJn{~lM!pNwH=_YG!S}jlGkiRxLi7} zpPhj5MdUper+ubsx-nu{Sw0UN$-BYfJbaLi%%d-d173_!Ibq3ypIiAFln7GUBQhZy zjC3UUZ+aDj-DyNt2&{|iIgWLso&)XjR$d94SGbsR& z5kur3y3TrXX1!4GvUg&Wmv;ZWP@ZhfvhYBl#p`6<_;j~Yv-A|&`c|TuLnI9*EI{fw zt&v1+J|h(_uKx>JsskA}j83qSy$(erq`A-p*Cts|ZjJ>J9&V}nw49w643(S@f{k4z zp5&MA&{$-AI(Act49)#Hgt}M!*n&w1E7!_!Zt<{}xOJmZXHO^h3rAiCVIVUeaM%uH zF~*dA0TJoip|)~)oQEizK4Lu^5$=Q6rziK*N1I$cIs}WQXDxiLTaL$kZJKf(&p2!7 z%LI~*<8F!9_1GLEh;7j)*PBO!Vm$6#7i&O|(ENP=z^eOZL(|y$W%^{6%?(Q;8KjNT z!Gkaqfcjl_#}l}Z$;SUKV2bZQuqhGpA&?t^1P?lZhIy3rk0w8UGijAP-tNtqQZf7y ze~FUBC^yw!_8VE1X=geY8i%34ClHG&kSl-TPb!pG>_gB;rwzvBn0cN{l0(`hLAT13 z^SXgX`j6b)9F9Hkt^r3{NBZ~Dn^__loK^$&#a4Ev2?iXGt(h9G=cR}?@@Bq%BR^o2RuhnSnMV4P`nuAu` z2lM8uU@=Sm7^LwZCQQw~Y5n3SODAe6i-;HB^kVC`V_$}t(Bn4+><+xd@`@C2av*mG zfV6x-=#Gw+7D;$Ka_9VEvHi08D|q609vZE(r7agw0HY#{=M{vsr9LE1#(TRpMT=!6 zgTZLZxvfop28v5uj6dH46LB-o=D{;w)3YO4C=Q;^?QrwyPED=b$xY{hX(_A`)0BqS z$LLDIxT-feI!QlsAJXoWDgQK_=P=&wW!caAk(HwL65DBTFM-JMvHo>$|N*EJ|<}~=1^DPn7TL({X!EP_w7p= z#Ut||$<@?XpLBP;g)@FX+25XqW(-pweuj&@0v-6DO!WnD$OP>G+^jz{npa&2)Xz|o zZmMknXpuP@KsV8FXQ?Am$Uka;&-^{}v;KsVVV-&$Sx?h@8SXYIVFN##u@$K#!mFR= zEZA}QJJy|A2f~Cp8Y?cbBU;^luVd#&K8r?lkF{^Rj_4j155IOi9~_@mpQGd3w9f5q zjXVBjSj$Cxv(1SpOkp?}MoWH^N!nUP#uVaDc^P+JqVO>7-u=@#> z!>ROIybrNb!yLi5owOlxG)?pW5q#28Jn7WeQSQ3 zGt_Ip&=0$cL(bx_=aedP>!iCK(h9}I2IcM@TAl+99q7X!((CN)AJdXMZX)DYNi>9@ zEibVYodtjfw0k8lMY1bI=gPW~Wy-e4e9z~O2Nx}7jkYuO^u9#((!)jkUrcz&hCrCT zCeEl4sd3NBUGPHK$V0*LMZ3`~weoAP_se`J<27%m7DreR5WmXd zSCMup0Prn;syG1PZ2;zyJD>^OU>(3`hBozr_*bEhu$hem`D2q z;nNd}VRQ(uUkAnuAKuf2Y`F9r1l_P8?tZdgigHp&#bsn_xYa`F>@(%P~gK-!({5XWv1Qo)^xaURcvND zT;CF38tJ-?D(XLW_tK3#YTX{4TCE?Y0YX`(B|fs-v%!Jjp~O5<2*Seafi1UFw{gX#()rb4+ZO45{~QBKpWJTVH=L! zb*B|i&+hAnky|m3v&!i{Ru-?<(XH#RAyG^kfk8W;O4a^?R8H39;Mn+N2E zvTLU;yqHM&YVEhD3u_gZk8g0 z9TX?UXDv@m`0?|MT!3ahjl;ng-}^r(6VYeY-};h4%0#b&xPKp@OjuwOf%~B1NiUYk zzFHoQ0svU$QI4P&K>xU%{#~0GamY(QUxt0MI&m-ke&u*kxh6lB>br8eov6^+SI{Am zAekmJJSYQb6~akB^>G!3ndO`hmLElE@YPRkUust@eHXjM--fb3N*KLDtVQA!gI5$2-^g1S& zhE#=r*_>3>zpPM};)(#0Q{Dj9y6G~Z`ed^Z8;WB!Bib(iNOwN-Tq#(;lOr-(S(9!f zK$h9)7>@Udi5c{!C>Q~MX_Cod_t)e!Fn4IEL@o7iiSWV^`kb81Y zf`jpu)WPsL(fx+ULhaGl`TJEju9o*Dw8m*OKdBd6>d`2p8Z2OJGf{9M6vBxnn|6^0 z$*+;|2{3^3?C2MR>#!q4OPp=>nwWeu`0}mm*>NzeyxSZEMhSN2SvuXge`Gu^-7~B_AWN z!NC4z0kF1z({IQ_G{OytsYJpedf1QiPgvV~j@$91c?`R-P-1y|W>8!5&|xyQo#7x0 zc$jY6%)wh-1DD@8FEn5Eh~EM-3gEc9CO}haV;`2-^eXtPqa?^czH&eaJJk?9MWj#} z;V{KN+1PW|jl(EtLa(O5AU!xOe||^ynyft2>IIS3A0k6eNYr$|<}?PlLnDuBy>nf~ zrT-}QQ5&)dh`onkx%FeD2?k8CwRl*TCacK{!)<{9B{h;Z9s`a87cGhJhh}N^P8pmP zeT;1j)gmmTD-R9uphRjx4d}XL5^dKZvs?0Fa_cpLqb_RK3IcH_-|qozvl3tIaV=Pe zU5)BW&pUAJP9sr8!A5Ce?6eh_jDE25`5{sn!N0KTG~Viwv}*`QK7w&{?$+a z66VKAO5b^DNZApDDL!Aq6U0SFh(FA*4vLWeJd!6ho@F%78aAyII zL;Mn(d1h59yeOLVbIuCsB?CGP6;~#yTooIE8Hz$(mma{~xwRbUrcXd>xJxK(ab;Dl z_J#Xb!s^5t6pDSJQHV9{`w|SmKD#8p-a~`Q+0G)+TTyRNOAVaLN%y0iUSO>E6Hx6W ze$szXkk}ch-A;F&H?&llAEUA~(_fCj=>p9;!9fE!yW(Hc^i66dk$kDqhiR!;kulg}P0_&;;opduR9Z!Ne7MN}Tjr>GAo>hD-%s=}F+YB0Yl!^8 zY_Be7F$6n6=S`02y#&;BsCXcIU@L{`v}ppyNgL=@DcqxGJilz{b9Pvq$^t$Q$e$GQ z@h7o`e!Cn&8=3|(w6K)=ZCzgN(lGayyRCHJ@x8z9;;CflxeCgD6Z8@~@PM)Z4+zrB zvF=m#W9_K?hqJ^y&rQe6c6R5`aT+$t!m}|f6^p*cYmlr%cju#&6hGN$!1C$?t^E87 z((A?-9X%R`*AL#$J_9IH$;Yp@#^fud$2z5vcZR^`HD)Ig)QD}AL$R`@fA+)0iO}^; z{H>ks4FF=i~z{OmxW&EP$wSb;6qn>N;= zQO+h;62L_%M_592ZYKDy38nhB3DM+#6J=S#2F9T!4No?shmo$f2 zeb(E;Jt#TkoHXhUN5AuP-|N}4qf5mV8?J{Rd7U#FyhdD(PY$7lR*g`^vYsQMx`Hb# zfx6}O?TR;UHVnXb;a(y_w7rhxVG7~FJiMQLe#+kA3@(+d33mu=yMHmufaD%MtdmE$#Y`w}Sw>Pmp(! z{UmUt(X;QoNMqJ_*AC5`7Y51+_6h9m`i}VSH=yKVDDYskK-eNdBtt!pT8nnE087XrOQ0 z{p3EAn2wi&2fP)I13djx7=em%?Gq{UA||M?7u=jYBxrGT?Lze+e%!t~l4u;~ z20W6WVy^Q`7#}EwXA)J9`*13&po`1$GfYJIP#)hj`eiX5RoCK`AR*7(# zXmgMz5J}Feda?#}d@V~3fQjV2gWZ3eu<|*+8*)8l66g1RZQ97wA*oAN*fcAkaf&ZM z$%8js8|knxh`5jRY}CHUaiVUqasQ6o)Vve9>atDFn=SRN1$0*N87$-L9`k zZSL=nb_*1(9b(BImEr=qUtAU(((m@V%Yifq^+P*lH!3kSl*>Eat{bW0TF{Eu@sR0O zUj2Ao-lw|@fG`MI^eS3wrgELpx!Vv}5M$*EO*P&Nx(0F=(g6+za65${QRzbT{KzaZ zqhIo&NS6=!`~7f6^$ISpF(b1op?y}*zSf{U4P2>U^QMM4A=a@}pBs|p%c+s6ELgXuGmGaw$064y*F8mw z*S=97IjK?iQdc595Y5O3js~ zv_qz9jH)?zp)uoZ&}CFOPt3ft;3EFblXd`d@*Y-W;nl0DPke!HJ<6>^O2TU0T$_R; z?jdkxN2V-+i%@?HcZj_`j3EB44H>n>CNbsZp3r{Hic&#@EpN?kUu9vb z^~pBRfHV_i#F+`Ae~N0^Jyld7x_y zr6hhq`K1nh%U+Lqx4mOk`p_l2P|}vi`OpvtnB!a_@TT9?M?NmcH(7E$oDnBW3OSx@ zFLM~~dJ&9J84WE0`(L9_`vXJ19UrvMO6x9178uS*-3YOYv1WDC$ExOA6Y@}tqo}pu z)E@x1MR5_IfN*cv8?`S*pOEH_j+~pT=2hVx>L9~SX-GS~q$c1aFg1#b60&e(eaXM@ zlD**@%s1Ik7dwG8l)=Iz?Z?4t?4zSY=u+Kq_vv$v>CKt%h{EpuT9I+tl}%Jn=sJ2u zPFYfCZ^rdsikdb^cVf3wv}K7aQ0Z8+pJ`PaK^E|{ATg$asPpk&4gO09)M+wttKSSm35B6p8- znqrOzB6ehFBPi)8FrX34IC+oT(W}dNvEQjrllUL2bG5)x5Xji7qrLi&!}*UrXS>6~ z&0CS!>_E;f&4o_XO=oa7lKjOC>l=1cg-#qnM|!rHegEMrFR!c2yW1ZRC?JU?@Y627D>Au6xBs8|n~MwrGF78kce|ncZwro@4vX zxz28u3r6SAJ_^x}VgTPbK+<-Fk~q_`&RWWP;n##65aUyeXE(Yi!AZ{9=(3x&F)n8L z>h#-}u$d{ktTq-kI~ayt=zKgE0-Pbu|HT>dcsoyWF~%?E;b+B(m{5yI@@p_S3vOyy zbbf;;vT%oU!6x=zhnbm9gzP5v|9ZL@lBHF->f7N+YKCZBOFt0aGS?`r~1k>e07uB{2RhESmG+H zR-*x?R2#V<4B)@IN!T3rctD{((7f7UV`&`nPkH)r6pom$`#}Ql@c3W8Q&2cfh{6Q@B$cJrX zAcaJ-&~A0kar_zDo>W*BP?Np#JVKFQuH$hsTs73Q5#$tpLvARZJlxb~&!jq-qBZYv zwYWB3{$bzu#-)1O;qaTXEq7+6srjyPhFI3&Pylsarn?rhnga+{7=P!cfR_2VuKTRq zVeV53nPvTzxO6-vzP`(!tnjS-tqS6;M~g^Uk0edx)YXl7P#3>@k_!CAIEMP0Ee9k{ z6n`piTe!W5VWFk^X&do)?t6K>QatQfSIzS?qUry|VvQ|v8#W3)@$;z5el^v8BUT~>NC;XGd6{U>f2@WdG>UuloAI+1MrWE~VQ|TG!xYXsl+v0~+vqSB3BO!Y^ zO5X7p*wIPM)spllj_*7l_atolmqRI`?k1a2M2zS;V%JGl9)3<{v!5rAjrAN0CM1+Y zZ#HD;qsQ+k6y6X}K5*<5F3}hz$Z5Z<>Oc6}woJHsj>lp#y_&FvrgDDegOY@_;moYJ zGhc&*N`WAurIq^sd8m}@jsPRaXaKocd~I`f9iq?np~R2@o(TYk>GFpK338asBl=S5 z;RS8)!nt^|JJgP_M8ZDsiomfO!Q2FZYDS6BKa@gB7(ePn>42m3|woQ45tdkuveF0mZ%jADgu8jZIo~mr`eX-I%=?J;_+s zrMvV&{HPj7wOo>@ZWGA$TxE)yh+-}*_EHf%HD*z&4BS3}$E)(eYLiry-}zl3yceUq zKcBZQO4aOe>n=O&p|{iY`04SB)06S$M&*o9J8ZGrKGE1FV9@E%^%&5Ec~~Dk%mw?< zLvXeh@~`BqW=}J;U~Ju^8K`d>N7mZg{rD*opL|1M)c*@R=+1bFBd}d8p$?7x;ym!~ zOIyBEz6xkz@!&%Zvc25RclJQ|6$i!0YxXlG?k4C)9tMT>Aby$wGz(xfoTr3^m|6|; zBxsyJwY!=Zh1p;C_+=+S0xPlSXn#f|Oq=$y4wkYwtuaGVLer9KQcakBa*&z;#JUV% zeSUmdc2zxMfAp7IqOOwO*&G+>Wsct!SK7#?e%Tlwsm&kbl_a;|YJx1(E?a#<0yCHB zH~LSRM6=OYDmLEzZY+Q~N}UibTafv?-|RDEB_i`)WG3 zZxGp~weU76s>w9suR$7^3V^_;YnBYs#c*WL6N86ucOB57iu^>@exRfu2@~ol`x8ji zl9X21&_Du0np#40v`x(8en-6Jk-GWtlm^k=VCpsiNhg)0NjT!Uc|)6L5B_f8F!Zm< zJN__Cj{!(5iGH7W3CiM2y5M1~qMqn8>lN(f-6s`ZQ#OdF+@O<##7AFhM0M0@!~&8J z$pIe>Vin@2ioY2}A?hYZg&(}Mka1auA&S?T3MfFb(HX?>&};J#WIwR0+V1e6iOHlS zJp2sAFL&=(@M(g?Y9HEaJQ=?DFchVvG)bheR9la$bQ(IP+&W?x=IpDnd zqo{4Vy8o%U;;{R(`K}MkufZ!IvWTg;RJprtCj>Bjm!+7P`*-`+vr&Pqt)XTAQO`K$ zrkDbdrz{kn?B4Iz(>QgelKmg2)S)msXez~=6}n^x0uFi+DiG6_X;0DZ=|tmKY+c`J zx}6g)r!g^D;5Qi1In#Z5uIn-T^!AL$caFkD1&Z<2v?%`l^74M8xnvQOzHKuyj1e${ zvvJLk7((}R{S7pE9l$_AMpoxWB?=z5PmlVB5vy1 zp{b~+3Fq$IgdRDEsxrm+M#b0RgXyG?6n#M5%j7=K7u%g+h`v%_a2%~#Du#Xa*@SYl zHyHImC$jKiKWs=Kd3MV^uxd>wJ~^BZHs`wM;2qsTfGK`rs3Z<>8Mg zh3W#nlLjdCfc2}N7PlEH;=9U1Il-zghK~T89Ue&5u7LOQT(6lQ=6xcsp*h3UPl{08 z08US`$1{UVLei4sF?UWJAkS}e@WX5589a4>*l@|pX(|!81}2hEq+t-6Ir#opkV%L_ zdE$NfXUkQG)RN*ol38Gu>eG%*mCBZV0rLCyj|QTNZ}lA)2Jq>QM92b8JteC}rg;vJH|%-rvPW9I%Drb;YvR=_;<%4cP` z&m-Fe9e|wA5)kqy%m#M+TpVu{5tZs!+oyGNMvS?TSC7S!Gn#WXS98F-hgpLe@kdrW z&E}@*vNqL{4N_4FNK_@|sku;P2f;eEl|=2Ijf0&6n(35t|2-th?KLDx^H}*mhJe1; z&yWm5D4qBSj8~txa%_}fP}D2SBWf`Ca4Ra$nektzE9sY`GCpV-L9EJxc5IRzf`42) zqf=+Eu5(5w6~8?!;~NO)NBR3aTRFTCp@ba}L9u68`S>WQ+n_z~;<+fT`~3E{D?zO1 z+KhfqK3vK4$4ZmqhFwcWzk_U%3jM#`*>?2gwI% z=0jWFwun^DUjW$r5m~k4BiAVnOR-YlJV@jV5zlo?@UPv@L2uW=(uPpi6=~O}`JDx>+qt5NcsZmEf%T=Tm_sGYuZnChCXQ^Tt@f|%z z-c2@e*N~~{708I8$`ha#1Oc^}^jK`w z*)e&{UmH7>E0S45d*(-a=srqjkYAPl-Oq;+mw1DmgMCl--U9hp93R)hkA*cQ zf9I^~b6`i)XAB`3Zyda-R!ZA39zzt$SCn<9CObZ;2BN9omGkBQ{zf?g(g~k~G7C_FosfRmS zqu})qs7?Q;j``EovPF2%I}F79Iy>N5w8F*T~utcX(O@ zSLz&T3QqTqshuaC0Gv!$$!Nbr_i5^SUe@abDzY}?u$bo9CdsvLP+Pc==XqDmCgL8I z&&VFRq;2A4hWAQnb7V^+`Wp`O49Z~;URr;EhL@YfKiRF9<430vGdl>HI>3m3=5AwceDaP3D249Kyj;Wu9zG4o3J36eC1)oA@J4+`QA}UlZG4AWdi1~9{eg(BCpl2o zsvufz6mw2Sxb_ZUq0jKQGP8mwL^QJo*}E6Q;>j)K#3g&)Z>dxzK@+| z9uzluXWK@L0hlJFXFzz@e{)s=jPDkMK%G7n`^Qut^IY9E=vWTGvus#wyfKDjW4(=k z)jQvK89EY6zwzyMbaDa!qieh#ORdq@(x4a6j7dRV3p3d9ZE*U$_49h^EPXes!4SQT zLxAUsXLM1o(C>Qxfn^@Ka2hqLH~>Z#c+M|I4!BP%oA!QUXKD|i^zG- zrXjkS&S*QuO?V5KDT+TuQU3{DRiN8cFv4F>{zZq(Xha3B}7<`BsmxFMq}YEG~)6ISVm5cR&K_RPgGq#KVibYa*`O};Qy}WH{!(y zLVsz2C4~7oI&iDo3>v`Y>=zlJaljY$%eIIl8+~_?oDlc`X4wa}gsnr_aq6dp{v*Gw zGPvpS%~ZxI8qRj{)A?1S$CJncYlNp5JI&bDSIU;Hh1O(GNxWZ#f+ZQ*aFtu{Gwvi4 z2n$AkGj$AAfvw`Cw;tQ2HERRfOw-cs;mAUX%liGs#a!mfGGghsmb;fn_Jup$moVY+ za?VxB4wv}l2HhWTy&2p%FWQL{?x#18bsro8+&BuMY)Q_bA5ZVX6glX!igQvo!@ZVB z1o#$zRCs+eDze#7rlglltKO`()7kK=+vyl(!L*{PzFV*d;;_fZB$*V(5HIemnxLn_ zA%)KHcrIM}p+Wx>^s;wb*^hN=b0HMBFD zuX%#5ySLLiP$zyT19f|L=^R#eNWArToVWYETpsr(>Xj)BKb=it9g-!2doBClaoqfF ztyvo>xN*BVYA|uTbliqqwz)ZCzV+XAYTfNVRi)r-T|%^p9jm`2^rO%#NyYKojxvtV z9SW#6Nk5Zch_tx$Rk4FNzEwKadR&ekg%Daiy!0KxbUPdn)kSY>Xl-o1r|}||`?hA( z+MN0@v(l*j$L0#LN34-rIGci;6l=A7^C4g5=3B%J!enM2G%aNSWVB&hWaG>#@FlgviPcCJ`paG`^L8d@#ml~0&qYUwWf;3lTF=tHExR2yH_nI^Be%V< zTK?dd0nw|WS#9z9RcZL7b@P~OMuOX|o^0J)MFNkdEz8E8E#R}9+3^ya{?^~4@|W#) zIkefBxM^K@ZcqgwwN|x!2XkN1-RNrRdtlo^rBNCWy}mtyIHw*Pd|cSC z6zk1M!A}z0J6lZl$yca$N!9EMf$F0lo)SL`iYfbjzLl%MTe&~N6aw;CUu(>oXIkh; z;B>mZde4oJw81m>DxOEBOjhR)ya91=o=_idh-I)vqV-&jK+HrK}H>C$d*f5aaK$m+tk zK0l*YMGuif2!`l=u3p_fyQqWcS-xo*mkt-*@ggz2f!v@gn**Rb1-#w#2vCG>Ve;PJ z2;Gi>6$n|GlgZjAZaP~@eBlt?&K{u1jFu4`)Glf|*`hbCh0w%3+1!6*Izhd4Ou%eC zJ8*yy_ftG(U}V(u6inDx2l%xmM=+4Rzw+eI)eadW-aV9NRG2@d=ZtTh!J6vjoFi+~ zlGqE>h(mW}PDvxjy<2HpiM#89Vz!+dTE&C+88*v=HG{4C!g&}pxIyY|`_I%+)Sqka zURznpRVi6Z{4@6YsqNT?1_1zo0m??uF)=8m`sAEASE2PB6)!;KCE83|`?O}#VZya{ zAd=M$?op*6#(?@xGBpJK&G%|CvLwL6-yo>lrQ!TH{TQry@QLEh)z7Wqh*CsFxk4tQh0Js_ER7dPPj ztWA_3cnXA0!bkUKhq&oR#m^IzAdx>%DlvC;Z$Q6Q-G$J-X-B1leLj2;m= zPdbUH|ae`o0XN zihryb_XHtz=BY}7g-Yh93`)B_>lb!kx={#Fyif)ZFZ5|z#fQXc7ENExl15At{%>hGmJWr%ayD&e@`qdO>#z9CXUe%d(warAWtH0RXzZI@8x zDr5+O?qGo+5Xaj#7l!}3gzciY=~voxVtX#s`kTr&WJT6(>aMhx#CSD&A-0cn?v{F%Y&z=MmJQ>0 zc0VOm973qWnD=8+N~8b5V^xBot@N@ou*<^Naro2$iMaYCLtOv1^cj-DofB1gv6lrQ zwy!;T(B>iDGt#u4oWLXw6cPc{nh$@eMtNCasu5yYeyv~l z$~-O;(bG*&!XpTAwh2WR@;v}ZDYQw3;@L7fc>7BwTX~&hcDwbLrq-x(RlokkQ>^;I?@i%|N(vp%c}Ewm)&238J@j!B zz3fOu=P-*X8Q-Du!o`IjQF4+EH(x#-kqb|y^y&A-7GT)k@Q4IW{c+X)zCMFh9tpk? zRbEf&;aN-NWH=dB4(Qz`Z_T6WB<@@Iw?fBw6(Qf>bv5&k0k&89n%gAu-HxOV9 z7iXBKy$*$(;Am2{0bnOF6&sbfg8TcbLN~}9gpo53E6A%IaZtM}dht0k? zR~4BkWV8Zty?&o#r{fb_(4AX|fi@O~v?zuOI6Tb;>fh>B%=({k+oqv(sw~QzdTTuk zBm|SAM8S#AGvKsZI6x+Mw}k%jWvF82^K!eLMSHy2PszDXb?A5aLpP##HX}Gr{}ESi z-Udvj0Cz=*ak>XWUB8Ks-{6@vK)PW9^*k?p1dqs zV7s^g7{UY%hA`mgp5q|AUHH4khnib~igo@~B=_k{UF}^zXYuRLN-&xo~K;cn>wlYkx9Z7`P{# zq?V}c8=R!_B*`|?&%k^I$6LH#Cd(?0IB@q~t?BU70Eex&XYn3IPn!3%!=InSdRL3v z(|(NUvmexnbW*>k)_+Awy)^rL2-HuYSR=uh88pBAIU`?XTy>|OC%4hEoCbEVcCyagx~7FO{tuJ=Cs zsOkZm0Vpa4-=U{TUO<$7d-Tj;t!hjU(5eJ-E;%ON^sYc*zFX#OFYKK4P)JZKRvhG| z!~Em@Mi~32Sdm3%uV93hqMej3V0F=LYuS-pLkceqQP9*_kgw}misx%R<{0>GnueFl zjx-_`j?StVDc=chj(Z{I^!`K4adUB^^15wK;A<;;xRE%rT*zv@zu)@0(<&UfFN^{p z%~Lg|l5G_KT*`rCYP|r%)TEc2Om2Lxi-kFu9IRi_Bwa|}&#ZkGlsY>U#Sx_k=N||0 z$Qt>9dZs;Q;nR>kB z3$p4RRl6s-g3xmik`Hh1yo-RB&tgx;tr)1UluPPBUnLxj2bOKg|2H)N(1G(2tfBZ2 z@R8uBwc1!9l%7%3c2-OAYGq-z3i0LIi~HWYpPo)qevcqkMu|v%lf31`z$&-RzEELO zn0Gn#7Vk&`Jq3q7i*Wb{wU^)Co=hLkUq7FpjhQ}- zI$$<&SJbRsho;^VlxfQg?0gsbn%=I~;s2F*R29ETJ3jCe27jUhuqb~p=1Fh7rmuY( zb4*we*fC95qDob)vX)s9IP)F}jB04@ml9kHMlt6Cj!3!I1ze`d$7PjC3;rU6Or&CF z548iLv8hjhU#6J!n`~)%4JmhW6ig>fKH0Fmi5UiVtoIrC3Xx&aUbAu_0&YpR#P0o+RL7v+c}b8RX;YKO&@7ush_z_z~IXuVsT<0#a3 z|LU|LqmeN9M9YSAmxKF*x{TK^eA!YzB*pPvsc_AkAM@I9*SS`bc)WGt{|lFM_pEfX zS_qk#U+EY({45-sk?RbhY)`8UfGy>+AH3p_QuCM@d_Cd7m#{zkeJGIg5Lm zkLhWVc4CPpQpx^zGI3m@iSpWY_(R~EA{Z&eb!h5#+IZ;M>RXQ^DBxKqQg-}%25KFM zsxb3_o0dL>VEyfWi3wQzoaKR09M-3EfKkha2n*oo%;UpcHfWIecsME~5=(te;Slj_ zsQ(k@y84$yhZ5)a1XjY>kF+6vM}!(s8?(bVvN%*U<+m3fm7x|?#Hza{r9?xc6i4ir zMG|Dkcc~gI#JXhDRYkf0zrUo)+HtCBRkx>mC z#>)O#^~OWlC4kzHpVj|S#3C7D2;}Eh=YJzw7aRytbJPuDD__x>+DV!czroTa`v+ea z+}{?@p`5WqJ-juqFv{%Y3}>UEi-qR2z455Q;NHnLTn>CC+KBlEUR^Rw_4uEwNIwK! zj-wd3bX=PaEZf8Mt~mzgd~brcsxo}89O#?W4cXce+oOg*NM0l5s_~Tk9fJ}fq=-DH zH3rOEZ&J4+%iOyiIuahVoOOuMI$fi^4u31?qCPG)>XWn;?M?h9ofDs(MXs`J5WyQM zq&Zed0|&qEV#1O0aA-Q;SpzR(^N;rHn-^8EXN64)8R`0J4}y?Sbuy8<*&x5uV;wPgea#bPHDq42hrZJIc9lr(NQtL#}|G1*Ag@ z1+cTQ$o|835L{?%-@!cRdBUVK>~?ydU}WQ&5}X2gW7zL=Bma$V*caRT`*-uK5x4#% z!hP^0viA|f%W|Mdfji`>)crC>(kh!!``QnUF`)yAn5zw*s4F7UbPv-#Lh_)PpYeT7 z-<*jKHBweA^vAXzngl!;^pZpwdp6xlE>apYibuf8@ztDA-?*U3OoBb`m2}UmmOra5 zwznC-mA;ROWhvMUE|9se z+R|9j5MZ!dtjRU$Y~lxp{NIZNz(F+RrOQF$veIt~8!_C`HbsO;$>5sp*;-lO` z4fs$%GkcG|clle&t!IWeUk5&vG)*wb@&*A|c5Dxh_cxSBS{e7qK2@~=Xl>vA0C)J3 z!|i!`>)~_BiovXwI9|7tI8_t&7ZbaS5}>g~Tc3b=hYag9^r33 zZ6h%G+*Cs*@SoWaeDXN$RP970g?*O0X^O!Fvt>0dM1avtiVeK28V_QZP%jcM=+gRJ zm*(900TbU%N78jWHxRnq5PNH4)|>ywp6tGO_)J!HMMn-;nkK!ZsLEnx<|P4K8XaEM zgG)wCEOA+tw)8d20Rj5_{VeTz_L%Bk+zbQbxf&EcL<_kDCEr3>m$(|Y8Emx}-P!^Y z=vF}Y7R?){i3>|E^+Rl}Bm4arV{^IQ$0KmL;>?}|Zkx4RC$1&-2sTYu^IKnWo80Pe z8cFK4uUoET?Dvy?C`yqR~DQOwv@ry+Cxza1;56#EFD5(=*hH}6?p%A-1E;>1B=(gyVy49M1>qVebG@xot5 zGIznCp(5ya)D)@|j+nr42ZvH~oITywhunjdCAZZ!hrOuB&9k)-evjM1=WEwI4=s;z zF7E&$`@?LZdi+u5AaqVvtmDS#8DlRam!XuE2JN%V5QYrFlPyqz^(m7<|0$t7MB`39 zs#c7Z1(qwG6`ZCy7z^l`EMuSe`8!*HK93%Hg>QMNTFfDH)~HH2H$V_T0}2K05#Rfa zn`pDuD&-1&MTKwq72EM6J1m0&Otc2!aFM+l(biZfRP+1B&UHR2EQvF9`RW9EutS<8 zQ=C9XlzPHmLmQPUNWoOzP{4c;>?&Ytr!IoSpBl@+nVRZzAtOj3@|qE%#}!!rJwTyw z@3+-}Bt&R2-MIw1{Lx(U_keN0^=SFR)av){>Pm}cJxt5>Caat8$|XrX_eZj;iIlcA zn44Z(P1X6lBBe!RGrmzyJ4o=zB1kWSVW>faZ9nkewwCwYaLUVhKYclO#_iuV+pRWQ znd^>Qu~UNE2LGna8eDWLIL~fBeBVVs<5+gVw74JP$)qte7-f2k(M2il=jT?i$G>IG zU(B=j0^^HI0<@CvD$sJ%7Skm5r)~m&ObU5GJHEdOZ^EA?RybXM_6T~kGpVnP1z*** zzuqD5u+wz=@~2Yi(dz+tUwhQQZfV?L0~PpIWUDYgeQb7!&BugbNPYKsPCXdTPx)SW zul~;`=#pK<0Lz(Q@-zcQSdIo|$;_H|O?!t}w`(Xi+hWv4c9u!7GGMqAEy6}DGVd-G zRjC}+Zvss75NO*iVx9aP-jk^ zvZV86#uM5d59BhVBk)~Kc((Y6+qyd!Dq^A|XE-e#Ijy2Yf9hV}ZS}9*lx*E0F(TLT zDQ%jM>Z?cYDE7=dT+-^Mo`vzSKv^6}Fq3So^T?%89u=8Zj=bk#8{;?o3J%{yqCIc; zcL7Ty68!t0+4A8CLG>UVYKTHQnuND6NwNFP1X#IMF^)!cKiEmKr8hy4HgI-uG>;Sr z#(QuvzDfcabY`6ilzuq5c?wZ7_s`^m$aqw_(!4hGwSO)&-x=?!f;a`{TTzWd zw$*PZ&7pWuzhM0l zOz+C)QjMXfvp|Bxv4;=p&xpY?LPnO`&5tO?nU?3rfvnc2lr8)l!`zfrF-$k;7-lud zg)GirU;j|bqErZviM-maz8q3NCd-fFn^)#tewZp~6C z`*WKGZR2ytA=mM>Jl+N{fso7|85pg#c_2OX1evzD=()@sDO<)GuImzicS&zpQlt`J z`>hB_6)ck_EFIWMOYlc(t1Spi_UFn__ZK62Nns%EnR*Jm<<&^1bWB-_U!6}XIQ5W# zH1}HySE1JrjxMxAqTTxF+uO0(U#&GNRSx8j&X3@OQs_}Tees6%m8=v|cxK+?LAC_t zjEB0dTzIbme?6R)g{wA6zqOIm=k4?X8Z@6(hm9<;0Z2F6)&7K53m&hr?(!PD%}#Ak z;?S|P&I#nsN*KymYa7i-zuTpC#3&v4hw10KL;OKoT(6=j`|FMjPkJhW-RIm}?`=8X zmP6mIp9!6~8xQMvE9^8)gXzFl=I!2c0G3VsjW;b|Lqh^?ZRK|Ze>V5ck^GC~?DCBA zcJ$h4urROBsLwQm>217hw?n@eB%ufOBm*b=kaO>KTF|mlYjwf_^3~8=aX5m>9ZUsh zRzGIajSx+zjtv_p1>21&S7y%t6wB0c#L$Ni79W>n*aZYDN?0zG46n|T9WYx~e+h&R zc!)1K-GgY9pKV;+$6IMkz1t08YK)XF7_vZm5S~&den^P7>jGmxx<}plLgNf zOVr)39oJV)hQ4<{^;!=76ps6pbEGHD^A=5R z>J~E7GwN zFD>#MVc=dBV-nCwegY|l#9IRHoyPDAh2lSJ>?~_Gdsyn(w};ta0e#9Y$ha1Ddlwp2 zm1$|ke@32!6y$@RTW5EQ|>pz(T*b zq{hodj;R8_FQvP~Vp0?qB9TN4IqI(ST&RufucL_Rr(aL)zR{SX4#vOPlLE6sEmreH zgOD&?2@?FXohZ&^Rct3H&LW&q<*+x;;8y_d_eNklzB7M`aGiG%eSaP&`G zN0!bw_Ev~9W{ju-Y3BcHj9goiq^2t;m6;_jw1ZU1iu`p#*y`dEDy&gD>Eqw853dI> z$CWBS|7!EF{L+5aN+d5ZBu3EK%<;xdF>G?1Dyq-a@J~rk?ME4bm|{24d5e$j9-{Hb zobtT&8g; zHMcd#^^@=hYaRlEcz;$2TmR+cVyNP{HHO2Q^kiM&Eq<6AX5ZJPoROX@6Dx%M_7Cdg zz7Zf=$_E(PDb4#5O$Hkqp`5KLifXuFeDrLi_UV9s8#0ZPV05z$UnIg}lO+T_J*>=T zQkYvR#svr)Q}c6^jOo(+`jytcsA~8L?4E{{_e{Kmb_c&+VODCL)rARCK2J&t8RoMe z&tH4%&pqF*XbGOH+3MNUAq$e>JXRT>%=lb7jJpch@t~&f zXf4RQU*yDFF5kcptVQ|Aj-b-`!O}U#bw)E7>ue~AAaL=@7g4k1vdlyIuYs$aK8d_Z zJ6y>KaALsvxz{|o5T*qw^Yv{o2&dLdmn|QEP+Vf#s+qt?Ua+ILxtfOe-Is%=aFoyn73$M8oCC6e_8p30MwbdeQ zpXsaS7?Jyl_i^*$E%pvWqr#%88&g|rCa8p+(R{l4GtXN_y)c(fy$`7u87;=e9pM9# z85iCIJ~s`D%QC)l2G&>4S10rdJ|k?ZOsv3JH^?Q=HU}E>60x$qb(?#v#fBZ7tm{_i zYSNS*9(0aJkfQ(Uyfb`*YBk2wra{nWQ;j*sj^r1jAXBlH9b}>TcuGS$vxNxx9r6jh zG~SOzLIiLW70bLAw>@q`wYz;TlX7?YT7}~8n^QdMZ(IEvC&E`sZkvEAxbmI83W+p{ zLLQSyn&l>e$5Js2X)(JibS%_#K0Jk@(&JSj;uZG9GM&S_$t`TBlUryHvEa z->mAjI^Is6`_%6`Hh8Wq8?Vf)2>Cf}2B7`8*|E-P6&_n3$T&v=eM(zn!)qsB*gPEN zdosDbU=q|DXxun%_DpEL9?2+4)JX=6#IuG<|IDW|H2Uicfl%KqY0f55=#zisXJ-y_ zdL?bX_mi1#urvXWT7)MC;2ZbX1YdmiYZBLma|?+FMQPVp@3&Me&8JG-Wk z`JH%WgOImfAzH58YfcGjMKJmmGnBy%~g_}PqV_~h@0 zU7g`LKbTxDLv%kJl)L;M^TKMMN$#8m4YJU`Lxmnp)n2G)&Pa zi-F!8UHI+Nl*c9EiHE&eWji0(5$QxnAIMG#~#24z=Y=OmRib zzLUBnFZn_FE`({zwzczzqUvjUyZEG4RidRPO=}%;gT4_@55HoGGZCwbB5M zu*~{$iF)&!r{%hMN($!!Q8xfUshWcx`GBDKeYh0ExXFVwy8SBh>%3}+V(GVZ?eQHj zg+n%hD|D{pKf2!)safRax@#z-&pyc@)_6J!xUudw+Ad5YGw9j2>Fx_z^J?OR0=(P$ zf+FgnAD7e!=YxsBLen5A@()UuRL}$Wwyz!hdumA9ik>!tT+;=)E6zOiZo%J-m3h*1 zJ0EE+XuW-;@T?)H0O?Z-oMBV(6z3{0&j^?Fw=ZQc19PX&%yKs#Uqj=)afEv=$ps)M zlof3kNnCIIe;w(;a0l}j!ItyUFjr;n~Ik_v*L8*olA3Zww5kB{KpP=+uJd%Yq9$3-bQWmet5T|coH4*kMi`4DpCvXcDufP0k@cYw0k@o3 zTuQzsJi>kNmJc|?jU$FRqsa~}UX>*;g)Wq(QdS7_jlI5#lADg?(7=rhyId7^0*V>G z_8-6(a7}A{kZ+Kg_*=nb;~y1v_x7gxI&Z=Es5^W`s96#yyt3pnL+E$01_#^ni8+eq zE!Px!Ocof3&-9-@eSg(FPhM2omc9fkut!VPV4AVHIlHtJV$N9U1MOH3l~ph&021CD zX{+go!)q^(ORGlWX*kyb*CFy^B=c!9B&k){tcoj2q^WR4xnI52#E?m^vA~yP+euu+ z^P>sDUS-Xbdf>;F)`Y&eNrKp)V*j!kuMkFm$$s_=quB-eIbuEF`d?eDr}4iIfmmI^A#uIZ5WNTqIB_dL-*SV?2(VR?TY-MAx!w%%cKzTl zX)l+oyc&~xYWvNUpv9m;fUI+~+%0+h-N*2^rjc#&?MBr#dBw5%dB8>Dt+F1eRc){! z_n*5vm{jb)*U;vp0RtLyKCm%1HN7HCfZGIaGk)|vCK=#Tl`xXe%e)AA@(F6PO8lcq zQP-x<)Sqa-Q7xA}^kZ|QoUUIRc>P2YJUd|eCet}9+gmsN65XEa0gC5{zW~sv)75rr z^YsP6gOJ@$n9xko64Zi7Rmf_zC;#>79iP^>OQ-K|va?5;Zp)z5B4es<2A@6H22T`6 ztJg|=Hy5`8mkAo$bLu{x>fTg8#S4Khrm0D}TLWz4Zoey#KB9I4?|52%o3ED6px*b1 zdkT!Ku@=g~(({BMYQzR<&tX`+Xu#26kgkD0twRgu5%1OPR^(2zemyLIv6f3`Yu4r(3WL8M zokEa;NBv`Xdh6X9tlINhMjJfMB$5`7jQ+QkWtY{~vZ0g2tqa`8SH6bG!%Q~zrOd!S z_q=z@1ymnmNm6PzMDpxXIm9?ZW#B2uf?{ zrn>48+A7}n`NN_>M|R0qksO95+ygvh1aPzKpA(OrJy&z?=GgCfx0?C_Y_`lW8VkOz zBGZZ-!bFpgfjx-88&zIVhR&?ebYy`2mvHSQ8_3mXuZ*$afn?>EYUe4OoAV`klxM#K zNatBNS?5v0d|v|xA4kFxv&wF#wdcNLr7K?ZL3b5x@u20K3?6FF@~!-UhVR)QSSBY+ zf~VWrPi4>Ecig`^6Lem|n{as(;OeU#@T_FK8yjCdanwZ}jMS@LCGZk7jgJ`MqyCT?Ieai!4JY zxgg-s|Ke8UNhy%Ck8`90x(sOus8npLU@PE3Xy-)BPYFM&pwmebyqCCMwRa!gs_qLb zE?@;QjH%$s<~r6OHoevY2>bi4>2SEhl2deI;POc1yYL^?-YB1_n5RtuWhufwqi5a)CB4xfAj^b;292(CgI)g=b=Y~^k-NIPg7Xq5R5bUPC4;_`sM)VKCT{iKj{Kh1!f3z5{%XNv{?aqzD0_Fa>_( z(6~vE<$lnc|miY^BG_3xqD;1@r?V-$e9^lu40$R zp80%ksH{Wf*1I2D=*_eQu#!T87suE1YN^+(toc_4sP$TcG8sN=?x602bG1On$M427 z9U0WR&QEl?Zp=I{E%mgifC_p$+kik9w;SsgjvU@O4H*eJS^KoquyEoVj$9F>ied(om(s%TuW1)3k7^>!3129L%9Qy z=8vu!@n)~1O_Ph1g0DaUoz9>?D<9H90t0IbJ{GxxhJ;K$B;MoK9V_si=fPE{KGOHY z4VH9z&z;Pz1L&f3W~5iV>E}5Jz{^N ziC&@myK%I4)go?X%YDC(FWR&aGG{B*NQ@@=MA1ooWVbqyd`lvfM+Z(UdPu5VYk#>U)o=LapH>HO=LfH zm`yNi?tHPYo69bN$-Qj8f_`q&z5qGKi=BAuDck3^W%+tsJM@v0v}!-MBZW)s>3zh# zKW#dOCeaqWDx~U7DbzWg6QAiQ+e%13?*eqCjt6~4fV)@e^B*%NI-uD8ov@&$jz0$) zmH$p3K1!;-xluX_mCJFR1N`%I2D0Pi!UYr#ZC>CY*w_z(vaK^a73DYg;RQjwkxpjs z@ZT_7@MXerR^ro_oiZK+nx8cuv${WdGlGZfw?8RmDb6-srRIf45c4099#}KOiSH7( z&dzmF%R+}+SB$1t-``YUI=HoO{E!sz;dx+j-<&ywgPv|#s}3NBygBDiT#+O>t=pPt zz3QKeTAtZo4sBJ{LmZLReU&jf;oXh9{i7g;?Hmh$f_^timie7Dl`fjuvnm`TaN7QP zVbBP&=ks(2L9dEaRR-qf5?#zeE^-jCbvg9tG1vPXE%0VML;`hoxDflL78m(WA>QN& z2PH`qIRE=k3B^p>uW0BGOB6TEvvtxKEu;20O{>3mVq=V)xomWaj+tbX2P%%~r5ll+ z9uA35Jk^v7AX@sbpFEceDoeZBa(g;(gEkT<)6R%iYW9qte&e=;xjmCSou2I_w9Yen zwf`t!gABEBTMGAr0kOfJPOZhXJVFi}d!L`^E5WC(_zB%jY!$0@Jgk;5S{{5wiU+># zrOs4b1-L{dIoNriBQ^rlt><;qtB09$H9w}udE3pFzMd;ZD9YN@8of}pkn>3~ID-a= z^<{1b075_W0-^t|hdaFLw&qd@G;6J53#j$SA`iOa8}LbJ>l@Pow!aVMmEo&X1F&db zHx5KzIrui8S#;l|^*s!~qPh`SY4w4u^4Tu-J5tgl5I;rwCjSt8&vd`a#0YBij%uF3 z3-^g9^~px|v4eQBJ~3StdwWYF-a9964x;J7?BZ_qzHVKq0Fq!1 zJjchbd1xP(yw{~w0y3xrMo89sb~di#R`uLgYv=M%1nx{R2128-**g)ez~twz3KO|P zBj&|mYtPXu zQI{;1W&hltPibu4DDnS}S!b>^}ShxynKxk(1IbTSN z(PzGXGN7L;U5Vb3QvBpxvl(LfT+p6tzz0V`8fhPiAQb&B*+5(zTr);T8YNG&=B3Q2 z77_J9nrH13kG2|SZXUFg{wq5Z2i4vmoZUeQebL5OavDr??Xc*LPMT7VM0I^&k&B&( zAu0zU9~c7+?1}Q_K|kBvsu5BOUJ~wuf83CMl=4495bjshJUhMr3Gfq(N??f2vdQt5 zZycreMdF>Zlp1Ir_R}&$P z8Te^T5q0px!0AQBykFEq;0%=JQ{A)7E&|w*PAi7-!W;qHwt=E_fE$c#{<=tuXwa{j z|44)vT4dBZdZerdY+I9pBjo{9bhFx1?~$978v5g4LMmkef(boN09Ns0-=> z4p_?<&7J=Ip<{lT&_0x3zEu}GUh;xF!oI?^u?$iTR+4dDAGLr4td?Tr2w=+e_Yz1H zpbys#)tMWXl&Xoh!s@M+72G@=Bhch61S^cwl1ndXN9CGrk(?4d*a())&3ZTYbA+Qw zfC0=7ZVTCLI)cM3T3rPN#8*)n^Mfx^q!fo`4AC7qo(PU? z;OOeVp78-C{QXh*rxehBC`$O>UQxfIUEmMACt;HY!B4A&dD)LDfc(`>g(WY_#F~+n zJmb7D-(WiP-q%2`^#HDxM&I-mSGHN;<)ItQI`=Mp=q4&PbHT%mL$uET{ zo_SW;Ns4n&flV%2bmdKEACmFA#GM``afRVB(BH$4aUXo|rG!ud-;C5K|K5xyFE=9x z*mlSy1^J<$7lzOEZDWCRxRru{nbQjtQauot%S~lkNJKWT{VR4~ztYr4;&5ON;rGtO zH@dS)WLAFHPy~qAc+@~5HTaD1Xxgo0axCQvmkIj^5s@kNxy;d9O}uE^pBON)U+w#N znOcl6Y_i))MFw34=SmioE%&)Glob*W_C1T*Vy1IF6wb%rD7&$7Tm~|iSr6O%V9%LH zRwR>w#|DKa6Vz+vC_^katP!Np<_V8?SwurV@mFv+&j*F;hQGr|EEwj0JKQIamgo?xOHL!uqEH{A7j z_SimaeRRG;>}Nt-dn7uN?ak_JI(SGr9n6@(>~AOP5VgSA@aQapV&m=r1fSkN=tpk| z#|=ePr!khrI^X@wx@G=i!#(1CU0+K}nFF+U<_nkE9IbPV|d9w-ZG*qr^7OQ)|DHqu~9YmQ~hf%%!xVT!8LZUO-h?F zl6#sl!Hk5g1WCYH8W>w^-kHM~r*7z{IaYYR1!EEtC&|{1+Yt@>;YGUbg@60T&a8<| z$9U|h@uWF{P4Ds}6TY}MC2+tTFIz~xfK_|o%f7@V*Df(Re{ZyzH1Jd#+9HfOU=1$y zb}y1r4&+l82c*C7f26--nzoTrYg)ni5yT4HB*NUM`v|A^hy$Db1suF^I;;#Y_&k!h zNOWhEMO}BT2p7a>7}`LiN@+~IdDM^kj(fWEPJaGwPwxKr$M;(x*Y=%GHPiIjL29VG zyp=`45srO!N(o;jl?rz&Yby*+PeKl|lUb$8`x&#?DAdn*g)~g0; z>wqLL|C1zVT|%(;6`m@C5Y(ZQy#c9M=rQnK6;96ANe8d1{swj<^G_YdD9PES5@GEG zZ}0ghbPwsskkNpa!{rMh1v?Ti^Sk(Pl4N4HfrVKDn>pR&Uj5Gqq5DiSiq=S4DbgF( z@sg$MM3o-0t)!K={_NFD>2U5A(Z-qihe63#!V34)(s?XniSKRY|H{)7MWj5KnGxzJ z$9Y9WGPfd8SR%)*P<($R_FQCnfh6K~H0cL=sfMSgm#y74>j9?fP>FJU?vEXAWFpkPs zOgHfTuiOxnOhmK`{=XXF|K_c@DFRRncf^2`CeX!UvV*`!ty>a;W>-tsf&&@^B)4nbCmoUk z_B_Ch3x}3Q5@p4J^0Dk!&aYN#qBTNZ8P0P`Esc5Sx#toNNgepd)=}lqdzI}U6E3Am zQST+mYzDzR6nVBf1<2MtFD-ze)!rQI8B)LcNpu-reVHaG+YSZHkbAk!AjYdGfR~QS zAI&cdYTqhwW^&6!!q?;j1=p#dRX0)Ja-b*Fo(qb6Un6g=bhSHegb*Bl9BsVa*fy`3 zrji}oW+x56!gk{f5J3jD>m&6s*#o(%d}EvH9!5ndLd8_UO1BB z7{4sflkamYcz+a216FrYAk5LFSexH_;~xUhyOE&~l|p*n5mBuNei0c-vRQx#9>qWH zMiYef05k#mHc20^(*Q}Is?%_4_S$qFGoaNk6Qgnnx@@Tp`PlBHu_vK`kDnj`8`&H| zB$-VPiPjNTCA8g2f6PYq1amSCd=MQ3oN*R!vBvvO2JX(YnGiIaX@f1paK-rstE)}jk?nEZeM-gj!W-oK`loA3qsO; z_w&#*`F`|epqEd5r$`(%y2Rp87|&K@99FCypm{slSJI+r62))z7aA`JGV#7W4JJl2 zJFPgO1ASk)3eR|)w?ti>^3c+UdiBF1Q-n(0YgW)`H~4QI$;U!`$O+9^JP5xGJ)=ZPin~?%xFmkPq7v-`-58b ztZ-GXDme}i!PAT^e;oj72U3ha@Xvb!Y0~BPKH9bZ>j#ljC-s-t!sxbLvv`hLpTPDYLPJyg| zJ`HF&>+1OPzH+<(`-A~@!eh;)DMuo*_axf;A98^a zL&6Jfu!;G?ID&(A9GeFn+VO|V{?6bqOHXXym6v6na>{58;V0HJB>mU>D&fx3_2ME# zeOyc2;PN8<1~3a?{1TS}7z0!jFsv!e-gq>`oLpCHG80~|yP~(C6S}tSO!)s|D}k*? z0b4=p4J|o2|Iz5g?iJXCp?qRz#!PXg${aMwX)i3I#F-&wig+~*Xyt(VTJSa&?*DFM z4Li-h)!fAtm{3m@{Ex#5*m-OU6YrIE-a>_@FURn*!~X&aMu1MB!DrPdCxW6Hey~d8 z?ibVlZe&4e2wn(%2A6&6ibwO!rgP3#cdJC|>HC{Uy@^Ym)={Pud|`S$@t+oK?U&q+ z{+Jxi<5)|FEJ@%Fr<2060yREnq<^u2kTT|1C6Yy__B=!*h_?OiV)F?=ZO?8@QtHqQ zN|l673x^q6m5_yG6oX&{*lJUu7~hW_Fd1^dS1a1^H;1sDESZx*GI^>J4w(Cv6>yrWPbdSmzxUiIR>LZ{u-l! zqn&Mfmk%s`z*8Vb-&Wie9WjQ3POljmX5luqw)+{7bBLmUw#J2Fm-^nwN9$*2AtEtL zVQ(vaJrJWL^;XNxhWrW~6@2{p+3vv zCDw%CGiIqv%;^8?0GNfO%lq|_9GJk~7Kd(+KbBno-s~|c@T`H^kU$y8p&NHNm=*gG zSjMpW%Hwj_C$q>OxYmZ8mZS6ItsQW@qk+ub_@HuS65OWJx7@ZuAl|YQZ(s*b=krah zIWL_ZfTnj~_AvB$s_K8sO6^RU#UX^ZM{D24&amuqV`YPS$#R8S}iSy5FaS&KmqLu&@ zMnRN!niYf?-vbz>#CBcYV6c3SfyV`&fu$y3e zpLYAN=Op`fHtwbFLX!&DGduIUnUecFyl~l$)~EE26gu3voI!3fap$mPyIlmQz%F@2 znva}8arqyU+)EqMp8Vmw>{}+1VBu@1S?DISxYp1M{0p*(<6jWP)I}Zqk^hC6Nr&8z z3yKeGYA0}@Bmq0;&Jb1xIEE~M@pP6_rhb*`;4oU7^~CGdZj@d}2*gyr=+FKV`#nud z-|LOOT=5+hCrEz1j@eGKbq4;)C%k(o**A}lnY&uwmMv!oKTXV>LGuqS05JK>un+th z_i$tf(Ma~h%YO#}d$S|SX$6-edKvx0b`)(vV@7(moxs2&*nXL=!HWfN7x#VoV_tV2Y(lI@1@OE&ROA2j@q z-ThWqhebTrH;7Ge2j~?`z}qE%X8FF%&Z2z*%JwzPEDYS%7L`|G3N7>Sq;8=NSQ^j= zdAzQO_!I%*x@JzL5#KGA(9z|bJ}W)nWCdT#{@UfzXSh|I10B7mNo&6yy!Sq;o2>FJ=pJYr7E?+36RJGkwD zIXTTc-Yo~O%pxhM8k4L@ok%8*-~W3PXNHpG=<4Z^O-H4Rha@2k&3eCg?0zFy8-mwaNxy$KS1e z-noh6intAfu7u74mW<{O=fE)w7ZRKIHoAT#baoRQGweG?*OPC{2du2S8vs+vC5~M+ z)L8s|MdKePiDG5!sp)WiS2RN^bp8HlNtKx~iq;PDkkNQaf0g-3^62)bj%r@|fjDl0 zMHq$$d1AzLr`9`)#ofM^b@{Yi6ChphmvHzl`|K(Euxs1osC5;a`{K&A?Ql(&dgr6G zJKAlav}bs^-dmZvwD9A*^fUCaq&Z&T1&cNal# z-GFDUYVi_Hx1i%T^s-LrgZwP(Af)?V0GTaHW*0_8#>`0*cQ)R#wiCPB>K|zMcro9{ z;Vs&_8={uYoV9Nu=f#W9e@rz^m?t7y2w*VzB7oR7h^8I<3}W?Fv}2oX^c)N%ybZd= zqLazfa5MV}&2X-*$yV{2>vOkjK2+U!c4Nrwo?{Nc}*s%ewa?eHY2f$T+h8Nx2?o|j; z26ODq_%Qswcfc%H7a;#TnqzI-;FJ`rzk9(oH%qfgs8S1p`Z~01Wj=n3afI)JgD9VV zG8ucD(G%=iwQYt6Na>`1Q$F@4P(sM+0kHL<_B$YV+0Jj&hWP{jK4Y^YdSxBAL>_L@ zCez^E_%UD|DFsVn>nS%}Fh-8_T3~_i);3YCFlF`n3cgQToX!CMUvZZ|OVRDD;9!bD z^VT0Z`d=78V%@VjIwn+25^vvIf(&dD!Z9dUouaYEE4uZVZ?!+d)zwcUzYFvsQc!lL zu)SYnS>Q+_x5a^aGPkV=(-q1b)iN4_Eeq7Ogtb|~I(erH*@#pn)0hwspXB)m;bHwj zc*+5(p$wV4e*XpHLGP-h$J0^l1#R}~7-AnbRjU5dlX*shDC7d~- zL4x#eZepz*q{03STcM))=6}F+7q(2fTD(0)np}-}B!T0BfWZZw8Jry;a=2&#WwM=A z2hF|#kvJ7BVW(Jrq@m11LN9R`I8LrhP)z%d2R0b;OBH>JgOraUx9xygmFRTx z+;|*ZVIVXXS8ml@6)S1f8$ePj>H08SDcy8xElHq=98~3zMFOPzFrmMTTNr#TrZwfV z4S#AE6O}Ep#t4#x_$zFC`SKETpyLgN3&@Lb2{tpZ&{(ZRJcFxK z#+fkCFK|N8f)g%=I7Q!)w5abnvhDD2P9n%sk0b+>nZpJHt;XEW20%MrRR}2J-yxX5 zi9!NGb4yqD*kqGd{zZTU19iM1t+-{Wu=u@QZ^lsvi7fr<54uNUK;Nw}4K!bUB$WPN zbf2ykw*gzz(PD2>nh-TJuBh?-HER2JK4VPp21fmO2^Yz06wwo;Z& zzKb`uEieQW6=o1N_^->V7{sY{J3oWw|Br+V4jS#a(AEdQL+`o=DN z%>b#nCMpk`uT48WBQ)}48;IE$I@ZN}qJyBRp=8u~{lp&vDL+kiG!UG6qmY7M!=C|t-zfuVCFf|MyqBQ_ z$O}eYM-5H7lb7ky*9sgc^dv z=%yUst^Vovv--6L_epe$kXHrlEuxUbo(o9*J};1MK)=qCBb3VWak(`N5^L z8!!TqB8>9}iIx?SS*<{x-F}Z)P=u@u`qyMHnI|>+1opv)RB2S<*7xyddsEmb@((@I zK+~IMRW4h%Wy$z#t|S6O-Nyhdjo3Lib=3kg=?1Y;#Xb)+H~|%SA5Dkdo&W^b!OpwZ zC&vXhM&HR}2_Uw85RP}zb(~mw>bUpjJW0+Y;5LMFhRz2Aa{_% z!-Qdp37vizfV4=52ay)8T-m@^0ml7L+nTGZ{`nZyaxkB8llAJj6p=3E zuHo$S?de59y?U(lC4!m!cZJ%W@J>i1^`O!q-951qgm?ovA zaOfu?@I*2hw0}H{palB?V21$txG*dO1!?%349Cp)vI-_4)Ask8!rYfs)tVx}k&#_= z4q$fq6z)b~q#Zf@Z{Z{gJ7afxnYZ51`~B;U-D-Srg?B50-ByX$fW*8^^-UtVQ}X_ zW1;JH9-=43lZx&o;_zDj3nwrm z3Xf>QAaprYlWG%4)o{Mc$NT0+#!7oxXf59{ML0CsPu9a}cnnbTWn)wManbg==Q{!T zLfVAzN|wqo0x(Y}^T*XMQ$eFa@?Hauv%eO1S&LVX_%9pxl2P337ZkK_$64T*zkJw3 z=D#@w{&?60*LkxHs7C_E>TJNvsaQd&^po%}4e(k0Uv7-FpJ}5cFapC*mO#b#7JVqm zqvn;ix0VmPa;nf@K#mzYe;m{;Y5L97JP-s4m*H51)4wCh1}I1|3#e@OkqNMwhT17IeL0tN+Ax}h{A=LZ{Wl(2op{4MU4v<%?=&WqcR}xs)pNB7YI<%dpZ1qPc+2VBI zIxa~2eCFCFbRCsyxS8*5nOfUJ>T1ipzUca34ZG~e@mtkgb}Y3*s$2~;zuqGe9z}^! zv%b{uw*{OzLO{x5kasM_3?ES_Ri)lInC&Y#U`2#fqvp*6|Mou?@>hV_o3Zad$Zi&e z$VlM+aq0FpAm`gR_d8ynBcoP=kD5>-w>&`0RjV@^g=lYDNLGZhh6S%s80kvKUX&a0 z-eWyKoUuV5@<0a~Bg#5_=IUKW)ANpsx_-(HyfB_ z=S^XJ?c3D6-8dm62*Kv|>@P`)`Tcy8#zZuqL^gj}Cj*RiCyCi=-~u&&xuJo-4aall zm<^7%tpMp^ag*x{62Hul6Rcq!HRz95mjV_2^?s6Pz`e`xYyL;JgKtp`4pSfJ`1OEi zxdaLzPoX$2lWvxY&E=XY^%Nl78hr@%CpL1v0^U~qs@(r-8&<>|0`;PFVQYR|Fj*Jn zf5aH|_9Snv-!5q1=k?csbSd$?>C!&Ge%#cE<~?(vWsuQ#y`lixiM+=A3vAuAz-~tH zZ2VLeK+G=^Lew#%3_H>ULH03u`=!!OIb(s1`5EiPf_5a0S5P^8G!2RlfMIq zS&avh0X)|Jc`Ag^n5k}OSq>`WgJRB$l4i;no4~Z!AEd%%+@`68=jeRiNo3L}3x{~ks?jnE5Qb?{oIXr3P&wpn?C*teSx&KkZ z2)p_8ikz0W;Q?iL6X>+X)rCXvvDMZ^zslzGRK1r&bbq-w1{f#B1QWwit=P^-O+mrJbwVQ|xrD+#3 zT4okN5-5|Hq%iN&GZ8?;FNlaI-=>gTf8wzpzs_^Y?$B{P8f@^PY`BB#rR{VLRCm9) zSN`p`41JY+Hp1^V>)1m^*uG}}ut!V;P%znehxen4NX^8qCIAZyLmR8*1?#7A0|+Rr zG|_8GmX&-<+_3xtPwO-uU#y@u`aIFtX(!v-xb@BBl=n*JeT zySuAfGTkW)h8i#ER4>nW|ymuKMS<1B(pznVTyvXCeIc_&y71*37&7S35T;quEcRby@ZS zWLvYxCwSSWAh?t}Q+m}Kn>VZ06V+Q~jY$U#9nkFf-U=_ux}^kl-n`(;R80pHYV{g( z$q5s1gT6+}zrKc)rd-C(>s%R?`i?iQk>9y4NC@`x3oHQRtBSSz46Za8vlw`Z7p<`IfM!3Wwjb zYrCKS(dOHI(`^1j`ujXEFnV`M5kVEr#6eu11~YX{U>em@++;lv-vVZKNQ`9n7ePkT ziGHIYcM!ZTG2;I>^j~Qg;E+fvUnGkE#esvKDN(k{2KGHoo{FMeKr#5S2CX_DW8_D) zeF}(qXe^<}UFd%kvo^s&uah(Lm;P|ym>gM~-&L=4>0AQCb2;AY@9K5aY47Y7uxR6} zAz67^41r@bu=W_yD`uZ@RHwO+*8b4=l#l7&{LNbgP}u}rwE`8%(@8RTT5Bz&kM}`M zHX7hS+u6i_j#c##pfkMu)v;aWI(LN2Me5`uS>s~C(!ahdQ_VwEF#NbeO3KAyZt zYAAhQV~iy+K~haf&+nzRc7*|q$KYc?FGk!Cm1CAK{THu<9inD0y#8%&6V;uE@xUAX ze7V=Hy;&@s3B3|8*0KDWnVTGMDAfTCs{NF{w{nRNEy|Jllf(f1Rq|StP!My6@?>x@ zBsM1Xu7MnSvLukj)?b?LSXLvGXvnBT_yiHtckm?O!hkTP0=m=ZXH~+5Gf2&0dVrFy z)SV)2qpww2qVDNb;2UCQJz&;G3tLR1p88^Dp0cyw{ERr4Ov=q%`X=7pwQ3~POz(Xh zBn^B8MC=tdxvr0Fy-UP?ebfb7<335Zx;y`U7K(25%fTBcf=W6$+AOXf@?f{eZYGcf zNNFhyUZp_zMBHnyiSo#woEE@;S)wH==i-IA+yLnkF2eF}ejI-?4_O<~C*R-^RMv^g z_q~Th`d1#te;#96r1G8Km>Z7!0+KZyi8pFJzzz0X0F=*WsyTI!=x7Ec^mw$ziUw2) zpWrD0RF;LYwnuN!YrYkmL@7~>_9mG{6iMrK%x0tKq2U2t2xFJOVUvw|#bs)JtEPHM zYj9#Y*3e^WpnoBrMWa!W89#<*?jCzHP)Ui$o;z+sTMN(SbuR^D#tn=eISU3ZIP`un z0T7LO;FuW9Js03I5^>OBxNdr#G{WPHq6IitOK|?t+CpFp$jW!z5nZ(`r@u$bH7j-n zV596dIODki14EyMEVb>jSvu!Q+S^Z#rDvFGsxlef zP~^i&rOYx!ZumSYl_$eHkjj0>za>JNu|;Vu1wUhN(837~@r*aoenth=J^y3gz>@&v z4f)1w+p6R3tp9kbkQm|U(Cors_;hS1pyYO}h;%!oS-Os8IFo&b`(RLEK zk0qqgUMA_KzL6UwEK+M4pHJqbjYYwucn8vA_2a%A0$|2}NFi)fNjdn##=Z8w3Z6+REo$UMc6zW zUFy98tmXtWRKZV1wFM%=tT1n10~0Yngzz93P-Do(#uGn$FT_Hh>8%T;8yxNFAIt$} zW1h^j+A}?W*HFCpwLH&X*Bw0XIIfE`6tCUNxPR8pp9$?5!DDPzV)9ir87OWbmM8~} zTo(+y5gw4!hTgs!U<(ImA80HGfv3Ea;*QbYjR$Y!;spy~6#DHt(AgpI%e>r|{tLvR z0WsBMHqiNJ)}Fy6QGl-tglq@P4|0%=2cMz%aP1JVmvt@prngK5G}B7 z+P|(?Ax$_hK?Dt@j8C2SVS+4x?*h9riY3_<9$!ao|T}Wa+G4>{HX@iCiGFz;~rUl+j znST#i!W4!(BeYVz1i?!sMe=G#fJQ?>c>y4RLmVIoH>(4(Lm+(z28S_!X{8@MqY%P( zxf!S~Zlm$9xF`xp#2ptf{PAa=Q<3&aDlBsBfaiPQ>K>yYY4<2f`!L;RdX^0BvKWmd zM5^%-j;0@DHk|6b9rRkANT90#Nlv*(V3^>hezHA z{FOnqkk0~SP-V0CMaY|hg19a)atFMJ^Xrr-XjZ4K>LA*@?0)M%bg2R@)1|PEBTqWv z73{lpb$@D{AjP+hgB3WxofDz#W*xBU`7Gsqd*>1$c*Y=Q+Q@h0LS8#v@%6OI^KDPz z2=SNlEmnpyl=|gFvkE3_7$k@OTqOPPtrEa=lo!QZ9>Je!NVU2NgExr>aetK3@#ghY zZKTpvS#_)x8{>BraK!@wxf(l=6UHHWN=~;U23($Sg+Z3?%DGQR_2KCiT0OWGF?KG*e zsS@AViP0QGp(P8jr`~UJ0RMzT7%0czA1)jtzYgY7n*m_G9OolC_Y{;U!?{W8r++#O znhUeo5yJrTToA$J65eo1K;n-yE=1zYsdkJK;5EUWjj@pk3=S~@&GFMfH$q0uJBvX_ zYeAqT@u|S&lBx^BTzw3&PT=Kl_huZUe^wh5QeXwdoW0~7a_OgH>TYt=u6m5VM$6m@ zR^IkR%}(gz0^*)@puz4n-UNw8aS_m)Kto~Ykb7CcLsG*YuL6fz{q4f}ixtH#>W>yl zxwaQ$nZ^x6)VNKGXiY;YHMdDhCdsnZoT!APbWwPrUjtzjg05g($+@H=h;@?za2xDxc;@<{W&`ejU41aB$e3|M(!+cbPG{SGr zx-xht2~8B(B1h&9Xet?7|LTA^JVwON+!$#8{9iR*A{iZx8>(;wopIYu>gPe_oqbD; zZ91{+c_`_uB0z?$PYo0SqJap&F$?OX1JzLevz8|u<_opX0Uv{EK;D&u!4xI#)y^j^ zgHp!>1I1oP3l>_K<5}Q#rjdCYud1jwn7gYG3e-JgU+<%x152&9Zc7{S&iq$u+4M%> zNrYDgoz*rgvETfgPS3JR%U_iXs{oP!nMHj}>-c|w^iP)<$)7e}qiASEQ_z-hohV`= zh|52Ef<(2II2eHnK!T)<+Yx|6kI%lc|JyoYG*KcU2$xwIWFTv32{S*9PO}rbQJVf!~|FM~5KPAoZ5UW+>!95SBhlRJNS< z|Lx;p-i|LGO*^ort@b}#2^&}4kJ#9sj)26j!{W2AZ~f#;zfJ;5PRQD>f}3ytW& zrMYO@pR(ygd05396`xsSih%>uC{bhno$f|)WxQC{nBI1NtVA9K_93%cgqQTn$jV0 zs0QMhsjNQt=({q?Ck`LV(74Cox!@Mo60((k6}k~24F&3WxX|_-_=YYfqY>K=l+`7N z6fz9qXQI1MKOfG|t*W=MV>V4CPO6QM23A|>*~Q8Q}`boSr5 z`A~IEFE+FwT8f=M9t!M35&f{;ZB!xlk*y|oNIkO2*}W<6WaB`2zZ>qJcFhyBPWRT% z_LOlI+<5K9CdPuhIB_cEm`14l?b~Kd1#HX1PZzERHx9@rhUz)Jov zg!fA$BsMY?KR{6EAx;zd8P{LCaqd>+kA3-w`z>IrwV|Gp;V~&<$FY9uO~6CkBUNR= zeb;Z^o`b7as)OW^lsNDhA?weB7KLh3cv?j93`sgU!y(gg8hdn=Vr^L2M`$_jGFQJv zEsEnrP2~eg7`!S1+@U36DdgkuUTYxSGXBk9IF{e{+K&D5}bR*+_kjF<1j0=h+_@m*I9Q-luL<9$9+Cu zjqS>?>Ea%XZ#$13X#4 zFyy)|B^>0BWCrfk>W3*TkTob~XFoab!VjNhYXOJCfc;T#aZ7682yW(7Yq2{Rw(fqM zZCD-OUuJK%DWT?hmZo!uXC$mt5`))jAXY3s_27)BvZNX+`P9LLV!uRpile@QnykXY zz}opLiwd45hMg3*6r=`IWMR+y2Ho^nKvOjl=Q!eHch|j~z0J2X@Uk-|(&gu%*$C#m zqbY^Qy^n&H1TR$f4&M~K5S%Qmv3w8u$}6f9jSN;J22Au4g~!*F^$--JiM3}2zX!pe z-w2j(v@Zh>u$fht1arDqjqO>5GF^=jURj{#iMx=lLwogQjNLU_btvRK7vHCo3dfU| z(55fV*f+N@J&tMeXDCY6Z!)-Uw-#d}d^miHbV2x7;MiIIG|%1fIYE(b8O;5}+nl;O zS*nw7U#5{5v`waTh{nV*Dt@q&v&Mb?Q&Ek66gXv^^lS+0UMZjLwL%@C*5oncDF-`S zWb{gR>TnIe$7=P=sC7m~teD6bVM^ojqKC#>i3NLM1)txZc~|2%yL}Hij}GVUHf*RZ zSVN$XdO*joJIcO(XW-mc32pM4=GQlDW`YzwlwK~9hF&zxwNWq`avsbVwbQ#=WlGl2 zozMTuHkoYZ^ki7)kVeX#qY3vWv6tc}DAK?-eC%7ZW#k^?)HbrK!+6vCiA(b^NYIfY z;0nBIN~suonq;##1|=bT{hVvExh}c6{475ddt>r86bOTRsk?2bQnX3nof67|2=A*%xE>%IznxwaFN{+Yze)WfeeT&F5hb%9~T z=p^%zh#r_)v`>V_Rz-n|Bt-60A(sDoi27?Y#S?4z{1Eyc3Yo5eZXAXC`XxHb&7bJE zg}*%Q^N>ZH&R_Zc_sRP?Swt5Cg>U>Yv#rU_9`)6|C@^fw-1!*kRW-(rSjF*^e- ziAA%zPQu9W4$4J?Pf`0=AO;$NHR_x#zh}!@WQOS2F+%IF;HK)!$ZkJiiDi(c zyn`M;AEvONwkg5HJgON5k`QJQVpLvML@OH7Lu2=3$9O75=4C>MK7N=35wIUd)`gehrJ0vmdNq(@2>oH>eArW9Mz;^mR`b; zkP*p&U$jNxoU2is9%mTi4;;!T7k+i*Rh}JT6!E`X&RE?@LRV&1!t{!h_qLv1Iu6T3 zF$|1{+6dJVN{L;~I4<}ce*yC#K)sdBn{Uf({*JO{PO2PF$?E3Mu|(qyK$G0{uT z>O1;OdE#Iqd+2CiXLpsZJc|~H!uugl&9s^%C`Pz^Eqi@UHMZ5n3u+j zMUAybvPBzFrOWWVX^J#@8->Y%>#u0MNKmROsm@qNFOiAnhcL<`(>NPByhu$^|IY|( z+ssG(pj{gM$_v3%m~?FP;lx79lo(-b@{u{plwW_g-vM-AD{xG+FV56YW28%Le$&x~ zsCqFWkc7f|LD_&>FTT&NH9^jtFE?#-RMa87n3{c*LIy+&#bfzGL3>X=*r{D?=h(hn zW9M(bq^ps+R+eZ4@3u->7*5rYoy(>g#vG)(Knkya{?sb{7tA_&jrVLex})y!5u*%DyGoU>@)^p0wus_5J` z+2a9sq6O81x!w>o6vxO-wah??FFjG;C>w@N8b)NqtAiFoU^FJYH-7O>kdqq4gS(~V z2q>U?Q+){BTaRqBN6A^;D}$RnT0IYaz^~4w7~={R(NMjf8URB5_$si})$htJ!@z6A zb#B#=8tq6+XZb*|MS>mb0#&?jo46Akc1~b(A8T+dn{yYlWE1fUS3B9fIE9*s>4;z6)dP~<(kxRlrdGfXL z{`%rcYx5@4~k0~yGr9!$RxqX3oAL0tRXN-je$1Nk+jir6s>SH6?MR|Mn2)% zD9JwEe9j^kJASA1Zeu1h+5$(pj_Qq}V37nV@wxZ=vDe;E>X!b@*6jQgrZ%c(oG6T` zgZB1{w&0kQM$|nxoyDZmAaHoe?6{|%(zjmgpuh{DWi=kNkZXFK=LWJH^avta|O1c1Rb75xq$;#fSo7TAd=0PDIJ*7;t zFz>fL99G?b!jS?1j;vz+zltMeBzMKPlxEc!FdJ}LHJc4%bIqUwRtG^gYgr>Np9we|SW9e*gakOCplKa0v`W zW=6i@o!9JTWpcTK?WrB=y$f~ffK5kP&&;V-P6!7-TVTeI^y!+@*|c=8(s>)}yq>)g zaTw!!RHT!qKY`f6m)bPDyGEOT!O?T2QHGYz_(V`t1RO_CA4?)g?BI{zSa{plZL)1a zmn0_PD+P9EAP$NebpceBW-OKREib-gA}i((We&YmSWX-4+kn{%Fm1+?zU^;5mUvmi zLI_+CZCWE#ewhHWNYZ=F&+kysUju*bclG~VQ(w~zTiDze$}V^8eKrn@C)MRiNmW%q z1kEskQ!a0aY+D6!>8bH~K1m7D#$!5lEW)ug&0|EGWCYDb`Z2YYsmF^?V%~!z!+doq zxtKPPRBNd`IOkYoc7)6j;qbG5NMewyb$ib8{zM(Z!xTZ{ZVk?!f6ZWkEvFMAYN86u z2$5d{w%1z#xzVd)_Pe#r29x>~2ze)h4f~6viTS|Lytcg7I(r}sAf$wg zYU1*d1`&cgHF!ERybf3G$`P6VK^f7rN(EEvu9~nVK~&=1FCrvvj%yyHKZ0loBhbVU z%dqHd=T}=xWp6?FVw%hkuFTA2N!{@9)8_fXh+&4f=izzj5+pwRn~x(}LmUD!bf~@Y zRs%uBeck-H&WvU5I~ERk3{qg`g84Fi)B#Q%;yEa~=xAPo>?P|f7AeHIzprX+tBaP` zyftieibE&Nv3ntk?BRJKcFt2qPA8aLS0j*FCV<=f^t*qpwj8#*VXV%ufu{g%V`7=8 z^H7Vga2t^f3BfWi2n^Y(u8N}3cjTO*MF_%M){FqK+fW+Z6u5|Q&lsxkJtz2q)cQkh zTQIrbVN+u&UP}3I)mCx4Uf;32%gPMm{<5uLFE0fgio-GBIqKP{KJWSFu$!JP%G#^c zG_>g{{j!d^3Mz=O{yzkhRoUwk;|;czMODY=Z4VfJmh$qB0OXyk;h>z4oY|itrZ5x_ zm<7S}dosSyH<+j3$QePlrccPVs@lgXMJH$(8#CS9a1;E?WaTr`Z_yuzfaReVNrvC_ z(B7l{?$5zEU7TDz{rHpjQR~*!kOuS=A&QmA(NJCa-fO&yFprdyG!d~p~& zI|SRP#J9fwNxKAso%wOuljyjE+3E4DsgsLM`b8GK#tlo9!YO2+;{I%S!IakW9j-Dh zMI>+_1NdZ|kR&0dtt~&$>pY;f_E6C0wc&(R&JE)gIBc9fwNt_w&hO6{$M0d!+F-n$ke&SW_q_>rLy4r7mnVtV@RZU>#Rv!GIlKr} zNnTI7czj`_FP?{j0JdnVMKYg<9eJ*>7tGB4NebXK9g9aJ6TTB9T3gnJ@$z;w%fo&+ zj-A7syb472TUN!T*poL?Xa1H!;^p49uj$d?=X7_(8zcGr{#)d^^_1Ue-1*VX1V$dL zq@S!R>FZj=_LdnbBVKVMw(hz<%CPhWaO8q0AA(rE-%x&DNm zwd0iPkv$1Pk_^gnE=o~{K`+G{jewKS)aC-i4BHYMj5Q+U!F!6#fDhRV89yh3BRLkawV zOnNF}Zf6-YWUNwpZ@5&<0&{$BoJmKFU7i%8J-eQx-A0SGx#(0= zKGa$N~b8fXlBp(;)^7G1NF%YhX8XD*U;u zb3>kH!4q!!N2Guo$HL=^9%&)y^17l<*KfH#JM-Hdh-Obj z#zmQ0Q#mGv$3aVKRBk2mdxz9;oC(dOA16f=)EGGLTc7g2qb9qu?Dz6|eo84Jc9$?Olh#52YFg{WksEeVD89S7`P!{b+YBiC<-5qt*)=Y;61DL-j#;M?fg z73oQf84umOgg$1V$dEV)+hmV4ha~y^29YtIO(+tH% zirBsWQgI>zYcDdXFF|O^pCY&%ctsfv9TjaD@hEdAU0v0kkcb#9fjhIcnpW`*Bzim# z88E}f^7u7FHsTM7^(K91IElU=-94h3w9;yAz{bi(npPa0LXxC6E62Py(qz!sO$rmc z^Y&=!0S0csK(vy{qaZ%BPRDosS-_!BH z5H#;tpBJ$BLkb;sW|?o$kw)9;#$cx8j^@DaQ@bYf#_E!OGvq+)(=y?-vkY|}%Difz z3JbFhbuQh^)cVFn_x>*aLSHpskOxX4Qr-BOoqsD)LOpzni7j^t<*tx?1lIpul&RWu z0cKtH^}`yABaJOyvt-GaEK*Um*guqI^et+*yQx&-d-=Hgu9sb=vBA-=wjs0eNeW(` z74KQs)4q5h@Ir9Je)b8FwlPmPmyQSsE*^a63{j{rSCK#&l9qjpyNZyT$evN$-j<9r zO_JvRe)QujN+t0}j=x;d1*xm5FM2tHM`ymK2zk_U6p&4dK>BacG(FE`do#--#I03? zoHy#tK=Q;_?1>vNwnbGzFG%f5h1V9QJLDa46}YBfn@eY?@`~cQH}U`B5md!?OOQ|@ zSE@`444$8g_8;YDt@lQJ3n{L#HF>XOIb3MfPyaJ-$rQbWBQI6ZhzUd{_dk)T zk6<(HAF=}!n6~werlr4J86+`FO{D|q(R8yfPDD~zkni(ukejdB&1(iR-|AN5s6?!} z)%f}6h2V<6&ym~`7f~wFUa&B)B!*-3&98ofEqzbQ!y999TNH_=#JE}4L&-lsI2igrdB&FC z{pDh0)!{@NYgLi>=fjGV#CtKPPQD>izqwd&;cpnvGRC^j`$#pY&o~0DA2WEj2}NBS z^0k?u(YaRE&QfcleOxWBheVe-zka$*D$%ml^xwRto{`OmmK;Scgl#1taqJT>oFX&$ zlpHhB&)@cW?WmwqE14Fj-$Ba?^Xn7C$rdPQY|Wt}myhra0?0r`!pP|0-s9ocso5nb*mda@ zUU+U<7QDVPRKD$L0A~V;gzkZXv@)fEV|&vW^zQ$Zx74Tk-{37FkoUZqf}Bn6GO?qY z8dYs^L>n)?o5ks1C<;4i5&+~u51lBA_jR?Uz0vWK>o-X+`Jf&A;h1}8{0|&xA zwJ*iup2zI^sW61_9H%D%U#SGm|E7vNjIhs*)W$6t#C_vX5&wa-#94IS)N2hS1aC?q zqx)>;!^M&|YCC&zNJ|Q{am}g8eE-sgto)9GZ}!e?r}vVbD0caH`RpHp|2#W`9}SRo z(WQo=AeXX}0}3OzRH3YYOHAEFS7ir!=@oDfFkgOYWe$!FG|e?DxC#}~G63)M1Es#R zN`DG7`Oi4u>{3W2fGDg>veyWHO3rhePn5w2vYnw~MgE7LW_kA_8b9H~`{*j{nl#>G z+gIy2VEnngKgjnI>?3^H?j3ATjBtdiJ}C!bA`^*8*fMunN4o~-}9F? zkPjaPN|3+nWpcrUVoj981Mu7L*tAEp62J=%7ZU4d_-UUiJzgm zEhc|Kmns=*ZO4`Cw}-Mt$+j9-D(qCzJ(9u6LC|>YROH{08Nw81)-*TP46LAgSgT~e zIMyG=)WLcGZtr7d;rRjy!o^eIM>q1QsZIYxpyUymn>ka*gsb2J%#J{0%u(QuIaNdj zYGVJ+*tV%s{qHygV*9KeUU#(Kl@vVu&3WSk0};|3(m3OSqXRBufPFt0(~P-)@Xb(d zZ|aBQ%Z%=w%JNnCj^6u0dAA-FQZd}82RNP%cMS$E=Ba)ATK#64pXc8OjIL8QdqbeU znIGw^Iywh!{eY%h-!~!|;&Ki^k6)lV`eR$6( zg$slsSTEe#1EfpAH<+5#?Vb4>DLIBqd zs8Nz1!F;zg#9mL1pDhnu42|TV+CnhKaY#(eE+SVkZv!cuh+kyBJMQH#>9L+;e#O~x zqJK{urz9xWotiAGgX_#g&JIO;x$yyX=@?leOwt&^M{xnm-0mk+6-oOARRu&o>hIUn z=QATcSI;+7eLtCg!`5nsFn}^j&KO5po>?G=%V7M2GOxaFzisHB1{JRw7Lo5tAm1NE zBqe>DAWF5ftYrvHX>g&be$wJZk_83zXBPHYzvk6NH$s5Hgc(l-YxdN+%`b;<9)sUU zd)aLqdXMqUi7#vBn5<|OltoC6>MDJ6}1}Xx5Izr zAy0LmJ$NBwU(E+(uo}+TSfNaX^$#vuza6elCDWXU>e~{EJW2HD({Ym0W>u+R$AUm+ z^4+chOd)<2=%i+wx?r(>-!suo!P58sot4`%!YbwX4Yb@TV7V0I-2@7C>ozN_3o~j( zT(2_zSCinF0qDqM)pEyu)~r?}t$FQU?K!j|M*z2AKeh>u@RS>}*bA_(e;zGAR3#$m zZg_(-JcIv;6@Z-n@72KLhdBg_iYWH5vjlk}8gfC^dc*88wh+x6O9-B1S`3frh~Z`@ zzYCpvm9(8{87tXW;Dr9VUik-B-p=CA)te|{@1S>(S5OwQ2;2vq&oggICHQScecR|* zn@w#XPREFRQ!$v4tG)6}`<4&kBgP(FuM7lzMk~|C6-kA@0NNLiN>F}jSs~Vi%&m{q z`j`7Ckq3uu`Bx#l`#LGWdr9=S&z=pgW|+0@Dj4u1DJmyYEo9)YAPotH0QvyY9;P5Cj)Z^*`d3Jj5+X`qV32db zZy+2D@QHwyn-lOq*|@7{I4c>t65Bi4nOWMH5<9!un-ZITu`~k%`?6A%X_<`AQJeMK z7)uXg-;fJ;@(Q`b(+5X$9&$O6ia!E9<8)#K3Kh*2j@b0}_rvDkGvlizgDQq{S=*k? z17-7)=K;z*-|wGK?G0D2-oG`cgBM-9yf)|VPR!RIzu0Ip8gO^?9=$@!9;R zcI9Ts%j)KviWc-q_>GG#|2e-DzO3x28_tLgO#<4<|2xT?UbcSXN8Eg^VLujZ21 zh>rNwb{@TYcjBBtBG%=#U2!)X^3;hJZs!eS9jY+L=;}#gM9UPy1aG(1{%TBj&eyU& zD68&v>6l)%YZhL|@p$%ou!eu*5WlFyNo$PvTy-3bmz26s07IZXg-qnimeEfim6Y4w8K%SCCzkze0 zF(~B;2!->B@Wc5@4>O7#8N;P*snnR?r0twH@jV=@8escLkc0?XP*EFUfwNzie3wH0 zg{dS%y{DoiOaBYsag6#vr@p%;MZrjtB1Or{vS?AkSe9*3siLgvc3&F|UwO2uaYgGS zE5zk|?ZNrLe6a*Dp89|mnr{jpVrU5jK9f$NG} zimvPGORN=T=9ih_l1%rNBO*noefSf*u2(**a{@LWvZ6Pm;&b;F)EC;EJ(5aep{X&^ zp*W(xfw$plRSaTwnB4ti>;??vlT-=*4Vk23P`fUC1b1ldlS5t+8DUpGm>j>OGZhbC zeMBaxoP9#qE*zdntfXyNY?(NOXoTs@krIh;KI=c=$UUCa^ex4&IG8pNlU#gt;WM<; zp1_Yby}XTVt{}Qud-HT&fRbVDWIidzu&~?mCZY7KQ;p|q>v^4U%^Mkf<5SJMbVF@^ zCCy=!t~;LT8XYrk-o3A4D0B}$G^5$9z-W&gq%;u8GuPxbzH--0fH{ArGrwnD;i3C^Ib7+GGDe7(b}UxN|@q=XX|G&D?t|RHM-2K z6%*F2Y0}7FW9T#0bSh=W-@gHt9G|KQ7M<}V;VgVzn0NWa4Gn+DS&yGONd&V3aZGn& zqI!WV)m@JctisETcO5Nl_lzKRf2H@p*KA7ZfT@DTqkhg5quW$`Y>XYFyG?yPFKStA ze$H%SwYk>ZFYo>0?fG%Blvt#Q0Ws;2tVUe-Qj$iQEKFqvq4Cn$Z@z@Fu96kIwB$s~ zx>ka+7_(7Q>P)T#I-inNh5O)Y?-^NIaRr_*NwLU{3DQ+x2-ygsNsj~^Lrf2uCarzlO%xq1Jr_4W>KX&62LrOozUHg$F zkS0nR@xp&TZ;wt*-JLLv)Cz4<6eLIR@Xz|iAhY>nfk^!bZwG=< zQ@u+w5vsUxa!usQdvYQpV_;o^$fGn7Dm*AD+^W0|PT*Rpn*19Qwq;gtwPHf0AQwj< zG$nYJTc4MV0#`A5YSJJgi4UPsk$PB^k_X1zoSAX2^k+rd`qGq?KT%tF4GGs#0` zCo`hMsS(Z@{F~o|gA>;nF6rv-pBTiJi~N6Nu%Lvs(5rBo zKx*#c4NsT7u@@XV&&A*+=H@ksGMTw{_ctHrt}O)j#Kh|jys7XX1R!rGi0y*%|GlMrYD=hc?8o+t4b*3WcEcR=8>_>=tVrG5^due%- z5dAklz3=e?>4zwPpwk8+{y%AJFifJgd`Ts%f(AFeaj zn{&hT1W4ov_~g3W#H@YeZ+j6vd;W3Y{(&FzD~%b22L?C{tOfRHj1F>dPI^zEs#Kvs zXeHy?G*zR52wGti6MPCqLR#U1{}^|G2#*l0x#|`@ShK%q_ss7# zZr=AYN%MYWWY^HevusfmmEPbx`o_)_DPQdm1h>^G0Wc2Dcqp?~g&}2GDm5*GxL&>^ z?B}Hb)&m^Ed<_T`GzpBTknr@z_2vU!nB6?VM#*F)9Rgk}O)^@fb%eN!TfNO7HGy^% zDNL1U<$S17_l7`!#J=t}!iXefQqpNv~-m0lgfu!hY&nYH}DzC=tW}p}5o7^4Cwzn?vg~mp- zFA-}qbA6WmJ+p?e&MHiKnzbz4?w6gU{2t`gWCPa7b@0jS0>5JOxyrIPlZD)k-<-tk zEKeyi1-N7v;jq=!U1tbkM&VgfzW?+?6PLZY#85xA&`M#dQR0@LP$=**(YxW8i!`j% z{Jt$O^29Losik@k@ylY}75SirvnagC3K(oN4lbq)&C*K0DqC?_yQsYO5xs621HwFb z>&L0krC9cT>5UGoQi2gY)3iuDzw(jvD>iHUF1OS72;xZw$mwr2oDkWud^3JQ_SZ6< zVqo_Xo8&j}$YneZ;`%2sP;*lo*2j2$Ouv<+3fS1#>}Q=xX3ZUPuE<*4Zbs|X9o=b5 zf^NQF3#DSo4o9KgMsgK>cWD^h>iESAmqj|*Uyq?N($3`EO=Vg0C()yRXbVs2URF@8 zrp_t18yW#~+Rg|2Non7*eQMZh;8KLHo~3s+Wo za!)LJ?}Zcz)0bW$Ipd^uJQi6<<+&fv<)usJn8LFf+RS6zhE)T;q$7&IZ6uwFcy{9x zc))EeFu|$A3u3HVim({ocUzN)=D!=ZITV-VPpI+r#G;D>23w2wG}^3$atnUi^BFwHY zLM;Y8Bw`$q{neKSodj(AZ1ihzj3=$Iv_`lBm40BXpp%OyFc zN7z#aZduaho#vgxXLB(Lg{#7M%8x9#g$^2>2X$PJnyd7BH!60INI!oIKg3s`<3=eL z*lZ1`$Qzq2>yW;uctltXAP`&vhiV@jKnX+ygSRImFL@iG7z%TG_WiO)gQR6%8S1_$aGGC7cv!isnR7BEIh6!I|JIjY-`535v*iYc! zLMmEz$j3?N#4J8UED4CIK}ZQw^sc5k>Woy+J^C51kFU;i!YN~o za0pY!P9PkWno!%47W#8l;|RgI|BBE zXf^#rl=7%^^3WtOR}q{R+gJTVrc zpRNu5Nw0^&bfcaG$vpoymPSfJ z5JaS;r6rUQ5KsgK5fG(A1OZX$ka%aVjf&^!eZRlw^F06E=X}m_&vmU?>$}#hSuuMA z@#2ag;e!org5luTDBTUeTAXT7Zoxf$(}El?)%?I9c46NkG9@nTlE{UD+Qfh%H7RPa z(dsL#q(3>|*9xC3nP<}@9w~ZuxcvB@C+*G53=x+sNvWeK4_(-HdPsGO_DT@>(eme= zG3=J4t9KXoX}KR&y-)ol;`#m+TeH$TwfmE=Jb&X^$m_pK%-}QsA|99hXq>uql5-Qi z7LL!s9I5rQ>Db$D1y8S2`1>eim}NRq?pHUJDC1#?a1A={oS=N}nZ}gS! z)q^Sf%km3yuDwg$wCr%NEa=(T(;jJDr1YFUi>0Q|R;=p&mWvDp&NnWZiK{Ymd8eu< zX6Iy<*}dKvg}<^{6|KdmP5;DR=`~3~((F23+cbx+Y{MC>DteJzrl41EPRjCPJoGg`!UooCLIwE{S_*DPmh1A!zDz`rnh1JLj#B3f)<5caD zCAm_b9XoB$Cr+6eADK9fLl9^lYt5Z{x`4LIEFh8%3_q={ODTKTLZ z?Hve^eXCg-!*xiXfLYo-QWt%hn8DeJ^TDb{(#f10f_MD(VIAGiNkPZnezfdUn#kju z;P2KgMh&<}A9iVDO?7?D;(M->pQj=~$kkWSlec~PK!i@A5cpxrwK_dzqw_CHvNj{$ zGnpq=JEhe~P{wUa;Yd{XYs+I{xr9bpslPa^9jO!>`#$`k;Plv8<@9kio*0rxCin4( z4~b_@Cln+Txm@XfqvNh3M;qeVIzb~k#6i|Fe@dJ-P`W1Mq;-OeuTcrA5x1WI_;&Tp*nBT^qX_9OQA%7Av?9&>GqyBL z&%QQwMZdRlICk`$n1YOm$cu{1+84gh$#n39o;Y#)(B@?&w-0{Feua9Sp{eW3H&$C1 zn7{9)zoyk4&kIh08)pktj->gl^k6ab7v7DyF`$!5AmK(#f1#L*vY@Q;$-_+JIU%;W z@5@)JC#Ty#p94f@q zs3(+6MjtwG2_4cZ!9OjIS9!kS+w5lX>PG`zA_BpF;*9B&508g)iPGVf-B+1tQ!Cgj z>RjJ8;M6L{do-d-GV1g^*>Q0$ZhE_>DoToI@jaUfT!*phqT>4=((<$KrNRq)>Ydt! z?~|^I=R!TkFv#3s;M;4spld8duWl~#Wty0tX-z4VP+I?9zl74{N$XqB7+j3ikL1=f z=R`zYX@0^)I_RK-|CIRr(9!quS6|mv_dCxYHQW30dSVUrOc-wKWI*;Sy3px)vOe7K z7}WU;gF(^UXD5%fcinb>7i!nqPP26NzTT2z2)Wi!pSgsS6}Lenlaz3=^Q&OLr#P0} z*q=KssZvj_urYGP?>pWtWs5t9QiwN|)z&(Yw(+@x@Q?*5d3l5<$|}!#nqS|*=|v{q z_qW?Nu14qI~iCqhft!Yq)CXf?$54|pV%TgorA@5 zC|v&X?dP6ciSDP-#a+R6%;?xXpAM;Rsi*YKuZPW%iyc6}cJNC&>oB#0<6LD+I44^J=@p94LQRk2UA)sAx24S%(8-NuI(PYB(LLR0I=QYdEgp9h|3t$q z-Lr&w4>IPLM&iz@hHctr)zftY3nvfSD}@{0dYcw;mZe)hZqK+`&>`2&!?S!}EO@1A zePwgD9z6F|dPnghcOV1%BV9-a`oY=e%P1n;6Vpcn6&i|IxP!@W;$5%%eq=oLO2FY) z3dPZHot%XIFBJAkV=X$waSb+~=aiDAwTUpz2pr>KwxH9rIXQh;Vb1}XVn zT5taSWezONXI1;n*hNbPTbyu*`o_b|ux;AO%4y1li%+PmINfhi#z+$rI&~(2N zo21Hl^Wf2*w>Y{gSUCRLNmA+Qse~2-lxou@p&f73m7>qOd@$DSs`To5&M&?9JV)_4 zV-|Tbp2pM(2K>@ASNDaBJ5zji+@sLJNuR|!9+kOz%IWAEds(d@C#<7)*hw3& z2s-7yt<;z;u*7=Uo~e@>p>x078P{Lq!PDrvBU3>G#s1MupDRDsq_(-t^cv=X`Z`bU z{s!JbwSdeOEOLsY%!ZO``vp0g&)3t3Oxwu&-Mw|}P~~J9iM)ydarfQzSlL2`*-(KQ z?b8M)2>on=KR9UN;f;L$`lNYjk+v&-$Y}Gk$b(gm1O<`f2cN2Gkyu|MOL+JEOvdwr zx2d-~!FMl_(Y)8p!-v{vuN{lcf3$8`Z$+cFCc;)6U?-~UE-s1^q&j4kjjg?vXQz2f zrCj((?ggg8`+2%qSMu`mOy@uBb;@TbLful}xUx}bh!RX2mhSYix<{+vD!oSwYd$|c zW=||-pAz3=PUSd~vxIxTus8Y5+-CL6xw`pODd9mE^}Ew($v2$)blkOVs2|Lv^L|!* z7K8R*M;$x$WLC1D&tmj3s<${tfSqg zv?O@Qo9uhk@pYX`lcGFABR=Gf({|NYYFC3U=2aydbAn$lM|C{Opr?m%e-<~E?un%G zj^~R}Hp7BtPKVmPH16F!Im7RdLzXw$<%LD#Uh|5W@@xCMc)2$gtO4Omt*;(T$GkP_ zG(H~1cw$5FRyrV_s-Ij#ALG1@#nd|%6AEw1uh;|Nfa2BN7cjZ-xrb5KS zQ7>!ZjD4f2iR+rgx@hLZuekIJ{T{a-tfW+3|8TzXeNfn~V8XY)Lg%i_yW8ChS&>BL z6G=&&{6B219m@=17) zrrKF|A#0*2b*FJ+cFC=0e)~JIL>{Q?bInVud(L~eeg2lN!9MQfS7ao1OveOEIG;69 zjqTc@j;9u$$HY#)Wl;WV%Xuo;KB@*^{YY2$$z>1rT!IJt>!fnR+he7d4wSubeU;x> zjelHxPeeDHW`}I-6|`(DC$4)LpT)ZGDV;`-jYB7udx8gY$4Szbw1tLWV2zP7+&vtg zC-{+Bw)mhQ>b3~WczzrG=$CI_X6nD-DRyBs`k2@zeMw+m8??5(>T=Vb}gE{PGNZu^uuKFUz0p)jEt3!m94pT#0sBV!1~)0>it(@ zb8GJKMN!k6o*$-a8)gvXdIWu z3D0hI(%1ajB4b17;cG`ozn92aZyCj`D&BltR3u`!@I>JNY0jwA%H`#~abmWa+e~*7 z_qLtSb+E{nym_>Beg6kB|1-GjOX3$^$qw8dPkfOyv+jTYOXfAlXmpF-9UmTN?# zUOZ^ljt9vM`%DO}ZoOr<=5YDuN_1lSw48dj@+o%4YbgOiMG5{cRmEw7SemRXkIS8} zXCIJjmMAxJFYM?p@ne)};IBSF@1|ccl!KkvH`5}~cH!IX(pNr_2UzD4m&=^kP##yX z>E9~$v2dpI)!rHMrbNA%BRzM4eDR3BPW2jI_w$jKJr52j2-<(q7%a|V>wV?6%6!9W zMwxLmsrF{7h6!`j$d{KhnPG)$4QBec^Z1ij`%i`{ex0M;e{ksmX+Z?tBh`cKwD(nd zaC%dZye#M7{gyKLzJc}ew9WJ@#UKXX&o-G)odl(ebo0~iE(=nHXwmf(PE8#S4MwNLQ!%nQa_4n4k9>C>;(&7_l7 z$h@l(Q&yUuiEzdCch8j;#vfM;sz0acM2G+OR3jfn7H3_F{yI~2Ldek8?ZHdncht#~ zOpyA$BRWiyN2qGqe>tS;OG(DEKLP!W1$m$LfZ|#mmd@7@Gv2BMV=Ir#6>D3Dk`Kf; zON-S{Bs5RUAEI@QrkodOlYXK*MrgI}kv2kmJ=~RYZQv-}q0%iNjbV;l zPl_NSerMr=>WiXYTMBD$i!)kLDC;&c-|VM?!)UTJv#_Q6X6>(!bIGh)`vtB0T>N^< z!9QP8g_p1X^K0hI@wYNw1v5RH+Z^@(gp>9`4u6o2*m8)<(vMcdBhWL3!ZtoeKXB7b z$Jb?`A!C#+^Y)QW;_f{xkL}#R?@1dRmG8s974y7RHocEwrg+9J zH)qSch+4AaCE+#c&)FXqLf>m`9~-9Q{7U(vnmra@raGdGX#VQQ58dZDbY)YAS4Qel z&m|W9`926;zs0G8PNV%iuo6+~ksLy@eku$cj%c#C^VvD!*W70_Gh$frNlI?n9_4*1 z7oPal&`TSOx_I9F(y9VFn)1c1c#q~~vlF(p_s?yJ=UtQ2WsXJ9-#AZVy$~Sd`^{34 zreCC+)0_xvBm6Lbibu^eLTOVQ##F6s5{uli%bAbY(kWCMdg=L@Z#R3OXAMl9(6Smu zbu-_Fox&Hp2{=}Hmt0#tKj?2i3f9G6K0(Lw{ruU14aR3;%&z?zGqqG+dezwsEhPm; zHLZ3}3U1%Ku{=G{sWLGTaOv_DrTrY+IjC^Yloz;78w5?Q1WgfY2WlS|84xw zC8>17ajjZ2RaqkGv57C&UI|Ma{rmuhl`EW=GIVYBoeg>->am|(Q|r01nankkD^=oO zZKloRs~Cf>A3xZ9U6rGa+d|cxJTbkUnk-Z8yxgVH&b$QIm8fr8O*=Av#eN&MZzW!w{VFMx)sggYW z1<|(e(|XjSnp=tp(?~u@uP&|)X!d+qw@7*uA|#$1Ca=z);=Dh&waT|+>)Z6iHTRYo zN|Ke=)L#Y`yiW()aZd4WZCwdpi+R0WANNf?1*O>C9!|)!fyXu>=VXwXKg4QZ?5UZe zzV|bM&Rr`qdXi<$@@Kr&8S;MhZQ_TEjvrGBH9KK2o8bK9enI+Pw#}i7`#e1N5OzPk zma(4R-Dan8gnM8tN3dkRh8C4|JJ6+)sfkUB|0J4>MxqhduE~&QBD1hrq?+IIG{JiR zdFN5x?r_%YQCT0ns$>8seCW!tAPUY) zZZ$U-z6jK~($VweDe-zf$2wOU;l#)`F`sAn^^_MrQ=l&HQPb&`SB4bHOU|l;TCSYQ z9|u>=&@6jmutcNXZcGKs)JOj{ID@7sKSk2KVq%y@JwZku`#VJvPT0o%I^!uk2IEpqG?A zLat@NAX_aP7Rr;?JFZU+pP@`lHd+G=nR;$E`;ZiM@3 zaE~6ke@nDtwrAhSHN3*I8+ARnrlJaVPGz4+h`}#nEfl(2v-iRmRDf!gvHXqk>|kp-E6FF9R=M)7!kgL z;4^&8&Pb1tI9Z7>>L{zxOW8S?(DShIuyL@;xLLSxF^cY|7j`f<71WTH-C+SnB8=uv zPWFQA?5?h^Y_8mFb`ECjoB{#@>>OO|TwJVxg4NO8*2%z))z*;-vcT|=HgPm^u&{Ts zu(PFyJPi!(oSj4%8Nqw{9p>Pzk&GL7xFZ0L5%!Kw#_S4UzytIF1ngWK9A{WLxLCOa z*mutdZju_CZ1yPJVMJ0}|lyN%6nGaQ{{Tz<*>;|xbFa36_X!^F|f*}=#} z#>K?eiD|b`duwOM-7=jWP2eL0x3#e;I{<}9-aSW7L0RqR9B4)}3mbc62Bh9iX>9b9 z&feL<8lf>ZVmGliu>n9F0cXzN=$$M~e=X2&`oK5;0s_SS4|^e45W5OW+Zj1S zp$gI>j1aG&v7M2Hu^{r1!^D8oh@X>#m4n~Vkd?>Cl!MiPlL!3x2|g1per{t^!!w2^ zyI3jMIyxEH8ks;=fH|85;A6nS$7jUD&%w&Y%V)sKV;}%n81Qki8gX))8X9t$aC7kR z?P8(oU;%c5f%R@wkd-lDC1A{ZhEIUkkd>R)n2(j`j0rER0Y3*ntBJuG9$sz}UJheJ zBZL)P2SEun1rbIrHjZCU)T|AhOzj+O!1l7RHMVng{Pjx9!p20?$pD&-laHT=lZS_& zSAgRT2j7`p^R-PJ9D$oduACffTwKU>V;w*l z+5Z#qzc^`{+qv5Q|HtPS=}#^a4ojKj);M5(Wefj4M>|s| zR|5wV2{YgWV4cC{Le`m{Wyk+c{Eo)e+ypuo2Nz(<$;v69#UUWb$tB1wz=&CGu-q`h z{?Jw!#vo;7!QJ){hA~P|0bbSAbhfv*wlHz{-A+IJ<}Y-+=I{9Ef1AFW3^QBG&fXpD zVsj@|SKI$6{ttv04oVhACbo`t{|WkT5{y}PB_eONP{ zP{&b?=zwM%&rnfL8nq4oO?{Fb1D@=&m)8Yzf_4i#TWEQ$IH>gWp?>zW?+<#1)y+{#RMLiGx`!di+$!DvpL* zP+I#dM4D0#8grU=COpj_s62t@#z|+}lE95DW%n9=PHDM_F1vM5Kc>)vpGMZ@5zooq z&oAU78=M(>?$w$P1dBONUYZ!HoD`T`a1R}FOkRsz5%!v_l*C0vDK2@4TOD6=;VCJo5Hv7ZY;JKbTT@ zV%j@9y zrsAP~y-SRu=z(*^f6^>S{DbBP0khm+Ui{!5#QQrZFvhn;5qCCFqj14Tiyde@n6V`F z&bX`?4<&&{N$UM%4<OT^S%j5jO703&4A!A@4`V1@tCvm55FR;1D42`J|pN~gka*I2(b_o5_dw5 z1XhSbs6bwblLsh>h{A|wKqI1oC@{viL@@n@5SjRk5C;(rG5wR{UkI@fWgsRD6bAI) z2??x-yP+ruMFQH17?=zXfX9c*?Bam`8zBzD5yA9>khlkE4MhE!5DR6%nlGUi5Jl06 z0{Tdx@hwo|Isu3%U~>sH5QT^a9Ow~3JTTtD^iM)${4YWrL^Oiw2gmk zp+RIS9uNgFM*=%RLRn}hu!{cFz)pxVfCK7}ggA&YOmOXh#Skt3P8h`NPYpyt!boT* zpbsuDuoGAu|2}-M5fBC81L7WhOCTE|fU*GrH3Mq~R0!V^64K|BbpMrbw}}5nh;N0c z4JGIyYX3`gc`*ed3iv;Q337y(AR&TDT!$%#1YiQ&@$ZBH6Mg=kazyRF6E^6nLDK_Y z%7GSzgpzvlIKX6jYD_?VXj^DFIQ|zQzyvWOm{5V`|D6zE@-1dF`a35;AU@R~IK>VE z2V4vZxCB30lL_U==;Q#O0j2=P0~Bh$#qA#(;KHHYiDoXa%EO0IXLTkG8KA{{yBn(V z2;lOeGN^klR+hlI^h?FbT{Qcl)?o*G937aThlsyvs7mKYD9L#9g&Yhp4;!lrD9PaT z*kk$q4h+b{-UbhCN`x|&H=lhf2odx!#95IYd5Awlfx$+fuMgG>QQ4LOu`a5i>Z;Cp z1Z^2@4>^2?DhP2ld7UiM+tHy`Q?i^t1s>HOu=VjaIDke!+gO@;*IfOzmgcHqQ7-09 z-R82+Biq64ZLw}mP0ilIi`8Rn29Ob@oAuKp>IK^Aj~+cbcr{w=qrMKXMg1bfW{}0U zC@ZA#jjH9yFgsw0`J8+yvzK7M6_^^hcnr6^7??&}{xxF`Nbx9?3E`CPUgTM71jArO zDyTGo5l&?E({?vN!*T^WHT#1k4VGX$>WiBiC^UdMsX84gFz*?I7VquM$7dJ>t^wy~ z9PYeGgh&?;V@OKec}Uh-Nq~8{pCPFq^Ke`s!;uc*BrZSco^)Fa?_@r7gfh(Qqtu-( zcnCV;P7DhCDd}@z^Jq{{pg_5Tfx`fN8tCF1#g=^bO`RXa4Uz;Riauk{Kc;Ks#%_v% z5Cr_=pYJRrKz9En9IyxF%x_~v`=8>#rUcf2qClAd*pcigvP(2Hhi}xM35h%Le_-T= zn1PD0%mP)K1T3>a@r6-Y5(G6kW{6A$Wfr0~f(zh)X7G)YMa&>B4}t|4LmUtnWRJnM zXNNszjBkO9i~)N@+%EQ@ngZ;97YErxal6@rBmvmd|4|%d55+_FP`o5HMjQhO`aju2 zv-}rAkXj{RRR`6ExF8Nt)d3tJjQ}%%+71~*9H7br?1;NDxIi37*b^gW0JR-5hBzQD zhy&pI#s2p(WDmvtVy~vN5P>pvS^V_I?fdK_G&YK*hDq*5Q&Ur*ggEI&_de<~UaR28 zue~)~2}?PIhf+H^y#4l_p}9FrPrh#YA#sqnf8^sIX%-9Q1WdANfS^Etf@4^ofp`ZK z_rD2$5#eI!yU{cqM^nfj$pVfa(Iw1J(jDuLpQod6cX?2p$kWcooDW2|@sD z4v~Zp%0~oTAOu5Tfzbm{?C8t`u>zf8l>{V!5C|d~7=r2pSmcNB9})mHBEh6bY-zH@ z`}^|a(O{aIn_xC5$rbM2x%0y1^LrBg$vR7_9pO+tU~X8~L;^*Cm3Dx@rWZszXced@ z2rdxzF`}7HuM!Lp*e~t?Imjmq)hPN%HQP zqapfL9O*6zK=U0{0ZS0)pl&QuI?UTL00#g7JL2B}K&$*BHBi3VD46hUKcv;u0U-vn zEaeJE~Saa|acHL1LI z0gV)AAX*t9j~YDIiwmJ)fl)yZ9^BJd#Rxpyw^$Z*?0Py~9nie;}%N{wUr+uWSVr&Nv|@?|K>(NWiC{ zrQ|ht>bM_pvaU0Tm`T7OfS5z_?oLVfQ$QGT=fxcXN*0z{(S_;wTk zYXo-x4qA#%5P{^GA8;h5BgO-{2RH~U2BEHhAf;3t?*2x5dAf*6DB-@HJ@2hPJFN<>i%N)YybM+vpx#S4J|c)`jP7z$*Y zU2y)z3n+wW3{;2tO%|y`fjSTuEH!~Th$Ru#K-$5m38VOqng|?#5gdm=qd|li;4uzZn18@TvNclM0!=ZH5oj3o zAvA~=mec?mVoC@TWDg8X1P)Xm)T=;KjQTL?{N#nCNf5mdI2cp@0UAkXlpQRmD;z$y zewvx##y8daKJRxuX*di`!)HuNN}3Rga>t)iPUJH&dvr}osVf#9hL*p(WJTP8E9UHv zH{|*CiM6%$=`TV{q>UrD&XnL)9qLrcNQgYLy^xfnop*I}>0N&#th#|7Nb&%uI*5JX z(b?eg*7vVw)h@FK!87EP7#=KvNC`3^EWDxpLGlGkf(JlJc+7^$&cIlp&PJ332?-YK zyZD2G7oIpnULfXy`Udg>4`8zW!3&tuef@lDObn0qkSuLZ)*~e)b#>7BU2h{S z>Lp-ahv!p}4Fn4sAV`S;3$qu34KxBE+QB1cm`l@kdxnl$Cx6Gk-a^KcHspJA}O`5%_tW}H1y95zwR?7vT9wt%{S>@ zgP$gK;zx${r@jj=J|>8)e@eglF7!z-7H|_DHL9DekC|wFR!4P841+`tNc>s;5B$pO z;ADI zQOZh6#>XYIB|W;blzV$;hl#s*7B??@v-*_IWzW6cWd0zwJC~JzYjs$#;mZJrI4KGq=Gbo3F${B-LQ*yYVyC_b0SrV7m`EgG*p@j8lmPsG=z?$oQK)JJ zc?A3(_9zfHc+>T)c&Nfg|AP0@+hq>m5#UT16w@&10VY358PEumo#q0V2sS~8#vllR zxC0Xo_yg&dz>Wo4z-9(1%8?cZ<}?^v{~|!G;XiQz!ay|s!2z-!a@>&tlz<%wl#xM( z(OKe03&8{uJq8>!E)4Q8p}>i-_386Gt0VQU@i(@R+Yik#FFFzsU{F461b?WuBNhNF zFV2FM0c_8H_CjT_+QA5%EItoi@*xl9;RJzLM$sUC4E@Xi6u`P{MyC0 zuh9X)6)6{KNJzx=R;vs;I*7JrX4Jts#?tiLW%i!{o=rAU-(h9mB@St+erUB5@Hj5& zoX>mvX?B*i$?^0WyCh;eaK-{x3K|1sBN&Ev5MyF1fmIkyPs?d-gcgRaf4r9(Gf3)x z_N!$f>2W8V8DKpN=#kK9fIboEY)b*#T1+p%r1z<6C_E zV{!6ABJ7zk<1Bmw5i@>Ln7=Xf(G67}_+bOPGbU-QGNPpXHI8nqnx!QFH9pi(Wkb1Z zenNvs59O};hZ@&!T|T{o52xWSSBUdVc942@_(v8a=f#r1ZHr+eLTxZ8i7YyZ->^5) zc|?rZ4%h{T^q#H|XBnXUPEUiJEF%FG#?OYk|L$pCdroD>kF8Cn@ROK2tqi(0uP@C! zUzGPqmh(5AV=6;l*MvcID{-4MtmDKo9dEj8 z8w6r%sxJ6?z5kKj<%o!gCb6w&Uk?NZi!4s{`Ms}kcRa0kf{61axF?VY?*f$NIJ6&! zApp~bP*aC2Qr7vrX+ugz1E?pD$0Yd6{~Wto8Kw+&+D_%2;(4ca`mI-z^q>HB+P*g$-6g#7W4gKsQb}Vp{FWvk!rXBVbe;{X@lO~Qyt3?I@k>s=tocGA@9nw z3y5ZSRC3I&mQMMNq=!ntE&($8rV4ii=*cJI(Pt=#WK>h{a0K6_W+?DxI3l$&kbsO? zGaSi(zK`Y42nh-Kkg_!&;TNSOKgqSL$B9~rYIok%E|GM)qo3SNd>CHfF`_+G8ApdC^=zwPaPU_nZTT_^B5W|QQ z{6>oOQX?9Y9?dt7%suZb#q-~3_hOsVq(UBAmQ$0El{{7x6V&;Kj9MbM|8MpAK`nNuOH5!elpu+#vm||K!4rLvp0|%PO z&tDjI#})4qT^o=2oSU5tLoqI}9&Fv9p^%2=AAK9B&7gfj7TwjiA^eeknE^?~m>vxF zNB``*ezu38Lxp+J9|*(rT0zJcB*-Br$Viyyzr=uVnh=pYEgftX|ImXGAYZn?ehk(_ zunPqV_h(B6I?vxl?zDGD$vbC!1gxpx447AbQdOd7wzjq&&$pfuQH7fjUN!)>N8Io4 zo!>47uup+qB+O-Szw_*%2E0Jc^t%Q~5db?c6cf*{AGq^I>OlRh~{2584m}eL@ zV59q2{@{)YzSZN$+1n#_AJRf-!@vRTYe)H4EiufcgVnCh!!_GRjmVcf{}2aR|7co4 zZUyTH!!~FI;b*8l3;;hYfp76U571}A9vQ;}9zv!GiEeyr{0uaJWy8N-|IQXz2jm~n z#Q{s>!o$LzEI$|&z_Ngw3M-~}$~?B)gFu;t|D=6()kPKJvO@B8cs0Jn*L2aA;6@Ny9l0IRnh0YECq zG8kdVwnIM0p2*+3cdyaf{KsV}hznyoxGTX;E(ihEMmwcGFg09yR-_X^;GzHc*|!tiQ|#?h6+4oio{pp~ zNvZGg1EeG*!{0v%G^VB{UcOAVxw(0D*n4FkTtGEzm3%)Jdq(8$7gDqXgMkZ9h&ezo z2luL=F+r7%mn zF=K>1xb%athXwji_CVaPF@`-X$bVxGHem+5JNe%TffIonR}hyZa>el%E-;pW*S8QH zV9midnGh#%0mKYH*ayLh|0JX#MwPhTsGjYC4gtm%yKp zi=Mz&ATD_3j$C=P!U3LvO!y}O1~@ErpgdStVJ2Y4u#iFU?a0^IzeD)X7sv_pZ!;0U zLoS=b@&|xMCGGn$*%>K`;4|oK;C6xU@dl5tLr;3=KfWv-9KLi5O+;h{ig)fq;G%`O zCN+D-&pRq9Ylef5GXA0FA9qqwFmi( zLY>8;`T1D`i)Duf8-)r1i?BnZ2mXW~ec}Ip{)v-{^^0RF_77?-@l>2&pW!^=_PiSK z$Id-xAwm>Nh!E>lMOpv~bxI1k)QmNowC@htv)<<6gu&jVC+u+_@j{ttS?;@ylX6l= zl8{EqDjyvq;R#EXxX*Z!xQWG3T4Aw~9WR~pIn~W5smQsr5&ru~>>}OhR~}Y>_HO@j z-p=a78EaSP6{i&~)$JMg<%ER7=?9N|>=v@Cs;3KHRLwCjksQSLMd1fViSq<{%f?Hf zaK*)$P*_btC~SISJ#6Cojw;$Cd$EXpQDf97EMk0CEc`3x7jNDOK;es{uA<@8I20~N zSt0m2B`92a-^Y03C|pTJ6gHLKyYvtAC~RW!3pn79v|}i&0|hg0t`eiL@aYS&h*5qW z2Ype&Jxia?006ke?@;)@;^zCrQBpG=PKR;DQP|hPjbCy4GQc#=SwxT!n;yX8{U5A9 zT8o~ahPX-gKw9gRX6{Hw2^s6jSHWy)MD(dg{f2t@EH6Kan~pC?{j!u8TlVILdbINg z)#*}4e@heHjo^G8Nr7X}9wgv-iql)|J9<~&ysKN+kMe2#F!sU=qOth$?e-2%nSI~t z1hyVgE|R%njrU(V3RZD@pK)W|lX?RBTh1{O60hg-8yB%y&9Ls{ZsZE|rD($ENWBrzYf1cK*j1I<<7Y%UJ5c;*0>k-ucU(#E2wIIi=- zX&*_{+oi}flgh@unr+JGyK>CvGSt~OZs4&d$(0NS)5OUISL5biPZ?sAR%1?^V8&Hb zuA|Z;r{RqV-g4MSe#9}*Wrm#fy5=a!-ma+214{Qo##yn1#ER#W?-;-R7J+Y65m+~UW*cRj^+A7tAD*s@-`qo=vlNWfyZ5*=)ErpU5q z1-%eGdQV(%Ec?-Z$ZP>HYo^SKBct`Ey6rO~-NkiJ*JJu!S-+8m1X;0CJ$kN-CIEl> zX!mL$>cQw<%~KARcxp=nhq6p=aqoTgB-UZ?IcB;B*AU##*Du>Co|;QJErDwixbZRs zwcgyPtN4ZmeSsryc+y9fe14(ckN?&2RzJ^3DqR8F^Ba7sbvIUt7|nwUsZGAIOQXf8 z^wh6z9n#{k6>IcLk66X}uJ$a*jK<`{<3L~1xf!nokukCBsknuby~N@{_o6M&dVQuk zNs0Z5=XS~hYZx6@&(u_!$m`tIsd{>U!F@|&48CFOEP5K!IF#-8#bDs#(=ml-9zMMSbp9QJB;)Vs$g#z{u+A%&4 z+;bOwYP%mSU#n9Q@>wJ19a_OJe^Mi>S35s;B38_l$fA;i;@jB`r#NDXq(F}ppq$rz zR_E$bIkL#fM7`VZ-$?ftJ_*VxQayFvb5k`pyYT7aJ$c*0JJbtIVPxcY;t2G!-i>81 z1j1EX4@8|DC+gMUAMEa<8&(PJ^VnoQHtni5>-=cH$c7fNt7(Q;D4It4?RiyI0qP;} z%T-cTs2Fo%)Fw%>bFQ=RXV%l7?pf`i%bg86SFJNxyME5HW@Yr^jci&L(Jhvf0&9=E z8`HpTx78_ML`P8u-~Fo$W>?71T|RYrx@T!iPOEN_Rw{hvYgLNirEAR`mtW`H6=Cg8 zE9E-oBY5q4stV&m3UR&Cci+kB&DH%=8jpr?USYPt_u!&iNZEyJF z69gF_ALja=9Lweo0_NZXTjkYZ&#_F~nx6Al2fVJ#448Z4xHak{6}gvRC($9=_F*};Nsxr;NRDk3#6 z?FdV6>&FbHm1>cT4IY9Ew+$9Ub8k90_oU;botCaE-Z?3C5%oz zWnW)}?O_vR8OsiUN^N`(1ba)*s^yEuBd4|xW+AMq+fsVUYu#NZM7K~Dm8oR-cUPw_ zz~#9HmS@YpN3W!&yPzbY;^HIYNiauw-0b>bV#QtU^q}_jxzk~B@pt10Bu&+xshSah zkl?nx4{I@buARcIFSNJN*5hg49>o(S1uEMK%Vu^~iF{(kMa%|z=fC*2)`zr*MN&zE zkl3-T#5bG&V!UJN@RNi+a^>UFxRqb!mq86NJLhl#_|);Nq!+i|Xz=&CKip{NAIe-8 zVhwB;bP&Gny^{EFI<~Foo+$6PvFyh3Q~m?4M?FC}Uv?8XIoqSbFBi$2)V-QFtWS`{ zyLq^^-)tp=J7A$4WI+w1bF^!j)OK>X1&bo(TgBVKC=c&F(u`kNogJTQ=cSceQiOKs z2H_`t#CFh1;{e&Bx&1`lh>~J;6XOSq; z7yquE;K(WO_=bJDU|I;_ie;{T)$vC~>qK+2#iz;X#G=EP=}w)>((>7SNFI0m#$E~B z+3R$}J&wcCpGkaCeIHCJ%ibvto~AKWE8bEe5mc<9iq6C;WzTs3!r-A{>$q#ta4h-v z`95+npTstAxrcHnZ1bD(A3HCxJC|BtSC=SBzn9seyXPvkTe=(V9ZK#83Y8yRE*;J} zbI^&=XTa>}cW9slh1V;;V+^Wdy7a?j1b59;V8P~!qvYt_v^w2IvS~#9l{)9Or z{@lX$v_Goq#Ra%@H|1TO9o>NiE{^bbTx7KOKYi{pe+)Ts4_^=m)5u z%s*UsrtwI(Md0`JZUn??QA%9DJW-f+f+YdMiyl7Qd#5i+!h%h)jPv&epZ8L)XygSZNuz zleX?RNwZu=e`2xHQ?KfT@vq#?fB7s+HqOPlddU{}L#BmFU-m*6b}}6cI_ca+8Jx+> z$u6D=IrLq?6fXnceYYdUelJF;D7QdFoHqVU@3L;Ei*qT*TWRf^m)DXE9hdM*TB=Ty zJABG7tz|fsW$cp$z-0G)L}597BDy4@=GaJ1*3!aR@N}xsHtY6!RON@EkX)O$d7W`5 z*~!yNm$z<}-3!~ZK_PKH#p65{ZbzCb-m4{-^ZX&El^%MtON!Uio9|@GpO%#%O!^p) zFS+rm@cyfhA59CVMk+2iw9duFRn2{}|HN)fXe-C6M@u6bhrZjvP=R~)RhTgd;+erdiuJ$JQ9!EZK)&41&de4G=Bu|dqS z>nRaxrV9+dd~4@7u7o+|Cbpd{&2sygsTu0v@2OD93T(N=K09)$;E-XsH)X`rg+d4S zbU7+YeDNFlz-R=%r9q*@^;cF;oY7w1)2zj$*hLPsBhg*DA%(J8&lqgzCQdwOsyvrG zi;lbBiksG`0=$$G_p6UB6Ye)hin!XjT7u9l3PqDft(>Aq@zWH;$6RQ>w%xTAB9S;{ zck7T^RK>(A>X79w68tM-YOe^FtOw50yk1MA;6X{UY%#bxseQjTl))N*Nv`1aM%RIh z^b4QE=<68bpkh(i*6!^6!8xUFpVLCTpkq}jO9zHI*5a;~P{fvX8`=ER7YKr~N( zhC0|G)6ps{k^V(uBjSbemovB=j-TH+)Z=F`0R!+Rp|P~O*o)7qW2?Xg&*2WzB^Gz~ z#(7D0?1~&NgHM>?9CsJtxlAhk=zNbG~#-m$?2Y)#`q17yLV+SMFB^eU^?W z>0)cG0#V=-tztKsB=%{4VfM16-uRqH<;vebd`--1XKa_!NJLFwJ(#7_p+sR1&hWqK zp<~_eo5{g>8zt+TEB%cI)WJL;E~H)M72Jp&e42Lt8+{two_{iBx zGT9W|eSO~Z>*@Y?gUUyW>hfgFZQbYHrw8AZaT8qzU4K?po&#s`{mWf;uxgU9;tMD+nuQ&w=zNQ@sa{J zdghASeV>q`S+fTv@2@jx33#8J%UXVOzdzr+1%>-4;MQk^M&upp| zHbF6j*#<2Mz-NDof^&RQ-LEt?Z&^Yr~Z=2J^ee5OWY{X^CYz1@`Oy!_34X+0VB zw9f|ErO2%rEf)_Sv=bbfo7V51`}!_-CSa*gxGwNcXT!qwnK`fed-GhJs`mIFBWWe( z0#>qD{ftu^xbFVf ztUTS(yhUDj`;sr42&Pp&D$&K)E+u}B?p|)NyiZOSjdtA*t{VE@QF5*ZJ7X!g&gz=G z=NDP>u3Dz7dL7T+r;IQ7>=Fc0SfcH%aa3^qQi zPta3cZ!Er#f?%rWlx@fK1YiD9un=MTJKlf|t zq(_{}L*1OsOy085YVI75F9%MFF2C$7U3-SFde@dT@w>6-`UtU=&wO~}r}NtDZ^`;d za5=D@*0@F#+TXrwFV?c!oZoBS|CZnVq)!#Y>EZ#3M;6Df!Ud#{Y6E+a%`^VIn@)mj zh4#t2V4*d@^+Js2GC9wUhfiaxkRM%9zYn|t#4dNA9l%v$II8Xk_#^mS= z?@>_(Kk*9a2%mHbt?3mvUa^xh)oE3~$E%Qu%U@K`-a9WLehzHFc;QBdf-~=Zb*G1l zWjsd>w4c8g_E}@}6nf=7RttFWK_27hZcH*O_S@BV#Z%I92`zg0a6a735?V?LPSIXB zb>rd^7dHUBDDO2!-xIi#t2?I9E__6$yos;G#x(T%b8l$?7n~_MJxzbctQ0HjFhNfH z;CO<~VXfOzOH2SK*ppQwZ|*C|-RWtt^6b(bGS#ajNU)~qH;;2mIe3)#1s`bBc|@pN zUcckx;K~cep~*=$=Ce%X2^A**)=~!6vhd&*b)oAT>_3x1F6XQ+QW9yMr#==L_l@uU zb;28aZ-XN$<=1nyPfSBUtnD$ld8s1WhF9@n?cJnsVPdst__pX<@JG|ofCRi_E!MY} zcv&_Blju{y8N>9^!#>Yt33)|gm<0Cz;oXGRxjV_dn{%>VUbneSDq7bcXk5NRfUm=V z!YY$&$xtdQu0MJnSDV7q4fhYT=buZPDh$`Z$d5Sb&ZTeSeJ+!(7zZ~WSY7W}kOK(E zx*+D?$x?C zf#!O0E60kXfI(hU&Mm;XH1_=^ySPYUV*JD4{O&GWjPj8d8WF}eiVdNQrg`~ATe@L! z;`JaR*YgOtTq}E87QFiOd*Vc1?1@rx?3`PVu7uM-BWry2`tIFDJ+}8onmp=$PBAdD z?yaS_pD&F2`Gz5@kZDwa@6s`7qoc?}o81sfdSKyP%N3el?er$^@mfaUPhhRHrj%L3 zT4%oA?a|;`)9Lae=Q81Qxh{&w@E~&kX#**H&=g$!c5a4yo2MZ2Tk+M{N0YW$CR_O62$JxY)h2AYJ;) zdCJrWfHYvDr}^ehi00GLiS*N5`-NML6T^Voh>@V zFuo@NoG{6Jq#EdXH2N^9YHG=|VLQL#bL5W6<6U*kZ zLZ`ze@{x*OJl(Nc`;;hgdVNT@Y`xj($?|4^vB0_hGXXc(!SQIiN34nid%qAI#5d*! z{m088tiN2yTJKpNc-g%=LYMRT zRZQmbZ;oe%>|DPqyJ~z_w95FHL^hJkwo!3@xk0KZ5oDr3hDaY16RN6EQEG4mOzo?% zVn5h7e?5=K0i z!J>J5>`$fz@sW6wFkfN z{J*pAx#zyS&U)+J_s%FiU3=HAuBxuC-Mi;E(=>!+khnrch6Z|X#;`_9@&rw5mQyP7 zO5?xZcuR4G+G$T{WOLPo=VEoAUt!Gwrt+(9=$?2U=jJH>8`8c!3>?WP^#CxX~PuPJwXLV0e+oP!IhwzQu_Hh>v z3%Q}!6-+S+J6&wriMUJl2N~_H=iG1DMnd@L#Q*5;k9QB?jorkNW0pz@7r6e3Ss3y+ z!+^@xu0oON>~%9z_cP-x^aE`rc1QPpxVJgEXk{wITz5an{<+`#M)mRcK4i5_Zu-6U zbDWFI{lj@I)&^s}*Q6>SZ(`7$`hBLyZS9_YR9X}av?0; z{M!`XDph@@gJENTX+7?&;ELO7AF(&9eJ* zD)6cxTgKH5oSnviY{?O#+x9UV?xV#P#olst>XR{huu^vlD!~{PA5Z84L6K z?T_wEOLBBfO1O%_!4#R<{Cxt6g2eBuLli9~96CxCeipu0$FJ_+_$oN-JfSmdX>wXt zL!S|^7jDZ%!SV+rtD6^CB7RaT93wfKQaL28Oi#?gBY5}zZRM3np}atonkvVLg}J%T zO-9qb>6(m<4D$53gHXq*F?_s7IFO=wot4)w6L+NjP*HsM`b{WF65o$--F%xVe2&SQ zKs%)#+`N@UG3C~Tg#0Rv0OsR~#Dq3T(lLDJq0u-tEY}g6W%;>z&)4~_Gxt4_Y2wUE z=Ti&YT}v6i6U8L(s>fMHsyzY2xWNbG*k%7{4z|A4XogC4VEgo~?|0P`&Ggo#}RR zYsSn6X$IplAw1kbc!Kb@?MZ8xI!krCYmIe_>#|ed z)VaPa3Tp2X()IM`H!<5{jLFcLKb2;g$C_Gx6MsBR<(^cTuXzz))6U+a%rXBMV(M`o2VABQ%dZg&lG`v+c8%yTeG%73d>H&_)R zCL$SUU2Xit3R$_Pwx;^Y$}7`DtmI9kzav-eahlZAA&FP%ThZ$jc~QpK6$-i{^TCDxY z@T99am^sI8$o=7Wyd6vBZ&!ViZqDI))-( z6v#<4$_z;(_hU9s!<*P_c?Z)c`%Fmc-w0UXI8YS6Flf7jZFV>@lA<6T6qLTJW$we8 zefpUACz!v8lk1l&ld@SeQuWCd069x?cTH{tuZGLY)>T?wM`>&< zHRv6+m8W^W$>qOPBVx4b*r;LklfDop$@ulRUrz5kcos16Oyk$sU293-cTMvcqww$& zzXG>oE*Y_mh3A^V%J5hvBkg$5qM}ox>#iadzq4T0P9C~!*OaX>B5#p=@0ySSr})ARR?7T=k%cu?oAwOGr<@%Z~&Ax_nFaP*+u1d7@P=PB`zC*=ZnS-hP zV4+2q=f~Ts^G5b9#G2R&0_*Cm50#A8*5^{@@(SbpXAcH8^n7Q@j1%1}y}*AVrDZ<*jee`D8_Wbmsv`!3 zpHA;R-&&Y#_iH2eFDi&}URQUhFY>T<$?mRCzL8Vgd^>Nlc{-c-P1huik68sdc9cGP zId#%#Z_}1t<(_cOPu69w8gKmE+j9Hsg7vOCdU7|a7fkRx2kk$mDGX>vud5(xrz*{X4~0?`2trh^$35w%-`yG5Bv^Z^Vz0n z9J|yotoS3f{P}|vD@G6BHirQjO7r1&?X>pl1DP6^pJHFS`R!}hgwj2E-xdEtedc_k zDeNX!=Uy2p6`j{}GrP`oUFdmTqQgVA1@@Y!8I`{-agrERlTMWjuxG~Am44Aq)ia+C z6OWiIt=jL7y!G|^Z`$WfoJL{$t+jaH#JUek&XHDRyk!{v)TB7RV{8;qZw;UE{@k3G zt9uo{6I!#z@s&%ipuGKS`=+pmVrx=^{+CBG3FX9lue&TAtteJ$d_J#n;_y19nQ>33*ZHJ=L=r>2QD4Qc$ExIo zb=IzXt}4xq{2kYuXL*JAUbr~ke7WWIYK4GKGI#GZ)_Qba%Hc5O6kSPFyE2x45vQDR zmtj*NL*0Ott@D$^2}|aks6K9r92ND_dlmZabMUNVMrz%cog&d3ZNu#F?u7_;)CpLH zpL<`?W1X_k;Y!hc5thCB^|TD4U_0r=ESM~H3~$45`!>FLI?3p2R_@;&K!a*rMkLWCuHt~b0mKS^Kt&yYb9l+gd-)XF(1$7 zw944e*bkijxwD(TR6Sr3M9oG%Xg^H))4;Av>D~5KGmGv}lyptO4~=!|OPqb`u2sPg z#X`2klJ-R$xrB4K=Nfy@26SzPYNRhlOq$l?K3bU&{K#6t1b4(${I5x`a}~}d7G)|( zdNA}XJW>k&vtUMgNl;yIcBB08S9MeMmV<*z?GVAY5IvEHE-@-KxyJXXed0rj-eFUP zWq-OlRV6&WQ^I1oJCtBDm-Va;J+p8{)W2g=&?4>j)8j*;3D>@g=-hmH-sIl?M@o04 z;KZ$AGt*zK$p);gdp4Q@ZVL_v>h~O;7uQ})y)PxCE^KjcKdU>~wj1(!cHwH)qgIlR zx7~3n>JslqcB4(tC(Bb+x!X1{)LCklF-&pZkLY;JxoRNPtIpWL`eyF|!vn7_yz9*y zvm;eGde)2^Z=~HTr=E1W6lU!CZe;XrFK~Gy(3(d$%|xv9JDOTR-2>GyOV&BtAIJZ-i2 zv#ba92YwJ&Ta*pIDSNc)I+}pBnjIakoggn!@`HCNMIAoCKOI!?PE~&IY!_QqW8RDF zzG?Y3!eSL12ah(cOh+bo`k9Y6Zp_jZKO(Z1+uu)57_eE*3hhu45pXF=(n`Sg#E)gM zON*v*eNFsY?Xsb9yu6F6r%bWANt%doVuf1^laOb{#x3$2WTJfaN~ImGyM;UV^mz9N z@b_8RYp{M9-mi?f`|Q^`S(N4Uca_Oo#xah`uC+$}HknGdgz=3#_(Wk z=baG>w07(96@!Em9=J_$O{uDGzEQ9&ksfS1!)bhcs!}q?a3|m?HGjz?rSq2;@bz( z9Y5cdiy)=sxe+8dK0PqDePi!Op5BP!GwG1hM-!VDJrzYRmTF#`yP1MOMn3jz%q@&^ zQQ+Ddo$a&JWtTq_8D2?kgDlsd2zliwoL2NyR#8;3lIChkNYC(<+260?CsI%+l(H+g zUAadygIH=DMn12drFI@vw+rYOG(-28tGdlcGQEy8ev(7E(#gD9?ombQmI)73>3N~f z@oI}NFSLx<75$Vw>vciw0rj=FZn0Mfq;=2-ckuKjp2Wj)z}d3-7tH`g2}c$UIv;#! z-Y9-f;WOZAYrJ~7btLdZD~yOoI61eWN!&?(c35b-_{iVfLj7+7*RXto@y zcmjPeyYomR=qa9hN8AktMt8#=VSH(4tIIX_7M%|$$F=9Ih@3+B?)NyR%*}Ptw%ZKe zh_8#?daoQ-GZL@Leux@3P`umvrXwhlN=!j}f4$^QtZqe-c0hqOQ3ltj3w`@JbX)!J8z*Z(saVfSS$MaK|NR1UcI#iU#tUDU58LzdLJD& z1=bVX?oczAzWZHmYnQ}6$n`YDmmklpF?hC_#4uEDBZ~LP2OfY)e(G4fF}NHNFYuOM zRb9~~BZ%jsM!j{EiKC(9vp@scOXiN-| z-4%}Nj;4lA64tN-5IYS!4L|Z9Hvd6(1^Rpcmw(yL2lm%tX9Hn>SOlFdOs!y#p#Nas zAIw==8f!;GTO$i=C*U)E^vKYPR#ey+vqzDPfwdLO4O;^fQ+wDB#KG2(jhCAZq4jQP zsIdICvkuD*0|P@lI~E0fE7+96R*#pP7B=6owKg{tp|!HMGW?5T`C}jlEsc?>1#F9Q zbP}nv*g9AMw;}A&WBusSf80KcgfyapilKpnt*N~WiwtOMk5nYBEnzDRWM`Vcgwx%; z$;Hhr39@WKcN)Zhv@|Z5@;`7ivMbYF;DrrCEDT{o4q-N9QDGZ>dlMQsp}@sO!^&BKp5`G<#x52GlQ zM=}ta=WiaQ9eGS^S_(X{k<^jSu;~sB57^1ii?NHJm5&1|l3e_(oV-V-^0D&sK@HBZ zgCqD@`4E@DX?`ArVrK__9#%eHP8u$5R$eX;12zB$Hw`C0E3W{Yg&G{?#Sl3TqSh)l+ zUBS-|d=PJN5YF-NU^w}?pkYuIp}1Iqk_3tidJrf9@F-9mh*I28gHoOcLY)KTaMN%L z9BBn{z|JQL6c-25hpg-Z{50GU1^mGEH-+&5hEtv!+J?YGB=Gz#i|Ze5KkoN$2t5K72!=4R!GApv2H3{8F-&OcEEHN*-~fCE#5 z_yiMqFd_Db2RavtX()N1%P|!g0qo#s*pCefK}Z-JK=FYCp+p>qL>{z;I25kr!$cks zNMrzoL>_n^6DOFy)KY+GLfpv-9f=wBm?6oJG3w|T2hs?*>MuTsh9eI^oYEz%T$Sge8({q34k- zE(t#7h294mYMgw)3PwVz0g3}je=ukv8*xB{ae*%EtQ;`>5DMG?V*v3KFv5@likpK| z9>NEqfCDH=ptwLJP#j27750K;t2QmC0lAo0yaX!dm z7mx?VVH-6}JM56IVdx7$XCpd*HP9-A3`RXnA{9U~D55&}8G;T(1I34U6G^gQ7Npd_ z9Dztaa*37#L^d~MTuI~|#sl;MbT2my9mrguG^A3D6L?^3AT_SPxR4rLha5ph1~1%) zU~~c(7x)Re4tYP4gw&444{-fyPyWw4D8T+l0q7iX4bpoMknjfgu_Hks3-TD;cHju| z|A-4}M+(3@+<1`FM_fEGxDf@A_ajM24O%(k`qQ5LpLZCPU@J0U|CG?_h@qI0n-2z{ z0ML?{5_6k}`yvknE+iWs;1NLX6WjulARM-$Lyp3Y9P%MDsle1A0fH;wJfP9$JN<|Dy$R321r5iP2XcQ)(S;mH9uLY$8)sm~rZuZ0mS(IH4{*mpqy}gx}k6TO-Ucx>Z zRpcXa>|~f%bow>bVA&YntM2Jc*_rBrH_-}e#eu}DO4Ozj+DzZVirRyuWNw{&`VfaB zbXn1cgTD9d@fV+aDa1ZaIiijDHw7YHx7q}Zr{+amJ>@PWG|uNfDVrJ5sRY=6-2xNABsn_2jA~|$%2K;KJb%- zAD*UB1@IaBf3y6*$S)^+QP^*;*sRMKk?UAGw#XJrPKWaC&Q-K^i#;sal`71RX_yPj zUZe9uO+~J~Ba+(}-Mm*=OU66lhihNIVVr4qN)kvv?&PkH-=7u^T#JVYN@ZZ2GmbQogr zLOJp|IiJPCdm)3uxmOZ+aVkn%%@ozUwO zJ5=>ez5}f1b|7jE^+wis%U3^MZ_BRtJsv;y{N0jeQfxw#Fcfz0RYgHx6mI!V6xP2x z`hoVHv2&53<>pXC$NI$xz>P$BIwsFyNm<^DaW9?ZI`9MQ{3a8IW}ZA5Sfp(C&;Iw$ znUNK#vK+clc*Ub2lVGEsWUN6^A%e24Y%wq+<2qdjze#*+%;VLQ?p`R8#1l3tXz%IO z)C2?CEG4gmPaF3bzQ3Mcz4A)R$K*MvN!XNQ-#JxiH!xqp?6y*<4fa`0np;>8xH($I zxQ9~mQ;I)0j*T~Z`VIib37a4SqNL*kh_MNyyiwTvIOnQiIdGNc6L*yG>U|;E_*U(U zq-RKIJ`p{@mZ8VR6Mw)B*P0CW!nL=(;97CwlYkYV2!?Af@Rh)|#4ymWyu2ylg~FAB zzzJyx&Za?m<3c2yq<=*S)$e%h1UB4O%~qtf@Es71sQE=wodCCO;+4%l_)7f$d%o$qrayQ+Zd zfh?w8qme?6vAvHcX}lg!r#)Wk$C%7_*5~ZyQE30|!g1k9zQU&@IgzlQSN~=htc%fA z3^1|BmiIj$r(;|ihUc-zHDsUg9(A@pTK^!a_T zREyCIRT2_~1vY6yllex+YoOYF(uVY-L*3AY2O)cGD|xj;1x+mYtvxP_g^NkwIIX>1 z9a=B@ml?+QeYRrKC2&|8vi)}1n#HQ)$6i@ZP1)kXpl_Sw5_`qrRz*FIb>|g;KgNw5 ze3$7ZqcSL&`H0i{#i0GHSc`?Xc3=;k+~*iBW3*9lb>H5T{A2+`c!0NJ(xouFqpZF?W^gyF zuhpt=tKlP2p1VBwH>!Xmg)JzAPw2OOVSSpwcUNO3H~c~6`&p^U-+C9CoG$T8=-N)b zD^;XDOWl4O8z~K$mn_DwUVYqqXd)&6G5SlBfai6{ zy2qkM3tcrUo^;&k?DJByQzdGpxtY59OJ+`Snr@aMIuBDP$vuYV-v=9o4x4TEZnX{f zE(`=ZT!whLobK9i-?60cL=LZOqiMVprHPiZ47hKxg2VA=>BDL4c zjg5EWs(V~1+h?B3=337)>G8DR(vaCG@2RT(efTY?UPt&F^})|-vuSAR_g;&@^RDc< z(r=e;ZY&hiNpJ7W&EN4NR^j1 z6(m9zXmfii*!Af?4$4tik2_)B;-9mbETnCJVc??#Uk9Dn=hrwm zSV$cyX6)Y=Uy@An?Kf6_&kwF4t&er>%|AOFbjo_}x0i3`*b#jy&+0exN0r&8a>9;~N*luA(ag5^v(e$yo|Wl-SrF#krTo6bh8?Ta|b+#A|9ovzmwX z0%g7gD?*8~*NolrvNDrouM4iex%zO0@J@)LW9ir5XNg$U#u+;ts0i`p;2Y|#Bi&-E zf!g60%Nw^2sF}!hn!YJL7<#f%NF6?XAfZ#7y(-kTLHuzdGE&SlGJeuZ$-XsDBP-$e z9#h=4wB88`6ppb;dr#Z&L6G4>WqHmF!9vkm%dG(us(7oGo@azZDK$HclU;ft#B;H)n>&$<@ zy+UO^+Zu7kTH%?p4CB_lk%j(Y^LleJ?;R`XzUQQdb%P&nDmmGjEDql|gMNQ?Iy&{~ zGlp+ATD8YJyS^_Sl=uB6kKoyl4!q%+w>#0rIb>g#-ux|^{9~<-T6ef%m6@!<={JdK zdqRuGl%Ic}^GVH5U;c2aHnZtwu6WkefvI57V#C{~896l4o^NP$M2=%?wx@59?Fy_{ zu|?@@^kfsLoqk8x&{vl~?VZ}VR73hTE~{tnp-XnG{K4+m)d>E$(4T_>0kel1PRy|n ze<-Ju4V~2(JT<+@s$3(ecTc{?X$e0@MZN6Ros0)Qx(uVy^f^5bACm{F+SXjHS=wK! znza|tm9H6IVwuZ***)*ZT=MkvX)S)vzizVhh{B&OQwcgy1BT&f(uvRcP&Zu=xA zJk`pZ!n@ko!b5ffYs-^`4BuOg?~V?C#QmZ%|HXXukbGyzDl5N|qR1Pvm5CTq^fkh? zrw(~eJG3nle&WF5t=j4DG7@voE7yoK7$_>aE~GXTO=d}WrAAhb~4>rWR{UqYg%Na-3%~tgQM2Z9}4|LhNHJRzGZL+TqgMYV$@M zW906*d+e&NO>X%U^eeHg&}96ZElgz8kSnTV `?qv3z5F2w^93OFz4ie*bU2L}f zUEHmv8g2(T(r{bBewHd?rRYPVPSWr39UPUjEk&s~zniV2X@9z&OKs_&tN86SFf&_V zd&jWleJZ8?3M9aZR++Ky1T{Ltv}qLtMqKTdoz$Z&o>(6%%-r6g525a+nx8%lH&fJ;IH{v5kj44_SY;PKL#mKMr#5GPvzv9AX<#4->=} zTx|8<8?rsEHwO}!r|a9NQd>+9WCPTv}( zAvOF~Ss^*}OJ9LT{qpzWL19v-Z%WIe-`J{- zQkwDbm{pq|-0a}_IaoVnrIr+EXHTUQ-Ls(@U4a>zZeB7=aZe8< zJ%8?T?|qPsV)ECl#2rL8YqsGoRyR}TSIunQ*~*MZUp(Z^vJCOk3@YmgV`2CSRvO zNh`W;#IJaQgwP;=^R4asSp5~`CflJrmbgg!?W9LS+&WcZIQ3@ngCTz0I`tRssh1w} zg@)d_KSv00$MJ!$oFad=;hx5l-sA6${;upDhi6u4-;$7nENx@{AO$|(5_|)zc`6EcNPmbPpIsgaJGt^BEjT$ zI`VuYyyugFYX|P8!%4Qj4nZ(`$aZ^c)mpxEu}g98x#3;XkPlVAt?)U{wO&(E47-?h zG`szPgurL`4kXsR?$^M9FSGlDf{i-Gs^JtC z+}IBp{nXTBBWy~4>kq*!)sfBkS>r`&Cx&(FHKANrYaVNb++G{p*#ecbVfa}wxZ9mG zM#HCa=fb{;d6ZSyjkTOTalXlcgG4And3;zp?IJkG>X)e$+eTQ4(4k?28jfDPr`kON zn^8H@Hd*mvlKQNcI$eQJ<&gO2trkyp^yF~5PF?mSyr!~|XufZ$>FVXB8Su8F?*4qf z6?8{MT+J8PaBYn~hXfX}MpDhH-X0$ZS{kW`lU%Zcdo%Xtl!#;6XR=#LKg>S~&+y4_ z`DnmJLXlcm6=g64(^5w<|691%DsoomMCZc4Z521WP%UYQKK!ABs;U#+lCWcCn29HZ&6Pn z2Q#`TMb@C(i-&xL8l~I5Nly=H5(F6*>s2lCiy*z3P8MFR_1KHd^t~oK!}h@{@=1^Z zr7yw|M!fZV;SAn`Cju-j`C=}iVtH^a_1?g*yiME2cbRonns>)V+pDm!$dE`f@(@c-`ipd?EM6i2@2GySA ztj@=D@5YeA$#eVbTR*Cb9b^ZC!1jvB0exX9lz(E^=aSMx-?uHrd-9XRBM$Mox3uQY zna2@tJ@kLCfWnd&s=4)cbFbzeWeQbFnB>WWq`Io0;+DD>#9L}%rd8dT;S`sx@0j?ZhR^e%N>djn|+a9`{ zb5Siq>*PT>IMEOEaFy1YBl=XddhdKY$%p$V5Bv|>?=mOqeW04|xWJDj~vhSR$5fKl!Lw~NRIoSI>a(~}-h&53!?4uKh>RZh_ zq;=+iFaX>ot{(ARh66R zVR@|Qe%DH^rmgG6+^iw?RpGQ%jI`QivEv+Q6`xv z?B26IU)P`XXqdr}`YvxcQStCrfa`Q&hw8X)zJUukZSAY)Jqh%#8J-SPqFx2`!dv34 zE*GV$W7tto{LJgN*4>SYasdCC~%*EH>pnQ;$xS3B)T4jT)sZx3=FZ&&e5u>qR;b()@r`b-#_(OAl_oV zQtx-;T>@k+CEu-M-aP2vvNK}S{)q*vg47iKX5k;5@~>Vwjok?ki=6?>W!Dq+CZ-?G zV8Uh2ScGA*uh1ACp1-1=<+c@etT)omStt{bLA@=bOC;@`1RmO)C zY6g2~y~>ub;FX5=&%w#HjF4ac?H%y?#g7|`GQy;%qA)Ux{OwycaPzcxPAz7)G>wRUMlK|X zUrnJDN4-(B7W$m=^st=gu$n-yci!j1oA86GF!yw}gzP=l$7WY`-JDjWB{+u~x& zedX@_Q8*;jR#G$bbUD1B?eJ%e5ph*5Su~4aw?(4%6xC1jc4pjuSe__pjT}xRdil-t zGYugQ)>o{Cm(R}b<$V}0`)uh)W;@S2k+jr|JfJoTHoxK(zQCIG(!f6``c(|Q7m8Pg ztF~J8a{25Rsf(J9<#bBH!8aaU0`Ksz_jc<(4o%pf)r%5w3GJ({TEKC!OJHu8J@szb zKAY5_RE(A`MgGB82Mu{;CA!JeO6(;r{xNY+a{4ORY*aMAatJ-ruo zidlG4{MO_5F=U-soEeupeDbMEyP{}vY^PHjabYr945eGTC;x#{<%A(DL$mC#DQTjO?9%U$v(qt@PoiShrmsAd87!K2X}1_KDy(v? z)X5{p4kmg)^}yij@AR|Y8l_Q3eqr^gdwI+aR&;zIV0|AL-@y~7fpxJ5r|*3_0aZMh z8sj-0hb6>^FeV%RS6M&ZoS`Uq`H}$EC#l<}bJugJom@SavYvgS!3sg0a9KVHOKz}A z7o}Wq64n(dz~yIGM@eAyk_g&MenfH&RxfYE0_d;LjGzP^=p)s9MHQCaUcv%fldlpi zUP^)GFJ3F8!{Q|k#Qw_@39#z)0&czM8Dj2SMtR?W?xGi0p*dGm)m;Xyh*+U-M65? z-Gzuf;C8l7%aSLTXvu#cQ|w45i5i%cTXM(M9qHQAk0^EMZ!2KZlYC$TihgVQG5p|w zZlPWyZAs8lYQyHBHrcA#F$3=PD(&;nA7__;w%7_G;@h-H71bD-FlZ322YSm?*tB`h&-$drEP0of&8Uc@aw|$Yaz9uN+zg6xH>VZdjk*M##@JY{ zLMPKkZ{`q!%kY|5?xf0q-*&MAf9@d>+-F5pi}C|##`#otP3}Xc)5N*^RpBAgjXJjJ zs=TURqEDN>S32!Xh;Ht`?h8-C$HjWV%J5k5oGdO;4gZ$EYNZ59rTG``cvKM{tp~|% zvnfefrCdVQ`iU{YC4TLv7o=et5F){{X4y{$Lf0rQe8%X!NS?<1xMK;;M*h$x_Pmbw zU|%4xyEgR};Ytv1SF@lW>Pk$1Gj4Yn2z}E`o_rdd3880-i#-tts$$#onm&c3j3*^{ zUJaK>Y%}g9Zu)VO*B(9w1k5H9ga-9*aaAO5a}kc>*&M&>#v|yh9}4<@zgIZ94WYMk z{zol0cJ1@gB88F7$3KdXk4&NT=#iq-d%f7U)M8B(llW-;Gwk*Xj7DxpZUvA?4L^xL4e!jsw@adRr^`N{)Tar< zgTX*Vk3|mSf*p7J{y%{HykVtp z;bL!UVE6Y&{rr;L$VdJEg)mQm5+VqaqY?wn1mFV#Z{Y$+5C#Q?K?F%2;eZgl1qRm% zfChkF0N??^-#{q|Ula3!EvKnmFUM=IEg!7yR0LTd6D z8gvE!ftCm|2UCKUaO9{2UAe(xXdA2tU5@;Q(BPpXt&tk&0ww5zlt;S!;lyBPI6)VX z0*IPFeuJYJU=#*XgVYe@C-@yH|49AA2`wS*W3Goz29p3J3mpJ3K2RU2BVEjo0HxqU z&>CPue1L5QOc^&jbO)edF_0ZVGw~vDD}f`57tnwhI1np8pa+o}ga)8<0C~#ChjAGo zErG(I?hw2jz$g(47y(=dTnGXc&_G}kf}z4l0pt=p=z#zyK{`+fS_~*?`3UKT#2})T zBpl>Gz(YqGBe+%!&KPX@V;|CWh;4wR0+ikn3XE3(kZ1@(4lD*t81x4Q4h91NDu5sp zzyvK~KLRO(tGN&;8gv7og%D^ZfPoQ;9byr3WE+4;Dk4Tf&y{~ z_>nP$2uI%dS=o`O1ymk52QK41sfij@RxCkHVGEcmcwP z)Q;>&Acz3V#6X(`09t$GCxEp~J0tOg51u%k`LBa!IV2nE4fC=RWlqZaM1iHuv z{Ra-@!@w62hd^&~@*lw}!JW`!90>3li~=8Xvjgz%ZwhfPsPX3<5`PFP6~U}Q_XAq( z$b1Y8kr%+GN9};FuU^ZeDl7Epp zrc)tckPbzF(nyvB(U{zYBp6TvGi-S|5ZogM&I|^F@{lZ{XQ1;ipkg=%Msoa>ciJEoW0B6zae7_w5nM$nV?#dB^z=e%~JT?(g5XN4*4Y6nX*0f5*hy-rCN@+J*)q z0L3pMqkxNxoI@Se88B7CpOi29U?~gtx7W$2`E3ag^d}S%9_l6hjy@JGOzg36h_KLg zC~DB+7#8M*xeN*{Y#iKU$4}s$JcSPo#e^tqEF2tcT%2RakY=#l;XDeL=os;3jvL2G zl=V;0K0e3k{VEZUP9py^>D}+k^jr^ZeNLVtBd0ijf#C|{RiesOG^5- zjI4^Pn!1MOJuQPrhDOFFre=2b4vtRFE>C=)KJ)W`9uWBYO;~tDWYpW}q~w(MscGpM znFWPK#U-U5%gVph*3~yOHZ`~W==|B$-P7CGKQ=z`YjSFO=J)K%>e~9o=GOMkE@BsA z=U=ZQ%l@5RL|_*-E-nu43B)ceY$wEUBHUw_IgS(GP(Gpmn1q(o8}FRNtHk`zC+WEE zE|WgA{eFs!o_ma81u+d{+5ehhKL1;m{cYI4*)@QYL}6oIIM~=Y$8d0PjvYS+uj6>f zkr&=6Jk0CVpVw*3>n!pj`1^$hAy^;-7Z>*g{3paeiBI@{`-L8YZ5Ig9{ixG8SP)D& zL?|)T!G3Nt!GOVL{`T~;_5|m)^w?pxdD@JxY{5rb9T7HqK5}Bkll1$ac^gj7g?xIW zm%Xu5zh}LVwf%T}bw`Y`eDIwKF7YMpr+CDxfr1b?y#H8cAC4LXQs9}m+833g$BBEQq6mp zZcXNY`4H(yuP-hCLZec1U&H6He{n|JIk3-?n6bV-u1J1djjlx;BrxsXpQhP8buu`Xp=R;$UG2UTAW+1)7C-Y zCjG-r;lsU|a);qk%JyM2YI{5HHu2>PJPLxJ|LY_vmM-hgd;Tsn0@k_ai?$n!yNJ*&SDz>(#n8 zl5T02Mkhw7)San&qk_p<57XQa-nybuH(Yb~rbf`H7vKL$_QcAp@JaYhUjOw*lcWht z^RRY}(A9g=?!}AUN5<#RSDgsSvbw@M!{asgav;m+*=78RE9_^*KQ*{~T9RfyS0FE; z@z~Q&C}F;JWEX$PbA%U-+BXXQ2lbI*+xxwxRQQH-5LTI1YnVta77>l_XEf@pdG@y@ zZQVli0hcAqE}i6o$LAi4YFt`iinXghL($WEt@C~tX=KNKFu_0M{Zo3@LEyxp=k$IO z8Z}|>{x9_q#asI$2|J`Ug>0TPYz}CY+W;E15-s*mvT&0*bO((}SPep>g1ZRtP_t;~IXH}gsvp4Q`Md~y3o5R#VQ!Mu4wW5w}J;&8Co-7Z#x@b|Z+ zE=%crCCp$jpuwp`DRSN*P5I5g=+Hzh>tn?BPy3RkNx-#9^%=!!nb4vFnxTC3^(7&_@`hepwr{WAzn{z;k#_%=rK{9Mu29?@&2 zFSzbZ7KLBt0vL~v>-v8J`qkR5v{Afa@cpI?N(xuu=@tN}@3>e37v)wGUA z{ZC@4vh za^Y~rhndXT3y0o8VEvqJfnn`-QEVKawe+EM%74;V2J;%8YiJbP!5TRlMI_yugGNms z>g`Rj9n!vijb06l&>g}8|qu%JQMWZCo zbx*4wul%k4Ov~y=kb-EtQ1Z^^Hop0o5{cWR6>2|^E2g_kzWV}WK>^mRtW-QQ+&h-6 zmkCo-8k&{+r=?W-Q{)fJc>o~!IMy7OI|w3|g%_H2V(RN{RD)4>qmOPBJ5 zJ-nQa^tP4uxze0_zEIIul4;c!+1~t7hjKVY{y5m{s^Uo+gExAt=_+$#9s8jfxe*f? z`V&EMC$HH$-Yp4rkDK2VkzU|17Sa>jXs`JaxuA?jLB?EyjQPy?x1i-zJpG<-BFm1O zLHjA*2@ziJo+=A<5@p3!mDj8aIx`x3s-8ohdz)y~m~?;g;T#$@0{Q9Ge)EcPL+*ec z^l5Sbw#p%q(suEPwa--@izHsV-wKmETMFrwna%dzv01`~KJTQy&hG62FEKX(vCcrh z>B`sC$+yaJcg{4uZ=w;<{}M~ge!Ia=#jtlS%_sY+;H!|JjKRO%mHZEtxBa$MI*ZOI z-T7`&Q&fzvZTh~Xc$jYQX4A9eAeS+xJp4DE0=aD?eFU3dwpUiz>JJ&di3&JtiCh^_ z^!<9>V&K;6hUFGQ&AgwisInF-_n8|yHS9tS#|#9yuc<~}C+*vPwwaDbm7`Hx3ux4r zvZZsyRa4$BhF2{M-$|S*n3O}g&^YoK)Oyh8uiOeN?LO7=vgKQBku7!$4sk9?Is1

      %tx1`4tc8=F{LZ;9%WsbRj??^CYE;*)2TqJJJ}-`A6E7<1y48^X*c!f= zUcgKuWAo{zT*N2bmv*|XD|$D6Rw^&&)*W8_{{2x+7k6ur3278pJ>)gqc@_8nw=m3mV3Mcx2$iT;berIR(Jw#ol!N}r-btvzkph(26Ic#li8t&0P0Fzx3oi@ku{~mYi}0V zDvVzbczxx3+jy{{NA7m@Al=hw=|wfkk4nocrR4q_ltwaikqYIN1Hw*BTsK?yN_uDS zlU&R_{az7k)Lr@UsL1j0tDRhp^vXNt*S;Pa4Zh}-5z3Pho*u5&k%&}3T-s*rd}!lb zuKZ&5uBn{rP*;zGLvGV-<&Nj{5E{jeMvbQvH^CPtK2iNX;myI!F3-iFDSvvfeTB>&~Pv zc2u?;^m^XL3Pf)eiJYf5`AP4Xm6?pf_QFD=+*S5}|JCS)9qY}z2bo1|{gJiN!`W#j zcH16kRBaE3_Rv7(%24gz_I__P^K&namV?Ppk3^*K7-w5zc1YKlT~^Vkj*3H5G^+lN z;meIuyX~~?uIQ^ZFEz8LThS=drJXc1ic~s*ZGW$3Dq%w1BTS-Kk2O0X+GteI1R6CH zU|y7@9sTo3?yVha^!J1Pe`Idb?j8oV{bxJ`yL0+zRAQh>cW6V%>$ye71ACBCA1 z7q1vRkO)6NC#LwH`EH+Gf0DM2*5`Gh=%6qnyMkc0Vs^Ty$FQ z89$rr?vOPXK}B3qUG>tBQ?qS~-{%;0RZBD7o6m#dr;dv-*B|nFbjDvfh~Cg6F!2zu zuZe)V*leKCu)#qm49UAEf?rAYqBW-?Oh@IGU=1u4M_HEz22m83&dMlzGW7ID; zeqZ01OJHngHs_8g@%xqjROdcz)YwQB$H(RKa+bIkHkXcN7gvW^JnTx)be{V7DmCJ< zaH8?sU$= z$;M)LEN;U44G%vC8%lQFKTZ{Q#?5lMbhG&&wwhsIwrX2#3`^wwLdB4@rHkFel75H1 z{!4=_Svxy{FY?c3e6;1f_C{cNWAen}hREJ0QTAnzG?s>dVr*(b=_Hm-ZZlT&5tV9CnDIx6=( z{!U7RQ{o&pE`m{Y`3lDJFCy@_4eOWFr6Z@%5NkLx!o$5Su(g> z7i+)KOuF}8k8(hBPVm{f2kpo2m8R9Rj@5xza~FPj-??vn{;slyr;x!;{&@=idRJ?I z4+e9s#k4ceI=nZsS(#!(i*%$&1TDk#lL zoYlhS%#*6SKeMj$=!j0scd-~$7nTPnMGrr^M;F0I@yOmYJlr3bir~rA{=G4w1d{LNmyXSW8|1n4e(Ucrqf|1zZaWtZirC&B(j%dyarcAl!Z>^gNqiF+Lpw53G{ zjaSLr9C!Lk?SfOQ6Ta!GyOY%y&vdig{*qv#`k;lOvE7HCPBeVQ*st=Q`?x!0+7BKA z%GoC>*Rv_Rq6$6|<6g%O$nH2@cET+Gp)>sgPsW+8Acxlfi@mo1t83ZTL>C$)!Ce9b z2*HE91a|@iw-DTeyF&;b+$A`{gS%^R4ek(}h09{`CfWO(v(LTf+QC6|VM z!!z>_PE*kU%?k7f5RM7UcykqyeNWqxE{$rSnT_{i+~0=D>j&-|C{07U_1}C zv6q+fz2fI}g%^1VN)Z;7_VNp|&bH-W?|j6)4ZR23u+AApy96n0aV%M`KS??1)BRl5 zFLAheE))NX%9ydC$(g6T((%xxefErwGbv%bl5!|v_uW&w{*{c@fJM9TUc=aTU8?c4 z>^JV^*St`~8#Nb2d=cCYyoN@Bt2){8?kgGkA?v;_P3!d-bF1~}X<3?i2S96L>cYLN zd~j{}021Q#xyA&(kJ-3&_dUtnaXsrT$ZKGkohk%D0+wL=Stl1O!B6Y(h!BQYvk~m0 zWw#BT?cGy&B!}KTfReV_?!ASepA(v7)*nFIJb)%dKk5OLOx$o@M?T)#XPA39W>q~})f-Jk7*v{#+Db5XfJsl=Nmqoq<)7w{UNvl5 z++23D_kx{lx+|mndY1BDu=7ip6b$ecS#QI$f_nKJhB=R%4DG&`GMQ7gpeMG{ zcn|uZHmh!kf}_^a{P4s0#o@nECa}lMsUeMve_wio^8KGjGa}qd>-I%CrskJz=D5{NHp}P?w4(s{w)M!bWef7Qh|x~PyW`bVExpM`iES(i z0-teD;VRU0;>l^L;#X%=T-DXU^w*u8JRGC=inf>WOV5s?ahy*j$#p`gLAa^{3NSh( zFtM4Owfdu)YTNFP&{q9PuAHRPw~lUjEk5O$=TW(>U1dIFNj-YH3uni4i;Kd@(Q?&A8KSSA~ysNV$cavP`r}PnTUB^1Vy# zQo63|E@m8^$5a#GF;e6FL1Bm6o&0`+K|8M4aC%V&hX)X>R((@dW2>M> zxEP%@)lou5{?Okzf@k`jk@wIS=%gO(WVI<+9rB`l?JmSttV)~lFb>c&Dtl!wWxVcD z4Wm3lK$F_n*BJd9_u*Qv29MvdT{D*0e}zo7vci9GKG^0k^yM;oO0tn=MCkF{ByB$P z1q8Rb?Hc>Ur>hmWdO8pMGC8NXP{<&zspPCV$g`W8(wIp&NaE)^c!XNWio+XL9Z?eS zj#Vgu(fif#@Bn>wU5My)>>99Is|(_2G3{j0U1Ybk`95ridYrV*EvCsJP0&GQRMEk` zpjW&`0k+aD1P_eMm(48QXI@6Jxoz2PLz*NNRc7}`WzupynldsBBfhGNE9VVZUbM`L ze_v=lF8Xz`MMmO{tL15Zt+LJ>R5u?tFQx@S#h=fDS>}uskGBu>{iO+tMur*t9>bP$ z;eJ9El8L1vJH2@_;d>a-lLzGhG6$B6MYB6 zc3y7pYCGDLgqMWBgOv8eheui5wCaZ@h8UCXd5TuEJsTh0GD}1Uu^cBSs~jJ*@QWtU zpT^F<`1S^@*p1CGlSkH_&S}j%ogETtrq1(p?f%B(bm2a_ukZq!}4|k z4aY^_yLonLnRNEN4aY1Y1se8|siYj+(LT`VDGZ&$EKD%@1#WM=`WPk&qDtwiKP&pJ zPoDdn39qYrWijG(N=tfKxraO3)|pjf23=s`l=KpxuHMM7u3K@YFP!f9*OX<7f&qq^ z2=i9gY~4b`S4IPBn`x^tY?_%p%PbhC&Z#l7L2KGtKlkg5%joz(d%ON-Xi9SGG& zKymx>?g0c7LFIm+qPGxru-}gpgWA&YPUn2l1Ep?FAJ5gWj~5{`w3+zZf~C7)R_fu= z!ItJ~{F@HCUsBxU{(Km3Hq~m5As#|&kRC(4GHa>>`?fO@K+{s*_W&Blnl;zad;op< z2lGrmvKGt;JC%Hx{O@9x>M0OgFnTu`GK3ne9wLbIE2mqJaq_?@QK90!_Gpr!uWylk z4g&^;j&GK~iV`VpDWy{TPAwOj9V90RfjY@Kl2b*B#l z%&L|@sj(Hzy|nImPXX+165Hv?V0oXGCtsuzqaMn>o8lP7{e`EV56w>HZJ(*Cm#~+#aam&12is`Lag}pO>>}wiaH+OT zNzwHQ{ktY}^Ax_vRX0}cmAB4Yw?WYMLSL0eQ9;7)^IDl6Kpn!~WDu|PX7s#;j+1rz zFxAPe7-GsiML0J-ySB!-`+QoMGe3>XG=!hTF)LYZPgfrj1su+@^&7tT!@WqF|k z7qlgZa>`t333gv5V(Iz__b_!D;L!vNGNJsz<3346M{JjFuorZ87dXm~-I@;BQTm^#@iPa3JqcGxwg%&yJSQ zJQNtLod_uFKUd5z>wF`%=OcL@e;twKNpSy_(UH5_;{o)k?(7F@6S9_v6#|2dfm}Ee zWk5UkFE1fuL4w`+$mo-m&Uv+RRBe6DUFVOZ*oOA9By?p3goN;z9p!Lzz3X&SF{Q-x z<~jPwclaSBlrdZNTC6`T9fk*rJizf2+Vgz+Lr0eV-U9n=Se`5=0X;;3Lhl(PM-=|t z{BdQi@fjEC9+hzv{WiZHo?{fH$1A;y{b{wco!S)mZOMp}hD~tPzTWQjx$08X;L4oC z1Kq-Ix8lfv zNVkFG(0j{kyMpCiGIURt+&w!2W`^pfS2PioaS7a*x(ckUNH3ZX@LuLg3pyEj7xzJE zvLp}GI`0J?;>&^1ITikva#L@5qhHGkTTb$Mdd zsov|6p{Q50_a-xT^!>@o?V%;K6U*mU{XQ6OBe;W+zC*tjui@LZOSgMOPA$K(O6ZmgtVsi@%?}yse8y)e@(CF|Z}Mmn*ou3h9yB86AE#oh~S&FnV5jxlFd5Y=cgA z5k7(TR{C^KZ=%tBt~$MD3GxZrD@XxWC@pmT-q$_fvs`jnsmbb-0!H!|gm>P?{<_jIT+Q(8Pp4Mv*F`2Aq(2$LorM zY&6LT!C!CUqx}#cPy;d097i@b*6l`wv&bm<2-@Meu=T51dSh*P^5I(a-8g&c^F{6X zWxZ;Km@dn$9sK_t-k63MDfGt7UFY{$>37||`CO)R3zA2+%{S70kch*HG((mJ106e7pObu zM9717=)N7{xF3RyVtrxw)q91iW)Gj0L3A3x?0W3g6(>Vlu;vHfyC{cZh_4bjo*GGA zuH`&$aqFeuO_=rMC)&mDc0MJhUU?l!@p5`ZC@}5R&M#K1Xl^cL+mku0Q$6AN_pA7F z%bIWU7O~nKR~e<^Zc?+&>@$ast*^ebFe`JCkjdGMcr{M0XpT{0@MpZJl{zwH6{nPd zx5+x>ws+oq&bcEv)u7aIAFo}v#(c``3UI***BB(G>J}mC#;H{ys+7{UOrk^e(|!=% zpj3x1yj^s3#>ZAN2!GSK6YWJCwz=SQf3TFLgW;iL_2WQ*r{$v_#p7${r(vRyg}UaXKK89-^Xv{ zzai=vA|mj6JK+++t&W z`%+8PA{1RT>P>_`iYL=aK>&y5MJbN%ec7&&=F_V>e3WHFdX_o*?*Z{7zONCV;5PiF z?7u|+UX2ruI`d!B{}TQCBUa)CqPA2M+HB&N!K~cMuXTKpH=nlydLL7tn`0U%9~9T` zFWLSPRcSn8F7CUT-GE8}nxz$}$G`(964;<5`)}tXQ;#|;?}J1DtMoR=RqO+Z6xg1$ z)UqYkGd12I-$--V)!CgmCU2;V^r+b7i{mqhkm_VJrQ#~cv+(&)0D(vY)+3^TJS6jG zQo=`egJzL=v;gd*FlxsK1Bx<=VU_y@pL>KtIQus02heIx21%^g)cI&w9dEVs<$$Ga zcE^X$+k1N_0>gWORwXjo+&^O}VNO?#Lj!Kd_1rcTgIk|mXBrf_imty5GF@jR+Ol3c zWd5p|%@j0P@f3|vQG$T7@>^hvi)2IB%@HM28CXLtE~fU|-9nBKNh`jNYg8v0oJ}i> zD_8gHTtUW}19o$YI^U4POhwD7Mt^;NnQ&R|u3ilcw%AyGS?_+R5co+q`e)wdpmj#+ znqpLIiX*|1lP&`6ydjHvmM%;oCSGvtMC*0MweiWm*vU-nssMc#k#$`#`-Jy!0b{Pd z@n_#YdQ9D~-@6lfrKw_LEHlBwWr-(IfF>cd+2drP{j%=%GCp5t)Yhz6}<%vl}Ky(cO>qu4UjPh&N=%^@N+2T58($x+u z)QJkeOvYUHB;|G;xcky+7b7|7@^tgL-M+Nb%XDKvZ!rg5-$#Y*_FV!TB*CBoO9qdq zk~tX#e?8ju0K#ZyHrQZB8JXo(%Pl#P>K{))ItZp)eSH&mfxGJAdbD<3wF@Q`G*m<< zQ5EMqe%PgLH-HGsc^BYD;F&35POLb>; z!@4VDVFuToc!}j;2FrKfn=_ZaDiKr7Ei!b!C%uhv{z}K{o`$xae@Exzt$26X*4v;T zobh4?Fx1dTca7?v7rpiXM4mhC;w4tKCC2z}F#P~r2AbiAcbjm1K7d;1qyCI6KrFkO`R-&q zX}}6C25T)ZZg)U}nAwxW8GaLhd)3Jy-Hw|JaGt)ckb2I2$rbUV93b1HYIJ}cHxcCUD$Hk$j( z>4-HU++TuRV~n1PYpI#F=5=4gl@E-TDnq#j*E9^`BE=n5hxO8BRN{F&Jm3O+X!E49e5gzT0w!zl62IIKIqZyY{n$y$B8^jKYyBYDnGT{UTTvIn- z_ltb;HO;Vo#cGR)CEE8>S;jkqF#Vz{z?ob6oZeF_RnR&wCot-Ud}IS@OEn|Btp%2N zCi11%g0Te1hQx6<oJ?iSJ?m88r^cOK%74vpA1RIQFP~2N@ z-L51O8yH?ZRYsfz`w1{&@)OiLa^BI%ShoA!X9qYdU3Q%tRjogns zIQY)xJ-mT_4Cq=`8~~$1+xbr8I%#SXG|3@6iC#$^)0&UoKEQl%iv(=W`?=^tbTukw z`0;ZWDJrH2=s!JuZl0&(L?Weu=JjfdT~dWL>4I3Qi|y4H%=%b=!$bk^_&N;-shB-Z zdkIm>?_VTEp4zY1(bFE;KnWf|x|$(HfEAmhB%t#N5jq#EsnbZwgakVJ++G7rO-xqX zi7NA9=D)>gs@?-?qP&%RhhSh9DWw|@fQlsgT#S(2XC#*j9Oz17m$vYyap29aR%tkS+`ixE6;#PKbBt9MjML&!_G-k$U z61EaU-szKF5AG$MaFluRr1nfuUE@t)n&a---FK@T_4ZS>Uvlr*g>Nrmt?0575}<; zz5h_5ZY>IZ|Mfgub`SM%r;M`oH+|Qi#l5nTu4GK^B)MfJo*YDJu_`r(E4IltlO6L% z5yih6Ga}q_%qzXJg?Pj!rP;^1mPOezSEM$Cc;0H9MJZ+*#_*_n%8@F5w5Q)ByH;K% zH`iK$VhEuyh8iIFQ{t`SH7TdDr{5X^)GT}!1|+{H>_?f?yWWN+zFA&5_}!* zKen8|xQn=f= z)YHtSQ680TN8OV4Emj=cdmFcVufV;6n_^_^>CJwxx8KQ=Q0iH$wyG7;8OOZI)gU!s z+KSjAV>PAtSp`Y9^7Vf2F{2^J^<7?Xr=}P3;Vk8RpI0ZXvi7RAbj5h3@|V-K_|wLk z{Pgu_JO?_dAxYUS#e6cFp_xfv`w|3=H{Z`5k$rYtxYw6xoOB$Pkbk-Dgp#O4*Bot+ zOh-l^!^*RpHkP0j;Z#! z%8G&&LYaa?JSFC@6MtYF)r2k#Amwtg#OO41P-URYq0v{CM~*mCT0@$%oJJDVfOzt z^0W8iQPD*NOjIenJfN*P51R29f^! ztTVGl$j?*udAtXH=$e ztJZyMCcaR!r8;(=daB|{ve+k9rDRd`X8gjvXPz)Qz{_?@=Jr|Re7`SOp4_BhERYY< zL!f)}`6VJc4=JyDSofm33T9ZmDtx*1MQy^$ruXbBAUj^mB+F*JtWF7w(P=$u!?u+u zJvM8OT4-W#iUcKoFPYffigymj?jt!TQ6CnnUOALqvz?2T87r%4Av)7*1CyL~nOmBj zh{gw)rW|wp=pza`!w03M?GQYboWfnzuRador`S;R7o@KOM}`=eb{HE93?X~il6Lm+ zn>ow)3p+Pn8U(2Nbv8@9z)`7+l|6PAgiT|bQi@;onO|6?iG+~mx{h@9U}$LXT@Kh+ z=#kN_lWxStBd!uEyy>6}_m_C)Mf!AnQ7pEzVa)yx$+VU0Pmk8d8>q5cR_PpF~DrtGN4KyCw zOSRvAl-{mf2rzgfC@GmAsYF2qO9YF7ef{mS$cBEvo_)J(ukDt};@AG^{0ioF`6t25 zVipde8>C+kpbIb!U=L8ckF5f*u1LTbKp#*-h5#Fmm=Cl6iQSDzKQA@?wzQ-*Pd%hg zkB6RG;qU8@MCavY2A5OvQ)rVGPz2}z3y!(Hf`yuuTZD2bJUaAcRfZxC<6#US8uOqq+K5_k}Bf z0mRLD7!;OK7^Fn{G!=gsxv*w?VyL0Jg@5vi~Ww>0dMF{imuuG$&V7D(@JqFay8z zBk$f7;mLXP*=f3COWzljSBJvjE1eX$K$?0E=<@&3f^SXQ*U9O*oEWyAMmIyqeI%=A zJ<1j{R*ACOOFsIPJ1%JI>wN7(gOlo8{m)_vb~3|-mTK9|JPB{U=y0L}S^)s{ zIBUaCS3UeZ3fGboQ|nq?Em-OcA7O^2Y9khf$XCuv(6eq9{v9(?JcRiQFb+o>3mU<=37OQM*oVC z2lTA3#>%Tn7jQDt0@Mw{fQV~BCv)^mUX$8q@4&eLn5Id|psiGo8;Uba4#rL%OCr76 zsqA&3Gm_D%BWMbSjv!D@ll!dnTj__ne})`@gGHCgfdg&>*S|RXf#vmoJo|zDFF;_A z@qYpW1Kdy_)Be8#0%Mf4w{`l+%*M*BY;0-{Krpbe{tf2qZ@6B6K!E-CfPVcupsxSe z5&sO-^(UAZCE#B!F7oCP^WpE9U5|)4fZsIWDE|m!0iezRF~EuYH=xa*6yWU*cx|%) z0oQNOcOC#^382^j{0YD(`cLZ7K_9@%`SVF`Zn-}T`A6Y@!~jovz}@;0hXnvc0qO#r z!5CpSNBJ8^3AEh)M zKp;M}#|vht_GX4zAE6WbXx0)w44-($~G z51{r;XUU06={Fjif3 z-7w|w7-RI_M3TZJ{|_dD6W(EzSebJwE;|&@dG8EwUlNybTz=Sz_0i{qlYC&e^}cIL zPTn}(!RTwG4MLrqE!Q+&UaIL?RKqHtVQ1$xac;iPA#8oEX~}ZNkM$Xf(d=#;jc7&8m&oraeC7n(3y&JL^^J?TW z6HBF}hb^WlG84LAA%f1rvPC2Be0MHz&@Wdp_tP*pM#ttkL*PV@CSMvz5(2rnG(O}g0I;fYWL@7Y1^Uv45@Y6HNR4~CRp_-C;)4QeQ`r@qg&W=fR1RA5PJI5}72#q`;9uj=TQ? zqs7;Gzm3~zhQHo+%=0ySBdGVTPhtqpfzx{%kt%iKL9pM}^XkKdS$E(}tbc)*yfnj5IDCw(2Kn#6 z(r3fA`2O=pn+QW^x^{0VCs#)_&^+pFIbGV^>pSB2>H8?^1-+F@tw+~c}cZ$0AJ-U{ZNi93$y&=2Ttr{L~47+9gDU-3)VmZ4cJE7Y1hx)F&Vb;f}y{zN~5 zUpW};Yj>+Qyf5>pGOYgfm*giy9^PgfZ`j$Fk%?Wn6ky` zcblT^r=KOxlVUuP2%=qUi;D(=eKC=fvH>#0w+JW@6DjFCK-Bvd{RsAjLDhi2!Fc@^ zChP?nEaIzGul*UZhYPLeC7#$Z!85Ez`g64`d&kaaFGSj#yW`Gg>uS_$UJH2iq!F~d z<6zFiM^8Ai%j(C3ko7J&~JZoJWz10rccjnT~t;y{X6z1EW4 z8xi;tj_;VmVY)zyRBcIFF9QXvNrZ*bnPEHz3?;U8(ytruP%VSoQg5op{9&pY3_uyR89)@3N5NRWrk^wRTG z<@G(S3srNSScB;^cZPW{k?$4hnMo|MdGrS&sWJE!Qdh{x@=Ve`-0-rmqLnCpeJ#vr z87O>xv1E*NdDcr^3qE9c zAEcvQq0L1kSTGinUVC(9k?Zb+!+(5=JPR8WMjq&V>BM;jSfpQKV#2W?Sc{3gS|H%X z#2lmY^-XasIs}5h7XCj!TYFpOt^In&80PsS@BG(rz`o%C!U@1fAFqEQFL3`Gd7&LB zu>H5ZpuA`Wh#LPaFS!1byZ{eF1VVUx1h@oYi2oj!fO!Q1)*e7QEC>{A4thK! z-~#^sZ^{Vme~}T|AM;I;9n=EBzmgH29sMaIEO~q(5hs0eqCYBV;^2xY9zrfyB=SQU znSx*ZDV0Rb!C=eY+se1XO5dtI$@@ir(4P#5R?5gKYmnpQZi-xv%zJ#1qIyYX1{)OG z{Updt{JB4dA?(n>p~Bt%kFJj{O_O|8E__Q@OFl==`Av0qlXt1R$>|vsodE0(a5yVD z2!Iy@{cjQ-!^GeX2|YSBB(ZOmrAqjc<($qh1?M+|)SnJ%pj0h)cjJnHvX!8Hg~@7# z_$#;J`lCIgf4Wcch1{>;o1U8iSE*N{UV554{WNdQR$ro!9P&Q)tB<)GCT-8v%Ev$i zWS4>Q{udZhxxPABYNaQj_9USpjD2i6^1viwwVD$U5DJ-0LH;ugpP~mvu{gLKzf9O!AWl8=`3{=E>H@#+NR!cBR z+wPgqL;1HFzQH}p{7QWoPpn$&7-1g^i0Wpy(t@cY;0au%4i$ueZiD$VM!vn(t!p7SSPRjY_D2CaRg(oJOV@{& zlln>ax~OAaYh=J|z7)Ret^Dw%QMC+MwQ^YpHnOI7M!(aCnQaaRFu z)s2ISf;$_!>GFr~pT=RbR(X&jhquivS<;1iHX~o>9qk3nET1i}a<8KaS|%n{dcG6d zfP1gswZlW(sF)t~8O6_Y4d`M|jo#t%t%#AtE|t{i&IHigCRp|Kpw-gJtJ}Rr&zW!= zX+1`_4f~RfTI&twhxN^ACijQ~WM41D#W#th``b_M%*TtftH^gcU<2kLJdvW>*YB^a zpD@?0`2@fUFBhSXym{MSf2fUUZ`z{DHQMdCf!`&s!~J9V3Y_uoP-y^DXh)!AChwK< zL>YOOZIXzw94JoU)F)h1(EwlRI<+mx<8XlMF{7FU|av zC$qUn{3fzrN#vAVYz1yFys!QK=_gyv>G#O`N_V!Tl7iw_?$Oy7Jvva&^mC~y^{gaa z@Db;%(#CyW<4fhij-7jag(GnA^U2}ZKt~A#U)cS^r?zw|H)4nnIcQmp?IRR+sQRHE zUSw#Iq60HVX9AuGN47uZk3;2;kT^DX&x0G8a)+Blg~$z%!%;z7v-_nU>j*wOMf@a0 z6BnCkErBk(d3y21f%qJ^NS zd|ioJ0UIyqa>FU&*$Un}dec+E>$&?Md(imo9W^Z+_c@y-RtBx)5fbO8nH#pV7Ffr2 zeD@Qy%GjF9Nm|r0oOKjzfs%O#HV6dCho^f!ba?^O3rCA;+^_%;e*L|v(aId^!UpA|UrhPEB@(Y-l=mQ{XTaGDt1 zW>2qP6EgHRCp<>>&OIa-qZu7)^7#Tdoe~E+`>`dC6@uQXyPV$pxe`71s)osqm^j0~ z4397)-Q;*%RwI4${@b9(;OLq6X%$4&P`u!)=STib`y4Yo67g}ucPW9o|*7MLs(4{*Z6 zYep&Bd*4k22t9a5P!v7FeCtg%Eka|<+MSfzbWgBP3TsDq5I>vZmE(DLNvW%?9O&0Z zKaH_)fs31H-QG@enmy-pcty3JO}Ud~UY2H@q%_g4Pj`0SLpp%>X0%KLCbue^z5+TsO z0Pj~>xYawhv+MfR@gkL^%Bi2ARTT$xc)gqJvcWMpleY`%vK(wtJ21ro8wM)crY0aM zx3i?H?ra;ayXvBo+9~bfp*zx1bR?tqn-{7B$RJt~TbFFKW>{M0$9HKtH#58C)@Oxa z1Y%SC_loT8g zcw3?~57U!rGKYYW7Q3%{o&t{ zA?SUCz1pNyQI$QUp!=Tf^L6Q65WAh`2iUA1#P_P?n+4oRdi-O8xEP+^KEdh&Es38p z_$x>rsI;+Z$Aa;E$7Skj?~XR%wjJCDuOMsjKeVrymKvinAOm|Nww|a*`foX1 zUP`k_a!(KMnO+ajR#NT4wp1ISyPZcjRgpD*VvgjaKuXhPPAuL}b#m4nYA; z7wJ|*-2}t6miEw=Js98SPfx#wo_P#fPP_VO^+Iq@jT7cS5K@~U;S}TcKlS?zi{$(H zW4{T2x6>Z!Ek^$Wg&g#vlOmNA774_6i&^^ll`rTsQm~aX5;^GLmt^&eY!EE@3zF}1 z6uzK}9J2Ay{|N;&IM z!nYrtG}1-jvP`Yc4G71cT*pl&RCHE6hb_fhHAMkCOm4MoWw~qBaY5=TZrL55n^WV? z&+q14R)|yr&tRPtHST-P`(nx#^MW!_{}*4xRLQLRC>*f(g%qE*JT43Wy8OifA%cJt z&p{NRW=v#+DqwMHMfynnp)R+vbu@O6H*jz?ws&Cu3&Fw!>~0-sEZ7ipVR$i*`Dj>? zp}HO8BS*vOV#7rmij6#Z+Z0!gk+^72+oSN7ylvWBp*2^OsVG%f(rzjH&3SfuIw=}Y zu<0ktR#!J|EXxQt-PiLqEo`&3uZK1C#@uGTeb{XBYE@Ci9K;BEbnnn+FMph6`nW4O zy~3{d4zTcRK+rQ=dZX(>AvSH7#;d)GHEmkbiPJhvz#Q$XF6d$(Dd>9@!`-^ys}O=> zu@8nMfvq^{S^16TzIDH2SKxjrB@BO&U1+gU%G;~mWB1Hv>Q@VOx@h2B;N~e$I#=8A z$q*gjOFQ5sP$5jZMTm}6H}l!?aCfmP{R}^nb0&sFN1cnrkaqlnUQhm;WtmC6mcGLY zGLv;!HWo$#+SC*4e7#*Q8Dpe%XNNc$ zj)TZEr#rD+aIbYYNs?|VEgxz{NM02NvpdWDWIA;XggCF~l|}N0Pf*EUbxNj(&aUH{ z-^;9YD-3blk%w& zAM(m`RdK5;eA9wPNWAN3SWe}NjDP*?9(t!;F+QT5WnBJ1{~Nh&*03@q_T|>{L*<+X6C)P@F8L#Tz!wh|JW4uV1$Uad>K(WY||sO;4Ph z{m&zj8K2=*yjm=#f8S|0RVwYRG{WJf%Ib;jwZX28gYd~+kDz|o#D<3?$ee@-?THPM zN9v(BRtRPqWW)c6)Y#h_Mq+uvLzi zlCJNJ*X^RX!u-jO-(qgt1sm3`f3T~T>^UxXWiW~2hSbW1$>&E9#`0CCT8um7&dZTF zrpf0Qz0MqS%m4DRwZP!v&YSY)VdrQ5H-)xXHTF57vvReqbKlos2Moj!r;qm-rZ{Ao zi#gEGLpM9}mRM*3p*$JrKfc-MCywBhw`2@?V{jIEsM_WU z-AH84eDM5aqADWW^WNASH~rHF2&Yguc7Qo0USy%OK) zLVllbUUGp}i5#kzLkuPqQFX@g=*=nWuc#hIsT-`^-Ni&+{XNejIAmkOd{~C+_w23X zR#vb%$l)*9Q^w3*iX?2`j)U^FeW`d0UbMUshnrf4c@-I>61|)?0f}DN#UHkGFm{AK9whzn00;VK zvxkj%!5LdXWBGXf3xy}w|4|B0#4mqScq%FoOXECQwFv08`ofK%z6x9NMMB0tg~V^N zT`KzfI;;*wf$-ogG)eXgKa-THy?Xi9{qmy3_-d#VWToKY9A!Z7r+_e1 zaL}Po0@{JVd>vjwd3SC@;%igP#sYhXiqsDMB*Faw28MgRhwb7XLE(yYeX`tkO}6On zdDlJi5HjR!cE!y`d-yN|#v<;3t;84fw5b}U7!$*ni2Cj+Jvpe0skGAq9zIKAK(Gr1 zsl7tBxPk}w^ip5(#0@|1McQ9t7K4S4IU(N;)G&+S%Hb7-FSsu`qnq zzV`~C0G$+S%sQY3YX`Ewo!eXOr5<~imF=8d4@@-;Md@zUo8vh%$`Bb97Wbu|UmU@d-i z0;0m}CO3KRR(4az9HNa(BAmr9T<%eGZne8)hG+m9qI;qGcdcT`W()yH*d`wOllrm0qO#lzSN}x7Cl8PKyz9d;b+je!aV-io`8V!4Q zSzzibUK^2({BJ*u4b*xpekc*T?pOK_QReb>EmT)}F-wCD7e;cBE_2jC4IYN?OlR-0 zmN2MM?|G~xkX#xRu~Op;a%|y$`Coi?CrU7xPp%8o?wlxA&p^5i0n#MJ?YphmKC-JG zZItJS-Zgz(P#apoCa>*UcjmFQ@CAGda!{CtiTDUIQu}Wbxv)^5u;>b)(>|p zo}BoWXQB-#It~;J%~(3WX94pR!BLKfTK`3fRdU!Z826>(JX6_YiN{&u`Aq?>t{B{$ zLKcnRL{+&dW0NT^;(LerDvzhy$c}Usg2w33bfrT9l zpK0$SCkORa$ZY?VBX35-@bVe;&~LL=3-QCJt+4fRN7OJ{c$M<+ey-%NTYc#}Hp;<>fx z|6(pB!##2HjT&sw$A=X}AM0UF>aIjdJK_V^!M9%ViL4x{dw6afC#+X3nA#Ly!4419 zdtt)DR(v)FPI&PJ4gDtVK%8w&jYz2CkuTqlH`#%dy$OcJ1!OTldvHA!zUetko19ec zpW^xS`@2=*0KSsZ;hl5Oc>7jGTt(V(7;75fn?L{6s4hF2ux#zl5Pke-wizo%oYM>!K#%^wgB? zWhC2VV2VAXBdF(6VnVt8wE9f!MFq2wixXw9%V`n#Wv>|4+0AE5st_U$rLzhCslZp7 zbGnZDutcw~W&Girv8dgrh2dckHr9{M`5TY)>BD|B>Z(?;2~;&@KwFoRiyZdeU99Z9 zOaI2JI!vG&2%->1!hro>I>6wB)lqL}t&{uZ`q?J39pV~*=ip%8oy-WURtx(|h+-@g zlN|2XsAAM!1_!JWNK;e__LdEZ+~4dfEmcYQJ|(yOzqos=*hrfoT5QbrnwfdcjB93Q zW@cu#*UZe!%*@QZW@ct)cKqL5MUn1(i1HNWVf3|Tq@M2jy1KefRrP@s=kxh#GVL+HRT<&0|vdsqg&|MP18{`x1rEGne|jc$MvhTMhG zm*ZHD2!Rh*bb4KhdU*&`vhexLn6z*PcZ-{ zAHJ8G!l`wMQ8kSlNrM`up_h_QIfWV(%pM}fApVl4r$+henUc;pjUJ&901ULpbGFH9 z%8Ux_6{+E6DD!rpWB&fblhbf-ODOZRFr1}3?zsM51qYLFD;JKobU5ukM;`AJ4&4f9 zBSVbd^os)52FdXGb)%<^aqGe2%M!sR%m}c%SCObQFg`4T`-BUlGJS0s{+$;N9fy?3 zof>&>S)n#?1V8(34vfhMgr^0Yfe|r0{5QhU1r}wSh7Z+4w-CX)d*{!UlvURy(vw#G zv;Uij45Kd>Z-{YR{5KkFPlh88;k58^BOBphM5;ztCD&FfM~VMEbtDXdtgmWATAcV* zt#C5Jwm?M=?v=pQb%Qeo(}yzs?XNE#L;s#^iJMLN=Ho8h%17=PT&pO9IQ@W)gPF$Z zU`LynzTP*n*O0Vqs8OmC#fJ00dSE=qEnN7vUCljH7{<>8cZFP^U8%-aPZ+zy$$YOo zo9mu_)z-fKJn=Fm8Cxv!uQgzwCNXP}cWKOI%W3S7cxSUl;EMHa8 z7=Ohl!4Md&oD&%{)rKlV9OAD=pYa^&<(QG9~S;C7&f z7Y@1Q07EvX2#}Y&>IeEoE%GI*|tnyQbX0#iH`{%*gh2y(176l zM+4B1`eLtLc|eWK^=n9wn=d-HCL&R0pH(*sjj#y4+uJ*O&w zDb*T%XN&s=rwfl}9Z7+}U9S{)EXk;A!+rroM?sE|rCYoV3aQvqllz{duAX#?ofN4v<1QikC}bw%^dIGt^3Of8L0%OpjYV6>x$uU^k@_TI<&Q>G@xLNj`}a9oc=?=QCd@J_46n%ihIKxf9(81zi*f2gQ;|0k_@;^Mr4f|vRAnWSr76d2q$MM2t4f!Dz zOVxn$taz$AG_Q*K>=mVio0q`u+J;CEz+u8!8swpFp|Uq2-gc~6XPYS$e&JF>8U&1^ zq0dFqonYLKN{g7Fpsiy3-D;pv=cn)GZB^aB+r;ycb&;{g#v57FZXZ}TRo|M+fVqF& z`T%c@N!;c$AQe`Ll!6V*c3ewD2NUv_JukZj)V~INQrvtuhG%gK=gE;RfsgRyL7T(@ zQiE5Mk7O9n*RsRw$?1*b+9b=h<^e=?aV3Vm9)w>e zu0@z$x*4G@-YTj`TeV>+zOyp~X{}+*XrnyFdwAeuqrx1I0L*+ds9;*1ypLG2=gG6g z9xVNlfy`7bX%-dl(yx7rZQimC%MUB}&R3o+q9-Ry2Qal@D#77QB@SmC6nXING#xUb zEPdy820xgL-koocB)Kp`toRBguGd_7_*kHE-1!8VgB&-v0RMV^@$b5Ub(cn)Typn$0=KyM`%>Y)giBQ@ep-OemDSsaKu-Wu;CBIo?&wW;ivl zV1@l`ByrhDx`Q^s1(4EggFhO~Cc4E6-eb{B9JVtQyn7dtQc3vWi!*4Z2?Gk=>c_uo zUS|WBy{WZYitbvT_CD^`)Xdw$WvgEdLROk6@$@hSA;(mexb){sA?QU@i5FhK6RQgK zd~~l_a1>$b$i*sg#Nb?3p>y$(2Ite@2>+-KVs~%8a^mNx!Bz)r7CY%~)r72UqS@x; zs#7PV>Q@Q1HCS;9{Dz}b3I%-x1ZxDjWu8hLhTvEQwU=q+ebkroGZ2~vH;%`oWu4zu zebjri9TjQ}-%ebgMZ{nnz`f_UD;Z%&dsO)yOgPf?O#r;A4OH zlEc(5NdUqi(2ByuZv0B3RG}TTbuzuwM0>|uf={#|^ZH7DydAbwGCm9-^#o45kFBOg z-2GGTMgW?fsaCnymnL$5VD2uF9UE!{0PmHFPR4<*;+7i<-_-6=o=p*nkPSY|Dc<9+ zc&8JJ%+{{5FHmB15MM`@{R<^CX-S!O0%kI5XN?L^`jNDfYmbR$KSF6-dSEI@3_{N* zYbROODi^Ox-$Dz~?3ZG_uFC+e!%E%W8Qeepf;SrIGQI5sUQyJghhcl^G$qIj?QQxCjwa@Yw+gG7w1U zRUlGyaJ!njWY8Q^kV}6z4hJa6;g?g}-&A9ob z7Mhm`%67eG2iGi0TU&D@K$q|pak8vPoB_dm;aPK=ZB}l+VY+KVc(fuNPhNfqKQRa- z$RZFWa>QTRQX5z%O40HYIaYSu^7i5KQ2m)vKtG?e@3_=`G(q=HM?>Ho0D-y)E)2m+ zsrJT>{O3rx!$DB=>mpEb8w0;8e_u@mXTG%6twx6^AEA^?*ohkC(#dS|^U2jC^_sU9 z$(l2bQw?mE9#wuYp=v`Jhn_H1p;f}g*8KmJi(WU1r{bnRbTKo)+Pj!njcvI$0q6ir zK7QE}lpZ=TtoTF62=F@8p__uHkFVN%6MClfgs}Dz>HZ2H3PZ3R`n-Slv7%?(i)|xq z4!HSF0uOw~9K45x$K>lqydF8U&)hGl=Fu6*YG*K4Piq% zvX{opiyZ?9_&MuAYEOm-yW(V2x8c4<>!VK0sike4l|FpaZ2L%&5L08d@#zzC0uJDu ziF^93Bj-29bDZc_hBN4=2KsLO3~Ie=4F$_jSNVbwpo{>)J4++uSBGdF1fjU__L_`e zXJq9o!$Jt~aPgna4X+7n_x$$sms<_&0YX99I`~vc-rs5M{&Qsy&Xm~}?$wn0$E9w8 zH|KrF6>k0canMGgm9+{zigo#av2nwqIVFdfco!d-RTNW7-G0MDi!3j*8>gJV^ylwO z|J)bU5nkbZr~eQ^rTEWB;Z`~}BtwAKy>1*?N3(d*oA|Img`dLq zK<(N@rp%`Q(YW9fl^&nT=TAzPMx%st!y$>5JpZZ{LND(!2^lijWGCEc6fK1Tp69x$ z##)|3U-WfdODPR+b%@O1zi~&G^e{F4l!A`AJQou5>{EQ}3aJq=1Rxs;_TMFHweq%W zJ4-~b{%lDrcS3?R2WFb;6d=+k$A;DKT*btTWJ(pk7G@5Vj^)URRP~dFJ7i(bq656n zpFgj5BL;g7mh$n$-s2DC!-!_Rr@I4zy$C@@0S}Z*AEY7{XLW$%oXi85#kcGAE^FvK z0M)0?0akqQ4#frYq!?Es1StfB5of863ed=iKm*?2YupA#EO}5 z{F=RY1nFAk?i-(OCVdv|ek?|hd(Y#DdYUOZUmu=h!TLq0VY=~Xb~bQCx^B4$B z-iRM13Ev4qdDb<++a6ju@{z3H2*_~AFEF6KqiEa^6(ls>^UDDqf{#2)d_YT@dTSRtX}}kL#vfFKy0~dd&RBjJ@e1I-03CKx zopxzhx-IYMXP8yq{Bg$QH3BcsqlZ!s@06vwf(T~ zwF*XWQo1RnXups2@Vab;L5wquobyLKtuF64@tz4re~I*qWA8l~=6V6N?TN;e?dk>L zfc7y%q4Z_?*1T)umAD@2W!MrotYV>T^UzQyU2XB^rg__kw4pEcY@iQy%G-A(azOIY zVCi{vsVNiu%&p7Z;R8WGXmLrJ4`t%9{>P#B03>UJ9_uM$@*Qu$u)YZCIGv`q;-M&X zEhWv$Z_KwDcb{@uj86(d97|~$s`2q6g(Sis+jWA#m^%?-)b_-|#k@IYj(a7yCW(H& z1nEK99GrxQ<~*2&;i|NUP*(P$RL%DMTd=q<7Rf9uCx~$gitaWSW*Tx2R^s~RHEYFz zsYTREW^kTtRGR7Me!>fwWN6zF@Ug4(=xj&HIoW?z5{-fN+VL>CRBP&9HI5N7heUU! z>gaS^QbnJyroS_qxJBiXELJA-5KV6=l6OWJA`FL;VglCfFj%wkeFaUlaTxXl$29V; zJoQr7bHy?cdK<*;d@g0Cy(#Cx8mk{;8@QXTX@a!=o>L#c{*!Ni63oeK59 zn68{+ek@smU9PNTT)az6r*ovlZN%c$b51b4OaZI-CJM)eVP!N(m!1Ls(9iXsa2yt%y#= zG^|QfXV{S*9dwdLB$sX0jyQe)D?s-{eKn{W$Q;?{LXa5gk*2Q^rM+37JN#S)*`t zj|>*-Zqw{jO3&xJF+e*pQvWrU3M<sEM57qHfm2^-XeV%czy(K^#;0|$JJ zP_YIgbv;7`WVoGy?RoJy#I!g3a5XBbPQ&gI{%|r!QBEX%HxBm?f$!XoNJ}s97_!YYVvjtcT^XdS7tH9cSkX>7u5}_?f zQjJ~xYwKSTmqK^Df(5krTel`?Hc@^3fT`o>n8sEXpm2AhGY0aBb;j}N`gpb04n6Pu zU7!LOy>k5_{1^@uXsjp-Qg`10G%21*{+q1`(vK`IBS4ne!D$0=_lU_e|LYgAtZ=Ym zWGvkPLd8yvu7wgH-8`o*Xa(QC1CclN=_-M5dQ66848+w8T{eu-{UZ{p=U}Xwgpnrb z<%y7B-!pzob3|`x-(%9F@sjux@>WH{k!O^y$n?E&A%6=Cdb$I9hSG83 zD6D`8Y|RFlpIQYG`4c|#9Oo#;pUA-}|D+XF`uRZJI}GJPC5&6+VBbi>dhK`8HWGTv z7V?ICrsH80l8u)4T}z*qa2Bg8N`NN@W$s3gsO^r6H2fQ!tMP60%Tffb{xnH|TYIr; zL0Lir z16MfLS#&2;4fs;mDR}wCL9VSSZf{zx`IG+47VVO9@XobM=+ND2$djM3qvQwC)Ec5b zFTOhE{tO;zvI%H8KCo!kXlv#JpF#EjlSn{J?mpKFFB`p|Wye>^wYZ>B=?qJLv&js4 zfOf};6xZg6wyL`j?ei>!;yo~o5h@pQZS+u8cb<*Er-}If)#b;Ev}C$xpuGZ$$*1b{ zKKg9o^qP>lw|bL4Jp@AO&k#8(x;V4;ok1+LcKj7UQS%zpm1dEo*v%lS_e-%$x$)k6 zMxiJ3AdFr47PZE?_>>2cH_%-37GYeDHkJR0*N$;SJ{Cgr{FMmg1T%#vfpR~<;7;ij zl5SY>1ExRgwmlz5T6ZszQ>vsoz>j-a@oW6D>`xBM_RWi%zuj zv}AQ7+-M&>X`{OF&FoZs!$i9Dy|nstvnQgFt&MB-CFSZgt7i;B+Ds z_zyQE@yo_$1&)PGRV0i}noOn!0M1bk-q#YT07`Gb7L-D2VHjNP{yurEskP{*NTvUmd zP9XT57<~zh$hj>+3+rUUV7nl&U1*t+g7Ki{%a08h&IyUV>HBcok%vDQ^}OqhygTjr z5wezm{A2STDiLG5CO(Arg;Pi1t^A&;Kxx>Axh0LvUc67w@M$FKcS1@}i~y8Qp~=Xg zwRPVXl_0t{^?JceIFi3UsySLNJV}ELd+}87^x^%&Wx#UYHzdi(?!H$-bWh8$GKK6p&xI+XOyh6FW$`d1EVhO6h~1YGt{zRX|_-?eRuR+L+zk3sq~q}Pj>=lCR8 zV4MtNn?4umOXwG;pp$<5_9HTolW_3AbZo#5s2CCye|pG|zdg&zmoV%+np=^)zj3)| zJtgL`digl9>c|ir(vr`g;ScI*b52FC0g_6FiU6=tfY{<27w}JH%b(=W7kgxQ zJTwY;`R|5pf}g#>77taK83yz}*dfX23Hzt<_OBp69O?gSkxP0zgcl#w>3TNzhPmAT z!rA}(tmDRMHO#i3Uw{9UyHfu=|GT8)|CVU%NT=&yZ1un99@GB!ZRB*{uYP(M@STnw z&cqGt7F;2tOIo4}%6lM*6z8ET8f(<&Co~uPojyqdsBd(IKiBR=bTG4Q6M2PT2#w>9 z!xnJQR~~FYVd85#GE+n$V8qM@Jr%ZWV~K+H%slaxE2H{SV>y@+7K7>{XIyKYm|CgE z=i>dGjhXx*>~*a?l?Au~@Tu{O6aF_*!87d67nOt3F9IO-?0=zivk5jnj!fW$_Ot2 z;O`YCn5gC-1dUGy-QI0mTye$zyx};_ zecXNBCa{px4tj=EDw#{`_y4qkQHB&t%wmW-n&MS1d@+v@Ba0NwAWq33|BIa;YLPq; zhw4;yyekm_R)AcQJPtJG2q7mqmI#as8jO)3(L)fb4b1H`w+@V%m5PG(*T^b;tc)$2 zQ`rmWo}bbug$l4U2sxj>Wi)cf*zgNX*#R>}B&mL>iP^pq`MC{PEHo|{_$}Non<_h_ z8YG#Vc#EjDcpa8Y{aYC`gATXAb|6qW-z4k&*~BCH(xDhWnkZfdZ3#?xgeEI;i85v+ z&8T2~FpU`0-L5%k(NabZC;Pf7-x9v3Xi5%%`@v7zA7_%E% zbHD^I3D&R-y{Y~ThpdGCK`5=h^id*GjGXL z>}{88UA;*|gvu_$L=H|%@? z_H74Hm(@p^Y7*glRAa+X*y^W6hugY*|5`ReSxQhXdD~|l9{o6)xZp43jY}INB*U!M zS#n$!H0_4legx#YYI>;otOrkmC1f+$yx;I93C+a+))U2OtgcXesKkksg`9-2e;Bsy zeVOC8{r58cu4ITb+A69f#&~;6RrG%^QqASNW*JuTI+u+KWlY&wxHgBbpbTVE@8x5H zFTogR5f*X4^mxLIP+viB5@82>RX8Z9vN}hkgcqoE)rl4YacvR}r-dE3=4RgKm($2I zb%W`1`(u4FOg4ObtEV(I7f2MN_JuH1{2LU=d;`7nWNv2~$uC-GLTYlF6#Cf zRk-!|&0G;W8p`OK#3a<8naPFEvgb-94=B>%yX>BnpA!7cn3vUy6^oEo{??1d$LA#U zZY7M`pOu*Om-nhwD=q`(i*OBU;%PEFqSQy1tkKwu!T1rnY_=Zcqan)EL4IJxpa`L| zD@Vaq=9V?DB1#oySf_`~-j178Hf3TaNI&vOtN?4dE>yJCaZym6ZYoSB`~ zCFN&`n=%wb;S_OJmra`W{^fyG^(WQ}5lk-A19_P!x}N#f+Eaz;GJ*54ETS;AA;2gm z;GXgCS|LQg!4=bTa+VvNF)D$Nhr+zhBwBRPAE3rQ7S@UjE=4SvHlrs)ppy*fBWxxiz^+|11J zq}5ff&Zo>3cbs{bZvi~k_e3Qy&-;p-{`Q9=ea`6?gI7wLZqevKA=gB6Y5`NpBJL-^ z9sx(T$Y8_m_SBADT}v2iWOU5M+@~f5sWbsSG?Ptba6R$|$P7xhA1r zj!JaZuy|*Nj(GnHN<(2bEe)JAgYBN%FyF>umT9{!Uj!Vix!gmTdCQQ`=GRfiLw>XLZB;Z-)mv&ViM*=7-rpXkMg0K7qjJ!u?#vQcAfswTkkw*4TPK z?{$(FLFApG<66D7O8KhnYuRY+#7nt_>K8xHkg=u4zp?-em9B5`rQeR^kDL5$LIJZ9 z#*)TAb7j9N9|ov2hjK^R9}SE?Fz_>8J<%n#LQ0=s45WnrX=S4?cTNc%>Wp0DXPn*$*qF!W{jtgcVcPyhhqUAA>^^S zFw|a?-lFc?A8SIKBL4A%YFDtuj`-;9=$wG}gd1gy2abbp=52%O`;KRhch4F6hhqZ% zJq-?%_`vdmo;~RSUk*DrJI~SXeobq;vrI$hi!BBU8Vec+s<&nM-v}Gaa`3eyfcBuU zC8dKW{dN3j14*!=RHCpwqK7Vu1MT^?CY_-vh3!UboP3|C2=TN&nVsQ<*Y@hG8=Wgu zW4)T_@h#7CRt|d3rm9y(Fq25D5rqd+x=s*LUxTbv2$m~c-8)XVP&7o|ljDCFY>Ta^ z)90!uh!?G{lQkju#c5I8H4-J8nTD@JwH;tw3`}D*hf>yYqwY7EvlR&#>|Y}N~AFIgdMP8JXpXt%;4NLxKOI))Zxrg2x6r*ej2)pk|!ji)bRy~2Ma0t+9_Q4 z6P$wfzxYPZVVO2%1j4ztdq(eDLvr~RA2Re!iFePR~muy$yCUdj+|pA-iw|M zv;N(3)yqZOK_51&XcVX25*=nzJ5tENmjce*Ia3I$*G2-#HGz)QEjYvsQTMkoUz#ho z2i;hI^mKw&sa=&jgSk5y-djM39mlKkeUgJcRVZs0AYlM3tCkFF6LNHBG_NhK8dK1{ zFwseJ2$Sxy`D;H06Gd9Y9)SsyDk{&mtS)iQfkjgsy#Fm!#F5FX9fkE3xx#R~%h=F+ zatc;;jjx!I3W{2m_mfuB;gUI**^I%Ach;%RtgTV6=O3umH{Md`o@01p0);|)yT53vkvzWttS=Jr z1dYk$wl@w)$T3_OQFI+$>Bf8xxG^(&L=`z`HPZ1URnz3N-E($MO~^VZz@C zne=HR$~Eu8-UnG*?MGzfzab>%7C8T4>SYb(h_DD~;rdnIbe6fxyHAA<0!}Cu9zItc zvkr>fe{+@x39w$X@Gzv%weHMZnxBJDMi#bW+-z{|QKHNt&Y{w77g|cnaP#8g-FnK}&IZHpg^J>Lxsc%vHw0w(UxoM`1WR`N2`*)kOdY7ua5 zFidVUb6=w?H683s&%mU@wg&8jRCWp%tHfQ-(js)L=;ts$^K&`6R;mbvF?}f}9cQ0$ zhoBJW1Gg_rZ<>Tw9P1&a&!lm3r-s-f&$@V5SV5BfG$g_%d|?__H= ziS`wepyejMfCpZmR{&I9)exJ4C=jVucx!I*{mRP0dJjT zhw{L9@b0CcldH&oCH&Hn#^LPC9HQi9a|z5J$}E@jM%r1x^Mv(2sVRkUT*L?XsqhlX zEg|RFFz{Yn-9HQdLX7TWgx+C&Q|y+fr(#@VwohE>3hYO(0tdnXlm!LHw!GcKsb5RC zhjwo7h71IuZ-Dg^1m--W@1eS?=SX&m=$~ZNdp^q>iqA(*{bPR`|42sbX0y+$cs17G z+qbhoWGxh|vFn7G5#Bxl!vw&#%e~{DN}>YD$A~h4n%FWmf_A4Wl;v8t?LP`uEp;8k zS8@iRKtQ^{aCoe2rny~Zvj=t;h$5Xrox=9Boa$!6eEnev&{R$BVf2AUB-odb&`O5= z7HD?scVy+V-O9lWJ#ZG?wQ=8xTMVsLn0eBDZ_EiDnuoO+c?C3)mDP~7A(3%BQTCOPUg0= zg98dN&{N>Y0c?Ij{B1^yNw!}*mEGFf1R5al6?^!{;Lq_?^1}3Ndv{+krsMQ#unK6h z2`a!oF#J+JRwmvi*qEgeXwZ1l^(g>JRM#2AVq~PBQ6b`GdUa`YCu0*Ryn5zUwh_{$ z>bKdJb_;_7_0dh-R^pZmQ$2+mZIwfRI_G?hKpU%r`I*x^l?^$_iLb8b1CyyI;&`xl zUTMuQPK;N0a5Kz}7-7Y(Zg^?bYa5Z{Bb@bWbVCud4qJZ!!M_^E8>}FGeqHB=PQgE% zVxodvd9kuK&VO_+CuUphSAih#&1=6@FLZOM9$aa46@-qDGU5DllY4?>W$~h~ddYs? zSYQ#;nGEdqJKSk0xHSY@BGBO8-3zWf_g13E?v9LS6NJ$qxV{~SFV-suZNN#6%$wZC z0WO#w=$#%Wr!(xFk!$O4A;X@A-|6NP69!0EELpUEjs`AnFm8PtUr+EK07dfQ>^2Dx z(|T1-{&GvygcWta%~)g6)#_@ImIpnDD@*!7nRu$qNaBlAsu!3Ikl8YBAV&akw51Q; z-VQP9Q9C<2ut+bLf{gAw8oV+a3=0eobH)LYPSlYb1({TZp~56ggCKJ)Q0g4luK_Au zFXl1ZM_Ub&*(p>{yVJhibLU3D=q`qclg(5ar`*+|8LjQ1 ze_V82^=k=P6uS!I*7BwV5|n)Rly097Xpez00@O3`fEZF9UHGnr z6I)rbNG*c0A^xEg(Gh)RfCl3+u=d2+C%lG02i#Y~GDL?D<#)W;Xs>C27ra;e`LinL z4%F@pyIQ01jl00ov`B|vSW(#EeY0_+2cCP-xFPm>{R1mFDZQ*1^2i2x)mR~V=AR?) zglb=CdOwsnulo!--G0CHQQ-Vtm{-Xr8g^vk*KfpvoxRUEu)Ez@xecQOD^kC7!yTnR z#ThACII&{2ApqekTFi{v`K(ZJ4_Q_*W3Meg;mEBS*mXXC`Qh3}DmDfpGjyK-C@6sw zA~yXTgX>yG#H{|TW9CjaVy5!bH!(|qY>Pf;QGu%?NpL)mnAGv^#ESlHhFmfrIQi&(WW)X}TEZ|dIMNDK(AHp3q zB_1Ax85a`h_3EO~Y{kj>y|H6x;_9cwc_4~D10 zsxu_U<;iTpWv0)X#-ya(ztSitj~L%p4Wi*z#}70$@g=j>h6g|b4ZRBp(}!J!u} zCpb8G(2F-SvY+NAy^mrE)k_nRx7~Z!)m8o3@AUX{2L+CpZCV@XIJO+4c#%8mN@1xH z+!qMBBLV@AV`Xu~A`!nBh&TMS*N~-?=3mz%A}7N297SUM9Zt`_+k8hQuV6B~*<2>> zP!n&WNXU7n=JB8^bGl)^<7)nx=7C<;)u~eo#vB%a1DJHAt-xX$s5)G{`N{RZVi4Zp zeiJAtUP3zwJNa9tB1ZhQXG~h+IONsdp=Xxlhr(m8=5uV$>s0z()y)(lTqKZIv;H*s zT(!ot^9m`)14Qma;qxg_EQxABzEF^=MXm3XOB9+r={=*pGVAT5#JBu8l`?aFIg|S7$ljkH;@Ws$yEzx1nL#3jrjIQGT=GAmlF&YY6M(J* zcSedwo7F4gQHBM!;#gwW{^V=ThYnbLQy|bo{DKx(T`(T z>%`*M%v=LaywPDSs?d5T(rUIk1b)mgG|YxE6iy zgakli+XzzCj{Rs}FbX=YEn(P zxBI~HIPzxvFuqm0bpcYA#*0J@AdZivANx4G5=PZ~J1c?4`XZs)W&%|7%?#NO>t~ft zJb!!l-?9Fk&~}JXoqJ63)g6)>&bC?Y9-xy@`(D+#lj{7;`<3U5JOiItC~eokY!-(b zyspHNd4~5J87&TP*ABAzp9~E@)eTkz*$|1hPTu9?l^QS&+q+hyL$Fva29O`WRfYq+tS%q!C1Q(6ex0af4iraFX=iX&y{l#7?3^ci0-r}^=4R=_?w@NnS$+L;UL_i=QKzObdA+nU-dBb!o#)QFLR!}V;j8LHtB(_} z)g+<(ouNN=CDK57Wlb~SAM%&2KkHd^nsmi+LE)D5D6i(YwhWDTRLW}%I%E%|dj&cf zcA#CLFh%=>b*yg*hDn|? zHQlEEYl!Lzwv%F{0_HX!6~cYK_39E)Bk+2c-YPwYxY0Usuu01oo#gsCIvfI#X2?xG zzHzF|b8U)bhphCEJP49QonHPq$eXkxXfR_7Hc)D59kN0HVqZG-2yz*W!m*A7gUgH; zYxLX&ZNC78+tCe4%crxoJHH0rcF|8CX?yb!Aehmv z2%oR{ZptbWc#dGjAq;Zp77f}SYjr4X{|KIo(s2?%xb{0bOrjr)?DrJkTcw{toZ0S9 zvR^-&v!#7e?b_LQE*Qs2qKjiPI=HrrpUR#Lof<35X72uSW4dC)w(wW}$Vi86A)2EV zm%B^cX(CTMA*n-HuEE-5A5<|50HA zD$P*unV);m9dgV-HcnT`PaNguWa#I2d`TM_aRTVN4oJS=D_tV=LZ(2<{ck-e-2Ir( z=mx)iMRAt60M%ctHo$M2@il~IXdxzs;fMBSd8cU6aOwNzPP4)2aGMq2K_9ksE1voi zlee5Mum5SUE3QB&zT=6R^OLO96JCei?Ksr@S+ov@$R=2kU5n#cy4oTm_>aV~^$M#^^WH8JbOSj=+Gq$sr_U z)gv106zz1~1&Bfa881o|5Kg<&2QJuqG{k2gL1ncJ!{k`^%`d>)+P?&IxGYJmrf=zg zS^nCgdwa(NaHlBW@b_gsq?}ZJ89UL}I-~iy#)!G?;{+uTkkqbS`+h+} zGM5UloisSt)xHc?krFQ|gj;r{dRvXSGxNZX>|rHRU)v$9DsRX5~f1GPW&fHan`kppDf_oar?D9<|oYR*5)A zI4|*Tu|6)ghl?Oq$l5IPnC&GYmQFKeOhee9jQ|pCf4yYfg7)`CpkeJ+xU;4TtD{+! z*J=|!uwbSghyG+FD|Ob)MEf4Q?T)QECTO!}$@Qcy2rx^)p+h*zDX;vx;V4;N?Zbg! z0+cP?04szzzdTsCxycVKO-14Roeujf&RlY}X5_3b4sJtzC`GKKG$UMqVxZ-Iojl!# z1YLgI?(tse5uR;Gs%ZdJ4SQuiq*jNqTMJ0D}&}Z6&endXs_wyzd%X zWx2lT*xAj=uYV!kbvcHd&RN$&<}X^r#2bIR!q8o~1GU8*&wFlpT=K(=E-?VLqAT3v ztSd+IAUzLHUux+s7no2D?%8WwThg*=#XmCPI{j-=O_NnKO0>^WfIfUyzsg2hCVB+b z!i9N(2fnJ2)w!7G5`>mKwXd3CYKbSTA-|=1^nwPcZT6faGuHK4j zURM5~byD}{@91Xqi`PbHGPkWAFsk2?k$jOXysBbaJ!~4d0nzR4XQBjjT(v-QT#(0k zoi78tNvSMcxevN_l05hkf>5+1)W+Xr5Okm>-sBAEEH^+uhNu*O9>@bOBmj3K%>(GB zgB^!l-AFO9WbQ`@ZOM{!)G#tFUnEvIXu1W48o2+6@x}p}k#E*IAG+XG?O zABXJ-O5wUF3Kq`yxD;D_47q8tO1^V2KTdCUnK8du-%~(_~^a(UZi7X zoKA$)j#ao2t=87m*S5IMdV4m0Jw?w8-n`Slkpse1^sdg(?bwK1PBoZ`Pw$Aa;h91k zu~k_4HUAd|Qg{3&8LNOyAv$j`rO9I0zcbvdZom%@+fq0-+g(KDobnZ(Gr$N(Z#E{B7)=n%Ykh z*`2MTuQwwYpBAoBt#m*699*CgwUtP&}g|Q6iG|siZU$7eO^vZhFNwZw2 zC%1&&^$22YcF{K|H7N}_NNa7J^n9V|Kx_3Gfs4&n z-90DVDvf}ScF?T7m!_uWQfw_Kny6yVcc!H|7cTz<+%p&mLu-Vr}uth33@Ol;d;`sy{1RB4*-Jibk=SnNF zBR6k)qfOI|FPYkRHg>{YukseY-f!yWoDwBNE1y4WTt6c?PHz?e{*YU;=~l)W8vdE_ zEAyV+wrtk+2>jRcmH25P_5HYTpVRJPPL0Xs`e>BKIlfK9My9J|BDZ&E{KtHY34R65 zd-;86{glYblRvs=Iv4yht^Z5^{pwDHZReNWJD+=t&ojNW#F;+^K;`)}F^wELhiImp zvTJ0k7edldNUR{E)7(C6>xQwyZlq?8F|iMEv08YgiaqTH(bo;>26s>vF(hQkM{SgU zb#uNT{zi@e{G$?&quB!I&4H2YXFT{HuIm@Bi3aiN_W!7RRKLHz^K-(ijzYX#R!j27-=>X9oSnJ#n3$ z*%^G6Hs6rX!Ku^}tPxM2I8ymOjH2@vm^`G9(dP^r@3e zPIS;CLeWls$|68|aO^(tK1S`Vd8CEIX(Q+sp>4$m=>vTI1*b#`q+e^#ISmZSNF-2eAV{oSDqG_cMC0zOKq)Hd`6GLm_?LK4HZrF~maWkaB z@r%lzxD{8D2E|Xo%1T}?H5f}%aryJB0syAhZfL9ylh<)YzWgsR46%jvlG zqOgj;Z3f-{p&>;6$1e-5&1KZe4CXO?3!E;$<@n<)$%QcLM@^%rWCzDbYbLXDgJSOM zQteyT27?o~==6+xo3fO8DzLU$w%lGw|a9GP_p4{)}&%`UvVa+(0AuSNb zdrtQYeb_!8O+iB(HRBhnhOF<(zbMHoT0lR`I>49xS;ZF5@lj(`k(ejCX(UO;O4?fX zkCxa+blLs9x=pO0CCS9O0Q#pioCEJE$(KD}&`I%|Xyvr`Fh4MXIH}?s%jq^j*FT4j zdiUEXuu@&KOIqXnvBazZc_@tLmuNg*?6K#SBIzu2i)zMRh9HwUoP%1sGt<9tJT5hf zd9>iC_OU~wcCwGn!T{|pI-PGb7y*(dkmxiJwuEH_o=9i8D$U8GDkGa|$oUdm32qhs z@%%nCLUkmq=l>aEmd)jgi&fT5IQ%-`O}OCo?Nkx?%j1=*#3(_A&1kwiQvB(Z`;j(P z{MQYtrC{ShN!&A->sK^#&DuD>^0{a}9^cEpeLQeR(xqmce*b5oO?7kb+f~d#W6BD> z&7z0{ky3{u$hC(jby*5|ezMO&xXD617gc}xu8hZBCQ1D#UbNOI!HiHWj4D{7&pdnX zo#x;lVF|HywbQ?R6`7o?$?|6n;$KKvho9QKFx(6%fS7*@93c_UP_dW3B1Pr|9y3VG zHdRyTcp#4>!kkf9&g2!cvw!SO&>2jw1Q7Fdv5Qknvuk8FbD-Hzbk(@6cgIZkk3}Bx znRpyBzj1+@he^lFN|Ev2C}g|;fj3FafFA0T#ipJ2o@5pM_w9S8J7o;6Z_|B5!)EBz zF<%Kb*(xka#z-eC#vI$dBc0}9*u3)qC4VH}6WSy80I;s(x(xE4t8n>n^4 zb;d5g=UIcF8EwTzK0M~dWUcJ~>N-OrLkY{wZ&iwY)hqXVj;Iu_<=9ZV{%CGv#@l&! zVm;0YYckJv%a4pwmlMs7LUlMH{)6{xBO-3mo1TrCRfQG(sDhtcbMWM56jm3=zQ5}V zse#Iw6EHnYcpn=(!y7(Fr~E`UL3M1t*`Yz_#|!-5fe%k~RnY7b3qt!$Al%EsFXP?3 zhu`F$6gn5!@N-+-Usy*xh?X-sEE5NREa_r2%Hae zuNQZf8QST{daQz$_Mlj43sN3xag?QjBG_WaRkJwyvuW>@cWvnp{+oYnhRdkOLZfHN zeqd|Q79QF?*%y@i{YQ&arb!fqtAjGx`UAe7dp5mNW8`)sUpaLVo|>-I5pAW-nG73S z3@ZrUaki-(5%}u)CQm@O5v#dxg7L&JG?DkiVWo|1X(zT|CMh%Jx4y33h-b?YP`ZMcU!&m?mwu9u%W0{#0( zy!XeI-|_iX*nTt2b%HC5ynJ0aY|dJvA>wo0?J9^RI{lO54TT~qO&n~z*mS&4S5puX zE+iiN{VaJX*NEf4)lvAp7e&4Ax_J0pcKWf?&}{`|^o;6)e;(zFhzxP233BRi<1wC* z|$lS{2ocy?{1f zmauEW{=1)&ON8B}Dn{j|c0Tam5uKp?PC5w*(Qbjp7=8U17B+h$$MB9)4qKnQU=(E1 zbA&$(eN&fuODqueae(5;S4{r9%ygI!jPDy0Wf5g?7Jb@OMFC-2!7syq&>iN$)9${h zcP3!Xq6qvGKca4-^POK%6HH0z3A*O=gMmk19t}U5>vvEgFMH+s!eJ~+_^Fll<_H$9 z7nNv^v6l6+RVBVRU7Y$!-6x{7DDAZucas*e-V9_UjHsp-Jxvu!9mzFA`6%~BU)O_f zhhmWE_{~=<^uvcJq0p#0r$R2C%2Qo_?1+5nxjRQ`IZ6pCW9m_x#OrE9sK2mO4XF;U zT;p)3kiZunS6`teT&jLyy<3snq|?DMDbaqVij87>0VUimehE8?mBqopcEq@`sQnQ` zo9Tv}-6I)vKi8k7(Bf)kS36oBH>qcScAWEE&Y9kEl)B#R3aEwRu>I8+pXG35UhaCP z&z;H8t3UJG)EL4PO<1rFxqZ(#pJ9QTInf^LEG`FSdB8%jG39s3b+3-c3{{^V&^u|8 zdzn9Gu(o2}n@r&lB(fQzgg_TAixUP|EO$*(4gZ!K)}fA?pT0xgLt)Y4iU2XUMmF~~`vEoP4>%zIcw0+gjS!f3Jfr+8LEN##) z#kKbPAlfuKp&ouSJ9dtBAugrSxQ8qY#H*%X7dD+p{>|$$-ziB7S*TpP|MG!=O;keo z_$ggLvHzc8Kh#M|8Bd?OYm-j)76Xuv2}{kc%C$Bzhu^pNPf1_ zX8i+QhM(UB3nrXL1ypJziH=;t;D%quDof_?4DM&e@%s9w&sM57>KL#NA66aYxuLb2 z1b)FBP#Srs#9-QtbEsyR5s^!Is`MOx?bBnj2N_>!g}$Z4r$l^IW8}M%QUCH`$(1;U zun4la&&t-y9;D=ME##2j-oNqQNKyGaw#ax={&**Z8{H9RCQ}CqcoJAsNwqYUkyr?*-{1p2r$nfh=kw04|Nwqd-Gy*pmG3L3qQWY|dk9`RLATPCMpcCQQ+uG{yAj@MDZ#$fLs1eD1TZeidzF z6uKl<{h9Zkbv~gro%Nxr zVQG$EFZYEwa@D(;&&(Ffo8xUVWV16WgGQKNTi{I4<54r)y*-2lxUq#!3$pBob_R}k z=X?;4yP4Y>TWm8PljZMv53QYvAM@o^BZm0WKGwHa#CbU>>zPl*{@j*yHI+Uyv82E} zK&yF+=OT^P&iZSpprfOtk{`F*OTfQLcPNUoD0T`eHR;da0E>zhNt}$*)a!J+7rUo3 z32{JYd|c5Q9^9$HeE7YTu-+Em>P~I_D`#qM4&wbiN-Uyy6)eDDk=zrnJKIwGLY_bA>xPnp?C6aEP z6yf*Z`t_}kgUg7j9{U8Fnngz>)L30+c}03ocMXwgbltN#|S$>F52O4*mYkQVoE$9Y5hf!8{~RNvdDql=sbwz^T^iXfIbqjq7{-rmJmEh zWC0$;5h>uD8`0o=Jm+#axisa$x&R$t{(!9Y$p0`-O?eo=B{dHYkefW~s?+~UXsLh?oRxoB#h za~VAU4|CC%J&Mmb#Dzc*pMP`5g#8zLJk!7}IPJf6E_z&o%fIS;HT0Gmsc;PoE~}P# zO(y9|tf&^tK(yFBE)p$ooE#Ce=rpltbU#|L!L*1QS0xNd9xBPb7Nh1qeLyGHPu{c{ zB|462l_rliD$-i6u_ERjS)L!gDm=B<<@r5fZ_;J2yQ^+~@<8EZ70h-r$#HGZlMiM) zH(7Iw;Fh=fL$e2s#Hh(Bvz#o1*)*akDplD(&dvsKB?tS2CkI#wH4l=1VxJLf$fP2jD#9>iy=R3#L*RzN%9H~FQ6%DDVl&>|u zwsd3@RTmy12^UNuut~zT`(?M0Xe`=zAf$g|P$cX?>X2?t;K6hTnzsXa0hEMUpYHB) z3k@nsns_lqE+Gm|F(I+n>@_fXno+!=UMX4&{B_x+fa&XAl09#|?bCe}3!_ralO7EhH*xh3o;K#uY7wYbY2)ix7MDyv@|nmb0h$ZX(oE}- zNR(zMf>>cP`!-~|(0%`4-FtTk7E*$v;^X{W$d)U|OTcTV(&}__o#x<5^tw}* zw`vWnQ)hK6`>h$iP4B)K=J}GO84R0FygR(Q@=PrdpWtik#Jb{BGF8&|5aPkZF>|#O zIXLw3eVo4HmAqS7hY8V!g@`6&suQli-HB|4Haf}nyv#$&K(FRmI%^}jQw&6efBxgi zTWjH;5bg32?M9phUM-obAV(Rf)3$1smnzL(&Lo9$!$hat8ca&p3NfiJeyfQBue+_Q z%(HF+VkkG%b;>AmQ>9CMCAr_!-b#mD%?lgPAL@NiAq&QNHG^&ZCa8tQBIHQi`sAi2 z5@ms>)^{|{f!U>A5W9m8D@u(s+JR{#Fg@GV8A%97r!y}9ao|&1;_iI{>!w^{P6JG( zg{g6_JFs^+bvU_XY2n<eV;Q)eqkD&G!jx^&PKgz8-E?t2exnu6`efgL$htIeckvNAYfb zzeTOytgQ7)Jd;`Kjn8$|7-q28t@6Aj(*gVv986aNvqtqPc#cfL!D z5~IUlGqUQXdxP)in?tN~go-s59m);!%eW-^%I%L|IeZVCdX@Dw@<7!`TF_x)+1skl zO0OiBzvQ_4yGPit^6z%SMQ@L~TBqLT456X1JvRaklEIOYesP!A=|s=x-WIC8LJEX!SV~MZuKQ#miCkffke7-DYg`=?I~5#^J!cj<$w|LC)a@eXoG> zrO~j_GYx`vmpyRsUL&~%UL}DC*-CtE$p?iu9b~C=b-2BeDNj_5t)`?0xNYQELz>Xg zHV=Cq|DMi@Gwyv$_WrDYXY+9PM;OeBG7Qz}g{x#xlEau7-$^xr?0Ueu1w~2Cp2p&u zXJTlofKHZ|h5f3#`*1zu+3{Ga@d%pb0}_Hfi?N)Hn`w}6RHfnOsO!CN_(bZ}zjQBI zc9NopG@wn5-lJ@AsHolj^`-pSOz7pF4+iwx*bjQgwL@PPk6!}TA-xJ$Q3Kic{ns^E zQc@TV-`BV%v1lByCUBgE2IeyjbuOd~vA3@UjdVW%vvZJ2g{9e7ueVRu}evUKE@RrKy zCN1BFo2owWJc4jOAsEVj}@r`Tkpnf`gQfkYg_1ib7YuEF(mz|*d&Mn{E zn2II_54u2Tiv&K++vg}Ym0oVMB7sM!V=Vm>EW(p^qk(!gPu32s^t#JuD4|xe^ZK{H z)fSvm6?+dkezce~9Wo4dt=V1X7MyR+h<$ezn&mlnvNP}Bj#A~nyQblZ!Sc2}{}fu> z2p4>6vy;?&syl4mBFZu`P&L~2$wt+OBB3e!`ouGEVbt~Ise}nCE0}$yc+a@zV%M{LH&)CSapw`=Z z6Mq5-{h#_rePc~7xAgTc8!wEIDOq+lZQvFT2OTuN&V*8ev*zPH*wRXJ8I>V*+(5{(AjzgfHl>^##nooO;jlrm0_wU75SW?c} zg{JZ}pE8bE?@QoK4DgM%aoMW+@D=+>|GWZU&3FHd{?3iLo=HdOOz%&c7j@9peScf` zNFu|LyM^=9Q)Rd~90V8^1-^)`H)*}uYbnf2LX&b$5I*z!KY$q&A&~&(8pngi| zDt=9ht6M$Kj!h6>^MdcD+as}ksopF1Ia=`C%FuB*XcDXhdZ(O&)e#fqFoX4ClSYejjaw88YR?qTvxofk~B|>V#p;@jm`0=Uwm!LF@Ef7nk|VwAPC1AX){b+F~n1&SO`2dN8t$yG@-} z+!f3!xr;;O3Vx>lWG^70@Tq^_;`Tjg$HR}0B`+JPSAu0*fzk6KjH-!Gz1g}7lMLw zgV%8&0hm@e!J9m?1mojDmcUyuqBCH}02T-+Fc$EF^Wcpb1_LGnFc5Bp$pX9}^B_rH zq>Y1vjR%H&{f5I4wgW&S>RYf10)Z!5{6hCK=C2$Ilw-{0R2gBS%b8yr;f0$rX{+&o|ufCp*D0mc@D5_!Q?5t6{dBc=*S9>9#WM}f8o zvlggDD4h>r08s;Y!OXcpcZedefFKw^b0`#G3}6#E%zr_yJgDX71NuN9mkTBiNEi=t z#vJhTfq^&JSSP6s)3Dj~SRu6F+)B@!ob%j_2 zFj8<9cCmVhZot|imBR@zja+!-T5?<(=QubJZ4lie&=2E5+Tpms1q4O`K+1)H6hH|K zbPMcYFfebv^EKdNSPr0ngj6tM zE?yu8LBe5jh(!j* z%c{~+n?Dtzl`yxmVujLDn}DMbEu94NAL6FQZVEn*E~di&n(nj9%y=7(2m(QT{>}Fa z^#8LqC_?f}8x;04`8G0U1P>J#Q5g%a$FEt4Y zZJN@4jsq>Vy(lB<1JU#i)!z?9XML2=gMGwiK74)Y(}I$YbqyupvtkS}%1bmcLTXf; zfK(<1RH7^Xw4&%FI3j8a=y&k{*LTpnjrrokhb#MWY$!3PU&US;K1>VNqiIiNXaD7K z@5gWpR##a`dw&$ffx_q9cHy`Gw*UcaY} z#b0iT!TJ`Cp1Ly0RH}Ep&FRkHqgRV((tAcxI8}Kti;?w>h()^bvBy?ZV}woLaW`fJ z)M%-u3Jl6nu}soOu?vra^ZhHL3LEg}pB%4$b`|Lga^G9~u*BmOg@z(acuo3S+0QF| zHAj-=r%BCnrzYNORg1TCu~?T61^+HE=!X*YNgQx(^z(pEXt<6-FS1gNxzh+z!t z<&$b);M7LyRjoJ)?u}sVJIImb8x@&E4$|pUpw4wBQr?yDZ>CgZuKpx^u*9uVZOF}X z;LLsVV5_pz{gk=XuyMKXowWF_3_;*cJ`e55`i*%#gO<^bZ7!#mVUAh!So_ZtBCp-z ze*4;Fi}%Sht{HT>BQJRVlZp;&zrdBrv9upY>!Kfat*KoLbbg zaetjAj7aer%2WIJhTwzJpu_6nRdOD4eiqG-D#@$Ej&}?j6l=t4;H*u}&3??3%j;w8 zcrIcVL)tTFlXnR!MTR%UGvAf0g)DJ$>QQtx-DcU)SE=qf*EYcI%Pn4v}uPEU#F2_rv8aKgAkX z|F5K-_5rQVRBr-FpKN?!cBhpHlk5=5{_Fk15X*KolE z2es23L9b(t4$dLMhES`?>z#{(A56)HJsG=xXU_X`p<9jBLLV{C_m-*cw_|UN9E516 zBoOU~L-)@J?S9U&)@UYhx{2*i3-3BT7kM*F8j2R4LoC@So7<~r$zv1HUev(jc{JnH z7Z4JcX75++qJvAy0%?m6pZOE@a#wIidYI)&nq1E8HKjtl{WvC+`h%^p>RamD)%LZ$ zgIMt^wZ>Z#J|_$h`z$de>pr%BjPd5^P1488RsB)uFr}+w^$jjF#ZA1d$z`p5d(yoI z`%#Vt)rNEq>78lYJf6ncOlIoSY2{Vpd*4)QeMKxr-lFZr{caF99C*UkyYkXrxnEna zOykYxl^l(>ESHQ!XZ`MvRaVi0=o{bOF>lVi=3O5vcg77)Aig^FAk5bn!=u|~*L%tI z@UdMcj&ZtV+^&mwu^#E>m{Mg2CN*crkmX3zdYPC~^;2lgxK|OWzXOn!ZR^@T6ZIn{ z^=;IIK^GIp9d-2&ab zN6`;v6CB}FpJVcdo63{jD_?{LU3 zZ@gZN>SCC5=p)LCHUC3ri^{=UN9DMNvCZLI*PG4d$v${7@qL! zf$%Yki_mZ>hVpF}{1*m#WbR9SZikAGnei1x(s%a{qJtY!44T8Yavh)BC&t%T z#I!4)CBRUUO{UgIaW~>`B-GepZ!g{Mi4Es37M*I@xKERFP?fU=XwAA9A#0m`UOa{OBT~h7FI6c&tRIOhhqfz*9%d~l3 z!57!A{n_n<7CHUAEHw8tU>VAavh}N@mEyx{r6bulH^YuiwVSBUmKYA^Fa|li{ zXQ+v4f&GF0J>K+<9J;^=)esTK`N;cnd{_MnS6*~6KVTiJs~eK$AECB8MO}{#QMf9mq6R_mz7b{D|=)5-OY4#zYKnmKZfF$xNo_X1}arQfQ}MUUh$r)0X8E8JuwdT ztvCa;G-uh7Q#*143t=t2kRrStEJa35BDFBRNIPtZL{KX^e_?y@n;U&qWO}{t9$=xs zN~KV~F+3Dqy-{0%>+1tMQvPP5Bzl{N^Bu=l?b`67__Mu&FAAQP+u0PGzcuzB!V*@$ zETuk)od^n{*b#;8~IUa-xdTOb$-TBItNscV_Hi~w*phr8T#|=fc*+yZZxWuX? z$}4?EWng?mSbsEaGM``|_}i7{UoH#dBXiGtbkh8_2pbC+?Cz5V(&9gT^E76Jlj@K2 z>q!ZTD??mPwEWpF&ii^3d%Q{nx8!}wlb_dYqt4m9_t(1C_~FMkg=5-YV|qDChzcW{ zckrP_{EY5Upb(0E$qqq3aZ{q(8k0k;TjeKHMPY5Igdq#+{&3Ta$;2k-RaGAHh0+I5 zk?XSVuMNJE@1nP~a*>ZH60RHv;@!X`fhpc^+5h?0IWhU2>|mjC_x0XBMr%A8YT*-p z3*EW}Qjh6A<&2g0&s9XJpAQR;=KM)pYkLQ0JZUEJnk%;w$J)oIJk6`%ZoEdU+Hlfg zEunOuJ+M)#ya4^V3bRV&>T4BP@yE!)9WyMHL>}`-3aD!nQRPvEJv6E6>%AF&Na2^# z05WwDLG}3x>JY09-%zqoWnqN_hVVP{P@jXl6=}vZVs<$nH0}NfV#*C@IWbTNerxS8 zeP}lxK>LN+EPlQ+%9HF1{kvDw^~~eOC11H+scv=IndanvWQv_1*^raP)cPskk2k+=k+J1izjq|2Nn1^{oKPT8bM{8H;32GSuGN+5dI@=c zC#O|FOWj!|&hZC!{KL{W(?aEnm@oMV`__u$x^d74165&$HXTXbmR<#%mcxc3UioKp zBGn=&WoK%_=Ai*rrzWLgfx^Pa1CQw@)vJk>YEs0%Fs2NrkCw73dl$6{yta$_mh3a% zvt{sECTI7XC;X<FQOt4if{RLv{nwA^I zx*D#ivpD%zt=v({ocf+g<`wlAdshHJugN`kS;#X?)i z(K&(-KDECozcoI@ZDZp8=Y&f{B02M@${?MOMAnW{<@-*yy0fGioV}>aO7;jdG+t3( z@jJ?Ib^awEh)ukZ(UOKu=i~gjUL%I-pOdMMe+-?nCv&8lv4d}{{P6B8S1HsqZu|0l zU#4+&X?Y0WAH5v6l5mP9xv$s`v)=sBdmKaJ>a7;B_rGRX;6Kc?)Q)KzYlkH+^s2jY{x&U9OD5HP*dU^R*F0G#-a1Z*h`3f3B6&5AF%t55zszP!(iqB+X{SW#^5%;*;*y8O?;L z#)LUKd6%4iDn|cF<;2{6wpsew^k?kgY5i^gjV79MuQcXj#@;$CeQ(?S1?lqX^)*($ z)yxE6pI77LpXuI9GGzY=gubwke*UfV&#%Qh!6|$r*9kO_xJUzD=Ox3QX9Pce=7g85>~xYY8S?r4zI*S|7T|e2?P^@1y0gH+{J5kT7V;> zm--*0k&~IRwJ|&LHz(UOYpazf-651bBn@PTB6yCj$J{@|uQ7}o2_!z{dGawa`es?V zV1@>aGqRSF7?qxHM}_fyW}KLIMo@AhOGm2qrd zr(+mSx)Qu!@Y@+?1(zz{M3-*;{z%@$K{P*#$FO1b`B~^4CpQf$M<>+hMw*3cOs^e6 zrDplDU)^7Q-Qgcv?3n$in(Xn{D!7J;&PUMCEPS79x21n_aK&_-F5#3j0;fDIvFm?T(Q3hSTNw zw(HO0GBN~@BU(Vl%0Dk1qgsnaJJI)p8OcvYhpwM#R|eXv&E)a#vxx5{@qonT<%k2|AEAJM(}=Fs zg|9?H(w6E*dR++gA%j_HiR1FCtGyYLb}O9;!B^SnQ)IP0Dk9xw+EqC0kF+M3D?ce^ed!Vn@yEr27@Sbt$*L$C>hv6tcjW!qK;GSHHyU?V&rZL@5 zjJLe=tzPYJJrQzL?@bzl-7ZM!kRkUZ{8YWxuQ~g!*5)w-5WY6-=ka!ki{%LA*VV7^Eb@lC+P{rW=!2KR;yrZnEOLT`5|Ly zX~~5cJ)-MN`myF~@shjW`XyjBU$pW@>Xh^<3b7c+Drnv$cHL2~h%hU})DssgT6v`L ziIqiD#*+s3q;wnSrUJeS+0XhoPG38}2r6cg%uVL?lZx zF^OysFhCD#o7=c|RGnNknD#-gL_TBe@LIjP^iw*XzLpg}hT{1p;cSZZCvC}%A_{$> zrfG`Vasg)XPT${X-#FCa>3469Rd`Jcc0zCmH5aeC>x`ZTF;>2JbF{=_Jg0q^T9m_^5}t^iE74;P(lamZs<(a zbWeWeo5EPF{%6aP*2)h|2{ls~51yucc6OI%sKD=ba#S<%u8Pl4;#;g!{4s)SeW%+O z?LqR}-Qzzq_y;%hSk@`?2L|gBmdEq7A3Mp^o`H>cvGOKL-~t+a)f1-5g5~h7K)iGz zly~);KFneWr6iZx*>-scE>Mm8W-7?SSs_yj#1!2>xRtLfmz5wIUih(7Xt9fLv2u^u zYXsNAODXr$@%@fG_ZXGV^$G!tk`?*v3%95 zmZ_}wwT8AyH9niA!3k!ACbO5{`nBS&6AA0l!V34-Dm9b0Vr#vM)GV&N*3Fs1dV69Z zvZ1v)gEqo9tY4%>Q2QlK&EkyO(Dh zz_;B0oRS5qPiRSq2Z10yq=3T?WTmk-erj&OZf$&R0$-PP5V%@xLG>tM>x z$-%*a@Yh_h@ISLMx3Tortqq=oI#pvMX9sg9H&!_VOJhAa7cI4;lY_0Lu@J3| zt&Q;|#dT=Q?X1iV zY>Yr}7v8G}4`5te;y{)I7&J9PakSKK$lw2kh7lex6~Jp?V`^o5>GiTRa5AF?74lq& zXn5dY1OfA)2t&9^d8mOO?Vl3xHv@+#R2<=41Kvt*;OgW80pSR590iQa&f_-;(&xAe2P45FgWny0|y;1B0B#c5)KF6ymMwba72(7qQn8o z2^`Ir9i8uFKn~%&h!_}X1BMQKp&U@aPt66kL~tQy1$?QXA8t3jKc&m+ zfAp#;4~GHIFfTP6ga+^d?SbQeAjL09gy$6Kha31mfm<5RjSREk2JU&VP2!RQ9(>?< zzNEnB2rh1FApN}I1$o|!92ao)c{}})mP$L-4 zWwUeYq6-)=vhJdX3+jRs27Khe$$KFa1~dQz8bD48Y#=zN0ND7zRs(L}WT%EB2?Xqr zLje&5eAFI6>;sOhLO>2E>!Q`=1kPoExp5*Ua6$0_4W2gxUU{(6 zNUdDRge)#Zq73?QiWl;4a%{!DA`dVlAaDu23led$Bk+8=7?{KlILLi+xCJy@8}YHmmOVT z?~?f(dzX?f7VIy1j=jGm5^aB5o>LdSoTKfslMCu%G8fpp6mx;S3-S_sTmU3ssu$S1 zpf0foc=>pNTF$Y@#SH>s01_{5beEME;Ja*kIhS*}m*D$bdk((Kwin>Llzf4{zqRM+ zyKD>AAA!EV;m{*l88%_8+^YbmXYWDf&#UOfGQA~2JZ845Of9Z*L>ho zM?8-p>cFN-5QzpR1Vw!PU)%%Ei(q}=d>r6O0~ve<=ivlT8pt9iH$X9H$;l0#cYwYw z1i`t$6AcJugYh7rhMhGvjBuJIFbPw$@QQ0i@0-eBPaJCwErKs{PF&M zVEw-gx5^Fi6yd!IfgnEr?j7R4$m@s#vS6aHAou*ad4@TImk$(26-hBjVb9G)K=>PL zNSnyZLzqAr3xa_{1VKZvfd3Gb8^}G`pahXYq5NA`L1Db$L4`nq%pvGVeh5Sp91%qy z#IL_cv^11|B&MNWa-*=Mq5V@vva}2E(c;Q$;G7W_wZ<2J97!4o3VMhosNo2N_!`S) z+mWDN11y;ThvolQdU<-|=e;n@NYP;*u?{NrI}`y2kz)dioX>wtYd(M5!f#~nEwGfB zS(nRp`b}M(u3$M2l@C9O(+@yKBI$UKlU3f~3x4FWXPbsd2EFTNjt(ki77Dj9?1SO4 zLE7$4xQy!J^PDrMgh6j@rtaZ&60Ay^2zb%c@z^t*9~wr)_fQx4gx*gd5x?IEa+h6i zzALTX;QKzbp{`ojV%~#>yU6=)*}4aPNo@K1ZSjmbfZ?w2^m)4W3CH&&Cr>|a3++NW z77~8C9aUor+|YUtTu~|qgA)TB-T^())mTKL#kAy3H8gv|9_$nzWA>31ZFT}t(NwnD zl@ed6Jmhmvci*)0thcBvL6R}TAikuP5$`9{eb>XHnjR-J9vp=#c+Rsux6&<9h9A!u z=RBW5dqZx^p-qijfbB~<-p5an-xlG;dHe;IxflJi=L<@)*|9@Re*LMm`M#AKq_zn| z1YB!gN(7>*C%uA?0<|4gzD_ASyDmVN@h!hOu6K+lro0KO&RT=F9Rw1J7USV+xc*p$ zev*=y^eQB|$y-<>-`cxwWgQngL^@Dit}Y%Y8Z%a7}jwM=|JL_po)nS2Zuz!Lm}-xtg;l z?Yz$VsyE$Y-@{EipU90Sg}XTX*AvIe&Ar>q7*|&AxXVTJbD%+nk zHI*adD*B`DQG=i&6ICMJ&X$aGR?3iZI7{rQsa(mN&#lOfj0~cofvvSLk+;w1u3f!Y zyJrg#^y(QVN$j5C0vzcQmL|P%JFt|vtkz{B{$A#vc$V_BK3icCvyS)`lP`W(+mt(t z$FT5iDVRTbGIw|rubb9KKY^5eZ&H)JR`Lg*{2^6o!?NSs$FZGD%T!U-1lMbX84?1Q z?ClrIK1fXw6F8h?kE&NaiA~}be;ZdU3{5EclV^?I$-XJQ<~sP}Tju&BS3}a}mFSNN zMV*H=x_H0%>yJ;qd~Fx-GBFNVSbz1FsG#-3Wc6=cl*gv}PjO!896kRM-T!c~m*#Qm zFU|aM_>lA>UqhU8g$S8ci3-i5^}hO)=iHQ=o;K9{pN=w7!BogU}w^8^VgDpSh*u6%En!B6Z^9aP^vx1h14^iEX79 ztIn+D4S?BBnst_H=g2(Fg*;vy(!|N2uBrIV-6Z6>ZA?mXW|?Y?8oMV;XVw&Ra(6*k z`F$>>(uuevXHyT8x+w2}pjCP_FR%Ae6gzYXNXObx z{ji%3)c0Ph;q2E&7@Wi#@D5A0jtFz%KX|5=E7&~ zGEtemQ88-TW~}o3LmOs4g?)|pxj8m`=`w@L9A6h^hvIa4ANV*~xp*lTSTbZgGm#w! z)|@RZq-dtRk0e#;q6fk$1v);>QIe*5`~Somo;=Ra{^e@GCR04fld536FK;TX8Qua9 zk?HIT?p;)o4IKP(ljIER&UL=ClrznM8@zoTbiN#``Mk=s$C8cW=`08DUzFS=uME5LpyGj469(-oc-fSfd2* zJ<%L5z^;t`MXYbGut~v?8MHEUVjTX2=hflVRAIJcQ@}8ueUa+t(H%1Xp8=99tQqSK z8q2R_xGMF(mJOI=_YMy@7AdP(u~xDPdPKgTzgs@?PILUz*mz3*@gE-JEv+6`H?5;z zQ!Us}<l6?ucFyz!Y#l4IM|813br_QLF%Yz?iT zK`qzRs-Hp99Xj70%6qo|unvB2On=&!?(pn)=uPUAu(QH#VJ8)j3=Nmc@{FmvpWh9f z!&BK!^P-ufCePSclSONGd`~*X3tvA~sbN``4Src_JFux7?wpvC$jnqx_jY&MIp=uF z)wuh$Vu+^7gFj(Ddv7*-cr-uKq-|>P36)2S2r@?+W=53747E!zANdz%f8SivQRi%t z*~zPabMtK0_8~p}`)86q0xatqS^1g5lIsi>_ClGy2B@OW1@eg5*4o)H^o$ zjKtkzVy^x?uF3op5@XPkvVhr)Dt(L|Kna6@JSE8f9`SHbE-A6=BUrV zr}>#F>Pv6>kB*c#Ux-p;XOm4Pp4!?7ig?iC=LXD_*?Q5$3|H;kW?kIWNqeh4V7W=9 zvi@bRmZw{b z{sYWp9=5f34S(b;E&NXF-ic}L%m)1_3#VyL`Z%*870)^7^y|utST)jtjSiKzLL=+d zk4q!ov6IwfQ5*m3E$ z!u;yp{(YTD9Z%Y}k;(1QM-7KLyV2iE{4#r$r~1d0#<*Yf)itYxs0|4Ogr@N6gvV#3 zTwBPtC5p+dbX&w!9G7*WJ2-m%rk_BUHlfb_v@}mc@W0GS`@Z9=Y zqyInJJM(a;zqWyoG1X9ZDzYyTitJ@4OJpx5lZ+VqzGf-LE?WsLDA_``Y!NDyB|=CT zlA_3-k`V71e$O*zsOR^4ulK+AIbFx~ow??Gy3aZHxzByp@8|eE@e5y;E;=q-I8^k{ z#0Q~A96sAV^!uJZ^!zQ0ZFKfPjDq!E`5*EVx{Q85=fdB34r@*CDjSpZzZL=GTa=+RZc6lv!FJFz2W*$zb!*swCyZVpwQg_cB$Jh&$k)y4k;w5rJ zKi^BJea(Ym9{X8hZ+@MSgeh?$nvFf$6F!`RESQMe9x)L*Y$s4vP#Tjf%UzPcC!78U z?kCe>Q9LkxwbZ!>Z~EJc!}i)tD8#_xcrcB4Hzg1B!;$%VZoH>ArdFGiRD60e$A zM9*~l?}?7=x$<%}Gm$>0(mdXYY?g8Yxp!qJhMPK^XCUikp?F>YtVet0qn1=tRxaBv znwNW_@V!P*Se&}Tqp|)RWZAS{{=1ut3y1anriVFC_6{~Sho!#ZLMTSUSA(wvEG2f> z*ame4Bsk}I6w|FPA@vSCQLSW0=*7sH>yTj>ZnVc6Qa#zx$|8B9L3X)NWUSMiD@kW} ztwuACCa>PXRL}I)rKYv;`^7o8zMp;cT=VcK&iNEsXg5+1wKVfUc+Vd;LvXcJKvfhR zWb_=-TxaBSzwI9|BB#8Aa&UNh|JxlAy-qhD?hz*;fzR0Kc2i!>_NSW0hKaoH1o>-ANi%HvXdGenCvP&k2|vRv=)A z<2@;+tzmDD&+4VKe*F%`v(JZ4zMA}5P}9VJWPsDSXIepz4{k`G*1A8MBbAopNQq~} zdA}uxf~O{}UxttkE90H&)m=(OQI+v7Vj8e+?XKNA6(@TJ=c>Vd-pLwm*%*D-nUD*a z10Evck6CL)j{8Zm*+Nr}_FWumDIV*_X5?2lxMbH*vI>!At@XZcvmk}FjEoKYa>K=r zAZ%)|kNb@2YkFL&Z7ux@%1U|jcGQyFSuh%9!?VAMYPKcQw0}uGfbfYu#pwBq@i<-j z#LX}?-4o1Hss5~k;$d&nAv>U0TI<5x8=WPVP18avRi5qjfxo=2*RjnAh!>7ax(}8+ z7+h8>vgZ^Z$)$6!)py%pt3hGaro50oyGr$B+y|xg%#-$4^asSaD1NToXJESd)Knz9lYY*~G znp=~G)?+w3z=$l`v@o%ntiI}-=4ju`6ya0dX+_B%9>Vcllp zI^cU_gE3Vr&Twc14Q{Zq081DX5(MR~$<3%{K_-?^@HR%)_u|F4Rpp6lbr{&vJC7&XONk)6^YUGrX5rso|8%Xh7`1)<5@V4Kg@ ztYlSJgd5pW`!O*~mdMzy`C^BOQx6o1PDSotRZ86rO<}5i*`#H^`{9w>RIMB^0pWYk zXyB8_F$h6Rf7kG@)m(@Lv#g!a25R;8a(|Y=zD~a^oZO8-!8 zisPkLFwo^sh%&J;LE0Fh2V6jLSzP|?{>UY=o|VR#Hh#KcDCbgaD2>xWt5%eQ+hMyp zAWw0giUJReothr{(~z9e#O8dtqLIUCmO%9B3g^90X}TtP=SL}2j&2#N*U?x%k!2%T z%jDwlCEzJ72wc768(o~)(brAeegkcXLhJ}cBc3_$18O_wJ4w>NZ`y+`;R<4Rdc8h% zUeSp-mlLr8;z2cIQHT0njKC-e>150kh&FycyAL`8c#S=HUT)LQ=T zIeC_N?}_LY9SIbttJLhAj?VSk8!Y#uRY4o?q)9uOZd(LT)M{#8vmial85YF4M)G-0 z-Bp#MLp6PJ_-wxqoq#vD*iqX>W*aDQ(VE|zrlg`fz!+LA*!p;VPc0_`d2&_=wue2n zI4p6%1C#NiL!LQ5X|9?i{p5fOOu)r5nS{g?o-MnxQN}%IB&yv1bpi8(loEw6pN@Qc z(P-gy1;vvjJf-}M6w3cIT6cG zJpHfqA5nVLeCO+}_WRfqdvAGPExCz0qwY;Oa1-OAD!wx}^M4tY%6m+;PqVMyNvi*r zJ#fUCYv`Azt7+sVnk??>TWK>QyKDD_4AjX;^1Hs?NgdT-qCrFr(JR`%|`~eQ*@DS7%U|<1+BAuYh8kUQuAlV?XAfM7in3j0~7d;PI6p@ zLce7CjF!x3^eGo=`i_30|7NYa51z>AQr7~f4nLa&2C)JOxoc~}t6hBqOc*_0i4!n^ zqvsLI&qSd|?HIKp%XH83U>__yM|2w>ipD;ekhPPKqToPC=u!A-I~{ncC0jim<9sj~ zdz2MemCo{q#-Q?$U9>MV(+h0W=;Z9cyo!W#;GHgPgM&F$l3Z*nVm9=cHdMYI8d^mi zEO zPuv2tK%--#p78yuU{ouJs@RR;1DJj4&Yr*dCG`58UpPH%d z86~d{d0IG;10F@akS_2+gfpa7ipiV~}pkNC!nlpS#h&mu(7mQkvioFvC zW53D-J!Mxkd~R+88`oF(EUO1wuVq^3VtAffZ6FUSmLIaORy*Ms?T`eN942CLvp`00p zbHWcl;Fo!>WDr3eaEY_DXo?c}_=Yd8J9&kXe)bH4OjeP^8qjf4Gu86@k5J_JeVQSo zVEs5vr`yWlOAgalWOq29opjXDt7cf0N$Iv_n zww=R+9a$5XNI%3j-HnVm&vDfrde58tlmuUY7zDNghGjq5NM!;buybHW^;}@x9w_zf zT}a@l|DIW}e&Bo(QtL`aE(%w8<`3G@+RA1LIoag03E)O zDjf7*=zq)ff1y$se@M4LCQXR^ygP2y?WBtKi2@~5Ans-d{3iWpPiyDxz#85Tuog%I zeudkvh}(gv>+0m}hTEYZrQhOMCrn*!^hF-=WFK#-F4HyVoc`Tm8W}an7&<|o@=@`t z-zKWO=lGZ_yuCadMD2u(JkG?`xTi+N*hrD_T{FIUYMe7`XuPp2kaqT*RkfILL+LdI zqvntGovOY(RHiYh0iofI?h`f9`$-=rFoZ=s)aOb(VB`{;DS-I2ND}fOPAdr2#$O=D zvN+B9q}h#Uq>83W!*(cA>a1(*C$k5FQML=L;uGAdry8FW#iOJKDHG*Qo|iYAbxLmS z5%~eTY`!GnOUWl4rf=>$f|fv*QdcEn^wD2WU(vetoq^<)gRNZ3%L`2Id!GkPR$}4j zKYXn(pmMk-=nWIM8M0^656loATR~M-zP41m6CGs`(wU(uocv)~;^NKNm@p)^@U+u0llXcTM9$4FspUfr9WmPPuCMNHhBolY9*q>nk z=@Ct;{uNyReH|I`gyu97_$^nBM*stY0|d9_sIwXYWD??>n7T|eKZ7<_Z-70<(tNddheb9lK@ z(+{ zX6O0mTgvNCJ&yItaIn{x3n`R4XV~1F!zAOi16-5WqYyeyY00f=hV(pak=y|_4@@e( z_%lJP*jD$+KF7th7mA)iSGfAvWb%Eisu}BZC6_vRi$Ccdx9jfYuf6fZhuVNb zSOH66>^u{l9JjNi6r)n z?|3a|4O4qnQCc3GLRDtLEc3K%urCx!M2{9Or8^I|MXdTJCn1lO*R>2&++N!)RudX$ zH*)OAP|Rhv`6-=k>yA-XaDX0c2w>R(flx!>Bo(wS?=Io5K80={<624U2#(@9d zA>*{3Q@=1cm0r4r8m+nM&Z68@k(*6Tg;wD#ZFltJ=wX&FmNi_M@N&5gAwBaY@&3&8 z6TeEoC!$rC^2Pcv^Dl4P#8HNlkz7aSw0hpQFaG&PibD?06;i%4tC`i$wME|lf`FBs zvm%C<&um5Pka9L}{8DwW#v(}~g(3L_KaH?E(l%0Q)Y)nNF2hZQ!mxUpkhc)k!0KGz z+Ke;FlXXw8Xe3Gg`gz~pG@aGz7KM^kF7$HB1$UXvFflkG(@o+|>G-7X2NE~e|(xYkYWNTu}Ekh4M_pAAC_sl}y%_><_@eT6! zLQl9&3*2KC@iHq8l0m3dFGcgpYcxg9c1Ru9@~k^#rqtQl&wjyV`TgR+?f1j8@`14N5Eh+w8;EDjU;lZDVG(b`_)7k#1_}qPV7mG4cB3Dl%GSqzZJGS)L&LY zW}%~hu-q+dX{n-y^;NK;kamp`7nLnCG%~8OLVKk3Ju6G-UFP=rTLy#jYu|5(BHz?a zKI}-}g}%I~mD1-+lbY1h#f`jChk1T@=5x7D(T?LI?)7&Q>g*LgljoI6`gNup8oOSj z!gbCKA9*`z?L{%Sy%pSZ_cRX*w3B?$nrJq+By%TM^naTY-h2ed4e104QwI!bt+1&N z-P8Rvz=VppEn8{L8QJhCOSW9q`Xutl$EW*xQOM-EsUtrI-%gY@+Z!dk+ZmN$oXJP7 zG=lkHtX`(^TIB9B-N@O-cvPn0)ihazSc{_*?RkR&ifSg4AQ#%aw>RT6tF>SESKhv0 z|C5Q|GALA6>tRRMg@Ti>$lpf!KV(4BhMJ$lmjHBem%-(K!UC+Pt(syMszFkjMN#tw&L!GqbV6i*8u0Q%Hyt9DVADDMs_yiPF1?y9_|FCwDFbXZ)MXc^f=ZD zcuxTtw?z;i%q2F+j!y1qH-pW^kN@WPbwHilCAb0#PYK)|$AO1}r%RICNW5MX8?vr5 zi3@;FaiCli;Ix3#Oo*$H`7>_)z%end;hyc3C~#!tz&=YtoRZ?7aiZJly^=}FWHyk_ z7PJ~dT&e1xabnxy_Wkrq*$IwN|6(P^C29T{C%zp{V?v{&8+hE`K$9et?!DfhaT43% z9#Wpb_ygQm(3S{s^Jo5yTh~J3s^|+Fbj}4;A-#_n_wekWaZ=k!$7JFk=m&7Sw%~4? z{uy^{JDi<(iz&_q1OdI{Bv9is=s)AY^_1IK$VoSk(po7dQ6TDGx_>kaT9lH0({%6}%WTZ(^3?grbp|1){rr2Rv3zvtf}|K6UfFnk-Q z05?1cgIDfhb9=X4Q`X(Zi4>9 zB8bFnBLB9lT(>I!kbEuh?~vCG%zq>wCa^L$g8mM9!`A#m^qt_ph5o%t5a0BH7d$g$ z1HFFZ$Hu)Mo3sG`TDWUPXq`e}32_nh#G67=)COVm8S3?S9&L0VctrO3=NFv76ecbb zA}*zDMXbMQju=5cDaR=$2Z7)sA%d-ND`NfDTVe!Repog?5DFIw5usCC5fZq=;KT^g z_#{PB(8b^)A>!kYtq4in-Mhqyv_MVyOVhx^0+A5m0eo4UUD;fmQrjV1nnxwD=OGYW zBt-C#LAM}|ZHJ%_J1KVrv}s%r! zqMQ>1V1>WLR1#uJoh$Iq$N00o&hEg7YPyfo@_;kZYPE7J`6_w7zBcgz#-Wb z4mCm{|DHl~xAt(j;Am!Jf5g@qy`@@7p;Q{_z~RD0LOD{v$s3}q08_AyayeN_udM=8 zi;K9Mobka8wgs_mtp-H-l)M6?Gh8Gjr0>~6*rZzc(PcFa*^Uz6nc1@t_aJEpHVErZ z#J_rwO&_+k9Ul|qdYnLZaFI};c#bUsZQESX7p9;OfqLK~Awm4m7J>v`L-1KDZAUOx zg0kcWJsDvywqJdlEN%2+#2MRUw((|dM3H(qKnw!GMMBvQoZKSY`oS<_V?g}MO?;KV zy0nF`tz9I31s$HS7Py75t#KxPF$JC=5W9u2enkdxE{Lxn#}k4Qwh%U%W_%s}zL%=F zzd_j4OKln~;_HI=ZV$W+1qEAW*ftx)NBi)IuaCDPHq|FSAH+*`c!bH@4Ftgg-bO*< zlM}Bi;gkR9{i_%VSDA Date: Tue, 3 Sep 2024 15:25:16 -0400 Subject: [PATCH 04/15] linting fixes --- .../lambda/src/security_lake.py | 46 +++++++++---------- ...security-lake-meta-store-manager-role.yaml | 14 +++--- ...-security-lake-org-configuration-role.yaml | 6 +-- .../sra-security-lake-org-configuration.yaml | 44 +++++++----------- .../sra-security-lake-org-main-ssm.yaml | 32 ++++++------- 5 files changed, 65 insertions(+), 77 deletions(-) diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/security_lake.py b/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/security_lake.py index a775fb6d..68ac3335 100644 --- a/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/security_lake.py +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/security_lake.py @@ -445,11 +445,11 @@ def get_org_configuration(sl_client: SecurityLakeClient) -> tuple: tuple: (bool, dict) """ try: - org_configruations = sl_client.get_data_lake_organization_configuration() - if org_configruations["autoEnableNewAccount"]: - return True, org_configruations["autoEnableNewAccount"] + org_configurations = sl_client.get_data_lake_organization_configuration() + if org_configurations["autoEnableNewAccount"]: + return True, org_configurations["autoEnableNewAccount"] else: - return False, org_configruations + return False, org_configurations except ClientError as e: error_code = e.response["Error"]["Code"] if error_code == "ResourceNotFoundException": @@ -483,18 +483,18 @@ def create_organization_configuration(sl_client: SecurityLakeClient, regions: li create_organization_configuration(sl_client, regions, org_sources, source_version, retry + 1) -def set_sources_to_disable(org_configruations: list, region: str) -> list: +def set_sources_to_disable(org_configurations: list, region: str) -> list: """Update Security Lake. Args: - org_configruations: list of configurations + org_configurations: list of configurations region: AWS region Returns: list: list of sources to disable """ sources_to_disable = [] - for configuration in org_configruations: + for configuration in org_configurations: if configuration["region"] == region: for source in configuration["sources"]: sources_to_disable.append(source) @@ -503,7 +503,7 @@ def set_sources_to_disable(org_configruations: list, region: str) -> list: def update_organization_configuration( - sl_client: SecurityLakeClient, regions: list, org_sources: list, source_version: str, exisiting_org_configuration: list + sl_client: SecurityLakeClient, regions: list, org_sources: list, source_version: str, existing_org_configuration: list ) -> None: """Update Security Lake organization configuration. @@ -512,35 +512,35 @@ def update_organization_configuration( regions: list of AWS regions org_sources: list of AWS log and event sources source_version: version of log source - exisiting_org_configuration: list of existing configurations + existing_org_configuration: list of existing configurations Raises: ClientError: If there is an issue interacting with the AWS API """ - delete_organization_configuration(sl_client, exisiting_org_configuration) + delete_organization_configuration(sl_client, existing_org_configuration) sources: List[AwsLogSourceResourceTypeDef] = [{"sourceName": source, "sourceVersion": source_version} for source in org_sources] - autoenable_config: List[DataLakeAutoEnableNewAccountConfigurationTypeDef] = [] - for regioin in regions: - region_config: DataLakeAutoEnableNewAccountConfigurationTypeDef = {"region": regioin, "sources": sources} - autoenable_config.append(region_config) - response = sl_client.create_data_lake_organization_configuration(autoEnableNewAccount=autoenable_config) + auto_enable_config: List[DataLakeAutoEnableNewAccountConfigurationTypeDef] = [] + for region in regions: + region_config: DataLakeAutoEnableNewAccountConfigurationTypeDef = {"region": region, "sources": sources} + auto_enable_config.append(region_config) + response = sl_client.create_data_lake_organization_configuration(autoEnableNewAccount=auto_enable_config) api_call_details = {"API_Call": "securitylake:CreateDataLakeOrganizationConfiguration", "API_Response": response} LOGGER.info(api_call_details) -def delete_organization_configuration(sl_client: SecurityLakeClient, exisiting_org_configuration: list) -> None: +def delete_organization_configuration(sl_client: SecurityLakeClient, existing_org_configuration: list) -> None: """Delete Security Lake organization configuration. Args: sl_client: boto3 client - exisiting_org_configuration: list of existing configurations + existing_org_configuration: list of existing configurations Raises: ClientError: If there is an issue interacting with the AWS API """ - sources_to_disable = exisiting_org_configuration + sources_to_disable = existing_org_configuration if sources_to_disable: - delete_response = sl_client.delete_data_lake_organization_configuration(autoEnableNewAccount=exisiting_org_configuration) + delete_response = sl_client.delete_data_lake_organization_configuration(autoEnableNewAccount=existing_org_configuration) api_call_details = {"API_Call": "securitylake:DeleteDataLakeOrganizationConfiguration", "API_Response": delete_response} LOGGER.info(api_call_details) @@ -693,7 +693,7 @@ def create_subscribers( def update_subscriber( - sl_client: SecurityLakeClient, subscriber_id: str, source_types: list, external_id: str, principal: str, subscriber_name: str, source_verison: str + sl_client: SecurityLakeClient, subscriber_id: str, source_types: list, external_id: str, principal: str, subscriber_name: str, source_version: str ) -> str: """Update Security Lake subscriber. @@ -704,7 +704,7 @@ def update_subscriber( external_id: external id principal: AWS account id subscriber_name: subscriber name - source_verison: source version + source_version: source version Returns: str: Resource share ARN @@ -713,7 +713,7 @@ def update_subscriber( ValueError: if subscriber not created """ subscriber_sources: Sequence[LogSourceResourceTypeDef] = [ - {"awsLogSource": {"sourceName": source, "sourceVersion": source_verison}} for source in source_types + {"awsLogSource": {"sourceName": source, "sourceVersion": source_version}} for source in source_types ] base_delay = 1 max_delay = 3 @@ -894,7 +894,7 @@ def create_table_in_data_catalog( LOGGER.info(f"Table '{table_name}' already exists in {region} region.") continue if error_code == "AccessDeniedException": - LOGGER.info("'AccessDeniedException' error occured. Review and update Lake Formation permission(s)") + LOGGER.info("'AccessDeniedException' error occurred. Review and update Lake Formation permission(s)") LOGGER.info("Skipping...") continue else: diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-meta-store-manager-role.yaml b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-meta-store-manager-role.yaml index f163c46f..23fcd72c 100644 --- a/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-meta-store-manager-role.yaml +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-meta-store-manager-role.yaml @@ -21,18 +21,18 @@ Metadata: - Label: default: Role Properties Parameters: - - pSRASecurityLakeMetastoreManagerRoleName + - pSRASecurityLakeMetaStoreManagerRoleName ParameterLabels: - pSRASecurityLakeMetastoreManagerRoleName: - default: Security Lake Metastore Manager Role Name + pSRASecurityLakeMetaStoreManagerRoleName: + default: SecurityLakeMetaStoreManager Role Name Parameters: - pSRASecurityLakeMetastoreManagerRoleName: + pSRASecurityLakeMetaStoreManagerRoleName: AllowedPattern: '^[\w+=,.@-]{1,64}$' ConstraintDescription: Max 64 alphanumeric characters. Also special characters supported [+, =, ., @, -] Default: AmazonSecurityLakeMetaStoreManagerV2 - Description: Security Lake Metastore Manager Role + Description: SecurityLakeMetaStoreManagerRole Type: String pSRASolutionName: AllowedValues: [sra-security-lake-org] @@ -44,7 +44,7 @@ Resources: rSecurityLakeMetaStoreManagerRole: Type: AWS::IAM::Role Properties: - RoleName: !Ref pSRASecurityLakeMetastoreManagerRoleName + RoleName: !Ref pSRASecurityLakeMetaStoreManagerRoleName AssumeRolePolicyDocument: Version: '2012-10-17' Statement: @@ -54,7 +54,7 @@ Resources: Action: sts:AssumeRole Path: '/service-role/' ManagedPolicyArns: - - !Sub arn:${AWS::Partition}:iam::${AWS::Partition}:policy/service-role/AmazonSecurityLakeMetastoreManager + - !Sub arn:${AWS::Partition}:iam::${AWS::Partition}:policy/service-role/AmazonSecurityLakeMetaStoreManager Policies: - PolicyName: sra-security-lake-org-kms-policy PolicyDocument: diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-configuration-role.yaml b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-configuration-role.yaml index d6107ed2..d168e9af 100644 --- a/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-configuration-role.yaml +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-configuration-role.yaml @@ -104,7 +104,7 @@ Resources: Statement: - Sid: AllowPutLakeFormationSettings Effect: Allow - Action: lakeformation:PutDatalakeSettings + Action: lakeformation:PutDataLakeSettings Resource: "*" Condition: ForAnyValue:StringEquals: @@ -140,13 +140,13 @@ Resources: PolicyDocument: Version: 2012-10-17 Statement: - - Sid: AllowLambdaunctionConfigurationActions + - Sid: AllowLambdaFunctionConfigurationActions Effect: Allow Action: - lambda:GetFunctionConfiguration - lambda:UpdateFunctionConfiguration Resource: "arn:aws:lambda:*:*:function:AmazonSecurityLake*" - - Sid: AllowlambdaListEventSourceMappings + - Sid: AllowLambdaListEventSourceMappings Effect: Allow Action: - lambda:ListEventSourceMappings diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-configuration.yaml b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-configuration.yaml index 0c97dc97..2a1fcbbc 100644 --- a/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-configuration.yaml +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-configuration.yaml @@ -53,8 +53,7 @@ Metadata: - pAuditAccountQuerySubscriberPrefix - pAuditAccountQuerySubscriberExternalId - pDisableSecurityLake - - pSRASecurityLakeMetastoreManagerRoleName - - pKmsKeyStackSetId + - pSRASecurityLakeMetatoreManagerRoleName - pCreateResourceLink - pSecurityLakeOrgKeyAlias @@ -75,12 +74,10 @@ Metadata: ParameterLabels: pCreateResourceLink: default: Create Resource Link - pKmsKeyStackSetId: - default: KMS key stackset id pSecurityLakeOrgKeyAlias: default: Security Lake KMS Key Alias - pSRASecurityLakeMetastoreManagerRoleName: - default: Security Lake Metastore Manager Role + pSRASecurityLakeMetaStoreManagerRoleName: + default: SecurityLakeMetastoreManagerRole pCloudTrailManagementEvents: default: CloudTrail - Management events pSourceVersion: @@ -154,12 +151,6 @@ Parameters: Default: 'true' Description: Indicates whether to create a resource link for shared resources in Audit (Security Tooling) account Type: String - pKmsKeyStackSetId: - AllowedPattern: '^sra-security-lake-org-kms-key(?::\S+)?$' - ConstraintDescription: Max 64 alphanumeric characters. Also special characters supported [_, -] - Default: "sra-security-lake-org-kms-key" - Description: The name of the KMS Key StackSet - Type: String pSecurityLakeOrgKeyAlias: AllowedPattern: '^[a-zA-Z0-9/_-]+$' ConstraintDescription: @@ -167,11 +158,11 @@ Parameters: Default: sra-security-lake-org-key Description: Security Lake KMS Key Alias Type: String - pSRASecurityLakeMetastoreManagerRoleName: + pSRASecurityLakeMetaStoreManagerRoleName: AllowedPattern: '^[\w+=,.@-]{1,64}$' ConstraintDescription: Max 64 alphanumeric characters. Also special characters supported [+, =, ., @, -] Default: AmazonSecurityLakeMetaStoreManagerV2 - Description: Security Lake Metastore Manager Role + Description: SecurityLakeMetastoreManagerRole Type: String pSourceVersion: AllowedValues: [2.0] @@ -184,7 +175,7 @@ Parameters: ConstraintDescription: 'Enter "ALL" or a comma-separated list of AWS account numbers without spaces, e.g., "123456789012,234567890123" to create log source. Leave empty to skip log source creation' Description: Accounts to ingest CloudTrail - Management events from. Choose ALL to enable for all accounts in your AWS Organization. To choose the accounts enter a comma - seperated list of the AWS Account numbers. Leave empty to skip log source creation. + separated list of the AWS Account numbers. Leave empty to skip log source creation. Type: CommaDelimitedList Default: 'ALL' pCloudTrailLambdaDataEvents: @@ -192,7 +183,7 @@ Parameters: ConstraintDescription: 'Enter "ALL" or a comma-separated list of AWS account numbers without spaces, e.g., "123456789012,234567890123" to create log source. Leave empty to skip log source creation' Description: Accounts to ingest CloudTrail - Lambda Data events from. Choose ALL to enable for all accounts in your AWS Organization. To choose the accounts enter a comma - seperated list of the AWS Account numbers. Leave empty to skip log source creation. + separated list of the AWS Account numbers. Leave empty to skip log source creation. Type: CommaDelimitedList Default: 'ALL' pCloudTrailS3DataEvents: @@ -200,7 +191,7 @@ Parameters: ConstraintDescription: 'Enter "ALL" or a comma-separated list of AWS account numbers without spaces, e.g., "123456789012,234567890123" to create log source. Leave empty to skip log source creation' Description: Accounts to ingest CloudTrail - S3 Data events from. Choose ALL to enable for all accounts in your AWS Organization. To choose the accounts enter a comma - seperated list of the AWS Account numbers. Leave empty to skip log source creation. + separated list of the AWS Account numbers. Leave empty to skip log source creation. Type: CommaDelimitedList Default: '' pSecurityHubFindings: @@ -208,7 +199,7 @@ Parameters: ConstraintDescription: 'Enter "ALL" or a comma-separated list of AWS account numbers without spaces, e.g., "123456789012,234567890123" to create log source. Leave empty to skip log source creation' Description: Accounts to ingest SecurityHub Findings from. Choose ALL to enable for all accounts in your AWS Organization. To choose the accounts enter a comma - seperated list of the AWS Account numbers. Leave empty to skip log source creation. + separated list of the AWS Account numbers. Leave empty to skip log source creation. Type: CommaDelimitedList Default: 'ALL' pVpcFlowLogs: @@ -216,7 +207,7 @@ Parameters: ConstraintDescription: 'Enter "ALL" or a comma-separated list of AWS account numbers without spaces, e.g., "123456789012,234567890123" to create log source. Leave empty to skip log source creation' Description: Accounts to ingest VPC Flow Logs from. Choose ALL to enable for all accounts in your AWS Organization. To choose the accounts enter a comma - seperated list of the AWS Account numbers. Leave empty to skip log source creation. + separated list of the AWS Account numbers. Leave empty to skip log source creation. Type: CommaDelimitedList Default: 'ALL' pWafLogs: @@ -224,7 +215,7 @@ Parameters: ConstraintDescription: 'Enter "ALL" or a comma-separated list of AWS account numbers without spaces, e.g., "123456789012,234567890123" to create log source. Leave empty to skip log source creation' Description: Accounts to ingest WAFv2 Logs from. Choose ALL to enable for all accounts in your AWS Organization. To choose the accounts enter a comma - seperated list of the AWS Account numbers. Leave empty to skip log source creation. + separated list of the AWS Account numbers. Leave empty to skip log source creation. Type: CommaDelimitedList Default: '' pRoute53Logs: @@ -232,7 +223,7 @@ Parameters: ConstraintDescription: 'Enter "ALL" or a comma-separated list of AWS account numbers without spaces, e.g., "123456789012,234567890123" to create log source. Leave empty to skip log source creation' Description: Accounts to ingest Amazon Route 53 resolver query logs from. Choose ALL to enable for all accounts in your AWS Organization. To choose the accounts enter a comma - seperated list of the AWS Account numbers. Leave empty to skip log source creation. + separated list of the AWS Account numbers. Leave empty to skip log source creation. Type: CommaDelimitedList Default: 'ALL' pEksAuditLogs: @@ -240,7 +231,7 @@ Parameters: ConstraintDescription: 'Enter "ALL" or a comma-separated list of AWS account numbers without spaces, e.g., "123456789012,234567890123" to create log source. Leave empty to skip log source creation' Description: Accounts to ingest Amazon EKS Audit Logs from. Choose ALL to enable for all accounts in your AWS Organization. To choose the accounts enter a comma - seperated list of the AWS Account numbers. Leave empty to skip log source creation. + separated list of the AWS Account numbers. Leave empty to skip log source creation. Type: CommaDelimitedList Default: 'ALL' pControlTowerRegionsOnly: @@ -463,7 +454,6 @@ Resources: Action: cloudformation:ListStackInstances Resource: - !Sub arn:${AWS::Partition}:cloudformation:${AWS::Region}:${AWS::AccountId}:stackset/AWSControlTowerBP-* - - !Sub arn:${AWS::Partition}:cloudformation:${AWS::Region}:${AWS::AccountId}:stackset/${pKmsKeyStackSetId} - PolicyName: sra-security-lake-org-policy-securitylake PolicyDocument: Version: 2012-10-17 @@ -641,8 +631,7 @@ Resources: - ',' - !Ref pOrgConfigurationSources DISABLE_SECURITY_LAKE: !Ref pDisableSecurityLake - META_STORE_MANAGER_ROLE_NAME: !Ref pSRASecurityLakeMetastoreManagerRoleName - KMS_STACKSET_ID: !Ref pKmsKeyStackSetId + META_STORE_MANAGER_ROLE_NAME: !Ref pSRASecurityLakeMetaStoreManagerRoleName CREATE_RESOURCE_LINK: !Ref pCreateResourceLink KEY_ALIAS: !Ref pSecurityLakeOrgKeyAlias Tags: @@ -655,7 +644,7 @@ Resources: Content: S3Bucket: !Ref pSRAStagingS3BucketName S3Key: !Sub ${pSRASolutionName}/layer_code/${pSRASolutionName}-layer.zip - Description: Boto3 version 1.34.153 layer to enable newer API of Security Lake # todo + Description: Boto3 version 1.35.10 layer to enable newer API of Security Lake LayerName: !Sub ${pSecurityLakeOrgLambdaFunctionName}-updated-boto3-layer rSecurityLakeOrgLambdaCustomResource: @@ -707,8 +696,7 @@ Resources: - ',' - !Ref pOrgConfigurationSources DISABLE_SECURITY_LAKE: !Ref pDisableSecurityLake - META_STORE_MANAGER_ROLE_NAME: !Ref pSRASecurityLakeMetastoreManagerRoleName - KMS_STACKSET_ID: !Ref pKmsKeyStackSetId + META_STORE_MANAGER_ROLE_NAME: !Ref pSRASecurityLakeMetaStoreManagerRoleName CREATE_RESOURCE_LINK: !Ref pCreateResourceLink KEY_ALIAS: !Ref pSecurityLakeOrgKeyAlias diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-main-ssm.yaml b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-main-ssm.yaml index 19d401ed..9d5ad34e 100644 --- a/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-main-ssm.yaml +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-main-ssm.yaml @@ -33,7 +33,7 @@ Metadata: - pEnabledRegions - pSecurityLakeOrgKeyAlias - pSecurityLakeWarning - - pSRASecurityLakeMetastoreManagerRoleName + - pSRASecurityLakeMetaStoreManagerRoleName - Label: default: Security Lake Configuration - Sources to Ingest Parameters: @@ -83,8 +83,8 @@ Metadata: default: Create resource link for shared resources pCreateLakeFormationSlr: default: Create AWS Lake Formation service-linked role - pSRASecurityLakeMetastoreManagerRoleName: - default: Security Lake Metastore Manager Role Name + pSRASecurityLakeMetaStoreManagerRoleName: + default: SecurityLakeMetaStoreManagerRole Name pCloudTrailManagementEvents: default: CloudTrail - Management Events (recommended)) pLogArchiveAccountId: @@ -106,7 +106,7 @@ Metadata: pEksAuditLogs: default: Amazon EKS Audit Logs (recommended) pOrgConfigurationSources: - default: Sources for Organizaiton Configuration + default: Sources for Organization Configuration pCreateOrganizationConfiguration: default: Create Organization Configuration pSourceVersion: @@ -183,10 +183,10 @@ Parameters: Default: 'true' Description: Indicates whether a Lake Formation service-linked role named AWSServiceRoleForLakeFormationDataAccess should be created Type: String - pSRASecurityLakeMetastoreManagerRoleName: + pSRASecurityLakeMetaStoreManagerRoleName: AllowedValues: ['AmazonSecurityLakeMetaStoreManagerV2', 'AmazonSecurityLakeMetaStoreManager'] Default: AmazonSecurityLakeMetaStoreManagerV2 - Description: Security Lake Metastore Manager Role + Description: IAM role used by Security Lake to create data lake or query data from Security Lake Type: String pSourceVersion: AllowedValues: [2.0] @@ -197,19 +197,19 @@ Parameters: pCloudTrailManagementEvents: AllowedPattern: ^($|ALL|(\d{12})(,\s*\d{12})*)$ ConstraintDescription: Enter "ALL" or a comma-separated list of AWS account numbers without spaces, e.g., "123456789012,234567890123" to create log source. Leave empty to skip log source creation - Description: Accounts to ingest CloudTrail - Management events from. Choose ALL to enable for all accounts in your AWS Organization. To choose the accounts enter a comma seperated list of the AWS Account numbers. Leave empty to skip log source creation. + Description: Accounts to ingest CloudTrail - Management events from. Choose ALL to enable for all accounts in your AWS Organization. To choose the accounts enter a comma separated list of the AWS Account numbers. Leave empty to skip log source creation. Type: CommaDelimitedList Default: ALL pCloudTrailLambdaDataEvents: AllowedPattern: ^($|ALL|(\d{12})(,\s*\d{12})*)$ ConstraintDescription: Enter "ALL" or a comma-separated list of AWS account numbers without spaces, e.g., "123456789012,234567890123" to create log source. Leave empty to skip log source creation - Description: Accounts to ingest CloudTrail - Lambda Data events from. Choose ALL to enable for all accounts in your AWS Organization. To choose the accounts enter a comma seperated list of the AWS Account numbers. Leave empty to skip log source creation. + Description: Accounts to ingest CloudTrail - Lambda Data events from. Choose ALL to enable for all accounts in your AWS Organization. To choose the accounts enter a comma separated list of the AWS Account numbers. Leave empty to skip log source creation. Type: CommaDelimitedList Default: ALL pCloudTrailS3DataEvents: AllowedPattern: ^($|ALL|(\d{12})(,\s*\d{12})*)$ ConstraintDescription: Enter "ALL" or a comma-separated list of AWS account numbers without spaces, e.g., "123456789012,234567890123" to create log source. Leave empty to skip log source creation - Description: Accounts to ingest CloudTrail - S3 Data events from. Choose ALL to enable for all accounts in your AWS Organization. To choose the accounts enter a comma seperated list of the AWS Account numbers. Leave empty to skip log source creation. + Description: Accounts to ingest CloudTrail - S3 Data events from. Choose ALL to enable for all accounts in your AWS Organization. To choose the accounts enter a comma separated list of the AWS Account numbers. Leave empty to skip log source creation. Type: CommaDelimitedList Default: '' pCustomerControlTowerRegions: @@ -221,31 +221,31 @@ Parameters: pSecurityHubFindings: AllowedPattern: ^($|ALL|(\d{12})(,\s*\d{12})*)$ ConstraintDescription: Enter "ALL" or a comma-separated list of AWS account numbers without spaces, e.g., "123456789012,234567890123" to create log source. Leave empty to skip log source creation - Description: Accounts to ingest SecurityHub Findings from. Choose ALL to enable for all accounts in your AWS Organization. To choose the accounts enter a comma seperated list of the AWS Account numbers. Leave empty to skip log source creation. + Description: Accounts to ingest SecurityHub Findings from. Choose ALL to enable for all accounts in your AWS Organization. To choose the accounts enter a comma separated list of the AWS Account numbers. Leave empty to skip log source creation. Type: CommaDelimitedList Default: ALL pVpcFlowLogs: AllowedPattern: ^($|ALL|(\d{12})(,\s*\d{12})*)$ ConstraintDescription: Enter "ALL" or a comma-separated list of AWS account numbers without spaces, e.g., "123456789012,234567890123" to create log source. Leave empty to skip log source creation - Description: Accounts to ingest VPC Flow Logs from. Choose ALL to enable for all accounts in your AWS Organization. To choose the accounts enter a comma seperated list of the AWS Account numbers. Leave empty to skip log source creation. + Description: Accounts to ingest VPC Flow Logs from. Choose ALL to enable for all accounts in your AWS Organization. To choose the accounts enter a comma separated list of the AWS Account numbers. Leave empty to skip log source creation. Type: CommaDelimitedList Default: ALL pWafLogs: AllowedPattern: ^($|ALL|(\d{12})(,\s*\d{12})*)$ ConstraintDescription: Enter "ALL" or a comma-separated list of AWS account numbers without spaces, e.g., "123456789012,234567890123" to create log source. Leave empty to skip log source creation - Description: Accounts to ingest WAFv2 Logs from. Choose ALL to enable for all accounts in your AWS Organization. To choose the accounts enter a comma seperated list of the AWS Account numbers. Leave empty to skip log source creation. + Description: Accounts to ingest WAFv2 Logs from. Choose ALL to enable for all accounts in your AWS Organization. To choose the accounts enter a comma separated list of the AWS Account numbers. Leave empty to skip log source creation. Type: CommaDelimitedList Default: '' pRoute53Logs: AllowedPattern: ^($|ALL|(\d{12})(,\s*\d{12})*)$ ConstraintDescription: Enter "ALL" or a comma-separated list of AWS account numbers without spaces, e.g., "123456789012,234567890123" to create log source. Leave empty to skip log source creation - Description: Accounts to ingest Amazon Route 53 resolver query logs from. Choose ALL to enable for all accounts in your AWS Organization. To choose the accounts enter a comma seperated list of the AWS Account numbers. Leave empty to skip log source creation. + Description: Accounts to ingest Amazon Route 53 resolver query logs from. Choose ALL to enable for all accounts in your AWS Organization. To choose the accounts enter a comma separated list of the AWS Account numbers. Leave empty to skip log source creation. Type: CommaDelimitedList Default: ALL pEksAuditLogs: AllowedPattern: ^($|ALL|(\d{12})(,\s*\d{12})*)$ ConstraintDescription: Enter "ALL" or a comma-separated list of AWS account numbers without spaces, e.g., "123456789012,234567890123" to create log source. Leave empty to skip log source creation - Description: Accounts to injest Amazon EKS Audit Logs from. Choose ALL to enable for all accounts in your AWS Organization. To choose the accounts enter a comma seperated list of the AWS Account numbers. Leave empty to skip log source creation. + Description: Accounts to ingest Amazon EKS Audit Logs from. Choose ALL to enable for all accounts in your AWS Organization. To choose the accounts enter a comma separated list of the AWS Account numbers. Leave empty to skip log source creation. Type: CommaDelimitedList Default: ALL pLogArchiveAccountId: @@ -673,8 +673,8 @@ Resources: Parameters: - ParameterKey: pSRASolutionName ParameterValue: !Ref pSRASolutionName - - ParameterKey: pSRASecurityLakeMetastoreManagerRoleName - ParameterValue: !Ref pSRASecurityLakeMetastoreManagerRoleName + - ParameterKey: pSRASecurityLakeMetaStoreManagerRoleName + ParameterValue: !Ref pSRASecurityLakeMetaStoreManagerRoleName Tags: - Key: sra-solution Value: !Ref pSRASolutionName From 74792d759e2e3e1ba0f5bdcd08b83c9da8c0cb8c Mon Sep 17 00:00:00 2001 From: ievgeniia ieromenko Date: Wed, 4 Sep 2024 21:00:19 -0400 Subject: [PATCH 05/15] mypy fixes --- .../security_lake/security_lake_org/README.md | 4 +- .../security_lake_org/lambda/src/app.py | 39 ++++++++++--------- .../lambda/src/security_lake.py | 14 ++++--- .../sra-security-lake-org-main-ssm.yaml | 4 +- 4 files changed, 33 insertions(+), 28 deletions(-) diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/README.md b/aws_sra_examples/solutions/security_lake/security_lake_org/README.md index e2b3e021..4797f427 100644 --- a/aws_sra_examples/solutions/security_lake/security_lake_org/README.md +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/README.md @@ -66,7 +66,7 @@ AWS SRA Security Lake solution will automate enabling Amazon Security Lake by de - The python boto3 SDK lambda layer to enable capability for Lambda to enable features of the Security Lake service. - This is downloaded during the deployment process and packaged into a layer that is used by the Lambda function in this solution. -- The Security Lake API available in the current Lambda environment (as of 09/03/2024) is 1.34.145, however, enhanced functionality of the Security Lake API used in this solution requires at least 1.35.10 (see references below). +- The Security Lake API available in the current Lambda environment (as of 09/03/2024) is 1.20.32, however, enhanced functionality of the Security Lake API used in this solution requires at least 1.35.10 (see references below). - Note: Future revisions to this solution will remove this layer when boto3 is updated within the Lambda environment. #### 1.8 Compliance Event Rule @@ -156,7 +156,7 @@ Choose a Deployment Method: In the `management account (home region)`, launch the [sra-security-lake-org-main-ssm.yaml](templates/sra-security-lake-org-main-ssm.yaml) template. This uses an approach where some of the CloudFormation parameters are populated from SSM parameters created by the [SRA Prerequisites Solution](../../common/common_prerequisites/). ```bash - aws cloudformation deploy --template-file $PWD/aws-sra-examples/aws_sra_examples/solutions/security-lake/security-lake/templates/sra-security-lake-org-main-ssm.yaml --stack-name sra-security-lake-org-main-ssm --capabilities CAPABILITY_NAMED_IAM --parameter-overrides pSecurityLakeWarning= + aws cloudformation deploy --template-file $PWD/aws_sra_examples/solutions/security-lake/security-lake-org/templates/sra-security-lake-org-main-ssm.yaml --stack-name sra-security-lake-org-main-ssm --capabilities CAPABILITY_NAMED_IAM --parameter-overrides pSecurityLakeWarning= ``` ##### Important diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/app.py b/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/app.py index e17b6c1f..6829efeb 100644 --- a/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/app.py +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/app.py @@ -44,7 +44,7 @@ try: MANAGEMENT_ACCOUNT_SESSION = boto3.Session() - PARTITION: str = MANAGEMENT_ACCOUNT_SESSION.get_partition_for_region(HOME_REGION) + PARTITION: str = MANAGEMENT_ACCOUNT_SESSION.get_partition_for_region(HOME_REGION) # type: ignore CFN_CLIENT = MANAGEMENT_ACCOUNT_SESSION.client("cloudformation") except Exception: LOGGER.exception(UNEXPECTED) @@ -99,15 +99,18 @@ def process_update_event(params: dict, regions: list, accounts: dict) -> None: LOGGER.info("...process_update_event") if params["action"] in ["Update"]: - update_security_lake(params, regions) - update_log_sources(params, regions, accounts) - if params["SET_AUDIT_ACCT_DATA_SUBSCRIBER"]: - update_audit_acct_data_subscriber(params, regions) - if params["SET_AUDIT_ACCT_QUERY_SUBSCRIBER"]: - update_audit_acct_query_subscriber(params, regions) + if params["DISABLE_SECURITY_LAKE"]: + disable_security_lake(params, regions, accounts) + else: + update_security_lake(params, regions) + update_log_sources(params, regions, accounts) + if params["SET_AUDIT_ACCT_DATA_SUBSCRIBER"]: + update_audit_acct_data_subscriber(params, regions) + if params["SET_AUDIT_ACCT_QUERY_SUBSCRIBER"]: + update_audit_acct_query_subscriber(params, regions) - LOGGER.info("...UPDATE_COMPLETE") - return + LOGGER.info("...UPDATE_COMPLETE") + return LOGGER.info("...UPDATE_NO_EVENT") @@ -351,7 +354,7 @@ def process_org_configuration( source_version: source version """ LOGGER.info(f"Checking if Organization Configuration enabled in {', '.join(regions)} region(s)") - org_configuration_exists, exisiting_org_configuration = security_lake.get_org_configuration(sl_client) + org_configuration_exists, existing_org_configuration = security_lake.get_org_configuration(sl_client) if set_org_configuration: sources = [source.strip() for source in org_configuration_sources.split(",")] if not org_configuration_exists: @@ -359,11 +362,11 @@ def process_org_configuration( security_lake.create_organization_configuration(sl_client, regions, sources, source_version) LOGGER.info("Enabled Organization Configuration") else: - security_lake.update_organization_configuration(sl_client, regions, sources, source_version, exisiting_org_configuration) + security_lake.update_organization_configuration(sl_client, regions, sources, source_version, existing_org_configuration) else: if org_configuration_exists: LOGGER.info(f"Deleting Organization Configuration in {r', '.join(regions)} region(s)...") - security_lake.delete_organization_configuration(sl_client, exisiting_org_configuration) + security_lake.delete_organization_configuration(sl_client, existing_org_configuration) LOGGER.info("Deleted Organization Configuration") @@ -522,7 +525,7 @@ def add_audit_acct_query_subscriber(sl_client: SecurityLakeClient, params: dict, def configure_audit_acct_for_query_access(params: dict, regions: list) -> None: - """Configureresources for query access in Audit account. + """Configure resources for query access in Audit account. Args: params: configuration parameters @@ -591,16 +594,16 @@ def disable_security_lake(params: dict, regions: list, accounts: dict) -> None: subscriber_name = params["AUDIT_ACCT_QUERY_SUBSCRIBER"] + "-" + region security_lake.delete_subscriber(sl_client, subscriber_name, region) - org_configuration_exists, exisiting_org_configuration = security_lake.get_org_configuration(sl_client) + org_configuration_exists, existing_org_configuration = security_lake.get_org_configuration(sl_client) if org_configuration_exists: - LOGGER.info(f"Deleting Organization Configuration in {region} region...") - security_lake.delete_organization_configuration(sl_client, exisiting_org_configuration) + # LOGGER.info(f"Deleting Organization Configuration in {region} region...") + # security_lake.delete_organization_configuration(sl_client, existing_org_configuration) all_accounts = [account["AccountId"] for account in accounts] for source in AWS_LOG_SOURCES: security_lake.delete_aws_log_source(sl_client, regions, source, all_accounts, params["SOURCE_VERSION"]) - security_lake.delete_security_lake(params["CONFIGURATION_ROLE_NAME"], params["DELEGATED_ADMIN_ACCOUNT_ID"], HOME_REGION, regions) # todo: remove + security_lake.delete_security_lake(params["CONFIGURATION_ROLE_NAME"], params["DELEGATED_ADMIN_ACCOUNT_ID"], HOME_REGION, regions) # todo: remove after testing def orchestrator(event: dict[str, Any], context: Any) -> None: @@ -653,7 +656,7 @@ def process_event_cloudformation(event: CloudFormationCustomResourceEvent, conte """ event_info = {"Event": event} LOGGER.info(event_info) - params = get_validated_parameters(event) + params = get_validated_parameters({"RequestType": event["RequestType"]}) # excluded_accounts: list = [params["DELEGATED_ADMIN_ACCOUNT_ID"]] accounts = common.get_active_organization_accounts() regions = common.get_enabled_regions(params["ENABLED_REGIONS"], params["CONTROL_TOWER_REGIONS_ONLY"]) diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/security_lake.py b/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/security_lake.py index 68ac3335..aa0c6a51 100644 --- a/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/security_lake.py +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/security_lake.py @@ -12,7 +12,7 @@ import logging import os from time import sleep -from typing import TYPE_CHECKING, List, Literal, Sequence +from typing import TYPE_CHECKING, List, Literal, Sequence, Union import boto3 import botocore @@ -23,6 +23,7 @@ if TYPE_CHECKING: from mypy_boto3_glue import GlueClient from mypy_boto3_lakeformation import LakeFormationClient + from mypy_boto3_lakeformation.type_defs import ResourceTypeDef from mypy_boto3_organizations import OrganizationsClient from mypy_boto3_ram import RAMClient from mypy_boto3_securitylake import SecurityLakeClient @@ -106,7 +107,7 @@ def register_delegated_admin(admin_account_id: str, region: str, service_princip Raises: ClientError: If there is an issue interacting with the AWS API """ - sl_client: SecurityLakeClient = MANAGEMENT_ACCOUNT_SESSION.client("securitylake", region, config=BOTO3_CONFIG) + sl_client: SecurityLakeClient = MANAGEMENT_ACCOUNT_SESSION.client("securitylake", region, config=BOTO3_CONFIG) # type: ignore if not check_organization_admin_enabled(admin_account_id, service_principal): LOGGER.info(f"Registering delegated administrator ({admin_account_id})...") sl_client.register_data_lake_delegated_administrator(accountId=admin_account_id) @@ -917,13 +918,14 @@ def set_lake_formation_permissions(lf_client: LakeFormationClient, account: str, """ LOGGER.info("Setting lakeformation permissions for db") try: + resource: Union[ResourceTypeDef] = { + "Database": {"CatalogId": account, "Name": db_name + "_subscriber"}, + "Table": {"CatalogId": account, "DatabaseName": db_name + "_subscriber", "Name": "rl_*"}, + } lf_client.grant_permissions( CatalogId=account, Principal={"DataLakePrincipalIdentifier": f"arn:aws:iam::{account}:role/sra-security-lake-query-subscriber"}, - Resource={ - "Database": {"CatalogId": account, "Name": db_name + "_subscriber"}, - "Table": {"CatalogId": account, "DatabaseName": db_name + "_subscriber", "Name": "rl_*"}, - }, + Resource=resource, Permissions=["ALL"], PermissionsWithGrantOption=["ALL"], ) diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-main-ssm.yaml b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-main-ssm.yaml index 9d5ad34e..50594fe7 100644 --- a/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-main-ssm.yaml +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-main-ssm.yaml @@ -175,7 +175,7 @@ Parameters: Type: String pCreateResourceLink: AllowedValues: ['true', 'false'] - Default: 'true' + Default: 'false' Description: Indicates whether to create a resource link for shared resources in Audit (Security Tooling) account Type: String pCreateLakeFormationSlr: @@ -292,7 +292,7 @@ Parameters: Type: String pControlTowerRegionsOnly: AllowedValues: ['true', 'false'] - Default: 'false' + Default: 'true' Description: Only enable in the customer governed regions specified in Control Tower or Common Prerequisites solution Type: String pCreateLambdaLogGroup: From 795107f8560b8d24fd572dd44f356afd0754797f Mon Sep 17 00:00:00 2001 From: ievgeniia ieromenko Date: Wed, 4 Sep 2024 21:16:01 -0400 Subject: [PATCH 06/15] flake8 fixes --- .../security_lake_org/lambda/src/app.py | 35 ++++++++++++++----- 1 file changed, 27 insertions(+), 8 deletions(-) diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/app.py b/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/app.py index 6829efeb..3de7f11f 100644 --- a/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/app.py +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/app.py @@ -44,7 +44,7 @@ try: MANAGEMENT_ACCOUNT_SESSION = boto3.Session() - PARTITION: str = MANAGEMENT_ACCOUNT_SESSION.get_partition_for_region(HOME_REGION) # type: ignore + PARTITION: str = MANAGEMENT_ACCOUNT_SESSION.get_partition_for_region(HOME_REGION) # type: ignore CFN_CLIENT = MANAGEMENT_ACCOUNT_SESSION.client("cloudformation") except Exception: LOGGER.exception(UNEXPECTED) @@ -192,7 +192,7 @@ def get_validated_parameters(event: dict[str, Any]) -> dict: actions = {"Create": "Add", "Update": "Update", "Delete": "Remove"} params["action"] = actions[event.get("RequestType", "Create")] true_false_pattern = r"^true|false$" - log_source_pattern = r"(?i)^((ROUTE53|VPC_FLOW|SH_FINDINGS|CLOUD_TRAIL_MGMT|LAMBDA_EXECUTION|S3_DATA|EKS_AUDIT|WAF),?){0,7}($|ROUTE53|VPC_FLOW|SH_FINDINGS|CLOUD_TRAIL_MGMT|LAMBDA_EXECUTION|S3_DATA|EKS_AUDIT|WAF){1}$" + log_source_pattern = r"(?i)^((ROUTE53|VPC_FLOW|SH_FINDINGS|CLOUD_TRAIL_MGMT|LAMBDA_EXECUTION|S3_DATA|EKS_AUDIT|WAF),?){0,7}($|ROUTE53|VPC_FLOW|SH_FINDINGS|CLOUD_TRAIL_MGMT|LAMBDA_EXECUTION|S3_DATA|EKS_AUDIT|WAF){1}$" # noqa: E501 version_pattern = r"^[0-9.]+$" source_target_pattern = r"^($|ALL|(\d{12})(,\s*\d{12})*)$" name_pattern = r"^[\w+=,.@-]{1,64}$" @@ -502,7 +502,13 @@ def update_audit_acct_query_subscriber(params: dict, regions: list) -> None: ) if params["CREATE_RESOURCE_LINK"]: configure_query_subscriber_on_update( - params["SUBSCRIBER_ROLE_NAME"], AUDIT_ACCT_ID, subscriber_name, params["DELEGATED_ADMIN_ACCOUNT_ID"], region, resource_share_arn, params["SUBSCRIBER_ROLE_NAME"] + params["SUBSCRIBER_ROLE_NAME"], + AUDIT_ACCT_ID, + subscriber_name, + params["DELEGATED_ADMIN_ACCOUNT_ID"], + region, + resource_share_arn, + params["SUBSCRIBER_ROLE_NAME"], ) @@ -542,12 +548,24 @@ def configure_audit_acct_for_query_access(params: dict, regions: list) -> None: LOGGER.info(f"Configuring Audit (Security tooling) account subscriber '{subscriber_name}' ({region})") if params["CREATE_RESOURCE_LINK"]: configure_query_subscriber_on_update( - params["SUBSCRIBER_ROLE_NAME"], AUDIT_ACCT_ID, subscriber_name, params["DELEGATED_ADMIN_ACCOUNT_ID"], region, resource_share_arn, params["SUBSCRIBER_ROLE_NAME"] + params["SUBSCRIBER_ROLE_NAME"], + AUDIT_ACCT_ID, + subscriber_name, + params["DELEGATED_ADMIN_ACCOUNT_ID"], + region, + resource_share_arn, + params["SUBSCRIBER_ROLE_NAME"], ) def configure_query_subscriber_on_update( - configuration_role_name: str, subscriber_acct: str, subscriber_name: str, security_lake_acct: str, region: str, resource_share_arn: str, subscriber_role: str + configuration_role_name: str, + subscriber_acct: str, + subscriber_name: str, + security_lake_acct: str, + region: str, + resource_share_arn: str, + subscriber_role: str, ) -> None: """Configure query access subscriber. @@ -558,6 +576,7 @@ def configure_query_subscriber_on_update( security_lake_acct: Security Lake delegated administrator account region: AWS region resource_share_arn: RAM resource share arn + subscriber_role: subscriber role name """ subscriber_session = common.assume_role(configuration_role_name, "sra-create-resource-share", subscriber_acct) ram_client = subscriber_session.client("ram", region) @@ -596,14 +615,14 @@ def disable_security_lake(params: dict, regions: list, accounts: dict) -> None: org_configuration_exists, existing_org_configuration = security_lake.get_org_configuration(sl_client) if org_configuration_exists: - # LOGGER.info(f"Deleting Organization Configuration in {region} region...") - # security_lake.delete_organization_configuration(sl_client, existing_org_configuration) + LOGGER.info(f"Deleting Organization Configuration in {region} region...") + security_lake.delete_organization_configuration(sl_client, existing_org_configuration) all_accounts = [account["AccountId"] for account in accounts] for source in AWS_LOG_SOURCES: security_lake.delete_aws_log_source(sl_client, regions, source, all_accounts, params["SOURCE_VERSION"]) - security_lake.delete_security_lake(params["CONFIGURATION_ROLE_NAME"], params["DELEGATED_ADMIN_ACCOUNT_ID"], HOME_REGION, regions) # todo: remove after testing + # security_lake.delete_security_lake(params["CONFIGURATION_ROLE_NAME"], params["DELEGATED_ADMIN_ACCOUNT_ID"], HOME_REGION, regions) # todo: remove after testing def orchestrator(event: dict[str, Any], context: Any) -> None: From 162525dbe5c84f30048ea760141d63651dd45380 Mon Sep 17 00:00:00 2001 From: ievgeniia ieromenko Date: Thu, 5 Sep 2024 23:20:07 -0400 Subject: [PATCH 07/15] flake8 fixes --- .../security_lake_org/lambda/src/app.py | 6 +- .../security_lake_org/lambda/src/common.py | 5 +- .../lambda/src/security_lake.py | 253 ++++++++---------- .../lambda/src/sra_ssm_params.py | 11 +- .../sra-security-lake-org-main-ssm.yaml | 18 +- 5 files changed, 119 insertions(+), 174 deletions(-) diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/app.py b/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/app.py index 3de7f11f..5487921e 100644 --- a/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/app.py +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/app.py @@ -192,7 +192,7 @@ def get_validated_parameters(event: dict[str, Any]) -> dict: actions = {"Create": "Add", "Update": "Update", "Delete": "Remove"} params["action"] = actions[event.get("RequestType", "Create")] true_false_pattern = r"^true|false$" - log_source_pattern = r"(?i)^((ROUTE53|VPC_FLOW|SH_FINDINGS|CLOUD_TRAIL_MGMT|LAMBDA_EXECUTION|S3_DATA|EKS_AUDIT|WAF),?){0,7}($|ROUTE53|VPC_FLOW|SH_FINDINGS|CLOUD_TRAIL_MGMT|LAMBDA_EXECUTION|S3_DATA|EKS_AUDIT|WAF){1}$" # noqa: E501 + log_source_pattern = r"(?i)^((ROUTE53|VPC_FLOW|SH_FINDINGS|CLOUD_TRAIL_MGMT|LAMBDA_EXECUTION|S3_DATA|EKS_AUDIT|WAF),?){0,7}($|ROUTE53|VPC_FLOW|SH_FINDINGS|CLOUD_TRAIL_MGMT|LAMBDA_EXECUTION|S3_DATA|EKS_AUDIT|WAF){1}$" # noqa: E501, B950 version_pattern = r"^[0-9.]+$" source_target_pattern = r"^($|ALL|(\d{12})(,\s*\d{12})*)$" name_pattern = r"^[\w+=,.@-]{1,64}$" @@ -590,7 +590,7 @@ def configure_query_subscriber_on_update( glue_client = subscriber_session.client("glue", region) LOGGER.info(f"Creating database '{shared_db_name}_subscriber' for subscriber '{subscriber_name}' ({region})") security_lake.create_db_in_data_catalog(glue_client, subscriber_acct, shared_db_name, region, subscriber_role) - security_lake.create_table_in_data_catalog(glue_client, shared_db_name, shared_tables, security_lake_acct, subscriber_acct, region) + security_lake.create_table_in_data_catalog(glue_client, shared_db_name, shared_tables, security_lake_acct, region) def disable_security_lake(params: dict, regions: list, accounts: dict) -> None: @@ -622,8 +622,6 @@ def disable_security_lake(params: dict, regions: list, accounts: dict) -> None: for source in AWS_LOG_SOURCES: security_lake.delete_aws_log_source(sl_client, regions, source, all_accounts, params["SOURCE_VERSION"]) - # security_lake.delete_security_lake(params["CONFIGURATION_ROLE_NAME"], params["DELEGATED_ADMIN_ACCOUNT_ID"], HOME_REGION, regions) # todo: remove after testing - def orchestrator(event: dict[str, Any], context: Any) -> None: """Orchestration. diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/common.py b/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/common.py index 97afb3b8..30236a1e 100644 --- a/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/common.py +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/common.py @@ -17,7 +17,6 @@ from botocore.exceptions import ClientError, EndpointConnectionError if TYPE_CHECKING: - from mypy_boto3_iam.client import IAMClient from mypy_boto3_organizations import OrganizationsClient from mypy_boto3_ssm.client import SSMClient from mypy_boto3_sts.client import STSClient @@ -111,7 +110,7 @@ def get_control_tower_regions() -> list: # noqa: CCR001 return list(customer_regions) -def get_enabled_regions(customer_regions: str, control_tower_regions_only: bool = False) -> list: # noqa: CCR001, C901 # NOSONAR +def get_enabled_regions(customer_regions: str, control_tower_regions_only: bool = False) -> list: # noqa: CCR001, C901 """Query STS to identify enabled regions. Args: @@ -167,4 +166,4 @@ def get_enabled_regions(customer_regions: str, control_tower_regions_only: bool "Invalid_Regions": invalid_regions, } ) - return enabled_regions \ No newline at end of file + return enabled_regions diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/security_lake.py b/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/security_lake.py index aa0c6a51..c594c178 100644 --- a/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/security_lake.py +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/security_lake.py @@ -15,7 +15,6 @@ from typing import TYPE_CHECKING, List, Literal, Sequence, Union import boto3 -import botocore import common from botocore.config import Config from botocore.exceptions import ClientError @@ -80,7 +79,7 @@ def check_organization_admin_enabled(delegated_admin_account_id: str, service_pr delegated_admins = ORG_CLIENT.list_delegated_administrators(ServicePrincipal=service_principal) api_call_details = {"API_Call": "organizations:ListDelegatedAdministrators", "API_Response": delegated_admins} LOGGER.info(api_call_details) - if not delegated_admins["DelegatedAdministrators"]: + if not delegated_admins["DelegatedAdministrators"]: # noqa R505 LOGGER.info(f"Delegated administrator not registered for '{service_principal}'") return False elif delegated_admins["DelegatedAdministrators"][0]["Id"] == delegated_admin_account_id: @@ -103,9 +102,6 @@ def register_delegated_admin(admin_account_id: str, region: str, service_princip admin_account_id: Admin account ID region: AWS Region service_principal: AWS Service Principal - - Raises: - ClientError: If there is an issue interacting with the AWS API """ sl_client: SecurityLakeClient = MANAGEMENT_ACCOUNT_SESSION.client("securitylake", region, config=BOTO3_CONFIG) # type: ignore if not check_organization_admin_enabled(admin_account_id, service_principal): @@ -124,7 +120,7 @@ def check_data_lake_exists(sl_client: SecurityLakeClient, region: str, max_retri initial_delay: initial delay in seconds Raises: - ClientError: If there is an issue interacting with the AWS API + ValueError: If the maximum number of retries is reached or if the Security Lake creation failed Returns: bool: True if Security Lake enabled, False otherwise @@ -151,7 +147,7 @@ def check_data_lake_exists(sl_client: SecurityLakeClient, region: str, max_retri elif response["dataLakes"][0]["createStatus"] == "FAILED": raise ValueError("Security Lake creation failed") except ClientError as e: - LOGGER.info(f"Error calling 'securitylake:ListDataLakes' ({region}): {e}...") + LOGGER.error(f"Error calling 'securitylake:ListDataLakes' ({region}): {e}...") raise if not status: @@ -168,7 +164,6 @@ def check_data_lake_create_status(sl_client: SecurityLakeClient, regions: list, retries: Number of retries. Defaults to 0. Raises: - ClientError: If there is an issue interacting with the AWS API ValueError: If the maximum number of retries is reached Returns: @@ -178,29 +173,23 @@ def check_data_lake_create_status(sl_client: SecurityLakeClient, regions: list, max_retries: int = 20 regions_status_list: list = [] while retries < max_retries: - try: - response: ListDataLakesResponseTypeDef = sl_client.list_data_lakes(regions=regions) - for data_lake in response["dataLakes"]: - create_status = data_lake["createStatus"] - regions_status_list.append(create_status) - if "INITIALIZED" not in regions_status_list and "FAILED" not in regions_status_list: + response: ListDataLakesResponseTypeDef = sl_client.list_data_lakes(regions=regions) + for data_lake in response["dataLakes"]: + create_status = data_lake["createStatus"] + regions_status_list.append(create_status) + if set(regions_status_list) == {"COMPLETED"}: + all_completed = True + break + if "INITIALIZED" in regions_status_list: + LOGGER.info(f"Security Lake creation status: 'INITIALIZED'. Retrying ({retries+1}/{max_retries}) in 5 seconds...") + sleep(5) + retries += 1 + status = check_data_lake_create_status(sl_client, regions, retries) + if status: all_completed = True break - if "INITIALIZED" in regions_status_list: - LOGGER.info(f"Security Lake creation status: 'INITIALIZED'. Retrying ({retries+1}/{max_retries}) in 5 seconds...") - sleep(5) - retries += 1 - status = check_data_lake_create_status(sl_client, regions, retries) - if status: - all_completed = True - break - if "FAILED" in regions_status_list: - raise ValueError("Security Lake creation failed") - else: - print("Security Lake creation status: ", regions_status_list) - except ClientError as e: - LOGGER.info(f"Error checking data lake status: {e}") - raise + if "FAILED" in regions_status_list: + raise ValueError("Security Lake creation failed") if retries >= max_retries: raise ValueError("Security Lake status not 'COMPLETED'") @@ -217,7 +206,7 @@ def create_security_lake(sl_client: SecurityLakeClient, sl_configurations: list, role_arn: role arn Raises: - ValueError: _description_ + ValueError: Error creating Security Lake """ base_delay = 10 max_delay = 20 @@ -243,7 +232,7 @@ def create_security_lake(sl_client: SecurityLakeClient, sl_configurations: list, if error_code in ["BadRequestException", "ConflictException"]: error_message = str(e) if "The CreateDataLake operation can't be used to update the settings for an existing data lake" in error_message: - raise ValueError("Security lake already exists.") + raise ValueError("Security lake already exists.") from None else: delay = min(base_delay * (1.0**attempt), max_delay) LOGGER.info(f"'{error_code}' occurred: {e}. Retrying ({attempt + 1}/{MAX_RETRY}) in {delay} seconds...") @@ -331,11 +320,11 @@ def check_log_source_enabled( regions=requested_regions, sources=[{"awsLogSource": {"sourceName": log_source_name, "sourceVersion": log_source_version}}], ): - if not page["sources"]: + if not page["sources"]: # noqa R505 return CheckLogSourceResult(False, requested_accounts, accounts_to_disable_log_source, requested_regions) else: - enabled_accounts = set(s["account"] for s in page["sources"] if s["account"] in org_accounts) - regions_with_source_enabled = list(set(s["region"] for s in page["sources"])) + enabled_accounts = {s["account"] for s in page["sources"] if s["account"] in org_accounts} + regions_with_source_enabled = list({s["region"] for s in page["sources"]}) accounts_to_enable = [account for account in requested_accounts if account not in enabled_accounts] accounts_to_disable_log_source = [account for account in enabled_accounts if account not in requested_accounts] regions_to_enable = [region for region in requested_regions if region not in regions_with_source_enabled] @@ -358,7 +347,8 @@ def add_aws_log_source(sl_client: SecurityLakeClient, aws_log_sources: list) -> aws_log_sources: list of AWS log and event sources Raises: - ClientError: If there is an issue interacting with the AWS API + ClientError: Error calling CreateAwsLogSource + ValueError: Error creating log and event source """ create_log_source_retries = 10 base_delay = 1 @@ -405,9 +395,6 @@ def update_aws_log_source( requested_accounts: list of AWS accounts org_accounts: list of all AWS accounts in organization source_version: log source version - - Raises: - ClientError: boto3 client error """ result = check_log_source_enabled(sl_client, requested_accounts, org_accounts, requested_regions, source, source_version) accounts = list(result.accounts_to_enable) @@ -447,7 +434,7 @@ def get_org_configuration(sl_client: SecurityLakeClient) -> tuple: """ try: org_configurations = sl_client.get_data_lake_organization_configuration() - if org_configurations["autoEnableNewAccount"]: + if org_configurations["autoEnableNewAccount"]: # noqa R505 return True, org_configurations["autoEnableNewAccount"] else: return False, org_configurations @@ -514,9 +501,6 @@ def update_organization_configuration( org_sources: list of AWS log and event sources source_version: version of log source existing_org_configuration: list of existing configurations - - Raises: - ClientError: If there is an issue interacting with the AWS API """ delete_organization_configuration(sl_client, existing_org_configuration) sources: List[AwsLogSourceResourceTypeDef] = [{"sourceName": source, "sourceVersion": source_version} for source in org_sources] @@ -535,9 +519,6 @@ def delete_organization_configuration(sl_client: SecurityLakeClient, existing_or Args: sl_client: boto3 client existing_org_configuration: list of existing configurations - - Raises: - ClientError: If there is an issue interacting with the AWS API """ sources_to_disable = existing_org_configuration if sources_to_disable: @@ -546,7 +527,7 @@ def delete_organization_configuration(sl_client: SecurityLakeClient, existing_or LOGGER.info(api_call_details) -def check_subscriber_exists(sl_client: SecurityLakeClient, subscriber_name: str, next_token: str = EMPTY_STRING) -> tuple: +def check_subscriber_exists(sl_client: SecurityLakeClient, subscriber_name: str, next_token: str = EMPTY_STRING) -> tuple: # noqa: CFQ004 """List Security Lake subscribers. Args: @@ -555,7 +536,7 @@ def check_subscriber_exists(sl_client: SecurityLakeClient, subscriber_name: str, next_token: next token. Defaults to EMPTY_STRING. Raises: - ClientError: If there is an issue interacting with the AWS API + ClientError: If there is an issue listing subscribers Returns: tuple: (bool, str, str) @@ -568,13 +549,13 @@ def check_subscriber_exists(sl_client: SecurityLakeClient, subscriber_name: str, response = sl_client.list_subscribers(maxResults=10, nextToken=next_token) else: response = sl_client.list_subscribers(maxResults=10) - if response["subscribers"]: - for subscriber in response["subscribers"]: - if subscriber_name == subscriber["subscriberName"]: - subscriber_id = subscriber["subscriberId"] - external_id = subscriber["subscriberIdentity"]["externalId"] - subscriber_exists = True - return subscriber_exists, subscriber_id, external_id + if response["subscribers"]: # noqa R505 + subscriber = next((subscriber for subscriber in response["subscribers"] if subscriber_name == subscriber["subscriberName"]), None) + if subscriber: + subscriber_id = subscriber["subscriberId"] + external_id = subscriber["subscriberIdentity"]["externalId"] + subscriber_exists = True + return subscriber_exists, subscriber_id, external_id if "nextToken" in response: subscriber_exists, subscriber_id, external_id = check_subscriber_exists(sl_client, subscriber_name, response["nextToken"]) @@ -584,14 +565,15 @@ def check_subscriber_exists(sl_client: SecurityLakeClient, subscriber_name: str, except ClientError as e: error_code = e.response["Error"]["Code"] - if error_code == "ResourceNotFoundException": + if error_code == "ResourceNotFoundException": # noqa: R505 LOGGER.info(f"Error calling ListSubscribers: {e}. Skipping...") return subscriber_exists, subscriber_id, external_id else: - raise ValueError(f"Error calling ListSubscribers {e}.") + LOGGER.error(f"Error calling ListSubscribers: {e}.") + raise -def get_subscriber_resourceshare_arn(sl_client: SecurityLakeClient, subscriber_name: str, next_token: str = EMPTY_STRING) -> tuple: +def get_subscriber_resourceshare_arn(sl_client: SecurityLakeClient, subscriber_name: str, next_token: str = EMPTY_STRING) -> tuple: # noqa S107 """List Security Lake subscribers. Args: @@ -599,9 +581,6 @@ def get_subscriber_resourceshare_arn(sl_client: SecurityLakeClient, subscriber_n subscriber_name: subscriber name next_token: next token. Defaults to EMPTY_STRING. - Raises: - ClientError: If there is an issue interacting with the AWS API - Returns: tuple: (bool, str, str) """ @@ -611,7 +590,7 @@ def get_subscriber_resourceshare_arn(sl_client: SecurityLakeClient, subscriber_n response = sl_client.list_subscribers(maxResults=10, nextToken=next_token) else: response = sl_client.list_subscribers(maxResults=10) - if response["subscribers"]: + if response["subscribers"]: # noqa R505 for subscriber in response["subscribers"]: if subscriber_name == subscriber["subscriberName"]: resource_share_arn = subscriber.get("resourceShareArn", "") @@ -644,9 +623,6 @@ def create_subscribers( subscriber_name: subscriber name source_version: source version - Raises: - ClientError: If there is an issue interacting with the AWS API - Returns: tuple: subscriber id, resource share ARN """ @@ -656,7 +632,7 @@ def create_subscribers( resource_share_arn = "" subscriber_id = "" base_delay = 1 - max_delay = 3 + max_delay = 10 done = False for attempt in range(ENABLE_RETRY_ATTEMPTS): try: @@ -672,20 +648,17 @@ def create_subscribers( api_call_details = {"API_Call": "securitylake:CreateSubscriber", "API_Response": response} LOGGER.info(api_call_details) subscriber_id = response["subscriber"]["subscriberId"] - if data_access == "LAKEFORMATION": + if data_access == "LAKEFORMATION": # noqa R505 resource_share_arn = response["subscriber"]["resourceShareArn"] done = True return subscriber_id, resource_share_arn else: return subscriber_id, "s3_data_access" - except ClientError as e: - error_code = e.response["Error"]["Code"] - if error_code == "BadRequestException": - delay = min(base_delay * (2**attempt), max_delay) - LOGGER.info(f"'{error_code}' occurred calling CreateSubscriber: {e}. Retrying ({attempt + 1}/{ENABLE_RETRY_ATTEMPTS}) in {delay}") - sleep(delay) - else: - raise ValueError(f"Error calling CreateSubscriber: {e}.") + except sl_client.exceptions.BadRequestException as e: + delay = min(base_delay * (2**attempt), max_delay) + LOGGER.info(f"'Error occurred calling CreateSubscriber: {e}. Retrying ({attempt + 1}/{ENABLE_RETRY_ATTEMPTS}) in {delay}") + sleep(delay) + attempt += 1 if done or attempt >= ENABLE_RETRY_ATTEMPTS: break @@ -760,41 +733,61 @@ def configure_resource_share_in_subscriber_acct(ram_client: RAMClient, resource_ resource_share_arn: resource share arn Raises: - ClientError: If there is an issue interacting with the AWS API + ValueError: If there is an issue interacting with the AWS API """ base_delay = 0.5 max_delay = 5 invitation_accepted = False for attempt in range(MAX_RETRY): paginator = ram_client.get_paginator("get_resource_share_invitations") - for page in paginator.paginate(PaginationConfig={"PageSize": 20}): - if page["resourceShareInvitations"]: - for invitation in page["resourceShareInvitations"]: - if resource_share_arn == invitation["resourceShareArn"]: - if invitation["status"] == "ACCEPTED": - invitation_accepted = True - break - if invitation["status"] == "PENDING": - ram_client.accept_resource_share_invitation( - resourceShareInvitationArn=invitation["resourceShareInvitationArn"], - ) - delay = min(base_delay * (2**attempt), max_delay) - LOGGER.info(f"Accepting resource share invitation: ({attempt + 1}/{ENABLE_RETRY_ATTEMPTS}) in {delay} seconds...") - sleep(delay) - else: - LOGGER.info(invitation["status"]) - else: - LOGGER.info("Resource share invitation not found.") - else: - response = ram_client.list_resources(resourceOwner="OTHER-ACCOUNTS", resourceShareArns=[resource_share_arn]) - if response["resources"]: - invitation_accepted = True - break + invitation = next((inv for page in paginator.paginate(PaginationConfig={"PageSize": 20}) for inv in page["resourceShareInvitations"] if resource_share_arn == inv["resourceShareArn"]), None) # noqa: E501, B950 + + if invitation: + if invitation["status"] == "PENDING": + accept_resource_share_invitation(ram_client, invitation) + delay = min(base_delay * (2**attempt), max_delay) + sleep(delay) + if invitation["status"] == "ACCEPTED": + invitation_accepted = True + break + else: + if check_shared_resource_exists(ram_client, resource_share_arn): + invitation_accepted = True + break attempt += 1 if invitation_accepted or attempt >= MAX_RETRY: break if not invitation_accepted: - raise ValueError("Error accepting resource share invitation") + raise ValueError("Error accepting resource share invitation") from None + + +def accept_resource_share_invitation(ram_client: RAMClient, invitation: dict) -> None: + """Accept the resource share invitation. + + Args: + ram_client: The AWS RAM client to interact with the service. + invitation: The invitation to accept. + """ + ram_client.accept_resource_share_invitation( + resourceShareInvitationArn=invitation["resourceShareInvitationArn"], + ) + LOGGER.info(f"Accepted resource share invitation: {invitation['resourceShareInvitationArn']}") + + +def check_shared_resource_exists(ram_client: RAMClient, resource_share_arn: str) -> bool: + """Check if a shared resource exists in the organization that has AWS RAM access enabled. + + Args: + ram_client: The AWS RAM client to interact with the service. + resource_share_arn: The ARN (Amazon Resource Name) of the shared resource. + + Returns: + bool: True or False. + """ + response = ram_client.list_resources(resourceOwner="OTHER-ACCOUNTS", resourceShareArns=[resource_share_arn]) + if response["resources"]: + return True + return False def get_shared_resource_names(ram_client: RAMClient, resource_share_arn: str) -> tuple: @@ -804,9 +797,6 @@ def get_shared_resource_names(ram_client: RAMClient, resource_share_arn: str) -> ram_client: boto3 client resource_share_arn: resource share arn - Raises: - ClientError: If there is an issue interacting with the AWS API - Returns: tuple: database name and table names """ @@ -839,6 +829,7 @@ def create_db_in_data_catalog(glue_client: GlueClient, subscriber_acct: str, sha subscriber_acct: Security Lake query access subscriber AWS account id shared_db_name: name of shared database role_name: subscriber configuration role name + region: AWS region Raises: ClientError: If there is an issue interacting with the AWS API @@ -864,7 +855,7 @@ def create_db_in_data_catalog(glue_client: GlueClient, subscriber_acct: str, sha def create_table_in_data_catalog( - glue_client: GlueClient, shared_db_name: str, shared_table_names: str, security_lake_acct: str, subscriber_acct: str, region: str + glue_client: GlueClient, shared_db_name: str, shared_table_names: str, security_lake_acct: str, region: str ) -> None: """Create table in data catalog. @@ -873,9 +864,10 @@ def create_table_in_data_catalog( shared_db_name: name of shared database shared_table_names: name of shared tables security_lake_acct: Security Lake delegated administrator AWS account id + region: AWS region Raises: - ClientError: If there is an issue interacting with the AWS API + ValueError: If there is an creating Glue table """ for table in shared_table_names: table_name = "rl_" + table @@ -894,13 +886,12 @@ def create_table_in_data_catalog( if error_code == "AlreadyExistsException": LOGGER.info(f"Table '{table_name}' already exists in {region} region.") continue - if error_code == "AccessDeniedException": + if error_code == "AccessDeniedException": # noqa R505 LOGGER.info("'AccessDeniedException' error occurred. Review and update Lake Formation permission(s)") LOGGER.info("Skipping...") continue else: - LOGGER.error("Error calling glue:CreateTable %s", e) - raise + raise ValueError(f"Error calling glue:CreateTable {e}") from None def set_lake_formation_permissions(lf_client: LakeFormationClient, account: str, db_name: str) -> None: @@ -910,7 +901,6 @@ def set_lake_formation_permissions(lf_client: LakeFormationClient, account: str, lf_client: boto3 client account: AWS account db_name: database name - table_name: table name Raises: ClientError: If there is an issue interacting with the AWS API @@ -919,9 +909,9 @@ def set_lake_formation_permissions(lf_client: LakeFormationClient, account: str, LOGGER.info("Setting lakeformation permissions for db") try: resource: Union[ResourceTypeDef] = { - "Database": {"CatalogId": account, "Name": db_name + "_subscriber"}, - "Table": {"CatalogId": account, "DatabaseName": db_name + "_subscriber", "Name": "rl_*"}, - } + "Database": {"CatalogId": account, "Name": db_name + "_subscriber"}, + "Table": {"CatalogId": account, "DatabaseName": db_name + "_subscriber", "Name": "rl_*"}, + } lf_client.grant_permissions( CatalogId=account, Principal={"DataLakePrincipalIdentifier": f"arn:aws:iam::{account}:role/sra-security-lake-query-subscriber"}, @@ -930,7 +920,7 @@ def set_lake_formation_permissions(lf_client: LakeFormationClient, account: str, PermissionsWithGrantOption=["ALL"], ) except ClientError as e: - LOGGER.error("Error calling GrantPermissions %s.", e) + LOGGER.error(f"Error calling GrantPermissions {e}.") raise @@ -941,20 +931,18 @@ def delete_subscriber(sl_client: SecurityLakeClient, subscriber_name: str, regio sl_client: boto3 client subscriber_name: subscriber name region: AWS region - - Raises: - ClientError: If there is an issue interacting with the AWS API """ subscriber_exists, subscriber_id, _ = check_subscriber_exists(sl_client, subscriber_name) + LOGGER.info(f"Subscriber exists: {subscriber_exists}. Subscriber name {subscriber_name} sub id {subscriber_id}") if subscriber_exists: try: response = sl_client.delete_subscriber(subscriberId=subscriber_id) api_call_details = {"API_Call": "securitylake:DeleteSubscriber", "API_Response": response} LOGGER.info(api_call_details) - except ClientError as e: - LOGGER.error(f"Error calling DeleteSubscriber: {e}") - raise + except sl_client.exceptions.ResourceNotFoundException as e: + LOGGER.info(f"Subscriber not found in {region} region. {e}") + pass else: LOGGER.info(f"Subscriber not found in {region} region. Skipping delete subscriber...") @@ -988,32 +976,3 @@ def delete_aws_log_source(sl_client: SecurityLakeClient, regions: list, source: else: LOGGER.error(f"Error calling DeleteAwsLogSource {e}.") raise - - -def delete_security_lake(configuration_role_name: str, delegated_admin_acct: str, region: str, regions: list) -> None: - """Delete Data Lake. - - Args: - configuration_role_name: configuration role name - delegated_admin_acct: delegated administrator AWS account id - region: AWS region - regions: list of AWS regions - - Raises: - ClientError: If there is an issue interacting with the AWS API - """ - delegated_admin_session = common.assume_role(configuration_role_name, "sra-disable-security-lake", delegated_admin_acct) - sl_client = delegated_admin_session.client("securitylake", region) - try: - response = sl_client.delete_data_lake(regions=regions) - api_call_details = {"API_Call": "securitylake:DeleteDataLake", "API_Response": response} - LOGGER.info(api_call_details) - except ClientError as e: - error_code = e.response["Error"]["Code"] - if error_code == "ResourceNotFoundException": - LOGGER.info(f"'ResourceNotFoundException' occurred: {e}. Skipping delete...") - elif error_code == "UnauthorizedException": - LOGGER.info(f"'UnauthorizedException' occurred: {e}. Skipping delete...") - else: - LOGGER.error(f"Error calling DeleteDataLake {e}") - raise diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/sra_ssm_params.py b/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/sra_ssm_params.py index f968f61e..695aae73 100644 --- a/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/sra_ssm_params.py +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/sra_ssm_params.py @@ -26,6 +26,9 @@ def __init__(self, logger: Any) -> None: Args: logger: logger + + Raises: + ValueError: Unexpected error executing Lambda function. Review CloudWatch logs for details. """ self.LOGGER = logger @@ -47,10 +50,8 @@ def get_security_acct(self) -> str: Security tooling account id """ self.LOGGER.info("Getting security tooling (audit) account id") - sra_security_acct = '' ssm_response = self.SSM_CLIENT.get_parameter(Name="/sra/control-tower/audit-account-id") - sra_security_acct = ssm_response["Parameter"]["Value"] - return sra_security_acct + return ssm_response["Parameter"]["Value"] def get_home_region(self) -> str: """Query SSM Parameter Store to identify home region. @@ -58,7 +59,5 @@ def get_home_region(self) -> str: Returns: Home region """ - home_region = '' ssm_response = self.SSM_CLIENT.get_parameter(Name="/sra/control-tower/home-region",) - home_region = ssm_response["Parameter"]["Value"] - return home_region + return ssm_response["Parameter"]["Value"] diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-main-ssm.yaml b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-main-ssm.yaml index 50594fe7..5f064f4d 100644 --- a/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-main-ssm.yaml +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-main-ssm.yaml @@ -373,7 +373,7 @@ Parameters: Type: String pRegisterAuditAccountQuerySubscriber: AllowedValues: ['true', 'false'] - Default: 'false' # todo: test and change to true + Default: 'false' Description: Identifies whether to register Audit (Security Tooling) account as a Subscriber with Query Access Type: String pStackSetAdminRole: @@ -436,30 +436,21 @@ Rules: - !Ref pRegisterAuditAccountDataSubscriber - 'true' Assertions: - - Assert: !Not - - !Equals - - !Ref pAuditAccountDataSubscriberExternalId - - '' + - Assert: !Not [!Equals [!Ref pAuditAccountDataSubscriberExternalId, '']] AssertDescription: Please provide External ID for Security Lake Audit (Security Tooling) data access subscriber ProvideQueryAccessExternalId: RuleCondition: !Equals - !Ref pRegisterAuditAccountQuerySubscriber - 'true' Assertions: - - Assert: !Not - - !Equals - - !Ref pAuditAccountQuerySubscriberExternalId - - '' + - Assert: !Not [!Equals [!Ref pAuditAccountQuerySubscriberExternalId, '']] AssertDescription: Please provide External ID for Security Lake Audit (Security Tooling) query access subscriber VerifyEnabledRegions: RuleCondition: !Equals - !Ref pControlTowerRegionsOnly - 'false' Assertions: - - Assert: !Not - - !Equals - - !Ref pEnabledRegions - - '' + - Assert: !Not [!Equals [!Ref pEnabledRegions, '']] AssertDescription: Please provide Enabled Regions Resources: @@ -593,7 +584,6 @@ Resources: pAuditAccountQuerySubscriberExternalId: !Ref pAuditAccountQuerySubscriberExternalId pDisableSecurityLake: !Ref pDisableSecurityLake pOrganizationId: !Ref pOrganizationId - # pKmsKeyStackSetId: !Ref rSecurityLakeKMSKeyStackSet pCreateResourceLink: !Ref pCreateResourceLink pSecurityLakeOrgKeyAlias: !Ref pSecurityLakeOrgKeyAlias Tags: From cea07f99de49212e64ef04b96551f5681cc6e58a Mon Sep 17 00:00:00 2001 From: ievgeniia ieromenko Date: Thu, 5 Sep 2024 23:28:24 -0400 Subject: [PATCH 08/15] mypy fixes --- .../security_lake_org/lambda/src/security_lake.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/security_lake.py b/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/security_lake.py index c594c178..13027d45 100644 --- a/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/security_lake.py +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/security_lake.py @@ -25,6 +25,7 @@ from mypy_boto3_lakeformation.type_defs import ResourceTypeDef from mypy_boto3_organizations import OrganizationsClient from mypy_boto3_ram import RAMClient + from mypy_boto3_ram.type_defs import ResourceShareInvitationTypeDef from mypy_boto3_securitylake import SecurityLakeClient from mypy_boto3_securitylake.literals import AwsLogSourceNameType from mypy_boto3_securitylake.paginator import ListLogSourcesPaginator @@ -761,7 +762,7 @@ def configure_resource_share_in_subscriber_acct(ram_client: RAMClient, resource_ raise ValueError("Error accepting resource share invitation") from None -def accept_resource_share_invitation(ram_client: RAMClient, invitation: dict) -> None: +def accept_resource_share_invitation(ram_client: RAMClient, invitation: ResourceShareInvitationTypeDef) -> None: """Accept the resource share invitation. Args: From 802c46151f579502cf271a1ec603fbe48d6fedc7 Mon Sep 17 00:00:00 2001 From: ievgeniia ieromenko Date: Mon, 9 Sep 2024 10:34:03 -0400 Subject: [PATCH 09/15] adding CfCT templates --- .../security_lake/security_lake_org/README.md | 4 +- .../manifest.yaml | 87 +++++++++++ .../sra-security-lake-main-ssm.json | 142 ++++++++++++++++++ 3 files changed, 231 insertions(+), 2 deletions(-) create mode 100644 aws_sra_examples/solutions/security_lake/security_lake_org/customizations_for_aws_control_tower/manifest.yaml create mode 100644 aws_sra_examples/solutions/security_lake/security_lake_org/customizations_for_aws_control_tower/parameters/sra-security-lake-main-ssm.json diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/README.md b/aws_sra_examples/solutions/security_lake/security_lake_org/README.md index 4797f427..0d8cb1ef 100644 --- a/aws_sra_examples/solutions/security_lake/security_lake_org/README.md +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/README.md @@ -156,7 +156,7 @@ Choose a Deployment Method: In the `management account (home region)`, launch the [sra-security-lake-org-main-ssm.yaml](templates/sra-security-lake-org-main-ssm.yaml) template. This uses an approach where some of the CloudFormation parameters are populated from SSM parameters created by the [SRA Prerequisites Solution](../../common/common_prerequisites/). ```bash - aws cloudformation deploy --template-file $PWD/aws_sra_examples/solutions/security-lake/security-lake-org/templates/sra-security-lake-org-main-ssm.yaml --stack-name sra-security-lake-org-main-ssm --capabilities CAPABILITY_NAMED_IAM --parameter-overrides pSecurityLakeWarning= + aws cloudformation deploy --template-file $PWD/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-main-ssm.yaml --stack-name sra-security-lake-org-main-ssm --capabilities CAPABILITY_NAMED_IAM --parameter-overrides pSecurityLakeWarning= ``` ##### Important @@ -164,7 +164,7 @@ In the `management account (home region)`, launch the [sra-security-lake-org-mai Pay close attention to the `--parameter-overrides` argument. For launching of the AWS Cloudformation stack using the command above to be successful, the `pSecurityLakeWarning` parameter in the `--parameter-overrides` argument must be set to `Accept`. If it is set to `Reject` the stack launch will fail and provide an error. - To create an Audit account subscriber with data access, add `pRegisterAuditAccountDataSubscriber` parameter in the `--parameter-overrides` with argument set to `true`. Provide value for `pAuditAccountDataSubscriberExternalId` parameter. - To create an Audit account subscriber with query access, add `pRegisterAuditAccountQuerySubscriber` parameter in the `--parameter-overrides` with argument set to `true`. Provide value for `pAuditAccountQuerySubscriberExternalId` parameter. -- To creates a resource link to shared tables in an Audit account, , add `pCreateResourceLink` parameter in the `--parameter-overrides` with argument set to `true` +- To creates a resource link to shared tables in an Audit account, add `pCreateResourceLink` parameter in the `--parameter-overrides` with argument set to `true` #### Verify Solution Deployment diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/customizations_for_aws_control_tower/manifest.yaml b/aws_sra_examples/solutions/security_lake/security_lake_org/customizations_for_aws_control_tower/manifest.yaml new file mode 100644 index 00000000..6f9278b5 --- /dev/null +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/customizations_for_aws_control_tower/manifest.yaml @@ -0,0 +1,87 @@ +--- +#Default region for deploying Custom Control Tower: Code Pipeline, Step functions, Lambda, SSM parameters, and StackSets +region: us-east-1 +version: 2021-03-15 + +# Control Tower Custom Resources (Service Control Policies or CloudFormation) +resources: + # ----------------------------------------------------------------------------- + # Organization shield + # ----------------------------------------------------------------------------- + - name: sra-security-lake-main-ssm + resource_file: templates/sra-security-lake-main-ssm.yaml + parameters: + - parameter_key: pSecurityLakeOrgLambdaRoleName + parameter_value: sra-security-lake-org-lambda + - parameter_key: pCreateResourceLink + parameter_value: 'false' + - parameter_key: pCreateLakeFormationSlr + parameter_value: 'true' + - parameter_key: pSRASecurityLakeMetaStoreManagerRoleName + parameter_value: AmazonSecurityLakeMetaStoreManagerV2 + - parameter_key: pSourceVersion + parameter_value: '2.0' + - parameter_key: pCloudTrailManagementEvents + parameter_value: ALL + - parameter_key: pCloudTrailLambdaDataEvents + parameter_value: ALL + - parameter_key: pCloudTrailS3DataEvents + parameter_value: '' + - parameter_key: pSecurityHubFindings + parameter_value: ALL + - parameter_key: pVpcFlowLogs + parameter_value: ALL + - parameter_key: pWafLogs + parameter_value: '' + - parameter_key: pRoute53Logs + parameter_value: ALL + - parameter_key: pVpcFlowLogs + parameter_value: ALL + - parameter_key: pOrgConfigurationSources + parameter_value: ROUTE53,VPC_FLOW,SH_FINDINGS,CLOUD_TRAIL_MGMT,LAMBDA_EXECUTION,EKS_AUDIT + - parameter_key: pCreateOrganizationConfiguration + parameter_value: 'true' + - parameter_key: pSecurityLakeOrgKeyAlias + parameter_value: sra-security-lake-org-key + - parameter_key: pComplianceFrequency + parameter_value: 7 + - parameter_key: pControlTowerRegionsOnly + parameter_value: 'true' + - parameter_key: pCreateLambdaLogGroup + parameter_value: 'false' + - parameter_key: pEnabledRegions + parameter_value: '' + - parameter_key: pLambdaLogGroupKmsKey + parameter_value: '' + - parameter_key: pLambdaLogGroupRetention + parameter_value: 14 + - parameter_key: pLambdaLogLevel + parameter_value: INFO + - parameter_key: pSRAAlarmEmail + parameter_value: '' + - parameter_key: pSRASolutionVersion + parameter_value: v1.0 + - parameter_key: pRegisterAuditAccountDataSubscriber + parameter_value: 'false' + - parameter_key: pAuditAccountDataSubscriberPrefix + parameter_value: sra-audit-account-data-subscriber + - parameter_key: pAuditAccountDataSubscriberExternalId + parameter_value: '' + - parameter_key: pAuditAccountQuerySubscriberPrefix + parameter_value: sra-audit-account-query-subscriber + - parameter_key: pAuditAccountQuerySubscriberExternalId + parameter_value: '' + - parameter_key: pRegisterAuditAccountQuerySubscriber + parameter_value: 'false' + - parameter_key: pStackSetAdminRole + parameter_value: sra-stackset + - parameter_key: pStackExecutionRole + parameter_value: sra-execution + - parameter_key: pSecurityLakeWarning + parameter_value: Reject + - parameter_key: pDisableSecurityLake + parameter_value: 'false' + deploy_method: stack_set + deployment_targets: + accounts: + - REPLACE_ME_ORG_MANAGEMENT_ACCOUNT_NAME diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/customizations_for_aws_control_tower/parameters/sra-security-lake-main-ssm.json b/aws_sra_examples/solutions/security_lake/security_lake_org/customizations_for_aws_control_tower/parameters/sra-security-lake-main-ssm.json new file mode 100644 index 00000000..fceea19a --- /dev/null +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/customizations_for_aws_control_tower/parameters/sra-security-lake-main-ssm.json @@ -0,0 +1,142 @@ +[ + { + "ParameterKey": "pSecurityLakeOrgLambdaRoleName", + "ParameterValue": "sra-security-lake-org-lambda" + }, + { + "ParameterKey": "pCreateResourceLink", + "ParameterValue": "false" + }, + { + "ParameterKey": "pCreateLakeFormationSlr", + "ParameterValue": "true" + }, + { + "ParameterKey": "pSRASecurityLakeMetaStoreManagerRoleName", + "ParameterValue": "AmazonSecurityLakeMetaStoreManagerV2" + }, + { + "ParameterKey": "pSourceVersion", + "ParameterValue": "2.0" + }, + { + "ParameterKey": "pCloudTrailManagementEvents", + "ParameterValue": "ALL" + }, + { + "ParameterKey": "pCloudTrailLambdaDataEvents", + "ParameterValue": "ALL" + }, + { + "ParameterKey": "pCloudTrailS3DataEvents", + "ParameterValue": "" + }, + { + "ParameterKey": "pSecurityHubFindings", + "ParameterValue": "ALL" + }, + { + "ParameterKey": "pVpcFlowLogs", + "ParameterValue": "ALL" + }, + { + "ParameterKey": "pWafLogs", + "ParameterValue": "" + }, + { + "ParameterKey": "pRoute53Logs", + "ParameterValue": "ALL" + }, + { + "ParameterKey": "pVpcFlowLogs", + "ParameterValue": "ALL" + }, + { + "ParameterKey": "pOrgConfigurationSources", + "ParameterValue": "ROUTE53,VPC_FLOW,SH_FINDINGS,CLOUD_TRAIL_MGMT,LAMBDA_EXECUTION,EKS_AUDIT" + }, + { + "ParameterKey": "pCreateOrganizationConfiguration", + "ParameterValue": "true" + }, + { + "ParameterKey": "pSecurityLakeOrgKeyAlias", + "ParameterValue": "sra-security-lake-org-key" + }, + { + "ParameterKey": "pComplianceFrequency", + "ParameterValue": "7" + }, + { + "ParameterKey": "pControlTowerRegionsOnly", + "ParameterValue": "true" + }, + { + "ParameterKey": "pCreateLambdaLogGroup", + "ParameterValue": "false" + }, + { + "ParameterKey": "pEnabledRegions", + "ParameterValue": "" + }, + { + "ParameterKey": "pLambdaLogGroupKmsKey", + "ParameterValue": "" + }, + { + "ParameterKey": "pLambdaLogGroupRetention", + "ParameterValue": "14" + }, + { + "ParameterKey": "pLambdaLogLevel", + "ParameterValue": "INFO" + }, + { + "ParameterKey": "pSRAAlarmEmail", + "ParameterValue": "" + }, + { + "ParameterKey": "pSRASolutionVersion", + "ParameterValue": "v1.0" + }, + { + "ParameterKey": "pRegisterAuditAccountDataSubscriber", + "ParameterValue": "false" + }, + { + "ParameterKey": "pAuditAccountDataSubscriberPrefix", + "ParameterValue": "sra-audit-account-data-subscriber" + }, + { + "ParameterKey": "pAuditAccountDataSubscriberExternalId", + "ParameterValue": "" + }, + { + "ParameterKey": "pAuditAccountQuerySubscriberPrefix", + "ParameterValue": "sra-audit-account-query-subscriber" + }, + { + "ParameterKey": "pAuditAccountQuerySubscriberExternalId", + "ParameterValue": "" + }, + { + "ParameterKey": "pRegisterAuditAccountQuerySubscriber", + "ParameterValue": "false" + }, + { + "ParameterKey": "pStackSetAdminRole", + "ParameterValue": "sra-stackset" + }, + { + "ParameterKey": "pStackExecutionRole", + "ParameterValue": "sra-execution" + }, + { + "ParameterKey": "pSecurityLakeWarning", + "ParameterValue": "Reject" + }, + { + "ParameterKey": "pDisableSecurityLake", + "ParameterValue": "false" + } +] \ No newline at end of file From 974cc8833ec0c69f067c3964c55b50a05036dd4e Mon Sep 17 00:00:00 2001 From: ievgeniia ieromenko Date: Tue, 10 Sep 2024 12:10:50 -0400 Subject: [PATCH 10/15] updating source version param, removing comments --- .../security_lake_org/lambda/src/app.py | 2 -- .../sra-security-lake-lakeformation-slr.yaml | 2 +- ...security-lake-meta-store-manager-role.yaml | 2 +- ...-security-lake-org-configuration-role.yaml | 7 ++--- .../sra-security-lake-org-configuration.yaml | 28 +++++++++---------- .../sra-security-lake-org-kms-key.yaml | 2 +- .../sra-security-lake-org-main-ssm.yaml | 12 ++++---- ...a-security-lake-query-subscriber-role.yaml | 5 ++-- 8 files changed, 28 insertions(+), 32 deletions(-) diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/app.py b/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/app.py index 5487921e..c01f557a 100644 --- a/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/app.py +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/app.py @@ -146,7 +146,6 @@ def process_event(event: dict) -> None: event_info = {"Event": event} LOGGER.info(event_info) params = get_validated_parameters({"RequestType": "Update"}) - # excluded_accounts: list = [params["DELEGATED_ADMIN_ACCOUNT_ID"]] accounts = common.get_active_organization_accounts() regions = common.get_enabled_regions(params["ENABLED_REGIONS"], params["CONTROL_TOWER_REGIONS_ONLY"] == "true") @@ -674,7 +673,6 @@ def process_event_cloudformation(event: CloudFormationCustomResourceEvent, conte event_info = {"Event": event} LOGGER.info(event_info) params = get_validated_parameters({"RequestType": event["RequestType"]}) - # excluded_accounts: list = [params["DELEGATED_ADMIN_ACCOUNT_ID"]] accounts = common.get_active_organization_accounts() regions = common.get_enabled_regions(params["ENABLED_REGIONS"], params["CONTROL_TOWER_REGIONS_ONLY"]) if params["action"] == "Add": diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-lakeformation-slr.yaml b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-lakeformation-slr.yaml index 02ad2b5b..fb1b3c31 100644 --- a/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-lakeformation-slr.yaml +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-lakeformation-slr.yaml @@ -5,7 +5,7 @@ AWSTemplateFormatVersion: 2010-09-09 Description: This template creates an IAM role to configure the delegated administrator account - - 'security_lake_org' solution in the repo, - https://github.com/aws-samples/aws-security-reference-architecture-examples (sra-1ssgnse80) + https://github.com/aws-samples/aws-security-reference-architecture-examples (sra-1u3sd7f8p) Metadata: SRA: diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-meta-store-manager-role.yaml b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-meta-store-manager-role.yaml index 23fcd72c..19e4a9d4 100644 --- a/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-meta-store-manager-role.yaml +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-meta-store-manager-role.yaml @@ -5,7 +5,7 @@ AWSTemplateFormatVersion: 2010-09-09 Description: This template creates an IAM role to configure the delegated administrator account - - 'security_lake_org' solution in the repo, - https://github.com/aws-samples/aws-security-reference-architecture-examples (sra-1ssgnse80) + https://github.com/aws-samples/aws-security-reference-architecture-examples (sra-1u3sd7f8p) Metadata: SRA: diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-configuration-role.yaml b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-configuration-role.yaml index d168e9af..f6bf07d3 100644 --- a/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-configuration-role.yaml +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-configuration-role.yaml @@ -5,7 +5,7 @@ AWSTemplateFormatVersion: 2010-09-09 Description: This template creates an IAM role to configure the delegated administrator account - - 'security_lake_org' solution in the repo, - https://github.com/aws-samples/aws-security-reference-architecture-examples (sra-1ssgnse80) + https://github.com/aws-samples/aws-security-reference-architecture-examples (sra-1u3sd7f8p) Metadata: SRA: @@ -32,7 +32,7 @@ Metadata: pSecurityLakeOrgLambdaRoleName: default: Lambda Role Name pSecurityLakeConfigurationRoleName: - default: SecurityLake Configuration Role Name + default: Security Lake Configuration Role Name pSRASolutionName: default: SRA Solution Name pAuditAccountQuerySubscriberExternalId: @@ -54,7 +54,7 @@ Parameters: AllowedPattern: '^[\w+=,.@-]{1,64}$' ConstraintDescription: Max 64 alphanumeric characters. Also special characters supported [+, =, ., @, -] Default: sra-security-lake-org-configuration - Description: SecurityLake Configuration IAM Role Name + Description: Security Lake Configuration IAM Role Name Type: String pSRASolutionName: AllowedValues: [sra-security-lake-org] @@ -90,7 +90,6 @@ Resources: StringEquals: aws:PrincipalArn: - !Sub arn:${AWS::Partition}:iam::${pManagementAccountId}:role/${pSecurityLakeOrgLambdaRoleName} - - !Sub arn:${AWS::Partition}:iam::${pManagementAccountId}:role/Admin # todo: remove Principal: AWS: - !Sub arn:${AWS::Partition}:iam::${pManagementAccountId}:root diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-configuration.yaml b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-configuration.yaml index 2a1fcbbc..7631cdc2 100644 --- a/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-configuration.yaml +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-configuration.yaml @@ -4,8 +4,8 @@ ######################################################################## AWSTemplateFormatVersion: 2010-09-09 Description: - This template creates a custom resource Lambda to delegate administration and configure Security Lake within an AWS Organization - 'securitylake_org' - solution in the repo, https://github.com/aws-samples/aws-security-reference-architecture-examples (sra-1ssgnse80) + This template creates a custom resource Lambda to delegate administration and configure Security Lake within an AWS Organization - 'security_lake_org' + solution in the repo, https://github.com/aws-samples/aws-security-reference-architecture-examples (sra-1u3sd7f8p) Metadata: SRA: @@ -53,7 +53,7 @@ Metadata: - pAuditAccountQuerySubscriberPrefix - pAuditAccountQuerySubscriberExternalId - pDisableSecurityLake - - pSRASecurityLakeMetatoreManagerRoleName + - pSRASecurityLakeMetaStoreManagerRoleName - pCreateResourceLink - pSecurityLakeOrgKeyAlias @@ -77,7 +77,7 @@ Metadata: pSecurityLakeOrgKeyAlias: default: Security Lake KMS Key Alias pSRASecurityLakeMetaStoreManagerRoleName: - default: SecurityLakeMetastoreManagerRole + default: SecurityLakeMetaStoreManagerRole pCloudTrailManagementEvents: default: CloudTrail - Management events pSourceVersion: @@ -162,13 +162,13 @@ Parameters: AllowedPattern: '^[\w+=,.@-]{1,64}$' ConstraintDescription: Max 64 alphanumeric characters. Also special characters supported [+, =, ., @, -] Default: AmazonSecurityLakeMetaStoreManagerV2 - Description: SecurityLakeMetastoreManagerRole + Description: SecurityLakeMetaStoreManagerRole Type: String pSourceVersion: - AllowedValues: [2.0] + AllowedValues: ['2.0'] ConstraintDescription: Must be a valid version number. Currently supported version is 2.0 Description: 'Chose the version of data source from which you want to ingest log and event sources' - Default: 2.0 + Default: '2.0' Type: String pCloudTrailManagementEvents: AllowedPattern: '^($|ALL|(\d{12})(,\s*\d{12})*)$' @@ -281,19 +281,19 @@ Parameters: AllowedPattern: '^[\w+=,.@-]{1,64}$' ConstraintDescription: Max 64 alphanumeric characters. Also special characters supported [+, =, ., @, -] Default: sra-security-lake-org-lambda - Description: SecurityLake configuration Lambda role name + Description: Security Lake configuration Lambda role name Type: String pSecurityLakeConfigurationRoleName: AllowedPattern: '^[\w+=,.@-]{1,64}$' ConstraintDescription: Max 64 alphanumeric characters. Also special characters supported [+, =, ., @, -] Default: sra-security-lake-org-configuration - Description: SecurityLake Configuration role to assume in the delegated administrator account + Description: Security Lake Configuration role to assume in the delegated administrator account Type: String pSecurityLakeSubscriberRoleName: AllowedPattern: '^[\w+=,.@-]{1,64}$' ConstraintDescription: Max 64 alphanumeric characters. Also special characters supported [+, =, ., @, -] Default: sra-security-lake-query-subscriber - Description: SecurityLake Configuration role to assume in the delegated administrator account + Description: Security Lake Configuration role to assume in the delegated administrator account Type: String pLambdaLogGroupKmsKey: AllowedPattern: '^$|^arn:(aws[a-zA-Z-]*){1}:kms:[a-z0-9-]+:\d{12}:key\/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$' @@ -776,7 +776,7 @@ Resources: Type: AWS::Events::Rule Properties: Name: !Sub ${pControlTowerLifeCycleRuleName}-organization-compliance - Description: SRA SecurityLake Trigger for scheduled organization compliance + Description: SRA Security Lake Trigger for scheduled organization compliance ScheduleExpression: !If - cComplianceFrequencySingleDay - !Sub rate(${pComplianceFrequency} day) @@ -788,12 +788,12 @@ Resources: Outputs: oSecurityLakeOrgLambdaFunctionArn: - Description: SRA SecurityLake Lambda Function ARN + Description: SRA Security Lake Lambda Function ARN Value: !GetAtt rSecurityLakeOrgLambdaFunction.Arn oSecurityLakeOrgLambdaLogGroupArn: Condition: cCreateLambdaLogGroup - Description: SRA SecurityLake Lambda Log Group ARN + Description: SRA Security Lake Lambda Log Group ARN Value: !GetAtt rSecurityLakeOrgLambdaLogGroup.Arn oSecurityLakeOrgLambdaRoleArn: - Description: SRA SecurityLake Lambda Role ARN + Description: SRA Security Lake Lambda Role ARN Value: !GetAtt rSecurityLakeOrgLambdaRole.Arn diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-kms-key.yaml b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-kms-key.yaml index b7d6ef07..6b8018b6 100644 --- a/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-kms-key.yaml +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-kms-key.yaml @@ -3,7 +3,7 @@ # SPDX-License-Identifier: MIT-0 ######################################################################## AWSTemplateFormatVersion: 2010-09-09 -Description: This template creates KMS key for Security Lake configurations - 'SecurityLake_org' solution in the repo, https://github.com/aws-samples/aws-security-reference-architecture-examples (sra-1ssgnse4k) +Description: This template creates KMS key for Security Lake configurations - 'security_lake_org' solution in the repo, https://github.com/aws-samples/aws-security-reference-architecture-examples (sra-1u3sd7f8p) Metadata: SRA: Version: 1 diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-main-ssm.yaml b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-main-ssm.yaml index 5f064f4d..ec67ac06 100644 --- a/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-main-ssm.yaml +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-main-ssm.yaml @@ -3,7 +3,7 @@ # SPDX-License-Identifier: MIT-0 ######################################################################## AWSTemplateFormatVersion: 2010-09-09 -Description: This template creates a custom resource Lambda to delegate administration and configure SecurityLake within an AWS Organization - 'security_lake_org' solution in the repo, https://github.com/aws-samples/aws-security-reference-architecture-examples (sra-1ssgnse80) +Description: This template creates a custom resource Lambda to delegate administration and configure Security Lake within an AWS Organization - 'security_lake_org' solution in the repo, https://github.com/aws-samples/aws-security-reference-architecture-examples (sra-1u3sd7f8p) Metadata: SRA: Version: 1 @@ -171,7 +171,7 @@ Parameters: AllowedPattern: '^[\w+=,.@-]{1,64}$' ConstraintDescription: Max 64 alphanumeric characters. Also special characters supported [+, =, ., @, -] Default: sra-security-lake-org-lambda - Description: SecurityLake configuration Lambda role name + Description: Security Lake configuration Lambda role name Type: String pCreateResourceLink: AllowedValues: ['true', 'false'] @@ -189,10 +189,10 @@ Parameters: Description: IAM role used by Security Lake to create data lake or query data from Security Lake Type: String pSourceVersion: - AllowedValues: [2.0] + AllowedValues: ['2.0'] ConstraintDescription: Must be a valid version number. Currently supported version is 2.0 Description: Chose the version of data source from which you want to ingest log and event sources - Default: 2.0 + Default: '2.0' Type: String pCloudTrailManagementEvents: AllowedPattern: ^($|ALL|(\d{12})(,\s*\d{12})*)$ @@ -406,7 +406,7 @@ Parameters: AllowedPattern: '^[\w+=,.@-]{1,64}$' ConstraintDescription: Max 64 alphanumeric characters. Also special characters supported [+, =, ., @, -] Default: sra-security-lake-org-configuration - Description: SecurityLake Configuration IAM Role Name + Description: Security Lake Configuration IAM Role Name Type: String Conditions: @@ -465,7 +465,7 @@ Resources: CallAs: SELF Capabilities: - CAPABILITY_NAMED_IAM - Description: !Sub ${pSRASolutionVersion} - Deploys an IAM role via ${pSRASolutionName} for configuring SecurityLake Subscriber account + Description: !Sub ${pSRASolutionVersion} - Deploys an IAM role via ${pSRASolutionName} for configuring Security Lake Subscriber account ExecutionRoleName: !Ref pStackExecutionRole ManagedExecution: Active: true diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-query-subscriber-role.yaml b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-query-subscriber-role.yaml index 0402db8b..e6ee17f0 100644 --- a/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-query-subscriber-role.yaml +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-query-subscriber-role.yaml @@ -5,7 +5,7 @@ AWSTemplateFormatVersion: 2010-09-09 Description: This template creates an IAM role to configure the delegated administrator account - - 'security_lake_org' solution in the repo, - https://github.com/aws-samples/aws-security-reference-architecture-examples (sra-1ssgnse80) + https://github.com/aws-samples/aws-security-reference-architecture-examples (sra-1u3sd7f8p) Metadata: SRA: @@ -54,7 +54,7 @@ Parameters: AllowedPattern: '^[\w+=,.@-]{1,64}$' ConstraintDescription: Max 64 alphanumeric characters. Also special characters supported [+, =, ., @, -] Default: sra-security-lake-query-subscriber - Description: SecurityLake Configuration IAM Role Name + Description: Security Lake Configuration IAM Role Name Type: String pSRASolutionName: AllowedValues: [sra-security-lake-org] @@ -88,7 +88,6 @@ Resources: StringEquals: aws:PrincipalArn: - !Sub arn:${AWS::Partition}:iam::${pManagementAccountId}:role/${pSecurityLakeOrgLambdaRoleName} - - !Sub arn:${AWS::Partition}:iam::${pManagementAccountId}:role/Admin # todo: remove this line after the solution is tested Principal: AWS: - !Sub arn:${AWS::Partition}:iam::${pManagementAccountId}:root From b3e4041bbf0e00cdee7d168dced6b432abcb9e85 Mon Sep 17 00:00:00 2001 From: ievgeniia ieromenko Date: Tue, 10 Sep 2024 12:17:25 -0400 Subject: [PATCH 11/15] linting fixes - black --- .../lambda/src/security_lake.py | 22 ++++++++++--------- .../lambda/src/sra_ssm_params.py | 6 +++-- 2 files changed, 16 insertions(+), 12 deletions(-) diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/security_lake.py b/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/security_lake.py index 13027d45..74ff92e7 100644 --- a/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/security_lake.py +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/security_lake.py @@ -712,9 +712,7 @@ def update_subscriber( return "s3_data_access" except sl_client.exceptions.BadRequestException: delay = min(base_delay * (2**attempt), max_delay) - LOGGER.info( - f"'BadRequestException' occurred calling UpdateSubscriber. Retrying ({attempt + 1}/{ENABLE_RETRY_ATTEMPTS}) in {delay}" - ) + LOGGER.info(f"'BadRequestException' occurred calling UpdateSubscriber. Retrying ({attempt + 1}/{ENABLE_RETRY_ATTEMPTS}) in {delay}") sleep(delay) attempt += 1 @@ -741,7 +739,15 @@ def configure_resource_share_in_subscriber_acct(ram_client: RAMClient, resource_ invitation_accepted = False for attempt in range(MAX_RETRY): paginator = ram_client.get_paginator("get_resource_share_invitations") - invitation = next((inv for page in paginator.paginate(PaginationConfig={"PageSize": 20}) for inv in page["resourceShareInvitations"] if resource_share_arn == inv["resourceShareArn"]), None) # noqa: E501, B950 + invitation = next( + ( + inv + for page in paginator.paginate(PaginationConfig={"PageSize": 20}) + for inv in page["resourceShareInvitations"] + if resource_share_arn == inv["resourceShareArn"] + ), + None, + ) # noqa: E501, B950 if invitation: if invitation["status"] == "PENDING": @@ -848,16 +854,12 @@ def create_db_in_data_catalog(glue_client: GlueClient, subscriber_acct: str, sha else: LOGGER.error(f"Error calling CreateDatabase: {e}") raise - subscriber_session = common.assume_role( - role_name, "sra-configure-resource-link", subscriber_acct - ) + subscriber_session = common.assume_role(role_name, "sra-configure-resource-link", subscriber_acct) lf_client = subscriber_session.client("lakeformation", region) set_lake_formation_permissions(lf_client, subscriber_acct, shared_db_name) -def create_table_in_data_catalog( - glue_client: GlueClient, shared_db_name: str, shared_table_names: str, security_lake_acct: str, region: str -) -> None: +def create_table_in_data_catalog(glue_client: GlueClient, shared_db_name: str, shared_table_names: str, security_lake_acct: str, region: str) -> None: """Create table in data catalog. Args: diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/sra_ssm_params.py b/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/sra_ssm_params.py index 695aae73..62411a46 100644 --- a/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/sra_ssm_params.py +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/sra_ssm_params.py @@ -32,7 +32,7 @@ def __init__(self, logger: Any) -> None: """ self.LOGGER = logger - # Global Variables + # Global Variables self.UNEXPECTED = "Unexpected!" self.BOTO3_CONFIG = Config(retries={"max_attempts": 10, "mode": "standard"}) @@ -59,5 +59,7 @@ def get_home_region(self) -> str: Returns: Home region """ - ssm_response = self.SSM_CLIENT.get_parameter(Name="/sra/control-tower/home-region",) + ssm_response = self.SSM_CLIENT.get_parameter( + Name="/sra/control-tower/home-region", + ) return ssm_response["Parameter"]["Value"] From ef397995df064c367c13e300ef0a7813f46c78e8 Mon Sep 17 00:00:00 2001 From: ievgeniia ieromenko Date: Tue, 10 Sep 2024 15:28:51 -0400 Subject: [PATCH 12/15] linting fixes - checkov --- ...kery-org-ubuntu-pro-20-04-cis-level-1-hardened.yaml | 2 +- .../sra-security-lake-org-configuration-role.yaml | 2 +- .../templates/sra-security-lake-org-configuration.yaml | 10 +++++++++- 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/aws_sra_examples/solutions/ami_bakery/ami_bakery_org/lambda/src/sra-ami-bakery-org-ubuntu-pro-20-04-cis-level-1-hardened.yaml b/aws_sra_examples/solutions/ami_bakery/ami_bakery_org/lambda/src/sra-ami-bakery-org-ubuntu-pro-20-04-cis-level-1-hardened.yaml index a2df9128..0f2e3818 100644 --- a/aws_sra_examples/solutions/ami_bakery/ami_bakery_org/lambda/src/sra-ami-bakery-org-ubuntu-pro-20-04-cis-level-1-hardened.yaml +++ b/aws_sra_examples/solutions/ami_bakery/ami_bakery_org/lambda/src/sra-ami-bakery-org-ubuntu-pro-20-04-cis-level-1-hardened.yaml @@ -74,7 +74,7 @@ Parameters: Type: String pSRAAMIBakeryImageBuilderRoleName: AllowedPattern: ^[\w_+=,.@-]{1,64}$ - Default: sra-ami-bakery-org-ec2-imagebuilder-role + Default: "sra-ami-bakery-org-ec2-imagebuilder-role" ConstraintDescription: Must be a string of characters consisting of upper and lowercase alphanumeric characters up to 64 with including [_+=,.@-], but no spaces. Description: The SRA AMI Bakery Role name for Ubuntu Pro CIS Level 1 hardened image. diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-configuration-role.yaml b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-configuration-role.yaml index f6bf07d3..51886474 100644 --- a/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-configuration-role.yaml +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-configuration-role.yaml @@ -181,7 +181,7 @@ Resources: Resource: !Sub arn:${AWS::Partition}:ram:*:${AWS::AccountId}:resource-share/* Condition: StringLike: - ram:ResourceName: !Sub "*-${pAuditAccountQuerySubscriberExternalId}" + ram:ResourceShareName: !Sub "*-${pAuditAccountQuerySubscriberExternalId}" Tags: - Key: sra-solution Value: !Ref pSRASolutionName diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-configuration.yaml b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-configuration.yaml index 7631cdc2..0d62d870 100644 --- a/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-configuration.yaml +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-configuration.yaml @@ -431,6 +431,8 @@ Resources: reason: The role name is defined checkov: skip: + - id: CKV_AWS_109 + comment: Actions require wildcard in resource or condition provides constraints. - id: CKV_AWS_111 comment: IAM write actions require wildcard in resource Properties: @@ -462,13 +464,19 @@ Resources: Effect: Allow Action: - securitylake:RegisterDataLakeDelegatedAdministrator - - iam:CreateServiceLinkedRole - organizations:DescribeOrganization - organizations:EnableAWSServiceAccess - organizations:ListDelegatedAdministrators - organizations:ListDelegatedServicesForAccount - organizations:RegisterDelegatedAdministrator Resource: "*" + - Sid: AllowCreateServiceLinkedRole + Effect: Allow + Action: iam:CreateServiceLinkedRole + Condition: + StringLike: + iam:AWSServiceName: securitylake.amazonaws.com + Resource: "*" - Sid: SecurityLakeRemoveAdministratorAccess Effect: Allow Action: From a6afce9c6b95b7d61440557200c47d286a410848 Mon Sep 17 00:00:00 2001 From: ievgeniia ieromenko Date: Thu, 12 Sep 2024 13:30:32 -0400 Subject: [PATCH 13/15] adding assertion to ensure uniqueness of external IDs for Security Lake Audit subscribers --- .../templates/sra-security-lake-org-main-ssm.yaml | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-main-ssm.yaml b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-main-ssm.yaml index ec67ac06..f2eacbc0 100644 --- a/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-main-ssm.yaml +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-main-ssm.yaml @@ -447,11 +447,18 @@ Rules: AssertDescription: Please provide External ID for Security Lake Audit (Security Tooling) query access subscriber VerifyEnabledRegions: RuleCondition: !Equals - - !Ref pControlTowerRegionsOnly - - 'false' + - !Ref pControlTowerRegionsOnly + - 'false' Assertions: - Assert: !Not [!Equals [!Ref pEnabledRegions, '']] AssertDescription: Please provide Enabled Regions + ProvideUniqueExternalIds: + RuleCondition: !Equals + - !Ref pAuditAccountDataSubscriberExternalId + - !Ref pAuditAccountQuerySubscriberExternalId + Assertions: + - Assert: !Not [!Equals [!Ref pAuditAccountDataSubscriberExternalId, !Ref pAuditAccountQuerySubscriberExternalId]] + AssertDescription: The external ID for Security Lake Audit (Security Tooling) data access and query access subscribers must be different from one another. Resources: rSecurityLakeQuerySubscriberIAMRoleStackSet: From 27b120b67b89e0c5ae7a78b50c4d728480070d69 Mon Sep 17 00:00:00 2001 From: ievgeniia ieromenko Date: Thu, 12 Sep 2024 16:31:00 -0400 Subject: [PATCH 14/15] allow empty id --- .../templates/sra-security-lake-org-main-ssm.yaml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-main-ssm.yaml b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-main-ssm.yaml index f2eacbc0..11d581d3 100644 --- a/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-main-ssm.yaml +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-main-ssm.yaml @@ -453,9 +453,10 @@ Rules: - Assert: !Not [!Equals [!Ref pEnabledRegions, '']] AssertDescription: Please provide Enabled Regions ProvideUniqueExternalIds: - RuleCondition: !Equals - - !Ref pAuditAccountDataSubscriberExternalId - - !Ref pAuditAccountQuerySubscriberExternalId + RuleCondition: !And + - !Not [!Equals [!Ref pAuditAccountDataSubscriberExternalId, '']] + - !Not [!Equals [!Ref pAuditAccountQuerySubscriberExternalId, '']] + - !Equals [!Ref pAuditAccountDataSubscriberExternalId, !Ref pAuditAccountQuerySubscriberExternalId] Assertions: - Assert: !Not [!Equals [!Ref pAuditAccountDataSubscriberExternalId, !Ref pAuditAccountQuerySubscriberExternalId]] AssertDescription: The external ID for Security Lake Audit (Security Tooling) data access and query access subscribers must be different from one another. From a0c400868f02e5e7deebf97e77a6fe06e06f9e37 Mon Sep 17 00:00:00 2001 From: ievgeniia ieromenko Date: Mon, 16 Sep 2024 16:06:53 -0400 Subject: [PATCH 15/15] comment update --- .../templates/sra-security-lake-org-main-ssm.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-main-ssm.yaml b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-main-ssm.yaml index 11d581d3..899bdeae 100644 --- a/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-main-ssm.yaml +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-main-ssm.yaml @@ -500,8 +500,8 @@ Resources: rSecurityLakeConfigurationIAMRoleStackSet: Type: AWS::CloudFormation::StackSet - DeletionPolicy: Delete # Retain - UpdateReplacePolicy: Delete # Retain + DeletionPolicy: Retain + UpdateReplacePolicy: Retain Properties: StackSetName: sra-security-lake-org-configuration-role AdministrationRoleARN: !Sub arn:${AWS::Partition}:iam::${AWS::AccountId}:role/${pStackSetAdminRole} @@ -601,8 +601,8 @@ Resources: rSecurityLakeKMSKeyStackSet: Type: AWS::CloudFormation::StackSet DependsOn: rSecurityLakeConfigurationIAMRoleStackSet - DeletionPolicy: Delete # Retain - UpdateReplacePolicy: Delete # Retain + DeletionPolicy: Retain + UpdateReplacePolicy: Retain Properties: StackSetName: sra-security-lake-org-kms-key AdministrationRoleARN: !Sub arn:${AWS::Partition}:iam::${AWS::AccountId}:role/${pStackSetAdminRole} @@ -679,8 +679,8 @@ Resources: rSecurityLakeLakeFormationSlrStackSet: Type: AWS::CloudFormation::StackSet - DeletionPolicy: Delete # Retain - UpdateReplacePolicy: Delete # Retain + DeletionPolicy: Retain + UpdateReplacePolicy: Retain Condition: cCreateLakeFormationSlr Properties: StackSetName: sra-security-lake-lakeformation-slr