From bd21b9844483122a46e9e104cb11cc193cde80ca Mon Sep 17 00:00:00 2001 From: Olaf Heimburger Date: Mon, 9 Dec 2024 15:34:18 +0100 Subject: [PATCH] OCI Security Health Check - Standard Edition - Update 241206 --- .../README.md | 48 ++++--- .../README.md | 121 ++++++++++++++---- .../README.txt | 36 +++--- .../scripts/cis_reports/cis_reports.py | 97 +++++++++----- .../standard.sh | 35 ++--- ...curity-health-check-standard-241011.sha512 | 1 - ...ity-health-check-standard-241011.sha512256 | 1 - ...-security-health-check-standard-241011.zip | Bin 73840 -> 0 bytes 8 files changed, 229 insertions(+), 110 deletions(-) delete mode 100644 security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-241011.sha512 delete mode 100644 security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-241011.sha512256 delete mode 100644 security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-241011.zip diff --git a/security/security-design/shared-assets/oci-security-health-check-standard/README.md b/security/security-design/shared-assets/oci-security-health-check-standard/README.md index 7a1a755c3..de7703cee 100644 --- a/security/security-design/shared-assets/oci-security-health-check-standard/README.md +++ b/security/security-design/shared-assets/oci-security-health-check-standard/README.md @@ -2,7 +2,7 @@ Owner: Olaf Heimburger -Version: 241011 +Version: 241206 Reviewed: 01.02.2024 @@ -19,6 +19,15 @@ The *OCI Security Health Check - Standard Edition* checks an OCI tenancy for [CI This asset covers the OCI platform as specified in the *CIS Oracle Cloud Infrastructure Foundations Benchmark*, only. Any workload provisioned in Databases, Compute VMs (running any Operating System), the Container Engine for Kubernetes, or in the VMware Solution is *out of scope* of the *OCI Security Health Check*. +**This is not an official Oracle application and it is not supported by Oracle Support.** + +## Before you begin + +The main goals of this script are: + +- Make the run as easy and smooth as possible. +- Do not affect your desktop whenever possible. + ## Complete Runtime Example See the *OCI Security Health Check - Standard Edition* in action and watch the [OCI Health Checks - Self Service video](https://www.youtube.com/watch?v=EzjKLxfxaAM). @@ -29,22 +38,22 @@ See the *OCI Security Health Check - Standard Edition* in action and watch the [ Before running the *OCI Security Health Check - Standard Edition* you should download and verify it. - - Download the latest distribution [oci-security-health-check-standard-241011.zip](https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-241011.zip). + - Download the latest distribution [oci-security-health-check-standard-241206.zip](https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-241206.zip). - Download the respective checksum file: - - [oci-security-health-check-standard-241011.sha512](https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-241011.sha512). - - [oci-security-health-check-standard-241011.sha512256](https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-241011.sha512256). + - [oci-security-health-check-standard-241206.sha512](https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-241206.sha512). + - [oci-security-health-check-standard-241206.sha512256](https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-241206.sha512256). - Verify the integrity of the distribution. Both files must be in the same directory (for example, in your downloads directory). On MacOS: ``` cd - shasum -a 512256 -c oci-security-health-check-standard-241011.sha512256 + shasum -a 512256 -c oci-security-health-check-standard-241206.sha512256 ``` On Linux (including Cloud Shell): ``` cd - sha512sum -c oci-security-health-check-standard-241011.sha512 + sha512sum -c oci-security-health-check-standard-241206.sha512 ``` **Reject the downloaded file if the check fails!** @@ -57,10 +66,10 @@ In OCI Cloud Shell you can do a short cut without downloading the files mentione 2. Open Cloud Shell 3. Run these commands in your Cloud Shell: ``` - wget -q https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-241011.zip - wget -q https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-241011.sha512 - sha512sum -c oci-security-health-check-standard-241011.sha512 - unzip -q oci-security-health-check-standard-241011.zip + wget -q https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-241206.zip + wget -q https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-241206.sha512 + sha512sum -c oci-security-health-check-standard-241206.sha512 + unzip -q oci-security-health-check-standard-241206.zip ``` ## Prepare the OCI Tenancy @@ -76,7 +85,8 @@ quickest way. If you decide to use this option, please continue reading in ### Recurring usage -For recurring usage, setting up a group for auditing is recommended. For setting this up follow the steps documented next. +For recurring usage, setting up a group for auditing is recommended. For setting this up follow the steps documented in the next section. +This applies for scenarios using the OCI Cloud Shell with public Internet access. For additional usage scenarios see the detailed instructions [README](files/oci-security-health-check-standard/README.md). ### Setting up an *Auditor* group and policy @@ -88,20 +98,22 @@ To create a group for auditing do the following steps: - Create a policy `pcy-auditing` with these statements (if your tenancy does not have Domains, replace `'Default'/'grp-auditors'` with `grp-auditors`): ``` allow group 'Default'/'grp-auditors' to inspect all-resources in tenancy - allow group 'Default'/'grp-auditors' to read instances in tenancy - allow group 'Default'/'grp-auditors' to read load-balancers in tenancy + allow group 'Default'/'grp-auditors' to read audit-events in tenancy allow group 'Default'/'grp-auditors' to read buckets in tenancy - allow group 'Default'/'grp-auditors' to read nat-gateways in tenancy - allow group 'Default'/'grp-auditors' to read public-ips in tenancy + allow group 'Default'/'grp-auditors' to read dns in tenancy + allow group 'Default'/'grp-auditors' to read domains in tenancy allow group 'Default'/'grp-auditors' to read file-family in tenancy allow group 'Default'/'grp-auditors' to read instance-configurations in tenancy + allow group 'Default'/'grp-auditors' to read instances in tenancy + allow group 'Default'/'grp-auditors' to read load-balancers in tenancy + allow group 'Default'/'grp-auditors' to read nat-gateways in tenancy allow group 'Default'/'grp-auditors' to read network-security-groups in tenancy + allow group 'Default'/'grp-auditors' to read public-ips in tenancy allow group 'Default'/'grp-auditors' to read resource-availability in tenancy - allow group 'Default'/'grp-auditors' to read audit-events in tenancy allow group 'Default'/'grp-auditors' to read users in tenancy allow group 'Default'/'grp-auditors' to read vss-family in tenancy - allow group 'Default'/'grp-auditors' to read dns in tenancy allow group 'Default'/'grp-auditors' to use cloud-shell in tenancy + allow group 'Default'/'grp-auditors' to use cloud-shell-public-network in tenancy ``` - Assign a user to the `grp-auditors` group. - Log out of the OCI Console. @@ -117,7 +129,7 @@ After a completed run you will find a directory with a name starting with your t To start with reviewing the results, open the file named `tenancy_name_YYYYMMDDHHmmss_standard_cis_html_summary_report.html`. It may look like this example: -![Flyer](./files/resources/Example_Output.png) +![Example](./files/resources/Example_Output.png) # Known Issues diff --git a/security/security-design/shared-assets/oci-security-health-check-standard/files/oci-security-health-check-standard/README.md b/security/security-design/shared-assets/oci-security-health-check-standard/files/oci-security-health-check-standard/README.md index 76e73fb61..e963d5c36 100644 --- a/security/security-design/shared-assets/oci-security-health-check-standard/files/oci-security-health-check-standard/README.md +++ b/security/security-design/shared-assets/oci-security-health-check-standard/files/oci-security-health-check-standard/README.md @@ -2,7 +2,7 @@ Owner: Olaf Heimburger -Version: 241011 (cis_report.py version 2.8.4+) +Version: 241206 (cis_report.py version 2.8.6) ## When to use this asset? @@ -12,8 +12,14 @@ The *OCI Security Health Check - Standard Edition* checks an OCI tenancy for CIS This asset covers the OCI platform as specified in the *CIS Oracle Cloud Infrastructure Foundations Benchmark*, only. Any workload provisioned in Databases, Compute VMs (running any Operating System), the Container Engine for Kubernetes, or in the VMware Solution is *out of scope* of the *OCI Security Health Check*. -This is not an official Oracle application and it is not supported -by Oracle Support. +**This is not an official Oracle application and it is not supported by Oracle Support.** + +## Before you begin + +The main goals of this script are: + +- Make the run as easy and smooth as possible. +- Do not affect your desktop whenever possible. ## Usage @@ -21,22 +27,22 @@ by Oracle Support. Before running the *OCI Security Health Check - Standard Edition* you should download and verify it. - - Download the latest distribution [oci-security-health-check-standard-241011.zip](https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-241011.zip). + - Download the latest distribution [oci-security-health-check-standard-241206.zip](https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-241206.zip). - Download the respective checksum file: - - [oci-security-health-check-standard-241011.sha512](https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-241011.sha512). - - [oci-security-health-check-standard-241011.sha512256](https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-241011.sha512256). + - [oci-security-health-check-standard-241206.sha512](https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-241206.sha512). + - [oci-security-health-check-standard-241206.sha512256](https://github.com/oracle-devrel/technology-engineering/raw/main/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-241206.sha512256). - Verify the integrity of the distribution. Both files must be in the same directory (for example, in your downloads directory). On MacOS: ``` cd - shasum -a 512256 -c oci-security-health-check-standard-241011.sha512256 + shasum -a 512256 -c oci-security-health-check-standard-241206.sha512256 ``` On Linux (including Cloud Shell): ``` cd - sha512sum -c oci-security-health-check-standard-241011.sha512 + sha512sum -c oci-security-health-check-standard-241206.sha512 ``` **Reject the downloaded file when the check fails!** @@ -67,45 +73,109 @@ To create a group for auditing do the following steps: - For tenancies **without** Identity Domains use ``` allow group grp-auditors to inspect all-resources in tenancy - allow group grp-auditors to read instances in tenancy - allow group grp-auditors to read load-balancers in tenancy + allow group grp-auditors to read audit-events in tenancy allow group grp-auditors to read buckets in tenancy - allow group grp-auditors to read nat-gateways in tenancy - allow group grp-auditors to read public-ips in tenancy + allow group grp-auditors to read dns in tenancy + allow group grp-auditors to read domains in tenancy allow group grp-auditors to read file-family in tenancy allow group grp-auditors to read instance-configurations in tenancy + allow group grp-auditors to read instances in tenancy + allow group grp-auditors to read load-balancers in tenancy + allow group grp-auditors to read nat-gateways in tenancy allow group grp-auditors to read network-security-groups in tenancy + allow group grp-auditors to read public-ips in tenancy allow group grp-auditors to read resource-availability in tenancy - allow group grp-auditors to read audit-events in tenancy allow group grp-auditors to read users in tenancy allow group grp-auditors to read vss-family in tenancy - allow group grp-auditors to read dns in tenancy allow group grp-auditors to use cloud-shell in tenancy + allow group grp-auditors to use cloud-shell-public-network in tenancy ``` - For tenancies **with** Identity Domains use ``` allow group 'Default'/'grp-auditors' to inspect all-resources in tenancy - allow group 'Default'/'grp-auditors' to read instances in tenancy - allow group 'Default'/'grp-auditors' to read load-balancers in tenancy + allow group 'Default'/'grp-auditors' to read audit-events in tenancy allow group 'Default'/'grp-auditors' to read buckets in tenancy - allow group 'Default'/'grp-auditors' to read nat-gateways in tenancy - allow group 'Default'/'grp-auditors' to read public-ips in tenancy + allow group 'Default'/'grp-auditors' to read dns in tenancy + allow group 'Default'/'grp-auditors' to read domains in tenancy allow group 'Default'/'grp-auditors' to read file-family in tenancy allow group 'Default'/'grp-auditors' to read instance-configurations in tenancy + allow group 'Default'/'grp-auditors' to read instances in tenancy + allow group 'Default'/'grp-auditors' to read load-balancers in tenancy + allow group 'Default'/'grp-auditors' to read nat-gateways in tenancy allow group 'Default'/'grp-auditors' to read network-security-groups in tenancy + allow group 'Default'/'grp-auditors' to read public-ips in tenancy allow group 'Default'/'grp-auditors' to read resource-availability in tenancy - allow group 'Default'/'grp-auditors' to read audit-events in tenancy allow group 'Default'/'grp-auditors' to read users in tenancy allow group 'Default'/'grp-auditors' to read vss-family in tenancy - allow group 'Default'/'grp-auditors' to read dns in tenancy allow group 'Default'/'grp-auditors' to use cloud-shell in tenancy + allow group 'Default'/'grp-auditors' to use cloud-shell-public-network in tenancy ``` - Assign a user to the `grp-auditors` group - Log out of the OCI Console ### Run the OCI Security Health Check in OCI Cloud Shell -The recommended way is to run the *OCI Security Health Check - Standard* in the OCI Cloud Shell. It does not require any additional configuration on a local desktop machine. +The recommended way is to run the *OCI Security Health Check - Standard* in the [OCI Cloud Shell](https://docs.oracle.com/en-us/iaas/Content/API/Concepts/cloudshellintro.htm). It does not require any additional configuration on a local desktop machine. + +#### Required IAM Policy statements + +The following policy statement is part of the recommended policy statements for the `grp-auditors` group: +``` +allow group 'Default'/'grp-auditors' to use cloud-shell in tenancy +``` + +#### Networking Options for OCI Cloud Shell + +OCI Cloud Shell sessions do not allow for any incoming connections, and there is no public IP address available. + +So far, the *OCI Security Health Check - Standard Edition* in OCI Cloud Shell has been tested with Public Network Access only. + +For details on OCI Cloud Shell Networking refer to [OCI Cloud Shell Networking](https://docs.oracle.com/en-us/iaas/Content/API/Concepts/cloudshellintro_topic-Cloud_Shell_Networking.htm#cloudshellintro_topic-Cloud_Shell_Networking) documentation. + + + #### Upload the release file @@ -117,10 +187,10 @@ The recommended way is to run the *OCI Security Health Check - Standard* in the - Upload the distribution file. - Extract it ``` - unzip -q oci-security-health-check-standard-241011.zip + unzip -q oci-security-health-check-standard-241206.zip ``` -### Run the script +#### Run the script - Change directory into `oci-security-health-check-standard`: ``` $ cd oci-security-health-check-standard @@ -142,6 +212,7 @@ The recommended way is to run the *OCI Security Health Check - Standard* in the ``` ./standard.sh -h ``` + ### Using an OCI Compute VM (Oracle Linux) - Create a Dynamic Group @@ -190,11 +261,11 @@ The recommended way is to run the *OCI Security Health Check - Standard* in the Follow the instructions to select /usr/bin/python3.9 - Log out - - From your desktop, upload the `oci-security-health-check-standard-241011.zip` file to the Compute VM using any SFTP client. + - From your desktop, upload the `oci-security-health-check-standard-241206.zip` file to the Compute VM using any SFTP client. - Log into the Compute VM - Extract the distribution ``` - unzip -q oci-security-health-check-standard-241011.zip + unzip -q oci-security-health-check-standard-241206.zip ``` - Change directory into `oci-security-health-check-standard`: ``` diff --git a/security/security-design/shared-assets/oci-security-health-check-standard/files/oci-security-health-check-standard/README.txt b/security/security-design/shared-assets/oci-security-health-check-standard/files/oci-security-health-check-standard/README.txt index 256dd75fa..528308620 100644 --- a/security/security-design/shared-assets/oci-security-health-check-standard/files/oci-security-health-check-standard/README.txt +++ b/security/security-design/shared-assets/oci-security-health-check-standard/files/oci-security-health-check-standard/README.txt @@ -2,7 +2,7 @@ OCI Security Health Check - Standard Edition ============================================ Owner: Olaf Heimburger -Version: 241011 (cis_report.py version 2.8.4) +Version: 241206 (cis_report.py version 2.8.6) When to use this asset? @@ -42,36 +42,40 @@ Usage - Create a policy pcy-auditing with these statements: - For tenancies without Identity Domains use allow group grp-auditors to inspect all-resources in tenancy - allow group grp-auditors to read instances in tenancy - allow group grp-auditors to read load-balancers in tenancy + allow group grp-auditors to read audit-events in tenancy allow group grp-auditors to read buckets in tenancy - allow group grp-auditors to read nat-gateways in tenancy - allow group grp-auditors to read public-ips in tenancy + allow group grp-auditors to read dns in tenancy + allow group grp-auditors to read domains in tenancy allow group grp-auditors to read file-family in tenancy allow group grp-auditors to read instance-configurations in tenancy + allow group grp-auditors to read instances in tenancy + allow group grp-auditors to read load-balancers in tenancy + allow group grp-auditors to read nat-gateways in tenancy allow group grp-auditors to read network-security-groups in tenancy + allow group grp-auditors to read public-ips in tenancy allow group grp-auditors to read resource-availability in tenancy - allow group grp-auditors to read audit-events in tenancy allow group grp-auditors to read users in tenancy allow group grp-auditors to read vss-family in tenancy - allow group grp-auditors to read dns in tenancy allow group grp-auditors to use cloud-shell in tenancy + allow group grp-auditors to use cloud-shell-public-network in tenancy - For tenancies *with* Identity Domains use allow group 'Default'/'grp-auditors' to inspect all-resources in tenancy - allow group 'Default'/'grp-auditors' to read instances in tenancy - allow group 'Default'/'grp-auditors' to read load-balancers in tenancy + allow group 'Default'/'grp-auditors' to read audit-events in tenancy allow group 'Default'/'grp-auditors' to read buckets in tenancy - allow group 'Default'/'grp-auditors' to read nat-gateways in tenancy - allow group 'Default'/'grp-auditors' to read public-ips in tenancy + allow group 'Default'/'grp-auditors' to read dns in tenancy + allow group 'Default'/'grp-auditors' to read domains in tenancy allow group 'Default'/'grp-auditors' to read file-family in tenancy allow group 'Default'/'grp-auditors' to read instance-configurations in tenancy + allow group 'Default'/'grp-auditors' to read instances in tenancy + allow group 'Default'/'grp-auditors' to read load-balancers in tenancy + allow group 'Default'/'grp-auditors' to read nat-gateways in tenancy allow group 'Default'/'grp-auditors' to read network-security-groups in tenancy + allow group 'Default'/'grp-auditors' to read public-ips in tenancy allow group 'Default'/'grp-auditors' to read resource-availability in tenancy - allow group 'Default'/'grp-auditors' to read audit-events in tenancy allow group 'Default'/'grp-auditors' to read users in tenancy allow group 'Default'/'grp-auditors' to read vss-family in tenancy - allow group 'Default'/'grp-auditors' to read dns in tenancy allow group 'Default'/'grp-auditors' to use cloud-shell in tenancy + allow group 'Default'/'grp-auditors' to use cloud-shell-public-network in tenancy - Assign a user to the grp-auditors group - Log out of OCI Console @@ -81,7 +85,7 @@ Usage - From the menu select the Cloud Shell item. - When running it the first time: - Upload the provided ZIP file. - - Extract it with unzip -q oci-security-health-check-standard-241011.zip + - Extract it with unzip -q oci-security-health-check-standard-241206.zip - Change directory into oci-security-health-check-standard $ cd oci-security-health-check-standard $ screen @@ -138,11 +142,11 @@ Usage - Log out - From your desktop, upload the - "oci-security-health-check-standard-241011.zip" file to the Compute VM + "oci-security-health-check-standard-241206.zip" file to the Compute VM using any SFTP client. - Log into the Compute VM - Extract the distribution - unzip -q oci-security-health-check-standard-241011.zip + unzip -q oci-security-health-check-standard-241206.zip - Change directory into "oci-security-health-check-standard": cd oci-security-health-check-standard diff --git a/security/security-design/shared-assets/oci-security-health-check-standard/files/oci-security-health-check-standard/scripts/cis_reports/cis_reports.py b/security/security-design/shared-assets/oci-security-health-check-standard/files/oci-security-health-check-standard/scripts/cis_reports/cis_reports.py index c9d0822ad..5a49f7398 100644 --- a/security/security-design/shared-assets/oci-security-health-check-standard/files/oci-security-health-check-standard/scripts/cis_reports/cis_reports.py +++ b/security/security-design/shared-assets/oci-security-health-check-standard/files/oci-security-health-check-standard/scripts/cis_reports/cis_reports.py @@ -42,9 +42,9 @@ except Exception: OUTPUT_DIAGRAMS = False -RELEASE_VERSION = "2.8.4" -PYTHON_SDK_VERSION = "2.129.4" -UPDATED_DATE = "July 26, 2024" +RELEASE_VERSION = "2.8.6" +PYTHON_SDK_VERSION = "2.139.0" +UPDATED_DATE = "November 20, 2024" ########################################################################## @@ -1730,7 +1730,8 @@ def __identity_read_tenancy_policies(self): policies_data = oci.pagination.list_call_get_all_results( self.__regions[self.__home_region]['search_client'].search_resources, search_details=oci.resource_search.models.StructuredSearchDetails( - query="query Policy resources return allAdditionalFields where compartmentId != '" + self.__managed_paas_compartment_id + "'") + query="query Policy resources return allAdditionalFields where compartmentId != '" + self.__managed_paas_compartment_id + "'"), + tenant_id=self.__tenancy.id ).data for policy in policies_data: @@ -1826,7 +1827,9 @@ def __os_read_buckets(self): buckets_data = oci.pagination.list_call_get_all_results( region_values['search_client'].search_resources, search_details=oci.resource_search.models.StructuredSearchDetails( - query="query Bucket resources return allAdditionalFields where compartmentId != '" + self.__managed_paas_compartment_id + "'") + query="query Bucket resources return allAdditionalFields where compartmentId != '" + self.__managed_paas_compartment_id + "'"), + tenant_id=self.__tenancy.id + ).data # Getting Bucket Info for bucket in buckets_data: @@ -1890,7 +1893,9 @@ def __block_volume_read_block_volumes(self): volumes_data = oci.pagination.list_call_get_all_results( region_values['search_client'].search_resources, search_details=oci.resource_search.models.StructuredSearchDetails( - query="query Volume resources return allAdditionalFields where compartmentId != '" + self.__managed_paas_compartment_id + "'") + query="query Volume resources return allAdditionalFields where compartmentId != '" + self.__managed_paas_compartment_id + "'"), + tenant_id=self.__tenancy.id + ).data # Getting Block Volume inf @@ -1961,7 +1966,8 @@ def __boot_volume_read_boot_volumes(self): boot_volumes_data = oci.pagination.list_call_get_all_results( region_values['search_client'].search_resources, search_details=oci.resource_search.models.StructuredSearchDetails( - query="query BootVolume resources return allAdditionalFields where compartmentId != '" + self.__managed_paas_compartment_id + "'") + query="query BootVolume resources return allAdditionalFields where compartmentId != '" + self.__managed_paas_compartment_id + "'"), + tenant_id=self.__tenancy.id ).data for boot_volume in boot_volumes_data: @@ -2031,7 +2037,8 @@ def __fss_read_fsss(self): fss_data = oci.pagination.list_call_get_all_results( region_values['search_client'].search_resources, search_details=oci.resource_search.models.StructuredSearchDetails( - query="query FileSystem resources return allAdditionalFields where compartmentId != '" + self.__managed_paas_compartment_id + "'") + query="query FileSystem resources return allAdditionalFields where compartmentId != '" + self.__managed_paas_compartment_id + "'"), + tenant_id=self.__tenancy.id ).data for fss in fss_data: @@ -2093,7 +2100,8 @@ def __network_read_network_security_groups_rules(self): nsgs_data = oci.pagination.list_call_get_all_results( region_values['search_client'].search_resources, search_details=oci.resource_search.models.StructuredSearchDetails( - query="query NetworkSecurityGroup resources return allAdditionalFields where compartmentId != '" + self.__managed_paas_compartment_id + "'") + query="query NetworkSecurityGroup resources return allAdditionalFields where compartmentId != '" + self.__managed_paas_compartment_id + "'"), + tenant_id=self.__tenancy.id ).data # Looping through NSGs to to get @@ -2157,7 +2165,8 @@ def __network_read_network_security_lists(self): security_lists_data = oci.pagination.list_call_get_all_results( region_values['search_client'].search_resources, search_details=oci.resource_search.models.StructuredSearchDetails( - query="query SecurityList resources return allAdditionalFields where compartmentId != '" + self.__managed_paas_compartment_id + "'") + query="query SecurityList resources return allAdditionalFields where compartmentId != '" + self.__managed_paas_compartment_id + "'"), + tenant_id=self.__tenancy.id ).data # Looping through Security Lists to to get @@ -2224,7 +2233,8 @@ def __network_read_network_subnets(self): subnets_data = oci.pagination.list_call_get_all_results( region_values['search_client'].search_resources, search_details=oci.resource_search.models.StructuredSearchDetails( - query="query Subnet resources return allAdditionalFields where compartmentId != '" + self.__managed_paas_compartment_id + "'") + query="query Subnet resources return allAdditionalFields where compartmentId != '" + self.__managed_paas_compartment_id + "'"), + tenant_id=self.__tenancy.id ).data try: @@ -2303,7 +2313,8 @@ def __network_read_drg_attachments(self): drg_resources = oci.pagination.list_call_get_all_results( region_values['search_client'].search_resources, search_details=oci.resource_search.models.StructuredSearchDetails( - query="query DrgAttachment resources return allAdditionalFields where compartmentId != '" + self.__managed_paas_compartment_id + "'") + query="query DrgAttachment resources return allAdditionalFields where compartmentId != '" + self.__managed_paas_compartment_id + "'"), + tenant_id=self.__tenancy.id ).data compartments = set() @@ -2388,7 +2399,8 @@ def __network_read_drgs(self): drg_resources = oci.pagination.list_call_get_all_results( region_values['search_client'].search_resources, search_details=oci.resource_search.models.StructuredSearchDetails( - query="query Drg resources return allAdditionalFields where compartmentId != '" + self.__managed_paas_compartment_id + "'") + query="query Drg resources return allAdditionalFields where compartmentId != '" + self.__managed_paas_compartment_id + "'"), + tenant_id=self.__tenancy.id ).data compartments = set() @@ -2472,7 +2484,8 @@ def __network_read_fastonnects(self): fastconnects = oci.pagination.list_call_get_all_results( region_values['search_client'].search_resources, search_details=oci.resource_search.models.StructuredSearchDetails( - query="query VirtualCircuit resources return allAdditionalFields where compartmentId != '" + self.__managed_paas_compartment_id + "'") + query="query VirtualCircuit resources return allAdditionalFields where compartmentId != '" + self.__managed_paas_compartment_id + "'"), + tenant_id=self.__tenancy.id ).data compartments = set() @@ -2586,7 +2599,8 @@ def __network_read_ip_sec_connections(self): ip_sec_connections_data = oci.pagination.list_call_get_all_results( region_values['search_client'].search_resources, search_details=oci.resource_search.models.StructuredSearchDetails( - query="query IPSecConnection resources return allAdditionalFields where compartmentId != '" + self.__managed_paas_compartment_id + "'") + query="query IPSecConnection resources return allAdditionalFields where compartmentId != '" + self.__managed_paas_compartment_id + "'"), + tenant_id=self.__tenancy.id ).data for ip_sec in ip_sec_connections_data: @@ -2728,7 +2742,8 @@ def __adb_read_adbs(self): adb_query_resources = oci.pagination.list_call_get_all_results( region_values['search_client'].search_resources, search_details=oci.resource_search.models.StructuredSearchDetails( - query="query AutonomousDatabase resources return allAdditionalFields where compartmentId != '" + self.__managed_paas_compartment_id + "'") + query="query AutonomousDatabase resources return allAdditionalFields where compartmentId != '" + self.__managed_paas_compartment_id + "'"), + tenant_id=self.__tenancy.id ).data compartments = set() @@ -2777,7 +2792,8 @@ def __oic_read_oics(self): oic_resources = oci.pagination.list_call_get_all_results( region_values['search_client'].search_resources, search_details=oci.resource_search.models.StructuredSearchDetails( - query="query IntegrationInstance resources return allAdditionalFields where compartmentId != '" + self.__managed_paas_compartment_id + "'") + query="query IntegrationInstance resources return allAdditionalFields where compartmentId != '" + self.__managed_paas_compartment_id + "'"), + tenant_id=self.__tenancy.id ).data compartments = set() @@ -2854,7 +2870,8 @@ def __oac_read_oacs(self): oac_resources = oci.pagination.list_call_get_all_results( region_values['search_client'].search_resources, search_details=oci.resource_search.models.StructuredSearchDetails( - query="query AnalyticsInstance resources return allAdditionalFields where compartmentId != '" + self.__managed_paas_compartment_id + "'") + query="query AnalyticsInstance resources return allAdditionalFields where compartmentId != '" + self.__managed_paas_compartment_id + "'"), + tenant_id=self.__tenancy.id ).data compartments = set() @@ -2924,7 +2941,8 @@ def __events_read_event_rules(self): events_rules_data = oci.pagination.list_call_get_all_results( region_values['search_client'].search_resources, search_details=oci.resource_search.models.StructuredSearchDetails( - query="query EventRule resources return allAdditionalFields where compartmentId != '" + self.__managed_paas_compartment_id + "'") + query="query EventRule resources return allAdditionalFields where compartmentId != '" + self.__managed_paas_compartment_id + "'"), + tenant_id=self.__tenancy.id ).data for event_rule in events_rules_data: @@ -2959,7 +2977,8 @@ def __logging_read_log_groups_and_logs(self): log_groups = oci.pagination.list_call_get_all_results( region_values['search_client'].search_resources, search_details=oci.resource_search.models.StructuredSearchDetails( - query="query LogGroup resources return allAdditionalFields where compartmentId != '" + self.__managed_paas_compartment_id + "'") + query="query LogGroup resources return allAdditionalFields where compartmentId != '" + self.__managed_paas_compartment_id + "'"), + tenant_id=self.__tenancy.id ).data # Looping through log groups to get logs @@ -3063,7 +3082,8 @@ def __kms_read_keys(self): keys_data = oci.pagination.list_call_get_all_results( region_values['search_client'].search_resources, search_details=oci.resource_search.models.StructuredSearchDetails( - query="query Key resources return allAdditionalFields where compartmentId != '" + self.__managed_paas_compartment_id + "'") + query="query Key resources return allAdditionalFields where compartmentId != '" + self.__managed_paas_compartment_id + "'"), + tenant_id=self.__tenancy.id ).data vaults_set = set() @@ -3308,7 +3328,8 @@ def __ons_read_subscriptions(self): subs_data = oci.pagination.list_call_get_all_results( region_values['search_client'].search_resources, search_details=oci.resource_search.models.StructuredSearchDetails( - query="query OnsSubscription resources return allAdditionalFields where compartmentId != '" + self.__managed_paas_compartment_id + "'") + query="query OnsSubscription resources return allAdditionalFields where compartmentId != '" + self.__managed_paas_compartment_id + "'"), + tenant_id=self.__tenancy.id ).data debug("\t__ons_read_subscriptions: Recieved " + str(len(subs_data)) + " subscriptions in region " + str(region_key)) for sub in subs_data: @@ -3380,7 +3401,8 @@ def __sch_read_service_connectors(self): service_connectors_data = oci.pagination.list_call_get_all_results( region_values['search_client'].search_resources, search_details=oci.resource_search.models.StructuredSearchDetails( - query="query ServiceConnector resources return allAdditionalFields where compartmentId != '" + self.__managed_paas_compartment_id + "'") + query="query ServiceConnector resources return allAdditionalFields where compartmentId != '" + self.__managed_paas_compartment_id + "'"), + tenant_id=self.__tenancy.id ).data # Getting Bucket Info @@ -3457,7 +3479,8 @@ def __search_resources_in_root_compartment(self): structured_search_query = oci.resource_search.models.StructuredSearchDetails(query=query_non_compliant) search_results = oci.pagination.list_call_get_all_results( region_values['search_client'].search_resources, - search_details=structured_search_query + search_details=structured_search_query, + tenant_id=self.__tenancy.id ).data for item in search_results: @@ -3472,7 +3495,8 @@ def __search_resources_in_root_compartment(self): structured_search_all_query = oci.resource_search.models.StructuredSearchDetails(query=query_all_resources) structured_search_all_resources = oci.pagination.list_call_get_all_results( region_values['search_client'].search_resources, - search_details=structured_search_all_query + search_details=structured_search_all_query, + tenant_id=self.__tenancy.id ).data for item in structured_search_all_resources: @@ -3506,7 +3530,8 @@ def __search_query_resource_type(self, resource_type, search_client): results = oci.pagination.list_call_get_all_results( search_client.search_resources, search_details=oci.resource_search.models.StructuredSearchDetails( - query=query) + query=query), + tenant_id=self.__tenancy.id ).data return oci.util.to_dict(results) @@ -3598,7 +3623,8 @@ def __certificates_read_certificates(self): certificates_data = oci.pagination.list_call_get_all_results( region_values['search_client'].search_resources, search_details=oci.resource_search.models.StructuredSearchDetails( - query="query certificate resources return allAdditionalFields") + query="query certificate resources return allAdditionalFields"), + tenant_id=self.__tenancy.id ).data cert_compartments = {} debug("\t__certificates_read_certificates: Got Ceritificates from ") @@ -4608,13 +4634,16 @@ def __obp_analyze_tenancy_data(self): elif attachment['network_type'].upper() == 'VIRTUAL_CIRCUIT': # Checking for Provision and BGP enabled Virtual Circuits and that it is associated - for virtual_circuit in self.__network_fastconnects[attachment['drg_id']]: - if attachment['network_id'] == virtual_circuit['id']: - if virtual_circuit['lifecycle_state'].upper() == 'PROVISIONED' and virtual_circuit['bgp_session_state'].upper() == "UP": - # Good VC to increment number of VCs and append the provider name - fast_connect_providers.add(virtual_circuit['provider_name']) - number_of_valid_fast_connect_circuits += 1 - + try: + for virtual_circuit in self.__network_fastconnects[attachment['drg_id']]: + if attachment['network_id'] == virtual_circuit['id']: + if virtual_circuit['lifecycle_state'].upper() == 'PROVISIONED' and virtual_circuit['bgp_session_state'].upper() == "UP": + # Good VC to increment number of VCs and append the provider name + fast_connect_providers.add(virtual_circuit['provider_name']) + number_of_valid_fast_connect_circuits += 1 + except Exception: + debug("__obp_analyze_tenancy_data: Fast Connect Connections check: DRG ID not found " + str(drg_id)) + self.__errors.append({"id" : str(drg_id), "error" : str("__obp_analyze_tenancy_data: Fast Connect Connections check: DRG ID not found")}) try: record = { "drg_id": drg_id, diff --git a/security/security-design/shared-assets/oci-security-health-check-standard/files/oci-security-health-check-standard/standard.sh b/security/security-design/shared-assets/oci-security-health-check-standard/files/oci-security-health-check-standard/standard.sh index 44996f5e0..2a235bfd5 100755 --- a/security/security-design/shared-assets/oci-security-health-check-standard/files/oci-security-health-check-standard/standard.sh +++ b/security/security-design/shared-assets/oci-security-health-check-standard/files/oci-security-health-check-standard/standard.sh @@ -7,7 +7,7 @@ # # Author: Olaf Heimburger # -VERSION=241011 +VERSION=241206 OS_TYPE=$(uname) ASSESS_DIR=$(dirname $0) @@ -175,12 +175,13 @@ done if [ $IS_ADVANCED -ne 1 ]; then RUN_SHOWOCI=0 RUN_CIS=1 + CIS_DATA_OPT="" else if [ -z "$CIS_DATA_OPT" ]; then CIS_DATA_OPT="--obp --all-resources" fi if [ -z "$SHOWOCI_DATA_OPT" ]; then - SHOWOCI_DATA_OPT="-nsum -a -dsa" + SHOWOCI_DATA_OPT="-ns -a -dsa" fi fi @@ -214,12 +215,14 @@ if [ ! -d ${PYTHON_ENV} ]; then ${PYTHON_CMD} -m venv ${PYTHON_ENV} fi -PIP_OPTS="-q --user --no-warn-script-location" +PIP_OPTS="-q --no-warn-script-location" if [ -d ${PYTHON_ENV} ]; then source ${PYTHON_ENV}/bin/activate - if [ -z "${CLOUD_SHELL_TOOL_SET}" ]; then - ${PYTHON_CMD} -m pip install pip --upgrade ${PIP_OPTS} - fi + PYTHON_CMD=$(which python3) + # if [ -z "${CLOUD_SHELL_TOOL_SET}" ]; then + # ${PYTHON_CMD} -m pip install pip --upgrade ${PIP_OPTS} + # fi + ${PYTHON_CMD} -m pip install pip --upgrade ${PIP_OPTS} fi printf "INFO: Checking for required libraries...\n" @@ -268,37 +271,39 @@ else fi printf "INFO: %s\n" "${INFO_STR}" -CIS_OPTS="-t ${TENANCY} ${CIS_REGION_OPT} ${CIS_DATA_OPT} ${AUTH_OPT}" +CIS_OPTS="-t ${TENANCY} ${CIS_REGION_OPT} ${CIS_DATA_OPT} ${AUTH_OPT} --report-summary-json --report-prefix ${OUTPUT_DIR_NAME}" SHOWOCI_OPTS="-t ${TENANCY} ${SHOWOCI_REGION_OPT} ${AUTH_OPT} ${SHOWOCI_DATA_OPT}" trap "cleanup; echo The script has been canceled; exiting" 1 2 3 6 _W_=$(which script | wc -c) if [ $RUN_CIS -eq 1 ]; then out=$(echo -n ${OUTPUT_DIR} | sed -e 's;\./;;g') + CIS_OPTS="${CIS_OPTS} --report-directory ${out}" if [ ${_W_} -gt 0 ]; then if [ "${OS_TYPE}" == 'Darwin' ]; then - ${SCRIPT_CMD} -q ${out}/assess_cis_report.txt ${PYTHON_CMD} ${CIS_SCRIPT} ${CIS_OPTS} --report-summary-json --report-directory ${out} --report-prefix ${OUTPUT_DIR_NAME} + ${SCRIPT_CMD} -q ${out}/assess_cis_report.txt ${PYTHON_CMD} ${CIS_SCRIPT} ${CIS_OPTS} else - ${SCRIPT_CMD} -c "${PYTHON_CMD} ${CIS_SCRIPT} ${CIS_OPTS} --report-directory ${out} --report-prefix ${OUTPUT_DIR_NAME}" ${out}/assess_cis_report.txt + ${SCRIPT_CMD} -c "${PYTHON_CMD} ${CIS_SCRIPT} ${CIS_OPTS}" ${out}/assess_cis_report.txt fi else - ${PYTHON_CMD} ${CIS_SCRIPT} ${CIS_OPTS} --report-directory ${out} + ${PYTHON_CMD} ${CIS_SCRIPT} ${CIS_OPTS} fi fi if [ $RUN_SHOWOCI -eq 1 ]; then if [ -z "${BUFFERED}" ]; then export PYTHONUNBUFFERED=TRUE fi + # SHOWOCI_CSV="-csv_nodate -csv ${OUTPUT_DIR}/showoci_${OUTPUT_DIR_NAME}" + SHOWOCI_XLSX="-xlsx_nodate -xlsx ${OUTPUT_DIR}/showoci_${OUTPUT_DIR_NAME}" + SHOWOCI_JSON="-jf ${OUTPUT_DIR}/showoci_${OUTPUT_DIR_NAME}.json" if [ ${_W_} -gt 0 ]; then if [ "${OS_TYPE}" == 'Darwin' ]; then - echo "${SCRIPT_CMD} -q ${OUTPUT_DIR}/assess_showoci.txt ${PYTHON_CMD} ${SHOWOCI_SCRIPT} ${SHOWOCI_OPTS} -jf ${OUTPUT_DIR}/showoci_${OUTPUT_DIR_NAME}.json -xlsx_nodate -xlsx ${OUTPUT_DIR}/showoci_${OUTPUT_DIR_NAME}" - ${SCRIPT_CMD} -q ${OUTPUT_DIR}/assess_showoci.txt ${PYTHON_CMD} ${SHOWOCI_SCRIPT} ${SHOWOCI_OPTS} -jf ${OUTPUT_DIR}/showoci_${OUTPUT_DIR_NAME}.json -xlsx_nodate -xlsx ${OUTPUT_DIR}/showoci_${OUTPUT_DIR_NAME} + ${SCRIPT_CMD} -q ${OUTPUT_DIR}/assess_showoci.txt ${PYTHON_CMD} ${SHOWOCI_SCRIPT} ${SHOWOCI_OPTS} ${SHOWOCI_JSON} ${SHOWOCI_XLSX} ${SHOWOCI_CSV} else - echo "${SCRIPT_CMD} -c "${PYTHON_CMD} ${SHOWOCI_SCRIPT} ${SHOWOCI_OPTS} -jf ${OUTPUT_DIR}/showoci_${OUTPUT_DIR_NAME}.json -xlsx_nodate -xlsx ${OUTPUT_DIR}/showoci_${OUTPUT_DIR_NAME}" ${OUTPUT_DIR}/assess_showoci.txt" - ${SCRIPT_CMD} -c "${PYTHON_CMD} ${SHOWOCI_SCRIPT} ${SHOWOCI_OPTS} -jf ${OUTPUT_DIR}/showoci_${OUTPUT_DIR_NAME}.json -xlsx_nodate -xlsx ${OUTPUT_DIR}/showoci_${OUTPUT_DIR_NAME}" ${OUTPUT_DIR}/assess_showoci.txt + ${SCRIPT_CMD} -c "${PYTHON_CMD} ${SHOWOCI_SCRIPT} ${SHOWOCI_OPTS} ${SHOWOCI_JSON} ${SHOWOCI_XLSX} ${SHOWOCI_CSV}" ${OUTPUT_DIR}/assess_showoci.txt fi else - ${PYTHON_CMD} ${SHOWOCI_SCRIPT} ${SHOWOCI_OPTS} -jf ${OUTPUT_DIR}/showoci_${OUTPUT_DIR_NAME}.json -xlsx_nodate -xlsx ${OUTPUT_DIR}/showoci_${OUTPUT_DIR_NAME} + ${PYTHON_CMD} ${SHOWOCI_SCRIPT} ${SHOWOCI_OPTS} ${SHOWOCI_JSON} ${SHOWOCI_XLSX} ${SHOWOCI_CSV} fi fi DIR_PARENT_OUTPUT="$(dirname ${OUTPUT_DIR})" diff --git a/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-241011.sha512 b/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-241011.sha512 deleted file mode 100644 index 3bf3349cd..000000000 --- a/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-241011.sha512 +++ /dev/null @@ -1 +0,0 @@ -b73309d7fae146aa3464ade684f9728c1d7d258bf5d6325f81914417a74c9678111f7bdbdbfcd046d9a30826fcc66af12dd622dc68f8099a5c1ce1ed5fd76a1c oci-security-health-check-standard-241011.zip diff --git a/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-241011.sha512256 b/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-241011.sha512256 deleted file mode 100644 index c742319b3..000000000 --- a/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-241011.sha512256 +++ /dev/null @@ -1 +0,0 @@ -df870a5770f37e353d84bbb6e56185e092729636b5fe2525b6659b55300b2353 oci-security-health-check-standard-241011.zip diff --git a/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-241011.zip b/security/security-design/shared-assets/oci-security-health-check-standard/files/resources/oci-security-health-check-standard-241011.zip deleted file mode 100644 index df38da37389540f5101dfb7caf1c83168f56d39b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 73840 zcmbTcQ*bU!6s{TD`C{(awrv|bwr$(Co$T1QZQHh;%s;0FXKHTFOjk9o-tJn}wd!5{ zw1PA!7y#&hZ!hN3n*U?*e+v`!{QE{+z?9<=5r2G-8zv_|G8Mpm>=&IY!| z29Cz`3jc=y)c+8`77*H71qA|PfCK`f`d<@}krWn{Qx-K*k*(ceK3Ok40Jlm;8$MF}_B6`n^Qa2-ZFDj>Hnw1#cwau>ADL@SpB;Y2IjP3;URKXmRf}Pt5l}-H3QCr&|e}0>{5Ll_Xs(|A>w1y2>q6gw`$^H8=Vz|jXK(0 z=gd7#gJ9;}nUC?41b(H|$gxx72TI++^@lOnfJ(NZ?^R~g(LS`4FN4&Y+hG0CtUE8C zf0#7JtxtElF0lVdTpdS{^wI5!bp>;McXCU~7{AMItIOJUk+e*eo@9a+u06 z%3(JB#Dl3k!xUk#lD$UKY-LxzF5`k!H1o1QoYVr>h+f(pE-S9#O#9ZR^r{llp(AK7 zvjFQOn4=8`e@3Wo=Q{L)DEWo%CV8v=s|ZVgD`1tKo;$$WaN^};4}l!)2w?y0$Epoq zUz+a=8g;lCawoYDA^FEB9DZqY`W4xC#|@^pJ_^bR!p5Ni^!2LZ{X!qNbvX9hX|sd{ zi9~-XcqYD{i*vlR=)_d)Nx1+mNt+w{vXD5$v7dfX$KG%VT=Zgy7yEkXzCZh2Xk`*W zM7Yk?C5?TWTMZ70ct0K9w&)@v+Crr_z*E?kZFjnb&5AzNr8)B}s&RWg0iHO;P(2;>{3&LX?Uu}&n5g7#E@ z7+Z7~S)m>wDY#suE$Acrd7fzVXX>!_GI2$-A-e93G_c`L8ig^%&N3nRo-E&_4Z2sX zhYD1RE}pHTD9vR^dJ5y9k>Zd>6vtnF64$_=?(sqK0|i4-zyKe^dW>q8Ex&7-Kavz;T>J6fw5j$x}6{&lRp=b`oV-!X};O%bT_d--&3zJYe5d0pv z-L`tg@I~|W7UWy|dIbIHLdIkYpl;STC1X9*f_-$Ub>l>}u8YzDMW4q}7^~tEGvsBGPhsyLJZZJ=MILH*Gnns1zKo%kybEa`gw$DhEN^6$!Ck7`hscU)& z#+j45Pd)!D;z%SqWo!xzk!sXmBvMx-lETP6P6obON>Yo{vzRn4Njp!x@1MMlq%d~q)*MbjiN6#`h zp@atdO+pS`tx1R^(8`<=Rlt`xpBCSfIb-|Ksz9pLtU|^ReYamJ(HJg0g(p>fz(8}* z5PEmAp83QIZCt>sr+?}J-uek*!wG&11!i~bYqmRsvE7#qSFR)@EV>XphTAF5{{@+5@2_-N_IFBmL8a}Cz!(=^jxKE&_z=UVQ zB?JnQMp(AV6(oL+P8$VYjM$4CpphQ>v0|jFg0Z&&X)XkWXK$)}C@|cmPGqspl? zx`@7A;u?0i_U)~b*y@wPO#OGB%#|)`(ZBFvC6{8y$Sa@J&K%l-P=wi}@U0FV)9zJ% zufwg*cHjy;0>2yH0AA31uvczvQ$Z1m05X6U1ie9hpgyeO-v!sM*?9Qq@AO>@&3|$n zR3QaOFn@$oR)qr+tw1X4sw+}O{^)}>oVHO`GdWlxvGTAN+JkSR{#&n`UfbiWS03(@ z6o7zGw;m!49H2|U7JjOGS|y!~E8Pu>#p_0PF^ab4?FxhjZ{MEi4~nfQ;B zw@!<{5j^M-h8Ef%!1k)LOl=HYEQ6vAC~?$^M<?W3N0~!ngq9*808E~@TBpx9je*)Z z@@j>SsS*{uP{g4Nnsgy&8T}G{S^!%C#nb3neJQD)3^*DF0RtDQ;K8i~7r1~GbKz_d z$l>27HiI`#@-$NC=?8jV4lGXaYRBiNK*LF;Zrf8@K^WyC`Ob&*wTW0V>M$_d22xJN zoZSZIrWtWC$9rHHZ;%E;%bPTu`Ricu2!v*jS!k}|7e(QoMgK#!S|I9oUHAu+@4u_x zdT5j(u_(&^Nr=Qwba}L-Ns7 zVT%vghNM}PX+y$jbEqj{ZiK{zAOsIZtuME8B=A#rU?qf_G{I=~@fg?1i5+$o;Nttz ztXdzJb{&{E;&^#nz0@dXLvR$EuZ!|>555@Z3H#N#^15)G7wjyT94 zD}%ldPW59|jdpiu4u&27lGX1Le@p^iZUlW9v9@+FPOxxV1FH5K}D%xzG)I!2InRetfUQ`1k^O_ujM(Cw@ZUACxNy{Vqzfmd5SuZP>jX!z9n(T{!08}Tf0bGn`N1I z;$zgZ#NKwV=W#0veAPre0|y4nnT#@g(_2)YVN&8M$TbRNPF!aB352M6LgmO7u?R?>~A*x zbayN^kqfJObh2?K;J`jmas||>7yYG*Qw0vt zBkk+qA9WRPxS{A2+ah+i517*rSHN5p%8?NXFjm^F#$vIA{{lzrZPNJ$4p{;2jz{<0 zuBl37l90$eIo-P}iW3g90(J8rdAY`;k37bho{H?!!J5saVC-P!u}nR5txRKwN@?E` z1;L)2F+LhFDoxbb3|ZD_g}|ZLid`zmQL9oW<#Lq(&S>tI1Kvr#OBng#;B@l>DYiTh zNqer;YE#)>EAlNgGjOuy-DFTns#b9e(qUK8tuM<`=*${iX6~>QSfxM3Z)tD6qytah zKpem9#IGgjc5VVRtmG?o3*g}CxDFE-Pw3uRDzyLkvxuK1{8X#4D{OEab*QHNIq zPoP=RX<`~9GT18C9XV>K%*!Eca zp@OA4F;x{HaNjkv2XN1K0HE3k&^lWXNqFrUSd0c~q})1UZaVNb5UNVH;LE8*^az$y zEztWybovmtH=0(5tY2DQ$@fPIf%OP`71tLo9STQoV9XAK`c{E0w%pPt4!Jy7td5uF zjr`_ZKTwgMjt5GB@Hoz^$5s)!*PU(Y^%f&BiEk;a#SV*iRw{&1Y^{s?mbfiL`Q1O% zmT(GFC(N*0X0JL*Tsv-srSvaz-lT75pk7Boo&^(xH5`_am1;WA-G%)01C_GswZMv> z7Tl0-em(}L1>M_b<<2#t@z$E1-}JeP1=)Ip_G}EB4a?|Uo;}5>^Z<@r%x^d1d3e6= z?wEVMaow0AJ`%f(`M4pqAOaRfX_=$qsBwWK(7#kk$@vcW?l)vxZyNUoUbQpwjDX)^ zv%8=>VWf7Xy6N-r`6vQ?3cW&0&blhY^@;O!4Uy?IwB}419D4Tv_D$i-k?TFFl?Cv%u zL_uLB15O2^rPkYR1d^C&4L3BBB})w-?%%1~8Yc4e@t!axvaz&Sy&~_2&1yXSTbxE? z$~>t$av9w{Rh*(Fx_fgMpeO#(p&?dEN zU2u8!=6sUdy#QazaX=6(^_aMtMzd_9Dlr#H5-C?K2}>uf7!(kTGl#S}1(8}2sJ)kp zX;O+({#PP_u^hL5s9No@3F)eBP8L0>U2T}lfPN{n+Sy0b zJh#4LMLlupc&`Z6_B|WN0AY=>&9+M4@5^vacbkHAIniOtM<)V%?~PR(hkD{0^Z@2* z!Vx;CKFua-AR$!02qo0MB9OZV^LK23Xj2HF<1~5bz7qpW2(3V1=XAQ!Mq{L zgG_Rc;)l|vpIRTCDW%K2d6*iL$R)F%fux1D-h%3ZAVKueMVj|<7U*;2t|Yur*cE|2 z2q-6qt_x8l`nwt@)lkwrQY=R^hB5?%n1P8}6k654$o3|xDp?8}*5o3S)@oZtX4PNH zs-G5Vpb=cm0~D(pm?t&JjJv7}VM>DB&EH!O^8 zF+-{v=u&Tt4E_0OY-a^I*U4LEU0Aou9-I$VF42b1iP%lWTX%fP9lC7Bx4|Ikp%1Sy% zJFI?q^jdM=t;vM6+u-A!ADUBbOxB?wah24ngIRh?6DQ>=)EThxk)7a*dWS0N)&#O) z=dM8j5A@N~zG#8^tNlLiU(P)8Ow1od)Z&3X3#)Koq@#r3ASfnVy5Sl38Q4s{IN)^l zH6_<6nPHo*V9$E2QJLCIP8p0z%c-Lf8j-HO5}Fla(^i-`WGr;Y^(8u_xP4GNfM?J! znYDkqxwzyKm%>zS8_nBa^o7`jY2NVR6osPbjdTZFXOk&+FXPUOo`QdJ(BjsPih!)7 z+nWb@i!47b=OlhkWY`_R%lOmyNrk+a?OWKM>-LwngDW(cc0UAoNHxVE=#bjKf__8l zxxK!6Gz%4^^++zNd}~oWShEm#pWM7!7Q1p%srF z5@@?BfOhk_G=Hpy0YACfZ82Gp=}9Y+d<|Gax>lV)j-V^kOb>1IB}2;Q*=Jt8ac9s615A|zHv@bD1BdCJdw?Ap{jeMGi@009 zLMmaf9`KyH>4{)EPbA;R8S(ADjltULuQfej$c*B&=CvrRq;DKsdNTPNvju5$t9-p7 zvNK#~8KqosIEp-WYWX4~5AVf&9TR7Ud!-mN5#+h0L@6+x%fQPGG@ze8a(<6a*#qn^ z#t`qU!!{r;KUIbogsh|`&Yzpm3OlBo75Ha&43xQP{_=0+a~LFE>TFynL1I=Mm8Kaf9NW4?@#r_w-s-z-;*2t>p>BZr~)@7t`#6h4qTR&LCrDSdmv1r(>llCre|Yht=)My~56E@@s~m1L4%D9`C>iAd*glMm>>gE~yIN zY~>(4(^uCZXe=%>*$x8KCXqed!mx0QFzjO>0F0Dm+HP}5q0+Fx>EXMc5h$*U#1?xp2Cr>Y!H!6 zz3I8(B#RkG9pg~z8+4#Jq;}$rT6Rp5mu~vwvbpM=P;_8gf;1q ze%mt$CsH~P<3G3otq-A7u)XjL0C?X`yoV=Tp@>=UsD~N^`Yn1(^HxM1`MD!cwD8X; zn4X|j%+|sz^>{9SCXZd&u%MVu4Eb`(_B3tnjMK$)%VsI1^$qIzXGbnOGuiL+0d2SJ z=3RC-pY=WL;nSX?XlBM^Vcv`a&^~tS%AQ$kZb{UGfDIIIB_O)3{Soirw|LfAr9+DluzT>?=a_jtIkGOvs@3J7sPHeU*f(y z!!D%0fM-4^zt3@slp1GcV`t$&A=8q3B|%%{kk%mnw6eL&FR08NSqAU@W5@*C$l`(t zc$M0}_W44wBz)-ZUbF*fL==17z5*8iRo+jviAKipKlpQ$K7!Lb7W5lI#h=x$Nn`A` z9@~EHR~HPNT>559n)+e3S$Lwiu$|7PkX%w{PEj~6pI2w+^NP{G zx!`0_UQ+786krFsXvQPWHNJdO;>BRO&+JkQSwI-IGv5|ez6}DSFFV*ocNH8m zxgf@5-fz6zyuR<3S0%7za;PP)uWmF_t~4+IlgZ8gj}Cl&5%H@3XKoGt>;D0Q{}uY^ zXyV{v;b>xGV(aWg_n*~8o8Uz7CqxpM_eEev{)+AeaB5Sb5NwD)#^c zM9d5UB>Mkf^ncob&feon=i6~}1o^j@*#~mTModXsiHwxHrR+R8^++tn#7boS+ff`8 zg)jmJOv78klquspsEK}+{M^p%7L-r`rZ9cT=5VDR4EN^c<>m9`#kZ%KpZ|M&HmAtF zMhIp@t)^i znZNzM8^Oh$6JCitW^}ze>kYy8#gW}QtbZ&{Y1gS?O>?L{Njx`?V|~eON3=gCuh{l1 z`*WN|Liy{WEA?dNrt@*tORn{C&0+qWr6&fL-KkWQO0Wd69aSK=9oCE`#>n{?aviW& z*}`Iz`A#8Gi{gh*uDOvxe>QHn&65R^SdjHWpWTDO;TKzGtK|MX@a~f>mqWk3J|(Xu z$NzvrV3kPHv*{RHT66mM$l@Z*VDi1&>zbQ>kRx|KlfzEf?aKQcve6({=1ZiXVeAyn z->FC7HNmORX4}B~(2Bx{KAem`n+K;gZ@+)#=j)05zwmMZJFBZ7@=T)sUQ9rng2gb) z2T}|!nkR!hJT2yp8Tq5cILfe2a6O1x>XyKMHfG73*d~6Q1VExp1!nj#=o#x}=^ZHQ z`~GNaVbaN6kDbT7bB=wHL>)4y?wKhQ=Ghk)^d3Q$elN+E88EQ)lKbwD_MZA?t~;Fc zpK(1wGix@u-!JBIybT6U3X4Cx}~Y7 z+138MdESYi!k#jXGY0-T9L+MH2LJpa>D8G3NWm$E$X`HWX3q+92rUorJSRU$^+->_ z7Jaww$;X)QV(GiL_;thhZWI)Dw|0V^8y>$*`q?|W_#PkLd%DKy@?5&)xy0rBIG3OK zb$&nIWLFP5tevpy>^}Ya*?xEUeK>lH{E@cv%?pDqD+(8{V&&VZd_kC(B=FJ}^tzz=jCz`5DM}yp6*FJ4{G>#H;C>4hJCG31&#sc~k5Nk23IoP6nyP;^` zW#3aSRbhAe!4L)6m-ho0?Q9pdMmQ|QofUjS$(8Pr+8H6 z+p%Wy{;BV98Tw_yno!=TJz?VF{}_Vvz_ zWTBY3BH|TNn(i7)k8xc&gKKt&5nqnC#6K5PHfXGWlzZfIwL+0WB70yWSRA3G=7aJ9 z)9`Mir{=N^qo`cLd(^#%9t^7QqS&?sCeOBpB+p*PJHAxNdy)H!#8!y+L#Lki2@(Mg z+l)tw9nNrYZ6bPe8yE)o%UjqafY3{nSXyWF{b)`+9ZulFrTA-QS> zk*-JjxH_Nnet!a6%re~6|Ado1Gk&H136YykSt=i0Zn19~A+e0isK(ma=9<)=#IJ8K zV2f-dV(Q!(F*Wu@gzA8Nww@lkSy^AJ>e#{0K>?;z!-+Y_e)?SM?zajy9_%};Uka@| zoMnLBo0e`FwU_7Gws|AouFhE7*22kRhb&B(-Lx&zzX_$uG!IAilS>uMg^6I)1$`FX zIM9n5;CO{AD+NR2_bXxBQ+5Q_fk?{LmalIl72&_;*#uFvo#qgicbSK%BjQ{B6Xg2m zLjSJ-BDcOKu)+mBr2F^w+-@q0b%K;Hl8RU^ONM|dDK<|e*L{AzFGFa8v`coQUJ(l z@Q4IUlN^{%p{@ITc`}!;{32X-PfYKK$M)T7K)b_3S~|_jzj$Q*cOh=u=C6~2E%Ka2 z9Qh@Pn6+~cGMoH)$aNb;B0N!fp#b~_efYFa#^KX~Q09Ryeor%_Y{n3xexzCE(CYWq zfZt7R@9}h^Jg|jwgHUm@qR2BymfH*C0QuaK`Z1yPQ~MnO+j>7W`*(wah1=-N2Hz+s z;jtnpIVfmTcy1B0eFHLQr@LO!N*n$Q`TLP6w$TudC6>y)LdHiJ2R9)dQto?iN16Yh z+xLcomLfKx6B{-utXz%{6v|Eg&+Bj>3Iamq)E!r@3w?t(DHjK zM{S7fjCBw$Ea|KfuzdLosDr0^&Nj5!FMO{?;7UbIEune>xg&Ws1O}K% zdL!FAIw{AIZIMvYn1>`jy(<{w+(P0!J%}RQVazk~mq+20$B)b=&-zp5M>h6OlJM|U zAmP!$sALTKnlvZ;-h#}hzv!2E=KiDL%(DxH2ZL7CXw-1Y zq~V!|Y1t7+5Sevz7!$7y^X#3dvgp&cytxgJ(mO6N_n?m}=e;6`B0<91nPmK0|4ARM~{x;`)xR9n~F<>macoQrx^j6M7D zvlc(oU%Oe@0%<#Il#0k!*4g~Rk`uWq4zz>t8+wxyaJ5vMWaw;eG^uozYupr^Po9&x zh~i0fU6QeU7|yNP%-OpXB;+qLcJhuShspG97s!GcsvU(yWbUC?rDDIZ2_bh;6<`wF zMMF50rctq>X}`tV)k+J)<^GSP&;#EZRI@oXfUB&!?R>~l89Zjwq>47bq&2kmA0JHY zRCkB^$&(A-@zTQdYfzS!$Wx1dI1K%HciQK{ewff;KbNOFS|8YaFM=_K z4J+G4>uD;NWK4q4^(35FZC&E~ho;3%Tv2MK;VbKFgOTN#VRXiY&fZ`B`FoppeT#w;s$B)A z^rhSxx5`m*g8o#GCn0{?ZqAqK9W*VTj%d6qj$qh=YPQ&=9e+^ro*0)YQf9U%Z6Oa^ z5_6r2lfQgx82MPsD^jP7MY6|Qk}*}uv7n2C&Np#m^$9#SL^=e={c5k#Hf-nNA8s+~ z6e)89`k@OJ($lICBJJO`VdHjZx0F(h?`xpC+-NeIa!xDw;V#p-&g7-9NpUxD?nxXz z{wH(qe|09{U$GKptnHXRJ+=_%YaQ4w*$E2yN(RQ7QVP$cPpWu}yawYojoi?KVW(7Q zo1W@7W@@~voicB~bWJK%#M4-^TVTGHTplldGA1{T55)RcWwsI%XIOBH11}LtD zAVqMg=N23wkiPyB#ma?Q(bwMfKYX-f(RYisT^$r+a7{+tTi5+5AV1{QzpitDrem>JWF(-fgoFtjh;g z@v#WOZ9_8Ao+lCvT{7LlbypH|Qas&|a*DhRHmGTRadV79U-JtN()*M$Qt{`~M4j6w zeLs76b0&paKiyo1;8yZ+3LeF)vB$mohk~Yn5`?Cz}S%&8@668!TicxxysUiDT>;cdgv$^ zEu93jE1)#&{+32jIPr7o@*H4G4W(!`i~LlV>tcO3hH}A1xndeDpzU=ziQqHB*0*xpgtCmg6`|FH>mU_C1;~14CPyW z%rwZ$C~5g@mg7ZBXPgv>J7|o{ka{=254KF%W``AAIJI94+V?x=c&Hgs!`1i*?Q%ua z#?=E)(3M#hnnDOOq-Bw0YhM=dP;dUV=39*fB?b>)5rHO3_HOm&W*23eP{4>TBZ|;G z)3`my)hEx{$EgVB9D*4((loP~xlLX*7q1(+u!Y)avz2dyz+(Dxgoufjze&r6V>z06 zG1-2FZ{L#pCejZeW0{Q~$cX621FDsmY4U=Al9-VU{k@f z$}IPyGI?QeHPcf$Sp>rNbwRX$yFa|G8sVTEkTW@`)S3 z{Ypwagl^J4imGiX(%)6A+z6b*Y6ttvRt-D^ST_zpe*_UoqHBA$0upz@(0skO>rH|l zVfYfE-l?7vB)5Psq39GmDuL$zEb#GR8GzBvdQ|TeYwGXAd$i0bj*!bBIo{tvvsIn`iLbt8JlVfT6X|P7et-6`Klo z@)f<&mt7z%*yWa+$5-9PKB$BEr+Idx-1y<@ikr-q=@~lvL`$|-t$5F;s-(4EX|(1v z+$(48MU8qe^{P1uD3duO3Krwe5N<05Cg+r7DXTRPUP#w!UV|Yb@&HEDca%lNpHSf= zCSHm<&7g2?_;=K_mtBe%&p4Gd*AJh|JPLpcxaL`&WuV+iVCg+gSf5t4q?C}sMC!8| zSU6CDrp;BbKw(q5bPMKM4Cx+YlsB|SlST*$OxE1IM|%n_unLkjEbKTROuWzWGDoL zagk&Jy-*tD;-f>aEKJ|D9dRP}LSXqrWt2B%5mf4%;!xZOZ$@3X_k~IHUj(l z^QG_<_$g~atc%ESmVpa05}om&|Thama|u|6xe;iUb9dB8C4o96X7-)cm24zD!ZE#=W4R zQ?Adb70OPcJvsV1CO&ie!g-AJZv|b`oYJi~P}X)P$Hz%%Kr_;?P5ajf2{4{qmV~C? z9!#~E){WP6|0RCs@`Y!odq+X+??t4LMxY^XFnQX%tr zpS~luz727*4RM=f3UMnXtQuz~DIe{XWIZWlJ@d(Wla6#!AuES-^?Y{audE|_X|D>~ zlNy?wTfSAv=C{lUju@zEzJZ9b0!S442VW)KVHsg7-)Jpw+zh1iGOv{UAP5jR6C{q~I~rwgN}H`P#y}61iD<3^fk0)}+I7{QvnZC-|7^Yy zv*9V_9i~{hq98-2nRoDS#qO_Bk|wPdrWZ>O(x*YQkaAR;h-EZYgrHDJ{ToINBrwqm zx395>CX42(0jKm&tDuky?HQPAZNg-wSsRaRY^9{YU&|<5L*mS(_7L~p+>;sXD;U-K z=_3E|E1;F`jq|)1r`ZMx!;uaq3p2wVT{qg42fWX;Tw3)5>$COF^XoEM7`^W?8HVKe zN|4#sou%Q^4eFS$`~*5afs$_+7Txj;eIQQP|y(+19S9L@SaT5eDHSc-bWu=g=;=Y2~4cpsh72 z%FJa-eO;nHMUdGkfYlHM;9MxoHwrpjh>p(ADrT&*$>Wr*c!5cRh(8#b=Gi2v-r2WU zR5~J;{6OIhQ@I$@%{dvmG%~YB6VH}%&kOu5CyOT-ltOS!qVSMJi+d*R%BbiS1?>P9 zc|B2Z*#@;HM~Bm`UVZevVNn(Vwr7Na6d@#hm}}rDb-iJfeq$?zYi45YC$>6oKhPCD zVq-#T3V#)O+-<;8%7R=#9;TvPwn)g{)n4h}R|~*tfWes`%_y)@IBj0uf)PJ@<9h9n z6b+6BHYTP#fu+90w&OLblY&cC4Af%;I$k+9>dG0%bk)G|PFDK732MM}L*bEwK&Eqh z1lSGWWg-C?&1#+sg%<$g;gsIb7{S)VT48HyMEezT=mJlR=Zrwfu*OZJfdn!@tHIW@ zjCW|{69vTFJ0p|{3=t@7Ort_SYD&B&2)?xTR6zTfX+Ux4idHCC{I~krAaA2Il(7*L zQ{eHU(5`O!Z%z8IFjGE}I&d-YtItmK=Sg_MlXi%j zjQOZ5Pd`X3b?q)i$*yP1gUcdvb3aB zI>PlUloX4QIHRtEg;d%tr_{Tlf>`+J<+ygb3IVl$gQuQ$`!c$^q6!gYy%C=_N2rDlE=rfcnbRxtWia$TE@PbkRO2_eekGrSal6G zOuj(ugvU`eJM-|1=5k|0;dS%Ls-SVQHSN@E#uhrt3t|TNs-hQ21GULG{imbSZgS+X zX>gQ2GR^c8Ik50E;Ii~noN+Vcvx92krzA_a?31T_eeGJNaXq)447JgJ4?fEr&s3uf z!N~f$^m1ixQZ+bL-fv_1k4l4lCY|^IQM(5B+s3PmMs%yGy0M=%>6bGIY`XX%Lt-Mt z5M-v6*`59Pvw<2&)c4X{K#ki$gMu$!QMlP$e&2T4} z^N5H?JEc*0V#6V4b>s@;0Kx*A-7+ObJ(A4j8N167QK!A2l^bds!p%R~*YoT7OJzv` z=cM_j5;i<-OGw;mRkSCj)#L{kz*d#71CROK>F$Ybd>zTDiolboyma&Bb3~TR$J}e# zqw`t81BL7^rFhykr>-c%(jo|VGslnqnr|5Knh^;hTfBm`Zzc7N4pW_~i=9&4L`DI@ zGfxP2nk_i6J4sa2h)naJs@aB7qh<=4w;09jWtnI;>kA=}>^uu&BgzpzunlK>p<{t8 zcxm;gzy8}zN(y!se)nHzO+GxB3h%P`a3$PaVTl|dQlI*dvVVI-N_m;d4@4-uj`-7g zh}2`J^u@Z$(Ho2UDrfq6F9O^U?tmHk!&B++iqIdHGO;uD(Z%Q>l~W-UZ^mppR^RW; zVGX}Epa^jEo1VP0m6dbvM%pC69H2;taM}_z21Y5N*tklODZ^dFl};>Bk;kUKQc_VY zO4&}jd}v`|MXdUN0FqthP$QlX;$YcN(-( zx+=-gFZ7BXM^rR`Ip$ZZy2U-9hIk*{6S>cH`96c52Y8otqEi{O4D84Fx@uA~`h+TW zcB)L(pM^R#B_oaQf)efqLv6Yx{fP~NF;zu9i$67g(cmMix_EDBrb9}Meg;lj*K}Jc z!qRSP_UHQj21Mw7vZ7LwbSWmv*kJauds^N!pCnqx4sd5> z2zI_@yl_6QZqNeE30qT*h(3?)_0-{joR^>y;G{cJm*xbdx;*v+pGgLse{S5D&0Y8+ zulrA-tdJxG+xT4jk`WP=PW?-y5F5?S7KSIf%-4=*fC5JrpN#MO&T|&loORGxA3lF2 zc3UYh+w-Ajd zRz@kimC>u!%7g~^%>%TBa!g5meuC;>&gj5@89Wy5a;Fs=iiV3({E@!0hV3FaVyl@L)iJv%2{5-tWYjWkheYcSQCiogl2UxrWOA-( zen+C~(fMT8LK&97C-cd#4(_5{veWmXPNdmC47gd`gwyVLYnX~B5Bv4)-tI@4-5NW^GT5DNmwLPxGKV5VT}mPL_p42i$VtE0kzEcjEU4Iy-FT8Or`yKN*$$2}qW%&ZDgY3n zI5kR}a0X}&(_S3$YJ#5+28#@9#=aXwI8*{}RC!@JIpipb3Gi7{>NYwG^$P_oOd^p9 zKHkzC7MhC{H|g_%<|8A&X%tzLQu!a$K%3|82xDsw|2F_RK*qm`VN_uWbArIj=_v2I zf}ZAh@49MqV$m!75NBet^_RA@>!^ve<9sJYHg!@+6@sxk@wS-s zFVF(%r0yPP zMrL4JimWsp=PwVZ=-=7?rDK+VTh^Nib_VV4)R~BX4uF?xPQ&wD0R8!c)TtrNWA`62*!&@!b{V(1)hOC2ZS8ueNC%OfuThZHfyz z(N+zWe5Z=CiOEFH)VbnqTUV^U23svf>b4e?yRDF3(_-R-!WDA%Si3CwIH%-6`8kwm zRhX$m>thH1P()$h=YPx%VweaWYOdrFJG4bC*J&w%w(^{C6fa%drb#Z3Y*76UD!+c^^?S>A7B+J9bR@j|sktD) zhe$<^qptD=)PUEn>0S8)J`!RIeEZ6oHIq)@Cax%E)lz&|X|J|rMk@HpH_AzJF6pue zY*Pb=~GdUSN^O+~812@#-Ou1aZg~}JsGaEkGYaosr?n?g8iDQxu-dVF%vQ{9jnD76$WULn= zjYQ-RXTUbx>;5kmkUyHLKT6C0YiU_O`u~F1{2?vNhP%OiI;=~1E@jd#TxO#yrM#D` z`_$Hg#>y`Io4rEoj#Dzg8%kjIkRBj~qqq!yL-|{^7%9Q&d$(H$UxIe^sCP=?Vl9n^ z7Z?0b2<0;WHIlsp$x1#J3OAI=ms{|@=C8>+e}f>vZ)oVEz&#bfDUC;+2pll^*-5mV z({rOi74R5}=FI?z=((UX@_5@+Doc8i$w*Kc`AZh107P68#;#`?i~J`zlyC)Zm3(d{ z>NKKO`p_H)v7AYQ;q>V2yn#4sSj0_jU!FpsPSoDp?%UHNmN2fV4AfF*cBDRLNE@QJ zKK<7T3Lk>qa#LYSod(w_x0*}oS9@cpy`@K8iOjMlrCn00o0yh)d+1|SKdN-WE1;WV zn-%0+ZKG=5Ba~DckUm|}SPsa@CovZ>!@f0%!z#|qi6nz3pET4w!3S-$@%++Es7e%) zqbRtm(vOOx3(DNYd?VGPW%HIA)Ay9R1V~Pgl#W`uR@qz>7zwm$FH^fprWT17{@h+7 zd{dQxt*efJS>`d8Ssg)f=XT%H7Ejc2r>tzMnuQRRX)-8*FCwcXZ1wl{kcUp|^HzBV zOP|n))saZpS~aEHNJQ|46-ojD3G9%-=}SU2+ko{dITfAUqz2RlkIE~$thN}$Qw^fk zNl^**4IBijJZqHE(mHVx%EJ`Y>AB81SCSC8DCntG^?UH#*6O!6psIDNTQtC8mS3^3 zObfrtY?|eh>QHv6`_++bIcP&KODn{Y?3RvTYf?~I()YS7r&)1yH>2T~#-V0aLS9F| zM{i`w?Npj(gciRjX{bCB?E9XQ7@Ecm+wb;EC&+otHJ9sxg(7TC+IbU$yJ4Y3CI9;1 z!397_74z=C?Q1QUB3)hGJfh{JnhNU(L!dHiTlj>J&EX}L3oGBvlEuWPVJs&d%tfxS zTQE?pZ#Xg#;U%qHOO}rom`$#hQBGE!kkIcJ*g}ERPykDzG;tRJ-a?<92}(v}y_h57 zSt)j1z7O!W3|nO!8bNDe%T)E@o9}2@K-pj zk>wFxJ7C<+mZQ?cb>Tt9azaK>3c#+iWF)Z_Y!WK3HZ_{pSXzsFXWgd zG0)$8QiA@VX$tj`Yziy`pJO~kE1cJe=^%;z44Y2G_L>Jw`~+cw)3f8jO?OYKujJ{- zN8c(5eI94({N-S9@ycF|cL`524%5uWV|o9AZz<4;@F|uR)#ZpIZ-P{B+t}Dl4dAg{ zA7~yi*dBpBP+;HmT6DU45*6<0zw!IdAKcg73 zDg>m@V`x>1A4`XKd0ULX3f(-SYWmIggSBoj9TkOtPzvYRYD|_ikJTn}Dofv@OScHN z)x@i_A5XBTjO=k-?o$z}l@TR<^d3r&L|ISvS7VkxThJe+>I9^$*Rh|0VON%`*`;`O zVtw5x-OeM&xl=qhO{t!u#tO~YK*4;V_Z(lwraZi-@8n3!;pQPVp$#5&m!PUXWJQ3) zsHq)2lq*>5{T_IF9b_ar^iR}Dc?f-#uXL2;5wrG?Z)LTDDS6hG%&?u5GNZ z=$DqQ0&F~(y|hQ(Sai}Vme(iX*r0D#F}AF2K5w9O`&eGu8*=(|0R=CS-6W}9T)wI-#RYRx-~}M^aB{U_ z#Ox!r##7jXXdLof(6{CUzP7@42WNo{95L0(D3imMB`?I{pV2{BF3_u8fZ;-2Z-S9l zG6W%W3HUozoO7uwTAMmbn6FJMFX<1WTvIZWO?3>S!&_Q1S@Bygy(-(1qzn^Mx>145424+_6UN?5WXS|u#&TRw(nQsvt^xfBIc#pU^# z;%C*8#u0%{WUU-Q757F|1>uxJNBlhvwo@ESi?TdYbLWZE1nut)bJQ+NL==aXG*Hr_ zKt(0`((DmOOVWmJ1e%0=S&p?}Oilq=F847ZHc<3lOqi-JW+V09Fe9Io(@V}gdtWN} zP$~whtff*h`gSH}w8Iyh^Lw_)=&bRLM6XCStMUvgkwb1VMN8Gfnc*RY-ge)g?K$_^ zRltdPhKwyANnX;43>67N4@y-nXmJ^QxDimS?B)o2Nb(wgG=&izF2v9`8~VgzT5j3w zmK9fE6wA2~3`JDMV*@^wW+9Xk&E0z{Z1AhllUf|KS+PK}j(1)PdAee8MNttLB@k%8 zRO!|m*z^PfHNInwmAj$SN9RBkZ{|VJO*lLo#@a(3@}Y5`v`kRaLb0>&J^q#fK&koJAW4eC)^sRcN!mC9+!XiM$iY+X6lIs>_)4O!Vimnh- zA}7@PeBY9)7SIMV>#%9Wh*ObGz9*CnQy}=rU0BnUY?D&)0avf5`UDF}KOlKW8B}Cw zC_~{A4MLbZ8qS*W@4h*sl)b#;JkThPY9lIwMQr8ldf}#kps-FArfBaKb zRerhn_dounFV49jlCyoQbFr&dq&ypmz4N;A#DYqB>!KA)Z8+UAox3XDt-?rZp2eaO z!nn7AT#X{A6feNkSyX$ZGQ~Kdf7Ma~v}1n`#7Iu4@D$XG23qn|rR2GM6Q!uQ5!Z!O z`Djg6ms03_Pw-~9y2g~KP9=0TwU!FMs2VYP7<&VlM9wKNM_2CM=`DabwF{~D-(-uK zTS)B6S8-2O{ev=JJr)=!!e_#BO+<9zC_kI2LaEa{!!;x-##nGR`I0VL5l$geeOmcJu z@XL)U<&dCW zEM4O24Ir}0x$Sb>ok<}jw;m||$h|fT2=!sMy1Shrc9scDBQOP+IF=i5B&x#{?lQhL zZ+LIYgu=CF-n>AG)BtCP+=}}Z+QUtO!_8P+?P2U zTMeng(x=)ejB}p1p%NNLS~r2fOwkgwtJGPoi~YVq>*=K za`C0P$ZlmP4HUaa_|1j&P8uyS29H2#j%LL#YsQk_Nnknup_cN;fv=;1xzT1;Q<)7= z5XxKym}q9v551e|8Z&XF%8`MlaimR8U(K^3vm=BtfsHgS!!K(?yl-3meF1tkKF}1NFIJ=7OKd) z%DS!DTwM}W(5jl;S#Se=z|;#+cv3J07`>b)GrmnxDR^y+Z>gA-7~HTJ{I8~4)%4>u zCqb7~Ry-8>{si~{;{({daL3o+OzDWhnXX20AY2znTJl4( z(ANIa*#MYF6RFth#K+H3{o${y{5f{PFCp3=3+M%!t=SFEC+-AbViNV;E_zX*?vMZ% z?B7JsI}~rA^*d$&*oW3Xeacw>_4*ycF?!PP9jtMoQ%C-7sNa9cyDCuKQa4pu0hZPL zZv959?pKBVYxHJ~dE0{>OWolpFnJ>uE5H2jSgBf0H_%fZQv>WtPbur_KcK00GetL2 zRSRyao3i>(+jaZXPt@Iate}Y5_8#N0{h4vluiOPUzxz+=FD7{d1=jK8_ns8kS5=+Y z^H}SyV<(v2d^TyF>CHc0#}Omgm02oZXj3$zXuR&a?W^j4pJE54hD%I;d1|CpuS#oI zo`e3Ep4hIf?BoS2JAR?{oRm1T29E#r0!NR2y+P{c9yQjg+Q=2y@f7hMbXD+Z?!VmZ zYDmyi9bq;Pm<%cUH@UeY`s}0AI(D+VdIGTjYo~3s6ELq;F>R}tRL=vszGi}UZN)^- zBggFpZ|+ye00JARnD_2Y#b82$go26w?d!QOg;MQ%lGLGdj_JkLi;}~H!-|OLyPyPt z8yG>tB#zSopS2KnS z-LHz&>@RXbk2%QLbyAldk4Nl5U22>^2JXSRyjI6P>jr+Mev$hdb2RV)bMKHECpZIl zth%+rv;{|8?(+C1osumNf+k-K59Q701)j}+o+PDHl4(7?G;jVLnq2y0iu!|B7G))x z8(eStpt0txWJ6%?iO#5wIqn&&T`nU>!)vmDYqSOC(0@mwvVdT9SvyZ;~ z*wMxCEQ*((P`{dQrzS^$sTTf3F#Jyf&eI73F#M50hCa3e_2wmCrT8d>O9&o=^L!R4 zB?$RYTCoCU7Q_YK`xwZ3X;Vr!w`Bh|g5tMqzJ=(2m|UlMV+r6;_&Z}7{>H+hKGkB- zUdE^TeoX|uI=N;XI~fNZPdkBXC;J}H>+)n(&deQPpcYq4y$sMQs6uQxE@#23A*l8f z9nO|B^ZxCzFwb>4U}(}Dx`?^=qUh6L-U@}CE?CMWs4&a}1*Xqpt~lSLn#SQvaT9}g zrqb}5=9hXTCFK8F?nF{4Q)UFs|Vc~VlW%}npG>2puT6>@n{0pamA&j^y0 zRVAP;7mWbSXGH)_nqI)8%9|Z< ze9-X(4Rh|}Rm?-3?*9RkPTJD^(s?g)l_n=vxthhfx#YMzD&}72lP=ej9ZNz~NVuAs z`*5hS3~1*Cd|Fj2;4bL-B4_M4gQSHti`(iNwBz!a4uas{qNL2sd~OvHMSRUM?i(0P zpgz}HaiGdrVr_$j2hDOlkTvy&Fg=`1x5b3J@QvvyO6DsNz9>*wyQD-COoh_`#pFky z(G7i-tsSL%K+e~*rMSmuIjNWQ^bH;{2MEwUHKo1YUfUw+*2YYa_@S5CiS~s`mZJDLj z4Ir*8F_PxJL`n8{Ch=dU?Harv(q*$m@)ude{qF)9^bvY)ade~T^GCW@VAZGl>Uf|r zaNqOInP#w!^!tBzsChvDz$_(TyX1ZAcyy*I3i@lg{1;*od2Ip{2b4%kJ7FFqN#YT2 z-c?V5?E-I zi=0O-pyTEHPjgN-7E@(VE(ri2sRg~5f`GPZr7i=Wufuhep6MAGy@OlqGMMBjZ=9wS z*U6l>{wa&bxe*N_QI>|RR&a*PRyR6Ll3z;`n&Uh}?SRz0@%CH19xk$8ha}&ko0KDc z?I?F@nLtB~cbrq#-6e6^#VG4|=CGF zPKC*0`g5}EAh^bb0wmS7&v}f8szp|tLmb#J!Jr|C%QfxCHi;YOgW>b9E{DhP=h+4R z1tm6obpHAI<@u1en%rD>pdYwv#W3WU9+`lJM0PDPmF>x}dz*uCopaCrA-9k2+e>s= zxc(jP5N0MJ=cdQ|1|&+~=)+bjC-62-oipI*by41FpOEbm$}E>q>soS~VQ(=jF>W9p z1#B;CZxGYh!4>q@_(9iftEbF6&cBZh;ryisRZ?<1k1}ovQCSFxA*T`_axx{yj4@7Q zvn=N~vxHN^!)S*`oeMKo=S1S%-2PdJRzdAg&nh{zj7oasLiKkX7aGi!zNj?2Q>RPQ zt4_Y@&^`JfBWxGXLyFM8!K^5+<6PzOckeIbIXWwLxFVmLYrm>2$TIB}XI>;TbEkch zq9x!uRR96l03Mk;1+e?|oX{;*@;P4<<}2JGU$4!nDR~xuhzRz&`Qm6M%>h(pA{2~R zmUJ3s9b+)qwl!MRZQW!p7DHB#s54~}44$${KvvA*+0)P9qQIbf_Q_(PGD?kW!Ll+s z2>-d0-8|f0JJ!x(UZybCa{yROzJljk8XI(Rp3VWzTR;kXE&~g@wM9U1VneyIRYmJA z4?%=Bo9Hsv)d5Mgj$l0{g|$%$WkER!)#@@QC}pl=^900Nk*q3Sju^&V!7P={&1C&0 zW1-JNpZt)200Z@-AM#UVoPuOD0K*@>k}cn7mt=&QX+Ju4T1sL&gyPn;=46RKzLgc6u6G-T{W5eV)@ouMpuA)HWL< z@zNScJb3lhMc|I)GFL`D!IV|xR{r&`4NNFqVsq+@$o1RAAVsbvAafjwN(mjlChh_ze+>naC2fKlDj6pLo1uT8 zgMPJ`5}u=s>ZJY>-ARdvuUTi#MQ4Ir(oVEV@1!V_2O>i31#W9^iE&}FSp-k~K|Cj% zfmq2cD11)eZakNDxO2jASDer!qGfGCNtY?ddP>Ti+7cCRu;ZN*Tca;X*^PT}JE)Bx z=>|tx6k5eFLHG?S6Tf62$YxI87cvACiCHOVo^G~4c)jZap}{K`zFH;&-1weD4AbQC z%d%U!9mv;=Xi?GEjW~7Mrf z$I2wTlFN$p3QVA-6-&7UBUJItTAbD;D0l~o?|h<3K%lNbrDa57_~yZ0CK*8pz`?^` zI>kVH|GXInkiMS@23ziPmH}{o`$-0H+}9j~u>W>b4B+(t41-+Q+XU13(*LG4!{and zJpb0=3{%!TXHNN^+{Ew^Z+4KR#0nPq4dY}7* z=+%Am-&Ow>GbBWrwQJ9_!P{Nu0<+kl9#}1CoHk4l$ND47XXQlNAA=yJ(CKL<;idj= zbCJ#Ho*$~pVcZg~N#0!61>AzIPX(6A;9>_t4-VH`JTg~haV$Sdk?eFAe!_L<9z`5E zEX4v+!Y|wlKWQBD-k07==6EQ-i7?rx4yRH+_?dw`tNF%UXDrwqste{MkHay|0I&pv zpJvs_P38K~u)Er)+xh)H<|5B<@EMKG`8K$$1S4L_*YFl)C*HH_)o*TM@)f5@0nT5X`7$^9c_!CR zT_erXW1#=KAD?&z9pQzG$~s!5#FlOQJDw)45>sMX===FJ{e>fw9&~fbD)k#zqVb_e z2Ghc!Rn&j{qFY43nS_vozrbmjxA0`F@8?A3GaxF|2=60RnWn*{-_Sv&=S_C&*H6G%ROT@Gd` zo}Yxd(o<77jJTJJ_On9H=nbKP5^Q5Yf>*C3NhCSU57rF%DvL`cpjv&dE6&cNQDYaI zDu7-9IUV))f-&UyE}1LDpk=%eYeNF*Cj-CJm@@Vev~pwmErA&}PiD$4s*FMN6ypxR z)c6-AyeLgTJ5QEw5!p3&2u*&)L%}2;JU6{4ii$=x1A+Ld_P*b02rHm&M$I~T^~Nte z%1?QCdGPGvb2ts2fJa^40^Rd*akYr%#Y$mWMN=v?_;7vD56_Bf8C{k!?IT7HS2H~9 zGX&*8*YU3K=VMq%!Z;p2PRW44SKt2#&(Jvk1hr92SBSZx_r-F#s7@x6Suw4~1zAjE zpm37pqg6FY*bubnicT5Et2d8tr4ClfKyJ-$^j1W8fyPQo!x)m073 zN`wv1JQ=ffp+70tY&ksM79Pf#^$8Cm#6$SG;C>8Tz}g2>7PL52S7vTc1M;LtaKI8D zyLOJewL3?s!R--8KI{wxsMnaZ)BN`CG_%`bdwh}T-Jt;02A6iS-`Sn)Rkh2gMWT0w z0VMB?hrqC}W9kDQ-Qv{V6YqBH3FUrNUJum=x6`~6s%~Xs{??U<?pwL6})3;I@H*9NQHJF-~A~kc|hg?ZQC4ONt4}dSRgja4RUt#ND9)8`p5@ zz{m%?Fj76~CTV8rg`sPJyU%+8#`Xsd80_QLaXNkQ`j(7l7gpKL=n0U&b!DJ-`<4yb zobq>DX+Q#c00X4-fej0NsuF~%ER4O#y9=|Mu@hibFMxnq{b0oG$}oNDg0q+Q$ub-6 z4oD)~g22Y$dfo;gux|(K@>p|RtJrv3L6e$Vsm2@irW7Y8?NT3jvU&R|Zb8G~p{rh| z-MU7Vb~&nEZpl@tEu7ULcc6|rtX^&^fgY@#ImI33zJxiheU^j#Z{4Oj`ak*H#tY6T zq*7yb!`H8_@}F&8Us9&6Pv-LIJEq9TR_laHM{N(fV=;FJJ%k!r#CBJ_5`BzWRqlc$wpMCXw8>|?>#`r`R zUz|R__~hB;f#24Te)}9YHk!vbX?C|^|7otba!nY#T?cjNdSCqDSV9u$j_quNQLueV z5jL{)LuZx-!SU%)tAqO*iow>@@zjp()FaFww#9;jV=S6C7@<21#)r?IT}BSn4p&XqzAS0c4f+F~OpHI5TaF^L+r^%%IT+&&E>^hTl zk=@?(<`(lv*J)(OS)@C^`{IQ)hjeRZ3w*YoLHeCQwitU`Odq??9$j$gGI?w;cXS$l zz0MrHO&oifHyWpnwWZc2N8C~fgcnAzR3AU2I1KMIt@R>W>_wcKqkGAyq7aX|3PnW; zlPU=5OjH>c@5covPUGOgI?SU*Tvfjm&?;|J*5W72Ge8LfOS}?g{EJ;GTu4WohQHDl zUHB76=SRz;sn9aMj`+-79g->|2!pFBqxTS_S#cAmIhXQyYu`*Y4YN4s5|Q@T+pV@2 z#$A-QvV7r4bD?<*TTL9A#UU<8z!MDVq7+GV$JLWZwbj9Oy-78Y0=FvTRttW*NLuhu z7r>H8Q2=9i6KpI@BIAJHiVe#GM7OxUi+-w#Tty1`GI45r9D_&7$x%1{#2pf8e@IZ$ z~IkFBAcaQ+s1EOs3ghDl4#5oFN0sh{NTnI3w3wJSoefY$zQs z(n$F|+dIP8N0UhQ=v~?KURg?_56ISu5JizZ#5jl8$(it|>uhOPY(IX&b4P zT*M}BjU0Z>lR=#GVb?m^Z>dPY1Cn%YlvPkma)BBGF+ft4sGZ!O zeQ|+zy_?fKK2??VHH7|`d>ZT z7BGVmrvA>+Uf^5pJh)GkN(~@nhXM~kcm}5ZplCrLcQiFsyg~Fb@OHUGL`b0)^MR5@ zI)%5wb6#%q7oZOCJ_DElD61e8m={*dFW?}6$^mx>f3J!v`4D5ik4zb^e0cCfPOvJ> zS9maZm65LSRRn->OqWLelG|iH$70<)ryqHq&IxDU)&ink~S04}LH9vpIfLzuA3UPxFNzr9_ zw?sB#&RNFC3(D;SLazpWtOPhR(Q5 zw75K>19miamM{3U8?>?;MVpZ!BIJ#@FV_e62@SnNbaU!v51>!#;S)y&Fg6eC2sk=A zvZOqZ2s4dj+=9M1 z84Op|D6U>yt;&4#;20hjFN!2je;qv-qA0jxXr99>KHwv$P7_2rexiPyWoZJul)6C$ zb*%KyhmKl0@M?~LljyC^#^C*pQ^cLH|EK&A*nqC|KwPbZgWmNcn36^?g2T)QfXy_JUT{8 z^eEJ_nWWt@0o(eEyTgVWATA91;76$IQ{mPOimL|4OyeQU@5XF-)(&4T)$j0iu-SMF z_ba^WNWZqT8ILC61xr)U>ao6x8HB@#oyj_3CVguT0r8n;s~J?T7gYeJ;fS!+SqE#< zSI=`PBr~Zk;9M~z)K6oV#F1jH!URoOn-w*l2@W&IVpPuoUS`K>eALFfCLw038G@Usv?u2jv@ftX6k(J zcM6X8-)eTw+>Spu2@6Esz8inVHM`W5ca60eHK^v}TUU?W^iqYN>q;BvvKovhYtvvY zdOV1|YR+rF>hJ58Z8{H-2EtNrnigffVc2T4|KIP_2kuK&tjvb~Sg<+y+mPOkY$bN} zUaxVy!23K8nH5JZi}GbLgCNifEmnVLimx_~_#TI%M6-21{B8a1?~@@gRSKTx57F1+XoY3 zIm6==;|>jXOP5D@qMod$VDpq>~`jH zv8q}eU6dl>FtBHTWEE}P+FzehePa`3t*Ddkh4E&R7g$;N$hvC{V>+9b z$IT0kM=GtVQCN8bz~c4mTbL^9S@ytsoyxD(rW3Hses=t|!3v7N`e^8`B3(j-6Ez*LpH)D1`c;o7V_p8)yklZ~;J6LHlYu>465eEc8ofK+^ zfPxx2nCLldLZv4MAxJtpsXH)TAqeY!*A;$c`ia%oeTs#+6h&tPZqE_=eY>QI&Ff%aaaI0Aty!GU$asls;9n*qcVg>BhLCQ_gSsOqp zIf1+ob@1ZZRU4q$)dWh_)GyMhjs$9h14SoR1kuPu5Y>T>JA*bMPm>m)cCbR!bqHB? zY6oYzNq<1;TKpER#9Dx$bPXVmn%e->?IIsZj9m>>iqvW!(Oha$uCiM6VD(5UsST8h z{KCJZCLKlrJgr@-V=E^=!vLciHQ?B-)(US`;n?T0wLN;hjLQzNtWEu5^O) z(A_5@w(EDH?Y0B7?=fW=-ifn~q;r$o?{L@9O+am;=|zZQD_mL8ZM_*&yfcM6 z?~?^qi+wY~0&TOydL3d4$L=bAXg5T}Z^t?ol^rJg`lg(r+Jy6)5Z!9Ypa@q_ zV|5AKkbtlMYU@%R1G@{TOg#F z5HE18r}==leaS6rfV7E*$6$ZQQ$??FhK==s!M!Sc zXt-~R0i;baJO(LFHN}=!ar{JntMfE_?e8M(pZe6LJ`GZTb!(e8bf0^*e_eic+c&jW zw-&JgKSb-i(rU~;_cz9SCjWx@YhLwk&HzZ8YIqFV^2U&dUt@I~&YXtZC&|?wZ1*+8 zJ#4k>Q`YxmwyV~6U&{vpf!l3Sq-2iG&Bp0%K8;85A|3xGK9%1?QB?=69M+B6Y}W5W zyw>hco7a45aj(NkH@h>F*T~m!k#5sSh;GXp>l(IEaJtUHrRO|9v`-@?xpR#|+ZP#Ff3Ps{Huig?1v`_})KyjYlI66y_GraO4}w z*yH{PMDz`0{8~*z-jDsX$sDVa7ItYyiKy3>hgc1ayE$-oIjjP*uVGj7kJ#9C#=K|H z*ew=-jZk&dy7u0=x^FL2px`kb&>MV`WQ(Nixgo1ZuM-XikJ74$=un`RdeF3{FD3dD z-l~`GXfWL+>R>Id@I(ry&{u5?_RR-w{hK{(hQ(=d#~s zNh5FZHHNM86x7t{$)E=Ki3Z)2`-*LaMGS5?T4nOF)hUMkp*1JC0I9$8 zqgoIoLWfM;f%lYv1A zk^3T16Kat|L?VauLUf}Oe!7!V>)ic(Fxu^Vn!7!v7~F157LbT2hpmOCz#6_cdEfzYgt!QFgt&+WUJj`0wkZU&q?V|xsGquQ4nk2|eZX570Ya-w3LS8I zH$WW}gSZ6~N6CE`h5NQ2Nu!cKRkypcgTi^&hrk`IT@>!yUL-Oni@H#ygTa1v4b#?E zJW!^*oEgP$H9al{&)(q;%h9uo{iz1M!(>6Qb=5fcCEu2NNC&rq^|ZH_Z@!qnbN!Y$ zwDV2fu6FYuG)jxg!dGb@Y&PD_&Unqaz8q6LE$Xd2r|YTl=wze0aJ4xwGPy$XGdYD1 zCkiRx%q=saA-u9$DNUo00=O3;Yk|HaiOEC z$5%UeZFy9)$WjdTAE_fdNiZN<-2Ik9b@jkhVEnWfqnj6>JDmg1j@swZ+=$lY-Icb z{64<%kL;4&@9`#hu*VF^nKx`4{gFUe-2P3@W4FE?tNSBuG?BZ zdKF(U{Bc;McUaFrEWXl}_{vlQxo5DCn{n3-9wXEMdXK-n?L%ZH&?NNb^zMVlSrH!I zhu?I9bTMcTq0|JL_!VqfZGY-yk&0sV^ArTgnoI@hP5yNWwS6czlealN@wdJEnif~h zaQC}P3SG77wdo_E@F!OSOQ{qN8YiOsNGVk{Cc4A*+AXcO+I&wm0x9yIb@B%4M7DZ~ z_!&uWMpu7?)_88)_ym11_0>BV zq5;x8vu?AZcjoDy*@B385)v|$Ph;&X*Wy#W3SzZaUyHl)?zTKOKUIg*&<%JQ`Ybsx zu_W^3bGVsA(XdBujXD1fne#ozrFcXO+u5kLu~asUGg=&?VodlW21)3u5o2V*b=V@G zrO%o>5wlW{ce!~nw+Hq7hoGIL$}X+oVKgH^fKufoHS)YO?}If{2`&2C%yW;#ZKBUS z+WsU%z7Nv5Dnyjv*`MB~59&(b=m6bkGZto@x=!dLR*%uaGx^#*cLsFbiFeUY7RpZ1 zQ9>)4924+Eups8nFky-|$bwicEzi*gVmHwT8)_kw)mar7Y^*^>5Z{uP*ak~eY}>TS z6$3zpxVy}8K>6`*r|+){uO(R2Xsk<`MT}@bKU_uC42u&Afvc8->2_I_?RF_Ld*3z7 zW?kLEA2^-7YL>VMaw$D4NM&5^gXdL}0eGcn~%8tNk}JlX6a zkm2Nkd`evz=OJAiyBe9Lk4Ng{^Xuiy(#`)y{d{^I?doYYD!3Me4a}1|cQ9XRdZL#Z zs^G795mNe|(rjyv&P-PQgf2DYk-l&l)V+)qOgA3EL))|0y-#Py)<=u(Iw{X<^cGA* z>w@9_Qe8vyu>O&-6qn`X!r=D2a?cwNJC);hXO3KOLq59Wp1D8MgEDJoVS}fHyDYKh z_R8uSOf!tth)4K--Z-(PQBJVzR`vjhxW7Xd451m{r6apl3%OcMT7PhVwhyFXpUE$;t_*!lx7sMJmDl$=uGad z&6_y(k-g0rRYv|@E7FA5bzxn2y0iL$i zt}TyoL|9H@n$KMntF}E>xA$!+Hn%r%RBm~R^2HolmTsl6hDW?3XiKc}Gw|*cpU_~H#)oT1_f$r#0$+EFkdHKD!B(|n1ia&bG7H)efAot*}=q~`V3iFf^oIrEIC2qZb$&*KdG?L1hTHs^i|Kc(p&+Ia%y z{)90eJ&5qvJa}3=d#BGNJ8(2F!;Z%pwy8)mS4BLcp7POqUKqBdvLxGD#)mwE&TDpA z1ln5ukM5QcpXnDK?;F;#5-N z{NY+Agc9|k=ZUOInB_xxthQCT@hRvx+u*qA$Oc`x8~w;J<|0 zuIqhM?@E1YWXzE9tK3KA66y^rdG#G=o2G=Z(4J1RJA^Jp$~U({FG#h&+MTB64v9;s zb1lc-+iLas zuho`Z8^|Y!7+=h#-6Z@d1`2YhUZ_@~WIPI;Io85qC8I9|oGlmf0fTi4riQ{QAJNft zDIXtv^}P73d^Bz~#Z8Ul!`|bo8_XC%Kaj8MGo#HJT&EI!_005|=O}gq8Y$cuQzFWc zDf#M2IO)uCoHh!8oQ5}bJpq~@^>4>bj57s5_KL;VIJOwO?c;LZ{8Akbo|IFP+|voX zP__x6M&@#$JK~YcgxC38Bq$#4I&No6?U-$~@oskG!7AAWb}1(=yofGVcNT|5;7s86 z*}+85b6I{K-NMUGNW@#pRjom5#jFG9ymQS0w?54Lt*mBrb>3{;WejUS0veVLh{Yd$X=Cz*Kmtgu6sm|oEBdJ^~_!d1PnYL~CzTsa1lO8g#an-aS{IQ2APo^N$A+DwqIKHs#e{YmqQZz`NA;7fsQ{8ov#J6tp5D63Sny2# zOk`$tSmg%G0$?$_O9c`FkRvCiv33+Pk{5$GS^NPIJK1k1pD4MemqVfa{ZPTMZ~`6b z*|Og2URSj7NuMjYjp(c&oHS;z?qAAFB-(<`TPeNB6uP9_ePOhazD) z+Jk+!xM^2MvC7L6nPmGGOyo%|UbxWBuf<8tUBOV=?z`mAMAoj?E*x7o*q{T3E**N_ zhdU#EQ%{KTPwUnU(pmnzJJx#M+`g`PN;jW1WReYSeuaU&rs7YA9%$~>fup8G7?6e& zBTVkZIDy=!(2MU^NhB_3L1*DCrB7_To~2BKqwq=1e3rHxZQ%d2G*Pc!`CqO4uU1&Z zJ++e6E3ZuUQTX%`zvB4^pBL(u>@%9xEmB_|6lKa@NJ^7;MS2GlWi~W5q&FQ!px;cf z{KnC{O}RR*eI&nxP^^B%WO|KC}&*#bP^rk%LVzj)YmWZEq58BM_eqzpjPSCxH>IrmZL{bk6 zm^G;&Wu=X0u1Ac_bc}Jp30vOCk2i^@p99gT@F<9*<7eSek_(u; z)XN@!gylGLB&Hn`>2Sh1F%k%#nNV4DLYpQ?=7hm$dB zVN#|Gz=lz}871Jk$|#|tP}zwkk^@|mB^Y+9XAFrG2DTJIV>KY<69u=_ka&u;yU;ss z<3it<2k|S+Ea8kuq*g>4d4bQhB-*9<*RrNH3pd`SczK;}_jX%^mk`2pO&uJZ6Owt$ zTP~}Ng)WCCi5ru0R(|B@iA`5{@;3fy9G7yVq2g!U&4${FpLiUH2a?OO97gQ1@QRqm z(t=E5GzMyl)MycBNKQH&8SBmd5X2N#u(M&R0mHLyU6g3!x<=7}mFpu&vvkwUPKOf5 z=wwPD?+T+N3${z5_fAs``SB;MOircwkol?XXNQlh zSp6yE^0L69Wvx_lMCYnKUcDTRYforf@3qxnwLfdz+dIh4@K9&c7kh;2uQ>z4* z&q~c}^?vu*!DhdTp=n?q26eb>tMb@EV_wDcWIDGTyJ#lO3^{u!k0PTzXxt7JdT|vU zZj=DkMUs*mb+$d0rC>UQN55ksLahZDjQWap+P-efCja(#)%M6SFDDzv2G3Ws(Zss0 zYUQl=`r4I6M=3+@ZTyx-gIGevSbSc-@SqND_p7#8_T|_@2FIkf5U`3^ac#}%8~a7Pa|EWteX|5n zhW;Te*26f4)qM->-wV4ch|GG=$2$we(FtYXWt>lU{zY5b>gC|;I94#OO$D`8PDt&y z%%FqB3F>8YbR|eVWL!{T8^2V+QN}N#Nb|Xy$EGd280149{0MV8!)NChqyJA}(FrW> zCApIj&-1lr94;A}c6iR4nNoP=yVC^=$eJ5?u6sw*GwbeZbtZ(Rr4xZes+t4Wqmo%I z*-^YH;SkcV++NW7lphI5j~z(8m{5L%a?Ff1C>>&T*(65`9DEo~a6F&hpn?xRZD?WG zT|Y&rp|0DBA`O7a=3G8_k~o7T{GSdsh+e(ufCF^4-A&NF_;W-!L4i{=0Wn@wNI`Nm z)-01q&SjfPVi^XSnDFjIINz(cd>r=@jfF=DP86q*xbuP)mc7SdGCS75L(B;{gv}-- zknQF=7N*8_f)Ipfkt3y?0MUT$iAcwU5db;iAQQ8LT6~|(^OwjbbpIv3)vmmen&E=u5ZgxdCj83@I{*|$8wC7? zL>YjSd_xL=Pj5g0ktD;3EFo3D$%6oZGtv2fh0xIC>LTL0Iw30wQBB~D1C|qe;XonT z`>w=cmKv-dfC3nWrSp`9hO8lhBF$TcT>YSMVCH&kOWk?)vuMY;w$*@aVnI}&j4+LD z9wF9IekQ>Gcm2zMyE=?p!WoXCrQMQThYNT3ItqplmFRQXN`%*L>0a8u+K1X!Qd;py z06LcwxKaVE=ut^awYb4Iz{ByOT9-qfRT$Z{4wmh(Oyf{-oTXQaFUl6uw*FGwlMf_z?~&$L5mumY~D4x4bD_fbu;F$5caLuBn!1rU3!A zndaME0zARRbPOVdp3IG#fyl@PkI59^U>g&FitS?<(}iHU{!OAuGLw@Al%`q0Ged$e z1W!2Qj91J7<*Wv(n**q45~H7zpMlzj;YE%hcTge*zW&o1P0$CGMs4$Ma(alEBl@ zhfhO^U-2{>Sjuz|0kZn0U3(4OuG#HtPd*4f@$R1cjmMsNMC>K|l4!bpAl*h`u@zrS zecsmM$4k+4t%3!J)fvB&^a2=?9Q!!29lP~$l4gUu`*PRBKF9xZ{``D=d>-e!O?tL{7}$c79&+7#c|l&U+TwRL z`&qeYV9mUY9B353S6k^$4_KRKSRnd?PP}4`qQj8E=RUq8OaXE$CEg`kgF&1JNm}rv;dap_@8!Vj0h4*eEwY9T z52XII|BKitxII;r=e6sI#DJowhHnVITHRwLEof`!ZeqyjuTXOCjAJhhcU5+!iPviQ zpDjDYNd3quxwrc3zH4jV`IVqVxwf_syM5Rz1&mP z-?U0M>3{O?{Gf$Ai<7w-}sBm~6PYmkm?y(hHO zOn}A7GfJ>Hc_tASC(k6q;^f(cSe*1H#o}bU7>k7%b3kaCquCBjV>P?Ew8c&u!8EL5#D8wd?r&`~Z!3Yw*0XX{&NOa5HY8Ry>baRA2ioz3~rru&8D{D1#FdK5lK zv#{xLBK{)W-ABZ*I63DosNi}uD66!=q^P)5g-sz#A}F;b6couc32dLnvkdd0NHVrD zW94`@7pF3e0%GlaH(-AM-?};xYP4lwXtSDtk zYbFQK&bJfK6o>GTdNd2bF=%w?X@#8&7&7)>_)TF_9)WwFZS&? z^Ruf~E+tPp#qHRsanp@$L$Pc8ZJI9anT~Cl_IAv!Y?yZTOE0!dr*=!tW^vw4vcV2< zR_nm3=+mOujWw}LOJcWH#Evb9j;x1WS`NFl8a$P?acB*S(iL?BW$Otya*9UK9(#&F zBMEAR;$7T?(gb4!)?HncLc#k)#*i;BzYb1{BAniX{_7E2oMrP#DES)L;xvWvoTPX4 zf?%+G)DHq_#&s!%0w*Od6E>?tn@cdUi=z?$G4%4wY+kLXmkMI4Q^{@fV*g-M?h}|z zm~DMh-#9Ow<|z*Lp;FDh+{8w$3+&XNo4DzpMn_ON`5cbUU0HRmtGJb)TPoFTwBy0a z_4Uc=H)mgNGx=nD_>M4CIzJyYImlyv{8CU>-+!p~Y%?UT4-{0aJ!y!L0}=EdYve}o zQ+yOh@aKo}&C$Rt9M60mM|UP3s(Y!snR>(ACxr~psZN9JLACRwG@f*iN-~A|wgG^j zZdhF!vK9*PoJfIHG`$b7LX0-)<=jWEIQi($RhktOS$h@(@%VPlB-BP`TWe8Svt$-o zn&;)s|K=#wOHim9o~2II$HS~>3MpGEXp^QWK+Kn<(TrzKa>Nf#)Z*gRO_Lgyqk)ul zvVIt*j$@kCyzorJ4Xsn_&K+&&m3gHW()=@bilJ8#|0?3CayEJu@ot(s7xB(yMQRoD z{l>2%x_1#x*zM9ClAuTp7lpZLZEScQ9IHEgH&$WxyL11np|)w%7@pZ^2Xx7u+zU<_ zkY&pz;Y7MVI1WDc2*KP$2LVxSZBQdGHA?-$q8jUGfkk`8Li-J_e1$ffLz}OF=57Ja z{!z?Mp-Y@04^Yt)NfZ;;1!mX~``Zh?ii#-$qCc(XSvZRVW&yABHnzqZDNT@4aO|8t zwhr`4``9O(fe}9I%=|FgH~1kff)fmASwvvbwds8$SGuwP+?&(fz*COyLinsFH7_(5 z4Y$8`rl8hH$E!S=vRg%xXrU5uuo$WJeE4P2G6gEDD9Yf|2T7kKnC!`ixrGQRW0cks z01If`9;SYDMU=uc&Zg_Q@ab2rst?!5jW{sY)Z!G@ijXcDc;sT-3N84gJ*)`nLJ8<- z4@h5y;W>AgL2(OoK+l4>5icMoL+sIOr|KH+F1@OR|AI=Ofn&b1-j6DXs1f%6Z=rAO__&OlFVqthk@#_u(qCb)r^;+?m_?Y7)+tae~XYMzwlNx3gIle&#C& zdnZoqbZdn?$)nt5pGKXmeCfVjuO#PesCOF;*GE$HII&of!|)eTANsdqq9d=7wH2b7 z`qMQSGs`HOgn3dYDqoR6#i~3Eo0Xh=O(i);!`B=~@q##pF)WN?T_b@HN!9bo?cGe? zWUY}=Upg;k+~CwodX0jU(kz7X8-^WU`V9IiOCRD{l-UGL`Hn1MstV%PF>@;GC5Urs zRC^ntOx+QA3TgjAkqf|}N}qpmz;%^@oBwB2mkrum8oCBW!Te385wmM8l2&_96}Aci z;p`Yx=frK14E^HCDutds)ySwXX#s;ceVB@{MvTAm$WmAXi6p5V#Il*qZ5*{NX|#?9 zl%)KF0bAluEpUD{K2I~Oi&XnLiy6@H-1`Nu1~452uZ&pw?XWgWwn=qij1q5REvq$T z*q7N!Y>l)XNf+cA2BcR-v<9gc1}i2Zy|`lK(XPpDdNr|P(Rq(UX*&3QA$2pxXBcf( zSWE5=YkQ5aW)sn_Fg6V%uMgX>e(1BR8#LrT-^(<<(w zzaajYUqPybeDu4mXRv=qQzwrvU;)Vaf1&$yFz;f;7clP1!X9tv?VG@ z`uT8s*trhr->9nu(J>FaDA9kMwc7wn3h0)7VTgk4G!j05QBEC8<~ zNDGj!k6==~PtOEfJ*A^>d%@RHQSd7~c^i4yR~xe!XH1MwSNhaDEWywY*dWsBa1i@b z7NFoOf9>H4rVhiFNF64c=1ltEQdD8LUAy^7C8GCd}=Tbi@<#Xt46k zNry3jkz|rm(lXyssjB#0MX&R%N68B308EM*=ZL78;A$2iWrZOd6a>RUULdHeiJKv| z3pDk51%h(_AUKADp+8*=2&zxL4$LsbhQIUd4{j<@Jo03waXAKD2}rmph}xBXS>a=1 zM7qWSD|{{ZiAypDc?#ardseNYHwI+?cgTx& zqVmj3rWWnQ3%2^JH1?K?lBk6I>Nx#=HZZGHJ#= zt*W(<$MXd20CB}Lhj+qtaX-T6`DmPg_=U~-3s`;Acm>ks%V-hJxtn#JzKxPAUQjkl z{Tw1TKh;sfzfq5GYVP1L81M?Lj9>z5oHNOThd2yQ7wLKyT-`^D1#fH)c4wL~dwdZ5 zV_lW_tQ^*G6;JNg311QW8#kT~%OhZ*w%B01W#2sFr<7%P00UdWqKnK#E@crtlZ(6& zsiLv(JdMPVE!olyB0romQ88IW577ehfuEk9U0sd8I6sq$&a#`N?eM_O3%{^>=a^PJ7%)*0 zjh4`!aE`TPO>^<^`_6;C>-!jZprpxz+bDqrKMJnzqu}IX9OU=uV;+PFmSB5nNx%T# z2)`)VNsga_8NY%Cjr_;)?DF!*OPn59CZ1!+7|=e?K(%a`0&sn+K^f#Bzd%E0v2{am z+ptw8!$0ygxsk2<{dnW|CUIL!EABMa`L`tak0HS2g()cLFTyMYQNM`)!bv}cU-<|& z+oRyVC|3EKqoa9T+^=t$X?=w7&Jl>x4_8mceVTlj&)y#0F4EhhWtf95K8pSfm#amT zAFTx82@_3IR3{8pUzwP#d{EqTCAR`K4*~|199&tH@hqfkwsV}1u6cnAcz^b1G+h^< zJeT306V^o#>Bk>`q-noycjJ}DjX-oP<6>VGyGYh9cS{CBsEy>wN|W;ax|pSp$^K&) z7o})w5?!IiPn^I|CFwF<=Uju|hI!N=fja-m}X4rfy|NAiV+YuJxf+cv~tT49mO z+4WDb2vv7?x;m^zd@{o!?_$|mmLBw?wvB0F-Ry*QlLOZFem86M{stzEo4!Ztgj`+L z-n?nE(Y;|C7TDn?EMweae-*+5@_ZcypM3slz#^q*j&1il&aVc4aeoIof5TU6+3!*k znWE%syQqOrST76wB7i^QH6BY%`#K!@({>`wOc!p}z0bXFDp}QU&xy{VDkv3(pMYhk7 zo}R~Jo1`4p*YWijU#dfD8|a<~$`~Y4c)rgdc>$JN2qX4rv&S9iqlK6!@Q96;$f9n; zn>Zo`_Zr5tA^6F|8m-}BAm*ZSqW@_WBCa_xKXUIg7$-$E&$vZ{xLH%O=*Xn;6dMkI z^y|m~!*|$8P^M8JvHvYE!D_l|a|(-r{q}bi)JnVa85ozCk9;S~&$0x8Lp|nEPI}3^ zH*cYw9^@;gNB-VwYR7k4QNxBkhV^%HdOiO6Y#7wo7&hVf2Q0}d4ay&bW|llKD*2#A zud!}n+Pi%VpD+h4+(B!iM{K2P57emmgg&$jfl#@61wt5?G=ctHrSLtJqPE_pdO44~ zqii7(I(5H5iHc^p0E{Wn^sVv9s4vN131>gSszxi-m*h5T zF`_!b9Y%`kA)*FT?+8)}RLui~E@YhY|#=;a}b4b+CbUCxG8P6~Lhr z$Sy3K9QF;_h3_(CS54yo2(Z(@y08IQ*8@-&?i{EC4z&&Pa;l#PrjtDu6GMaPHlbvp zfs%!-Q8G6|=3~VR3qJI<;0I{6>otkidP7THg=trf4Rm)>o|&%$o- zGlK`WW~mH}7gR9D0@;OaAUhj~5w-#`2GJ6FI7w1=YUgoz%N1WNK*wqPk8{ zzM?>JnAZ-Sm^vl?iVVUHrr`?YM)6c9Bc4;t*TDk#C3$3BKlqLe)fvD{xIu+k7zY3ftgWt2}YO(|>0&l}1i} zBL~0j$4znU|8bsBG)&g6!gwTI-JO^IQ0dG&gLujcyYl6wW89H1PjSlkg0lzswi_HM zpioDbKjIvC=kV`Iwq8Wi`R~X5$5wFGU8Rlsk3j%@rZ3lvm+Jbnxt8k#CfA%Zm{$+q z5vvQgQBrP^WszcA7&=q3_HYD%N`e!j5wITBu8M9=K{yEU(6O7IC@7W}CrWe<9fU<; zcT@F!ElHNVtJTcNs`$|Nu?Dpnrey-zgL=8#t*|gK@Bt2mgpnMEKKsrnTS+!FWKv9#NcArMTc{-o71H2!yzk;tJeb}t`87lE9AVg)gUL?&zyjIyc!x5l1%URM8(;|oY3^Nq|m9FuBh%-OIK_>m2_2)rlV`R zQC9CvHSP%>i!d)(zzDRcLhK|rv&h!2s=18SR#TH4SLvz@3gkq~o|wV_I5-ng3BVyJ z;Y82WP{C%(z`X-$zd`Dk`c2=VTcplB)77Z6O*z}j#p=F0bc#R}qA+h3y-pK`gCoY_ zXn-Xe?$(Ln@X7;h6`FK$xkbWJWm{_*N0x4elp|u;($m0dG}mL33xYH}d=E)TF7>h{ z)g$6GL3xg^%If5;88C991d|G{F<3_s(O!^u!%U^onYs}Fwkr)!b+JWlP!+~D#i6T= z#wamu&mIr^aJHBj8m5hq)zlO*Hv_Hyq$W$?jH=1RU$)eF3Zs4s%VeHrPaD`^sgWo} zf$BH#fyRPdDWWXj&Z#O#Sp#-nm6NlblPE>`YB%t~{Tv4yUZ@q9D)WqklPpL`=38gR zT)6lFY==rn+j&*xr1*vqJvYDj&N)Q%l#=n(;jhIfH_BG2)D_|A4bv|DW+*q;SMPT(I5C42K)f`gc0sV&oXF zNy!Y853ms|(Obe*EaIPAV-Nz%Ta6LstK9t{A)o)mD21z7T+F!hF#=W-!RtRgLOc7? zlmU9y?~Jkq!v1+B{uI(tX7-dxNnCfnb3%Maqewa8aUSQz`-I>zj@#tJD)%)L)m~}8 zdC%RszimCX=MjOR)?278q^J?yVPl6O8fBAeq8wmb|9L zV#T0q*37V0{z#a$Kyqk!KdkGMzz<(EmGQL>v3j3^@l4Ktt+5B5^L#U`5#W-u_KddX|0VDEn_H)0|8vK8Fdau%*eh?{+XHsM z-Pi+e@E8v^xZ?)b%i44cbj@he#~U2q9m#THJ9c6_Nyo3jL7T>sEX%Sa%W^C8Mu@w; zmtCOcL&s%wPupt6;qqITgWSoY#fT_#+o$rk+kQuh7WW~uQkp$H5s!dm-^j(aEzszD zYU4)+4r76&%_K0?sRGb5gh|uqBlw?Rf?o~!2qS+#YQ)mv$ zF>zDkSey9GS+J#co#xw@F3&pg^(3FA8j)A=EZSsrcL5rEBz4=Ny~U`~y43HHXm5iP z`6MXQ%uaY&5$O4lG9rClhc0X}G1iY@m7ioS?_02p{j^q;e^``MeOxWCSZhYa$6eR2x1 zp!s#Y-BY<&90m1|KKqp8+R>u)q8;$7xSf)v3l^>JnVIuM@AeUE*JJya;_FR%8;fUP zP7t0>DyMu@a zR*O%XXX0lQN6UEK%LsHH2~G)}a%-@ks3{HzeZqkVD@x_*rIu=nmP0WXVs!W|AAAVJ z_cPFRr2mMl`kU=bvPV7xf)Qu&p4;Oi(B$$-JfeBP2_rlej1@F9Ttx;)1t|6DUQJ6m zh!8ggy((K*f2oCVTWNRO^tR~o9W5p3FyF=NB%NcXIiO1yi!4@vdA(kTOIHXbP`@l+ z{jim2>QO7JdfI>*`W!fDcgTR?dz~|&vjwhcXr2iWO+1eU49vj-{i=Ym{$2}h9m5EV z7bOh!Xzph*|-K5t}UDS^fE z!l+Sg(0MOGYf_0KmEtYar?dfIjnl6gEsq|<9eO8r(JXi0J& zRx=Hj1qA!Z%Z5@K>OnG{5OWX>Lsl9}hU*v7=lU^WNhTu&wf!EAJQ>87iw*4h)xR>P zS9E~R=~vruL&++ETXG5Q>+(cL-Xb82-(g$z9{kF!EB9V0+ z|GG(F#bgnC5#4{DvS`LFItC2}e_D%dw}bV+(jT;voBnpP@Q{sYfKX6 zb%4k(OwzzDub6y8IAeAVz+^xppr`AAssMJ^9*}vv_VUkuZkk|)9-TIve}d%c{Igzy z0f5gp7$E=bC%*+O?|LB`EM-Xi>KNDp4+O$L@K6H}T8V8N6(Ic*P?MZP%fSfr6Ue%YRnfxqy5;mHxgJp z%hUCgWZyt(eXA$jAisC%Y92d~8?V{0JL{u+6vrS-=@d}CLR0DLUbj8H3IfoSvDuZE zy5;&)aYwutSesMw&PQzj_1D4<6MEPrrJK*>K91u2kp(IDbI4oe1+( zOGujMy$w>Cys_Og3TYW7ib5Jh$%v$1kVHV^^t4E0=@?T88X+TErVUgG`Z1&EsR)L3 zx<}t9<^Xe_r?ceuKu4DSh8FRQbeYWVw}X#j9Ere54yj<<^iB{kz2gMJKUw_T*N?GR91qWb^!gyR0R&?||EUpiW%it`{kD<@$I{7`G zf4zpUpMgMvcqc0%g`!c=07&1?+JBs#$2>0(^;prI@#aZP`5`w+#smU6ZQ^D85-lkP z4#{njW&E(_7Uu322*kXu8xbp8zxq%~N=cMf@74Up>Rho=jO;7^x z#Fb3J*l-@%{yt=^<`Iw0fEbJ(riw6VOop57%h$x|C3{t6~Thh266 z-~u9hT9B4n`$lMGXj8WJj%(VlK4^3KfvO_<$u-d+k|NTUc1PYxW#J05QyXm}t15j! z3#fFYE~0DpEM8!$`F3zwov7$~I_F3O)3Ft5X+!P?IGmRM zyfltM645F>+nst%dz8H9wTkP=JKt84Aor-Q$EF4GE+HsJ__`AY*3{(E*8&0cu#g46)_47&wDcT#AH)tINcFWi^}Hw<;M%T6&P=xIlJk&DO)pD~yN3_Bj!+1o)ml=o$!vPVrpbuW z-*U&y?*Fz4@R$Tqn8yU~2=*9&x}Q>&(VwPR#Y3J={Z=^0v~P>?cDdqib=#mCI+!M_ zDdJbXYfH>#ha7&YHlaK<;7|a>c#Rf7?J+@|uEa%Y%OqOm@P-H}e1CGb2fWF0yy0Yz zy-b%I+!DP46vgL7vW!WK!E^4=@3Cl;r>pcf-DF6|Rg}Sd%BL%OUy^MNLQo9CObw!t zL$w1G%@Ocq2jFo}XzIC4ZRMbDR@1DE$hhS2!LRT_#6& z?Us7=PxhtgVIhPqLRl2BvdEl84a-T=eRpeX;k+8|gapKJgm83e(A7R4b;#4uZBdTE z*9-*%ShVo7eaki285V2YCvR4V#{P#}?6t{HS%PsZfd@c+3B9JLM!v|47XO}E0EBd$ z2{nvpcFT8IQWU(qUZz)(A^>#k^z`_vHWAxoQJoLt3=~(sI~)&3mj^$2MG4%lXV;nA zb_R#fWDgs;oY}J^n=UYqnKDwRSMh3ga~rLHnNFsUFNaUZlOZG*T%>ull(Cbb8=G2P z)&$;&j~&KNS1?(UIhOW&HmH`HL>|K~qU#L!V(4e|9ckE(*dG$daMbn`hF8THt!j*? ziE1^~!yJ}I_~g5|bvU^)svG0Aq!iR{$I{?l$v?rT?ZWd@4T^@NCuo0QhO;T{g7FsPudR9zd?bVSri~ug?cIVdda;drR zbarREC#DRQND?PC47rb%Q&WAree_ZV|Ib;vx|Fc_Js^MjxQhTr;ENv8)I@N)*kyG) z&O6>cw)dsc)KuHJEzD$rwa59I%!}Xv06*eJZX=}`z-5WExZ%p)E#Ra-RX|jGf)Ep2 zNTEkS?8^#YM;sF2b!*JS8a;J0ydg&|)B-YjTxa$O+^V&+Lr5B6v6?@d#bgJuT}6(0 zawk-ElAVf3WAABljA_-q(sev7qMD)}6H(xiv>lKs*Pp)cIb#n0sK=5I6wLIQ%7bE< zz!_>cqoq$&KNRc_oFi5$M}Nw5R^TEj_pJ{Z(@}i;MG`PBAy7<$@ekj)aUG4KtZE#zOB=jbzIk z(G4ovH1W2%6ODc5!6G_7j6#7+f_%dDF}-~e{Q~}p{9&tJFREwdYS}5;7&wP0QY7b; z&pKDmVNB zx1+EdUJ$-kDo>ADnZ+7hVgmOj;;Gqqos^HrDFVvu;S#Nn$;uP}AtX-HFJ;SW<}NPR z>aXtdZe~Si4#20LGrZR|R$e2uN*5|oJo$@Fc0Ece8vy-{eK)Ygr{t*{sh z^xy5;TF0>P-TxkE#paW|Z0zLpoPCRR#kZP9y5<O-NdtBK>b>q^B)VH?2YG=H={kOZP{|ZL@0p)^$ynppc-x8AMdjh z&W%U(|035+)OzEm2t=WWF_I14}Y|(7Os_c2ha^V7mRk`qtZBR1}S0M;g-x?yur?>W1T#+vwU?=6QDr#D z31|2!3E+Ya}Icyc#d z&wKlOlRapL-Y!nqM?6#wS^2btCZbMpp2}vgzZOQ)zRV^EimFRaD6~nh&<-5X^yT(R zvD{WGl2a`}zM^7Fhp41r7gyTCOLup5(LiHcD2RF%T%M@vFN8g5^sHU66Zm z@RUFqyBtoJ{m8`l=_TAoDS#I2PUK19TD;05-U>7N79gh(>l^hz(mICa(36nW=C+(v zJd+T7%RF7fZ}Qkg2utg`CYaqHK=v_8bT13ip?yIjqH2bu9e3*Z-GM*#AlZj(@}w6A zJ#{b$aQGVwzFJ4qeXHsf3$R(=#rJG86SbF)Y9pub2B@_)a1v3i*-y)bG*)hjLbGR#i3!$*_O&Ske_-&*6o+~N^|jf zIsExhT+_9K4*1jM5DAXwd^ZiY>d5`4UuMw?n)Cdu zEM3Nhf`qs5B_6nuFm4yo6b!}Wr3yy?s+8jCAc60>B`^?}Z|DqrGOG7}-qXAu8lO(C z&U>buh|x5JjMqe-I21)G|(o8^_W*kz0a`JBZuTxYX{1+5en3B?5b!t~W z^P=%zs;0ak2~i{^Mcb?#h2a!>NT^saaTk)*Zm7E3!dr z{btlxZK>aOD%DNfXgGkO>a&5VrYz}@f?f~ z<+X}*!j8GPP>*-BdvIi(4x$OsRn4W&Y+Bnpaw=R}JN^i9kiUy6SK z&onkt0*WS`-5B3Dk1LXnNbCYFv!yOzr=ZB9&8QS-oO8j;SPZeeC4*2*d1voGQr3x= z@hhMQ^JujLpRw=zGX z1fQ<54amc@d$47a8T*{ly`nXjjX9?bYR|Ejk!4~u!|?Ku%rPc|xU9J7)5X@p;nRE*I#7ZjZ zh|{3LX~?JA=UEITZ#&JJC(dn@PP;VwPeSIA#;cJgzRNgT1Bk-ddHuEEjV-;at+Gd| zy^-~o?DPJKHt(x*t^4eMV$6O+V(n_+u&M@d13S8oi|pM;OPD=NO0R{5Dq5k+p2y2r zJpf9J3gxSg-4ndXZu+m~1Y=vDNqeY6=#&qSYS%wm7~U=^Y<#mq-!_tTJ7(Jc4Qa7k zO^rpVxGcs-Y=r*krU(A`uI#pmdL;D0BR-il5=R~*6qIzbN+nga6E75vph2d)=?Y-v zF>Zdj#AfoixaytPN;oGnNUxAL$|ouqNp7(5a*Lv)kJ3LlvE&%2LVigOlyvI(?5IC%d9 z-89UWidndd^WRb+G!uZQ0BAs$ze@mYJB*m1W5pXTA&gCkWh?x#?m!|ny&RIdqWy_M zN$r3_DfG(SI?dBrx}=wePmTQx186?Go2EP}FQQV`A9(ma7qvQG0B^pHR@ZT(;mBt> zs=tqdAYKmnlHr0Iy$XjLy>h|LrfYl~K=c3a7Jb;0Sl?m$qb6$^WCjLVg?7|E?{*S$ zO1A}IQ>|so#$NJSv5kIuMu}Sj4(z8mmE2-&;Ro+7PF}FDNiNZ5TWv7G6TP_Easxt& z<`?m=+xASba0CDiWSAf1z%dR08c1%<_{PgFIu}OOrgddm_!r{+tTfk!M9jIw0Awi{ z?f1Qcq#^)d0E_*g21r8yzyLBy3hZ`GX-DX`&H3}LCe6ft4A5>)1Rmo9a)V%3dal_^ z5Jlz{Cdj`O6F{6JE(D)Py7t-b>B(0wMs;jFtb`onMYLJwx;#FNckufqU?S{el{|!1jEsnA%fhgwqg|PC)>? zF*JDH#~%m*8NK?qx&og2$t?kg&OG=-IsJRQg(ur$Ma}LYbkwb9{_*ZYpa2B`4ds|0 z=)h4902)eft;5h>75`)0g#f7t02snyKd=GP5CAZQPKU!V;UUM$7W>)x=UG`+zRRIH z;H#f;&#jAK&*4cJaMPxGD);WcUPrJ=1HI1U>orFx(sXveK0O%~={QNIS060J+$%!| zAe9L>lwl@l72x@#qjVt3+>zEBSF&kdlpaU_K{wwLN%*wHA?-Qa&-O#AY}fYg<*;BY zh}&HXuZXJI9TI0IKF6B_f%#elwm!lPG8APfFRYfYrd%nbsTU>(^2W{RK!Co?u4Q<= zUV5r)B$zopDJ1)8a2s`2jqzSpV^H1NJeg&szBu;R7YuXeAdw=ykLNsUfj8)}?@!M3 z$sH9qY*X9((VW-@1go&+_ji?h8ip^v`{eoQiCpweZQ%vE6yq_k;D+ieo==mzteaSS z9!?JgXo|Jj$C~OP#$5Mfd@Xza72K(v^s@6lQ~tfmlt1ok%G(e28?@Ocyg2G_PWv)h zmYv^3>sZa_-93KxNuMgfW=jAHy=d}kBP_Q)rU(&B?f^lF^Ylfg*c2LuEZf9v^1&e_ zhrWvE75!6ob~>kCY6{5w)zm;X7?#xbG7*tqI#9e=+`=K5UNHN7a|=U#KYo7t*{3Hz zoIL+@dVXgSpR%7CRH~I#70nYSgbE?;5gDd2MtM!ETU>vo+;p8w$hEcW`?N zIR%Vd3&0^G*gTT~XrO9JS;ZY#n2)|J4dsk#(=29b2J9z5p%e=^>$t_#PTd6MHn z3B1xLULgfwLGkj1qQK-#sO#EFlRHX*!3e=kOHflV$&z#q$BHZE<958e4>UV+q$-zn zR&TtMSmjU&E*tdKMr_1;{ zf{eW6cAk|s6^vz)A#$nyY!{1q7U_G`17kVv5-(DXccJb4-CpIUZieI#!G1+8ok`S9xixjH8=g0Xi7ahZ;q~ z#0WV<vCDZt|Mi#4N@kpNIBRBDF+Tx z0G?&;!RlLFbA#(_nNxBRUGrnx-=bz4=EH-Hx$p*etn= zmSYtCKlODT+9*ppe4EaR0@GE)cQ1$B4iqXl3P~+>iXIocsEBi3zCy z42Te5M)PdfPK5+(y?pMd_S)&U-+miZBh2??Zg4?zb5}%WzBvE-jET}j{J0DKZmsDJ zkOw1=z7^M&8R4kIr$=m9zCIMup(=pgWE_tfKS@R26;WIc#>micIsgd88|P0XX+p3gVYdQObQAxgo|mu#cWTJ24`#}Md(PuJ$aRijxzHeY~I8&Y0Ir4R6H z*?UAYy+$;`n;NeRY=SL52O8TBq|XpFFCfraxrlWeoX^rV4T`)vPz|{-jPcCNfDF8o zW^vO{bQSQw*gF=b#%}bv%Er1vf?IB;DV%Z8buK0w z&3PqhOMF59GWJR?IU^&Hu*jZ_G=%zkew+n8QmkBL-L4*YkBT;#K@G*043{YElGJJg ztSQ_@GQI;lE8_tZU_-qRhTnK-G@XNK8iD_fr04 z9d+^(2cL6iBYq2F>OGyJ;w%c`^#$&keOp;-Y1H1xD@Y8k)^lAk`ytv)cE9}^T^o-c zePvvd2IC_W%c^Qh8dAUB1$`_74bfR#M0|&8+1HoiToV^r{)SUy~u1?h7s+sg>-tbS)2{0_!T(I1e zDF{*fYUP-SJ=}~O{9+G7ekBV(EC&`sP@sbb^Wm>JeW4weR7R8~+XtACZx>K*bT@`n z?ZF3AidA0SKG2MQDg#YdGN=IyyCKUy_y(%2WFIJjPI6zU)Lhwg+hDKR=D3N#KSdBK zv-!YvhJA{X>c@T;s*pWrak# zr!-%bCB4K1w9Xh@XO-8lq!@~PEmijLIHPsF;JVA|&<<)**8@Jj_uToNt*J{{jeAxj zQ=?LrtWmK>pVv4jR0~vafm)yf>r@M!@@kHVSV`CcYdK+u3K;^P=)>j3T)i?u?Y#nV z>acK|a?*qqR3T#NeMOQmRbP-;=|X8@r8Xf_mvXWnjccO;R<*EeG*8{Ug7lc7d&@X%U5V02(Cx$fOvXW-#(Ii-uu zix(&rB&ec z@g<2-s_BrGYOzd*Z-;Y#%Ia@UR!(ToA~3FL(?V=7^3z-2*g^@%${;p-2pf&Sr}cS844Lu;j;u3rwV(EAE*Sz^$Q zYzOH*_N2u~`{ro2)uX>@H(ZhcO3w?F;)S3Q>9B|!0sLe3Gjt|9nqwZQc|1QFknFvN zzD1>J=B#T~;g_7?7AzCJps2bepHLQ5bzVUpJwS!jGA|kROxX2b&{(!jyaB8~G2cD8 zhZdkmPs%3HU)t8_ufu-9_uwILa%y8VuoFHlAY&<&%!)EjnPqzB*q~(n;p7QPBt~w&Va_<#Rb~`omTU~K zP#iRnN9K(TFFEmk%;n#bF=S=&Gx1puC@oRArYA4N>t9qFg+s<8f)d$e!xrunT-dm7 z?0gaBlWy#sVS+i;JTXphMS89aS_-J5vzoTS^_J%cIJWV|0@tGJ3RF5oRM>C=jH%z*33|n)~W0HHiS_MuFsYCMG?UOOdpq zR%|wc2{g)m+DJT3l)&fR_W3#*RrHzXz)>{Ln2Si>zQ*vZCz~n)7#HysND9}Ru13B3C{Lye9I2hl40M? z!Y9;B{JlxFqWTz+?4XG!prJGa2@_L1%BmbsA#Eqxx5Ro=<+n0JWh&@%!0p3gQ{PB7iy2B?&8;hZr5f_!Dv`C|6^b*U7L(`3;Tw|fZj0F{)DpXlQLl?k`H$@rK z_*obHnFc@$KX~#>MfpE@WbsM{QoH#%^QidW51$KUHvP?PZjR^fh z-`3Un>$iN40)5gyfq`(!=3|Zcq3p&YvxORx1(`J$`-oq1o1S_(97fto3P7OECY{YPDUnZ#@J7leg#I9!Tru8vTu?;aeYB)>IhLDzb~#avh7*lb*8_{)#Aj(b(5Bo3?P|PL;+N@M|g!m zAj6Q;iy*`YcM8;wm z$;EsEN;0bej(qAw1|p{~hCqWfp&GJFzZCnn@bz^2VAY`{Nv6g?GG(Q8;epLk5|K)Yc~6duy{@c^lvPk&Ofn|*uz3)7HA|sMBf-Dq%|CUTgaj{M@>F>jp1)FGFtI;!77R-?n$fjp2 znw3~kYO#8yuu!IF6a}l^Op#Qx|4t<E-QBs(qw+b83G*9NK{X zmkG|3Sdu&G zD76TiarOH0{rTx@e-H2Hr2^N6;I#EE*ZJKZML7mtJi6{6Hg!*o<5Tv-)FqJ0 zU>?}Uoi5pfpYkGSh44HkH=}Z{aK%x*KtO~m~-6eU;W6~&{(2{za8GOkw94o0F1>>W0T-t4JbTU6_& zf`fq?7PU*H71yNMQq&cxSUan6Nh*cvOLs|aX-BZa?OZRgwiUM}-{1WmBBtO-YDDso z%3z+5Pkew$xVgnm!BI176OP0G+`?$^IDTbWKP#aGs%bugBpUXHW5&}XG~}PxgQ}`eBA|nNgC~RDK9r_W zu*_Oqeheh@O7Q9U!?_b`R0~iWgdTkkDiK@*waR zImx>ZMH;$|K5-2Y;_ZOO>ATl~ia}F&o3OJ{RmmUD?DW+XI)aij_|_sZ@6Ru{29 zKRv%Z{qg*|a-gvfguVU_2X+8dP*m*q@1p0`jQ5To&hchMu3WGH4?v}NU4y_IIv9DK zFH`pfBT`VRNHIOeSrOdGZAHmK9?SBfsTBBLV!(<&Acv2i&z@q$LQSK)3}>h2eufk%b?2<1gbr8Uo&$(EQjW^313%KLX05o~URFsCf?ElN*&GYd2y!q8PO zSXNI{zz{7Fs6wMx4pPa!YZublrMksC-0MNc5ABJic*85zW+>bpl@tr z&7|!Uxv3h#Yjlx4KBBYkD72J=6xV(DAlH*OXEVTq?Yd%iK&a>tC2%ZEaO{vy=V^Qi zNuf1(E1c!HfyTXJg&kFPLrXXj6Cf)Zm#i&E-q1UA9pL`PKD2JK2;A*}xwxM#kMVDhuFR>+=00tES`{E(xV z`>eD2BRgbU3d_|JcCq&`#nbPL3FIBBhg6hb5?wgKGx@s6sPvMkz#N@0J5Z4TJ!uO1(H%e6E796tkdC$}hl8ZW)?wRZZ>@oSa{7FHf$)0onid_4Vu1>mM#F8t%lb?pv&JH18u% zl8$34LAQDOP_&k>*G&Q2Nt}!R8PKV{}+Jy7#pVz}}p=$rOd@i01*39AS zv&+{f*X!ahsm8xCcZtBIdAqa*j3x&?jifdpACLx**P&6%HK3qJE4)Wn6*q;bvi+Ih z(A-7-L`2)L)@MFG2@4hpG)Q*F3|cc;6I_W2CcJ+C`r?|lu`nA4DX!0&PSEH3f*Po_ zIV4P|Lar=;N85d6We97PMum>kWsu2^S46A*C?>r?AktuMoj^+Ky_k2h?64(2F78l* zG8!e8_?gk7tfrh)xeP8o>r8HiIhjVD*$*?5u>XxT-|1TCplC=vWB=W5Fb zNh$c05Ly-KdhWhD1$)UEv-`?G+GdXbL<{lKK%?TRC%ynY$eDa2rZ;r@LxDBjFC%*} zzpa`d!u)4O4~+AWzwV7I9B+O*F=U8l%KN9YYwU~}2ngbs`#!24I1WrZ^Ygnq%V+){ z<^g5CAf^dFs8B|L9xtD3#(xB%Kf^!hDN$4wnALXzuaCFuSz)yVTDosBcE+OV1%tA0 zje#Ao*B+nWLFibLP%v*eWg#wf`cdwk_1NcxF8A1`#Pj}zZTWqYAZ4ro+O%7e!V*afyIlgLkuyofr9X-?Kjcvz77n}x?NZ7S>gNg{6x5MYfo)joo^$8j7 zp*aCh<1c!%Cpc;c={Ntxo8(kFVDwVMPOsiaspGMi+IsM9Qp#L;Dd*pLIwykOhf$3a zoY?N}&^gNk`ZV5m&$n8V&~7Sku+1P2Uma2NGsZsW+t_h!9Hw}Fu=31khtaDy0eEU2AApO~b4kX5XxdlqRM$sNOVKZYj+*nro7yF?T!213nL+Z9 z`R_~3EZOkPB|>d3lXAL+_ad9m_{<7$JEzVSmyH939Vj&m!)2J@@~eAuggQ6;>NILJ z)K?hbjMcPHR4y~7LhANOZWz#a;-TLvk_p19kSgC;kEjdE;G5_ivtbsu4=uwx#Gi-$ z+6yfg;Wmme=OSYuu!#jYsC~Hwv>SKrgsz<-F)Te_UU0g(-_NKA8Tb1O>Ybim@g0au zSmb8`NS4S4^&MAN2qUS$%JzIccMRUyBgYD*m`X9rF)Qr`1|*mPydVuRtstu{<7707 zv_R;kCN-R{*knipMpVz9>k6Mn_@2+OM#KS*CtZ$DLo5OegJVFMGp1HeXt!Cu6crnE`Rr3CJKeoRBV3^5FJoDg{f4X(QIw5t<;|S0iLa246#CRGcf0 z*+Rkbl?yM+(@BkuE2XDCs2i~_#}6nFvTl+pWRgO;$$TM&JX;SRDcfv_T!q#$VxzK| z_g`cUf=Q|=dTcwP4^bE94RkzgiZ#Rn2tx+3hFMb=2dK^HrTpx?KAFUYn$S!RJV;3< zhrhXtLRTOD36`PiQ&0%im4)^6 zZ*Ctebk#QJ7>rGOE?1Ev2sVR|LkE7jp3f%I%GS>5ey4X@saLj6_jY!>JC%=#vJ~t| zWrd|t2V+pSHq({30AV$W{gv~PJq^+8jXizB9{DleT2ttxI~$>jqEf7FA{j}Thjt?E zjr1PzTW{(>x2LOJktih6PJ+M=W%QI+OSWX}O~VJ8_+^> zDUYN*nMY}L!aw2q@!CK&L_-*qvwk2Ozj6}6izA!Mz`4lvBz9i z8B%yRzreH*T7GCvZ(aN7RSPlBr=jgb!-u~fQJ|;cTO(&49JQP6)Orv%L5cqKBo;P7 zLL~{LRhufADS&w0am=f9bU=BKaW!HZ)yS3pR1Y)hsB#$*;E!_9LLXbBqb@A*Q*Z*X zBtT56D0dsy$t3ZrwY3?1G{&+q=8ZM3UHhfS+$2(Dt>%tMrI6r9KC0ldubJzGff$wT z77R-qVsL;1MhepD+xQ-*4EhPGPiIZbhf!do>yzXpJt5TOel?B&ZF6Axlj@Vv;M8q* z(ha=H7}an|Bv>3&gOBix0glB4LXND@##(j8WDO0JqegpIz*r#MS|Xg=z%Pwz)WVup z6We-CZ2y%_1bj@P_!b5qOsh=UsrjYV0BFvmiffO( zI#XZ^K(^pY-)c%JA-4X^LVK->w8p9)z{Fn|IRh_*fW9b6{`ObuxdjX0%^(G3w-_zg zc;p=-%?JJiX3p2y#yRRaWxFnUiP02Bm6Da|eno)Fk}Kc+2^*MM{!f7mFQU*o^+zOT zS4&L=z=DJ`Alimw86bS&q?*mGN^>^7l|~PNP|UdubWj)FaVc-*Xokb`jRpn(a4f0 z5`&EIdM6?YRveHz15+a!pkSaTQN-S|IHjiYP%WKEP56_tEy7K!gV^%SPS#Qn2E>LN z-=WXZIDtBqdOAuX+nhU)m{~8b(1r?0p2}zG3bhb#(1x`UckeJar*U@u_6_$fZ3Z7I zAU*%QjsjYE7?Ji7Sy{+Y?|^4Oj3edhcezJ!*`jWC)0?$6BMR@Jif>y+_9Y9)BERH- zK+aS$_S?Z^=KU0hz=ob-!%0hH%9$0=$xt9}WDOZt@A3|H zQW4HNwaW+uUj85&3PdfUn+hHjJ;bgAS0udY2nYc-;cwv{&-w@K>@(Cy_$TWCjP6); z$r$swqq~?I$0F&PIM)Cl`TjTtq~p&B1qmEF(|U}kR&Y>>7>dy>(=;aD485kXKjV14 z7%Yrl=wH_vG=quN>Fr{`Q4_WlypdF>R%=e|$B}bu2VqrxeMIdM#xe1%wqdWeHM4 zY(tF6UrHz)Re><>1 z`8Psu4jOUbJ%R*|ya&)ilQ5iNa1u~q84v9?d!@-VT!3+8+SA65SLX3oNY`xAXaA#oq z!5(Zw!?!(1YTUOQ11qqbknq8TCc02N2%lUVl&l?oFpt-Xi2x^X&EUhcM)2JVBGmB3 zn_?;?;AGImq7^|^g%yBt=lOXh)NFrwz9+z*1 zo{%mNm%ywOvX;!O0Jo6h?TFng%h4|>{{NCcZV}-+)P;l+jDRIEQl1g`Lrs*w{5H4! zr^cN#C5%?^G#!f3@M*Pz+TFmG+@Rsw@a^Az`R(HkQpV}}SgAG9l&(exNvgHyd&@U0 zm`F#kXk>RN4{<89U%NJbt5%54O6|~UGK@!K^qj&sr2Nw=j<8zO3c>EHApf8s8+72A zh3XeDgMt?~059%0Hkf91)v6n;%Hd1x@Kc$NPa{+^@$@%f%Ay?MaGFAYZWCUaDy$4p z{b2>s;r~qZ@&ymp8kT{5(ZCz)?t!bP;F*SYG_Id!sC$O=6*6#tZyP7QLj&e%ANuKN z9*!IP3&e{=!~qx|Ol?^kTlZKai2i7FJLpUR2)I9lLe}j(b~_tK+wSbA@IuOCyR-QQ zw_l}O3@MN8SH*1x%h~-zx4<|e=Ze0g%>^GMek4M#eSL>kn#vWL`CMP zLT>^TybCNkxe_`6=o;+BQ``Vc46Uv4a6A}WAI$CJ1$Bep=AdHsT911z*Sqx+5EP-^ zE=L!^Zug*3y?p4My;cOhppEBu5ayBxV<`&hCY=PxDVRM9Ezrea3)z0EWFty%JWOD1 z04sKr7aZX3-_s$4j~ujKj3xlQ?>-OU{eW8^ zmw^XcU8}p>?Htku?m@3LdpyMFq{r}{)4{|UK`7MW0G7+Z0EE$-JsRwCMuS(3GHJ6= z&Cl|jV6&#yeH}kT&vS!kys3ZSxY$g>8Ig)*nOqsqEWqWU-Dv}boLXaN2fpw-C=Lu~ zih(eVv1>mb{xXM_kDnUUmrxW_8_ctH_`;wbuoDJ|=FS7$cE(bT5z+9R;j}?z7|EiF z$bXKAK-qc`R0sFB&zx9{;W=d23OCSgb1<|q_~s=C>%fONv1idMqM59DtTiLYCnvxG z?2XUwrb?p;1xL!xoTE@;kdkiVo(*Ym z8LYiVa)=o1c#NQrqT23s>g{$9ep>Zbvm*~<0~`sY2{KefyiJ8REs*uWB*jAC3>rQ& zYaZBWbbBr;xq&r>6<RKxF8)<@LTjVX|#bjRsp}(c{WxGc;)El3=z;o2b{|0wJwumE_b?Zna$mn z!e%I8uw+<^;WK6SNiYLhzeH^TMIPTe)1TiuqoR&@)!c2@+pn6v&ZOOIc6QvxezVnU zw7YL!b?V*L**+xhx$XT1m_F@2Yp2-(#^bLR{MWAUHK6nxw2Qh}d;(0`>$;6Dlx;xG z-dVfFzIJ!!DP2_fOhDTZ>nKM8I^`YrO~h0A2fi56YhH?KF3L z(4PHv9e+`K;0GAeIqU61kvDri=zplR5AA)k*J@q-y2-E}tFDWAIjM__W91uJ53(Hkp^d z52m9jJIKY&4h=jI^!aoIUi?F|2J_vdqvbV63_HiybeWBD0X95536Z*?3@v+vxT8X( zeQ(;tjdnoU-A5UFJH`>;-+}FaB|EWwiY0Fr-f0Pm5KRlmsLyX`fJ&Hg%^%cMhfw_SwL*{1Go$+^R*ArwUysHcB9m$q{_` z@H0C8%DKB`4nZ^bR+GMZ$_&?!@zi7Pw?5-@KmCoPD8xMo)Gwux0boxWvU!0P&znc+HelNV0G@R)STnEthz<_V?=}euF3}4bhP7vw>b{$?1mnLR}gkGURgO==9 zb1RPO;RY+e0uAu_bEwCN7}<|UCP;U@c}x1)b(W$r{$qB|Y27IJC7I?i-(g-C zT>jFI4UjMSpJich&s|Lse*-=N9f%pqscW#`pq$uT7V%eGj?%NJB;hc736V%esRcM^ zQR`Mmqz7POU^5)03LXzL;%psCs&oSo1Si0U~D z5FMYI7|xUjc;w8it{_ zsb1Hcs9wyRfqGAE&bqusqe01Ab99Iy>sQR^&-X9pG5n%g9I`%4E48J@MkXc%T>v)3 zn_!3w@wG5HCGTd~-T6IDps<$>g(nIepl{$G)6elUMs>34xRf0nvzSVOC<__L0oB0k z!rBTt73G&eS5QJ-jDWC6GmsblS;#%81tK~Y1|s|!Fhv|Mw<2QDuoL2&0zcM@AZ;1k zz|=#8cv36EsDXT&0M<>|9qa}mXwDKVJF&*L~0RVaA||Ba8i*l=`Odmk|)7k zok(_xM``kqI`aI8T@f?cJqAqnhpdC>hQE#A=(ISF0#MXhK1)*ZR7 z@%?@6+r#%3s1lmo?#))jtn-NK;B@!((&(lKVs8x69nVn#e0-a|O`_;XG} zS#CQO4GqtBRb5#XBit?eQCSxER7=f@WuyO>6%LGRm4LV3UFE>%P_p_t|%lStDFWCI6 z2qoGWe5J(Pa(>;&88ko{fXG#)d#`C1mVYk`1dCHUI`uZKv(6a6MMcS<=iWTeiOERBq&=M-t?sNmb9*p?iXp# zRvISv>VuaA=*D@e*9qagQe1rp=wd6^u(clS{Z$ry09_b<6mk}vX^!zQlY~eAtt?u+ zN8Gf>h&Ola5U!fYIQGSvyO{>fCL3i~BVH0K-Zy8YYJYiwMtg0;+)n>jhw@KUH2oO=Fq~Yoh+Od^l5Xo)3=Xv#3CZS9U+JUHE7ZK7|40ZPA#eQ(?Zsik1%q zX%^*f{($fsr_*?>5tB5Q&dFdNx=PY(Cv;>dA}0x1jQE9i50W{;+*w3XE~NO;9y1GD zGk4dK-Q8=4(3yhdW4TYkK)BMYQ6;1Rpt&^!(EgrZZ zFec?BI!*;}F(Nr^Kueo9^ZzZz_!bTvSy_bma1RE1aA33Sw;h@DMwN4)#yKS7dAh}e zpLJru9mAo5kdASD;0V1Cey60(jt)fKoKQw+_!5|%# zT5ZYg6Z{cTLji;%fLmch`^S=Mj&twN*`rtV0N zYoHhrecI@ALw1p1hjPYw^F-@ zGpF#$=VWl3mqjxSFAGM$U-#}a#c)cK1hiC5NhP->1)(=5YdW3BDimIcx!_RF zxFARu=+!wTnica4^i)1}4zqj_any%1nL1G7zZ$6mcwp5SZiL4QuEDUWSsc28bKLy} zeAaDi+$`BrbKsRF8TTEHG^^ z33o`Vo(OW;fVf7mh!&G56BqGn*a5o-wz8astUmC4w>-{LVsWf)#oRuTb6cxEeBXDi z;1^g00k48UuMs*hSlguC)wQ7Bjd~O;*6J!0;wq&%vPzS9dflh$?3$QfJmv29YAn1A zlsZKf%~ZQB%Oo_)L5+DX$ohJ zt&z9GN0ucZ#kbF&Xy(l7OQTf@ zkC#V7KpxIUJ7DtdQ~dQ-+^qPJ*1|8F7}iQ!%h*D=5Wn-95cO5a(st1Ur|4jwvH@e1 zM|MC<6SRf4#VeS|B+*RBWQWPhK`gR0PQBRXE4!jSH%)pu%M>W69F-{JFA%tZGKdAr zG6OE5k^>Sbio!KHuLjCrrK^G6ZYT5OVqs!&K0^VLr<93)FHu7guu7>HP?)E4Ejbj5 zk}3l&TI<0*MHG@gDJanbHL^6#%`LW>^Zd9Fyc|iaZDCF+mr!zJOQD2g_;N}5(7ToV zY^fDp5@HOVf74JVQ5zmhE(w(*`(GxSw3Jq#^NN!bsJz2I= zE}TucH2rAnc|7GJ^rNjvSQH7{icApAHn@aMe8gqVl(tHkMP?l&Y_2jFJWlx0Qe;Yt zgyyKo;qylex$8V?DIaBdJcr}jh+$V!TDM27V9>WCdev>cL-yMhD>GmoiacE|qbZGk zzZ&rh(=C{CEo!ZA#aVW~MbRM4;gSf9VM8r3z2F+^%Bw&t&3ZJIr>m5fK8Z@}#cJEF zebaXSnBycl<{2a0hud;h&3g+8ZnRCWt@d@V z)e$xNnfOp1m9!b)M}4P58gI>&xHL3y$_JA_U*~IT$Y;spI8BqM5^$QqpKO4!BkB9_ zouRx~QCU_1vD5Wr5$7_hmOi}aDYp8uQne1Z%U!br5Nf$f?|ha}Wqvn}rQKX978N-8 zLLxq>6LTan&{sZH0SYLh#j>lm_+<7*H7@&O6Fw9{QFAs>iNn?&`26N)ut)Vw5$2AJ zg0J9JFLaKeD*9W)+-2dF)VQ#gN?$)&f)nmtAY?gQu+SG{l|wg1LI{emUd&N?F(($K zVo3vp7+|SW?WISUl}bQiUst&1LE1i`yN?vxD6;dk@p$XjwFkOlEvLOE;OcrE&8X9* zE?=ayR;eDDb;W9WYjvE1jY{^Z*sfyAuevJc$_B~SZ4uja{gwiqa4=ysn0|7lTNMKB z>YQQMgKzO=x=7bTu8T=1%&}_7wIM)znv=*_h*~B9JJTM8C0((yrmqQtk=+hMOZ7%g zooJP}j}BbVJY+~Z*DF>P;p(uW>#78+JyV?3g>|ZpAq&lR6`gF?0qZDH6W4<7B6Q7$ z%zAw~oH0Evv0SKC^Z15LiyBK&JtpZYX0la})i_3JPO!>Z@*t{USc+q{UBKtSuY=*R zZG}KsR^>}@aUNwd5`sUyAl~QCvvd(45icc*#u@Mh&w5&?a4eJuf4{+kFA&->ghH zMqzFgHbL|^U7-Cg#(5ek+=W5=)076>tAx=+0F{h>wb`4RnA+yC&%!w2u-(%B7v_d$ z6ZGXGlQBSUi414@&T$fjLfxXUF*=u!*B;Lwe~$S4i&zLLYq-O^n#S6_VPjc2fFx~m zB=@cv_jlUPB02$22*wQt!aV21dOnYT-cP$&dCdXpH-_V9lz7!ylihxls+cJUQc7!K z>N#pZbzb;r*N+928&uuvmo*zSN~pN_aYLOuPo}w78d^`=x`c2PdY;@=4b4qUthx7+ zX?hd9G>LlSwU#eG^;3HX#(#nN_})j#*h~q=fhu+Lk_U|2Fpbems^jvrjesLUqB-7y zM(xJiu0-u>I^*k2K!)HUy~WpeW39Fp$c}6O-C3TXF_1#WnJcW@33h5yNXxM29ne z9bi0R%v09DLqvzlTrmtg{QkF6h>xLLs03y?G~Pu5Ao25z_rMKL#Id|V$M0<%pMxYZ z?ea-@?$F-?`xf8Ve8eUJpM>IqH%L;(hEqw?1%t8WPcEV;XAhVH5zPYKQ9`N>?@kX| z+9bVZ?Q9G15};4NH@|!*at0`=%=ht=<@5F`D8tqcOdkZ<@$tx+=vazk(-{BFFpu&m zTaLB$?5!uCZx4*cR#bGvXt5F@t@I>#!hE08)u|&0@aQo3vL%al@f} zA6BzDjliIX#_ZB@mDCiYS=}yUD}FL^7DVPl?~2Za%jhbJm-OLDp}S+=&74D& z@joIi@s&&%6jeryq?Dcy8Q;bcdxaq>-rd%YFaP2)xYD}4w>uLal^@W5_6VED7?fyx z)J81)Km4YxzKi~?(s(Ixe0qBH#eN!r$Wc=b^_MyRCTYRU=q)*bWV;m|K$`~H0cH_# zn8dK9m#y+OYDS;cl9IOS^7K%C`7qxQlAWCeP#jyA#|I4(2=2}VcX!v|4ud-ccL~8m za2rB^;O_1k90nUCxO?#68kYCf?zivT-P-qdtE+FFx>dJ+|Gw7eRNd}_MV)5foGR#7 z#&Pv*O1Q55P%x=-FcRze?wj{PnQ7Lt?>BcOl@A6{O`1ND*C}nwmU)2q#*E;L%jsQD zBA#$gpGsc3{E2@o~R3s@+UT#kO#7WYco*?whQhC=<}OZ1^6ZA!?zIc z-i!*>)Av1$iQgNUhqM$|d8vl8Q$_JD?V<_?H-&y5oy6UrHu8AUqU+T)eAGK}vrSWZ zTqun+PJz+iD(IS5dC+ZKY>w1dx8n)Q8tMJ)aac+lO*;1D+%~h;yu4D)h=locCyZNT zY!ikYTWq1_Fw-u+5b~NQFsGcbL4x;q_WnDQZO+O(8juocS3CK;QbrG)*2`B(lh8$9 z3;ebHWYaBaLtE*aV*L5iF+;{9B-Aox#MEL6M?Y>xREai-<%$~a5i<+fR?EWu+Lghq zeQhw8Ey25wBx}vX46{HJUqBQ19Jr1my_OBpwf6t@$b7tQ5EOUT)_SPo~ zMDmtf0}|6;a3sV{VRyF?quChy{w>oiPrZw609t3)banes0)y!u`0(Zbf=d(ri)Jn5 z`EYp4(v!JnmxoM*{P$B$REBD+P@grQ+v}w`A}_1cGq6)^R%W~R?|y5zuj%Cgf~Pe% z+1o_bojqt>`J#hO@u=VMX38rztEh8#(rdLNT!RLusKhN( zN%~o`;1#r+-mE+tFd#8ryZf3hYD$m53JlF)A zXpU7RVS@L$*j}NR__QB)1HFKoX#GB&>amCHtQp?D^h^jYt*BPlu$f_nto?F+b@D@g z+S%PVWy5!T)BFrU(PvIX{KRmiC7apGDs7k|-nfl;V4-MJheP1}^aSwd@qQ5n8by$sk;Yc7yX+ zGlie|yssborxQ}0{ai!2s2rK*sjQf(^gkkn2c_Mo+@whM6!q~@$IwJjz*Wsg^4cS0 z8%#F#K*QNnW*uR%2ijSnpj(DF(|tn3Y&DN6`gI2lb4F!gHLMYtW|U{%A~W{kWbFU zg?D=H%!KBg6MkrS$}w&{)Ag)hkGiWZe;C=jw22}NnY}XqeHcyIK5AC7{6yCtoj#F2 z64FDx&p$SECFKj3!Q4-vEu$vVL2!a5zIzU$*dN|fu~DvLLGDjQFgt+MGn9+zU37nN zAhZ0Gt6hVn=RquEHYQRxFRPLz{QJCL?`-p>MctmParDttNSc`3N>#yn`!u{}&Ftb# z9bV{3y_KdBocuxNEe>{qz8LYtR0DU{RB{tfIX@?POdfZjuHRRTLem@y?a3q{R>@ie z;&4^4>J{wFR*rfuZhcQs0`YzgV{wos4UFlm4xc?1f?hVa3uRyv_Wnzvo=CM7M(cxy z%P5HfZ!PKTW1uLe9?80+UA?Pc4!4eiSk&{QK;xdNhgH)_`T>`VZur}SrKe69C!sZF z)J@4RwbWx$sp)=}rqmTRu`Rm{+gcd;&WCs{F`ZHy&WyT-7CGVQlP-p8!|zF~spRT5 z6P)Tu)L3|RB=hkE<1=d~yig6loXpCW&q?O^-__Nu%qD zIHk1mG9A@%v3zpTy_;4&;3P-hGJ4ZkqmK(`=xwn#?veuYHL~in{C2qx^wost5>*mW zu+>!LVsvdF%hBxl*t%F5IbW1EsU>9XxA{w6#`6W^uNTAa+Ce4J8N9K==A}FNqQXot zRI3Yw1+S|EhzhI{hTe1#fT-)vrIX6h4NDZwP>E-}_`7I1Y{@MuiQ+fPQ1$~IqO&8l zLG(P*dp~lN2vF;{jl~qJ2~6ms`Ww#Zx3Gw|c&~iv>`D*Aq_RNv=I=B5m`^PWYjxr_ zwN09!w%W7n7k*qu1wxcw5I!sF__ki`nmzZoKei>(Xb?ykD3I~NdUDjsnW9r)L@2RD z8Q-DD^SjEmFv*jbt79tA_@50BQ=eT z%~V4)w$u(*{CiXGn(|Ghib!rSUhZ~-FQ`=K?x3%l&oVs)wWM>8nlb2{5JG6Y9PIE|{zgq+LM0&0dP{W*>oYK_n8%QGjh6vv3 zE(RoiXZw==9h~VJETk{{t!?1PFV~g{-_P6q?7G0#kl{Vh^T4 zHKY3j*xHN@He0N!)A9w&$QpX^CLy}FP%q6YGNO_1r|HCdfzw0cnnt|Iv<4Us)^?sd zdQb<@{XMY3#=*y^UtYcW`SmYwx2mW_DTx|Kxle>roTLjoWr>L&TUrZ=Sxw5ry^4w9Milk*m0J8E;jRqI-!W1`MBoa-(i?A_Z`>VC=Cd2z7L!n?-sfm&EEV~=5N5}y=TA<(Gy;Ak9Ma>LFT zoHhiStL7<8%qzusugUsT%-~XL`DaketeN&150v^7pdP-VEgBt%^}%%h6Ga6YW)V@v zbkyZLW!Eoi%e2)uj7*Zt{hp4w=N0FUY!<2r{wla&aLHcwA{AEfDAp&lPZx9+tcmLs z7?_ehTKY^X_;usGf?s}V-6#djX zsr39vx|^`^DI#LF3D~y{tgnr^x@)-UnCgLSt9N;xUmk6LTYo8jElkICnF0z{7=}%{ zk;!++R~uHzth{YAqyVb=jp$z7Bm$hrr&hZlk2l(7)U- z6T66to>1T)=UqAsytC8v$YtPUphsxwFR+}FuipYL;ecC#)`;J9zD@tyAF117od~YW zTR+4vGIpweDp5_y5Y+AKKo$~fn9>SmtwO;RNu#m7r-pfWNqdMfQ#igN_$w|`^!M%due~DumhUjDn^ciDt;rwb z4N6A|yr*@O>g;?mr|7(U(QQPS2g7{{SWS?RKiU}q6o@jEo>d(+e zqj6VAP@W4;F~)gEaJ0jg`X)LPlh%X%#c)zjv7K6u0i;jP+DUf-mi1 zgZ-do7AM2JwmGJk5Z&~om6O2pgU(nUIrCvlKf@6!0M|!C3MGaxS%m0PxWrIM8?tX6(6`sx>c>G$la?JSNsoieX?zPud|oPk?R*(q+pbp=SY=7 zMRTuraQ1K3V#b5~_YPY11Wye;iFUC*jD+nlF;5IA=W4`~>69u{JG(HtD+*LG9_$R0 zpCzPAxLTl1htlwdhuRuv2E*RCnN6sjA^C52tb!Nm-Dc3`F^+A)O<*da`{)w~i}{ji zz$gkKM!~DdZE?AFo5;&?6DToBUT0LdeYiJ8@?l|LAuxZki8piHV2zivvERCzxu1f_I$PX!Jqi5>B;&(SwP&5TPr0?S|m=458*rm{HYGvzZx8aV}Ek zG+^QE>(i4QT9#rq)p3y?p~&Ap#L>6xTjs2nelKs0!h&7)%tfe~lL@I-d=-cZD5Ka1d*lJ>N8C?J) z##lqb$y*p+wPOcSV1GHD2(bP${{T3^y>1Xcxy~!7Iq7!T}=fj+m58;D^hIX@WQ# zN{>Hia70N~GUbWBu2w3f;K#}@WP0;<-7@#gmJt~KS@CQjj3U~TRH(s>H`jiyas*V_ z`S}D{lc=e>NU}kd@*pt^wsW*ap(!tdYxpFC(waV?z?KP-21}M^G1~Lypxi6k(?$Zv z9~L2h4t;(OTt2N6TnO6U_G-o*YSw~%mMKtM#&azIUxwx)g5$V~1{h~B69S?u3t(k; zRh)klzG9Li-Nm%N<%wpVCyz6V>LnUf914o!5w+K5GVaTGOgJDOS3kh1o<@XzTvKVTx-Ayb=ciF^FB`~kH&f!CW9S5&X`J*ASXL+$a#F<4Mth$wsE zI6mJayZWKqNUn^@V#w>nle4LwfHU@MYtBvS9-#cGGIF0p_~pr@U7tRXqzGm;%2de5 z;oHdiB0T3cJkGI+>W(~~SsuuX-g2<4wF74pf^4X;zk)bYV z@WM$k)_4PkQRhL+idq4KASP>3^J97;^%padjw0*@vc}|f5~T4OeKuNA)$-muM+IF) zW_>rmH+G;;Za&TH20PFZ2`&#p<)K^bb6F9xIx;nndZMs^k@s9S(%-2xMA01-!4}%t zjMDRBZAW)uvRep({zT{v>aAxgb}_Phurex(DpOzGecbU4vKH|>e$nr*wKS(h`*uVP zS95|&+BrdC*vKr$Q72NA`b(CUf;D(_B@in+*k5b6f<*PsyHniqxo6GGo>#XMnOL^fhP=e*{*@+v#kd7 z8xJLEdZ6B?+C<*S+4e;MzVf^;)gvkh)zu>9cKt1PpSm6`d$6WSlyX22^n#At|h1zc>FIp0Za3OxYPFk3@EuxCBK(UXDo- z!r^fly9ipTgtjFC@tx%gtS&JqD+G44;=G1qgLIHUD9>m)6PjV1hFr$PPdlqj3J+$3 zyEVF1v>DtUnlVc3TDWNlt^%x>&4ma|%uTGt1RLd8+F{WtHnX%>Z#aZ;vn?G$N9&^85I9m+c zagYR+iAN2a-zjYGFKQGb&qs+C8ns>xq^iHF-o8P>QU%@T&-+L^ip9`ltJxY`ay7qu z4^n;*B1FsB%eDYVy6&H8DAC#j={3N6`H{K>Im;5o=yEPpv={1XvD6Wjft{(}O($@BjOiQWKWdEmu6`3O=XD5*)6EuLS?`Qg_NBJt zC}P*tmRyV7AUA@Iddcv^>6h_SU6qQnOz*4G3p-zNATLCa0I)D+pX4DkZ`7P)PMeiz z_ya=@kpvMB%E+n9F(Q+(9V_oTVik;`G7QH+Yr-60v6>$gbBV8Thj6}6jMl%IM|U(5 zql3f97>V@^Q7=6(?*|>v{aVnohVqXU#5kS7nNyuY2X&C;+_(t5fJFhLhs|4u(rabQ z7~oE$h39t*!n}zo=Ueq+T(*(PI!R8=kc?>W`Lw{r&f6?{o!BmW(yX}e0bdyI>lAXj z*t#DFXA~NiXcV5x+(#_Mcxa4+uv8Bew9J@%N+4nC)uGu>!^&A+k4UdVA#FeR3~rP7!=30a1H8E!2`;`}%bU$TLMXf3BempsD}^D+>3ATMYnQ+bHP$ z!}#}t8UXxv3nTDY{15YQIN2xwihneM0T2LqT_Gc5#7i*$sQ6RypHQTKK#9a8*5}{= z0Jc{E0K-3_6oL6ce^CDhR8d}1T3JK-&ukKzzh;-b#1VFbLaC>(0RRzB0D$RV*e39Q zi>)p#E~O;R;$ZP-dU!g_1oSVS{15sz&A4G23IO2n62&n83q2L{|3Y{7cKn(KWO*=F5>mFH=&t1Z